Posted on 01/03/2006 11:42:23 AM PST by HAL9000
Excerpt -
NEW YORK -(Dow Jones)- Microsoft Corp. (MSFT) plans to release a patch for a new security flaw at its next scheduled update release on Jan. 10, leaving users largely unprotected until then from a rapidly spreading computer virus strain."Microsoft's delay is inexcusable," said Alan Paller, director of research at computer security group SANS Institute. "There's no excuse other than incompetence and negligence."
"It's a problem that there's no known solution from Microsoft," said Alfred Huger, senior director of engineering at Symantec Corp.'s (SYMC) security response team.
SANS Institute, via its Internet Storm Center, has taken the unusual step of releasing its own patch for the problem until a Microsoft-approved fix is available. "It's not something we like to do," said Paller.
The Internet Storm Center, which tracks viruses and other outbreaks on the Web, increased the threat level to "yellow" - a warning that means a significant new threat is developing.
[snip]
(Excerpt) Read more at nasdaq.com ...
Welcome to the club. FReedom is a wonderful thing. I haven't booted into winders in over a year, it's still on my HD and GRUB lists it as an option, but I haven't had the need.
I guess I could wipe it and use the space for something usefull.
Life is nice, isn't it. :-)
Oh man, I'm just lovin the s**t outta this!
ROOT just gave Billy the BOOT!
Puns definitely intended!
That's what I thought - which is why your original statement - "FreeRepublic is already doing it's part to improve security by running on a Linux server. " - adds nothing to the thread but might conversely give users a false sense of security.
If Free Republic was hosted on Windows servers, it would be a magnet for viruses and hackers. Thanks to Linux hosting, the main threat here seems to be operatives like MD4Bush.
The current problem must be resolved at the operating system level, and Microsoft is doing a lousy job getting it fixed.
I found some distributions of the text-only Lynx web browser for Win32. If I used Windows, I'd be testing that browser right now. It can't display images at all, so it ignores links to images.
"If I used Windows, I'd be testing that browser right now. It can't display images at all, so it ignores links to images."
Kind of a long way around just turning off images isn't it ?
"The current problem must be resolved at the operating system level, and Microsoft is doing a lousy job getting it fixed."
Yep - ... lousy job - but various quotes from the isc website -
"we can't vouch for any special software you might have in your own systems that could be disabled after the patch is installed."
"If you want to experiment with another file submitted to us..." EXPERIMENT ?
"We have pulled the .msi that we posted earlier due to some issues with the file. "
Seems to show that these guys just toss things out there - after all, it's YOUR system they are screwing with. How much can you sue them for if their patch burns your system ?
Has anyone downloaded and tried the 'Windows Live Safety Center' Beta? If so, what do you think of it?
We already have 'Microsoft AntiSpyWare' installed, so far it has not found a thing.
It's an alternative to the "Suggested Actions" listed above in the Microsoft Security Advisory. It avoids the need to un-register the Windows Picture and Fax Viewer (Shimgvw.dll) until the patch is issued.
Lynx is a good web browser for security and privacy purposes, or for low-bandwidth connections. It's not ideal for casual browsing, but it's a useful tool to have sometimes - like right now for Windows.
"It avoids the need to un-register the Windows Picture and Fax Viewer (Shimgvw.dll) until the patch is issued."
Actually that 10-second "fix" worked fine, and I never liked that thumbnail crap anyway - I'll leave it off.
I've installed Guilfanov's patch from grc.com on four XP Pro boxes so far, and not one of them has exploded.
It seems risky. Do you know how to uninstall it before the next the Windows Automatic Update? And why does Guilfanov's home page say "Account for domain hexblog.com has been suspended"?
It shows up in Add-Remove Programs.
And why does Guilfanov's home page say "Account for domain hexblog.com has been suspended"?
According to Steve Gibson:
"Ilfak Guilfanov's original 'HexBlog' web site was administratively suspended due to excessive use. (Yeah, no kidding!) He has moved his site and changed its IP address. However, a day or two may be required before Ilfak's new site is accessible under its old name (http://www.hexblog.com/)."
Here is the GRC.com link for patch download:
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.