Security Advisory

Meltdown · 04-16-2004, 05:02 PM

Getting pop-ups, gatored, and other BS apps installed on your computer that you know for a fact you didn't say OK to? Still getting them even after locking down your firewall and you security settings in IE and OL? Here is why:

http://www.greymagic.com/security/advisories/gm001-ie/

Turns out there is a bug in IE/OL that is a VERY old bug that has not been patched by MS yet, and allows webpage programmers to force your system to run commands, install software, etc. regardless of your security settings. There is a registry change you can do to work around the issue, but man I wish Micro$haft would get on the ball and fix this shit, and that the gov't would pass some digital security rights preventing people from loading anything on your machine without your expressed permission under the penalty of getting a swift kick in the balls.

Eye · 04-16-2004, 05:29 PM

lol,

man, if i could electronically kick someone in the balls, then you would probably see the worlds populatoin rise come to a screeching halt.

GroovyDude · 04-16-2004, 06:14 PM

A little off topic, but what the hey...

For Windows I use MYIE2 which adds tab navigation to IE and includes a pop-up blocker which has been working great for me. There are all sorts of cool plugins and skins available for MYIE2 as well.

It's free:

http://www.myie2.com

If you don't like IE, I recommend trying the Firefox beta from http://www.mozilla.org which is what I use on my linux box and laptop, but a windows version is also available.

Packetloss · 04-16-2004, 06:21 PM

a lot of those free wonderful tools are tools for this crap anyways - Be careful

GroovyDude · 04-16-2004, 08:31 PM

Quote:

Originally Posted by Packetloss

a lot of those free wonderful tools are tools for this crap anyways - Be careful

Yes, you do have to be careful. Here's a cool link for checking if that free download includes free spyware as well.

http://www.spychecker.com/

toetag · 04-16-2004, 08:46 PM

if you want to detect spyware get 2 programs

spybot s&d for the lightweight stuff and go downlaoda 3 day trial of Netcop for the serious shit.

Another thing you can do is get nav 2004 with spyware detection.

Beleive me I know about this kind of stuff weeks and months before most people because I sell SPYWARE.....oooooooohohhhhhhhhhh! :p

toetag · 04-16-2004, 08:58 PM

there are laws that protect you.

If you own the computer and you call local law enforcement they can foresically determine that kind of stuff. (is it realy worth it to have the police raid your mp3 closet?) however, there are things you can do to protect yourself.

Get behind a firewall.
Most malicious software is not entirely run thry ie or html for that matter. Somewhere there is an app running, service renamed, or a .ocx .dll file thats gonna need to access the internet at one time or another.

if you lock it right it can log your pc all day long, but never access the internet to send information.

Get behind a router.
Another thing to consider is getting behind a router and close some ports. let the normal ports stay open, but make sure you have no high range ports open that you do not know about.

I work for the #1 Software Manufacturer of Internet monitoring software. I know just about every trojan,malware,spyware,and monitoring software made and know this kind of crap.

If you want to rid malware and spyware, loct the pc down.

Long Live MMC! :eek:

don_xvi · 04-16-2004, 10:08 PM

Interesting topic, actually!
So you're saying I need to run a firewall (I liked zonealarm back when) IN ADDITION TO being behind my router? Because I guess I can't count on my NAV keeping all the bad apps out.... it makes sense to me now, do I have it right?
Thanks!

Horsepower · 04-16-2004, 10:19 PM

basically...hardware firewall stops the incoming stuff, software firewall(zonealarm) stops the stuff from going out. say u download a file that contains a trojan. u unknowingly install it. that trojan can phone home easily if u dont have a software firewall installed.

why do i have the feeling that Packet will be by to tell us we're all noobs?

Packetloss · 04-16-2004, 10:43 PM

Hrm. Mixed emotion here - Everyone will have an opinion, mine may or may be more or less correct than the next yokel.

However, my 2 cents?

*Always* be behind nat - Network address translation - In the home world this is a 'router' - I dont care if you have a oc3 at the office or dialup - ALL users should be nat'd.

However - Should the average dork run a local firewall? no. you'll end up asking people like me all day what 'port 80 packets are for - am i getting attacked?' 'Why am i seeing all the port 53 udp?' blah blah blah - unless you know what the typical services and ports are, and how to properly manage them, screw it - You're going to have more problems than its worth, and you're going to think you're behing hacked every time your isp scans you, or you see some funny UDP.

Does this make you vulnerable? Maybe. Most spyware writers these days are using the above IE trickery - If i have you pull a file that replaces mplayer.exe, then trigger mms:// that then talks on port 80, or 53/udp, how will you ever know?

Security is not a tool, its a mindset. Run popup blocker (google toolbar is rad). Remember that NOTHING is free - Be it porn, spy scanners, or video games - If its free, it most likely has something embedded in it.

So, know where you're going, bock pops (most exploits/etc = via popunders), and always look over your shoulder - And remember - NOTHING IS FREE, and you'll be just as secure if you ran some zonealarm crap, and paniced 30 times a day about every packet it traps.

....However - If you know what you're doing, and are willing to take the time and develop working rulesets, and remove any bugs you may have - 'help! bfv server browser doesnt work anymore, and ive reinstalled 18 times!' comes to mind (I'll leave this person anonymous) - A firewall is a good tool.

...make sense?