(April 24, 2016 at 8:42 pm)Aractus Wrote: There are lists dedicated to blocking malware, and it can incorporate the MVPS HOSTS file also. I'm not at all saying it's a complete tool, however it is important because the ransom-ware and other malware are targeted at advertisers. That's not an opinion, it's a fact - and it's why kickass torrents has been blocked by Google's Safe Browsing at least 3 times now in the past 12 months. Not because its server served malware, but because malware was on the website served through its advertisers. However, if you had uBlock running when visiting the website you were never in any danger in the first place. There has even been malware found embedded in Youtube ads.
Ok, I've really tried explaining this to you multiple times, so apologies in advance if this post comes across as frustrating.
uBlock does not block malware. Malware is a file that runs on your computer and performs some malicious action. It is only detectable via either it's a signature, or heuristics. This is almost exclusively performed by anti-virus software.
uBlock is not anti-virus software. It only prevents your browser from accessing URLs which link to known malware sites. This is a huge difference. If sites A, B, and C all host the same piece of malware, and your anti-virus has a signature for it, then visiting any of the sites and downloading the malware will cause your anti-virus to alert you. However, if uBlock only has sites A and B in its list, and you visit site C, the malware will be downloaded, and there's nothing uBlock will be able to do to stop it.
To put it another way: uBlock attempts to prevent your browser from connecting to known malware sites. Anti-virus attempts to prevent actual malware from infecting your system after it has been accessed.
So, please stop perpetuating the myth that uBlock actually blocks malware, because it doesn't. It blocks known distributors of malware. I could upload malware to atheistforums.org today, and your uBlock would do fuck all to prevent you from accessing it.
Quote:That's a different matter to security vulnerabilities through malware. Windows is the most targeted OS. But that's not the core weakness - the core weakness is usually Java (which is being mothballed) or Flash or a browser vulnerability or a combination thereof. Weaknesses in the Operating System wouldn't matter if web browsers were hardened in the first place. So my point again is that meaningful security enhancements can be made just by installing uBlock, either not running Flash or setting it to "ask every time", and of course not using the Java plugin.
http://beefproject.com/
Go there and read all the exploits you can use to hijack a user's browser. Java and Flash are two ways of exploiting browsers, but they are not at all the only methods. Most of the exploits there use native browser vulnerabilities.
Yes, meaningful security enhancements can be used by installing uBlock and not using Flash / Java, but don't think those will protect you completely. In targeted attacks (which many businesses suffer on a daily basis), you aren't looking at known malware, or known distribution sites, or even Flash or Java. You are looking at coordinated phishing attacks which deliver customized payloads that are undetectable by AntiVirus. The weak point of any business is the employee, and it makes perfect sense to have a security policy that tells employees that it is a disciplinary offence to visit non-approved websites.
