Improve company productivity with a Business Account.Sign Up

x
?
Solved

Toolbars security risks ?

Posted on 2009-05-20
9
Medium Priority
?
636 Views
Last Modified: 2013-12-09
Hi, Does anyone have a quick lists of known security risks involved with Google Toolbar and Yahoo Toolbar, and any other tool bars that are 'popular' ?

I need to provide some details to a customer on why they dont need to have them installed.

Any help would be appreciated.
Thanks,
0
Comment
Question by:brance2000
  • 5
  • 2
8 Comments
 
LVL 1

Accepted Solution

by:
quietkey earned 1000 total points
ID: 24431567
To a certain point, all the toolbars are spyware, in that they store cookies, and generally report back to the host (yahoo, google, etc.).  Those are more very low severity threats.  Other toolbars are worse, such as the ones that come from Smiley Central (all the women want their smileys, so that's a simple vector).

The biggest threats come from the smaller vendors, since everyone's got a toolbar to add to your browser.  What I've found causes the most problems of all is people will install programs that also come with this toolbar or that one, and you'll end up with 5 or 6 toolbars, maybe 7 different popup blockers, some of which pull information down from the net to populate the buttons, and they interfere with each other.  If the customer MUST have a toolbar, I would recommend that they pick ONE and stick with only that one. I'd recommend Google, if anything, although all the browsers these days give you a search option to the engine of your choice WITHOUT a toolbar.  I'd recommend Google, if anything, although all the browsers these days give you a search option to the engine of your choice WITHOUT a toolbar.
0
 

Author Comment

by:brance2000
ID: 24431616
quietkey:,

Thanks for the response... but I'm looking for specific reasons on why not to have toolbars installed for a manager of a company.. He's needing reasons to tell his employees on why he doesnt want tool bars installed on PCs at his company.   Ie...   google and a few other 'major' tool bars scan and capture all username/passwords and other info on your PC.  I've heard there are more specific items with security holes in the google, yahoo, and other toolbars and that's what I'm looking for.
0
 
LVL 1

Expert Comment

by:quietkey
ID: 24431869
It's difficult to list 'specific' vulnerabilities, simply because the major vendors do update fairly frequently to remove discovered vulnerabilities.  All of them store information by default.  Using Google as an example, there  have been multiple vulnerabilities that have surfaced over time, such as one that will hijack the cookies stored on the machine, and report that information back to someone besides Google.  Google and Yahoo are not going to be collecting the users' stored information.  The vulnerability comes in from a third party attack, which redirects the stored information to the third party after malware is installed on a PC.  As those vulnerabilities are discovered (such as allowing iframes to run javascript through Google Desktop to capture information), the legitimate vendors are quick to patch.  The Iframe exploit is the most recent major vulnerability that I'm aware of, and that has been patched, but that does not mean there will not be future exploits as Google is constantly adding new features.  With the way Google insists on storing information, there will ALWAYS be a threat that an exploit will appear that will capture that information for a third party.  What it comes down to is this:  Does the utility offered by the toolbar outweigh the potential vulnerability?  If it doesn't, then that should become part of the Acceptable Computer Use policy of the company.  If it doesn't, you should let them use it under very strict guidelines.  One toolbar (specified by the company policy) that everyone uses, updated antivirus, AND updated AntiSpyware software scanning regularly.

(Not addressing Microsoft Live Search toolbar, as I don't know of ANYONE that prefers to use that over Google or Yahoo).  Any toolbars beyond that I tend to automatically assume they are spyware, and do not allow them in our organization.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
LVL 1

Expert Comment

by:quietkey
ID: 24431882
*edit*

 If it DOES, you should let them use it under very strict guidelines.  One toolbar (specified by the company policy) that everyone uses, updated antivirus, AND updated AntiSpyware software scanning regularly.
0
 
LVL 1

Expert Comment

by:quietkey
ID: 24493795
Alright, haven't heard any more regarding this in over a week, guess I'll stop monitoring to see if additional information is requested.
0
 

Author Comment

by:brance2000
ID: 24494315
quietkey, just waiting to see if I got any more responses from others... I do appreciate your feedback on this thread  :)
0
 
LVL 1

Expert Comment

by:quietkey
ID: 24494548
I understand.  Could be a long wait, though, because you're not asking for a general overview on the vulnerability of toolbars in general, or past vulnerabilities, or general reasons why toolbars can be security risks, you're looking for current/active exploits in the toolbars.  You may find someone that will post something like that, but I'd be very surprised if it happened. The problem is, if they are known by the IT community, there are generally patches released quickly to address them, if it's a legitimate vendor.  If it's not a legitimate vendor, that's reason enough to ban the toolbar from being installed without specific exploit information.  However, maybe a hacker who knows of an active unpatched hole might post something, you never know.  Good luck with that!   :)
0
 
LVL 7

Assisted Solution

by:meispisces
meispisces earned 1000 total points
ID: 24516334
Just tell your manager, it is not needed as
(a) it occupies space. (almost 20% of browser area)
(b) Feature provided in toolbar e.g. searching,chatting etc could be done with just one click by opening a website. So stop being lazy :-)!
(c) Security risks (alerady discussed)
I know, my answers are really very childish, but i gues they are true (upto some extent!)
Give him a link to refer:
http://www.elitetrader.com/vb/showthread.php?threadid=32071/ 
0

Featured Post

Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The intent of this article is not to tell you what solution to use (you know it better) or make a big bang change to your current regime (you are well aware of), but to share how the regime can be better and effective in streamlining the multiple pa…
This is the conclusion of the review and tests for using two or more Password Managers so you don't need to rely on just one. This article describes the results of a lot of testing in different scenario's to reveal which ones best co-exist together.…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question