Author Topic: tool to protect websites and site visitors from drive by script hackers  (Read 9719 times)

Offline prazim

  • Comodo Family Member
  • ***
  • Posts: 54
I am sure you saw this today and hope you are working ona solution: http://redtape.msnbc.com/2007/05/the_next_net_th.html

Virtual PC does not work for XP Home, so I assume its mention in the article is to compel people to upgrade to it, but that isn't my preference, nor that of many from what I have read.  Green Border offered a form of virtualization but they are not presently distributing their tool, reason unknown.
Thanks,
Sue

Toggie

  • Guest
If your looking for virtualisation, you could look at sandboxie. If you want a full VM, the maybe virtualbox, both free. On the other hand, turn off javascript and activeX for all sites apart from those you trust.

Offline prazim

  • Comodo Family Member
  • ***
  • Posts: 54
Hi Toggie,
Actually this article mentioned that unsuspecting websites could be hacked and infected with the malicious script.  I actually only visit sites I trust, but my concern is them getting infected.  Also, I am about to launch a site and I don't want it to become infected.

Thanks for the tip about sandboxie.  It will do the trick, but I can't stand the icon that is part of it, so I haven't installed it.

Sue

Toggie

  • Guest
You could always change the icon using something like reshacker :)

As for protecting your own site, it's a constant battle, but I have something here some where that may help...I'll get back to you

Offline prazim

  • Comodo Family Member
  • ***
  • Posts: 54
huh! reshacker.  very interesting!  I am thinking I will email the developer and request he get creative with the icon, so everyone can benefit.

I'm very interested in your ideas concerning protecting websites.  Once mine is up, I'd like to be able to get word to my contacts that it is protected by x technology and therefore drive by script protected.  I will of course also use a hacker resistant password.
Thanks!
Sue

Toggie

  • Guest
Hey sue, (may I call you sue?) I think I may have been little over zealous in my approach. To be honest, all I have is guide to keeping your web site safe...just wish I could find it

Offline prazim

  • Comodo Family Member
  • ***
  • Posts: 54
Well St. Anthony is very helpful in such matters!  I'll ask him to help you.  In the interim, this area is most certainly another opportunity for Melih and the team at Comodo!

Most definitely, please call me Sue!

Offline Lasse88

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 469
You could also download IE-Spyad it ads more then 25000 bad pages to your "Restricted Sites List" in IE

if you use Firefox you can use NoScript
"Wise men speak because they have something to say; Fools because they have to say something." - Plato
"It is better not to speak and be thought a fool, then to open your mouth and remove all doubt." - Mark Twain
"I Reject your reality and substitute my own" - Adam Savage (Mythbusters)

Someone

  • Guest
Noscript is a must. It's the primary tool to defend against XSS atacks.
A good discussion: http://www.wilderssecurity.com/showthread.php?t=174195

VirtualPC actually DOES work in XP Home, it's only not supported. I have it installed and already tried OpenBSD in it.
I prefer VirtualBox though, or VMware Player/Server.
This for full virtualization (a whole virtual computer).

To isolate the browser, you have SandboxIE, that uses virtualization tech., or GeSWall, DefenseWall, that enforce policy (policy based sandbox).
Or use a program that prevents executables. CFP will do this at the very least.

Quote
Then, while the consumer browses content normally, a computer virus or Trojan horse program is silently installed.
Usually (always?) this envolves an executable to do the job, no matter how it's downloaded (script, spoofed files..)

One rule to read these articles, that i learned recenty, is to identify how the payload is carried. Nothing special in this sentence, but it's really that simple. It's not vodoo. Doesn't matter if it's trojan, rootkit, etc. It matters how it gets in our pc's.

But this is within our computers. XSS is another thing, more about privacy on the web. But it goes beyond the little cookies. I suggest reading the above link, to get solutions, not to be spooked :)

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14645
    • Video Blog
The answer is Comodo Firewall v3!

Melih

Offline prazim

  • Comodo Family Member
  • ***
  • Posts: 54
Thanks great news Melih! When will it be available?
Sue

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14645
    • Video Blog
Thanks great news Melih! When will it be available?
Sue

beta is out on june 7th.. but pls note, this is just the beta....

melih

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: tool to protect websites and site visitors from drive by script hackers
« Reply #12 on: August 29, 2008, 11:08:26 AM »
beta is out on june 7th.. but pls note, this is just the beta....

melih

Melih, I understand the Webshields help block scripting attacks - With CPF3, do I need a webshield?

Sorry for reviving an old thread, how ever it seemed appropriate to post here.
Windows 7 x64
AMD FX 8120, 8gb ram, ATI 6870 1gb

DarkButterfly

  • Guest
Re: tool to protect websites and site visitors from drive by script hackers
« Reply #13 on: August 29, 2008, 06:14:36 PM »
If your looking for virtualisation, you could look at sandboxie. If you want a full VM, the maybe virtualbox, both free. On the other hand, turn off javascript and activeX for all sites apart from those you trust.

The question is: are there any sites we should trust?

I mean, when someone sees security companies web sites getting hijacked, no big trust on trusting trustful sites.
See where I want to get?

Always be suspicious... but not paranoid... ;)

Offline LaserWraith

  • pillow fighting fool
  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 4590
  • I'm going to go out with a bang
Re: tool to protect websites and site visitors from drive by script hackers
« Reply #14 on: September 17, 2008, 04:11:25 PM »
The answer is Comodo Firewall v3!

Melih

Is it part of D+ or the Firewall?

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek