Vista - Infection Resolving Team

**NormCameron** · 12-21-2008

Just an update to explain the latest IE patch

"Security Update for Internet Explorer 7 in Windows Vista (KB960714)
Published 18th December 2008
Update type: Important

Security issues have been identified that could allow an attacker to compromise a system running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft.

While that doesn’t tell us much, the knowledge base article (or “KB”) 960714 referenced does spill the beans.

Fundamentally, it was discovered that program code – of a malicious person’s construction – be executed on your computer, if a user views a specially crafted web page with IE.

In particular, a rogue script can allocate a block of memory (an array) then apparently release it without updating the array’s length, meaning that the block of memory still remains preserved.

Then, if data binding is enabled (which it is, by default), a rogue web page can take advantage of an incorrect handling of certain XML tags within IE to cause the browser to pass control to the supposedly free memory location.

If the script had pre-filled that memory with actual executable instructions then the author has effectively been able to cause your computer to do something of their bidding, under your user credentials."
iTWire - Why the latest IE flaw proves Linux got it right from the start

**Neverhavemoney** · 12-21-2008

Norm,
Thanks a ton for that post man. Wicked inforative and gave me a ton of info. I had to read it 3-4 times before everything sank in but now i understand.

Also do you think Comodo's Memory firewall is worth installing?
I think i might give it a try. It is suppose to protect ageinst oveflows so i think i might give it a try.

Also, people can write test codes to test there AV and such. Is there any way to do this for a overflow?
Just a yes or no would be great.
No one wants an infraction

**NormCameron** · 12-22-2008

Quote: Originally Posted by Neverhavemoney

Norm,
Thanks a ton for that post man. Wicked inforative and gave me a ton of info. I had to read it 3-4 times before everything sank in but now i understand.

Also do you think Comodo's Memory firewall is worth installing?
I think i might give it a try. It is suppose to protect ageinst oveflows so i think i might give it a try.

Also, people can write test codes to test there AV and such. Is there any way to do this for a overflow?
Just a yes or no would be great.
No one wants an infraction

"Also do you think Comodo's Memory firewall is worth installing?"

Well, a reserved yes. It is is not that well tested, but works the same as No-Script in Firefox (I think) by denying scripts from running, unless you agree. If you are using IE I don't think it would hurt. But, I don't think you should be using IE at the moment. I still recommend Firefox with No-script and/or Browser Defender. ( These both do a similar job, Browser Defender doesn't block scripts, but gives you a visual warning of safe or unsafe sites.

"Also, people can write test codes to test there AV and such. Is there any way to do this for a overflow?"

I don't know why you'd want to unless you were a pretty clued in programmer. There is a stack of info out there on buffer overflows, and nothing you could write would, I think, be as sophisticated as the nasties that AV's and browsers already protect against. You'd need a really good understanding of the target program's code. And it takes a really bright spark to come up with a new twist. A buffer overflow is simply bad programming, and that's why they need to patch with better, tighter code to eliminate the programming error.

Norm

Norm

GHOHO · 12-22-2008

Hi there! I am knew to this fourm i dont have much experyance but i can tell u that from my experyance thet norton 2009 w/internet security is doing it job i had old laptop w/win xp every time some tipe of virus gets in i think it was trojen horce it dosent remove it unles the virus is active i have contacted there tech support they wanted to charge me 40 per insedent when there software spose to remove it and it wasnt i tryed avg it found it and removed it ......nedless to if i could be of any help please rely on me thanks and keep up the good work!!!!!!!!!!!!!!

**NormCameron** · 12-22-2008

Quote: Originally Posted by GHOHO

Hi there! I am knew to this fourm i dont have much experyance but i can tell u that from my experyance thet norton 2009 w/internet security is doing it job i had old laptop w/win xp every time some tipe of virus gets in i think it was trojen horce it dosent remove it unles the virus is active i have contacted there tech support they wanted to charge me 40 per insedent when there software spose to remove it and it wasnt i tryed avg it found it and removed it ......nedless to if i could be of any help please rely on me thanks and keep up the good work!!!!!!!!!!!!!!

Hi GHOHO and welcome to the forums. Good to have you here

Norm

**PainlessTorture** · 12-22-2008

NormCameron
Just finished reading your posts in here. We are very lucky to have you

**RichFrogg** · 12-22-2008

Quote: Originally Posted by Fmjc001

NormCameron
Just finished reading your posts in here. We are very lucky to have you

I second that!

**Neverhavemoney** · 12-22-2008

Well noted GHOHO.
How familiar are you will Security?
Just wondering.
Ben

**NormCameron** · 12-22-2008

Quote: Originally Posted by RichFrogg

Quote: Originally Posted by Fmjc001

NormCameron
Just finished reading your posts in here. We are very lucky to have you

I second that!

Thanks guys, just trying to help, as we all are. Keep going, you are doing well.

Norm

**dinesh** · 12-22-2008

I recently installed Norton Inrternet Security 2009. Its one of the best security suite i have ever seen. Also, takes less CPU and memory resources.

Here are some of its features: -

Antivirus
Spyware protection
Two-way firewall
Identity protection
Antiphishing
Network security
Botnet protection
Rootkit detection
Browser protection
Internet worm protection

Intrusion prevention
OS and application protection
Web site authentication
Pulse updates
Norton™ Insight
SONAR™ behavioral protection
Antispam
Parental Controls & confidential
information blocking More Info
Recovery Tool*
Norton Protection System

Find out more on www.symantec.com

12-21-2008	#111 (permalink)
NormCameron Windows 7 Ultimate 32 bit Beta, Vista Ultimate x86 1,082 posts	Re: Security Team Just an update to explain the latest IE patch "Security Update for Internet Explorer 7 in Windows Vista (KB960714) Published 18th December 2008 Update type: Important Security issues have been identified that could allow an attacker to compromise a system running Microsoft Internet Explorer and gain control over it. You can help protect your system by installing this update from Microsoft. While that doesn’t tell us much, the knowledge base article (or “KB”) 960714 referenced does spill the beans. Fundamentally, it was discovered that program code – of a malicious person’s construction – be executed on your computer, if a user views a specially crafted web page with IE. In particular, a rogue script can allocate a block of memory (an array) then apparently release it without updating the array’s length, meaning that the block of memory still remains preserved. Then, if data binding is enabled (which it is, by default), a rogue web page can take advantage of an incorrect handling of certain XML tags within IE to cause the browser to pass control to the supposedly free memory location. If the script had pre-filled that memory with actual executable instructions then the author has effectively been able to cause your computer to do something of their bidding, under your user credentials." iTWire - Why the latest IE flaw proves Linux got it right from the start
My System Specs

12-21-2008	#112 (permalink)
Neverhavemoney Windows Vista™ Home Premium 398 posts	Re: Security Team Norm, Thanks a ton for that post man. Wicked inforative and gave me a ton of info. I had to read it 3-4 times before everything sank in but now i understand. Also do you think Comodo's Memory firewall is worth installing? I think i might give it a try. It is suppose to protect ageinst oveflows so i think i might give it a try. Also, people can write test codes to test there AV and such. Is there any way to do this for a overflow? Just a yes or no would be great. No one wants an infraction
My System Specs

12-22-2008	#113 (permalink)
NormCameron Windows 7 Ultimate 32 bit Beta, Vista Ultimate x86 1,082 posts	Re: Security Team Quote: Originally Posted by Neverhavemoney Norm, Thanks a ton for that post man. Wicked inforative and gave me a ton of info. I had to read it 3-4 times before everything sank in but now i understand. Also do you think Comodo's Memory firewall is worth installing? I think i might give it a try. It is suppose to protect ageinst oveflows so i think i might give it a try. Also, people can write test codes to test there AV and such. Is there any way to do this for a overflow? Just a yes or no would be great. No one wants an infraction "Also do you think Comodo's Memory firewall is worth installing?" Well, a reserved yes. It is is not that well tested, but works the same as No-Script in Firefox (I think) by denying scripts from running, unless you agree. If you are using IE I don't think it would hurt. But, I don't think you should be using IE at the moment. I still recommend Firefox with No-script and/or Browser Defender. ( These both do a similar job, Browser Defender doesn't block scripts, but gives you a visual warning of safe or unsafe sites. "Also, people can write test codes to test there AV and such. Is there any way to do this for a overflow?" I don't know why you'd want to unless you were a pretty clued in programmer. There is a stack of info out there on buffer overflows, and nothing you could write would, I think, be as sophisticated as the nasties that AV's and browsers already protect against. You'd need a really good understanding of the target program's code. And it takes a really bright spark to come up with a new twist. A buffer overflow is simply bad programming, and that's why they need to patch with better, tighter code to eliminate the programming error. Norm Norm
My System Specs

12-22-2008	#114 (permalink)
GHOHO i have both x64 and 32bit 1 posts	Re: Security Team Hi there! I am knew to this fourm i dont have much experyance but i can tell u that from my experyance thet norton 2009 w/internet security is doing it job i had old laptop w/win xp every time some tipe of virus gets in i think it was trojen horce it dosent remove it unles the virus is active i have contacted there tech support they wanted to charge me 40 per insedent when there software spose to remove it and it wasnt i tryed avg it found it and removed it ......nedless to if i could be of any help please rely on me thanks and keep up the good work!!!!!!!!!!!!!!
My System Specs

12-22-2008	#115 (permalink)
NormCameron Windows 7 Ultimate 32 bit Beta, Vista Ultimate x86 1,082 posts	Re: Security Team Quote: Originally Posted by GHOHO Hi there! I am knew to this fourm i dont have much experyance but i can tell u that from my experyance thet norton 2009 w/internet security is doing it job i had old laptop w/win xp every time some tipe of virus gets in i think it was trojen horce it dosent remove it unles the virus is active i have contacted there tech support they wanted to charge me 40 per insedent when there software spose to remove it and it wasnt i tryed avg it found it and removed it ......nedless to if i could be of any help please rely on me thanks and keep up the good work!!!!!!!!!!!!!! Hi GHOHO and welcome to the forums. Good to have you here Norm
My System Specs

12-22-2008	#116 (permalink)
PainlessTorture Windows Vista™ Ultimate x64 471 posts	Re: Security Team NormCameron Just finished reading your posts in here. We are very lucky to have you
My System Specs

12-22-2008	#117 (permalink)
RichFrogg Vista Home Premium x64 69 posts	Re: Security Team Quote: Originally Posted by Fmjc001 NormCameron Just finished reading your posts in here. We are very lucky to have you I second that!
My System Specs

12-22-2008	#118 (permalink)
Neverhavemoney Windows Vista™ Home Premium 398 posts	Re: Security Team Well noted GHOHO. How familiar are you will Security? Just wondering. Ben
My System Specs

12-22-2008	#119 (permalink)
NormCameron Windows 7 Ultimate 32 bit Beta, Vista Ultimate x86 1,082 posts	Re: Security Team Quote: Originally Posted by RichFrogg Quote: Originally Posted by Fmjc001 NormCameron Just finished reading your posts in here. We are very lucky to have you I second that! Thanks guys, just trying to help, as we all are. Keep going, you are doing well. Norm
My System Specs

12-22-2008	#120 (permalink)
dinesh Windows 7 RTM 64-bit 1,264 posts	Re: Security Team I recently installed Norton Inrternet Security 2009. Its one of the best security suite i have ever seen. Also, takes less CPU and memory resources. Here are some of its features: - Antivirus Spyware protection Two-way firewall Identity protection Antiphishing Network security Botnet protection Rootkit detection Browser protection Internet worm protection Intrusion prevention OS and application protection Web site authentication Pulse updates Norton™ Insight SONAR™ behavioral protection Antispam Parental Controls & confidential information blocking More Info Recovery Tool* Norton Protection System Find out more on www.symantec.com
My System Specs

Similar Threads
Thread	Forum
Re: Cannot Uninstall Visual Studio 2005 Team Suite & Team Explorer	.NET General
Problem with IP resolving	Vista security
Resolving a pointer in quickwatch?	.NET General
IE7 not resolving after SP1 install	Vista security