Zero-Day Team Launches with Emergency IE Patch

Holy Mother of Thor writes to mention an eWeek article about a third-party patch for Internet Explorer. A dark horse security group formed after the WMF attacks in late 2005, the ZERT (Zero Day Emergency Response Team) has released a patch to attempt to slow the malware attacks on Windows. From the article: "'It is clear that we are dealing with an underground group of people who are writing exploits for profits. They are waiting for Patch Tuesday to pass, then it becomes Exploit Wednesday. We're seeing these zero-days in the wild, timed precisely to guarantee at least an entire month to spread,' Stewart said in an interview with eWEEK. Stewart, who is volunteering his reverse-engineering skills and time to ZERT in his private capacity, wrote an early version of the VML (Vector Markup Language) patch the group released Sept. 22 and worked closely with others to fine-tune the update to minimize potential glitches."

Microsoft would have fixed this in 3 days

[Rik+Sweeney]

but it didn't have anything to do with DRM

Spyware Thursday

[Yahma]

So we now have Patch Tuesday, Exploit Wednesday, and now what? Spyware Thursday..?

The majority of exploits could be stopped if Windows users switched to Firefox. However, getting Joe User to switch from IE to firefox is difficult, especially when he percieves no problems with IE. The majority of exploits in the wild today hide themselves from the user, and turn their machine into a Zombie node without their knowledge. Because Joe User doesnt know anything is wrong with his computer, he keeps using his unpatched IE and helps spread the exploit even further.

Yahma

Try http://www.blastproxy.com/ for a fast, free and anonymous proxy to bypass firewalls at work & school
Try http://www.mortgagetricks.info/ for free tips, tricks and advice on how to get a low mortgage rate.

Re:Spyware Thursday

[iPodUser]

In my experience, it is not hard to convince "Joe User" to switch browsers. All I have to do is say: "ooh look tabbed browsing." If that fails, use "ooh look! Themes!" and they capitulate.
However, you correctly identified what the real problem is: Uneducated users. Once someone gives them a good talking to, they usually see the light. It's just hard (impossible) to reach all of the uninitiated noobs out there.

Re:Spyware Thursday

[tacocat]

Never seen that happen. They don't want the "good talking to". They just want their stuff to work the way they are used to seeing it.

Changing from MSIE to Firefox means you have to re-learn how to navigate around the browser. My wife went from Linux/Firefox to Apple/Safari and after a month she's bothered to figure out how to save bookmarks. She doesn't care about tabbed browsing settings or anything else. I think she's fairly typical in that she uses

I cite this as one example of many.

Not everyone is in love with their computer.

The conversion of my family hasn't been because of a good talking to. It's been because I simply won't allow a Windows machine in the house. They've learned how to use Linux and Apple nicely enough and in some cases prefer to do their school work on Linux/Apple.

Re:Spyware Thursday

Funny that the switching to FireFox will not kill all issues. Maybe you aren't educated (since everyone on here thinks that if one are using IE that you are uneducated) enough to remember that the WMF exploit also affected FireFox on Windows? Why not take them all the way and tell them to use *nix instead?

I'm just tired of the people who really thinks that going to FireFox will make them 100% secure when it doesn't.

Re:Spyware Thursday

[Sarisar]

It's even worse than that. My son-in-law is quite clear that as long as a black-hat doesn't prevent him from doing what he wants with his computer, he doesn't care what use said black hat puts his machine to without his knowledge or consent.

Bugs me when people don't care about this. I ask if they will mind when the cops turn up on the doorstep asking about child porn on their computer. OK probably ain't gonna happen but mentioning either that or terrorism can get people's attention.

Yes I know I'm lowering myself to the same standards as the government

Re:Spyware Thursday

[mysticgoat]

There is no superior technology or anything that would help to make Firefox inherently more secure.

Uh, not quite.

MSIE was rewritten in the mid 1990s so that core modules became an integral part of the Windows OS. It is generally recognized that maintaining a wall between OS and app is good engineering, partly because it avoids many difficult security issues. This is especially true when the application is an interface to the outside world that by nature cannot be secured, like a browser. MS in its wisdom determined that the immediate courtroom benefits of knocking that wall down outweighed the security and maintenance concerns. This was a central part of their defense strategy against lawsuits brought by Netscape and others.

So yes, Firefox's implementation of the available technology is inherently more secure. Firefox preserves the wall between itself and the OS, and is not a superhighway into the core of the OS, the way today's MSIE is.

time better spent elsewhere

Their time would be better spent on improving Free Software instead of trying to plug holes of closed-source software. Microsoft does not appreciate help like this.

Re:time better spent elsewhere

[mdpye]

Their time would be better spent on improving Free Software instead of trying to plug holes of closed-source software. Microsoft does not appreciate help like this.

They don't expect MS to appreciate this, if anything they probably want to embarrass them. They are trying to help the customers who have been abandoned by MS. Of course the value of that is also debatable, but if you RTFA they are concerned about the effects such exploits have on the general Internet populance in terms of SPAM, worm traffic, DDOS oppertunities and so on, which has implications for those who are not infected as well as those who are.

Re:This just in...

[techpawn]

Ahh. Example of no good deed goes unpunished. I might not install them on my machiene, but, if someone wants to clean up the mess after Tuseday's party. I say go for it.

MS can do it as fast as these little twerps

[140Mandak262Jamuna]

Of course MSFT can find the bug as fast or faster than these thirdparty do gooders. And if the aim is to stop the exploit they can do that too as fast. Did you notice how fast they fixed the WMP DRM breaking exploit? They can do these things if they want to. Infact they can even make IE as exploit proof as FF if they want to.

But they dont want to. There are thousands and thousands of sites that have hacked up code to step around the bugs in IE. They all will break if they lost back ward compatibility to these harebrained hacks that depend on the bugs in IE. MSFT considers it a big loss of face if more sites work in FF than in IE. If they fix all their bugs and holes in IE, more sites will work in Opera and FF than in IE. That is a big no no. That is why they tread cautiously making sure they fix the hole, just that hole, and nothing but that hole, and fix it just enough, so that most of the other hacks can continue to work. That is why they are so slow in responding. That is why the fix has to be fixed and fixed again.

Re:An even simpler solution

[mrdaveb]

It's a transparent server

Well it clearly isn't a transparent proxy if you have to configure it at the client end.

Anyway, if the proxy is compulsory surely you should block all direct web traffic so that it actually is compulsory!

Re:Is the industry gullible?

[kingofwaldos]

I agree. MS delaying patches is dumb. If large corporations want a schedule for their updates, by all means, they should make one -- of their own. If MS released updates when they were finished and ready, large shops could still schedule their updates however they wanted. If they felt a patch warranted updating early, they could deploy. Why depend on Microsoft to decide that for you?