8.5 When to Worry About Browser Content

Team-Fly    

 
Malicious Mobile Code: Virus Protection for Windows
By Roger A. Grimes
Slots : 1
Table of Contents
Chapter 8.  Internet Browser Technologies

8.5 When to Worry About Browser Content

Browser content becomes potentially mischievous when it can do any of the following:

  • Access local files and resources

  • Exploit content or a content application helper executable with a recreatable buffer overflow

  • Launch itself without direct user involvement on the local machine

  • Remain active in memory without the user being aware

  • Manipulate external programs on the local machine.

  • Access or manipulate other browser windows on the local machine.

  • Create new processes on the local machine.

  • Be able to communicate to hosts other than the local machine.

For instance, Common Gateway Interface (CGI) and Active Server Pages (ASP) are server-side processes that run on the web server, not the local web client. Those languages have a hard time accessing local system resources. For those reasons, CGI and ASP are probably not going to be high on the list for malicious mobile code programmers. Of course, as languages involve, they often gain new functionality. If that new functionality allows the local system threats previously indicated, the language can be considered potentially dangerous.

Another example, Virtual Reality Modeling Language (VRML) is a standard for the animation of geometric shapes and 3D objects within browsers. A VRML ActiveX control is packaged with Internet Explorer and presents very little security threat because it was designed to download and display graphics. It does not have access to the local file system, has no known buffer overflow exploits, and as such, provides little risk.

On the other hand, programs that we once thought were safe are now potential holes for hackers. Adobe's Acrobat program and Microsoft Windows' Media Player were once thought of as very safe. One displays document images and the other displays audio and video files. Both have contained buffer overflow holes, which would allow complete system compromise. Microsoft and Adobe have released patched versions, although a large number of users still use the older versions.


Team-Fly    
Top


Malicious Mobile Code. Virus Protection for Windows
Malicious Mobile Code: Virus Protection for Windows (OReilly Computer Security)
ISBN: 156592682X
EAN: 2147483647
Year: 2001
Pages: 176

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net