Text only | Text with Images

IDNetters Forums

Technical News & Discussion => Windows News & Discussion => Topic started by: Simon on Oct 07, 2010, 21:46:30

Title: Researchers slam door on drive-by downloads
Post by: Simon on Oct 07, 2010, 21:46:30
Researchers at the Georgia Institute of Technology claim they have developed software that can eliminate "drive-by download" threats.

Drive-by attacks are planted on websites, where they automatically install themselves on end-user PCs that visit the site, and they are a growing menace.

Research from security firm Dasient says 1.3 million websites were infected with such malware in Q2 this year, with many more pages within them carrying a payload.

Read more: http://www.pcpro.co.uk/news/security/361744/researchers-slam-door-on-drive-by-downloads
Title: Re: Researchers slam door on drive-by downloads
Post by: esh on Oct 07, 2010, 21:50:49
Once more, just don't run the main admin account by default in Windows, and you will be *asked* if changes should happen if you have UAC on in Windows Vista or 7. To be honest, drive-by attacks are only truly invisible on old (read: IE6) browsers. ActiveX was such a stupid stupid thing.
Title: Re: Researchers slam door on drive-by downloads
Post by: Niall on Oct 07, 2010, 21:56:09
Speaking of drive by downloads. As I was toddling (or staggering) through town on Friday night, I noticed that a lot of chain pubs have still got unsecured wi-fi. If you hang about by the student dorms there's a lot of em too :D
Title: Re: Researchers slam door on drive-by downloads
Post by: Technical Ben on Oct 07, 2010, 22:04:55
I wonder if we'll end up having "deep frozen" hard drive states or virtual machines for internet browsing. Should be totally safe then. :D
Title: Re: Researchers slam door on drive-by downloads
Post by: DorsetBoy on Oct 08, 2010, 06:08:31
Quote from: esh on Oct 07, 2010, 21:50:49
Once more, just don't run the main admin account by default in Windows, and you will be *asked* if changes should happen if you have UAC on in Windows Vista or 7. To be honest, drive-by attacks are only truly invisible on old (read: IE6) browsers. ActiveX was such a stupid stupid thing.

Use UAC at max in an admin account and you get asked too, so if you really must use a full account there is protection to a point, the limited account asks and prevents any install which is better.

Better still use a Linux distro for browsing and your Windows for everything else.
Title: Re: Researchers slam door on drive-by downloads
Post by: DarkStar on Oct 08, 2010, 11:28:11
This has been *coming soon* since February, a couple of threads at Wilders about it

http://www.wilderssecurity.com/showthread.php?t=266039&highlight=blade

http://www.wilderssecurity.com/showthread.php?t=282759&highlight=blade

Note that Blade only provides protection through the browser,
I prefer to run in Sandboxie and DefeseWall for my protection.
Text only | Text with Images