Toolbars security risks ?

Hi, Does anyone have a quick lists of known security risks involved with Google Toolbar and Yahoo Toolbar, and any other tool bars that are 'popular' ?

I need to provide some details to a customer on why they dont need to have them installed.

Any help would be appreciated.
Thanks,
brance2000Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

quietkeyCommented:
To a certain point, all the toolbars are spyware, in that they store cookies, and generally report back to the host (yahoo, google, etc.).  Those are more very low severity threats.  Other toolbars are worse, such as the ones that come from Smiley Central (all the women want their smileys, so that's a simple vector).

The biggest threats come from the smaller vendors, since everyone's got a toolbar to add to your browser.  What I've found causes the most problems of all is people will install programs that also come with this toolbar or that one, and you'll end up with 5 or 6 toolbars, maybe 7 different popup blockers, some of which pull information down from the net to populate the buttons, and they interfere with each other.  If the customer MUST have a toolbar, I would recommend that they pick ONE and stick with only that one. I'd recommend Google, if anything, although all the browsers these days give you a search option to the engine of your choice WITHOUT a toolbar.  I'd recommend Google, if anything, although all the browsers these days give you a search option to the engine of your choice WITHOUT a toolbar.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
brance2000Author Commented:
quietkey:,

Thanks for the response... but I'm looking for specific reasons on why not to have toolbars installed for a manager of a company.. He's needing reasons to tell his employees on why he doesnt want tool bars installed on PCs at his company.   Ie...   google and a few other 'major' tool bars scan and capture all username/passwords and other info on your PC.  I've heard there are more specific items with security holes in the google, yahoo, and other toolbars and that's what I'm looking for.
0
quietkeyCommented:
It's difficult to list 'specific' vulnerabilities, simply because the major vendors do update fairly frequently to remove discovered vulnerabilities.  All of them store information by default.  Using Google as an example, there  have been multiple vulnerabilities that have surfaced over time, such as one that will hijack the cookies stored on the machine, and report that information back to someone besides Google.  Google and Yahoo are not going to be collecting the users' stored information.  The vulnerability comes in from a third party attack, which redirects the stored information to the third party after malware is installed on a PC.  As those vulnerabilities are discovered (such as allowing iframes to run javascript through Google Desktop to capture information), the legitimate vendors are quick to patch.  The Iframe exploit is the most recent major vulnerability that I'm aware of, and that has been patched, but that does not mean there will not be future exploits as Google is constantly adding new features.  With the way Google insists on storing information, there will ALWAYS be a threat that an exploit will appear that will capture that information for a third party.  What it comes down to is this:  Does the utility offered by the toolbar outweigh the potential vulnerability?  If it doesn't, then that should become part of the Acceptable Computer Use policy of the company.  If it doesn't, you should let them use it under very strict guidelines.  One toolbar (specified by the company policy) that everyone uses, updated antivirus, AND updated AntiSpyware software scanning regularly.

(Not addressing Microsoft Live Search toolbar, as I don't know of ANYONE that prefers to use that over Google or Yahoo).  Any toolbars beyond that I tend to automatically assume they are spyware, and do not allow them in our organization.
0
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

quietkeyCommented:
*edit*

 If it DOES, you should let them use it under very strict guidelines.  One toolbar (specified by the company policy) that everyone uses, updated antivirus, AND updated AntiSpyware software scanning regularly.
0
quietkeyCommented:
Alright, haven't heard any more regarding this in over a week, guess I'll stop monitoring to see if additional information is requested.
0
brance2000Author Commented:
quietkey, just waiting to see if I got any more responses from others... I do appreciate your feedback on this thread  :)
0
quietkeyCommented:
I understand.  Could be a long wait, though, because you're not asking for a general overview on the vulnerability of toolbars in general, or past vulnerabilities, or general reasons why toolbars can be security risks, you're looking for current/active exploits in the toolbars.  You may find someone that will post something like that, but I'd be very surprised if it happened. The problem is, if they are known by the IT community, there are generally patches released quickly to address them, if it's a legitimate vendor.  If it's not a legitimate vendor, that's reason enough to ban the toolbar from being installed without specific exploit information.  However, maybe a hacker who knows of an active unpatched hole might post something, you never know.  Good luck with that!   :)
0
meispiscesCommented:
Just tell your manager, it is not needed as
(a) it occupies space. (almost 20% of browser area)
(b) Feature provided in toolbar e.g. searching,chatting etc could be done with just one click by opening a website. So stop being lazy :-)!
(c) Security risks (alerady discussed)
I know, my answers are really very childish, but i gues they are true (upto some extent!)
Give him a link to refer:
http://www.elitetrader.com/vb/showthread.php?threadid=32071/ 
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.