Security Basics mailing list archives
Re: Minimal User Interaction with Links
From: Ameya R <mosthated.ar () gmail com>
Date: Wed, 19 Aug 2009 09:06:20 +0530
When you click on a link, and the "Open / Save" Dialog / Prompt appears, the file is already being downloaded in your browser cache folder. When you select what you want to do with that file (say, Save), the already downloaded part is moved over to its designated location. This becomes obvious, when you wish to download a file, but spend 10-15 seconds to select where to store it - the moment you get done selecting the location, you can see in your download bar that some part has already been downloaded, and you download speed shown is much more than expected, it falls down to a stable speed slowly thereafter.
For the EICAR test file, the file size itself is so small, that by the time you decide whether you want to open or save it, the whole file is already downloaded onto your computer. This is where you AV kicks in. The moment the file has been downloaded, it starts scanning the file. Correct me if I am wrong, but even if you zip the EICAR test file in a for example, say a zip archive. Your AV should still detect it immediately (I think the file is also offered for download as a .zip archive?) Try adding the EICAR file to a zip that is say, 50MB and download it. your AV wont detect it unless it's completely downloaded.
Correct me if i've gone wrong somewhere A.R 51l3n73y3s wrote:
Hello list, Is it possible to execute or save a file by just clicking on a link?I might be missing something over here, here is a sample eicar test string http://www.eicar.org/download/eicar.comAs soon as I click on it, my AV gives me the message about the detection at "%temp%\ NcsWJCau.com.part" and the page also gives me an option to save the file. Doesn't this mean that the file is being stored in the temp directory without user interaction?-Sandeep Cheema
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Minimal User Interaction with Links, (continued)
- Re: Minimal User Interaction with Links Micheal Espinola Jr (Aug 14)
- Re: [WEB SECURITY] Re: Minimal User Interaction with Links Steven M. Christey (Aug 14)
- Message not available
- RE: [WEB SECURITY] Re: Minimal User Interaction with Links Schmidt, Chris (Aug 18)
- Re: [WEB SECURITY] Re: Minimal User Interaction with Links 51l3n73y3s (Aug 18)
- RE: [WEB SECURITY] Re: Minimal User Interaction with Links Schmidt, Chris (Aug 18)
- RE: [WEB SECURITY] Re: Minimal User Interaction with Links Vance, Michael (Aug 18)
- Re: [WEB SECURITY] Re: Minimal User Interaction with Links 51l3n73y3s (Aug 18)
- Re: [WEB SECURITY] Re: Minimal User Interaction with Links Bil Corry (Aug 18)
- Re: [WEB SECURITY] Re: Minimal User Interaction with Links 51l3n73y3s (Aug 18)
- Re: [WEB SECURITY] Re: Minimal User Interaction with Links Steven M. Christey (Aug 14)
- Re: Minimal User Interaction with Links Micheal Espinola Jr (Aug 14)