Maybe you heard something about a new vulnerability that could expose Windows (all versions) to trojans, spyware, etc. just by viewing a web page? Since it’s a problem with nearly all versions of Windows not browsers, users of Firefox, Opera, and others need the patch just as much as IE users.
Go get the Microsoft patch now!
Update: The best solution is to activate the Windows Update service to ensure critical patches like this are downloaded automatically.
Mac and Linux users – Even though you’re not affected, you could always take this opportunity to get whatever security updates are available for your OS. Staying vigilant is never a bad idea…
HILARIOUS!
There’s a simpler solution; get a Mac.
(Click here to see my new pizza Flash clock)
.
The real thanks should go to internet security analysts like those at the SANS Internet Storm Center (isc.sans.org). They and many others basically shamed the irresponsible Redmond louts into releasing this patch *now* instead of waiting until 10 Jan. Especially substandard behavior toward their customers, considering this exploit has been around and cooking in the hands of crackers and criminal types since 30 Dec. SANS/ISC recorded ~22% hit rate of WFM exploits and ~11% infections between 03 and 05 Jan in its (informal) web survey.
SANS offered a workable patch around 01 Jan, but MS recommended that customers *NOT* install it, even though it appeared that it was exceptionally effective. (Yes, a couple side effects with a handful of printing systems, but that beats what could have happened.) Check out the ISC blog for details: http://isc.sans.org/diary.php
Kudos to the SANS/ISC folks and the unofficial patch writer for their timely warnings and stop-gap patch until the Bug-ware Giant got off its sorry butt.
Omni:
You’re acting as if Macs don’t ever have security issues. Since you seem to be so naive (I highly doubt this is true), allow me to refer you to a site dedicated to Macintosh Security. Enjoy.
And please, don’t take my sarcasm too seriously. That goes for you too, Paul.
http://www.securemac.com/
Windows is just the target, not necessarily the flaw.
I’m always curious as to question how many of these hacks and malicious acts upon Windows as OS are rendered on Macs.
It it was as trendy among those who consider hacking and writing malicious code to be cool, to hack and exploit the Apple OS, they’d be doing that. Unfortunately for Windows, it’s too popular.
All OSs are vulnerable, it’s just a case of malicious numbers who aggress upon what and who they perceive as target. That’s been Microsoft and Windows for a while now.
But I agree that there’s been a delay on this patch that should not have been. Better now than never, however.
Omni, to see your Flash clock I’d have to open IE because the newest version of Firefox seems to have issues with Flash.
And — despite the fact I love Firefox and loathe IE — I find that oddly amusing.
Anyway, thanks to Windows’ auto-update feature, the patch is already on my computer without my having to do a thing.
>You’re acting as if Macs don’t ever have security issues. Since you seem to be so naive
Tom… To even pretend Macs have the security issues that Windows has makes you the naive one.
OR in a state of denial.
Or a liar.
OR all of the above.
Until XP SP2, Windows had more open ports than you
can shake a stick at. Windows machines were
vulnerable simply by being connected to a network.
Service Pack 2 for XP finally plugged most
of the gaping holes. However, Windows still
remains very vulnerable.
Almost all of the Mac OS X security issues found
to date were disabled in the default settings.
Windows security is like parking your Porsche
convertible in a bad neighborhood with the top
down and the keys in the ignition with a sign that
says “Please don’t steal me” on the dashboard.
Try sharing your root directory (e.g. c:/) on a
Windows machine and look what it tells you.
You can share the root directory on a Mac with
no problems. It all in the permissions (which
Microsoft is still trying to figure out).
S-
I’m afraid that windows is both the target and the flaw.
There are significant design defects in Windows- here are some of them:
1) Windows is essentially unusable for many applications unless the user is logged in with full administrative privileges. Microsoft is trying to change this, but there is a huge hangover from older programs that make it impractical, particularly for home users. This means that once a program can trick you into executing it, it has full control of your system. Macs and Linux boxes don’t have this problem- they have been engineered on the design principles inherited from their Unix predecessors, which have always had multiple access levels for precisely this reason.
2) Microsoft has chosen bad design to win legal points. Microsoft’s key defence against product tying complaints in their anti-trust suit was that browser functionality was a core feature of their operating system. What that has lead to is a terrible situation where the applications that are exposed to the most threats (your browser and the HTML rendering engine in your email program) are critical parts of the operating system. This not only increases the severity when a hole is discovered, it also dramatically increases the time it takes for MS to remedy it- they must test a patch against a much wider set of external uses than if it were a standalone application. There’s a reason why Firefox can release so many versions each year, and Microsoft is stuck releasing versions every 3 or 4. The whole mess is because they were trying to win the case against DOJ- now that they’ve lost it inconclusively (a slap on the wrist penalty), they may be able to revisit this strategy.
3) Microsoft has historically designed for interoperability and not security. They are changing this, but there is enormous baggage. The first viruses that I remember fighting were embedded in Microsoft Word documents. Instead of a security model that prevented execution, a document could carry embedded code that would wipe your hard drive on friday the thirteenth. Again, these were design decisions that made sense way back when, and wouldn’t be so bad if they were backed up by a coherent, usable security model- like the one found in true multiuser systems descended from Unix, the MacOS and Linux.
Microsoft’s security problems are equal parts historical baggage, poor design, and monoculture. They are doing a good job turning things around- but exploits like this make me recommend firefox to everyone I know who runs windows. It’s just too dangerous to do your banking on the computer and use internet explorer these days.
Mac Macky Mackity Mack Mac
Vince Young Horns Vince Horns Vince
Mac Mac Mac
Vince
Andy:
You’ll not find anywhere in my comment that I implied the seriousness of the security flaws in Macs are as bad as any Windows platform. I merely stated that they exist, and pointed out the ridiculousness of the idea that if you have a Mac (or any other OS for that matter), you’re completely safe. And if you look at the numerous websites dedicated to Mac (and any other OS) security, you’ll see that there are a number of security flaws.
*No* platform is perfectly secure. Securing any networked device is an ongoing, never ending process.
To assume that you have no security problems whatsovever because you have a Mac (or once again, any other OS) makes you naive. Or in denial. Or a liar. Or all the above.
Part of the Mac’s “superiority” is simply hackers aren’t interested in creating a virus that affects or exploits less than 1% of computers worldwide. After all there hasn’t been a new virus discovered affecting my Commodore Amiga in 12 years. It doesn’t make it better or even more secure.