It's a minor but good step by Microsoft, but it hardly addresses the true problem which is the sloppy coding of Internet Explorer.

Even with the latest IE fully patched on WinXP SP2, there are unadressed exploits that allow spoofing of the address bar, one of which also allows spoofing of a secure connection (the locked padlock icon in the browser).

IE is not alone in these type of problems, but it occurs much more frequently with IE, and Microsoft is slow to address them.

Firefox fixed a spoofing problem within a day of the problem being identified; IE was not patched for over a month. This is where MS should spend its efforts: fixing IE to the extent they can and in a timely manner. I don't buy the excuse that because IE is so integrated with Windows that MS's patching of IE requires so much more time to develop a fix. In some cases, yes, but they have the resources to expedite these. In most cases, fixing a spoofing security issue can be addressed with a clean stable patch, even if a more elegant patch for the problem can be included in the next IE cumulative update.

The toaster and fire extinguisher analogy is a perfect one for the IE/MS-antispyware tandem. Until MS integrates some of their acquired anti-spyware into IE, it's not a true solution.
Until then, folks should use a different toaster (Firefox is great; so is Opera), and only use IE for Windows-Update and a few other sites that absolutely need IE.
If I visit a website that only works well with IE, and it's non-essential to me, I don't return there. If that site's an online retailer that I might have bought from, I may as a courtesy email the webmaster to explain that I would have purchased from them, but their site did not meet W3C internet standards (Firefox and Opera are both more W3C compliant than is IE) and I will purchase from a different vendor.

My review of the MS-antispyware (MSAS) tool, based on installation of it on a single Windows 2000 Pro workstation, is thus:
(1) False positives found. MSAS detected a utility from the Windows 2000 Resource Kit (RK) as a trojan horse; it was not a trojan; I confirmed that the file was the original utility from the RK. MSAS also detected an entry for www.searchsquire.com (apparently a bad site) in the registry and removed it; this had been actually added to the Restricted Zone of IE by Spybot Search and Destroy to help protect my computer; MSAS removed the entry and thus lessened my computer's security. MSAS is Beta and I am hopeful that MS will fix these quickly.
(2) Trusted Site removed - without prompting. This is BAD. A local intranet site was removed from IE's Trusted Site list without a prompt.
(3) The realtime protection features (MSAS sits in the tray and monitors for suspicious activity) is the best part. When I added back the intranet site to IE's Trusted zone, MSAS intervened and prompting for confirmation that this should be done. I liked that.
(4) The Advanced features are similar to the Advanced ones in SpybotS&D. I like Spybot's features better, but MSAS's set is robust. Haven't used these extensively.

HOW I AVOID/FIX SPYWARE
(1) Use Firefox for most browsing.
(2) Patch IE whenever MS issues a patch, albeit not quickly enough. Obviously important even if a different browser is used due to IE's integration into Windows.
(3) Use IE sparingly. "Windows Update" and a few trusted sites.
(4) Configured ZoneAlarm to prompt me EVERY TIME that IE wants to go to the internet.
(5) Use SpyBot S&D, Ad-Aware, Bazooka anti-spyware tools and keep them updated. I don't mind letting these programs check my computer even though the typical response is "No threats found" (Firefox gets credit here).
(6) Of course, a good antivirus and firewall are essential.

Long message. Sorry. Bye.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/289/29865#29865