Re: XML based software interfaces and browser hijaking
From: Adam Jones (ajones1_at_gmail.com)
Date: 10/06/04
- Previous message: Roger A. Grimes: "Need forensic investigation assistance in Chattanooga, TN"
- In reply to: Carey Myers: "XML based software interfaces and browser hijaking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 6 Oct 2004 09:16:26 -0500 To: security-basics@securityfocus.com
I think the problem lies more in the way that XML is used than in the
XML itself. The problem you encountered was an IE problem experienced
through the use of IE in an XML implementation. If it were possible to
redirect the AV software's interface to another browser that did not
have some of the security issues or ubiquity of Internet Explorer you
probably would have been able to use the software's interface without
a problem.
I guess my short answer is that since this trend of using XML
generally seems to require software that has a strong track record of
insecurity, we will continue to see problems with XML interfaces. If,
however, someone gets smart and uses a seperate web engine (gecko
perhaps) to implement their interfaces it would solve a lot of these
problems. (and create a few more with the loss of activex as a medium
for distributing content, but I think the extra security and product
usability is worth the effort)
On Mon, 04 Oct 2004 08:52:40 -0800, Carey Myers <cmlist170@hotmail.com> wrote:
> Recently I have spent a significant amount of time restoring a few computers
> of friends/family that have had the following problems:
>
> One or more of any number of downloader trojans were installed, presumably
> from using an unpatched browser to access a malicious site.
> Their browsers were severely hijacked.
>
> Neither machine was current on virus definitions. Neither machine could be
> updated for virus definitions or scanned because the AV software was using
> an XML interface with a modified Internet Explorer browser window, which was
> immediately redirected to the hijacked browser web page. The same went for
> any "scan my computer" function I tried. Only by installing an alternate
> browser and doing a scan from online (importing AV defs from another PC was
> not possible as there was no PC available) was I able to identify and remove
> the virus.
>
> Internestingly, corporate editions of the same brand of AV product still use
> a standard window-based interface.
>
> To extrapolate further, any software product with an XML interface would
> become unusable, making the impact of browser hijacks deeper and more
> damaging.
>
> I was just wondering if this XML trend seems as potentially dangerous to
> others as it does myself.
> With current virus definitions, the AV product would have prevented the
> infectious components from being written to hard disk. But with computers
> shipping with 3-month trial subscriptions to AV software, it is very easy
> for AV to become outdated.
>
> I don't want this to break down into "Users should take care of their
> computers or get off the net" debates, I just want to see what others think
> about XML interfaces for software (especially AV) products and the
> consequences of this shift in the consumer market.
>
> Is XML interfacing a potential security liability? Should AV vendors
> protect their user interfaces better?
>
>
> CM
>
> _________________________________________________________________
> FREE pop-up blocking with the new MSN Toolbar – get it now!
> http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
>
>
- Previous message: Roger A. Grimes: "Need forensic investigation assistance in Chattanooga, TN"
- In reply to: Carey Myers: "XML based software interfaces and browser hijaking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
