Securing Ie?

GovernmentSecurity.org > The Archives > General Network Security

The_deViL

Apr 6 2004, 06:18 PM

Many of you probably know how many epxloits it's circuling for IE right now. And since neither MS or Symantec seem to do anything about them I assume I have to find a solution elsewhere. Personally I am using mozilla firebird, but I still want to secure my IE since I am responsible for several desktop computers where the users simply do run IE.

My idea:
Wouldn't it be possible to make a very thin "Net nanny*" client that instead of looking out for bad words check for malicious code. The code is easy to check for. But I am not sure how to make this client.

*: For those of you who don't know net nanny is a anti-porn software. Designed to stop the user from accessing pornagraphy and bad language.

Question:
Or is it possble to block CHM files out of IE. Because the newest exploit takes use of the very-known bug by tricking IE into downloading the CHM file and run it. And the CHM file, once on the desktop has permissions to write to files due to another IE exploit. Great itsn't it?

I have no intention to put the malicious code on here because I don't want to spread it further, even though it is widely known already. It's the same technique as porn dial-ups use. But by using a x-scriptlet (<object>) it's possible to d/l and execute any CHM file. Therefor, by making a client that looked out for the end-user code, specially CHM (I don't use them otherwise) and blocks or replace the code the security could rise to a higher level.

Porn-dialers may sound rather inocent (so to speak), but it take about five minutes to take that porndialer and make it d/l say.. pwdump and windump and FTP the password HASHES and computers IP, Name, Installed programs and other very sensitive information. Or install a backdoor, or.. you get the picture.

JMP

Apr 6 2004, 08:00 PM

Wow, i never knew there was exploits like that for IE, and that they were so widely spread. And that they can so evil things. Im glad i never use IE, and almost never use Windows

AgentOrange

Apr 6 2004, 08:20 PM

Dude, trying to secure IE would be like trying to patch a fish net. You don't know what part of IE the next 0-day sploit will affect. Thus you can't make some kind of end all patch. If you are worried about the current vunerablity in CHM files, use FireFox.

M$ dosn't take care of there clients. Inturn is you are conserned about secuirty

DON'T USE M$ PRODUCTS.

peace out

tweakz20

Apr 6 2004, 08:36 PM

there's ALOT of IE exploits and they're pretty public (well, for people that look for it anyway)

you can make this stuff not happen by changing default IE settings
IE toolbar > Tools > Internet options > Security tab > Internet > Custom Level

.NET Framework-reliant components
Run components not signed with authenticode
O - PROMPT
Run components signed with Authenticode
O - prompt (don't know if there's a spoofer or something to fake it)

ActiveX controls and plug-ins
Download signed ActiveX controls
O - Prompt
Download unsigned ActiveX controls
O - Disable
Initialize and script ActiveX controls not marked as safe
O - DISABLE (default)
Run ActiveX controls and plug-ins
O - prompt
Script ActiveX controls marked as safe for scripting
O - enable
(skip downloads)

Microsoft VM
Java permissions
O - High safety

Miscellaneous
Access data sources across domains
O - Disable (it's defaulted for me...)
Allow META REFRESH
O - Enable (don't see how it could cause problems)
Display mixed content
O - Prompt
Don't prompt for client certificate selection when no certificate or only one certificate exists
O - disable
Drag and drop or copy and paste files
O - enable
Installation of desktop items
O - Prompt
Launching programs and files in IFRAME
O- Prompt
Navigate sub-frames across different domains
O - Enable
Software channel permissions
O - Medium safety or high
Submit unencrypted form data
O - Prompt (will point fake webpages)
Userdata persistence
O - Enable (should be fine)

SCRIPTING
Active scripting
O - Prompt (might get annoying, but it will help)
Allow paste operations via script
O - Enable
Scripting of Java applets
O - prompt (might get annoying again)

Ok, Privacy tab
Medium High is what I use, you can use Edit to add different webpages to accept or whatever

Advanced tab is another one to edit... but i don't have the time to type it all.. lol

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Securing Ie? GovernmentSecurity.org > The Archives > General Network Security The_deViL Apr 6 2004, 06:18 PM Many of you probably know how many epxloits it's circuling for IE right now. And since neither MS or Symantec seem to do anything about them I assume I have to find a solution elsewhere. Personally I am using mozilla firebird, but I still want to secure my IE since I am responsible for several desktop computers where the users simply do run IE. My idea: Wouldn't it be possible to make a very thin "Net nanny" client that instead of looking out for bad words check for malicious code. The code is easy to check for. But I am not sure how to make this client. : For those of you who don't know net nanny is a anti-porn software. Designed to stop the user from accessing pornagraphy and bad language. Question: Or is it possble to block CHM files out of IE. Because the newest exploit takes use of the very-known bug by tricking IE into downloading the CHM file and run it. And the CHM file, once on the desktop has permissions to write to files due to another IE exploit. Great itsn't it? I have no intention to put the malicious code on here because I don't want to spread it further, even though it is widely known already. It's the same technique as porn dial-ups use. But by using a x-scriptlet (<object>) it's possible to d/l and execute any CHM file. Therefor, by making a client that looked out for the end-user code, specially CHM (I don't use them otherwise) and blocks or replace the code the security could rise to a higher level. Porn-dialers may sound rather inocent (so to speak), but it take about five minutes to take that porndialer and make it d/l say.. pwdump and windump and FTP the password HASHES and computers IP, Name, Installed programs and other very sensitive information. Or install a backdoor, or.. you get the picture. JMP Apr 6 2004, 08:00 PM Wow, i never knew there was exploits like that for IE, and that they were so widely spread. And that they can so evil things. Im glad i never use IE, and almost never use Windows AgentOrange Apr 6 2004, 08:20 PM Dude, trying to secure IE would be like trying to patch a fish net. You don't know what part of IE the next 0-day sploit will affect. Thus you can't make some kind of end all patch. If you are worried about the current vunerablity in CHM files, use FireFox. M$ dosn't take care of there clients. Inturn is you are conserned about secuirty DON'T USE M$ PRODUCTS. peace out tweakz20 Apr 6 2004, 08:36 PM there's ALOT of IE exploits and they're pretty public (well, for people that look for it anyway) you can make this stuff not happen by changing default IE settings IE toolbar > Tools > Internet options > Security tab > Internet > Custom Level .NET Framework-reliant components Run components not signed with authenticode O - PROMPT Run components signed with Authenticode O - prompt (don't know if there's a spoofer or something to fake it) ActiveX controls and plug-ins Download signed ActiveX controls O - Prompt Download unsigned ActiveX controls O - Disable Initialize and script ActiveX controls not marked as safe O - DISABLE (default) Run ActiveX controls and plug-ins O - prompt Script ActiveX controls marked as safe for scripting O - enable (skip downloads) Microsoft VM Java permissions O - High safety Miscellaneous Access data sources across domains O - Disable (it's defaulted for me...) Allow META REFRESH O - Enable (don't see how it could cause problems) Display mixed content O - Prompt Don't prompt for client certificate selection when no certificate or only one certificate exists O - disable Drag and drop or copy and paste files O - enable Installation of desktop items O - Prompt Launching programs and files in IFRAME O- Prompt Navigate sub-frames across different domains O - Enable Software channel permissions O - Medium safety or high Submit unencrypted form data O - Prompt (will point fake webpages) Userdata persistence O - Enable (should be fine) SCRIPTING Active scripting O - Prompt (might get annoying, but it will help) Allow paste operations via script O - Enable Scripting of Java applets O - prompt (might get annoying again) Ok, Privacy tab Medium High is what I use, you can use Edit to add different webpages to accept or whatever Advanced tab is another one to edit... but i don't have the time to type it all.. lol This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.