I ran across three tests linked from IUIC.edu which I found interesting. The tests are benign and will not hurt your PC, but may provide you with useful info. If you use IE please take the IE vulnerability tests below and the privacy.net test also. If you don't use IE take the IE test anyway just for grins and the privacy.net test. The two IE vulnerability tests are: 1) Elmue's VBS vulnerability test http://www.netcult.ch/elmue/Security.htm note: in the middle of Elmue's page you will find your results. and 2) lockdown IE Vulnerability test http://www.lockdowncorp.com/bots/testyourbrowser.html note: do not turn off any of your defenses as the lockdown site suggests, click on the blue link "Test my Browser Now" 3) Finally for all browsers take the following test at privacy.net: http://privacy.net/ When you get there left click on "click here" for full analysis at the top left of your screen. For those who answered options 3, 4, 6 & 7 go to the link below and post your question on how to get passed the test(s) you had problems with. http://www.wilderssecurity.com/showthread.php?t=5367
Elmue (author of the VBS test), states the following: Because of the security hole in nearly all versions of Internet Explorer an unsafe VB Script can be executed if it is hidden in a Java Script Block, although the user has disabled it. He also states he has verified this security hole exists in the following versions of M$ IE: Elmue's script found the security hole in the following versions of Internet Explorer of my visitors : 4.72.3110.0001 4.72.3612.1713 5.00.2014.0216 5.00.2314.1003 5.00.2614.3500 (Windows 98 SE) 5.00.2919.6307 5.00.2920.0000 5.00.3103.1000 5.00.3105.0106 5.00.3314.2101 5.50.4134.0100 (Windows ME) 5.50.4134.0600 5.50.4522.1800 5.50.4807.2300 6.00.2462.0000 6.00.2600.0000 (Windows XP) 6.00.2800.1106 Mail Programs : Elmue states there also is another security hole in Outlook Express 5.0 to 6.0 and Opera, which allows a virus in an email attachment to install itself by merely looking at the email ALTHOUGH you did NOT open the attachment. The following is the result I (Peakaboo) got for Elmue's test and I would consider this to be the standard of what passing this test looks like: Results : Current Visual Basic Script Settings : Java Script not activated Secure Visual Basic Script not activated File access via Visual Basic Script not activated Registry access via Visual Basic Script not activated These drives exist on your computer: No access possible The Main folders of your harddisk(s) : No access possible Your Programs and Internet Favorites : No access possible Your "My documents" : No access possible Your Outlook Express Email Account(s) : No access possible Your Netscape Email Account(s) : No access possible Your Outlook Express and Netscape Addressbook : No access possible Userdata and registration numbers read from the Registry : No access possible
Hi peekaboo Interesting page, my results below. BUT 1 comment first on the ONE of above Sites you listed. LOCKDOWN CORP NO WAY, WITH SNOWY ON THIS Now, the Visual Basic scripts part is a little unsure wording on the site. Also my results vary from yours in the first scripts I am assuming by "Java Script [secure] activated" it means I have JS "SECURE" SETTINGS. Also "Secure Visual Basic Script not activated" seems to be contradictory to the next two lines whereby I am SECURE because I do not have them 'activated' ALSO, I checked my settings, and only allow 'Safe scripting' rest disabled/prompt PLUS: VBS CANNOT RUN ITSELF ON THIS SYSTEM because I use Wormguard [DiamondCS] and I have VBS along with JS in the Blocked-List Editor's lists and if VBS does try to activate auto/manually the below pic shows the message I get [worded by myself, lol] However, Passed all the other tests, NO "SECURITY HOLE" showed up. MORE SITES YOU CAN TRY PEEKABOO GFI Email Security Testing Zone: http://www.gfi.com/emailsecuritytest/ Qualys Browser Test: http://browsercheck.qualys.com/ Java Script (secure) activated Secure Visual Basic Script not activated File access via Visual Basic Script (insecure) not activated Registry access via Visual Basic Script (insecure) not activated These drives exist on your computer: No access possible The Main folders of your harddisk(s) : No access possible Your Programs and Internet Favorites : No access possible Your "My documents" : No access possible Your Outlook Express Email Account(s) : No access possible Your Netscape Email Account(s) : No access possible Your Outlook Express and Netscape Addressbook : No access possible Userdata and registration numbers read from the Registry : No access possible
Here are two more tests to chew on: Test page for Word documents in frames: http://www.computerbytesman.com/acctroj/iframe.htm this will test your Script Sentry, Script Defender, or other mechanism to defend against this vulnerability. ActiveX control vulnerability: http://www.computerbytesman.com/acctroj/axcheck.htm
Another good online test to keep you on your toes: info about the test: http://www.nsclean.com/axtest.htm to test your pc go to the above link read about the test and then click on: "click here to test your system" or direct link to test ( I suggest you read about the test first at the link above and follow the test link from there ): http://www.nsclean.com/exploit.htm
Thanks for the test, passed as usual but nice to have something to check them over once and awhile to see if I accidentally reset something.
more information about this "WSHOM.OCX" exploit: the immune result you should receive is as follows: You are immune to the "WSHOM.OCX" exploit ... congratulations on SAFE computing! You have both ActiveX and "Scripting" disabled on your computer. the point being made by the test is: You should ALWAYS operate Internet Explorer with "scripting" turned off completely and move any sites you actually *TRUST* to the "Trusted Sites" zone so that you can continue to protect yourself against rogue sites. ONLY those sites you really trust to use ActiveX or Javascript should be moved to "Trusted sites." By following these safe practices, you won't be burned. What can happen if you don't use the above safe practices: for those who go the prompt me route for active x & JS ... contrary to safe practices... " ...we've received reports from a number of people who have visited some nasty sites that they never received the opportunity to decline these rogue ActiveX controls. In other words, they never received warning that an unsafe ActiveX control was going to be run and as a result, their hard disks were erased, systems destroyed or at minimum, encountered trojan horse back doors placed on their system without ANY warning at all. " Any "trusted site" which requires Javascript and ActiveX controls should *ONLY* be permitted to run in the "Trusted sites" zone after being physically placed there by the end user and should NEVER be allowed to run in the "Internet Zone." This is the reason why we've made this test available - so you can determine if you're at risk and make the necessary adjustments to secure your computer. http://www.nsclean.com/axtest.htm (test at bottom of the page) Also see reply #9 here: http://www.wilderssecurity.com/showthread.php?t=5367;start=0#lastPost
After having gone to the site mentioned by Peakaboo, I decided to employ the 'Trusted' site technique and I disabled scripting completely in the Internet zone. I fully expected to run into problems at DSL Reports running the speed tests, etc., but I figured I could place that site and my homepage in the 'Trusted Sites' list. But then I ran into problems at the MS Update site; the MSN/Hotmail site; the Yahoo site; and the MyWebAttack.com site; along with the NetGear configuration utility, and practically every site that I visit for 'convenience' sake, which, aside from security considerations, IS the main reason I use a computer on line in the first place. So far, I have 16 sites listed in "Trusted Sites". What I then came to realize is that I did not like the 'low' security level of some of the default settings, and had to go back and boost them up a couple of clicks. This is not to say that it can't be done; what I'm saying is that it's all well and good to advocate for high levels of security; but in the real world there are trade-offs. And even though I've mentioned it before, I'll say it again: I have no idea where all of you are getting inundated with all of these viruses and trojans and evil scripts, but maybe you need to think about the sites you frequent as much as burying yourselves behind all of these defenses. Just my two cents worth. sk
Good point sk... Most valuable protection for pc is between the ears (for most anyway). ;-* Not familiar with the site don't click on the link. Layered defenses help protect if/when one has a momentary lapse in good judgement. me too!
Hi mate! Well, I didn't pass the test! I have Word 2000 along with XP Home and the test got Word propulsed in no time! I downloaded AnalogX but it still does it. The AnalogX configuration is set by default, should I add a doc extension? Yeah, I noticed that strange behaviour even before that test but since my AV didn't start fussing I thought it din't matter too much! http://groups.msn.com/_Secure/0RQDiAqIU3M3AXjmgmI15DXzbzVIprlK9ct2oGlz8nAp0V6BBORZBe6aBaMDWMJ6naTYQ2eVHL1uUTY9m57jp1kKAxLpWcPzaTJ4!3Cp1te0/lune-14.gif?dc=4675397854022365468Bye! Uguel
Hi M8, Exactly, just add the .doc extension and SD will defend against this exploit. I think you can add a total of between 31-34 extensions b4 SD can't handle anymore. When you add too many extensions, SD reverts back to default extensions soo B careful when you get past 31 extensions. Go here and here for additional ideas of extensions to add.
Another set of interesting on-line tests: http://www.finjan.com/mcrc/sec_test.cfm if you have followed this thread and some others concerning on-line test sites, you should have no problem with the the 5 exploit categories listed at the above url.
Peakaboo, thanks! Sorry if I reply late for I've been so busy lately. Done! No, I haven't had unpleasing Word starting windows since I did it. Nice tip! --I'll check your links-- Thank you! Uguel707