Microsoft have just patched a serious hole in Windows explorer that can be used to execute any command based just on a user highlighting a file. Such a command might easily be an FTP command to download a Trojan horse or other nasties. Microsoft were told about the flaw at the start of February, so don’t believe them when they tell you patches come faster when you’re with Microsoft. The flaw advisory can be found at Greymagic.
In other news, Microsoft have finally patched the Media player hole in MP9 and 10 after promising to do so months ago. More evidence that Microsoft is no better, and potentially worse at releasing critical patches then any other OS provider (contrary to their “Get the facts” campaign).
Some more Microsoft related tit-bits.
Yet another variant of the Sober worm (Sober-N) that has been punishing Windows users for ages now has appeared and this one is spreading quickly by spamming copies of itself with English or German messages to any addresses found in a myriad of file types on the infected computer. The Virus industry seems to advance at an astonishing rate as Sophos already has news on a Sober-M variant. If you run Windows of any version, it is critically important that you don’t open attachments you were not expecting, and don’t open any unless you have scanned them with an up to date virus scanner first. It isn’t hard advice, but surprisingly an amazing amount of people don’t do it. Actually that advice should go for all Operating Systems, but it’s an order of magnitude more important for Windows users.
Recently Fred Langa of Langa list fame wrote an article critical of the Firefox web browser. Among other things he claimed that Firefox had had more security flaws then IE in the past months. What he doesn’t look at is how many were exploited, how they were found (often because Mozilla pays people to find them), how quickly they were fixed and most importantly, how serious they were. Tom Raftery has done an excellent article explaining how much more vulnerable people were with IE then Firefox in the past year. (For one thing IE has many more critically serious flaws, most of Firefox’s were fairly trivial and none were exploited.) The Langa list has been very beneficial to millions of computer users over the years and it is a shame to see such a poorly researched article from him. One thing I did find while looking into the issue was this page, which explains in detail how to create your own copy of Windows 2000 completely bereft of Internet Explorer, (along with Outlook Express, Media player and IIS). Proving that Microsoft wasn’t entirely honest when they said IE couldn’t be removed from Windows. Be warned though, that creating the new win2000 CD is not for newbies.
Resolvo Systems has released their “MoveOver” Windows to Linux migration software as Open Source. The software could be very useful for enterprise and government mass Linux migrations like those happening in Munich and various other places around the world. The software collects all your user data from Windows and implements the same settings and appearance in Linux. The new homepage can be found at Sourceforge.
Lastly Techworld has some interesting information on the amount of SPAM we are getting and where it comes from. The answer to the first item is between 68 and 83% of all mail depending on who you ask. The answer to the second item is the US who are apparently responsible for 35.7% of the worlds spam. Head over to our Windows security site for information and free software you can use to combat Virus, Spyware and SPAM threats.