tool to protect websites and site visitors from drive by script hackers

[Guest]

[prazim]

I am sure you saw this today and hope you are working ona solution: http://redtape.msnbc.com/2007/05/the_next_net_th.html

Virtual PC does not work for XP Home, so I assume its mention in the article is to compel people to upgrade to it, but that isn't my preference, nor that of many from what I have read.  Green Border offered a form of virtualization but they are not presently distributing their tool, reason unknown.
Thanks,
Sue

[Toggie]

If your looking for virtualisation, you could look at sandboxie. If you want a full VM, the maybe virtualbox, both free. On the other hand, turn off javascript and activeX for all sites apart from those you trust.

[prazim]

Hi Toggie,
Actually this article mentioned that unsuspecting websites could be hacked and infected with the malicious script.  I actually only visit sites I trust, but my concern is them getting infected.  Also, I am about to launch a site and I don't want it to become infected.

Thanks for the tip about sandboxie.  It will do the trick, but I can't stand the icon that is part of it, so I haven't installed it.

Sue

[Toggie]

You could always change the icon using something like reshacker

As for protecting your own site, it's a constant battle, but I have something here some where that may help...I'll get back to you

[prazim]

huh! reshacker.  very interesting!  I am thinking I will email the developer and request he get creative with the icon, so everyone can benefit.

I'm very interested in your ideas concerning protecting websites.  Once mine is up, I'd like to be able to get word to my contacts that it is protected by x technology and therefore drive by script protected.  I will of course also use a hacker resistant password.
Thanks!
Sue

[Toggie]

Hey sue, (may I call you sue?) I think I may have been little over zealous in my approach. To be honest, all I have is guide to keeping your web site safe...just wish I could find it

[prazim]

Well St. Anthony is very helpful in such matters!  I'll ask him to help you.  In the interim, this area is most certainly another opportunity for Melih and the team at Comodo!

Most definitely, please call me Sue!

[oOeagleOo]

You could also download IE-Spyad it ads more then 25000 bad pages to your "Restricted Sites List" in IE

if you use Firefox you can use NoScript

[Someone]

Noscript is a must. It's the primary tool to defend against XSS atacks.
A good discussion: http://www.wilderssecurity.com/showthread.php?t=174195

VirtualPC actually DOES work in XP Home, it's only not supported. I have it installed and already tried OpenBSD in it.
I prefer VirtualBox though, or VMware Player/Server.
This for full virtualization (a whole virtual computer).

To isolate the browser, you have SandboxIE, that uses virtualization tech., or GeSWall, DefenseWall, that enforce policy (policy based sandbox).
Or use a program that prevents executables. CFP will do this at the very least.

Then, while the consumer browses content normally, a computer virus or Trojan horse program is silently installed.

Usually (always?) this envolves an executable to do the job, no matter how it's downloaded (script, spoofed files..)

One rule to read these articles, that i learned recenty, is to identify how the payload is carried. Nothing special in this sentence, but it's really that simple. It's not vodoo. Doesn't matter if it's trojan, rootkit, etc. It matters how it gets in our pc's.

But this is within our computers. XSS is another thing, more about privacy on the web. But it goes beyond the little cookies. I suggest reading the above link, to get solutions, not to be spooked

[Melih]

The answer is Comodo Firewall v3!

Melih

[prazim]

Thanks great news Melih! When will it be available?
Sue

[Melih]

Thanks great news Melih! When will it be available?
Sue

beta is out on june 7th.. but pls note, this is just the beta....

melih

[Kyle]

beta is out on june 7th.. but pls note, this is just the beta....

melih

Melih, I understand the Webshields help block scripting attacks - With CPF3, do I need a webshield?

Sorry for reviving an old thread, how ever it seemed appropriate to post here.

[DarkButterfly]

If your looking for virtualisation, you could look at sandboxie. If you want a full VM, the maybe virtualbox, both free. On the other hand, turn off javascript and activeX for all sites apart from those you trust.

The question is: are there any sites we should trust?

I mean, when someone sees security companies web sites getting hijacked, no big trust on trusting trustful sites.
See where I want to get?

Always be suspicious... but not paranoid...

[jeremysbost]

The answer is Comodo Firewall v3!

Melih

Is it part of D+ or the Firewall?

[Tags:]