Anti-adware misses most malwareBy Chris Mosby
The Internet can be a dangerous place in this day and age. It reminds me of the Old West, with bandits and highwaymen ready to rob your stagecoach at any moment. If you were lucky, the Marshall would come along in the nick of time and save you. At least that was how it worked in the movies.
Today, navigating the Internet isn’t any different. There are hackers and spammers waiting around every virtual corner of the Web. You might have a “Marshall” to help you, in the form of anti-virus or firewall software. But this won’t help you if there are unpatched holes in your browser or operating system, which allow hackers to quietly take over your PC.
This column is designed to minimize your risk to unpatched vulnerabilities. In each issue, I’ll show you simple steps you can take to plug holes we’re tracking until an official fix becomes available.
‘Digital rights management’ is turned against users
Windows users who are trying to do the right thing when it comes to copyrighted material have recently become the target of hackers. Hackers have started placing license-protected Windows Media files on file-sharing networks, such as Kazaa, eMule, and Hinojasa. The files are booby trapped to download and install spyware and viruses on unsuspecting people’s computers, instead of the Digital Rights Management (DRM) licenses they were expecting when the files were accessed.
Initially, Microsoft maintained that this was not an exploit of a vulnerability in Windows Media Player, but hackers using the antipiracy technology against Windows users. Microsoft said it had no plans to change the way Windows Media Player handled accessing DRM licenses. Fortunately, Microsoft later changed its mind and promises a patch in the next 30 days to deal with the issue.
What to do:
- Make sure your antivirus software is up to date.
- Only download media files from trusted sources. File-sharing networks like Kazaa are a breeding ground for infected files. Steer clear of them.
- Disable the Acquire licenses automatically for protected content setting of Windows Media Player. This is done as follows:
- Open Windows Media Player.
- Select Tools from the top menu.
- Select Options from the drop down menu.
- Click the Privacy tab.
- Uncheck the Acquire licenses automatically for protected content setting.
- Click OK in all open dialog boxes to save your changes.
Drag and Drop vulnerability still affects ‘patched’ IE
Even after Microsoft released MS04-038 in October to deal with an Internet Explorer drag and drop problem, IE is still vulnerable to a variant. This still-unpatched problem is caused by inadequate validation of drag and drop events from the Internet security zone to local resources. This vulnerability has been confirmed on fully patched systems, even with Windows XP SP2 and IE 6.0 SP2.
If this vulnerability is exploited by a hacker’s Web site, it could plant HTML documents on the visiting PC. These docs could run script code on a user’s system without warning. The script code in the planted HTML documents could run in the less restrictive “Local Computer” zone.
What to do: Disable the Drag and drop or copy and paste files option in Internet Explorer. This can be done as follows:
- Open Internet Explorer.
- Click Tools from the top menu.
- From the drop down menu, select Internet Options.
- Click on the Security tab.
- Select the Internet zone.
- Click the Custom Level button.
- Scroll down to the Miscellaneous section of options and disable Drag and drop or copy and paste files.
- Click OK on all open dialog boxes to save the changes you’ve made.
Chris Mosby is a contributor to Configuring Symantec Antivirus Corporate Edition and is the Systems Management Server administrator for a regional bank. In his spare time, he runs the SMS Admin Store.
By Susan Bradley
