IE security issues?

[Sweep and Clean]

I use Avant, but I keep hearing about security holes.

I have a hardware firewall on my router, Sygate peronsal firewall, and I
frequently run Ad-aware, Spybot, and AVG.

Can anything malicious from the internet get past all this?

 

[Sweep and Clean]

Yes.

Such as? I've never had a problem. I tried Firefox, but the bootup loading
is slow as shit.

 

[Mike Andrade]

I use Avant, but I keep hearing about security holes.

I have a hardware firewall on my router, Sygate peronsal firewall,
and I frequently run Ad-aware, Spybot, and AVG.

Can anything malicious from the internet get past all this?

Yes.

 

[Fuzzy Logic]

Such as? I've never had a problem. I tried Firefox, but the bootup
loading is slow as shit.

An easy example is to download a program from the net. It could have a
virus/trojan that there currently isn't a detection rule for in the AV
software.

I use Avant as well and it's simply a shell for IE. There are numerous
unpatched exploits for IE that can result in software being installed on
your machine without your knowledge. Here is a site documenting just such an
event.

http://www.benedelman.org/news/111804-1.html

Security is a process not a piece of software or hardware. Regardless of
which programs and hardware you use you are at risk. All you can do is take
measures to minimize the risks while maintaining some level of convenience.
For example you don't want to type every url to ensure that they are not
being spoofed when you click on a link in a web page.

 

[Mike Andrade]

Such as?

You can't imagine a scenario? Do you think all those security programs
are psychic?

I've never had a problem.

"But officer, I've never run over anyone in my car after having a few
beers."

I tried Firefox, but the
bootup loading is slow as shit.

FF 0.9 loads as fast as any other browser on my antiquated machine.

 

[Ralph]

I run Firefox 1.0 PR and it is a lot slower launching than IE.

 

[Sweep and Clean]

You can't imagine a scenario? Do you think all those security programs
are psychic?

Well, after 9 years of using IE (or a shell program) I've never had a huge
problem that a firewall or spyware detector couldn't handle.

"But officer, I've never run over anyone in my car after having a few
beers."

Great analogy. By your logic I should have the door of a bank vault on the
front of my house.

FF 0.9 loads as fast as any other browser on my antiquated machine.

I've tried 0.8 to the new 1.0 and they all bootup like crap. Plus they
don't render some pages properly. I'm merely trying to see if all these so
called security holes are all they're hyped up to be (if they are, I might
give FF another go).

 

[Mike Andrade]

I run Firefox 1.0 PR and it is a lot slower launching than IE.

Thanks for sharing.

 

[James A. Smith]

Yes,

Never assume just because you have a bunch of security software/hardware
running your 100% safe.

Set a timetable to check for updates and follow it.

IE/OE/Windows has patches all the time.
Routers have software and firmware updates.
AVG can update a few times a week.

There are new dangers almost every day on the net.
And companies scramble to get their software/hardware up to date.

And one day to come we will see the "0 day event" where some new hole will
be found and thousands or even millions of systems will be brought down
before any company has a chance to make a fix.

So on top of security make sure your up to date with your backups and have
your personal files encrypted.

 

[Mike Andrade]

Great analogy. By your logic I should have the door of a bank
vault on the front of my house.

I'm sorry. Next time I'll try to dumb it down further than 4th grade
level.

 

[Sweep and Clean]

I'm sorry. Next time I'll try to dumb it down further than 4th grade
level.

Another Firefox fanboy.

 

[Mike Andrade]

Another Firefox fanboy.

You keep displaying your ignorance as if you were proud of it.

 

[REM]

"Sweep and Clean" <[email protected]> wrote:

I use Avant, but I keep hearing about security holes.

I have a hardware firewall on my router, Sygate peronsal firewall, and I
frequently run Ad-aware, Spybot, and AVG.

Can anything malicious from the internet get past all this?

I suggest that you disable activeX and scripts in Avant under Tools. .
Stay current on all critical updates, AV, Spybot, and Adaware.
Immunize after each Spybot update.

You might also try SpywareBlaster. This program uses a different
approach to prevent such installations.

http://www.javacoolsoftware.com/spywareblaster.html

These will help prevent invisible installs of malwares that use
differing tricks to get in.

I switched from AVG to AntiVir due to an exploit I got right before
the MHTML security vulnerability patch came out. In my opinion, it's a
better scanner backed by a more aggressive team that identifies worms
and viruses as they hit the wild very quickly.

Email is the biggest pipeline for malware. I swear, while most are
obvious spam/exploits, occasionally I get one that appears to be a
valid message. AntiVir catches them when I do open one. I use
Thunderbird email, which cannot run a program directly, for extra
protection. I would have to save the attachment to disk and manually
execute it to get infected. I get all sorts of exploits daily via
email. I see a few websites that attempt to use activeX to install
something. I cannot recall any archived programs from respectable
sites that were infected. Watch your mail very closely.

If you run XP or 2000 this is a good site:

http://www.blackviper.com/

I used his reg file and merged it to turn off many of the unnecessary
services running by default. It worked like a charm and affected
nothing that I use.

Good tweaks here:

http://www.blackviper.com/WinXP/supertweaks.htm

There is a great deal of interesting information at the above site.
Browse it thoroughly if you are running one of these OS's. If you're
running an older OS be aware of the "MS product cycle." They quit
updating after a certain amount of time. 98/98SE is not currently
being updated for critical updates anymore, iirc.

A hardware firewall is an asset I wish I had.

 

[Onno Tasler]

Sweep and Clean scribebat:

Can anything malicious from the internet get past all this?

Yes, easily. For example, AVG can only find a virus it already knows about,
so a virus just needs to be new enough to slip by. New viruses are often
put onto cracked homepages and thus you are no longer safe by avoiding
"twilight" homepages. (There was one such case recently)

A firewall cannot protect you against content that is hidden within streams
on "ordinary" ports, which could be done quite easily as well.

Due to the tight integration of the Internet Explorer into the system in
combination with mighty functions (ActiveX) it is a greater threat for
system security than, for example, Opera or Mozilla.

 

[wald]

I've tried 0.8 to the new 1.0 and they all bootup like crap.

Don't know, it seems to be alright on my machine... maybe a bit
slower, but nothing that deserves the "crap" label.

Plus they don't render some pages properly.

Now this isn't really a fair statement. A lot of websites use horrid
non-standard code that renders OK in Internet Explorer, but fails to
render decently on more standards-respecting browsers.

The problem is with the pages, not with Firefox.

But hey, if you can't live with a slow first loading of Firefox,
feel free to live with IE instead. But you're not helping the web
any further.

Regards,
Wald

 

[Aaron]

I use Avant, but I keep hearing about security holes.

I have a hardware firewall on my router, Sygate peronsal firewall, and I
frequently run Ad-aware, Spybot, and AVG.

Can anything malicious from the internet get past all this?

Remember, by and large IE exploits are not stopped by personal firewalls
or routers, so these are irrelevant. At best they can stop further damage
(hopefully anyway). Ad-aware and Spybot might be good against adware but
a IE exploit can install very nasty trojan or keylogger which Ad-aware
and Spybot provide hardly any protection.

So it comes down to AVG. And AVG is far from perfect. In the best case
scenario it would take hours for an update to come, and by then, you
might already be hit.

http://news.zdnet.com/2100-1009_22-5463323.html

http://www.computerweekly.com/articles/article.asp?liArticleID=135290
&liArticleTypeID=1&liCategoryID=2&liChannelID=22&liFlavourID=1
&sSearch=&nPage=1

http://www.theregister.co.uk/2004/11/22/apache_hijack_serves_iframe_explo
it/

And similar exploits could get past you. Espically so if AVG is slow to
react to this new threat. Maxthon is the only IE shell I'm currently
aware that has proactively taken steps to block this problem at least
until MS comes up with a patch

 

[Harmer]

Onno Taslerwrote:
Yes, easily. For example, AVG can only find a virus it already knows
about,

so a virus just needs to be new enough to slip by. New viruses are often
put onto cracked homepages and thus you are no longer safe by avoiding
"twilight" homepages. (There was one such case recently)

Is that really so? Heh.. Freeware antiviruses - is a nonsense. Find
real antivirus with heuristic analyser. May be, spend some money.

* Posted via http://www.sixfiles.com/forum

 

[Conor]

Such as?

Latest frame exploit. Basically every single hole in IE and there are
alot. THis week, The Register internet site had an issue. It shows
sites from serving banner ads from third party ad serving company Falk
AG.

Falk AG were themselves infected with the Bofra/Iframe exploit and
anyone who clicked on one of their ads with IE got owned by hackers.

 

[Conor]

Well, after 9 years of using IE (or a shell program) I've never had a huge
problem that a firewall or spyware detector couldn't handle.

Bofra/Iframe exploit

Not detected by Spyware cos it isn't spyware.

 

[Jaxxim]

["Ralph"; Mon, 22 Nov 2004 23:16:11 GMT]

I run Firefox 1.0 PR and it is a lot slower launching than IE.

I've been using 0.9.3 for months, and it takes about 15 seconds to load on
my moderately quick laptop.