Author Topic: Browser's In General.  (Read 31068 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33441
  • malware fighter
Re: Browser's In General.
« Reply #45 on: May 05, 2013, 12:52:07 AM »
Hi Dch48,

But all these scanning formula's are scanning after the fact. It is not for nothing that avast brought shield scanning to the browser. But also this detection in real time and blocking depends on what is implemented and not. Good example is a lot what avast! detects is not detected by DrWeb's and v.v. Sometimes a scan is flagged but the malware is already taken down or not responding, but also the opposite will produce missed detections. In some browsers (not IE) we have the google safebrowsing alerting not to visit certain pages. In IE a lot is scanned by Windows Defender in the background (see your event viewer for details like %%807 alerts). Blocklists are as good as those that produce them. So scanning is running behind the actual facts.
NoScript and ScriptSafe is not because it always protects under all circumstances and for all script malware. Normally a lot of bad iframe malcode and malicious obfuscated code is being missed, NoScript cannot miss as it blocks this. But there are users that cannot make themselves use this extension, so be it.
Let them do a full scan of the browser file location after aa browser session has ended, avast! finds a lot that way, and regularly empty the browser cache.
The only alternative that I can see that equals remotely browser script blocking of suspicious and remote scripts is working the browser in a sandbox and or VM (certainly for risky browsing) to be able empty the sandbox as if the browser session never existed...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Dch48

  • Guest
Re: Browser's In General.
« Reply #46 on: May 05, 2013, 04:40:07 AM »
IE has the Smart Screen Filter which does a very good job of filtering out bad websites and downloads. Many reviews are rating the new IE versions as the most secure of all the browsers.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Browser's In General.
« Reply #47 on: May 05, 2013, 04:49:13 AM »
IE10 still doesn't support many HTML5 and CSS3 features that were implemented in legacy versions of Chrome and Firefox.

Take WebGL for example: http://caniuse.com/webgl

~!Donovan
« Last Edit: May 05, 2013, 05:01:38 AM by !Donovan »
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Browser's In General.
« Reply #48 on: May 05, 2013, 08:48:13 AM »
IE has the Smart Screen Filter which does a very good job of filtering out bad websites and downloads. Many reviews are rating the new IE versions as the most secure of all the browsers.

Yes, if you're happy with Microsoft looking at every web site you visit, but there's also evidence that it blocks too many legitimate downloads.

http://dontsurfinthenude.blogspot.co.uk/2011/08/microsofts-bad-reputations.html
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33441
  • malware fighter
Re: Browser's In General.
« Reply #49 on: May 05, 2013, 12:31:00 PM »
Hi FwF,

How would a SmartScreen-filter timely react on/in the everchanging and mitigating abuse landscape? It could only predict the notorious baddies with a long lasting reputation and some found in real time (see Virus Watch everchanging archives to get a good picture of these mitigations). Websites suspicion status can change faster sometimes than trafficlights go (Under 15 minutes and not always over  1360 hours), so if there is no real time protection it is just always running behind the actual facts and leaving open quite a jar of the so-called vulnerability window putting the browser users at risk. Even with pre-scanning and other blocklist scanning in place protection might not be optimal. Agree with Dch48 that the actual chance of getting infected with fully patched and updated software is remote, but fullproof protection is not being achieved.
Again I think that handling a script blocker is not that complicated as some here want to let us believe. Checking would give out what we should visit with care, e.g.: http://scanurl.net/?u=webapp19.emsecure.net&uesb=Check+This+URL#results
Besides it is a good thing that users are aware of the possible insecurity of javascript as it is the royal route by which malware comes into your computer and there is not that much that should be actually blocked (only script that goes to bad places like malcreant's sites, cybercriminal's bases and profile profit manipulator'sites for click & spam & other fraud and forwarders of misleading info...).
The difference is that SmartScreenFilter is part of cloud-based "old paradigm" protection and script blocking is solid and always up to the job it has to perform, namely to stop potentially dangerous script from running in the browser.....

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33441
  • malware fighter
Re: Browser's In General.
« Reply #50 on: May 05, 2013, 01:59:23 PM »
A step up to know what to block and unblock NoScript can be found here at Grabpage.info. You neatly get internal links and external links summed up, links without txt and repeating URLs. Let us take an example, at enter url we give a random site, e.g. -http://www.gundula-bussler.de
and get the results as fiollows: http://grabpage.info/h/www.gundula-bussler.de
So when going to -www.gundula-bussler.de we can with NoScript temporarily allow -www.gundula-bussler.de and some txt on screen  is unblocked ...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Dch48

  • Guest
Re: Browser's In General.
« Reply #51 on: May 05, 2013, 04:29:29 PM »
IE10 still doesn't support many HTML5 and CSS3 features that were implemented in legacy versions of Chrome and Firefox.

Take WebGL for example: http://caniuse.com/webgl

~!Donovan
I really couldn't care less about those things.

Dch48

  • Guest
Re: Browser's In General.
« Reply #52 on: May 05, 2013, 04:34:01 PM »
IE has the Smart Screen Filter which does a very good job of filtering out bad websites and downloads. Many reviews are rating the new IE versions as the most secure of all the browsers.

Yes, if you're happy with Microsoft looking at every web site you visit, but there's also evidence that it blocks too many legitimate downloads.

http://dontsurfinthenude.blogspot.co.uk/2011/08/microsofts-bad-reputations.html
I've never had anything like that happen and even if it does, you can choose to ignore the warning.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Browser's In General.
« Reply #53 on: May 05, 2013, 05:09:43 PM »
IE has the Smart Screen Filter which does a very good job of filtering out bad websites and downloads. Many reviews are rating the new IE versions as the most secure of all the browsers.

Yes, if you're happy with Microsoft looking at every web site you visit, but there's also evidence that it blocks too many legitimate downloads.

http://dontsurfinthenude.blogspot.co.uk/2011/08/microsofts-bad-reputations.html
I've never had anything like that happen and even if it does, you can choose to ignore the warning.

1) If 30-75% of warnings are false positives, users get into the habit of ignoring the warning, which is not good for security.

2) A 30-75% false positive rate would be totally unacceptable for an anti-virus program, and if avast was falsely detecting that number of legitimate files as malware, users would be screaming blue murder.

3) Microsoft is gaining its rating as "most secure" by damaging the business of legitimate web sites by wrongly flagging their files as malware. If Firefox did this, you'd be screaming blue murder.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33441
  • malware fighter
Re: Browser's In General.
« Reply #54 on: May 05, 2013, 05:16:55 PM »
Hi FwF,

This attitude can be explained easily. User intervention is looked upon as a "drag", the browser and OS should come "idiot proof" and with all security under the hood. If these expectations are not being met, we look for causes elsewhere, but never question our "plastic world of instant solutions" as we have been trained to believe in. I believed that when I was a minor, but not now at over 65 - I gave that up. But some people are like that  and only take for granted what is advertised on TV. This is taken as the word of G*d and all what other say cannot be true and simply should be ignored...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Dch48

  • Guest
Re: Browser's In General.
« Reply #55 on: May 05, 2013, 07:21:07 PM »
IE has the Smart Screen Filter which does a very good job of filtering out bad websites and downloads. Many reviews are rating the new IE versions as the most secure of all the browsers.

Yes, if you're happy with Microsoft looking at every web site you visit, but there's also evidence that it blocks too many legitimate downloads.

http://dontsurfinthenude.blogspot.co.uk/2011/08/microsofts-bad-reputations.html
I've never had anything like that happen and even if it does, you can choose to ignore the warning.

1) If 30-75% of warnings are false positives, users get into the habit of ignoring the warning, which is not good for security.

2) A 30-75% false positive rate would be totally unacceptable for an anti-virus program, and if avast was falsely detecting that number of legitimate files as malware, users would be screaming blue murder.

3) Microsoft is gaining its rating as "most secure" by damaging the business of legitimate web sites by wrongly flagging their files as malware. If Firefox did this, you'd be screaming blue murder.
I don't believe for one second that the false positive rate is anywhere near that high. I doubt if overall, it even hits 10%. The article posted only talks about a very limited number of sites. Sites that most people would never visit in the first place.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Browser's In General.
« Reply #56 on: May 05, 2013, 07:59:35 PM »
IE has the Smart Screen Filter which does a very good job of filtering out bad websites and downloads. Many reviews are rating the new IE versions as the most secure of all the browsers.

Yes, if you're happy with Microsoft looking at every web site you visit, but there's also evidence that it blocks too many legitimate downloads.

http://dontsurfinthenude.blogspot.co.uk/2011/08/microsofts-bad-reputations.html
I've never had anything like that happen and even if it does, you can choose to ignore the warning.

1) If 30-75% of warnings are false positives, users get into the habit of ignoring the warning, which is not good for security.

2) A 30-75% false positive rate would be totally unacceptable for an anti-virus program, and if avast was falsely detecting that number of legitimate files as malware, users would be screaming blue murder.

3) Microsoft is gaining its rating as "most secure" by damaging the business of legitimate web sites by wrongly flagging their files as malware. If Firefox did this, you'd be screaming blue murder.
I don't believe for one second that the false positive rate is anywhere near that high. I doubt if overall, it even hits 10%. The article posted only talks about a very limited number of sites. Sites that most people would never visit in the first place.

Frankly what you believe emerges from your own posterior.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Dch48

  • Guest
Re: Browser's In General.
« Reply #57 on: May 06, 2013, 01:04:28 AM »
IE has the Smart Screen Filter which does a very good job of filtering out bad websites and downloads. Many reviews are rating the new IE versions as the most secure of all the browsers.

Yes, if you're happy with Microsoft looking at every web site you visit, but there's also evidence that it blocks too many legitimate downloads.

http://dontsurfinthenude.blogspot.co.uk/2011/08/microsofts-bad-reputations.html
I've never had anything like that happen and even if it does, you can choose to ignore the warning.

1) If 30-75% of warnings are false positives, users get into the habit of ignoring the warning, which is not good for security.

2) A 30-75% false positive rate would be totally unacceptable for an anti-virus program, and if avast was falsely detecting that number of legitimate files as malware, users would be screaming blue murder.

3) Microsoft is gaining its rating as "most secure" by damaging the business of legitimate web sites by wrongly flagging their files as malware. If Firefox did this, you'd be screaming blue murder.
I don't believe for one second that the false positive rate is anywhere near that high. I doubt if overall, it even hits 10%. The article posted only talks about a very limited number of sites. Sites that most people would never visit in the first place.

Frankly what you believe emerges from your own posterior.
Was that really called for? I request moderator action here. At least a warning.

Dch48

  • Guest
Re: Browser's In General.
« Reply #58 on: May 06, 2013, 01:29:35 AM »
I searched for other info regarding false positives by the SmartScreen filter and everything I find says it's unlikely and happens only occasionally, certainly not 30% of the time. I personally have only seen it happen for things that are brand new and unsigned. I don't consider that a problem at all since Comodo will also automatically sandbox things like that.  Even Norton would flag such things as suspicious.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2219
    • The WAR Against Malware
Re: Browser's In General.
« Reply #59 on: May 06, 2013, 01:38:18 AM »
Even Norton would flag such things as suspicious.

I second this.

Some installers are flagged as suspicious simply because they aren't widely downloaded by Norton users.

~!Donovan
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."