Results 1 to 9 of 9
  1. #1
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Pop-ups, revisited (any version)

    Woody's recent WWW issue discusses some of my previous points. First off, in "Dangers Luking in Plain Text" he mentions the problem that "plain text" email can still run *script*. Now, I suspect Woody has inadvertently given the following recommendation:

    1) From the Tools Menu choose Internet Options.
    2) Click the Security tab.
    3) Click the Restricted Sites icon then click Custom Level and make sure all the *ActiveX* options are disabled.
    4) Then, in Outlook Express, ensure you are using the Restricted Sites security settings by selecting Options from the Tools Menu, clicking the Security tab, and in the Virus Protection section make sure the Restricted Sites Zone is selected.

    As I hope we ALL know form my last huge discussion with MerC -- ActiveX is NOT the same as Scripting. The vulnerability SecurityFocus was discussing <A target="_blank" HREF=http://www.securiteam.com/windowsntfocus/5HP0D1P5FC.html>here</A> involves SCRIPT -- not ActiveX. So please substitute the following for Woody's instruction #3:

    3) Click the Restricted Sites icon then click Custom Level and make sure all the SCRIPTING options are disabled.

    If you wish to make yourself safe from the issue discussed in the SecurityFocus article you must disable SCRIPTING -- not ActiveX.

    HOWEVER, while you are making sure Scripts are disabled, I would certainly recommend that you disable ActiveX as well in your Restricted sites as well. This component -- which is related to the "Object Linking and Embedding" technology -- is not the same as Script. It is equally vulnerable to abuse -- hence the name it is frequently referred to is "HactiveX".
    ____________________

    Now, the third section of the newsletter, "The Pop-up War Heats Up", he addresses ad blocking software. YES, Adkey will force you to either disable ad blocking software, or pay a fee to see the site in question. HOWEVER, is the NOT this case with simply disabling scripting.

    Disabling scripting in the Internet zone BLOCKS the pop-up ads -- and Adkey does NOT prevent you from seeing the site --sans the pop-up ad.

    So, again, I feel this is a superior solution. Just my opinion...
    _____________________

    Lastly, in "So Many Patches...So Little Time", Woody points out:

    "Keeping your virus definitions up to date is just part of your anti-viral/anti-hacker arsenal. Virus definitions, by definition, deal with known threats. The same hole/vulnerability/bug which enables one virus to attack your system may also be exploited by numerous other viruses or hacks. Updating your definitions will deal with existing threats; patching your system closes the holes permanently, so no future hack/virus can take advantage of it. Well, at least that's the theory...."

    I extend this to include that up-to-date virus definitions and up-to-date Microsoft patches are simply not enough for some of us. Since we all KNOW the sources of most of the problems (Script, ActiveX, Java), if you simply limit these to the sites you trust, you are FAR more secure.

  2. #2
    Bronze Lounger
    Join Date
    Feb 2001
    Location
    England
    Posts
    1,306
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Pop-ups, revisited (any version)

    Hi
    Since getting my head round the various flavours of Active Content, I've been using your advice. In Internet Zone I Disable everything I can, and in trusted Zone, Enable it all. This calls for a bit of switching around when visiting a secure web site, but it works well in the end. In OE email, I am permanently Restricted, which is just as well, perhaps, as I got this this morning :

    From: <michelle_j18@excite.com>
    To: <michelle_j18@excite.com>
    Subject: Re: You've been selected for Free PalmPilot M125 !
    Date: 21 October 2001 07:49

    This file: "Unknown0000.data" was infected with the: "JS.Exception.Exploit" virus.

    The file was quarantined by Norton AntiVirus. Sunday, October 21, 2001 12:10

    I wonder if NAV would have stopped this little disease had I been in a zone which enabled active content? As I mentioned elsewhere, Symantec then advised a visit to an MS site, where I found out that the version of JVM I was running (3229) was, in fact, vulnerable to this worm, this in spite of having SP2 installed, and all patches updated according to Critical Update Notification. I re-installed SP2 via an express installation, and my JVM updated to 3802, not affected by the worm. Nowhere have I seen this particular issue discussed : surely SP2 is SP2, and there should not be variants of it.
    Jeez, can you ever keep up, never mind get ahead...?

  3. #3
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Pop-ups, revisited (any version)

    "Jeez, can you ever keep up, never mind get ahead...?"

    Hehehe. I feel this way every day I turn my computer on! <img src=/S/smile.gif border=0 alt=smile width=15 height=15>

    Well, Microsoft has begun to start looking at prioritizing these Security Updates. I think Woody's newsletter mentions this also.

    As for adding sites to the Trusted zone, would you find <A target="_blank" HREF=http://www.dslreports.com/r0/download/21517;6a9960bb0d23e4b3376e8a742c1f3b19/buttons.jpg>this</A> useful?

    I designed the buttons and wrote the simple .reg file. It works in IE5 and 6 -- but you have to install the IE5 Web Accessories first (the .dll's that run this are from Microsoft -- I only gave it a nicer interface). They work fine in IE6.

  4. #4
    ileacy
    Guest

    Re: Pop-ups, revisited (any version)

    Definitely of interest, but could you post a link to the software?

    The jpg teaser is nice, but....

  5. #5
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Pop-ups, revisited (any version)

    It's a multiple step process, but it is fairly easy. This is for Win9x, so if you are using WinNT/2x modifications will be necessary.
    _________________

    1) Download and Install the "Microsoft Internet Explorer 5 Power Tweaks Web Accessories" that are availible on . This is near the bottom of that page -- just above "Microsoft Web Developer Accessories". Look for the "Offline" button, and click the "Download it now" link just below. To verify that this is installed, look under the Tools menu in IE and you should see <A target="_blank" HREF=http://www.dslreports.com/r0/download/26210;1ddac50705f78415c2c2bf87d9db6548/zonebuttons.jpg>these entries.

    The "Tweak Accessories" work in IE5 and IE6 -- and they are the controlling factor here. If you are satisfied with using just the Tools drop-down menu, then you can stop here. If you want to add buttons to your toolbar, procede on.

    2) Download the attached zip file (if I attach it correctly). This should contain five items -- four icon files (RScolor.ico, RSgray.ico, TScolor.ico, and TSgray.ico), and one .reg file (Zone Buttons.reg).

    3) Move or Copy the four icon files to your WindowsSystem directory.

    4) Run the Zone Buttons.reg file to Merge it into your Win9x registry.

    5) If you have Customized your toolbar ever, you will need to Customize it again to add these new buttons. Give them a try and see what you think.<img src=/S/smile.gif border=0 alt=smile width=15 height=15>
    _____________________

    Appendix:

    Contents of Zone Buttons.reg (for information, or in case you would prefer to create it yourself):

    REGEDIT4

    [HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerExtensions{BF80219A-CCDD-11d2-92D3-0000F87A4A55}]
    "ButtonText"="Add to Trusted Zone"
    "Default Visible"="Yes"
    "HotIcon"="C:WindowsSystemTScolor.ico"
    "Icon"="C:WindowsSystemTSgray.ico"

    [HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerExtensions{B06300D0-CCDE-11d2-92D3-0000F87A4A55}]
    "ButtonText"="Add to Restricted Zone"
    "Default Visible"="Yes"
    "HotIcon"="C:WindowsSystemRScolor.ico"
    "Icon"="C:WindowsSystemRSgray.ico"
    Attached Files Attached Files

  6. #6
    ileacy
    Guest

    Re: Pop-ups, revisited (any version)

    Tx. Tested and works a treat in W98/IE6. Will test it later on W2K, WXP.

    Only problem I had was getting enough room for the buttons on my notebook (800x600).

    Fixed it by going to small icons/selective text.

  7. #7
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Pop-ups, revisited (any version)

    As you probably are well aware of, you need to modify the .reg file so that it works correctly in the WinNT environment (e.g., Windows/System needs to be WinNT/Sysem32, etc.), and the icons need to be moved to the WinNT/Sysem32 folder. Otherwise there is no reason it should not work in that OS. I will give it a try as well...
    ___________________________

    Edit: Works fine in Win2K as well. Move the icons into the WinNT/System32 directory, and use this .reg file:
    _______________________________________

    REGEDIT4

    [HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerExtensions{BF80219A-CCDD-11d2-92D3-0000F87A4A55}]
    "ButtonText"="Add to Trusted Zone"
    "Default Visible"="Yes"
    "HotIcon"="C:WinNTSystem32TScolor.ico"
    "Icon"="C:WinNTSystem32TSgray.ico"

    [HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerExtensions{B06300D0-CCDE-11d2-92D3-0000F87A4A55}]
    "ButtonText"="Add to Restricted Zone"
    "Default Visible"="Yes"
    "HotIcon"="C:WinNTSystem32RScolor.ico"
    "Icon"="C:WinNTSystem32RSgray.ico"
    ______________________________________________

    I was afraid "REGEDIT4" would not work in Win2K, but it seemed to work fine for me...

  8. #8
    Bronze Lounger
    Join Date
    Feb 2001
    Location
    England
    Posts
    1,306
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Pop-ups, revisited (any version)

    Works fine in 2kP as well. As I am running MoOutlook Sec. clicking the Regedit4 opened it in Notepad, so I could edit the path (my Windows folder is WINNT). Saved, then Merged.
    Perfick. Now to add it to 98SE and XP...

    Tx 10^6

  9. #9
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Pop-ups, revisited (any version)

    In yet another example of how JavaScript can be used against you, i refer you to the most recent security bulletin from <A target="_blank" HREF=http://www.guninski.com/>Georgi Guninski</A>:
    __________________________--

    Georgi Guninski security advisory #50, 2001 -- Javascript in IE may spoof the whole screen
    (summarized)

    It is possible a web page containing javascript to take over the whole screen - including menus, modal dialogs, taskbar, clock, etc. This allows "spoofing" the whole screen including modal IE messages. Basically this means that a script initiated IE dialog "You are downloading malicous.exe from malicous.com - 'Open | Cancel |more info'" may be made to appear to the user:

    "Welcome to my new site - 'Open'" ('Cancel' is not visible and not clickable) If the user clicks on 'Open' in the spoofed context code may be executed (user interaction is required).

    Workaround:
    If you consider this threat disable "active scripting"
    _______________________

    Just one more reason to SECURE your Internet zone and use the Trusted sites zone for sites you trust.

    The frequency of these types of reports and bulletins is certainly NOT decreasing. YOU be the judge of how much security is enough. YOU be the judge if this statement is true:

    "Simply put, if you have no problem viewing the world at large via monochrome text, you may as well disable everything, for most people however, this isn't a Real option."

    Disabling Scripting in your Internet does NOT cause you to view the world in monochrome text -- and it CERTAINLY is a "REAL" option. Just keep looking around at what the experts -- like Georgi Guninski -- are saying. It is your personal choice.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •