Attention WINDOWS Users... Exploit Update

From http://www.grc.com/sn/notes-020.htm

*A special (short) edition of "Security Now!" ‹ On Sunday, January 1st,
I phoned into Leo Laporte's KFI "Tech Guy" radio program to inform him
and his radio audience of the availability of Ilfak's new patch and real
solution. Leo produced a special edition of our weekly "Security Now!"
audio podcast. Since this was by telephone the audio quality is not
great, but the high-quality and lower-quality MP3 audio files are
available he

*Ilfak has produced a WMF Vulnerability Checker ‹ Many users want to
verify that their "exploit suppressed" systems are now safe to use. And
others want to see whether their anti-virus A-V systems are now
detecting some WMF exploit code. So Ilfak has produced a simple WMF
Vulnerability tester:

****Download Ilfak's WMF Vulnerability Checker (3.6 kb)
http://www.hexblog.com/security/file...er_hexblog.exe

You can read more about his checker, and users' experiences, on his
Vulnerability Checker blog page.
http://www.hexblog.com/2006/01/wmf_v...y_checker.html

*An important Note about A-V signatures: As useful as anti-virus
protection is as a first line of defense, new WMF exploits are
succeeding at bypassing them. So A-V cannot be relied upon. The only
safe measure is to install Ilfak's vulnerability suppression solution
until Microsoft has updated the GDI32.DLL file and permanently resolved
this problem.

*Windows 98/SE/ME users: Microsoft's original advice to "unregister the
shimgvw.dll" (shell image viewer) was never correct or useful on those
platforms. The good news is that all current WMF exploits appear to be
non-functional on the older Win9x vintage platforms*.*.*. so you will
likely be okay until Microsoft has updated your system with the next
security patches. There is no short-term workaround for Windows 9x users.
*Other new links: See the bottom of the RED box below for many "original
discovery" links.

****SANS "Handler's Diary" update for January 1st, 2006
http://isc.sans.org/diary.php?rss&storyid=996

****F-Secure's ongoing coverage and updates
http://www.f-secure.com/weblog/archi...ve-012006.html
*Get generic WMF Vulnerability news ‹ from GoogleNews:

So A-V cannot be relied upon. The only
safe measure is to install Ilfak's vulnerability suppression solution

.... and we should trust Ilfak, why?

Jose
--
You can choose whom to befriend, but you cannot choose whom to love.
for Email, make the obvious change in the address.

In article ,
Jose wrote:

So A-V cannot be relied upon. The only
safe measure is to install Ilfak's vulnerability suppression solution

... and we should trust Ilfak, why?

Check the references in my posting.
Do you trust Symantec?
Check the Symantec Website:
http://www.symantec.com/avcenter/sec...ent/13799.html

Check the references in my posting.
Do you trust Symantec?
Check the Symantec Website:
http://www.symantec.com/avcenter/sec...ent/13799.html

There are no references to "Ilfak's vulnerability suppresion solution"
on that site. Why should we trust Ilfak?

Jose
--
You can choose whom to befriend, but you cannot choose whom to love.
for Email, make the obvious change in the address.

"john smith" wrote

Do you trust Symantec?
Check the Symantec Website:
http://www.symantec.com/avcenter/sec...ent/13799.html

I have no proof of what I am about to say, or an explanation.

I have never had as much problem with my OS being unstable, as when I was
running Symantec. I wiped my hard drive, installed AVG, and have had a
stable platform, since then. YMMV
--
Jim in NC

I have never had as much problem with my OS being unstable, as when I was
running Symantec. I wiped my hard drive, installed AVG, and have had a
stable platform, since then. YMMV

Just curious: Which OS?

I had the same issues with Win 3.1 and Win 95. Dumped Symantec stuff after
that.
--
Jay Honeck
Iowa City, IA
Pathfinder N56993
www.AlexisParkInn.com
"Your Aviation Destination"

"Jay Honeck" wrote

Just curious: Which OS?

I had the same issues with Win 3.1 and Win 95. Dumped Symantec stuff
after that.

Win 95.

Stability was _much_ improved, and when I later went to Win 2000, pretty
much all problems were gone.
--
Jim in NC

In article ,
"Morgans" wrote:

"Jay Honeck" wrote

Just curious: Which OS?

I had the same issues with Win 3.1 and Win 95. Dumped Symantec stuff
after that.

Win 95.

Stability was _much_ improved, and when I later went to Win 2000, pretty
much all problems were gone.

I only offerred up Symantec because that is what most home users are
familiar with. If you haven't tried GRC's free utilities, you haven't
learned how vulnerable your system is.