Find safe-browser technologies that really work

Home

Newsletter

Search

Reviews

Polls

Contact

This issue

Library

Upgrade

Preferences

Unsubscribe

Windows Secrets Newsletter • Issue 220 • 2009-11-05 • Circulation: over 400,000

BONUS DOWNLOAD

How to get the most from Windows 7
This month's free bonus for all subscribers is a three-chapter excerpt from Windows 7 Tweaks by Steve Sinchak. The book, which is subtitled A Comprehensive Guide on Customizing, Increasing Performance, and Securing Microsoft Windows 7, provides valuable information about making the most of Microsoft's new operating system.

The printed volume won't be available until next month, but all subscribers, free and paid, can receive our exclusive excerpt through Dec. 2. Simply visit your preferences page, save any changes, and a download link will appear. Thanks! —Brian Livingston, editorial director

All subscribers: Set your preferences and download your bonus
Info on the printed book: United States / Canada / Elsewhere

Table of contents
TOP STORY: Find safe-browser technologies that really work
KNOWN ISSUES: Early adopter of Windows 7 shares his secrets
WACKY WEB WEEK: The greatest Halloween prank ever
LANGALIST PLUS: Step by step: reload apps after clean install
BEST SOFTWARE: Two free removal utilities go head to head
WOODY'S WINDOWS: Add Windows 7 PCs to Vista and XP networks

ADS

Learn to use MS Office like a pro
Frustrated by MS Word? Excel just doesn't seem to add up? Feel powerless using PowerPoint and MS Outlook? Carol will explain it all for you in a clear and concise manner. Visit Carol's Corner Office, home of the Word Bytes Newsletter today, and subscribe! As an added bonus, when you become a member, you receive deep discounts on her top-selling books explaining the intricacies of MS Office.
Carol's Word Bytes Newsletter

Get Windows news daily — free
Get your daily fix of Windows news, reviews, tech tips, plus freeware goodies daily — all absolutely free. Bonus: join the Infopackets Windows Newsletter mailing list today and you'll also receive our highly coveted Top 10 Tech Reports, including: Top 10 PC Security Essentials, Windows Optimization Secrets, Top Freeware Antivirus, MS Office alternatives and more. Don't delay: visit us today!
Infopackets Windows Newsletter

Save up to 76% on quality inkjet ink
We offer the sharpest prices on the Web for premium quality ink and laser toner. Bonus! Save an additional 10% during our fall sale by using coupon code FALL2009. Get quality ink and quality service — our company has been awarded the coveted BizRate "Circle of Excellence Platinum Award." Free shipping to contiguous U.S. locations for all orders over $50. Offer expires 11/30/2009 and excludes OEM items.
4InkJets

See your ad here

TOP STORY

Find safe-browser technologies that really work

By Yardena Arar

The major browsers and security programs all tout their ability to warn you about malware sites before you visit them, but do any of these early-warning systems really work?

Experts say they're all useful, but none provides a silver bullet — and any browser-security product's claims of superiority are extremely difficult to verify.

One of the ways browsers and their add-ons combat malware is by tracking sites containing infected files and warning you before your browser opens them.

Safe-browsing products and technologies go by different names: Internet Explorer 8 has a SmartScreen Filter, while Firefox and Chrome use the Google Safe Browsing API. Opera's built-in fraud protection depends on malware data assembled by Netcraft.

If you use Firefox, the free LinkExtend add-on combines alerts from several site-rating services. You'll find more information about LinkExtend, plus a download link, on the product's site. WS senior editor Gizmo Richards described the utility in his March 5 Best Software column (paid content).

These products use different techniques to maintain their data on malware-dispensing sites. The analysts I consulted say each technique is effective, although none is perfect. Determining which one works best isn't easy — or even possible, according to the experts — because their performances in tests will depend heavily on the samples used.

Johannes Ullrich, director of the SANS Institute's Internet Storm Center, says all safe-browsing features depend to some extent on what he calls a sensor network. For Google's Safe Browsing API, the sensor network is composed of the search service's Web crawlers. Other safe-browsing products rely on a large number of volunteers whose systems report rogue URLs to the mother ship as they encounter them.

Of course, the resulting databases of malware-serving sites are only as good as their most-recent scans or user contributions. When a new malware site comes on line — as they do with alarming frequency — it won't appear in any malware database for some time.

Different browsers use different malware lists

Google's Safe Browsing API is based almost entirely on what the search engine's spiders see. The protection depends, therefore, on how frequently the spiders crawl sites and furnish updates to the Safe Browsing blacklist that's downloaded to Firefox and Chrome. Because of the potential for slowing down the browser, the latest version of the API provides ways to customize the frequency of blocklist downloads.

The bottom line is that there's inevitably a lag time between the discovery of a new malware site and the addition of that site to a blocklist update.

Safety-conscious users should consult an on-demand database (which, with a broadband connection, shouldn't impact your overall browser performance). On-demand lists are the default approach in IE 8 and the latest versions of Opera, but you must turn this capability on in Firefox. When you visit a new site, the browser sends the URL to a server that determines whether the site is in the malware database.

However, some observers — such as the Ha.ckers security blog — believe this approach represents a privacy threat. After all, you do reveal to the browser maker which sites you're visiting. The SANS Institute's Ullrich says there's "no blanket answer" to that concern. "That's something you have to decide for yourself," he states.

McAfee's Site Advisor browser add-on and Netcraft's blocklists are created primarily through feedback from their users. After all, you're letting the browser maker know what sites you're visiting. This may or may not produce faster updates than those generated by Web crawlers, depending on the type of site hosting the malware.

Another variable is the type of malware site the safe-browsing product monitors. Netcraft, for example, is heavily oriented toward collecting URLs of phishing sites — hacker dens that imitate legitimate sites. Phishing sites attempt to trick visitors into entering personal information, such as passwords or Social Security numbers.

This is why Opera uses Netcraft data for phishing sites, but information from Haute Secure for sites that attempt to infect your PC with viruses, Trojans, or other malware.

Internet Explorer 8 sniffs out malware sites

Microsoft greatly expanded its SmartScreen Filter protections in the transition from IE 7 to IE 8. The company's URL Reputation Service, much like other safe-browing systems, collects the names of known phishing and malware sites. However, SmartScreen flags sites based on their heuristics within IE 8 — something not all the other browser watchdogs do.

The heuristics component may explain why Microsoft trounced the competition in an NSS Labs study (PDF) released last August that tested the effectiveness of various browsers in blocking "socially engineered" Web sites. According to NSS Labs, these are sites that trick users into voluntarily downloading malware — for example, a site purporting to offer a video clip sent to you by a friend.

Spokespersons for Google and Opera state that the companies were unable to replicate the results of the NSS Labs study, which was paid for but not designed by Microsoft.

However, as reported by Erik Larkin in PC World's security blog — and confirmed to Larkin by NSS Labs — the study didn't test browser effectiveness in keeping people away from exploit sites. These are sites that take advantage of browser vulnerabilities to install malware without your having to download anything, also known as "drive-by downloads."

"It's like rating a car for seatbelts and not worrying about airbags," said Jordy Berson, group product manager for Check Point's ZoneAlarm division. Berson adds that drive-by downloads may account for up to 70% of all malware delivery. Check Point's ZoneAlarm ForceField beta program maintains a database of malware URLs based on the company's own research, along with malware-site data obtained from Netcraft and RSA.

Of the major browsers, Benson says Chrome offers the best protection against exploits because it uses virtualization technology. Thus, malware loaded through exploits "doesn't hit the actual machine," according to Berson. The Chromium blog provides more information on Chrome's built-in "sandbox" feature.

Is definitive safe-browser testing possible?

Various studies of browser safety produce conflicting results. In a separate study (PDF) released last July, NSS Labs focused exclusively on phishing sites and found IE 8 tied statistically with Firefox 3. Symantec points to a Carnegie-Mellon study (PDF) conducted earlier this year that gives the company's Norton 360 security suite high marks for quick detection of phishing sites obtained through spam e-mail campaigns. Symantec says its software uses blacklists based on its own Web crawlers, plus user feedback and heuristics.

"It's always hard to do these studies right," says the SANS Institute's Ullrich. So much depends on the test sample, especially on whether the sample uses real sites or a controlled set. Heuristics analysis has a huge edge in the latter case. Safe-browsing studies similar to the double-blind studies medical researchers conduct have never been conducted. Such studies would last a year, and the testers wouldn't know which technology — if any — they were using.

The lack of a clear winner, Ullrich emphasizes, shouldn't prelude the use of safe-browsing technologies. He estimates that most of these products will catch about 80% of malware sites. "I don't think there's anything that's better. You do get rid of a lot of the bad stuff, and the performance impact is fairly small."

Jeremiah Grossman, chief technology officer at WhiteHat Security, is more skeptical. "Personally, I don't think it [safe-browsing technology] matters that much." He adds that the modern browsers capable of warning you not to visit malware sites tend to have other malware protections as well. Differences between them, he adds, are likely "slight and meaningless."

"Where it would have made a difference is with IE 6," Grossman says."We have new security features to protect the browser that's not vulnerable."

Grossman's recommendation for safe browsing is to use the popular browser of your choice for routine browsing and a different — and preferably less-targeted — browser for serious transactions. He adds that you should always shut the browser down once the transaction is complete.

Grossman's suggestion sounds like a good strategy to me, but I'll continue to use all my browser's security features as well.

WS contributing editor Yardena Arar has written about technology for the New York Times, the Canadian Press, the Associated Press, and the Los Angeles Daily News. She was an editor of PC World magazine from 1996 to 2009.

Table of contents

KNOWN ISSUES

Early adopter of Windows 7 shares his secrets

By Dennis O'Reilly

For most Windows users, the transition to Windows 7 will be bump-free.

But even if the initial installation goes smoothly, you know there'll be glitches — some big and some small.

There's no teacher like experience. Fortunately, however, there's also no reason we have to learn everything the hard way. You can avoid a few potholes by listening to one early Win7 adopter, Ed Kirkpatrick:

"We have been using the released-to-manufacturing version of Windows 7 Professional since it became available through our Microsoft TechNet account. You may have already learned these facts about Windows 7, but I haven't seen them written up in any reviews yet.
- 1. There's no 'Classic View' of anything (no workaround available without third-party software).
- 2. There's no Quick Launch toolbar available (see below for a workaround we like even better).
- 3. The WPA2-Personal wireless security key can be seen in clear text by anyone after it has been typed in (see below for Microsoft's suggested workaround).
- 4. There's no way to copy User Profiles (except the Default User profile — see below for more info).
"If anyone has found a resolution to any of these 'problems/features,' we are interested to hear about them.

"We opened up a security issue case (ID 109083169417505) for #3 above, and a technician was very helpful with the other issues as well.

"A workaround for #2 is to create a folder in the root of C:\ (we called it QuickLaunch) and put links there to all the programs you would normally put in the Quick Launch. Then right-click the taskbar, choose Toolbars, New Toolbar and direct it to the folder in the root of C:\. We then move this toolbar over against the Start Menu so it's in the same position as the Quick Launch.

"For #3 above, the Microsoft tech-support engineer stated that Microsoft's stance is that WPA2-Personal (or lower) is only for 'home use' security, and the owner/user should be able to see the security key at any time. If enterprise security is required, he said, WPA2-Enterprise with a Radius server should be implemented. I asked him about an in-between scenario — i.e., a public implementation where a Radius server is not feasible — and his answer was to use WPA2-Personal along with MAC address listing.

"For #4 above, the Microsoft tech-support engineer told us Microsoft's stance is that user profiles shouldn't be copied all the way down through Windows 2000. So with Windows 7 you just can't. One workaround could be to use Microsoft's USMT (User State Migration Tool). [See Microsoft's User's Guide to USMT.] But this is primarily to move user data from one computer to another, not to copy user profiles from one profile to another on the same computer.

"A more-reasonable method seemed to be to 'build up' the default user profile, which can be copied. [See 'How to customize default user profiles in Windows 7,' MS Knowledge Base article 973289.] We haven't had time to try this yet, but hopefully it will do what we need."

This is just the first of a torrent of Windows 7 tips and tweaks you'll be reading about from Windows Secrets in the months to come. I hope you'll take us along on your personal Windows 7 adventure. Enjoy the ride!

Reader Ed Kirkpatrick will receive a gift certificate for a book, CD, or DVD of his choice for sending a comment we published. Send us your tips via the Windows Secrets contact page.

The Known Issues column brings you readers' comments on our recent articles. Dennis O'Reilly is technical editor of WindowsSecrets.com.

Contents Index

WACKY WEB WEEK

The greatest Halloween prank ever

By Stephanie Small

Halloween trick-or-treaters in creative costumes were everywhere last weekend. Pranks and scares also belong to this holiday, and the one in this video could very well be the topper!

Instead of being scary, though, it's simply a humorous — and harmless — thing to do if you're too old to go trick-or-treating and still want some free candy. Who knows, with a year to think it over, you may come up with something even more clever for Halloween 2010! Play the video

Table of contents

ADS

Your old drivers are slowing down your PC
Driver Detective provides the most up-to-date drivers specific to your computer, including all major-brand OEMs (Dell, HP, Compaq, Toshiba, etc.) and generic brands. We access a database of over 9.2 million device-associated drivers — the largest driver update database on the Internet. Driver Detective saves you endless hours of work and aggravation normally associated with updating drivers.
Driver Detective

Get your message seen by 400,000 readers
Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 400,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement. Take advantage of our all-new design interface, allowing larger images and longer text, and get updated stats in real time!
Windows Secrets Newsletter

See your ad here

PERMALINKS

Use these permalinks to share info with friends

We love it when you include the links shown below in e-mails to your friends. This is better than forwarding your copy of our e-mail newsletter. (When our newsletter is forwarded, some recipients click "report as spam," and corporate filters start blocking our e-mails.)

The following link includes all articles this week: http://WindowsSecrets.com/comp/091105

Free content posted on Nov. 5, 2009:

TOP STORY
By Yardena Arar
Find safe-browser technologies that really work
Different browsers use different malware lists
Internet Explorer 8 sniffs out malware sites
Is definitive safe-browser testing possible?

KNOWN ISSUES
By Dennis O'Reilly
Early adopter of Windows 7 shares his secrets

WACKY WEB WEEK
By Stephanie Small
The greatest Halloween prank ever

You get all of the following in our paid content:

	LANGALIST PLUS By Fred Langa Step by step: reload apps after clean install Is there a "correct" reinstallation sequence? "Server error" more common with NOD32? Are external drives OK for primary backups? More ways to capture "uncopyable" text
	BEST SOFTWARE By Ian "Gizmo" Richards Two free removal utilities go head to head The uninstaller that cleans up after the fact Remove apps without using Windows' uninstaller Choosing a "best" free uninstaller utility
	WOODY'S WINDOWS By Woody Leonhard Add Windows 7 PCs to Vista and XP networks The crux of the mixed-network problem Public, Work, or Home? HomeGroup or workgroup? Step 1: Make your PC known Step 2: Get your workgroups together Step 3: Use the same sign-ins on all PCs

Get our paid content by making any contribution

There's no fixed fee! Contribute whatever it's worth to you
Readers who make a financial contribution of any amount by Nov. 11, 2009, will immediately receive the latest issue of our full, paid newsletter and 12 months of new paid content. Pay as much or as little as you like — we want as many people as possible to have this information.

Use the link below to learn more about the benefits of becoming a paid subscriber!

More info on how to upgrade

Thanks in advance for your support!

Table of contents

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editorial Director: Brian Livingston. Senior Editor: Ian Richards. Editor-at-Large: Fred Langa. Technical Editor: Dennis O'Reilly. Program Director: Tony Johnston. Web Developers: Dan Engler, Damian Wadley. Research Director: Stephanie Small. Copyeditor: Roberta Scholz. Contributing Editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Woody Leonhard, Ryan Russell, Robert Vamosi, Becky Waring.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.

HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period. Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,

Visit our Unsubscribe page.

Table of contents