Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

{New Cumulative} Security Patch for IE

2K views 20 replies 10 participants last post by  Dark Star 
#1 ·
#3 ·
Thanks Rog! Take care! angelize56 :D
 
#4 ·
WHAT!? No service pack for XP Pro yet? :(

Thanks for the info angelize56!

:D
 
#5 ·
YW GOTzMADsKILLz! Don't even want to ask what your screen name means! lol I'm sure xp patch will have to be developed eventually! Just kidding! lol
:D angelize56
 
#7 ·
I notice the patch for IE5.50 says for SP1 & SP2.... Then this won't work with the Version of 5.50 in my computer which in the "About Internet Explorer" tab under "Help" says "Updates Version: 0" :confused:
And, on the line below, it says: "This is a customized version of Internet Explorer" :confused:
:
I have NOTHING in documents, or help files to show what the manufacturer (EnPower (who sells their Computers thru "PC Club" stores) did to "Customize" Internet Explorer.... :mad:
:
Still got to get this thing to the shop somehow & get the tech. to install 2 more fans, and a larger CPU heatsink/fan.
As I type, its 90F in room, CPU is at 131F, & case is 102F. :(
:
(Yes, the heat alarm has been going off every 30 seconds as I type this)
 
#8 ·
Hi Gary: I think I'll let Rog answer your reply! :D angelize56
 
#10 ·
Is this file downloaded into a folder & ran from there, or is it loaded into one of the IE folders then ran from there, and if so, which one?
I have Windows set so that it asks if I want to download a file to a folder.
 
#11 ·
#12 ·
Sigh :( And with my luck, SP-1, if it does turn out to be needed before I could use the other updates, will no longer be available :)
 
#13 ·
No matter what folks, if you run some version of Windows, visit http://windowsupdate.microsoft.com/ at least once a week and check your antivirus daily for new definitions. Plus be careful what you download/visit/open, it may not be in your best interest.

When you consider that your personal information or expensive computer could be compromised or your equipment could be used to maliciously attack a vital internet resource, it is the least you can do...
 
#15 ·
Sorry if I'm speaking from ignorance, but shouldn't anti-virus software PLUS firewalls eliminate the need for patches?

I'm curious - just from clicking on a website found via a search engine, can that activate a worm, virus, trojan or whatever??

:rolleyes:

P.S. I wonder whether Linux' O.S. require AV's and firewalls and patches.
 
#16 ·
In an ideal world they would, but the virus writers and hackers keep on finding new holes to exploit, so new patches keep having to come out, and our AV definitions need updating as often as you can spare the time.

Linux is no better. If you are on the net with Linux you need AV and a Firewall just as much as in Windows, believe me. Also in Linux you don't just get a patch to the OS you generally get a whole new kernel for the OS, which often has to be recompiled just to run on your computer. I'd rather have a patch I can just download and just click install any day.

BTW, a lot of patches don't necessarily need to be applied, if you haven't got the exact software configuration and/or hardware that the patch seeks to correct. That's why you should always do it through Windows Update as it checks that all for you.
 
#17 ·
I've just read that the critical update doesn't actually plug all of the holes that its supposed to after all. A number of people have found problems with the patch.

Turns out that Microsoft's update left at least 12 well-known security holes unplugged. Even after installing MS02-023 there are potential problems.

See http://sec.greymagic.com/adv/gm004-ie/

GreyMagic Software has come up with a trivial way to bypass the "critical update" Microsoft released that was supposed to protect the files on your computer from hackers. This particular vulnerability is starting to look like a re-enactment of The Keystone Cops, with new patches needed to just released patches MS say already fixed the problem.

We can expect another Internet Explorer "critical update" security patch soon. That'll be the fifth one so far this year.
 
#18 ·
Nick, thanks so much! I still wonder, is it possible to acquire a virus just from clicking on a strange website?

Your greymagic link stated:

"Until a patch becomes available the only workaround is to disable Active Scripting."
(whatever that means)

I had taken the 10 min. to DL that patch & I assume it automatically was installed the next time I restarted my computer (because, upon completion of DL, I had chosen the option not to restart immediately).

Now I guess the DL was in vain anyway, huh... :eek:

P.S. don't think me batty, but I wonder if the constant onslaught of viruses aren't more often caused by the shadow world as expressed on Art Bell & montalk.net; and also see this:
http://legalminds.lp.findlaw.com/list/lawlibref-l/msg00600.html
 
#19 ·
Hey Nick...you sound surprised, lol.

:D
 
#20 ·
I'm not knocking security, maintaining updates, safe browsing, privacy, etc. Where is the security hole in browsing the contents of the users local hard drive, you can do it here: file://c:/. This is a common trick to make the surfer think the website has access to the local files, when you are really opening them locally with no information sent back to the website. It could target a file like "test.txt" if one exists or as the demonstration showed, change the target file in the script. (It could not open anything in my case even when I pointed to a text file that was there). In most cases, when you visit static websites, you really are opening a copy of the websites files on your hard drive in the first place (temp internet files). I do realize this is not true for those sites with dynamic content. The "exploit" here is doing the same thing as File > Open > and selecting a directory or file. There have been exploits that open "command.com" or "cmd.exe" upon opening a web page or clicking a link that have the potential to be dangerous, but those are negated by several means (disabling active scripting for one) and as I understand could not feed a command line parameter like "format c:" that could do serious harm to somebody.

Again, practice safe browsing, keep patches up to date, use AV software, employ a firewall (to control out-bound as well as in-bound traffic), scan with things like Ad-Aware, use a Trojan detector, set your email client to open things in the highest security zone, don't pre-view email (always return to the in-box, do not go to the next note after closing the previous). No one method is going to work, but combined you have a better chance to surf the web more safely.

I'll add this, while it is clear that security is if anything, an after though to the minds at MS, and much could be improved by changing the default OS settings from what appear to be the least secure to higher security, it is also up to the consumer to use the product within their abilities and to learn of its abilities and limitations as well. You cannot rely on MS to protect you, you must educate yourself as well. There is an element of personal responsibility here. The consequences are too great if you do nothing yourself.

It is analogous to operating an automobile. Most cars will go faster than the speed limit, the drivers abilities and the safe operating envelope of the particular automobile. That does not mean that because your car can go 150 MPH around the DC beltway that you should drive it that way.
 
#21 ·
"I think there's now a patch for the patch" is what AcaCandy mentioned a few days back and the answer is yes there is and while Nick covered the patch for the patch and there has been subsequent posts this thing is becoming cloudy and hard to really understand.

I'll just post what I've found and hopefully it will help I dont know maybe it been covered already but here is what I just found...

http://www.nwfusion.com/news/2002/0516msie.html

http://www.nwfusion.com/newsletters/bug/2002/01350991.html

mole said......and I agree.....

"I'll add this, while it is clear that security is if anything, an after though to the minds at MS, and much could be improved by changing the default OS settings from what appear to be the least secure to higher security, it is also up to the consumer to use the product within their abilities and to learn of its abilities and limitations as well. You cannot rely on MS to protect you, you must educate yourself as well. There is an element of personal responsibility here. The consequences are too great if you do nothing yourself. "
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top