Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

exploit prevention via browser / OS spoofing


  • Please log in to reply
12 replies to this topic

#1 Daniel_Boringcliffe

Daniel_Boringcliffe

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:10:23 AM

Posted 26 June 2017 - 11:40 AM

In my Chrome with Scriptsafe I have OS and browser spoofing enabled and browserleaks does not seem to be able to see my real browser / OS, neither can other sites unless I enable javascript. Now, please, correct me if I'm wrong. If I land  on a site with an active exploit for some unknown reason and this exploit tries to probe my system for vulnerabilities, can it detect my real system? Because I think that if exploits can fall for this and send me some malware that is supposed to infect macs and it lands on my windows or at least tries, it can't do a thing. So assuming this does actually work, this can prevent a lot of exploits. 

 

Does it work ?

 

 


Edited by Daniel_Boringcliffe, 26 June 2017 - 04:00 PM.
Moved from Web Browsing/Email to Gen Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:05:23 AM

Posted 27 June 2017 - 07:27 AM

unfortunately, no solution is fail-safe.  As long as you keep your system up to date and don't install any apps from odd websites.   I believe you should be fine.  What protection programs do you have too?


Microsoft MVP Consumer Security--2007-2010

#3 Daniel_Boringcliffe

Daniel_Boringcliffe
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:10:23 AM

Posted 27 June 2017 - 10:53 AM

unfortunately, no solution is fail-safe.  As long as you keep your system up to date and don't install any apps from odd websites.   I believe you should be fine.  What protection programs do you have too?

Avast free, Zemana antimalware with rtp, mbae free, standalone scanners : hitmanpro, mbam, adwcleaner, smartscreen on, uac max, ublock origin in chrome

I believe I'm well protected against all sorts of stuff, I'm just trying to cover up the last holes in the "ultimate security" and exploits are one of them.

 

... yep, I'm paranoid. 


Edited by Daniel_Boringcliffe, 27 June 2017 - 10:58 AM.


#4 Daniel_Boringcliffe

Daniel_Boringcliffe
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:10:23 AM

Posted 27 June 2017 - 11:36 AM

So can this spoofing help against some forms of exploits?

#5 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:23 AM

Posted 28 June 2017 - 05:13 PM

I think Java exploits are certainly  the most popular, but that still leaves Flash, Silverlight, and all kinds of other browser plugins and extensions. Having Java disabled would be much more effective than spoofing your browser as far as a malicious web site checking for possible exploits to run.


How Can I Reduce My Risk to Malware?


#6 frogbreath

frogbreath

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bromley
  • Local time:10:23 AM

Posted 06 July 2017 - 08:18 AM

If you are worried then surf the net using a virtual machine, vpn and a sand boxed browser. Not 100% proof but pretty good defence against most things along with your normal av+firewall behind that you'll be OK maybe a little overkill but you say your paranoid.

 

I'd recommend just not looking at pirate sites or any site that is of a suspect nature. What you doing that has you paranoid if you don't mine me asking?



#7 Daniel_Boringcliffe

Daniel_Boringcliffe
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:10:23 AM

Posted 06 July 2017 - 08:23 AM

If you are worried then surf the net using a virtual machine, vpn and a sand boxed browser. Not 100% proof but pretty good defence against most things along with your normal av+firewall behind that you'll be OK maybe a little overkill but you say your paranoid.

 

I'd recommend just not looking at pirate sites or any site that is of a suspect nature. What you doing that has you paranoid if you don't mine me asking?

I'm not doing anything bad in particular, sometimes I download trainers to my games ( I play games a lot ) and sometimes I download pirated games ( from decent sources ). I don't really have a good reason to be paranoid, I just am. By the way - what do you mean by sandboxed browser ? Meaning browser with built-in sandbox or 3rd party app like Sandboxie ? I'm using Chrome with mbae, I currently have Windows Defender and Zemana Antimalware as my real-time protection. 



#8 frogbreath

frogbreath

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bromley
  • Local time:10:23 AM

Posted 06 July 2017 - 09:02 AM

I mean here is your desk top with your real OS on then you have a virtual machine hosting whatever Operating system you want to use inside this virtual OS you have a browser that sits inside a 3rd party sandbox of which there are a few.

 

BUT I'm not sure that downloading pirated games is something they will like here on this site or any family orientated site. I doubt that there is such a thing as a safe/good site to download free games and videos people will hide all sorts in side them and trainers for games. I take it you mean the aim bot thing of which there are some nasty versions.

Depending where you are from you may well find your service provider is watching your traffic because of your downloading habits.

I have known people to be banned from his/her ISP after a few warnings from the service provider not to download from certain sites, they took no notice and got given notice. 

I 'd steer clear of the dodgy software and films ect. I do understand why some do it as they are very expensive these days but it's just not worth it. 

Research virtual machines and 3rd party sand boxes and stay away from pirated software for your own good lol



#9 Daniel_Boringcliffe

Daniel_Boringcliffe
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:10:23 AM

Posted 06 July 2017 - 09:12 AM

I mean here is your desk top with your real OS on then you have a virtual machine hosting whatever Operating system you want to use inside this virtual OS you have a browser that sits inside a 3rd party sandbox of which there are a few.

 

BUT I'm not sure that downloading pirated games is something they will like here on this site or any family orientated site. I doubt that there is such a thing as a safe/good site to download free games and videos people will hide all sorts in side them and trainers for games. I take it you mean the aim bot thing of which there are some nasty versions.

Depending where you are from you may well find your service provider is watching your traffic because of your downloading habits.

I have known people to be banned from his/her ISP after a few warnings from the service provider not to download from certain sites, they took no notice and got given notice. 

I 'd steer clear of the dodgy software and films ect. I do understand why some do it as they are very expensive these days but it's just not worth it. 

Research virtual machines and 3rd party sand boxes and stay away from pirated software for your own good lol

True, there's no *safe* site to download pirated games, No, I never cheat in multiplayer games (aimbots and stuff) , Even if somebody tried, they would get banned very quickly. By trainers I mean for example infinite ammo in witcher 3, etc. because I'm lazy to spare items. In my country (Slovakia) ISP's generally dont give a damn about stuff like this, all of my friends have at least one pirated film / game and no problems. I actually often buy the game after trying it out first. .. anyway, this was off topic. Is Sandboxie good enough if I want to try out some new software or would you use something else instead?  And aren't VMs quite redundant if I'm testing software before actually running it with normal privileges ( virustotal, sandboxie ) ?


Edited by Daniel_Boringcliffe, 06 July 2017 - 09:42 AM.


#10 frogbreath

frogbreath

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bromley
  • Local time:10:23 AM

Posted 06 July 2017 - 11:49 AM

I don't advise running any pirated software..

I was only thinking of your paranoia surfing the net safely as to virtual machine and a sandbox with  browser inside that not in any way giving advice with any pirated software or how to test it safely I can't do that sorry bud.



#11 Daniel_Boringcliffe

Daniel_Boringcliffe
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:10:23 AM

Posted 06 July 2017 - 12:11 PM

I don't advise running any pirated software..

I was only thinking of your paranoia surfing the net safely as to virtual machine and a sandbox with  browser inside that not in any way giving advice with any pirated software or how to test it safely I can't do that sorry bud.

1. I did not say that I'm going to test pirated software,

2. Do you think that I'm some kind of a disgrace because I'm not always buying games / are you scared of writing anything except the original reply you've sent ? If so, why ? :D Do you think that some guy in NSA is going to rape you because you write something remotely inappropriate in a public forum ? That's not going to happen, I assure you. Anyway, I think I'm safe without VM now. Thanks for the reply. 

 

... honestly I do not understand why it is so bad for you to download pirated software, for example, I'm generally not buying stuff that I do not truly want / need, but if I test out the game first, I might actually buy it. It's just testing and in my country nobody gives a damn about this because everybody is downloading pirated software. My uncle has like 1 TB downloaded ( in our country we've got pretty decent torrenting sites with good and friendly community .. and a lot of pirated games )  :lmao:  It's not harming anyone. If I was, for example hacking people then yes, that's despicable but I'm not interested in hurting anybody in any way to get something. Okay, pirated software is not taken so lightly in your country, but still, you don't have to be worried. 

 

and do not think about my paranoia, it's not really an issue and if it starts to be an issue then I can get rid myself of it. 

 

*way off topic, I started with browser exploit prevention and now this  :lmao:

 

Alright, I'm sorry, I get it. You're probably some older guy that really does not want to get into any trouble. 


Edited by Daniel_Boringcliffe, 06 July 2017 - 12:28 PM.


#12 frogbreath

frogbreath

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bromley
  • Local time:10:23 AM

Posted 06 July 2017 - 01:37 PM

LOL I don't think bad of you at all not the slightest.

I'm not worried about the NSA or GCHQ or any of them.

And I think the convo is skirting close to this area.  I'm not worried about trouble but I do respect peoples wishes and rules especially when I use there service.

 

This forum states in the TOS

 

...Pornography, warez, or any other illegal transactions may NOT be linked in any shape or form.

 

...No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences. 

 

I promise you I don't look down on you at all not one bit.

 

Have a read https://www.bleepingcomputer.com/forum-rules/



#13 Daniel_Boringcliffe

Daniel_Boringcliffe
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:10:23 AM

Posted 06 July 2017 - 01:57 PM

LOL I don't think bad of you at all not the slightest.

I'm not worried about the NSA or GCHQ or any of them.

And I think the convo is skirting close to this area.  I'm not worried about trouble but I do respect peoples wishes and rules especially when I use there service.

 

This forum states in the TOS

 

...Pornography, warez, or any other illegal transactions may NOT be linked in any shape or form.

 

...No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences. 

 

I promise you I don't look down on you at all not one bit.

 

Have a read https://www.bleepingcomputer.com/forum-rules/

Oh, ok. I don't want to be mean, just making sure people don't misunderstand stuff. Anyway, you asked me what do I do if I want such protection. So I confessed, because, well, why not. The truth is, I just enjoy learning about IT security for some reason. Standard protection is enough in 95% of the cases, most pirated software included, so that's not my point. I simply enjoy building a little fortress inside my computer. 

And you actually mistook the rules a bit - just because I sometimes download stuff that is not legal does not mean you cannot answer me questions related about security. Security and pirating are very different things and I'm not trying to encourage anybody to do this stuff. 

 

So what do you think ? mbae or emet or sandboxie ? ( sandboxie does not allow external code to run in its sandboxed application, anti exploits included ) .. also, Sandboxie probably messes up with chrome's internal sandbox, which I set to run in Appcontainer, when I check on my Chrome under sandboxie it says "untrusted" in procexp, when I run it normally it runs in Appcontainer. So what's better ? "untrusted" or Appcontainer ?  Does Sandboxie enhance or weaken security in this case ? 


Edited by Daniel_Boringcliffe, 06 July 2017 - 02:17 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users