Avast WEBforum
Other => General Topics => Topic started by: YellowFox on April 29, 2013, 07:43:53 PM
-
I use two browsers now (Firefox for anytime I need to google something and want to make sure Javascript isn't activated by using No-Script, and Chrome for youtube and just everyday tasks.) So I wanted to know how does a computer get infected via the internet? I've been hit by a Javascript before and It wasn't pleasant but I've never really known how that all works so I've been quite literally scared of my own shadow to ensure such an event never occurs again.
Fox.
-
I'd like to know as well since it's never happened to me and my default browser is and always has been Internet Explorer.
-
lots of info if you ask google. ;)
-
This is from when I used to run Windows. The information is still valid,
http://www.geocities.ws/dontsurfinthenude/blog.htm
The usual advice applies- keep all web-facing applications up to date. The Secunia PSI vulnerability scanner will help you do this.
EDIT: avast's Web Shield helps too of course!
-
That's why I can't understand why anyone uses Internet Explorer with Active X.
It's also a good idea to keep Adobe Flash Player disabled until you need it.
-
That's why I can't understand why anyone uses Internet Explorer with Active X.
It's also a good idea to keep Adobe Flash Player disabled until you need it.
I consider that paranoia and not necessary. I've been using both and Java as well for 14 years now and have never been infected by anything. Nobody else in my family and friends has either.
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1367328708851-27628.png)
FlashControl (https://chrome.google.com/webstore/detail/flashcontrol/mfidmkgnfgnkihnjeklbekckimkipmoe) in Chrome is an excellent tool. (Extension)
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1367328708851-27628.png)
FlashControl (https://chrome.google.com/webstore/detail/flashcontrol/mfidmkgnfgnkihnjeklbekckimkipmoe) in Chrome is an excellent tool. (Extension)
It is an excellent tool but not for FF it only Chrome, bloody Google is getting more good stuff than FF add-on chicky little bastard ;D
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1367328708851-27628.png)
FlashControl (https://chrome.google.com/webstore/detail/flashcontrol/mfidmkgnfgnkihnjeklbekckimkipmoe) in Chrome is an excellent tool. (Extension)
It is an excellent tool but not for FF it only Chrome, bloody Google is getting more good stuff than FF add-on chicky little bastard ;D
(https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcQdY2ut1LpG7JPfvxpdkBmFjj_GyhB_KHx5aSyPXTCLPs08DXdT)
Maybe it's time to switch over to "the dark side"
-
(https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcQdY2ut1LpG7JPfvxpdkBmFjj_GyhB_KHx5aSyPXTCLPs08DXdT)
Maybe it's time to switch over to "the dark side"
Not a bloody good idea Bob......why? he's not my father ;D
-
Also is Cnet safe anymore? Norton Safeweb calls it fine but the comments say otherwise. I used it to download Bluescreen Viewer to try and scan a dump file from a program (my computer didn't bluescreen) unfortunately it doesn't scan program dump files from when a specific program crashes and me being paranoid have been running scans to make sure it was safe. Is it just me or does the web feel quite a bit more scary then it used to?
-
It is always recommended to download programs from their original sites.
Bluescreen Viewer: http://www.nirsoft.net/utils/blue_screen_view.html
Most members here also use these other sites to download clean programs:
http://www.filehippo.com/
http://www.filehorse.com/
http://www.majorgeeks.com/
-
just reposting what I posted before on this subject
for Chrome / Chromium browsers I use ScripSafe
https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf
I definitely like ScripSafe, sometimes feels way better than FF's NoScript
ScriptSafe is evolution of now 'abandoned' NotScripts (which was try to recreate NoScript for Chrome)
see http://code.google.com/p/notscripts/ and https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn?hl=en
for Opera I use NotScripts (sadly ScriptSafe isn't for Opera)
https://addons.opera.com/en/extensions/details/notscripts/
and as bonus it's good to use Ghostery, WOT, Avast! security plugin in all browsers
yes I do wish notScripts/scriptSafe existed for IE10 (IE11) so it's at least bit usable :)
-
just reposting what I posted before on this subject
for Chrome / Chromium browsers I use ScripSafe
https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf
I definitely like ScripSafe, sometimes feels way better than FF's NoScript
ScriptSafe is evolution of now 'abandoned' NotScripts (which was try to recreate NoScript for Chrome)
see http://code.google.com/p/notscripts/ and https://chrome.google.com/webstore/detail/notscripts/odjhifogjcknibkahlpidmdajjpkkcfn?hl=en
for Opera I use NotScripts (sadly ScriptSafe isn't for Opera)
https://addons.opera.com/en/extensions/details/notscripts/
and as bonus it's good to use Ghostery, WOT, Avast! security plugin in all browsers
yes I do wish notScripts/scriptSafe existed for IE10 (IE11) so it's at least bit usable :)
Personally I don't think it or any of those other things are necessary at all.
-
Well everybody thinks that until they hit some javascript malcode. Chance of going to be maliciously redirected to some site's malcode is small and remote, but I would not take any risk and that is what a script blocker is doing for the browser user. Our virus and worms section has a very long list of victims that originally had a similar line of thinking even for their own websites.....until they arrived here....
polonus
-
You know I just thought of something. Virus Total has 40 or so antivirus scanners right? So why isn't there some sort of way to make an antivirus with that kind of detecting potential? I know Hitman Pro uses cloud based systems to scan objects and such so would there ever be a way to have 40 or so different looks at an object without the antiviruses competing?
-
Even if you solve the probable conflicts, how long do you want to wait to use your computer ???
-
Well I guess that's always a problem huh :-\ Speed VS Safety well I'm guessing it might not take a long time to start the computer rather it would take a while for the scans to complete. So then comes the other question why not have one scanner but multiple definitions and allow the user to sort out the False Positives I mean fine most normal users wont like the tediousness of doing such a task but other more skilled people might find it a bit safer than only having one vendor and maybe some extra tools.
-
The issue isn't getting them all to work together as in VT they are all doing on-demand scans on a single file and you can see how long that takes.
The main issue when talking about multiple AVs is that the resident ones to be able to do their job have drivers that are running to intercept (hook) calls to run a file, so it is first scanned before being allowed to run. It is these drivers that cause most of the conflict issues. So VT isn't the same as having multiple AVs installed.
So there are times when because VT is only on-demand that they don't replicate real world detections, where the other shields and scans may be able to detect malware were VT doesn't.
Do you really think that all of these paid programs are going to allow their databases and engines to be used in a co-op of virus scanners. I don't think so unless they are paid.
There are a few examples of AVs with two AV engines and virus signatures, but only one interface controlling the hooking (so no multiple drivers running to conflict). But with exception they are paid options because the company has to pay a license fee to use the intellectual property of the other scanners.
I certainly wouldn't recommend hitman pro as there are many instances of an overly aggressive deletion of what may be legit files.
-
All i do is use no script and i have also enabled click to play in firefox.
Any flash content i come across is blocked until i allow it to run.
-
Hi Aenold72,
Quite secure all software on your comp patched and updated, NoScript last version and Flash on demand, your good to go..
pol
-
Hi YellowFox,
I agree with Polonus.
Our PC hasn't been infected in years running NoScript, even without an AV.
~!Donovan
-
Hey Donovan.
I wasn't saying I was worried about being infected more along the lines of just wondering about possibilities. Also to David yes Hitman can be aggressive however I just use it as a checking tool as it is quicker than running a scan with MBAM. Also I use No-Script and Firefox but really only for times when I need to google something for just normal everyday stuff (Such as Youtube and such) I prefer Chrome as it happens to be much quicker. Firefox also has a few compatibility issues with Youtube that have caused glitches also it seems that Firefox's performance is slowed with No-Script.
Fox.
-
I'm part of the minority here along with Dch48. Since a few of the websites I use on a regular basis use scripts so I fail
to see any use for NoScript. I do, however, disagree with his preferred browser. IE is way to slow for me. :)
-
Hi Para-Noid,
IE9 is undoubtfully slow on my Vista machine. Chrome is somewhat faster and ultimately Firefox runs the fastest of the two.
~!Donovan
-
IE9 and now 10 run just as fast as any other browser on all of my machines. IE8 was definitely slower than Chrome but that is in the past. I wouldn't use Firefox if they paid me to.
-
Hi Dch48,
From my current machine, Firefox plays videos the smoothest; Chrome lags for me, sacrificing overall performance for frames.
~!Donovan
-
Hi Dch48,
From my current machine, Firefox plays videos the smoothest; Chrome lags for me, sacrificing overall performance for frames.
~!Donovan
Have you tried the following to speed up YouTube playback ???
http://youtu.be/IToxyxi7tRQ (http://youtu.be/IToxyxi7tRQ)
-
Hi Dch48,
From my current machine, Firefox plays videos the smoothest; Chrome lags for me, sacrificing overall performance for frames.
~!Donovan
I have no problems with videos or anything else using IE10 for Win7.
-
Hi Dch48,
From my current machine, Firefox plays videos the smoothest; Chrome lags for me, sacrificing overall performance for frames.
~!Donovan
I have no problems with videos or anything else using IE10 for Win7.
We get the message. :)
-
so let me guess there is no module/plugin/extension for IE10 capable to reach even bit of functionality like noScripts, notScripts, ScriptSafe ?
I mean after all these years I seen tons of things like bugs, cookies, social, w/e tracking (e.g. Ghostery) plugins for IE(7 to 10) but not single one trying to reach usable "on user decision" functionality over scripts
-
Hi Dwarden,
No because that would place the computer back into your hands, because IE equals the underlying OS, just like chrome on google and there you cannot reach deep api level either, it just has not been opened up to open source developers...
This was the main reason to use another browser than IE, but one has to keep IE updated and fully patched to better secure the whole of the Windows OS that way.
IE has come a long way from their insecurity days similar to the insecurity we have entered to see now now for quite some time with Oracle's Java to just give an example.
NoScript is a good solution because it is a solution that never fails for script security, not even for script insecurities that has not been invented yet.
Who does not like NoScript, well to start with - all those that wanna encrypt and obfuscate javascript for devious reasons from script hacks on profile tracking to enable circumventing ad-blocking up to right-down malware launching from redirects, iframes etc. etc. NoScript is never running behind the facts, as IE is doing for every new vulnerability that has not been patched....until that has been patched or being blocked...activeX ....
polonus
-
NoScript is a good solution because it is a solution that never fails for script security, not even for script insecurities that has not been invented yet.
+1
-
NoScript is a good solution because it is a solution that never fails for script security, not even for script insecurities that has not been invented yet.
+1
+2 Amen for NoScript ;D
-
NoScript is a good solution because it is a solution that never fails for script security, not even for script insecurities that has not been invented yet.
+1
Let's state it properly.
No Script blocks all attempts to run script.
The decision for the exceptions to run a script are now the responsibility of the the user.
To rephrase that statement, No Script puts the responsibility squarely on the shoulders of the user.
If the users is diligent and does research as to the validity of the script which was blocked by No Script, then using No Script is a good thing.
If No Script is used by the average user who doesn't ever check anything or, doesn't know how to do the research,
then the only thing No Script will have done is delay the execution on the script.
Therefore, No script is good for those that use it as intended but it doesn't do anything for the average computer user except making the use of computers even harder for them.
-
Yup, excellent point Bob. ;)
-
In my opinion Firefox is the best browser.
I started out using IE many years ago, and every time I went to a website I got the message that there were errors on the page. This was so annoying I started using Netscape, it just displayed the page the way it was supposed be, and there were no error messages. Then I moved on to Firefox.
I tried using IE8 and IE9 but they were so slow loading pages, that I just gave up and stuck with Firefox.
I have tried IE10, and I have to admit, it is as fast as Firefox loading pages, but as far as I know it doesn't have the plugins or extensions available in Firefox.
The extensions for Firefox that I use are, Better Privacy, it deletes Flash cookies, Ghostery, it blocks tracking cookies, and NoScript.
NoScript is very easy for the average user. All they have to do is whitelist the websites they trust, like local and national news websites. their bank website, and places they shop online.
NoScript provides protection when you are using Google or Yahoo searches, when you have no idea of what type of website you will be taken to.
-
NoScript is a good solution because it is a solution that never fails for script security, not even for script insecurities that has not been invented yet.
+1
Let's state it properly.
No Script blocks all attempts to run script.
The decision for the exceptions to run a script are now the responsibility of the the user.
To rephrase that statement, No Script puts the responsibility squarely on the shoulders of the user.
If the users is diligent and does research as to the validity of the script which was blocked by No Script, then using No Script is a good thing.
If No Script is used by the average user who doesn't ever check anything or, doesn't know how to do the research,
then the only thing No Script will have done is delay the execution on the script.
Therefore, No script is good for those that use it as intended but it doesn't do anything for the average computer user except making the use of computers even harder for them.
Well, bob3160. That is not exactly as I see it. And a lot of the workings of NoScript are therefore misinterpreted by you, probably because you do not use it on a regular basis or not at all.
A lot of these user decisions are already worked out in NoScript as it is being blocked by default before that user decides to toggle to unblock part of the site. Yes, bad scripts are blocked anyways by Giorgio Maone the guru and maker of NoScript (and are thorougly discussed on the official NoScript forum) - so this does not need any user intervention and stays so for blocked or not.- the baddies have no chance, really. The main line of crap and bad malcode comes from third party code, not from the main site itself. Unblocking the main site (that is when the site is not malicious by design) will be necessary only to allow some functionality. Whenever the site is known to the user there are less problems trusting the main part of the site and the rest can be neatly blocked or allowed per session as some further functionality is needed. Evaluating and using NoScripts blocking/unblocking is not exactly needing rocket science and can be handled by everyone with a bit of insight in safe-hexing. But a lot of this discussion is not needed when a site comes pre-blocked by for instance the by avast! shields (have them on under all circumstances) and Google Safebrowsing or WOT etc. So for all that remains NoScript is a necessary extra layer of in-browser security that is full-proof...I thank Giorgio Maone for giving it to us, and I cannot understand why IE never even had one script blocking extension developed?
Damian
P.S. For Google Chrome we have a similar extension in ScriptSafe. Love to have that as well..
D
-
using NoScripts blocking/unblocking is not exactly needing rocket science and can be handled by everyone with a bit of insight in safe-hexing.
Precisely my point. The average user doesn't have insight and certainly doesn't practice safe-hexing.
Statistics unfortunately bear this out. I never said that NoScript wasn't a great tool. I simply said that it's not a tool that will do any good for the average user.
-
ye, but I use Opera (with NotScripts) and Chrome , Iron (and all derivates of Chromium) with ScriptSafe ;)
FF lost by me years ago (since Mozilla group started care more about $ and less about the product itself)
one of many reasons why FF falls behind (IE10 already quite badly) http://html5test.com/results/desktop.html
-
Hi bob3160,
Still happy that a lot of regular avast web forum users have come to use NoScript and ScriptSafe.
I wasn't exactly the guy that was to use it by your criteria when I landed here at our beloved forums some 8 years ago, and there were some others that had learn to use it too.
I was not exactly the one to "click after anything that would move on the screen and inside the browser", but I was not exactly very sure about what clicks would plunge me into mishap and ruin. Not after coming here, because I soon started to learn about a lot of essential things here...
I think when users have the will and see the benefits of secure browsing they could also adopt these attitudes.
It is just a lot like for instance cleaning your hands before going to dine and do the same after leaving the table. It helps bring better hygiene and less infections. Wait 35 seconds after the hot tap has reached that right temperature to clean the hands and then another 35 seconds to let the soap disinfect.
The workings of NoScript are similar and everybody with the will and insight can learn to work it and feel far more secure.
If you are not interested, then you stay without it, but then do not lament when some script plays foul upon you.
Good that we have the "virus and worms" and the qualified malware removers for those that never learn....
polonus
-
There are people in all counties of this globe that write malware therefor no country is lily white. :)
-
Hi bob3160,
This your reaction was meant for the other thread -> http://forum.avast.com/index.php?topic=122949.msg935885#new I assume?
pol
-
It was but not really important. :)
-
NoScript is a good solution because it is a solution that never fails for script security, not even for script insecurities that has not been invented yet.
+1
i
Let's state it properly.
No Script blocks all attempts to run script.
The decision for the exceptions to run a script are now the responsibility of the the user.
To rephrase that statement, No Script puts the responsibility squarely on the shoulders of the user.
If the users is diligent and does research as to the validity of the script which was blocked by No Script, then using No Script is a good thing.
If No Script is used by the average user who doesn't ever check anything or, doesn't know how to do the research,
then the only thing No Script will have done is delay the execution on the script.
Therefore, No script is good for those that use it as intended but it doesn't do anything for the average computer user except making the use of computers even harder for them.
Exactly right Bob and that's why I have no use for it. It behaves like a classic HIPS and gets in the way of enjoyment and usability of your computer. I'll depend on other methods of scanning web pages.
-
Hi Dch48,
But all these scanning formula's are scanning after the fact. It is not for nothing that avast brought shield scanning to the browser. But also this detection in real time and blocking depends on what is implemented and not. Good example is a lot what avast! detects is not detected by DrWeb's and v.v. Sometimes a scan is flagged but the malware is already taken down or not responding, but also the opposite will produce missed detections. In some browsers (not IE) we have the google safebrowsing alerting not to visit certain pages. In IE a lot is scanned by Windows Defender in the background (see your event viewer for details like %%807 alerts). Blocklists are as good as those that produce them. So scanning is running behind the actual facts.
NoScript and ScriptSafe is not because it always protects under all circumstances and for all script malware. Normally a lot of bad iframe malcode and malicious obfuscated code is being missed, NoScript cannot miss as it blocks this. But there are users that cannot make themselves use this extension, so be it.
Let them do a full scan of the browser file location after aa browser session has ended, avast! finds a lot that way, and regularly empty the browser cache.
The only alternative that I can see that equals remotely browser script blocking of suspicious and remote scripts is working the browser in a sandbox and or VM (certainly for risky browsing) to be able empty the sandbox as if the browser session never existed...
polonus
-
IE has the Smart Screen Filter which does a very good job of filtering out bad websites and downloads. Many reviews are rating the new IE versions as the most secure of all the browsers.
-
IE10 still doesn't support many HTML5 and CSS3 features that were implemented in legacy versions of Chrome and Firefox.
Take WebGL for example: http://caniuse.com/webgl
~!Donovan
-
IE has the Smart Screen Filter which does a very good job of filtering out bad websites and downloads. Many reviews are rating the new IE versions as the most secure of all the browsers.
Yes, if you're happy with Microsoft looking at every web site you visit, but there's also evidence that it blocks too many legitimate downloads.
http://dontsurfinthenude.blogspot.co.uk/2011/08/microsofts-bad-reputations.html
-
Hi FwF,
How would a SmartScreen-filter timely react on/in the everchanging and mitigating abuse landscape? It could only predict the notorious baddies with a long lasting reputation and some found in real time (see Virus Watch everchanging archives to get a good picture of these mitigations). Websites suspicion status can change faster sometimes than trafficlights go (Under 15 minutes and not always over 1360 hours), so if there is no real time protection it is just always running behind the actual facts and leaving open quite a jar of the so-called vulnerability window putting the browser users at risk. Even with pre-scanning and other blocklist scanning in place protection might not be optimal. Agree with Dch48 that the actual chance of getting infected with fully patched and updated software is remote, but fullproof protection is not being achieved.
Again I think that handling a script blocker is not that complicated as some here want to let us believe. Checking would give out what we should visit with care, e.g.: http://scanurl.net/?u=webapp19.emsecure.net&uesb=Check+This+URL#results
Besides it is a good thing that users are aware of the possible insecurity of javascript as it is the royal route by which malware comes into your computer and there is not that much that should be actually blocked (only script that goes to bad places like malcreant's sites, cybercriminal's bases and profile profit manipulator'sites for click & spam & other fraud and forwarders of misleading info...).
The difference is that SmartScreenFilter is part of cloud-based "old paradigm" protection and script blocking is solid and always up to the job it has to perform, namely to stop potentially dangerous script from running in the browser.....
polonus
-
A step up to know what to block and unblock NoScript can be found here at Grabpage.info. You neatly get internal links and external links summed up, links without txt and repeating URLs. Let us take an example, at enter url we give a random site, e.g. -http://www.gundula-bussler.de
and get the results as fiollows: http://grabpage.info/h/www.gundula-bussler.de
So when going to -www.gundula-bussler.de we can with NoScript temporarily allow -www.gundula-bussler.de and some txt on screen is unblocked ...
polonus
-
IE10 still doesn't support many HTML5 and CSS3 features that were implemented in legacy versions of Chrome and Firefox.
Take WebGL for example: http://caniuse.com/webgl
~!Donovan
I really couldn't care less about those things.
-
IE has the Smart Screen Filter which does a very good job of filtering out bad websites and downloads. Many reviews are rating the new IE versions as the most secure of all the browsers.
Yes, if you're happy with Microsoft looking at every web site you visit, but there's also evidence that it blocks too many legitimate downloads.
http://dontsurfinthenude.blogspot.co.uk/2011/08/microsofts-bad-reputations.html
I've never had anything like that happen and even if it does, you can choose to ignore the warning.
-
IE has the Smart Screen Filter which does a very good job of filtering out bad websites and downloads. Many reviews are rating the new IE versions as the most secure of all the browsers.
Yes, if you're happy with Microsoft looking at every web site you visit, but there's also evidence that it blocks too many legitimate downloads.
http://dontsurfinthenude.blogspot.co.uk/2011/08/microsofts-bad-reputations.html
I've never had anything like that happen and even if it does, you can choose to ignore the warning.
1) If 30-75% of warnings are false positives, users get into the habit of ignoring the warning, which is not good for security.
2) A 30-75% false positive rate would be totally unacceptable for an anti-virus program, and if avast was falsely detecting that number of legitimate files as malware, users would be screaming blue murder.
3) Microsoft is gaining its rating as "most secure" by damaging the business of legitimate web sites by wrongly flagging their files as malware. If Firefox did this, you'd be screaming blue murder.
-
Hi FwF,
This attitude can be explained easily. User intervention is looked upon as a "drag", the browser and OS should come "idiot proof" and with all security under the hood. If these expectations are not being met, we look for causes elsewhere, but never question our "plastic world of instant solutions" as we have been trained to believe in. I believed that when I was a minor, but not now at over 65 - I gave that up. But some people are like that and only take for granted what is advertised on TV. This is taken as the word of G*d and all what other say cannot be true and simply should be ignored...
polonus
-
IE has the Smart Screen Filter which does a very good job of filtering out bad websites and downloads. Many reviews are rating the new IE versions as the most secure of all the browsers.
Yes, if you're happy with Microsoft looking at every web site you visit, but there's also evidence that it blocks too many legitimate downloads.
http://dontsurfinthenude.blogspot.co.uk/2011/08/microsofts-bad-reputations.html
I've never had anything like that happen and even if it does, you can choose to ignore the warning.
1) If 30-75% of warnings are false positives, users get into the habit of ignoring the warning, which is not good for security.
2) A 30-75% false positive rate would be totally unacceptable for an anti-virus program, and if avast was falsely detecting that number of legitimate files as malware, users would be screaming blue murder.
3) Microsoft is gaining its rating as "most secure" by damaging the business of legitimate web sites by wrongly flagging their files as malware. If Firefox did this, you'd be screaming blue murder.
I don't believe for one second that the false positive rate is anywhere near that high. I doubt if overall, it even hits 10%. The article posted only talks about a very limited number of sites. Sites that most people would never visit in the first place.
-
IE has the Smart Screen Filter which does a very good job of filtering out bad websites and downloads. Many reviews are rating the new IE versions as the most secure of all the browsers.
Yes, if you're happy with Microsoft looking at every web site you visit, but there's also evidence that it blocks too many legitimate downloads.
http://dontsurfinthenude.blogspot.co.uk/2011/08/microsofts-bad-reputations.html
I've never had anything like that happen and even if it does, you can choose to ignore the warning.
1) If 30-75% of warnings are false positives, users get into the habit of ignoring the warning, which is not good for security.
2) A 30-75% false positive rate would be totally unacceptable for an anti-virus program, and if avast was falsely detecting that number of legitimate files as malware, users would be screaming blue murder.
3) Microsoft is gaining its rating as "most secure" by damaging the business of legitimate web sites by wrongly flagging their files as malware. If Firefox did this, you'd be screaming blue murder.
I don't believe for one second that the false positive rate is anywhere near that high. I doubt if overall, it even hits 10%. The article posted only talks about a very limited number of sites. Sites that most people would never visit in the first place.
Frankly what you believe emerges from your own posterior.
-
IE has the Smart Screen Filter which does a very good job of filtering out bad websites and downloads. Many reviews are rating the new IE versions as the most secure of all the browsers.
Yes, if you're happy with Microsoft looking at every web site you visit, but there's also evidence that it blocks too many legitimate downloads.
http://dontsurfinthenude.blogspot.co.uk/2011/08/microsofts-bad-reputations.html
I've never had anything like that happen and even if it does, you can choose to ignore the warning.
1) If 30-75% of warnings are false positives, users get into the habit of ignoring the warning, which is not good for security.
2) A 30-75% false positive rate would be totally unacceptable for an anti-virus program, and if avast was falsely detecting that number of legitimate files as malware, users would be screaming blue murder.
3) Microsoft is gaining its rating as "most secure" by damaging the business of legitimate web sites by wrongly flagging their files as malware. If Firefox did this, you'd be screaming blue murder.
I don't believe for one second that the false positive rate is anywhere near that high. I doubt if overall, it even hits 10%. The article posted only talks about a very limited number of sites. Sites that most people would never visit in the first place.
Frankly what you believe emerges from your own posterior.
Was that really called for? I request moderator action here. At least a warning.
-
I searched for other info regarding false positives by the SmartScreen filter and everything I find says it's unlikely and happens only occasionally, certainly not 30% of the time. I personally have only seen it happen for things that are brand new and unsigned. I don't consider that a problem at all since Comodo will also automatically sandbox things like that. Even Norton would flag such things as suspicious.
-
Even Norton would flag such things as suspicious.
I second this.
Some installers are flagged as suspicious simply because they aren't widely downloaded by Norton users.
~!Donovan
-
IE has the Smart Screen Filter which does a very good job of filtering out bad websites and downloads. Many reviews are rating the new IE versions as the most secure of all the browsers.
Yes, if you're happy with Microsoft looking at every web site you visit, but there's also evidence that it blocks too many legitimate downloads.
http://dontsurfinthenude.blogspot.co.uk/2011/08/microsofts-bad-reputations.html
I've never had anything like that happen and even if it does, you can choose to ignore the warning.
1) If 30-75% of warnings are false positives, users get into the habit of ignoring the warning, which is not good for security.
2) A 30-75% false positive rate would be totally unacceptable for an anti-virus program, and if avast was falsely detecting that number of legitimate files as malware, users would be screaming blue murder.
3) Microsoft is gaining its rating as "most secure" by damaging the business of legitimate web sites by wrongly flagging their files as malware. If Firefox did this, you'd be screaming blue murder.
I don't believe for one second that the false positive rate is anywhere near that high. I doubt if overall, it even hits 10%. The article posted only talks about a very limited number of sites. Sites that most people would never visit in the first place.
Frankly what you believe emerges from your own posterior.
Was that really called for? I request moderator action here. At least a warning.
In my opinion, yes. Nothing you write on browser security takes any account of the evidence- it is based only on your political bias.
The post above says that more concisely.
-
I searched for other info regarding false positives by the SmartScreen filter and everything I find says it's unlikely and happens only occasionally, certainly not 30% of the time. I personally have only seen it happen for things that are brand new and unsigned. I don't consider that a problem at all since Comodo will also automatically sandbox things like that. Even Norton would flag such things as suspicious.
You didn't look at my original link then, because there's a quote from Sophos giving the 30-75% figure.
-
Because of this https://community.rapid7.com/community/metasploit/blog/2013/05/05/department-of-labor-ie-0day-now-available-at-metasploit
the XP user community is strongly advised to use an alternative browser like firefox or chrome, because they are stuck with IE8 and cannot upgrade their Blue E! changing ActiveX settings won't settle the problem with the exploit as MS originally advised...XP users are left out in the cold or have to switch browsers....
polonus
-
I searched for other info regarding false positives by the SmartScreen filter and everything I find says it's unlikely and happens only occasionally, certainly not 30% of the time. I personally have only seen it happen for things that are brand new and unsigned. I don't consider that a problem at all since Comodo will also automatically sandbox things like that. Even Norton would flag such things as suspicious.
You didn't look at my original link then, because there's a quote from Sophos giving the 30-75% figure.
As I said, that's one article referring to a very small number of sites that nobody visits anyway. It does not show figures for overall browser usage where every other article says the false positives are unlikely and occasional at worst. I would have to say that any perceived "political bias" ( I have no idea how politics enter the question) pales in comparison to the anti Microsoft bias blatantly evident in your (and a few others) posts. Not to mention the hostile confrontational attitude that is displayed so frequently.
-
Because of this https://community.rapid7.com/community/metasploit/blog/2013/05/05/department-of-labor-ie-0day-now-available-at-metasploit
the XP user community is strongly advised to use an alternative browser like firefox or chrome, because they are stuck with IE8 and cannot upgrade their Blue E! changing ActiveX settings won't settle the problem with the exploit as MS originally advised...XP users are left out in the cold or have to switch browsers....
polonus
That's interesting but we were discussing IE9 and 10 here. I may make Chrome the default on my XP machine again but I very rarely go online with it any more and only use it for playing legacy games that don't establish connections. Chrome is definitely faster than IE8 but not, in my experience, than 9 or 10. I just greatly prefer the interfaces of IE, especially the download and favorites (bookmarks) handling. Those two things are the main reasons why I will continue to use IE.
-
Hi Dch48,
Enjoy, but keep all your software fully updated and patched. I always used this software with IE, namely -IE cache explorer -, a few clicks and I feel more secure. Delete Cookies, Delete History, Delete IE Files. Simple proggie but great to have next to IE....and Microsoft FixIt Centre, I do a scan occasionally...
greets,
polonus
-
Hi Dch48,
Enjoy, but keep all your software fully updated and patched. I always used this software with IE, namely -IE cache explorer -, a few clicks and I feel more secure. Delete Cookies, Delete History, Delete IE Files. Simple proggie but great to have next to IE....and Microsoft FixIt Centre, I do a scan occasionally...
greets,
polonus
CCleaner does a good job of removing all those things and lets me keep the cookies I don't want deleted. Of course I keep everything updated.
-
I searched for other info regarding false positives by the SmartScreen filter and everything I find says it's unlikely and happens only occasionally, certainly not 30% of the time. I personally have only seen it happen for things that are brand new and unsigned. I don't consider that a problem at all since Comodo will also automatically sandbox things like that. Even Norton would flag such things as suspicious.
You didn't look at my original link then, because there's a quote from Sophos giving the 30-75% figure.
As I said, that's one article referring to a very small number of sites that nobody visits anyway. It does not show figures for overall browser usage where every other article says the false positives are unlikely and occasional at worst. I would have to say that any perceived "political bias" ( I have no idea how politics enter the question) pales in comparison to the anti Microsoft bias blatantly evident in your (and a few others) posts. Not to mention the hostile confrontational attitude that is displayed so frequently.
Do you have any evidence that this is a "very small number of sites that nobody visits anyway", or did you just pull that fact from your rear too?
What would you say to this guy? Nobody visits your site anyway?
Ever since the release of Internet Explorer 9, we (and other smaller sites) have been plagued by visitors who, when they attempt to download our stationery files, see a strong warning in Internet Explorer 9 about downloading and installing our files. This is worrisome. Even visitors who have been downloading our stationery for over a decade are writing and expressing their concern about the safety of our files.
http://dontsurfinthenude.blogspot.co.uk/2011/08/microsofts-bad-reputations.html
These are Microsoft's own figures for false positives.
My comments are based on evidence. Yours on meaningless subjective comments, like "it hasn't affect me, so it can't be a problem".
Bias? Confrontational?
I wouldn't use Firefox if they paid me to.
Projection.
http://en.wikipedia.org/wiki/Psychological_projection
You have no idea how politics enters the question?
Here's a post very similar to yours, the signature of which makes it very clear.
Anything has to be better than FF. ::)
-
What started as a question asked by YellowFox now seems to have turned into a
battle royal between Dch48 and FreewheelinFrank.
Maybe it's time to get back on topic ???
-
Hi bob3160,
I agree with you here we better should get back on topic. But apart from that I found this Dch48 versus FwF intermezzo very educating, because it "explores" sorry for that word, the duality of the way users from these two "camps" look against and appreciate browsers and browser software. The way Dch48 and FwF expose their differences is profound to a point where it almost gets "painful" - everybody can now decide where he stands. I would not have liked to have missed it as it again stressed some points for me and also presented these in a different way. Thank you Dch4 and FwF for that,
polonus
-
What would you say to this guy? Nobody visits your site anyway?
Ever since the release of Internet Explorer 9, we (and other smaller sites) have been plagued by visitors who, when they attempt to download our stationery files, see a strong warning in Internet Explorer 9 about downloading and installing our files. This is worrisome. Even visitors who have been downloading our stationery for over a decade are writing and expressing their concern about the safety of our files
Since it is by admission a small site that few people visit, it hardly represents the overall browsing experience.
I see no figures given by Microsoft as to a false positive percentage and I also say there are no politics involved.
My statements are based on a wider sampling than just a few minor sites and not only on my own experience.
I agree that this needs to end so I'm done with this particular thread. My opinions and preferences remain unchanged though. As I have said before, I refuse to let the malware writing scum dictate how I use my computer so I will continue to use things I like and find convenient. I will browse with IE and I will not disable things like Autorun, UPnP, Flash, and Java just because of a remote possibility they could be compromised, I trust Microsoft and the others to patch vulnerabilities like they always have in the past.
-
What would you say to this guy? Nobody visits your site anyway?
Ever since the release of Internet Explorer 9, we (and other smaller sites) have been plagued by visitors who, when they attempt to download our stationery files, see a strong warning in Internet Explorer 9 about downloading and installing our files. This is worrisome. Even visitors who have been downloading our stationery for over a decade are writing and expressing their concern about the safety of our files
Since it is by admission a small site that few people visit, it hardly represents the overall browsing experience.
I see no figures given by Microsoft as to a false positive percentage and I also say there are no politics involved.
My statements are based on a wider sampling than just a few minor sites and not only on my own experience.
I agree that this needs to end so I'm done with this particular thread. My opinions and preferences remain unchanged though. As I have said before, I refuse to let the malware writing scum dictate how I use my computer so I will continue to use things I like and find convenient. I will browse with IE and I will not disable things like Autorun, UPnP, Flash, and Java just because of a remote possibility they could be compromised, I trust Microsoft and the others to patch vulnerabilities like they always have in the past.
Here's the link, as you were unable to find it on the Sophos blog:
http://blogs.msdn.com/b/ie/archive/2011/05/17/smartscreen-174-application-reputation-in-ie9.aspx
On any given day, clicking through the “unknown warning” carries a risk between 25% and 70% of malware infection
So 30-75% of the time, when you see a warning, it's a false positive, by Microsoft's admission.
Since it is by admission a small site that few people visit, it hardly represents the overall browsing experience.
Is this really the attitude you would take if Firefox or Chrome did something like this? Like I said, I'm pretty sure you'd be screaming blue murder.
-
Quote
On any given day, clicking through the “unknown warning” carries a risk between 25% and 70% of malware infection
So 30-75% of the time, when you see a warning, it's a false positive, by Microsoft's admission.
That's your proof? That's a very interesting twist you take on something that actually proves how good the system is. This is only for new and unknown things that don't have a sufficient reputation built up. Many of the modern security suites will also flag those things as suspicious, including Norton and Comodo. I do not see that as a problem at all. Especially since you can ignore the warning for things you know to be safe. I'd rather get those warnings than not. It is not a positive detection, false or otherwise. Nothing gets automatically fully blocked by SmartScreen unless it is definitely known to be bad.
Microsoft's official position is that SmartScreen is extremely accurate and actual false positives (full blocks) are extremely unlikely.
-
Can we please get back on topic ???
-
I made this thread for use on saying some good addons for Chrome and Firefox not for starting the mother of all flamewars. Weather IE is good or not doesn't matter this isn't meant for arguments it's meant for talking about good things you can add to your browser to help with productivity and security. No-Script is good but is there anything better that doesn't slow browsing so drastically also is there anything for chrome that does the same sort of thing?
-
also is there anything for chrome that does the same sort of thing?
ScriptNo does a similar job with Chrome.
-
ScriptSafe https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf/details?hl=en
is evolution of former ScriptNo / NotScripts
see earlier answer in this thread http://forum.avast.com/index.php?topic=122698.msg934541#msg934541