777DadandJr
Topic Author
Posts: 1484
Joined: Wed Feb 09, 2005 7:37 am

Biggest Windows Threat To Date

Wed Jan 04, 2006 12:46 am

Just read this release about what could amount to the biggest security threat to Windows PC's to date.

http://news.ft.com/cms/s/0d644d5e-7bb3-11da-ab8e-0000779e2340.html

Will this madness never end?

Russ
My glass is neither 1/2 empty nor 1/2 full, rather, the glass itself is twice as big as it should be.
 
KROC
Posts: 18919
Joined: Mon May 08, 2000 11:19 am

RE: Biggest Windows Threat To Date

Wed Jan 04, 2006 12:55 am

Lets face it, there will never be a perfect operating system. Like the article said, Windows because of its size and prestige is a favorite target of hackers, so no matter what improvements Microsoft makes, there are thousands of people out there trying to find some way to get through all the new security protection and they will. Whats important is the rapid response to threats.
 
ctbarnes
Posts: 3269
Joined: Thu Mar 30, 2000 2:20 pm

RE: Biggest Windows Threat To Date

Wed Jan 04, 2006 12:57 am

I heard about this on NPR a few days ago. They also interviewed someone from McAfee who said the threat can be minimized by keeping your antivirus and anti-spyware software up to date, as these software companies have now put out virus and/or spyware definitions to identify and trap them.

Charles, SJ
The customer isn't a moron, she is your wife -David Ogilvy
 
Klaus
Posts: 20578
Joined: Wed Jul 11, 2001 7:41 am

RE: Biggest Windows Threat To Date

Wed Jan 04, 2006 1:03 am

Quoting KROC (Reply 1):
Like the article said, Windows because of its size and prestige is a favorite target of hackers, so no matter what improvements Microsoft makes, there are thousands of people out there trying to find some way to get through all the new security protection and they will.

No. Windows has >10000 active threats because it's a house of cards. That it's a house of cards in a very exposed place just makes it a bit worse than it would be anyway.

And this is a duplicate thread: http://www.airliners.net/discussions/non_aviation/read.main/1054253/

Not that the current horror didn't merit some extra attention...

[Edited 2006-01-03 17:13:08]
 
RichardPrice
Posts: 4474
Joined: Sat Apr 23, 2005 5:12 am

RE: Biggest Windows Threat To Date

Wed Jan 04, 2006 1:17 am

Quoting Ctbarnes (Reply 2):
I heard about this on NPR a few days ago. They also interviewed someone from McAfee who said the threat can be minimized by keeping your antivirus and anti-spyware software up to date, as these software companies have now put out virus and/or spyware definitions to identify and trap them.

Since this 'flaw' isnt actually a flaw at all, but a pretty much forgotten about feature of WMF files, none of the antivirus companies can do anything about it without breaking a LOT of programs that use it without knowing.

The 'issue' is that wmf files allow a callback function to be registered in the event that the image cannot be displayed (ie the file is corrupt or it uses features that arent available in the version of the parser used).

This callback function runs pretty much anything the developer wants.

Removing this feature will stop even some major internals within Windows from working, as wmf files are used all over the GUI.

I knew about this 10 years ago, Im surprised its just become an issue now.

Oh well.
 
777DadandJr
Topic Author
Posts: 1484
Joined: Wed Feb 09, 2005 7:37 am

RE: Biggest Windows Threat To Date

Wed Jan 04, 2006 1:30 am

Quoting Klaus (Reply 3):
And this is a duplicate thread: Why I Am Glad I Have A Mac (by APFPilot1985 Jan 3 2006 in Non Aviation)

Not that the current horror didn't merit some extra attention...

My apologies for the duplication. I guess my search wasn't specific enough.

Russ
My glass is neither 1/2 empty nor 1/2 full, rather, the glass itself is twice as big as it should be.
 
Cruiser
Posts: 920
Joined: Fri Apr 15, 2005 2:08 am

RE: Biggest Windows Threat To Date

Wed Jan 04, 2006 2:17 am

I got hit with it a couple of days ago, and I work in IT. Everything was up to date including Norton Antivirus Corporate Edition, all of my Windows Updates.

I was just browsing through a clean (you know what I mean!) link from A.net. It was some news site.

So, this is easy to get, and to be honest, there is nothing that I know of that will stop it at this time. The only thing which I have done recently was throw on Zonealarm (which I had forgotten to install when I got my latest laptop in November....it happens when you get a new one at least once a year, but usually sooner!). I am now able to block the .exe's.

Watch out for it...it sucks! It even changes your desktop to a big advertisement that you now have spyware.

James
Leahy on Per Seat Costs: "Have you seen the B-2 fly-by at almost US$1bn a copy? It has only 2 seats!"
 
Klaus
Posts: 20578
Joined: Wed Jul 11, 2001 7:41 am

RE: Biggest Windows Threat To Date

Wed Jan 04, 2006 2:26 am

The problem with this one is that a protection (other than blocking the functionality with the subsequent side effects) would require filtering every single graphic that might be embedded in any email or in any webpage that's being loaded.

It's the equivalent of a wide-open barn door, leading right to the bank vault with a neon sign pointing the way.

And it has absolutely nothing to do with the popularity of Windows: It is a severe design mistake, one of many that make Windows inherently unsafe, top to bottom.
 
yooyoo
Posts: 5686
Joined: Wed Nov 26, 2003 5:01 am

RE: Biggest Windows Threat To Date

Wed Jan 04, 2006 2:34 am

Does this have anything to do with the "SpySherif" virus/spy ware i contracted the other week?

My first in over a decade of computer use.

What a crap feeling.
I am so smart, i am so smart... S-M-R-T... i mean S-M-A-R-T
 
j_hallgren
Posts: 1427
Joined: Sun Jun 04, 2000 11:48 am

RE: Biggest Windows Threat To Date

Wed Jan 04, 2006 2:36 am

Here's some more info I found using links in stories linked above:
http://isc.sans.org/diary.php
Seems that unregistering a DLL and using a patch from some independent guy may help avoid problem until M$ patches it on Jan 10...read it for yourself...
COBOL - Not a dead language yet!
 
Cruiser
Posts: 920
Joined: Fri Apr 15, 2005 2:08 am

RE: Biggest Windows Threat To Date

Wed Jan 04, 2006 3:27 am

Quoting YooYoo (Reply 8):
Does this have anything to do with the "SpySherif" virus/spy ware i contracted the other week?

Thats the one...
Leahy on Per Seat Costs: "Have you seen the B-2 fly-by at almost US$1bn a copy? It has only 2 seats!"

Who is online

Users browsing this forum: fr8mech, ha763, tommy1808, Yahoo [Bot] and 19 guests