Posted on 09/23/2004 6:12:16 AM PDT by rit
A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software.
Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft's software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file.
"Within days, you'll likely see (attacks) using this code as a basis," said Vincent Weafer, senior director of security response for antivirus-software company Symantec. "This is dangerous in a sense that everyone processes JPEG files to some degree."
(Excerpt) Read more at news.com.com ...
I guess I should start making my images as PNGs...
Would this also exploit those jpegs opened by an internet browser?
Internet Explorer browser is vulnerable. Just visiting a web site with a jpeg image on the page that takes advantage of the exploit can infect your computer.
Isn't one definition of insanity doing the same thing repeatedly, while expecting different results?
More and more, I'm starting to see microsoft addicts as errily similar to democrats who seem willing to drink whatever kool-aid they are told to.
Yes, and if 90% of the world uses Macs or Linux, you can expect the same level of viruses on your machine. People write viruses for what's most widely used. It's why I don't use Microsoft Outlook, which alone accounts for a huge percentage of the malicious code out there.
Ooooooooooo, now you went and stepped in it, z. Get your flameproof jammies on; the MS Crowd will be coming for you.
"People write viruses for what's most widely used."
Glad to hear a voice of reason among the din created by the anti-Gates, anti-Microsoft crowd. They have their own flavor of Kool-Aid, too. I'm neutral on the whole thing, but I do use Windows, mainly because the choice of available software is so vast.
My main concern is in the recent changes to Windows Update, the mechanism by which diligent users can most effectively combat security issues. You must accept a new update manager before getting any new updates. And the new update manager -- at least, last time I heard -- will decide for you when it's a good time to install Windows XP SP2, which I have on CD and want to apply after the rash of reported program conflicts settles down.
Please read this thread. Maybe it's time for you to start using my Firefox browser even if you don't like it.
Switching to Firefox 1.0PR may solve the browsing part, but, people still relying on Outlook or using Word to open an attachment (remember, not everybody makes smart choices), could still fall victim.
So, if everyone used Mac OS or Linux, yeah, there probably would be some level of exploits floating around, but no, it probably wouldn't be as bad as it is now.
Using Opera. Works great. Love my tabbed browsing and pop-up blocker. I just LOOKS better as well.
Thankfully he doesn't use Outlook.
I'm pretty happy with Firefox but really haven't done much with the tabbed browsing feature but the pop-up blocker is great. Wish I could convince my husband.
I see this justification all the time on these threads. I think that it is time to prove it.
If Linux or Macs are just as vulnerable as Windows, surely the expert coders that populate FR could, as a proof of concept, find and exploit a similar graphics flaw and publish the results. Put up or shut up.
Carolyn
There are already fixes for this bug for Microsoft Office.
I keep hearing that, but I never seem to see any. Apache is the most used webserver on the net, yet it's not plagued by the numbers of viruses that IIS is. Sendmail moves the worlds email, yet the same holds true for it.
The problem is that windows "security" sucks. Microsoft still lives in a single-user world, and to this day doesn't understand the concept of a multi-user system, and the security that this requires.
When I boot up my laptop on my wireless network at home, I'm able to launch my mail reader remotely from my desktop computer and have the program run as if I were sitting down at the desktop. Unix was built from the ground up with internet connectivity in mind. Windows wasn't. It shows. You can continue to spend your time dealing with a broken OS that requires constant maintennance to keep it from barfing. I'll use what works, and what works for me, rather than the other way around.
You'd be amazed at how easy it is to do 90% of what most people use computers for with Linux. Neither of my daughters have any problem with it, and they aren't nerds by any stretch of the imagination.
You can even "test drive" Linux via one of the "live" CD distributions like Knoppix. A live knoppix distro boots off of a CD-ROM disk. It contains all the programs you're likely to want, (though it runs a little slowly because it is being loaded from a CD, rather than a hard disk). It doesn't mess with your existing computer setup at all. You can safely play with it and do just about anything you want, because even if you somehow manage to screw it up badly (unlikely), all you have to do to recover is to reboot either back to the CD, or your normal OS. It's a great way to try things out.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.