Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Microsoft To Patch Windows on January 10th; Attack Spreads
Dow Jones News Service (excerpt) ^ | January 3, 2006 | Chris Reiter

Posted on 01/03/2006 11:42:23 AM PST by HAL9000

Excerpt -

NEW YORK -(Dow Jones)- Microsoft Corp. (MSFT) plans to release a patch for a new security flaw at its next scheduled update release on Jan. 10, leaving users largely unprotected until then from a rapidly spreading computer virus strain.

"Microsoft's delay is inexcusable," said Alan Paller, director of research at computer security group SANS Institute. "There's no excuse other than incompetence and negligence."

"It's a problem that there's no known solution from Microsoft," said Alfred Huger, senior director of engineering at Symantec Corp.'s (SYMC) security response team.

SANS Institute, via its Internet Storm Center, has taken the unusual step of releasing its own patch for the problem until a Microsoft-approved fix is available. "It's not something we like to do," said Paller.

The Internet Storm Center, which tracks viruses and other outbreaks on the Web, increased the threat level to "yellow" - a warning that means a significant new threat is developing.

[snip]


(Excerpt) Read more at nasdaq.com ...


TOPICS: News/Current Events; Technical
KEYWORDS: backdoor; exploit; getamac; internetexploiter; lookoutexpress; lowqualitycrap; malware; microsoft; msn; patch; securityflaw; spamware; spyware; trojan; userfriendly; virus; virusbait; windows; wmf
Navigation: use the links below to view more comments.
first previous 1-2021-4041-53 last
To: Al Gator
As of last night, I put on my RED HAT, went ROOT, and tipped my FEDORA and left the windows world far behind.

Welcome to the club. FReedom is a wonderful thing. I haven't booted into winders in over a year, it's still on my HD and GRUB lists it as an option, but I haven't had the need.

I guess I could wipe it and use the space for something usefull.

Life is nice, isn't it. :-)

41 posted on 01/03/2006 5:12:01 PM PST by AFreeBird (your mileage may vary)
[ Post Reply | Private Reply | To 8 | View Replies]

To: AFreeBird

Oh man, I'm just lovin the s**t outta this!

ROOT just gave Billy the BOOT!

Puns definitely intended!


42 posted on 01/03/2006 6:00:30 PM PST by Al Gator (Remember to pillage BEFORE you burn!)
[ Post Reply | Private Reply | To 41 | View Replies]

To: HAL9000

That's what I thought - which is why your original statement - "FreeRepublic is already doing it's part to improve security by running on a Linux server. " - adds nothing to the thread but might conversely give users a false sense of security.


43 posted on 01/03/2006 7:26:47 PM PST by RS (Just because they are out to get him doesn't mean he is not guilty)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Al Gator
Have you tried Flightgear yet? A nice flight sim. The helo is a bit of a *itch, but the jets are cool. Try out the T38 and fly the grand canyon.
44 posted on 01/03/2006 7:47:50 PM PST by AFreeBird (your mileage may vary)
[ Post Reply | Private Reply | To 42 | View Replies]

To: RS
That's what I thought - which is why your original statement - "FreeRepublic is already doing it's part to improve security by running on a Linux server. " - adds nothing to the thread but might conversely give users a false sense of security.

If Free Republic was hosted on Windows servers, it would be a magnet for viruses and hackers. Thanks to Linux hosting, the main threat here seems to be operatives like MD4Bush.

The current problem must be resolved at the operating system level, and Microsoft is doing a lousy job getting it fixed.

I found some distributions of the text-only Lynx web browser for Win32. If I used Windows, I'd be testing that browser right now. It can't display images at all, so it ignores links to images.

45 posted on 01/03/2006 8:19:07 PM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 43 | View Replies]

To: HAL9000

"If I used Windows, I'd be testing that browser right now. It can't display images at all, so it ignores links to images."
Kind of a long way around just turning off images isn't it ?


"The current problem must be resolved at the operating system level, and Microsoft is doing a lousy job getting it fixed."

Yep - ... lousy job - but various quotes from the isc website -

"we can't vouch for any special software you might have in your own systems that could be disabled after the patch is installed."

"If you want to experiment with another file submitted to us..." EXPERIMENT ?

"We have pulled the .msi that we posted earlier due to some issues with the file. "

Seems to show that these guys just toss things out there - after all, it's YOUR system they are screwing with. How much can you sue them for if their patch burns your system ?


46 posted on 01/03/2006 9:24:20 PM PST by RS (Just because they are out to get him doesn't mean he is not guilty)
[ Post Reply | Private Reply | To 45 | View Replies]

To: HAL9000
I hope the new Version of Norton gets here soon.

Has anyone downloaded and tried the 'Windows Live Safety Center' Beta? If so, what do you think of it?

We already have 'Microsoft AntiSpyWare' installed, so far it has not found a thing.

47 posted on 01/03/2006 9:37:07 PM PST by Dustbunny (My goal in life is to be as good of a person my dogs already think I am.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: RS
Kind of a long way around just turning off images isn't it ?

It's an alternative to the "Suggested Actions" listed above in the Microsoft Security Advisory. It avoids the need to un-register the Windows Picture and Fax Viewer (Shimgvw.dll) until the patch is issued.

Lynx is a good web browser for security and privacy purposes, or for low-bandwidth connections. It's not ideal for casual browsing, but it's a useful tool to have sometimes - like right now for Windows.

48 posted on 01/03/2006 10:00:28 PM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 46 | View Replies]

To: HAL9000

"It avoids the need to un-register the Windows Picture and Fax Viewer (Shimgvw.dll) until the patch is issued."

Actually that 10-second "fix" worked fine, and I never liked that thumbnail crap anyway - I'll leave it off.


49 posted on 01/03/2006 10:10:39 PM PST by RS (Just because they are out to get him doesn't mean he is not guilty)
[ Post Reply | Private Reply | To 48 | View Replies]

To: HAL9000

I've installed Guilfanov's patch from grc.com on four XP Pro boxes so far, and not one of them has exploded.


50 posted on 01/03/2006 10:15:36 PM PST by TChad
[ Post Reply | Private Reply | To 1 | View Replies]

To: TChad
I've installed Guilfanov's patch from grc.com on four XP Pro boxes so far, and not one of them has exploded.

It seems risky. Do you know how to uninstall it before the next the Windows Automatic Update? And why does Guilfanov's home page say "Account for domain hexblog.com has been suspended"?

51 posted on 01/03/2006 11:05:02 PM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 50 | View Replies]

To: HAL9000; TChad
"It seems risky. Do you know how to uninstall it before the next the Windows Automatic Update? "

Excellent point ... and we know when the EXPECTED update is, but what will happen if the patch is in there and Microsoft comes out with it's fix sooner and releases it in it's automatic updates early ?

If bad things happen I suppose you could complain to Guilfanov, when his website comes back to life.
52 posted on 01/04/2006 7:39:41 AM PST by RS (Just because they are out to get him doesn't mean he is not guilty)
[ Post Reply | Private Reply | To 51 | View Replies]

To: HAL9000
It seems risky. Do you know how to uninstall it before the next the Windows Automatic Update?

It shows up in Add-Remove Programs.

And why does Guilfanov's home page say "Account for domain hexblog.com has been suspended"?

According to Steve Gibson:
"Ilfak Guilfanov's original 'HexBlog' web site was administratively suspended due to excessive use. (Yeah, no kidding!) He has moved his site and changed its IP address. However, a day or two may be required before Ilfak's new site is accessible under its old name (http://www.hexblog.com/)."

Here is the GRC.com link for patch download:

http://www.grc.com/sn/notes-020.htm

53 posted on 01/04/2006 4:07:21 PM PST by TChad
[ Post Reply | Private Reply | To 51 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-53 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson