Browsers ... again

A

Art

Received a email attackment (Mytob) this morning. Decided to see what
several scanners had to say, so went to Virus Total to upload the
zip with the malware in it.

Was surprised to see that the report was blank for three different
browsers. Well, basically blank. There was some distorted junk down
near the bottom which suggested that the page rendering was screwed
up. I tried Mozilla 1.78, Firefox 1.0 and Bart Baily's infamous old
Opera 6.06 :) Only IE (6) rendered legit info and showed that every
scanner did indeed alert. But a Gecko or Opera browser user could
easily be fooled into thinking that no scanner alerted!!!

This strikes me as being as bad as McAfee and Norton requiring IE to
function. Whatta contradictory and absurd mess!

Art

http://home.epix.net/~artnpeg
 
O

Old Boozer

Art said:
Received a email attackment (Mytob) this morning. Decided to see what
several scanners had to say, so went to Virus Total to upload the
zip with the malware in it.

Was surprised to see that the report was blank for three different
browsers. Well, basically blank. There was some distorted junk down
near the bottom which suggested that the page rendering was screwed
up. I tried Mozilla 1.78, Firefox 1.0 and Bart Baily's infamous old
Opera 6.06 :) Only IE (6) rendered legit info and showed that every
scanner did indeed alert. But a Gecko or Opera browser user could
easily be fooled into thinking that no scanner alerted!!!

This strikes me as being as bad as McAfee and Norton requiring IE to
function. Whatta contradictory and absurd mess!

Art

http://home.epix.net/~artnpeg
Click to expand...

Hi Art,

Ok I may be missing something here. You are saying the real time
scanning by McAfee and NAV do not pick up bad script unless
someone is using IE6. KAV will not hook to Firefox either, at
least I can't can't get it to. KAV does hook to IE6 though.

Cheers,

OB.
 
N

Norman L. DeForest

Hi Art,

Ok I may be missing something here. You are saying the real time
scanning by McAfee and NAV do not pick up bad script unless
someone is using IE6. KAV will not hook to Firefox either, at
least I can't can't get it to. KAV does hook to IE6 though.
Click to expand...

No, I think what he is saying is that the web page generated to report the
results of a sample submitted to Virus Total is formatted in such a way
that only IE can properly render it.

Many web sites are designed with no provision for working with anything
but the subset of browsers the website designer uses. Some only work with
Internet Explod^Hrer. Some only work with a JavaScript-supporting
browser. Some only work with a graphical browser. In some cases, such as
interactive games or puzzles that require such scripting[1], this is not
so bad. In other cases where important data is presented using only
JavaScript or important navigation requires JavaScript (and a particular
version only such as Microsoft's "document.all" model) this is a major
blunder on the part of the webmaster(s) involved.

Try looking up an IP address at http://www.DNSstuff.com/ to see if it's
listed in any DNS-based blocklists using a non-JavaScript browser. For
one example:
http://www.DNSstuff.com/tools/ip4r.ch?ip=128.227.74.132
If you used Lynx, could you tell which list (if any) had that IP address
listed? Change IP address to taste, perhaps trying one from spam you
get.)

Or try getting an Nvidia driver using only lynx:
http://www.nvidia.com/content/drivers/drivers.asp
It can be done only by repeatedly downloading pages (starting with that
one and continuing with the pages it points to) and manually decoding the
47KB of JavaScript to figure out where to go next.

[1] see sig
 
A

Art

Hi Art,

Ok I may be missing something here. You are saying the real time
scanning by McAfee and NAV do not pick up bad script unless
someone is using IE6.
Click to expand...

As I understand it, NAV won't install if IE has been eradicated (on
older OS versions that IERADICATOR will work on). And I've heard (from
Clay) that some fairly recent version of McAfee won't install unless
IE is not just present, but also set to low security!

I was drawing a parallel with the Virus Total site which didn't report
correctly unless IE is used ... and the absurdity of any antivirus
oriented thing ... product or web page ... that would depend on
that miserably insecure piece of crap called IE :)

Art

http://home.epix.net/~artnpeg
 
G

Gabriele Neukam

On that special day, Norman L. DeForest, ([email protected]) said...
Or try getting an Nvidia driver using only lynx:
http://www.nvidia.com/content/drivers/drivers.asp
It can be done only by repeatedly downloading pages (starting with that
one and continuing with the pages it points to) and manually decoding the
47KB of JavaScript to figure out where to go next.
Click to expand...

ATI (Canada) isn't much better. You can only choose which driver to
download, if JavaScript is active, to open the menu tree.


Gabriele Neukam

(e-mail address removed)
 
F

Fuzzy Logic

As I understand it, NAV won't install if IE has been eradicated (on
older OS versions that IERADICATOR will work on). And I've heard (from
Clay) that some fairly recent version of McAfee won't install unless
IE is not just present, but also set to low security!

I was drawing a parallel with the Virus Total site which didn't report
correctly unless IE is used ... and the absurdity of any antivirus
oriented thing ... product or web page ... that would depend on
that miserably insecure piece of crap called IE :)

Art

http://home.epix.net/~artnpeg
Click to expand...

I have McAfee Enterprise 8.0 and it installed just fine on my system with IE
locked down big time. IE is only as insecure as the driver. 0 incidents in
many many years of surfing. It may not be 100% secure but no browser is.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SOS Uploads Mothers' Day 2004 7

Top