Author Topic: New zero-day exploit in-the-wild, Catched by Avast?  (Read 20016 times)

0 Members and 1 Guest are viewing this topic.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: New zero-day exploit in-the-wild, Catched by Avast?
« Reply #30 on: March 21, 2006, 11:16:32 PM »
Quote
Secunia confirmed the vulnerability on a fully patched PC running IE 6 and WinXP SP2, but deemed the flaw 'not critical'.

Other than that this flaw crashes IE there is no report (as VLK said) that it allows remote code execution.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: New zero-day exploit in-the-wild, Catched by Avast?
« Reply #31 on: March 21, 2006, 11:22:48 PM »
I'm really trully sorry to hear that, in this day of needed zero day pervention, I fear I made a poor choice in avast...
Not to be rude at all, just my opinion, by zero day prevention is more promisses than reality, crashes than security.
I've tried:
a) the buggy ProcessGuard.
b) the ex-freeware PrevX with a poor interface, update, etc.
c) the good, powerfull, but crash-maker with just common things, of System Safety Monitor.
d) other programs that promisse, promisse and know what? Nothing.
Just my opinion and experience.
I respect other opinions and experiences.
The best things in life are free.

Offline lbubb

  • Jr. Member
  • **
  • Posts: 43
Re: New zero-day exploit in-the-wild, Catched by Avast?
« Reply #32 on: March 22, 2006, 12:11:06 AM »
I'm not trying to make trouble just get a better handle on what's going on & how I can prevent exposure of my HD contents. You see my laptop is not just pleasure but I work for a bank & in the security dept.  and have some sensitive info on here. It would look pretty silly if the assisant to the VP of security gets hacked?? I think someone should say more than if there's an attack we'll act. The prudent thing is to step forward & give an intelligent thought out answer to what steps will be taken & how fast we'll see an update 'if' the worse case senerio happens...I should mention that I'm already afraid of this happening on a weekend when the shop is closed for updates...

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re: New zero-day exploit in-the-wild, Catched by Avast?
« Reply #33 on: March 22, 2006, 12:17:47 AM »
***

I do no think the shop is ever closed. Someone is always on duty at Avast.    :)
And, though rare, there have been weekend updates when they were needed.    :)


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83960
  • No support PMs thanks
Re: New zero-day exploit in-the-wild, Catched by Avast?
« Reply #34 on: March 22, 2006, 01:20:27 AM »
I'm not trying to make trouble just get a better handle on what's going on & how I can prevent exposure of my HD contents. You see my laptop is not just pleasure but I work for a bank & in the security dept.  and have some sensitive info on here. It would look pretty silly if the assisant to the VP of security gets hacked?? I think someone should say more than if there's an attack we'll act. The prudent thing is to step forward & give an intelligent thought out answer to what steps will be taken & how fast we'll see an update 'if' the worse case senerio happens...I should mention that I'm already afraid of this happening on a weekend when the shop is closed for updates...
Well firstly this exploit only crashes IE and currently can't do anything to your HD. If there is any possibility that remote code could be executed then it could effect your HD, in which case avast would I'm sure be covering that threat.

Secondly I would stop using IE, the browser is an integral part of the OS so if that is exploited, effectively you have exploited the OS. ActiveX and BHOs are virtual magnets for adware and spyware, it is so simple for them to be installed with IE. Opera or firefox or any other non-ie based browser would be fine. Hopefully in the fullness of time MS will get around to patching this vulnerability (just in time for the next to replace it, ;D).

Anti-viruses by there nature are reactive, they react to threats but in order to do that they need samples of the code (0-day stuff). Some AVs use heuristic detection, that can be extremely complex in trying to first guess what might be harmful. That in itself can cause problems, so it is difficult to say anything other than they will act in light of newly detected threats.

The person behind the keyboard is a first line of defence before any AV ever gets a look in, this type of exploit would be unlikely on a web site with reasonable security as it too would first have to be hacked to implant the code, etc.

So how do you get to those sites that have either been hacked or faked to look like a valid site, clicking links in web pages or emails when you can't check the authenticity of the site.

You don't open attachments in unknown email, the same should be true of links in emails.

If your laptop is for work and home, surely the VP of security has some security policy relating to there use. If you have some sensitive information on it then that info should be in a folder which can be protected either by password or encrypted. You should also have a back-up/recovery strategy.

Most viruses inherit the user privileges so if you have admin privileges then it too has admin rights. Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.8.2432 (build 20.8.5684.602) UI-1.0.566/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: New zero-day exploit in-the-wild, Catched by Avast?
« Reply #35 on: March 22, 2006, 02:28:26 AM »
How I can prevent exposure of my HD contents.
A good outbound firewall. Kerio has applications monitor or code injection (including when started by another application or process) for free.

I should mention that I'm already afraid of this happening on a weekend when the shop is closed for updates...
This is simple especulation, more, it's not fair. It was already discussed... we're losing time about weekend updates issues...
If you want placebo updates, well, avast won't be for you.
The best things in life are free.

Offline lbubb

  • Jr. Member
  • **
  • Posts: 43
Re: New zero-day exploit in-the-wild, Catched by Avast?
« Reply #36 on: March 22, 2006, 10:32:30 AM »
sorry for causing trouble...

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83960
  • No support PMs thanks
Re: New zero-day exploit in-the-wild, Catched by Avast?
« Reply #37 on: March 22, 2006, 03:08:00 PM »
Your not causing any trouble, your obviously concerned and we are trying to give you information, that should help to protect your data and to alay those fears and hopefully reassure you that everything you read isn't as serious as it may seem.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.8.2432 (build 20.8.5684.602) UI-1.0.566/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline lbubb

  • Jr. Member
  • **
  • Posts: 43
Re: New zero-day exploit in-the-wild, Catched by Avast?
« Reply #38 on: March 22, 2006, 03:58:42 PM »
thanks & yea I made too much of it. I like Avast & wouldn't consider removing it, thanks for your understanding, my combo of Avast!, kerio & ewido I feel will keep things tight, thanks again...

Offline Abraxas

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 730
  • Perseverance Furthers...
    • PCLinuxOS-Forums
Re: New zero-day exploit in-the-wild, Catched by Avast?
« Reply #39 on: March 22, 2006, 05:14:53 PM »
I 've just read this page and are dismayed, and thankful that  lbubb has been given such knowledge as to secure 'sensitive' information.
Dismayed that the employer didn't have such information to train bank staff, and thankful that the volunteers here have stated clearly what procedures to take.

The responsibility shouldn't lie with Avast! Anti-virus  and volunteers at this Forum .
I learn each day that the general community/ Media / Employers  has no idea what common sense steps to take to protect their online security, especially in sensitive matters. I don't want to preach, or go off topic, but some of the things I read and hear on radio and T.V. only confuse and worry people .
Responsible Education on these matters is long overdue. Lucky such information is freely available here.