User Help for Mozilla Firefox
I know this is a Windows problems (sigh) again. But is there anything Fx users can do to block downloading any malicious code from websites? Some little setting, tweak, or extension that may be available for use within the browser?
http://www.redherring.com/Article.aspx? ... AndDefense
The only 100% effective thing you can do for now is to shut down your computer and come back to it in around six months when Microsoft may have released a patch for it.
Never download WMF files?
That won't work because a malicious site could rename a .wmf to .jpg or something and when Windows gets hold of it, it is going to execute it as .wmf anyway based on its content type instead on notifying you that the file extension is incorrect for the file content and asking what to do.
Simply letting Windows get a sniff of the file will blow up in your face.
If the site renamed a wmf file to jpg, I believe one of two things will happen in Firefox:
1. The malicious server will start sending it as image/jpg and you'll end up with a garbage image in Firefox
2. The malicious server will keep sending it as (whatever the content type is for wmf) and you'll get a download prompt in Firefox that tells you what type of file it is.
I have to agree with you there.
As long as the browser serves as a buffer zone between the content and Windows you should be alright.
However should you save such a file to your drive and try opening it later...
Should you have Firefox set to download to the Desktop automatically, as soon as you save it you're hosed.
One of the most effective precautions you can take is to install Spyware Blaster.
Appearently many of these wmf exploits use this exploit as a method of installing spyware on a persons computer.
If Spyware Blaster is installed, then there is a good chance that it will prevent the malicious software from being installed.
I have had Spyware Blaster installed for a long time. I also have Fx set to show the download manager anytime there is a file being downloaded. I reset it to ask where to save every file rather than just automatically putting in my default folder.
I hope that is enough to at least alert me if anything "odd" is going on.
As for going offline for six months, that is not an option. I would prefer to track down these hacks with too much time on their hands and relieve them of a typing finger or three with my trusty dull plastic butter knife. I am sick to death of feeling like I am under assault all the time.
If the Linux folk would make a really solid small business bookeeping program for use on one their platforms (and quit cranking out so many different flavors long enough for a body to really learn one version), I would switch to it completely. I currently own Xandros, two different Red Hat versions, and SuSe Linux. Just cannot find a good solid bookkeeping program to use on any of them. I keep hoping. I heard rumors of something in the works some time ago, but then it seemed to fizzle out.
Meanwhile, I have to just keep trying to dodge the bullet with Windows.
Okay; this one's real easy: The major good anti-virus scanners, properly updated and configured already offer protection from most if not all of these files. Ummmm...you do have a good properly configured and updated anti-virus program running full time, don't you? I said "good" not "Norton/Symantec."
Have your Firefox configured: Tools | Options | Downloads | View & Edit Actions -- make sure absolutely NOTHING is marked as Open with .... unless you know you can absolutely trust the file type and the program used to open that file.
AMD A8-3800 APU Radion HD Graphics 2.40 GHz; 64-bit Win-7 SP1 Home Premium w/latest patches; Fx 50.0.2; Tb 45.5.1
EFnet oper irc.Prison.NET
Just to keep you paranoid, that leave out PDF and a whole lot of other stuff. I'm afraid that any plugin you use poses potential security problems. For example, PDF Reader and Java have had security vulnerabilities fairly recently, although not of this magnitude. If you remember that you really <i>are</i> under attack and software is generally pretty poorly designed, you should be fine.
By the way, anti-spyware programs may save your bacon, but you can't rely on them. Reports indicate that they are remarkably ineffective at finding even <i>known</i> threats.
As for anti-virus programs, my ISP takes care of that. Even so, a virus still slipped into several e-mail messages recently. Ironically, the forged return address was my ISP security group.
St paranoid, folks, and don't rely on software as your sole protection. But we digress.
Last edited by VanillaMozilla on December 30th, 2005, 3:27 pm, edited 1 time in total.
Quit blaming Windows and get a clue!!!
Its not the gun, son!
Its the cowboy!
I thought the same until I read this from PC Magazine:
Anti-Virus Protection for WMF Flaw Still Inconsistent
Win XP Pro SP1
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:188.8.131.52) Gecko/20070515 Firefox/184.108.40.206
Thunderbird version 220.127.116.11 (20070326)
They are still not sure what to look for ...
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.
The truth is that we have no idea how much junk has sneaked through all the safety nets. The odds are the white hats can't find it all. The really good malware does its dirty work silently and undetected, like rattlesnakes that have learned not to rattle (with my apologies to snakes).
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 18 guests