E-Musings Mon Immorata

Paradise Lost: Is Netscape Nobody's Child? New Internet Explorer vulnerability makes a case for an alternative browser Oh dear! There's another new Internet Explorer-related flaw to spoil the party. Of course, Microsoft tried about a month ago to cast off the IE ship and attendant Outlook Express rowboat. But the clamor from the shore front made them reconsider. Seems the most popular free browser and the best free email client out there are not ready to be abandoned. Actually, I think Outlook Express is the best free email and news client: two excellent good utilities for nothing more than the cost of downloading a great browser. A previous column mentioned that in tests, IE outperformed Netscape, Mozilla, Opera, and AOL's browser in page rendering. As for you die-hard Netscape fans, you've been lied to in the best American corporate tradition. I read that Netscape has been Mozilla with a different name since Version 4.7 (which coincidentally is about the time Netscape started manifesting a bug epidemic). While the open-source Mozilla browser kept evolving, and improving. Netscape was nobody's child, stuck in a time warp of AOL Time Warner's making. And was patched subsequent to Mozilla. Instead of it being the other way around. And Netscape 7 is the runt of the Mozilla family; it's actually a disguised version of Mozilla 1.0. But that's taking us away from this week's main focus: a Trojan than redirects IE from over 100 well-known URLs to an IP address with mala fide (malicious) intent. Qhosts (Delude.B) although classified as low-risk by anti-virus vendors, redirects infected systems from legitimate sites like AltaVista, Google, Lycos, MSN and Yahoo to a fixed IP address that's since gone offline, causing the virus to go into a loop and crash IE! The new flaw lies in the way IE is supposed to determine Object Types (see also Microsoft Security Bulletin MS03-032 released August 20, 2003). I think this failure is another RPC-type update that was improperly tested to begin with and where the security team failed to plug all the holes. A theory borne out by the updated patch released October 3, 2003, that assists IE in correctly determining the right object type. However, while this cumulative update includes Internet Explorer patches released with bulletins MS03-004, MS03-015, MS03-020 and the afore mentioned MS03-032, it cause window.showHelp() to cease functioning unless you apply the HTML Help update (see Knowledge Base article 811630). HTML Help is used by several programs, including some Windows versions to display the Help file. As the specific vulnerability may also impact upon Windows Media Player, you need to patch this software too (see Knowledge Base Article 828026) to prevent the Player from auto-launching URLs when running in the Local Zone (security settings disabled). The real risk with such viruses lies in the ability for the malicious to embed virus' code into scripted (HTML) email that when previewed would self-execute. And while I agree with the view that Microsoft's not doing enough to protect users and is willfully exposing us to malicious attacks at the same time, there are lots of little-documented traps we can engage. Like the OE feature to view all HTML mail in the Restricted Sites zone. And the feature to render all mail as plain text. And to block potentially harmful attachments (usually enabled by default in OE 6). You can also change IE's settings (Tools > Options > Security > Custom Settings) by disabling ActiveX or better seeking explicit user permission before permitting execution. And by switching to an alternate browser like Firebird; even if it renders pages slower. And like the locked front door to your home, you definitely need a good firewall program. As well as an intelligent anti-virus software with a mail scanner. Have all these in place and the chances of an accidental infection are greatly reduced. After all, you don't secure the main entry into your home with a cardboard sheets now do you? And while you're bolting those doors, and installing security grills, do take time to check out this excellent FAQ on TCP/IP ports most commonly attacked by Trojans. The site is also a treasure trove on more IP-related information about Trojan attacks. I erred last week with nPOP. It's a crappy, ill-formed software that's no replacement for Popcorn; even if your are a masochist. So either dig out an old copy of Popcorn, or begin using OE6 in fully-locked down condition. OE does POP as well as IMAP. And if you've been tracking Betas, there have been 2 MyIE2 releases this week. The first with several significant improvements to the code base resulting in a faster rendering speed. The second because Latin characters in the previous version were rendering incorrectly. And reader Anand wrote me rather indignantly that CD Burner XP Pro is a rip-off because at 8 MB it's bigger than Nero, doesn't support MP3 burning and is slow. It is larger than old Nero but definitely smaller than Nero 6 that clocks in at 14 MB! And it can't encode WAVs to MP3 because there's no included Fraunhofer MP3 conversion codec. Yes, it is slower by a few seconds but its write speed is also very dependent on the hardware. And I've experienced better write speeds with a cheaper Samsung CD Writer than with either an HP or an Iomega! Besides it's 100% free compared to Nero. So why the long face? That's all I have time for this week. Lemme rap the next time around. Click Here to Email Me