Page 1 of 2 12 LastLast
Results 1 to 15 of 20
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Prevent drive-by downloads?

    I fix computers for a living and have been inundated over the last 12 months with people calling with 'Scareware' infections caused by drive-by downloads. I've seen systems infected that have various anti-virus and anti-spyware products running so the standard defenses do not prevent these attacks. I've even had them come up on my own personal machine - but I know enough to just kill the browser process before the infection takes hold. Most of my customers however, click the buttons on the scareware windows which just allows the thing to take root.

    Malwarebytes typically takes care of the removal but that costs my clients money for me to fix it (good for me I guess). I've been monitoring a solution being developed by the DOD along with Georgia Tech called "B.L.A.D.E." ( http://www.blade-defender.org/ ) but the website has said for the last 6 months that a prototype will be available 'soon' and the site hasn't been updated for a long time now.

    So my question is: has anyone found an effective & practical solution to this problem? Based on the number of machines I see infected (2 to 3 a week) and I'm just a one guy shop - there must be thousands & thousands of these infections each day.

    Bob.

  2. #2
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Unfortunately Bob there is no way to protect against the biggest cause of these things, our own fingers clicking buttons without thinking of the consequences. You just can't stop people doing what they have always done. And unfortunately there is no universal way to get the message out to these very same people to change their habbits. If we could get people to use task manager rather than X out to close unexpected pop ups, that would go a long way toward solving this epidemic.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    California, USA
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi Bob,

    I agree whole heartedly with Ted. Most drive-by downloads are caused by people clicking on unknown items on a website. Nowadays on soooo many websites you will see an advertisement for a free scan of your computer to check for malware or virus. After my first experience doing just that (about 6 years ago) and getting an infection on my system I learned to never again click on these advertisements. I have not experienced a drive-by download on my computer since then. Most people I think are always watching out for possibly getting a new malware/virus protection program which might be an improvement over what they are currently using, so these advertisements are very tempting. THERE IS NO PROGRAM AVAILABLE THAT WILL STOP PEOPLE FROM NOT USING COMMON SENSE!

    73s
    Murray


    Murray aka Grumpy Geezer

    My Primary System: Windows XP SP3
    Intel Core 2 Duo E8600 CPU
    Asus P5Q PRO TURBO Motherboard
    O.C. 4.4 GHz stable & permanent
    4 GB Memory
    1 x 300 GB Maxtor HDD
    4 x 500 GB WD HDD's
    1 x 80 GB WD HDD (operating system)
    Cooler Master HAL-932 Full Tower Case

  4. #4
    Gold Lounger Roderunner's Avatar
    Join Date
    Dec 2009
    Location
    Scotland.
    Posts
    3,462
    Thanks
    16
    Thanked 216 Times in 183 Posts
    Hi Bob, you could start a side-line to your shop, teaching customers how to read. Almost all program makers have 'User Guides' and in the language of your location, but goes unread, then they ask in forums for help from people who can and do read them.
    Unfortunately most PC users i.e. install an anti virus program to prevent viruses and think there safe ( from the majority of attacks ) without knowing what other features is included in the AV program.
    O wad some Power the giftie gie us, to see oursels as ithers see us!

  5. #5
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    I agree with everyone else. Most of these are not much more than an anoyance that are easy to avoid by paying close attention.

  6. #6
    New Lounger
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I tell everyone that ends up with one of these what to do next time (don't press anything - just turn off your computer) and I still I ended up fixing two just today (one a repeat). My bread & butter is doing work for people who really don't know that much - they just want to check their email, maybe shop at Amazon and do things like research bible study topics (yeah I had one customer end up with a driveby doing that). I cringe when I see the line of people dragging in their computers to the Best Buy Geek Squad knowing that they are going to be out $200 because of the criminals dreaming up this crap trying to con people out of $65 (I usually fix it for $45). I know that it isn't hard for those of us that live & breath this stuff to deal with these drive-bys - but lets face it most of the computer users out there are like your (or my) mom & dad and are really just clueless about this stuff. I was just hoping someone else had figured out a way to stop this crap.

  7. #7
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Sydney, Australia, New South Wales, Australia
    Posts
    251
    Thanks
    0
    Thanked 4 Times in 4 Posts
    I find setting up my users' routers to use opendns.org solves lots of these problems. The OpenDNS server automatically stops phishing and other attemps. As a bonus, some benchmarks mark it as a very fast DNS server; often faster than your ISP. Oh, and if you want to filter out other kinds of nastys, you can do that too.
    Last edited by peterl; 2011-03-17 at 02:05. Reason: make link

  8. #8
    2 Star Lounger
    Join Date
    Mar 2010
    Location
    Tampa, FL, USA
    Posts
    114
    Thanks
    11
    Thanked 10 Times in 9 Posts
    I would like to add to peterl's note about OpenDNS to also install the latest HOSTS file from http://www.mvps.org/winhelp2002/hosts.htm

    I've used that for years on multiple XP systems and did not experience a slow down, and rarely have to kill a browser due to a malicious pop-up. YMMV
    Last edited by pjustice57; 2011-03-17 at 14:13.
    PJ in FL

  9. #9
    Gold Lounger Roderunner's Avatar
    Join Date
    Dec 2009
    Location
    Scotland.
    Posts
    3,462
    Thanks
    16
    Thanked 216 Times in 183 Posts
    Quote Originally Posted by peterl View Post
    I find setting up my users' routers to use opendns.org solves lots of these problems. The OpenDNS server automatically stops phishing and other attemps. As a bonus, some benchmarks mark it as a very fast DNS server; often faster than your ISP. Oh, and if you want to filter out other kinds of nastys, you can do that too.
    Did you include the OpenDNS Updater ?

    Quote Originally Posted by pjustice57 View Post
    I would like to add to peterl's note about OpenDNS to also install the latest HOSTS file from http://www.mvps.org/winhelp2002/hosts.htm

    I've used that for years on multiple XP systems and did not experience a slow down, and rarely have to kill a browser due to a malicious pop-up.
    I tried using the Hosts File you stated on my Netbook and the 'Boot' time trebled.
    O wad some Power the giftie gie us, to see oursels as ithers see us!

  10. #10
    New Lounger
    Join Date
    Dec 2009
    Location
    Washington, DC
    Posts
    3
    Thanks
    0
    Thanked 4 Times in 2 Posts
    Most home users, regardless of which version of Windows they are using, have a single account on the machine. Of course, this account has full admin rights. Set up your customer's machines to have at least two accounts: one standard or unprivileged user with no admin rights, and one admin account. Have them use the standard account for all their day-to-day work. They can use the admin account once a month to install updates to Windows (and Firefox and whatever) or when they really do want to install software. This will prevent some drive-by infections and limit some others to only the standard account.

    Of course, when the UAC box pops up asking for the admin account password your customers may still just type it in instinctively. Or they may take the hint, or maybe they will be too lazy to type it in. It is pretty safe to tell them never to type the admin password into the UAC box, only use it when logging on as the admin user for monthly updates.

    One downside is that they will need to log into their "normal" account every time they boot, but their password can be just one letter (for both the standard and the admin accounts) and they will still be ahead.

  11. #11
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    Quote Originally Posted by PeterR View Post
    Most home users, regardless of which version of Windows they are using, have a single account on the machine. Of course, this account has full admin rights. Set up your customer's machines to have at least two accounts: one standard or unprivileged user with no admin rights, and one admin account. Have them use the standard account for all their day-to-day work. They can use the admin account once a month to install updates to Windows (and Firefox and whatever) or when they really do want to install software. This will prevent some drive-by infections and limit some others to only the standard account.
    Note: that starting with Vista a user account that is a member of the adminstrators group does NOT have the same full admin rights as the builtin Administrator account. This is a big change from older Windows OSes.

    Joe

  12. #12
    Lounger
    Join Date
    Jun 2010
    Location
    Ontario, Canada
    Posts
    27
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It seems to me the term "drive-by download" is a bit redundant these days. Sure, back in the day IE6 (or was it even earlier?) could be configured to gleefully install any ActiveX control it came across, but unless it's exploiting some unintentional security flaw, I understood that can't happen anymore without direct user intervention.

    Anyway, I run Firefox with Adblock and Flashblock these days, so it's all becoming a distant memory. (I feel bad sometimes about depriving sites of ad revenue, but I'd had just about enough of acai berry scams.)

  13. #13
    2 Star Lounger bmeacham's Avatar
    Join Date
    Jan 2001
    Location
    Austin, Texas, USA
    Posts
    191
    Thanks
    4
    Thanked 4 Times in 4 Posts
    I don't suppose you could migrate some of your clients to Linux, could you?
    Bill Meacham
    bmeacham98 AT yahoo.com

  14. #14
    Lounger
    Join Date
    Dec 2009
    Location
    Bath England
    Posts
    40
    Thanks
    5
    Thanked 1 Time in 1 Post
    I would like to endorse kehander's comment and suggest adding the NoScript extension to his list. I have not seen a pop up/scripting problem for three/four years.

    With NoScript you need to positively allow a web site. Many sites notify you that scripting is required. You then decide if you want to allow it.

    Brian

  15. #15
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Sydney, Australia, New South Wales, Australia
    Posts
    251
    Thanks
    0
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by Roderunner View Post
    Did you include the OpenDNS Updater ?
    I didn't because I have a static IP address, so don't need it. If you don't know whether you have a static IP address, check with your ISP.

    I tried using the Hosts File you stated on my Netbook and the 'Boot' time trebled.
    I haven't tried this.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •