Can visit to website endanger security?

TheMSsForum.com: The Microsoft Software Forum

I received a spoof email asking me to update my CitiBank
details. It was obviously created by an oriental English
speaker, but I was curious because the link therein led
to an https: site (ie, secured site). So I had a look,
and was redirected to an insecure site. I looked there,
thinking they would have a form for us suckers to fill in
giving away passwords etc, but the page was totally
blank, and even though my browser said "Done" I still had
my hourglass (but this often happens anyway).

Has my curiosity made me vulnerable? I don't have a
firewall because when I installed ZoneAlarm I didn't
understand it. (I know... but all it seemed to do was
list IP numbers and I just carried on as normal. I don't
normally visit dodgy sites.

Obviously I won't do it again, and yes, I do know what
curiosity did to the cat.

Patricia
Top

Can visit to website endanger security? by Bill

Bill
Fri Apr 16 15:06:02 CDT 2004


>-----Original Message-----
>I received a spoof email asking me to update my CitiBank
>details. It was obviously created by an oriental English
>speaker, but I was curious because the link therein led
>to an https: site (ie, secured site). So I had a look,
>and was redirected to an insecure site. I looked there,
>thinking they would have a form for us suckers to fill in
>giving away passwords etc, but the page was totally
>blank, and even though my browser said "Done" I still had
>my hourglass (but this often happens anyway).
>
>Has my curiosity made me vulnerable? I don't have a
>firewall because when I installed ZoneAlarm I didn't
>understand it. (I know... but all it seemed to do was
>list IP numbers and I just carried on as normal. I don't
>normally visit dodgy sites.
>
>Obviously I won't do it again, and yes, I do know what
>curiosity did to the cat.
>
>Patricia
>.
>Well, if you do not have anti virus software or a
firewall it is possible that something could of been
loaded on your computer. By default most browsers require
the user to be prompted before a download begins, but it
is possible to by pass that feature. If I were you I
would get anti virus software if you do not already have
it, make sure it is up to date and run a full system
scan. After that I would look at a spyware/adware removel
tool. A good one to start with is spybot search and
destroy, although using more then one in conjunction with
spybot is a good way to make sure you remove the most
possible. After that I would look at getting a firewall
and setting aside some time to read the documentation and
learn about it. here is a link that has some free
firewalls listed.

http://www.pacosdrivers.com/software/firewall.asp

lots of people use and seem to like zone alarm. Personally
I can't stand it, but I have very specific needs/wants in
a firewall. Hope this helps.

-Bill
Top

Re: Can visit to website endanger security? by Gary

Gary
Tue Apr 20 08:57:23 CDT 2004

Patricia wrote:


> Has my curiosity made me vulnerable?

No, your curiosity may have let someone
take advantage of an existing vulnerability.
Its hard to say what happened, if anything
at all happened, without significant analysis
of the machine and the site in question.

Assuming a person doesn't click a button
allowing an installation of software on
their computer, for example an Active-X
control, a .exe file, or a .hta file, there
is still the possibility that a defect in
the browser could allow a web site to install
software on a visiting computer without any
user interaction. I know of at least two
defects in Internet Explorer that sites have
used to install software on visiting computers
before patches were available to fix them.
Of course, if critical updates aren't
installed, there are many more.

You can decrease the risk of this happening
by disabling functionality such as scripts,
file downloads, and Active-X controls for
unknown sites using the Internet Explorer
security zones. This will often impact the
functionality of the site and we know how
popular that is. But if you're interested
in more security, its an option available
to you. Here are some details:

http://www.jmu.edu/computing/info-security/engineering/issues/ie.shtml#optbrowser

Even this doesn't guarantee security. It only
raises the fence a criminal must get over
which is true of any security measure - computer
associated or not.

Windows XP service pack 2 is supposed to make
some core changes in the security zone model
which is supposed to decrease the chances defects
or other problems will be able to be exploited
to run arbitrary code.

Anti-virus software can help alert you if a
malicious site attempts to download malicious
code *known* to the anti-virus vendors.

Firewall software can help alert you if
standalone software installed by the malicious
web site makes outgoing network calls or if
it opens doors (ports) on your computer and
outside computers attempt to connect to them.
However, the damage has already been done. The
author of the code has taken control of your
computer and the firewall can only attempt to
limit their actions. And the malicious code
can always disable the firewall, AV software,
and other security measures running on the
computer. To limit its ability to do this,
use a non-Administrative account for your
daily activities.

There is no such thing as total security.
The best we can do is make it harder for
the bad guys but we don't want to hide in
caves either else they've won by default.

As far as your particular mystery, again,
its hard to say what happened. Determining
what a computer is doing is tedious and
technical. You have to delve into areas
normally hidden by pushbuttons, splash
screens, and wizards...the parts that haven't
changed appreciably in 30 years.

http://www.jmu.edu/computing/info-security/engineering/issues/jmufaq.shtml#detect



--
Gary Flynn
Security Engineer - Technical Services
James Madison University
Top