| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft: Don't press F1 key in Windows XP | |
|
||
| Time: 01:35 EST/06:35 GMT | News Source: ComputerWorld | Posted By: Kenneth van Surksum | ||
|
Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).
| ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 321 Last | Next |
The time now is
6:19:03 AM
ET.
Any comment problems? E-mail us |
| #1 By 8556 (173.27.242.53) at 3/2/2010 2:03:47 AM |
|
"He rated the vulnerability as "medium" because of the required user interaction." Great. So only people that follow seemingly helpful instructions will get infected when they cheerfully do what is suggested. The average user will never hear of this exploit and be rightfully upset when they have to get the system fixed.
Is it just me or is Windows and IE being exploited at an ever increasing rate? I'm getting Windows 7 PC's in to clean that were infected without user intervention, or so they say. Why is it so simple to infect "the most secure Windows ever"? |
| #2 By 23275 (68.117.163.128) at 3/2/2010 5:27:10 AM |
|
#1, you're seeing infected PC's, because people believe the BS spouted all over the net that browsers like Google Chrome are more secure and because of other third party applications.
For example, unlike Internet Explorer 8, Chrome's plug-ins aren't executed within Microsoft's Protected Mode (securable objects) and they are not brokered by the UIPI. All IE 8 add-ons are and do! Similarly, users do not independently update Adobe FLASH and FLASH on 32 bit based Windows Vista and 7 systems runs in user space, vice in IE 7/8's more ristricted space - by passing securable objects and the UIPI and in the case of Windows 7, many processes are trusted, because the OS ships with UAC tuned down to keep people from complaining (it should be elevated to its highest level and kept there - like Vista's defaults) and finally, third party applications like Adobe Acrobat have to have Javascript support manually disabled and support for legacy media set to "never" in three areas. Firefox is even worse and users are making assumptions that are dangerous. **Run x64 Windows Vista and or Windows 7 with UAC set at its highest and enabled. Run as a standard user and use IE 8 with its defaults left on. The final thing people need to do is stop coloring Windows Vista and 7 with XP's and IE 6's lens. |
| #3 By 2960 (72.205.26.164) at 3/2/2010 10:05:59 AM |
|
#2,
Theory does not always equal reality. I've said it before. I have _yet_ to clean a machine infected through FireFox. Every one (and it's dozens a week these days), is infected through IE of various versions. |
| #4 By 8556 (173.27.242.53) at 3/2/2010 5:23:05 PM |
| #3: I agree. When I ask customers what browser they have been using all were infected with IE by rogue programs, except for the usual Limewire infected files. Some files are only visible and cleanable when I hook up the infected hard drive to an XP machine. Vista and 7 protect the infections that have pronounced elevated status upon themselves by hiding them, XP lets me see all the warts and get rid of them. |
| #5 By 11888 (173.35.101.9) at 3/2/2010 6:01:43 PM |
|
Charlie Miller seems to think we all need to get rid of Flash.
http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/ I wish it was easier to use the current web without it. This didn't instill much confidence in me as I have my first Windows machine in years now. "Windows 7 is slightly more difficult because it has full ASLR (address space layout randomization) and a smaller attack surface (for example, no Java or Flash by default). Windows used to be much harder because it had full ASLR and DEP (data execution prevention). But recently, a talk at Black Hat DC showed how to get around these protections in a browser in Windows." |
| #6 By 23275 (68.117.163.128) at 3/3/2010 6:15:59 AM |
|
3,4,5 Windows used to be much harder because it had full ASLR and DEP (data execution prevention).
This is because UAC is turned down in Windows 7, which as you can read above and everytime I have written about it, I recommend and use Windows 7 with UAC at its highest, (Vista) level. I'm very specific about how one should run. It is not hard to run that way and it does result in a more secure machine. The reason he speaks against FLASH is that Adobe installs FLASH into named space shared by the user and just like Chrome extensions, it is not brokered by the UIPI or governed by securable objects. In IE 8 ALL add-ons are brokered, as are all COM/DCOM controls!!! Huge difference from other browsers. FLASH does remain the single "plug-in" that works above the especially restrictive named space assigned to IE. For that Microsoft has a no-FLASH x64 version of IE 8 available on all computers running the OS (Vista x64, or Windows 7 x64). |
| #7 By 11888 (198.103.167.20) at 3/3/2010 8:48:13 AM |
| I'm going to see how long I can survive without Flash on that Windows 7 machine. I was browsing last night and after closing the browser I discovered THREE dialog boxes that were informing me that the install couldn't continue because I didn't have the correct version of AIR. I never asked anything to try to install so it must have been a drive-by attempt. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 321 Last | Next |
The time now is
6:19:03 AM
ET.
Any comment problems? E-mail us |
