Are you saying that Fireshark runs by itself in Virtual Environment?
From the article, “… Fireshark must be run in a virtual machine in order to prevent an infection. …”
Hence by the way I read the article, in order to use Fireshark to prevent an infection, need to be using a virtual system setup, or even just running Fx in a sandbox?
that’s also what I understood… I can’t see how an extension could generate by itself a virtual environment when the OS and/or the browser are run normally. I’m not even sure that Fireshark is meant at all to protect from malicious stuff: it sounds more like it’s a tool to analyse web sites content and detect malicious stuff, hence the need to run the whole in a virtual environment.
Read about fireshark on twitter last day… Well, avast! did detect it as a threat. I guess its a FP. lets wait and see what happens. Someone should have already reported.
These tools can be found online like mentioned in this listing: http://isc.sans.org/diary.html?storyid=6679
When you use the tools like malzilla or jsunpack mind you run them in a virtualized environment, with just mere restricted user rights, with protection from NoScript, RequestPolicy extensions etc. WepaWet, unmasked parasites, novirusthanks.org and Norton Safe Web can be visited just online to check URL’s. The other analyzing tools are meant for users that know what they are doing, because if the malware spills over you may have a problem. Mind that sandboxed environments are no complete safequard, Fireshark just come in this range of tools and the findings can be analyzed for instance in Malzilla for instance. I use unmasked parasites for a quick and dity and some iFrame analyzing scanner as a second pre-check. Mind that the tools come with overlapping results, no one scanner finds all malicious code added, and Norton Safe Web only reports for sites checked.
Small initial parts of the malcode found (rendered harmless) could be googled to find a general pattern or the line of malware it belongs to or gives an indication with a description of the exploit used about the general infection vector, so we get a better insight in the various ways a gigantic amount of normal reputed trusted sites are being abused by malcreants. Try this interesting site: http://www.greymagic.com/security/tools/decoder/
Well, yes. I do use malzilla. I was using it in virtual machine till now… Now i am having some problems working with vmware in windows 7. hopefully back… up soon… Generally unmaskparasites misses out…Nothing gets past malzilla. because we can see all the source there. I have been using it for almost 1 year… very good tool.
The strength of your detection is combining info from various scanners. As you stated here not one scanner gets it all, detection of all existing malicious or suspicious sites. So combine the data of various scanning methods - unmasked parasites, and sitetruth, up to date online block lists, firekeeper rules, iFrame analyzers and online frame checking sites, de-obfuscation sites and search tools and in such a way you will have a growing hunch as at where and what to look for in these respects,