Posted on 11/30/2005 11:42:46 AM PST by Eagle9
Microsoft acknowledged Tuesday that malicious software targeting an unpatched bug in Internet Explorer is on the loose, and urged users to run a complete system scan on its new Windows Live Safety Center -- which has a quirk of its own -- to detect and delete the code.
In an update of a security advisory issued Nov. 21, Microsoft noted that both proof-of-concept code and an exploit are in circulation. The exploit can compromise PCs running IE on a host of the company's operating systems, including Windows 98, Windows Me, Windows 2000, and Windows XP.
The bug, which was reported to Microsoft in May, was first thought to pose only a denial-of-service (DoS) attack risk, but more recent research by security vendor Computer Terrorism Ltd. said that the flaw could be used to hijack a machine simply by luring users to a malicious Web site.
While Microsoft has not produced a patch for the vulnerability, it said users could choose the "Complete Scan" option at its free-of-charge Live Safety Center site to check for and remove the malicious code.
In the advisory, Microsoft repeated its promise that it would "take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."
The advisory includes several workarounds to deflect attacks, including disabling Active scripting in Internet Explorer by choosing Tools/Internet Options, clicking the Security tab, clicking on the Custom Level button, scrolling to the Scripting section, and selecting the Disable radio button next to Active scripting.
Get real. Get Firefox.
Version 1.5 released today.
Internet Exploder is what Firefox would be if Firefox were steam powered.
Ain't now way I'm installin' anything "Beta" from Ms.
So you're not running Windows? ;-)
Not sure if this is up your alley, But...
It looks like Firefox is free?
Does it install easily, or do I have to go through a lot to get IE not to run? Or - are the instructions available with the download to put IE in the background or get rid of it.
Also, do all/most websites run on Firefox, or do you need to have IE still available for some (like banking, etc.)
Yes it is free
Yes it installs easy.
No you cannot get rid of IE.
But you can make Firefox your default browser and not use IE for almost everything.
- You can't remove IE (it's part of Windows) completely, but you don't have to run it, either.
- Firefox installs easily and will copy over all your current Favorites bookmarks if you wish so you can pick right up where you left off.
- Some sites detect browsers and say you have to have IE, but there's a plug-in for Firefox that makes it mimic IE, so there will be very few times you'll ever need IE. You can even tell Firefox "load this page in IE" with one click. Sites that demand IE are becoming fewer and fewer - good riddance.
Try it, you can always go back to IE, but I bet you won't. I've never met anyone who's gone back to IE from Firefox, Netscape or Opera. It's just that sucky.
And, once you get used to Firefox, go to Tools/Extensions and explore. There are lots of cool free enhancements out there.
Thank you VERY much for the information! I'll download it later today.
You're welcome. At a minimum, install the AdBlock and BugMeNot extensions - you won't believe how cool and useful they are.
Every time I see somebody using IE, I admire their ability to go through life on broken crutches.
Opinions?
I'm so glad I've purged myself from the daily M$ Winders/IE crap.
It's downright peaceful.
IMO, you are doing everything required to be reasonably safe and keeping your OS fairly stable. A hardware firewall, like those that come built into routers, and using a browser that is not integrated into the OS, e.g. Firefox, Opera, etc., is also advisable.
But yes, ActiveX is, or can be a security nightmare because it doesn't play in a sandbox. Downloading a control is not installing ActiveX because it's already installed on your system by virtue of being incorporated into Windows.
Welcome to Billy's world!
I can't comment of the Live SC BS because I stoped running versions of Windows after W2K, and the only versions I still have on HD haven't been booted in almost a year.
But if I had to hazard a guess; I'd say you're probably okay with the tools your have (NOTE: Did you know McAfee REQUIRES ActiveX for their software to work? Which is why I removed McAfee VS and went another route) and that M$ is trying to push you away from those tools because they see a new cash cow in their own homegrown sectools. Ones wonders what that ActiveX control they want you to D/L will gleen from your system and report back to Redmond.
My Linux laptop just keeps on sailing without worries.
I'd say that too, but I'm getting email from 'smartd' daily basically telling me that my harddrive is going to die any day now. It's a work, laptop and was scheduled for replacement in February anyway, so they're just ordering early rather than replacing the drive. I'm hoping the drive will crap out completely the day I get my new laptop. :-)
LOL--I was actually referring to software issues. I get your point though. I'm in the same boat--my mainboard died, so I'm trying to save the cash for a replacement.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.