firefox - Unable to surf with Ease due Certificate Requirement or virus
2014-07
kamalbhai
I am trying to surf the internet but for any link which I type or enter, I get the following message :
This Connection is Untrusted
You have asked Firefox to connect securely to accounts.google.com, but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
On clicking the option of Technical Details, I get the following message :
accounts.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate has expired. The certificate will not be valid until 25-02-2014 20:49. The current time is 22-08-2009 14:42. (Error code: sec_error_expired_issuer_certificate)
I dont know if it because of some kind of virus or anything. But I am pissed off because of the certificate issue popping up everytime I go to any site. Can someone please help me out ?? Is it because of some virus which tracking my browsing or stealing the cookies ?? Thanks.
Scandalist
Ensure your date and time settings are correct. It is important that the clock of your computer and the server are in sync for certificates to function.
Rob
I have seen these a lot lately. You click the link, and instant trojan. No need to download or anything.
How is this possible? Is there a way I can scan the links before visiting to make sure I won't be infected?
ChrisF
To answer how it's possible:
The site has some script that gets executed as you load the page. This is what infects your Windows PC - I'm not 100% sure of the details though, whether it downloads the code or just runs it. This page has an example of how it was done in one case. A vulnerable browser is also required, and virtually any popular browser is a vulnerable one as something running on a lot of computers is worth targeting.
It will be Windows PC's for the most part that get infected as people run as admin's rather than restricted users. The reasons for this are many and varied. As Roger points out in his comment its popularity rather than any intrinsic weakness that's the main factor here:
Windows is targeted more because it is more popular. Some say that Windows is less secure than alternatives too, but I have to say that in the way you highlight, it's not. I run Linux at home and if a trojan could run under my user account it could still do quite a lot of damage to files that I care about quite a bit, it just couldn't take over the system.
Though by running with a restricted rights user you can limit the damage, but not necessarily eliminate it.
With Vista and now 7 having tighter control over what gets run as admin you might start to see a drop in these sorts of sites - though it will only be when the majority are running the newer OS's.
sleske
Well, when you open a website, the website can direct the browser to do all kinds of things on its behalf. In the simplest case it will just send text and pictures to be displayed, but it can also send small programs that the browser will run (in JavaScript, which browsers have built in, or using a browser plugin such as Java or Flash).
In principle, getting infected just from visiting a website should be impossible:
While browsers will execute programs on behalf of websites you visit, these programs are carefully restricted so they can only do "harmless" things. From Javascript, you can for example alter the page that the Javascript belongs to (since both come from the same website, there can be no harm), but Javascript may not change a page from a different website (so a sleazy site cannot alter your home banking display), and it may not directly access files on your computer.
Similar restrictions exist for most plugins (at least for Java and Flash). This is commonly referred to as sandboxing, as the code is essentially in a box of its own, isolated from the computer it runs on. In particular, it cannot read files on your hard disk, or start programs for you, like "regular" programs running on your computer can.
Now, the thing is: while in principle you're safe, in practice you may not be. The reason is that the sandbox system, like all programs, has bugs. Sometimes these bugs allow a program to "break" the sandbox and trick the browser or plugins to do things it should not be allowed to do. These tricks can be quite elaborate.
Examples:
- Like regular programs, the implementation of the browser or plugin can have buffer overflows, which can allow a website to run specially crafted code by sending it to the browser as input
- There was a vunerability in old versions of Sun's Java plugin with respect to the sandbox. The sandbox disallowed (and still disallows) access to all Java functions which could allow a program to do damage, such as reading or deleting local files. However, while the sandbox did correctly block access to these functions from a Java applet, browsers also allowed indirect access to these functions from Javascript (via a technique called "reflection"). This "backdoor" had not been sufficiently considered by developers, and allowed to bypass the sandbox restrictions, breaking the sandbox. See http://jouko.iki.fi/adv/javaplugin.html for details.
Unfortunately, there have been several vulnerabilities in the sandboxes of Javascript, of Java and of Flash, just to name a few. It's still a kind of race between malicious hackers who detect these vulnerabilities to exploit them, and good hackers and developers who detect and fix them. Usually, they are fixed quickly, but there is sometimes a window of vulnerability.
BTW: The sandbox is the reason some Java applets pop up a "Do you trust this applet" warning on launch: These applets ask you to let them out of their sandbox and to give them access to your computer. This is sometimes necessary, but should only be granted with good reasons.
P.S.: The reason that ActiveX (at least early versions) were so horribly insecure is that ActiveX did not use a sandbox. Any ActiveX code from a webpage had full access to your system. To be fair, this was (partially) rectified in later versions.
8088
You could install something free such as AVG LinkScanner. It will scan the links before they have chance to do any damage.
If you use Google Chrome, it offers some protection from links that end up on pages infected with malware. It displays a nice warning message BEFORE loading the actual page up.
The latest version of Internet Explorer includes SmartScreen Filter which does the same thing.
fluxtendu
Some good firefox extensions to protect yourself:
- NoScript Prevent active content to be run without your authorization:
- WOT (Web Of Trust) Scan the links
And to run your browser(s) in an isolated space: Sandboxie
Ioan
I mention this to answer your last question about preemptive actions. One not-so-common option is to use a virtual machine (well, it is common among security circles). There are a few free ones available. Install your OS, browser, and add-ins in the virtual machine and save the state. You can then browse to any site. When finished, you revert to that saved state and anything that happened in the virtual machine after that point is discarded. It's very simple once you get into it, but may pose a slight learning curve.
Note: Reverting state will literally discard any changes to the virtual machine; including browser history, cookies, updates, etc. In this case, you could revert to that state, apply updates, and save a new state. The same can be done for anything else you wish to keep. None of this affects your actual computer, only the virtual machine.
munnaBhai
in addition to what fluxtendu mentioned above use AddBlock Plus addon in ur firefox...
use a some toold like Threatfire/winpatrol,for real-time behavioral protections
Then you are safe to swim