Avatar for Username

Pesquisar no site de suporte

Evite golpes de suporte. Nunca pedimos que você ligue ou envie uma mensagem de texto para um número de telefone, ou compartilhe informações pessoais. Denuncie atividades suspeitas usando a opção “Denunciar abuso”.

Saiba mais

Esta discussão foi arquivada. Faça uma nova pergunta se precisa de ajuda.

google safe browsing: meaning of "malicious software being downloaded and installed without user consent"

  • 5 respostas
  • 3 têm este problema
  • 1 exibição
  • Última resposta de TheOldFox

Ipoetia
Ipoetia
more options

As an example, see http://www.google.com/safebrowsing/diagnostic?site=google.com What does this phrase mean? Is it a browse-and-get-owned exploit? Is it for outdated browsers, or modern browsers too? Does it require specific vulnerable plugins to be active, such as Java?

As an example, see http://www.google.com/safebrowsing/diagnostic?site=google.com What does this phrase mean? Is it a browse-and-get-owned exploit? Is it for outdated browsers, or modern browsers too? Does it require specific vulnerable plugins to be active, such as Java?

Todas as respostas (5)

TheOldFox
TheOldFox
more options

Read the following about "drive-by downloads". Item 2 at the top of the page. User does not need to click on something on the infected page for a download to occur. Simply visiting the page is enough for the download to occur.

You can also read this (3rd paragraph under "Delivery Methods").

Alterado por TheOldFox em

Ipoetia
Ipoetia Autor da pergunta
more options

So in this case, the malware is downloaded, but not run?

TheOldFox
TheOldFox
more options

Most malware using the drive-by download method is downloaded and automatically installed or the user is fooled with some pop-up to "update" something which they may already have installed or believe that they need to install. Read the last paragraph (above "References") in - https://en.wikipedia.org/wiki/Drive-by_installation

  • A drive-by install (or installation) is a similar event. It refers to installation rather than download (though sometimes the two terms are used interchangeably).

Alterado por TheOldFox em

Ipoetia
Ipoetia Autor da pergunta
more options

Then in this case, how worried should I be about the safebrowsing numbers for "malicious software being downloaded and installed without user consent", if I am using an up-to-date Firefox with javascript enabled? What if I have flash enabled?

TheOldFox
TheOldFox
more options

Bottom line: The warning is just that - a warning.

  • If a user proceeds to a suspicious site or a site known to be malicious, it is the user's decision and responsibility.
  • The browser used and/or browser settings may or may not protect you if it is a new (zero-day) attack vector. That is the reason for frequent updates.
  • If a user proceeds and is infected with a virus, the user needs to refer to the following for assistance -

The information on the page http://www.google.com/safebrowsing/diagnostic?site=www.google.com seems a bit garbled and contradictory as it starts by saying "Of the 37966 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent" then below that listed sites that may contain malicious downloads. You will need to contact Google about that seeming discrepancy as Mozilla is not involved in visiting or analyzing those pages

I gave you the definition that you requested in your original question. If your aim is to investigate Google's methodology or reporting, then contact Google.