Jump to content


Another Reason To Switch To Linux?


thaimite

Recommended Posts

DEVELOPER OF INSECURE SOFTWARE Microsoft has seemingly given up on finding a solution to a security vulnerability that takes advantage of the way Windows uses shortcuts.

As The INQUIRER reported on Monday, just about every operating system released by the Vole in the past decade is affected by the security flaw, which allows hackers to remotely execute code on Windows systems. Microsoft was relatively quick to admit to the problem, saying that the fault lies with the fact that "Windows incorrectly parses shortcuts".

The risk was increased by removable and network storage mechanisms such as USB memory drives, which can be 'autoplayed' when connected. Due to a dodgy digital certificate in a driver, users would be none the wiser as control of their system was being outsourced to someone else.

Read more here

Link to comment
Share on other sites

This is a severe security vulnerability that MS better fixes sooner than the next scheduled security update (Aug 10).

The FixIt patch will protect against attacks until a security batch is available - however, it certainly affects the usability. I applied the registry patch two days ago and the result is a lot of white and meaningless Icons on the desktop and task bar ;)

Direct link to the FixIt patch: http://support.microsoft.com/kb/2286198

However, not sure why The Inquirer claims that Microsoft has given up on it!?

The article is biased and flaming, and the claim just utterly wrong (and not backed by any further evidence). Truth is that it might proof more difficult to fix this patch than others.

Better read more sincere articles that are less 'tabloid' style:

Microsoft may face tough patch job with Windows shortcut bug

Microsoft issues stopgap fix for critical Windows flaw

welo

Link to comment
Share on other sites

This is a severe security vulnerability that MS better fixes sooner than the next scheduled security update (Aug 10).

The FixIt patch will protect against attacks until a security batch is available - however, it certainly affects the usability. I applied the registry patch two days ago and the result is a lot of white and meaningless Icons on the desktop and task bar ;)

Direct link to the FixIt patch: http://support.micro....com/kb/2286198

However, not sure why The Inquirer claims that Microsoft has given up on it!?

The article is biased and flaming, and the claim just utterly wrong (and not backed by any further evidence). Truth is that it might proof more difficult to fix this patch than others.

Better read more sincere articles that are less 'tabloid' style:

Microsoft may face tough patch job with Windows shortcut bug

Microsoft issues stopgap fix for critical Windows flaw

welo

Thanks for the alternative links Welo.

Always good to have another point of view. Normally I monitor both the register and the Inquirer but seemed to have missed the link you poste.

As I am currentnly specifying SCADA systems for new airports I found 'The Register' link very interesting. Unfortunately all customers seem to want windows based solutions for their projects

Edited by thaimite
Link to comment
Share on other sites

If you're worried about protecting your corporate network, use something like GFI EndPoint Security.

If you're worried about your own PC, make sure you have adequate malware protection and disable Autorun and Autoplay.

This is nothing new.

Link to comment
Share on other sites

All the sites I am involved in do have good security, but when the customer demands access from "remote sites" using PC's which we have nave no control over then there is a weakness.

Personally I feel that remote access to any industrial system should be monitor only and have no control ability except under very strict and limited circumstances, especially on airports which are manned 24/7.

Link to comment
Share on other sites

This is a severe security vulnerability that MS better fixes sooner than the next scheduled security update (Aug 10).

The FixIt patch will protect against attacks until a security batch is available - however, it certainly affects the usability. I applied the registry patch two days ago and the result is a lot of white and meaningless Icons on the desktop and task bar ;)

Direct link to the FixIt patch: http://support.microsoft.com/kb/2286198

However, not sure why The Inquirer claims that Microsoft has given up on it!?

Because its The Inquirer. The Inquirer was founded by Mike Magee of theRegister after he fell out with the Register people. It was good, initially. But a year or so later it got really bad. I wrote Mike Magee an email because i respect the guy. He answered me that he was no longer in charge or working for the inq. I have since stopped reading it because it's mostly immature flame baiting. Oh well. Too bad. The Register never recovered from his departure either but at least it's still a reasonable publication.

BTW why would you switch to Linux when you can have OS X? Just as geeky as Linux when needed, but with a very good and very pretty UI.

Link to comment
Share on other sites

This is a severe security vulnerability that MS better fixes sooner than the next scheduled security update (Aug 10).

The FixIt patch will protect against attacks until a security batch is available - however, it certainly affects the usability. I applied the registry patch two days ago and the result is a lot of white and meaningless Icons on the desktop and task bar ;)

Direct link to the FixIt patch: http://support.microsoft.com/kb/2286198

However, not sure why The Inquirer claims that Microsoft has given up on it!?

The article is biased and flaming, and the claim just utterly wrong (and not backed by any further evidence). Truth is that it might proof more difficult to fix this patch than others.

Better read more sincere articles that are less 'tabloid' style:

Microsoft may face tough patch job with Windows shortcut bug

Microsoft issues stopgap fix for critical Windows flaw

welo

Impact of the workaround

Some icons will no longer show a graphical representation and will look similar to:

Link to comment
Share on other sites

If you're worried about your own PC, make sure you have adequate malware protection and disable Autorun and Autoplay.

Problem is that just listing the contents of an infected drive is enough to exploit it - that's how I understand it. Makes sense, because the lnk file is parsed by windows explorer to determine the icon to display. I guess, I didn't read any more detailed description of the exploit yet.

You might be right that Antivirus software might implement pattern detection for lnk files that use the exploit, don't have enough technical know how to understand if this could offer 100% detection of future exploits of this vulnerability.

welo

Link to comment
Share on other sites

Mac is the way to go. once you Mac you wont go back. and if you really need to you can run windows alongside (at the same time) with a third party software and have the bes of both..

OS X simply the best..

Link to comment
Share on other sites

Mac is the way to go. once you Mac you wont go back. and if you really need to you can run windows alongside (at the same time) with a third party software and have the bes of both..

OS X simply the best..

Link to comment
Share on other sites

Mac is the way to go. once you Mac you wont go back. and if you really need to you can run windows alongside (at the same time) with a third party software and have the bes of both..

OS X simply the best..

Macs are for those who don't want to know why their computer works.

Linux is for those who want to know why their computer works.

DOS is for those who want to know why their computer doesn't work.

Windows is for those who don't want to know why their computer doesn't work.

Stolen frpm http://ubuntuforums.org/showthread.php?t=91105

Link to comment
Share on other sites

Mac is the way to go. once you Mac you wont go back. and if you really need to you can run windows alongside (at the same time) with a third party software and have the bes of both..

OS X simply the best..

Macs are for those who don't want to know why their computer works.

Linux is for those who want to know why their computer works.

DOS is for those who want to know why their computer doesn't work.

Windows is for those who don't want to know why their computer doesn't work.

Stolen frpm http://ubuntuforums....ead.php?t=91105

lol great :)

i dont envy those who use windows only software and cant switch to linux.

one of our customers wanted to switch to linux but had recently bought a business critical software for windows which doesnt run in Wine.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.