Extensions/add-ons is the future, software is the past

[Prorootect]

OK, I think that with the avalanche of amazing browser extensions/add-ons, the time for software solutions is over, that's the past.
Extensions/add-ons - it's the present - and the future.

What are your opinions....?

- watch this thread closely

 

[RoboMan]

Strongly disagree on this one mate. Security software can give protection system-wide. Not all threats radicate on the browser. Protecting only the browser is not the answer. Not until the browser is the system lol...

 

[Prorootect]

Strongly disagree on this one mate. Security software can give protection system-wide. Not all threats radicate on the browser. Protecting only the browser is not the answer. Not until the browser is the system lol...

No problem, my friend... But tell me, what other ways could malware take to get into the machine?
USB it's sure..., but what other ways, without direct human intervention... Through 220 volts alternative supply lines?....?
And what are the percentage of probability you think

 

[509322]

OK, I think that with the avalanche of amazing browser extensions/add-ons, the time for software solutions is over, that's the past.
Extensions/add-ons - it's the present - and the future.

What are your opinions....?

- watch this thread closely

Malicious, garbage browser add-ons\extensions are rampant. Just look at the Google Store.

 

[509322]

No problem, my friend... But tell me, what other ways could malware take to get into the machine?
USB it's sure..., but what other ways, without direct human intervention... Through 220 volts alternative supply lines?....?
And what are the percentage of probability you think

1. Users (the idiot\fool factor) - all the usual stuff like socially engineered to open that $600 million grand-prize winning email attachment from Vatican City "The Pope blesses you and your new found wealth and will help you to collect your winnings for a nominal fee of 20,000 Euros... blah, blah, blah" (I'm not making this up.)
2. OS\application vulnerabilities\exploits - to include misconfigured networking
3. Direct access to machines
4. ...
5. ...
6. ...
.
.
.

As you descend down the list from number 1, the probabilities drop-off dramatically. Users are the real piece of work that make most breaches possible, but then again, Microsoft Windows was never conceived nor designed with security as the first priority to begin with - so the dynamic duo makes for a bad combo. Average Joe is better off using Chrome OS.

Human ignorance and poor judgment always helping the bad guys in so many ways.

 

[Handsome Recluse]

Software solutions won't be gone for those who want productivity and power or for those who don't know of any alternatives. Third-world countries also don't have the connectivity to put everything on a browser.

 

[Windows Defender Shill]

Disagree

Look at the Ccleaner incident.

No browser extension would have saved you from that, or removed it later on when it was discovered to be malware.

 

[shmu26]

If it's all in the browser, then switching to a different browser = no security

 

[Tsiehshi]

Just gonna quote myself from a similar thread:

[Preventing 3rd-party apps from injecting code into Chrome] is a step in the right direction, but extensions can be even more deceptive in that the vast majority of users assume an extension must be safe as soon as it makes it into Chrome Webstore. All these efforts will come to nothing if Google don't improve their extension policy.

The Firefox store seems to be better though.

PS. There are a lot of ways to control your connection to the web without mucking around with browser contents, which is even simpler than injecting code into them. Malware can also work this way, but it's still a better practice from an efficiency standpoint.

 

[Soulbound]

Extensions: limited quality of life
Native app/software: less limited than extension counterpart, with wider range of support.

Best example: Adguard extension vs Adguard native app.

Another example: VPN extension to a browser vs Native VPN App: Extension only covers the Browser, while Native App will cover everything in the OS, i.e accessing an online game via VPN.

So no, I disagree with OP statement.

 

[Prorootect]

Extensions: limited quality of life
Native app/software: less limited than extension counterpart, with wider range of support.

Best example: Adguard extension vs Adguard native app.

Another example: VPN extension to a browser vs Native VPN App: Extension only covers the Browser, while Native App will cover everything in the OS, i.e accessing an online game via VPN.

So no, I disagree with OP statement.

Yes Soulweave, very good examples!
Another best! one: Ultrasurf chrome extension: UltraSurf Security, Privacy & Unblock VPN
and download link (top right) to the latest version on ultrasurfing.com: Ultrasurf - Top Stories
vs Ultrasurf on desktop (it's portable): from Home page: ultrasurf.us: About Ultrasurf and Ultrareach - Internet Freedom, Privacy, and Security

 

[Prorootect]

Lockdown, Tsiehshi - very good points about extensions security!
- and too Lockdown wrote: "2. OS\application vulnerabilities\exploits - to include misconfigured networking" - ah, here we have a weak point when it comes to PC security.... then we need protection against exploits
Windows Defender Shill - you're right about this CCleaner case, good example of weakness
shmu26 - each browser has its security...this depends on how much care we take

 

[Sunshine-boy]

@Prorootect UltraSurf is good!but I never found what kind of encryption they use.Do you know?!

 

[Prorootect]

@Prorootect UltraSurf is good!but I never found what kind of encryption they use.Do you know?!

YES very good, best (for me). I use it.

- automatically connected

I'm sending you a very good article about Ultrasurf, which is not biased or wrong (like sick articles from Tor website...): it's from thewindowsclub. com: UltraSurf Review: Free Proxy based Privacy Tool for Risk Blogging & Anonymous Reporting: UltraSurf Review: Free Proxy based Tool for Risk Blogging & Anonymous Reporting
... Internet censorship already exists in China where even Google is censored. Iran is building its own Internet to keep its citizens away from happenings in the world. India too makes noises, on and off, about monitoring the Internet and thereby the freedom of speech. You can see the list at the end of this post. ...
The home page of UltraSurf says that it was designed to help people of countries like China, where the Internet is heavily censored. Since they cannot get to most of the social networking sites and International news websites, UltraSurf came into existence to provide them with an on-demand proxy. Since this proxy is established each time you connect to the Internet (given that Ultra-Surf is set up as a startup program), it allows you to bypass any kind of Internet censorship – allowing you to view blocked websites. ...
It also says that though the original target of Ultra Surf was China residents, people across the world have recognized the kind of security it provides and use it to protect both their identity and privacy on the Internet.

In other words, if you use Ultra Surf to blog about anything, no authorities can find out who blogged as the IP would be different. You must, however, be using a public blogging service. In case you blog on a custom domain, it is easy for authorities to find out your identity by contacting your registrar whose information is always visible in WHOIS search.

The best thing here is that you do not have to install it. When you download it, you get it as a ZIP file. You can extract the ZIP anywhere to your hard disk and even copy it to your Pen Drive. Carry the Pen Drive to a cyber coffee, copy the software to the desktop, launch it and perform the tasks you wish to do: send emails anonymously, a blog from behind a firewall and more. ...
... read more on thewindowsclub.com...

But technical details you ask, are not published by Ultrasurf, I don't see for now...

 

[Deleted member 65228]

it's the present - and the future.

I don't agree simply because browser extensions are only one of the attack vectors IMO, and not the only important one. Win32 applications are going to obviously be one of the most prevalent however malicious URLs in general are also one massive attack vector (e.g. mainly phishing) - you can see how many new phishing websites are found daily with PhishTank alone, a majority of the submissions are usually accurate from my point-of-view. Macro's for Microsoft Office are also another important vector to remember.

Browser extensions are still a big threat, but not for all browsers I don't think. Microsoft Edge and Firefox seem to be doing quite well, and Mozilla don't have as many incidents with Firefox as Google do with Google Chrome. The Chrome Web Store is a mosh-pit for rogue extensions whereas I struggled to find one single extension on the Mozilla store which was suspicious let alone malicious, compared to the Chrome Web Store where I found about 40 in an hour (absolutely ridiculous - @Prorootect you witnessed it all because you found a ton yourself as well since we were sharing the news).

However I do believe that some changes need to be applied, especially with Google. Lately I've seen a lot of Google hitting the head-lines for various different reasons: stating that they will fight back at software developers in security by mitigating code injection by 2019; publicly exposing Microsoft for Windows vulnerabilities. Hopefully some of the time they dedicate to all of this can be devoted to keeping the Chrome Web Store cleaner for home audiences.

 

[ZeroDay]

OK, I think that with the avalanche of amazing browser extensions/add-ons, the time for software solutions is over, that's the past.
Extensions/add-ons - it's the present - and the future.

What are your opinions....?

- watch this thread closely

What about USB drives, external hard drives etc? Network threats?

 

[Prorootect]

What about USB drives, external hard drives etc? Network threats?

Which network threats, ZeroDay?...
And how can you defend yourself against them? Do you know the right software for this?

Tsiehshi wrote too: "There are a lot of ways to control your connection to the web without mucking around with browser contents..."
- It's not my ISP taking care of this? So which ways, please


Yes I wroted about USB dangerosity in the second post.

 

[Prorootect]

... and I'm glad you all disagree with me... Personally, I'm very impressed with the quality of your answers!
Really, this shows that the members of this forum are well joined together, me included - because the title of this topic and my first post were expressly provocative (sorry), to provoke intelligent responses about the software defenses, and I'm not disappointed!

Let's then continue in this way, talking about software solutions (portable software, preferably) against the dangers of web: network threats, "OS\application vulnerabilities\exploits - to include misconfigured networking"...

 

[Prorootect]

If you make the mistake typing your link address, Ultrasurf gets you out of trouble, replacing the wrong page with its Ultrasurf page!
- mistyped web addresses Ultrasurf redirect to its error page ultrasurfing.com/error/: Ultrasurf - then redirect to its ultrasurfing.com page, if your browser allow this redirect.

Privacy, Security and Freedom
The requested URL could not be tetrived, please double chcck your spelling and try again.

You can start browsing from here

Ultrasurf - Top Stories

- Very good defense. No malwares with wrong addresses.

 

[mlnevese]

Infected USB drives, infected emails received through email clients, network aware malware that spread through LAN, torrents, FTP, infected posts in Usenet, infected files through IRC, are just some of the ways you can get infected without using a browser..