Yes they do
Posted on 09/20/2006 12:41:51 PM PDT by Eagle9
Although Microsoft has acknowledged that in-the-wild exploits are taking advantage of an unpatched flaw in Internet Explorer, the developer has not committed to cranking out a fix before next month's regularly-scheduled update on Oct. 10. Users who want to protect themselves now, however, do have options.
Disable the vulnerable .dll: In the security advisory posted yesterday, Microsoft suggested that users can disable the vulnerable "Vgx.dll" from the command line.
-- Click Start, choose Run, and then type
-- regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll
-- Click OK, then click OK again in the confirmation dialog that appears.
To undo the command, use:
-- regsvr32 "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll
Use Group Policy to propagate .dll disabling: Microsoft's workarounds don't include this time saver, but an independent researcher has posted templates for creating a pair of Group Policy objects that disable (or undo that) for all users of a Windows domain.
For the details, head to Jesper Johansson's blog, here.
Disable Binary and Script Behaviors in IE 6: Another purely defensive move recommended by Microsoft is to turn off this scripting feature within the browser. Note, however, that this only protects against the currently-known exploit, which could, of course, morph into something else entirely.
-- Select Tools|Internet Options in IE
-- Click the "Security" tab
-- Click "Internet," then "Custom Level"
-- In the "ActiveX controls and plug-ins" section, under "Binary and Script Behaviors," click "Disable," and then click OK.
Repeat the last step above, but in the "Local intranet" zone.
Use another browser: Several security researchers and organizations have recommended dumping IE 6 in similar zero-day situations, and this was no different.
"One of the easiest ways might be to use Firefox with a plug-in to allow certain sites (such as windowsupdate.com) to transparently use MSIE to get back the ActiveX functionality without bothering the user over the choice and differences," said the Internet Storm Center in an online alert Wednesday.
Two such plug-ins (called "extensions" in Firefox parlance) that add IE functionality to Firefox are IE Tab and IE View.
In this case, "another browser" can also mean Internet Explorer 7, which is currently in Release Candidate 1. According to a Microsoft spokesman late Tuesday, IE 7 is not vulnerable to the VML bug.
IE 7 RC1 can be downloaded from the Microsoft site.
thank you!!!!!
"Scoring the first virus hit on them would make a very tempting target for the malware scum."
First ? from 2004
Destructive OS X malware spies on Apple users
http://www.zdnet.com.au/news/security/soa/Destructive_OS_X_malware_spies_on_Apple_users/0,130061744,139164062,00.htm
... and each quarter there are more PC's sold then the combined total of every Mac EVER sold.
"Firewalls and anti-virus software are good things to have - but so far, Mac users have survived without them."
Uh - since 10.3 dosen't OSX have a built-in firewall ?
I suppose the Mac design folks have decided it's a good idea to have one.
It does, but it's turned off by default. It can be activated in the System Preferences - Sharing control panel.
More importantly, Mac OS X doesn't have any unnecessary open ports or services running.
"It does, but it's turned off by default."
Oh - OK ... that makes sense ...
Yes they do
The reasons are summed up on Apple's site, the most important being that Windows plus IE is just very easy to exploit.
2003.08.13
Switchback Virus Infects Macs, Nobody Notices
http://www.lowendmac.com/lite/03/0813.html
bump
A couple of questions:
1) Re "Disable the vulnerable .dll":
What is that .dll used for, and what will be affected if it's disabled?
2) Re disabling Binary and Script Behaviors in IE6 and the following instructions:
(-- Select Tools|Internet Options in IE
-- Click the "Security" tab
-- Click "Internet," then "Custom Level"
-- In the "ActiveX controls and plug-ins" section, under "Binary and Script Behaviors," click "Disable," and then click OK.)
I don't have anything specifically called "Binary and Script Behaviors" under "Active X Controls and Plug-Ins". All I have are:
Download Signed ActiveX Controls (I already have set as Disabled)
Download Unsigned ActiveX Controls (Disabled)
Initialize and Script ActiveX Controls Not Marked as Safe (Disabled)
Run ActiveX Controls and Plug-Ins (Disabled)
Script ActiveX Controls Marked Safe for Scripting (Disabled)
Am I okay there?
Thanks for your help!
I posted this and other articles in the Technical section as news. I'm not an expert, far from it.
F-Secure.comThe vgx.dll component solely handles Vector Markup Language (VML). VML is a description format for browsers to draw vector graphics. Not too many websites use this format today - but rather display plain images. Also - it's only supported by Internet Explorer. Opera and Firefox implement Scalable Vector Graphics (SVG).
Use this link with IE to see an example of VML. If you have the dll registered, you'll see a clock. Once unregistered, you shouldn't see anything.
If you are following the instructions and are running IE6 in WinXP, I don't know why you don't have "Binary and Script Behaviors" listed in your ActiveX Controls and Plug-Ins. I just looked and it's in mine. I don't use IE, instead I use Firefox and Opera. Wish I could help but really have no idea. Sorry.
bookmark
IIt looks like the holes got plugged pretty quick, anyway.
ping for later.
No, turns out it was probably a system hack on someone who wasn't careful with their PW. Someone let a hacker into his root level, where he ran some common UNIX malware. Not a virus. See here for a follow up.
... and each quarter there are more PC's sold then the combined total of every Mac EVER sold.
So? Lots more cheap screwdrivers are sold than quality ones as well. It doesn't make them less tempting to tool thieves.
The followup link you gave seems to have nothing to do with the link I provided - since mine even identifies the website you could "catch" it from and how it will spread from your comp to others.
Ah, but the cheap screwdriver will work with the screws you bought years ago - Your expensive screwdriver requires all new screws and you better hope you never have need of the old ones --- you're outa luck.
The followup link I gave is from the link you provided. From your link: "Chris Waldrip, president of the US-based Atlanta Macintosh Users Group, posted a detailed description of Opener on the MacInTouch Web site."
But, I suppose you can't really be bothered to read the stuff you post.
Ah, but the cheap screwdriver will work with the screws you bought years ago - Your expensive screwdriver requires all new screws and you better hope you never have need of the old ones --- you're outa luck.
That's what a dual boot is for; those exceedingly rare occasions I might have to run stone-age software written for proprietary applications. That doesn't make it a good choice for an interface with the world. Accessing the internet or e-mail on a PC is an exercise in masochism.
My bad ... I thought you were refering to my other post here - #48 leading here ...
http://www.lowendmac.com/lite/03/0813.html
"Accessing the internet or e-mail on a PC is an exercise in masochism."
What do you find so hard about PC's ? I don't have a problem with the net, except due to poor site design, and I've never had a problem with email. I think the last virus that actaully infected me was "red flag" back in the days when a 60 meg hard drive was hot stuff.
You believe that using Hotmail is an excercise in masochism ?
... Is your VCR still blinking 12:00 ? :-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.