Author Topic: Trying to understand Tracking  (Read 19307 times)

0 Members and 1 Guest are viewing this topic.

Offline digmor crusher

  • Sr. Member
  • ****
  • Posts: 211
Re: Trying to understand Tracking
« Reply #30 on: February 25, 2014, 11:37:43 PM »
I use Trafficlight, Ghostery, AdBlock Plus and LastPass in Chrome with no browser slowdowns.

Offline -midnight

  • Massive Poster
  • ****
  • Posts: 2406
Re: Trying to understand Tracking
« Reply #31 on: February 26, 2014, 12:41:07 AM »
The FF extensions I use don't make my browser run slow.

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33332
  • malware fighter
Re: Trying to understand Tracking
« Reply #32 on: February 26, 2014, 01:14:46 AM »
Hi -midnight,

It is OK, use the extensions as they are kind of road signs - red means do not click further - not safe and secure, if in doubt go to virus and worms sector on our forums and ask polonus for an analysis. He is glad to comply. One red from for instance Bitdefender TrafficLight and all other extensions green. Not worth the risk to venture out there and/or click that link. I rather take Bitdefender's advice, and in most cases they block for a good reason. Better safe than sorry, don't you think so? You are learning fast now, let us proceed.

All greens and then you may go on on Interwebs highway. Green means proceed with what you planned to click. Or cut and paste and scan first when it feels phishy or you are not quite quite sure. ! When you found all is OK you can click through and feel sure sure.

So you use the results of these extensions as a sort of indicators/ road signs to go by and know whether to click on or not.

Got all this so far? The main news has already arrived then.  ;)

Your extensions in FF are automatically updated and insecure extensions are thrown out by FF developers. So feel safe, despite what other say.  :P

Now some advice on DrWeb's url checker's versatility. Green is OK - Red is danger - Violet/Purple means suspicion!
Now read carefully and look for this step by step and take your time to learn.
I take you by the hand now and will lead you through the extension's possibilities. Awesome really.

DrWeb's link checker will tell you on a page what trackers are being blocked -
what social network plug-ins were being blocked -
Flash in plugs can be allowed by default or blocked by you.
Same goes for Ads on the page and last but not least it has a manual blocking mode.

I have that all sitting in my Googler Chrome browser,
sitting there  in the browser bar -right over the browser page -
quite nearby when I am on a specific site-page and for that site I can use the features of it. 

So a bit of exercise and midnight's browser will stay as clean as a whistle.

Enjoy,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline -midnight

  • Massive Poster
  • ****
  • Posts: 2406
Re: Trying to understand Tracking
« Reply #33 on: February 26, 2014, 01:55:04 AM »
Hi -midnight,

It is OK, use the extensions as they are kind of road signs - red means do not click further - not safe and secure, if in doubt go to virus and worms sector on our forums and ask polonus for an analysis. He is glad to comply. One red from for instance Bitdefender TrafficLight and all other extensions green. Not worth the risk to venture out there and/or click that link. I rather take Bitdefender's advice, and in most cases they block for a good reason. Better safe than sorry, don't you think so? You are learning fast now, let us proceed.

All greens and then you may go on on Interwebs highway. Green means proceed with what you planned to click. Or cut and paste and scan first when it feels phishy or you are not quite quite sure. ! When you found all is OK you can click through and feel sure sure.

So you use the results of these extensions as a sort of indicators/ road signs to go by and know whether to click on or not.

Got all this so far? The main news has already arrived then.  ;)

Your extensions in FF are automatically updated and insecure extensions are thrown out by FF developers. So feel safe, despite what other say.  :P

Now some advice on DrWeb's url checker's versatility. Green is OK - Red is danger - Violet/Purple means suspicion!
Now read carefully and look for this step by step and take your time to learn.
I take you by the hand now and will lead you through the extension's possibilities. Awesome really.

DrWeb's link checker will tell you on a page what trackers are being blocked -
what social network plug-ins were being blocked -
Flash in plugs can be allowed by default or blocked by you.
Same goes for Ads on the page and last but not least it has a manual blocking mode.

I have that all sitting in my Googler Chrome browser,
sitting there  in the browser bar -right over the browser page -
quite nearby when I am on a specific site-page and for that site I can use the features of it. 

So a bit of exercise and midnight's browser will stay as clean as a whistle.

Enjoy,

polonus

polonus,

Thanks for the info about the different extensions.
 

-midnight
« Last Edit: February 26, 2014, 12:45:56 PM by -midnight »

Offline Charyb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2434
Re: Trying to understand Tracking
« Reply #34 on: February 26, 2014, 04:58:29 AM »

Your extensions in FF are automatically updated and insecure extensions are thrown out by FF developers. So feel safe, despite what other say.  :P

What do you mean by this? Specifically, "despite what other say."??

We should let the users decide by research and gaining knowledge and not relying on the opinions of the few.

This is lengthy and mentions avast SafeZone, LastPass extension, etc.
http://www.pcadvisor.co.uk/news/security/3470806/malicious-browser-extensions-pose-a-serious-threat-and-defenses-are-lacking/

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7078
  • When you think you know, Think Again
Re: Trying to understand Tracking
« Reply #35 on: February 26, 2014, 05:10:34 AM »

Your extensions in FF are automatically updated and insecure extensions are thrown out by FF developers. So feel safe, despite what other say.  :P

What do you mean by this? Specifically, "despite what other say."??

We should let the users decide by research and gaining knowledge and not relying on the opinions of the few.

This is lengthy and mentions avast SafeZone, LastPass extension, etc.
http://www.pcadvisor.co.uk/news/security/3470806/malicious-browser-extensions-pose-a-serious-threat-and-defenses-are-lacking/

Yup, that's a good read.
Thnx for the link ;)
***HP ENVY 15K LT W10 Pro 21H1 64Bit/750GB HD/16GB Ram/Avast Premium 21.9.2493b/Secureline VPN v.5.12.5699b/ADU v.21.3b/ASB v.94.0b/SANDBOXIE-plus/MailWasherPRO
**HP Compaq 8510p LT W10 Pro 20H2 64Bit/1TB HD/8GB Ram/WD/ADU v.21.3b/SANDBOXIE/MailWasherPRO/HotSpot Shield
     
RIP*Dell Inspiron XPsp4 PRO 32Bit/Avast(since 2002)18.8.2356/WP/Comodo FW 3.14/Secureline/Comodo IceDragon v.40
LAYERED SECURITY SOFTWARE

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33332
  • malware fighter
Re: Trying to understand Tracking
« Reply #36 on: February 26, 2014, 03:53:04 PM »
Hi schmidthouse,

I already went through -midnight's extension-list in FF and the ones she mentioned were all legit ones. The only one I frowned upon was the Bitdefender Quick Scan, because it is like McAfee's Security Scan Plus foist-scare-ware and trying to lure users into trying/buying their av solutions. Click & Clean also pushes Bitdefender's Quick Scan, so we can frown on that extension too. I hate this fashion really, but avast! is pushing and recommending Google Chrome downloads also. I hope midnight will not install obscure extensions and always ask us first. That is why we are having this here forums to inform each other and stand on each other's shoulder - infowise. So yesterday's victim can help out tomorrow's victim in a sense.

I like DrWeb's extension because it gives you a possibility to allow or block per site. Now the problem for new users is what to block and what not to block.
Shakespeare did not have that problem in his days, but we might have. Learn what to steer clear from and that is half of the job.

Good browser developers got that wise that they block java now as by default and let users only use it when there is an absolute need for it.
But sometimes users do not know what extensions they really need.

I like to check on SSL security so in Google Chrome I can use Recx Security Analyzer and Netcraft Extension. In firefox I use Calomel SSL validation extension and checking a https-site I saw they had really weak security and an extended certificate and no forward security installed. So you see even a lot of banks are not using best security procedures. A lot of website security and server security if analyzed will really bring plenty of tears to your eyes - where ignorance, unprofessionalism, lack of common knowledge, arrogance and sloppiness go hand in hand to create a vulnerable insecure brew and of-course attackers and malcreants then come to feast on that, like vultures come to their prey.

So yes the Interwebs are pn*w*d and all, including some mal-extensions that are broken, but not everything is insecure. Let us not preach panic or paranoia. As with the java plug-in I hope browser developers will block insecure extensions and not only block adblocker-settings because they interfere with their ad-earning-schemes (Google's monopoly on Mobile banned ABP-downloads for instance).

polonus
« Last Edit: February 26, 2014, 03:57:34 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline -midnight

  • Massive Poster
  • ****
  • Posts: 2406
Re: Trying to understand Tracking
« Reply #37 on: February 26, 2014, 05:15:04 PM »

Your extensions in FF are automatically updated and insecure extensions are thrown out by FF developers. So feel safe, despite what other say.  :P

What do you mean by this? Specifically, "despite what other say."??

We should let the users decide by research and gaining knowledge and not relying on the opinions of the few.

This is lengthy and mentions avast SafeZone, LastPass extension, etc.
http://www.pcadvisor.co.uk/news/security/3470806/malicious-browser-extensions-pose-a-serious-threat-and-defenses-are-lacking/

If polonus tells me an extension is safe I'll keep it, if he says it's not safe I'll remove it, just as I did with Bitdefender's Quick Scan yesterday.  Should he tell me I should remove another extension I will. 

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6711
  • Trust only what you test yourself!
Re: Trying to understand Tracking
« Reply #38 on: February 26, 2014, 05:28:10 PM »

Your extensions in FF are automatically updated and insecure extensions are thrown out by FF developers. So feel safe, despite what other say.  :P

What do you mean by this? Specifically, "despite what other say."??

We should let the users decide by research and gaining knowledge and not relying on the opinions of the few.

This is lengthy and mentions avast SafeZone, LastPass extension, etc.
http://www.pcadvisor.co.uk/news/security/3470806/malicious-browser-extensions-pose-a-serious-threat-and-defenses-are-lacking/

If polonus tells me an extension is safe I'll keep it, if he says it's not safe I'll remove it, just as I did with Bitdefender's Quick Scan yesterday.  Should he tell me I should remove another extension I will.

Good for you! Take good advice then put it into action.  8)
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33332
  • malware fighter
Re: Trying to understand Tracking
« Reply #39 on: February 26, 2014, 05:42:23 PM »
Hi Para-Noid,

Well it was not for nothing that Google had announced that they were going to block installation of apps in Chrome from outside the Chrome Web Store.
There were also plenty of security reasons for this move. See all the issues with LastPass to comply with Google rules  :D

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Charyb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2434
Re: Trying to understand Tracking
« Reply #40 on: February 26, 2014, 05:50:47 PM »
If polonus tells me an extension is safe I'll keep it, if he says it's not safe I'll remove it, just as I did with Bitdefender's Quick Scan yesterday.  Should he tell me I should remove another extension I will.
I believe polonus gives great advice. Do I believe that one advice is a perfect fit for another? Does one shoe fit all? No.

Have you ever wondered why avast created the SafeZone for browsing which excludes extensions?

Please read here regarding critical thinking. http://www.criticalthinking.org/pages/defining-critical-thinking/766
« Last Edit: February 26, 2014, 06:00:54 PM by Charyb »

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33332
  • malware fighter
Re: Trying to understand Tracking
« Reply #41 on: February 26, 2014, 06:06:54 PM »
Hi good friends Para-Noid and Charyb,

Everything can be abused or be another attack point for hackers. Life is dangerous period, the final outcome is the only certainty we all have.  :-X
Life is only a little more secure when you have your feet hidden under the table and do not move out or around. Bit boring to me.
Quote
Modify a legitimate add-on to perform unauthorized actions. FFSpy is a proof of concept that illustrates how this can be accomplished. This involves editing NoScript’s XUL overlay file and the altered add-on can be made to intercept HTTP requests and to report data posted through HTML forms, such as a user credentials, to a remote server.
  -> http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=218725
Quote taken from Siva Ram.
But I again haven't heard such a scenario for the run of the mill security add-ons, that a hacker was able to replace the legitimate add-on files with modified ones that contained malware. They soon would have found out, wouldn't they?
Do you have an example? So I strongly feel DrWeb's link checker, WOT and Bitdefender's TrafficLight to be secure extensions. Well in the sense as I put it to -midnight there.
I always download the add-on onto my computer download file first via another browser, scan it good and then reopen the xpi file into the firefox browser from there to install.
Again trust no-one and check everything, once bitten twice shy!

polonus
« Last Edit: February 26, 2014, 06:09:41 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Charyb

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2434
Re: Trying to understand Tracking
« Reply #42 on: February 26, 2014, 06:21:30 PM »
My point is a blanket statement regarding extensions.

For example (posted earlier):
From Trend Micro which was posted January 7, 2014.

http://blog.trendmicro.com/mozilla-firefox-exploit-enlists-pcs-advanced-botnet/

"An exploit in Mozilla Firefox may be enlisting thousands of PCs into a botnet that scours the Web for vulnerable pages that can be targeted later on by automated SQL injection attacks. The issue is a malicious Firefox extension that masquerades as a legitimate add-on. Although discovered only recently, the botnet may have been active since May 2013."

According to Trend Micro, this exploit may have been active for over 6 months.

« Last Edit: February 26, 2014, 06:26:52 PM by Charyb »

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6711
  • Trust only what you test yourself!
Re: Trying to understand Tracking
« Reply #43 on: February 26, 2014, 06:25:34 PM »
@ Charyb I agree "one size does not fit all", however the tools/extensions polonus suggested are
safe. Personally I don't think much of either WOT or Webutation. To me they are more or less based
on popularity and are not security based. I put trust in the online scanners which have proven to be
more security minded. The scanners I use dig a lot deeper than anything like WOT and Webutation
could ever dream of.

But as to -midnight and her present needs the ones polonus suggested are plenty safe for her.  8)
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6711
  • Trust only what you test yourself!
Re: Trying to understand Tracking
« Reply #44 on: February 26, 2014, 06:27:08 PM »
My point is a blanket statement regarding extensions.

For example (posted earlier):
From Trend Micro which was posted January 7, 2014.

http://blog.trendmicro.com/mozilla-firefox-exploit-enlists-pcs-advanced-botnet/

"An exploit in Mozilla Firefox may be enlisting thousands of PCs into a botnet that scours the Web for vulnerable pages that can be targeted later on by automated SQL injection attacks. The issue is a malicious Firefox extension that masquerades as a legitimate add-on. Although discovered only recently, the botnet may have been active since May 2013."

According to Trend Micro, this exploit may have been active for over 6 months.

Could this not be said for "any" open source software?
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.