Could it be possible that some one can check this link so to see if L'n'Sis at danger also from this problem? Thank you. http://news.com.com/Malicious code ...3-5886488.html?part=rss&tag=5886488&subj=news
i would guess that every program has its own set of vulnerabilities. however LnS could also share this problem due to its lack it of thorough component/process control or anything like teh OSFirewall or processguard features builtin.
If IE is not running yet, Look 'n' Stop will display the message "This application has started the following application, which connects to internet...", so it will detect the launcher program. If IE already started, the running instance will be used, and so it will bypass Look 'n' Stop. There is however a way to force the execution of a new IE process in some cases. When the DDE access is coming from a system execution (with ShellExecute, CreateProcesss...), it is possible to disable the DDE starting method like explained here: http://support.microsoft.com/default.aspx?scid=kb;en-us;256953 => this will cause a new process to be created when ShellExecute... are used, and so Look 'n' Stop will detect this kind of attempt (the one demonstrated by ZaBypass.exe). Yet, it remains the DDE direct access method, I guess it will work, is there any leaktest (or real troyan) using that ? Frederic
@Frederic This will obviously only work if IE is your default browser, since the zabypass.exe PoC uses the default browser. I have also had very mixed results with other browsers (IE based and non-IE based) as the default with the DDE off. http://outpostfirewall.com/forum/........postcount=24
This should work with any browser (I tested it with Opera) since it changes how URLs are handled by Windows Explorer.
hi frederic - i've only just caught up with this thread - i'm a little confused here when i click on your link i get "OLEXP: How to Configure Outlook Express to Open Links in E-mail Messages in a New Browser Window" is this the DDE fix? or am i missing something here?
Top, The link is the same as in the other thread i posted in. I can 100% assure you the details given on the MS www are the ones i followed to the letter. It may talk about OE but it applies to IE also. That's because it's actually a Windows Explorer issue that the fix is for. But it affects the URL settings for DDE with IE and OE etc etc and others too. StevieO
hi StevieO - i'm not really familiar with this whole DDE thing yet so was somewhat confused by the whole outlook express thing. is this a problem for windows 2000, 95 and 98 only? from what i can see there is no mention of XP anywhere? yours truly confused of tunbridge wells
Yes, this microsoft page is not specific to OE. It works as soon as the system is asked to "execute" an URL. I tested the Win2000 procedure on WinXP and it worked. Frederic
It is probably worth noting that this change should be made to https also ("URL:HyperText Transfer Protocol with Privacy").