New Tool Blocks Downloads From Malicious Sites 192
Hugh Pickens writes "Science Daily Headlines reports that a new tool has been developed (funded by the National Science Foundation, US Army Research Office and US Office of Naval Research) to prevent 'drive-by downloads' whereby simply visiting a website, malware can be silently installed on a computer to steal a user's identity and other personal information, launch denial-of-service attacks, or participate in botnet activity. The software called Blade — short for Block All Drive-By Download Exploits — is browser-independent and designed to eliminate all drive-by malware installation threats by tracking how users interact with their browsers to distinguish downloads that received user authorization from those that do not. 'BLADE monitors and analyzes everything that is downloaded to a user's hard drive to cross-check whether the user authorized the computer to open, run or store the file on the hard drive. If the answer is no to these questions, BLADE stops the program from installing or running and removes it from the hard drive,' says Wenke Lee, a professor in the School of Computer Science in Georgia Tech's College of Computing. Blade's testbed automatically harvests malware URLs from multiple whitehat sources on a daily basis and has an interesting display of the infection rate of different browsers, the applications targeted by drive-by exploits, and the anti-virus detect and miss rates of drive-by binaries."
Not new, vaporware (Score:5, Informative)
Great idea, and I can't wait for it to surface. But, don't get your hopes up. Brian Krebs reported on this back in February (http://krebsonsecurity.com/2010/02/blade-hacking-away-at-drive-by-downloads/) and it's been vaporware the entire time. Demo videos look great, but there has been absolutely no public movement on the project since this spring.
When it gets released, THEN post something to /.
Re:Easiest option: (Score:3, Informative)
Try Comodo Personal Firewall, it already warns when a new program tries to install on your computer, and it's free.
Re:What the fuck (Score:5, Informative)
You are right, download shouldn't run automatically. And actually, no browser intentionally allows downloading programs automatically.
Unfortunately, internet browsers are a quite complex piece of software which connects to a lot of other complex libraries, and each of these software elements may contain security vulnerabilities, used by exploits that download and run malicious code. The idea is this: some hacker find out about a security bug in some windows library (which could be a result of things like a buffer overflow bug), such as the library that displays some file format (WMF, AVI etc.), ActiveX, JavaScript etc., and then embed in a website some file that uses this exploit ( windows metafile, embedded video etc.). Such vulnerabilities are being discovered all the time, and Microsoft keeps releasing new security patches that fix these bugs, but from the moment the bug is discovered to the moment you download a security update there is enough time where your computer is exposed to such exploits.
I don't think it is realistic to expect software to be free of such vulnerabilities. Every OS got them. Fortunately for people using other OSes such as Linux, it is not targeted as much as Windows by hackers because it is not as common as a desktop OS, and the fact that most users do not run as admins also helps to reduce the potential damage of a malware. I believe there are other ways to reduce exposure to such exploits: for example, use data execution prevention and use a sandbox to isolate the browser and all the libraries it uses from the rest of the system. However, you need to design the system from ground up to be able to implement these measures properly.
Use Sandboxie to Virtualize Browser in Windows (Score:5, Informative)
http://www.sandboxie.com/ [sandboxie.com]
In addition, I also recommend installing FireFox with NoScript, AdBlock Plus, and Certificate Patrol addons on all platforms (Windows, MacOSX, Linux, *BSD, etc.) in order to minimize attack and spoofing vectors, which are typically JavaScript & Flash based.
Using SandBoxie, Firebox, and the above mentioned addons seems to be a just as good, if not a better solution, that the tool mentioned in the article. And they are all available now for free!
Re:Is this another Windows-only problem? (Score:3, Informative)
Macs "just work" once you tell sudo your password. If I see the sudo box when I'm not expecting it, hitting the cancel button is much easier than typing in my 15 character password.