Large Windows Security Hole Found
 

This makes swiss cheese out of previous security patches

http://blogs.washingtonpost.com/secu...t_release.html

worth the read
bump

Yet once again a security company (Symantec) publicly announces a hole instead of going to MS behind closed doors so it can be quietly fixed.

Ironically, the security companies are the worse threat to computer security. If these threats are not made public, then hackers can't exploit them. If hackers are not exploiting them, then nobody needs to buy their security products.

wthin minutes after a hack is found they spread the word on their boards.
their latest is to go after the security software instead of microsoft exploits.

I think M$ has had a past history of ignoring security holes when reported behind closed doors. Releasing them publicly forces them to have to fix it.

Good read.

Its called the ON button lol If i had the money I might consider going to a Mac. My Dutch partner swears by em. He has pc's but I bet theyre in the basement or attic gathering dust and mice droppings

I agree with that 100% but it makes their product very attractive if they can find a fix very quickly..Norton always seems to

This EXACTLY WHAT I HAD for the last 2 days!!! :( :( :(

Luckily I know how to delete this shit without waiting for a fix :glugglug

i <3 my mac

i tested it last week , it installs spysheriff :) funny virus , easy to kill

bullshit.

A) I don't believe you

B) Not easy by any means.

You just like to think you are the resident "hack" around here and people like to feed your ego for some reason. That's all I have to say about that...

it says firefox users wont have to worrry about it at least (if they know about it) ;)

that's funny i JUST rebooted my system after cleaning this annoying spyware out of my system.

:)

exactly. plus there are still a few IE6 SP2 and IE7 bugs still out that ms has ignored.

this spyware got into my system after searching the net for a serial number for one of adobe's products.

http://www.google.ca/search?hl=en&q=...toshop+7&meta= :winkwink:

:thumbsup

A copy and paste from a security forum on a security work-around ... it works, but breaks some things ... but the work-around is reversable, so it's no biggie in the longrun...

According to iDefense, Windows users can disable the rendering of WMF files using the following hack:

1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32 /u shimgvw.dll" to disable.
4. Click ok when the change dialog appears.

iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven't had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command "regsvr32 shimgvw.dll" in step three above.

Fully enabling software DEP (Data Execution Prevention) for all programs on your computer in some instances may offer sufficient protection alone negating the need for the above work-around, in particular computers that also have hardware based DEP enabled.

In short, for most people, the easiest thing to do is to temporarily disable shimgvw.dll, as explained above, until MS releases a patch - after which, the shimgvw.dll can then, at least one hopes, be re-enabled as per instructions above.

Ron

Bump

http://www.nymalegigolos.com/temp-pics/funny/46.jpg

Oh another thing ... deleting the WMF file association and/or filtering WMF files offers NO protection due to how Windows treats file extensions; could be disguised as a .gif, .jpg, etc.

In addition, WMF based exploits can execute in ways that one wouldn't expect - such as when viewed in file manager, etc; unexpected executed by various applications on one's system ... some of Google's tools can execute WMFs! This is a real nasty exploit all around.

Ron

what is new about security holes and windows?

Who the fuck is still running Windows? Goddamn.

good read man, thanks for sharing. :thumbsup

yeah i had this a few weeks ago, it did install spysheriff and locked the wallpaper to that one you can see in the link,and popups kept saying that my system was infected with skyware grr ....... i just reformatted my pc was about time to anyway :)

Well if Symantec can find the hole why can't Microsoft? What happened to that trustworthy computing initiative crap?

huh ? dont get your ego in a bunch batman. what do i think again ? huh ..

i installed it to test and removed it .. whats so hard to believe about that ? i can even tell you where its at in the wild ( besides the disclosed places )

If anyone else removed it knows it installs spysherrif , changes your desktop to some stupid error about your system being compromised

p.s. can you quote me some instance where i " think im a resident hack " ? not to rain on your parade but i'm not a "hack" dont claim to be , never did , never will.. lots of people know more than me , lots dont..

it disguises itself as winlogin to run the backend.. trust me i had it and removed it.. its not super easy but not the hardest i have come across

he has mice?

We need to talk please.