Find Out What's Happening At The Photography Show 2021

Anti virus READ THIS !!!!!!!


Tonyd3 17 1.1k 18 United Kingdom
3 Jan 2006 11:40PM
You need to read this if using Symantec products be warned!!!!!!

Here
JohnJo 15 145 United Kingdom
4 Jan 2006 12:15AM
That's odd. I can't find the advisory for this on the symantec web site.
jimbo_t 18 959 England
4 Jan 2006 1:02AM
I'm guessing this is the first hoax of 2006!
Jim
4 Jan 2006 1:51AM
deviant 17 3.1k 1 United Kingdom
4 Jan 2006 1:57AM
Guessing wrong Jim it's not a hoax. There is a flaw in a component used in multiple Symantec products hence the high number of products with the flaw. Flaws been reported on Internet storm centre, SANS, CERT-US and all the security sites that matter.

To be honest a lot of AV and general home PC security software is so buggy that it is nowadays targeted by the hacker instead of the operating system. It can be a softer target than the OS.

Currently the one to watch is a vulnerability in *.wmf files that can allow attack by viewing a specially crafted image file or following a dodgy link while browsing. No fix until will be available until Black Tuesday (9th Jan 2006)
jimbo_t 18 959 England
4 Jan 2006 2:31AM
Fair enough, what is black tuesday?
Jim
mdpontin 17 6.0k Scotland
4 Jan 2006 2:40AM
Agreed, the *.WMF vulnerability is being reported as one of the most serious threats according to some security consultants. This article provides some information about the projected release of a patch, and this is the official Microsoft advisory.

Also the Symantec vulnerability is no hoax.

Doug
lobsterboy Plus
17 14.9k 13 United Kingdom
4 Jan 2006 3:19AM
Hurrah, I've just recieved my first spam WMF file (via a link) - recon someone is trying to take advantage of the vulnrability already.
Chris
jimbo_t 18 959 England
4 Jan 2006 3:26AM
So is the usual method of just deleting any dodgy emails without opening them going to prevent against this threat?
Jim
deviant 17 3.1k 1 United Kingdom
4 Jan 2006 4:11AM
Sorry Jim, Black tuesday - Tongue in cheek name used within security community, first Tuesday of every month when MS release their security patches.

Growing rumour has it that the .wmf vulnerability can be triggered by just viewing a thumbnail of a trojaned image.

Delete emails from untrusted sources and Keep AV up to date. If you have a filter on web access block .wmf files and file headers (so renamed .wmf still caught). If you are experienced enough deregister and delete the offending .dll files until Tuesday. Get a good pest scanner or two and use them. Block web links ending in .wmf also.

D
mdpontin 17 6.0k Scotland
4 Jan 2006 5:38AM

Quote:If you are experienced enough deregister and delete the offending .dll files until Tuesday.


But bear in mind that doing this may (a) stop some features of Windows from working (such as Picture and Fax Viewer?), and that (b) some software may re-register the dll thus nullifying any protection this course of action might provide. I'm not saying that either of these things is a reason for not deregistering the dll, but it is something to be aware of, i.e. if you do this, you still need to take every precaution.

Doug
klewis 17 1.9k 1 United Kingdom
4 Jan 2006 8:13AM
what about creating a restore point now (on a clean system) and then turning the system restore off until after the updates are available. If you get hit you have a clean backup to load?

Sign In

You must be a member to leave a comment.

ePHOTOzine, the web's friendliest photography community.

Join For Free

Upload photos, chat with photographers, win prizes and much more.