It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Microsoft rushes to fix browser after attacks; no fix for XP users

page: 2
9
<< 1    3  4  5 >>

log in

join
share:

posted on Apr, 29 2014 @ 06:31 AM
link   
Here's the thing about web browsers, they all get hacked, and they can all be exploited within seconds.

IE has been a whipping boy for years but you're not any safer with Firefox or Chrome or Safari. The difference between them is that you hear about IE being exploited because MS is very open about their weaknesses and a lot of people use Exploder because it's packaged with the best selling OSes in the world. In today's case disable your flash player and you're good.

You're also not any safer with Linux. I'll leave it at that because that's probably already enough to earn me the ire of all of the fan boys who seem to inhabit this site.

This is an old doc but it gives very good advice on browser configuration that is still applicable today so I thought I'd throw it out there:

www.us-cert.gov...




posted on Apr, 29 2014 @ 06:31 AM
link   
It's 2014, who is still using:

1. Windows XP
2. Internet Explorer

Bonus round...I hate Windows 8.1 with a passion. (Have no choice, have to use it)



posted on Apr, 29 2014 @ 06:44 AM
link   

originally posted by: Bassago
a reply to: RationalDespair

Huh, so what? Upgrade to Mint Linux and forget Microsoft. Simplest solution I can think of.

Mint Linux

Thats what I did.

Having used windows for such a long time its quite hard to go online without a ton of anti virus / firewall / anti malware running in the background, its feels like walking down the street naked LOL.

But I agree, Mint is by far the best os I've had. I use the kde version. Also there's the repository of software thats all safe and tested by the community, and its all free!!!



posted on Apr, 29 2014 @ 06:52 AM
link   
Microsoft bug my backside it just another backdoor that has been expose just like the 20,000 other security updates that come before it. Think of windows as if it's a virus and you won't be far off the mark and that starts with how the NTFS stores files and progresses on to spell checking for programs that get it, want it or not and is just an excuse to keylog all the programs that are running on a windows platform.

Even data-grids with hundreds of lines get the treatment too, blink and you would miss it but i've seen all them red lines appear in programs I've been working on for a split second.

I would consider myself the resident expert on browser having built one (well wraped chromium API to be precise) plus other security related apps. Feel free to claim the title if you want to step forward.

Internet Explorer is the best and the worse because it have the advantage of not being Google and has some good tools but the worse because it is so far intrigrated into windows blaoted OS that it's impossible to understand just what goes on. Win7 is just massive, 1000 times more memery needed than XP and no one I know has a brain that can take all that in.

Apart from super hidden folders, index.dat files and a ton of stuff stored in the registry windows also stored god knows what in system logs and lots of other files where the data is encryped. Running a file watch gives some clues, activity goes up when IE process is running and during a 24 hour period amounts to 20,000 plus files.

IE still used COM at it's core, as old as the hills and it is very hard to write plugin's for the browser. Runnming downloaed ActiveX from sites your don't know is plane old stupid. Silverlight has died a death.

Firefox

From what I can see most of the current develpment on the browser is being done in India (Thats a good thing considering the NSA financed all the big US software house) and the $50m that Google donates to the develpment goes a long way: Type about:config into the browser, seach for Google and it's all over the place. Scan the FireFox folder and it has 1600 urls in it.

FF often leaves a process running after the browser is closed and makes heavy use of Adobe flash with it's "Shared objects" better known as flash cookies. trying to stop Adobe updates is a job in itself.

on the plus side FF has some very good plugins because they are easy to write.

Google Chrome

Uses the chromium engine which seems to work better than other browsers these days because people developing sites have to cater for this engine due to it being so common and to me it does seem fast, never tested it for speed.

A scan of the "Google" folder in program files (x86) reveals 6000 Urls hidden in the .pak files and program code, the browser has a hidden ClientID thats unique to the install. sends a special header to google when browsing google sites (I foget the name without looking) and is something to do with testing, so they say, the ID is not unique on it's own but taken with the version number in the User-Agent slims it down when it comes to tracking.

Using a browser who's owners also happen to intall spyware on 90% plus of all websites (else the site never gets shown on google seach front pages) is incest and is asking for trouble.

Chromium Based Browsers

Lot's of browser now use Chromium including the new Opera and the Chromium project is open source but is not open to debate. Ask anything about Google with these guys and it soon gets deleted.

None of the main stream browser using Chromium can be trusted. I know because I have scanned and checked most including Comando and SRWare Iron using firewall logs, file watchers, network sniffing, DNS servers and proxy servers.

They all call home even if they allow you the options to turn spell checking, so calledd safe browsing, track protection lists off and you don't hit the new plugin page and they all perform fake DNS lookup's using a ten digit GUID type number often in cases where a proxy server is being used. The lame excuse if they are checking for DNS hijacks that comes from servers such as OpenDNS whilst at the same time hijacking mis-typed URLs to send your browser to their own search engines. A BIG NO NO.

Chromium bare bones
The core is open sourse and written in C++ but is too large for me to understand without working on it for years but yes it does seem clean so far as I can see. Will still have Google & Co in the .pak files but it does not call home and the model allows developers like me to control it just as we like.


edit on 29-4-2014 by VirusGuard because: (no reason given)



posted on Apr, 29 2014 @ 07:07 AM
link   

originally posted by: VoidHawk
Having used windows for such a long time its quite hard to go online without a ton of anti virus / firewall / anti malware running in the background, its feels like walking down the street naked LOL.


No it feels like being in Jail and all the screws are watching you wipe your bum when nature calls.

All that security is not because they like you and microsoft has taken security to turn the administration of what in effect is just a file server to such an exstream that even the screws in the jail keep locking themselve in.

Even as an administror you are not in control of the etc/hosts file and Ipv6 scares me so much after sniffing around that it's the first thing I turn off because it uses a tunnel to bypass security and my machine works just fine without it, it would since my ISP does not do IPv6 and all DNS-Lookup's resolve to IPv4



posted on Apr, 29 2014 @ 07:19 AM
link   
The last supported version IE for XP was 8. Even if XP was still supported there would still not be a fix for IE8.

If you are still using XP you should have at the very least stopped using IE four years ago.



posted on Apr, 29 2014 @ 07:24 AM
link   
a reply to: anHairInTheSoup

The fact is, there is only one graphics program I use that works in linux(at least I think it does, never tried it personally) and that is maya. Running windows inside of linux defeats the perk of using linux, less resources, when it comes to CPU hungry programs. For people that don't use any professional grade programs, and people that don't use their computer for a living, linux is great. Hobbyists at many things have awesome free programs to try out. But the hobbyist versions don't stand up to the pro versions of the software. GIMP is nice for a hobbyist, but it isn't no photoshop CC. Etc etc.

Also, hardware with proprietary drivers are often a pain in the balls to get to work under linux. I had a hell of a time getting XORG setup to play nice with my nvidia card.
edit on Tue, 29 Apr 2014 07:28:28 -0500 by TKDRL because: (no reason given)



posted on Apr, 29 2014 @ 07:38 AM
link   

originally posted by: Bassago
a reply to: RationalDespair

Huh, so what? Upgrade to Mint Linux and forget Microsoft. Simplest solution I can think of.

Mint Linux


Hold up there buddy. This isn't so easy for everyone. I work for a company that employs around 500 people and a good many of our computers still use windows xp. Many of our users are HIGHLY computer illiterate and getting them to learn a new OS or use a different browser could be difficult. Not to mention we have several sites and applications that are internet based and only work correctly in IE (for instance our intranet site is like that). Switching over could be VERY costly for us.



posted on Apr, 29 2014 @ 07:53 AM
link   

originally posted by: thisguyrighthere
The last supported version IE for XP was 8. Even if XP was still supported there would still not be a fix for IE8.

If you are still using XP you should have at the very least stopped using IE four years ago.


A big move is being made to make XP open source but I don't think it will happen, far to many "Program Errors" for that to happen.

You sound like a man who trusts your drug supplyer to tell you the best gear to buy when if facts it's all about profit and locking you in with these guys. I'm not addicted yet and just keep taking the free candy.

anHairInTheSoup


Also, hardware with proprietary drivers are often a pain in the balls to get to work under linux. I had a hell of a time getting XORG setup to play nice with my nvidia card.


With XP you could take a image from one machine and it would just about work on another machine with Win7 you have no chance. I have Tails (linux) on a pen stick and it works in any machine no trouble.

Not saying you are wrong but it is a two way street and these things we call windows drivers today are not drivers at all and have become bloated programs within themselves. Hell some drivers I have are about as big as windows XP was in size.

Synaptic mouse driver is one, it calls home and my mouse works fine without it and don't ask me how but a few weeks after i uninstall it, it's comes back again every time.

Windows is becoming one big registry hack like if you want to use Webdav to copy what microsoft calls "Large Files" even if that's ten times samller than the size of the windows registry and another registry hack to get FTP working right.

I'm so good i've never managed to get Regedit to backup and restore itself in win7/8, must be the way I click export and import or something and no you are not seeing things when you right click and half the options are missing only to return seconds later, microsoft is thinking about it.
edit on 29-4-2014 by VirusGuard because: (no reason given)



posted on Apr, 29 2014 @ 08:25 AM
link   

originally posted by: VirusGuard

You sound like a man who trusts your drug supplyer to tell you the best gear to buy when if facts it's all about profit and locking you in with these guys. I'm not addicted yet and just keep taking the free candy.


How do you figure that? Because I said IE8 was the last supported IE on XP?

Because I said if you're still using XP at the very least stop using IE because it woefully out of date?

I'm guessing you inferred a bunch of M$ fanboyisms in my stating of simple fact?



posted on Apr, 29 2014 @ 08:29 AM
link   

originally posted by: Goteborg
Here's the thing about web browsers, they all get hacked, and they can all be exploited within seconds.

IE has been a whipping boy for years but you're not any safer with Firefox or Chrome or Safari. ....

This is an old doc but it gives very good advice on browser configuration that is still applicable today so I thought I'd throw it out there:

www.us-cert.gov...
The document you cited cites the risks of activeX, which are not present on the other browsers because they don't use ActiveX which gives IE an entire additional attack profile that the other browsers lack, contradicting your claim that you're not any safer with the other browsers. If you said you're not "safe" with the other browsers, I could agree with that, but you are safer because they don't use ActiveX:


ActiveX is a technology used by Microsoft Internet Explorer on Microsoft Windows systems. ActiveX allows applications or parts of applications to be utilized by the web browser. A web page can use ActiveX components that may already reside on a Windows system, or a site may provide the component as a downloadable object. This gives extra functionality to traditional web browsing, but may also introduce more severe vulnerabilities if not properly implemented.

ActiveX has been plagued with various vulnerabilities and implementation issues. One problem with using ActiveX in a web browser is that it greatly increases the attack surface, or “attackability,” of a system. Installing any Windows application introduces the possibility of new ActiveX controls being installed. Vulnerabilities in ActiveX objects may be exploited via Internet Explorer, even if the object was never designed to be used in a web browser (VU#680526). In 2000, the CERT/CC held a workshop to analyze security in ActiveX. The results from that workshop may be viewed at www.cert.org... Many vulnerabilities with respect to ActiveX controls lead to severe impacts. Often an attacker can take control of the computer. You can search the Vulnerability Notes Database for ActiveX vulnerabilities at www.kb.cert.org...
IE provides the option to disable ActiveX and the document you posted recommends disabling it, but the only reason I ever use IE is for sites that will only work with IE because of ActiveX, so disabling it wouldn't help users like me. In fact it's kind of stupid advice to disable ActiveX for me when ActiveX is the only reason I ever use IE, so if I disable ActiveX the site still wont work with IE. But it does point out the security risk of ActiveX by telling people to disable it. I'm glad most sites don't use ActiveX.

Javascript provides similar vulnerabilities on all platforms but at least with add-ons like noscript you can create whitelists of sites you think are safe for scripts like ATS. The problem with noscript is only the technically oriented users seem to be able to handle it; the non-technical users can find it a bit overwhelming and annoying to set _javascript permissions by site.

Anyway that's a good document overall, so thanks for posting it, but better advice would be just don't use IE at all, except on sites that require activeX, in which case those recommended settings won't work but you can still use the highest security settings that will still allow the site to work.
edit on 29-4-2014 by Arbitrageur because: clarification



posted on Apr, 29 2014 @ 08:41 AM
link   

originally posted by: Krazysh0t

Hold up there buddy. This isn't so easy for everyone. I work for a company that employs around 500 people and a good many of our computers still use windows xp. Many of our users are HIGHLY computer illiterate and getting them to learn a new OS or use a different browser could be difficult. Not to mention we have several sites and applications that are internet based and only work correctly in IE (for instance our intranet site is like that). Switching over could be VERY costly for us.


Great points. Most of the companies I support would shut down if they didn't use IE, most of their employees wouldn't even be able to clock in for work.



posted on Apr, 29 2014 @ 08:50 AM
link   
a reply to: VirusGuard

Yeah but on the flip side for windows 7, unless you are using some ancient equipment, or some really specialized hardware, it takes like 25 minutes to go from blank hard drive to totally working system. On this new rig I just built up, it took less than that. The only thing that gives me issues is my bamboo drivers. If windows installs the stupid generic drivers before you install the proprietary drivers, it is a royal pain in the ass to fix.

Personally I hate hardware that uses closed source drivers, I am fairly certain they are used to gimp older versions at the very least, and maybe even giving "self destruct" commands to aging hardware. They want you to buy new hardware, even if the old hardware is still working just fine.

Edit to add, no I remember my old LCD also had some initial problem with windows 7. The drivers are really old, so it kept telling me the generic drivers were better, I had to googlefu for like an hour to figure out how to get windows to use my drivers instead. The generic drivers would not recognize the correct widescreen resolution, was a pain.
edit on Tue, 29 Apr 2014 09:08:07 -0500 by TKDRL because: (no reason given)



posted on Apr, 29 2014 @ 08:51 AM
link   

originally posted by: Goteborg

Great points. Most of the companies I support would shut down if they didn't use IE, most of their employees wouldn't even be able to clock in for work.


If you're referring to ADP the warning you see about not using a compatible browser is all bunk. Works just fine with Chrome or Firefox or anything else. Simply ignore the message stating otherwise.



posted on Apr, 29 2014 @ 08:52 AM
link   



posted on Apr, 29 2014 @ 08:55 AM
link   
a reply to: Arbitrageur

Why shouldn't people use IE? I've said this before on this site and I'll say it again, people can blame the browser or the OS all they want to but the reason they run into trouble for the most part is the permissions of the account they're logged in on. It really is that simple.

I wonder how many people who complain about MS and security surf the web on their admin account. That's like parking your car in a bad neighborhood with the door wide open and the keys in the ignition. I'm willing to bet the percentage is pretty high, but, they complain about the browser and M$.

A dangerous trend I see quite a bit is people who don't know what they're talking about assuming that they're safe with Firefox/Linux (or Safari/Mac) and they're not. The only thing Linux (most distros) has going for it is that it defaults you to a user account but since it's basically based on a 50 year old OS which is notoriously hackable it had better take at least that basic security precaution.



posted on Apr, 29 2014 @ 09:07 AM
link   

originally posted by: Goteborg
a reply to: Arbitrageur

Why shouldn't people use IE?
I already explained why I use IE only with ActiveX enabled, which means it's vulnerable which according to your document makes it dangerous.

I already explained that if I disable ActiveX the only sites I use IE for won't work at all. If you don't understand this, I don't know how to make it any clearer.



posted on Apr, 29 2014 @ 09:18 AM
link   

originally posted by: Krazysh0t
Hold up there buddy. This isn't so easy for everyone. I work for a company that employs around 500 people and a good many of our computers still use windows xp. Many of our users are HIGHLY computer illiterate and getting them to learn a new OS or use a different browser could be difficult. Not to mention we have several sites and applications that are internet based and only work correctly in IE (for instance our intranet site is like that). Switching over could be VERY costly for us.


Same here. I work for an international company that has 15,000+ workstations. We migrated to Windows 7 a couple of years ago, because it was already announced that Windows XP would no longer be supported.

Apart from the huge amount of work for me and the rest of the IT people, it was a nightmare for our in-house support to train and support people to work with Windows 7. That was also a deciding factor in keeping with Internet Explorer to minimize the impact on support.

If we had switched to Linux and, say Firefox or Opera, this workload and the migration costs would have been many times larger than the already extraordinary amounts we had to spend now. Even though Linux is open source and free, the cost of migrating this many systems would be much higher and it would involve a lot more work, considering we'd most likely also have to make changes to our 3 data centers, totalling over 3200 servers worldwide.



posted on Apr, 29 2014 @ 09:40 AM
link   
a reply to: thisguyrighthere

No, I'm not referring to ADP.



posted on Apr, 29 2014 @ 09:42 AM
link   

originally posted by: TKDRL
For people that don't use any professional grade programs, and people that don't use their computer for a living, linux is great. Hobbyists at many things have awesome free programs to try out. But the hobbyist versions don't stand up to the pro versions of the software. GIMP is nice for a hobbyist, but it isn't no photoshop CC. Etc etc.

Also, hardware with proprietary drivers are often a pain in the balls to get to work under linux. I had a hell of a time getting XORG setup to play nice with my nvidia card.


(GIMP is not nice at all...)

there is this app that is call wine (repeating) and that can run most of windows software whatever they are, whether cheap useless freebee whether some professionnal top-notch solution that cost 100000$ and is used by 5 people (and would cost less if it was developped for linux).

the additional load to run the wine layer is far less important than the benefits in term of ram & cpu in running the latest linux distrib instead of any windows os.

your perspective on windows/linux compatibility is extremely outdated (we're not in the 90's anymore)




top topics



 
9
<< 1    3  4  5 >>

log in

join