PDA

View Full Version : Microsoft Issues 'Critical' SECURITY Patches



Nickdfresh
01-13-2005, 08:40 AM
www.cnn.com

Microsoft issues 'critical' security patches

Tuesday, January 11, 2005 Posted: 4:22 PM EST

SEATTLE, Washington (Reuters) -- Microsoft Corp. warned Windows users Tuesday of two new "critical" level security flaws in its software that could allow attackers to take control of a computer and delete or copy information.

The world's largest software maker issued patches to fix the problems as part of its monthly security bulletin, which affects the Windows operating system and the Internet Explorer Web browser.

Computer security experts urged users to download and install the patches, available at www.microsoft.com/security.

"It's very critical that users patch machines for these vulnerabilities," said Jimmy Kuo, a researcher at McAfee Inc.'s virus detection center.

A hacker could exploit one of the security flaws if a user directed the Web browser to a specially designed Web page, Redmond, Washington-based Microsoft said.

Microsoft also issued one other security warning, rated at

the second-highest level of "important."

Microsoft has been working for the last three years to improve the security and reliability of its software under its Trustworthy Computing initiative, as more and more malicious software targets weaknesses in Windows and other Microsoft software.

Also Tuesday, Microsoft began offering downloads of a software tool to remove viruses and other malicious software from computers.

Microsoft last week began offering anti-spyware program downloads for Windows users to block programs that generate unwanted pop-up ads and secretly record a computer user's activities.

Both programs are part of an effort by the company to offer its own computer and Internet security software as it prepares a security subscription service code-named "A1" to provide regular updates for security software and services.

Shares in McAfee and Symantec Corp. , the two largest computer security software vendors, fell sharply after Microsoft announced it would release its own anti-spyware software. Since then, McAfee is down 7.5 percent and Symantec is off more than 6 percent.

Copyright 2005 Reuters. All rights reserved.This material may not be published, broadcast, rewritten, or redistributed.

flappo
01-13-2005, 09:33 AM
microsoft IS one big fucking virus imo

Nickdfresh
01-13-2005, 09:48 AM
Originally posted by flappo
microsoft IS one big fucking virus imo

Yes! Much like America OnLine. Bunch of corrupt assholes pretending they're actually concerned about your security with a new ad campaign about the "free anti-virus" software you get.

flappo
01-13-2005, 10:02 AM
it's like sys admins , they all hate macs

why?

cos they'd be out of a fucking job if you bought one

Nickdfresh
01-13-2005, 10:09 AM
I bought a Dell, or else I would have gotten one of the new $500 Macs. My Norton catches most shit, but I had a hell of a time with fucking Adware when I was on AOL. Though I probably learned more about computers purging that shit.

FORD
01-13-2005, 10:43 AM
Three rules for secure computing:

1) Ditch AOL, it blows, and it allows idiots like Wayne L. to spam websites with bullshit.

2) Ditch Windows entirely. If this is not currently possible, at least ditch their shitty browser and use Mozilla Firefox (and the Thunderbird e-mail client)

3) Don't buy Dell computers. Michael Dell is one of George Bush Jr's best buddies. Wouldn't be surprised if they're trying to build spy capabilities into the hardware. (Intel did it with the PIII chip, which is why I've bought AMD processors ever since.)

Nickdfresh
01-13-2005, 11:14 AM
Originally posted by FORD
Three rules for secure computing:

1) Ditch AOL, it blows, and it allows idiots like Wayne L. to spam websites with bullshit.

2) Ditch Windows entirely. If this is not currently possible, at least ditch their shitty browser and use Mozilla Firefox (and the Thunderbird e-mail client)

3) Don't buy Dell computers. Michael Dell is one of George Bush Jr's best buddies. Wouldn't be surprised if they're trying to build spy capabilities into the hardware. (Intel did it with the PIII chip, which is why I've bought AMD processors ever since.)

Fucken done with AOL, learned that the hard way. They allow people to spam their forums with "bots" automatically downloading spyware. (I'll post an FTC link for complaints regarding this later)

I didn't know about that with Dell.:confused:

I would also add stay away from Netscape. They are in bed with AOL and I installed it to avoid Expl'r and it became basically a browser hijack that automatically took me to THEIR homepage and downloaded a bunch of shit I didn't want.

tomballin
01-13-2005, 03:05 PM
Yes AOL sucks and it totally worthless.

All you guys knocking Microsoft, geeeee. They own the world market, like it or not, deal with it.

Linux sucks for home use and web surfing.

Mac sucks for web surfing, but blows Microsoft away for graphics work.

Dell computers blow HP, Compaq and the other main stream boxes away as to quality. Yes, M. Dell is an ahole, but so is most all the other corporate execs, deal with it.

MS has security problems because they own 89% of the world market and all the hackers take shots at them. If Linux or anybody else owned 89% of the world market they would have the same problems.

(FYI, the virus/worm that cooked Brett Norton's VHLinks site, and many others two weeks ago, used an exploit (secondary) that only applies to Apache Servers running Linux, along with an exploit (primary) for the Forum Board software that site was running.)

MS also has a problem of having to be all things to all people. This is where I believe Gates needs to pull his head out of his rear, and stop doing this.

Also, DO NOT automatically download security patches for MS products unless you want your computer screwed up! Half those patches just open up another hole in your OS, or screw up its functionality in surfing. Let the patch come out, and then check the professional sites to see if it is any good, or really needed after a month or so.

Learn to run a proper "hard" and "soft" firewall and OS protection software instead of screwing with the OS, or you will be sorry, in the short and long term.

Nickdfresh
01-13-2005, 03:40 PM
Originally posted by tomballin


Learn to run a proper "hard" and "soft" firewall and OS protection software instead of screwing with the OS, or you will be sorry, in the short and long term.

I do this after losing my old computer to a virus I believe. I don't use the MS firewall except as a backup when my Norton is down.

Ally_Kat
01-13-2005, 04:17 PM
see, i need to get my patches, but something is wrong with me 'puter.

Won't d/l from any site anymore and won't open most sites with flash.

Norton, Ad-aware, and Spyboy Search and Destroy all find nothing.

*sigh*

tomballin
01-13-2005, 04:26 PM
Originally posted by Nickdfresh
I do this after losing my old computer to a virus I believe. I don't use the MS firewall except as a backup when my Norton is down.

Yeah, those lessons stick with ya. I've been lucky, but really have respect for what can happen to a PC. Hell, we have to remember the current PC's have the power/size of a IBM mainframe 15 years ago.

I find the 4 Series (don't like the 5 series) of Zone Alarm Pro, with my custom firewall, more stable than Norton. Seems like Symantec never has got their firewall right.

But, I really like Symantec's SystemWorks for keeping a computer cleaned up/protected, as long as you use it in a passive mode. Again an older version like 2002.

Seems like the majority of the current software/updates is a bunch of bug ridden crap. Have to be really careful on updating anything these days, until you can get some good unbiased reviews.

-------------

Hey dude, you heard that Diceman live audio of his Monica Lewinsky routine. Dice is drunk in a small club and is funny as hell. Calls her "Monica Cuntlewalsky.....that fuckin piece of shit whore" to start the bit and then just rolls on from there...Peace

Flash Bastard
01-13-2005, 10:55 PM
Originally posted by FORD
Three rules for secure computing:



3) Don't buy Dell computers. Michael Dell is one of George Bush Jr's best buddies. Wouldn't be surprised if they're trying to build spy capabilities into the hardware. (Intel did it with the PIII chip, which is why I've bought AMD processors ever since.)

Many employees in the DoD were using Dell laptops, but they've been switching to Panasonic Toughbooks. I wish I could show you a memo I got about six months ago on the subject...... but take my word that no government agency funded by Congress will ever purchase a Dell product again.

Nickdfresh
01-14-2005, 04:34 AM
January 14, 2005

No More Internet for Them
Fed up over problems stemming from viruses and spyware, some computer users are giving up or curbing their use of the Web.

By Joseph Menn, Times Staff Writer

Stephen Seemayer had the first Pong video game system on his block. A decade later, the Echo Park artist was the first in his neighborhood to get a personal computer. And in 1996, he was so inspired by the World Wide Web that he created a series of small paintings for viewing over the Internet.

Now the 50-year-old Seemayer is once again on the cutting edge: Sick of spam clogging his in-box and spyware and viruses crashing his system, Seemayer yanked out his high-speed connection.

"I'm not going to pay for something that I can't use," he said.

A small but growing number of frustrated computer owners are coming to the same conclusion. They're giving up or cutting back their use of the Internet, especially at home, where no corporate tech support team will ride to their rescue.

Instead of making life easier — the essential promise of technologies since the steam engine — the home PC of late has made some users feel stupid, endangered or just hassled beyond reason.

Seemayer's machine, for instance, got so jammed with spam that he stopped checking e-mail. When he surfed the Web, pop-up ads from a piece of spyware he couldn't wipe out spewed sexually explicit images and used so much computing power that the PC would just stop.

"I could be sitting here in the living room reading a book," Seemayer said, "and I'd hear my son scream: 'It froze up on me again!' "

So when his son left for college in September, Seemayer finally unplugged.

Now when he uses his computer, it's to compose letters or organize photos — anything that doesn't require interaction with any other system.

Seemayer is still in the minority. Overall Internet use continues to grow.

But 2004 "was a real turning point in a bad direction," said technology analyst Ted Schadler of Forrester Research. "People are getting really angry. They're angry at Dell and Microsoft and their cable providers, and that's appropriate. They should be."

In a recent survey, 31% of online shoppers said they were buying less than before because of security issues. And though more people are signing up for high-speed, commerce-friendly connections, the proportion of U.S. Internet users paying for things online barely budged in 2004 from a year earlier. It rose to 27% from 26% in 2003 after jumping from 20% the previous year, according to Harris Interactive.

For many, spyware was the last straw. During the last 18 months, the sneaky programs have soared to the top of the list of tech woes, triggering the most tech support calls to Dell Inc., the nation's top PC maker. Spyware lurks on as many as 80% of computers nationwide, according to the National Cyber Security Alliance, a trade group.

Spyware generally transmits information to third parties and sometimes takes control of a PC, usually to display ads. The most pernicious varieties have instructed millions of computers to make expensive toll calls or logged every keystroke on affected machines and sent account numbers and passwords to identity thieves.

No one is immune. Microsoft Corp. Chairman Bill Gates discovered spyware on his personal machine not long ago.

The aggravation level has reached the point that some in the computer industry believe it threatens to undermine advances of the last decade, during which the Internet has grown from a virtually empty domain to a global community of 800 million souls. They say they need to act before the same early adopters who led mainstream Americans online lead them off.

"If, as an industry, we're not able to provide a safe, reliable computing environment, we do think consumers will get increasingly frustrated," said Michael George, general manager of Dell's U.S. consumer business. "We're concerned, and we want to get to a position where we play an instrumental role in fixing the problem."

It may well be up to private enterprise. Congress and the Federal Trade Commission are exploring a crackdown on spyware, but government efforts to stop another online scourge, spam, have had limited results, as many with an e-mail account will attest.

The root cause of the problems is the open architecture of the Internet, initially inhabited and managed by a collaborative community from government and universities.

"The Internet … grew out of a shielded, nice-guy environment in academia," Web usability expert Jakob Nielsen said. Back then, "the worst abuse might have been sending a prank message. Nowadays, the Net reaches everyone in the industrialized world, including large amounts of people with no shame and large numbers of criminals."

Microsoft's dominant Windows operating system also makes it possible for malicious code to spread, in part because it was designed to allow so many functions. Once a weakness in Windows is discovered by hackers, a virus can wreak havoc on millions of computers before Microsoft can offer a patch — which typical users may not take the initiative to download.

And consumer advocates claim that state and federal laws against spam don't help. Courts have protected software vendors from most consumer lawsuits, and some have held that the companies are all but immunized by warnings buried in lengthy user agreements, those boxes with massive amounts of text with the "I agree" button at the bottom.

Whatever the reasons, the threats have evolved from minor annoyances to serious computer risks.

Gerald Stark, 52, trained on computers in school and in the Navy before starting a small cleaning business in Lisbon Falls, Maine. He figured he could use the Internet to find equipment at a good price, track his sales and organize his volunteer activities with the Boy Scouts.

"I thought that the computer was the way to go because it was so much faster," he said. "It turned out to be a nightmare."

A virus killed one machine. Then spyware infested the next one, wiping out a year's worth of receipt records.

Stark read five years' worth of computer magazines just to keep up with how to defend himself.

Even with two firewalls and antivirus and anti-spyware programs running, Stark stopped looking for new business deals online. He said he would buy only from places he had dealt with before, preferably in the physical world rather than the virtual one.

"I'm not letting my guard down again," Stark said. "Never."

Henry Stiegel didn't think he needed his guard up in the first place. Pressed by his stockbroker and friends, Stiegel got his first home computer in 2003.

"I thought it was going to be like a television set — I'm going to sit right in front of it all day and have some control and learn things, scan for airfare and travel," the former Grumman Aerospace Corp. engineer said from Homosassa, Fla.

Even after studying in computing classes, the 77-year-old Stiegel was swamped by hundreds of viruses, other malicious programs and pop-ups.

"I still have windows I can't delete when I want to get rid of them. When I send an e-mail, I get interrupted and have to start all over," Stiegel said. "I have actually pulled the plug out of the wall so I could reboot."

Stiegel now turns the computer on only two or three times a week, mostly to read his e-mail.

In Grand Rapids, Mich., homemaker Peggy Kasul sits halfway between the anxious newcomers like Stiegel and the jaded old pros like Seemayer.

A computer owner for seven years, Kasul did a little shopping online. Her husband used the machine to help manage some rental property, and her 16-year-old daughter wrote term papers for school.

Then her daughter went on the Internet to research a paper on the issue of breast-feeding in public. As if she had typed in a magic word, spyware ads for porn sites popped up and wouldn't go away.

Soon the computer was unusable. It took more than three weeks and $300 to get the thing working again, by which time all the family's data had been wiped out.

Now Kasul sends her daughter to use the computers at school or the library.

"I don't do much shopping online anymore because that scares me," Kasul said. "I go to the store."

The biggest factor behind the rapid increase in spyware is the amount of money at stake. Ads for such blue-chip companies as Motorola Inc., Verizon Communications Inc. and JP Morgan Chase & Co. appear in spyware programs.

The businesses most often accused of distributing spyware, including privately held Claria Corp., WhenU Inc. and 180Solutions Inc., say they are providing legitimate "adware" services to customers who approved the installation. But their disclosures are often misleading or buried: A recent Claria license ran for more than 60 electronic pages, first mentioning the phrase "pop-up" on page 18.

Much spyware arrives bundled with programs such as screensavers and file-sharing software.

"The part that worries me most is the tremendous amount of money that can be made by tricking people into installing junk on their computers," said Ben Edelman, a Harvard graduate student who has testified against spyware companies. "It's a great business."

The defenses remain scattered. Windows PCs often don't come with antivirus software installed. Firewalls and spam blockers are usually separate too, and there are dozens of small companies offering what they describe as anti-spyware products — some of which are actually fronts that install spyware.

"Staying safe online has gotten too complicated for the average user to do by buying individual products and making them work together," America Online spokesman Andrew Weinstein said.

Realizing that such fragmentation is making matters worse, some companies are rounding up the pieces of a more complete resistance.

Microsoft recently bought both an antivirus company and an anti-spyware software maker. Time Warner's latest version of AOL checks for spyware and offers to delete it. And where Dell's online guide for configuring a PC used to suggest a combined antivirus and firewall program without saying why, it now explicitly warns buyers to protect themselves or face potentially costly problems in the future.

Legislation that would have required more direct warnings by spyware companies to consumers and ensured that users could delete the programs made headway in the last session of Congress, despite objections from top computer-security company Symantec Corp. and other software providers. Ari Schwartz, an anti-spyware lobbyist with the Washington-based Center for Democracy and Technology, put the odds of some legislation passing in 2005 at better than 80%.

The FTC last fall filed its first case against spyware companies accused of using a security flaw in Internet Explorer to cram system-glutting programs into the machines of website visitors. The companies named were Seismic Entertainment Productions Inc. and SmartBot.net Inc. But current fraud laws allow regulators only to recover ill-gotten gains — no matter how much damage the bad guys have inflicted.

Enacting new federal bills "would be helpful," said Lydia Parnes, acting director of the FTC's Bureau of Consumer Protection. Spyware "needs to be understandable to consumers, and it needs to be presented in a way that's kind of visible to them."

Even if a strong law passes, Parnes said she didn't know whether the average computer user would be any better off in three years.

If it's worse, Seemayer probably won't be the only one on his block with a PC cut off from the Internet.

"It's great for anything you can do on your own," he said. "It seems to me an incredible typewriter — and that's it."

LA Times (http://www.latimes.com/business/la-fi-fedup14jan14,0,111456.story?coll=la-home-headlines)

flappo
01-14-2005, 07:34 AM
they're using the wrong computer , that's all

Nickdfresh
01-17-2005, 03:53 PM
Opus, from Sunday:

Nickdfresh
01-19-2005, 07:27 PM
Originally posted by Ally_Kat
see, i need to get my patches, but something is wrong with me 'puter.

Won't d/l from any site anymore and won't open most sites with flash.

Norton, Ad-aware, and Spyboy Search and Destroy all find nothing.

*sigh*

Try a new browser. I just downloaded Firefox from www.firefox.com 'cause my Explorer had "ticks" shall we say. It would freeze and I would frequently have to close and then reopen the browser. Firefox is supposedly more secure as well (no one has malicious shit for it yet).