Posted on 01/02/2006 3:54:03 PM PST by Swordmaker
Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.
The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers.
“The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.”
The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week. But the potential for damaging attacks increased dramatically at the weekend after a group of computer hackers published the source code they used to exploit it. Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image.
“We haven’t seen anything that bad yet, but multiple individuals and groups are exploiting this vulnerability,” Mr Hyppönen said. He said that every Windows system shipped since 1990 contained the flaw.
Microsoft said in a security bulletin on its website that it was aware that the vulnerability was being actively exploited. But by early yesterday, it had not yet released an official patch to correct the flaw. “We are working closely with our antivirus partners and aiding law enforcement in its investigation,” the company said. In the meantime, Microsoft said it was urging customers to be careful opening e-mail or following web links from untrusted sources.
Meanwhile, some security experts were urging system administrators to take the unusual step of installing an unofficial patch created at the weekend by Ilfak Guilfanov, a Russian computer programmer.
Concerns remain that without an official patch, many corporate information technology systems could remain vulnerable as employees trickle back to work after the holiday weekend.
“We’ve received many e-mails from people saying that no one in a corporate environment will find using an unofficial patch acceptable,” wrote Tom Liston, a researcher at the Internet Storm Center, an antivirus research group. Both ISC and F-Secure have endorsed the unofficial fix.
Microsoft routinely identifies or receives reports of security weaknesses but most such vulnerabilities are limited to a particular version of the Windows operating system or other piece of Microsoft software. In recent weeks, the company has been touting its progress in combating security threats.
The company could not be reached on Monday for comment.
It hasn't been shot down at all. There's virus protection for BSD systems, which would be totally unnecessary if Mac OSX and BSD were immune. I know; I run BSD networks at home and work.
But then again, I've never had a virus problem on Windows.
Are you really so disconnected from reality that you don't realize that sociopathic criminals care about the "respect" they get from other sociopathic criminals, and don't give a damn about the opinions of normal people?
MAC
Sure... there are companies making virus protection software for Mac OSX as well... and it does a good job of removing WINDOWS viruses from email and it will also identify WINDOWS viruses in WINDOWS executables... and they have definition files for the fewer than 100 virii that could infect a pre-OSX Mac but that have no impact at all on an OSX Mac. These Mac anti-virus apps also a couple definitions for the one or two "proof of concept" Trojans that were created for OSX by the Mac anti-virus publishers (but never found in the wild)... but the only Mac users who run them do so as a courtesy to their WINDOWS using friends to catch an occasionaly WINDOWS virus laden email they might inadvertently forward to them.
In other words, 1L, I could put up anti-zebra umbrellas over my garden to protect my garden against zebras falling from the sky, but the mere existance of my ant-zebra umbrellas is no proof that there are zebras falling from the sky.
Did UNIX have malware? Yes. Is it a problem today? No... because the vulnerabilities of the open source code were closed almost as fast as they were revealed. The protections against those malware are now incorporated into the underlying operating system. This development and hardening of the OS has been going on for over 35 years.
Is Windows still vulnerable to most of the 100,000 plus viruses that were created to plague it? No. Protections for 95% of those are also now built into the OS... but it it TOO EASY for a script kiddie to write new malware for Windows
But then again, I've never had a virus problem on Windows.
You know, I have Windows XP machines running right here, and I also have never had an infection either... but my business clients certainly have had and do get infected (Fewer now with XP, but I will be busy this week applying patches for their Windows machines for this exploit... and then go back and reactivate the stuff that gets turned off when MS finally gets an official patch out). You and I know what to do and what not to do to keep our Windows machine's clean... but the malware is not a problem for users like us... it is a problem and a fear for Mom and Pop and 90% of the rest of Windows users. A lot of those Mom and Pop users have given up and packed up their computers and stuffed them in the closet or given them away in frustration.
I also have Mac users in businesses and I have NEVER had to clean spyware, adware, or viruses off of even one of their Macs. They lose no productive time to the myriad issues that can plague a Windows box... they don't even have to let their machines download, install, and run updates to the non-installed anti-malware applications they DON'T HAVE TO RUN... and they don't have to accept the performance hit that all those multiple anti-apps demand from their machines when they are running. I get called in to see the Mac users only for upgrades and an occasional hardware problem. If they had Windows computers I would see them a lot more often and make a lot more money from them.
It's possible for a file with any extension to exploit this security hole:
From the SANS WMF Exploit FAQ:Should I just block all .WMF images?
This may help, but it is not sufficient. WMF files are recognized by a special header and the extension is not needed. The files could arrive using any extension, or embeded in Word or other documents.
My point is that there isn't anything inherent in the Mac OSX that prevents or eliminates viruses. To some extent Mac does benefit from the open source foundation of its system, but that's a plug for BSD, not for Mac.
So the argument that no one writes viruses for Mac, even if harder to do, because of the lack of widespread deployment is still true and hasn't been debunked. You can't assume that because none of your business clients that use macs don't have problems now, that they wouldn't have problems if Mac OSX owned 90% of the market. There's no way to test that, so unless there are inherent barriers in the OS, which there aren't, problems would happen on that platform if it had a larger market.
We've been over this before -- at least 3 times. Comparing a Mac g5 to a entry level Dell is idiotic. Both I, and every Mom and Pop in America, can spend 75% of what a Mac costs on a custom built PC with great components and simple protection software thats easy to use, and have all the benefits of a Mac without all of the incompatabilities.
Not hardly.
"Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image."
Nope. The exploit can be conveyed by simply viewing an image containing malicious code and a WMF header (the file need not have a .WMF extension on the name). Some DUmpster troll could post a trojan-horse image on this very thread, and you'd get hit just be reading it.
That statement is simply untrue.
Unlike Windows, the inherent design of Mac OS X is intended prevent malware from getting installed. So far, the hackers have failed in every attempt to spread a Mac virus, even though most Mac users don't use anti-virus software.
What, specifically, is in OSX to make it virus proof?
Several details about the secure architecture of Mac OS X are available here - securityawareness.blogspot.com. Microsoft could have implemented the same measures, but didn't.
The next generation of Macs will have even more security features - for example, an patented new method to prevent code from being tampered with.
The article does NOT support your assertion that "the inherent design of Mac OS X is intended prevent malware from getting installed." To the extent there are any inherent designs, it is the BSD core and not the Apple overlaid GUI that creates the inherency. Anyone can download and install on a 486 that core. Besides, malware wasn't really much of an issue when OSX came out, and especially when it was in the design phase. It didn't become a great issue until broadband took off on the home desktop.
"The internet is going to be a might plain looking place without any graphics..."
My understanding is that this vulnerability is in WMF graphics, which are an oddball format that only Winblows supports.
Turn off WMF support.
Sometimes????
"I'd buy a Mac, but I'm not gay."
I have a Mac, but I don't use it because I hate the interface... AND... I'm not gay.
I am, however, geeky enough to use my Linux box from time to time. Gnome Mahjong is addictive. Open Office sux.
My understanding is that, because of the way Windows core components operate, the exploit can be enclosed in any sort of image file--JPEG or GIF, for example.
That won't protect you -- Windows recognizes any file with a certain header within the file as a WMF and processes it accordingly even if the file name doesn't end in ".WMF".
OK, so I ran the fix from hexblog and rebooted.
But when I ran their detection tool afterwards, I still got the bad news.
"Your system is vulnerable to WMF exploits".
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.