Browser Security Pack

[ProxRocks]

Jaded_Goth Wrote:ProxRocks, this is supposed to be the Proxomitron Community. Why not encourage each other to be the best we can?

Sometimes, telling someone that they CANNOT do something is the BEST type of encouragement you can give - "reverse psychology"...


Three years ago (this very month, actually), I was $52,000 in debt (all of it in credit cards and a car loan on a 5-year-old car - I do not own a home and had little to nothing in a 401k)... All while "bringing in" a NET income of just over $21,000 per YEAR...

A very close co-worker looked me square in the eye, "Nobody gets themselves out of a mess like that, quit your job and charge up your last year of college, then file for bankruptcy and start brand new."

Granted, in this day and age, the words "bankruptcy" and "divorce" and "single mother" do NOT carry the negative connatations that they did when I was growing up - society is going downhill (I blame the left-wing liberal extremists)...

But I am "old school" - 'bankruptcy' is NOT in my vocabulary...

I looked him square in the eyes and said "WATCH ME!!!"...

Three years later, ALL of my 20+ credit cards are paid off in FULL and all but three have been CLOSED, my car is paid for, and I have $2,100 in the bank...

I've done all of that WITHOUT a college degree - I'll finish that in a couple of years...


And it's ALL BECAUSE somebody looked me in the eye and said that it cannot be done...


Well, I proved that person wrong - and I have a financial budgeting book in the works due to be on store shelves next summer...


Of course, "reverse psychology" doesn't work when two posts later reveals that the initial post was somewhat of a RP-tactic...

[Ralph]

Great going ProxRocks ; I want a signed copy of your book ! I need to get back to Kye-U 's security code for some guidance . Kye-U , after merging your security pack , I am finding it next to impossible to load groups of favorites in tabs using MYIE2 . Loading almost freezes and I have to do a C/A/D to get out of there . I am using Win 98 se & Proxo with Sidke 's cfg . Any advice ? Thanks .

[ProxRocks]

I've noted a slowdown in Sleipnir's tabs as well - at least, I "think" so...
Maybe King Ralph just put that notion in my head, don't know...

Since I use Sleipnir as a shell to Firefox, I've been disabling the IE-specific and the Opera-specific filters...

I guess I'm just wondering why this collection is growing SOOO rapidly - my "guess" is that SEVERAL of these security issues are NOT an issue if your browser is fully patched...
But that is just my guess...

That, and I half suspect that sidki's config ALREADY blocks a bunch of this stuff - such as ModalDialog (if I recall correctly)...

[ProxRocks]

suggestion:

Kye-U,

JD (where ever he is) used to "rate" each filter on a scale of 1 to 10...
Perhaps a rating system on the severity of each filter within your collection would be of a benefit to its users...

Maybe even a "rarity rating"...
theoretical only, have not seen 'in the wild'...
extremely rare, use only if you are extremely paranoid...
rare, "safe surfers" will generally not encounter these...
common, you better use these at the very minimum...

[Jaded_Goth]

ProxRocks Wrote:Sometimes, telling someone that they CANNOT do something is the BEST type of encouragement you can give - "reverse psychology"...


.

You're right.It can on occassion have an adverse effect.For instance,a close friend once told me not to even think about going to live in Afghanistan....She was speaking literally,of course,but I damn near got on a plane......

Congratulations for turning your life around.That took guts and tenacity.No going back now,you got it made.

[Jaded_Goth]

Returning to the subject of Proxo filters.I have noticed that for the last two days,when I first start up Proxomitron TWO Mozilla browsers open.It's no big deal.I just close the duplicate one.

Wonder why it happens,though.

[Kye-U]

Ralph and ProxRocks, I acknowledge that there is a CPU load issue, and I'm trying to find the culprit :P

Good idea ProxRocks, I will try to integrate that system, and disable as many outdated/less severe filters.

Thank you for that idea, and thanks for commenting that in a way, this is a full time job for me. I'm trying my hardest on this pack.

[Siamesecat]

Quote:Loading almost freezes and I have to do a C/A/D to get out of there . I am using Win 98 se & Proxo with Sidke 's cfg . Any advice ? Thanks .

If you look at the listings for the filters, you will notice that ALL have been set active. For those filters that are not an issue with your browser, turn them off, or don't add them in.

Quote:my "guess" is that SEVERAL of these security issues are NOT an issue if your browser is fully patched...

Some of these filters will fix problems for older versions of browsers, but not the current ones, which have already been patched to fix the specific problem. Again, don't use those filters, or don't add them to your config file.

[Siamesecat]

Code:

Name = "Spoofed Address Exploit [Kye-U]"
Match = "\0://(\1.([a-z]+{2,4})|*.*/)((?%00|(((%|&#)0[01])+{1,2})))[^/]++[@|%40]\2"

The match is more workable like this.
Note "\" before "&" and the brackets around "01" before ")+{1,2}".
I could not get a test to match with the expression "((%|&#)0(0|1))+{1,2}". You have to escape the ampersand to get it to work.

[ProxRocks]

Is there any way for us to know which filters are NOT needed, so long as we maintain a fully patched IE6 (or clone thereof)?

[Kye-U]

Siamesecat, it'll look something like this?

Code:

\0://(\1.([a-z]+{2,4})|*.*/)((?%00|(((%|&#)0[01])+{1,2})))[^/]++[@|%40]\2

ProxRocks, look at the version(s) that are vulnerable included in the description. Most of then are 5.0+, but you will be able to disable some.

And I think the CPU issue is due to the Bounds match:

Quote:($NEST(<(([a-z]+{1,*})|*=\s),</([a-z]+{1,*})>)|$NEST(<(([a-z]+{1,*})|*=\s),>))

Can you guys suggest another?

[Siamesecat]

Quote: Is there any way for us to know which filters are NOT needed, so long as we maintain a fully patched IE6 (of clone thereof)?

I got that information by reading the suggested articles about the exploits, trying out sample exploits to see if I need to worry about them, and by knowing which filters I have already, and what they do. That was the reason that I asked so many questions. I also added to my configuration the individual filters that I thought I needed, not the whole collection.

[ProxRocks]

As of this very evening, I am now running IE6 Service Pack 2 Release Candidate 2...

At that, I'm going to disable every single one of the filters in this security collection...

I will take it upon myself to read up on these filter exploits and the issues which SP2 resolves therein...

SP2 does not "officially" go public until next month - by that time, I will have the 'security collection' "minimized" as to what is and what is not needed for a fully patched IE SP2...

It is my opinion that anything beyond that is merely "excessive config bloatation"...

It does seem to me that we (the Proxo community) should not be "encouraging" the use of IE5.5, for example, so why should the security pack contain filters exclusive to IE5.5? Why not include security issues that were in Windows for Workgroups 3.11? I mean, how far back are you wanting to gain secureness for?

A config set of 100 filters and 20 of them being "security fixes" that may not even exist within your browser anymore is really quite inefficient...

But like I say, I shall take it upon myself to reduce this "collection" and will rightfully inform you (many weeks from now, mind you) which, if any, are still needed under SP2...

SP2 has been 'in the works' for a VERY long time - I half suspect that this collection of filters will be DRASTICALLY reduced... I shall keep you informed, but in that I am unable to make it a full-time project, updates will not be for weeks from now...

But rest assured, I highly anticipate that this set can be reduced immensely... Just a hunch...

[Jaded_Goth]

ProxRocks Wrote:As of this very evening, I am now running IE6 Service Pack 2 Release Candidate 2...

At that, I'm going to disable every single one of the filters in this security collection...

Please,don't do it,Mate!!

At least research which one safeguards I.E. against being hijacked.Believe me,SP2 is eminently hijackable.

I had never,ever been subjected to a CWS take-over bid til I installed RC1.Things *may* have improved,but don't count on it.

about:blank-sp.html breed aint funny.

[ProxRocks]

Odds are, your "CWS take-over bid" (whatever the heck that is) has nothing to do with RC1...

You didn't get hijacked "because of" installing it, but rather was merely hijacked "around the same time" you installed it... One didn't have anything to do with the other - that's my educated guess...

My guess is that RC1 did not "introduce" a new exploit, you simply were exploited by one that RC1 did not address...

But having said that, if RC1 did not address it, then neither will RC2 - I admit this...

Generally speaking, my surfing habits are extremely safe - I don't do porn or warez or sh*t like that... Nor e-commerce, for that matter... That being the case, I don't "run into" the exploits that this security collection addresses anyway... NONE of these filters has shown up in my log while surfing... Doesn't mean that I don't need them for added security on the 'net, but not if it sacrifices CPU time...

And to that end, to not eat up CPU cycles, I strongly desire a minimized security pack...

I'm at about 60% of my surfing being done using Sleipnir as a shell to Firefox... 39.9% of the time is using Sleipnir as a shell to IE6... 0.1% of the time is going straight to IE6 solely for the purpose of visiting Windows and Office Update sites...

I guess I would just like to see which filters are needed for IE6, which are no longer needed for IE6 SP1, and which are no longer needed for IE6 SP2...

Because I'm really not interested in securing IE 2.0 operating on NT4, or IE 1.0 or 3.0 operating on Win 95, or IE 4.0 operating on Win 98, or IE 5.0 operating on Win 98 SE or Win 2000, or IE 5.5 operating on Win ME, or even IE 6.0 operating on Win XP...

I'm interested in securing IE 6.0 operating on Win XP SP2...
Anything beyond that is BLOAT...

Bloat killed Netscape...
Minimizing it to Firefox resurrected it...
I aim to minimize it...

I don't want bloat killing my Proxo config...