Posted on 01/02/2006 3:54:03 PM PST by Swordmaker
Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.
The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers.
“The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.”
The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week. But the potential for damaging attacks increased dramatically at the weekend after a group of computer hackers published the source code they used to exploit it. Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image.
“We haven’t seen anything that bad yet, but multiple individuals and groups are exploiting this vulnerability,” Mr Hyppönen said. He said that every Windows system shipped since 1990 contained the flaw.
Microsoft said in a security bulletin on its website that it was aware that the vulnerability was being actively exploited. But by early yesterday, it had not yet released an official patch to correct the flaw. “We are working closely with our antivirus partners and aiding law enforcement in its investigation,” the company said. In the meantime, Microsoft said it was urging customers to be careful opening e-mail or following web links from untrusted sources.
Meanwhile, some security experts were urging system administrators to take the unusual step of installing an unofficial patch created at the weekend by Ilfak Guilfanov, a Russian computer programmer.
Concerns remain that without an official patch, many corporate information technology systems could remain vulnerable as employees trickle back to work after the holiday weekend.
“We’ve received many e-mails from people saying that no one in a corporate environment will find using an unofficial patch acceptable,” wrote Tom Liston, a researcher at the Internet Storm Center, an antivirus research group. Both ISC and F-Secure have endorsed the unofficial fix.
Microsoft routinely identifies or receives reports of security weaknesses but most such vulnerabilities are limited to a particular version of the Windows operating system or other piece of Microsoft software. In recent weeks, the company has been touting its progress in combating security threats.
The company could not be reached on Monday for comment.
Can't take credit for this one, g_w...just passing on info that proved useful to me.
I have changed Computer systems five time now... each time going with the one I researched and found to be the best... and most on the cutting edge.
If something better comes along I would most likely go with it. As to teaching you, you think you know everything so there is nothing left to teach you... but you are blissful in your total ignorance. In every post you dig your hole of Mac ignorance deeper and deeper. You also seem to think that we are Windows ignorant. As I told you I make my living fixing ailing Windows computers... I have the experience in Multiple platforms that you totally lack and demonstrate with each utterance.
"The only reason MACs don't have viruses is that nobody targets them.
Software is software. If someone wanted to exploit the MACOS, they could."
Perhaps. Another aspect to keep in mind is that the Mac OS is based on BSD, and from what i'm told, it's vastly harder to exploit BSD, in the order of several magnitudes. One would think one of these cretins would go after the Mac just because the of the Mac vs. PC stupidity prevelant everywhere these days.'
I think another key element is the stuff we're not saddled with...like Explorer and Outlook, the two favorite targets for the nasties. I know that since I switched my laptop from Explorer and Outlook to Firefox and web based e-mail, my infections have dropped to nil.
This sounds to me like I should once again be glad I still run 98 on this old jalopy.
(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")
This sounds to me like I should once again be glad I still run 98 on this old jalopy.
It seems so. However, as somebody who ran Win98 for too long, I'll recommend XP with SP2 to you. It's far more stable than Win98.
(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")
bookmark
And your point is?
(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")
I hate to break it to you, Mericco, but OSX is a great operating system. I'm posting this from a $500 computer running OSX. By the way, I'm a professional software developer on Windows and Linux. I use Windows by necessity at the office, but at home I use OSX by choice.
Another way to mitigate this is to set your PC file extensions to use notepad to open all WMF files.
And how exactly are they going to make mincemeat of application firewalls, IPS platforms and proxy devices examining your https traffic?
Thanks for the laugh.
bookmark
I'll "clue" you in:
Imagine....
Imagine no spyware - none, zilch, nada.
Imagine no adware - nothing, zero, not a single one.
Imagine no trojans.
Imagine no viruses - nothing to protect against. Imagine not even _running_ any anti-virus software on your computer.
Imagine computing for 18 years, online for 18 years, and never having had a virus, not once. Ever.
Imagine being able to read _any_ email, without fear. To visit _any_ website you wish, without fear. To look at _any_ image you wish, without fear. Imagine be able to download _anything_ you wished, and not even have to check it for infection, or worry about some hidden application buried within it, just waiting to attack your computer.
Imagine turning on your computer with the confidence that you can leave it online a day, a week, a month, and return to find it in exactly the same state - unmolested - as you left it in.
Now, STOP imagining. That's been my personal computing experience (really!) for the last 18 years online.
Impossible, you say? Not if you're using a Mac.
Granted, someone _could_ possibly concoct a virus or some other malaware for OS X. However, if it _does_ happen, it's going to be a "man bites dog" story. It'll be headlines not because it's another virus, but because there has never been an attack on OS X. And it will be dealt with quickly.
I've got a friend at work who has used computers as long (longer?) than I have, but he came from the "PC side" of things. Two of his most memorable comments to me were "it took me ten years to learn DOS", and, "I hate computers!".
I've been fooling with personal computers since 1986 (the Mac since 1987) and I _enjoy_ computers! Why is that?
Cheers!
- John
You can't encrypt your entire hard drive (unless you can boot from a CD or something) -- the system needs to run the operating system before it can get to the point of starting the crypto software.
Other than that, the downside is that you introduce some extra overhead into file access to run the encryption/decryption/wiping routines. It probably won't be noticeable unless you have a slow computer or lousy crypto software.
I gave up on Norton after spending a few hours cleaning up the mess SystemWorks 2004 made of my system.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.