Proudly Cranking Out
Low-Quality Crap
Everyday!
For a direct download link try store.apple.com
Scroll down to the listing for Downloads and disable file downloads.
So, in order to be safe, don't use your browser to download ZoneAlarm, security patches, music files, pictures or anything else.
I'm glad I don't use Microsoft anymore. This would even screw up my old habit of only using IE to download Netscape.
Those of us that have thrown off the Microsoft shackles wonder why the rest of you still put up with this crap.
Knitebane
Best internet program I have used to date.
Probably true, but it also means that Mac virii won't run on Windows. Seems logical ...
Linux runs on Intel processors and has for a long time, and if you do any sort of search on the web, you will find more Unix exploits for the script kiddies than you can shake a stick at. No operating system is hacker proof unless it is completely isolated from the outside world. Even Macs. The only reason Macs don't get hacked so much is that hackers generally hack servers, which are almost always either MS or Unix based. Apple has virtually no presence in the sever world (and yes, I was a Mac evangelist for years as I watched Apple squander every single marketing edge it had through utter, complete corporate stupidity. Now they've become a Unix box after years of inability to get a revamped Mac OS out the door. Not exactly sterling credentials there. But yeah, Macs look cool and heck, Gates never managed to get Ridley Scott to do a Windows commercial, so Apple gets points for that.)
Here is what the Newsbytes article says:
Microsoft [NASDAQ:MSFT] will patch a flaw in its Web browser that could allow an attacker to silently download and execute malicious programs on the computers of users who view a specially constructed Web page or e-mail message.
But when you go to the web site that describes the bug, it says this:
A piece of HTML can be used to cause a normal download dialog to pop up. The dialog would prompt the user to choose whether he/she wants to "open this file from its current location" or "save this file to disk". The file name and extension may be anything the malicious website administrator (or a user having access there) wishes, e.g. README.TXT, index.html, or sample.wav. If the user chooses the first alternative, "open the file from its current location", an .EXE application is actually run without any further dialogs.
So, the article says that the attacker can "silently download and execute malicious programs" - that's not true. The web site it references says that IE will first pop up a dialog and ask you whether you want to open the download or save it to disk. It's not silent - it asks first.
If you are a fool, and choose to open the download it without examining what you downloaded first, you get bit.
The real bug is that it apparently displays a spoofed filename in the dialog. But it doesn't silently download anything as the article says - am I reading this wrong?
If you buy products from a vertical trust, you can expect low quality products.
I am proud that the rock-ribbed Republican State of Kansas of which I am a resident is still pursuing the break-up or at least severe legal restraint of Microsoft. I suggest that all lovers of the free market read the history of the trusts, and observe that Microsoft, like the trusts of the 19th century could not have obtained its dominant market position nor pursued it's vertical trust strategy without use of state power: gov't standardization, extreme applications of intellectual property law,...
For those who do not think MS is a trust, I suggest studying the Guggenheims' business strategy, not the Rockerfellers'. MS is a vertical trust like the Guggenheims' metals business, not a horizontal trust like Standard Oil.
It's bad enough when the geeks start making up words, but when the "journalists" start printing their silly improper slang as if it were correct, it drives me nuts.
MICROSOFT SSSUUUCCCKKKSSS!!!!!!
Security Note: File extensions spoofable in MSIE download dialog
OVERVIEW
Oy Online Solutions Ltd's security experts have found a flaw in Microsoft Internet Explorer that allows a malicious website to spoof file extensions in the download dialog to make an executable program file look like a text, image, audio, or any other file. If the user chooses to open the file from its current location, the executable program will be run, circumventing Security Warning dialogs, and the attacker could gain control over the user's system.
A piece of HTML can be used to cause a normal download dialog to pop up. The dialog would prompt the user to choose whether he/she wants to "open this file from its current location" or "save this file to disk". The file name and extension may be anything the malicious website administrator (or a user having access there) wishes, e.g. README.TXT, index.html, or sample.wav. If the user chooses the first alternative, "open the file from its current location", an .EXE application is actually run without any further dialogs. This happens even if downloading a normal .EXE file from the server causes a Security Warning dialog.
The user has no way of detecting that the file is really an .EXE program and not a text, html, or other harmless file. The program could quietly backdoor or infect the user's system, and then pop up a window which does what the user expected, ie. show a text document or play an audio file.
No active scripting is necessary in order to exploit the flaw. The malicious website can be refered e.g. in an iframe, in a normal link, or by javascript.
DETAILS
The flaw is in the way Internet Explorer processes certain kind of URLs and HTTP headers. No further technical details are disclosed this time, as there is no proper workaround and the vulnerability could be relatively easily and unnoticeably exploited to spread virii, install DDoS zombies or backdoors, format harddisks, and so on.
The flaw has been successfully exploited with Internet Explorer 5.5 and 6. An IE5 with the latest updates shows the spoofed file name and extension without a sign of EXE, and issue no Security Warning dialog after the file download dialog.
Internet Explorer 6 is exploitable in a slightly different way, but the effect is the same. The user gets a download dialog with the spoofed file name and extension, and can choose between "Open" and "Save". Opening the file causes the program to be run.
Older versions such as IE5.0 behave somewhat differently. The dialog indicates the user is about to execute an application; the dialog has the word "execute" instead of "open", and a Security Warning dialog appears after choosing "execute". It still shows the spoofed file name and extension instead of "EXE".
Any way to skip all dialogs, ie. to run an application without ANY dialog with this vulnerability has NOT been found. In all variations of the exploit there is always the normal file download dialog, but the following Security Warning dialog is skipped.
Technical details of the vulnerability will be revealed later.
WORKAROUNDS
Opening a file type previously considered safe, e.g. plain text or HTML file isn't safe with IE. Users of the browser should avoid opening files directly and save them to disk instead (if opening them is necessary at all). If this flaw is being exploited, the file save dialog will reveal that the file is actually an executable program. Dealing with files from an untrusted source isn't advisable anyway. Another workaround is switching to another browser such as Opera or Netscape which don't seem to have this vulnerability.
VENDOR STATUS
Microsoft was contacted on November 19th. The company doesn't currently consider this is a vulnerability; they say that the trust decision should be based on the file source and not type. The origin of the file, ie. the web server's hostname can't be spoofed with this flaw. It's not known whether a patch is going to be produced. Microsoft is currently investigating the issue.
Every fix-it patch creates major disruption to my computer.
I just spent two days helping a neighbor get her "plug it in and it works" IMAC, with MAC OS 9.x, to do the most basic of things, such as printing to her Hewlett Packard inkjet printer. Someone had put Netscape on it, and printing from Netscape scrambled the HP drivers. The only way I could get it to work was to remove Netscape and go with Microsoft's Internet Explorer.
MAC OS, through the 9-series (not including NeXSTEP/OPENSTEP/Rhapsody/OSX), is quite possibly the WORST operating system and graphical user interface ever conceived by the mind of man. How do you explain to a little old lady that there is a layer of abstraction between an application and a window, so that closing a window does NOT close the underlying application? If you close a window in MAC 9.x, without closing the underlying application, you can't get a new window for the application without forcing one open, via e.g. the keyboard shortcut CMD-n.
If a user double clicks an icon on the desktop to launch, say, a web browser, closes the window of the web browser, then double clicks the icon again, NOTHING HAPPENS!!! The user has to hit CMD-n to force open a new window! This is insane! What's worse, if the user doesn't double click the icon the second time, but only single clicks it (MANY users can't click fast enough to get a good double click) and hits CMD-n, then instead of getting a new window for the web browser, the user gets a new empty folder on the desktop (because the single click, in place of the double click, highlighted the desktop, NOT the icon)!!!
MAC OS 9.x is utter and complete garbage.
[And MAC users are real idiots. I once spent a whole morning on an emergency service call because a user couldn't find one of her applications. Turns out she had dragged a folder inside of itself - so the application was one layer deep than normal.]
The logical thing would to switch to Netscape, Apache, and use Eudora or Pegasus e-mail cliehts.
But are people going to do that? Nope, they are going to keep complaining everytime they get hacked or have something destroyed, because like the good sheeple they are, they will keep coming back to MS.
If people left in droves, I guarantee MS would start taking security and bugs a little more serious.
Certain groups are now placing Usenet postings which are actually self extracting executables. When downloaded in any IE greater than 4.0, the program executes in two parts...one, the harmless HTML based page the user expects, and Secondly, executes a back door Trojan.
Obviously a problem.
We have six year old ACER with such limited resourses that it will only take IE 4.0...and the warning box about Downloading an executable file and asking if you want to download it to, say a ZIP [tm] Disk for virus analysis, pops up every time!!
On our other machines, IE 5.0+ is installed, and Norton Antivirus has Quarantined a bunch of them.
I am rapidly becoming disaffected with Microsoft products...BUT, IMHO, LINUX isn't ready for Prime Time yet.