TechTalk & Personal Computing Guide


TechTalk & Personal Computing Guide
TechTalk & Personal Computing Guide

New Year, old flaws in Windows, Internet

cdesai12 Goldie

Joined: 18 September 2004
Posts: 1900

Posted: 19 January 2005 at 9:06pm | IP Logged
If you thought upgrading to Windows XP SP2 would end your Windows security nightmares, think again. Last Tuesday, Microsoft released three new security bulletins for 2005, including one critical patch for Windows XP SP2, last year's much-touted security upgrade of the Windows XP operating system. While Windows XP SP2 recompiled most of the basic system files to better protect you from malicious buffer overflows, the flaw in MS05-001 involves ActiveX, Microsoft's clever answer to Sun's Java technology. The two other vulnerabilities announced as part of the January monthly update release don't affect Windows XP SP2.

Security bulletin number one
Simply put, ActiveX is an omnibus term for interactive Microsoft technologies on the Web. On the plus side, ActiveX allows Microsoft Office apps to communicate across networks and in the Internet. On the downside, ActiveX allows flashy advertising on Web sites. It's the latter that's worrisome, as criminal hackers could use fancy ads on Web sites or referrals to maliciously coded Web sites to download malformed HTML Help ActiveX Controls onto your unprotected PC, then gain control of your machine.

flaws have been announcedflaws have been announced Criminal hackers could use flashy ads on Web sites to download malformed HTML Help ActiveX Controls onto your unprotected PC, then gain control of your machine.
Among the many changes within Microsoft Windows XP SP2 is an enhanced Internet Explorer 6.0 that now displays which ActiveX Controls you're downloading whenever you visit a Web site. Non-Windows XP SP2 users don't have access to the enhanced version of Internet Explorer 6.0; last year, Microsoft announced that it's no longer adding new features to non-Windows XP SP2 Internet Explorer browsers. But even if you have XP 2 IE and can spot a maliciously coded HMTL Help ActiveX Control, what can you realistically do to stop it from infecting your PC?

My favorite anti-pop-up app, PopUpCop, includes XGuard, a nifty feature that blocks ActiveX downloads onto your computer. I like the granularity within PopUpCop because I can allow ActiveX on certain sites and block it on all others.

You can also go into Internet Explorer's tools and change the ActiveX setting from Enable to Prompt. The downside of this change is that on every Web page you visit, you will see a dialog box asking if you want to allow ActiveX Controls before IE downloads them. If you say no to the wrong control, you may also lose some functionality on that Web page. As an alternative, Microsoft, in its detailed summary of the security bulletin, offers other workarounds, including running the HTML Help ActiveX Control within the local security zone within Internet Explorer (for a detailed explanation of what that means, see MS05-001).

Bulletins two and three
The other critical flaw patched by Microsoft last Tuesday also involves Internet Explorer--all versions. Should you surf to a page containing a maliciously formed cursor or icon, you may find yourself controlled by a remote cracker. MS05-002 is rated critical, in part, because there are already working exploits out on the Internet. Once an exploit is available, it is often only a matter of time before someone finds a way to create a virus or a worm from it. Trend Micro has an independent security assessment of this vulnerability.

flaws have been announcedflaws have been announced The other critical flaw patched by Microsoft last Tuesday also involves Internet Explorer.
Finally, the third patched flaw concerns the Windows indexing service, which is by default turned off on Windows XP and Windows Server 2003. Because of that, Microsoft has given MS05-003 its second-highest rating of "important."

Firefox to the rescue?
Mozilla Firefox has been designed to run without ActiveX. But in all fairness, now that people are rushing to install Firefox, more and more flaws have been announced. Still, the flaws discovered in Firefox pale against those that exist in Internet Explorer. For one thing, given that there are exploits for at least one of these new vulnerabilities, we know that criminal hackers are interested in attacking IE. When there's a worm spreading exclusively via Firefox, I'll let you know. d.ld

HUMM IF-Dazzler

Joined: 06 November 2004
Posts: 2927

Posted: 20 January 2005 at 11:22am | IP Logged
hey thanks for that warning buddy! ClapClap
  • Page 1 of 1

Go to top

Related Topics

  Topics Author Replies Views Last Post
Top five reasons why Windows doesn't.....

Author: cdesai12   Replies: 1   Views: 1130

cdesai12 1 1130 01 March 2005 at 11:18am by HUMM
More snags in Windows XP Service Pack 2

Author: cdesai12   Replies: 1   Views: 1001

cdesai12 1 1001 18 February 2005 at 8:11pm by Ibad
Have Windows Power Down Your Computer Aut

Author: cdesai12   Replies: 0   Views: 1294

cdesai12 0 1294 12 February 2005 at 4:50pm by cdesai12
Windows Rejuvenated

Author: cdesai12   Replies: 1   Views: 905

cdesai12 1 905 10 February 2005 at 7:53pm by HUMM
*Imp* New windows update avaliable on MS.

Author: cdesai12   Replies: 1   Views: 752

cdesai12 1 752 09 February 2005 at 3:24am by HUMM

Forum Quick Jump

Forum Category / Channels

  • Please login to check your Last 10 Topics posted

Disclaimer: All Logos and Pictures of various Channels, Shows, Artistes, Media Houses, Companies, Brands etc. belong to their respective owners, and are used to merely visually identify the Channels, Shows, Companies, Brands, etc. to the viewer. Incase of any issue please contact the webmaster.

Popular Channels :
Star Plus | Zee TV | Sony TV | Colors TV | SAB TV | Life OK

Quick Links :
Top 100 TV Celebrities | Top 100 Bollywood Celebs | About Us | Contact Us | Advertise | Forum Index