New Internet Explorer vulnerability affecting all versions of IE

Discussion in 'other security issues & news' started by ronjor, Dec 22, 2010.

Thread Status:
Not open for further replies.
  1. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I think you need to re-read the thread, in specific:

    "Once again, you don't need either of those 3rd party products. EMET takes a whole 5 minutes to do and you're perfectly safe."

    My "hypocrisy" as you so put it was in response to you promoting an entire 3rd party installation, whilst it has pros, it has many cons. There is no need to install Sandboxie to prevent this exploit, suggesting people cripple their browsing experience, have themselves nagged by "buy this product" popups, and possibly cause further and even more serious problems to their PC's in future, is ludicrous to say the least. All when it can be prevented by a simple Microsoft tool.

    Do you see my point?

    Those are executable services not drivers. The network inspection service uses the Windows Filtering Platform. No drivers are required. Try launching autoruns from time to time.

    This is a debate about how to protect yourself from this exploit, I see no derailing short of you trying to bring up bad counter-arguments (MSE) to my argument of not using full blown 3rd party tools to solve this exploit, which is perfectly justified.

    EDIT: Are you on XP? It may be installing drivers on XP, as I no longer use it.
     
    Last edited: Dec 26, 2010
  2. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Hey Scoobs72... thanks for the reply. :)
    As for thread derailment, I think it all relates, and certainly a good many of us read the exchange with interest. :thumb:
     
  3. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    A comment or two from the sidelines... I was not/am not considering installing Sandboxie because of this one vulnerability. And while I have been doing some research on this program (and thus have no personal usage to draw from), I have not yet read of complaints about Sandboxie crippling the browsing experience. The "buy this product" nag screen has never been a concern of mine because I would probably purchase the software... it strikes me as a great deal. As for possibly causing "further and even more serious problems" to my PC in future, that is why I have a regular back up routine in place.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    As a user of both, I can tell my experiences, in a very resumed way:

    * Sandboxie only cripples browsing experience, etc., if settings are too restrictive. Considering only geek users would be messing around with such settings, I'm assuming they would be OK with it?

    Perhaps, even open a way to the downloads folder, and have one other mitigation in place like SRP/AppLocker/AE and alike tools to prevent installation.
    Just an example, though.

    Personally, I do not use Sandboxie to sandbox web browser. The web browser simply cannot download anything, anyway. I only sandbox the web browser when I want to save URLs, because Sandboxie allows the interaction I need with certain areas of the O.S.

    I also can show a recent experience with EMET; I came to the conclusion it was due to EMET.

    So, as you may see, nothing frees us from bad experiences. I believe some other person, just like my family members, would really freak out facing such experience. Way more than me. lol

    https://www.wilderssecurity.com/showthread.php?t=289625
     
  5. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I personally think you'd have to be a geek user to use it in the first place. I applaud anyone who has managed to teach a complete novice how to use Sandboxie without ever needing to ask for more information from you about it, which is why I've stopped installing it on other peoples PC's. I've tried teaching people in the past, but it would never work out. You can try teach them, but you can sure enough guarantee you'll get a phone call asking about something later in time. Hence why isolation/virtualization has never worked out for me.
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I do respect your view. But, IMO, and I believe it's the beauty of Sandboxie (I don't know how other similar apps work.), you can tweak it to a smoother coexistence between usability and security for such people.

    For example, you can allow direct access to Favorites, etc. Open a direct way to a downloads folder, and then force whatever gets download to one other sandbox, or simply have other mitigations in place, etc.

    Same for e-mail clients. Sandboxie will even do it for people, if the application is on its list. Geek users can even suggest more apps to be added, I guess. Any major browser and main e-mail clients are part of it.

    One just needs to find the right balance between usability and security.

    Even yesterday, I installed Sandboxie to a relative, but the laptop was taken before I could make a mention to it! I haven't heard any complains as of yet! lol

    I set it in such a way, that no issues are likely to happen. I'll set in a even more smoother way, by making some tweaks which I still hadn't done.

    Sandboxie simply allows it. And, from all apps I've used, is the one who less problems ever gave me... and these problems were related to minor glitches.
     
  7. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    Guys, calm down and perhaps, let's get back to the main topic please.

    elapsed has a point in that EMET comes from MS itself, costs nothing, works transparently and might help as a mitigation tool for such exploits, although his initial tone may seems a bit "harsh" on 3rd-party products like Sandboxie...

    Both Scoobs73 and moonblood has got a point that Sandboxie has it's own beauty (and glitches for some users if you check the forums) and may help more so than a workaround or a tool like EMET for example...but it doesn't prove to be an end-all solution for all users. Sandboxie isn't entirely a 'freeware' product (more of a 'nagware') and that paid users are the ones who gain the most out of it. Not everyone can afford to purchase it and learn/adapt to it's usage..

    Adding in other 3rd-party software here serves a good purpose but imagine the Defensewall/Geswall/Bufferzone/Returnil users all adding in to the discussion with their own 'recommendations'. It can become distracting and lead this thread to go way out of it's context in the 1st place....

    We can perhaps share our thoughts/experiences of Sandboxie and debate in regards to it's effectiveness/usability on other threads on this forumo_O
     
  8. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    I completely agree with safeguy. Let us keep this thread clean and discuss third party products in their respective threads.

    EMET is good free solution, which should be used for internet facing applications to mitigate zero-day threats without compatibility/performance issues.
     
  9. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I fail to see where a thread about a new IE vulnerability is no longer "clean" if (gasp!) 3rd party applications are discussed. Who annointed this thread to be about EMET?
     
  10. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    No one, 3rd party applications were being discussed, even if I disagree with them in this case. :) I think anything that prevents this exploit is relevant to this thread, even pulling out your internet cable, though I'd disagree with that one too :D
     
  11. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    As I thought. Thank you. And it is the disagreement that makes the thread valuable, in my opinion... and I'll furthermore add that I see no reason to tell anyone to calm down. It's discussion, not death threats. ;) It's how I learn! :thumb:
     
  12. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    I know and I agree. But let's face it - we've (at least I do) seen discussions turning out to be flame wars, name calling, etc. And it all usually start or sprouts out from a mere small disagreement. I see no reasons why a member of a forum can't give a 'reminder' to others to 'calm down' (before anything unwanted happens) over such a matter;) It doesn't always have to be the Mods to chip in and do that imo...a forum is a place of healthy discussion/debate more so than an argument chamber.

    We can always learn without having to put out disagreements all the time. :D
     
  13. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    @ safeguy, so why not discuss the topic? Advance the thread in that manner. I personally believe that telling participants to calm down is a reflection on your perceptions more so than what may actually be taking place. For instance, I never perceived that elapsed or Scoobs72 were angry. Telling someone to calm down when they are already calm is a distraction. Put it this way... I don't view it as constructive, which I am guessing you do. So advance the topic rather than attempt to regulate those already engaged in discussing it. I don't know what you are doing about the IE vulnerability. Maybe you don't use IE. Maybe you use 3rd party apps. Maybe not. You haven't said. You've just told people to get on topic and calm down.
     
  14. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    @Page42

    And why are you so keen on attacking me? You are putting words into my mouth by judging it as 'a reflection on your perceptions more so than what may actually be taking place'.

    Perhaps you don't "perceived that elapsed or Scoobs72 were angry". However, I saw a tone of displease or agitation (not necessarily anger) between the 2 in their later posts which I saw as a 'distraction'. By saying "calm down", I was hoping for a state of composure. Am I not entitled to say what I ''perceived" while you are? I hope not.

    All I did was to encourage the 2 to go back to the main topic. If you see that as a 'distraction', then I am sorry. It's kind of weird to see such a reaction over such a mere post of the words "calm down"...

    Right. I have not said anything because I wanted the others to go back on topic before I said anything. Unfortunately, I didn't expect such a strong opposition to my post. Please just forget our differences over this...I do not wish to derail this thread further.

    Back to discussion: ;)

    I don't use IE most of the times but that's a matter of personal browser preference more so than security issues. However, I've placed it under EMET. And according to the article:

    But wait: Has anyone considered or provide information on how much of a threat this is despite it's seemingly impactful headline? Does this vulnerability affect everyone? Is the use of it wide-spread in the real-word scenario?

    As far as I'm concerned over vulnerabilities, I don't need to take action all the time when a new vulnerability is discovered/discussed. Perhaps that's the culture here among some guys here at Wilders. Vulnerabilities are discovered nearly every single day. Does that mean we have to sit down and discuss each and every single option we have to 'cover the hole'? Even if we hardly see symptoms of it affecting us?

    Sometimes, to ignore certain issues is better than to take action. According to Marcus J. Ranum, "Penetrate and Patch" is a dumb idea.

    The Six Dumbest Ideas in Security


    And that is what I am doing. The word 'vulnerability' is so cool and threatening - people forget to KISS. EMET, Sandboxie, whatever the tool is - you can have a system that has been 'designed with flaw-handling in mind'. There's no need to argue among ourselves which works better than the other because it's all a matter of preference. That is my point.

    P.S. "Calm down" is just my way of saying 'relax guys'. Please take it as a friendly gesture rather than an "attempt to regulate". :)
     
  15. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    FYI, according to the article, the exploit is not "ITW"/being used. I don't believe it's public. So it's doubtul you will see any emergency patch. Will be either Janiary's or February's 2nd Tuesday of the month.
     
  16. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I'm thinking that EMET isn't that powerful for XP users, as it does not have ASLR.
    I wonder then if this vulnerability is sufficiently stopped by EMET on XP?
    @ safeguy, I'll take it as a friendly gesture, as you have recommended. :)
     
  17. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    461
    I don't know why you are telling him this when he has XP listed in his sig.
     
  18. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
  19. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  20. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Thanks for the heads up, MrBrian.
    Worth noting, imo...
    By the way, if the advisory is referencing milliseconds when it says that the workaround adds "150ms to the process start", that's about 1/8th of a second... geez, somebody needs to loosen up their schedule if they are concerned with having to wait an extra 1/8th of a second. :cautious:
     
  21. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    To install the workaround, click here:
    Anyone install it yet?
     
  22. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,797
    I've tried it. Install and forget...hardly see anything out of the ordinary.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.