thew Posted July 2, 2004 Share Posted July 2, 2004 Nobody has mentioned, Not sure it's sunk in yet as common knowledge. http://www.internetnews.com/security/print.php/3374931 US-CERT: Beware of IE By Ryan Naraine June 29, 2004 The U.S. government's Computer Emergency Readiness Team (US-CERT) is warning Web surfers to stop using Microsoft's Internet Explorer (IE) browser. On the heels of last week's sophisticated malware attack that targeted a known IE flaw, US-CERT updated an earlier advisory to recommend the use of alternative browsers because of "significant vulnerabilities" in technologies embedded in IE. "There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME-type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different Web browser, especially when browsing untrusted sites," US-CERT noted in a vulnerability note. The latest US-CERT position comes at a crucial time for Microsoft , which has invested heavily to add secure browsing technologies in the coming Windows XP Service Pack 2. The software giant has spent the last few months talking up the coming IE security improvements but the slow response to patching well-known -- and sometimes "critical" -- browser holes isn't sitting well with security experts. On discussion lists and message boards, security researchers have spent a lot of time beating the "Dump IE" drum, and the US-CERT notice is sure to lend credibility to the movement away from the world's most popular browser. US-CERT is a non-profit partnership between the Department of Homeland Security (DHS) and the public and private sectors. It was established in September 2003 to improve computer security preparedness and response to cyber attacks in the United States. It has been more than two weeks since Microsoft confirmed the existence on an "extremely critical" IE bug, which was being used to load adware/spyware and malware on PCs without user intervention but, even though the company hinted it would go outside its monthly security update cycle to issue a fix, the flaw remains unpatched. US-CERT researchers say the IE browser does not adequately validate the security context of a frame that has been redirected by a Web server. It opens the door for an attacker to exploit the flaw by executing script in different security domains. "By causing script to be evaluated in the Local Machine Zone, the attacker could execute arbitrary code with the privileges of the user running IE," according to the advisory. "Functional exploit code is publicly available, and there are reports of incidents involving this vulnerability." To protect against the flaw, IE users are urged to disable Active scripting and ActiveX controls in the Internet Zone (or any zone used by an attacker). Other temporary workarounds include the application of the Outlook e-mail security update; the use of plain-text e-mails and the use of anti-virus software. Surfers must also get into the habit of not clicking on unsolicited URLs from e-mail, instant messages, Web forums or internet relay chat (IRC) sessions. Here is an alternative browser if you don't want your keystrokes examined by hackers in eastern europe... http://www.mozilla.org/products/firefox/ If you've already been bitten. If you've got pop ups everywhere when you surf, or if your homepage has been hijacked and you can't reset it to your prefference... I recomend this shareware tool. If you like it pay the dude for the commercial version.. http://www.download.com/Ad-aware/3000-8022-10214379.html?tag=lst-0-2 Link to comment Share on other sites More sharing options...
monkey66 Posted July 2, 2004 Share Posted July 2, 2004 I switched to firefox when this story broke a week or so ago. No regrets, awesome browser... Link to comment Share on other sites More sharing options...
Prosperity Posted July 2, 2004 Share Posted July 2, 2004 I have firfox but I use IE for some reason, but I guess I will switch now. Link to comment Share on other sites More sharing options...
Gilgamesh Posted July 2, 2004 Share Posted July 2, 2004 People need to get off IE and Outlook anyway...far too many security holes... Link to comment Share on other sites More sharing options...
Renegade7 Posted July 2, 2004 Share Posted July 2, 2004 I haven't been using that for a while now. I knew there was something wrong with it, that's why I do netscape. Link to comment Share on other sites More sharing options...
codeorama Posted July 2, 2004 Share Posted July 2, 2004 I switched to firefox because of you guys on the board warning everyone and I've had no problems since. Link to comment Share on other sites More sharing options...
SkinsNumberOne Posted July 2, 2004 Share Posted July 2, 2004 Originally posted by thew Nobody has mentioned, Not sure it's sunk in yet as common knowledge. http://www.internetnews.com/security/print.php/3374931 Here is an alternative browser if you don't want your keystrokes examined by hackers in eastern europe... http://www.mozilla.org/products/firefox/ If you've already been bitten. If you've got pop ups everywhere when you surf, or if your homepage has been hijacked and you can't reset it to your prefference... I recomend this shareware tool. If you like it pay the dude for the commercial version.. http://www.download.com/Ad-aware/3000-8022-10214379.html?tag=lst-0-2 Our work timecard system is through a web browser, and it does not work in any browser I've tried except IE. I'm sure it's due to some type of MS proprietary DHTML implementation, but I have to use IE because of it. I have Firefox installed I think, but I always end up using Avant Browser (which uses the IE component) because I know I'll need to update my timecard and I didn't want to use multiple browsers. I guess it's time to switch to IE only for the timecard system... Link to comment Share on other sites More sharing options...
riggins44 Posted July 2, 2004 Share Posted July 2, 2004 I need to use IE for a lot of websites I use for work only work off IE. Link to comment Share on other sites More sharing options...
Tom [Giants fan] Posted July 2, 2004 Share Posted July 2, 2004 I am using mozilla now which I heard of from here. What I wasn't aware of is, mozilla is godzilla's cousin. :thumbsup: Link to comment Share on other sites More sharing options...
The Wicked Wop Posted July 3, 2004 Share Posted July 3, 2004 Just went to firefox.......and thank god......F IE, can't believe I put up with it for this long Link to comment Share on other sites More sharing options...
Larry Posted July 3, 2004 Share Posted July 3, 2004 It's not a bug, it's a feature. Link to comment Share on other sites More sharing options...
Larry Posted July 3, 2004 Share Posted July 3, 2004 Just realised how much that sound like "It's a browser of peace". Link to comment Share on other sites More sharing options...
Dan T. Posted July 3, 2004 Share Posted July 3, 2004 I've been hijacked, and I can't get rid of the F*cker. I've tried Adaware, CWShredder, Hijack This, Spybot Search and Destroy. It's tenacious. It regenerates on startup and hijacks my browser to something called "solongas". I'd like to strangle the f'er that created this scumware. Link to comment Share on other sites More sharing options...
MichaelM Posted July 3, 2004 Share Posted July 3, 2004 I downloaded Fire Fox and it seems much faster at loading pages than IE. So far, I don't have any complaints. It wouldn't import my passwords, so I had to spend some time going to each page I frequent and adding logins and passwords. Link to comment Share on other sites More sharing options...
NASMTrainer Posted July 3, 2004 Share Posted July 3, 2004 I have a question. Should I uninstall IE? And another question what should I do about Outlook Express? Link to comment Share on other sites More sharing options...
jjcskins Posted July 3, 2004 Share Posted July 3, 2004 Dan T - I've been hijacked, and I can't get rid of the F*cker. I've tried Adaware, CWShredder, Hijack This, Spybot Search and Destroy. Try booting up in safe-mode & running Hijack This. Then rebooting normally. Worked for me...... Link to comment Share on other sites More sharing options...
The Wicked Wop Posted July 3, 2004 Share Posted July 3, 2004 It's tenacious. It regenerates on startup and hijacks my browser to something called "solongas". I'd like to strangle the f'er that created this scumware. Unfortunately it likely loaded an exacutable file that is intended to reinstall the program upon startup. My dad had the same problem a few weeks ago. It's likely in your registry or other folder likely under a different name. I did a quick search and this site might help. http://www.annoyances.org/exec/forum/win2000/n1070311411 Link to comment Share on other sites More sharing options...
TheDiplomat Posted July 3, 2004 Share Posted July 3, 2004 Hey guys. Everytime I try to download something directly from the IE browser it sends me to a cannot find server webpage. ANybody know whats wrong with my comp? Any advice would help. Thanks in advance. Link to comment Share on other sites More sharing options...
Destino Posted July 3, 2004 Share Posted July 3, 2004 Originally posted by Skin-N-NY I have a question. Should I uninstall IE? And another question what should I do about Outlook Express? You don't need to uninstall it, but when installing a second browser you will be promtped as to which you want as your default. Set the new browser (Mozilla owns) to the default and you'll be all set . Also remove all IE shortcuts from yoru desktop to avoid the accidental clicking. Link to comment Share on other sites More sharing options...
MichaelM Posted July 3, 2004 Share Posted July 3, 2004 I haven't found an option to do an auto fill with items such as my name, address, and email; is this an option anywhere? Link to comment Share on other sites More sharing options...
BayouBrave86 Posted July 3, 2004 Share Posted July 3, 2004 Yeah I thought something was up. My IE has gone ape **** over the past 2 weeks. It won't load when I click on the IE icon so I have been going to My Computer and typing in the address from there.:laugh: I'll have to download that Mozilla stuff. Link to comment Share on other sites More sharing options...
BayouBrave86 Posted July 3, 2004 Share Posted July 3, 2004 Oh and is Mozilla free? Link to comment Share on other sites More sharing options...
BayouBrave86 Posted July 3, 2004 Share Posted July 3, 2004 Wow this thing is so much faster than IE. Link to comment Share on other sites More sharing options...
panel Posted July 3, 2004 Share Posted July 3, 2004 Yeah, thanks all, I just got the fox one, and it is better. Link to comment Share on other sites More sharing options...
BG Posted July 3, 2004 Share Posted July 3, 2004 I am using IE and OE. No problems right now, but over the years, I have gotten so much adware/spyware/malware, that I've learned how to get into the registry and get rid of most of it. One other program that has been a godsend to me is: http://www.pestpatrol.com Someone a while back agreed with me on that one that it's the best out there and well worth the investment. As far as alternatives, I know about Mozilla, but what is a good alternative to OE? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.