Microsoft confirms exploit in Internet Explorer 8 - Page 2

Herr-Berbunch · 05-30-13, 02:52 AM

Hey, Red - don't dis Netscape, for it is the daddy of all (or most) alternate Web browsers.

Cybermat47 · 05-30-13, 06:01 AM

Quote:

Originally Posted by Neal Stevens

Hey, I still use... oh, wait, I switched to Chrome....

I used Firefox, but my PC came with Chrome, so...

But I still prefer Firefox!

More functionality, less pointless features!

Skybird · 05-30-13, 09:23 AM

Quote:

Originally Posted by sidslotm

A

Skybird made some good points about chrome, maybe I should look there. But I do try to keep away from google in truth.

Google is a data kraken, and their business model depends on users being as vulnerable as possible and not caring to data mining and data allowing to profile them. It is against Google's very business interest to make it too easy for users to have a privacy-protecting application. So to make sure you really understood me: I made no points in defence of Chrome, I do not trust it. The malware situation is such that the browsers gets attacked a lot, but also gets updates quite often, but still: it attracts much attention by hackers. And that is why I hate that Opera now shares software components with Chrome: it increases the vulnerability of Chrome which so far was by far the lowest of all them browser, both due to the software code itself and the the small market share of less than 2%, which helped to leave it off most hackers's radar. It also has vey good priovacy protection features - whereas Google never should be trusted in these regards even if they ecplcitly say they do not do somehting or a switch is set to preventing privacy breaches - it is known that in the past they had dummy switches, giving people the impression of having switched off an unwanted feature breaching privacy, but in reality it was cosmetic only and the feature still worked on.

Has anyone experience with this browser, Iron? It bases on Chrome, but lreaves out all that privacy breaching crap. I do not know it, so my question is no rhetoric at all. So, does anyone know Iron?

http://www.srware.net/en/software_srware_iron.php

From the FAQ:

I don't know what it's about here. What is Iron?

Iron is an Internet-Browser like "Internet Explorer", "Firefox" oder "Opera". It is based on the "Chromium" Sourcecode. You can get Iron for free here.

I read about tools, which try to anonymize Chrome. Why not use these?

Right, there are tools, which try to do the same than Iron. But these don't work with the sourcecode and so they only provide a limited control. E.g. they can't disbale functions like th URL-Tracker.

Can i really check that Iron doesn't submit any private data, how you say?

Yes, you can. There are tools like Wireshark, which scan the whole network-traffic. We could not recognize any obvious activity. But you can proof this by yourself.
PS: We also disabled the DNS-Precaching by default, because this could perhaps used by spammers (see this Link)

Can't i just use an precompiled unchanged Chromium-Build from the Google Server?

This is not useful because the original Chromium-Builds have nearly the same functions inside than the original Chrome. We can only provide Iron because we massively modified the source.

---

Quote:

My favourite apps right now: Spybot S&D, CCleaner, Revo uninstaller, Defragger, all freebee's but I am looking into subscribing with Spybot as they do a virus plugin which might replace Security Essentials.

Have a payware security suite (antivirus, firewall), but check careful what you get, thewre is none that offers just psotives without demanding a price in negatives, may it be lower recognition rates, may it be software incompatabilities or system slowdowns. Also, I urge you to use a sandbox for b rowser and email. Sandboxie is free to use. Finally, to team up with the live AV scanner, use Malwarebyte'S Anti-Malware (payware offers live scanning, like your AV). Practically all dangerous sites blocked are not identified by my AV, but MBAM. Since summer I use a sandbox, and have not had any HD scanner results anymore. Not that I had many issues before, by far not.

It pays off to have your browser set to paranoid settings. The more comfortable and exciting your browsing experience is, I dare say the more unsafe your browsing is.

If the new Opera is released, currently it is a Beta, and security shows to be lowering, I will go back to IE, 10. Tightening it a bit and the microsoft browser is much better than its reputation. Many insiders indeed rate 9 and especially 10 as the safest browser out there, if considering the code only, not the frequency of attacks, which for Chrome, Explorer and Firefox all are quite high. Their market shares, some months ago, ranked each of them in the range from 25-40% or so. Opera is below 2%, and also said to be solid in its code. Guess which browser gets the smallest attention by hackers!

05-30-13, 02:29 PM

A lot of useful information Skybird, thanks.

I have already moved to Opera, it seems quite snappy and all I have to do now is work out how too use the favorites bar.

Google, Ebay and Amazon are the data krakens, (Iv'e never heard that expression before) but makes me laugh, maybe because it's true. When ever I visit one of these sites I get images all over the screen of what Iv'e been looking at for days afterwards. I use Ebay quite a lot, but boy do they keep track of what you doing, they'll be calling me by name soon, heh

On a plus, my latest version of Spybot S&D highlights and warns me of whats happening and will prevent the intrusion. Favorite home page search engine page right now is DuckDuckGo, an unobtrusive and uncluttered page.

happydays

Skybird · 05-30-13, 04:39 PM

Use Ghostery and A-d-b-l-o-c-k Plus as extensions in Opera, Ghostery I read is available for other browsers, too. Puts an end to opening windows and most adverts. The A -thing is one word, but I need to use the - - - else the forum software replaces the term with a string of *****

NotScripts also is recommendable, security-wise. But it lets your browsing feel a sting.

Use Sandboxie. -> In GT, I had a thread just weeks ago explaining it: http://www.subsim.com/radioroom/show...ight=Sandboxie

Skybird · 05-31-13, 07:54 AM

The more I read about this Chromium-based browser, Iron, the more I am tempted top try it once I need to abandon Opera 12. Quite some opinions and reviews label it as the "safest browser in the world". The list of critical "features" (breaches I would call some of them instead) that Chrome comes with and that are not part of Iron, is a strong argument.

It also is portable, and needs no installation - you can run it from an USB stick apparently, and this adds to the strong security standard. Google-typical snooping functions are left out, and due to lacking installation, no IDying of the user and the hardware takes place. It also has the in-build sandbox of Chrome, and features like an equivalent to the NoScripts Addon for other browsers. Javascript can be blocked easily as well, preventing websites to collect data that allow direct profiling and identifying of the user. The browser has an advanced cookie-management that also allows blocking/deleting of flash-cookies which can do much more harm to the system if abused for transporting malware, than normal cookies.

Since the browser has given the Google Update the boot, updating the browser must be done manually. This too is more secure.

Heck, i download this ting now and try to run it from stick. Let's see myself.

Herr-Berbunch · 05-31-13, 08:01 AM

My interest is piqued. Looking into Iron right now.

Rhodes · 06-06-13, 01:01 PM

Still use XP, IE8 and never had a problem. Now with firefox, had some!

06-07-13, 11:11 AM

I'm still testing Opera, no problems so far, other that it's slowed a little, but that might be my broadband connection, BT.

Personally I'm looking to remove IE8, not for any real reason other than re-install might improve things.

danasan · 06-07-13, 01:15 PM

Quote:
Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.
If anyone still uses it... /quote

I'm sooo glad that I still use IE 5... Just jokin'

I'd still say it's best to use an old rig for interweb only, don't keep personal data on it...

There's no safe internetz at all.

05-30-13, 02:52 AM	#16
Herr-Berbunch Kaiser Bill's batman Join Date: May 2010 Location: AN72 Posts: 13,203 Downloads: 76 Uploads: 0	Hey, Red - don't dis Netscape, for it is the daddy of all (or most) alternate Web browsers. __________________

05-30-13, 04:39 PM	#20
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,602 Downloads: 10 Uploads: 0	Use Ghostery and A-d-b-l-o-c-k Plus as extensions in Opera, Ghostery I read is available for other browsers, too. Puts an end to opening windows and most adverts. The A -thing is one word, but I need to use the - - - else the forum software replaces the term with a string of ***** NotScripts also is recommendable, security-wise. But it lets your browsing feel a sting. Use Sandboxie. -> In GT, I had a thread just weeks ago explaining it: http://www.subsim.com/radioroom/show...ight=Sandboxie __________________ If you feel nuts, consult an expert.

05-31-13, 07:54 AM	#21
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,602 Downloads: 10 Uploads: 0	The more I read about this Chromium-based browser, Iron, the more I am tempted top try it once I need to abandon Opera 12. Quite some opinions and reviews label it as the "safest browser in the world". The list of critical "features" (breaches I would call some of them instead) that Chrome comes with and that are not part of Iron, is a strong argument. It also is portable, and needs no installation - you can run it from an USB stick apparently, and this adds to the strong security standard. Google-typical snooping functions are left out, and due to lacking installation, no IDying of the user and the hardware takes place. It also has the in-build sandbox of Chrome, and features like an equivalent to the NoScripts Addon for other browsers. Javascript can be blocked easily as well, preventing websites to collect data that allow direct profiling and identifying of the user. The browser has an advanced cookie-management that also allows blocking/deleting of flash-cookies which can do much more harm to the system if abused for transporting malware, than normal cookies. Since the browser has given the Google Update the boot, updating the browser must be done manually. This too is more secure. Heck, i download this ting now and try to run it from stick. Let's see myself. __________________ If you feel nuts, consult an expert.

05-31-13, 08:01 AM	#22
Herr-Berbunch Kaiser Bill's batman Join Date: May 2010 Location: AN72 Posts: 13,203 Downloads: 76 Uploads: 0	My interest is piqued. Looking into Iron right now. __________________

06-06-13, 01:01 PM	#23
Rhodes Silent Hunter Join Date: Aug 2005 Location: Figueira da Foz, Portugal Posts: 4,515 Downloads: 110 Uploads: 0	Still use XP, IE8 and never had a problem. Now with firefox, had some! __________________ http://www.flickr.com/photos/16416646@N05/

05-30-13, 02:29 PM	#19
sidslotm Stowaway Posts: n/a Downloads: Uploads:	A lot of useful information Skybird, thanks. I have already moved to Opera, it seems quite snappy and all I have to do now is work out how too use the favorites bar. Google, Ebay and Amazon are the data krakens, (Iv'e never heard that expression before) but makes me laugh, maybe because it's true. When ever I visit one of these sites I get images all over the screen of what Iv'e been looking at for days afterwards. I use Ebay quite a lot, but boy do they keep track of what you doing, they'll be calling me by name soon, heh On a plus, my latest version of Spybot S&D highlights and warns me of whats happening and will prevent the intrusion. Favorite home page search engine page right now is DuckDuckGo, an unobtrusive and uncluttered page. happydays

06-07-13, 11:11 AM	#24
sidslotm Stowaway Posts: n/a Downloads: Uploads:	I'm still testing Opera, no problems so far, other that it's slowed a little, but that might be my broadband connection, BT. Personally I'm looking to remove IE8, not for any real reason other than re-install might improve things.

06-07-13, 01:15 PM	#25
danasan Elite Spam Hunter Join Date: Dec 2009 Location: Flensburg / Germany Posts: 1,141 Downloads: 39 Uploads: 0	Quote: Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message. If anyone still uses it... /quote I'm sooo glad that I still use IE 5... Just jokin' I'd still say it's best to use an old rig for interweb only, don't keep personal data on it... There's no safe internetz at all. __________________ "I invite you to go inside this submergible hole in the water where you can nicely hide from destroyers."