«

http://money.cnn.com/2006/01/03/tech...ex.htm?cnn=yes


NEW YORK (CNNMoney.com) - The new year is off to a rocky start at Microsoft,
where security experts are scrambling to confront a potentially massive
virus threat to Windows PCs.
According to a report Tuesday in the Financial Times, the latest
vulnerability involves a flaw which allows hackers to infect computers using
programs inserted into image files. The threat was discovered last week. But
it mushroomed over the weekend, when a group of hackers published the source
code they used to exploit the flaw.

What makes this threat particularly vicious, according to the Times, is that
unwitting victims can infect their computers simply by viewing a web page,
e-mail, or instant message that includes a contaminated image. That differs
from most virus attacks, which require a user to actually download an
infected file.

"The potential [security threat] is huge," Mikko Hypponen, chief research
officer at F-Secure, an antivirus company, told the Times. "It's probably
bigger than for any other vulnerability we've seen.

"Any version of Windows is vulnerable right now," said Mr. Hypponen,
including every Windows system shipped since 1990.

Microsoft said a security patch would be available for the problem on
Tuesday, January 10 after it has passed rigorous testing procedures

Isn't it only Windows metafiles that are affected? Hardly anyone seems
to use those so they should be easy to avoid.

news.xtra.co.nz wrote:
> http://money.cnn.com/2006/01/03/tech...ex.htm?cnn=yes
>
>
> NEW YORK (CNNMoney.com) - The new year is off to a rocky start at Microsoft,
> where security experts are scrambling to confront a potentially massive
> virus threat to Windows PCs.
> According to a report Tuesday in the Financial Times, the latest
> vulnerability involves a flaw which allows hackers to infect computers using
> programs inserted into image files. The threat was discovered last week. But
> it mushroomed over the weekend, when a group of hackers published the source
> code they used to exploit the flaw.
>
> What makes this threat particularly vicious, according to the Times, is that
> unwitting victims can infect their computers simply by viewing a web page,
> e-mail, or instant message that includes a contaminated image. That differs
> from most virus attacks, which require a user to actually download an
> infected file.
>
> "The potential [security threat] is huge," Mikko Hypponen, chief research
> officer at F-Secure, an antivirus company, told the Times. "It's probably
> bigger than for any other vulnerability we've seen.
>
> "Any version of Windows is vulnerable right now," said Mr. Hypponen,
> including every Windows system shipped since 1990.
>
> Microsoft said a security patch would be available for the problem on
> Tuesday, January 10 after it has passed rigorous testing procedures
>
>

On Wed, 04 Jan 2006 11:26:12 +1300, news.xtra.co.nz wrote:

> Microsoft said a security patch would be available for the problem on
> Tuesday, January 10 after it has passed rigorous testing procedures

And are those "rigorous testing procedures" the same ones that permitted
Micro$oft to describe WindozeXP as the "most secure version of Windows
ever"?

Don't bother patching Windows. Dump it altogether. Change over to using
Linux!


Undeniably Sluttish

--
"Simply opening the wrong Web page or receiving an e-mail with an errant
image file could be enough to cripple your computer, thanks to a newly
discovered vulnerability in the Microsoft Windows operating systems."

anon k wrote:
> Isn't it only Windows metafiles that are affected? Hardly anyone seems
> to use those so they should be easy to avoid.

Yes, but the exploit works on wmf files renamed to jpg and presented on
websites - even as banners. Not so easy to avoid.

-=rjh=- <> wrote in news::

> anon k wrote:
>> Isn't it only Windows metafiles that are affected? Hardly anyone seems
>> to use those so they should be easy to avoid.
>
> Yes, but the exploit works on wmf files renamed to jpg and presented on
> websites - even as banners. Not so easy to avoid.

Temporary fix available here-

http://www.grc.com/sn/notes-020.htm

-=rjh=- wrote:
> anon k wrote:
>
>> Isn't it only Windows metafiles that are affected? Hardly anyone
>> seems to use those so they should be easy to avoid.
>
>
> Yes, but the exploit works on wmf files renamed to jpg and presented on
> websites - even as banners. Not so easy to avoid.

Ah, I see...

Mr Undeniably Sluttish wrote:
> On Wed, 04 Jan 2006 11:26:12 +1300, news.xtra.co.nz wrote:
>
>
>>Microsoft said a security patch would be available for the problem on
>>Tuesday, January 10 after it has passed rigorous testing procedures
>
>
> And are those "rigorous testing procedures" the same ones that permitted
> Micro$oft to describe WindozeXP as the "most secure version of Windows
> ever"?
>
> Don't bother patching Windows. Dump it altogether. Change over to using
> Linux!
>

I don't know how people can bear to waste all that time on endlessly
downloading patches and finding yet another anti-virus program.

Ubuntu http://www.ubuntulinux.org/ will send free CDs! These comprise
one disc that you can use to just try out their version of Linux (i.e.
you can't save what you do, it lasts only as long as you are running
that disc, but you can see if the Linux programs would suit you) and
another for installing it on your computer. Anyone who is in doubt
would probably be wise to try out first. Linux has such a reputation for
being hard to use and only suitable for geeks, many windows users would
be nervous of the change-over unless they had had a good look at it first.

Linux is the ideal operating system for non-geeks. It doesn't mess up,
and even if you mess up your own stuff you can't accidentally delete one
of the vital components that make the whole operating system work!

A L P

Will pc-cillin 2005 stop the virus?

geopelia wrote:
> Will pc-cillin 2005 stop the virus?
>
>
Not by itself, I shouldn't think. This is a real nasty that loads and
installs itself if you look at a picture - anything from a graphic logo
on a web page to a pic attached to an e-mail. In some circumstances it
can load and instal with you doing anything at all beyond viewing a web
page.

Nasty indeed, and I have nothing but contempt for the dim dumbasses that
devised and distributed it.

Philip

Mr Undeniably Sluttish wrote:
> On Wed, 04 Jan 2006 11:26:12 +1300, news.xtra.co.nz wrote:
>
>> Microsoft said a security patch would be available for the problem on
>> Tuesday, January 10 after it has passed rigorous testing procedures
>
> And are those "rigorous testing procedures" the same ones that permitted
> Micro$oft to describe WindozeXP as the "most secure version of Windows
> ever"?
>
> Don't bother patching Windows. Dump it altogether. Change over to using
> Linux!
>
>
> Undeniably Sluttish
>

This is easy to say, much harder to do for many users, and impossible
probably for many of them who just want to use a computer for what it
can do for them and don't want to look under the hood.

Linux is a fine and clever thing, though most of its documentation is
appalling and the basic concepts are presented in ways unfriendly to
many - perhaps most - computer users.

But what you're saying is the equivalent of telling a man who's just
blown the head gasket on his Holden that the answer to his problem is to
rip out the Holden engine & put in a Toyota.

Yeah, right.

Philip

(who regularly uses Ubuntu, Knoppix & Windows XP)