BANGALORE: Oh dear! There's another new Internet Explorer-related flaw to spoil the
party. Of course, Microsoft tried about a month ago to cast off the IE ship
and attendant Outlook Express rowboat. But the clamor from the shore front
made them reconsider. Seems the most popular free browser and the best free
email client out they are not ready to be abandoned.
Actually, I think Outlook Express is the best free email and news client:
two excellent good utilities for nothing more than the cost of downloading a
great browser. A previous column mentioned that in tests, IE outperformed
Netscape, Mozilla, Opera, and AOL's browser in page rendering.
As for you die-hard Netscape fans, you've been lied to in the best American
corporate tradition. I read that Netscape has been Mozilla with a different
name since Version 4.7 (which coincidentally is about the time Netscape
started manifesting a bug epidemic).
While the open-source Mozilla browser kept evolving, and improving. Netscape
was nobody's child, stuck in a time warp of AOL Time Warner's making. And
was patched subsequent to Mozilla. Instead of it being the other way around.
And Netscape 7 is the runt of the Mozilla family; it's actually a disguised
version of Mozilla 1.0.
But that's taking us away from this week's main focus: a Trojan than
redirects IE from over 100 well-known URLs to an IP address with malafide
(malicious) intent. Qhosts (Delude.B) although classified as low-risk by
anti-virus vendors, redirects infected systems from legitimate sites like
AltaVista, Google, Lycos, MSN and Yahoo to a fixed IP address that's since
gone offline, causing the virus to go into a loop and crash IE!
The new flaw lies in the way IE is supposed to determine Object Types (see
also
HREF="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/sec
urity/bulletin/MS03-032.asp" TARGET="_msupdate">Microsoft Security Bulletin
MS03-032 released August 20, 2003). I think this failure is another
RPC-type update that was improperly tested to begin with and where the
security team failed to plug all the holes.
A theory borne out by the
HREF="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/sec
urity/bulletin/MS03-040.asp" TARGET="_msupdate">updated patch released
October 3, 2003, that assists IE in correctly determining the right object
type. However, while this cumulative update includes Internet Explorer
patches released with bulletins A
HREF="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/sec
urity/bulletin/MS03-004.asp" TARGET="_msupdate">MS03-004,
HREF="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/sec
urity/bulletin/MS03-015.asp" TARGET="_msupdate">MS03-015,
HREF="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/sec
urity/bulletin/MS03-020.asp" TARGET="_blank">MS03-020 and the afore
mentioned MS03-032, it cause window.showHelp() to cease functioning unless
you apply the HTML Help update (see
HREF="http://support.microsoft.com/default.aspx?scid=kb;en-us;811630"
TARGET="_msupdate">Knowledge Base article 811630).
HTML Help is used by several programs, including some Windows versions to
display the Help file. As the specific vulnerability may also impact upon
Windows Media Player, you need to patch this software too (see
HREF="http://support.microsoft.com/default.aspx?scid=kb;en-us;828026"
TARGET="_msupdate">Knowledge Base Article 828026) to prevent the Player
from auto-launching URLs when running in the Local Zone (security settings
disabled).
The real risk with such viruses lies in the ability for the malicious to
embed virus' code into scripted (HTML) email that when previewed would
self-execute. And while I agree with the view that Microsoft's not doing
enough to protect users and is willfully exposing us to malicious attacks at
the same time, there are lots of little-documented traps we can engage.
Like the OE feature to view all HTML mail in the Restricted Sites zone. And
the feature to render all mail as plain text. And to block potentially
harmful attachments (usually enabled by default in OE 6). You can also
change IE's settings (Tools > Options > Security > Custom Settings) by
disabling ActiveX or better seeking explicit user permission before
permitting execution. And by switching to an alternate browser like
HREF="http://www.mozilla.org/" TARGET="_blank">Firebird; even if it
renders pages slower. And like the locked front door to your home, you
definitely need a good firewall program. As well as an intelligent
anti-virus software with a mail scanner. Have all these in place and the
chances of an accidental infection are greatly reduced. After all, you don't
secure the main entry into your home with a cardboard sheets now do you?
And while you're bolting those doors, and installing security grills, do
take time to check out this excellent
HREF="http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html"
TARGET="_blank">FAQ on TCP/IP ports most commonly attacked by Trojans.
The site is also a treasure trove on more IP-related information about
Trojan attacks.
I erred last week with nPOP. It's a crappy, ill-formed software that's no
replacement for Popcorn; even if you are a masochist. So either dig out an
old copy of Popcorn, or begin using OE6 in fully-locked down condition. OE
does POP as well as IMAP. And if you've been tracking Betas, there have been
2 MyIE2 releases this week. The first with several significant improvements
to the code base resulting in a faster rendering speed. The second because
Latin characters in the previous version were rendering incorrectly.
And reader Anand wrote to me rather indignantly that CD Burner XP Pro is a
rip-off because at 8 MB it's bigger than Nero, doesn't support MP3 burning
and is slow. It is larger than old Nero but definitely smaller than Nero 6
that clocks in at 14 MB! And it can't encode WAVs to MP3 because there's no
included Fraunhofer MP3 conversion codec. Yes, it is slower by a few seconds
but its write speed is also very dependent on the hardware. And I've
experienced better write speeds with a cheaper Samsung CD Writer than with
either an HP or an Iomega! Besides it's 100% free compared to Nero. So why
the long face?
G Menon
Disclaimer: These views are of Govind Menon's. CIOL does not necessarily subscribe to the same