options to make it harder for spyware

Forum Moderators: open

Message Too Old, No Replies

options to make it harder for spyware

tqatsju

1:17 am on Jan 28, 2005 (gmt 0)

me and my fellow webmaster cohort are trying to figure out different ways (if any sound way) to hurt spyware/malware from targeting our sites using javascript. We tried doing a setfocus timer type program on body load, but it seemed to me that the pros outweighed the con with this approach, plus before i took anymore steps, not being too good at javascript i'd figure i'd ask here if anyone else has taken any approaches to making it harder for spyware and the like to pop over your web sites/ open up new windows with similar content over your web sites etc...

tqatsju

1:18 am on Jan 28, 2005 (gmt 0)

i meant to say cons outweighed the pros. for instance if you keep putting the focus back on your windows then you have to also do some funky things with forms on your own web site so they act correctly and don't lose focus

jbot

11:50 am on Jan 31, 2005 (gmt 0)

if there's adware or your site's users' machines then there's nothing you can do about it. your JS cannot detect what their nmachines are throwing up because that will be happening under a different domain from your code, hence it'll be out of bounds to you.

zorde

4:56 am on Feb 2, 2005 (gmt 0)

I am not 100% sure what techniques the spyware uses, but I assume they modify the HTML code that is displayed in the users browser to insert javascript that will create popups, popunders, floating layers, or hidden iframes that submit the users activity to a secret server. If this is the case I can think of a few solutions.

1) If your site does not use window.open of any kind you could overload that function to return void(0).
2) perhaps its possible to do a character count of document.body.innerHTML+document.body.outerHTML and if it does not match a predefined figure you've set then you know the page has been tampered with. This ofcourse is a bit extreme and will be complicated on dynamic sites with asp, php, jsp etc