Being immersed in the goings on at CES this past week, of course I was reading Robert Scoble's blog posts today. His entry, "Netfix is dead" caught my attention, particularly when he described his experience in the VeriSign booth:
". . . demoing: a peer-to-peer system for selling and distributing high-def videos. It really rocks."
Since
one of the things I "do" is help users clean malware from their
computers, I cringe when I see references to peer-to-peer (P2P). So
often the files passed around via P2P are infected. But, that wasn't
the part that set off alarms. The ringing started when I read
". . . on Monday Verisign announced a deal with Adobe
who’ll distribute their P2P infrastructure along with the next version
of the Flash player. That’ll get it into tons of homes nearly
overnight."
Great, just
great. I already have to politely decline the Yahoo! toolbar when
updating Adobe and now I am going to get stuck with VeriSign's P2P
software on my computer if I want to use Adobe. This does not make me a
happy person.
Congratulations to the folks behind Windows Vista, named the winner of CNET's Best of CES 2007 award in the computers and hardware category!
Was
there any doubt that the award would go to Microsoft? I really don't
think so. The entire Microsoft Team was shining at the 2007 Consumer
Electronics Show (CES) in Las Vegas. It began with Bill Gates giving
the keynote address, followed by an incredible show at the Bellagio.
(By the way, you can't win unless you play. Find the challenge at Vanishing Point.
Even though I wasn't there, I felt the excitement from the reports of those who were. Congratulations!
The IEBlog Team reported
that on January 8, 2007, they logged the 100 millionth IE7
installation. From their browser usage statistician the IE Team
learned:
".
. . as of this week, over 25% of all visitors to websites in the US
were using IE7, making IE7 the second most used browser after IE6."
In addition to the Windows Vista Team needing to learn about the World's Best Vista Craplet Cleaner, perhaps the IE Team also needs to keep track of Bill Pytlovany, who reported even higher statistics for Internet Explorer 7 a full five days ahead of Microsoft's statistician:
"Today the percentage of IE7 users reading Bits from Bill hit 31.67% exceeding other browsers including all previous versions of Microsoft’s Internet Explorer."
On 18 January 2007
Microsoft updated Security Bulletin MS07-002: Vulnerabilities in
Microsoft Excel Could Allow Remote Code Execution (927198).
========================================
Summary:
========================================
On Thursday, January 18th, 2007 Microsoft issued a targeted re-release of the MS07-002 update for Excel 2000.
This
bulletin has been re-released to re-offer the security update to
customers with Microsoft Excel 2000. The security update previously did
not correctly process the phonetic information that is embedded in files
that are created by using Excel in the Korean, Chinese, or Japanese
executable mode. For additional information see Microsoft Knowledge Base
Article 931183.
This re-release only affects Excel 2000. Later versions of Excel (2002, 2003, Excel for Mac) are not affected.
========================================
Recommendations:
========================================
•
Customers running Excel 2000 are encouraged to download the re-released
update through Office Update or the Download Center. Because the update
affects only Excel 2000, the targeted re-release will not be
automatically delivered through Automatic Update or Microsoft Update.
• Customers who are not running Excel 2000 need take no action regarding this targeted re-release.
========================================
Additional Resources:
========================================
- Microsoft Security Bulletin MS07-002: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198): http://www.microsoft.com/technet/security/bulletin/MS07-002.mspx
- Microsoft
Knowledgebase Article 931183 - Excel 2000 does not open some files
after you install security update 925524 that is documented in security
bulletin MS07-002: http://support.microsoft.com/kb/931183
- Microsoft Knowledgebase Article 927198 - MS07-002: Vulnerabilities in Microsoft Excel could allow remote code execution: http://support.microsoft.com/kb/927198
- MSRC Blog: http://blogs.technet.com/msrc/
Sun Microsystems updated Sun Alert 102760 today, providing another "after fix"
update posting. The vulnerability released by this alert is in
processing GIF images in the Java Runtime Environment (JRE), which may
allow an untrusted applet to elevate privileges.
It is strongly advised that Sun Java be updated to Version 1.5.0_10 or the new Build Java SE 6, both of which were released in December, 2006.
Both Ed Bott of Ed Bott's Windows Expertise and Robert McLaws of Windows Now
have had their turn this week being upset with what, in my book, can be
construed as sensationalism, irresponsible journalism, Microsoft
bashing, or a combination of all three. (See Ed's remarks here and here and Robert's here and here.)
Now it is my turn.
In
the hope of educating as many people as possible, I have been following
and reporting on the latest "Storm" worm as it has evolved from the
first reports by F-Secure. While checking headlines in my RSS feeds, I spotted "Storm" Trojan Hits 1.6 Million PCs; Vista May Be Vulnerable and followed the link to Information Week to read the article.
I
hoped that I would cool off by not commenting on the article after
reading it yesterday or have a different perspective today. If
anything, it is just the opposite.
First, a couple of quotations from the InformationWeek article:
"The Trojan horse that began spreading Friday has attacked at least 1.6 million PCs, a security company said Tuesday.
In addition, it appears that Windows Vista, the new operating system Microsoft will launch next week, is vulnerable to the attack."
and
"Microsoft's
soon-to-release-to-consumers Vista, however, does appear at risk, added
Symantec Tuesday. 'It appears most if not all variants could execute
on Vista,' the spokesman said. 'The only way the Trojan would be
unsuccessful is if somehow Vista is able to detect/prohibit the e-mail.
This seems unlikely.'"
Now my comments:
Let's start with the story headline which includes "Vista may
be Vulnerable". This story is about a nasty trojan but it appears the
only way to get attention by journalists these days is including the
name "Microsoft" or "Vista" in the title.
The next mention of Windows Vista is in the beginning of the article which includes the statement that "it appears
Windows Vista . . . is vulnerable. . ." Yet, neither there nor
anyplace else in the article does the author provide any indication
whatsoever of how or why Windows Vista may be vulnerable to this trojan, distributed as an attachment in emails.
Now
we move to the end of the article where the next mention of Microsoft
and Vista appear, this as a quotation attributed to a Symantec spokesman
in which the spokesman made a ridiculous statement referring to the
operating system deleting or prohibiting the email.
That is right, the Symantec spokesman is suggesting that the operating system, not the anti-virus software,
should be deleting/prohibiting trojans. (Didn't I read somewhere that
Symantec was one of the companies complaining that Windows Vista has too
many restrictions?)
Other than the ridiculousness of the
Symantec representative's statement, why do I find that quotation and
the earlier innuendos irresponsible? It is this simple: The "Storm"
worm is propagated as an attachment to spam emails. Assuming the email
gets past the user's email filters, it requires user intervention to
open the email and to then click open the attachment.
By the author's own admission:
"Anti-virus companies have updated their signature databases
with fingerprints that identify and then delete (or quarantine) the
Trojan as it arrives. Other defensive advice includes filtering traffic
on UDP ports 4000 and 7871, update anti-spam products, and configure
mail gateways to strip out all executable attachments."
So,
for the trojan to reach the user, there must be a situation where the
user and the ISP have no email filter and the user allows executables in
their email program (or clicks on the .exe attachment in webmail).
Since A/V companies have updated their databases, we then must presume
that the user either does not have an anti-virus software installed or
it is not up to date.Remember,
the article author and Symantec spokesman indicate that Windows Vista
may be vulnerable. Thus, they must also have forgotten that the Vista
user must have "administrator-like" UAC (User Access Control) authority
in order to allow the executable to run after the trojan has by-passed email filters and anti-virus software.
We would further have to assume that the user does not have any
real-time protection (i.e., Windows Defender, AVG Guard, Ad-Watch,
WinPatrol, and the like). Thus, a Windows Vista computer can be
infected. However, that does not make Vista vulnerable. It means that
the computer own/operator is responsible.I
would strongly suggest that both Gregg Keizer and his Symantec
spokesman head over to the Windows Vista Blog and read Jim Allchin's
excellent presentation of "Security Features vs. Convenience", noting in particular the bold text in the following quotation:
". . . we created a mode of UAC called admin approval mode.
In this mode (which is on by default for all members of the local
administrators group), every user with administrator privileges runs
normally as a standard user; but when an application or the system needs
to do something that requires administrator permissions, the user is prompted to approve the task explicitly.
Unlike the "super user on" function from UNIX that leaves the process
elevated until the user explicitly turns it off, admin approval mode
enables administrator privileges for just the task that was approved,
automatically returning the user to standard user when the task is
completed."
I hope
everyone takes the time to read the above article by Jim Allchin and
realizes that articles like the one in InformationWeek and those that Ed
Bott and Robert McLaws referred to have a purpose -- sensationalism
and as Ed states, "fact-free journalism".
Excellent news for Microsoft customers not yet ready to upgrade to Windows Vista, Microsoft announced
extended support for Windows XP Home Edition and Windows XP Media Center Edition:
"With
the addition of Extended Support, the support life cycle for Windows XP
Home Edition and Windows XP Media Center Edition will include a total
of five years of Mainstream Support (until April 2009) and five years of
Extended Support, matching the support policy provided for Windows XP
Professional."
With Windows
Vista reaching the shelves next week, users with unsupported versions
of Windows operating systems will likely be able to obtain discounted
prices for Windows XP, knowing that security updates will be available
until 2009, or with extended support to 2014.
