Windows PCs face ‘huge’ virus threat

[mairving]

Quote:

Computer security experts were grappling with the threat of a new weakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses. “The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.”

Hopefully Microsoft will release a patch for it in their regular patch schedule next week. There is even an unofficial patch.

Story

[Panama Red]

Yea, saw that in our local paper last Saturday and it was on the front page here at the Mech on Friday. Cracks me up that these "security" companies reveal the vulnerabiltiy to the world rather than work quietly with MS and let them correct it. But no, they have to send up a flare for the virus writers "Look here! Here's a new way in!!" That's just stupid in my opinion.

http://www.pcmech.com/newsitem.php?id=1263

[doctorgonzo]

Quote:

Originally Posted by Panama Red Cracks me up that these "security" companies reveal the vulnerabiltiy to the world rather than work quietly with MS and let them correct it. But no, they have to send up a flare for the virus writers "Look here! Here's a new way in!!" That's just stupid in my opinion.

That's assuming the bad guys don't already know about the flaw. I would guess that some of them probably do; they tend to be smart about these things. In general, I'm in favor of public announcements of these holes as opposed to keeping them private in the hopes that they will be fixed in time. Without publicity, there is less pressure to fix them and thus a higher chance that the flaw will be exploited before they are fixed.

[Panama Red]

I understand your logic, doc, that making it public would prod MS into faster action. But it just seems that this is akin to having a broken lock on your front door. You neighbor knows about it and puts a sign in his front yard announcing it to anyone that drives by. Now it's possible that a crook might find your broken door without the neighbor's sign but the probablility of you getting robbed is much higher with his public announcement. Considering all the "broken doors" that have just been identified in MS's neighborbood has just told the bad guys where to go to increase their chances of scoring. I just don't like it.

[RevCLB]

Thanks guys for bringing this up again. Missed the story on Friday. Did the patch & feel more secure. Thanks again, RevCLB

[doctorgonzo]

From the story, it sounds like there were already web sites that use the exploit out there. Thus, it is like having your front door lock broken and several things taken from your house without you knowing it, so yes, bringing it to your attention would be helpful. And even though there is no patch yet, it sounds like some things could be done: for example, firewalls could be programmed to block WMF files if the firewall has that capability. That's better than nothing, and publicizing the exploit allows corporate IT people to try to do something instead of being caught flat-footed.

There are times when it makes more sense not to publicize an exploit, but I think that history has shown that there is more damage when security exploits are kept secret than when they aren't.

[David M]

Look at it from the anti-virus/anti-malware software companies perspectives. The more noise they make about viruses etc, the more software they sell.

[mairving]

Quote:

Originally Posted by David M Look at it from the anti-virus/anti-malware software companies perspectives. The more noise they make about viruses etc, the more software they sell.

Sounds good but not true in this case.

[Force Flow]

http://isc.sans.org/diary.php?storyid=994 - an faq about the issue

http://isc.sans.org/diary.php?storyid=996 - the plea to install the patch

http://isc.sans.org/diary.php?storyid=999 - the latest copy of the patch

http://www.microsoft.com/technet/sec...ry/912840.mspx -
microsoft's official coverage

[rave]

***PATCHED***

im guessing this is just a temporary patch. time to distribute to ignorant friends and family....
they have no idea what is coming.

[ztx]

The hexblog seems to be down, and I'm not able to download the .msi file from ISC, it just seems to hang, anyone mind uploading to yousendit, or something? :x

[Hi Ho]

I always read about these "huge threats" and yet, I have never had a single virus on any of my PC's...

[Kov-Ice]

Same here. That's called responsible and safe surfing, most likely, eh?

[blue60007]

Quote:

Originally Posted by Hi Ho I always read about these "huge threats" and yet, I have never had a single virus on any of my PC's...

*knock on wood* Me neither, but I did get some browser homepage hijack on my computer a long time ago. But that was because of my stupidity, but it was easy enough to remove.

[surewhynot]

I have a question about the temporary patch. I'm not sure if I should start A new thread or not. If so please let me know. My question is- If I install the temporary patch now, when microsoft releases their patch do I have to uninstall the temporary one? I am set up for automatic updates and running XP home. Thank you, Tony

[786ARS]

is the patch needed for x64 win?

[rave]

ever wondered if "THIS" could be the virus.LOL
*touch wood*

huh? im confused. there is the .exe file and the .msi which one do i choose?

since the last update on the msi file was on the 3rd.. i should do that i guess.

[piasabird]

I think these marketing guys just make all the virus's so we will go out and buy firewalls, and security programs. It is all the fault of marketing. They have free speech and there is nothing you can do to stop these idiots.

I installed SUSE Linux version 10 on one computer and it never ever lets anything past the firewall. Not one single pop-up. It is just inferior windows programming. Bill Gates could have made an object oriented windows with ease of use and better security, but his company continues to code in such a cryptic manner just to make it hard for people to write programs for Windows. Microsoft is the biggest enemy of America and the World.

[rave]

hahaha...lucky me..
i've been hit.i was in an "undisclosed site" and bang!
downloaded some file that looks like a PNG icon but was named WMF_exploit
HAHAHAHAHAHAA!

think the patch worked..woohoo!explorer.exe crashed like 5 times....
i used Eraser 5.7 to write over the data 35 times!

doing an AVG scan now.dont think anything will turn up

[Force Flow]

Quote:

Originally Posted by surewhynot I have a question about the temporary patch. I'm not sure if I should start A new thread or not. If so please let me know. My question is- If I install the temporary patch now, when microsoft releases their patch do I have to uninstall the temporary one? I am set up for automatic updates and running XP home. Thank you, Tony

From what I've read, the general assumption seems to be that you should uninstall it before applying MS's patch. But, I guess we'll see for sure when the patch comes out on the 10th.

[David M]

Quote:

Originally Posted by piasabird Microsoft is the biggest enemy of America and the World.

Don't hold back. Tell us what you REALLY think of Mircosoft.

[rspassey]

Quote:

Originally Posted by rave hahaha...lucky me.. i've been hit.i was in an "undisclosed site" and bang! downloaded some file that looks like a PNG icon but was named WMF_exploit HAHAHAHAHAHAA! think the patch worked..woohoo!explorer.exe crashed like 5 times.... i used Eraser 5.7 to write over the data 35 times! doing an AVG scan now.dont think anything will turn up

Hmm. I patched and nothing went wrong.. you sure you did everything correctly?

[lil Jimmie]

Patch release is gonna be a lil early http://www.microsoft.com/technet/sec...n/advance.mspx

Patch here http://www.microsoft.com/technet/sec.../MS06-001.mspx

THX Statica

[surewhynot]

Thanks for the info Force and thanks for the links Jimmie. I am once again wearing a Bill Gates Band aid ( all patched up lol )

[antgross@pacbell.net]

Quote:

Originally Posted by mairving Hopefully Microsoft will release a patch for it in their regular patch schedule next week. There is even an unofficial patch. Story

And what is the number of this patch? Number 567? I always picture my OS with lots of digital band-aids covering it. Does anyone seriously believe this will get better with VISTA?

The computing experience should not be dominated by the need to patch every fifteen seconds, install 3 different antispyware programs, popup blockers, antiphishing, etc etc. Enough already. MAC OS anyone? lol

[thefultonhow]

Quote:

Originally Posted by antgross@pacbell.net The computing experience should not be dominated by the need to patch every fifteen seconds, install 3 different antispyware programs, popup blockers, antiphishing, etc etc. Enough already. MAC OS anyone? lol

MacOS actually is only slightly more secure than Windows from a "security holes" point of view. Linux is only as secure. I read something that said that Microsoft released about 40 patches in 2004; Apple released about 30; and there were about 40 for the Linux kernel. The real reason MacOS and Linux are more secure is "security through obscurity" -- Windows has a 95% market share, versus 5% combined for MacOS and Linux, so it doesn't pay for malware writers to write stuff for MacOS/Linux. This is compounded by the facts that much of the MacOS user base uses laptops that aren't on as much as Windows desktop PCs, and Linux users are generally more tech-savvy and so are less likely to let an infection go untreated.

Remember that much malware has a profit motive behind it. Spyware companies sell advertising slots for the popups that their software creates; worm-writers creat "bot-nets" that can be sold to the highest bidder in order to create spam relays, phishing schemes, and Denial of Service attacks. Malware writers are going to go for the biggest bang for their buck -- and with such small market shares compared to Windows, Linux/MacOS are not where they'll be looking.

Where am I going with this? Well, if everyone shifts to MacOS, that will become the platform of choice for malware writers. Same thing with Firefox -- as its user base grows, we're seeing more exploits for it. "Security through obscurity" is really the only good foolproof method of protection (if you don't count practicing safe browsing habits and securing your system).

[rave]

Quote:

Originally Posted by ryan124712 Hmm. I patched and nothing went wrong.. you sure you did everything correctly?

yup...im cleane and safe.nothing went wrong.downloaded the Official Patch. yet to restart

[antgross@pacbell.net]

Quote:

Originally Posted by thefultonhow MacOS actually is only slightly more secure than Windows from a "security holes" point of view. Linux is only as secure. I read something that said that Microsoft released about 40 patches in 2004; Apple released about 30; and there were about 40 for the Linux kernel. The real reason MacOS and Linux are more secure is "security through obscurity" -- Windows has a 95% market share, versus 5% combined for MacOS and Linux, so it doesn't pay for malware writers to write stuff for MacOS/Linux. This is compounded by the facts that much of the MacOS user base uses laptops that aren't on as much as Windows desktop PCs, and Linux users are generally more tech-savvy and so are less likely to let an infection go untreated. Remember that much malware has a profit motive behind it. Spyware companies sell advertising slots for the popups that their software creates; worm-writers creat "bot-nets" that can be sold to the highest bidder in order to create spam relays, phishing schemes, and Denial of Service attacks. Malware writers are going to go for the biggest bang for their buck -- and with such small market shares compared to Windows, Linux/MacOS are not where they'll be looking. Where am I going with this? Well, if everyone shifts to MacOS, that will become the platform of choice for malware writers. Same thing with Firefox -- as its user base grows, we're seeing more exploits for it. "Security through obscurity" is really the only good foolproof method of protection (if you don't count practicing safe browsing habits and securing your system).

Windows isn't a target because it's on more pcs. It's a target because it's easy to break. How much spyware and viruses were written for OS 10 and linux last year??

[bozo]

Quote:

Originally Posted by thefultonhow MacOS actually is only slightly more secure than Windows from a "security holes" point of view. Linux is only as secure. I read something that said that Microsoft released about 40 patches in 2004; Apple released about 30; and there were about 40 for the Linux kernel. The real reason MacOS and Linux are more secure is "security through obscurity" -- Windows has a 95% market share, versus 5% combined for MacOS and Linux...BINGO!, so it doesn't pay for malware writers to write stuff for MacOS/Linux. This is compounded by the facts that much of the MacOS user base uses laptops that aren't on as much as Windows desktop PCs, and Linux users are generally more tech-savvy and so are less likely to let an infection go untreated. Remember that much malware has a profit motive behind it. Spyware companies sell advertising slots for the popups that their software creates; worm-writers creat "bot-nets" that can be sold to the highest bidder in order to create spam relays, phishing schemes, and Denial of Service attacks. Malware writers are going to go for the biggest bang for their buck -- and with such small market shares compared to Windows, Linux/MacOS are not where they'll be looking. Where am I going with this? Well, if everyone shifts to MacOS, that will become the platform of choice for malware writers. Same thing with Firefox -- as its user base grows, we're seeing more exploits for it. "Security through obscurity" is really the only good foolproof method of protection (if you don't count practicing safe browsing habits and securing your system).

Very well stated thefultonhow
The reason 95% of us use MS operating systems is that, the best, the most widespread, AND the cheapest software is produced to run on the Windows platform...That's Reality...and I don't see that changing anytime soon.

[thefultonhow]

Quote:

Originally Posted by antgross@pacbell.net Windows isn't a target because it's on more pcs. It's a target because it's easy to break. How much spyware and viruses were written for OS 10 and linux last year??

Not true. Did you read what I wrote? There are an equal number of security flaws for Linux and almost as many for MaOS. The reason no malware is written for MacOS/Linux is that the user base is so small.