Attackers Target New Zero-day Vulnerability in Word

CSO - Framingham,MA,USA

Microsoft Corp.'s Word and Office programs have been targeted again, with
the company warning that hackers may already exploiting a new
vulnerability ...

<http://www2.csoonline.com/blog_view.html?CID=28803>

 

If you are opening unsolicited attachments you deserve whatever you get.

 

People are not perfect, so systems need to be designed from the ground up
with this in mind and provide all the built-in security that is required
for safe computing- something that Linux does brilliantly and effectively.

Microsoft, on the other hand, must have the world's most incompetent
programmers ever.

 

So you are saying that you can open any email attachment in *nix and you have nothing to fear? If you believe
that you are even dumber then I thought.

No amount of 'security' can prevent people from doing dumb things and in addition too much security can
CAUSE people to do dumb things because they believe the system will protect them. Do a search on "Offset
Hypothesis" for more info.

Based on what?

 

Exactly. I've open thousands of emails and have yet to catch any maladies. I
don't have spyware or anti-virus programs installed because my Linux
computer does not need them.

I believe that because it is a fact.

Here's the dumb thing:

"We find that safety-conscious drivers are more likely than other drivers to
acquire airbags and antilock brakes [Well, duh!] but these safety devices
do not have a significant effect on collisions or injuries [except that
they only increase your chance of survival in the event of a collision],
suggesting drivers trade off enhanced safety for speedier trips.â€

What nonsense.

Based on the fact that they cannot code a reliable, safe and cool operating
system. Windos, from 3.1 to Vista OS X, has historically been the most
bug-ridden and vulnerable system ever.

Vista shows that even copying Apple cannot advert producing a pathetically
compromiseable system.

Conclusion: Unix based operating systems, such as Linux and Mac OS X, will
continue to be the safest, most reliable (and coolest) systems for
industry, academia, and the consumer.

 

Supply your email address and I will gladly send you a nice 'friendly' attachment that I am sure you should
be able to open without any problems.

It's not nonsense. Here in North America SUV's are involved in a higher proportion of winter accidents
becuase the drives believe their vehicle is safer in these types of conditions (it's not).

I see you want a COOL OS. This of course is entirely subjective.

Even I will concede Vista is a pig.

You apparently missed the Month of Apple Bugs campaign. I am awaiting the same for *nix

 

Since I am not immune to spam, I will not expose my email; however, you can
just say plainly and publicly state what the attachment is all about and if
it is a potential threat to my system (which of course it will not be).

Obviously, SUV's have a higher center of gravity that undermines whatever
safety features they are built with. For a period of time, there seemed to
be a Ford fatality just about every week.

But your logic does not translate well for other vehicles such as sedans,
minivans, etc. Automobile Technology has reduced the number of fatalities
attributed to design issues, to be sure, however I would be hard pressed to
believe that this same technology may be the indirect (influential) cause
of the accidents.

So, even if this dumb theory could be taken at face value, there is
absolutely no correlation to our discussion on operating systems. Linux
provides a safer and sane computer environment for the consumer, which
means that users migrating away from windos will not "suffer" the atrocious
maladies they are accustomed; and certainly it is absurd to infer that a
safer computing environment means a greater risk.

Microsoft WANTS a cool OS. That's why they spent millions aping OS X, of
course, over a fragile and vulnerable platform.

You go right ahead and get a nice cup of coffee and wait.

And wait...

.... and wait.


....and...

 

Even *if* it did any damage, it's more than likely it will *only* affect
your user. The rest of the system will carry on regardless, as it wouldn't
have any permissions to change anything. If the attachment required you to
'sudo' it before it opened, then you just delete it.

<snip BS>

AFAIC he's just taking out of his arse, it's been explained to him
before, but he just prefers not to know (so I binned him, I know when you
can't educate a brick). 90% of the internet runs on linux, with no spyware
or anti-virus problems. I've run linux distros for 10 years, & never
bothered about spyware or anti-virus because i don't need to. However I do
run a rootkit checker regularly.

 

It doesn't work that way. Feel free to send me you real address to and while reply in
kind with a nice attachment. Otherwise you will simply deny that what I sent had any effect.

Here is another article:

http://news.uns.purdue.edu/html4ever/2006/060927ManneringOffset.html

This is not my logic. It's been shown in many cases that improved safety measure (aka security) are often
thwarted by the user feeling more confident and therefore being less cautious.

The correlation is that if a user has a 'safer' OS or browser they believe they don't have to do the things
that less 'safe' OS's or browsers might require such as applying patches or practicing safe surfing.

How do you know what Microsoft wants?

So it's only going to take me the time to finish my coffee before a new *nix bug is found? That's even
quicker than I imagined. You have to admit there are bugs in *nix or you really are beyond hope.

Here is some fun reading for you:

http://groups.google.ca/group/comp.os.linux.advocacy/browse_thread/thread/36f95df0e727a930/112639a4
9b61c770?lnk=st&q=vista+is+bad+but+linux+is+horrendous&rnum=1#112639a49b61c770

Also you may pick up a few pointers from the Linux Advocacy FAQ:

http://forums.fedoraforum.org/showthread.php?t=9838

Especially sections 7 and 8

 

Yes, it does work that way. Your obscurity about some anti-Linux WMD that
you are able to propragate via attachments gives you away as a charlattan
since this has only been known to work for windos. If you had any knowledge
at all about the reality of such thing, you would have obliged and
disclosed your attachment.

Which does not mean that the safest technology is conducive to greater
number of fatalities or accidents.

Here's a fact: When Linux distros are called to provide a patch, for
whatever reason, they respond swiftly. When a patch is deployed, it is the
final one, unlike MS which has such latent response time on top of having
to patch and re-patch their legion of patches, which will invariably break
something else in the system.

Alas, even with both camps dispensing patches, Linux remains the safest
choice for consumers since MS cannot seem to attain a decent level of
design integrity.

But I like your stance that MS garbage of OS forces users to be paranoid and
resigned to live in an endless cycle of unremedied vulnerabilities and
'safety' measures.

They have spent millions cloning Mac OS X and using "WoW" as the selling
point.

And you do seem to imagine a lot, to the point of hallucination.

Bugs and all, Unix and its variants remain the safest and most reliable
platform for consumers. Bar-none.

9b61c770?lnk=st&q=vista+is+bad+but+linux+is+horrendous&rnum=1#112639a49b61c770

All opinionated bullshit from some wintard that has circulated COLA for
ages.

More pointless nonsense. Are insults your last recourse?

Honestly, if Linux wasn't the threat that MS believes it to be, none of this
anti-Linux crap would be floating around. Instead, it would be largely
ignored... ala OS/2.

It does not change the realities that will go down in computing history:
Microsoft really does have incompetent teams that churn out garbage and
feed it to the consumer; Windos really is the worst most insecure and
unreliable OS ever made that does not stack against OSX and Linux; MS
really is one evil business entity that has no ethical backbone.

 

[edited for brevity]

It's hardly a WMD. A simple script will suffice. In any case your lack of confidence has been noted.

It is a hypothesis but has been shown in many cases to hold true. Of course it may not apply under all
circumstances.

There is no such thing as a final patch. Often additional problems are found later in the same component.
Yes *nix patches generally arrive sooner than MS patches but workarounds are generally available
immediatly.

How exactly did you come to that conclusion? Again it only takes on hole to sink a ship. Ultimately it's up to
the user to maintain their system regardless of the OS. If the user fails to install a patch they will be sunk in
no time.

What insults? The Linux advocacy people wrote it. You could learn from them. I am not against Linux. I am
against people such as yourself who believe it to be a panacea and anything else is simply rubbish
(especially if it's from Microsoft).

I'll wait for the book...I'm sure it will be a good read!

I believe that ultimately some form of *nix will be quite common (no thanks to people like you...the equivalent
of a car salesman for *nix).

 

I will not be spammed just because some morron thinks he can disable a linux
machine with a simple script; This really displays your sheer ignorance on
how Unix OS's work in general.

Shown by whom? And in what cases? I don't see how you intend to support such
bullshit with verifiable facts.

Post proof.

And that's the world of windos: Inevitable and continuous cycles of patching
and 'working around'.

By the fact that windos remains to this day the least secure and least
reliable of all available operating systems.

Again, it takes a hole the size of a dime to sink windos.

That's an obvious observation applicable to any environment, but a system
that requires a great number of patches at an equal great frequency cannot
be trusted.

That's a lie and you well know it (or maybe not), you have no knowledge of
the author and his intentions (which you seem to have inferred from reading
the content). It was written by some aggravating Linux foe who just posted
it to COLA.

What, exactly, do you think anyone could learn from "them", when you are to
obtuse to differentiate between an authentic post and a farce?

Given the long history of MS incompetence and the shoddy products people
have had to suffer from, Linux really is a panacea.

Actually, there's plenty of literature out there already that will help you
get a better grip on reality.

Good. You've finally seen the light.

 

Use a disposable address. They are easy to get. FWIW I have a fair bit of *nix experience.

There is one reference listed above to Purdue University. A simple Google search for "Offset Hypothesis"
will find you many more.

Here are two patches for the SuSE Kernel released within 3 months of each other:

http://www.linuxsecurity.com/content/view/127226/170/
http://www.linuxsecurity.com/content/view/126321/170/

There are numerous others involving the same components.

This is a fact of life for ALL modern software.

As you would say "Post proof"

Here is a recent article quoting a security expert from eEye on Microsoft and Vista security:

But Mr Maiffret does not blame the software giant for the mismatch between the market's expectations
about Vista's security and the less palatable reality. "There's no other software company that does more to
secure their code than Microsoft," Mr Maiffret says. "It's weird to me that a lot of people think there should
be this thing that we reach at some point where the operating system is impenetrable... I don't think that is
ever going to happen."

Source http://www.smh.com.au/news/security/vista-still-vulnerable/2007/02/26/1172338546822.html

No OS is totally secure and it's level of security changes from patch to patch. If your OS is not getting
patched it's likely very insecure.

It's irrelevant what the 'size' is. A critical hole is just that. This is why ultimately how well you maintain your
system as well as your computer practices that will ultimately determine your security.

A well patched OS trumps a poorly patched one when it comes to security (regardless of the OS). If you
are not maintaining your OS you ARE vulnerable regardless of the OS.

Ahh...insults...the last resort for someone who cannot come up with a intelligent argument.

 

I don't know how you can attempt to define "fair bit" when you argue,
contrary to overwhelming evidence, that windos is as secure or more secure
than Unix.

I would certainly believe that anyone with a passing knowledge of both
architectures could plainly see the obvious differences that put Unix above
windos for security and reliability.

A simple Google search for "Offset Hypothesis" simply regurgitated what you
have been proposing all along. However, this nonsense simply does not
translate into any applicable form for computing platforms.

You argue that a rock-solid and secure system, such as Linux, will
inevitably lead to users being more careless about maintaining their
systems, while the frailty of windos will force users to always stay on
their toes- or else pay the consequences.

This sheer silliness.

Two patches in three months... mhhh... I wonder how it compares with
microsoft's patching cycles.

There is no comparison if you are trying to present Linux as being equal to
windos when it comes to vulnerabilities, patching, and the quality of the
fix.

MS has spent millions trying to stave off vulnerabilities and exposures in
their systems. Their patching program, by sheer volume and re-patching
frequencies, underlines the shoddiness of their OS.

But not ALL modern software is equal. Linux is an engineering success by the
academics and programmers that form the OSS community; in contrast, windos
is a proprietary monstrosity that fails to meet the criteria of good
design, proven by the endless vulnerabilities that keep cropping up.

Read my posts. I have posted numerous articles showcasing the frailty of a
system touted to be the "safest" yet.

The reality, of course, that there are no legions of viruses, trojans, and
spyware for Linux or Mac OSX.

He's right, there is not other company that does more to TRY to secure their
poor, hopless product.

For Windos anyways. Today, right now (even with your so-called script
running around all over the internet assaulting poor unsuspecting Linux) I
feel much safer and tranquil in my computing environment just because I'm
using Linux.

Speaking in relative terms, compared to windos, Linux really is totally
secure. Of course there will be threats for all systems, but the level of
vulnerability of the windos platform is just too laughable.

For as long there are no real threats for Linux, to the point of causing
irreparable damage to the system, it will always be "totally" secure when
compared to the risks associated with windos.

You are right only to a certian extent: A virus or some other parasite can
bring your entire computer to a halt. This really happens to people. Even a
little VB script can ruin anyone's day, and there are thousands of such
holes in windos.

Not true. A marginally patched Linux box will trump a fully patched windos
box.

Windos requires unreasonable maintenance, as I said before, it forces the
user into an unholy loop of third-party solutions and absurd patching
cycles.

"I'll wait for the book...I'm sure it will be a good read!" was not an
intelligent argument, therefore, by your own logic you deserve to be
insulted.

 

A systems security is a moving target as new vulnerbalities are found and fixed. What can be totally secure
one day quickly becomes at risk when a new vulnerability is found. This is true regardless of the OS.

My real world experience is that I have never had a Windows box compromised. I will certainly agree that
older incarnations of Windows were less than reliable but have come a long way.

You put words in my mouth. I simply said that it has been shown on more than one occaision that
improvements in safety don't necessarily result in real world benefits as users tend to be less careful
believing that these improvements will protect them.

15 SuSe security patches in January vs 12 for Microsoft:

http://www.linuxsecurity.com/content/blogcategory/100/112

It's only good business. Windows currently has the largest market share and if I wish to get my 'product' out
and make the most profit it only makes sense to go after that market. In case you haven't heard
spyware/malware is all about making money.

The Month of Apple Bugs projects showed that OSX is not a secure as Apple would like us to believe.

Good for you. You are of course delusional because as Mr Maiffret says and pretty much any secure
expert would agree no system is entirely secure.

As I said above nothing is '"totally" secure. It's also very difficult to compare the OS's. There are multiple
versions of Windows and we won't even get into the numerous *nix distros. As I have said before it only
takes one unpatched critical flaw regardless of OS to make it totally insecure.

If this was truly the case no one would be using Windows as it would be unusable. The reality is that a
properly maintained Windows system is safe and reliable.

ROTFL

A critical flaw left unpatched is going to get you into trouble in short order regardless of the OS.

That's a subjective view and I would disagree. Patching is a fact of life in our current, hostile, environment.
If you wish to remain safe on the Internet you need to stay on top of the latest vulnerabilities and address
them.

 

*********************
My experience showed me that no matter what protection software is
protecting your machine, anything can happen, and this is not due to lack of
diligence by many users:
My former Gateway computer crashed, died and couldn't be revived,
because of a file that bypassed the Norton Antivirus software, installed by
Earthlink. I went straight to the top, and bitched about the problem
because it wasn't an error due to my opening an e-mail....I had a spam
blocker set to the highest. I was vigilant to the point of obsession, not
allowing any spam into my inbox.
Well, if you'll pardon this venting, I noticed a "spoof @paypal.com"
entry which never could have gotten into the inbox, having deleted all of
those bogus domain spam mail, on a weekly basis. I never touched the
email....just deleted it...and Boom! the Norton window appears and tells me
verbatim, " this *file* got in through the back door!"....There was nothing
I could do, and I went nuts. The company VIP gave me a year's internet
service for the trouble this caused, and I have been leery of any e-mail
that I receive since. I got a Dell and am using McAfee Security suite,
which seems pretty good. Only problem is that I use the computer for hours
a day and have been learning much on my own.
If any gurus know the technology re: routers, and uTorrent type
applications, I'd appreciate some feedback. Hoping to catch "a short bit
with HST before he blew his brains out", I had to first download the Torrent
file. download a PFConfig.exe to setup a router download. Then given the
option to choose a free version of Network Magic's setup download, had to
configure the port, etc. All I want to know is if I will have trouble with
my internet and firewall settings, having had to grant access to the film
application, and go through all these steps since 2:00am? Will I be able to
remove these files if necessary, without changing anything in my connections
folder? It appears my mistake, because from what I gather, this is
primarily a network system......and the only computer in the house is the
one I'm typing on....Any comments?
Annette
**********************

 

You can install Linux in your computer or get a Mac. Either way, you will
never escape the windos scourge unless you change platforms.