Zero-Day Team Launches with Emergency IE Patch

Holy Mother of Thor writes to mention an eWeek article about a third-party patch for Internet Explorer. A dark horse security group formed after the WMF attacks in late 2005, the ZERT (Zero Day Emergency Response Team) has released a patch to attempt to slow the malware attacks on Windows. From the article: "'It is clear that we are dealing with an underground group of people who are writing exploits for profits. They are waiting for Patch Tuesday to pass, then it becomes Exploit Wednesday. We're seeing these zero-days in the wild, timed precisely to guarantee at least an entire month to spread,' Stewart said in an interview with eWEEK. Stewart, who is volunteering his reverse-engineering skills and time to ZERT in his private capacity, wrote an early version of the VML (Vector Markup Language) patch the group released Sept. 22 and worked closely with others to fine-tune the update to minimize potential glitches."

Re:An even simpler solution

[robpoe]

Wish that were the case ..

I manage several networks .. and on those networks we tried limited rollouts of Firefox ..

1. Proxy settings. All the users at one site HAVE to go through a proxy server. It's a transparent server, but offers us logging (required by law) and it helps with the overloaded internet connection Set the proxy settings in Firefox, and a user need only go Tools | Options | General | Connection Settings to turn them off. No way to disable the menu, without going in and re-writing the XUL code. IE? Easy, shove a .reg file to the machine to disable access to that tab. Easy to bypass, yes. For a geek. But for a general user, not quite so easy for them.

2. IE Only Sites. There's nothing more than I'd love than to put Firefox and remove IE from people's desktop. In fact, I do at every chance I get. But telling someone that if they come across a site that FF doesn't work with - the site isn't worth it for them, and it turns out their BANKING or STOCK site doesn't work ... well your credibility just got shot down.

One word: AdBlock.

[Kadin2048]

I've also found a "killer feature" to be AdBlock.

Okay, so it's not really a 'feature' of Firefox per se. But it's one of those things that even relatively ignorant users can grasp and realize the value of, and once you start using, there's really no going back. And it's so easy to install on FF, you can kind of sell it as a package deal.

Set your mom/dad/grandmother/coworker up with Firefox+AdBlock+Filterset.G, and between the tabs and the lack of advertising, you'll probably have gotten a convert for life.

The only problem is that in many cases it's not quite practical to throw away IE completely; there are too many online banks and other systems which count on it's braindead idiosyncrasies.

Re:An even simpler solution

[Daemonstar]

Comments: 1) Make all outbound port 80 requests be routed via the transparent proxy; there shouldn't be any settings in each workstation's browser. This forces everything through the proxy, no matter what. Add other ports (i.e. 8080, etc.) as appropriate. 2) If Firefox doesn't work with some sites, then install the IE View and IE Tab extensions. You can change the rendering engine for the page in Firefox. Yes, it does use IE, but, that way, your users can view most sites in Firefox without switching applications (99% of the time, anyway). You will still have to keep IE patched.

Re:An even simpler solution

[savala]

No way to disable the menu, without going in and re-writing the XUL code. IE? Easy, shove a .reg file to the machine to disable access to that tab. Easy to bypass, yes. For a geek. But for a general user, not quite so easy for them.

If the .reg file is an adequate solution for IE, then a userChrome.css file that simply sets the relevant preference panel to display: none, and a user.js file to reset the proxy settings at each startup (in case the user knows how to find about:config) should be equally adequate.

Just went to look it up. They of course didn't bother to tag the groupbox with an id ("grandmothers don't need easily modifiable chrome!" - meh, give me SeaMonkey any day of the week), but you can hide the "connection settings" button with the following rule: #catProxiesButton { display: none !important; }