本帖最后由 sniss 于 2010-11-29 16:45 编辑
写在前面:从BitDefender的某一环设置出发,简单阐述一下cookie Control的重要性。
What is a cookie?
At http://www.microsoft.com/info/cookies.mspx you can learn overview of what cookies represent: very small text files placed on the hard drive by a web server. They are essentially your identification cards, and cannot be executed as code or deliver viruses. They are uniquely yours and can only be read by the server that gave them to you. For example, a web based email service (such as Yahoo!, MSN or the like) uses cookies for identification purposes (the option “Remember me on this computer”). More information on what cookies can do and how to accept/deny sending and receiving cookies are available at the above mentioned location.
How can a cookie threaten a computer?
A cookie itself cannot harm the computer, as it does not and cannot hold code (therefore the cookie cannot perform an action itself). However, the cookie can support (help) malicious actions to be taken on the respective system. Even more, being a plain text file, they are vulnerable, meaning that they can be “harvested” by other applications.
Why is it necessary to scan cookies?
As already mentioned the cookies themselves cannot harm the computer. However they can contain certain information to lead a possible attacker to the respective computer. For example: we will consider that an attacker releases a Trojan in the wild in order to gain control over several computers. This Trojan’s payload contains in dropping a Backdoor (to open a port), changing the homepage of the browser and placing a “malicious” cookie in the browser’s cookie area. When the unsuspecting user launches the browser, then it automatically connects to the new homepage (namely the attacker’s website). Once this is done, the malicious cookie is being read and the attacker becomes aware of the fact that the computer is infected. By knowing this, it becomes a piece of cake to take over the computer using some exploits or the open port.
Let’s say that the user becomes aware of the infection and manages to remove the Trojan and the Backdoor from the computer. However, if the cookie remains on the computer, it can supply information again to the attacker if the user “manages” to access the untrusted web page again. The computer is therefore exposed once again to a possible attack.
As explained in the above scenario, the cookie is used to provide information about a computer but it is not responsible with the attack itself.
Other type of malicious attacks using cookies
A similar case is represented by the fact that cookies are vulnerable to third party attacks. Lately, the virus analysts discovered exploits (Internet Explorer, Mozilla Firefox, JavaScript) that allowed an attacker to harvest information from cookies using either different cookies or the so-called spyware software (for example login information for different servers the customer might use).
Conclusion
When talking about cookies it’s important to know how to protect cookies from other cookies or applications or how to protect a computer against cookie attacks. Due to the fact that cookies are necessary for browsing or the fact that the cookie traffic is invisible to the computer user, a “cookie control” module is needed to help the user. BitDefender Internet Security detects both viral and spyware attacks using the signature based mechanism. This feature is included in the default configuration of the product so that the customers are not required to perform further actions for this matter. 1.什么是cookie ?
在http://www.microsoft.com/info/cookies.mspx中您可以了解到cookies代
表什么:它是非常小的文本文件通过Web服务器下载到硬盘上。它们仅仅是你的
身份证,无法执行代码或传递病毒。它们只属于你,只能被为你提供服务
的服务器所读取。例如,一个基于Web的电子邮件服务(如雅虎, MSN或类似
服务器)使用Cookie用于识别的目的(选择“记住我在这台电脑” )。
cookie可以做的更多信息和如何接受/拒绝发送和接收cookies,可以在上述
网址中找到。
2.一个Cookie怎么能威胁到电脑?
一个cookie本身不能损害电脑,因为它没有能力,也不能运行代码(因此在
Cookie自己无法执行一项行动) 。然而,在各自的系统中Cookie可以支持
(帮助)恶意程序的执行。更有甚者,作为一个纯文本文件,它们是脆弱的
,这意味着它们可以被的其他应用软件所“获取”。
3.为什么要扫描cookies?
如述的那样Cookie本身不能损害计算机。但是它们可以包含一定的信息,可
能会导致一个黑客来到各自的计算机上。例如:我们会认为黑客发布木马在
野生环境中,以便控制几台电脑。该木马的有效载荷包含在投放一个后门(
打开一个端口) ,改变了浏览器的首页和放置一个“恶意”的Cookie在浏
览器的Cookie区。当不知情的用户打开浏览器,然后它会自动连接到新的首
页(即攻击者的网站) 。一旦做到这一点,恶意Cookie是正在被读取并且
黑客知道到这个计算机被感染了。通过了解这一点,就很容易用的一些漏洞
或开放的端口接管电脑。
但是,如果用户察觉到感染并删除计算机中的木马和后门。但是,如果这些
Cookie仍然在计算机上,如果用户再次打开不信任网页,它可以提供资料给
黑客,。因此,电脑再次暴露并遭受可能的攻击。
正如在上述情况,cookie是用来提供有关计算机的信息,但它是并不负责它
所受到的攻击。
4.其他类型利用cookie的恶意攻击
用一个类似的例子代表,cookies容易受到第三方的攻击。最近,病毒分析
专家发现一些系统漏洞(Internet Explorer,Mozilla Firefox,
JavaScript),通过使用非正常的cookies或者所谓的间谍软件允许黑客从
Cookie获取系统信息(例如客户使用的不同服务器的登录信息)。
5.结论
在谈到Cookies,最重要的是要知道如何从Cookies和其他应用程序保护
Cookie或如何保护计算机免受cookie的攻击。由于Cookies是浏览网页必要
的和事实上对于计算机用户Cookie的交通是无形的,所以一个“ Cookie控
制”模块是必须的,以帮助用户。 BitDefender互联网安全套装检测两种病
毒和间谍软件攻击的签字使用的机制。此功能包括在产品的默认配置中,使
客户无需进行进一步的操作。
|
发表于 2010-11-29 01:19:37
发表于 2010-11-29 10:21:49
支持一下
