Malware protection
By Huib Kleinhout. Friday, 6. June 2008, 13:30:56
If you're using the latest build, then browsing just got safer!
Since 2006, Opera has featured Fraud Protection, which protects you against phishing pages, and not too long ago we upgraded the backend part of it to provide even better protection using data from Netcraft, widely regarded as the best performing protector against phishing.
In collaboration with security experts Haute Secure we're now proud to announce the newest functionality to our Fraud Protection feature; Malware protection.
Since 2006, Opera has featured Fraud Protection, which protects you against phishing pages, and not too long ago we upgraded the backend part of it to provide even better protection using data from Netcraft, widely regarded as the best performing protector against phishing.
In collaboration with security experts Haute Secure we're now proud to announce the newest functionality to our Fraud Protection feature; Malware protection.
Everybody knows that there's more to watch out for on the Web than just phishing. Malware, in every imaginable shape and form, has exploded over the past few years. Viruses have been a problem for decades, and worms can in large part be blamed for the millions of spam messages people receive every day. But as the Web has evolved, so has its usefulness to crackers, and today malware on the Web is a major concern. Drive-by downloads using browser and plugin exploits are scary, and so is the creative social engineering that is used to make users download something innocent-looking, which in fact is malicious code that will harm your computer and/or steal your private information.
This is where malware protection comes in. While it is still important to maintain an up-to-date antivirus installed, Opera now offers an additional layer of protection, and will warn when you try to open a page that is known to contain malware, the same way it does when you try to access phishing sites.
Users already familiar with Haute Secure's popular anti-malware toolbar for other browsers already know how useful and important this is, and now, we have the same level of protection built directly into Opera, with a familiar interface.
Protection against malware will be enabled for everyone who has Fraud Protection enabled, and is live as of this post. If you would like to see it in action, grab the latest build and go to www.verybadsite.com to test it. We will soon be adding the ability for users to report new malware pages that are not yet detected, contributing to the "community watch" effect Haute Secure has been building since 2006.
Enjoy, and stay safe!
WIDGETIZE
Andrew Nguyen # 6. June 2008, 13:59
lamarca # 6. June 2008, 14:13
EricJH # 6. June 2008, 14:16
Mateusz # 6. June 2008, 14:22
Nico # 6. June 2008, 15:03
porneL # 6. June 2008, 15:05
But is it going to always redirect to hautetest.com or such? I'd rather have original URL in the addressbar.
babox # 6. June 2008, 15:12
lamarca # 6. June 2008, 15:15
Luchio # 6. June 2008, 15:24
I thought that fixing vulnerabilies was priority #1 at Opera. I'm not so sure anymore...
Indeed. Do you admit such vulnerabilies are available in Opera? If not, then why would we need such "prevention" for something that is not supposed to exist? I understand protection about phishing, but this is not what this is about.
rseiler # 6. June 2008, 15:28
Here's what I'd like as options: An "Ignore forever" button -- "Ignore" somewhat misleadingly only holds for that session.
Also, a way to send a note to Netcraft/Haute Secure (whichever it is) disputing the status of the site.
Ednilson Maia # 6. June 2008, 15:42
Andrew # 6. June 2008, 15:52
Zafer ARICAN # 6. June 2008, 15:56
http://hautetest.com/opera/index.aspx
in the malware warning page instead of the
malicious site URL itself.
The example snapshot above shows
"http://verybadsite.com"
?
Juan Francisco Giordana # 6. June 2008, 15:57
Christer Mjellem Strand # 6. June 2008, 15:59
lamarca: The warning text for phishing and malware is different.
Luchio: Security in general is priority #1 at Opera. That not only includes fixing vulnerabilities (which we will certainly continue to do!), but also making sure to protect users who haven't yet upgraded, or when an exploit is so new that a security release isn't even available yet.
Exploits can happen with *any* software, Opera is no exception. While I don't know of drive-by downloads targeting Opera today, anything is possible. And please note that there's a difference between drive-by downloads using a security exploit, and drive-by downloads abusing a generally flawed security model..
rseiler: The dispute option is already there, you can find it in the Page Info dialog. When you encounter a page that is bad, it will change to allow you to dispute a site.
iainmulholland # 6. June 2008, 16:01
@Babox - because of the great partnership we have now with Opera, you don't even need to download anything from us to get our protection - it's built right into Opera 9.5. But your comment has made me realize we should call that out on our download page now - we should point people interested in Opera support straight to the Opera 9.5 download.
@porneL - we're still doing some final integration with the Opera team and i don't expect us to always be redirecting to hautetest.com (which is as you can probably guess, our test site)
@rseiler - we're working hard on integrating Opera into our existing process for disputing a site that has been incorrectly flagged. This is a really important feature for us because often the community is seriously fast at alerting us to these issues.
Christer Mjellem Strand # 6. June 2008, 16:02
arzafen: The example snapshot has actually been photoshopped
It was made before the test site went live.
Moro Tatoi # 6. June 2008, 16:44
Andres # 6. June 2008, 16:45
Emperor Darius # 6. June 2008, 17:00
rseiler # 6. June 2008, 17:19
Originally posted by yitzhaq:
You mean "More info," as shown in your screenshot above? That doesn't show up on sites marked as "fraudulent." Note that if there was a permanent whitelist function, I wouldn't need to dispute it.
masterofopera # 6. June 2008, 17:19
One of my greatest wishes is heared!
(place 2 after forcing Micro$oft to put Operainto a standard
windows installation)
(one of mannnny wishes)
see here: http://my.opera.com/community/forums/topic.dml?id=195589
The "Saturday, 1. March 2008, 21:46:08, edited Sunday, 2. March 2008, 05:41:21" post
Edit: improvement:
Opera team, your warning sign should have
a VIRUS-symbol for Virusses/trojans, Backdoors/bots ... .
A Spy symbol for Spyware.
A AD symbol for adware.
A thief/steal-symbol for phishing... .
-> everyone (eaven illiterate) knows by the intuitive symbols
instant the kind of danger.
Annoynimous # 6. June 2008, 17:29
It tries to ban my own homepage and all *.nm.ru with no way to change it.
Beeing even more restricted ? Would it make most used feature of Opera beeing disabing this protection ?
Andrey Petrov # 6. June 2008, 17:39
Andres # 6. June 2008, 17:41
Originally posted by masterofopera:
+1
Devs, people doesn't read, people just want their funny content on web pages, so if you put that message, a lot of people wont mind of what is written there. example, take a teenager and put a fraudulent site bewteen that 16 y/o boy and a kind of sexual related content, even if you put that red message, he won't read, he will try to go to the site anyway so the warinng must be more graphical, people must get the idea in a fraction of a second. We're talking about security !
Be sure that the only text that teenager will read is: "ignore this warning"
John Barnett # 6. June 2008, 17:48
WOFall # 6. June 2008, 18:42
Originally posted by masterofopera:
+1
Originally posted by andresruiz:
Hey, don't stereotype!
porneL # 6. June 2008, 19:02
Does it matter? It's all garbage. Just make sure the warning is clear that's a fault of the site, not browser error/communication error or virus infection that already happened.
Pierre # 6. June 2008, 19:33
I hope Hautesecure does'nt use, like Mozilla do, Google's database to block "malicious site"...
Google seems to use unpatched Internet Explorer inside virtual Windows machine to detect malware sites (causing Drive by download)
http://research.google.com/archive/provos-2008a.pdf
Are Hautesecure black-lists more reliable and can really block specific Opera harmfull sites ?
Did Opera really need a such virtual security feature ?
Steve Darken # 6. June 2008, 19:51
Originally posted by masterofopera:
+1, excellent move!
Kyle Baker # 6. June 2008, 21:19
lamarca # 6. June 2008, 21:30
Originally posted by yitzhaq:
i mean the warning box which prompts. they are similar. malware ........ phishing
Bruno Casano # 7. June 2008, 00:17
Keep up the good work, or how I say in spanish, SON GROSOS, SIGAN ASI !!!
I agree to do something prittier or less ugly for the warning prompts, perhaps something like Firefox 3 warning pages, but less Firefox too
NOTE:
While I was writing this, I found a bug in the password manager (wand). I had 2 different wand entrys for this page (sign in to write a comment). But I knew one of them was wrong, so I deleted the two of them, and then the colored edit box (enabled when a wand entry exist for this page) was still there, and I just have erased my two entrys.
I LOVE THE NEW SKIN AND I WOULD LOVE TO SEE IT MORE POLISHED:up:
Bruno Casano # 7. June 2008, 00:26
[img]http://img236.imageshack.us/img236/2906/dibujohy8.th.jpg
I see the wand like if there were any password remembered, but there isnt any.
Hope this helps !
UPDATE: I found that the mouse does not change while putting the cursor over a link/image, like the one I posted in here.
Other thing I would like to see is GMAIL 2.0 support !
Now I say good bye, and keep the great work you're doing !!!!
sebt # 7. June 2008, 02:39
"Ignore this warning" should be replaced by a button (could have continue on it although I'm not sure about that). The "go to homepage" button should be underneath it, and could have "close tab" written on it instead (those who like their homepage can have it when they open a new tab anyway). Better, because the user then dismisses the erroneous session and is discouraged from going "back" to the problem sites.
Finally, you should only see this once. Clicking Ignore/continue should then disable further warnings for the same site. A cascade of warnings (the current behaviour with verybadsite eg) will likely alienate users into pressing ignore repeatedly, defeating the whole object.
Just my 2p. Great feature for the average user tho, another first for Opera!
Seb
blinkybill # 7. June 2008, 03:01
I think the new Malware Protection feature
in Opera is great. I was only commenting last
week about this feature being in Firefox 3.0
and was hoping Opera would implement it.
Are there any test sites where we can go to
see it in action besides the one listed above.
cheers
blinky
Kyle Baker # 7. June 2008, 08:08
We may have the malware feature that they are offering, but that's not enough! we need more!
http://people.mozilla.com/~beltzner/overview-of-firefox3.swf
Mladen Pejaković # 7. June 2008, 08:55
Originally posted by juangiordana:
Amen, brother!
EricJH # 7. June 2008, 13:09
Originally posted by sebt:
+1CogitoErgoSum # 7. June 2008, 13:17
Out of curiosity, how does the HS implementation within the Opera 9.5 beta compare with those of Internet Explorer and FireFox? Complete or partial functionality(soft sandbox, behavioral heuristics, behavior/process monitors)? Thanks in advance.
Peace & Gratitude,
CogitoErgoSum
Annoynimous # 7. June 2008, 17:22
for example my one: http://arioch.nm.ru
Opera 9.27.8841/Win32 loads page, then instantly replaces it with opera:fraud-protection :-(
Andrey Petrov # 8. June 2008, 01:17
hermanr # 9. June 2008, 14:52
The warning basically tells the user that the page will try to place malware on the computer. To do so, it may exploit a bug in the browser, some plugin, the Operating System or the user.
Exploiting the user is called "social engineering". Upgrading all the users is a hard problem. It's also tricky to detect whether they are susceptible to certain kinds of deception. When the software is pretty solid, the user becomes the most common point of attack. So the defense measures must address the user.
There are also so-called 0-day exploits which are unknown to the software vendors until they get exploited in the wild. If that happens to Opera, it would benefit the user if the malware warning service provided an early warning. Such outbreaks need fast counter-measures, so fast that an upgrade can not be rolled out fast enough.
iliiad NTRVN # 10. June 2008, 06:34
Kristoffer # 10. June 2008, 10:15