|
Posted by FromTheRafters on June 27, 2009, 8:23 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Virus Guy wrote:
>
>> "David W. Hodgins" wrote:
>>> [missing attribute]
>>>> Or does typical browsing on legit websites rely too much on this
>>>> string to use it as an anti-malware strategy?
>>>
>>> Yes.
>>
>> There are two components in the user browser string:
>>
>> 1) The browser is being used
>> 2) The OS is being used
>>
>> Is it possible (or useful) to fake *one* of those two to protect a
>> system against (some) malware payloads and yet not interfere with
>> normal web browsing?
>>
>> For example, would faking only the OS component of the string
>> accomplish that?
>
> My User Agent string reports:
>
> Borgzilla/31.0 (X11;U;Linux i686;en-US;rv:31.0) Resistance is futile
>
> What should the server do next? :-)
>
> ( I doubt faking the UA will help prevent malicious infections with
> poor
> browsers, but it could likely screw up your experience at numerous web
> sites. Heck, Captain Picard might get _your_ bank deposit! )
Information is power. A malware server could run a serverside script to
tailor exactly *what* to throw at the potential victim. This increases
efficiency for the server. I don't think it would make too much
difference to the potential victim though. The server could just spew
whatever exploits it wanted - Borgzilla would assimilate all - but
*inferior* browsers would fare less well.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map