Does anyone use the Excite.com startpage portal?

[bob3160]

The actual warnings didn't come from by but through others pointing you to links that showed the dangers of using
what you seem to want to promote.
I think you've gotten all the answers and warnings. Heading them is up to you. It is your computer.
I'm finished with this topic which has gone way beyond it's needed length.

[polonus]

Hi bob3160 and laksrool,

Going into denial mode won't work here as there is now another malicious external link detected via the latest realtime Zulu Zscaler scan: htxp://imgfarm.com/ex/excite.ico   link   Malicious
Two detections here: https://www.virustotal.com/nl/url/fac24ba63f394f55a623b8bc4e1a3c138501b35dde24aa3b399a231b3d23a12e/analysis/
Weight Watchers tracking going on.
WOT flags this with two reds: https://www.mywot.com/en/scorecard/imgfarm.com?utm_source=addon&utm_content=popup
Listed at Malware patrol.
Phishing and Scams galore!
This one has not been cleansed yet: htxp://ak.imgfarm.com/images/anx/anemone-1.2.7.js   script   Malicious

Verdict the website staff at Excite dot com should clean up their act and protect their visitors from clicking such external links period.

@bob3160 - what more arguments do we need to find to warn to  shun that site until the scan reports come up crystal clear?

@laksrool - do not defend these actors on your favorite start page but abuse mail them that there are malicious external links detected on their website. One of the website they link to carries the risk of infection with viruses/‘driveby’ downloads/Trojans/backdoor bots, rogue programs (PUP’s)  If their website was attacked and hacked, it is their responsbility to mitigate that threat.

polonus

[lakrsrool]

polonus - I've added Umatrix to Chrome, which I frankly don't understand at all how to use it and what it's doing is disabling all useful icons and illustrative images on my page.

I'm no different than the next guy and of course by all means want to stay safe, but if it means disabling a website to the point meaningful icons and other images that are frankly inherently necessary to the web page, then there must be a better way.

I always had "NoScript" block "imgfarm.com" in FF (since adding Noscript about 8-10 months ago) and I have a useful load of the page with all necessary icons and images loading just fine.

The way the page looks in Chrome using Umatrix, while undoubtedly safe it frankly looks like crap and much of the page cannot even be used appropriately by the user.

I tried the "Scriptblock" Chrome extension and it's even worse seems like it's either all or nothing, block the entire website or don't block anything at all.  As to "Scriptsafe", the reviews weren't that good many of which complained that it's not nearly as effective or workable as the FF "NoScript" that apparently is an extension that Chrome offered at one time but now no longer offers.

If I could figure out how to have all of my icons and images load using Umatrix, then I'd go with that extension, but I can't see a way to accomplish this using this extension.

I've enabled it because you've got me so paranoid (even though, I've never had any infections using the page for 20 years now).

At least, the fact that I usually only use FF helps since it works well with "NoScript".

[lakrsrool]

OK, looking into it further, it is the "ak.imgfarm.com" site that Umatrix has to allow for the web page to be reasonably useful.  So I see the problem.  What is interesting is that "NoScript" is blocking "imgfarm.com" but apparently must be allowing "ak.imgfarm.com" because all the necessary icons and images do display in FF using "NoScript" and we find that "NoScript" doesn't even provide a way to block "ak.imgfarm.com" apparently as this is not listed.

What I also find very curious is that when checking Excite.com using ScamAdviser Excite.com comes up 100% SAFE yet when you check individual elements of Excite.com i.e. "ak.imgfarm.com" using ScamAdvisor it comes up the exact opposite 0% SAFE

So I have a question, what is the method that this "malware" infects ones computer?

Thanks to polonus providing valuable information we find out that "http://imgfarm.com/ex/excite.ico" is rated as "malware" on the Virus Total when checking this site.

So what would mean is that I've been using a startpage that is essentially a product of "malware" because these images have been a part of that webpage since it's inception.  So based on this every time I've been on the Internet I've at all times always had a "malware" site on my computer the entire time I've used the web (and on the web probably 8-10+ hours a day).

So then since I've never been infected, or at least I see no ill-effects and the "software Removal Tool" for Chrome found nothing, how is this possible?

Or are we talking about a "potential" risk via an attacker that can exploit this "malware" website so it's just a matter of luck.

I ask because I've always thought in terms that a "malware" site is something designed to inherently attach the computer as this the the purpose of the "malware site".

But if it's instead a risk of a hacker exploiting the site because it is easily hacked then can't security applications prevent this from occurring i.e. AV applications and/or Firewalls etc?

Bottom line, I've never considered myself very lucky in the least, and if I've been using a website that amounts to essentially "malware" for 20 years now it frankly seems odd that I've never had a problem all of this time.

[polonus]

@all reading this thread,

About the use of Umatrix. The issues that should be blocked are blocked as by default in the extension. Sometimes you should unblock certain red marked default items to get full functionality of a particular page (consider the risk involved and jump when you think you can leap) - the great thing about the extension is you can additionally block items on the website after you have made a decision what should be additionally blocked. Just like with NoScript you should know where and how to grant access (allow). For advanced users you get almost complete security control that way - as all scripts are also being blocked by ScriptSafe by default (allow what you need for functionality on a known potentially secure page). When in doubt report here in the forums and we will find ways to give you some full report on what security/insecurity status a page has (at that moment) to the best of our knowledge from third party cold reconnaissance scanning results. For this Avast forum page where I add this posting in this very thread  unblocked is forum.avast.com with 1 cookie, 1 css, 43 images, 2 scripts (green).

Blocked by Default is the tracking from google on google-analytics dot com and 1 script from www.google-analytics.com (a script you may allow as avast uses the info for user protection info purposes, while on the other hand google sits on that very data heap). 

You want facts about in-browser security and how to bring that forward, we try to give you these facts from our years of experience as a volunteer website security analyst (with  profound thanks to all here that help me achieving this, and those that do know who I mean here).

polonus

[lakrsrool]

Absolutely correct that just about any website on the net will need a good portion of adjustments made using various script blockers just to get the site to even work at all. 

A good example involves just the simple website "mapquest" which if using "Umatrix" will need 9 scripts enabled just so the website works that are blocked by default using "Umatrix" and of course unless you want to always have to enable these 9 scripts every time you use "mapquest" when you find it's not working at all you'll want to "lock" this "temporary" setting in for that site (scope) so next time the site works up front.  Obviously it can be very time consuming surfing the web just to try and be safe and to be honest far to daunting for the "casual" user, but that's the way of it unfortunately.  There is frankly a lot of trial and error just to find out what needs to be enabled and what doesn't need to be enabled as far as all the blocked items.

After awhile you get to the point you want to just enable them all for the time being to just get done what you want done at the time.  This is to some degree the advantage using the FF "NoScript" which allows the user to either "temporarily" enable specific items but more importantly as risky as it might be when sites have literally dozens upon dozens of blocked sites the user can "temporarily" enable "all this page" with just one click which of course is not necessarily very SAFE and as such probably not advisable but at times I find myself doing this now and then just to accomplish something I need quickly in the knowledge that the setting is just "temporary" and will revert back later.  Of course on can enable all the sites in "Umatrix" but it's more time consuming because each needs to be enable individually in groups, which in some ways maybe arguably better because it conceivably forces the user to be more safe with less global automation at their fingertips.  The Chrome "Umatrix" does have a nice feel about it as well however.  I also find that "Umatrix" will default a lot as enabled so in some cases websites will be more functional than other script blockers that block everything from the start by default, but then safety is the trade off I suppose.  All this security frankly takes a lot of fun out of surfing the web for the "casual" user which clearly makes these script blockers seem annoying to these these type of users not to mention totally confusing in many respects as well. 

I would add one last thing that's nice about the FF "NoScript" and that is the user can "middle click" any blocked site and get 6 different security reports on that site which can then be "enabled" or not on that page which is a helpful feature provided by the FF "NoScript".  Also even if you want to Allow "all scripts globally" (not at all advised), or your just Allowing "all this page" for the time being "NoScript" still retains several areas of security anyway like in the case of Anti-XSS protection, HTTPS enforcement, Clickjacking protection and ABE which are all still in effect regardless which is another helpful feature of the FF "NoScript".

[polonus]

First and foremost, script blockers are good instruments in the hands of those that know what sites to block or rather keep blocked and NOT use the full functionality there. The rule should be leave all blocked until proven to be secure to unblock or known to be safe.
And how would one know where one could toggle and where not. There are many indicators as where to not venture out. I see a site alerted by Google Safebrowsing and/or Yandex blacklisted, I am interested to know why (that is why I do what I do), but I decide to not go there directly or circumvent the Google blocking, also when Google says my connection is not private and attackers try to intervene, I won't go out there and nicely keep such sites blocked. ScriptSafe red, Umatrix enabled. Lift third party links only if you know these sites to be clean, curiosity killed many a cat.
Now sometimes with a clean site we have to allow some additional functionality to make that site function. At urlquery net for instance you have to allow google-analytics.com else you will not get the scan results. This Norse scan site may have issues as I find: HTTP Server: Apache HTTP Server 2.2.22 (Outdated)
Operating System: Ubuntu 12.10 (Quantal Quetzal) (Unsupported)
PHP Version: 5.4.6-1ubuntu1.8 (Outdated)
This indication does not need to be the final word as some website admins put out an outdated server version to mislead eventual attackers. But on all instances it is a better server policy just to make the server header version and other extensive info is not spread globally and to hackers, and whenever a website or server admin knows what he is doing he knows how to adjust his server configuration. Alas many do not, are incompetent securitywise and this means a threat to the website visitors and themselves. There is more to this than one would think. Whenever I see a warning for a website because of malware, scam, fraud, phishing from WOT and very much when there is a user report from someone who knows what he/she is reporting or from third party listing (malware resources) I won't even consider visiting such a site. Red ball from Bitdefender, don't even try to go there, DrWeb URL link checker detections, a big no-no. Sites on their malicious website list, do not venture out there.
And the Avast block when malscripts are detected has not been equalled by none, it is very accurate. Blocked do not go there.
When you want to know why - ask in the virus and worms section and some of us may know.
There is a remote chance of FPs but as a rule I only visit and allow non-flagged websites. And always remember the clean site of one minute ago can be the malicious site of the next minute. There are much more aspects to this, but the above is a good thumbrule for many that are advanced users and want to use script blocking and request blocking.

polonus

[polonus]

Just a difference I have found with uMatrix and HTTP Switchboard is that uMatrix won't any longer block Google Analytics on certain sites. The same issues why I would prefer uBlock over ABP adblocker. Some developers agree to Google tracking circumvention in order not to be confronted with Google disabling their extension, banning them from their store because they interfere with their main income frame. My tip use both extensions HTTP switchboard next to uMatrix.

On androids Google even went so far as to disble ABP apps completely, as they felt they had enough monopoly to enforce such a protective measure.

Again the install of uMatrix is only a suggestion. Not a lot savvy users would consider to re-think where this suggestion stems from. This is also the reason that NoScript could never come to Google Chrome as google would not allow the developer enough access to make it function on Google Chrome (api-layer access that is). Protecting your privacy and take anti-tracking measures gets harder and harder to perform and the average user has long lost that battle. Who, like I do, is blocking canvas fingerprinting on youtube sites? Yes, Google performs sneaky canvas fingerprinting there, which is not very accurate but combined with other tracking, ad-tracking and widget tracking is quite effective. There is an extension to block this, but I guess not a lot of users have it installed. So the going gets narrow, folks.

polonus

[bob3160]

Why are we getting totally off topic

[polonus]

Hi bob3160,

We are not totally off topic as we explain what are the security risks involved with visiting the Excite dot com portal and what extensions we can use to be fully aware of those risks and block the links we want to exclude. First we established that the excite com start page has issues and third party links that we should block, then we explain to the readers of this thread how to protect themselves from inside their browsers and that needs some explanation to do. Those that aren't advanced enough to use script blocking and request policy toggling should leave this thread for what it is.

polonus

[bob3160]

As long as there are security risks in using the Excite.com startpage,
The average user should simply avoid it.
Please realize that most visitors here are Average Computer Users..... Not Geeks.

[polonus]

@all,

Ok, do not go to that start page portal until the issues mentioned there have been settled.

polonus

[lakrsrool]

Why are we getting totally off topic

Well first of all because it might be helpful to some.  Why not expand the topic if it's helpful?  After all this is a "general topics" board, right?

But if you want to make a point of what's "off topic" you might note that I was simply asking if anyone uses the portal discussed and this was in relation to the fact the servers were down at that time.

So based on that the third post which was yours and every one of your specific posts after that were technically "off topic" if you think about it.

But then I didn't mind at all, I personally considered all posts helpful and informative regardless and I would venture to guess it would be helpful and informative to anyone else that interested enough to want to read it as well. 

And of course the key phrase here is "want to read it", anyone that doesn't want to read it doesn't have to and won't.

On the other hand, others may find it helpful and be interested in reading it. I see no problem either way (I would hope you wouldn't either).

As long as there are security risks in using the Excite.com startpage,
The average user should simply avoid it.
Please realize that most visitors here are Average Computer Users..... Not Geeks.

For those who do not want to read it, then don't, "Geeks" aside.

But for those that might have an interest in reading it then what's the problem?

Is this an information/help board or not?

I have to wonder why the concern about who should or shouldn't be reading anything on this board.

And I would add, what's the point of placing any limits on a "general topics" board anyway?

I can't see any harm in putting out information regardless of who may or may not be interested in reading what's been posted.

I personally welcome a free and open conversation without imposing limits based on the perception that some may not be interested.

And I must say that I find it ironic to even raise this type of concern (especially in a "general topics" board) when as we know we will find more specific Avast issue topics that are sometimes not answered directly but instead the posters motives might be questioned to the extent that the issue raised is alleged to not even be legitimate.

In this case, I personally find all the information provided in this topic related to some extent and very helpful for the most part and I appreciate and thank ALL who have contributed including you Bob.

[lakrsrool]

polonus - I want to thank you for all that you have contributed to the topic and I would add that you certainly do not need to apologize for posting tangential "security issues" that are not only related to the topic on that basis but clearly very helpful.  And I would add that if we bother to notice the very first response to the topic was based on "security issues" clearly tangential to the topic, but again undoubtedly well intended and helpful.  I would suggest to NOT offer the additional information related to "security issues" would be improper.  So THANKS VERY MUCH for all that you have contributed as I personally found it all very interesting as I'm sure others did as well (and I'm not what I'd consider a "Geek").    Offering up information such as this is the way we all learn more and on that basis there is clearly nothing at all wrong with that.

[lakrsrool]

polonus - I did have a question if you happen to venture back here.  You said quote:

Now sometimes with a clean site we have to allow some additional functionality to make that site function. At urlquery net for instance you have to allow google-analytics.com else you will not get the scan results.

As I see it this could be problematic because from what I understand about the FF "NoScript" if you "allow" something like "google-analytics" then it is "allowed" for all sites that might have "google-analytics".  So while I understand the need to get a site to work but then in doing so is it opening the door for problems with other sites?

I've not allowed "google-analytics" so I've obviously not had the need by using "urlquery net", thus "google-analytics" remains not allowed when browsing.

On that point, I'm not certain how the "lock" used in Umatrix works.  Umatrix says it's saving all temporary changes for this "scope", so perhaps that means ("scope") that specific website.  If that's the case then that's a good thing, but as I understand it with "NoScript" allowing applies to all sites or am I wrong there?

Also you've mentioned quote:

Red ball from Bitdefender, don't even try to go there

... what exactly is that about?

One last point, in ABP wouldn't unchecking "All some non-intrusive advertising" then eliminate "google-analytics".

It's really a shame how Google is infiltrating themselves into everything leaving users with increasingly less alternatives all the time.  A big reason I prefer to not use Chrome personally and stick with FF as my primary browser.  Unfortunately I've been noticing the FF user base is continuing to dwindle at the expense of the every growing Chrome.  Unfortunately people either don't care or just don't pay attention.  That's the problem we have in politics as well in regards to the "low information" type people.  Speaking of "off topic", now I'm REALLY "off topic", so I'll end it here.