|
|
Author |
Thread |
bitdamaged
Maniac (V) Mad ScientistFrom: 100101010011 <-- right about here Insane since: Mar 2000
|
posted 07-02-2004 18:58
|
bodhi23
Paranoid (IV) InmateFrom: Greensboro, NC USA Insane since: Jun 2002
|
posted 07-02-2004 20:03
quote: CERT said vulnerabilities in IIS and IE could include MIME-type determination, the DHTML object model, the IE domain/zone security model and ActiveX scripts. Alternative browsers such as Mozilla or Netscape may not protect users, the agency warned, if those browsers invoke ActiveX control or HTML rendering engines.
Hmm - don't surf, more likely. What a mess this could be! Imagine the number of people who type their credit card numbers in daily... As if we weren't nervous enough as it is... dang.
|
njuice42
Paranoid (IV) InmateFrom: Gig Harbor, WA Insane since: Feb 2002
|
posted 07-02-2004 20:14
What a situation we've gotten into with the net. It's become something that I don't think any of us really thought it would.
At least I know I spend about 400x the amount of time clearing/checking/blocking and tweaking browsers and sites for spyware than I did in the past. Why, if I weren't so addicted, I might just quit using the net altogether.
njuice42 Cell # 551
icq 957255
|
ninmonkey
Nervous Wreck (II) InmateFrom: Insane since: Nov 2003
|
posted 07-02-2004 20:28
quote: njuice42 said:
I spend about 400x the amount of time clearing/checking/blocking and tweaking browsers and sites for spyware than I did in the past
Using which browser? I have ad-aware and mozilla firefox. The only spyware since the install was the ie toolbar spyware that comes installed on XP.
Looks like theres a fix for IE.
|
njuice42
Paranoid (IV) InmateFrom: Gig Harbor, WA Insane since: Feb 2002
|
posted 07-02-2004 21:30
Hehe, of course there's a fix.
Actually, I was using MyIE2 for a long time. Got quite accustomed to it, and I've experienced a ton of problems. Just recently switched to FireFox, and it's a bit odd. But, usable. And pretty stable, so we'll see how long it takes to get accustomed to it.
njuice42 Cell # 551
icq 957255
|
jive
Paranoid (IV) InmateFrom: Greenville, SC, USA Insane since: Jan 2002
|
posted 07-02-2004 22:50
just another virus ***aaaaattchoo!****
..parden
|
poi
Paranoid (IV) InmateFrom: France Insane since: Jun 2002
|
posted 07-02-2004 23:00
|
ozphactor
Maniac (V) InmateFrom: Kah-lee-fohr-nee-ah Insane since: Jul 2003
|
posted 07-03-2004 07:09
Looks like the warning is actually having some effect. Wired is reporting that Mozilla downloads have surged following the warning.
quote: Downloads of Mozilla and Firefox spiked the day CERT's warning was released, and demand has continued to grow ... downloads of the browsers hit an all-time high on Thursday, from the usual 100,000 or so downloads on a normal day to more than 200,000.
|
I X I
Paranoid (IV) InmateFrom: beyond the gray sky Insane since: Apr 2004
|
posted 07-03-2004 08:04
yeah, I've been using firefox since I came here... it's the best browser I've seen, and I don't know why I was using IE in the first place anymore
Thank you Asylum, you've made my online life more enjoyable :-D
...Of all the things I've lost, I miss my mind the most (ozzy osbourne)
|
Wolfen
Paranoid (IV) InmateFrom: Minnesota Insane since: Jan 2001
|
posted 07-03-2004 12:14
Haha... And they are just publishing these findings after how long now? This is nothing new. I am glad I use Netscape.
|
White Hawk
Bipolar (III) InmateFrom: London Insane since: May 2004
|
posted 07-03-2004 15:11
I still use IE. I'm of the opinion that any other browser, if it was in such wide-spread use, would be subject to the same level of attacks and flaw-exploits. Admittedly, it suffers from some pretty blatant security holes, but these can be minimised by responsible usage.
I'm testing other browsers to see which I find most agreeable, but if there are others out there who still use IE, here are a few little tips to reduce the chance of unpleasantness on the web (useful regardless of your browser).
If you are using Windows, install all the latest security updates from Windows Update. There is a specific accumulative security patch for IE here too.
Disable NETBIOS over your internet connection (only recommended for those using a standalone PC connected to the internet - not using a LAN or VPN).
Use Sun Java instead of MS's leaky version. If you haven't done this already, then you need to do it now.
Install the IESPYAD script. This adds a long list of known suspects to your restricted sites zone. Though new sites come out all the time which are intended to do harm of one sort or another, there is no harm in restricting access to those already known as a risk. This has been updated very recently.
Use a known anti-spyware tool. I use SpyBot Search & Destroy, which has a high detection rate and includes a resident blocker/scanner. There are many others worth looking at, but this is just what I settled on.
Use antivirus and firewall software. I use Norton Internet Security and Norton Anti-Virus - they seem to do the job for me, but there are many more out there. It really doesn't matter what browser you use if your PC is unprotected and begging to be screwed. It is pointless to install security software that isn't frequently updated - might as well have nothing at all.
There are some good tips covering security settings and practice at OneComputerGuy.com and Markus Jansson's page.
It pays to be paranoid coz' you'll pay if you're not.
|
poi
Paranoid (IV) InmateFrom: France Insane since: Jun 2002
|
posted 07-03-2004 15:35
quote: White Hawk said:
I still use IE. I'm of the opinion that any other browser, if it was in such wide-spread use, would be subject to the same level of attacks and flaw-exploits
I rather agree with you. Still, so far no major security hole have been reported in the alternative browsers ( Opera, Mozilla or Safari ). The only malicious scripts I've heard of in Mozilla asks the users to double click somewhere ( where a confirmation alert should pop ), or type a word ( whose letters are the shorcuts of a confirm alert ), but that's not as dangerous as the holes in IE.
As a side note, a co-worker have to use IE to access a back-office ( I did before Mozilla 1.3 and MIDAS ). During his breaks he keeps using IE to go on the net to watch some portfolios, animations, games ... It took him less than 5 days to get a Search Bar in IE, and God knows how many other SpyWare he got too.
|
poi
Paranoid (IV) InmateFrom: France Insane since: Jun 2002
|
posted 07-06-2004 22:08
|
White Hawk
Bipolar (III) InmateFrom: London Insane since: May 2004
|
posted 07-06-2004 23:41
True Poi,
Norton Firewall and its Ad-blocker do a lot of work on my own PC and SpyBot mops up most of the rest (blocking covert installations within sites like MSN, even), but IE's default security settings are wholly inadequate.
Now, in light of your last post, I'm a little more concerned...
I can't help thinking that Microsoft are having a laugh with all these holes in their software. How much could a corporation like Microsoft secretly accumulate selling exploits on the black market? lol
I think Microsoft owes its customers a complete replacement of IE, available as an update - not just a re-hashed browser stuck together with a series of sticky little patches.
Then again,what new horrors might afflict those who use it? *shudders*
Better not, then.
What was it? FireFox, you say..?
(Edited by White Hawk on 07-06-2004 23:44)
|
tntcheats
Nervous Wreck (II) InmateFrom: BC, Canada Insane since: Jun 2004
|
posted 07-07-2004 00:24
I just switched from IE6 to Firefox with the release of 0.9.1 and disabled all of IE6's ActiveX things, and set it's security to as high as possible--just in case.
I like how the browser actually gets updates hell, this last update was just after a couple days of the release of 0.9, wasn't it?
quote: "Microsoft certainly respects the work CERT does to help protect the Internet and users. Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice," Schare said.
I think someone just got paid off...
With 100,000 browser downloads a day, surging at 200,000 lately, that means that Mozilla should be the most widely used browser quite quickly. And I hope it is--I hate having to worry about IE6's 'bungling' of code.
The other other other other other white meat.
|
White Hawk
Bipolar (III) InmateFrom: out of nowhere... Insane since: May 2004
|
posted 07-07-2004 00:56
Some anonymous corporate geezer: 'Yes, I am well aware of what you meant, but couldn't we change it a little? Perhaps a little re-wording of "Internet Explorer sucks like a suped-up Suck-O-Matic" - maybe to "has potential, must work harder"..?'
Some bloke: 'Look, I'm not sure about this..."
Corp. geezer: 'I'm sure we can come to some sort of compromise. What d'ya say?' A small polite cough covers the almost imperceptible sound of a suede-bound cheque book sliding from a silk suit pocket...
TeeHee...
|
xcFeRiNiZeDcc
Nervous Wreck (II) InmateFrom: U.S. Insane since: Jan 2004
|
posted 07-07-2004 04:47
I use Mozilla, Adaware, and Spybot, and I never get any adware/spyware what so ever. The most I ever see are "tracking cookies" which I'm not overly concerned with. But when I first made the switch to Mozilla, it was also the first time I used aware and the likes, I had literally 800 different problems on my computer, it was amazing. Thank god I don't do credit card tranfers or banking online.
"Some people create with words or with music or with a brush and paints. I like to make something beautiful when I run. I like to make people stop and say, 'I've never seen anyone run like that before.' It's more than just a race, it's a style. It's doing something better than anyone else. It's being creative." -Steve Prefontaine
|
White Hawk
Bipolar (III) InmateFrom: out of nowhere... Insane since: May 2004
|
posted 07-07-2004 14:50
My PC plays soothing music to me in the mornings (the dulcet tones of Motorhead, among others). On various days, I have it set to run a complete system scan before it wakes me up.
However, I haven't run SpyBot's scan for a couple of months. I did so last night.
Despite all my paranoid measures, I found a tracker cookie!
That makes one uninvited item in the last two months.
*sigh*
I'll have to tighten security up some...
|
tntcheats
Nervous Wreck (II) InmateFrom: BC, Canada Insane since: Jun 2004
|
posted 07-08-2004 00:44
Some tracker cookies can be permanently removed by corrupting them.
A foolproof method for sculpting an elephant: first, get a huge block of marble, then you chip away everything that doesn't look like an elephant.
|
Shooting_Star
Nervous Wreck (II) InmateFrom: Insane since: Feb 2004
|
posted 07-08-2004 17:40
|