Fun with Windows "Security"

[Sindawe]

Heads up for those not yet in the loop.  There is a zero-day exploit for the majority of Windows version.  This will infect even fully patched and updated systems.

http://isc.sans.org/diary.php

MS article: http://www.microsoft.com/technet/security/advisory/912840.mspx

"...its time to embrace the horror..."

[Guest]

Sindawe,
Thanks for heads up.

Information here as well:

http://www.cybertechhelp.com/news/

[RadioFreeSeaLab]

Oh, good.  This is exactly what I need today at work.  Where I manage 60 something windows computers.

[Paddy]

I'm a helluvan accountant but I don't speak computerese.  Is there a way to test XP's vulerability on my computer?  I also run ZoneAlarm Security Suite which so far has proven bulletproof.

[Sindawe]

I'm a helluvan accountant but I don't speak computerese.  Is there a way to test XP's vulerability on my computer?  I also run ZoneAlarm Security Suite which so far has proven bulletproof.

Whats wrong with you RileyMc?  My accountant friend is an IT wizard at her employers.

Even a fully patched system is going to be vulnerable until MS patches it.  There ARE some work arounds, but that involves disabling part of the functionality of the OS.

***********************
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)

 1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll"
 (without the quotation marks), and then click OK.

 2. A dialog box appears to confirm that the un-registration process has succeeded.
 Click OK to close the dialog box.

 Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started
 when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.

 To undo this change, re-register Shimgvw.dll by following the above steps.
 Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).
*******************
Source: http://www.f-secure.com/weblog/

I can't speak for Zone Alarm, as I use Kerio's firewall here at home. http://www.sunbelt-software.com/Kerio.cfm

[Paddy]

Whats wrong with you RileyMc?  My accountant friend is an IT wizard at her employers.

I'm old, for one thing.  I earned my degree back in 1974 before anybody ever heard of desktop computers.  We used quill pens and wore green eyeshades back then, like Bob Cratchit.

I don't really want to disable Fax Viewer; I use it to send faxes by scanning them first.  Besides, Irfanview is the the default viewer on my machine.  ZoneAlarm seems to do a good job of blocking intrusions; it will ask for permission if something tries to hijack my machine.

[Sindawe]

I earned my degree back in 1974 before anybody ever heard of desktop computers.

You just were not paying attention.

++++++++++
The first such desktop-size system specifically designed for personal use appeared in 1974; it was offered by Micro Instrumentation Telemetry Systems (MITS). The owners of the system were then encouraged by the editor of a popular technology magazine to create and sell a mail-order computer kit through the magazine. The computer, which was called Altair, retailed for slightly less than $400.
+++++++++++

http://www.ideafinder.com/history/inventions/story071.htm

:D

I think if you stay on trusted sites related to your work, you should be OK, but it never hurts to keep the firewall, anti-virus and anti-spyware products up to date while practicing safe computing.

[Paddy]

Unfortunately, a computer without application software is no more than a novelty, and software took a long time catching up.  I remember using an Apple IIe in the, what, mid 80's?  that had two 5 1/4 disk drives to run BusinessWorks or somesuch accounting program.  It was slow, very slow.   Today's application software is light years ahead of that stuff.  Now many companys are going to web based software even, but that is not without problems, either.  

My #2 pencil and 14 column spreadsheet always worked flawlessly.

What do you think of these tests?

[Sindawe]

Which tests are you referring to? The link brings me to this:

Allowing a web browser to "reload" a page which has already been sent to you creates a "security hole" that would allow someone using your computer at any later time to attain potentially private and personal information.

To safeguard your privacy we have disabled the browser's "reload" or "refresh" facility while you are in sensitive areas of our web site. Reloading pages will function normally once you have left this area . . . but until then please refrain from "reloading" pages.

You may press your browser's  [BACK]  button now to return to the page prior to the one you were just viewing.

Thanks very much for your interest and patronage.

I use SheildsUp! to routinely scan my system at home and work.  I've keep 'em set up so that I'm like the man apon the stair.  I'm not there.  aka stelth mode  I also leak test 'em to make sure unauthorized traffic out does not occur.

[Paddy]

Whoops! I meant to go to the Shieldsup home.  There's another one called Proxy Connection which is not as user friendly.

You can see why I incur the ire of the IT people......

[Standing Wolf]

There ARE some work arounds, but that involves disabling part of the functionality of the OS.

Windows has functionality? Wow!

[caseydog]

Change the file association for a .wmf file to another photo program in folder options>file types. No reason to turn off picture and fax viewer completely. How often does one normally encounter a wmf file anyway? This way you'll find out when a web page tries to load one because notepad will launch.

Ray

Edit: nope , notepad doesn't work. WinXP insists on handling it as an image , had to back up the registry and dump all .wmffile references in shell extensions to have it open in notepad. Extensive registry editing , not recommended.