Fix FALSH play and IE vulnerabilities to defend against BOT from the root cause

Source: Internet
Author: User

The new Flash Player version has revealed the Trojan-mounting vulnerability. No patch is provided to solve the vulnerability. Many Internet Explorer vulnerabilities have caused many Trojans, such as BOT and many others, to spread and mount more than 90% of Trojans. infected people constantly change, upgrade, restore, and apply immune patches, but all of them are carried by robot dogs. I will give you a fundamental solution to these two vulnerabilities ~~ The method is very easy to use. Many old birds have talked about the lease policy defense method. But today I will talk about my solution and hope you can learn from and exchange ideas ------------------------------------------------------------------------------------------------
First, import the following Registry: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSafer] [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoft
"AuthenticodeEnabled" = dword: 00000000
"LEVEls" = dword: 00035000
"DefaultLEVEl" = dword: 00040000
"TransparentEnabled" = dword: 00000001
"OlicyScope" = dword: 00000000 ----------------------------------------------------------------------------- open windows policy run --- gpedit. msc-Software Restriction Policy


Now let's talk about the "hash rules" I used to make IE and FLASH secure.

Right-click "Other Rules" and choose "create hash rule"> "Browse"> "-C: Program FilesInternet guest eristme.exe"> "Security Level"> "basic user" 2

Website plug-ins installed with plug-ins cannot be installed or some webpages maliciously written into the system may cause IE to close because any write to the system folder cannot be implemented.
We can ignore this small problem to ensure security ~~ You can install the plug-in you need to install when creating the master disk ~~

We can see this effect after using the "hash rule" for IE ~ Open the IE file -- open ---- browse --- and find C: in WINDOWS, you can try to write files or modify files, and you will not be able to move anything as long as the key files or USER permissions in the system fail to be reached ~ The natural virus and Trojan cannot damage your system.



Bytes -----------------------------------------------------------------------------------
This method can be used to solve the vulnerabilities in FLASH for flexible technology operation.
Right-click "Other Rules" and choose "create hash rule"> "Browse"> "-C: WINDOWSsystem32MacromedFlashFlashUtil9e.exe"> "Security Level"> "basic user"
Then add C: WINDOWSsystem32MacromedFlashFlash9e in the above method. ocx indicates that by default, group measurement only supports exe com bat vbs... and other common executable files that are not supported yet. ocx suffix File
In this case, we need to add files with OCX or other extensions to the policy, and click Software Policy restriction-the specified file type-file extension-add OCX or what you think will be used later. file Extension 4. 5

OK ~~~ FLASH is not afraid of any vulnerabilities ~
This method can be flexible to many places ~~~ As long as you give full play to the inspiration to bring more security to your mother disk, of course, these methods are to reduce the system permissions of the program to achieve the goal of security.
Easy to use ~ But don't use it in system files. You can test it more by yourself. However, you can use IE and FLASH. You can rest assured that it will not cause great incompatibility. Next time, I will talk to you about the "path rules ". '~~~
Resolve the Registry without the "basic user" option on the SP2 System
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSafer] [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSaferCodeIdentifiers]
"AuthenticodeEnabled" = dword: 00000000
"Levels" = dword: 00035000
"DefaultLevel" = dword: 00040000
"TransparentEnabled" = dword: 00000001
"PolicyScope" = dword: 00000000
"ExecutableTypes" = hex (7,
4c,
, 00, 00, 00, 4f, 58, 00,
, 4d, 54, 00, 00, 4d, 00, 00, 4d, 00,
00, 4d, 00, 00, 4d, 00, 00, 4d, 00, 00,
4c, 00, 4e, 00, 4b,
00, 4e, 48, 00, 00,
58,00, 45,00, 00,00, 43,00, 52,00, 54,00, 00,00, 43,00, 50,00, 4c, 00,00, 00,43, 00, 4f,
00, 4d, 00, 00, 4d, 44, 48, 00, 4d, 41, 00,
, 00, 45,
, 00, 00 [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSaferCodeIdentifiers] [identifier] [identifier {349d35ab-37b5-462f-9b89-edd5fbde1328}]
"Description" = "Stop the download of this file"
"FriendlyName" = "Mdac11.cab"
"SaferFlags" = dword: 00000000
"HashAlg" = dword: 00008003
"ItemData" = hex: 5e, AB, 30, 4f, 95, 7a, 49,89, 6a, 00, 6c, 1c, 31,15, 40, 15
"LastModified" = hex (B): 85, c4, 34, dc, 19, a2, c2, 01
"ItemSize" = hex (B): 0b, 03,00, 00,00, 00,00, 00 [listen {7fb9cd2e-3076-4df9-a57b-b813f72dbb91}]
"Description" = "Stop the download of this file"
"FriendlyName" = "mdacloud cab"
"SaferFlags" = dword: 00000000
"HashAlg" = dword: 00008003
"ItemData" = hex: 67, b0, d4, 8b, 34, 3a, 3f, d3, bc, e9, dc, 64,67, 04, f3, 94
"LastModified" = hex (B): 03, 8a, 39, dc, 19, a2, c2, 01
"ItemSize" = hex (B):, 02, [listen {81d1fe15-dd9d-4762-b16d-7c29ddecae3f}]
"Description" = "Stop the download of this file"
"FriendlyName" = "mdac20_a.cab"
"SaferFlags" = dword: 00000000
"HashAlg" = dword: 00008003
"ItemData" = hex: 32, 78, 02, dc, fe, f8, c8, 93, dc, 8a, b0, 06, dd, 84, 7d, 1d
"LastModified" = hex (B): be, 77,45, dc, 19, a2, c2, 01
"ItemSize" = hex (B):, 00, [authorization {94e3e076-8f53-42a5-8411-085bcc18a68d}]
"Description" = "Stop the download of this file"
"FriendlyName" = "_ msadc10.cab"
"SaferFlags" = dword: 00000000
"HashAlg" = dword: 00008003
"ItemData" = hex: bd, 9a, 2a, db, 42, eb, d8, 56, 0e, 25, 0e, 4d, f8, 16, 2f, 67
"LastModified" = hex (B): 81, 4f, 3e, dc, 19, a2, c2, 01
"ItemSize" = hex (B): e5, 00,00, 00,00, 00,00, 00 [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSaferCodeIdentifiersHashes {dc971ee5-44eb-4fe4-ae2e-b91490411bfc}]
"Description" = "Stop the download of this file"
"FriendlyName" = "msadc11.cab"
"SaferFlags" = dword: 00000000
"HashAlg" = dword: 00008003
"ItemData" = hex: 38, 6b, 08, 5f, 84, ec, f6, 69, d3, 6b, 95, 6a, 22, c0, 1e, 80
"LastModified" = hex (B): 40, b2, 40, dc, 19, a2, c2, 01
"ItemSize" = hex (B):, 01
Many of my friends may not be able to watch online videos. It's actually very easy because the plug-in you need has no permission to fit into the system.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.