MSE Saves the Day

Published on January 26, 2010

Last night, while surfing around for some medical information, one of the sites I stumbled upon through Google’s search results tried to install a Trojan on my computer! This was surprising, seeing as I was using Firefox 3.6 with AdBlock turned on. Thankfully, Microsoft Security Essentials saved the day, alerting me to the fact that a nefarious application was trying to install itself. The tool caught the incursion, alerted me, and successfully removed it from my system. I then did a full scan and it found no other problems.

I’ve read that drive-by attacks like this are becoming more common, but until now I hadn’t ever been affected. Several of my plug-ins were outdated, so I updated them, though I’m not certain any of them were involved in this attack (Java never loaded, and there was no embedded media on the site).

That being said, make sure to surf with protection; there’s some nasty stuff out there.

2 Comments

kip

But, had MSE not been present, would you really have gotten any kind of virus just from viewing a website? If so, how? Your web browser just renders the content it is given, but doesn’t execute any downloaded code. Even with Flash and Java, those plugins run in their own security sandbox, in isolation from your system. If there is a security hole in one of those layers then I something bad could happen, but usually such security holes are very short-lived, especially if you’re not using Internet Explorer.

Jonah

You ask a good question. I’m not sure I would have been infected, but I’d much rather be safe than sorry. I have seen proof-of-concept attacks before where, even with Firefox, arbitrary code could be executed (I once tried an example that started the Calculator app in Windows). Mozilla is clearly good at providing fixes quickly, but in the world of malicious code, it’s essentially an arms race.

I thought that only Chrome ran plug-ins in a sandbox environment. I’m pretty sure Firefox allows (some level of) arbitrary access to the system. Flash security holes are pretty common, hence the “NoScript” extension. None of the Flash security advisories that I’ve seen mentioned that it only worked in IE; I think everyone is affected if your version of Flash is downlevel.

One more reason why the plug-in checker is so handy in FF 3.6.

Comments are closed.

Copyright © 2004-2018 Jonah Bishop. Hosted by DreamHost.