Posted on 01/03/2006 11:42:23 AM PST by HAL9000
Excerpt -
NEW YORK -(Dow Jones)- Microsoft Corp. (MSFT) plans to release a patch for a new security flaw at its next scheduled update release on Jan. 10, leaving users largely unprotected until then from a rapidly spreading computer virus strain."Microsoft's delay is inexcusable," said Alan Paller, director of research at computer security group SANS Institute. "There's no excuse other than incompetence and negligence."
"It's a problem that there's no known solution from Microsoft," said Alfred Huger, senior director of engineering at Symantec Corp.'s (SYMC) security response team.
SANS Institute, via its Internet Storm Center, has taken the unusual step of releasing its own patch for the problem until a Microsoft-approved fix is available. "It's not something we like to do," said Paller.
The Internet Storm Center, which tracks viruses and other outbreaks on the Web, increased the threat level to "yellow" - a warning that means a significant new threat is developing.
[snip]
(Excerpt) Read more at nasdaq.com ...
"FreeRepublic is already doing it's part to improve security by running on a Linux server. "
Linux servers won't pass the infected pictures ?
The problem is that the suffix doesn't matter. The Windows Media File nature of the file is embedded in the file header, not discerned via the extension. A snoopy application that decides for itself is going to find those WMF files. It if happens on an exploit, you pay the consequences.
ANY web server can pass the infected files. You will happily pull it right through your firewall via port 80. Once on the disk, your operating system/applications will dictate what happens next. The exploit wasn't targeted at Linux applications/shared libraries...yet. Given all the effort at compatibility to view multi-media files, it is just a matter of time before such an exploit happens. Windows is just a much bigger target.
Ha, does anyone see a parallel here: relying on Microsoft to provide the patch is like
- relying on the police to protect individual citizens
- relying on government to protect the border
??
You can disable showing images on your own PC, and it would govern all pictures on all sites. Open internet explorer, move your mouse pointer to TOOLS, INTERNET OPTIONS. Select the ADVANCED tab. Scroll down to MULTIMEDIA and deselect SHOW PICTURES.
When the threat of this virus has passed, you can reverse the procedure and reselect SHOW PICTURES.
They can - but it's unlikely that most of the images hosted on FR would contain a virus.
One potential problem area could be in FR's Caption This Image section, where anyone could upload an infected image. But I think John R. has coded some restrictions in that feature to prevent embedding of those images in other web pages.
Most images seen on FR are actually hosted on a different server, which may or may not be running Linux.
Ilfac Guilfanov, who wrote the patch, is somewhat well known as the author of Interactive Disassembler Pro. According to the f-secure weblog, Guilfanov is "arguably one of the best low-level Windows experts in the world."
He is not making money from his patch, but if it causes problems, his reputation will certainly suffer. Steve Gibson of Gibson Research Center, a long time programmer and all-around old computer pro, has examined Guilfanov's code and even spoke with Guilfanov to help him modify the code for Windows 2000. Gibson is very impressed with the quality of the patch. Programmer/author Tom Liston of SANS says that he has gone through the patch and found that it does only what it is supposed to do.
Obviously Guilfanov's patch is riskier than Microsoft's patch will be, but if Microsoft is really going to wait until the 10th without even releasing even a beta patch...
Hmmmm. I'm not so sure.
expecting ANY vendor to honor a warranty on a product it has sold. Crispy fries from McDonalds. Fresh ice cream from Dairy Queen. Safe tires from Firestone.
- relying on the police to protect individual citizens
- relying on government to protect the border
Government is full of politicians. They are experienced weasels at avoiding responsibility. The courts have already ruled that police have no duty to protect citizens. The federal government has clearly failed in its responsibility to protect the U.S. border.
Gibson is a good guy, but his efforts to improve Windows are quixotic.
No, just don't look at the WMF files....point of posting it was that Microsoft was saying that you are OK as long as you don't use some of the facilities they have provided,,,till they finally get around to fixing the problem.....just trust them.
Lot of words for sure.
I'm not sure that Gibson is really "attempting to improve Windows" here, so much as doing what he usually does, saving people from computer disasters. His SpinRite program certainly saved me in the bad old computer days. I probably would have installed the patch on my Windows boxes even without his recommendation, but he made the decision easy.
I know. I read it a couple of days ago and got a cramp laughing so hard. I was just joshing you...
Welcome to the flock!!
Tux Lives!!!
I agree!
Did I describe it accurately....?
What a piece of corporate BS....
Google's timing might be good:
And now, for Google's next trick ... Google PC??....GoogleOS???
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.