Stop browser leak

[Guest]

Hi,

Does NoScript protect against browser leaks? If you download the PC Flank test and use it with Internet Explorer normally it leaks over the internet when typing into message boards or even saving bookmarks:

http://www.pcflank.com/pcflankleaktest.htm

I'm able to stop this leak through Outpost firewall by blocking OLE but that function does have other purposes, for instance it's needed when installing or updating addons. So it's kind of a nuclear option.

The reason I'm asking is because the PC Flank test uses IE by default and it's impossible to test in Firefox.

[Tom T.]

If it''s designed for IE only, then I don't know what it is testing or how. I strongly suspect that it requires JavaScript, so if that script is not allowed in NoScript, then yes, you would be protected.

Try http://www.grc.com/lt/leaktest.htm
This tool mostly appears to be a firewall tester. My ZoneAlarm prevents Gibson's test unless I specifically allow it.

Can you find a way to reproduce the attack using Firefox?

[Guest]

The test is more on the firewall level and requires another program, presumably malware injecting itself and hijacking Firefox. If it required scripts though I was curious as to whether Noscript would stop it.

Interestingly the Gibson test in Windows 7 was not allowed through even though no new rule was created for it in the Windows Firewall to try and block it. The PC Flank test failed however.

[dhouwn]

This has nothing to do with where NoScript reaches.
On another note, AFAIK Firefox on Windows tries to combat some DLL injections (not all methods can be), esp. by code that does not have certain flags set (ASLR) or code that is known to cause Firefox to crash.

[Tom T.]

The test is more on the firewall level and requires another program, presumably malware injecting itself and hijacking Firefox. If it required scripts though I was curious as to whether Noscript would stop it.

If it requires scripts, and you don't specifically allow, or temp-allow, the evil scripts, then that is exactly what NoScript does -- blocks such things by default.

For example, here are two benign (safe) "exploits" designed by Giorgio to demonstrate how default-deny protects against JS-based attacks:
http://evil.hackademix.net/annoy/

Interestingly the Gibson test in Windows 7 was not allowed through even though no new rule was created for it in the Windows Firewall to try and block it.

Any proper firewall also uses "default-deny": No program may access the Internet unless you specifically allow it, either permanently or temporarily.
You shouldn't need to create a new rule to block any new program.

The PC Flank test failed however.

Sounds like an IE problem to me.

[Guest]

Thanks for the responses.

This is not a problem on XP because I use Outpost firewall to block per application ole but their newer version doesn't work very well in Windows 7, and neither does the Windows 7 firewall. So I'm going to try the Comodo free, I've read that also blocks ole hijack attempts.

Nice to know that firefox has at least some built-in protection against malicious dll injection because without a good firewall IE has none.