safe way to close popup windows

[Guest]

I read an article that said using the X in a popup window to close it may actually initiate the download and install of a malicious program. So, what's the best way to close these windows then

ctrl-alt-delete then select appropriate app and and stop it

sometimes the popups aren't even listed ther

Dave Moore ( scared)

 

[Kelly]

Dave,

These pop-ups are getting more clever every day and I don't doubt for an
instant that what you are stating isn't true. As I don't deal with these
issues, I have no idea what the safest measure is, other than the fact of
reading the words before clicking anything. Good luck!

 

[Will Denny]

Hi Dave

What pop-ups are you referring to?

--

Will Denny
MS-MVP Windows - Shell/User


| I read an article that said using the X in a popup window to close it may
actually initiate the download and install of a malicious program. So,
what's the best way to close these windows then ?
|
| ctrl-alt-delete then select appropriate app and and stop it?
|
| sometimes the popups aren't even listed there
|
| Dave Moore ( scared)

 

[David]

A lot of the time, you can right-click on the Start Bar and select close to
shut down the window. It's best to use a pop-up blocker though, or even
better a browser that includes this feature (my opinion). I use MyIE2.

I read an article that said using the X in a popup window to close it may

actually initiate the download and install of a malicious program. So,
what's the best way to close these windows then ?

 

[Will Denny]

Hi

That is 'possible' - depending on the coding for the 'Cancel' button. I use
the X *if* any popups appear.

--

Will Denny
MS-MVP Windows - Shell/User


| Here, read the article for yourself
|
|
http://www.microsoft.com/WindowsXP/expertzone/columns/honeycutt/spyware.asp
|
| I use the google toolbar and it blocks most popups.
| It's just that Jerry Honeycutt in his article got me curious
| as he mentions the dangers of closing popup windows,
| but doesn't seem to fully explain the workaround.
|
| Excerpt from his article;
|
| "For example, a Web site that's trying to push spyware onto your computer
might open a window that looks like a Windows dialog box,
| and then trick you by installing when you click a Cancel button to close
the dialog box. Sometimes, spyware pushers will put a fake
| title bar in an empty window, and then install spyware when you try
closing the window."
|
|
| : Hi Dave
| :
| : What pop-ups are you referring to?
| :
| : --
| :
| : Will Denny
| : MS-MVP Windows - Shell/User
| :
| :
| : | : | I read an article that said using the X in a popup window to close it
may
| : actually initiate the download and install of a malicious program. So,
| : what's the best way to close these windows then ?
| : |
| : | ctrl-alt-delete then select appropriate app and and stop it?
| : |
| : | sometimes the popups aren't even listed there
| : |
| : | Dave Moore ( scared)
| :
|
|

 

[Will Denny]

Your posting is not OT here. If anyone clicks on 'OK' & then a file is
downloaded - that is the time to run a virus/spyware check!!

--

Will Denny
MS-MVP Windows - Shell/User


| Come to think of it, I have encountered some popups
| at some sites in the past when I have tried to download files.
|
| A window would pop up and prompt me to to "ok"
| the downloading of a "file downloading" program first.
|
| Well, I would think, hell no, I'm no schmuck, and just
| close out the window, only even then, perhaps I was
| schmucked just by doing this.
|
| Actually, I meant to post this to the XP security newsgroup.
| I realize it's a bit OT here.
|
| --DM--
|
|
| : Hi Dave
| :
| : What pop-ups are you referring to?
| :
| : --
| :
| : Will Denny
| : MS-MVP Windows - Shell/User
| :
| :
| : | : | I read an article that said using the X in a popup window to close it
may
| : actually initiate the download and install of a malicious program. So,
| : what's the best way to close these windows then ?
| : |
| : | ctrl-alt-delete then select appropriate app and and stop it?
| : |
| : | sometimes the popups aren't even listed there
| : |
| : | Dave Moore ( scared)
| :
|
|

 

[Dave Moore]

Here, read the article for yourself

http://www.microsoft.com/WindowsXP/expertzone/columns/honeycutt/spyware.asp

I use the google toolbar and it blocks most popups.
It's just that Jerry Honeycutt in his article got me curious
as he mentions the dangers of closing popup windows,
but doesn't seem to fully explain the workaround.

Excerpt from his article;

"For example, a Web site that's trying to push spyware onto your computer might open a window that looks like a Windows dialog box,
and then trick you by installing when you click a Cancel button to close the dialog box. Sometimes, spyware pushers will put a fake
title bar in an empty window, and then install spyware when you try closing the window."


: Hi Dave
:
: What pop-ups are you referring to?
:
: --
:
: Will Denny
: MS-MVP Windows - Shell/User
:
:
: : | I read an article that said using the X in a popup window to close it may
: actually initiate the download and install of a malicious program. So,
: what's the best way to close these windows then ?
: |
: | ctrl-alt-delete then select appropriate app and and stop it?
: |
: | sometimes the popups aren't even listed there
: |
: | Dave Moore ( scared)
:

 

[Dave Moore]

Thanks, I'll give that a try should I ever have the misfortune
of encountering any unasked for popups.

: A lot of the time, you can right-click on the Start Bar and select close to
: shut down the window. It's best to use a pop-up blocker though, or even
: better a browser that includes this feature (my opinion). I use MyIE2.
:
:
: : > I read an article that said using the X in a popup window to close it may
: actually initiate the download and install of a malicious program. So,
: what's the best way to close these windows then ?
: >
: > ctrl-alt-delete then select appropriate app and and stop it?
: >
: > sometimes the popups aren't even listed there
: >
: > Dave Moore ( scared)
:
:

 

[Dave Moore]

Come to think of it, I have encountered some popups
at some sites in the past when I have tried to download files.

A window would pop up and prompt me to to "ok"
the downloading of a "file downloading" program first.

Well, I would think, hell no, I'm no schmuck, and just
close out the window, only even then, perhaps I was
schmucked just by doing this.

Actually, I meant to post this to the XP security newsgroup.
I realize it's a bit OT here.

--DM--


: Hi Dave
:
: What pop-ups are you referring to?
:
: --
:
: Will Denny
: MS-MVP Windows - Shell/User
:
:
: : | I read an article that said using the X in a popup window to close it may
: actually initiate the download and install of a malicious program. So,
: what's the best way to close these windows then ?
: |
: | ctrl-alt-delete then select appropriate app and and stop it?
: |
: | sometimes the popups aren't even listed there
: |
: | Dave Moore ( scared)
:

 

[Chris Kusmierz]

alt-f4 ?

Chris

I read an article that said using the X in a popup window to close it may

actually initiate the download and install of a malicious program. So,
what's the best way to close these windows then ?

 

[Wesley Vogel]

Ctrl + W

 

[Bruce Chambers]

Greetings --

If the pop-up isn't readily identifiable as an application or
process in Task Manager, it's most likely hiding within one of the
several instances of Svchost.exe. This will leave you no real option
other than using the normal method to close the pop-up. Your best
course of action would be to ensure that you do not get any pop-ups,
to start with.

There are at least three varieties of pop-ups, and the solutions
vary accordingly. Which specific type(s) is troubling you?

1) Does the title bar of these pop-ups read "Messenger Service?"

This type of spam has become quite common over the past year or
so, and unintentionally serves as a valid security "alert." It
demonstrates that you haven't been taking sufficient precautions while
connected to the Internet. Your data probably hasn't been compromised
by these specific advertisements, but if you're open to this exploit,
you most definitely open to other threats, such as the Blaster Worm
that still haunts the Internet. Install and use a decent, properly
configured firewall. (Merely disabling the messenger service, as some
people recommend, only hides the symptom, and does little or nothing
to truly secure your machine.) And ignoring or just "putting up with"
the security gap represented by these messages is particularly
foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

If you're using AOL, you'll either need to find a 3rd party
firewall that is compatible with AOL, or switch to a real ISP that is
compatible with the real Internet. This is because AOL is an on-line
content provider that ignores international Internetworking standards
in favor of its own proprietary products, and has deliberately made
its connection software incompatible with both WinXP's built-in
firewall and WinXP's Internet Connection Sharing feature. AOL's
proprietary connection applet is deliberately designed to preclude
your setting/adjusting any of its properties, to include
enabling/disabling WinXP's ICF and ICS.

Whichever firewall you decide upon, be sure to ensure UDP ports
135, 137, and 138 and TCP ports 135, 139, and 445 are _all_ blocked.
You may also disable Inbound NetBIOS (NetBIOS over TCP/IP). You'll
have to follow the instructions from firewall's manufacturer for the
specific steps.

You can test your firewall at:

Symantec Security Check
http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT

Security Scan - Sygate Online Services
http://www.sygatetech.com/

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?

2) For regular Internet pop-ups, you might try the free 12Ghosts
Popup-killer from http://12ghosts.com/ghosts/popup.htm, Pop-Up Stopper
from http://www.panicware.com/, or the free Google Toolbar from
http://toolbar.google.com/, which is what I use.

3) To deal with pop-ups caused by any sort of "adware" and/or
"spyware,"such as Gator, Comet Cursors, Xupiter, Bonzai Buddy, or
KaZaA, and their remnants, that you've deliberately (but without
understanding the consequences) installed, two products that are
quite effective (at finding and removing this type of scumware) are
Ad-Aware from www.lavasoft.de and SpyBot Search & Destroy from
www.safer-networking.org/. Both have free versions. It's even
possible to use SpyBot Search & Destroy to "immunize" your system
against most future intrusions. I use both and generally perform
manual scans every week or so to clean out cookies, etc.


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Dave Moore]

: Hi
:
: That is 'possible' - depending on the coding for the 'Cancel' button. I use
: the X *if* any popups appear.


That's usually what I do, only I got the impression
from the guys article that perhaps even the X can be faked.

Or is the X an integral component of Windows that can't be
spoofed?


:
: --
:
: Will Denny
: MS-MVP Windows - Shell/User
:
:
: : | Here, read the article for yourself
: |
: |
: http://www.microsoft.com/WindowsXP/expertzone/columns/honeycutt/spyware.asp
: |
: | I use the google toolbar and it blocks most popups.
: | It's just that Jerry Honeycutt in his article got me curious
: | as he mentions the dangers of closing popup windows,
: | but doesn't seem to fully explain the workaround.
: |
: | Excerpt from his article;
: |
: | "For example, a Web site that's trying to push spyware onto your computer
: might open a window that looks like a Windows dialog box,
: | and then trick you by installing when you click a Cancel button to close
: the dialog box. Sometimes, spyware pushers will put a fake
: | title bar in an empty window, and then install spyware when you try
: closing the window."
: |
: |
: : | : Hi Dave
: | :
: | : What pop-ups are you referring to?
: | :
: | : --
: | :
: | : Will Denny
: | : MS-MVP Windows - Shell/User
: | :
: | :
: | : : | : | I read an article that said using the X in a popup window to close it
: may
: | : actually initiate the download and install of a malicious program. So,
: | : what's the best way to close these windows then ?
: | : |
: | : | ctrl-alt-delete then select appropriate app and and stop it?
: | : |
: | : | sometimes the popups aren't even listed there
: | : |
: | : | Dave Moore ( scared)
: | :
: |
: |
:

 

[Dave Moore]

: Greetings --
:
: If the pop-up isn't readily identifiable as an application or
: process in Task Manager, it's most likely hiding within one of the
: several instances of Svchost.exe. This will leave you no real option
: other than using the normal method to close the pop-up. Your best
: course of action would be to ensure that you do not get any pop-ups,
: to start with.
:
: There are at least three varieties of pop-ups, and the solutions
: vary accordingly. Which specific type(s) is troubling you?

Actually not many are since I usually use the Google toolbar
to block them. I'm just trying to learn more about these pesky
pesks.

:
: 1) Does the title bar of these pop-ups read "Messenger Service?"

I saw these popups while updating W2K once after a fresh install.
About three minutes after starting to download the security patches
one of these messenger windows popped up and immediately I got nailed
with Blaster. So I finally figgered out how to go to the update catalog
and download the patches on another already secure computer then
install them offline in advance.

:
: This type of spam has become quite common over the past year or
: so, and unintentionally serves as a valid security "alert." It
: demonstrates that you haven't been taking sufficient precautions while
: connected to the Internet. Your data probably hasn't been compromised
: by these specific advertisements, but if you're open to this exploit,
: you most definitely open to other threats, such as the Blaster Worm
: that still haunts the Internet.

Yup,, tell me about it
Fortunately, most of these things I have seen while using
other peoples computers, as I use popup blockers, firewalls
and recent updates on all of my computers.

: Install and use a decent, properly
: configured firewall. (Merely disabling the messenger service, as some
: people recommend, only hides the symptom, and does little or nothing
: to truly secure your machine.) And ignoring or just "putting up with"
: the security gap represented by these messages is particularly
: foolish.
:
: Messenger Service of Windows
: http://support.microsoft.com/default.aspx?scid=KB;en-us;168893
:
: Messenger Service Window That Contains an Internet Advertisement
: Appears
: http://support.microsoft.com/?id=330904
:
: Stopping Advertisements with Messenger Service Titles
: http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp
:
: Blocking Ads, Parasites, and Hijackers with a Hosts File
: http://www.mvps.org/winhelp2002/hosts.htm
:
: If you're using AOL, you'll either need to find a 3rd party
: firewall that is compatible with AOL, or switch to a real ISP that is
: compatible with the real Internet. This is because AOL is an on-line
: content provider that ignores international Internetworking standards
: in favor of its own proprietary products, and has deliberately made
: its connection software incompatible with both WinXP's built-in
: firewall and WinXP's Internet Connection Sharing feature. AOL's
: proprietary connection applet is deliberately designed to preclude
: your setting/adjusting any of its properties, to include
: enabling/disabling WinXP's ICF and ICS.

I wouldn't be caught dead using Eh?O'Hell !!


: Whichever firewall you decide upon, be sure to ensure UDP ports
: 135, 137, and 138 and TCP ports 135, 139, and 445 are _all_ blocked.
: You may also disable Inbound NetBIOS (NetBIOS over TCP/IP). You'll
: have to follow the instructions from firewall's manufacturer for the
: specific steps.

What do you know about CAS's firewall that comes bundled with
the MS Security Update CD?

it appears to be a repackaged version of Zone Alarm, which
I have been told has been hacked to shreds.

I hope CAS plugged the ( rumoured) holes in it as I just installed it
on one of my other computers.


:
: You can test your firewall at:
:
: Symantec Security Check
: http://security.symantec.com/ssc/vr_main.asp?langid=ie&venid=sym&plfid=23&pkj=GPVHGBYNCJEIMXQKCDT
:
: Security Scan - Sygate Online Services
: http://www.sygatetech.com/
:
: Oh, and be especially wary of people who advise you to do nothing
: more than disable the messenger service. Disabling the messenger
: service, by itself, is a "head in the sand" approach to computer
: security. The real problem is _not_ the messenger service pop-ups;
: they're actually providing a useful, if annoying, service by acting as
: a security alert. The true problem is the unsecured computer, and
: you've been advised to merely turn off the warnings. How is this
: helpful?
:
: 2) For regular Internet pop-ups, you might try the free 12Ghosts
: Popup-killer from http://12ghosts.com/ghosts/popup.htm, Pop-Up Stopper
: from http://www.panicware.com/, or the free Google Toolbar from
: http://toolbar.google.com/, which is what I use.

Me too, as I also use the hell out of all of the search features.
hard to believe I ever got by without it in the past


:
: 3) To deal with pop-ups caused by any sort of "adware" and/or
: "spyware,"such as Gator, Comet Cursors, Xupiter, Bonzai Buddy, or
: KaZaA, and their remnants, that you've deliberately (but without
: understanding the consequences) installed, two products that are
: quite effective (at finding and removing this type of scumware) are
: Ad-Aware from www.lavasoft.de and SpyBot Search & Destroy from
: www.safer-networking.org/. Both have free versions. It's even
: possible to use SpyBot Search & Destroy to "immunize" your system
: against most future intrusions. I use both and generally perform
: manual scans every week or so to clean out cookies, etc.
:
:
: Bruce Chambers
:
: --
: Help us help you:
:
:
:
:
: You can have peace. Or you can have freedom. Don't ever count on
: having both at once. -- RAH


Thanks for all the good info,, especially about which ports to watch
I'll soak it all up.
Sorry for the slow response,, was gone for a few days.

Thanks again
Dave Moore



:
:
: : >I read an article that said using the X in a popup window to close it
: >may actually initiate the download and install of a malicious
: >program. So, what's the best way to close these windows then ?
: >
: > ctrl-alt-delete then select appropriate app and and stop it?
: >
: > sometimes the popups aren't even listed there
: >
: > Dave Moore ( scared)
:
: