 BlitzenZeusBurnt Out CynicPremium
join:2000-01-13
kudos:2 | reply to Buddel
Re: CWS = The most dangerous program... Tell that to Joe, and Jane Average who don't have a clue how, or even know they need to secure IE to protect themselves.... Microsoft sure doesn't... |
|
BPremium,MVM
join:2000-10-28 |
So before we break out the acetylene, may I ask... is IE under XP SP2 impervious to all CWS drive-by strains? If so, how many duh-clicks would Joe or Jane have to issue before it ran anyway?
-- B
--
In a realm outside causality and function
|
|
 BuddelIf it ain't broke, don't fix it.Premium
join:2004-03-06
EU
kudos:3 | reply to BlitzenZeus
said by BlitzenZeus:Tell that to Joe, and Jane Average who don't have a clue how, or even know they need to secure IE to protect themselves.... Microsoft sure doesn't... I agree. The average user (i.e. the vast majority of people) is not aware of the fact that if IE is used instead of an alternative browser, IE needs to be secured. What a shame the Microsoft guys refuse to patch their browser, which is still used by so many people in all four corners of the world. |
|
BlitzenZeusBurnt Out CynicPremium
join:2000-01-13
kudos:2 Reviews:
 ·Frontier FiOS
| reply to B
I don't consider IE in XP SP2, it doesn't cover all users, therefore, all users would not be protected if it did prevent it, even in some way.
CWS has always been installed invisibly behind the users backs using exploits whenever possible to my knowledge, and users should never have to disable features to protect themselves, the software should be patched for everyone. If they were prompted with a legitimate prompt to install the software, and read a EULA that would be something very different.
--
My hourly rates:
$25 per hour.
$35 per hour if you want to watch.
$45 per hour if you want to help.
$75 per hour if you tried to fix it, and failed.
The biggest error is sitting in front of your keyboard. |
|
| reply to B
said by B:is IE under XP SP2 impervious to all CWS drive-by strains? If so, how many duh-clicks would Joe or Jane have to issue before it ran anyway? Yes. It would take 3 clicks to allow it: click on the Information Bar, click on the "Allow Blocked Content" menu item, and finally click on the Install button on the warning box that pops up. Allowing crap like that is so explicit that nobody should do it. |
|
 John2gQui Tacet ConsentitPremium
join:2001-08-10
England | reply to antdude
In my view, the really insidious variants are those that install in system. Remove it and System Restore immediately puts the offending file back.
Or the ones that hide in ADS.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
|
|
| reply to B
> Has CoolWebSearch, or ANY other spyware, successfully exploited a browser other than Internet Explorer?
Yep. As mentioned on my info page (as quoted by Name Game), they have also used a Sun Java VM exploit. This would work on any browser that had an old Sun VM loaded, though in this case it was behind a browser sniffer: so IE users would be redirected to an IE-specific exploit, whilst other users would get the Java exploit.
> is IE under XP SP2 impervious to all CWS drive-by strains?
For all CWS exploits I have seen *so far*, yes. However, since there are execute-arbitrary-code holes in IE6SP2 we should expect future CWS exploits to use them. As alternative browsers become more popular, we can also expect CWS affiliates to target any hole found in them in the future.
CWS are not picky. Their MO is to stick multiple browser exploits of various types on an attacker page. |
|
Ahrenl
join:2004-10-26
North Andover, MA | reply to antdude
I had one of these forever. Ran all the anti-spyware tools but it would only temporarily kill it. Finally got into the habit of just running BHODaemon all the time. Whenever it would alert me that my browser had just been hijacked, I would do the following:
Needs to be done immediately or you need to close IE.
1. Tools->Manage addons (Disable new random addon)
2. Double click on new BHO in BHODaemon.
3. Open the file location and delete file.
4. Browse to your Documents and settings file, and under temporary internet files/temp delete the sp.html file that will be created.
5. Reset your homepage
6. Run Regcleaner.
That's a huge pain in the ass when it goes off everyday, especially when it goes off when I'm just checking one quick thing before I run out.
When I did my annual reinstall of Windows XP (now with SP2) it removed it for good. I also upgraded to AVG 7.0 (because they are discontinuing support for 6.0) and that found an offending file and deleted it right off. So nice to be free of dreaded CWS. Some of these variants are just SUPER nasty. |
|
| reply to gwion
Because they are in other countries |
|
John2gQui Tacet ConsentitPremium
join:2001-08-10
England | reply to bobince
said by bobince:> is IE under XP SP2 impervious to all CWS drive-by strains? For all CWS exploits I have seen *so far*, yes. Sorry to destroy you illusions: 2 variants of CWS have been released in the last week that arrived on FULLY patched, AV'd and firewalled machines with SP2 and all the trimmings.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6 | said by John2g: said by bobince:> is IE under XP SP2 impervious to all CWS drive-by strains? For all CWS exploits I have seen *so far*, yes. Sorry to destroy you illusions: 2 variants of CWS have been released in the last week that arrived on FULLY patched, AV'd and firewalled machines with SP2 and all the trimmings. And i can confirm also that is a fact with many many posts at the Gladiator Security Forum hijackthis forum postings.
Maybe the Giant/Microsoft marriage might save you..but I suggest you all get BOClean to stop it in the first place.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kidshttp://www.missingkids.com/ |
|
 novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | reply to antdude
heres the simple reason why ie is the most infected.
Dont have the exact number ut a friend of mines site browser useage stats had ie well over 98% opera moz and firebird/fox variants makeing up less than 2% total. His site gets over 2 mill hits a week.
So i ask you why would th writers of spyware even bother to target non ie browsers. As they would only target 2 maybe 3% of the market.
When it was a neck and neck race between netscape and ie netscape had just as many security flaws and holes as ie did. As netscape fell in useage numbers so did the number of security holes and this was pre windows 95 when ie started to be integraded in to windows. As for the whole ms intrgrating ie in to windows thats a diffrent matter and is no diffrent than linux installs includeing moz variants etc. I mean after all they dont include ie as well as moz based browser now do they?
--
new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php |
|
| said by novaflare:heres the simple reason why ie is the most infected. Dont have the exact number ut a friend of mines site browser useage stats had ie well over 98% opera moz and firebird/fox variants makeing up less than 2% total. His site gets over 2 mill hits a week. So i ask you why would th writers of spyware even bother to target non ie browsers. As they would only target 2 maybe 3% of the market. When it was a neck and neck race between netscape and ie netscape had just as many security flaws and holes as ie did. As netscape fell in useage numbers so did the number of security holes and this was pre windows 95 when ie started to be integraded in to windows. As for the whole ms intrgrating ie in to windows thats a diffrent matter and is no diffrent than linux installs includeing moz variants etc. I mean after all they dont include ie as well as moz based browser now do they? Mozilla is NOT intregated into Linux, it comes bundled. There is a difference. You are using parts of internet explorer when you are simply browsing your computer. IE is highly intregated into Windows thats why exploits in IE usually affect Windows itself.
As far as CWS being the most dangerous, I'd agree my mom that doesn't even download anything has been hit by a CWS varient, and my sister ended up with 3 of them. I am the only one that has avoided getting it. Maybe its because I've been using Mozilla for the past 2 years.
--
- paranoidxe (textsource.org) |
|
| reply to novaflare
Oh, please. Let's not do this old, old argument *again*.
Sure, IE's popularity makes it a target. And the alternative browsers are by no means 100% secure.
But Microsoft has made some extremely poor design decisions with IE, which make it very difficult for the software to be made secure.
It's very easy to paint every product as bad as the rest, but there *are* large-scale technical reasons why IE is more prone to security problems. |
|
novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | reply to paranoidxe
said by paranoidxe: said by novaflare:heres the simple reason why ie is the most infected. Dont have the exact number ut a friend of mines site browser useage stats had ie well over 98% opera moz and firebird/fox variants makeing up less than 2% total. His site gets over 2 mill hits a week. So i ask you why would th writers of spyware even bother to target non ie browsers. As they would only target 2 maybe 3% of the market. When it was a neck and neck race between netscape and ie netscape had just as many security flaws and holes as ie did. As netscape fell in useage numbers so did the number of security holes and this was pre windows 95 when ie started to be integraded in to windows. As for the whole ms intrgrating ie in to windows thats a diffrent matter and is no diffrent than linux installs includeing moz variants etc. I mean after all they dont include ie as well as moz based browser now do they? Mozilla is NOT intregated into Linux, it comes bundled. There is a difference. You are using parts of internet explorer when you are simply browsing your computer. IE is highly intregated into Windows thats why exploits in IE usually affect Windows itself. As far as CWS being the most dangerous, I'd agree my mom that doesn't even download anything has been hit by a CWS varient, and my sister ended up with 3 of them. I am the only one that has avoided getting it. Maybe its because I've been using Mozilla for the past 2 years. Heres somethign that anoyed me to no end with firefox. I wanted to upgrade to firefox manly for the google tool bar. So i completly uninstall my install of firebird install firefox. Go to start it and it will only run once in a great while it starts to load but stalls cant open a tab cant visit sites. Once and a while it starts and runs normaly. Then i noticed why it will soem times run and other times it wont. It reliese on explorer.exe or dlls loaded by explorer to run. I dont run explorer as a shell i run lite step. So no dlls that are loaded by explorer no firefox.
So im curious as to weather or not firefox is adventualy exploited to install spyware will it to be able to infect windows it self do to this? (btw his is a serious question)
What i dont under stand is why they made firefox reliant on windows provided dlls that are only loaded if explorer is running. Me and my brother are both on similar systems both with windows xp pro sp2 main diffrence is i run lite step as shell and he runs explorer fire fox runs perfectly with google tool bar etc. I even imported my book marks and sites that open on mozzilla start up to test that maybe it was somethign on some site causeing it to freak but fire fox runs fine on his comp. So my question here is does any one have any idea as to how to make fire fox run reliably on a windows xp pro sp2 install with out useing explorer? In other words does any one know what dlls are needed to make it run and if so is there a way to load them when fire fox loads so it will work with out isue?
--
new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php |
|
| Interesting, mozilla launches fine when I remove explorer using task manager and then launch it manually via file - new task..
Maybe its just your build, try upgrading. Firefox has nothing to do with explorer and its dlls, the only browser that would need that is one that skins off of IE itself.
And this topic is getting off topic quick...
--
- paranoidxe (textsource.org) |
|
novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | said by paranoidxe:Interesting, mozilla launches fine when I remove explorer using task manager and then launch it manually via file - new task.. Maybe its just your build, try upgrading. Firefox has nothing to do with explorer and its dlls, the only browser that would need that is one that skins off of IE itself. And this topic is getting off topic quick... Yeh it is at that.
Killing explorer leaves the dlls loaded. Downlowd and install lite step reboot and try running firefox. So far ive tried around 4 builds of firefox none work properly with out explorer as your shell. Even starting explorer as file manager seems to be enough.
--
new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php |
|
| reply to antdude
Why not patronize other web browsers which are much more safer and securer than IE ... like firefox, netcaptor or opera .... they have more feature in every way!
anyway, force-installs like CoolWebSearch or MyWebSearch suck and their creators must be fed to piranhas or something ....
--
The Blackest day, The Darkest Night ... |
|
BPremium,MVM
join:2000-10-28 | reply to novaflare
said by novaflare:Killing explorer leaves the dlls loaded. Downlowd and install lite step reboot and try running firefox. So far ive tried around 4 builds of firefox none work properly with out explorer as your shell. Even starting explorer as file manager seems to be enough. Actually, it's even worse than that. Fireweasel wouldn't even run properly on a couple of Windows 9x machines until I upgraded Windows and IE significantly. (I forget which component it relied on, but it was annoyingly evident -- the browser would start up and immediately shut down after the splash screen.) Whoever did their Windows port assumed too much.
What's the point of using Firefox to avoid IE if you have to download patches for IE in order to use Firefox?
-- B
--
In a realm outside causality and function |
|
John2gQui Tacet ConsentitPremium
join:2001-08-10
England | said by B:What's the point of using Firefox to avoid IE if you have to download patches for IE in order to use Firefox? -- B That is what is known as a conundrum 
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
