We have 3 98's at work, use 2 for spares (something for the salesman to play with) and one with PC Anywhere on it, so they can access the program the company uses... from home. Also we have about 5 unopened Win 95's, not sure what to do with them ;)
Printable View
We have 3 98's at work, use 2 for spares (something for the salesman to play with) and one with PC Anywhere on it, so they can access the program the company uses... from home. Also we have about 5 unopened Win 95's, not sure what to do with them ;)
I have windows 98 on one of my other boxes ... But I have temporaly put it to rest [ For the time being ] ... Too busy playing with Windows XP at the moment ...
Windows 95 ahhh the memories the multiple formats for my newbie mistakes ... :DQuote:
Also we have about 5 unopened Win 95's, not sure what to do with them
B.T.W. nihil just curious how many computers do you have ? and which is the oldest ??
i clicked on gores link and got bubkiss..... see... i was running the latest version of firefox with no toolbars...
chimed in alittle late on this thread... was busy for the holidays
From Castlecops
Quote:
There is a new danger floating around the Internet right now, a zero-day exploit taking advantage of the Windows Media Format (WMF) vulnerability. Its not limited to WMF files, it is taking the shape of images as well. This exploit is currently billed as the worst infection in history. It can hide rootkits, it can even hide itself.
This is not a joke.
Many antivirus companies can not discover this malware at present. Microsoft is not responding fast enough. Download a brand new WMF vulnerability checker to see if you are susceptible [Details. However, don't let this stop you from applying two specific workaround patches.
Read the following two articles and install the "Windows WMF Hotfix" followed by de-registering the file "shimgvw.dll". Then reboot. Now, wait with the rest of us for Microsoft and antivirus companies to officially patch this vulnerability and detect/clean it. Spread the word.
Interim WMF Exploit Savior
We've all been following the dramatic story of the whole wmf exploit and how it is easily spoofed into other image types. The last day of 2005 the wmf exploit exploded into other various venues such as instant messages, email, and more. Various tools have been setup to try and catch or filter out the wmf exploit, but last night it has mutated. Newest variations change the header and tail of the wmf exploit making its signature difficult to locate.
Drum roll please...
Ilfak Guilfanov who is being billed as one of the foremost experts in Windows low level technology has released a temporary/interim patch for Windows.
(check often for updates, this is version 1.3)
Technical details: "this is a DLL which gets injected to all processes loading user32.dll. It patches the Escape() function in gdi32.dll. The result of the patch is that the SETABORT escape sequence is not accepted anymore."
Once Microsoft releases an official patch, or if the above doesn't work, you can uninstall it from your Add/Remove Programs menu. It'll be listed as "Windows WMF Metafile Vulnerability HotFix".
The Internet Storm Center gives this patch its stamp of approval:
We have very carefully scrutinized this patch. It does only what is advertised, it is reversible, and, in our opinion, it is both safe and effective.
The word from Redmond isn't encouraging. We've heard nothing to indicate that we're going to see anything from Microsoft before January 9th.
The upshot is this: You cannot wait for the official MS patch, you cannot block this one at the border, and you cannot leave your systems unprotected.
So there you have it, don't trust the firewall filters, don't trust the antivirus vendors, don't wait for Microsoft. Install the patch immediately. If you are running a Windows operating system the patch doesn't support, time to shut it off and wait.
Temporary Patch
SANS has a nice article about this quick fix..
http://isc.sans.org/diary.php?storyid=996Quote:
We've received many emails from people saying that no one in a corporate environment will find using an unofficial patch acceptable.
Acceptable or not, folks, you have to trust someone in this situation.
To the best of my knowledge, over the past 5 years, this rag-tag group of volunteers hasn't asked for your trust: we've earned it. Now we're going to expend some of that hard-earned trust:
This is a bad situation that will only get worse. The very best response that our collective wisdom can create is contained in this advice - unregister shimgvw.dll and use the unofficial patch. You need to trust us.
Hey Hey,
It's like being stuck between a rock and a hard place...
I work, essentially, for a graphics company... the emailing and viewing of images is quite common around here... Our business relies on it..
I can't set the email filter to strip all attachments because of that, I can't unregister the DLL because we rely on th ability to render images and I'm not sure about this unofficial patch... I trust them... but it's still unofficial... if it blows up... heads will roll...
In the end being in charge of IT... with an axe hanging over my head... it seems like waiting it out to see what MS will do is the more viable solution...
Scenerio 1: Install the Patch -- Everything blows up... I have to do clean installs... It's my fault for taking a risk with unofficial patch.
Scenerio 2: Wait it Out -- Someone gets infected, everything blows up... I have to do clean installs... I can pass blame because there was nothing else I could have done... MS left me open...
Peace,
HT
PS: Any Objections to one of us mods renaming the thread so it better represents the discussion?
Similar situation here. We do printing. I half way expect to arrive at workQuote:
I work, essentially, for a graphics company... the emailing and viewing of images is quite common around here... Our business relies on it..
and find the IT guys running up and down the halls from one disaster
to the next, and all work brought to a standstill.
:cool:
And there's no way they are going to use an unofficial patch.
CYA is the first lesson you learn in Kindergarten. Sad but
true. It's more important to assign blame than to "do the right thing".
:cool:
You know...
IMHO the most funny thing about this whole WMF thing is that I went t Microsoft.com and got to see a smirking Bill Gates with the words "What's the next big thing?" (jpg)
http://msdn.microsoft.com/library/de...tspol_0d6b.asp
http://msdn.microsoft.com/library/de...tspol_0883.asp
Well a vecor graphics renderer that allows for the vector graphics themselves to define the 'on error' behavior.. That's a big thing..
http://www.microsoft.com/technet/sec...ry/912840.mspxWhat law enforcement..Quote:
Microsoft’s investigation into this malicious act is ongoing. We are working closely with our anti-virus partners and aiding law enforcement in its investigation.
These 'mallicious' WMFs are just doing what they were supposed to be doing...
And what they should have been doing since 1990 !! (Windows 3.0)
It was just that most WMF software was to lazy to add any error handling in the images.. .. .. ..
here's a few unofficial patches that i found. however, since they are unofficial, things could be messed up, so i reccomend you just wait for the official one...
Quote:
I suggest you read the info at SANS:
http://isc.sans.org/diary.php?date=2006-01-01
and at SunbeltBLOG:
http://sunbeltblog.blogspot.com/ there are several posts about it.
SANS and Sunbelt are highly recommending this unofficial patch until Microsoft releases an official fix.
The patch can be downloaded here:
http://www.hexblog.com/2005/12/wmf_vuln.html
More info there as well.
Please feel free to copy this information to other forums and sites.
I spent a couple of hours testing the patch tonight on VMware, and in my tests, it did work. There is also a test to check your machine from the developer of the patch.
http://www.hexblog.com/2006/01/wmf_v...cker.html#more
I urge everyone to check this out and install the patch after you read all the information.
I'm in a similar situation except mine involves surfing the web: I cant stop my users from doing it. Further if we decide to apply 3rd party patch we have a lot of testing to perform BEFORE applying this patch...and if we break a business critical app we're toast.Quote:
Originally posted here by HTRegz
It's like being stuck between a rock and a hard place...
...
In the end being in charge of IT... with an axe hanging over my head... it seems like waiting it out to see what MS will do is the more viable solution...
Scenerio 1: Install the Patch -- Everything blows up... I have to do clean installs... It's my fault for taking a risk with unofficial patch.
Scenerio 2: Wait it Out -- Someone gets infected, everything blows up... I have to do clean installs... I can pass blame because there was nothing else I could have done... MS left me open...
I'm debating whether to install the 3rd party patch or wait for Microsoft. I'm leaning toward getting the login scripts ready and if MS doesnt come through tomorrow (Tue) deploy it...dunno.
This just sucks! I got over 2000 machines that could get infected... :(