Welcome Guest
[ Log In :: Register ]

 

[ Track this topic :: Email this topic :: Print this topic ]

Topic: Vulnerability in Internet Explorer, Urgent - please read this< Next Oldest | Next Newest >
Alan D Offline




Group: Members
Posts: 3670
Joined: Aug. 2004
Posted: Sep. 24 2006, 05:19

A few days ago it was discovered that there's a new vulnerability in Windows that can be exploited, and is being exploited, by the bad guys who inhabit the web. This one seems particularly nasty. All you have to do to be caught is to visit an affected website, or it can also be picked up from an email containing HTML. Microsoft are working on a patch, and have promised to have one ready by mid-October, but in the meantime we're all vulnerable.

You can read the Microsoft report at the link below (which also offers advice and a workaround solution if you scroll down and click on 'workarounds' ):

http://www.microsoft.com/technet/security/advisory/925568.mspx

Unfortunately, as usual, this is not terribly clear to the average computer user. A much clearer account is available at the excellent Gibson Research website  at this link, below:

http://www.grc.com/sn/notes-058.htm

Click on the link and scroll down to where it says 'How to Protect Your System', and read the advice it gives. You can protect your system very very simply by following their description of what to do. I've done it myself, and it seems to work, and I haven't noticed any ill effects. It takes less than a minute to do it. What it does is to deregister the file that is causing the vulnerability, and since hardly any websites require that file to be registered, it will have no significant effect on your use of your computer. (You can register it again in a few weeks' time when Microsoft have issued a patch, and you'll see that the Gibson Research page tells you how to do so.)

You can test the vulnerability of your system by clicking on the link below:

http://webfx.eae.net/dhtml/VMLClock/clockScriptlet.html

If you're vulnerable, you'll see the image of a clock. If you're not vulnerable (eg after you've deregistered the file), you see a blank screen.

The best additional advice I've been able to collect is:

1. Make sure Windows is updated fully.
2. Make sure your antivirus and antispyware protection is updated fully.
3. Don't visit sites where you're most likely to encounter this exploit (adult sites, gambling sites, crack sites, file sharing sites)

(I should add that all this information has been gathered from the highly knowledgeable people at the Windows Defender Newsgroup, in whom I have considerable trust.)

[Note: A non-Microsoft patch has been made and is available that supposedly fixes this issue - it's mentioned on the Gibson Research page - but it hasn't been endorsed by Microsoft, and I have no intention of using it myself.]
Back to top
Profile PM 
Moz Offline




Group: Musicians
Posts: 600
Joined: July 2005
Posted: Sep. 24 2006, 08:09

As this only affects IE, wouldn't it be easier to recommend Firefox?  Not everyone wants to change their web browser, but Firefox is hit with far fewer security problems than IE as it's not tied to Windows.  There will be more problems with IE and there have been lots in the past.  And there is no guarantee that security problems will be publicised before they are exploited.

Download Firefox here: http://www.mozilla.com


--------------
Twitter: @benbarden
Back to top
Profile PM WEB 
Alan D Offline




Group: Members
Posts: 3670
Joined: Aug. 2004
Posted: Sep. 24 2006, 08:54

I'm informed that although using Firefox (which was my own initial emergency response when I first heard about this threat) may reduce the vulnerability of a system in the short term, the risk still remains. It's not a clear-cut issue, I believe.

(Personally, I find Firefox irritating, and prefer not to use it. I'm also informed that the anti-malware forums often encounter Firefox users who are trying to get rid of malware despite hoping that using Firefox would protect them.)

However, my purpose is not to recommend any specific action (that choice is up to each individual) but to alert people to the existence of the threat, and the existence of a solution. Which I've now done.
Back to top
Profile PM 
Moz Offline




Group: Musicians
Posts: 600
Joined: July 2005
Posted: Sep. 25 2006, 05:32

Fair points Alan.

I visited the VML test page in IE and the clock displayed, whereas it didn't in Firefox.  Wouldn't that mean this particular risk is gone when using Firefox?

As for Firefox users still having security problems, users really need to be aware of possible security issues whatever the software they use.  So if you get a warning in Firefox and just click through it, or you get a dodgy attachment in Thunderbird and open it despite the message that pops up, can the software do much more?

I suppose this is where anti-virus / anti-malware / anti-spyware software comes in.  But what if it's a brand new virus or other threat that isn't documented yet?  That's why users still need to be vigilant and aware of potential risks, not just those that are documented, but ones that may present themselves without warning.

I've seen dozens of users (and heard about hundreds if not thousands more) who don't read the messages that pop up and click through them, or click on banner ads for example.  If you intentionally open this kind of stuff, the browser will assume you wanted to!

I don't disagree with what you've said :)


--------------
Twitter: @benbarden
Back to top
Profile PM WEB 
Alan D Offline




Group: Members
Posts: 3670
Joined: Aug. 2004
Posted: Sep. 25 2006, 07:02

Quote (Moz @ Sep. 25 2006, 10:32)
I visited the VML test page in IE and the clock displayed, whereas it didn't in Firefox.  Wouldn't that mean this particular risk is gone when using Firefox?

I don't know. I believe the purpose of the clock test is to check whether the vgx.dll file is registered or not - I presume that even though Firefox isn't allowing access to the file, it still is in there, registered. I don't know how the bad guys are exploiting this. I'm reluctant to say anything else really, for fear of my ignorance misleading anyone.

Quote

users still need to be vigilant and aware of potential risks, not just those that are documented, but ones that may present themselves without warning.


Absolutely. The best protection is to be aware of the issues, and take basic precautions:
1. Update Windows and all your protective software. If you don't have several antispyware programs, get some and install them in addition to your standard antivirus software.(Just for starters, Ad-Aware, Spybot Search and Destroy are well-known and are free. Ewido is very highly regarded and can be run as a free trial for a month with real-time protection. Even after the month has expired, you can still use it for manual scans.)
2. Don't open any emails from sources you don't recognise. Delete them unopened.
3. Don't click on any unknown link experimentally. Only visit websites you trust.
Back to top
Profile PM 
Alan D Offline




Group: Members
Posts: 3670
Joined: Aug. 2004
Posted: Sep. 26 2006, 16:39

I'm pleased to note that a patch is now available for this vulnerability. If you haven't got automatic updates switched on, you should go to Windows update website and install the patch.

If you de-registered the vml file a few days ago, you should re-register it, but only AFTER installing the patch. You can go to the Gibson website for full instructions:
http://www.grc.com/sn/notes-058.htm

At that webpage, they now offer a vulnerability test so you can check that all is well after applying the patch. However, when I tried it, my Norton Internet Worm Protection went crazy and blocked the test, so I'm not sure what that means!!
Back to top
Profile PM 
Ray Offline




Group: Members
Posts: 857
Joined: Jan. 2000
Posted: Sep. 27 2006, 15:49

Switch to firefox - it's much better anyway.

Ray


--------------
Looking out over the harbour in Peel.......
Back to top
Profile PM 
Alan D Offline




Group: Members
Posts: 3670
Joined: Aug. 2004
Posted: Sep. 27 2006, 17:12

Quote (Ray @ Sep. 27 2006, 20:49)
Switch to firefox - it's much better anyway.

To anyone reading this who might benefit from it: by all means switch to Firefox if you like it - but please be aware that using Firefox does not mean that you don't need to take those basic precautions outlined above, as basic regular background maintenance.
Back to top
Profile PM 
Ray Offline




Group: Members
Posts: 857
Joined: Jan. 2000
Posted: Sep. 28 2006, 17:14

Oh!  Thank Alan.

Ray


--------------
Looking out over the harbour in Peel.......
Back to top
Profile PM 
Alan D Offline




Group: Members
Posts: 3670
Joined: Aug. 2004
Posted: Sep. 29 2006, 10:28

Well, my comments weren't intended for you, Ray, because you clearly know what you're doing; but there may be one or two people out there who know even less than me about these things, and I wouldn't want them to think they were safe if they weren't.

I'm sorry to say that yet another critical vulnerability of Internet Explorer has emerged in the last few days: see here:

http://www.microsoft.com/technet/security/advisory/926043.mspx

According to the workarounds in that document, the simplest solution is to set your browser's security level to 'high', until they issue a patch for this. (Or, of course, switch to Firefox! )
Back to top
Profile PM 
Ray Offline




Group: Members
Posts: 857
Joined: Jan. 2000
Posted: Sep. 30 2006, 15:43

Me!...Know what i'm doing - not really - i didnt think fire fox was as open to nasties as IE.  But I have a handy IT guy at the office who I ask occasional questions.  But like all IT guys you have to know what to ask!!

R  :cool:


--------------
Looking out over the harbour in Peel.......
Back to top
Profile PM 
Alan D Offline




Group: Members
Posts: 3670
Joined: Aug. 2004
Posted: Sep. 30 2006, 16:43

Quote (Ray @ Sep. 30 2006, 20:43)
i didnt think fire fox was as open to nasties as IE.

That's right, it isn't. But the important point I wanted to make is that using firefox doesn't mean you're not vulnerable in other ways. Which browser you use is irrelevant if you've just opened a malignant email and your antivirus definitions are out of date....

As far as I understand it (which isn't far), with this new exploit, setting IE security to 'high' is as effective as switching to firefox.


[I've just realised that this is my 2000th post! How nice it would have been to have marked the occasion with some witty and penetrating observation about Mike Oldfield - but all it turned out to be was this boring comment about internet security! Yuck!]
Back to top
Profile PM 
Alan D Offline




Group: Members
Posts: 3670
Joined: Aug. 2004
Posted: Oct. 02 2006, 09:58

Just to demonstrate my point about Firefox, I'm sorry to say that a vulnerability in it, too, is currently being reported (see here).

You can greatly minimise the risk by making sure you have (1) up-to-date Windows (2) up-to-date antivirus (3) up-to-date antispyware (more than one).

Meanwhile, if you want to test the vulnerability of your firewall, you can try the excellent test at the Gibson Research website. Run the 'common ports' and 'service ports' test (and the 'file-sharing' test, if you do much of that sort of thing). It's very reassuring to get a clear bill of health, and they'll give you good information if you don't.....
Back to top
Profile PM 
12 replies since Sep. 24 2006, 05:19 < Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

 






Forums | Links | Instruments | Discography | Tours | Articles | FAQ | Artwork | Wallpapers
Biography | Gallery | Videos | MIDI / Ringtones | Tabs | Lyrics | Books | Sitemap | Contact

Mike Oldfield Tubular.net
Mike Oldfield Tubular.net