The Tavern

I've picked up the Vista Windows Security 2011 virus twice ever since I enabled WebSockets in Firefox, both times it seems like I picked it up after spectating in WebTiles. Anyone else experiencing this?

I don't spectate and while playing i have not got any virus warning when using a portable version of the Iron browser (same as chrome but without privacy concerns).

But i guess the problem with WebTiles is that it is using websockets that is a security risk due to it having many vulnerabilities and that's why most browsers have disabled the support by default.

A good idea is to run your browser through a sandbox when having websocket enabled, like the excellent sandboxie by example to avoid catching unwanted thing and having them running on your actual system, as they will stay confined on the sandbox.

Thanks man, but this post should probably be deleted. It's true that I picked up this virus, removed it, then picked it up again only minutes after activating websockets. I did, however, have an email window open in the background. I can only assume it was coincidence? I'm not the most computer savvy person around...

While websockets are theoretically a security risk (they don't have "many" vulnerabilities, they expose a problem in many proxy servers which may be exploited), no exploit has even been demonstrated so far, so it is highly unlikely that this had to do with webtiles. Also, we allow only TLS-encrypted connections, which should make an exploit nearly impossible (I'm not an expert on this, but I don't think the techniques demonstrated in the security paper will work with secure websockets).