查看: 10144|回复: 46
收起左侧

[原创] 诺顿浏览器防护:防止您受到各类网页攻击的利器(原创翻译)

  [复制链接]
老佳
发表于 2010-10-7 17:26:58 | 显示全部楼层 |阅读模式
本帖最后由 老佳 于 2010.10.7 19:02 编辑

诺顿浏览器防护
在我们的诺顿防护产品中有一项鲜为人知的功能:它可在您网上冲浪之时为您提供免受攻击的防护。我们将此功能称之为诺顿浏览器防护。接下来我希望花几分钟时间来向大家分享它是干什么的以及为何我们坚信当您在网上冲浪时,它能够成为至关重要的防护组件之一。

浏览器防护针对了哪些问题?
当考虑到每天您会在网上冲浪多久的时候,我敢打赌您在此花费的时间远远长于五年前的时候。当我们越来越多的活动融合到了网际空间时,我们发现我们自身对于网页浏览器的依赖程度在增加,我们使用网络浏览器进行,网站访问,购物,支付账单以及社交互动。不幸的是,这将为网络犯罪带来了新的机遇。以下两种情况恶化了该问题:

1)仅恶意网站悬挂恶意代码的时代将不复存在。以往,如果您与因特网的黑暗地带划清界限(例如:成人站点或者提供盗版软件的站点),您可能会大幅减少被恶意软件在线攻击的可能性,如今,这样的情况将不复存在。在通常情况下,每天和我们发生交互的站点开始日愈复杂,而且,当大型企业拥有足够的资源来洞察它们的网页操作安全性之时,小型企业并不会这样做。就比如您附近的匹萨店或者邻近的学校网站,您会在一个固定的时期里和诸如此类的网站进行沟通,并且并不希望它们向您传播恶意软件。但是现实却差强人意。您如何能够确信它们并没有被网络罪犯所攻击呢?在意识到这些站点通常不会被全面防护之后,网络罪犯会主动搜索这些站点并且查找他们能够攻入的漏洞。一旦攻入(该活动与以往容易被捕获的黑客攻击不同)之后,他们不会宣布他们的存在,相反地他们会在该站点里,用于和用户交互的位置上偷偷地植入恶意代码。换个说法便是,使用了如此鬼鬼祟祟的手段,您附近的匹萨店老板将永远不可能获悉他的网站已经被黑客侵袭。

2)我们PC上所使用的软件已经日趋复杂。关于该问题的另一方面则是日趋复杂的PC。我们都是用一种被称为"网络浏览器"的软件来进行网上冲浪。然而一个单纯的网络浏览器并不仅仅包含这个功能。如今的浏览器已经进化成了一个包含大量可被定制组件(各类插件)的结合体,它们允许我们进行更丰富的网络交互动作比如欣赏电影或者自动呈现PDF文档。令人惋惜的是,这些复杂的功能极大地增加了软件错误的可能性,而且,即便是您没有点击或者从该站点上下载任何文件,很多此类的错误(通常被称为漏洞)会允许攻击者在您的系统中植入恶意代码,就如同您访问了被篡改的站点一样。当然,软件厂商们会快速发布补丁来修复这些错误,但现实是:我们中有多少人会保持浏览器(已经内部所有插件)最新呢?我们的数据告诉我们多数用户并不会这样。实际上,在每天访问该站点(Norton Protection Blog)的人群中,即便IE8已经推出了1年之多,仍然有超过20%的用户正在使用IE6。

以上便是您在网上冲浪的时候所面临的两个易被攻击的因素。

那么,我们的解决方案是什么呢?
我们的入侵防护系统是该问题的解决方案之一。我曾经在上一篇博文中介绍过。在很多场合,它能够通过当数据进入您本机的时候,监控HTTP网络传输的方法来试图减轻浏览器软件漏洞。然而,网络罪犯正尝试将攻击隐藏并试图用过其他方法来使它们的攻击行为变得难以辨别。

预知了此类威胁趋势之后,在这些年里我们已经在技术上做出了投资,以此来增强一些广受欢迎的浏览器的防护能力。该技术称之为诺顿浏览器防护。它会在你网上冲浪之时监控您的网络浏览器,并通过从远程站点来挖掘您浏览器中的已经软件错误(漏洞),来探测注入您PC中的代码。和重点检查网络传输数据的IPS不同,诺顿浏览器防护坐落在浏览器内部并监控所有在您屏幕上显示的页面。这使隐藏恶意代码变得更加困难。

关于该功能的一个好消息是:诺顿浏览器防护技术基于签名引擎。这意味着当您在升级病毒定义(诺顿产品每天都会自动帮您多次升级)之后,您同样会获得签名更新来防护新发现的浏览器(以及插件)错误(漏洞),从而防止浏览器被攻破。这些签名能够防止严重的漏洞,并且,仅一条签名就能够防护数以千计的恶意软件变种甚至包括了我们从未遇见的新型变种!我们的安全响应中心团队是基于7*24小时来监测位于浏览器以及插件中的新型变种。所以,即使您对于系统补丁,保持计算机软件最新并不在意,您依然可以安全的进行网上冲浪,因为诺顿浏览器防护正在为您提供保护。

关于性能,当我在网上冲浪的时候它会影响速度吗?
不会,诺顿浏览器防护的一个优点在于,它为您提供的是真正的攻击防护。它仅对含有漏洞的系统和浏览器(也就是说:它重点防护那些已知软件漏洞并且尚未及时安装补丁)发生作用。如果您的系统已经对某个漏洞安装了相应的补丁,诺顿浏览器防护并不会对它产生作用。这保证了在安装了所有补丁的系统上应有的性能。

当浏览器防护阻止了某个攻击的时候,会发生什么?
在多数情况下,浏览器防护仅过滤某个页面上的异常部分,并允许该页面其余部分正常显示。这允许您仍然可以访问被处理后的页面(举个例子,您当地的匹萨店或者邻近学校网站),然而,恶意部分将被从您的计算机中移除。您会看到一个弹出窗口,它会告诉您诺顿浏览器防护已经将您保护在了一个安全的环境下。在其他场合下如该站点被大量侵入,诺顿浏览器防护会将您带入一个警告页面(如下图所示)。



这向您提供了一个是否决定继续浏览被侵入之页面的机会。在一些极少的情况下,当远程站点被高度破坏的时候,诺顿浏览器防护可能会即刻终止您的本地浏览器来保证您的安全。

从诺顿浏览器防护中我们看到了怎样的结果?
根据我们的统计,诺顿浏览器防护在过去12个月里阻止了近2千5百万次发生在我们用户边的攻击。而且,它在提供防护的同时,也保持了诺顿用户们所期望的性能。我们将持续监测威胁蓝图,查找新的浏览器中的软件漏洞,从而保证诺顿浏览器防护与时俱进,来防护对于这些漏洞的攻击。

结语
至此,在过去三年里,诺顿浏览器防护已经成为我们NAV/NIS/N360产品的一部分。它对当今最流行的网络浏览器IE/火狐提供了防护,而且正如我们的客户(就比如您)需求的那样,我们正在持续为更新的网络浏览器添加支持。如果您对此技术有任何问题,请留言,我将十分乐意提供更多的细节资料。

评分

参与人数 4经验 +30 魅力 +1 人气 +3 收起 理由
冲冲 + 1
qiuzhengru + 1 辛苦了。
rok827 + 1 support my honey!~
江湖的fans + 30 + 1 版区有你更精彩: )

查看全部评分

老佳
发表于 2010-10-7 17:28:34 | 显示全部楼层

原文内容

以下内容转自http://community.norton.com/t5/Norton-Protection-Blog/Norton-Browser-Protection-Protecting-you-from-web-attacks/ba-p/292218
Norton Browser Protection​: Protecting you from web attacks
by Ameya on 09-15-2010 01:18 PM - last edited on 09-15-2010 03:09 PM

Norton Browser Protection      
One of the lesser known capabilities in our Norton protection products is a feature that protects you from attack when you surf the web. We call this feature Norton Browser Protection and I thought I’d spend a few minutes sharing with you what it does and why we believe it has become a critical part of protecting you from attack as you surf the web.


What’s the problem that Browser Protection addresses?
Well think about how much time you spend surfing the web every day. I bet it’s a lot more that it was five years ago. As more and more of our activities migrate into cyberspace, we find ourselves increasingly relying on a web browser to surf sites, to shop, to pay our bills and to interact socially. This has unfortunately created a new opportunity for cybercriminals. Two things contribute making this a big problem:

1)      It’s no longer just bad sites that serve up malicious code. While it used be that if you stayed clear of the darker corners of the internet (e.g. adult content sites or sites offering pirated software) you were far less likely to encounter malware online, today that is no longer the case. The regular day to day websites that we all interact with have become more and more complex, and while large corporations have sufficient resources to oversee the security of their web operations, typically smaller sites do not. Consider your local pizza shop or neighbourhood school website. You may interact with such sites on a frequent basis and certainly wouldn’t expect them to infect you with malware, but the reality is that today they just very well might. How do you know they have not been compromised by a cybercriminal? Realizing that such sites are often poorly protected, cybercriminals actively search out such sites looking for weaknesses to find their way in. Once inside (unlike the highly visible hacker attacks of yesteryear) they don’t announce their presence, but stealthily install malicious code which sits there attempting to infect the visitors of the compromised sites, in other words you and me. Think about it, using such stealthy techniques, the local pizza store owner never even knows their site has been compromised…

2)      The software we use on our PCs has gotten ever more complex. Adding to the problem is the growing complexity of our PCs. We all use a piece of software called a web browser to surf the web, but the simple web browser is no longer just that. Today’s browser has evolved into a multitude of moving parts (including many plug-ins) that enable you and I to engage in rich web interactions such as viewing movies and automatically rendering PDF documents. Unfortunately complexity brings with it a higher likelihood of software bugs and many of these bugs (called vulnerabilities) can allow an attacker to inject malicious code into your system simply as a side effect of you simply visiting a compromised website, even if you don’t click or download anything from that side. Of course software vendors are quick to release patches to fix these bugs, but realistically how many of us are diligent enough to keep our web browser (and all of the plug-ins) patched and up to date. Our data tells us that many users don’t. In fact of the visitors that visit this website each day, more than 20% are still using Internet Explorer version 6, yet version 8 has been available for over a year now.

Together these two factors have increased the likelihood that you will come under attack as you surf the web.

So what’s our solution?
Well our Intrusion Prevention System (IPS) is part of the solution. I wrote about this in a previous blog entry. In many cases it can spot attempts to leverage software bugs in the browser by just watching the HTTP network traffic as it enters your machine. Cybercriminals however are learning to hide their tracks and are starting to go to great lengths to obfuscate their attacks.

Anticipating this trend in the threat space, over the last few years we have been investing in technology to strengthen the defences of popular browsers. This technology, called Norton Browser Protection, watches your web browser as you surf the web and looks out for attempts by remote web sites to exploit known software bugs (vulnerabilities) in your web browser to inject code onto your PC. Unlike our IPS which focuses on examining network traffic, Norton Browser Protection sits inside the browser and watches each webpage as it is displayed on your screen. This makes it much harder to hide the malicious code.

The nice thing about this is that, Norton Browser Protection technology is signature driven. This means that when you update your Antivirus definitions (which our Norton products do automatically for you many times throughout the day) you also get updated signatures to prevent against any newly discovered bugs (vulnerabilities) in your web browser (and plug ins) from being exploited.  These signatures protect against the underling vulnerability and just one signature can protect against thousands of variants of malware including ones we have never seen before!  Our security response team monitors for new vulnerabilities in browsers and browser plug-ins on a 24x7 basis. So even if you are not good about patching and keeping the software on your PC up to date, you can still surf the web safe in the knowledge that Norton Browser Protection is looking out for you.

So what about performance, will this slow me down as I surf the web?
No, one nice advantage of Norton Browser Protection is that, it protects against “real” attacks. It only applies its defences to vulnerable systems and browsers (i.e. it focuses on monitoring known software bugs that have not yet been patched). If your system has been patched for a particular vulnerability, the Norton Browser Protection does not block attempts to exploit it. This ensures higher performance on fully patched systems.

What happens when this Browser Protection blocks an attack?
In most cases Browser Protection filters only the malicious portion of a web page, while allowing the rest of the web content to be displayed without change. This allows you to still access a compromised website (e.g. your local pizza store or neighbourhood school website) but it keeps the malicious content off your machine. You will see a pop-up letting you know that Norton Browser Protection has kept you safe. In other cases where websites are highly infected Norton Browser Protection will take you to a warning page (like the one shown here).



This gives you the opportunity to decide for yourself whether you want to continue browsing the infected website.  In a few rare cases, where the remote website is dangerously infected Norton Browser Protection may have to abruptly terminate your local web browser to ensure your safety.

What sort of results are we seeing with Norton Browser Protection?
Based on our statistics, Norton’s Browser Protection has prevented close to 25 Million attack attempts on our users over the last twelve months and it did this while still maintaining the high performance protection that Norton users have come to expect. We’re continue to monitor the threat landscape looking for new bugs in the browsers that we all use and keep Norton Browser Protection updated to protect against attempts to exploit those bugs.

Conclusion
So there you have it. Norton Browser Protection has been a part of our NAV/ NIS/ N360 shipping products for the last three years. It’s available today for the most popular browsers like Internet Explorer and Firefox and we are continuing to add support for newer browsers as our users (like you) demand. If you’ve any questions about this technology, drop me a note and I’ll be happy to provide more detail.


江湖的fans
发表于 2010-10-7 17:30:36 | 显示全部楼层
感谢老佳提醒

很好的帖子

RQ更好
will
发表于 2010-10-7 17:32:22 | 显示全部楼层
本帖最后由 will 于 2010.10.7 17:36 编辑

地板  我凹凸了

话说,浏览器防护,个人觉得AVG的LS真的不错!
PS. 墙裂鄙视某版主灌水
wsn110
发表于 2010-10-7 17:33:37 | 显示全部楼层
本帖最后由 wsn110 于 2010.10.7 17:35 编辑

[:26:]老佳我来看看你翻译的作品。
bao_moge2002
头像被屏蔽
发表于 2010-10-7 17:49:32 | 显示全部楼层
回复 1楼 老佳  的帖子


    来看老家的铁壳,拆掉铁壳,换上ZA,安全更无优
粉嫩小弟
发表于 2010-10-7 18:01:50 | 显示全部楼层
本帖最后由 masquerade 于 2010.10.7 18:04 编辑

便

评分

参与人数 1人气 +1 收起 理由
皇甫暮云 + 1 算你狠

查看全部评分

老佳
发表于 2010-10-7 18:07:40 | 显示全部楼层
回复 7楼 masquerade  的帖子


    话说,乃的参观费捏?反打劫![:27:]

评分

参与人数 1人气 +1 收起 理由
粉嫩小弟 + 1 老佳,犒劳一下乃。。

查看全部评分

chenyilong58
发表于 2010-10-7 18:10:59 | 显示全部楼层
又不支持谷歌.....
BitDefender
发表于 2010-10-7 18:11:05 | 显示全部楼层
占位 已经木有位置了
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-27 19:04 , Processed in 0.134215 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表