Fully patched XP? Still not safe

http://www.eweek.com/article2/0,1759,1638184,00.asp

Quote:

---

Security researchers have identified a new version of the Download.Ject attack that is now being used on the Internet and can compromise fully patched Windows XP machines.

---

Quote:

---

The new version of the attack just appeared Thursday afternoon, and while details are still sketchy, experts say its main purpose is to install a back door on compromised PCs. Users victimized by the attack receive an e-mail or an instant message containing a link directing them to a malicious Web page.

---

Let's home noone gets compromised while waiting for a fix :)

Hrmm, true.. ya know just looking at the title of this thread I coulda simply answered "I know" :D

I'm sorry, but I am feeling less and less sympathy for any one who:

Quote:

---

The new version of the attack just appeared Thursday afternoon, and while details are still sketchy, experts say its main purpose is to install a back door on compromised PCs. Users victimized by the attack receive an e-mail or an instant message containing a link directing them to a malicious Web page.

---

Click on anything and every thing.

Quote:

---

Users victimized by the attack receive an e-mail or an instant message containing a link directing them to a malicious Web page.

---

Why doesn't the government do something about this and shuts down the webpages ? I know they did that with The "Hey i found a picture of %n" virus in AIM. Profiles !

Quote:

---

Originally posted here by Lipton
Why doesn't the government do something about this and shuts down the webpages ? I know they did that with The "Hey i found a picture of %n" virus in AIM. Profiles !

---

Why should the government protect a stupid (L)user. Then they will start censoring web content, and or legislate where you can go and what you can think, and.......oh wait a minute, they already do alot of that. Don't forget to put on your seatbelt now, its a $108 fine here, and should you ride your bike without a helmet it's a hanging offense.

If anyone is dumb enough to click a link or download from a random person IM'ing them, then they deserve the damage. I mean, it's common logic people.. Geez.

What about a person that just bought the computer and got first time online and sees and e-mail "Download the latest Anti-Virus patch Here" and there he thinks, he whata nice guy, offers me free protection, its not that people are dumb, it's all new for people just getting into the field, we were all dumb once in something, we still would be if someone didnt help us.

Umm, if I checked my e-mail and found that type of message, I would wonder why someone I don't know is e-mailing me period.. let alone a download link or whatever. But yes, you are right in a sense we all were new and probably foolish at one point.

Wait, shouldn't the topic be:

Fully patched XP/Linux/UNIX/BeOS/Solaris/Sun/BSD/DOS? Still not safe


I mean, the exploit can apply to any OS known to man because it isn't an exploit based upon the OS, it's an exploit based upon the user. Windows virus, unix viris, BSD virus. I don't care what the OS is, it can still be exploitable by the user.

Which brings me to my next minirant about news and media:

Stop labeling windows exploits like this one as XP/Windows specific! It isn't true, and is just another scare tactic. Telling us that people clicking on malicious links in email makes the OS insecure makes as much sense as the owner of a bank throwing all the money out into the middle of the street.. and then saying that the bank itself isn't secure.

Quote:

---

Wait, shouldn't the topic be:

Fully patched XP/Linux/UNIX/BeOS/Solaris/Sun/BSD/DOS? Still not safe

---

No pooh, it should be "Dangerous Users still Clicking on Anything"

Pooh hit the nail right on the head in my opinion. The main reason Microsofts operating system gets all the coverage is because it is the market leader at this time. If windows died and Linux took over I am sure that we would have similar headlines.

Lipton Which goverment would shut down the page?

Leave it to pooh to come to Windows/XP's rescue ;). However, he's right. The exploit and the general amount of them can apply to most if not all OS's. Although I would much rather prefer a fully-patched *nix system to a fully-patched XP system any day. :D

I'm gonna write some code that delivers a short, sharp, electric shock to the (l)user. Then send email links to it, to every idiot where I work! This may help them to modify their idiotic habbits, then again...

Well I can dream Can't I?

The problem is that people are used to buying this crap. Software makers don't even care, they just put it out on the market-some of them don't even beta or test it anymore. If we demanded better software the makers would make better software,then we wouldn't have to worry about this.
**** comes from ****!

Quote:

---

Originally posted here by pooh sun tzu
Wait, shouldn't the topic be:

Fully patched XP/Linux/UNIX/BeOS/Solaris/Sun/BSD/DOS? Still not safe


I mean, the exploit can apply to any OS known to man because it isn't an exploit based upon the OS, it's an exploit based upon the user. Windows virus, unix viris, BSD virus. I don't care what the OS is, it can still be exploitable by the user.

Which brings me to my next minirant about news and media:

Stop labeling windows exploits like this one as XP/Windows specific! It isn't true, and is just another scare tactic. Telling us that people clicking on malicious links in email makes the OS insecure makes as much sense as the owner of a bank throwing all the money out into the middle of the street.. and then saying that the bank itself isn't secure.

---

for the first part, he was referring to a specific article pooh.

second >> in linux, itd be rather hard to click on a link to some website and be exploited, in most cases.

third >> The bank analogy, heh. The owner of the bank knows what he/she is doing therefore its not the same. Windows is so easily exploitable because its

a. owned by the richest man in the world
b. the most talked about thing in the world
c. the most used os by end users worldwide

hrm.. hrm.. hrm..

WINDOWS IS, HAS BEEN, and WILL ALWAYS BE INFERIOR TO LINUX BECAUSE IT IS BETTER THAN LINUX!

make sense? ill elaborate - windows, is more popular, thus is attacked more, exploited more, more virii blah blah. This makes linux superior to windows, meaning - people can use linux and not worry about clicking a link and getting bad stuff (most of the time - if not all ) simply because linux isn't targetted near as much.

how bout this for the future or something:

"Linux patched and still unsafe blah blah blah"

Quote:

---

A recent security vulnerability has been found in the linux kernel. users are now starting to accidentally be forced to login in as root, and then execute dangerous commands...

---

wait, won't happen.

Yah, I agree er0k. If Linux was the market leader there would be more exploits for it than there are now. However, I believe that Linux is (and would be) less susceptible than windows for the reasons stated by er0k:Most users not running as root, etc.

Microsoft's rebuttal:
http://www.enterpriseitplanet.com/se...le.php/3397851
I saw this on the frontpage. It's alreay been stated in this thread but figured I'd just post it anyway.

Personally I don't buy the numbers game, completely.

Lets narrow the market for instance to webservers. When attrition.org was keeping stats on defaced pages, IIS was #1, and apache was the most userd webserver. IIS had/has nimda, code red, code red II, and their variants (and these still are floating around today), apache doesn't. There was Scalper back in 2002, but it didn't do anything.

I'm not trying to be arrogant in thinking Linux doesn't have security problems, but MS products just seem to have issues beyond just being the most popular. It also doesn't help that MS itself has a bad atitude towards all this with their "its not a bug, but a feature" statements. Its dangerous for MS, its dangerous for their products, and most of all its dangerous for the common home computer user.

I read an article awhile ago stating that isn't bad programming coming out of MS, but bad design decisions that is affecting their product lines. If I can find the article I'll post the link.

PS: I just joined, and this is my first post, so please be gentle. :rolleyes:

This is kinda funny it may be off topic though.

http://uptime.netcraft.com/up/graph?...xworldexpo.com

Umm.. question..

How does a Linux user get a root kit installed on their system with out their knowledge, when the box is fully updated or patched, with a correctly setup firewall?

please note this is in defence of an earlier post.. and is not a pro/anti MS or pro/anti *nix post.. just a thought.. the strongest chain is as strong as it's weakest link.. You know when a door has been forced, but if the criminal is let in..

IS Win Xp SP2 super secure and will never be broken..NO.. am I suprised and should you be? No .. does this nean we should stay alert?..yes .. should be look at alternitives? Always.. regardless of the OS we use and prefer at the moment.. If you are not looking at the others in a balanced manor.. then you can not honestly evaluate you current favourite..

Cheers

one more vulnerability's related tp WinXP with SP2 downloaded and installed. http://secunia.com/advisories/12321/.