Attackers abusing Internet Explorer to enumerate software and detect security products

From http://www.alienvault.com/open-thre...orer-to-enumerate-software-and-detect-securi/:

 

It looks like EMET is proving itself worthy as a security utility.

 

Abusing Internet Explorer. How many hundreds of times have we heard different versions of this?

 

Internet Explorer is XPs Achilles heel. It will become a continuous source of exploitable vulnerabilities. EMET may be able to mitigate many of them but it is not a silver bullet. XP users should seriously consider getting rid of it with utilities like XPLite. Almost any other browser is better and more up to date.

 

I'm curious, is it possible to get rid of the IE HTML renderer? Because I believe that (on XP at least) that's integrated into Explorer. One might have to use 7zFM or such in place of explorer.

 

XP users can also use the trick 1803 to block downloads with I.E.8.
No danger of Drive-By-Download.

 

This won't help against exploits though.

 

Drive-by downloads are typically carried out by exploiting browser vulnerabilities or lowered security settings on your computer.

 

So we don't need MBAE, EMET or HMPA. We just set 1803 trick and we are fine?

 

Trick 1803, on XP, prevents drive-by downloads only with I.E.8.
If you use another browser vulnerable to remote ......
Sorry my bad English.

 

It's been a while since I've used it, but if I recall, it can be removed. You'll lose active desktop, web view on folders, etc, essentially going back to the way earlier versions of explorer worked. For anyone wanting to try XPLite, I strongly suggest making a full system backup first. Also make a copy of the existing Windows and system32 folders so you'll have available any IE components needed by some applications. Then go slow removing things, especially if you go into the advanced section. Removing some of those services will break things. As long as you have a backup of your original system, there's no real risk.

 

Forgot that I had XPLite on a virtual copy of XP. The renderer is removable separately. Here's a few screenshots from XPLite showing part of what it can remove.

 

is XP Lite essentially the same as nLite?

 

No. nLite is more of a redeployment tool that can also remove some components. XPlite is strictly for removing Windows components. Think of it as a big extension to the "add/remove windows components" function, but separate. Unlike nLite, XPLite does not require NetFramework.

 

Okay, I see, thanks!