Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > WMF Exploit!!!! Install this patch now!

Reply
Thread Tools

WMF Exploit!!!! Install this patch now!

 
 
Bruce Chambers
Guest
Posts: n/a
 
      01-04-2006
Jim wrote:



What kind of an idiot would install an "unofficial" patch. I can't
think of a more common way currently used to spread malware.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
Reply With Quote
 
 
 
 
CountryLover
Guest
Posts: n/a
 
      01-04-2006
On Tue, 03 Jan 2006 19:36:35 -0700, Bruce Chambers <(E-Mail Removed)3t>
wrote:

>Jim wrote:
>
>
>
> What kind of an idiot would install an "unofficial" patch. I can't
>think of a more common way currently used to spread malware.


Been living under a rock for the last week or so, eh?
 
Reply With Quote
 
 
 
 
Jim
Guest
Posts: n/a
 
      01-04-2006
This makes it look like I made this ignorant quote. I did not. It is
Bruce's statement.

Whether Bruce posted this through ignorance of his newsreader or with
malicous intent I cannot say. Perhaps he will enlighten us as to why he
would make it appear that i had said something that I did not (check the
threads).

Jim

"CountryLover" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) alid...
> On Tue, 03 Jan 2006 19:36:35 -0700, Bruce Chambers
> <(E-Mail Removed)3t>
> wrote:
>
>>Jim wrote:
>>
>>
>>
>> What kind of an idiot would install an "unofficial" patch. I can't
>>think of a more common way currently used to spread malware.

>
> Been living under a rock for the last week or so, eh?



 
Reply With Quote
 
Jim
Guest
Posts: n/a
 
      01-04-2006
I'm outta here.

I have shown you what I know about the patch and protecting yourselves. I
have projects to get out and must concentrate on them at this time.

Ultimately (in PCs as in life), your seurity is in your hands. Do your
research. Listen to whom you trust.

I wish you all the very best in this new year.

Have fun and be safe.

Jim


 
Reply With Quote
 
Toolman Tim
Guest
Posts: n/a
 
      01-04-2006
In news_Huf.11903$(E-Mail Removed),
Jim spewed forth:
>
> "CountryLover" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) alid...
>
>> On Tue, 03 Jan 2006 19:36:35 -0700, Bruce Chambers
>> <(E-Mail Removed)3t> wrote:
>>>
>>> What kind of an idiot would install an "unofficial" patch. I can't
>>> think of a more common way currently used to spread malware.

>>
>> Been living under a rock for the last week or so, eh?

>
> This makes it look like I made this ignorant quote. I did not. It is
> Bruce's statement.
>
> Whether Bruce posted this through ignorance of his newsreader or with
> malicous intent I cannot say. Perhaps he will enlighten us as to why
> he would make it appear that i had said something that I did not
> (check the threads).
>
> Jim
>
>

I was going to jump in on Bruce's post and say I thought *he* was the idiot.
Many security "patches" exist that are not generated by Microsoft. Can you
say "firewall"? Or "antivirus"? Or adware/spyware blockers? These would not
be the necessities of modern Windows computing they are today if the OS was
written better (right, Mitch? <g>) While perhaps not direct "patches" to the
OS, many are "add-ons" and in the form of services become integrated into
the OS just like a patch would. And by following basic "safe hex" practices,
there is little risk downloading that patch.

--
Whenever I think of the past, it brings back so many memories...


 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      01-04-2006
In article <kCIuf.77$(E-Mail Removed)>, http://www.velocityreviews.com/forums/(E-Mail Removed)lid
says...
> I was going to jump in on Bruce's post and say I thought *he* was the idiot.
> Many security "patches" exist that are not generated by Microsoft. Can you
> say "firewall"? Or "antivirus"? Or adware/spyware blockers? These would not
> be the necessities of modern Windows computing they are today if the OS was
> written better (right, Mitch? <g>) While perhaps not direct "patches" to the
> OS, many are "add-ons" and in the form of services become integrated into
> the OS just like a patch would. And by following basic "safe hex" practices,
> there is little risk downloading that patch.


I'm not taking sides in this who said what/is what, but I can tell you
that with our networks, that we won't be installing any patch, Microsoft
or third party, until it's been tested on production clone systems to
determine what it breaks before it's released into the customers
networks.

I would hazard a guess that it will take two days for most IT groups to
implement the MS fix, and more for those implementing a third party fix.
At the same time, many groups, where they don't have the hole that
permits unrestricted workers access to the Internet, where they don't
allow all attachments in email, won't have a problem waiting while they
test.

--

(E-Mail Removed)
remove 999 in order to email me
 
Reply With Quote
 
Toolman Tim
Guest
Posts: n/a
 
      01-04-2006
In news:UFIuf.429$(E-Mail Removed),
Leythos spewed forth:
> In article <kCIuf.77$(E-Mail Removed)>, (E-Mail Removed)lid
> says...
>> I was going to jump in on Bruce's post and say I thought *he* was
>> the idiot. Many security "patches" exist that are not generated by
>> Microsoft. Can you say "firewall"? Or "antivirus"? Or adware/spyware
>> blockers? These would not be the necessities of modern Windows
>> computing they are today if the OS was written better (right, Mitch?
>> <g>) While perhaps not direct "patches" to the OS, many are
>> "add-ons" and in the form of services become integrated into the OS
>> just like a patch would. And by following basic "safe hex"
>> practices, there is little risk downloading that patch.

>
> I'm not taking sides in this who said what/is what, but I can tell you
> that with our networks, that we won't be installing any patch,
> Microsoft or third party, until it's been tested on production clone
> systems to determine what it breaks before it's released into the
> customers networks.
>
> I would hazard a guess that it will take two days for most IT groups
> to implement the MS fix, and more for those implementing a third
> party fix. At the same time, many groups, where they don't have the
> hole that permits unrestricted workers access to the Internet, where
> they don't allow all attachments in email, won't have a problem
> waiting while they test.


Several days (and even longer) isn't uncommon in developing and implementing
a fix. In fact, part of the delay on the part of MS is (hopefully) from
their attempt to make a patch that doesn't crash something critical
somewhere. There have been enough cases of the cure being worse than the
disease...

--
Whenever I think of the past, it brings back so many memories...


 
Reply With Quote
 
Todd H.
Guest
Posts: n/a
 
      01-04-2006
Bruce Chambers <(E-Mail Removed)3t> writes:

> What kind of an idiot would install an "unofficial" patch. I
> can't think of a more common way currently used to spread malware.


A desperate one who
lacks official patch choices
faces an extremely critical threat with attack vectors via web
browsing (even trusted sites that might be defaced),
IM, and email channels
has an option for an unofficial patch coded by one of the best
low level windows programmers on the planet
and recommended by one of hte most respected security
organizations on the planet (SANS)


It's either that or disconnect your computer from the net until next
Tuesday.

Best Regards,
--
Todd H.
http://www.toddh.net/
 
Reply With Quote
 
Kerry Brown
Guest
Posts: n/a
 
      01-04-2006
Jim wrote:
> I'm outta here.
>
> I have shown you what I know about the patch and protecting
> yourselves. I have projects to get out and must concentrate on them
> at this time.
> Ultimately (in PCs as in life), your seurity is in your hands. Do
> your research. Listen to whom you trust.
>
> I wish you all the very best in this new year.
>
> Have fun and be safe.
>
> Jim


Thank you. Although many respected people here have disagreed with you it
has been a valuable discussion. Personally I have seen enough of my
customer's computers that have been compromised and done enough testing to
prove to myself that the patch works to block the exploit that I have
installed it. Yes, it may cause some unforeseen problems but it can be
easily uninstalled if it does. I look forward to uninstalling it when
Microsoft releases their patch. I agree with the way Microsoft is releasing
their patch. Their patch has to work and has to be well tested before
general release. I really take offence with the way Microsoft is downplaying
the severity of the exploit and how prevalent it is. They are giving many
people a false sense of security and causing untold damage to unsuspecting
users by lulling them into a false sense of security. To anyone who doesn't
believe this then try this. Build a clean machine. Update Windows. Install
your favourite anti-virus and anti-spyware programs. Visit a few of the
known bad sites. You will be infected. Fine you say. I just won't visit
those sites. There has already been known legitimate sites that have been
hacked and frames added with the exploit. Microsoft is right to test the
patch completely. They are wrong to minimize the exploit's impact.

Kerry


 
Reply With Quote
 
Barry OGrady
Guest
Posts: n/a
 
      01-04-2006
On Tue, 03 Jan 2006 19:36:35 -0700, Bruce Chambers <(E-Mail Removed)3t> wrote:

>Jim wrote:
>
>
>
> What kind of an idiot would install an "unofficial" patch. I can't
>think of a more common way currently used to spread malware.


Rather suspicious.


>
>
>--
>
>Bruce Chambers
>
>Help us help you:
>http://dts-l.org/goodpost.htm
>http://www.catb.org/~esr/faqs/smart-questions.html
>
>You can have peace. Or you can have freedom. Don't ever count on having
>both at once. - RAH


Barry
=====
Home page
http://members.iinet.net.au/~barry.og
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Render WMF, EMF into Raster Graphics Format & Convert WMF to PNG sherazam Java 0 10-21-2010 10:04 AM
WMF patch includes Win 9X/ME Art Computer Security 8 05-09-2006 06:40 AM
SVG-WMF or PNG-WMF conversion Ganesh Palaniappan ASP .Net 1 04-13-2006 11:44 AM
WMF Vulnerability patch for win98 etc., REALTIME LOG Peter Computer Security 5 01-21-2006 12:06 PM



Advertisments