November 15, 2004
More IE Insecurities
While IFRAME-related security flaw makes for another reason to junk Internet Explorer, Maxthon update fixes problem
Discovery of yet another Internet Explorer (IE) security vulnerability makes a strong case to upgrade your browser to one that's more contemporary. Your choices include Firefox, Opera, and Maxthon.
The new vulnerability is caused by boundary errors in IFRAME, FRAME, and EMBED HTML tags. According to Secunia Advisory, the vulnerability can be exploited to cause buffer overflows via a malicious HTML document containing overly long strings in the "SRC" and "NAME" attributes of the IFRAME tag. Successful exploitation allows execution of arbitrary code and also affects programs using the IE ActiveX component, including Outlook, Outlook Express and browser add-ins. Either when browsing web pages or reading HTML format mails.
The vulnerability has been confirmed in (fully patched) versions of Internet Explorer 6.x on Windows 2000 and Windows XP SP1. But doesn't affect systems with Windows XP SP2 installed. The Advisory is rated "Extremely critical" as a working exploit is available on public mailing lists. A variant of the MyDoom virus is now also exploiting this vulnerability!
And as of November 15, 2004 Microsoft hadn't released a patch for IE, you could instead download the free IE Secure add-in from MySoft Technologies: developers of the equally popular Maxthon (formerly MyIE2) browser. The latest version, Maxthon 1.1.067, includes the update and resolves 'save as' problems when multiple tabs share the same title.
Maxthon fans will also be pleased to learn they no longer need to download every new version upgrade. Instead the software auto-downloads and installs updates to both browser and any installed plug-ins. However unlike Firefox, where new updates are indicated by a tiny arrow icon on the menu bar, Maxthon (as yet) doesn't visually indicate update availability.
As a Maxthon/IE user if you were missing a plug-in to analyze and debug web pages, you no longer need to switch to Firefox and its Web Developers Toolbox. The new PowerBand plug-in works with IE, MyIE2 and Maxthon. Features include dynamic HTML analysis, tracking and editing. The Help files are a bit grammatically-challenged but suffice.
There's also a new Opera 7.60 Preview 3 (build 7321) available. Besides numerous bug fixes, the browser start-up dialogs have been modified. With the option to switch between Internet Suite and Browser-only versions removed. The messaging client has been dynamically integrated. And you can choose to load new pages inside an existing tab or in a separate window. The new Start bar (visible for blank pages) drops down from the URL field.
However, the auto-resize tab bar is missing for Windows 2000. In spite of a wholly fresh install. However on Windows XP it came back. For those who too are unable to use auto-resizing, the browser displays 4-5 active tabs, with the remained hidden, but accessible, via a navigation arrow to right of the Tab bar. Yet while you can view other windows, there's no easy way to delete these open tabs. I wish Opera could wrap open tabs like Maxthon does. Other enhancements include new keyboard shortcuts to Preferences (Ctrl + F12) and Customize (Shift + F12). You can also fit a page's content to the window width, with the option to apply this format enhancement when printing pages. View the changelog for everything that's been added, enhanced or fixed.
I also found a neat, and free, file splitting tool. Chainsaw requires no setup. and it can handle input files sizes exceeding 2 GB. With each data chunk being 2 GB (max). Pre-defined chunk settings are included. And you can also save custom settings. And redirect the output files to any path. The application has also been fully localized and takes the region setting from Windows.
In other updates, Gaim, too has been updated to v1.0.3 with several bug fixes. This multi-service (AIM, ICQ, MSN, Yahoo, IRC, Jabber) and platform (Linux, BSD, MacOS X, Windows) open-source chat client uses the GTK 2.0 toolkit. And allows you to access multiple buddies on different networks simultaneously. It's my chosen messenger client at work so I can chat with in-company users (on Jabber) as well as on Yahoo and MSN. And best of all Gaim also supports logging in with different IDs simultaneously!
With an increase in spyware, there are several public information sites about viruses and spyware. One of which, Virus-Radar, comes from
Eset, creator of the NOD32 antivirus. The site is devoted to virus research and emphasizes analysis of email viruses. Statistics are supplied by a large European ISP using Eset's antivirus technology to process over a million messages a day!
The Spython.com Web site, named after the antispyware tool included in iolo's System Mechanic suite offers a searchable database of known spyware, adware, key loggers, Trojans, and other unwanted programs as well as current listings of the newest and most prevalent spyware. You can also report a new spyware problem to the site's researchers.
I would like to point out that my Trend Micro Internet Security 2005 copy, that combines antivirus, firewall, and spyware blocker, seems to have stemmed the tide considerably. Random weekly scans of my hard drive (using competing products like Ad-Aware Personal and Spybot Search & Destroy) have so far revealed just one tracking cookie. Meanwhile I have voluntarily decided not to continue with the CounterSpy Beta program. At least not until the software reaches the point of being a valuable tool in the fight against spyware.
And finally, do checkout EverNote, a free (in Beta) Microsoft OneNote replacement with some really advanced features. I'm still evaluating the product. And hope to offer my take in a forthcoming column. The developers is looking for as many Beta testers as they can find to make EverNote the best note manager. Beta testers who actually contribute with bugs and usable feature suggestions stand an excellent chance of winning a permanent serial number when the software goes gold.
That's it for this week. Stay Safe until next
Click Here to Email Me
Post a Comment