Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Two Unofficial IE Patches Block Attacks

ScuttleMonkey posted more than 8 years ago | from the egg-is-good-for-the-complexion dept.

233

Pentrex writes "eWeek reports that two well-respected Internet security companies (eEye and Determina) have released unofficial patches to correct the vulnerability being exploited to load spyware, bots and Trojan downloaders on Windows machines. Microsoft isn't sanctioning the third-party patches, which include source code for review. As always, the advice is to weigh the risks before opting for an unofficial hotfix."

cancel ×

233 comments

Why doesn't Microsoft... (1, Redundant)

irimi_00 (962766) | more than 8 years ago | (#15014986)

Why doesn't Microsoft just tell people to switch to Ubuntu and use Firefox? It would save them a hassle and a lot of work.

Re:Why doesn't Microsoft... (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#15014996)

Why doesn't Microsoft just tell people to switch to Ubuntu and use Firefox? It would save them a hassle and a lot of work.

Because they're trying to sell Windows, silly!

Re:Why doesn't Microsoft... (2, Insightful)

ZiakII (829432) | more than 8 years ago | (#15015006)

Why doesn't Microsoft just tell people to switch to Ubuntu and use Firefox? It would save them a hassle and a lot of work.

Maybe because they like money?

Re:Why doesn't Microsoft... (0)

Anonymous Coward | more than 8 years ago | (#15015060)

abandon IE, ship Forefox with Windows, and provide an independent utility for Windows Update?

Probably would save them tons of money.

Re:Why doesn't Microsoft... (2, Insightful)

X0563511 (793323) | more than 8 years ago | (#15015198)

True, it's not like they sell IE seperate. They have no real reason to be so die-hard about IE.

Re:Why doesn't Microsoft... (2, Insightful)

Cromac (610264) | more than 8 years ago | (#15015371)

True, it's not like they sell IE seperate. They have no real reason to be so die-hard about IE.

Microsoft views IE as a "rich client" and one more reason to tie people to Windows. MS may one day have a 100% standards compliant browser but I gaurentee they will also have another 20% worth of features that only work in IE as one more way to try and keep people using Windows.

It's the same reason they will never have a Linux version of Office as long as they view Linux as any kind of threat to their OS.

Re:Why doesn't Microsoft... (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15015016)

Because Ubuntu sucks. Try Mandriva, Debian, Slackware or Fedora.

Ubuntu. What junk.

Why Ubuntu is great (-1, Offtopic)

MoxFulder (159829) | more than 8 years ago | (#15015097)

I must disagree with you. I'm very fond of Ubuntu. And I'm not a noob either. Been using Linux since '94... Slackware, Red Hat, Mandrake, then Debian, now Ubuntu. I dunno what Mandrake is like these days, but when I gave it up it was dependency hell and there were so many buggy, broken packages in the stable distribution.

I consider myself a power user, do a lot of coding, live in emacs, etc. I really appreciate the attention to detail of Ubuntu. It seems to be the best of all worlds to me:
  • Excellent hardware support and easy as pie installation. I didn't mind wading IRQs and config files back in the Slackware days, but I can't say I miss it either.
  • Two words: apt get
  • A coherent collection of stable software with fast turnaround time. I'm running the latest unstable version of Ubuntu, and yet everything works great
  • Most importantly, Ubuntu feels like it has fewer "rough edges" than any other Linux distro I've ever used. The attention to detail is fabulous. For example, the first user account you have when you install it belongs to an "admin" group, allowing you to read logs and sudo automatically. The default GNOME theme is distinctive but pleasing. The web site is easy to navigate. The default installation includes almost exactly the right amount of software. The installer never seems to barf, even on odd hardware. Etc...

    Re:Why doesn't Microsoft... (4, Funny)

    Dante Shamest (813622) | more than 8 years ago | (#15015020)

    Why doesn't Microsoft just tell people to switch to Ubuntu and use Firefox? It would save them a hassle and a lot of work.

    Are you related to my girlfriend? Because she asks smart questions like you. =)

    Re:Why doesn't Microsoft... (1)

    irimi_00 (962766) | more than 8 years ago | (#15015132)

    Yeah, it sucks when the girl gains control, I know.

    Re:Why doesn't Microsoft... (0)

    Anonymous Coward | more than 8 years ago | (#15015034)

    Actually, why doesn't Microsoft actually use their own built in software restrictions by default and setup a "non-competent" user interface for it.

    If restrictions are turned on, and your logged in as a restricted user, that hole doesn't much mean a thing.

    For my own edification.... (1)

    irimi_00 (962766) | more than 8 years ago | (#15015047)

    Wikipedia says the following about trolls:
    http://en.wikipedia.org/wiki/Internet_troll [wikipedia.org]
    "The term troll is highly subjective. Some readers may characterize a post as trolling, while others may regard the same post as a legitimate contribution to the discussion, even if controversial."

    While you may not percieve what I said as funny. I was sincere in what I said... Well not about the use Ubuntu part.

    I guess the only valid reason for Microsoft to continue the development of IE is for:
    1. Branding purposes.
    2. And so that they can claim Windows is a totally integrated package.

    Re:For my own edification.... (1)

    larry bagina (561269) | more than 8 years ago | (#15015217)

    as sad as it is, there are a lot of applications that are designed for IE/Active X.

    Re:For my own edification.... (1)

    sumdumass (711423) | more than 8 years ago | (#15015436)

    Whats even more sad is that I have a few of them. I have even gotten them (parts of them) to run on linux but they refuse install without IE 6 or above. I guess some feature I never use requires it or something. That or else it is just the programers way of saying they are too lazzy to support different browsers.

    Re:Why doesn't Microsoft... (1)

    Arandir (19206) | more than 8 years ago | (#15015157)

    Why not switch to Kubuntu and use Konqueror instead?

    Other patches: (5, Funny)

    NilObject (522433) | more than 8 years ago | (#15015009)

    There's two other patches out there that work pretty damn well:

    1 [apple.com] and 2. [mozilla.com]

    Re:Other patches: (4, Insightful)

    Volanin (935080) | more than 8 years ago | (#15015043)

    1. [apple.com] and 2. [mozilla.com]


    Yeah, but only number 2 "include source code for review."

    Re:Other patches: (2, Insightful)

    Poltras (680608) | more than 8 years ago | (#15015064)

    does that mean it's less effective?

    Re:Other patches: (0)

    Anonymous Coward | more than 8 years ago | (#15015075)

    Considering that #1 is an entire operating system as opposed to just a browser, yes, it's less effective.

    Re:Other patches: (0)

    Anonymous Coward | more than 8 years ago | (#15015438)

    #1 isn't the best choice, because you can still run IE on it.

    Re:Other patches: (4, Informative)

    chrome (3506) | more than 8 years ago | (#15015305)

    Yeah, but only number 2 "include source code for review."

    Not entirely true. You can review the code for darwin, and you can review the code for WebKit.

    The only thing you can't review is the UI drawing code in AppKit/Quartz/Cocoa etc.

    Re:Other patches: (1)

    defy god (822637) | more than 8 years ago | (#15015358)

    *ahem* source code? [opendarwin.org]

    Re:Other patches: (-1, Troll)

    Anonymous Coward | more than 8 years ago | (#15015128)

    Or if you are even more curious, there are a few more that I highly recommend:

    3 [eatshitanddie.com] and 4 [fuckoff.com]

    Free as in... (2, Insightful)

    HolyCrapSCOsux (700114) | more than 8 years ago | (#15015013)

    Some folks would like you to believe that free as in beer software is a horrible thing.

    The question is, would people patch if they had to pay for them?

    Re:Free as in... (2, Insightful)

    monkaduck (902823) | more than 8 years ago | (#15015044)

    If they were told to, yes. Never underestimate the lemmingness of the human species.

    Re:Free as in... (3, Interesting)

    Arandir (19206) | more than 8 years ago | (#15015150)

    In an old interview Bill Gates said, and I paraphrase, "people don't pay for bug fixes." This explains a lot.

    Re:Free as in... (1)

    m85476585 (884822) | more than 8 years ago | (#15015153)

    1. Find IE hole
    2. Write unofficial patch
    3. Submit story to /.
    4. Profit!

    Re:Free as in... (1)

    LardBrattish (703549) | more than 8 years ago | (#15015288)

    Yes, history proves this:-

    Windows 3.1
    Windows 98
    Windows ME (Bwah ha ha)
    Windows XP
    and ultimately Vista.

    People will pay for bug fixes if you market them well enough...

    Re:Free as in... (1)

    sumdumass (711423) | more than 8 years ago | (#15015452)

    You forgot Windows 95 a/b/c and Windows 98SE but who keeping track. Actualy Windows 95 might be stretching it because they m,ostly taunted new features and easier hardware instalations but i guess that would fix the old config.sys and having to get the IRQs correct and all.

    Are there not risks even with official patches? (4, Insightful)

    El Cubano (631386) | more than 8 years ago | (#15015026)

    As always, the advice is to weigh the risks before opting for an unofficial hotfix.

    Is this not something that smart admins/companies so even with official patches and fixes? To me, the fact that the source was released shows that these people are quite serious about being taken seriously. I suppose that is better than MS assurances that they extensively tested the fix before release.

    Re:Are there not risks even with official patches? (3, Insightful)

    Ravatar (891374) | more than 8 years ago | (#15015094)

    Without releasing the source, they have almost no credibility. If they hadn't released the source, slashdot would be packed with cries of "who would actually run this?!" "wtf, no source? no thanks".

    Re:Are there not risks even with official patches? (4, Insightful)

    whitehatlurker (867714) | more than 8 years ago | (#15015373)

    And yet, we will accept the same from MicroSoft without the assurance of source ;-)

    Re:Are there not risks even with official patches? (5, Insightful)

    tshak (173364) | more than 8 years ago | (#15015129)

    I suppose that is better than MS assurances that they extensively tested the fix before release.

    This quite far from the truth. Reading source code will not find the integration problems that can come up when you release a patch on millions of machines with different configurations.

    Re:Are there not risks even with official patches? (0)

    Anonymous Coward | more than 8 years ago | (#15015168)

    Wonderful - modded as a troll. Glad to see the intellectually honest folks moderating tonight.

    Re:Are there not risks even with official patches? (0)

    Anonymous Coward | more than 8 years ago | (#15015482)

    You are a troll.

    Re:Are there not risks even with official patches? (1)

    gregarican (694358) | more than 8 years ago | (#15015249)

    Reminds me of back around 1997 or so when Microsoft released Windows NT 4.0 Server Service Pack 6. It was released and my company was one of the many larger ones to roll it out ASAP. Without proper testing we were bitten in the ass big time. This Service Pack broke TCP/IP. Hence Microsoft releasing Windows NT 4.0 Server Service Pack 6a. You would think that someone in the Ivory Towers of Redmond would have noticed it broke TCP/IP :-)

    Re:Are there not risks even with official patches? (1)

    bergeron76 (176351) | more than 8 years ago | (#15015335)

    Heck yeah! Particularly when it's the virus/exploit that's applying the patches (or preventing them from being applied - that would be a nasty exploit).

    I guess in some circles, IE isn't still considered a virus.

    Re:Are there not risks even with official patches? (1)

    sumdumass (711423) | more than 8 years ago | (#15015471)

    In some circles IE is considered the same as Explorer with is considered windows. And the interweb is what happens when we push the powerbutton. But these people are usualy limited to citymanagers postions in little oklahoma cities so there aren't many of them.

    Can't be any worse.... (1)

    surfdaddy (930829) | more than 8 years ago | (#15015409)

    ...than the code written by the Windows Vista team.

    How do they even write these patches??? (4, Interesting)

    MoxFulder (159829) | more than 8 years ago | (#15015030)

    I don't even understand how they manage to *write* third-party patches. I mean, it must be hard as hell to do without the IE source code. I think they write a separate DLL which acts as an intermediary to the flawed insecure library or something, but it sounds like an enormous pain-in-the-ass process. Or do these companies have access to MS code through Shared Source program or something?

    Yep, the more I watch the ills that befall the Microsoft-bound, the more I'm happy with my decision to go Linux-only a few years back.

    How do they even write these cracks??? (0)

    Anonymous Coward | more than 8 years ago | (#15015103)

    "I don't even understand how they manage to *write* third-party patches."

    Ask the people who do this [crackspider.net] . I'm certain they managed fine without source code.

    Re:How do they even write these patches??? (5, Informative)

    Anonymous Coward | more than 8 years ago | (#15015141)

    We certainly don't have access to Microsoft source code. I ran Internet Explorer in a debugger and traced through the execution of the exploit (which was publicly available at this point). Most memory corruption vulnerabilities result in an exception, which is caught by the debugger. Once you have the location of the exception, you can identify which function the vulnerable code is in.

    Once I had the name of faulty function, I disassembled it using IDA Pro and found the bug by reading the disassembly. With enough reverse engineering experience reading disassembled code is not much harder than reading C source code. It just takes longer.

    The IE vulnerability is caused by a funcion called with incorrect parameters which returns SUCCESS instead of an error code. The caller belives that the function suceeded and tries to use an uninitialized variable. The patch is a single byte change in mshtml.dll. The patched function now returns a valid error code and the vulnerability is stopped.

    This free patch is just a demonstration of what we do every month as part of our LiveShield product. It is a lot more advanced, but the idea is similar. We use the vulnerability analysis techniques described above to create "shields" that detect and stop specific Microsoft vulnerabilities. The coolest part is that the shields can be inserted and removed at runtime, without having to reboot any of the running applications.

    Alexander Sotirov
    Security Research
    Determina Inc.

    MOD PARENT +1 INFORMATIVE (0)

    Anonymous Coward | more than 8 years ago | (#15015180)

    I mean, it's written by the guy who wrote the patch!!! How much of a better post can there be???

    Re:How do they even write these patches??? (2, Insightful)

    Anonymous Coward | more than 8 years ago | (#15015227)

    You better watch out :)

    From the EULA:
    "LIMITATION ON REVERSE ENGINEERING,
    DECOMPILATION, AND DISASSEMBLY. You may
    not reverse engineer, decompile, or disassemble the
    Product"

    Re:How do they even write these patches??? (0)

    Anonymous Coward | more than 8 years ago | (#15015246)

    IANAL :-)

    Alexander Sotirov
    Security Research
    Determina Inc.

    Re:How do they even write these patches??? (1)

    roman_mir (125474) | more than 8 years ago | (#15015327)

    I am looking for a good Assembler reference, any recommendations? And also, are you using MS Visual Studio Debugger?

    Assembler and debugging references (3, Informative)

    AltControlsDelete (642641) | more than 8 years ago | (#15015449)

    For x86 assembler, Intel is a good source of information: http://www.intel.com/design/Pentium4/documentation .htm#manuals [intel.com] . You'll want to check out volumes 2A and 2B at a minimum for reference material.

    I would be surprised if Alexander used the Visual Studio debugger; more likely he used SoftICE or one of the Windows debuggers (NTSD/CDB/KD/WinDbg). SoftICE is a commercial product sold by Compuware and provides both user-mode and kernel-mode debugging. A version of the NTSD debugger comes with Windows, but is less useful than the one that comes with Debugging Tools for Windows [microsoft.com] . NTSD and CDB provide user-mode debugging, the only difference between the applications being that NTSD opens a new console window and CDB does not. KD is the kernel debugger. WinDbg provides the same functionality as NTSD/CDB/KD but with a (spartan) Windows interface.

    Re:Assembler and debugging references (1)

    roman_mir (125474) | more than 8 years ago | (#15015499)

    Thanks for the reference idea. I used SoftIce six years ago on NT, but couldn't get it running on Win2K. I guess I should look into a newer version.

    Re:How do they even write these patches??? (0)

    Anonymous Coward | more than 8 years ago | (#15015334)

    Just how ANAL are you???

    Re:How do they even write these patches??? (0)

    Anonymous Coward | more than 8 years ago | (#15015386)

    The man's pretty damn hard-core. You'd better watch out!

    Re:How do they even write these patches??? (4, Interesting)

    QuantumG (50515) | more than 8 years ago | (#15015339)

    You should do your work here in Australia. We have laws that guarentee our right to reverse engineer software to fix security issues.

    Re:How do they even write these patches??? (1)

    dotgain (630123) | more than 8 years ago | (#15015464)

    It's the same here in New Zealand, only our chicks are much hotter.

    Re:How do they even write these patches??? (1)

    netsharc (195805) | more than 8 years ago | (#15015330)

    I read the original article where you mentioned this single byte change. Hah, Microsoft, what the hell are you doing, needing 2 weeks for a single byte change?

    Re:How do they even write these patches??? (1)

    Duhavid (677874) | more than 8 years ago | (#15015405)

    I ran into something kinda similar a while ago.

    It was an MFC app, so the source was available,
    one of the members on the class I was having
    trouble with called a Win32 function, then
    ignored that function's return code and returned
    TRUE.

    Re:How do they even write these patches??? (0)

    Anonymous Coward | more than 8 years ago | (#15015415)

    With enough reverse engineering experience reading disassembled code is not much harder than reading C source code.

    I may have mentioned this previously, but I'll say it again, Amazon is hiring: http://amazon.com/jobs [amazon.com]

    Re:How do they even write these patches??? (5, Informative)

    romka1 (891990) | more than 8 years ago | (#15015146)

    "The fix is a DLL that gets injected into all applications via the AppInit_DLLs registry key," Sotirov wrote in a message posted to security mailing lists. He said the DLL fixes the bug by patching a single byte in MSHTML.DLL when it is loaded in memory. "This change makes the 'createTextRange()' function return an error code instead of returning 0. This exactly how the problem was fixed in the latest IE7 beta from March 20," Sotirov explained.
    from the article

    Re:How do they even write these patches??? (1)

    qwp (694253) | more than 8 years ago | (#15015494)

    glad to hear you moved to linux..
    btw.. your sites down. ;)

    I'm waiting for the official IE patches (3, Funny)

    WillAffleckUW (858324) | more than 8 years ago | (#15015031)

    Of course, I'll probably be retired before they're out.

    MS patches may take a while... (0)

    Anonymous Coward | more than 8 years ago | (#15015171)

    because their Security division is too busy criticizing Apple's security problems rather than writing IE patches (or writing secure code in the first place).

    weigh the risks (3, Insightful)

    enrevanche (953125) | more than 8 years ago | (#15015038)

    Certainly you should weigh the risks with any patch but since an "official" patch would come from the originators of the flaw (and numerous others) why should it be considered any better than an "unofficial" patch? At least these patches can be scrutinized by the outside world for problems. A MS patch will be forever hidden. The perils of closed source!

    Re:weigh the risks (1)

    Ravatar (891374) | more than 8 years ago | (#15015076)

    Because if an official patch breaks your OS, you can get help for it from Microsoft. More people call MS for support than you'd think.

    Re:weigh the risks (1)

    tonyr60 (32153) | more than 8 years ago | (#15015170)

    Are you serious? Have you ever actually called Microsoft to see what happens when one of their patches break... One or more of the following:
      - Reinstall windows with no 3rd party apps. Install patch, still broken - refer to your dealer for a hardware issue
      - The above and it breaks after 3rd party app is installed - refer to the 3rd party vendor
      - etc. etc.

    Re:weigh the risks (1)

    ElleyKitten (715519) | more than 8 years ago | (#15015278)

    >>Because if an official patch breaks your OS, you can get help for it from Microsoft.

    Yeah. I called microsoft tech support after Windows decided not to boot after I upgraded IE, and they told me I could pay them $200 for help. I'm thinking that relying on MS to help you if somehting breaks is a bad plan.

    But how many would install them? (5, Insightful)

    E IS mC(Square) (721736) | more than 8 years ago | (#15015042)

    Given the fact that the average IE user would not even be aware of the flaw, how would he even know such third party patches even exist?

    Most of them are going to be patched only when MS releases the patch, AND they have selected to be updated automatically.

    Its a horrible situation.

    Re:But how many would install them? (2, Insightful)

    ClamIAm (926466) | more than 8 years ago | (#15015220)

    Better question: how many of them know that Microsoft releases patches?

    Fat, slow, and lazy (2, Insightful)

    dtfinch (661405) | more than 8 years ago | (#15015052)

    If third parties can regularly patch your bugs before you do, without access to the source, after giving you a generous head start... Well, I guess that could mean a lot of things. They're definitely lazy, to say the least.

    Re:Fat, slow, and lazy (1, Troll)

    Ravatar (891374) | more than 8 years ago | (#15015070)

    If by "lazy" you mean "they need to test every single change made to their software extensively, and don't have the luxury of being able to throw out third-party hacks with no long-term support requirements", then sure they're being lazy. You'll notice that they're fixing both these issues with their monthly updates on April 11th(I think?) if you look around.

    Re:Fat, slow, and lazy (4, Insightful)

    dtfinch (661405) | more than 8 years ago | (#15015131)

    If it was just a testing thing, they wouldn't wait until the 2nd Tuesday of the following month. Minor patches can wait, but delaying critical patches is inexcusable.

    Re:Fat, slow, and lazy (2, Insightful)

    tshak (173364) | more than 8 years ago | (#15015137)

    ... or they run through rigorous tests since they have to answer to millions of customers on millions of different system configurations. I'm not saying that MS shouldn't be faster about patching, but they have improved their turnaound and there's only so much you can do if you care about rigorous quality assurance.

    Re:Fat, slow, and lazy (1)

    MP3Chuck (652277) | more than 8 years ago | (#15015214)

    Hopefully it's not the same Quality Assurance that gets us these Fine Microsoft Products in the first place!

    Re:Fat, slow, and lazy (1)

    Trogre (513942) | more than 8 years ago | (#15015233)

    ...since they have to answer to millions of customers on millions of different system configurations.

    Unfortunately, as has been shown time and time again, Microsoft answers to no one.

    Re:Fat, slow, and lazy (1)

    MrFlannel (762587) | more than 8 years ago | (#15015331)

    A few posts up, the author of one of the patches describes this bug and the fix. It fixes a function, makes it do exactly what it was supposed to do, instead of returning an inappropriate value.

    If this breaks existing functionality in some application, then those existing apps are using the function incorrect (or put another way, exploiting the bug, whether maliciously or otherwise), and any fix to the function will break them.

    Applying Patches Is Not Free (4, Informative)

    patio11 (857072) | more than 8 years ago | (#15015245)

    Microsoft releases one patch day a month because their corporate customers, the lion's share of their market, demand it. And they demand it because "release a million little patches as soon as that individual patch is done" is unworkable in a corporate environment. You can plan around one big patch a month -- the magic word is "scheduled downtime". It is less bad for some customers to be periodically marginally more vulnerable for a period of two weeks or so then to be continusouly vulnerable to unscheduled downtime due to patching. "Publish early and often" works well with an enthusiast running one machine but when you've got an IT department overseeing a cast of thousands spread over 14 time zones things get a little more dicey.

    Re:Applying Patches Is Not Free (0)

    Anonymous Coward | more than 8 years ago | (#15015457)

    Haha.

    I prefer Linux.

    I'll set up a patch to get applied.. now. For instance. No downtime.

    Even a kernel patch.. no down time. Install the new kernel, when the person logs out and shuts off the computer then they log back in the next day. That's it. patch applied.

    Of course you test patches before deploying them.

    but thank god I don't have to actually reboot machines manually. That would ruin my day. God forbid having to deal with 'scedualed downtime'. That is insane.

    Re:Applying Patches Is Not Free (1)

    Adam9 (93947) | more than 8 years ago | (#15015461)

    Isn't that what Windows SUS is for?

    Re:Applying Patches Is Not Free (1)

    dtfinch (661405) | more than 8 years ago | (#15015493)

    If a company wants to wait to install patches on a fixed schedule, long after the patches have been released, nobody can stop them. There is some benefit to patching unpublicized vulnerabilities on a schedule, but if the details of a vulnerability is already public knowledge, then there's nothing to be gained by any of Microsoft's customers by delaying the availability of a patch.

    But later (1)

    Filiks (578065) | more than 8 years ago | (#15015090)

    Are there likely to be any conflicts or issues when Microsoft issues official patches that overwrite or only partially overwrite changes the patch made?

    Re:But later (1, Informative)

    Anonymous Coward | more than 8 years ago | (#15015173)

    No, both our and Eeye's patches don't overwrite the actual files on disk. Eeye redirects the file to a patched copy, Determina fixes the bug by applying the patch when the faulty DLL is loaded in memory. When Microsoft releases the official patch, it will replace the file on disk and the Determina patch will not apply any more. I am not sure if you have to uninstall the Eeye patch or not, but it won't cause any catastrophic failures either.

    Alexander Sotirov
    Security Research
    Determina Inc.

    This is good but..... (1)

    leereyno (32197) | more than 8 years ago | (#15015160)

    Who exactly is going to be using these patches? Think about it for a moment, since when did security savvy computer users, let alone experts, use IE?? True they may fire it up to go to a specific site or two that requires it or works better with it, but for general surfing? I don't think so. Anyone with the good sense God gave the common radish is using Mozilla, Firefox, Opera, or in the case of Macs Safari.

    I can see a use for these patches in a corporate environment where (for whatever reason) IE is a necessary evil, but even then you're running the risk of getting smacked (if not sacked) by management if the patches break something.

    These patches are realy useful for one thing, showing up Microsoft and making them look like incompetent boobs whose code is such a mess they can't fix it. Given the delays on Vista I'd say this perception is pretty accurate.

    Lee

    Re:This is good but..... (2, Funny)

    whitehatlurker (867714) | more than 8 years ago | (#15015390)

    Anyone with the good sense God gave the common radish is using [...] Opera

    I am ... Radish!

    Damn, I wish I had mod points for your post. 'Course it would be modded funny, but hey ...

    eEye patch IS recommended (1)

    xamomike (831092) | more than 8 years ago | (#15015172)

    I have installed the eEye patch and it does fix the IE ActiveScript hole temporarily, however it is recommended to disable Active Scripting anyways. Now, it is still undetermined how serious this threat actually is, or if it's a big marketing opportunity for eEye's products. I'll assume the former until further notice. The number #1 solution is to simply not use IE.

    ** SPYWARE ** ADWARE ** SPAM ** CASH ** - MOD UP!! (1)

    GET THE FACTS! (850779) | more than 8 years ago | (#15015221)

    Spyware Remover Download
    www.pctools.com Free Scan, awarded Spyware and Adware killer - 5 Stars Rated.
    Spyware
    www.dell.com/softwareperipheral Protect your system with Dell and save on Spyware today!
    Spyware Solution
    www.TrendMicro.com/WorryFree Protect PCs & Servers from Spyware. 5-100 User bundles. Buy Now.
    Spyware Remover Download
    www.STOPzilla.com Award-winning Spyware Remover. Blocks Popups & more. Download Now.
    Top 5 Spyware Removers
    SpywareRemoversReview.com Compare and Download The 5 Top Spyware & Adware Removers for Free.
    Which Spyware Remover?
    www.DefeatSpyware.org Don't download any Spyware removers until you read this article.
    Spyware Remover Download
    www.demoware.net Kill the latest Spyware & block it from coming back. Rated 5 Stars!
    Spyware Removal Software
    www.NoAdware.net/ Detect and remove all known Spyware and Adware. Protect your PC
    Best Spyware Removal
    www.Webroot.com Most highly awarded anti-spyware. Free, safe, accurate spyware scan.
    Spyware/Adware Remover
    www.spy-bot.com Great addition to your PC Security Get Real-time Protection Now
    Less spyware with Firefox
    www.google.com/toolbar Get Firefox with Google Toolbar - More secure, blocks popups & more!
    Spyware
    www.aluriasoftware.com Is someone watching you? Find out with Aluria's Free Spyware Scanner.
    Top 10 Spyware Removers
    www.spyware-ratings.com Free Scan - Find & Remove Spyware Compare Program Reviews - Download
    Download McAfee Spyware
    McAfee.secureie.com Download McAfee Anti Spyware 2006 Scan, Remove & Block All Spyware!
    Free Spyware Download
    www.XoftSpy.com Destroy all Spyware/Adware. Clean & Speed up your PC!
    Free Antivirus Downloads
    www.Stop-Sign.com All In One - Antivirus, Firewall Spyware and Popup Stoppers, Plus.
    Spyware/adware remover
    jobi2.noadware.hop.clickbank.net Remove harmful adware, spyware, trojans, and worms for free
    Spyware elimination
    enigmasoftware.com Spyhunter checks your PC and removes unwanted spyware
    WebRoot Corporate SpyWare
    www.jconsult.com Centrally Managed, Scalable, Corporate SpyWare Solution
    Free Scan SpyWare AdWare
    XoftSpy.net Ads? Trojans? Errors? Slow PC? Free Scan - Act Now!
    Adware & Spyware Remover
    www.pctools.com Free Scan, awarded Spyware and Adware killer - 5 Star Rated.
    Remove Harmful Adware
    www.noadware.net Remove harmful spyware and worms. Try For Free, Today.
    Adware Removal Download
    www.STOPzilla.com Free Detection. Kills Adware, Spy- ware & Blocks Popups. Download Now.
    Free Spyware/Adware Scan
    FreeSpywareScan.org Free Detection, Awarded Spyware & Adware Killer. 5 Star Rated
    Which Adware Remover?
    www-Adware.com Don't Download Any Adware Removers Until You Read this Article.
    Best Adware Removal
    www.Webroot.com Most highly awarded anti-spyware. Free, safe, accurate spyware scan.
    Spyware/Adware Killer
    www.paretologic.com Eliminate Pop Ups/Free-Scan Protection From Brower Hijacking
    Top 5 Adware Removers
    SpywareRemoversReview.com Compare and Download the 5 Top Adware Virus Removers for Free.
    PC Problems?
    www.errorkiller.com Stop Crashes on PC and Laptop! Trojans, Worms, Registry & More
    Spyware/Adware Remover
    www.spy-bot.com Great addition to your PC Security Get Real-time Protection Now
    Adware - Free Download
    adware-free-download.com 2006 high-rated spyware remover. New faster version - free download.
    Adware
    www.PCWORLD.com Free Tools to Stop Adware & Viruses Download Firewalls & Spysweepers.
    Free Ad & Spyware Remover
    www.PrivacyCrusader.com Remove Adware & Spyware, Free. Full version only from Privacy Crusader.
    Had Enough of Ad Pop-ups?
    www.Adware-Begone.com You can get rid of them right now. Solutions range $20 to $30 US.
    Adware- Free Download
    www.adwarealert.com Kill Adware & Viruses in 3 Minutes! Satisfaction Guaranteed
    PestPatrol® - Free Trial
    www.PestPatrol.com Award-winning spyware removal. Free 30 Day Trial - Download now!
    2006 Anti-Adware Reviews
    www.adware-ratings.com Compare Adware Programs & Reviews Free scan & Downloads - Fix your PC
    Ad-ware - Free Download
    wwwAdawear.com 2006 Highly-Rated Spyware Remover. Kill Popups & Viruses - Free!
    Spyware, virus?
    www.DrOrdi.com Online permanent eradication. Only 42 cents/ min. Guaranteed.
    Virtual Sandbox
    www.fortresgrand.com Safely Open Any Email Attachment Prevent Viruses, Spyware, & Adware
    Barracuda Spam Blocker
    www.barracudanetworks.com Free evaluation units available. Lower price, better performance.
    Best Spam Blocker
    www.cloudmark.com Cloudmark Desktop Spam Blocker. Most accurate Blocker (PC Magazine)
    Stop All Spam. Period.
    www.qurb.com Blocks 100% of spam. Try it free! PC Magazine Editors' Choice 2005
    Spam Blocker
    www.spam-stop.com Spam blocker that really works Use our service for free!
    2006 Top Spam Blocker
    6StarReviews.com Read Reviews & Compare Top Spam Blocker Software.
    Spam & Firewall Solutions
    www.TrendMicro.com/WorryFree Worry-Free Security Solutions for Small & Medium Business. Buy Now.
    Best Spyware Blocker
    www.Webroot.com Most highly awarded anti-spyware. Free, safe, accurate spyware scan.
    Anti-Spam Official Site
    www.ComputerAssociates.com New release! Most effective filter available-Save over 65% with rebate
    Enterprise Spam Filter
    www.Postini.com For 200+ employees. Spam will not reach your network. Free Trial.
    Spam Blocking Service
    www.SpamRejection.com Free Trial. Nothing to Install. 100% Money Back Guaranteed!
    McAfee - Official Site
    us.mcafee.com Get $10 Off McAfee SpamKiller Now. Download and Stop Spam Immediately.
    Stop Spam with CanIt-PRO
    www.roaringpenguin.com CanIt Appliance. Flexible anti-spam for enterprises, ISPs and campuses.
    Spam Blocker
    www.no-spam-today.com SpamAssassin(TM) for mail servers and mail clients. Free Download!
    DefenderMX
    www.defendermx.net Raise your company's spam defenses Stop spam and viruses
    Free Spam Filter
    www.spamfighter.com For Outlook and Outlook Express Enjoy spam free email now!
    Spam Blocker
    www.eBay.com Whatever you're looking for you can get it on eBay.
    SPAM Blocker
    Free.AOL.com The AOL® Safety & Security Center - Start Your 90 Days Risk Free Now!
    McAfee Spam Blocker
    McAfee.secureie.com Download McAfee Spam Killer 7.0 Latest 2006 Version. Save $10 Now!
    Outlook Spam Blocker
    www.Outlook-Spam-Filter.com POP3, IMAP, HTTP and MS Exchange Auto-Learning. Download Now!
    Spam Blocker
    www.PCWORLD.com Free Tools to Stop Adware & Viruses Download Firewalls & Spysweepers.
    Free Money -Free
    SurveyClub.com Don't pay to take surveys! Get paid for surveys with no membership fee.
    Free Surveys
    www.FreePayingSurveys.com Get Paid For Your Opinion! Up to $200/hr to take Free Surveys.
    $200 - $1,000 Per Day
    www.weeklycashincome.com Start Immediately - No Exp. Nec. Direct Deposit To Your Bank
    Free List Of Paid Surveys
    SurveyMonster.net Why Pay ? When you can get it for Free. Make $50 in 10 mins.
    Secret Shoppers Wanted
    www.retailreportcard.com Shop for Free and Keep What You Buy Receive $1000 to Shop.
    Cash From Websites
    www.absoluteprofits.biz Huge incomes are being made from web addresses. Sign up Free, now
    Free Money
    www.CashUnclaimed.com/free-money Want free money? Search here now.
    Free Money at FusionCash
    www.FusionCash.net Get cash for trying products and free surveys. No catch. Just cash.
    Free Grant Search
    www.FreeGrantSearch.com Instantly qualify for up to $3100! Grants never have to be paid back.
    Get Paid to Try Products
    www.MaviShare.com Get Free Cash Instantly Via PayPal No Credit Card Required.
    Free Money Every Day
    www.WaterhouseReport.com/Online.htm Deposited Daily Into Your Bank Start Earning Now - No Exp Nec
    $25-$150/hr at Home.
    Paid-Work-at-Home.com Apply right away. Start today. Aff. No Experience Necessary. F/T or P/T
    $1200/Hr Jobs?
    MaximumPayJobs.com Apply Now And Make Up To $300 In the Next 15 Minutes!
    Grants You Qualify For
    www.CashGrants.Addr.com 2006 government grants. Apply now. Call (800) 699-1610 ext. 450.
    DoEarn-Earn Online Money
    www.doearn.com Simple way to Earn Online Money Earn as much as you want. Start Now
    free money
    www.MyGovernmentResources.com You Need a Grant? Check Eligibility in 2min. Easy!
    25 Free Surveys For Money
    www.paidsurveys.com Complete Money Making Surveys and Earn Rewards. Join Free Today.
    Free Cash
    CashCowFiesta.com Have fun making cash all year. Get $5 for joining. Act now.
    Free List of Paid Surveys
    www.FreeToJoinSurveys.com Our free list has 20 companies that pay you cash to take survey.
    Win $50,000 Cash
    www.Enter-2-Win.com Just enter your Name & Address - You'll Be Entered to Win!

    Tested and deployed (3, Informative)

    ninja_assault_kitten (883141) | more than 8 years ago | (#15015235)

    I had our IT department test and deploy the silent installation this morning. We're a web-based software company and there's been zero reported impact to our development staff as 6pm EST.

    While it's clearly not the best solution, it does work and provides a much needed layer for the vast majority of corporations who simply cannot and will not disable active script.

    Re:Tested and deployed (0)

    Anonymous Coward | more than 8 years ago | (#15015325)

    eEye or Determina?

    Re:Tested and deployed (0)

    Anonymous Coward | more than 8 years ago | (#15015410)

    Illegal to reverse engineer. Its an illegal patch. Illegal to deply too. What's the name of your company? :)

    well (2, Funny)

    Trailer Trash (60756) | more than 8 years ago | (#15015272)

    As always, the advice is to weigh the risks before opting for an unofficial hotfix

    Anybody who has the ability to weigh risks is already using firefox.

    Re:well (0)

    Anonymous Coward | more than 8 years ago | (#15015353)

    ...or another browser.

    Re:well (1)

    Faltargan2006 (950852) | more than 8 years ago | (#15015451)

    "Anybody who has the ability to weigh risks is already using firefox."

    And Linux! :)

    First party patches (1)

    QuietLagoon (813062) | more than 8 years ago | (#15015306)

    As always, the advice is to weigh the risks before opting for an unofficial hotfix.

    Of course, Microsoft [computerworld.com] and other vendors [72.14.203.104] always get their patches correct the first time.

    Re:First party patches (1)

    jofi (908156) | more than 8 years ago | (#15015362)

    MS is held to a different standard than the rest. I think that is what you would call a double-standard.

    Patch! Patch on what? (-1, Offtopic)

    Anonymous Coward | more than 8 years ago | (#15015338)

    There is NO such thing as patching binary. If you want to patch, in first place you need the source programs. Then download the patch, apply the patch to the source programs, recompile and reinstall. That is patching a program to rectify an issue.

    Are the source programs of the IE browser available? If it is not available to you, is it available to those two companies to rectify the problem. Or have they done the Blind man grouping?

    I don't think its even worth looking at. Just simply get a browser of your choice which has the source programs available to public. I personally recommend Firefox.

    If you want the latest Firefox, its a double bonus switch to Linux also at the same time. Its not scaring. Things are far more advanced now. I'm currently evaluating an Apple like multimedia Linux named Tomahawk Desktop [tomahawkcomputers.com] . I'm very happy with the progress so far. Just get it and forget about this crappy browser issues. Don't be permanently dumb. Don't be forever amateur in using computers.

    Does anyone on /. even use IE anymore? (0)

    Cainjustcain (782020) | more than 8 years ago | (#15015340)

    Seriously... anyone?

    Re:Does anyone on /. even use IE anymore? (0)

    Anonymous Coward | more than 8 years ago | (#15015435)

    Would anyone on /. admit to using IE, even in a pinch?

    In memory fix (4, Insightful)

    roman_mir (125474) | more than 8 years ago | (#15015361)

    the patch fixes the affected DLL in memory by overwriting a byte that is stored in RAM for MSHTML.DLL this begs a freaking question, should a modern OS even allow some application to modify behaviour of another application in memory, especially behaviour of a system level application, an OS DLL? I believe the patch needs to be installed from an administrator account, but even then, this doesn't mean that it is good design decision, to allow an arbitrary application to overwrite in memory code of another application. Of-course if that wasn't possible this specific patch couldn't exist, but still, the OS allows questionable application behaviour to say the least.

    Re:In memory fix (1)

    v1 (525388) | more than 8 years ago | (#15015395)

    this begs a freaking question, should a modern OS even allow some application to modify behaviour of another application in memory, especially behaviour of a system level application, an OS DLL?

    Rememer please, this is windows we are talking about. How would anyone write viruses and pervasive spyware without this feature?

    (lets all say it together, this is not a security hole / bug, it's a feature )

    Anyone remember? (5, Insightful)

    WalterGR (106787) | more than 8 years ago | (#15015404)

    Does anyone remember the previous third-party patch to IE? This is from December of '03.

    Slashdot: "Open Source Firm Releases Patch for IE Bug [UPDATED]"

    An open source and freeware software development web site has released a patch to fix the URL spoofing vulnerability in Internet Explorer... Update: Sadly, the patch appears to contain a buffer overflow and some possibly-malicious code. (link [slashdot.org] )

    Leave it to Microsoft... (1)

    netguardianii (955452) | more than 8 years ago | (#15015406)

    ...to let others clean up the messes it has made.

    opensource? (3, Interesting)

    sumdumass (711423) | more than 8 years ago | (#15015416)

    It would be interesting to see microsfts official patch when it becomes availible and attempt to see how close it is to these unofficial patches.

    Maybe the code would be completley different but would it achieve its goal by going about the same ways as the unofficial patch? Or would it be patched on a level deeper then we could access. I guess the most interesting part would be that a third party without access to the source code could actualy come together with a solution before microsoft. What would be more interesting is seeing how close those solutions match match each other. Sort of a test to how these third party programers can predict the neccesity or orders of different code they only have limited access to.

    What risk? (0, Flamebait)

    bunhed (208100) | more than 8 years ago | (#15015450)

    Does no one remember this whole MS mess just a series of patches on DOS anyway? What risk when you've already gone this far?
    Load More Comments
    Slashdot Account

    Need an Account?

    Forgot your password?

    Don't worry, we never post anything without your permission.

    Submission Text Formatting Tips

    We support a small subset of HTML, namely these tags:

    • b
    • i
    • p
    • br
    • a
    • ol
    • ul
    • li
    • dl
    • dt
    • dd
    • em
    • strong
    • tt
    • blockquote
    • div
    • quote
    • ecode

    "ecode" can be used for code snippets, for example:

    <ecode>    while(1) { do_something(); } </ecode>
    Create a Slashdot Account

    Loading...