Viewing Sketchy Security Sites

Static M.e.

Hi all,

What are the chances of getting your PC infected while viewing a some what sketchy "security" site?, apart from having a decent AV, fully patched PC etc how vulnerable are you?

I figure alot of the people in this forum would regularly read up\browse these kinds of sites, just for the information but do you ever stop yourself and go, "No, I better not just in case... "

As most of you would know I'm not a security person at all and couldn't program my way out of a paper bag, but I do like to read up on it a lot. Lately I have been spending alot of time reading about the Chinese groups attacking US sites and vice versa but when I go to the links of the Chinese sites, most of the time the sites are in Chinese (Obviously enough... some are in English though, hence the check). Because the sites are in Chinese though and because of the nature of what the sites are about Ive started to get a little worried when I click on some links..

Anyway do you ever worry when you visit any security related sites?

* I use the term security very loosely here..

ntlbell

I'll assume you're a windows user

don't login as an Admistrator or a user that is part of the admin's group.

fully patched with latest av you'll be fine.

Thomas_S_Hunterson

Well there's a hell of a lot of crap out there on the internet...
But I'm on a mac so I don't really need to worry about it.

You do have to exercise a bit of common sense though obviously.

Martyr

But I'm on a mac so I don't really need to worry about it.

hmm, lets NOT hijack the thread for a lame "MAC vs PC" debate, but you should worry about it, MACs are not secure.

The percentage of MAC users is much lower than PC, which is why PC malware is more common, but it doesn't mean MAC malware doesn't exist.

in recent news, there was discussion of a MAC trojan.

Thomas_S_Hunterson

Average Joe wrote: »

hmm, lets NOT hijack the thread for a lame "MAC vs PC" debate, but you should worry about it, MACs are not secure.

The percentage of MAC users is much lower than PC, which is why PC malware is more common, but it doesn't mean MAC malware doesn't exist.

in recent news, there was discussion of a MAC trojan.

lol, Yes, I know that malware for the mac exists and I know I'm not completely secure (I do run Sophos just in case), but I don't think it's got to the stage yet where I need to be too worried about getting stung.

conceited

I'm very suprised at some of the aswers on this thread wow.
Your av has nothing got to do with the web nasties you get and you should know that 60% of nasties are from legitimate trusted sites like thr bank of india for example.

You get so much spyware from your everyday sites .
Did you ever think of this, some guy writes a program and releases it as freeware people download and use it for a few weeks etc.

Then the original author releases a security notice saying that he found a bug in such a program (his own program ) here is the patch for it.

All the security professionals are now infected because they download the patch to see what was patched.

Anyway do you ever worry when you visit any security related sites?

Don't allow scripts to run on your browser and you'll be fine.

Noscript for example and a few tweaks to your browsers.

ntlbell

conceited wrote: »

I'm very suprised at some of the aswers on this thread wow.
Your av has nothing got to do with the web nasties you get and you should know that 60% of nasties are from legitimate trusted sites like thr bank of india for example.

You get so much spyware from your everyday sites .
Did you ever think of this, some guy writes a program and releases it as freeware people download and use it for a few weeks etc.

Then the original author releases a security notice saying that he found a bug in such a program (his own program ) here is the patch for it.

All the security professionals are now infected because they download the patch to see what was patched.



Don't allow scripts to run on your browser and you'll be fine.

Noscript for example and a few tweaks to your browsers.

my advice wasn't for sites it was in general

and in general if your up to date, don't browse as admin/power user

keep your os patched

a dash of common sense and you'll rule out a huge majority of issues..

I'm suprised someone hasn't mentioned unplugging your machine :rolleyes:

conceited

Pitty you didn't use common sense when you answered his question.
He asked about security sites and websites not magic virus that can hop from a wire onto your machine and infect you.

ntlbell

conceited wrote: »

Pitty you didn't use common sense when you answered his question.
He asked about security sites and websites not magic virus that can hop from a wire onto your machine and infect you.

ok,

sorry OP, I'm a bit of a moron myself...as are the people at SANS

so here's me using a bit of common sense.

You could also switch to something like OpenBSD use a text browser and be a condesending asshat

http://www.sans.org/top20/#c1

• f you are using Internet Explorer on your Windows XP system, the best way to remain secure is to upgrade to Windows XP Service Pack 2. The improved operating system security and Windows Firewall will help mitigate risk. For those unable to use Windows XP with Service Pack 2, switching away from Internet Explorer to an alternative browser is the safest path.
• Users should upgrade to version 7 of Internet Explorer, which provides improved security over previous versions. The latest version of Internet Explorer, IE7, is being distributed by Microsoft as a Critical Update (KB926874)
• Keep the systems updated with all the latest patches and service packs. If possible enable Automatic Updates on all systems.
• Pay attention to Microsoft Security Advisories; implementing suggested mitigations before the patch becomes available could alleviate exposure to zero day attacks.
• To prevent exploitation of remote code execution vulnerabilities at Administrator level, use tools like Microsoft DropMyRights to implement "least privileges" for Internet Explorer.
• Prevent vulnerable ActiveX components from running inside Internet Explorer via the "killbit" mechanism.
• Many spyware programs are installed as Browser Helper Objects. A Browser Helper Object or BHO is a small program that runs automatically every time Internet Explorer starts and extends the browser's capabilities. Browser Helper Objects can be detected with Antispyware scanners.
• Use intrusion prevention/detection systems, anti-virus, anti-spyware and malware detection software to block malicious HTML script code.
• Windows 98/ME/NT are no longer supported for updates. Legacy users should consider upgrading to Windows XP.
• Consider using other browsers such as Mozilla Firefox that do not support ActiveX technology.

Static M.e.

Thanks all for the helpful comments.

I try to keep everything fully patched, lastest Av etc, I have never run into problems yet but that didnt stop me worrying.

To prevent exploitation of remote code execution vulnerabilities at Administrator level, use tools like Microsoft DropMyRights to implement "least privileges" for Internet Explorer.
Prevent vulnerable ActiveX components from running inside Internet Explorer via the "killbit" mechanism.
Many spyware programs are installed as Browser Helper Objects. A Browser Helper Object or BHO is a small program that runs automatically every time Internet Explorer starts and extends the browser's capabilities. Browser Helper Objects can be detected with Antispyware scanners.

Don't allow scripts to run on your browser and you'll be fine.

Noscript for example and a few tweaks to your browsers.

Thanks for the above! I'll do some more reading and see what I can lock down further.

stylers

no-one should be running an XP box on the net without at least SP2 imho..

_CreeD_

To actively handle incoming web traffic: AV that includes HTTP scanning, Firefox+NoScript+Firekeeper and if you are really worried run it inside something like Sandboxie. Of course if you could afford it (or have an old spare PC to do the job with Snort, or even better a full blown security system like OSSIM - you'd be amazed what you can implement with an old PC and open source even for the home) add an IPS to that inline with your firewall.
Backup in case anything gets past: Strong HIPS
Last chance: Strong AV/Anti Spyware etc.

FruitLover

Elinks eff tee double-you