"Surferbar" virus>Outlook sucks>best browser/email client

[dogscoff]

OK, one of the NT machines here at work just got hit by this so-called "surferbar" thing. I looked it up on the web and learned how to remove it, but I can't find anything anywhere about how to prevent getting it in the first place. As far as I know the machine I've just cleaned could easily get re-infected at any time.

Apparently this surferbar is propagated via a weakness in directX which makes it vulnerable to a "drive-by download", whatever the hell that is. I'm not sure Zonealarm will be enough to stop this PoS getting onto my XP system at home.

Anyone got any ideas? If I can help it, I'd rather not download any of that anti-spam/ anti popup software (Zone alarm and google toolbar are as much as I want to run, thanks), I'd like to find a windows patch or registry setting that will stop this kind of crud infecting my system.

BTW, I'd just like to point AGAIN that Microsoft are utterly CRAP for releasing operating systems with so many critically dangerous gaping security holes. Every one of these fkn things pushes me that little bit closer to Linux.

[ September 05, 2003, 09:34: Message edited by: dogscoff ]

[Arkcon]

Ah, I was waiting for someone to exploit this hole. Some suggestions are here:
Link to CERT

Basically, I have the multimedia options turned off for IE, and I don't go to random websites. Doesn't seem to be a port I can shut off. Assuming that even works flawlessly in ZoneAlarm.

[ September 03, 2003, 12:11: Message edited by: Arkcon ]

[Mephisto]

I think you have to limit the rights of ActiveX to install scripts on your computer. You can change this at the internet security options. Let the system ask you if somthing is allowed to install itself on your PC and you should be fine (I hope...).

[dogscoff]

Hmm, well I'm pretty sure the code came in via some piece of spam in outlook express. Didn't even have to open it, just clicking it to delete it was enough. An activex box came up to tell me that something had been done and you can guess the rest.

Thanks for the response anyway.

I guess I could stay offline for a few days, wait for the rest of the world to get infected and the media to panic and start predicting the end of civilisation and maybe then microsoft will climb down off their moneypiles and actually think about releasing a patch to fix this vulnerability.

Otherwise, I may have to switch to a simpler email client- something that doesn't gormlessly open any and every bloody file emailed to it would be nice. Can you get PINE for winxp?

EDIT: Hadn't read Mephisto's response. Thanks, M.

[ September 03, 2003, 12:29: Message edited by: dogscoff ]

[Thermodyne]

Quote:

Originally posted by dogscoff:
Hmm, well I'm pretty sure the code came in via some piece of spam in outlook express. Didn't even have to open it, just clicking it to delete it was enough. An activex box came up to tell me that something had been done and you can guess the rest.

Thanks for the response anyway.

I guess I could stay offline for a few days, wait for the rest of the world to get infected and the media to panic and start predicting the end of civilisation and maybe then microsoft will climb down off their moneypiles and actually think about releasing a patch to fix this vulnerability.

Otherwise, I may have to switch to a simpler email client- something that doesn't gormlessly open any and every bloody file emailed to it would be nice. Can you get PINE for winxp?

EDIT: Hadn't read Mephisto's response. Thanks, M.

Do you have the preview window turned off and IE set to prompt for ActiveX ?

[dogscoff]

No and no. *sigh* guess I'm going to have to live without the preview window if I want to avoid getting hit by this stupid thing.