Third party tools can mitigate the impact of security vulnerabilities on the system. Firefox users can for instance protect their web browser with the excellent NoScript add-on to avoid the majority of browser attacks if they use the add-on correctly.

TrendMicro Browser Guard 2010 is a free toolbar that has been exclusively designed for Microsoft’s Internet Explorer. The program is compatible with all Internet Explorer versions from Internet Explorer 6 to the latest Internet Explorer 9 releases running on 32-bit or 64-bit editions of Windows XP or newer Microsoft operating systems.

The key benefits according to TrendMicro are:

• Protects against zero day exploits
• Detects buffer-overflow and heap-spray attacks
• Protects against execution of shell code
• Analyzes and protects against malicious JavaScript
• Connects with Trend Micro Smart Protection Network to maximize detections

How effective is the program? That’s a question that I cannot answer. I tried finding reviews and tests of Browser Guard 2010 but did not find any.

The security added by Browser Guard look solid on paper and it would be very interesting to see how the program fares against threats in real usage scenarios.

Users who work with Internet Explorer can download Browser Guard 2010 directly from Antivirus.com.

Mitigating factors help in limiting the impact of the vulnerability on target systems. Microsoft mentions protected mode, a feature of Internet Explorer on Windows Vista and later Windows operating system. Protected Mode gives the attacker limited rights on the affected system.

The other mitigating factors are:

• By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See also Managing Internet Explorer Enhanced Security Configuration.
• By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone, which disables script and ActiveX controls, reducing the risk of an attacker being able to use this vulnerability to execute malicious code. If a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.
• An attacker who successfully exploits this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
• In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.

No patch is currently available to resolve the issue. Users should keep an eye on the Security Advisory. A Technet article reveals additional details about the vulnerability.

Each zone can be configured individually by the user. A slider is available to change the security setting from high to medium. Users who know what they are doing can configure custom security settings as well. The menu provided however is not very comfortable to work with. The window is rather small and there is no option to compare the zone’s settings with the settings of another zone.

While that may not be that of a problem on a single-user system, it may be one in a computer network. Individual users can reset the security zone settings to default values.

Internet Explorer Zone Analyser has been designed for two main purposes:

• To show settings for the Local Machine (Computer) zone and for Local Machine Zone Lockdown (LMZL).
• When machine settings or policies disable part of the Security Zone UI.

While those two may be the main purposes, it is quite possible to simply compare different security levels with each other. Ever wanted to know how the medium-high security level differs from high? This tool can display it easily.

Internet Explorer Zone Analyser displays a blank program window on startup. A click on Compare Zones opens a selection menu where users can pick two zones that they want to compare.

The two zones are then displayed in the main interface with all of their settings. Highlighted rows indicate that the settings are different from each other, grey that they are not set and plain white that they are identical.

The software program offers single zone inspections as well. A click on Inspect zone opens a selection window where one zone can be selected. The security settings of that zone are then displayed on the screen including the source (e.g. user preference, machine preference).

Internet Explorer Zone Analyser is a handy program for Internet Explorer users and system administrators. The program is available for download at Technet. Please note that the software requires the Microsoft .NET Framework 2.0. (via)

The vulnerability exists due to an invalid flag reference within Internet Explorer. It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

Mitigating Factors

• Data Execution Prevention (DEP) in Internet Explorer 8 on Windows XP Service Pack 3, Windows Vista Service Pack 1, Windows Vista Service Pack 2, and Windows 7.
• Protected Mode in Internet Explorer on Vista and Windows 7 limits the impact of the vulnerability
• The user has to visit a web page in a web based attack scenario to exploit the vulnerability. Typically, users need to click on a link to visit those websites. If they pay special attention to the sites they visit they can reduce the risk.
• Microsoft Outlook, Outlook Express and Windows Live are not vulnerable to the attack if they are configured to open HTML email messages in the restricted zone. This is the default setting.

Internet Explorer users can block the attack fully by blocking the execution of ActiveX controls and Active Scripting in the preferences.

Microsoft furthermore has released a Fix It solution to protect computer systems from these attacks. The first Fix it solution overrides a website’s cascading style sheets style by using a custom CSS for formatting documents.

The second Fix it solution applies only to Internet Explorer 7. It enables or disables DEP in the web browser. Both Fix It solutions are available directly from Microsoft. The original security advisory is available here.

The following guide explains how to make changes to the security zones in Internet Explorer to improve the security on the Internet.

Internet Explorer uses different settings for each of its four security zones. The Internet zone is the standard zone. The settings of this zone are used unless the sites are listed in the trusted sites or restricted sites zones, or if the website is hosted on the local Intranet.

internet options

The general idea is the following: Increase the security level of the Internet zone, and add trusted websites and services that require scripts that are blocked in that zone to the trusted sites listing so that they execute normally.

The Internet Options can be opened in Internet Explorer by clicking on Tools > Internet Options. They are also available in the Windows Control Panel under the Network and Internet category (in Windows 7, might differ slightly in other Microsoft operating systems).

The Security tab lists the four zones and their security levels. Start by changing the slider of the Internet zone to high. You may need to click on Default level first before the slide is shown. High ensures maximum safeguards and that some features are disabled.

Setting the slider to high will break some sites or features on sites. JavaScript is for instance deactivated by default, that’s fine most of the time but problematic if JavaScript is needed to access a site’s functionality.

Adding those sites to the list of Trusted Sites in the Internet Options of Internet Explorer ensures that all their contents and features can be used just like before. The standard security level of the trusted zone is set to Medium.

To add sites to the Trusted sites click on the Trusted Sites icon in the security tab and the on the Sites button.

trusted sites

Standard websites can only be added if the checkmark is removed from “Require server verification (https:) for all sites in this zone. Internet Explorer will automatically suggest the site in the active tab for inclusion, other sites can be entered manually.

The settings can be tested immediately. Trusted sites are indicated in the status bar of the web browser.

Advanced users can select a custom security level for both the Internet zone and the Trusted sites zone.

security settings

This does require knowledge of web technologies or research to find out what a specific setting does. It is for example possible to increase the security of the trusted sites zone as well, by disabling features that are not needed.

Do you have other Internet Explorer security tips? Let us know in the comments.

The patch that Microsoft has released is however a cumulative update with patches that will fix Internet Explorer 8 security vulnerabilities as well.

The information posted by Microsoft reads:

MS10-018 resolves Security Advisory 981374, addressing a publicly disclosed vulnerability in Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is unaffected by the vulnerability addressed in the advisory

MS10-018 is a cumulative update with the patch for Security Advisory 981374 being one of the patches included in the release. This basically means that Internet Explorer 8 is unaffected by that one vulnerability but affected by others that are included in the cumulative update as well. This is confirmed by the affected and unaffected software listing on the security bulletin page which lists the severity as critical for Internet Explorer 8 as well.

Windows users should install the update as soon as possible to protect their computer system from possible exploits. The update is also available at the Microsoft Download site.

The update for Internet Explorer will be provided through Windows Updates or from the usual Microsoft sites where updates can be downloaded manually. The reason for the out of band update is Microsoft’s monitoring of the vulnerability which seemed to have uncovered an increased exploitation of the security vulnerability.

The update for Internet Explorer is cumulative as it contains nine additional vulnerability fixes that all were supposed to be released on Microsoft’s monthly patch Tuesday on April 13.

The main impact of the vulnerability is remote code execution:

The vulnerability exists due to an invalid pointer reference being used within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

Admins and users who still run systems with Internet Explorer 6 or 7 are encouraged to update their systems as soon as the update is released by Microsoft to protect the system from being successfully compromised.

Any address that is not in that local list will be send to a Microsoft server where it will be compared against a database that contains unsafe and suspicious websites. Standard computer information and the SmartScreen Filter version number will also be transmitted in the process.

Information that may be associated with the address, such as search terms or data you entered in forms might be included. For example, if you visited the Microsoft.com search web site at http://search.microsoft.com and entered “Seattle” as the search term, the full address http://search.microsoft.com/results.aspx?q=Seattle&qsc0=0&FORM=QBMH1&mkt=en-US will be sent. Address strings might unintentionally contain personal information, but this information, like the other information sent, is not used to identify, contact or target advertising to you. In addition, Microsoft filters address strings to try to remove personal information where possible.

From time-to-time, information about your usage of SmartScreen Filter will also be sent to Microsoft such as the time and total number of websites browsed since an address was sent to Microsoft for analysis. Some information about files that you download from the web such as name and file path may also be sent to Microsoft. Some website addresses that are sent to Microsoft may be stored along with additional information including web browser version, operating system version, SmartScreen Filter version, the browser language, and information about whether Compatibility View was enabled for the website. A unique identifier generated by Internet Explorer is also sent. The unique identifier is a randomly generated number that does not contain any personal information and is not used to identify you. This information, along with the information described above, is only used to analyze performance and improve the quality of our products and services.

The SmartScreen Filter is a security addition to Internet Explorer that warns the user if known malicious or dangerous websites are visited. It is therefor usually recommended to keep the filter activated.

Some Internet Explorer users on the other hand might prefer to deactivate it. Either because they are using a security software that checks the websites for them, like Web of Trust for instance or a security software that integrates in the web browser and checks the accessed websites, or because they do not want to transmit information about the visited websites to Microsoft.

The SmartScreen Filter can be disabled in the Internet Options of Internet Explorer. Open the Internet Options by clicking on Tools > Internet Options and switch to the Security tab.

Select the Internet Zone and click on the Custom level button. This opens a new window with lots of configuration options. Scroll all the way down until the Use SmartScreen Filter setting which is Enabled by default. Selecting Disable instead and clicking on OK will disable the filter for general Internet usage.

You need to confirm the changes. This will disable the SmartScreen Filter in Internet Explorer 8 so that no visited websites and computer information will be submitted to Microsoft.

It is also possible to turn of the SmartScreen Filter by clicking on the Safety link in the Internet Explorer toolbar and selecting SmartScreen Filter > Turn Off SmartScreen Filter. This menu can also be used to check websites manually and report potentially dangerous websites. The last two options can be performed even if the SmartScreen Filter has been deactivated in Internet Explorer.

The vulnerability is not exploited currently according to Microsoft’s information and it is not likely that it will as a user on the target system needs to be convinced to press the F1 key in response to a pop up dialog box on a specifically prepared website.

The issue in question involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system. To help customers better understand unsafe file types, we have published a white paper on the topic which you can find by clicking this link.

There is currently no fix for affected operating systems but Microsoft confirmed that they continue investigating the issue. It is likely that a patch for the vulnerability will be provided shortly. As of now all users need to remember is to not press F1 when they are accessing websites.

The vulnerability has also been used in an attack earlier this month on several popular US companies that included Google and Adobe. The patch does not seem to have been made available via Windows Update yet. This is likely to happen in the next couple of hours.

Windows users are encouraged to download the patch from the appropriate support pages to close the vulnerability in their computer system.

• Internet Explorer 8 (Windows XP 64-bit, Windows XP 32-bit, Windows Vista 32-bit, Windows Vista 64-bit, Windows 7 32-bit, Windows 7 64-bit
• Internet Explorer 7 (Windows XP 32-bit, Windows XP 64-bit, Windows Vista 32-bit, Windows Vista 64-bit
• Cumulative Security Updates for Windows XP 32-bit, Windows XP 64-bit

Users with Internet Explorer 6, Windows Server 2003 or Windows Server 2008 can find the whole list of patches at Bink.nu. Internet Explorer 6 and IE 7 users should also consider updating their web browser to Internet Explorer 8 if possible.

The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

Microsoft is currently working on a patch to fix the vulnerability with the likelihood that the patch will be released out of their usual patch cycle as an emergency patch.

The patch confirmation page lists several mitigating factors but the safest option right now is to switch to a different web browser at least for as long as no patch is provided to protect the computer system from the vulnerability.

Additional differences become apparent in the web browser plugin development and availability. Some browsers offer thousands of plugins while others only a handful. Plugins can be a very effective way of adding additional protection to the web browser. This article is about the top 5 security plugins for the most popular web browsers. If you know of a plugin that is missing in the list let us (and everyone else) know about it in the comments.

Mozilla Firefox

No Script – The one add-on that many security experts do not want to live without. No Script can block script execution on websites. It does so on all websites by default with the option to enable specific scripts temporarily or permanently. The add-on can prevent script based attacks (most of them are) if used correctly.

Last Pass – The password manager for Firefox. It can generate and remember secure passwords, fill out forms and even auto login the user into websites. The three important security related features are secure password generation, password storing and auto login. Secure passwords have the weakness that they are hard to remember. It is simply easier to remember 123456 than f&z_cU!;re4xZ especially if you consider that unique passwords should be used one every website. With Last Pass users get unlimited secure passwords with the need to only remember the master password. The auto login feature can be very effective against phishing attacks as it won’t work on phishing websites that use a different url than the original.

No Redirect – A versatile add-on that handles several things at once. It will reveal the destination url of short url services and prevent that Internet providers and other companies use DNS hijacks to show their (search pages). This does happen for instance with many major ISPs if the user mistypes a domain extension.

Link Extend and Web of Trust – Link Extend and Web of Trust provide a similar functionality. They provide website ratings to inform the user about potentially dangerous websites. Both display ratings in major search engines but also in a toolbar for the active page.

CS Lite – Cookie permissions on a per-site basis. Allows the user to block or allow cookies permanently or temporarily.

Backup: Febe Firefox Backup. It is always a good idea to create regular backups to be prepared when data gets corrupted or deleted. Febe is a Firefox add-on that can backup all profile data of the web browser including bookmarks, settings, extensions and passwords.

Google Chrome

Last Pass – The Last Pass password manager is also available for the Google Chrome web browser. Extension support is currently only available for dev releases of the Google browser. The functionality on the other hand is similar to that of the Firefox add-on. It is possible to generate passwords, store them and use the auto login feature.

Flash Block – This is the closest to the No Script Firefox add-on. Flash Block will only block Flash content but not other script related objects.

McAfee Site Advisor bookmarklet – There are not many Google Chrome extensions yet. Bookmarklets try to close that gap by allowing all Google Chrome users – and not only those that use a dev version – to make use of additional features. This bookmarklet will display McAfee Site Advisor ratings when executed. Comparable to Wot or Link Extend with the difference that it has to be executed manually.

Adsweep and Adblock+ – Two options to disable most advertisement that is displayed on websites. These add-ons are more about the annoying objects on websites and less about security. They can however be helpful in situations were rogue ads are displayed that spread malware.

Backup: Fav Browser – Fav Browser 2 can backup and restore all settings of Google Chrome 2, 3 or 4.

Internet Explorer

Last Pass – Did we mention that we love Last Pass? The password manager is available as a plugin for Microsoft’s Internet Explorer. It offers the same functionality on all supported web browsers including password generation and secure storage of passwords.

Web of Trust or Trend Protect – Both display ratings for the active websites and websites that are listed in the major search engines (Google Search, Yahoo Search, MSN). They can be used as an indicator if a site’s potentially dangerous to visit.

IE7 Pro – A great plugin for Internet Explorer (not only 7 but also Internet Explorer 8) that offers ad blocking and many additional features. It comes closes to the No Script Firefox add-on. The ad blocker includes a Flash Blocker. Another interesting module is userscript support which can be also beneficial to security.

Backup: Fav Backup – You can use the tool to backup and restore Internet Explorer profile settings.

Only four for Internet Explorer. Do you know of additional Internet Explorer security add-ons? Let us know in the comments.

Seven different color coded ratings are used in the browser plugin. Most important ratings are green for a safe website, red for a dangerous website and yellow which indicates undesirable and suspicious contents.

The second indicator becomes only visible on the supported search engine results pages. Every url on these pages, even the advertisements, will be rated by TrendProtect to give the user an indication of the possible dangers on these websites.

The ratings of the service are calculated by taking page and site reputation, phishing scam detection and content categories into account. It is possible to influence some values in the options of the plugin. This includes selecting categories like gambling or adult as undesirable. Another option is the addition of websites to a list of trusted websites.

TrendProtect is available for Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 (although it is not mentioned on the page) only at this moment. TrendMicro has plans to port the plugin to the Mozilla Firefox web browser.

This security update is being released out of band in conjunction with Microsoft Security Bulletin MS09-035, which describes vulnerabilities in those components and controls that have been developed using vulnerable versions of the Microsoft Active Template Library (ATL). As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls that have been developed with vulnerable versions of ATL as described in Microsoft Security Advisory (973882) and Microsoft Security Bulletin MS09-035.

This security update also resolves three privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on supported editions of Microsoft Windows 2000; Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows XP; Critical for Internet Explorer 7 and Internet Explorer 8 running on supported editions of Windows Vista; Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows Server 2003; and Moderate for Internet Explorer 7 and Internet Explorer 8 running on supported editions of Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.

Windows users should make sure to download the security update as soon as possible. It is available at the usual sources including automatic updates, Windows Update or Microsoft Update.

WOT, which stands for Web Of Trust, is an add-on for Microsoft’s Internet Explorer that increases the Internet security of the web browser. The main purpose of the add-on is to scan and rank all links in popular search engines and other websites to give the user an indication of the dangers of each listed website.

Each link on supported websites will be ranked with a single colored icon which can be expanded into a detailed view when hovering with the mouse over it. Websites are ranked from very poor to excellent in the four categories trustworthiness, vendor reliability, privacy and child safety.

The Internet Explorer add-on will display a popup if the user clicks on a link with a poor rating which works as a second warning. It is then up to the user to ignore the warning and visit the website, skip the website or check some user reviews on the Web of Trust website first.

Web of Trust should not obviously be the only means of Internet Security but it can be helpful especially for inexperienced users who might get into troubles when visiting unsafe websites. The Internet Explorer add-on is actually not exclusive to Internet Explorer as a version for Firefox is also available for download.

Safe Web Browsing: WOT and How to Use It

Many users are familiar with WOT (Web of Trust) featured for Firefox and Internet Explorer and it certainly has been mentioned in posts. To take full advantage of WOT; you need to know how to use it. This may seem simple to the advanced user, but it is unfamiliar territory to the user who is new to browsing safety. Some anti-malware suites take care of safe web browsing and many do not. If you want to be certain that a website is “safe”, WOT is a great way to do this. “Safe means that the site is clear of malware, spyware, adware, etc. It is hard to tell just by looking if a site is unsafe or safe. This will give you the ability to discern and make appropriate choices accordingly.

WOT in its completely functional format is available for Firefox and Internet Explorer. Safari and Opera versions are available yet they are admittedly incomplete at this time. It may be added to Google Chrome as well. For this demonstration, the focus is on Internet Explorer.
Start by downloading the WOT add-on for Internet Explorer.

You will then be requested to register to activate all features. This is where you will have to agree to the Terms of Service and License Agreement once again. This may seem odd, but it is the way Licensing Agreements go. Depending on your system and any programs running at the time, this could take a few minutes to complete. After you register, you may see that it is taking a long time to confirm. If this is the case, restart the browser and you will see that WOT has been installed on Internet Explorer. IE9 is used in this example.

You will see this circular icon in the upper right corner of the IE browser. This is WOT. When you go to a website, click on this to see the ratings. For example, here the user navigated to desktopnexus.com. This is a free site for desktop backgrounds. The ratings indicated that it is safe.

This confirms general user reports that this site is reliable and safe: free of malware and thus trustworthy. Now we can take a look at another random site and see its ratings. Please note that this is purely demonstrative and not intended to incriminate any site or confirm that it is a dangerous site. This is merely to show the functions of WOT in Internet Explorer.

The author will go as far as to state that this is a free music download site that is at the top of Google’s search. Immediately, this warning came up. Upon further examination with certain anti-malware software, several threats were identified. You can click the View rating details and comments button to see the ratings:

When you see this, navigate away from the site and find a more trusted site. WOT works without instigation. Generally, if you do not see a “WARNING” pop up, the site is safe. Click the circular WOT icon shown earlier to see the ratings of any given site to be sure. Enjoy safe browsing and avoid problems that could compromise the safety of your computer.

The security update fixes the following two vulnerabilities: Uninitialized Memory Corruption Vulnerability and CSS Memory Corruption Vulnerability. Since it is a cumulative update it does apply all previous security updates for Internet Explorer on the computer system.

The easiest way to update affected systems is to use Microsoft Update which will download and apply the security updates automatically. The other possibility is to download the patch from Microsoft Download and apply it manually.

Microsoft has released three additional security bulletins:

• Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
• Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
• Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)

If a user accesses the Internet with multiple computers he might want to use the same security zone settings on all of them. The easiest way to do that would be to export the security zones on one computer and export them to all others instead of adding sites to the zones manually on all computers.

Internet Explorer is storing the security zone information in the Windows Registry. To export the settings of the currently logged in user one would have to open the Registry with [Windows R], typing [regedit] and hitting [Enter].

The Registry key is located at:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

A left click on Domains will select that key. The next step would be to open the File Menu and select Export. Enter a name and save the data as a file on the computer.

The newly created file has to be transferred to another computer. A right-click on the file at the new computer will open a context menu. The entry Merge will add the data to the correct Registry key so that the zone information of the first computer will be added to it as well.