Norton AntiVirus Woes, IE Security Patches
- 27 July, 2000 16:28
You should get rid of the mischievous virus definitions immediately. To update your virus definitions, choose LiveUpdate from within your version of AntiVirus or point your browser to www.symantec.com/avcenter/download.html. To eradicate the temporary subdirectories created by ScanDisk, however, you'll need to run a specially designed utility from Symantec. For more information and a link to the utility, go to www.symantec.com/avcenter/venc/data/fix.dir00000.html.
Surf Easy With More Ie Patches
Hardly a month goes by without a Microsoft Corp. security scare of some sort. True to form, the company recently released the latest in a succession of security fixes. The most serious ones address various Internet Explorer weaknesses that could expose your computer to disaster.
Simply visiting a Web site run by a malicious operator could unleash debilitating code on your PC, reformatting your hard drive or deleting files. An ill-intentioned site operator could introduce the nasty code via shortcuts embedded in an HTML Help (*.chm) file. That file could reside either on your hard drive (if you were enticed into downloading the file, for instance) or--more likely--in a type of shared folder known as a UNC (Universal Naming Convention) on a remote system.
The solution prevents shortcuts from being invoked in an HTML Help file unless the file resides on the user's local hard drive. To keep such files off your system, Microsoft suggests, refrain from downloading .chm files from Web sites you don't know. To download the 733KB patch for Internet Explorer 4.x or 5.x running on Windows 9x or NT 4.0, visit www.microsoft.com/Downloads/Release.asp?ReleaseID=21705. Windows 2000 users can get a 503KB patch for IE 5.01 at www.microsoft.com/Downloads/Release.asp?ReleaseID=21706.
When you whisk off your credit card number as part of a secure transaction with a site, your browser is supposed to verify that the site is the one you think it is. However, two flaws in the way IE 4.01 and 5.01 validate Secure Socket Layer certificates could allow a rogue Web site to pose as a site you trust and conduct seemingly secure sessions with you. The malicious site operator could also read selected files on your computer.
The first flaw: When you connect to a secure server through either an image or a frame, IE verifies that the server's certificate was issued by a trusted source (like VeriSign), but it doesn't verify the name of the entity or the expiration date. The second gaffe: When you initiate a new SSL session with a server previously validated during an IE session, IE does not revalidate the certificate.
Separate patches for IE 4.01 and 5.01 close the breaches. Find these fixes at www.microsoft.com/windows/ie/download/critical/patch7.htm.