I also use some extensions for safer browsing but Google’s safe browsing is pretty good left on its own product - to the extent that I wonder if addons and also web filtration by internet security suites are really adding any value
Most important layers in security setup
- Thread starter JM Safe
- Start date
I also use some extensions for safer browsing but Google’s safe browsing is pretty good left on its own product - to the extent that I wonder if addons and also web filtration by internet security suites are really adding any value
- Dec 23, 2014
- 8,142
Yes, but that can be done on Windows Home only by the reg tweak or the external configurator.
Furthermore, there are more not covered by this (PowerShell, HTA, BAT, CMD, CHM, etc.).
- May 13, 2017
- 2,487
I guess I have seen different tests than you did, including my own..
The browser clearly says, what permissions for each extension are, not based on the description, but based on what it actually asks for.
Avast released hacked CCleaner, so reputable does not really guarantee anything these days. S*** happens. Benefits overweight the risks though.
Funny thing is, that DisableCMD in HKLM also disables Windows, including Safe Mode, last time I checked it worked on Windows 10 as well.
Last edited:
Just don't open files with these extensions unless you are absolutely sure that this file is safe.
- Dec 23, 2014
- 8,142
Or you can use "Run By SmartScreen" to see such advice, for 80 file types.
You even do not have to remember them.
- Dec 23, 2014
- 8,142
There is the right way to do it, that disables CMD only for the particular account (you know it already).
But, this can disable some BATs used by Intel to autostart its gadgets. Also OneDrive uses CMD to delete leftovers after updates, and some USB hubs can use BATs, etc. So, disabling CMD have to be made by the advanced user. Furthermore, CMD without admin rights is commonly used to create/download/execute more powerful script types or PowerShell commands.
Disabling Windows Script Host script execution, MSHTA interpreter, and restricting PowerShell, will work without problems on most computers in the home environment. They are used by most of malicious scripts (over 90%).
Last edited:
- Jul 3, 2015
- 8,153
Often, a malicious script is served up in a fileless form. That's why you need to monitor or disable the interpreters themselves. The easier way to do this is with a good anti-exe program or software restriction policy.
First time readers does not learn ##### by reading all of this when user is suggested to install A B C softs to be protected, just copy whatever is said believing it's any good, brake their own systems and then come into forums and cry.
- Apr 1, 2017
- 1,760
- May 29, 2018
- 2,607
Reminds me of the oneplus forums. Oneplus releases beta build > people hurry to download it to access android p > thousands of indian people crying that oneplus broke their phone > oneplus sux
- Mar 13, 2016
- 1,298
Windows script is just one of the OS-build in script engines, but it is a start.
- May 29, 2018
- 2,607
About netcraft, it did not block some phishing sites wich bitdefender trafficlight did. Using both myself now
Do they add any value to my web browsing? Maybe not, but atleast i feel more safe
I have neither seen nor conducted any tests involving malicious extensions.I guess I have seen different tests than you did, including my own..
Most extensions related to protection ask for this permission: "Allow this extension to read and change all your data on websites that you visit".
If an extension has this permission and goes rogue, everything in your browser is compromised.
True, but the CCleaner incident was a unique case. It's not reflective of a wider trend. On the other hand, extension developers who's extensions have high-level permissions and sizeable user bases get monetary offers by potentially malicious actors all the time.
I'm not suggesting dumping all extensions, I'm just saying to err on the side of caution in regards to them. They're an infection vector too few people think about.
- Dec 23, 2014
- 8,142
The problem with scripts is that they can be run after opening/playing many other files.
So, even if you do not open HTA, CHM, JS, or VBS files at all, then there are many other file types (documents, templates, several types of shortcuts, media files, etc.) which can run scripts or the script code by using VBA macros, exploits or directly (like shortcuts with command lines).
Some scripting engines can also run scripts with any file extension (MSHTA, WScript).
For example the commandline "mshta c:\somefolder\malware.fake", can run the JavaScript code from the malware.fake file (renamed malware.hta file).
Last edited:
+1, not saying ADS and other oneliners.The problem with scripts is that they can be run after opening/playing many other files.
So, even if you do not open HTA, CHM, JS, or VBS files at all, then there are many other file types (documents, templates, several types of shortcuts, media files, etc.) which can run scripts or the script code by using VBA macros, exploits or directly (like shortcuts with command lines).
Some scripting engines can also run scripts with any file extension (MSHTA, WScript).
For example the commandline "mshta c:\somefolder\malware.fake", can run the JavaScript code from the malware.fake file (renamed malware.hta file).
Yes I know. However harden your OS to disable file associations with those extensions is not a bad idea.The problem with scripts is that they can be run after opening/playing many other files.
So, even if you do not open HTA, CHM, JS, or VBS files at all, then there are many other file types (documents, templates, several types of shortcuts, media files, etc.) which can run scripts or the script code by using VBA macros, exploits or directly (like shortcuts with command lines).
Some scripting engines can also run scripts with any file extension (MSHTA, WScript).
For example the commandline "mshta c:\somefolder\malware.fake", can run the JavaScript code from the malware.fake file (renamed malware.hta file).
Yes, they add value to your security against phishing and malicious sites.
Yes, but atleast I am protected against not fileless malicious scripts.
As I replied to @Moonhorse they add a great value to your security.
- Dec 23, 2014
- 8,142
Yes, for users who are going to run script files by themselves (casual users). Yet, this kind of protection can be bypassed when the script is run by opening documents, media files, or shortcuts. Disabling the second possibility is not easy. The stronger script blocking can be done by blocking the script interpreters by hash. The other way (not recomended) is blocking script engine DLLs.
Similar threads
