Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

How To Defend Against IE's VML Bug
TechWeb ^ | September 20, 2006 | Gregg Keizer

Posted on 09/20/2006 12:41:51 PM PDT by Eagle9

Although Microsoft has acknowledged that in-the-wild exploits are taking advantage of an unpatched flaw in Internet Explorer, the developer has not committed to cranking out a fix before next month's regularly-scheduled update on Oct. 10. Users who want to protect themselves now, however, do have options.

Disable the vulnerable .dll: In the security advisory posted yesterday, Microsoft suggested that users can disable the vulnerable "Vgx.dll" from the command line.

-- Click Start, choose Run, and then type

-- regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll

-- Click OK, then click OK again in the confirmation dialog that appears.

To undo the command, use:

-- regsvr32 "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll

Use Group Policy to propagate .dll disabling: Microsoft's workarounds don't include this time saver, but an independent researcher has posted templates for creating a pair of Group Policy objects that disable (or undo that) for all users of a Windows domain.

For the details, head to Jesper Johansson's blog, here.

Disable Binary and Script Behaviors in IE 6: Another purely defensive move recommended by Microsoft is to turn off this scripting feature within the browser. Note, however, that this only protects against the currently-known exploit, which could, of course, morph into something else entirely.

-- Select Tools|Internet Options in IE

-- Click the "Security" tab

-- Click "Internet," then "Custom Level"

-- In the "ActiveX controls and plug-ins" section, under "Binary and Script Behaviors," click "Disable," and then click OK.

Repeat the last step above, but in the "Local intranet" zone.

Use another browser: Several security researchers and organizations have recommended dumping IE 6 in similar zero-day situations, and this was no different.

"One of the easiest ways might be to use Firefox with a plug-in to allow certain sites (such as windowsupdate.com) to transparently use MSIE to get back the ActiveX functionality without bothering the user over the choice and differences," said the Internet Storm Center in an online alert Wednesday.

Two such plug-ins (called "extensions" in Firefox parlance) that add IE functionality to Firefox are IE Tab and IE View.

In this case, "another browser" can also mean Internet Explorer 7, which is currently in Release Candidate 1. According to a Microsoft spokesman late Tuesday, IE 7 is not vulnerable to the VML bug.

IE 7 RC1 can be downloaded from the Microsoft site.


TOPICS: Technical
KEYWORDS: browser; exploit; ie; internetexploiter; lowqualitycrap; malware; microsoft; securityflaw; spyware; windows
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-62 next last
To: HOYA97
Why are Mac's not affected by virus's? Is this in fact true? I am considering getting one for work and I would like your comments.

It's true. Apple's Mac OS X operating system is designed to resist viruses better than Windows. It is possible that a virus will spread on Macs someday, but so far Mac users have been very fortunate compared to our Windows-using friends.

There are dozens of reasons why Windows is plagued with viruses, worms and spyware. Much of the Windows operating system was designed before the Internet became popular, so Microsoft did not use good coding practices. Microsoft also decided to leave many unnecessary communications ports open without a firewall until recently. Viruses can obtain administrative privileges more easily on Windows than on Macs. Microsoft e-mail programs used to automatically execute viruses that were attached to messages.

There is a myth that viruses writers don't try to attack Macs because Windows is more popular. But the popularity of Windows does ensure that viruses spread more quickly on that platform.

Better security is one good reason to get a Mac, but there are several others - better software, better reliability, better productivity - and Macs are just more fun to use than Windows computers.

21 posted on 09/20/2006 2:14:14 PM PDT by HAL9000 (Happy 10th Anniversary FreeRepublic.com - Est. Sept. 23, 1996 - Thanks Jim!)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Eagle9

I use Swiftfox, a variant of Firefox for Linux. No problems here.

Regards, Ivan


22 posted on 09/20/2006 2:14:27 PM PDT by MadIvan (I aim to misbehave.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: HOYA97
I am considering getting one for work and I would like your comments.

What kind of work do you do?

23 posted on 09/20/2006 2:17:16 PM PDT by LexBaird (Another member of the Bush/Halliburton/Zionist/CIA/NWO/Illuminati conspiracy for global domination!)
[ Post Reply | Private Reply | To 10 | View Replies]

To: P-40

Better yet, get a Macintosh. No viruses. No spyware. Safe and secure browsing.


24 posted on 09/20/2006 2:25:55 PM PDT by Astronaut
[ Post Reply | Private Reply | To 2 | View Replies]

To: LexBaird
Lol!! I was just typing up a similar response: that the only successful attack I had seen on a Mac was the MSOffice Micro 'way back in the 90's. IIRC, we killed it on our network by disabling Office itself, and just running the individual MS application(s) we needed at the time...
25 posted on 09/20/2006 2:48:54 PM PDT by TXnMA ("Allah": Satan's current alias...)
[ Post Reply | Private Reply | To 17 | View Replies]

To: petro45acp

You should let someone who actuallly knows something about Macs answer that question. All you succeeded in doing was advertising your ignorance and MS prejudice. Hope you enjoy sucking on the MS marketing koolaid teat... :-(


26 posted on 09/20/2006 2:54:05 PM PDT by TXnMA ("Allah": Satan's current alias...)
[ Post Reply | Private Reply | To 13 | View Replies]

To: MadIvan

Which linux are you running?


27 posted on 09/20/2006 3:14:19 PM PDT by Leisler (Read the Koran, real Islam is not peaceful.)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Leisler

Ubuntu Dapper Drake. It's the best OS I've used. I do like PC BSD as well, however.

Regards, Ivan


28 posted on 09/20/2006 3:15:43 PM PDT by MadIvan (I aim to misbehave.)
[ Post Reply | Private Reply | To 27 | View Replies]

To: Eagle9
If Microsoft Windows Update web site will accept Firefox with either of those two extensions, then banking and MS Exchange/Outlook Web Mail and other IE only web sites should also accept it

Interesting. It sounds like the Firefox plugin is allowing other activeX controls to run. But I wonder if they run in the context of Firefox (which I would need for the MS Ex/Outlook webmail) or if they just run in the background (ie to do MS installations, dll registrations, etc.)

29 posted on 09/20/2006 8:27:13 PM PDT by KayEyeDoubleDee (const Tag &referenceToConstTag)
[ Post Reply | Private Reply | To 6 | View Replies]

To: KayEyeDoubleDee; OrangeDaisy; DollyCali
Interesting. It sounds like the Firefox plugin is allowing other activeX controls to run. But I wonder if they run in the context of Firefox (which I would need for the MS Ex/Outlook webmail) or if they just run in the background (ie to do MS installations, dll registrations, etc.)

I just now checked on IEView and IETab at Mozilla.org and both simply run IE simultaneously with Firefox. If you're looking for an easy way to use IE on one web site, like a bank, or some other reason while you're using Firefox, either of the two would do it.

30 posted on 09/20/2006 9:07:05 PM PDT by Eagle9
[ Post Reply | Private Reply | To 29 | View Replies]

To: Eagle9

How do you clean it out if you already have it?


31 posted on 09/20/2006 9:08:28 PM PDT by Toby06 (Hydrogen is not a fuel source. Hydrogen is an energy storage method, like a battery.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Eagle9

I've been using IE7 since it was in Beta. Works great for me.


32 posted on 09/20/2006 9:09:06 PM PDT by COEXERJ145 (Free Republic is Currently Suffering a Pandemic of “Bush Derangement Syndrome.”)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Toby06
How do you clean it out if you already have it?

If you're running an anti-virus program like McAfee or Norton, scan then follow their instructions. You can also run a scan online at either of tthee following links. You will also need to download, install, and run Spybot Search & Destroy for all the malware that's been associated with the VML exploit. You will probably need to run other malware detectors, since one rarely catches and removes all malware. In WinXP run the Malicious Software Removal Tool located in your All Programs menu.

TrendMicro Housecall
http://housecall.trendmicro.com/

avast! Online Scanner
http://onlinescan.avast.com/

Download link for SpyBot Search & Destroy
http://www.spybot.info/en/download/index.html

33 posted on 09/20/2006 9:55:39 PM PDT by Eagle9
[ Post Reply | Private Reply | To 31 | View Replies]

To: Eagle9

Geez, I run Norton, AVG free, Adaware and Spybot daily,

My kids must have hit some bad porn!


34 posted on 09/20/2006 10:02:40 PM PDT by Toby06 (Hydrogen is not a fuel source. Hydrogen is an energy storage method, like a battery.)
[ Post Reply | Private Reply | To 33 | View Replies]

To: MadIvan
I use Swiftfox, a variant of Firefox for Linux. No problems here.

It's good to see you, MadIvan. I've always enjoyed reading the articles and essays you post, and your comments.

I have a laptop and a desktop that I don't use but keep in case this desktop has problems. Both of the older ones are still running Win98 and Win98SE, respectively. I've thought about installing a 'novice' version of Linux in a separate partition on one of them. I haven't yet because I don't think have enough technical knowledge to run Linux.

35 posted on 09/20/2006 10:59:36 PM PDT by Eagle9
[ Post Reply | Private Reply | To 22 | View Replies]

To: Toby06
Anti-virus programs and malware detect/remove apps need updated databases to detect and remove what has been downloaded onto your computer. I just read a new article that says the VML 'bug' has already been updated/changed. I'm not sure if the databases had been updated to detect all of what the original version was downloading to computers.

IE Exploit Could Soon Be Used By 10,000-plus Sites
http://www.techweb.com/wire/security/193004128;jsessionid=UFDKNTP55TK0OQSNDLRSKHSCJUNN2JVN

36 posted on 09/20/2006 11:19:33 PM PDT by Eagle9
[ Post Reply | Private Reply | To 34 | View Replies]

To: HAL9000
Well, that would be your opinion, sir. There are, at least, 10 virus and trojan/worms out there aimed at macs as we type. Just google for them.

To put it bluntly, no apologies here, anyone who doesn't protect their box, no matter the OS, in these days, is an idiot. Anti-virus, anti-malware, anti-trojan, etc. protection is a must, even a child is aware of that.

And, BTW, ie7 is fantastic!

You speak of productivity. In the PC world, Microsoft brought it to the masses. Still does. Macs do what? Make cute little squiggles and fancy artwork used by pros. If it weren't for M$, mac would never have upgraded...how many different variations and OS's do they have now? I can run apps today on Win 2k, XP, and Vista, that were written 20 years ago for DOS and then Win3x, let's see you do that on OSX. LOL
You speak of better software. How's that? Mac's most popular office app is made by M$. I have many mac apps that OSX won't even recognize, let alone run 'em. Everything mac is an attempt to appear as advanced as M$.
You speak of reliability. I have 486's running Win 95 and 98, right along side of my Power Mac ( which, nowadays I only use for making and testing Filemaker db's) Wanna' guess which crashes more?

I'm not in love with bill, nor his company, but give the man his due, would ya? Without MS, millions of people would never have had the opportunity or ability to become as productive or successful as they are. Can you honestly say that about mac?

Please, get off the bash Micro$not campaign.

Would you really like to take M$ down a notch, in an honorable way? Good, then contribute to something like this:http://www.reactos.org/en/index.html




:O)

P
37 posted on 09/20/2006 11:56:30 PM PDT by papasmurf (Join Team 36120 Free Republic Folders. Folding@Home Enter Name:FRpapasmurf)
[ Post Reply | Private Reply | To 21 | View Replies]

To: HOYA97
It's about volume, more people use IE and therefor virus writers and exploiters target the most common denominator. If Apple were more popular than Windows boxes they would be the ones attacked. Linux does have the advantage of having an army of geekish types that hunt/fix flaws but it's likely a similar issue of not being on top and thereby avoiding the attention of the most prolific adware/malware/virus/exploit writers.
38 posted on 09/21/2006 12:06:32 AM PDT by Uriah_lost (M.I.E. Mainer In Exile I'll come back when the Massholes go home.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: papasmurf
"There are, at least, 10 virus and trojan/worms out there aimed at macs as we type. Just google for them."

Well, they aren't working. Over 20 million Mac OS X users are running with no special protection, and none are getting infected. A handful of Mac OS X users have downloaded a trojan horse, but that's about the only problem so far. Firewalls and anti-virus software are good things to have - but so far, Mac users have survived without them.

"And, BTW, ie7 is fantastic!"

I doubt it, but Safari and Firefox are excellent web browsers.

"Mac's most popular office app is made by M$."

Yes, Microsoft Office for Mac is available, and supposedly it's better than the version for Windows.

"I have many mac apps that OSX won't even recognize, let alone run 'em."

There is emulation software available for those old 68000-based apps, but I'm glad Apple isn't wasting their time trying to support obsolete software.

"Without MS, millions of people would never have had the opportunity or ability to become as productive or successful as they are. Can you honestly say that about mac?"

Absolutely yes.

"Please, get off the bash Micro$not campaign."

Everybody loves to bash Microsoft. It's a national pastime.

39 posted on 09/21/2006 12:20:04 AM PDT by HAL9000 (Happy 10th Anniversary FreeRepublic.com - Est. Sept. 23, 1996 - Thanks Jim!)
[ Post Reply | Private Reply | To 37 | View Replies]

To: Eagle9
You can try out Ubuntu without installing it on your laptop - just use their Desktop CD, have it boot up from the CD ROM drive. There is a learning curve, but it's not bad.

Regards, Ivan

40 posted on 09/21/2006 12:21:18 AM PDT by MadIvan (I aim to misbehave.)
[ Post Reply | Private Reply | To 35 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-62 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson