Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Web Site Attacks Against Unpatch IE Flaw Spike

  • Subject: Re: Web Site Attacks Against Unpatch IE Flaw Spike
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Tue, 28 Mar 2006 09:20:01 +0100
  • Newsgroups: comp.os.linux.advocacy
  • Organization: schestowitz.com / MCC / Manchester University
  • References: <e09g3c$5o4$00$1@news.t-online.com> <1143524681.9570.17.camel@localhost.localdomain> <1143531519.28654.0@damia.uk.clara.net>
  • Reply-to: newsgroups@xxxxxxxxxxxxxxx
  • User-agent: KNode/0.7.2
__/ [ BearItAll ] on Tuesday 28 March 2006 08:38 \__

> Edwin wrote:
>> On Mon, 2006-03-27 at 21:56 +0200, Peter Köhlmann wrote:
>>> http://it.slashdot.org/article.pl?sid=06/03/27/1739258&from=rss
>>> Acoording to our local security expert Edwin this is something which
>>> simply can't happen to his windows machine.
>> Why don't you quote me saying it can't happen?
>>> After all, he is using the psychic AV
>>> software, is psychic himself (so hew knows which website is infectious
>>> without going there) and then he still has the "heuristics" of his AV
>>> software (never mind that those can work [for some incredibly small value
>>> of "work"] only after his machine got infected, which according to Edwin
>>> simply does not happen)
>> You seem to have failed to notice that victim saw definite signs of
>> being hacked.    Not like the mystery viruses that you say are supposed
>> to be crawling all over my Windows PC, even though I suffer no harm from
>> them.
>>> In other news Edwin claims to be a linux user
>> In tonight's news, Peter makes a fool of himself...AGAIN!
> Do you really not see this as a major security hole in the software? Most
> skilled PC users would spot signs of attack, however subtle. But isn't one
> of the main points of builtin and automatic security that new users can
> work without worrying because security is taken care of for them. MS Win
> hasn't managed to do that.

As of this morning, there is a third-party, so-called 'fix'. If you feel
courageous, you can give it a go. This was also the case last Christmas when
a WMF exploit fix had not been released for weeks and a third-party binary
was the only way to calm down users and sysadmins over the holidays. The
unnerving situation is very different from Linux, by all means. It took
Canonical just /hours/ to release a patch for Ubuntu 5.

> None disruptive virus's are the main virus's now. Their main trick is to
> not be seen, not do damage, just to lay hidden working away without your
> knowledge. So you wont see massive use of CPU and other resources. They was
> even one that fixed a common Windows problem when it got on board because
> some comms didn't work correctly and it needed them working. So you could
> say that if your MS Win machine suddenly starts working well, you are
> likely to have a virus.

There is a famous (or infamous) saying for such circumstances: "Just shove
some more RAM into it".

In the past year, I have used just 4 Windows installations, on occasions. One
of them was my mom's computer, the other was my dad's, one of them was a
Windows partition of mine (Reiser wiped it last year) and lastly, there was
a testing machine at work. 3 of these 4 machines suffered a considerable
slowdown, which implied they got compromised. Not even automatic patching
saved them.

Best wishes,


Roy S. Schestowitz      |    "I regularly SSH to God's brain and reboot"
http://Schestowitz.com  |    SuSE Linux    ¦     PGP-Key: 0x74572E8E
  9:10am  up 19 days 22:55,  8 users,  load average: 0.37, 0.11, 0.17
      http://iuron.com - next generation of search paradigms

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index