|
|
 |
|
|
Pages: 1
Exploits released for new Windows flaws
(Click here to view the original thread with full colors/images)
Posted by: Ion Silverbolt
CNet News has some info on some new exploits circulating around.
One vulnerability, in the operating system's LoadImage function, could enable an attacker to compromise a victim's PC when the computer displays a specially crafted image placed on a Web site or in an e-mail. The other vulnerability, in the Windows Help program, likewise could affect any program that opens a Help file.
Because the flaws are in a library used by Windows programs, almost all browsers and e-mail clients are likely affected by the flaws, said Alfred Huger, senior director of engineering at Symantec.
"They are rather serious," Huger said. "Both can be exploited by anything that processes images or reads help files."
Because the flaws were accompanied by sample code--known as exploit code--that shows how to take advantage of the security holes, Huger expected the exploits to be quickly incorporated into the tools of malicious Internet users.
"The fact that there is an exploit out there is very concerning," he said. "I think you will see it in phishing scams and spyware in very short order."
Posted by: redwench
that site must be a hacker's dream. they actually give sample code for them 
The flaws came to light on Thursday, when a Chinese security forum, Xfocus Team, posted the issues to its Web site. The vulnerabilities were found by Chinese firm VenusTech and posted on Monday to the Internet, according to the Xfocus posts.
Because the flaws were accompanied by sample code--known as exploit code--that shows how to take advantage of the security holes, Huger expected the exploits to be quickly incorporated into the tools of malicious Internet users.
Posted by: Ion Silverbolt
If only they used their powers for good.
I expect it to only get worse as time goes on. Hopefully Longhorn is being deeloped with more security as a focus in developement. Even then it's hard to tell. I'll probably be dual booting for a while to come.
Posted by: Oldcrocd
I now know why I still stick to Win98 and EZAV and Zonealarm, nothing has convinced me so far to change. The only thing I keep thinking of is Linux - is the the answer?
Posted by: redwench
in most cases, like this one, 98 wont help you. most of the biggies affect all windows, not just xp. and 98 has its own worms that dont affect xp. linux is only more secure because the creators arent bothering with it much yet. just wait 
Posted by: Ion Silverbolt
Linux was created from the ground up with security in mind. Which is why it's a lot more secure. Besides, there are so many different types of Linux out that it would be a hackers waste of effort to even try it. 
Anyway, it's worth picking up I think and there's a lot it can do now. Besides Email and Internet, you have open office, IM clients of all kind, bittorrent clients, FTP, Built-in firewall, printing, photo editing, DOS emulators, DVD and CD burning, etc.
Still, if gaming is a concern for you, it's not something Linux is good for. Which is why I still dual boot. I only use my Windows 2000 partition for games now. But I still like having Linux on a partition because I never have to bother with Spyware or viruses. Or spyware and virus scanners for that matter. Plus I like a lot of the free goodies that come with it.
The best way to try it out is with Knoppix. It's a Linux distro that can run entirely off CD. It's a good way to check out Linux without installing it. It also tends to make a nice rescue CD in case you can no longer boot into Windows and need to backup some files.
http://www.knoppix.com/
Posted by: Oldcrocd
Ion Silverbolt
TVM for the link I'll give it a try as I'm not into gaming so have no need for speed except to run graphic programs. Which is one of the reasons for having next year to upgrade to something a little faster than present PII!
Posted by: TheHairyOne
Its a well known fact that the way to get a software designer to fix a problem quickly is to publicly show exactly how to exploit said problem. Post code on the internet that will rape a Windows machine due to a security flaw and see how fast it gets fixed. Of course, Windows has so many flaws that each fix seems to just create more flaws...but that is a design issue.
I have lots of Windows machines for gaming...but I prefer linux for browsing, email, and work. I think Ion's take on linux is pretty accurate.
Posted by: steveb
For the truly paranoid, Win98 is indeed the simple solution.
Win98se can be run from a ram-disk (i.e. you can burn your setup to CD, remove the hard drive and run without a hard disk).
Of course you can't 'save' anything (unless you want to risk burning a worm infected file to CD or USB memory stick), but I've never met a worm or virus yet that can survive in RAM across a power cycle (or corrupt a CD-ROM in a non-write capable drive) :-)
Posted by: Oldcrocd
 Quote:
|
Originally Posted by steveb
For the truly paranoid, Win98 is indeed the simple solution.
|
Who said I wasn't paranoid. I was running win3.1 fer years and then switched gradually to win98se.
Before that I was brought up on Dos1 and progressed from there. Ah those were the days. The real speed machines we had in those days. I ran a business where the boss just would not upgrade from Dos 1. Mainly cos he had written a lot of programs that would only work on that platform. Buts thats history and now we have progressed to having brand new fast a light, well nearly, software that only crashes, like all the time, get infected with any bug thats about and ug. Now having looked at Linux I must find the time to give it a go.
|
|
|
|
|
