New Reffile (June 15) available for AdAware

Could I suggest TPF's successor, Kerio? It's a small download, free, is light on resources and is easy to use.

 

brett,

How long have you used Kerio? I have been reading more and more about the Firewall on this and other Tech Forums. I did see this note however:

NOTE:
Windows 95 is no longer supported due to the termination of its support by its producer.

I'm also curious to know the frequency of the Virus Definition downloads. I will do some additional reading on the site, but hoped you would have some insider info!!!

Ramona

 

I also saw that Windows 95 is not supported I checked http://www.kerio.com/manual/kpf/en/ Kerio Personal Firewall 2.1 User's Guide, which says:

A personal irewall is not a priority for me (I'm on Dial-up) but I'll keep TinyPF in my pending folder, along with all the other stuff I've downloaded but haven't yet decided that I need (ZoneAlarm 2.6 is also there).

 

Ramona wrote:

Who let you out of the Nutscrape Forum?

Since 17 February 2002. I did, however, use TPF prior to that.

Whilst it's no longer a supported OS, KPF will still run perfectly well (at least, this version will).

It's a firewall (or application gate) - there are no definitions.

Alice wrote:

Whatever type of connection you have, a firewall is still a good idea. For dial-up users, the inbound threat may be relatively minor, but the outgoing threat is just as great as it is for users of broadband (passowrd stealing trojans, etc).

 

Thanks again brett.

Regarding outbound traffic, I guess I'm counting on my antivirus programs (eTrust EZ antivirus, F-Prot for Dos) and now, SpybotSD, to detect installed trojans.

I hate to run stuff in the background. I never even ran an antivirus real-time ( "autoprotect ") scanner until a few months ago, just kept the definitions updated and did an "on demand" scan every week. Plus, I'm careful what I download and what attachments I open, I don't have File and Printer Sharing enabled and have gone through Steve Gibson's Network Re-Binding exercise- http://grc.com/su-bondage.htm

I've disabled the Windows Script Host, open OE mail in the restricted sites zone, disable the preview pane, etc. (for my husband, who uses Outlook Express).

As far as I know (correct me if I'm wrong) in order to get a trojan on your system in the first place you have to run a program that installs it... it can't just sneak on your system through the 'net (aside from a few cases using unpatched versions of OE/IE, where a worm can be installed just by opening/previewing an infected e-mail,

 

Thanks brett!

Who let you out of the Nutscrape Forum?

They don't know I'm gone!

It's a firewall (or application gate) - there are no definitions.

I knew that....

 

Alice - your setup/practices sound to be much better than average and everything you say is quite correct! Not everobody agrees that firewalls are useful - Steve Atkins being one such person. All of the points that Steve makes in that article are perfectly valid. There are, however, two points which are worth considering:-

1) A firewall will give you greater control over how applications can communicate with the internet (as per the OE example which I quoted earlier); and

2) They provide an additional layer of security in the event of you either making a mistake or encountering malware which exploits an as yet unpatched vulnerability.

IMO the presence of a firewall does not significantly enhance the security of a system (especially when the setup is as solid as yours) but, as it does enhance it a little bit, I tend to suggest that people do use them. That said, I only ever recommend the free firewalls as I don't think that the relatively minor security gains warrant any finincial outlay.

TO THE NUTSCRAPE FORUM READERS - RAMONA HAS ESCAPED!!! GET HER BACK IN THERE!!! QUICKLY!!!

 

Nuh Uh Brett!
Let's keep her!
It's probably very boring over there. Nobody ever uses Netscape anymore do they?

Daizy

 

Thanks again, brett, and hi, Daizy.

Are you both trying to sir up trouble with us Netscape users?

 

Brett sirs up trouble.
I'm the good one!

Hiya Alice...... What's the freaking hold up? Jump in the IE cesspool. Water's ermmmm.........muddy.

Daizy

 

My hubby likes playing the IE cesspool so I have to constantly install those never-ending security updates!

I've dipped my toes in there. Right now I'm knee-deep in Mozilla.

 

Never in my life have I sirred up trouble. I wouldn't know how to do it even if I wanted to. Which I don't.

I have heard rumours that there are still one or two nostalgic diehards left.

Yes. Of course you are. Who could possibly think otherwise?

 

Allright Daizy, no IE recruiting on this Forum! It is quiet on the Netscape front, cause it's such a good browser, fewer problems!

Brett, you rascal, you know you love to sir up trouble.


Ramona

 

update on SpybotSD - IE registry change

I just fixed the Internet Explorer "Data Source Object" Exploit, as reported by SpybotSD 1.0: "Registry Change, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\01004=W=3 "

It was one of the two items SpybotSD wanted to fix, which I excluded until I could find more information.

I found that the Internet Explorer "Data Source Object" Exploit was supposed to have been fixed by the "28 March 2002 Cumulative Patch for Internet Explorer" update Q319182.... the May 15th IE cumulative update Q321232.exe also didn't fix it (at least SpybotSD said it was still a problem). I had applied both patches!

I exported the Zones reg key Spybot wanted to fix as a precaution, but....as it turns out, SpybotSD backed it up anyway - the change can be reversed from it's Recovery area.

The other issue was for Windows Media Player....the "unique ID" option whch an older WMP patch already "fixed ", letting you UNcheck it (View Options, Player), which I already did. I haven't applied the latest WMP patch anyway ...will do that soon.

Thiis is what I found on the net about the IE "data Source Object" exploit:
******************************
From: Nancy McAleavey (nancymca@privsoft.com)
Subject: Data Source Object exploit
Newsgroups: alt.computer.security
Date: 2002-03-07 06:50:28 PST

As reported by the Register at:

http://www.theregister.co.uk/content/4/24274.html

The "DSO Exploit" (Data Source Object) was first reported by GreyMagic
Software of Israel on February 27, 2002 and a "workaround" for Microsoft's defective
code was provided by Axel Pettinger and Garland Hopkins on March 3, 2002.
The original Graymagic advisory is at:

http://security.greymagic.com/adv/gm001-ie/

==============================================

from http://www.theregister.co.uk/content/4/24274.html

MS has yet to patch the hole, but we've verified that a workaround proposed by Axel
Pettinger and Garland Hopkins works on the above example, though that's no guarantee
that it will work on every exploit of this sort.

Using regedit.exe find the following key:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
and change the value of "1004" (DWORD) from "0" to "3 ".

----------------------------------------
http://www.securitytracker.com/alerts/2002/Mar/1003916.html

(Microsoft Issues Fix) Internet Explorer (IE) Web Browser 'innerHTML'
Property Hole Lets Remote Users Execute Programs on the Browser's Host,
Even With ActiveX and Active Scripting Disabled

Date: Mar 29 2002

Impact: Execution of arbitrary code via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 5.01, 5.5, 6.0

Description: GreyMagic Security released an advisory warning of a vulnerability in Internet Explorer and related applications (such as Outlook and Outlook Express).
A remote user can cause arbitrary commands to be executed by the browser without the use of Active Scripting or ActiveX controls.

It is reported that the innerHTML property (as well as outerHTML or insertAdjacentHTML) can be used to dynamically inject HTML into an object without using any scripting.

It is reported that the "Data Binding" feature can be used to bind HTML elements (the data consumer) such as div or span (or XML elements) to a data source object (DSO) without requiring any scripting. When the "dataFormatAs" attribute is set to
"HTML" on the consumer, Data Binding reportedly uses innerHTML internally in order to insert the data into the element. So, a remote user can create HTML with a DSO that includes a malicious <object> element so that when another target user (victim)
views the HTML page, the malicious object will be executed by the target user's browser. This can reportedly be achieved even if the target user's browser is configured to not
use ActiveX or active scripting.

(snip)
Solution: The vendor has released a fix, available at:

http://www.microsoft.com/windows/ie/downloads/critical/Q319182/default.asp
[ "28 March 2002 Cumulative Patch for Internet Explorer" update]

************************************************
EDIT:

I did some more looking and found: http://jscript.dk/unpatched/

I used the SpybotSD Recovery feature and reversed the IE registry change, then went to http://security.greymagic.com/adv/gm001-ie/advbind.asp to test, trying both
C:\WINDOWS\WINIPCFG.EXE and C:\WINDOWS\SNDREC32.EXE - nothing happened.

I'm now thinking the SpybotSD finding was a false alarm.

Who knows?

 

I was right, false alarm. Isue is resolved

Confirmed by PepiMK, in the Net-Integration PepiMK Software forum HERE