Flashblock
Actually, flashblock is trivially easy to bypass.
See http://secway.org/pr14/flashblock.htm
Securing your browser is not an easy task. There is a lot to understand about how a modern web browser works, and what about them leaves us vulnerable to malware, privacy threats and other attacks. The browser itself is not the only problem; browsers play host to software such as Flash or PDF readers that are vulnerable to …
I like the principle but if i may offer one possible point to ponder (hmmm a lot of P's there..) regarding the model WOT is based on, "only as strong as the weakest link" as such is not the weak link here the database of ratings?
So if I joined up as a member with the sole purpose of maliciously rating a number of Malware sites as a top rating, being sneaky and duplicitous I of course wouldn't do that to all my ratings just 1 in a 100 say. Doing this from a number of accounts (sneaky, sneaky) and over a few months could I not essentially mine this DB with a number of bad sites with good ratings?
Anyway just a thought and having absolutely no experience of WOT its all just supposition on my part from reading the Mywot website...so apologies if I have got something wrong..
- don't run as windows admin
- disable everything, then if you need jscript/flash/etc, run it in a VM (I do this)
- appropriate for company security (hint hint), run a proxy with whitelist only browsing, force everything through proxy. Extend whitelist as necessary.
@Bob Gateaux: "Then we are safe". That just invites sarky comments but I'll refrain. It's not that simple. It's a numbers game and you need multiple facets of protection to be *reasonably* secure - there is no 'safe' as such.
I have been using the trio of AdBlock, NoScript and WoT for some time and fount that between the three of them, they provide multiple layers of defence against malicious web sites, form reducing your exposire to them in the first place (WoT), to guarding against risky content being loaded automatically (NoScript blocking PDFs and flash), and preventing injection of dodgy pop-up ads from third or fourth-party advertisers. It is not just about not wanting to see the adverts (which I don't anyway), but mitigating the risk that inherently untrusted content poses. To me, these utilities are as important as anti-virus software, a firewall, and keeping your system up to date with the latest patches. Each of these things deals with a different security vulnerability, in a different way. Overall, you get multiple layers of overlapping protection. The problem arises when a new exploit is found that has a gap in multiple layers (such as the recent shortcut vulnerability in Windows).
I know I'll get flamed for blocking adverts in my browser by those that think it is somehow the right of content providers to bombard me with them, simply because it provides the basis of their business model. However, I was never going to click on your adverts anyway (except possibly by mistake), so I am not part of the demographic that supplies your income.
The real security problem is that there will always be the uneducated majority that think that the default installation of Internet Explorer is risk-free because of claims in some print advert from Microsoft that they saw six years ago in a four-colour-glossy advert cunningly disguised as a computing magazine. Whilst these are the people who generate the revenue for advertisers, they are also the same people who fall for the scams and host the botnets. This arguably presents something of a conflict of interest to those pushing advertising as a source of web revenue. This is why, ethically, I rate the ethical values of advertisers rather lower than others may do.
The most useful and vital thing one can do to secure the PC and network as a whole is to keep users from dodgy websites. Yes, there are legitimate and business-appropriate sites that can become (temporarily) vectors for malware but they are few, they are quickly rectified, and the sites are generally run by people that take an interest in seeing that it does NOT happen.
So the question becomes "How do I keep the users on the straight and narrow?" Look them in the eye and say "It's *my* network. The pictures of puppies from your cousin and the eee-lec-tron-ick greeting cards will still be in your web mail when you get home. Wait until then. I know every website you visit on your work machine, right down to what kind of adverts it has on it. If something bad comes in because of what you've done, I will know, I will be able to prove it to your management, and I will not hesitate to hang you out to dry." Combining this with a snapshot log from the user's traffic is particularly effective. It's far more effective than some abstract policy sopping up milk with a "work computers are for work purposes only" that provide no sense of personal accountability to God, root, or anyone else.
There is none on our network.
root is SYSTEM LORD.
End of discussion.
if root does not like your surfing habits, you get routed to /dev/hell, and lose ALL internet access. Then you have to explain to your manager why you can not do your job. (Don't worry, before you are routed to /dev/hell; your manager will already know why.)
As far as `white listing / black listing` goes, our net admin has a BIND server that takes care of it. Try to surf to a banned site, and you get logged.
AFAIK, Ad-blocking in Chrome merely hides the advert but does not prevent it from downloading and presumably executing.
Is there any kind of light-weight personal web proxy that you can run locally, that doesn't bother with caching (no point if it's on a single computer and the browser already caches) but that allows for inspecting/tweaking http requests/responses?
For example, I sometimes want to kill referers, tweak my user-agent string, and maybe block google-analytics when I'm testing a website locally. As it is now, Firefox is pretty flexible and probably has an extension for those things, but other browsers can be a bit more bothersome.