Solved

Toolbars security risks ?

Posted on 2009-05-20
9
599 Views
Last Modified: 2013-12-09
Hi, Does anyone have a quick lists of known security risks involved with Google Toolbar and Yahoo Toolbar, and any other tool bars that are 'popular' ?

I need to provide some details to a customer on why they dont need to have them installed.

Any help would be appreciated.
Thanks,
0
Comment
Question by:brance2000
  • 5
  • 2
9 Comments
 
LVL 1

Accepted Solution

by:
quietkey earned 250 total points
ID: 24431567
To a certain point, all the toolbars are spyware, in that they store cookies, and generally report back to the host (yahoo, google, etc.).  Those are more very low severity threats.  Other toolbars are worse, such as the ones that come from Smiley Central (all the women want their smileys, so that's a simple vector).

The biggest threats come from the smaller vendors, since everyone's got a toolbar to add to your browser.  What I've found causes the most problems of all is people will install programs that also come with this toolbar or that one, and you'll end up with 5 or 6 toolbars, maybe 7 different popup blockers, some of which pull information down from the net to populate the buttons, and they interfere with each other.  If the customer MUST have a toolbar, I would recommend that they pick ONE and stick with only that one. I'd recommend Google, if anything, although all the browsers these days give you a search option to the engine of your choice WITHOUT a toolbar.  I'd recommend Google, if anything, although all the browsers these days give you a search option to the engine of your choice WITHOUT a toolbar.
0
 

Author Comment

by:brance2000
ID: 24431616
quietkey:,

Thanks for the response... but I'm looking for specific reasons on why not to have toolbars installed for a manager of a company.. He's needing reasons to tell his employees on why he doesnt want tool bars installed on PCs at his company.   Ie...   google and a few other 'major' tool bars scan and capture all username/passwords and other info on your PC.  I've heard there are more specific items with security holes in the google, yahoo, and other toolbars and that's what I'm looking for.
0
 
LVL 1

Expert Comment

by:quietkey
ID: 24431869
It's difficult to list 'specific' vulnerabilities, simply because the major vendors do update fairly frequently to remove discovered vulnerabilities.  All of them store information by default.  Using Google as an example, there  have been multiple vulnerabilities that have surfaced over time, such as one that will hijack the cookies stored on the machine, and report that information back to someone besides Google.  Google and Yahoo are not going to be collecting the users' stored information.  The vulnerability comes in from a third party attack, which redirects the stored information to the third party after malware is installed on a PC.  As those vulnerabilities are discovered (such as allowing iframes to run javascript through Google Desktop to capture information), the legitimate vendors are quick to patch.  The Iframe exploit is the most recent major vulnerability that I'm aware of, and that has been patched, but that does not mean there will not be future exploits as Google is constantly adding new features.  With the way Google insists on storing information, there will ALWAYS be a threat that an exploit will appear that will capture that information for a third party.  What it comes down to is this:  Does the utility offered by the toolbar outweigh the potential vulnerability?  If it doesn't, then that should become part of the Acceptable Computer Use policy of the company.  If it doesn't, you should let them use it under very strict guidelines.  One toolbar (specified by the company policy) that everyone uses, updated antivirus, AND updated AntiSpyware software scanning regularly.

(Not addressing Microsoft Live Search toolbar, as I don't know of ANYONE that prefers to use that over Google or Yahoo).  Any toolbars beyond that I tend to automatically assume they are spyware, and do not allow them in our organization.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 1

Expert Comment

by:quietkey
ID: 24431882
*edit*

 If it DOES, you should let them use it under very strict guidelines.  One toolbar (specified by the company policy) that everyone uses, updated antivirus, AND updated AntiSpyware software scanning regularly.
0
 
LVL 1

Expert Comment

by:quietkey
ID: 24493795
Alright, haven't heard any more regarding this in over a week, guess I'll stop monitoring to see if additional information is requested.
0
 

Author Comment

by:brance2000
ID: 24494315
quietkey, just waiting to see if I got any more responses from others... I do appreciate your feedback on this thread  :)
0
 
LVL 1

Expert Comment

by:quietkey
ID: 24494548
I understand.  Could be a long wait, though, because you're not asking for a general overview on the vulnerability of toolbars in general, or past vulnerabilities, or general reasons why toolbars can be security risks, you're looking for current/active exploits in the toolbars.  You may find someone that will post something like that, but I'd be very surprised if it happened. The problem is, if they are known by the IT community, there are generally patches released quickly to address them, if it's a legitimate vendor.  If it's not a legitimate vendor, that's reason enough to ban the toolbar from being installed without specific exploit information.  However, maybe a hacker who knows of an active unpatched hole might post something, you never know.  Good luck with that!   :)
0
 
LVL 7

Assisted Solution

by:meispisces
meispisces earned 250 total points
ID: 24516334
Just tell your manager, it is not needed as
(a) it occupies space. (almost 20% of browser area)
(b) Feature provided in toolbar e.g. searching,chatting etc could be done with just one click by opening a website. So stop being lazy :-)!
(c) Security risks (alerady discussed)
I know, my answers are really very childish, but i gues they are true (upto some extent!)
Give him a link to refer:
http://www.elitetrader.com/vb/showthread.php?threadid=32071/ 
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
The viewer will learn how to count occurrences of each item in an array.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question