Researchers slam door on drive-by downloads

Started by Simon, Oct 07, 2010, 21:46:30

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Print
Go Down Pages1
User actions

Simon

Oct 07, 2010, 21:46:30
Researchers at the Georgia Institute of Technology claim they have developed software that can eliminate "drive-by download" threats.

Drive-by attacks are planted on websites, where they automatically install themselves on end-user PCs that visit the site, and they are a growing menace.

Research from security firm Dasient says 1.3 million websites were infected with such malware in Q2 this year, with many more pages within them carrying a payload.

Read more: http://www.pcpro.co.uk/news/security/361744/researchers-slam-door-on-drive-by-downloads
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

esh

#1
Oct 07, 2010, 21:50:49
Once more, just don't run the main admin account by default in Windows, and you will be *asked* if changes should happen if you have UAC on in Windows Vista or 7. To be honest, drive-by attacks are only truly invisible on old (read: IE6) browsers. ActiveX was such a stupid stupid thing.
CompuServe 28.8k/33.6k 1994-1998, BT 56k 1998-2001, NTL Cable 512k 2001-2004, 2x F2S 1M 2004-2008, IDNet 8M 2008 - LLU 11M 2011

Niall

#2
Oct 07, 2010, 21:56:09
Speaking of drive by downloads. As I was toddling (or staggering) through town on Friday night, I noticed that a lot of chain pubs have still got unsecured wi-fi. If you hang about by the student dorms there's a lot of em too :D
Flickr Deviant art
Art is not a handicraft, it is the transmission of feeling the artist has experienced.
Leo Tolstoy

Technical Ben

#3
Oct 07, 2010, 22:04:55
I wonder if we'll end up having "deep frozen" hard drive states or virtual machines for internet browsing. Should be totally safe then. :D
I use to have a signature, then it all changed to chip and pin.

DorsetBoy

#4
Oct 08, 2010, 06:08:31
Quote from: esh on Oct 07, 2010, 21:50:49
Once more, just don't run the main admin account by default in Windows, and you will be *asked* if changes should happen if you have UAC on in Windows Vista or 7. To be honest, drive-by attacks are only truly invisible on old (read: IE6) browsers. ActiveX was such a stupid stupid thing.

Use UAC at max in an admin account and you get asked too, so if you really must use a full account there is protection to a point, the limited account asks and prevents any install which is better.

Better still use a Linux distro for browsing and your Windows for everything else.

DarkStar

#5
Oct 08, 2010, 11:28:11
This has been *coming soon* since February, a couple of threads at Wilders about it

http://www.wilderssecurity.com/showthread.php?t=266039&highlight=blade

http://www.wilderssecurity.com/showthread.php?t=282759&highlight=blade

Note that Blade only provides protection through the browser,
I prefer to run in Sandboxie and DefeseWall for my protection.
Ian
Print
Go Up Pages1
User actions