I’ll try and look into that for you (Wilder’s forum should have some info,since that’s where I discovered this software).
One thing that interested me particularly is that it is soon to be integrated with their upcoming firewall,perhaps something similar could be developed for CPF?
COSMICFAN
My understanding of how the protection would work (vastly inferior to you guys I hasten to add) would be that once the OLE exploit attempted remote code execution then the vehicle for this attack would show a significant variance from ‘normal’ usage? I’m basing this on an hour’s research between jobs so I’m sure you’ll correct me if I’m way off track here. (:LGH)
Andy from the programs I see you have it seems that you are going to the paranoid site of the security. But having all this apps won’t help in a chase of a really new threat type.
I would suggest to you to use a virtual machine if you want to go in “underground” sites. You will be much more protected than having all those security apps in your main OS.
That was my understanding as well. “COSMICFAN”? lol I kind of like that. Ewen calls me (Shifter) Anyway, thanks again. Well, that’s exactly what I was wondering, if executed below the bit level, will DSA still be able to detect this. 60% must be a higher amount but if it has adjustments, shouldn’t be a problem to lower the percentage then. I would think this solves this issue but not sure.
Haha I don’t go into ‘underground sites’ (well not as often as I’d like to (:WIN) ) but basically a lot of my work is in security related issues,malware defence/removal etc. It’s something of a hobby of mine to play around with these security apps,maybe I should try a few more of those underground sites instead (:TNG)
As you’ll see i do use a vmware browser if I’m unsure of certain sites,plus I utilise sandboxing when necessary,cheers though for the reply.
Sorry for the typo but my error has a certain ring to it doesn’t it?
as to the sensitivity of DSA,it’s possible to go as low as 10% which I’m sure you’ll agree will pretty much catch any activity out of the norm,but due to the large number of pop ups this generates on a lesser learning period,you’d need to ‘learn’ for the maximum 28 days to avoid alert overload I’d reckon.
I’ve just had another worrying thought,if CPF and CAVS continue to develop as Melih predicts,all my security toys will be obsolete.However will I fill my days then! (:LGH)
Hi, no need to apologize for the typo, I found it funny, lol. Cosmicfan, or maybe Marvel Comics will create a new comic , a new superhero, Cosmicman. Woah, ok back to reality, 10% seems reasonable for sure. I doubt any lesser is a worry so I agree. Thanks yet again for the info…
And here’s another one. Anyone still running their browsers with java+javascripts enabled by default? http://www.darkreading.com/document.asp?doc_id=107940
Exposes the weakness of letting JavaScript generate and use absolute URL’s let alone the dangers of ActiveX objects capable of forming their own TCP/IP data streams!
Interesting link there Paul,noticeably there are no exploits for the Opera browser confirming once again it’s excellent and secure architecture. (:WIN)
Another very pertinent posting there.Unfortunately too many people tend to leave their web browser (usually IE) in it’s default (insecure) configuration.Although to my knowledge the actual number of Java based exploits are few,there are many privacy issues with it left to run universally.
Well, andyman35, I don’t want to start any holy war on browsers here, but I have my own theory about why this is so:
Opera, however good a browser, is not yet as popular as the other two are;
Opera is the favorite browser of the very people in the Underground;
Opera is ‘closed source’, so how are we going to know about vulnerabilities and exploits unless anybody reports them in the open?
For me, some drawbacks with Opera are:
It still handles zero’s badly enough to make it crash very easily if the code is written correctly for this purpose.
Also, there are limits with java+javascript permissions for sites. Correct me if I’m wrong, but as far as I know, you can’t allow the main site and forbid the third parties to execute scripts as you can easily do with NoScript (FF extension). It’s either all or nothing. With cross-site scripting (even on trusted sites) this is a considerable risk. How will I know in advance what exactly a site’s affiliates are? If Opera had such function to easily determine that (as FF’s NoScript has), I would immediately transfer to Opera, because I think that third-party extensions in ANY browser are a considerable security risk as well. (What a nerd, huh?)
Its taken about 10 months for sombody to come out and remind everyone- we don’t know the author of every browser extension out there. It hasn’t happened yet, AFAIK, but that doesn’t mean it won’t.
For no reason other than this, I think CPFs Application Monitor should be extended to FF extensions. Otherwise, someone could create a malicious extension, rename it to the same name as a valid extension and your browsers would quote happily call it.
Keep thinking outside the box, Paul. Its appreciated.
What a coeinkidink. I just tried Opera a few hours back, it was horrifying. The functionality was terrible, it wouldn’t load pages correctly at first, would’t keep mail settings, crashed faster than my mother in law on a handglider, may as well get the punch and chips and invite guests for that 3RD party and whatta you know, they want you to pay for premium service, lol. With the trouble I had, I may as well hand over my check now $$ cha-ching. I tried it over a year ago and ditched it, if anything it’s worse. I was so relieved to get out of that chaos they call a browser and get back to my Firefox. (Phew). May just be my opinion and I am not arguing with those who like it but I would stick with a wide open IE first to be honest, I don’t trust Opera.
As a matter of fact, it has happened already. I will have to dig the info up from archives of the Kapserky forum for you if you want to (and it’s most probably in Russian), but it has happened already, although not from the official Mozilla site…
P.S.: From other sources: here is a report called [QUOTE]Trojan Spoofs Firefox Extension, Steals IDs
[/quote]
from July 25, 2006 (5:17 PM EDT): http://www.techweb.com/wire/security/191101268
Isn’t that frightening? Anti-Hook, which is a pretty paranoid IDS/HIPS, has never warned me about the activity of any of FF’s extensions. If you allow Firefox, you allow ALL its ‘goodies’ as well! The only correct approach to security would be DefaultDeny, right?
Which version did you install exactly? The paid for premium version discontinued at version 7,since then it’s been freeware! The current version 9 is a highly stable piece of code,it does come down to personal preference at the end of the day though.I have FF installed too which I use for certain tasks (downloads from Youtube etc.)
Anyway, thanks again. Well, that’s exactly what I was wondering, if executed below the bit level, will DSA still be able to detect this. 60% must be a higher amount but if it has adjustments, shouldn’t be a problem to lower the percentage then. I would think this solves this issue but not sure.