The Cellar - View Single Post - How many times per day does internet explorer crash on you?

mbpark · 08-18-2013, 02:47 PM

Bruce,

Funny. I was just reading the latest edition of 2600 magazine, where it talked about how exploits get on systems.

The method used to get into a system for this particular zero-day exploit was a Java JAR file targeting both Java and its corresponding ActiveX plugin control.

The other popular ways for exploits to get in are the Adobe Flash and Acrobat Reader plugins, which are also both ActiveX.

The exploits which IE has been especially vulnerable to without plugins are CSS, HTML, and Javascript.

All of these do successfully run as normal users without any issue.

The Registry, AutoRuns, or similar protections won't help when there are fundamental issues with the browser architecture and how it loads code in the first place. IE is just #1 with a bullet because of the Adobe and Oracle plug-ins that make it easier to infect machines.

Those plug-ins (based on ActiveX) are the fundamental weakness of IE.

IE 7 and up allow you to reset the browser and remove the plug-ins. Run the browser after that and you should see a better experience.

08-18-2013, 02:47 PM	#21
mbpark Lecturer Join Date: Jan 2001 Location: Carmel, Indiana Posts: 761	Bruce, Funny. I was just reading the latest edition of 2600 magazine, where it talked about how exploits get on systems. The method used to get into a system for this particular zero-day exploit was a Java JAR file targeting both Java and its corresponding ActiveX plugin control. The other popular ways for exploits to get in are the Adobe Flash and Acrobat Reader plugins, which are also both ActiveX. The exploits which IE has been especially vulnerable to without plugins are CSS, HTML, and Javascript. All of these do successfully run as normal users without any issue. The Registry, AutoRuns, or similar protections won't help when there are fundamental issues with the browser architecture and how it loads code in the first place. IE is just #1 with a bullet because of the Adobe and Oracle plug-ins that make it easier to infect machines. Those plug-ins (based on ActiveX) are the fundamental weakness of IE. IE 7 and up allow you to reset the browser and remove the plug-ins. Run the browser after that and you should see a better experience.