Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Windows PCs face ‘huge’ virus threat
Financial Times via Drudge ^ | January 2 2006 18:18 | By Kevin Allison in San Francisco

Posted on 01/02/2006 3:54:03 PM PST by Swordmaker

Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.

The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers.

“The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.”

The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week. But the potential for damaging attacks increased dramatically at the weekend after a group of computer hackers published the source code they used to exploit it. Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image.

“We haven’t seen anything that bad yet, but multiple individuals and groups are exploiting this vulnerability,” Mr Hyppönen said. He said that every Windows system shipped since 1990 contained the flaw.

Microsoft said in a security bulletin on its website that it was aware that the vulnerability was being actively exploited. But by early yesterday, it had not yet released an official patch to correct the flaw. “We are working closely with our antivirus partners and aiding law enforcement in its investigation,” the company said. In the meantime, Microsoft said it was urging customers to be careful opening e-mail or following web links from untrusted sources.

Meanwhile, some security experts were urging system administrators to take the unusual step of installing an unofficial patch created at the weekend by Ilfak Guilfanov, a Russian computer programmer.

Concerns remain that without an official patch, many corporate information technology systems could remain vulnerable as employees trickle back to work after the holiday weekend.

“We’ve received many e-mails from people saying that no one in a corporate environment will find using an unofficial patch acceptable,” wrote Tom Liston, a researcher at the Internet Storm Center, an antivirus research group. Both ISC and F-Secure have endorsed the unofficial fix.

Microsoft routinely identifies or receives reports of security weaknesses but most such vulnerabilities are limited to a particular version of the Windows operating system or other piece of Microsoft software. In recent weeks, the company has been touting its progress in combating security threats.

The company could not be reached on Monday for comment.


TOPICS: Extended News; Technical
KEYWORDS: backdoor; exploit; getamac; internetexploiter; lookoutexpress; lowqualitycrap; malware; microsoft; patch; security; securityflaw; spyware; trojam; trojan; userfriendly; virus; virusbait; viruses; vulnerability; windows; wmf; worm
Navigation: use the links below to view more comments.
first previous 1-20 ... 101-120121-140141-160 ... 201-205 next last
To: oceanview
what's the bug? does it only affect web images loaded into Internet Explorer, or is any browser vulnerable?

Since it's a vulnerability built into the GDI, which is the graphics interface, it would probably not matter what program actually displays the infected image file.

Mark

121 posted on 01/02/2006 7:02:17 PM PST by MarkL (When Kaylee says "No power in the `verse can stop me," it's cute. When River says it, it's scary!)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Cementjungle

Must be hard on your mouse.


122 posted on 01/02/2006 7:04:51 PM PST by SlowBoat407 (The best stuff happens just before the thread snaps.)
[ Post Reply | Private Reply | To 64 | View Replies]

To: SlowBoat407

Or, if you don't feel like upgrading.

http://www.ugo.com/channels/games/features/switch/media/switch.mov


123 posted on 01/02/2006 7:07:01 PM PST by PetiteMericco
[ Post Reply | Private Reply | To 120 | View Replies]

To: Decepticon
Errr, I thought the flaw was in .wmv files, quit downloading porn and music files until the patch comes out.....problem solved.

jpgs, gifs, bmps are all possible carriers. Just going to a web site could possibly infect your computer.

Mark

124 posted on 01/02/2006 7:08:38 PM PST by MarkL (When Kaylee says "No power in the `verse can stop me," it's cute. When River says it, it's scary!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: M-cubed

What's throwing you off about the term? "Publish" in this context means nothing more than distributing. They can make a download available via a website or Bittorrent, and that counts as publishing.


125 posted on 01/02/2006 7:10:26 PM PST by Terpfen (Miami goes 9-7! Go Saban!)
[ Post Reply | Private Reply | To 38 | View Replies]

To: PetiteMericco
Hm, ignorance is spending $1999 for a Mac when I can build a computer for $600 that will do everything a Mac does PLUS play games.

Sorry, I don't play games... and my G5 did not cost me $1999.

Just more ignorance from someone who has never really used a Mac... probably never even touched one.

126 posted on 01/02/2006 7:11:59 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 119 | View Replies]

To: Swordmaker
Sorry, I don't play games...

A good thing for you, because if you wanted to, you'd have to build a PC--like everyone else on the planet.

and my G5 did not cost me $1999.

It will when you have to throw it in the trash and buy a new one when the technology becones outdated.

127 posted on 01/02/2006 7:20:40 PM PST by PetiteMericco
[ Post Reply | Private Reply | To 126 | View Replies]

To: Swordmaker
Just more ignorance from someone who has never really used a Mac... probably never even touched one.

Sorry, Mac Fanboy--every public school in the US uses Mac. So yes, I learned how to use one. Too bad it's now wasted knowledge in my brain.

128 posted on 01/02/2006 7:21:42 PM PST by PetiteMericco
[ Post Reply | Private Reply | To 126 | View Replies]

To: Swordmaker

Well, considering there are probably only five Windows PCs in the entire world that aren't already laden with viruses and spyware, how much difference can this make?


129 posted on 01/02/2006 7:23:54 PM PST by Richard Kimball (Tenure is the enemy of excellence.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker
No, just more of the same old same old.

LOL

130 posted on 01/02/2006 7:28:50 PM PST by CheneyChick
[ Post Reply | Private Reply | To 89 | View Replies]

To: Swordmaker
Apparently any application that uses the Windows dispay graphic DLLs is vulnerable.

How is this in relation to the HTML standards? If it goes back to Pre-95 Windows, this could be a serious flaw which could eventually be used to affect another OSs developed since then.

131 posted on 01/02/2006 7:29:55 PM PST by Paul C. Jesup
[ Post Reply | Private Reply | To 15 | View Replies]

To: PetiteMericco
Sorry, Mac Fanboy--every public school in the US uses Mac. So yes, I learned how to use one. Too bad it's now wasted knowledge in my brain.

Sorry, Petite, but unless you graduated from public school in the last four years, you have not used Macintosh OSX. And even then I doubt it.

There is NO relationship between OSX and its predecessors other than name. Keep demonstrating your ignorance. Shall I base my opinion of Windows XP on Windows 95? or even Windows 98?

I have not denigrated you by calling you names... but you immaturely insist on using slurs such as "Mac Fan Boy" in your posts to me. I assure you I am a long way from a "boy" and I make my living working on your vaunted PCs, fixing the numerous ailments they come down with. Intimate involvement with PCs for over 22 years has taught me far more of their shortcomings than your posts ever will. Nor will your postings change my mind about the relative merits of Windows and Macintosh... because I am not ignorant of either platform... because, by spouting myths, you keep demonstrating you do not have the experience with Macintosh to qualify to have an opinion.

132 posted on 01/02/2006 7:47:26 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 128 | View Replies]

To: Decepticon
Errr, I thought the flaw was in .wmv files, quit downloading porn and music files until the patch comes out.....problem solved.

Absolutely NOT true. Sites like FreeRepublic could easily become vectors for this type of attack. Any troll from DU could post an image that was infected. The preceeding image is not, to the best of my knowledge infected, but there is nothing stopping such a troll from posting a link here, and *poof*, you're infected (if you're running windows and IE).

133 posted on 01/02/2006 7:47:52 PM PST by zeugma (Warning: Self-referential object does not reference itself.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Paloma_55
The only reason MACs don't have viruses is that nobody targets them.

I just knew if I scrolled down this thread a while, I'd see exactly this bit of fud thrown out.

Fortunately, I have a reply that I've previously written to counter this silly FUD.


Why bother writing a virus for 3% of the US computer market?

Oh, I don't know. Perhaps as someone else already said on this thread, it might be done for the bragging rights of having created the first successful virus/worm to attack Macs.

I've seen this charge that the small market share that Mac and Linux have is what keeps them safe. It is repeated often enough and seems reasonable enough until you actually look at the history of some other worms/viruses.

Consider: the spread of the Witty Worm.

Quoth the poster:

Witty infected only about a tenth as many hosts than the next smallest widespread Internet worm. Where SQL Slammer infected between 75,000 and 100,000 computers, the vulnerable population of the Witty worm was only about 12,000 computers. Although researchers have long predicted that a fast-probing worm could infect a small population very quickly, Witty is the first worm to demonstrate this capability. While Witty took 30 minutes longer than SQL Slammer to infect its vulnerable population, both worms spread far faster than human intervention could stop them. In the past, users of software that is not ubiquitously deployed have considered themselves relatively safe from most network-based pathogens. Witty demonstrates that a remotely accessible bug in any minimally popular piece of software can be successfully exploited by an automated attack.

I suspect there are more than 12,000 Linux and/or Mac hosts out there on the internet.

Also, consider that the folks who were hit with this were also among the more security-concious users:

The vulnerable host population pool for the Witty worm was quite different from that of previous virulent worms. Previous worms have lagged several weeks behind publication of details about the remote-exploit bug, and large portions of the victim populations appeared to not know what software was running on their machines, let alone take steps to make sure that software was up to date with security patches. In contrast, the Witty worm infected a population of hosts that were proactive about security -- they were running firewall software. The Witty worm also started to spread the day after information about the exploit and the software upgrades to fix the bug were available.

Show me a successful worm/virus against Macs and I'll listen. Until then, your talking point is FUD.

35 posted on 04/08/2005 10:35:22 PM CDT by zeugma (Come to the Dark Side...... We have cookies! (Made from the finest girlscouts!))

134 posted on 01/02/2006 7:50:04 PM PST by zeugma (Warning: Self-referential object does not reference itself.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: Swordmaker
Sorry, Petite, but unless you graduated from public school in the last four years, you have not used Macintosh OSX.

And I don't intend to, either. Because you see, my PC does everything your Mac does, twice as fast and at a fraction of the cost--and with the truckload of cash I saved, I can buy a plasma screen TV.

Have a nice day.

135 posted on 01/02/2006 7:51:28 PM PST by PetiteMericco
[ Post Reply | Private Reply | To 132 | View Replies]

To: Swordmaker
"but you immaturely insist on using slurs such as "Mac Fan Boy" in your posts to me'

Slur? Was something I said about your seemingly inordinate attachment to an overpriced teal plastic boat anchor factually incorrect?

136 posted on 01/02/2006 7:55:50 PM PST by PetiteMericco
[ Post Reply | Private Reply | To 132 | View Replies]

To: LiveFreeOrDie2001
Soooooooooo, When a pic displays on the monitor like the ones we see on our FR pages, that could give us the vulnerability...???

Yes. Windows users live on the good graces of hackers. We are so lucky that the vast majority of worms and viruses so far have been much more intent on spreading than actually causing harm.

It's a frightening thought actually.

137 posted on 01/02/2006 7:57:15 PM PST by zeugma (Warning: Self-referential object does not reference itself.)
[ Post Reply | Private Reply | To 57 | View Replies]

To: zeugma
Perhaps as someone else already said on this thread, it might be done for the bragging rights of having created the first successful virus/worm to attack Macs.

Hm, you can't exactly brag about doing something illegal like writing viruses when the bragging will send you to jail.

Duh.

138 posted on 01/02/2006 7:57:42 PM PST by PetiteMericco
[ Post Reply | Private Reply | To 134 | View Replies]

To: PetiteMericco
Hm, you can't exactly brag about doing something illegal like writing viruses when the bragging will send you to jail.

Duh.

You do among a community of fellow punks, delinquents, hackers and code kiddies who think it's just "swell" to bring down commerce, defense, and health care systems.

Duh.

139 posted on 01/02/2006 8:01:36 PM PST by SlowBoat407 (The best stuff happens just before the thread snaps.)
[ Post Reply | Private Reply | To 138 | View Replies]

To: Decepticon; Swordmaker
Let's see....you don't use a PC, you're a Mac fan and you like to post threads like this just to harangue PC users....does that about cover it?

If you look at the history of such things, you'll find that swordmaker, and others who regularly post on these tech threads also post for vulnerabilities in open source software as well. The idea is to let people know the vulnerabilities exist, so they can take appropriate actions.

140 posted on 01/02/2006 8:02:32 PM PST by zeugma (Warning: Self-referential object does not reference itself.)
[ Post Reply | Private Reply | To 96 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 101-120121-140141-160 ... 201-205 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson