Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Windows PCs face ‘huge’ virus threat
Financial Times via Drudge ^ | January 2 2006 18:18 | By Kevin Allison in San Francisco

Posted on 01/02/2006 3:54:03 PM PST by Swordmaker

Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.

The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers.

“The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.”

The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week. But the potential for damaging attacks increased dramatically at the weekend after a group of computer hackers published the source code they used to exploit it. Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image.

“We haven’t seen anything that bad yet, but multiple individuals and groups are exploiting this vulnerability,” Mr Hyppönen said. He said that every Windows system shipped since 1990 contained the flaw.

Microsoft said in a security bulletin on its website that it was aware that the vulnerability was being actively exploited. But by early yesterday, it had not yet released an official patch to correct the flaw. “We are working closely with our antivirus partners and aiding law enforcement in its investigation,” the company said. In the meantime, Microsoft said it was urging customers to be careful opening e-mail or following web links from untrusted sources.

Meanwhile, some security experts were urging system administrators to take the unusual step of installing an unofficial patch created at the weekend by Ilfak Guilfanov, a Russian computer programmer.

Concerns remain that without an official patch, many corporate information technology systems could remain vulnerable as employees trickle back to work after the holiday weekend.

“We’ve received many e-mails from people saying that no one in a corporate environment will find using an unofficial patch acceptable,” wrote Tom Liston, a researcher at the Internet Storm Center, an antivirus research group. Both ISC and F-Secure have endorsed the unofficial fix.

Microsoft routinely identifies or receives reports of security weaknesses but most such vulnerabilities are limited to a particular version of the Windows operating system or other piece of Microsoft software. In recent weeks, the company has been touting its progress in combating security threats.

The company could not be reached on Monday for comment.


TOPICS: Extended News; Technical
KEYWORDS: backdoor; exploit; getamac; internetexploiter; lookoutexpress; lowqualitycrap; malware; microsoft; patch; security; securityflaw; spyware; trojam; trojan; userfriendly; virus; virusbait; viruses; vulnerability; windows; wmf; worm
Navigation: use the links below to view more comments.
first previous 1-20 ... 141-160161-180181-200201-205 next last
To: grey_whiskers

Can't take credit for this one, g_w...just passing on info that proved useful to me.


161 posted on 01/03/2006 12:23:55 AM PST by snarks_when_bored
[ Post Reply | Private Reply | To 156 | View Replies]

To: PetiteMericco
So you DON'T really feel attached to/and or any allegiance to your Mac, then? Why did you buy it?

I have changed Computer systems five time now... each time going with the one I researched and found to be the best... and most on the cutting edge.

If something better comes along I would most likely go with it. As to teaching you, you think you know everything so there is nothing left to teach you... but you are blissful in your total ignorance. In every post you dig your hole of Mac ignorance deeper and deeper. You also seem to think that we are Windows ignorant. As I told you I make my living fixing ailing Windows computers... I have the experience in Multiple platforms that you totally lack and demonstrate with each utterance.

162 posted on 01/03/2006 12:42:55 AM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 159 | View Replies]

To: Paloma_55

"The only reason MACs don't have viruses is that nobody targets them.

Software is software. If someone wanted to exploit the MACOS, they could."

Perhaps. Another aspect to keep in mind is that the Mac OS is based on BSD, and from what i'm told, it's vastly harder to exploit BSD, in the order of several magnitudes. One would think one of these cretins would go after the Mac just because the of the Mac vs. PC stupidity prevelant everywhere these days.'

I think another key element is the stuff we're not saddled with...like Explorer and Outlook, the two favorite targets for the nasties. I know that since I switched my laptop from Explorer and Outlook to Firefox and web based e-mail, my infections have dropped to nil.


163 posted on 01/03/2006 12:55:01 AM PST by ByDesign
[ Post Reply | Private Reply | To 18 | View Replies]

To: snarks_when_bored
Windows 98/SE/ME users: Microsoft's original advice to "unregister the shimgvw.dll" (shell image viewer) was never correct or useful on those platforms. The good news is that all current WMF exploits appear to be non-functional on the older Win9x vintage platforms . . . so you will likely be okay until Microsoft has updated your system with the next security patches. There is no short-term workaround for Windows 9x users.

This sounds to me like I should once again be glad I still run 98 on this old jalopy.

164 posted on 01/03/2006 12:55:42 AM PST by Lancey Howard
[ Post Reply | Private Reply | To 161 | View Replies]

To: Swordmaker
Steven Gibson Of Gibson Research Corporation has posted a workaround: disable the dll via the Run command until Microsoft releases an official fix. The larger problem of course is Windows was designed with ease of use rather than security in mind. That ease of use makes it easy to run Windows but it also unfortunately makes it attractive to hackers. Those of us running Mac OSX don't have to worry about security flaws for OSX was built first and foremost with security in mind. All you really need is the built-in firewall and you can beef it up with a third party product like Intego's NetBarrier. In OSX you don't need at present anti-virus software. Microsoft is just playing catch-up in the realm of computing security. Apple already had the bases covered.

(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")

165 posted on 01/03/2006 1:02:37 AM PST by goldstategop (In Memory Of A Dearly Beloved Friend Who Lives On In My Heart Forever)
[ Post Reply | Private Reply | To 1 | View Replies]


166 posted on 01/03/2006 1:08:27 AM PST by KneelBeforeZod (Someday a real rain will come and wipe this scum off the streets.)
[ Post Reply | Private Reply | To 165 | View Replies]

To: Lancey Howard
This sounds to me like I should once again be glad I still run 98 on this old jalopy.

It seems so. However, as somebody who ran Win98 for too long, I'll recommend XP with SP2 to you. It's far more stable than Win98.

167 posted on 01/03/2006 1:10:02 AM PST by snarks_when_bored
[ Post Reply | Private Reply | To 164 | View Replies]

To: KneelBeforeZod
Application errors in Mac OSX get logged but they rarely take down the entire system unless they're very badly written. The Logitech Control Center hosed OSX and was a piece of junk. From now on, I'm going to rely on the Apple native drivers to run my keyboard and mouse. What I appreciate about OSX is that its practically crash-proof. If you run compatible software on it, you will never have a problem. And I intend to see to it I don't have one in the future.

(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")

168 posted on 01/03/2006 1:16:38 AM PST by goldstategop (In Memory Of A Dearly Beloved Friend Who Lives On In My Heart Forever)
[ Post Reply | Private Reply | To 166 | View Replies]

To: Swordmaker

bookmark


169 posted on 01/03/2006 1:16:47 AM PST by GiovannaNicoletta
[ Post Reply | Private Reply | To 1 | View Replies]

To: KneelBeforeZod

And your point is?

170 posted on 01/03/2006 1:34:48 AM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 166 | View Replies]

To: Swordmaker
No software will be completely free of bugs. As long as its usable, that's all people are concerned with. Most of us don't use many of the extra features in the software we do buy.

(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie. Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")

171 posted on 01/03/2006 1:47:30 AM PST by goldstategop (In Memory Of A Dearly Beloved Friend Who Lives On In My Heart Forever)
[ Post Reply | Private Reply | To 170 | View Replies]

To: PetiteMericco

I hate to break it to you, Mericco, but OSX is a great operating system. I'm posting this from a $500 computer running OSX. By the way, I'm a professional software developer on Windows and Linux. I use Windows by necessity at the office, but at home I use OSX by choice.


172 posted on 01/03/2006 3:53:00 AM PST by dinodino
[ Post Reply | Private Reply | To 150 | View Replies]

To: Cementjungle
What's needed is a proper intrusion-detection system, like this one:

I love it! If Netgear doesn't get 'em the ZOT kitty will.
173 posted on 01/03/2006 7:21:52 AM PST by octobersky
[ Post Reply | Private Reply | To 64 | View Replies]

To: Swordmaker
Just block all WMF files.

Another way to mitigate this is to set your PC file extensions to use notepad to open all WMF files.

174 posted on 01/03/2006 7:35:18 AM PST by Centurion2000 (Conservative, a liberal that was mugged. Liberal, a conservative that was arrested.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: angkor
The new hacker tools and exploits will make mincement of all existing firewalls, intrusion detection, and antivirus.

And how exactly are they going to make mincemeat of application firewalls, IPS platforms and proxy devices examining your https traffic?

175 posted on 01/03/2006 7:52:44 AM PST by Centurion2000 (Conservative, a liberal that was mugged. Liberal, a conservative that was arrested.)
[ Post Reply | Private Reply | To 71 | View Replies]

To: Swordmaker
Best Operating System - Server (Macintosh OSX.4 Server)

Thanks for the laugh.

176 posted on 01/03/2006 7:57:56 AM PST by Centurion2000 (Conservative, a liberal that was mugged. Liberal, a conservative that was arrested.)
[ Post Reply | Private Reply | To 118 | View Replies]

To: cabojoe

bookmark


177 posted on 01/03/2006 8:00:13 AM PST by UCANSEE2
[ Post Reply | Private Reply | To 14 | View Replies]

To: Recovering Hermit
Recovering Hermit writes:
I just love these Mac folks who think that the answer to all ills a Mac.
Get a clue.

I'll "clue" you in:

Imagine....

Imagine no spyware - none, zilch, nada.

Imagine no adware - nothing, zero, not a single one.

Imagine no trojans.

Imagine no viruses - nothing to protect against. Imagine not even _running_ any anti-virus software on your computer.

Imagine computing for 18 years, online for 18 years, and never having had a virus, not once. Ever.

Imagine being able to read _any_ email, without fear. To visit _any_ website you wish, without fear. To look at _any_ image you wish, without fear. Imagine be able to download _anything_ you wished, and not even have to check it for infection, or worry about some hidden application buried within it, just waiting to attack your computer.

Imagine turning on your computer with the confidence that you can leave it online a day, a week, a month, and return to find it in exactly the same state - unmolested - as you left it in.

Now, STOP imagining. That's been my personal computing experience (really!) for the last 18 years online.

Impossible, you say? Not if you're using a Mac.

Granted, someone _could_ possibly concoct a virus or some other malaware for OS X. However, if it _does_ happen, it's going to be a "man bites dog" story. It'll be headlines not because it's another virus, but because there has never been an attack on OS X. And it will be dealt with quickly.

I've got a friend at work who has used computers as long (longer?) than I have, but he came from the "PC side" of things. Two of his most memorable comments to me were "it took me ten years to learn DOS", and, "I hate computers!".

I've been fooling with personal computers since 1986 (the Mac since 1987) and I _enjoy_ computers! Why is that?

Cheers!
- John

178 posted on 01/03/2006 8:05:11 AM PST by Fishrrman
[ Post Reply | Private Reply | To 46 | View Replies]

To: streetpreacher
What about encrypting your entire hard drive? And are there any downsides to so doing?

You can't encrypt your entire hard drive (unless you can boot from a CD or something) -- the system needs to run the operating system before it can get to the point of starting the crypto software.

Other than that, the downside is that you introduce some extra overhead into file access to run the encryption/decryption/wiping routines. It probably won't be noticeable unless you have a slow computer or lousy crypto software.

179 posted on 01/03/2006 8:22:05 AM PST by steve-b (A desire not to butt into other people's business is eighty percent of all human wisdom)
[ Post Reply | Private Reply | To 97 | View Replies]

To: PetiteMericco
Yes, it's called Norton Antivirus.

I gave up on Norton after spending a few hours cleaning up the mess SystemWorks 2004 made of my system.

180 posted on 01/03/2006 8:38:37 AM PST by steve-b (A desire not to butt into other people's business is eighty percent of all human wisdom)
[ Post Reply | Private Reply | To 113 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 141-160161-180181-200201-205 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson