That is a good word, Clint. I use Spy Sweeper by Webroot. It is not free but it is reasonable and it works very, very well.
Grace and Peace, Roger ----- Original Message ----- From: "Support-OrpheusComputing.com" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Tuesday, July 04, 2006 6:27 AM Subject: PCWorks: Critical Internet Explorer HTML Help ActiveX Control Memory Corruption > I don't normally post alerts like these below where they state > something NEEDED has to be disabled unless they are critical, > and this one is. Notice there is no M$ links regarding this > issue. > > Since many if not most 'big' sites use ActiveX, disabling it > can cause problems at these sites, and since it's not a good > idea to put any sites in your "Trusted zones" or sites except > for maybe sites like your personal ban*king and related > sites(1), those of you that are for some reason still not > running *SpywareBlaster, *SpyBot (and others that block harmful > ActiveX), REALLY NEED to INSTALL THEM now! Also, many AV > software programs will block bad ActiveX. > > Most people have IE's "Privacy" setting area set to only > "Medium" which is NOT good. This will allow a lot of bad > ActiveX (among many other things) to be placed on your PC. > That area should be set to "High". Yes, it's a pain with sites > that insist on force-feeding you their #$%$@ Cookie even when > it's not technically needed, but all you have to do is > double-click that red "-" at lower right of the IE browser > window (which denotes a blocked Cookie(s) and in the window > that pops up double-click the MAIN URL, that's the MAIN URL > ONLY, and dot the area to "Always allow this site to use > Cookies" and IE will remember that. > > An example of when you DO NOT need to do this is > http://www.nasa.gov/ . I just went there to check on the > shuttle launch and you'll see that red "-" sign I mentioned > above. The site still functions without allowing it (but it > may be needed for the Flash version). Notice when you > double-click that red "-" sign you see only ONE URL and it's > theirs. Now go to http://cnn.com/ for a good example of a site > that tries to load all sorts of bad unnecessary garbage Cookies > on your PC! Now double-click that red "-" sign you'll see all > sorts of BS! I show SEVEN Cookies, and note how the last 5 of > them are adware tracking Cookies! (SpywareBlaster will block > these). If for example this was a site that demanded you > needed to accept a Cookie for the site to function, or if it > was a site where you had to order something, you would ONLY, > that's ONLY accept the Cookie from the MAIN ROOT domain/URL!! > > *SpywareBlaster & SpyBot are both free. > http://www.javacoolsoftware.com/spywareblaster.html > http://www.safer-networking.org/en/download/ > Note that with all of these type programs, they MUST be setup > CORRECTLY in order to block ALL of the bad things. With > SpywareBlaster you have to go to ALL of the areas, check the > boxes, and click "Enable all protection". With SpyBot, > "TeaTimer" must be enabled (go to "Resident" under "Tools" and > check BOTH boxes), and you have to go to the "Immunize" area > and enable BOTH areas there so that both show the green check > marks. > > (1) Personally I don't even trust personal ban*king sites or > ANY site for that matter because they too will try and load you > up with garbage! If you place one of those sites in the > "Trusted sites" area, that means all ActiveX and bad Cookies > could then be loaded on your PC without warning, (depending on > the way you have the "Trusted sites" area setup). This is > under the "Security" tab in Internet Options for IE. > -Clint > > > TITLE: > Internet Explorer HTML Help ActiveX Control Memory Corruption > > SECUNIA ADVISORY ID: > SA20906 > > VERIFY ADVISORY: > http://secunia.com/advisories/20906/ > > CRITICAL: > Highly critical > > IMPACT: > System access > > WHERE: > From remote > > SOFTWARE: > Microsoft Internet Explorer 6.x > http://secunia.com/product/11/ > > DESCRIPTION: > A vulnerability in Internet Explorer, which potentially can be > exploited by malicious people to compromise a user's system. > > The vulnerability is caused due to an error in the HTML Help > ActiveX control (hhctrl.ocx) when handling the "Image" > property. This can be exploited to cause a memory corruption by > setting an overly long string multiple times for the property. > > Successful exploitation may allow execution of arbitrary code. > > The vulnerability has been confirmed on a fully patched system > running Windows XP SP2 with Internet Explorer 6.0. Other > versions may also be affected. > > SOLUTION: > Disable the "Run ActiveX controls and plug-ins" setting for all > but trusted sites. > > ORIGINAL ADVISORY: > http://browserfun.blogspot.com/2006/07/mobb-2-internethhctrl-image-property.html ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
