As you probably know, really dangerous JavaScript-based exploits of Microsoft Internet Explorer (IE) are on the loose. The exploits take advantage of problems in JavaScript processing that allow injection of arbitrary code. Microsoft is working on a patch for the problems that's currently scheduled for release April 11--the company's scheduled monthly patch release date.
Several attacks that use the exploits are under way. For example, one attack comes disguised as a BBC News story snippet. When a person clicks the link to read the rest of the story, the exploit is triggered. Ken Pfeil sent me a link to another site hosting an exploit. The exploit includes some shell code, but I didn't completely reverse-engineer the exploit, so I'm not entirely sure what all it does. If you want to take a look, visit 207.5.68.153 on port 80 with a telnet client and enter the command "GET /" to dump out the exploit code.
Ken also pointed out that some software, such as Microsoft SharePoint Server, can be configured to load files based on content instead of file extension. This means that an exploit can be packaged inside something as seemingly harmless as a .txt file to get past your defenses and will then be run by the software. This software capability undoubtedly adds to the danger level of the new exploits and other exploits.
While you're waiting for Microsoft's patch, you might consider using a third-party patch from Determina or eEye Digital Security. I haven't tested either of these patches so I can't vouch for them, but both companies are reputable. Alternatively, you can disable Active Scripting in IE to stop the execution of JavaScript.
I tested one of the JavaScript-based exploits with Mozilla Firefox and found that it caused the system's disk subsystem to go into overdrive. There was so much disk activity that it took me more than 5 minutes to get Task Manager to open so that I could terminate the Firefox process, which stabilized the system.
I recently came across an interesting set of desktop firewall test results--at the Firewall Leak Tester Web site. The 2006 results show which desktop firewalls perform best in terms of outbound application filtering and the prevention of information leakage. Coming in dead last out of 16 desktop firewalls is Windows Firewall, which ships as part of Windows XP Service Pack 2 (SP2). This isn't too surprising given that Windows Firewall doesn't do outbound blocking.
So which firewalls are the best? When it comes to outbound application filtering, no other firewall beats Jetico Personal Firewall. Kaspersky Lab's firewall is the strongest in terms of preventing information leakage, with Jetico coming in a close second place. Overall, Jetico appears to make the strongest desktop firewall available, beating out other well-known firewalls such as those from Sunbelt Software (Kerio), ZoneLabs (ZoneAlarm Pro and ZoneAlarm Free), and Symantec (Norton). As a bonus, Jetico Personal Firewall is free.
Check out the results at the URL below.
http://www.firewallleaktester.com
