Jump to content
Washington Football Team Logo
Extremeskins
Forum Rules and Guidelines

Windows Security Flaw Is 'Severe'

gortiz

By gortiz
in The Tailgate

Recommended Posts

gortiz

gortiz

Posted
  • Author
Posted
Another reason to use Firefox as well and keep your software up-to-date.

Edit: On a side note, I wonder if extremeskins has been expoited by spyware hackers. Perhaps all the repetitive Lavar threads contain malicious code. :rolleyes:

Trojan Lavars??? :silly:

Link to comment
Share on other sites
kenjabi

kenjabi

Posted
Posted

Here's the part I liked:

"Security researchers revealed the flaw on Tuesday and posted instructions online that showed how would-be attackers could exploit the flaw."

Hmm, that doesn't sound too smart. Then the next sentence:

"Within hours, computer virus and spyware authors were using the flaw to distribute malicious programs that could allow them to take over and remotely control afflicted computers."

Gee, ya think? Good thinking, Microsoft!

Link to comment
Share on other sites
Mr. S

Mr. S

Posted
Posted
Here's the part I liked:

"Security researchers revealed the flaw on Tuesday and posted instructions online that showed how would-be attackers could exploit the flaw."

Hmm, that doesn't sound too smart. Then the next sentence:

"Within hours, computer virus and spyware authors were using the flaw to distribute malicious programs that could allow them to take over and remotely control afflicted computers."

Gee, ya think? Good thinking, Microsoft!

haha, yeh, I love how that happens. I remember when 9/11 happened, one station was going around Reagan National saying the fences here arent secure, and pointed out some areas of the fence that were in bad shape and that people could crawl under.

Im thinking 'great, not only can terrorists do this, but any punk who wants to screw something up'

Link to comment
Share on other sites
SkinsFTW

SkinsFTW

Posted
Posted

A couple years ago I stopped using IE altogether due to exploits to my system and coolwebsearch or something like that.

One thing you need to do if you switch to firefox, which is much better and faster too, is disable IE.

If you don't disable IE then whatever is possibly using your computer is still going to be active.

Here is how to do it.

Go to control panel then internet options, Click the 'Connections' tab at the top.

Click the 'LAN Settings' button that is towards the bottom of the options window.

Check the box that says 'Use a proxy server for your LAN'.

In the 'Address' field, enter anything - I put 'fakeproxy'.

Click the 'Advanced' button, then in the 'exceptions' text box enter '*.microsoft.com' and then click OK.

Now IE will only function on pages at Microsoft.com, and WindowsUpdate.

Or you could just leave windowsupdate off too, like I do since I dont need anything from them.

Link to comment
Share on other sites
rdsknbill

rdsknbill

Posted
Posted

Liberty. That might work well for personal use, but what about file sharing as in email attachments. Say I need to send a spread sheet to a client, what happens then if they don't have Open Office???? Like I said, fine for personal use, but not very practical for business applications

Link to comment
Share on other sites
Prosperity

Prosperity

Posted
Posted
Liberty. That might work well for personal use, but what about file sharing as in email attachments. Say I need to send a spread sheet to a client, what happens then if they don't have Open Office???? Like I said, fine for personal use, but not very practical for business applications

You can save open office files as excel or word or whatever Microsoft equivalent, sometimes there can formatting issues so yeah it isn't ideal for business because most people have Microsoft Office for reasons I don't understand.

Link to comment
Share on other sites
portisizzle

portisizzle

Posted
Posted
A couple years ago I stopped using IE altogether due to exploits to my system and coolwebsearch or something like that.

One thing you need to do if you switch to firefox, which is much better and faster too, is disable IE.

If you don't disable IE then whatever is possibly using your computer is still going to be active.

Here is how to do it.

Go to control panel then internet options, Click the 'Connections' tab at the top.

Click the 'LAN Settings' button that is towards the bottom of the options window.

Check the box that says 'Use a proxy server for your LAN'.

In the 'Address' field, enter anything - I put 'fakeproxy'.

Click the 'Advanced' button, then in the 'exceptions' text box enter '*.microsoft.com' and then click OK.

Now IE will only function on pages at Microsoft.com, and WindowsUpdate.

Or you could just leave windowsupdate off too, like I do since I dont need anything from them.

I did the LAN thing and it worked to disable IE. However, today I accidentally double clicked IE and it is now enabled. Can you help me any with this??

Thank you.

Link to comment
Share on other sites
stevenaa

stevenaa

Posted
Posted
Use Linux or Mac if you don't want to deal with the constant "security upgrades".

Uninformed post here. Linux based servers have to be updated more frequently than Windows 2003 servers.

To exploit this vulnerability, you would have to visit a website set up explicitly to take advantage of it. You're not likely going to happen upon such a site. If you use common sense email viewing, then there is a low risk. They'll have a patch for it, and if you automatically update as you should, youl'll be fine. Just don't open emails from people you don't know.

Link to comment
Share on other sites
stevenaa

stevenaa

Posted
Posted
A couple years ago I stopped using IE altogether due to exploits to my system and coolwebsearch or something like that.

One thing you need to do if you switch to firefox, which is much better and faster too, is disable IE.

If you don't disable IE then whatever is possibly using your computer is still going to be active.

Here is how to do it.

Go to control panel then internet options, Click the 'Connections' tab at the top.

Click the 'LAN Settings' button that is towards the bottom of the options window.

Check the box that says 'Use a proxy server for your LAN'.

In the 'Address' field, enter anything - I put 'fakeproxy'.

Click the 'Advanced' button, then in the 'exceptions' text box enter '*.microsoft.com' and then click OK.

Now IE will only function on pages at Microsoft.com, and WindowsUpdate.

Or you could just leave windowsupdate off too, like I do since I dont need anything from them.

IE is not the only way your system can be exploited. If your not installing Windows Updates, you'll only have yourself to blame when you get hit.

Link to comment
Share on other sites
Larry

Larry

Posted
Posted
Liberty. That might work well for personal use, but what about file sharing as in email attachments. Say I need to send a spread sheet to a client, what happens then if they don't have Open Office???? Like I said, fine for personal use, but not very practical for business applications

Then when you send them a spreadsheet, tell OpenOffice to save it as an Office document. (You can even make the Office format your default document format.)

Link to comment
Share on other sites
Larry

Larry

Posted
Posted
Uninformed post here. Linux based servers have to be updated more frequently than Windows 2003 servers.

To exploit this vulnerability, you would have to visit a website set up explicitly to take advantage of it. You're not likely going to happen upon such a site. If you use common sense email viewing, then there is a low risk. They'll have a patch for it, and if you automatically update as you should, youl'll be fine. Just don't open emails from people you don't know.

Uninformed post here. (Sorry. But people who want to be condescending should make efforts to also be correct.)

1) Yes, Linux (if you count Linux and all the programs that run on Linux) has more updates. But part of that is because the Linux people update their software before things get exploited, and because they release updates as soon as they can, rather than saving them up so they can have fewer, bigger, updates.

(I'll also point out that, with the Linux updates, you don't have to give people permission to intentionally break your computer to get the updates. And you're reasonably certain that none of the "updates" actually are spyware. But that's another subject.)

2) Years ago, you could avoid malware by not opening e-mail from strangers (and not sharing floppys with strangers, and so forth). But nowdays, most threats spread electronicly. E-mail threats, when they enter a system, typiclly immediatly empty the address book (if you're using Outlook or Outlook Express), and then e-mail themselves to everybody in the book. This means that, a few minutes after, say, Sarge's system gets infected, you will receive an e-mail from Sarge with the malware. (A lot of them, nowdays, go a step further. Sarge's system gets infected. The program pulls one address out of the book, say mine, and then sends itself to everybody else in the address book. All of Sarge's friends get infected e-mail, that says it's from me. I get e-mail from dozens of extremers, claiming I sent them a virus, when I'm not even infected. The real culprit is somebody else (Sarge) who just happens to have my address in their address book.)

Link to comment
Share on other sites
Larry

Larry

Posted
Posted
IE is not the only way your system can be exploited. If your not installing Windows Updates, you'll only have yourself to blame when you get hit.

Agreed.

I've read reports (and seen security reports that make the stories believable) that say that malware isn't being written by teenage kids looking for "cool factor" any more. It's written by professionals.

And a lot of the people writing these things seem to be watching the updates when MS releases them, and reverse-engineering the fixes: "Gee, I wonder what hole this patch fixes?", then exploiting the hole after it's been patched.

Several of the recent big threats have exploited holes that were fixed days before the attack started.

And the threats aren't just trying to spread, or doing goofy things to your system. They're actually designed to deliver a payload that will make your computer do things by remote controll. For example, I understand that over 90% of the spam you now receive, actually comes from "zombie" Windows systems that have been exploited.

I've seen reports that say that when an unpatched Windows system is attached to the Internet (say, by a DSL or cable modem connection), the average time before it's been compromised is something like 20 minutes.

I don't like Microsoft. I'm really ticked that they seem to think that they own my computer. But I religiously apply all of their patches, even knowing that they have said, in court, under oath, that they see nothing wrong with "updating" their software for the specific purpose of making a competitor's program stop working, because it's suicide if you don't.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...