"If not for Microsoft's surprisingly quick action, your holiday stocking could have been full of coal."
----------------------------------------------------
Actually at least 0.2% of the exploited websites, that passed on these viruses, or should I say the windows users running IE, did get the stocking full of coal.

A trend I see with a lot of Windows users lately, is on newer XP and Vista machines, with the free 30 to 90 day antivirus that comes with these machines, is they are let expired, and these users use IE. Naturally, we are talking users without a lot of knowledge here, and their computers are full of malware, as they have done no maintenance to prevent it.

Since my work is to remove this malware, I give you folks a list of questions, to consider on how safe you are on the internet:

1. I am better off (safer) using another browser to surf than IE

2. My antivirus is up to date and I scan my windows computer with it at least every week.

3. Running Vista, I have UAC turned on.

4. I run Windows as a limited user account to surf the web.

5. I believe in "safe surfing" and only go to safe sites.

6. I do not open up strange email or email attachments from those I do not know.

7. I also have at least one or more anti-malware program installed, updated, and regularly scan with it.

8. I have a host blocking file to block known malware sites.

9. My firewall is turned on

10. And lastly, the best one, instead, I run Linux or Mac OS X
==================================================
see how many you can answer yes or no to.

Joe, the big problem with Windows is that everyone (almost everyone) runs as administrator. Even in Vista, which has UAC, the default user is an administrator account. Couple this with the world worse browser as far as security goes, and you have the current problem of Malware affecting most windows machines out there. Think about it Joe, isn't that part of the reason you use a Mac?

"the default account on Microsoft Windows is an admin account"

Yes, and what is the problem with that?
It is a result of making things easy for users.
That is how Microsoft Windows made it to the most used Operating System.
This is the way to make a lot of money: a lot of users x some fee.
Non admin rights, and some other measures, may result in a "less easy" way to handle Windows for users.
Which may result in less users.
Resulting in less users x some fee.
Causing less money made.
This is an undesired result.
Or isn't it?

That's why it will not change.
I think.

By the way,I use xubuntu. ;-)

"It is a result of making things easy for users."

And malware authors alike. I am not sure what is so hard about typing in your password when necessary like with OSX and Linux. Mac users don't seem to find it hard.

Poor design choices have all clumped together to make Windows a very very unsatisfactory OS. This was probably their worst choice ever and caused all the malware to spread (well OK maybe its second to ActiveX).

Linux has anti-malware built in, but unlike Windows it is unobtrusive and just gets on with the job so you've probably never heard of it. It doesn't work on a flawed black-list system so actually works.

Just use Firefox. It is modern, fast, efficient, works great. There is nowhere near the security threat with it. I have been using it solely for 5 years now and have had no issues whatsoever. If Firefox ever becomes so popular that it becomes the big target, then on to another good quality browser. Right now though, there is absolutely no reason to use IE.

Many years ago, before XP SP2, many of my friends had 'issues' with their Windows systems. I recommended they stop using Outlook and IE. At the time, Netscape, Mozilla and Eudora were alternatives. Today there are better options, although Eudora is near and dear to some.

Everyone that took my advice has had a dramatic reduction in problems. They didn't stop scanning, but their scanners quit finding so much crap. Their systems didn't suffocate, and slow to a crawl. I blame ActiveX for their prior problems. Getting rid of that seems to solve a lot of problems.

Its been mentioned before (possibly here) that you can remove IE from Windows completely.
-
It is alleged on many sites that there is an increase in performance of Windows AFTER IE has been completely removed.
-
Maybe a consideration for Windows users?
-
Personally I cant do it (as I dont have a Windows machine at home) and I dont think work are ready for me to start tinkering with their systems (although Im typing this on an XP laptop Ive got to return to work....hmmm...tempting...)
-
Remind me again, what benefits does IE have to anyone? (Except for the fact it keeps MS "coders" in work trying to keep on top of its issues)

Hey Joe,

Serves you right. How many times has the public been warned that IE is an insecure POS? these horrific security holes seem to show up annually. you'd think perhaps you'd be wise enough to consider another browers permanently.

Opera & Firefox are both capable & more secure (and standards compliant) then Internet Exploiter.

"increase in performance of Windows AFTER IE has been completely removed"

As much as a POS as IE is, I don't believe this at all.

There are 2 main parts in IE:

iexplore.exe - Tiny wrapper that pulls everything together, removing it will not make anything run faster.

mshtml.dll - This might give you a slight boost in ram just by not being loaded, but it will break and/or remove a lot of functionality. If you remove this, there is a chance your PC will not run at all, let alone faster. I tried that XP Lite illegal remaster once, and it was fast but didn't do anything properly.

In my experience, the best way to speed up Windows is add as much ram as you can, then use msconfig to remove all the crap started at boot. I find disabling the swap file helps a lot (especially if you happen to minimise a window).

Al - I think you totally missed Joes joke. He was joking that he got a virus, but this exploit leads to a worm not a virus! Nice one Joe, good luck with the virus removal.

Hey People, even Firefox (alone) isn't safe enough-- not these days. You Gotta add NoScript.

FF and Opera, and Linux, are helpful/immune against ActiveX drive-bys -- but FF isn't well-protected against XSS, click-jacking within invisible forms, and etc.

Opera's got a brand new version with some security fixes, I haven't tried it. I make all my customers use FF *with* NoScript. Back on August 6, IIRC, ZDNet was doing an interview with Window Snyder (at that time, Mozilla's top security wrangler), and asked point-blank if she'd like to see NoScript added to the FF core. She responded, "I'd love to have it".

So hmmmmm, that pretty much tells us everything we need to know about Firefox security WITHOUT NoScript, right?

BTW: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1b3pre) Gecko/20081216 Shiretoko/3.1b3pre - Build ID: 20081216120355

And Joe, next year-- get the shot. I wish you to feel better SOON, sorry you got infected. (Loved the big build-up in your joke, too.)

You get viruses? That's never happened to me. In over ten years. With any version of Windows. And no AV software to speak of. I don't understand what is so difficult about not getting viruses.

Hans

"i.e., IE (don't you just love the English language)"

... actually it's Latin, id est (that is).

;-)

Wim says:
["the default account on Microsoft Windows is an admin account"
Yes, and what is the problem with that?]
----------------------------------------------------
And since by the way,you use xubuntu, you probably know the answer to this. Most of the ubuntu distro's, are set up to automatically use a limited user account. The reason you need to enter a password or sudo in ubuntu when you install software, is because you are a limited user.

Malware trying to install, while you are surfing the internet, would also need the password to install, unless you are running as administrator (root) in linux. And it works very similar, but not quite, in Windows. This is the point that billybob was making. If you surf the internet with an administrator account, then you, the person behind the keyboard, are giving every application you run, the same administrator privileges as you. Including your browser, and you really in trouble if you are running IE with activeX, as pointed out by rickst29.

Of all the people that have brought me their computers to fix or clean out the malware, I have only seen a very very few windows machines, that have been set up as a limited user account, and they have all been used in a networking environment in a business. While I do advocate Linux, still I would prefer that Windows users run their computers in the safest manor possible, which is why I am posting this.

Many have suggested the use of Firefox as alternative browser, and I agree. Before Firefox I used Opera, and its still a good backup browser. Firefox has some nice add-ons like adblock plus, flashblock, and for the paranoid theres no-script, which can help block some of the nasty stuff as many of the malware is routed threw the ad-servers.

@Goblin;
"Its been mentioned before (possibly here) that you can remove IE from Windows completely."
--------------------------------------------------
Yes, that was me among possibly others that said that. I stand by that I seen a performance increase and stability increase after removing IE, Windows Media Player, and Outlook Express completely from XP Pro. With the exception of Quickbooks, nothing else seemed to need IE. WMP I found out a lot of programs you might install depend on it, but my solution was to install the very good free SMPlayer. I suspect, that those two programs, were doing something, perhaps even nefariousness behind the scenes, which caused instability and performance problems. Certainly removing those three MS programs made XP safer and more stable.

While I do not normally run Windows, as I am a Linux user, still I sometimes need it to help clean out a windows computer that is infected with malware, as that is what I do. And I was in the past, a Windows/Dos user for a very long time.

Now, a small how to run XP Pro as a limited user, for those of you who must run XP. Go into control panel user accounts and create the 2nd administrator account, only then can you create the user account. All software must be installed in an administrator account. Create the folder, called MyPrograms in C:\, and any program you install, install it there, instead of C:\Program Files. Otherwise you may have permissions problems running those programs as limited user. Next, certain programs must be run as administrator, such as programs that burn cd. For those after installing, as administrator account, right click on the program icon and on the menu part to execute the program and select properties, within here there are two places that boxes must be check to allow the program to be run as a different user. This way you can be a limited user, and use your burning programs in XP by "run as" administrator. Be careful not to give any browser or internet program this type of administrator authority. For Linux users, this also works as a good setup for XP Pro as guest OS in Virtualbox.

Posted as an act of goodwill for the terminally malware affected windows users. I feel your pain. Its not your fault, Microsoft never set up Windows to run in a safe manor from the beginning, and is still only doing things in a half baked manor for security. Sadly even doing all the stuff I recommended will not get you up to being as well protected as a Linux or Mac user will be, but at least, it will give you a fighting chance. You will still need to do all the things in the first post/list. And even a better firewall than the one that comes with windows is recommended. Running apps like XPantispy and SafeXP also help.

Joe, try to start taking Vitamin C for the other Virus, and I hope you feel better soon.

And since Joe wants to talk about that "lump of MS Coal In Your Xmas Stocking"

From Joes competition:

Microsoft: Disc scratching not Xbox specific

http://blog.seattlepi.nwsource.com/microsoft/archives/157043.asp

This best part of this is the comments, that xbox360 users wrote in. The Xbox360 and its poor design, remind me of the title of an Arnold movie, "Total Recall." And that is what should happen to this product.

The people who recommend other browsers are dreaming. Mozilla / Firefox has hordes of vulnerabilities and the thing needs rather continual patching. Microsoft is quite swift now at getting patches out the door.

Furthermore, the vulnerabilities that affect IE tend to be more esoteric and difficult to achieve than those with other browsers. Mozilla hasn't faced the onslaught Microsoft has, and the vulnerabilites that come up in Firefox tend to be more basic and raw i.e. an attempt to exploit Firefox is more likely to succeed.

Moreover, IE 7 now runs in a Protected mode on Vista - which means for Vista users, the destructive power of an exploited is more likely limited [and in some instances can be removed just be clearing the browser cache and restarting Internet Explorer]. A Firefox exploit defaults to system-wide.

Hey Clump, when criminals can get into your computer and steal all your passwords, including your financial ones, thanks to an IE exploit, that is exploited, by various websites, then maybe, that is as serious a flaw as there is. What could be worse than have someone steal all your money in your banking account?

Even many of those in the mainstream press were suggesting to either switch, or at least temporarily switch from IE to another browser. "Moreover, IE 7 now runs in a Protected mode on Vista," which did not do anything to stop this exploit. Maybe "protected mode" is really just another MS catch phrase to sell us on IE, and it really is not doing that much to protect us, as example, this exploit. Another overrated by MS, MS protection/sale scheme for a very very bad product, Internet Exploder.

The Clump says:
"Microsoft is quite swift now at getting patches out the door. "................

Oh really?????

Microsoft security patch was seven years in the making

http://www.itworld.com/security/57674/microsoft-security-patch-was-seven-years-making

"November 11, 2008, 09:06 PM — IDG News Service —

Some security patches take time.

Seven-and-a-half years, in fact, if you count the time it's taken Microsoft to patch a security issue in its SMB (Server Message Block) service, fixed Tuesday. This software is used by Windows to share files and print documents over a network.

In a blog posting, Microsoft acknowledged that "Public tools, including a Metasploit module, are available to perform this attack." Metasploit is an open-source toolkit used by hackers and security professionals to build attack code.

According to Metasploit, the flaw goes back to March 2001, when a hacker named Josh Buchbinder (a.k.a Sir Dystic) published code showing how the attack worked.

Symantec Research Manager Ben Greenbaum said the flaw may have first been disclosed at Defcon 2000, by Veracode Chief Scientist Christien Rioux (a.k.a. Dildog)

Whomever discovered the flaw, Microsoft seems to have taken an unusually long time to fix the bug.

"This is definitely out of the ordinary," Greenbaum said. He said he did not know why Microsoft had waited so long to fix the issue.

"I've been holding my breath since 2001 for this patch," said Shavlik Technologies Chief Technology Officer Eric Schultze, in an e-mailed statement. Buchbinder's attack, called a SMB relay attack, "showed how easy it was to take control of a remote machine without knowing the password," he said"

[Quote]when criminals can get into your computer and steal all your passwords[/quote]
When you go to work and leave your keys in the door....

Basically the same thing. As Wim said it's all about people being lazy. Pay attention, actually think before clicking and you're ok. No matter what browser you are using.

Great message there Charlie. I expect it will do wonders for PR.
-
So remember readers, if you have fallen victim to the exploit, its not IE's fault. nor is it Microsofts, it your fault for being lazy.
-
Funny that, I was reading people who had bought firewall/AV software AND were careful that had been hit aswell. Their lazyness? it was to use IE and not an alternative.
-
So in the words of charlie "Dont be lazy" Maybe charlie is suggesting to not be lazy and use another browser instead? - Great advice, I hope people listen to it.
-

Are you running Windows XP? Vista w/ UAC *enabled* and thus IE Protected Mode enabled blocks many zero-day exploits. Let us know. Thanks!