Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Microsoft To Patch Windows on January 10th; Attack Spreads
Dow Jones News Service (excerpt) ^ | January 3, 2006 | Chris Reiter

Posted on 01/03/2006 11:42:23 AM PST by HAL9000

Excerpt -

NEW YORK -(Dow Jones)- Microsoft Corp. (MSFT) plans to release a patch for a new security flaw at its next scheduled update release on Jan. 10, leaving users largely unprotected until then from a rapidly spreading computer virus strain.

"Microsoft's delay is inexcusable," said Alan Paller, director of research at computer security group SANS Institute. "There's no excuse other than incompetence and negligence."

"It's a problem that there's no known solution from Microsoft," said Alfred Huger, senior director of engineering at Symantec Corp.'s (SYMC) security response team.

SANS Institute, via its Internet Storm Center, has taken the unusual step of releasing its own patch for the problem until a Microsoft-approved fix is available. "It's not something we like to do," said Paller.

The Internet Storm Center, which tracks viruses and other outbreaks on the Web, increased the threat level to "yellow" - a warning that means a significant new threat is developing.

[snip]


(Excerpt) Read more at nasdaq.com ...


TOPICS: News/Current Events; Technical
KEYWORDS: backdoor; exploit; getamac; internetexploiter; lookoutexpress; lowqualitycrap; malware; microsoft; msn; patch; securityflaw; spamware; spyware; trojan; userfriendly; virus; virusbait; windows; wmf
Navigation: use the links below to view more comments.
first 1-5051-53 next last

1 posted on 01/03/2006 11:42:27 AM PST by HAL9000
[ Post Reply | Private Reply | View Replies]

To: HAL9000

Just a suggestion, but 64 bit computers, like the AMD64 are not vulnerable, assuming you have XP SP2.


2 posted on 01/03/2006 11:44:11 AM PST by js1138 (Great is the power of steady misrepresentation.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000

I was thinking, well, it's still safe to go to FreeRepublic, they're only text. Then I realized anyone can link to any image here.

Perhaps we should disable this feature for now?


3 posted on 01/03/2006 11:44:24 AM PST by proxy_user
[ Post Reply | Private Reply | To 1 | View Replies]

To: js1138
You'd have to have data execution prevention enabled, too. However, the next variant will likely utilize exploit methods that evades Microsoft DEP.

See phrack #62 for details.

4 posted on 01/03/2006 11:46:39 AM PST by xrp (My current list of worshippers: MNJohnnie)
[ Post Reply | Private Reply | To 2 | View Replies]

To: All

At least we don't still have the Clinton DOJ going after Microsoft while ignoring terrorists.


5 posted on 01/03/2006 11:46:58 AM PST by Peach (The Clintons pardoned more terrorists than they ever captured or killed.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: proxy_user

I'm a Mac user, so I can be smug. Perhaps you should join me :-).

Other than buying a Macintosh or Linux-based computer, I think I would simply turn off images in my browser when viewing FR.

D


6 posted on 01/03/2006 11:48:44 AM PST by daviddennis
[ Post Reply | Private Reply | To 3 | View Replies]

To: HAL9000

Someone else posted this fix from GRC:
There's also a third party fix but I'm leery about using it.

http://www.grc.com/sn/notes-020.htm


UNTIL THIS IS REPAIRED BY MICROSOFT, ANY ATTEMPT
TO DISPLAY A MALICIOUS IMAGE IN WINDOWS COULD
INSTALL MALICIOUS SOFTWARE INTO THE COMPUTER.

This is a so-called "0-day vulnerability" because exploits for the vulnerability appeared before any updates or patches were available.

Although NOT a complete solution, Microsoft has recommended temporarily disabling the automatic display of some images by the operating system and web browser. This can be done, as detailed below, by "unregistering" the "SHIMGVW.DLL" Windows DLL. THIS IS NOT A COMPLETE SOLUTION, but it significantly lowers the risk from this vulnerability from web surfing.

For Windows 2000, XP, 64-bit XP and 2003 server

The temporary patch described above is a FAR superior
solution. ONLY use the de-registration approach below if
you are unable to use Ilfak's temporary patch.

Do not open any "WMF" — Windows Metafiles — you receive by eMail, and reports are that other file types may also be dangerous.

Anti-virus companies have responded to this, so update your anti-virus signature files for updated protection.

You should IMMEDIATELY disable Windows' use of this
vulnerable DLL until patches from Microsoft are available.

Note that this WILL temporarily disable the "Thumbnail" view
in Windows Explorer and Window's Image and FAX viewer. This is
by design, since these viewers are no longer safe to use until a
non-vulnerable file has been produced by Microsoft and installed.

To immediately disable the vulnerable Windows component:

1) Logon as a user with full administrative rights.

2) Click the Windows "Start" button and select "Run..."

3) Enter the following string into the "Open" field:

regsvr32 -u shimgvw.dll

(You can copy/paste from this page using Ctrl-C/Ctrl-V)

4) Click "OK" to unregister the vulnerable DLL.

If all goes well, you will receive a confirmation prompt, and your system is now safe. No need to reboot, but you might want to just to be sure that any possible currently loaded instance is flushed out.


To eventually re-enable the "SHIMGVW.DLL" component:

Logon as a user with full administrative rights.

Click the Windows "Start" button and select "Run..."

Enter the following string into the "Open" field:

1) regsvr32 shimgvw.dll

(You can copy/paste from this page using Ctrl-C/Ctrl-V)
Same as the one above, but no "-u" for "uninstall".

Click "OK" to re-register the (hopefully) non-vulnerable DLL.


7 posted on 01/03/2006 11:49:47 AM PST by Lx (Do you like it, do you like it. Scott? I call it Mr. and Mrs. Tennerman chili.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000

As of last night, I put on my RED HAT, went ROOT, and tipped my FEDORA and left the windows world far behind.

Life is nice.


8 posted on 01/03/2006 11:59:19 AM PST by Al Gator (Remember to pillage BEFORE you burn!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: proxy_user
Perhaps we should disable this feature for now?

I disagree. FreeRepublic is already doing it's part to improve security by running on a Linux server. Microsoft is responsible for getting Windows fixed. Good luck to all of the Microsoft customers.

9 posted on 01/03/2006 12:04:02 PM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Lx

I installed the patch from GRC's recommendation on my XP machines a few days ago, and unregistered the DLL on my W2K machines, and have had no problems thus far.

I tend to trust Gibson fairly well.


10 posted on 01/03/2006 12:04:32 PM PST by MarineBrat (Talk is cheap because supply exceeds demand.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Lx

I used that temp patch yesterday, and it is now showing my pc has no apparent vunerability.

Gibson (at GRC) is a very reliable source. He developed one of the early programs to 'set' hard drive parameters. He's an ancient sage -- in Internet years. lol.


11 posted on 01/03/2006 12:28:28 PM PST by TomGuy
[ Post Reply | Private Reply | To 7 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

12 posted on 01/03/2006 12:29:04 PM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000
*
Microsoft.com Home | Site Map
Microsoft TechNet *
Search Microsoft.com for:
Search for


Microsoft Security Advisory (912840)

Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.

Published: December 28, 2005 | Updated: January 3, 2006

On Tuesday, December 27, 2005, Microsoft became aware of public reports of malicious attacks on some customers involving a previously unknown security vulnerability in the Windows Meta File (WMF) code area in the Windows platform.

Upon learning of the attacks, Microsoft mobilized under its Software Security Incident Response Process (SSIRP) to analyze the attack, assess its scope, define an engineering plan, and determine the appropriate guidance for customers, as well as to engage with anti-virus partners and law enforcement.

Microsoft confirmed the technical details of the attack on December 28, 2005 and immediately began developing a security update for the WMF vulnerability on an expedited track.

Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft’s goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing.

The update will be released worldwide simultaneously in 23 languages for all affected versions of Windows once it passes a series of rigorous testing procedures. It will be available on Microsoft’s Download Center, as well as through Microsoft Update and Windows Update. Customers who use Windows’ Automatic Updates feature will be delivered the fix automatically.

Based on strong customer feedback, all Microsoft’s security updates must pass a series of quality tests, including testing by third parties, to assure customers that they can be deployed effectively in all languages and for all versions of the Windows platform with minimum down time.

Microsoft has been carefully monitoring the attempted exploitation of the WMF vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement. Although the issue is serious and malicious attacks are being attempted, Microsoft’s intelligence sources indicate that the scope of the attacks are not widespread.

In addition, anti-virus companies indicate that attacks based on exploiting the WMF vulnerability are being effectively mitigated through up-to-date signatures.

Customers are encouraged to keep their anti-virus software up-to-date. The Microsoft Windows AntiSpyware (Beta) can also help protect your system from spyware and other potentially unwanted software. Customers can also visit Windows Live Safety Center and are encouraged to use the Complete Scan option to check for and remove malicious software that takes advantage of this vulnerability. We will continue to investigate these public reports.

If you are a Windows OneCare user and your current status is green, you are already protected from known malware that uses this vulnerability to attempt to attack systems.

Customers who follow safe browsing best practices are not likely to be compromised by any exploitation of the WMF vulnerability. Users should take care not to visit unfamiliar or un-trusted Web sites that could potentially host the malicious code.

Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. While we have not encountered any situation in which simply opening an email can result in attack, clicking on a link in an email could result in navigation to a malicious site. For more information about Safe Browsing, visit the Trustworthy Computing Web site.

Microsoft considers the intentional use of exploit code, in any form, to cause damage to computer users to be a criminal offense. Accordingly, we continue to work closely with our anti-virus partners and we are assisting law enforcement with its investigation of the attacks in this case. Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside the U.S. should contact the national law enforcement agency in their country.

We continue to encourage customers to follow our Protect Your PC guidance of enabling a firewall, applying software updates and installing antivirus software. Customers can learn more about these steps at the Protect Your PC Web site. The Microsoft Windows AntiSpyware (Beta) can also help protect your system from spyware and other potentially unwanted software.

Customers who believe they may have been affected by this issue can also contact Product Support Services. You can contact Product Support Services in the United States and Canada at no charge using the PC Safety line (1 866-PCSAFETY). Customers outside of the United States and Canada can locate the number for no-charge virus support by visiting the Microsoft Help and Support Web site.

Mitigating Factors:

In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site.

In an E-mail based attack involving the current exploit, customers would have to be persuaded to click on a link within a malicious e-mail or open an attachment that exploited the vulnerability. At this point, no attachment has been identified in which a user can be attacked simply by reading mail.

An attacker who successfully exploited this vulnerability could only gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

By default, Internet Explorer on Windows Server 2003, on Windows Server 2003 Service Pack 1, on Windows Server 2003 with Service Pack 1 for Itanium-based Systems, and on Windows Server 2003 x64 Edition runs in a restricted mode that is known as Enhanced Security Configuration This mode mitigates this vulnerability where the e-mail vector is concerned although clicking on a link would still put users at risk. In Windows Server 2003, Microsoft Outlook Express uses plain text for reading and sending messages by default. When replying to an e-mail message that is sent in another format, the response is formatted in plain text. See the FAQ section of this vulnerability for more information about Internet Explorer Enhanced Security Configuration.

General Information

Overview

Purpose of Advisory: To provide customers with initial notification of the publicly disclosed and exploited vulnerability. For more information see the “Suggested Actions” section of the security advisory.

Advisory Status: Issue Confirmed, Security Update Planned

Recommendation: Review the suggested actions and configure as appropriate.

References Identification

CVE Reference

CVE-2005-4560

CERT Reference

VU#181038

Microsoft Knowledge Base Article

912840

This advisory discusses the following software.

Related Software

Microsoft Windows 2000 Service Pack 4

Microsoft Windows XP Service Pack 1

Microsoft Windows XP Service Pack 2

Microsoft Windows XP Professional x64 Edition

Microsoft Windows Server 2003

Microsoft Windows Server 2003 for Itanium-based Systems

Microsoft Windows Server 2003 Service Pack 1

Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

Microsoft Windows Server 2003 x64 Edition

Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Note Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 x64 Edition also refer to Microsoft Windows Server 2003 R2.

Frequently Asked Questions

What is the scope of the advisory?
Microsoft is aware of a new vulnerability report affecting the Graphics Rendering Engine in Microsoft Windows. This vulnerability affects the software that is listed in the “Overview” section.

Is this a security vulnerability that requires Microsoft to issue a security update?
Yes, Microsoft has confirmed this vulnerability and will include the fix for this issue in an upcoming security bulletin.

What causes the vulnerability?
A vulnerability exists in the way specially crafted Windows Metafile (WMF) images are handled that could allow arbitrary code to be executed.

What is the Windows Metafile (WMF) image format?
A Windows Metafile (WMF) image is a 16-bit metafile format that can contain both vector information and bitmap information. It is optimized for the Windows operating system.

For more information about image types and formats, see Microsoft Knowledge Base Article 320314. Additional information about these file formats is also available at the MSDN Library Web site.

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system. This issue is not known to be wormable. In a Web-based attack scenario, an attacker would host a Web site that exploits this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.

How could an attacker exploit the vulnerability?
An attacker could host a malicious Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site.

I am reading e-mail in plain text, does this help mitigate the vulnerability?
Yes. Reading e-mail in plain text does mitigate this vulnerability where the e-mail vector is concerned although clicking on a link would still put users at risk.

Note In Windows Server 2003, Microsoft Outlook Express uses plain text for reading and sending messages by default. When replying to an e-mail message that is sent in another format, the response is formatted in plain text.

I have DEP enabled on my system, does this help mitigate the vulnerability?
Software based DEP does not mitigate the vulnerability. However, Hardware based DEP may work when enabled. Please consult with your hardware manufacturer for more information on how to enable this feature and whether it can provide mitigation.

Does this vulnerability affect image formats other than Windows Metafile (WMF)?
The only image format affected is the Windows Metafile (WMF) format. It is possible however that an attacker could rename the file extension of a WMF file to that of a different image format. In this situation, it is likely that the Graphic Rendering engine would detect and render the file as a WMF image which could allow exploitation.

Windows Metafile (WMF) images can be embedded in other files such as Word documents. Am I vulnerable to an attack from this vector?
No. While we are investigating the public postings which seek to utilize specially crafted WMF files through IE, we are looking thoroughly at all instances of WMF handling as part of our investigation. While we're not aware of any attempts to embed specially crafted WMF files in, for example Microsoft Word documents, our advice is to accept files only from trusted source would apply to any such attempts.

If I block .wmf files by extension, can this protect me against attempts to exploit this vulnerability?
No. Because the Graphics Rendering Engine determines file type by means other than just looking at the file extensions, it is possible for WMF files with changed extensions to still be rendered in a way that could exploit the vulnerability.

Does the workaround in this advisory protect me from attempts to exploit this vulnerability through WMF files with changed extensions?
Yes. Microsoft has tested and can confirm the workaround in this advisory help protect against WMF files with changed extensions.

It has been reported that malicious files indexed by MSN Desktop Search could lead to exploitation of the vulnerability. Is this true?
We have received reports and are investigating them thoroughly as part of our ongoing investigation. We are not aware at this time of issues around the MSN Desktop Indexer, but we are continuing to investigate.

Is this issue related to Microsoft Security Bulletin MS05-053 - Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) which was released in November?
No, these are different and separate issues.

Will my anti-virus software protect me from exploitation of this vulnerability?
As of the latest update to this advisory the following members of the Virus Information Alliance have indicated that their anti-virus software provides protection from exploitation of Windows Metafile (WMF) files using the vulnerability discussed in this advisory.

Symantec

Computer Associates

McAfee

F-Secure Corporation

Panda Software International

Eset Software

Aladdin

Norman

In addition Microsoft is providing heuristic protection against exploitation of this vulnerability through Windows Metafile (WMF) files in our new Windows OneCare Live Beta.

As currently known attacks can change, the level of protection offered by anti-virus vendors at any time may vary. Customers are advised to contact their preferred anti-virus vendor with any questions they may have or to confirm additional information regarding their vendor’s method of protection against exploitation of this vulnerability.

When this security advisory was issued, had Microsoft received any reports that this vulnerability was being exploited?
Yes. When the security advisory was released, Microsoft had received information that this vulnerability was being actively exploited.

What’s Microsoft’s response to the availability of third party patches for the WMF vulnerability?
Microsoft recommends that customers download and deploy the security update for the WMF vulnerability that we are targeting for release on January 10, 2006.

As a general rule, it is a best practice to utilize security updates for software vulnerabilities from the original vendor of the software. With Microsoft software, Microsoft carefully reviews and tests security updates to ensure that they are of high quality and have been evaluated thoroughly for application compatibility. In addition, Microsoft’s security updates are offered in 23 languages for all affected versions of the software simultaneously.

Microsoft cannot provide similar assurance for independent third party security updates.

Why is it taking Microsoft so long to issue a security update?
Creating security updates that effectively fix vulnerabilities is an extensive process. There are many factors that impact the length of time between the discovery of a vulnerability and the release of a security update. When a potential vulnerability is reported, designated product specific security experts investigate the scope and impact of a threat on the affected product. Once the MSRC knows the extent and the severity of the vulnerability, they work to develop an update for every supported version affected. Once the update is built, it must be tested with the different operating systems and applications it affects, then localized for many markets and languages across the globe.

Suggested Actions

Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1

Microsoft has tested the following workaround. While this workaround will not correct the underlying vulnerability, it helps block known attack vectors. When a workaround reduces functionality, it is identified in the following section.

Note The following steps require Administrative privileges. It is recommended that the machine be restarted after applying this workaround. It is also possible to log out and log back in after applying the workaround. However, the recommendation is to restart the machine.

To un-register Shimgvw.dll, follow these steps:

1.

Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.

2.

A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.

To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).

Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. For more information about Safe Browsing, visit the Trustworthy Computing Web site.

Customers in the U.S. and Canada who believe they may have been affected by this possible vulnerability can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support that is associated with security update issues or viruses." International customers can receive support by using any of the methods that are listed at Security Help and Support for Home Users Web site.

All customers should apply the most recent security updates released by Microsoft to help ensure that their systems are protected from attempted exploitation. Customers who have enabled Automatic Updates will automatically receive all Windows updates. For more information about security updates, visit the Microsoft Security Web site.

Protect Your PC

We continue to encourage customers follow our Protect Your PC guidance of enabling a firewall, getting software updates and installing ant-virus software. Customers can learn more about these steps by visiting Protect Your PC Web site.

For more information about staying safe on the Internet, customers can visit the Microsoft Security Home Page.

Keep Windows Updated

All Windows users should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit the Microsoft Update Web site, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them.

Resources:

You can provide feedback by completing the form by visiting the following Web site.

Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services. For more information about available support options, see the Microsoft Help and Support Web site.

International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit the International Support Web site.

The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.

Disclaimer:

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions:

December 28, 2005: Advisory published

December 29, 2005: Advisory updated. FAQ section updated.

December 30, 2005: Advisory updated. FAQ section updated.

January 3, 2006: Information has been added to the beginning of the advisory as well as the FAQ section to provide updated information about the state of the investigation. Information has also been added to the FAQ section regarding reports of a third party security update for this issue.



© 2005 Microsoft Corporation. All rights reserved. Terms of Use |Trademarks |Privacy Statement
Microsoft

13 posted on 01/03/2006 12:35:38 PM PST by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 9 | View Replies]

So all will be fine on the 10th...till then be careful..


14 posted on 01/03/2006 12:37:10 PM PST by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Al Gator

Excellent timing Gator!


15 posted on 01/03/2006 12:46:15 PM PST by zeugma (Warning: Self-referential object does not reference itself.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Ernest_at_the_Beach

Hey Ernie,

Publishing a novel in a thread is not considered wholesome.

Putting in a link to a page off the side, now that's considerate.


16 posted on 01/03/2006 12:46:38 PM PST by Al Gator (Remember to pillage BEFORE you burn!)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Al Gator
If Linux suits your computing needs it's likely a good choice.

Since I like to play on-line games with decent graphics on my home PC Windows is the only reasonable option for me on that computer.

I'd be better off backing up my important data and reloading my computer weekly to get rid of viruses than trying to use Linux.

I like Linux for many purposes. I work with it almost daily at work. It's a good tool for many things. It has much better security than Windows. However for most people, Windows is still a better choice for the majority of their needs.

That may change in the future. I hope it does, it would be nice to have more viable options.
17 posted on 01/03/2006 12:52:39 PM PST by untrained skeptic
[ Post Reply | Private Reply | To 8 | View Replies]

To: Al Gator

I wanted to catch the fullness of the MS arrongance before they pulled it from their website.......


18 posted on 01/03/2006 1:00:30 PM PST by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 16 | View Replies]

To: TomGuy
Gibson rocks.

Years ago when I was the service manager at a computer store, I could get data off of dead drives using Spinrite. Catch was it took a couple of days to run. It even worked when I had to open up an old ST-251-1 drive that had broken the thin metal blade that moved the heads. Took the part out of another dead drive and Bingo, data recovery! For a nominal fee of course.

His shields up is very cool as well.

19 posted on 01/03/2006 1:44:51 PM PST by Lx (Do you like it, do you like it. Scott? I call it Mr. and Mrs. Tennerman chili.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: HAL9000

""It's a problem that there's no known solution from Microsoft," said Alfred Huger, senior director of engineering at Symantec Corp.'s (SYMC) security response team."

But, But ... I thought Symantec's Internet Security was supposed to keep me safe ....


20 posted on 01/03/2006 1:51:10 PM PST by RS (Just because they are out to get him doesn't mean he is not guilty)
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000

"FreeRepublic is already doing it's part to improve security by running on a Linux server. "

Linux servers won't pass the infected pictures ?


21 posted on 01/03/2006 1:53:18 PM PST by RS (Just because they are out to get him doesn't mean he is not guilty)
[ Post Reply | Private Reply | To 9 | View Replies]

To: HAL9000
My company put an update on the Microsoft SMS server to patch all the company XP based machines inside the firewall. The patch disables the "thumbnails" capability of Windows Explorer and some other applications that automatically show off pictures.

The problem is that the suffix doesn't matter. The Windows Media File nature of the file is embedded in the file header, not discerned via the extension. A snoopy application that decides for itself is going to find those WMF files. It if happens on an exploit, you pay the consequences.

22 posted on 01/03/2006 1:57:28 PM PST by Myrddin
[ Post Reply | Private Reply | To 1 | View Replies]

To: RS
Linux servers won't pass the infected pictures ?

ANY web server can pass the infected files. You will happily pull it right through your firewall via port 80. Once on the disk, your operating system/applications will dictate what happens next. The exploit wasn't targeted at Linux applications/shared libraries...yet. Given all the effort at compatibility to view multi-media files, it is just a matter of time before such an exploit happens. Windows is just a much bigger target.

23 posted on 01/03/2006 2:06:30 PM PST by Myrddin
[ Post Reply | Private Reply | To 21 | View Replies]

To: RS
Look for infected files to show up in SPAM. The spammers love to send images because the anti-spam software can't find keywords to kick them out. Turn off your automatic image viewing in e-mail until the patch is applied.
24 posted on 01/03/2006 2:08:42 PM PST by Myrddin
[ Post Reply | Private Reply | To 21 | View Replies]

To: Myrddin

Ha, does anyone see a parallel here: relying on Microsoft to provide the patch is like
- relying on the police to protect individual citizens
- relying on government to protect the border
??


25 posted on 01/03/2006 2:08:50 PM PST by rudy45
[ Post Reply | Private Reply | To 23 | View Replies]

To: proxy_user
Perhaps we should disable this feature for now?

You can disable showing images on your own PC, and it would govern all pictures on all sites. Open internet explorer, move your mouse pointer to TOOLS, INTERNET OPTIONS. Select the ADVANCED tab. Scroll down to MULTIMEDIA and deselect SHOW PICTURES.

When the threat of this virus has passed, you can reverse the procedure and reselect SHOW PICTURES.

26 posted on 01/03/2006 2:18:20 PM PST by Wolfstar ("We must...all hang together or...we shall all hang separately." Benjamin Franklin)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Ernest_at_the_Beach
I'm running FireFox 1.5 and Eurora mail on my Mac. Do I have to read all of that?
27 posted on 01/03/2006 2:59:42 PM PST by tubebender (You can't make Chicken Soup from Chicken Poop...)
[ Post Reply | Private Reply | To 13 | View Replies]

To: RS
Linux servers won't pass the infected pictures ?

They can - but it's unlikely that most of the images hosted on FR would contain a virus.

One potential problem area could be in FR's Caption This Image section, where anyone could upload an infected image. But I think John R. has coded some restrictions in that feature to prevent embedding of those images in other web pages.

Most images seen on FR are actually hosted on a different server, which may or may not be running Linux.

28 posted on 01/03/2006 3:22:30 PM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 21 | View Replies]

To: HAL9000

Ilfac Guilfanov, who wrote the patch, is somewhat well known as the author of Interactive Disassembler Pro. According to the f-secure weblog, Guilfanov is "arguably one of the best low-level Windows experts in the world."
He is not making money from his patch, but if it causes problems, his reputation will certainly suffer. Steve Gibson of Gibson Research Center, a long time programmer and all-around old computer pro, has examined Guilfanov's code and even spoke with Guilfanov to help him modify the code for Windows 2000. Gibson is very impressed with the quality of the patch. Programmer/author Tom Liston of SANS says that he has gone through the patch and found that it does only what it is supposed to do.

Obviously Guilfanov's patch is riskier than Microsoft's patch will be, but if Microsoft is really going to wait until the 10th without even releasing even a beta patch...


29 posted on 01/03/2006 3:28:55 PM PST by TChad
[ Post Reply | Private Reply | To 1 | View Replies]

To: TChad
...Obviously Guilfanov's patch is riskier than Microsoft's patch will be...

Hmmmm. I'm not so sure.

30 posted on 01/03/2006 3:36:09 PM PST by Petronski (I love Cyborg!)
[ Post Reply | Private Reply | To 29 | View Replies]

To: rudy45
Ha, does anyone see a parallel here: relying on Microsoft to provide the patch is like

expecting ANY vendor to honor a warranty on a product it has sold. Crispy fries from McDonalds. Fresh ice cream from Dairy Queen. Safe tires from Firestone.


- relying on the police to protect individual citizens
- relying on government to protect the border

Government is full of politicians. They are experienced weasels at avoiding responsibility. The courts have already ruled that police have no duty to protect citizens. The federal government has clearly failed in its responsibility to protect the U.S. border.

31 posted on 01/03/2006 3:47:52 PM PST by Myrddin
[ Post Reply | Private Reply | To 25 | View Replies]

To: TChad

Gibson is a good guy, but his efforts to improve Windows are quixotic.


32 posted on 01/03/2006 3:52:04 PM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 29 | View Replies]

To: tubebender

No, just don't look at the WMF files....point of posting it was that Microsoft was saying that you are OK as long as you don't use some of the facilities they have provided,,,till they finally get around to fixing the problem.....just trust them.

Lot of words for sure.


33 posted on 01/03/2006 4:04:48 PM PST by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 27 | View Replies]

To: HAL9000
Gibson is a good guy, but his efforts to improve Windows are quixotic.

I'm not sure that Gibson is really "attempting to improve Windows" here, so much as doing what he usually does, saving people from computer disasters. His SpinRite program certainly saved me in the bad old computer days. I probably would have installed the patch on my Windows boxes even without his recommendation, but he made the decision easy.

34 posted on 01/03/2006 4:19:39 PM PST by TChad
[ Post Reply | Private Reply | To 32 | View Replies]

To: Ernest_at_the_Beach

I know. I read it a couple of days ago and got a cramp laughing so hard. I was just joshing you...


35 posted on 01/03/2006 4:20:50 PM PST by tubebender (You can't make Chicken Soup from Chicken Poop...)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Ernest_at_the_Beach
Have you seen this??? Google OS
36 posted on 01/03/2006 4:29:15 PM PST by tubebender (You can't make Chicken Soup from Chicken Poop...)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Al Gator
As of last night, I put on my RED HAT, went ROOT, and tipped my FEDORA and left the windows world far behind.

Welcome to the flock!!

Tux Lives!!!

37 posted on 01/03/2006 4:38:12 PM PST by amigatec (There are no significant bugs in our software... Maybe you're not using it properly.- Bill Gates)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Petronski; TChad

I agree!


38 posted on 01/03/2006 4:48:30 PM PST by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 30 | View Replies]

To: tubebender

Did I describe it accurately....?

What a piece of corporate BS....


39 posted on 01/03/2006 4:51:59 PM PST by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 35 | View Replies]

To: tubebender
Yes, see this also:

Google's timing might be good:

And now, for Google's next trick ... Google PC??....GoogleOS???

40 posted on 01/03/2006 4:53:40 PM PST by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Al Gator
As of last night, I put on my RED HAT, went ROOT, and tipped my FEDORA and left the windows world far behind.

Welcome to the club. FReedom is a wonderful thing. I haven't booted into winders in over a year, it's still on my HD and GRUB lists it as an option, but I haven't had the need.

I guess I could wipe it and use the space for something usefull.

Life is nice, isn't it. :-)

41 posted on 01/03/2006 5:12:01 PM PST by AFreeBird (your mileage may vary)
[ Post Reply | Private Reply | To 8 | View Replies]

To: AFreeBird

Oh man, I'm just lovin the s**t outta this!

ROOT just gave Billy the BOOT!

Puns definitely intended!


42 posted on 01/03/2006 6:00:30 PM PST by Al Gator (Remember to pillage BEFORE you burn!)
[ Post Reply | Private Reply | To 41 | View Replies]

To: HAL9000

That's what I thought - which is why your original statement - "FreeRepublic is already doing it's part to improve security by running on a Linux server. " - adds nothing to the thread but might conversely give users a false sense of security.


43 posted on 01/03/2006 7:26:47 PM PST by RS (Just because they are out to get him doesn't mean he is not guilty)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Al Gator
Have you tried Flightgear yet? A nice flight sim. The helo is a bit of a *itch, but the jets are cool. Try out the T38 and fly the grand canyon.
44 posted on 01/03/2006 7:47:50 PM PST by AFreeBird (your mileage may vary)
[ Post Reply | Private Reply | To 42 | View Replies]

To: RS
That's what I thought - which is why your original statement - "FreeRepublic is already doing it's part to improve security by running on a Linux server. " - adds nothing to the thread but might conversely give users a false sense of security.

If Free Republic was hosted on Windows servers, it would be a magnet for viruses and hackers. Thanks to Linux hosting, the main threat here seems to be operatives like MD4Bush.

The current problem must be resolved at the operating system level, and Microsoft is doing a lousy job getting it fixed.

I found some distributions of the text-only Lynx web browser for Win32. If I used Windows, I'd be testing that browser right now. It can't display images at all, so it ignores links to images.

45 posted on 01/03/2006 8:19:07 PM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 43 | View Replies]

To: HAL9000

"If I used Windows, I'd be testing that browser right now. It can't display images at all, so it ignores links to images."
Kind of a long way around just turning off images isn't it ?


"The current problem must be resolved at the operating system level, and Microsoft is doing a lousy job getting it fixed."

Yep - ... lousy job - but various quotes from the isc website -

"we can't vouch for any special software you might have in your own systems that could be disabled after the patch is installed."

"If you want to experiment with another file submitted to us..." EXPERIMENT ?

"We have pulled the .msi that we posted earlier due to some issues with the file. "

Seems to show that these guys just toss things out there - after all, it's YOUR system they are screwing with. How much can you sue them for if their patch burns your system ?


46 posted on 01/03/2006 9:24:20 PM PST by RS (Just because they are out to get him doesn't mean he is not guilty)
[ Post Reply | Private Reply | To 45 | View Replies]

To: HAL9000
I hope the new Version of Norton gets here soon.

Has anyone downloaded and tried the 'Windows Live Safety Center' Beta? If so, what do you think of it?

We already have 'Microsoft AntiSpyWare' installed, so far it has not found a thing.

47 posted on 01/03/2006 9:37:07 PM PST by Dustbunny (My goal in life is to be as good of a person my dogs already think I am.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: RS
Kind of a long way around just turning off images isn't it ?

It's an alternative to the "Suggested Actions" listed above in the Microsoft Security Advisory. It avoids the need to un-register the Windows Picture and Fax Viewer (Shimgvw.dll) until the patch is issued.

Lynx is a good web browser for security and privacy purposes, or for low-bandwidth connections. It's not ideal for casual browsing, but it's a useful tool to have sometimes - like right now for Windows.

48 posted on 01/03/2006 10:00:28 PM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 46 | View Replies]

To: HAL9000

"It avoids the need to un-register the Windows Picture and Fax Viewer (Shimgvw.dll) until the patch is issued."

Actually that 10-second "fix" worked fine, and I never liked that thumbnail crap anyway - I'll leave it off.


49 posted on 01/03/2006 10:10:39 PM PST by RS (Just because they are out to get him doesn't mean he is not guilty)
[ Post Reply | Private Reply | To 48 | View Replies]

To: HAL9000

I've installed Guilfanov's patch from grc.com on four XP Pro boxes so far, and not one of them has exploded.


50 posted on 01/03/2006 10:15:36 PM PST by TChad
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-53 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson