My Anti Spyware

How to make Internet Explorer more secure

Follow these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

• Next press the Apply button and then the OK to exit the Internet Properties page.

Read more:
How to use “Internet Zone Settings”
How to disable Active Scripting support
How to drop rights for safe surf

Don’t be a victim or how to make better choices

There are some current tools out there which may help users make better choices (or block their bad choices). I’m just going to talk about browser toolbars.

Continue reading Don’t be a victim or how to make better choices…

Microsoft Internet Explorer does not honor ActiveX kill bit

A specially crafted HTML document can cause Internet Explorer to skip the kill bit check. This means that any ActiveX control that has been disabled solely through use of the kill bit may still be used by Internet Explorer.

A kill bit is a registry setting that prevents Internet Explorer from running the corresponding ActiveX control even if the control is installed on the system. It is not uncommon to proactively set kill bits for known malicious ActiveX controls as part of a spyware-prevention effort. For example, the SpywareGuide website provides a freely downloadable .REG file for setting kill bits of many “dubious” ActiveX controls.

How to protect:
Apply an update

Install the 905915 update (MS05-054) or a more recent Internet Explorer cumulative security update.

Disable ActiveX

Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this vulnerability. Instructions for disabling ActiveX in the Internet Zone can be found in the document Securing Your Web Browser and the Malicious Web Scripts FAQ.

Note that disabling ActiveX controls in the Internet Zone will reduce the functionality of some web sites.

Use a different web browser

There are a number of significant vulnerabilities in technologies involving the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. These technologies are implemented in operating system libraries that are used by IE and many other programs to provide web browser functionality. IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.

It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when viewing untrusted HTML documents (e.g., web sites, HTML email messages). Such a decision may, however, reduce the functionality of sites that require IE-specific features such as proprietary DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control (WebOC), or the HTML rendering engine (MSHTML).

Netscape 8.1 adds spyware scanner, bundles

AOL HAS released version 8.1 of the Netscape browser. In case you were expecting something revolutionary, or that the company listened to the users’ pleas to bring back the e-mail client or to extend Netscape 8 to other operating systems, Netscape 8.1 offers no very good news for you: it’s still Windows-only, and it’s still as U.S.-centric (if not more) than 8.0.

Find the program’s release notes here.

Let’s start with the good:

* Most stability problems appear to be ironed out by now.
* The applications starts very quickly. At least on my test system, a 2.4Ghz P4 with 512MB running WinXP SP2.
* There’s a new spyware scanner. Described here.
* Multiple user profiles are back – I remember those from Netscape 4.0 back in 1996. Ten years ago.
* The user is offered to download and auto install a copy of McAfee antivirus. In case you’ve been living outside this Planet and don’t know by now that running Windows without an antivirus is suicidal.

Read more…

Block lists have been updated

* IE-SPYAD (original)
* IE-SPYAD2
* IE-SPYAD for ZonedOut
* AGNIS (for AtGuard/NIS/NPF)
* AGNIS for Outpost
* AGNIS for AdShield
* AGNIS Sites List

You can download all of these new versions at:

https://netfiles.uiuc.edu/ehowes/www/resource.htm

You can download all of these new versions at:

https://netfiles.uiuc.edu/ehowes/www/resource.htm

Included with the original version of IE-SPYAD/IE-SPYAD2 is an uninstaller (IE-ADS-UNINST.REG) for the *previous* and *current* versions of IE-SPYAD. IE-SPYAD/IE-SPYAD2 also includes a batch file installation utility (INSTALL.BAT) that can be used to install and uninstall IE-SPYAD.

To use the IE-SPYAD for ZonedOut version of the Restricted sites list, you must download the free ZonedOut utility from FunkyToad:

http://www.funkytoad.com/zonedout.htm

The original AGNIS block lists are compatible with AtGuard 3.x and ALL versions of Norton Internet Security as well as Norton Personal Firewall 2003 and 2004. There are separate versions of AGNIS for users of Agnitum Outpost and AdShield.

If you’re running NIS 2002 Pro, NIS 2003, NIS 2003 Pro, NIS 2004, NIS 2004 Pro, NIS 2005, NIS 2006, NPF 2003, NPF 2004, NPF 2005, or NPF 2006 you CAN use the AGNIS block lists, however, you must use the ProWAGoN block list utility written by Christian Haagensen to load, remove, and backup ad block lists from NIS. Do NOT attempt to install AGNIS block lists in any of these versions of NIS or NPF by manually merging .REG files or using the AGNIS.BAT batch file utility included with AGNIS. Use the ProWAGoN utility instead. You can download ProWAGoN here:

https://netfiles.uiuc.edu/ehowes/www/resource.htm#prowagon

A summary of what’s new, updated, and changed in IE-SPYAD and AGNIS can be found here:

https://netfiles.uiuc.edu/ehowes/www/res/list-changes.txt

If you have any questions or comments about IE-SPYAD, AGNIS, AGNIS for Outpost, or AGNIS for AdShield, please don’t hesitate to let me know.

Read how to use block list here and here

The Adblock project

Adblock is a content filtering plug-in for the Mozilla and Firebird browsers. It is both more robust and more precise than the built-in image blocker.
Adblock allows the user to specify filters, which remove unwanted content based on the source-address. If this sounds complicated, don’t worry: it’s not.
Just add a few filters. Every time a webpage loads, Adblock will intercept and disable the elements matching your filters. See?- nothing to it.
Great! …but how do I add filters?
After you install / restart, an Adblock-item will be present in the tools-menu. This will launch Adblock’s prefs.
A selected filter can be edited by double-clicking or pressing ‘enter’. To remove it, press ‘delete’. New filters can also be added here or directly in the web-page: just right-click an ad and choose the Adblock option. For plugins, an Adblock-tab will appear atop or below the media: just click the “Adblock” text.
[Note: if you encounter a plugin, but don't see the Adblock-tab, don't worry -- the plugin is just cropped. Adblock has this covered. Choose "Overlay Flash" from the tools-menu, or type its shortcut. Now, you can directly click the overlay.]
Adblock supports two types of filters: simple, and Regular Expression.
A simple-filter is just a string of text with one or more wildcards (*). Regular expressions are much more complex, allowing precise control over filtering. In Adblock, as in all javascript, regular expressions must begin and end with the forward-slash: ‘/’.

More info about AdBlock here.

Vulnerability in the Internet Explorer

Week ago the UK group “Computer Terrorism” released a proof of concept exploit against patched versions of Internet Explorer. Microsoft is investigating this report of a vulnerability in Microsoft Internet Explorer on Microsoft Windows 98, on Windows 98 Second Edition, on Windows Millennium Edition, on Windows 2000 Service Pack 4, on Windows XP Service Pack 1, and on Windows XP Service Pack 2. Who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. Microsoft have also been made aware of proof of concept code and malicious software targeting the reported vulnerability.
You can visit Windows Live Safety Center and are encouraged to use the Complete Scan option to check for and remove this malicious software and future variants.

Lock down your browser

One of the most prevalent means for spyware and adware to be installed is through Internet Explorer. To prevent spyware and adware from installing without your knowledge and permission, you need to “lock down” Internet Explorer. There is a simple way to do this.
Continue reading Lock down your browser…

IE-SPYAD: Restricted Sites List for Internet Explorer

IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC.

Please note that IE-SPYAD is not an ad blocker. It will not block standard banner ads in Internet Explorer. What this Restricted sites list of known advertisers and crapware pushers will do, however, is:
# stop unwanted crapware from being installed behind your
back via “drive-by-downloads”;

# prevent the hijacking of your home page and other key
Internet Explorer settings;

# shut down ActiveX, Java, and scripting, all of which can
be employed to push obnoxious advertising on you and
compromise your privacy and security;

# block cookies, which can be used to monitor and track your
travels around the Internet;

# combat obnoxious script-based popups that clutter your
screen and force unwanted advertising on you.

>download here.

Microsoft Boosts Phishing Security

o enhance the protection offered by Microsoft Phishing Filter and Microsoft SmartScreen Technology, the company has roped in three new data providers, Cyota, Internet Identity and MarkMonitor. These companies will regularly provide Microsoft with information on confirmed phishing Web sites.

Microsoft Phishing Filter, introduced in July 2005, helps protect customers from phishing scams when they are browsing the Internet, and is available via the Phishing Filter Add-in for the MSN Search Toolbar, which launched in final release yesterday; and the upcoming release of Windows Internet Explorer 7 for Windows Vista, and Windows XP Service Pack 2, both currently in beta 1 testing.

The Microsoft Phishing Filter provides consumers with a dynamic online warning and protection system against phishing attacks in their browser, and a way to report possible phishing Web sites.

The phishing information provided by the phishing data providers, will also be used to help Microsoft SmartScreen Technology detect phishing scams in e-mail sent to MSN Hotmail and Windows Live Mail beta customers.

Phishing, a fast-growing class of online fraud and identity theft, often uses fake Web sites that resemble those of legitimate businesses, financial institutions or other trusted organizations, to trick victims into disclosing sensitive personal and financial information that can then be used for criminal activity. Phishing sites can often last as little as a few hours or a few days before they are shut down, making real-time browser protection critical to help effectively safeguard users.

Cyota, Internet Identity and MarkMonitor are now helping to bolster both the Microsoft Phishing Filter’s URL reputation service and SmartScreen Technology, with data feeds from their own unique sets of customers.

Cyota helps provide anti-fraud and online authentication solutions, Internet Identity helps provide early detection and rapid response de-activation of phishing attacks for clients ranging from banks and online services to credit unions, while MarkMonitor s fraud detection and response services monitor the Internet to help detect and confirm phish attacks and other online fraud on behalf of financial institutions and other corporations.

John L Scarrow, general manager – anti-spam and anti-phishing team, Microsoft Technology Care and Safety Group, said, “There is of course no silver bullet that can stop phishing, but we believe that the Microsoft Phishing Filter and SmartScreen Technology, when armed with continuously updated data from both great partners and our own users, can help make a significant difference for our customers worldwide. We are excited to be working with leading companies like Cyota, Internet Identity and MarkMonitor, to better protect our MSN and Windows Live and Windows customers, and help them feel more confident in their online safety.”

Although recent industry reports indicate that the spam problem may be on the decline worldwide, the threat of phishing continues to rise and has increased more than six-fold in the past year.