MOTM

I hate "virus warning" e-mails, because so many of them in the last have
been a hoax. However, I recently discovered something on my PC that I
wanted to share with my "friends" here on this list. I am on a dial up
connection, so data traffic is fairly obvious. I started noticing a large
amount of data transfer to and from my PC when there should have been none.

So, I started looking for suspicious executable files and found the
offender. It started in my C:\windows directory as a file called
"system.exe". The file was dated 4/1/04 (April fools day). Here is some
info on this nasty piece of spyware that was copying files from my machine.

http://www.sophos.com/virusinfo/analyses/trojtofgerb.html

Larry Hendry

> "system.exe". The file was dated 4/1/04 (April fools day). Here is some
> info on this nasty piece of spyware that was copying files from my machine.
>
> http://www.sophos.com/virusinfo/analyses/trojtofgerb.html

What email client are you using? If Outlook or Outlook Express - dump
them immediately. There's so many holes in them both that it's not even
funny. You'll find that almost 90% of the folks getting viri, trojans
and the like are using Microsoft ...

I have been using Mozilla Thunderbird for some time now. It's very nice
and there's a number of security features built in - you can stop remote
graphics from loading - JavaScripts will *not* run unless you tell them
to - executables are prohibited from doing so - there's built-in
configurable "spam" filters as well. You won't be disappointed.

Additionally, if you're using Internet Explorer - it makes it really
easy for some sites to install "spy ware" when you visit their sites
without you hardly even knowing. There's no pop-up protection unless you
install a third party product... If you're using I.E., switch to
Mozilla Firefox instead. It'll block unwanted pop-ups for you and keep
things from getting installed in the background. In addition, it's a
nice standards-complaint browser.

Keep your virus protection updated, and use something that scans all
incoming emails and scans content from websites as you browse as well. I
use the Kaspersky products myself and have been very happy:
http://www.kaspersky.com/

For those of you on high-speed connections - install personal firewall
software that monitors incoming connections for you and will ask you if
a connection is to be allowed or denied.

Keeping your computer "disease free" is sorta like making sure you
always practice "safe sex". It's not impossible to do with a little
effort....

--
Les Mizzell
-------------------------------
There's no place like 127.0.0.1
There's no place like 127.0.0.1
--------------------------------

The best application we've found for malware like that is Spybot Search &
Destroy. It seems to catch some files that Ad-Aware misses. Note that these
apps are designed to identify and clean data miners, pop ups, etc - not
viruses.
http://www.safer-networking.org/index.php?page=download
After installing it make sure to download the updates. Then run it and you
should be clean. It's still free but I see that they are now asking for
donations. It's a great tool.

Mike

-----Original Message-----
From: J. Larry Hendry [mailto:jlarryh@...]
Sent: Monday, April 26, 2004 11:12 AM
To: MOTM List; synth DIY
Subject: [motm] OT: important PC spying / hacking


I hate "virus warning" e-mails, because so many of them in the last have
been a hoax. However, I recently discovered something on my PC that I
wanted to share with my "friends" here on this list. I am on a dial up
connection, so data traffic is fairly obvious. I started noticing a large
amount of data transfer to and from my PC when there should have been none.

So, I started looking for suspicious executable files and found the
offender. It started in my C:\windows directory as a file called
"system.exe". The file was dated 4/1/04 (April fools day). Here is some
info on this nasty piece of spyware that was copying files from my machine.

http://www.sophos.com/virusinfo/analyses/trojtofgerb.html

Larry Hendry







Yahoo! Groups Links

Thanks Michael and all who responded. I did indeed get this and ad-aware
yesterday once I discovered my problem.
Larry H

----- Original Message -----
From: Metzger, Michael A <MAMETZGER@...>
To: MOTM List <motm@yahoogroups.com>; synth DIY
<synth-diy@...>
Sent: Monday, April 26, 2004 10:33 AM
Subject: RE: [motm] OT: important PC spying / hacking


The best application we've found for malware like that is Spybot Search &
Destroy. It seems to catch some files that Ad-Aware misses. Note that these
apps are designed to identify and clean data miners, pop ups, etc - not
viruses.
http://www.safer-networking.org/index.php?page=download
After installing it make sure to download the updates. Then run it and you
should be clean. It's still free but I see that they are now asking for
donations. It's a great tool.

Mike

-----Original Message-----
From: J. Larry Hendry [mailto:jlarryh@...]
Sent: Monday, April 26, 2004 11:12 AM
To: MOTM List; synth DIY
Subject: [motm] OT: important PC spying / hacking


I hate "virus warning" e-mails, because so many of them in the last have
been a hoax. However, I recently discovered something on my PC that I
wanted to share with my "friends" here on this list. I am on a dial up
connection, so data traffic is fairly obvious. I started noticing a large
amount of data transfer to and from my PC when there should have been none.

So, I started looking for suspicious executable files and found the
offender. It started in my C:\windows directory as a file called
"system.exe". The file was dated 4/1/04 (April fools day). Here is some
info on this nasty piece of spyware that was copying files from my machine.

http://www.sophos.com/virusinfo/analyses/trojtofgerb.html

Larry Hendry







Yahoo! Groups Links








Yahoo! Groups Links

> I hate "virus warning" e-mails, because so many of them in the last have
> been a hoax.

Everybody: it is *essential* that you run Ad Aware (free 'cleaning
software) every week. This great little program wipes all this crap off
the drive. You will be AMAZED the first time you run it to see all the
'spyware' software you have. 900 (yes, 900) lurking files/cookies is not
uncommon!

Just Google "ad aware" (version 6 is recent), download it, be SURE to
"check for Updates" (they upload a new detection file every week or so)
and scan. The scan takes about 6min.

Paul S.

Oops! I see that Larry's problem really is a trojan. Norton or McAfee should
do it. Spybot should get everything else. :o)


-----Original Message-----
From: Metzger, Michael A
Sent: Monday, April 26, 2004 11:34 AM
To: MOTM List; synth DIY
Subject: RE: [motm] OT: important PC spying / hacking


The best application we've found for malware like that is Spybot Search &
Destroy. It seems to catch some files that Ad-Aware misses. Note that these
apps are designed to identify and clean data miners, pop ups, etc - not
viruses.
http://www.safer-networking.org/index.php?page=download
After installing it make sure to download the updates. Then run it and you
should be clean. It's still free but I see that they are now asking for
donations. It's a great tool.

Mike

-----Original Message-----
From: J. Larry Hendry [mailto:jlarryh@...]
Sent: Monday, April 26, 2004 11:12 AM
To: MOTM List; synth DIY
Subject: [motm] OT: important PC spying / hacking


I hate "virus warning" e-mails, because so many of them in the last have
been a hoax. However, I recently discovered something on my PC that I
wanted to share with my "friends" here on this list. I am on a dial up
connection, so data traffic is fairly obvious. I started noticing a large
amount of data transfer to and from my PC when there should have been none.

So, I started looking for suspicious executable files and found the
offender. It started in my C:\windows directory as a file called
"system.exe". The file was dated 4/1/04 (April fools day). Here is some
info on this nasty piece of spyware that was copying files from my machine.

http://www.sophos.com/virusinfo/analyses/trojtofgerb.html

Larry Hendry







Yahoo! Groups Links

> Everybody: it is *essential* that you run Ad Aware (free 'cleaning
> software) every week. This great little program wipes all this crap
> off the drive. You will be AMAZED the first time you run it to see
> all the 'spyware' software you have. 900 (yes, 900) lurking
> files/cookies is not uncommon!

Or just run Linux :-)

Harry

> I have been using Mozilla Thunderbird for some time now. It's very nice
> and there's a number of security features built in - you can stop remote
> graphics from loading - JavaScripts will *not* run unless you tell them
> to - executables are prohibited from doing so - there's built-in
> configurable "spam" filters as well. You won't be disappointed.

FWIW I was disappointed with Thunderbird. I really wanted to like it, but
after the third time it screwed up while downloading my incoming email, I
had to give up on it. OTOH I am happy with the Mozilla browser.

In addition to AdAware and Spybot Search & Destroy (and you do have to use
both, in my experience), I've recently started using something called
Bazooka Spyware Scanner. It has found stuff on my system that neither of the
above programs have found. It's not quite as easy to use as the other two,
but it seems to be worth using.

> For those of you on high-speed connections - install personal firewall
> software that monitors incoming connections for you and will ask you if
> a connection is to be allowed or denied.

And go here and find out how well your firewall works:
http://www.grc.com/
(Use the ShieldsUp! test)

And since no-one else has said it explicitly here, keep your OS up to date.

--Adam

With all due respect, IE and Outlook have all of these protection
features and more. There is no need to switch, just learn how to use
your software! 90% of folks getting viruses and the like on MS
products is because 90% of the folks are using MS products.

The Mozilla products are good, too. Don't get me wrong, use what you
like. I wonder what Spybot and AdAware would report on machines
using other than MS products, though...

Mike

--- In motm@yahoogroups.com, Les Mizzell <lesmizz@b...> wrote:
> > "system.exe". The file was dated 4/1/04 (April fools day). Here
is some
> > info on this nasty piece of spyware that was copying files from
my machine.
> >
> > http://www.sophos.com/virusinfo/analyses/trojtofgerb.html
>
> What email client are you using? If Outlook or Outlook Express -
dump
> them immediately. There's so many holes in them both that it's not
even
> funny. You'll find that almost 90% of the folks getting viri,
trojans
> and the like are using Microsoft ...
>
> I have been using Mozilla Thunderbird for some time now. It's very
nice
> and there's a number of security features built in - you can stop
remote
> graphics from loading - JavaScripts will *not* run unless you tell
them
> to - executables are prohibited from doing so - there's built-in
> configurable "spam" filters as well. You won't be disappointed.
>
> Additionally, if you're using Internet Explorer - it makes it
really
> easy for some sites to install "spy ware" when you visit their
sites
> without you hardly even knowing. There's no pop-up protection
unless you
> install a third party product... If you're using I.E., switch to
> Mozilla Firefox instead. It'll block unwanted pop-ups for you and
keep
> things from getting installed in the background. In addition, it's
a
> nice standards-complaint browser.
>
> Keep your virus protection updated, and use something that scans
all
> incoming emails and scans content from websites as you browse as
well. I
> use the Kaspersky products myself and have been very happy:
> http://www.kaspersky.com/
>
> For those of you on high-speed connections - install personal
firewall
> software that monitors incoming connections for you and will ask
you if
> a connection is to be allowed or denied.
>
> Keeping your computer "disease free" is sorta like making sure you
> always practice "safe sex". It's not impossible to do with a
little
> effort....
>
> --
> Les Mizzell
> -------------------------------
> There's no place like 127.0.0.1
> There's no place like 127.0.0.1
> --------------------------------

BTW, I should also add that using both SpyBot and AdAware together is
a great strategy. On top of your virus scanner, of course. And
remember to let the scanner do it's job: some folks turn their
machines off and the scanning part never happens!

All right, back to your regularly scheduled music conversations...

Mike

--- In motm@yahoogroups.com, "Mike Marsh" <mmarsh@w...> wrote:
> With all due respect, IE and Outlook have all of these protection
> features and more. There is no need to switch, just learn how to
use
> your software! 90% of folks getting viruses and the like on MS
> products is because 90% of the folks are using MS products.
>
> The Mozilla products are good, too. Don't get me wrong, use what
you
> like. I wonder what Spybot and AdAware would report on machines
> using other than MS products, though...
>
> Mike
>
> --- In motm@yahoogroups.com, Les Mizzell <lesmizz@b...> wrote:
> > > "system.exe". The file was dated 4/1/04 (April fools day).
Here
> is some
> > > info on this nasty piece of spyware that was copying files from
> my machine.
> > >
> > > http://www.sophos.com/virusinfo/analyses/trojtofgerb.html
> >
> > What email client are you using? If Outlook or Outlook Express -
> dump
> > them immediately. There's so many holes in them both that it's
not
> even
> > funny. You'll find that almost 90% of the folks getting viri,
> trojans
> > and the like are using Microsoft ...
> >
> > I have been using Mozilla Thunderbird for some time now. It's
very
> nice
> > and there's a number of security features built in - you can stop
> remote
> > graphics from loading - JavaScripts will *not* run unless you
tell
> them
> > to - executables are prohibited from doing so - there's built-in
> > configurable "spam" filters as well. You won't be disappointed.
> >
> > Additionally, if you're using Internet Explorer - it makes it
> really
> > easy for some sites to install "spy ware" when you visit their
> sites
> > without you hardly even knowing. There's no pop-up protection
> unless you
> > install a third party product... If you're using I.E., switch to
> > Mozilla Firefox instead. It'll block unwanted pop-ups for you and
> keep
> > things from getting installed in the background. In addition,
it's
> a
> > nice standards-complaint browser.
> >
> > Keep your virus protection updated, and use something that scans
> all
> > incoming emails and scans content from websites as you browse as
> well. I
> > use the Kaspersky products myself and have been very happy:
> > http://www.kaspersky.com/
> >
> > For those of you on high-speed connections - install personal
> firewall
> > software that monitors incoming connections for you and will ask
> you if
> > a connection is to be allowed or denied.
> >
> > Keeping your computer "disease free" is sorta like making sure
you
> > always practice "safe sex". It's not impossible to do with a
> little
> > effort....
> >
> > --
> > Les Mizzell
> > -------------------------------
> > There's no place like 127.0.0.1
> > There's no place like 127.0.0.1
> > --------------------------------

I run a full hand of guard programs: AVG anti-virus, Spybot S&D, Adaware
and WinPatrol, which proofs every dll or exec file being installed and
prompts for approval when it sees something not in its knowledge base.
I've had trojan programs sneak in as parts of a zipfile, etc., so it is
not just email that is the risk. (I still use a shell-mode text mail
reader, so no attacks survive that way, at least...)


Crow
/**/

On Monday 26 April 2004 20:15, The Old Crow wrote:

> I run a full hand of guard programs: AVG anti-virus,
> Spybot S&D, Adaware and WinPatrol, which proofs every dll
> or exec file being installed and prompts for approval
> when it sees something not in its knowledge base. I've
> had trojan programs sneak in as parts of a zipfile, etc.,
> so it is not just email that is the risk. (I still use a
> shell-mode text mail reader, so no attacks survive that
> way, at least...)

Jeez, our PCs are supposed to be a *tool*. And now look at
this. It's now takes sort of a pro skill to keep the damn
thing running. Time to download a couple of these guard
apps I guess. :(

Not trying to start a war or anything, but is it any better
on Macs?

- Robert

> > so it is not just email that is the risk. (I still use a
> > shell-mode text mail reader, so no attacks survive that
> > way, at least...)
> Jeez, our PCs are supposed to be a *tool*. And now look at
> this. It's now takes sort of a pro skill to keep the damn
> thing running. Time to download a couple of these guard
> apps I guess. :(

I've never had a virus, trojan, spyware app or any other problems on my
PC. How do I do it? I don't run Outlook/Outlook express and I set internet
security to maximum in IE. I also don't run programs from untrusted
sources.

> Not trying to start a war or anything, but is it any better
> on Macs?

There are less viruses written for Macs, but you still can do the similar
stupid things on OSX as you can on Windows and get yourself in trouble.
OSX Doesn't have the prevalency that Windows does, and you can bet if it
did it'd have as many problems. The real issue is the best defense against
all of this stuff is user education, not platform changeovers.

Someone suggested using Mozilla - good choice. And ditch
IE/Outlook/Outlook express.

-->Neil

-------------------------------------------------------------------------------
Neil Bradley "Your mistletoe is no match for my T.O.W. missile!"
Synthcom Systems, Inc. - Santabot - Futurama
ICQ #29402898

You guys are also forgetting about registry fixing software. My IE and Outlook will randomly bomb out with unrecoverable errors at totally unpredictable times. Going by what I've read, this is usually registry related. Not to mention I've tons of references to applications that were deleted years ago, and I can't rid of the uninstill info for them either. Some of these fixer apps will take care of that too. The idiots at MS don't provide anyway to delete this stuff yourself.

Mike Marsh writes:

>>With all due respect, IE and Outlook have all of these protection features and more. There is no need to switch, just learn how to use your software!<<

MS doesn't even allow a person to write protect their default webpage. I'm getting sick as hell of a-hole sites changing it and redirecting me to where I don't want to go. Why the idiots at MS think it's acceptable for the outside world to screw with my settings I will never know. Don't trust anything MS writes. They should burn in hell eternity.


Here's what I plan to do. I'm going to set up my oldest Win based computer as an internet only computer. If some virus takes it down, no big deal because there will be nothing important on it. I can just reformat and reinstall the OS.

-Elhardt

I switched to Mozilla Firefox and Thunderbird months ago. I like them a
lot. I also run AdAware, which since I've been using the Mozilla
products has not found any new spyware. Maybe a coincidence, but who
knows? I am going to try out Spybot, too.

-Richard Brewster

Mike Marsh wrote:

>With all due respect, IE and Outlook have all of these protection
>features and more. There is no need to switch, just learn how to use
>your software! 90% of folks getting viruses and the like on MS
>products is because 90% of the folks are using MS products.
>
>The Mozilla products are good, too. Don't get me wrong, use what you
>like. I wonder what Spybot and AdAware would report on machines
>using other than MS products, though...
>
>Mike
>
>
>
>
>

>> Not trying to start a war or anything, but is it any better
>> on Macs?
>
>There are less viruses written for Macs,

Actually, I haven't seen a single new Mac *virus* in quite a few years. I
doubt that any of the old ones even run in OS 8/9/10. Macro viruses running
in something like Excel don't count--they're platform independent and
generally less malicious. If like me you don't use Excel then it's a
non-issue.

>but you still can do the similar
>stupid things on OSX as you can on Windows and get yourself in trouble.

Well, computers make it easy to do stupid things in general. But in any
variant of unix you have go the extra mile and do something even stupider
to let loose this sort of mischief.

>OSX Doesn't have the prevalency that Windows does, and you can bet if it
>did it'd have as many problems.

Not exactly. Up until OS X all versions of the Mac OS were permission-less
and essentially running in "root" mode all the time. This is NOT the case
with OS X as it's based on BSD unix and properly locked-down by default.
The same cannot be said of Windows and its sundry apps although they're
finally moving in that direction. It's also extremely unlikely that OS X is
going to become remotely as big a target as Windows/IE/Outlook any time
soon.

M$ has become the primary target for three reasons:

1. largest user base
2. insecure by design
3. some people dislike Micro$oft

Put the three together and you have a recipe for disaster.

>The real issue is the best defense against
>all of this stuff is user education, not platform changeovers.

The need to educate computer users who don't know how vulnerable they
really are cannot be overstated. Anyone who isn't is simply another part of
the problem. A computer connected to the Internet is NOT a turnkey
appliance despite what the people trying to sell you one would have you
believe.

If you buy a Mac tomorrow you will eliminate about 99% of all possibility
of infection and the horrors that go with it. But you still have to live
with spam (a significant portion of which is now being generated/relayed
through compromised computers), slow or inaccessible web sites (due to
spam, DDoS attacks performed by said compromised computers), as well as
those wonderful "we couldn't deliver your message because it had a virus"
messages. The later defy all logic since virtually all malware spoofs the
"from" address which means the "sender" didn't send it. The result is the
most useless form of spam yet conceived.

>Someone suggested using Mozilla - good choice. And ditch
>IE/Outlook/Outlook express.

Agreed, with one catch--those web sites that ONLY work with IE, such as my
bank. That's the only reason why IE is on this machine.

--

Terry Bowman, KA4HJH
"The Mac Doctor"

"You'd PAY to know what you REALLY think"--Dobbs

> >There are less viruses written for Macs,
> Actually, I haven't seen a single new Mac *virus* in quite a few years.

http://www.macmerc.com/news/archives/1335

But it underscores my point, apps are what cause undue risk to the system,
not the underlying OS itself.

> doubt that any of the old ones even run in OS 8/9/10. Macro viruses running
> in something like Excel don't count--they're platform independent and
> generally less malicious. If like me you don't use Excel then it's a
> non-issue.

Same deal with Outlook/Express and IE. Don't use them, no virus, no
trojan, no worm. ;-)

> >but you still can do the similar
> >stupid things on OSX as you can on Windows and get yourself in trouble.
> Well, computers make it easy to do stupid things in general. But in any
> variant of unix you have go the extra mile and do something even stupider
> to let loose this sort of mischief.

Not necessarily... the default accounts in OSX (at least 10.2) are su.
Whoops. Same problem that the default user accounts for Windows has. ;-(

> >OSX Doesn't have the prevalency that Windows does, and you can bet if it
> >did it'd have as many problems.
> Not exactly. Up until OS X all versions of the Mac OS were permission-less
> and essentially running in "root" mode all the time. This is NOT the case
> with OS X as it's based on BSD unix and properly locked-down by default.

I run OSX 10.2 on a G4 tower, and the default user account it asks me to
create is root. Whoops. ;-(

> The same cannot be said of Windows and its sundry apps although they're
> finally moving in that direction. It's also extremely unlikely that OS X is
> going to become remotely as big a target as Windows/IE/Outlook any time
> soon.

Because it's a smaller marketshare (less than 4% vs. 90%). If I were a
virus writer, I wouldn't target such a small segment, either.

> M$ has become the primary target for three reasons:
>
> 1. largest user base
> 2. insecure by design

That's conjecture. The problems that people complain about are IE/Outlook
related. They are not OS related.

> 3. some people dislike Micro$oft

4. Outlook/IE sucks. ;-)

> If you buy a Mac tomorrow you will eliminate about 99% of all possibility
> of infection and the horrors that go with it.

Until people are falsely roped into believing that the operating
system/platform itself is to blame for something the apps are to blame.
I've only seen one OS level update from MS in 1.5 years, but I've got *7*
installed on my G4 in the past year that are all OS related. But it
doesn't make press because MS is under the microscope, and it's fun to
bash the big guy. ;-)

> >Someone suggested using Mozilla - good choice. And ditch
> >IE/Outlook/Outlook express.
> Agreed, with one catch--those web sites that ONLY work with IE, such as my
> bank. That's the only reason why IE is on this machine.

In the case where you're forced to use IE, just crank the security up all
the way, and give it full permission to that page if it prevents access.

I'd switch completely over to Mozilla if only it could import cookies.
I use Windows for sequencing/software development, my Mac for some
sequencing/software development, and my FreeBSD box for everything
internet related:

[SYNTHCOM->nb: 1001] w
7:21PM up 271 days, 1:40, 3 users, load averages: 0.01, 0.02, 0.00

;-)

-->Neil

-------------------------------------------------------------------------------
Neil Bradley "Your mistletoe is no match for my T.O.W. missile!"
Synthcom Systems, Inc. - Santabot - Futurama
ICQ #29402898

Actually, SpyBot has been known (personal experience and other people I
have talked to) to hose systems running Windows 2000 with SP3 and SP4 -
you are looking at a bare metal rebuild.

Sent email and never got a reply.

Do IT for a living and was a MSFT employee for five years (don't hold
that against me please) :-)

-----Original Message-----
From: Metzger, Michael A [mailto:MAMETZGER@...]
Sent: Monday, April 26, 2004 8:34 AM
To: MOTM List; synth DIY
Subject: RE: [motm] OT: important PC spying / hacking


The best application we've found for malware like that is Spybot Search
& Destroy. It seems to catch some files that Ad-Aware misses. Note that
these apps are designed to identify and clean data miners, pop ups, etc
- not viruses. http://www.safer-networking.org/index.php?page=download
After installing it make sure to download the updates. Then run it and
you should be clean. It's still free but I see that they are now asking
for donations. It's a great tool.

Mike

-----Original Message-----
From: J. Larry Hendry [mailto:jlarryh@...]
Sent: Monday, April 26, 2004 11:12 AM
To: MOTM List; synth DIY
Subject: [motm] OT: important PC spying / hacking


I hate "virus warning" e-mails, because so many of them in the last have
been a hoax. However, I recently discovered something on my PC that I
wanted to share with my "friends" here on this list. I am on a dial up
connection, so data traffic is fairly obvious. I started noticing a
large amount of data transfer to and from my PC when there should have
been none.

So, I started looking for suspicious executable files and found the
offender. It started in my C:\windows directory as a file called
"system.exe". The file was dated 4/1/04 (April fools day). Here is
some info on this nasty piece of spyware that was copying files from my
machine.

http://www.sophos.com/virusinfo/analyses/trojtofgerb.html

Larry Hendry







Yahoo! Groups Links








Yahoo! Groups Links

At 07:27 PM 4/26/2004 -0700, Neil Bradley wrote:

>I've only seen one OS level update from MS in 1.5 years, but I've got *7*
>installed on my G4 in the past year that are all OS related.

Since Apple releases incremental version numbers (for example, 10.3.3), and Microsoft releases occasional "service packs" with numerous interim "hotfixes", you're comparing apples to oranges (pun intended, though I'm sure some would say I chose the wrong citrus fruit ;).

I've got *13* hotfixes installed on my XP service pack 1 box (SP1 was released 2 1/2 years ago). One of these incorporates multiple earlier hotfixes. And I haven't installed several others that apply to services that I don't use. Almost all of the ones I did install are security related. They are:

>Vulnerability in Authenticode Verification Could Allow Remote Code Execution
>Flaw in NetBIOS Could Lead to Information Disclosure
>Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution
>A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious Programs
>Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise
>An ASN.1 vulnerability could allow code execution
>Buffer Overrun in Messenger Service Could Allow Code Execution
>Unchecked Buffer in DirectX Could Enable System Compromise
>An Unchecked Buffer in the Windows Shell Could Permit Your System to Be Compromised
>Buffer Overrun in Windows Kernel Message Handling Could Lead to Elevated Privileges
>Flaw in Windows WM_TIMER Message Handling Can Enable Privilege Elevation
>Buffer Overrun in RPC May Allow Code Execution
>Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks
>Unchecked Buffer in Windows Help Facility May Allow Attacker to Run Code
>Unchecked Buffer in Windows Redirector May Permit Privilege Elevation
>Unchecked Buffer in Windows Component May Cause Web Server Compromise
>Certificate Validation Flaw Might Permit Identity Spoofing
>Flaw in SMB Signing May Permit Group Policy to Be Modified
>Unchecked Buffer in the Locator Service Might Permit Code to Run
>Buffer Overrun in the HTML Converter Could Allow Code Execution
>Unchecked Buffer in File Decompression Functions May Allow Attacker to Run Code
>Unchecked Buffer in Windows Shell Might Permit System Compromise
>Unchecked Buffer in PPTP Implementation May Permit Denial-of-Service Attacks
>A Buffer Overrun in RPCSS May Allow Code Execution
>Security Update for Microsoft Windows
>Unchecked Buffer in DirectX Could Enable System Compromise

Most if not all of these security flaws are OS level.

The most ridiculous one I saw was that a "specially crafted MIDI file" could "cause an attacker's code to run on the user's computer". This exploit can work via IE, Outlook, or whatever app uses the OS's DirectX API to play the file (like Mozilla & Opera). Scary.

>But it underscores my point, apps are what cause undue risk to the system, not the underlying OS itself.

Unless you're running Windows. Then you don't even need to run an app.

According to www.sans.org:

"The vast majority of worms and other successful cyber attacks are made possible by vulnerabilities in a small number of common operating system services."

>people are falsely roped into believing that the operating
>system/platform itself is to blame for something the apps are to blame.

Windows has plenty of security flaws, even if you don't use IE or Outlook. The OS was designed by people who thought that remote code execution was a feature, not a bug, for God's sake!

But Windows is a necessary evil, for me at least, because I do everything from burning EPROMs to processing credit card transactions, which I can't do on the various Unix variants. So I hide behind a firewall, avoid dodgy websites, am careful what I click on, and hope and pray that the Windows updates stay one step ahead of the h4ck3rz. But hey, at least its UI doesn't give me headaches like Mac OS-X!

JDM

On 4/26/04, Neil Bradley put forth:

> > >There are less viruses written for Macs,
>> Actually, I haven't seen a single new Mac *virus* in quite a few years.
>
>http://www.macmerc.com/news/archives/1335
>
>But it underscores my point, apps are what cause undue risk to the system,
>not the underlying OS itself.

That's not an actual virus. That's a theoretical, possible way too
make a trojan horse, that doesn't exist, and even in theory is
extremely unlikely to work (it would have the wrong file permissions).

>Not necessarily... the default accounts in OSX (at least 10.2) are su.
>Whoops. Same problem that the default user accounts for Windows has. ;-(
>
>I run OSX 10.2 on a G4 tower, and the default user account it asks me to
>create is root. Whoops. ;-(

Then you must be running some bizzare version of 10.2 That is not the case.

Yes they do. Here's an easy way: in SpyBot click on the Immunize
icon on the right. AT the bottom of the resulting page are three
checkboxes: click "Lock IE Start Page against user settings".

Mike

>
> Mike Marsh writes:
> >>With all due respect, IE and Outlook have all of these protection

features and more. There is no need to switch, just learn how to use
your software!<<

>
> MS doesn't even allow a person to write protect their default

webpage. I'm getting sick as hell of a-hole sites changing it and
redirecting me to where I don't want to go. Why the idiots at MS
think it's acceptable for the outside world to screw with my settings
I will never know. Don't trust anything MS writes. They should burn
in hell eternity.

>
>