Re: Bug/Issue Reports and Solutions

Mainly AVG as it is for free for home user and exceptionaly fast, E-trust for servers etc. (your only pay once, then lifetime pattern update for free...Linux and Windows etc. ist supportet as server os for any lizenz, but any way not that easy to install...).
Avaste is another good scanner too, as it featurs this heuristic trojaner detection.
So it warns you, if your system is going to behave strang, e.g. like sending several hundred virus mails....even if the trojan is not already known. But AVast! is very slow, comparable like Antivir or Norton Antivirus.
I have had no problems with both programms, but shure, ATM there is no program wich can protect a system afgainst all threads. But at least they give a warning if this happend. E.g. those Java.byteverfier trojans, you get if your lourking around at some dirt places on the net.
The engines detect them only when it is too late. But IMHO the other progs arent better at this.
But if you suggest to use Firefox as main browser, those problems vanish.
Any way, AVG catches most if no all viruses from my usuall daily crap email volume (i get abouth 100 -200 spam mails & virusmails daily, as one of my earlier email addy is severely burned from the old days warez & hackerz forums........).

Another very important thing is Spybot search& destroy, or similar programms to imunize the IE, as there are always some sites, where you have to use IE.

Adding to this generall setup an NAT router, i would say it should ok, as long as the user don`t do absolut silly things or is always surfing on the dark side of the net.
For hackerz i suppose, linux and very few rights with the logged in user is the way to go.

ATM i think it is more important to make the users aware abouth phising inlcunding the ability to determin if a atachement is safe or not.

Re: Bug/Issue Reports and Solutions

[QUOTE=willawake]good one. i just got a newer version so i will check if its still doing it or use your fix. but as far as it being a win2k problem and not a symantec one, i disagree.[QUOTE]

Symantec was not involved in my problem/solution. The UPHClean is expressly for user environments that doen't unload correctly. Check the event logs for uservent errors, hive fails to unload.

I've applied UPHClean to my own (1) Win2000 machine, and numerous client machines, all with a good fix. None run Symantec stuff. That aside, I have no doubt that Symantec exacerbates the problem.

Re: Bug/Issue Reports and Solutions

Another very important thing is Spybot search& destroy, or similar programms to imunize the IE, as there are always some sites, where you have to use IE.

Also a good tool, especially with IE, is SpywareBlaster. Not sure if it works with IE7/FF2 yet though.

Re: Bug/Issue Reports and Solutions

for spyware i use adaware and a personal cleaning method.
next week the office ie icons will point to firefox

i second the importance of a hardware firewall and disappointing how the ISPs here are bundling crappy usb adsl modems with no firewall for the home users for free. still at least adsl frees them from the diallers. personally i have seen zero problem with trojans using a zyxel adsl router with firewall at home and the office. well we have had a few nice sexware installations but that is something to do with browsing habits. personally i am immune cos usenet is pretty clean......
oh yeah i am seeing not too much virus on the home and office email. guess the ISPs are doing their bit. spam is of course out of control though..cos i havent bothered to configure spamassasin further.......i have thunderbird setup to pull any mail from a friend into a folder....

Re: Bug/Issue Reports and Solutions

If you need to secure Internet Explorer, the best thing to do is to edit the security levels so that all ActiveX downloads are disabled. The default "prompt" behavior is stupid and the user will inevitably end up clicking "yes" sooner or later. Even if you're sure you'll never make that mistake, the fact remains that you have to sit there and wait for the drive-by download every time you load a web site.

Once you change the ActiveX settings to disable, IE6 will insist on popping up a message box every time it is prevented from downloading something. This can be especially tiresome with respect to Macromedia Flash, which most major web sites will try to push on you every time you visit. But this is still an improvement - instead of a "Yes/No" dialog, you now just have an OK button and you don't have to wait for the download anymore.

To prevent the warning message, you have to hack the SHDOCLC.DLL file. That way you can eliminate the warning message.

I tried to find the original web site that I learned this from, but I can't seem to find it anymore. However I did find the following site where somebody posted the same information:
http://www.astahost.com/info.php/get...ing_t7062.html
Follow that if you want to hack your own SHDOCLC.DLL file.

Alternatively, I already have a hacked SHDOCLC.DLL version 6.0.2800.1106. This file appears to be dependent on your version of IE6, not your version of Windows. I found that same file version in NT4, 2000, and XP. I can post it if anybody is interested.
To replace the file, you have to boot in Safe Mode, or maybe Safe Mode with Command Prompt. That way IE6 won't be running and it will allow you to rename/replace SHDOCLC.DLL.

After that hack, you can disable ActiveX drive-by downloads and you'll never hear a word about it from IE. I do this on anybody's machine who will be using that browser. Even if they won't be using it, I always at least disable the ActiveX downloads. With that "feature" turned off, I haven't had any security problems through IE.

Re: Bug/Issue Reports and Solutions

In a corporate environment, disabling Active x is quite ok, but most home & SOHO users (me2) still need it from time to time.
So cripeling systems is for me and the systems under my care not the way to go.

But with NAT router, S&D or similar + a good antiviral tool and Firebird as standard browser i think all i´s done, you easily can do for normal users, wich would not tolerate cripling or anyances like normal user accounts, disabled features (or better disabled security holes ;-) ).

Add to this some basic celar thinking and usual care from the user and all is set for a problem free time interval of about a few monts till a few years.
It all depends from the user at that point.
I never have had a virus with this settup on my system (if i can ommit my careless virsuscanner test with some more seldome trojans i extracted from some systems ;-) )

Re: Bug/Issue Reports and Solutions

I use Sandboxie (www.sandboxie.com) to run Internet Explorer in a sandbox.

The sandbox allows reads from the system, but prevents all writes outside the sandbox. This confines parasites to the sandbox, which you can dump when you end your IE session.

Root-Kit analysis of Sandboxie shows numerous hooks of the OS to make it work. The only ill effect I'm seeing is the Outlook 2000 "no transport provider" bug. It seems to me more frequent after using Sandboxie. To be impartial, I've had this bug for a long time before Sandboxie arrived. A reboot is the only thing that straightens it out.

Now that Vista is released, I suppose it is time for me to install WinXP.

Re: Bug/Issue Reports and Solutions

I'm not sure if I said what I meant. I don't disable ActiveX from running, I just disable the drive-by downloading behavior. That's the root of IE's bad reputation for malware. Without those automatic downloads nobody in my family has managed to get any malware anymore. This definitely isn't crippling - it just eliminates a brain dead "feature" of IE that Microsoft has also disabled on newer versions of Windows.

I install the activeX controls for Windows Update, but after that there's really nothing else I've ever needed. Some people may want to install Flash, boat-anchor as it may be . In any case, if you need to install something you can either download it yourself, or just enable the ActiveX downloading behavior temporarily before turning it back off again.

Re: Bug/Issue Reports and Solutions

Ok from your post i assume i need that Active X controle update from MS and then i can disable automated download., but rest of Active x is on? ok where do i find the Active x controls after instalation?

Re: Bug/Issue Reports and Solutions

To disable the automatic downloading, you just go to Tools->Internet Options->Security->Custom Level
Then you change the "download signed ActiveX controls" to disable.
Anything that's already been installed will still work.

The shdoclc.dll hack I referred to earlier is to eliminate an annoying warning message you will start to see whenever a site tries to make you automatically download something.

Re: Bug/Issue Reports and Solutions

well at least on my system theradio button for automaticall downloading of singed active X ... is set to "ask user" (or may be the correct translation for "Eingabeaufforderung" ;-) ) and for unsigned it is disabled.

I can disable the downlod completely, thus i would probably not have any popup or any other permision dialogs, but i think for me it is fine to leave it as it is.

ATM i trying Sanboxis, it seems to be a very good solution at least for freaks like me ;-) .
But i have got some hang ups of it (windows has detecteted some problems ...), but it is working as far as i can judge it.