Solved

Toolbars security risks ?

Posted on 2009-05-20
9
613 Views
Last Modified: 2013-12-09
Hi, Does anyone have a quick lists of known security risks involved with Google Toolbar and Yahoo Toolbar, and any other tool bars that are 'popular' ?

I need to provide some details to a customer on why they dont need to have them installed.

Any help would be appreciated.
Thanks,
0
Comment
Question by:brance2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
9 Comments
 
LVL 1

Accepted Solution

by:
quietkey earned 250 total points
ID: 24431567
To a certain point, all the toolbars are spyware, in that they store cookies, and generally report back to the host (yahoo, google, etc.).  Those are more very low severity threats.  Other toolbars are worse, such as the ones that come from Smiley Central (all the women want their smileys, so that's a simple vector).

The biggest threats come from the smaller vendors, since everyone's got a toolbar to add to your browser.  What I've found causes the most problems of all is people will install programs that also come with this toolbar or that one, and you'll end up with 5 or 6 toolbars, maybe 7 different popup blockers, some of which pull information down from the net to populate the buttons, and they interfere with each other.  If the customer MUST have a toolbar, I would recommend that they pick ONE and stick with only that one. I'd recommend Google, if anything, although all the browsers these days give you a search option to the engine of your choice WITHOUT a toolbar.  I'd recommend Google, if anything, although all the browsers these days give you a search option to the engine of your choice WITHOUT a toolbar.
0
 

Author Comment

by:brance2000
ID: 24431616
quietkey:,

Thanks for the response... but I'm looking for specific reasons on why not to have toolbars installed for a manager of a company.. He's needing reasons to tell his employees on why he doesnt want tool bars installed on PCs at his company.   Ie...   google and a few other 'major' tool bars scan and capture all username/passwords and other info on your PC.  I've heard there are more specific items with security holes in the google, yahoo, and other toolbars and that's what I'm looking for.
0
 
LVL 1

Expert Comment

by:quietkey
ID: 24431869
It's difficult to list 'specific' vulnerabilities, simply because the major vendors do update fairly frequently to remove discovered vulnerabilities.  All of them store information by default.  Using Google as an example, there  have been multiple vulnerabilities that have surfaced over time, such as one that will hijack the cookies stored on the machine, and report that information back to someone besides Google.  Google and Yahoo are not going to be collecting the users' stored information.  The vulnerability comes in from a third party attack, which redirects the stored information to the third party after malware is installed on a PC.  As those vulnerabilities are discovered (such as allowing iframes to run javascript through Google Desktop to capture information), the legitimate vendors are quick to patch.  The Iframe exploit is the most recent major vulnerability that I'm aware of, and that has been patched, but that does not mean there will not be future exploits as Google is constantly adding new features.  With the way Google insists on storing information, there will ALWAYS be a threat that an exploit will appear that will capture that information for a third party.  What it comes down to is this:  Does the utility offered by the toolbar outweigh the potential vulnerability?  If it doesn't, then that should become part of the Acceptable Computer Use policy of the company.  If it doesn't, you should let them use it under very strict guidelines.  One toolbar (specified by the company policy) that everyone uses, updated antivirus, AND updated AntiSpyware software scanning regularly.

(Not addressing Microsoft Live Search toolbar, as I don't know of ANYONE that prefers to use that over Google or Yahoo).  Any toolbars beyond that I tend to automatically assume they are spyware, and do not allow them in our organization.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:quietkey
ID: 24431882
*edit*

 If it DOES, you should let them use it under very strict guidelines.  One toolbar (specified by the company policy) that everyone uses, updated antivirus, AND updated AntiSpyware software scanning regularly.
0
 
LVL 1

Expert Comment

by:quietkey
ID: 24493795
Alright, haven't heard any more regarding this in over a week, guess I'll stop monitoring to see if additional information is requested.
0
 

Author Comment

by:brance2000
ID: 24494315
quietkey, just waiting to see if I got any more responses from others... I do appreciate your feedback on this thread  :)
0
 
LVL 1

Expert Comment

by:quietkey
ID: 24494548
I understand.  Could be a long wait, though, because you're not asking for a general overview on the vulnerability of toolbars in general, or past vulnerabilities, or general reasons why toolbars can be security risks, you're looking for current/active exploits in the toolbars.  You may find someone that will post something like that, but I'd be very surprised if it happened. The problem is, if they are known by the IT community, there are generally patches released quickly to address them, if it's a legitimate vendor.  If it's not a legitimate vendor, that's reason enough to ban the toolbar from being installed without specific exploit information.  However, maybe a hacker who knows of an active unpatched hole might post something, you never know.  Good luck with that!   :)
0
 
LVL 7

Assisted Solution

by:meispisces
meispisces earned 250 total points
ID: 24516334
Just tell your manager, it is not needed as
(a) it occupies space. (almost 20% of browser area)
(b) Feature provided in toolbar e.g. searching,chatting etc could be done with just one click by opening a website. So stop being lazy :-)!
(c) Security risks (alerady discussed)
I know, my answers are really very childish, but i gues they are true (upto some extent!)
Give him a link to refer:
http://www.elitetrader.com/vb/showthread.php?threadid=32071/ 
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
When the s#!t hits the fan, you don’t have time to look up who’s on call, draft emails, call collaborators, or send text messages. An instant chat window is definitely the way to go, especially one like HipChat. HipChat is a true business app. An…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question