[Dshield] QHOSTS-1 Trojan & MSIE6 Vulnerability

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Mon Oct 6 17:30:51 GMT 2003

list-bounces at dshield.org <mailto:list-bounces at dshield.org> wrote on
Friday, October 03, 2003 9:34 PM: on behalf of: warpmedia
[warpmedia at comcast.net]

| http://www.utils32.com/adiefiltr.asp is what I've been playing with
| and does what is needed. It can flip a site into a JS enable zone and
| let you block popups, etc... then "reset" it back to restricted. I
| just find $20 a bit much for what should be a M$ supplied control
| M$ did supply a IE add-in that did allow adding to Trusted or
| Restricted, no source, no MSDN example, etc... it all comes down to
| registry entries. 
| At 10:13 10/3/2003, Tom Liston wrote:
|| <snip>
|| To the best of my knowledge, there is no third-party add-in that
|| allows JS to be turned on and off easily.  I looked into writing
|| one, but I'm not even sure it is possible.  Changing stuff in the
|| registry on the fly doesn't seem to work, because IE doesn't check
|| the registry each time before it attempts to run JS code...  only on
|| start up. 
|| Poor, poor, POOR interface design...
|| - -TL
|| On 2 Oct 2003 at 22:13, warpmedia wrote:
||| Yet again proof that JS & ActiveX should be considered unsafe for
||| general browsing and that M$ not catching bugs properly ought to
||| add a zone management to the IE taskbar, distribute appropriate
||| .reg patches to add security zones that enable JS & ActiveX
||| (separately, granular), and set IE to restricted zone by default.
||| Usability of windows update be damned. - ---- >8 ---- Snip! 
|| <snip>
| Joshua MacCraw
| warpmedia at comcast.net
| http://mywebpages.comcast.net/jmaccraw

Joshua, Tom, David et al.

If you additionally need a personal, software firewall and were willing
to consider a commercial, proprietary program and non-open-source
approach, perhaps you would like to consider for instance Zone Labs,
Inc.'s ZoneAlarm Pro, which might help you with the challenge you seem
to face.

With ZAPro under one of the many "Privacy" features provided, you have
"Mobile Code Control".

Hence, you can block or allow any or all combination of the following:
1) Block javascript
2) Block scripts (vbscript, etc.)
3) Block embedded objects ((java, ActiveX)
4) Block mime-type integrated objects

A) To my understanding, you can select and apply the settings on the

B) You can set Privacy for specific programs, e.g. Microsoft(r) Internet
Explorer, Microsoft(r) Outlook(r), etc.

C) Please notice that you can set the privacy options universally,
and/or as per for specific Web sites.

I have used the product since December 2001, and am at present satisfied
with it in all but one respect. Because of the huge popularity of the
product (according to the vendor, Zone Labs is the leader in personal
and distributed firewall technology trusted on over 20 million PCs), I
however am a bit pessimistic whether my voice will be heard at Zone
Labs, Inc., if I get to give them the necessary feedback.

>From time to time you can buy the license for the use of the product
also bundled with other (usually other security or privacy related)
products. If using the option it naturally increases the initial
investment, but reduces the total price per product. Similar applies for
maintenance. You get a discount if you are willing to commit yourself to
Support and Update service for two years instead of the usual one year
at a time renewal. (In addition, if you cease renewing Product update
service you are most likely offered discount for joining or extending
the service again).

Best of luck with the approach you choose,

      "In theory, research requires more brains than means." 
  Severo Ochoa (1905-1993); Spanish biochemist and Nobel Prize winner

More information about the list mailing list