 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
3 |
 |
Members:
0 |
 |
Total:
3 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 05/20/2002 1:13 PM |
|
| According to a recent story at cNET a number of advertisers, desperate to get their message in front of you have started to institute a new type of advertising tactic - pop-up downloads.
Here is the link:
http://news.com.com/2100-1023-877568.html?tag=dd.ne.dht.nl-sty.0
The basic idea is that, like a pop-up web page, when you browse onto a site such as the much used ezboard.com or TuCows you might get a pop-up that actually downloads and asks to install a program on your machine. They rely on the idea that many people think "Sure, why not" when a site sends them something - figuring it's just a new browser component. The problem is that many of these "pop-up downloads" contain more than just a new version of flash or some other nifty tool - in many cases they contain programs that track information about you and place it into cookies for the site to pick up later, or even communicated directly back to the vendor. Some change the way your browser actually works. Gator for instance installed a component that, when the user browsed onto yahoo's site, replaced yahoo's adds with it's own. Others have done things like change home pages, add click tracking to cursors etc.
The real key here is - if you have a properly configured browser you should ALWAYS be prompted before running any such install program, and you should - unless you're expecting the install, almost always answer NO to the question "Do you want to install xxx". You may even find that they do things like pop-up a web page that LOOKS like a normal dialog box. To double check your setting you should go to Tools/Internet Options, Security tab, choose the "internet" icon, and then choose custom settings. Your settings SHOULD be as follows:
Download Signed ActiveX Controls: Prompt (note that just because something is SIGNED doesn't mean it doesn't violate privacy)
Download unSigned ActiveX Controls: Disable
Initialize and script ActiveX Controls not marked as safe: Disable
Run ActiveX Controls or plug-ins: I'd mark this as Enabled, or Prompt. I use prompt - it's annoying in that almost every page pops up a warning, but at least I always have the option of opting OUT of scripts being run.
Script ActiveX Controls marked safe for scripting: See comment above, set as Enabled or Prompt depending on your paranoia level and search habits
File download: Enable - you'll still be prompted, but you may need to download files...
Font download: Your choice, enabling means you have more risk that a file can get on your computer, disabling may affect how some websites look.
MicrosoftVM - Java permissions: High Safety
Miscellaneous:
Allow access to data sources across domains: Disable
Allow meta refresh: Enable
Display mixed content: Prompt
Don't prompt for client certificate: Disable
Drag and drop or copy and paste files: Prompt
Installation of desktop items: For most users this should be disable, or at the most prompt
Launch programs and files in an iframe: Prompt
Navigate subframes across different domains: Prompt
Software channel permissions: Medium safety
Submit non-encrypted form data: Enable, but be aware of the security id in the lower right corner before hitting submit...
Userdata persistence: Enable
Active scripting: Enable or prompt - your choice for ease of use/paranoia :)
Allow paste operations via script: Prompt or disable
Scripting of Java applets: Enable
User authentication: LOGON only in intranet zone - this prevents your login credentials from being passed out on the internet and forces a login prompt to appear for you to login.
You may find that after doing this you get more prompts- but remember the prompts allow YOU to decide if you want scripting or controls to run - if the site looks ok without them - you didn't need them now did you :). If the site looks bad without them you can either decide not to browse further, or hit the refresh key and choose "allow scripting" or "allow activex controls" and see how it looks then - but YOU'VE made the choice.
If you don't have all these choices, you may have an earlier version of Internet Explorer. David and I highly recommend moving to IE 6.0. The reason is that 6.0 also allows you to control who may place cookies on your machine, and gives a more detailed set of security settings. You should have your cookie settings as follows:
Under Internet Options/Privacy tab click the ADVANCED option and set:
Override automatic cookie handling: Checked
First party cookies: Prompt
Third party cookies: Prompt or disable
Session cookies: Always allow (These are necessary for most sites to maintain "state" when you're in the site)
Then as you browse to a site, the first time, it will ask if you want to use the cookie (possibly for SEVERAL cookies if there are advertising on the site). Be sure to look at WHO the website is you're going to, and WHO the cookie is actually for. When it does prompt YOU can decide whether to permit it or not. You'll be surprised to find that even spam email tries to put cookies on your machine to track whether you saw the email or not. For anything that doesn't require a login or the ability to track WHO you are (for instance weather.com might put a cookie with your zip on it so it can show you your local weather, that's a "good cookie" the ads they run though also try to put cookies on your system to track your browsing and clickthrough habits - that's a "bad cookie". When you decide about a cookie you can either BLOCK or ALLOW the cookie. When you do this, be sure to select the checkbox that says "Apply these setting to ALL cookies from this site", and you'll never be prompted about it again - it will track your personal selections as you go along. If you change your mind you can always click the EDIT button to the tab and change the settings for a particular cookie.
And finally, as we've mentioned a number of times, in both Outlook and Outlook Express you should set your software so that that browsed messages are considered to be in the "Restricted zone".
In OE: Tools/Options/Security/Restricted zone, and be sure that both warn me when other applications try to send mail as me and don not allow attachments to be saved or opened that could potentially be a virus are checked.
In Outlook: Tools/Options/Security/Zone set to "Restricted".
Take a few minutes today and double check your settings. If you're not on IE 6.0, get there, and after you install it BE SURE to run windows update to get all the security patches up to date. You want the best protection you can get from mal-ware and ad-ware. Be sure you have it.
Lee Drake, Moderator |
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|