* Posts by zombini

4 publicly visible posts • joined 30 Oct 2007

Web browsers on the front line of exploitation

zombini

Browser Defender in NIS2008 is excellent

Norton Antivirus signatures may be slow, but the Browser Defender signatures and the feature in general are excellent. I've yet to see it let something through. Kaspersky lets quite a few exploits through since they trigger on the shell code which is easily polymorhped or some strings in the HTML/Jscript which is easily obfuscated without using a document.write (which btw they hook). Kaspersky sucks.

Mass web infection leaves researcher scratching her head

zombini
Thumb Up

Norton Tested

I am getting a number of hits when testing with NIS2008 from each of those sites. Some appear to have been cleaned up:

- Gretech GOMPlayer openURL BO

- MSIE ADODB.Stream Object File Installation Weakness

- VML BO

- MSIE WebViewFolderIcon BO

- MSIE RealPlayer sometihing..

- QuickTime something

- AOL Superbuddy BO

There were a couple of others.

Grisoft acquires LinkScanner

zombini

LinkScanner has a poor design compare to Norton's Browser Defender

It misses obfuscated browser threats. Thats because its looking at the TCP stream an therefore it has to be its own JScript/VBScript emulation in order to decrypt current browser attacks, and thats next to impossible to get it right.

So if you are running NIS2008 or higher you already have better protection.

When antivirus products (and Internet Explorer) fail you

zombini

Test is bogus - NIS/NAV 2008 Browser Defender detects such obfuscation

If you try to open such files with NIS/NAV2008 installed it easily detects the underlying vulnerability. Testing with Virus Total is bogus as flat-file scanning is yesterday's technology.