Slashdot Mirror

← Back to Stories (view on slashdot.org)

Corporate Servers Spreading IE Virus [Updated]

Posted by CowboyNeal on from the ill-and-infectious dept.

uncadonna writes "ZDNet is reporting that corporate web servers are infecting visitors' PCs. The combination of two unpatched IE security holes and hacked corporate websites is apparently distributing malware via several high-credibility sites. ZDNet says users have 'few options' other than alternative browsers or platforms." Update: 06/25 14:50 GMT by J : A reader points out Microsoft's What You Should Know page. Here's the short version for avoiding this Critical severity attack: you must install add-on software, and change multiple settings in multiple programs, thus causing "some Web sites to work improperly." By changing more settings, you can regain functionality for a particular site if "you trust that it is safe to use," which you have no way of knowing. Or try Firefox. Update: 06/25 19:30 GMT by J : Reuters reports the attack installs a keysniffer which can steal credit card numbers, passwords, and so on. The story offers safety tips, but fails to mention that, after patching the hole, many users will be infected without their knowledge. Shouldn't the "fix" include ceasing to type anything important into your computer until you purchase software which can detect and remove the Trojan? And will you be downloading that software with Mastercard or Visa?

73 of 1,028 comments (clear)

  1. Re:yes by LooseChanj · · Score: 2, Informative

    http://www.opera.com

    --
    Mix the failings of Usenet with the shortcomings of the World Wide Web and the result is slashdot.
  2. Don't Forget Opera by koniosis · · Score: 4, Informative

    Opera also offeres a very decent alternative to both IE and Mozilla/Firefox.

    --
    I spent ages trying to think of sig, but never did :(
    1. Re:Don't Forget Opera by ajs318 · · Score: 2, Informative

      Opera is closed source. For all you know it could be infested with just as many nasties as IE. I mean, it probably isn't; but you just don't know, do you?

      Here is my postulate: The only way you can trust any software is through independent audit of the source code.

      Whether that's you yourself, or somebody to whom you have paid a sum of money. Relying on what the software supplier -- or their hired goons -- have said, is asking for trouble. Somewhere in between the two extremes, lies a third option: just let enough ordinary people, independent of yourself and the author, look at the source code -- and cling with all your might to the assumption that if anybody spots something nasty, then they will speak out, just because they have no good reason not to.

      If anyone knows another way that software can be made trustworthy, beside independent source audit, please feel free to enlighten me. Until such a time, I stand by my assertion that open source software is more likely to be trustworthy than closed source, varying with the validity of the aformentioned Great Assumption.

      --
      Je fume. Tu fumes. Nous fûmes!
    2. Re:Don't Forget Opera by numark · · Score: 2, Informative

      If you're a web developer or work for a company that does anything related to web development (this covers well over half of all Slashdot users), you can get free licenses for Opera that take the standard ads off of the browser. I've included a link below to the donations page. Just fill it out and in a day or two they will send you a code that you can use to disable ads on your Opera installation(s).

      Opera Donations Program

      --
      Want Slashdot headlines on your site? Try SlashHead
    3. Re:Don't Forget Opera by WIAKywbfatw · · Score: 2, Informative

      1. There is a free ad-supported version. And, because of the way the ads are served, you're browsing speed isn't constantly compromised.

      2. There's a pay, ad-free version. This is what I and tens (hundreds?) of thousands of others have on their computers. Opera is the best browser out there, and there are a lot of people out there who believe that it's worth paying for quality (cf BMW, Mercedes, Rolex, Zippo, etc).

      --

      "Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
  3. What really happens... by ibjhb · · Score: 5, Informative

    Since the article is very vague, what happens is that once they compromise the IIS server, they modify each site on the server to write a document footer to every page. The document footer calls a DLL placed in the %windir%\system32 directory. The DLL writes a line of JavaScript to each page which redirects the user to a remote server to download the malicious code.

  4. Re:Wonder How Microsoft Will React by pyrosoft · · Score: 4, Informative

    You mean like CNN?

    --
    Great spirits have always encountered violent opposition from mediocre minds. Albert Einstein
  5. Security Advisories by Lars+T. · · Score: 5, Informative

    US-CERT and Internet Storm Center. Less talk, more information.

    --

    Lars T.

    To the guy who modded me down from perfect to terrible Karma - Apple haters still suck

  6. Ask Microsoft by m00nun1t · · Score: 4, Informative

    http://www.microsoft.com/security/incident/downloa d_ject.mspx

    Linked to from their home page, has been for quite a few hours. Gives more information, including an inference that the server portion is self propogating, and that (contract to /.) that a patched PC is safe.

    --
    Read reviews of shopping cart software
  7. How to kill it by SpinyManiac · · Score: 5, Informative

    I think this is the one I caught at work.
    No security restrictions in IE will stop it.

    I caught it here:
    http://www.yetanotherhomepage.com/j7xx/j7xx .html
    There's a reason that this one isn't a link. ;)

    I killed mine like this (Windows 2000):

    Delete these:
    C:\Winnt\System32\Swin32.dll
    C:\Winnt\Sys tem32\Automove.exe
    C:\Winnt\System32\Trans.exe

    And this:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windo ws\Curr entVersion\Run
    [Adstartup] C:\Winnt\System32\Automove.exe

    Seek and destroy Swin32.dll in the registry
    Take out all of the CLSIDs it occurs in.

    --
    It's never too late to have a happy childhood.
    1. Re:How to kill it by Glock27 · · Score: 2, Informative
      No security restrictions in IE will stop it.

      I don't think this is correct. If you turn off "Active Scripting" for the "Internet Zone" you should be invulnerable, AFAIK. Specifically, it is a Javascript exploit.

      Check out the CERT advisory.

      --
      Galileo: "The Earth revolves around the Sun!"
      Score: -1 100% Flamebait
  8. Re:The great firewall of ... Western countries by RayTardo · · Score: 2, Informative

    Doesn't a high proportion of spam come from the USA?

  9. Microsoft's Response by prandal · · Score: 4, Informative

    What You Should Know About Download.Ject

  10. Re:Wonder How Microsoft Will React by NeoThermic · · Score: 4, Informative

    >> Well the simple solution is, unless you're into just microsoft bashing, is to PATCH YOUR SYSTEMS.

    That would work, but the article states that there are no patches as of yet for these two secuirty holes...

    From the article:

    "The researchers believe that online organized crime groups are breaking into Web servers and surreptitiously inserting code that takes advantage of two flaws in Internet Explorer that Microsoft has not yet fixed."

    NeoThermic

    --
    Use my link above, or to view my server, NeoThermic.com
  11. Microsoft Published Workaround by Anonymous Coward · · Score: 2, Informative

    Corporations

    Home users

    And make sure IIS dudes applies all former patches!

  12. Re:MSN Search is infected by Anonymous Coward · · Score: 2, Informative

    This is nonsense, their search engine will return a zero byte file if the URL ends in .exe instead of a 404 page. I have no idea why.

    Try:
    http://search.msn.com/blah.exe

  13. Re:Is it an IE only exploit? by Jarnis · · Score: 4, Informative

    In Real Browsers javascript is sandboxed and it cannot do anything harmful. This thingy uses javascript to perform IE-only exploit.

  14. Re:Wonder How Microsoft Will React by MarkGriz · · Score: 3, Informative

    Once again it's UNPATCHED USERS who are having problems

    Not sure what article you are reading (maybe it's changed?).

    This one (from ZDNET, which is the one linked to in the story) states:

    "This time, however, the flaws affect every user of Internet Explorer, because Microsoft has not yet released a patch."

    --
    Beauty is in the eye of the beerholder.
  15. Can anyone tell me how to develop for Mozilla then by kahei · · Score: 5, Informative

    I really wish I could switch to Mozilla (ok, Firefox). My co-workers are switching to Firefox. My users are switching to firefox. But I can't, because I have no idea how to implement my pet project as a mozilla-type plugin.

    All it has to do is read in a dictionary file, then catch the 'new page loading' event, perform morphological analysis on the page, and edit the page as it loads to include ruby tags and/or something to display definitions in the toolbar. That's it! It's fairly computationally intensive and sometimes the right html to insert at a given point is a bit of a guessing game, but it's not rocket science. But HOW THE FORK DO I DO IT IN MOZILLA??

    PS Yes I have rtfm and no I cannot implement the analysis algorithm usefully in javascript and yes I do have to insert ruby tags, as well as regular javascript that talks back to the plugin, into the page on the fly.

    Considering the amount of research that seemed necessary to get it working in the minefield of IE, I expected that I would be quite capable of figuring it out in mozilla, but it just seems to be an order of magnitude harder.

    I would be grateful for advice (eg a pointer to a similar project). Or failing that, remarks on the lines of 'if u cant use mozilla u r lame u lame wind0z3 lu20r hehe l8trz' would also be fine.

    --
    Whence? Hence. Whither? Thither.
  16. I had been infected. by ITman75 · · Score: 3, Informative

    I was infected by stratics.com They use a third party pop up ad services and one of the ads is what installed the malware. It installed Lycos and STI on my machine, plus other junk.

    It ended up embedding itself everywhere in my registry. After an hour of deleting all registry entries and even uninstalling IE6 and then reinstalling it, My search section of IE was still Lycos and banner ads would show up in it.

    The only option i had left was to format and reinstall micosux windcrap.

  17. Re:Wonder How Microsoft Will React by Ford+Prefect · · Score: 4, Informative

    You can change the name of Firefox completely with Firesomething - although I use it primarily for the random comedy names.

    Go, Mozilla Firebadger!

    --
    Tedious Bloggy Stuff - hooray?
  18. The exploit installs fun stuff by Jarnis · · Score: 4, Informative

    http://www.f-secure.com/v-descs/padodorw.shtml

    Seems like a nice keylogger. It also installs another trojan. Virus vendors seem to be getting on the ball. Also the site which distributes the payload is currently dying under the load. The virus is apparently bit too succesful for it's own good.

  19. What about this? by GrumpyDeveloper · · Score: 5, Informative

    There's apparently a newly discovered exploit in IE that can compromise an IE user's machine THROUGH AN IMAGE ON A WEB PAGE.

    So any server that allows posting of graphics (eBay, many discussion forums, etc) can be "infected". Even those running Linux. The only solution is to stop using IE and pray that Firefox, Mozilla, Opera, etc. exploits are few and far between. Article on graphics exploit here.

    1. Re:What about this? by julesh · · Score: 3, Informative

      Hmmm... it seems the exploit is limited to denial of service, which isn't exactly serious. Essentially, windows appears to trust the calculated image size, and attempts to allocate a huge amount of memory.

    2. Re:What about this? by Anonymous Coward · · Score: 1, Informative

      I'm still running IE 4 on Solaris.

      http://www.microsoft.com/unix/ie/default.asp

  20. How to tell and Fixes by arrogance · · Score: 4, Informative
    According to M$, if you've applied the update, then you're OK.

    The Internet Storm Centre has good information about what will be on your box if you're already infected.
    One reader (thanks, Ben!) submitted a list of files found on his compromised IIS server. The files he sent us included: Code snippits.doc iis6xx.dll (multiple copies, where xx varies) iis7yy.dll (multiple copies, where yy varies) Download_Ject_Symantec.doc ipaddress.txt issue.csv ads.vbs agent.exe ftpcmd.txt security_log.rtf
    I think they're in \winnt\system32\inetsrv

    Sorry about the duped links but more fixes, less FUD please. Yes, evil empire blah blah blah, but how about we tell people how to fix the problem instead?
  21. Re:The Google Toolbar & Such by Anonymous Coward · · Score: 4, Informative

    Google Toolbar:
    http://googlebar.mozdev.org/

    And please name a few sites that only work with IE.

  22. Re:MSN Search is infected by Divlje+Jagode · · Score: 5, Informative
    If that post is related (msits.exe) then you have real shit going on when you get highjacked:
    This popped up six windows which installed both the default-homepage-network hijacker and also some nasty stuff [...]

    This crashed Windows Media Player and then it was overwritten with a small windows executable (I have it if you want it) - this was called wmplayer.exe and was in the Windows Media Player folder. The real Windows Media Player had been deleted. [...]

    The next time a WMP media file was accessed the new wmplayer.exe file ran and installed lots of adware, junkware, spyware etc, etc. [...]

    Now, I use K-meleon and privoxy for 99% of my browsing and only switch to IE when I can't do otherwise.

    AVG free edition sygate personal firewall and Spybot seach and destroy (site down) will complete your collection nicely. Might want to have a look at Hijack this and this tutorial as well.

    Yes, this is a lot of work for the price of keeping windows running. Some people don't have a choice... Me, as soon as my favourite IDE gets ported to Linux, I'll swap ;-)

    Seriously though, if there are any other tools you guys use to try and keep windows secure, please share.

  23. Re:The Google Toolbar & Such by arabagast · · Score: 2, Informative

    ehrm,, The google toolbar, for one, does work in mozilla/firefox.

    --
    Doolittle : ...What is your one purpose in life?
    Bomb no.20 : To explode of course.
  24. Partly... by AzrealAO · · Score: 2, Informative

    It does say a patched PC is safe, but you need Windows XP Service Pack 2 RC2 in order to be safe.

    However, it does say that Windows 2000 Servers with IIS 5.0 without an already released patched are the infecting machines.

    Reports indicate that Web servers running Windows 2000 Server and IIS that have not applied update 835732, which was addressed by Microsoft Security Bulletin MS04-011, are possibly being compromised and being used to attempt to infect users of Internet Explorer with malicious code.

  25. Importing Favorites. by SpinyManiac · · Score: 4, Informative

    Importing Favorites is easy.

    Either let it import them during installation (it will prompt you), or go to the File menu and click on Import...

    I'll assume you're having just a bad day. ;)

    My problem is finding "Compose ONLY in plain text" in Thunderbird. If it's there, I can't find it.

    --
    It's never too late to have a happy childhood.
    1. Re:Importing Favorites. by Skweetis · · Score: 3, Informative
      My problem is finding "Compose ONLY in plain text" in Thunderbird. If it's there, I can't find it.

      It's not too obvious or intuitive. Go to Tools->Account Settings->[Your Account]->Composition and Addressing and de-select "Compose Messages in HTML Format" (This is for Thunderbird 0.7). I don't know why they put it here and not with the rest of the Compose options under Tools->Options. Oh, well.

    2. Re:Importing Favorites. by Yer+Mom · · Score: 2, Informative
      My problem is finding "Compose ONLY in plain text" in Thunderbird. If it's there, I can't find it.

      It's under "Composition and Addressing" on the account settings. You don't get asked whether you want it on or not when setting up the account, either - you have to go in after setting it up and tweak it there.

      Bad Thunderbird. No biscuit!

      --
      Never mind Spamassassin. When's Spammerassassin coming out?
  26. Re:Little things by Anonymous Coward · · Score: 5, Informative

    Honestly, I've not really made the switch myself. The main reason is actually kind of petty, hotkeys. I've become very used to things like shift-clicking a link to bring up extra pages or hitting ctrl-enter after typing in a word to add the http://www. and .com to it. I've been working with IE for long enough that it's second nature to use those keys. Yes, I'm sure that other browsers have ways to do these things, but one gets used to not having to think browsing the web, so learning new keys feels like a fair burden.

    I wont comment on your other problems with switching. But you could at least try these things with FireFox. As it turns out both of those hotkeys do exactly the same thing as IE under FireFox. Just tried it with 0.9.

  27. Re:Wait, you mean this ISN'T a vulnerability in IE by Jarnis · · Score: 2, Informative

    Non-IE users *ARE* safe. The redirect might work, but that's irrelevant since the payload in the (now-offline, totally overloaded server) does not load up unless you are using IE. It actually served multiple payloads, and one of those abused yet-unpatched IE hole.

    So mozilla etc are still safe.

  28. Re:Is it an IE only exploit? by julesh · · Score: 3, Informative

    Javascript is sandboxed in IE, too. The problem is, the IE sandbox leaks...

  29. Old news by swm · · Score: 3, Informative
    In the the 2001 May Cryptogram, Bruce Schneier writes
    I am regularly asked what the average Internet user can do to ensure his security...
    6. Browsing. ... If at all possible, don't use Microsoft Internet Explorer.
    11. General. ... If possible, don't use Microsoft Windows.
  30. Re:Hmmm.... by nine-times · · Score: 2, Informative

    It's not just warez and porn, though. C-net's Download.com offers software that is "freeware" but spyware infected. I find people all the time who have installed some program that syncs their system clock with an internet server, or checks the weather outside, or puts an animated cat on their screen, or some other cutesy program, that seems to have been developed for the sole purpose of spyware delivery.

  31. Why alternative browsers may not be possible by ManyLostPackets · · Score: 5, Informative

    I work at a bank. A lot of the applications used internally are web apps that require IE... Mozilla/Opera aren't an option because those apps require MSJVM (Microsoft Virtual Machine - no joke), Active X or other proprietary MS technology.

    I'm not talking simple forms here, this for Foreign Exchange transactions.

    Certificates, multiple passwords, encryption...all moot

    1. Re:Why alternative browsers may not be possible by Glock27 · · Score: 4, Informative
      I work at a bank. A lot of the applications used internally are web apps that require IE... Mozilla/Opera aren't an option because those apps require MSJVM (Microsoft Virtual Machine - no joke), Active X or other proprietary MS technology.

      Sounds like your IT director has done a horrible job and should be fired.

      You would have been much better off implementing that stuff in a browser agnostic, standards compliant way, using Java for any heavy lifting required.

      --
      Galileo: "The Earth revolves around the Sun!"
      Score: -1 100% Flamebait
  32. Here's a few by SpinyManiac · · Score: 1, Informative

    WindowsUpdate is an obvious one.
    Microsoft support - try to search the knowledge base.
    Here's a non MS one.

    It amuses me that you can't search MS's knowledge base to fix IE if IE is dead. On the other hand, Windows is probably dead if IE won't run.

    --
    It's never too late to have a happy childhood.
    1. Re:Here's a few by Smthng · · Score: 2, Informative

      What are you doing?

      In this post you say that the last one of yr links given above is infected. Now you give it as a regular link without any warning of infection ?

  33. Re:Wonder How Microsoft Will React by cameleon · · Score: 5, Informative
    Some responses:
    1. This has been debated to death by Mozilla fans. Just give it some time, or download another theme.
    2. Extensions will be included in 1.0, I think. But there's nothing really missing for someone switching from IE; most extensions are icing for power users.
    3. I find Firefox settings very nice for a beginner/someone switching from IE. If you need to dig into about:config, you're not a stereotypical user.
    4. Because they are not working right yet. Check bugzilla if you want to know the details.
    5. This, I agree with. I'd remove all the buttons immediately, but for people coming from IE, it would be useful.
    6. No idea, I have a keyword ('g') set up for google searching.
    7. Here, you're just wrong. The installer asks on install if you want to import settings from IE, and I believe there's also a menu item to do it later.
    8. That's because shift-click saves a page. Try ctrl-click.
    9. I find it is instantanious on my 900 MHz Athlon, but this depends a lot on your computer. For me, it's the opposite: IE draws the window borders, then sits there for a few seconds before I can do anything with it. And Firefox still speeds up with each release.
    In short, you don't sound like a typical user; you're more likely a power user, and as a power user, you're expected to dig for a few options. Otherwise, the options dialog would be too overwhelming.
  34. Re:Little things by npistentis · · Score: 3, Informative

    ctrl+enter works in firefox. install mouse gestures, and you'll have 10x more functionality than you had with hotkeys. need a new page? middle-click! you can keep IE around for the occasional game, but believe me when i tell you that its worth it to switch.

    --
    Gentlemen, you can't fight in here! This is the War Room!
  35. The only reason I still have IE is... by Kevin108 · · Score: 2, Informative

    To pay my cable bill online. They don't have the site setup to correctly identify Mozilla. It thinks it's an old version of Netscape. Haven't tried it with Firefox yet, come to think of it... I don't use Composer or Mail and News, so I could definitely make the switch from Mozilla 1.7 to Firefox.

    --

    It's a perfect time for being wasted.
    A perfect time to watch the stars.
    - Burden Brothers, "Beautiful Night"
  36. Re:yes by Anonymous Coward · · Score: 5, Informative


    http://www.mozilla.org
    Two things:

    1. Don't use an account that has elevated priviledges.
    2. Don't install the latest security patches for I.E. 6.0.

    The article mentions that the exploit takes advantage of the recently announced vulnerability in I.E. that an advertising company was exploiting. My testing of this vulnerability revealed that it would be unsuccessful if you didn't use a priviledged account. And oddly, at least with the previous exploit, the code wouldn't run until I installed the latest security updates. A generic install of Windows XP or one with SP1 didn't appear to work. Odd.

  37. How to configure Internet Explorer by yeremein · · Score: 2, Informative
    1. First, install an alternate browser.

    2. Go to Control Panel | Internet Options | Advanced | Multimedia, and uncheck "Show pictures". (FDA warning: I have not verified that this setting prevents this image exploit from infecting your system, since I don't know of any infected servers. But it will at least force you to use the alternate browser we installed in Step 1.)

    3. Switch to the Security tab, and move Internet into "high". This will disable most forms of scripting. However, It also disables the Windows Update site. You can add windowsupdate.microsoft.com to a list of trusted sites (it will give you the instructions when you try to visit it in this mode), but I'd be very careful with that, since I do not doubt that the Windows Update site is very high on the crackers' lists of sites to infect. (Wouldn't that be ironic?)

    FWIW, I don't know whether setting Internet zone security to "High" disables the automatic Windows update feature or not. I'll tell you as soon as there's a critical update to be notified of.

  38. Re:Wonder How Microsoft Will React by Anonymous Coward · · Score: 1, Informative

    I read your points, and I honestly can not understand what you are talking about. Are you confusing Firefox with some other browser?

    1. Yes the previous theme was better. But it's _real_ easy to install new themes.

    2. no idea.

    3. The settings have been carefuly chosen to be newbie friendly. I haven't had to touch anything. What is not newbie friendly about it's default behaviour?

    4. nfi what you're talking about here.

    5. Less is more for a new user. Just make it easy for a power user to add buttons. By default Opera is a huge orgy of buttons and things, and it takes me quite a while to clean it up. I'm the sort of user that likes less clutter.

    6. What? I just tried it, it absolutely does NOT do that.

    7. What the hell? The installer has this feature, and you can go to file->Import to import stuff using a "wizard".

    8. Try middle-mouse-button click.

    9. Not to bad on my machine, but they could probably use some optimisations here.

    All in all, I suspect your are using Firefox 0.1 or something, not the latest (0.9).

    These are certainly not real reasons to continue using IE. I mean, holy hell, IE?!?! It's the worst browser ever.

  39. Re:Infected ferociously by julesh · · Score: 2, Informative

    The best approach for this kind of thing: kill everything that starts automatically in your registry and win.ini files, and then quickly switch your machine off, ASAP after you've saved your changes to win.ini, without going through shutdown. Just pull the plug. With any luck, you've prevent them from putting themselves back into those locations and now you can delete them normally.

    I had similar problems removing a piece of shit known as CoolWebSearch from a friend's machine.

  40. Re:Can anyone tell me how to develop for Mozilla t by IamTheRealMike · · Score: 4, Informative
    I don't know how to do it as the page loads but for performance you probably want to edit the page after it's loaded, so at least the user can see the images etc.

    Basically: create an XPCOM component in C++ (if JavaScript or Python are too slow for you) which performs the computation. Mark your XPCOM interface as scriptable, use the typelib compiler to expose it to javascript then pass in the browser DOM so it can be edited by your component. Then write an extension to catch "page loaded" and pass the DOM to the loaded XPCOM component. I think that should work.

  41. Do NOT use Internet Explorer... by sufehmi · · Score: 2, Informative

    ...if you want to be able to browse safely on the Internet.

    That's the advice I give to my friends after I saw this page:
    http://web.archive.org/web/20030603192725/http://w ww.pivx.com/larholm/unpatched/

    (too bad that page now no longer host that information :(

    There are more holes in IE than a piece of Swiss cheese, and Microsoft doesn't seem to be concerned if that will cause you to be accused of collecting child porn.

    Full details of securing a WIndows workstation can be read here. HTH.

  42. Re:The Google Toolbar & Such by C_Kode · · Score: 2, Informative
    Apart from that, Firefox is the ideal browser at the moment.

    I like Firefox but I have to disagree. I spend alot of time implementing technologies I've never worked with before so I spend alot of time scouring the web for information. I find the Opera broswer superior in this case. Here are the reason I prefer Opera.

    • Having Find In Page on the tool bar. (Yes, you can hotkey is from other broswers I know)
    • Google on the tool bar (Yes I know Firebird has it)
    • The ability to layout all the tool bars just as I like them. (tabs at the bottom!)
    • z-axis of tabs are maintained based on the last time the user used each tab. If I have 5 tabs open while working and I'm working with the 3rd and 5th tab and I close the 3rd tab I like the 5th tab to be showing, not the one adjacent to the tab just closed.
    • The print preview button. It helps print webpages that print like... You know what I'm getting at ;)
    • The New button on the toolbar to open new tabs
    • Many more options dealing with popups.
    • Mouse gestures
    • The ability to disable pictures at the click of the mouse
    • Quick access to most major broswing options but just hitting F12
    • Full screen mode by hitting F11
    • The ability to change the rendering size of any webpage by a drop down box on the toolbar (I hate when people override the users default rendering settings, just is a MAJOR plus to Opera)
    • It's extremely fast and light wieght


    The bad?

    • The horrible default look, but that can be changed to any theme you want or even a custom theme.
    • The advertizing on the toolbar. I don't use a dialup so it really doesn't bother me. At 1280x1024 it's relatively small and unobtrusive.
    • While it renders *most* websites there are a few that it doesn't render so well. I keep Firefox on had for those. I also have IE as a thrid broswer for a few sites also because a few sites (mostly streaming radio stations) are IE only.


      • Other than that I love the broswer.

        For those that have never tried it I would recommend trying it. The Windows version is more polished than any other version that I've seen, but I still my prefered broswer on Linux also.
  43. Google provides a nice list of sites by mrkitty · · Score: 4, Informative

    http://www.google.com/search?q=%22217.107.218.147% 22&hl=en&lr=&ie=UTF-8&start=20&sa=N&filter =0 Personally I'd rather know the list so I don't get infected, but then again I use netscape so....

    --
    Believe me, if I started murdering people, there would be none of you left.
  44. Re:But How Many People Will Switch? by jcupitt65 · · Score: 2, Informative
    The most broken site I've found is the Odeon cimema page. They are using dHTML to make their nav elements float about in some funky, stupid way and it's useless in any mozilla browser.

    (I'm not knocking moz, I love it, just that there are some sites that don't work)

  45. Re:Can anyone tell me how to develop for Mozilla t by Tyndareos · · Score: 4, Informative

    Maybe it's not as you want is, but a similar plugin already exist: http://moji.mozdev.org/

    Studying this source might be useful for your own project.

  46. what is it missing? (Re:The Google Toolbar & S by cascadingstylesheet · · Score: 4, Informative

    I can't operate without the google toolbar, which has no complete mozilla equivalent.

    Um, what exactly is the mozilla google toolbar (http://googlebar.mozdev.org/) missing that you can't do without?

    Remember, it doesn't need popup blocking (Mozilla does that itself).

  47. Re:Wonder How Microsoft Will React by berzerke · · Score: 2, Informative

    Until they tried to reach an "active X required" page...

    Of course, it is generally advised to turn off activex for security reasons...Although there is a plugin to run activex in Mozilla ( http://www.iol.ie/~locka/mozilla/mozilla.htm ).

  48. Re:Wonder How Microsoft Will React by LordBodak · · Score: 2, Informative
    They still do.

    Luna and Luna Blue.

    --
    LordBodak's journal.
  49. The solution to every web problem in Windows by allio · · Score: 5, Informative
    Layers of protection.

    Base: An up to date host file. This can probably block 95% of web nasties, regardless of source, yet is overlooked by most people.
    Second: Proxomitron. The second browser-independent tool, it's a relatively little-known local proxy that filters the crap (including more ads than virtually every other solution) from a webpage before feeding it to your browser. Also handily removes most of the ActiveX and Javascript that causes these exploits. I simply cannot recommend it enough. In addition, it's fully configurable, and there are plenty of people out there who will write custom filters to get rid of any sort of ad that slips through.
    Third: Firefox. I hesitate to suggest Opera because I don't feel it's as high a quality a product, and is closed-source, meaning it could be almost as susceptible to this stuff as Internet Explorer, should the bad guys aim their sights on it.
    Fourth: In-browser plugins such as Adblock, which probably won't do much to stop this particular problem, but are nice to have around regardless.

  50. Re:Infected ferociously by PalmerEldritch42 · · Score: 2, Informative
    Ooooh CoolWebSearch really pisses me off. I have had to clean it off of several co-workers computers recently. Nothing seems to fix it! Until... There is a new utility that I found recently that is specific to this malware. It is called CWShredder.exe. It will fix all known variants of CWS. You can get it from:

    Majorgeeks. there are other mirrors aound, too.

    --
    Ceci n'est pas une sig.

    :wq!

  51. Re:yes by Anonymous Coward · · Score: 1, Informative

    Funny? Er... OK.
    Links is a text based browser which supports frames and tables

  52. No Patches for CWS either... by Chordonblue · · Score: 2, Informative

    Cool Web Search is also a trojan gained from various web sites that exploits problems with ActiveX and MS JVM. It's a total pain in the ass to remove, or even discover what version of it you have since neither Spybot nor Adaware clears all versions off.

    Remember: All a user has to do is surf to one of these scumbag sites (by accident or on purpose) with their freshly, fully patched IE and... BOOM!

    "Did you know that your computer may be infected with SPYWARE?!" - Actual quote from these scumbags.

    --
    "...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
  53. To be fair, fix is not that complicated by fnurb · · Score: 2, Informative

    Right on the "What you should know" page, prominently indicated, is says:

    "Important: Customers who have deployed Windows XP Service Pack 2 RC2 are not at risk."

    --


    Flout 'em and scout 'em,
    and scout 'em and flout 'em;
    Thought is free. - Shakespeare [The Tempest]
    1. Re:To be fair, fix is not that complicated by frozenray · · Score: 2, Informative
      Some fix. Quoting from Microsoft's SP2 page:
      This technical preview is unsupported and is intended for testing purposes only. Do not use in production environments.
      --
      "There are already a million monkeys on a million typewriters, and Usenet is NOTHING like Shakespeare." - Blair Houghton
  54. Re:Liability of sites that recommend IE? by Anonymous Coward · · Score: 1, Informative

    This is absolutely rich. I maintain the computers for my company here and recommend that the employees here only use Netscape.

    Well, recently, our medical insurance provider updated their web-site and the site, which used to work fine with Netscape, now has features that will only work with IE.

    Just yesterday, I sent them a nasty e-mail telling them to please remove the IE-specific stuff from their web-page because it was forcing us to use an obvious security risk. Then, today, this happens.

    Can you hear me now?

  55. Mozilla Backup! by WD · · Score: 4, Informative

    Mozilla Backup is what you need. It can be used to easily transfer a profile from one machine to another. (Supports Firefox, Thunderbird, and Mozilla)

  56. Linky: by EnglishTim · · Score: 2, Informative

    http://www.google.com/search?q=%22217.107.218.147% 22&hl=en&lr=&ie=UTF-8&start=20&sa=N&filter =0

    Because /. puts spaces in long urls...

  57. Re:Little things by Scaba · · Score: 2, Informative
    I've become very used to things like shift-clicking a link to bring up extra pages or hitting ctrl-enter after typing in a word to add the http://www. and .com to it.

    In Firefox, not only does Ctrl + Enter add the 'www' and 'com', but Shift + Enter adds 'www' and 'net' and Ctrl + Shift + Enter adds 'www' and 'org'. You really should give it a try.

  58. Re:yes by tordia · · Score: 2, Informative
    The next time after you 'switch right on back to IE', could you file a bug report? Mozilla has a team of people who make sure that mozilla works with major (and even not-too-major) websites, but they need to rely on users to tell them which sites aren't working.

    I didn't find any bugs in mozilla's bugzilla that referred to sportsline, so this problem most likely hasn't been reported yet. I was also unable to find the exact page you were referring too on cbs.sportsline.com. Otherwise, I would have submitted the bug.

    --

    Frogs are primitive animals - so the occasional extra toe is not that unusual. But this is very unusual.

  59. Okay, just this once: by Ayanami+Rei · · Score: 4, Informative

    regedit.exe
    Open HKEY_CLASSES_ROOT\http\shell\open
    Remove the "ddeexec" subkey (subfolder).
    Go into the "command" subkey (subfolder).

    Change the (Default) string to this value:

    "C:\path\to\mozilla.exe" -nosplash -url "%1"

    Make sure to use the full path to mozilla or firefox. Also, keep the quotes.

    To test, go to the run menu and type in an http:// URL. It should pop up a new mozilla window to the webpage.

    Do the same thing for HKEY_CLASSES_ROOT\https and HKEY_CLASSES_ROOT\ftp to get the HTTPS and FTP protocol handlers as well.

    Mail (mailto: links) is a little trickier. Use this guide for assistance.

    --
    THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
  60. Re:Firefox by Rich0 · · Score: 3, Informative

    If Firefox can easily import my passwords, can't every adware and such also "import" them and send them anywhere?

    I would think so.

    Here is the question to ask yourself. Does the program that stores your passwords require any input from you to retrieve them (such as a master password). If so, you may or may not be safe - depending on how the master password is implemented. If not, you are definitely NOT safe. The passwords may be encrypted, but the key is somewhere on the hard drive otherwise IE couldn't make use of them.

    If there is a master password then it could be used to encrypt your password database, which would probably make it fairly safe if the crypto isn't broken. Then again, it could just be stored as a hash on the disk and the passwords could be stored in the clear.

    Bottom line - if the computer doesn't need to ask you for a password to access data, then spyware potentially doesn't either. Sure, things like sandboxes can protect some data from malicious apps, but they generally aren't perfect. Strictly speaking, neither is a passphrase since it doesn't have all that much entropy.

    If you really want to be secure, store your passwords encrypted using strong crypto, and store the key on a smartcard protected by a PIN. To defeat that requires the smartcard at the very least, and unless you can hack the hardware it requires the PIN as well. Most decent smartcards will delete their keys making them useless after so many failed PIN attempts.

    If iButton support was a little more mature on linux I'd probably start using it. You should check out their Java ibuttons - sounds like a neat solution for these kinds of problems. And they're pretty cheap.

  61. Re:yes by jamie · · Score: 2, Informative
    It's a Mozilla bug.

    It's fixed, but who knows when the next build of your favorite Moz browser is coming out? The bug report says "Maybe 1.7.1" :)

  62. Re:Wonder How Microsoft Will React by KjetilK · · Score: 2, Informative
    Yup. The BBC has an article up now that quotes:

    In its round-up of the threat the Internet Storm Center bluntly stated that users should if possible "use a browser other then MS Internet Explorer until the current vulnerabilities in MSIE are patched."

    and then goes on with links to other browsers in the margin. Not very prominent, but it is a start.

    I found this from mainstream Norwegian paper Dagbladet that runs a story on the frontpage entitled "Warns against Internet Explorer".

    --
    Employee of Inrupt, Project Release Manager and Community Manager for Solid