Relating to this vendor:
And, this specific program:
Google Chrome 7.x
|TC Tyler||Google Chrome 7|
|5th Nov, 2010 22:49|
User Since: 23rd May, 2010
System Score: N/A
I just re-installed Google Chrome, thinking that the security threat was patched. I like Google chrome, but there is still a cad 5 threat. How would one know if they were to be compromised? I have to pay bills online, is there a safe browser? on a secure website, could a hacker get my info? Out of all the millions of users, what are the chances that I am singled out for an attack. Would Norton anti virus catch it?
|TiMow||RE: Google Chrome 7|
|6th Nov, 2010 09:04|
User Since: 26th Jun 2009
System Score: N/A
Last edited on 6th Nov, 2010 09:20
Sorry - can't allay your fears, about safe/vulnerable browsers. In the real world there are some who would argue, that there is no such thing as a safe browser, even if one is reported as such.
I, too, was of the opinion that the latest Chrome update would clear the flash insecurity - especially as Adobe have patched the plug-in flash but either Secunia believe it not to have done, or they haven't amended their rules (which I doubt).
Just to clarify, I am only showing Chrome as, "Insecure, no solution", under Secure Browsing tab. If you also have a listing under Insecure, then you will need to delete the old numbered version file at source (use PSI Open folder) - but I think, from your previous posts, you are aware to this.
At present PSI is listing Firefox as Secure for browsing (green box) - I use this as default, with Chrome as a secondary option, and find it comparable, if not preferable (familiarity of use).
Sandboxes offer an added element of security against incoming nasties, but I can't be sure how it safeguards against hackers. I believe it should - but like every security program, it works, until it doesn't - then it's too late. We can only do what we can.
Here's a couple of links relating to Sandboxing - the first is an actual program (but contains a simple explanation of function), and the next two relate to what Chrome is already doing.
and info. relating to Chrome:
Computing is not yet a perfect science - it still requires humans.
|Anthony Wells||RE: Google Chrome 7|
|6th Nov, 2010 11:58|
User Since: 19th Dec 2007
System Score: N/A
Last edited on 6th Nov, 2010 12:19
|Hello TC and TiMow ,
If you look here you will see the latest Chrome versions Dev Channel , Beta and Stable (scroll down) patching all known securities :-
It states that 7.0.517.44 includes the Flash update : this covers SA42109 vulnerabilities , but is not being shown in SA42031 . See here (scroll down) :-
So the "secure browsing" accurately reflects what Secunia is reporting ; but SA42031 may be in need of updating ?!
As far as safe banking is concerned :-
You need to be sure the website is genuine ; put a safe/confirmed link ito the site in your bookmarks and always go there using it .
The site must use "https" and must confirm its certificates and must show a "padlock" of some sort in your browser . Never load your personal data until this status is showing/confirmed . If you get insecure/unconfirmed data loaded to/by the website , the url is likely to change colour (usually from green to red) you are still https secure but some data has not passed as secure .
Sandboxing is really to stop the bad guys getting to run on your PC ; they can run in the sand and so a keylogger in the box or something similar could be active until you delete the box . Plug-ins in the Chrome sandbox are not fully secure it would seem ; plus you can directly select download out of the Chrome sandbox to your PC : you cannot do that in Sandboxie for example.
For an extra level of security , you could use an anti-keylogger like the free "keyscrambler" or (free limited or pay) PrevX's "safe on line" . Trusteer" also do a (free) specific banking programme for your actual Bank .
The links I put in this thread for taffy gives more info :-
The opening paragraphs here , concerning input of your personal data to an http site , are also most illuminating :-
Bit rushed today , but something for you to cogitate over the weekend :))
It always seems impossible until its done.
|ddmarshall||RE: Google Chrome 7|
|6th Nov, 2010 12:46|
User Since: 8th Nov 2008
System Score: 98%
|A common scenario whereby your banking details are compromised is this.
The attacker tricks you into going to a website he has compromised. This could be by using a phishing email or poisoning Google search results. When you arrive at the website, it will try to exploit several vulnerabilities to download the attacker's software onto your computer. If this succeeds the attacker can do whatever he wants. Typically, a keylogger would be installed which would collect logon details and credit card details and sent them back to the attacker who would then sell them on.
You can buy a kit to set up your own business as a cybercriminal for around $1000 without any technical knowledge.
If the attacker knows what they are doing, you should be unaware of anything wrong. Antivirus software should stop this, but it depends on it recognising the software. The viruses are constantly mutated to avoid the antivirus. The attackers will test them against common antivirus programs before releasing them. The antivirus companies are always trying to catch up.
This answer is provided “as-is.” You bear the risk of using it.
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.