NIS2008 - antiphishing protection in action?

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

good evening mike, what you're dealing with below is a browser exploit rather than a phishing site. in this case, we will block the exploit when we detect it, which you noticed when you visited the website with IE7. i agree that the alert is pretty unobtrusive-- it was designed not to get in your way but perhaps we did too good a job on this one!

 

anyways, we call the technology behind this "browser protection" and it blocks all sorts of browser-based attacks, but we use a separate technology in the toolbar for antiphishing.antiphishing kicks in when you visit a suspected or known fake site-- it doesn't really deal with exploit sites such as the one you note below. this is the domain of browser protection. so this is a long way of saying that antiphishing is working fine, as is browser protection, they just do their jobs a little differently. does this make sense?

 

--dave

Besides that Firefox is probably earlier in detecting because it is the browser

Hi Dave,

 

Thanks for clarifying this - you explained a complex issue very well.

 

I've not seen NIS2008 fire off an angry shot at a web page.  When it did ... cool! 

 

But such a little teeny notice <g>  I'd have thought it warranted a trumpet call or big assed sign telling me "Dude.  We just saved your **bleep**!" 

 

Wonder how many NIS customers have ever seen what happens when they come across a grub site ... or the consequences of having no protection.  The little wee notice is appropriately understated and professional looking - anything else might generate hordes of frantic support calls.  Pity you can't blow your own trumpet a bit.

 

I'm always thrilled when something saved my a lot of grief.  The wee notice saved me about 10 times the cost of NIS2008 - minimum - great return on investment.  

 

Bottom line is it works and works well.  Can't argue with that.

 

As for the different behaviours in the browsers ...

 

Browsers parse web code slightly differently - otherwise everything would look and behave precisely the same and they don't.  In my little test (one test is a nonsense sample size), IE did not make a noise to the threat but this is not the same as saying it did nothing or would have done nothing.  It may have not had any need to act because NIS acted first.

 

I'll check around on MSDN to see if there is anything significant about IE ... although there is probably no point.  IE 8 will be out some time soon.  I think the difference in result was caused by the way each browser parsed the code as it came in ... FF may have picked up the site from a list (google - **bleep** fast search algorithmns) or good heuristics that closed the door as soon as something began to look problematic.  IE *may* have gotten around to alerting me of the problem at some point (sans problem code) but NIS stepped in first. 

 

Problem resolved ... may want to keep a copy of the images for future reference.  Each involved the same problem site and showed NIS firing as well as FF doing its thing.  The liitle window does not hang around long - easy to miss.

 

Thanks again.

 

 

 

 

 

 

Hey ... I'm not swearing <g>

 

I'm an Aussie!  Swearing is a national sport.  But I swear i was not swearing here <g>

mike, i'll take back your, uh, suggestion for alternate alert text :-) i think our development team would prefer your version (but it would give our PR team a little heartburn to say the least!) regardless, i agree that we are being a little *too silent* when blocking.

 

wrt the timing differences b/w browsers, i believe the reason you are seeing it in FF before via NIS is that FF is working off a blacklist of exploit sites, likely delivered via Google and the StopBadware initiative. i could be wrong, but i think this is the case. thus they are preventing you from advancing to the site, while we allow you to visit the site, but block the exploit. there are advantages to both approaches (e.g. blacklists block the site, but tend to get outdated quickly) and you will see some changes from us in this area in the not-too-distant future.

 

--dave