?
Solved

Toolbars security risks ?

Posted on 2009-05-20
9
Medium Priority
?
626 Views
Last Modified: 2013-12-09
Hi, Does anyone have a quick lists of known security risks involved with Google Toolbar and Yahoo Toolbar, and any other tool bars that are 'popular' ?

I need to provide some details to a customer on why they dont need to have them installed.

Any help would be appreciated.
Thanks,
0
Comment
Question by:brance2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
9 Comments
 
LVL 1

Accepted Solution

by:
quietkey earned 1000 total points
ID: 24431567
To a certain point, all the toolbars are spyware, in that they store cookies, and generally report back to the host (yahoo, google, etc.).  Those are more very low severity threats.  Other toolbars are worse, such as the ones that come from Smiley Central (all the women want their smileys, so that's a simple vector).

The biggest threats come from the smaller vendors, since everyone's got a toolbar to add to your browser.  What I've found causes the most problems of all is people will install programs that also come with this toolbar or that one, and you'll end up with 5 or 6 toolbars, maybe 7 different popup blockers, some of which pull information down from the net to populate the buttons, and they interfere with each other.  If the customer MUST have a toolbar, I would recommend that they pick ONE and stick with only that one. I'd recommend Google, if anything, although all the browsers these days give you a search option to the engine of your choice WITHOUT a toolbar.  I'd recommend Google, if anything, although all the browsers these days give you a search option to the engine of your choice WITHOUT a toolbar.
0
 

Author Comment

by:brance2000
ID: 24431616
quietkey:,

Thanks for the response... but I'm looking for specific reasons on why not to have toolbars installed for a manager of a company.. He's needing reasons to tell his employees on why he doesnt want tool bars installed on PCs at his company.   Ie...   google and a few other 'major' tool bars scan and capture all username/passwords and other info on your PC.  I've heard there are more specific items with security holes in the google, yahoo, and other toolbars and that's what I'm looking for.
0
 
LVL 1

Expert Comment

by:quietkey
ID: 24431869
It's difficult to list 'specific' vulnerabilities, simply because the major vendors do update fairly frequently to remove discovered vulnerabilities.  All of them store information by default.  Using Google as an example, there  have been multiple vulnerabilities that have surfaced over time, such as one that will hijack the cookies stored on the machine, and report that information back to someone besides Google.  Google and Yahoo are not going to be collecting the users' stored information.  The vulnerability comes in from a third party attack, which redirects the stored information to the third party after malware is installed on a PC.  As those vulnerabilities are discovered (such as allowing iframes to run javascript through Google Desktop to capture information), the legitimate vendors are quick to patch.  The Iframe exploit is the most recent major vulnerability that I'm aware of, and that has been patched, but that does not mean there will not be future exploits as Google is constantly adding new features.  With the way Google insists on storing information, there will ALWAYS be a threat that an exploit will appear that will capture that information for a third party.  What it comes down to is this:  Does the utility offered by the toolbar outweigh the potential vulnerability?  If it doesn't, then that should become part of the Acceptable Computer Use policy of the company.  If it doesn't, you should let them use it under very strict guidelines.  One toolbar (specified by the company policy) that everyone uses, updated antivirus, AND updated AntiSpyware software scanning regularly.

(Not addressing Microsoft Live Search toolbar, as I don't know of ANYONE that prefers to use that over Google or Yahoo).  Any toolbars beyond that I tend to automatically assume they are spyware, and do not allow them in our organization.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 1

Expert Comment

by:quietkey
ID: 24431882
*edit*

 If it DOES, you should let them use it under very strict guidelines.  One toolbar (specified by the company policy) that everyone uses, updated antivirus, AND updated AntiSpyware software scanning regularly.
0
 
LVL 1

Expert Comment

by:quietkey
ID: 24493795
Alright, haven't heard any more regarding this in over a week, guess I'll stop monitoring to see if additional information is requested.
0
 

Author Comment

by:brance2000
ID: 24494315
quietkey, just waiting to see if I got any more responses from others... I do appreciate your feedback on this thread  :)
0
 
LVL 1

Expert Comment

by:quietkey
ID: 24494548
I understand.  Could be a long wait, though, because you're not asking for a general overview on the vulnerability of toolbars in general, or past vulnerabilities, or general reasons why toolbars can be security risks, you're looking for current/active exploits in the toolbars.  You may find someone that will post something like that, but I'd be very surprised if it happened. The problem is, if they are known by the IT community, there are generally patches released quickly to address them, if it's a legitimate vendor.  If it's not a legitimate vendor, that's reason enough to ban the toolbar from being installed without specific exploit information.  However, maybe a hacker who knows of an active unpatched hole might post something, you never know.  Good luck with that!   :)
0
 
LVL 7

Assisted Solution

by:meispisces
meispisces earned 1000 total points
ID: 24516334
Just tell your manager, it is not needed as
(a) it occupies space. (almost 20% of browser area)
(b) Feature provided in toolbar e.g. searching,chatting etc could be done with just one click by opening a website. So stop being lazy :-)!
(c) Security risks (alerady discussed)
I know, my answers are really very childish, but i gues they are true (upto some extent!)
Give him a link to refer:
http://www.elitetrader.com/vb/showthread.php?threadid=32071/ 
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question