How many times per day does internet explorer crash on you?

mbpark · 08-18-2013, 02:47 PM

Bruce,

Funny. I was just reading the latest edition of 2600 magazine, where it talked about how exploits get on systems.

The method used to get into a system for this particular zero-day exploit was a Java JAR file targeting both Java and its corresponding ActiveX plugin control.

The other popular ways for exploits to get in are the Adobe Flash and Acrobat Reader plugins, which are also both ActiveX.

The exploits which IE has been especially vulnerable to without plugins are CSS, HTML, and Javascript.

All of these do successfully run as normal users without any issue.

The Registry, AutoRuns, or similar protections won't help when there are fundamental issues with the browser architecture and how it loads code in the first place. IE is just #1 with a bullet because of the Adobe and Oracle plug-ins that make it easier to infect machines.

Those plug-ins (based on ActiveX) are the fundamental weakness of IE.

IE 7 and up allow you to reset the browser and remove the plug-ins. Run the browser after that and you should see a better experience.

xoxoxoBruce · 08-18-2013, 02:53 PM

Ah, thanks Mitch. I'm always leery of plug-ins and usually when I check it out, it's for the site to show me something I didn't want to see in the first place.

tw · 08-18-2013, 04:07 PM

Quote:

Originally Posted by xoxoxoBruce

Ah, thanks Mitch. I'm always leery of plug-ins and usually when I check it out,

Was looking for some free software that does something rather unique. Found one in CNET. Once a good source of clean freeware.

Using Chrome, I tried to download it. CNET loaded an installer progam, loaded AVG with all its toolbars, etc, loaded a URL and some registry setting to access Internet game programs, loaded some sort of browser monitoring program, a search engine, etc. None of which I wanted nor gave permission to load.

It added about six extensions to Chrome. Enables many startup programs (that load when the computer boots), disabled many setting in Chrome including the Bookmark toolbar, disabled the home page, and corrupted the preferences (options unique to different sites).

Well I expected this to happen. Figured I would get a listing of the many items changed by this once very responsible web site. It even took two reboots to clean out all the many changes and loaded programs.

Of course, Chrome does not use ActiveX. Problems are not limited to IE. Once you give permission to download something, well, fewer 'free' sites are that responsible anymore.

08-18-2013, 02:53 PM	#2
xoxoxoBruce The future is unwritten Join Date: Oct 2002 Posts: 71,105	Ah, thanks Mitch. I'm always leery of plug-ins and usually when I check it out, it's for the site to show me something I didn't want to see in the first place. __________________ The descent of man ~ Nixon, Friedman, Reagan, Trump.

08-18-2013, 02:47 PM	#1
mbpark Lecturer Join Date: Jan 2001 Location: Carmel, Indiana Posts: 761	Bruce, Funny. I was just reading the latest edition of 2600 magazine, where it talked about how exploits get on systems. The method used to get into a system for this particular zero-day exploit was a Java JAR file targeting both Java and its corresponding ActiveX plugin control. The other popular ways for exploits to get in are the Adobe Flash and Acrobat Reader plugins, which are also both ActiveX. The exploits which IE has been especially vulnerable to without plugins are CSS, HTML, and Javascript. All of these do successfully run as normal users without any issue. The Registry, AutoRuns, or similar protections won't help when there are fundamental issues with the browser architecture and how it loads code in the first place. IE is just #1 with a bullet because of the Adobe and Oracle plug-ins that make it easier to infect machines. Those plug-ins (based on ActiveX) are the fundamental weakness of IE. IE 7 and up allow you to reset the browser and remove the plug-ins. Run the browser after that and you should see a better experience.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)