Re: Why no patch for the .wmf problem?
- From: "Paul Baker" <paulb@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 6 Jan 2006 09:29:11 -0500
Jim,
Microsoft probably thought that it would take until about Tuesday to fully
test the update. I never believed they were waiting for Tuesday or would
wait for Tuesday if they had a finished product to release. And, in fact,
they released an update last night (the previous Thursday), which confirms
that.
I was infected with spyware because of this vulnerability, and I had up to
date antivirus and antispyware. The problem is that you don't get infected
by the spyware, you get infected by anything that can take advantage of the
vulnerability, which then downloads spyware of its choice. Antivirus and
antispyware software might kick in at that point, but you're already
screwed.
This is not to be taken lightly. Arbitrary code being allowed to run without
any consent from the user and with up to date antivirus and antispyware and
Windows Critical Updates is not cool at all. People just assume that I did
something wrong, but my only crime was to use a search engine.
Paul
"karl levinson, mvp" <levinson_k@xxxxxxxxxxxxx> wrote in message
news:eCXLlCsEGHA.3700@xxxxxxxxxxxxxxxxxxxxxxx
>I didn't say I like it or am unconcerned. But I suggest it is necessary to
>either accept it as reality, or switch to a different software vendor.
>This is nothing new, it is the way it is, for the next several years if not
>longer.
>
> I suspect most people who were infected by this were not running up to
> date antivirus. While there are always ways for such malware to try to
> evade antivirus, I suspect using these methods were not necessary.
>
>
> "Jim" <Jim@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:487BCDB6-032C-4E9C-B0AA-C065CD5E4A7F@xxxxxxxxxxxxxxxx
>> Greetings,
>>
>> I am glad that you can be that comfortable considering the enormity of
>> the
>> issue. I however cannot afford to be of such an amenable mindset.
>>
>> Jim
>>
>> "Karl Levinson, mvp" wrote:
>>
>>> I really have no idea why you're surprised by this. Microsoft always
>>> takes
>>> around 40 days to test, localize and release patches. [You probably
>>> have no
>>> idea how painful it is to localize what would otherwise be "a simple
>>> patch."] It's been that way for years. You're going to have to switch
>>> to
>>> another non-Microsoft operating system if you don't like this. This is
>>> possibly one of the fastest patches they've ever released.
>>>
>>> You do have a number of workarounds at your disposal. Antivirus
>>> protects
>>> you as well as it protects you from any other virus. An attacker could
>>> use
>>> various methods to try to evade signature-based antivirus, but this has
>>> always been possible with most viruses.
>
>
.
- Follow-Ups:
- Re: Why no patch for the .wmf problem?
- From: Stephen Howe
- Re: Why no patch for the .wmf problem?
- References:
- Re: Why no patch for the .wmf problem?
- From: Robert Moir
- Re: Why no patch for the .wmf problem?
- From: Karl Levinson, mvp
- Re: Why no patch for the .wmf problem?
- From: karl levinson, mvp
- Re: Why no patch for the .wmf problem?
- Prev by Date: Re: Why no patch for the .wmf problem?
- Next by Date: Microsoft Security Advisory (912840): How to re-register dll?
- Previous by thread: Re: Why no patch for the .wmf problem?
- Next by thread: Re: Why no patch for the .wmf problem?
- Index(es):
Relevant Pages
|
Loading
