Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Patches Fix IE, Sony Flaws

Posted by Zonk on from the friendly-software dept.

An anonymous reader writes "Microsoft issued two security updates today, one of which fixes at least four flaws in its Internet Explorer browser, including one for which an exploit was released over Thanksgiving that is now being used by a handful of porn sites to install spyware, etc. According to Washingtonpost.com, the IE patch also removes a component left behind by a patch from Sony BMG designed to remove some of the more dangerous features of anti-piracy software installed by Sony BMG music CDs. Researchers found that the Sony patch changed settings in IE so that any Web site could install software on those machines."

9 of 174 comments (clear)

  1. Sony by Anonymous Coward · · Score: 5, Informative

    Re the Sony spyware saga, it's also worth checking out Ed Felten's latest article on XCP's eviller twin, Suncomm Mediamax. Seems Mediamax made the fatal mistake of setting out their entire scheme in an SEC filing.

  2. Re:I don't get it by PsychicX · · Score: 3, Informative

    Same way you can modprobe something into the kernel under Linux. If you run as an administrator, then the programs that get run can do whatever the hell they want, including patching the kernel tables for syscalls, altering drivers or loading new ones, etc. The only difference is that Linux users generally aren't stupid enough to regularly use the system while logged in as root.

  3. Re:Strange by DavidRawling · · Score: 5, Informative

    Pretty much. It installs poorly coded filters on the CD drives - if installed in the middle of an IO you could get a blue screen. Mark discussed this in detail.

    Much safer to remove during reboot otherwise you'd hear screams of, "The patch BSOD'd my computer!"

  4. Re:I don't get it by Tim+C · · Score: 2, Informative

    Second, you can install mode software any place you want on a Unix system

    That's not true for any of the package systems I've used. Sure, you can do it if you download the source (or a binary tgz, etc), but the majority of users (as opposed to admins) won't be doing that.

    --
    It's official. Most of you are morons.
  5. Re:Strange by Tim+C · · Score: 4, Informative

    It's not just that, it messes with the kernel's systables. At unregister time, it puts things back the way they should be, but it anything else had yielded after grabbing an affected address but before completing the call, *boom* BSOD.

    (All from memory of reports here, don't shoot me if the terminology is wrong)

    --
    It's official. Most of you are morons.
  6. Re:I don't get it by JesseMcDonald · · Score: 3, Informative

    Actually, if you use the low-level package installer (rpm or dpkg, usually), you can almost always specify the prefix ("root directory") to use for installation. In Debian, for example, you can run "dpkg --instdir=$HOME/usr -i package.deb" to install a package into your home directory. That still requires administrative priviledges though, because it's using the system package database. If you want to avoid root altogether, then you can use --root instead of --instdir after setting up your own package database. This is typically used by the Debian installer to install .deb packages into the newly-created root directory, but you could use it to install things locally. Or you could just use "dpkg --unpack file.deb" to extract all of the necessary files. Of course, you'll have to set up $LD_LIBRARY_PATH if you install any libraries outside of the system directories, and some programs are sensitive to the paths that they were configured with.

    --
    "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
  7. Yes, MSRT removes F4I by ScottCooperDotNet · · Score: 4, Informative
    Yes, Microsoft's Malicious Software Removal Tool removes First 4 Internet Rootkit as of December 7th.

    "WinNT/F4IRootkit is a kernel-mode rootkit used for copy protection on certain Sony BMG audio CDs. There are several versions of this rootkit. The rootkit hides certain Windows system resources, including files, processes, and registry settings. The rootkit can be used by attackers to hide malicious content on the computer." -Microsoft

    http://www.microsoft.com/security/malwareremove/fa milies.mspx

    http://www.microsoft.com/security/encyclopedia/det ails.aspx?name=WinNT%2FF4IRootkit

  8. Re:two wrongs by Trashman · · Score: 3, Informative
    Why hasn't the open source community developed a strong gaming environment for *nix yet?!


    Long Story short: Nivdia and ATI's are the roadblocks in this area. They're linux drivers are half-assed and they will not release information for their their graphics cards so that a an open source driver can be written.
    --
    Do not read this .sig
  9. Re:two wrongs by Trashman · · Score: 2, Informative
    What's wrong with a commercial one that does the job as expected?


    IMO, there's nothing is wrong with a closed commercial driver as long as the people writing the drivers didn't make it so you need to jump through hoops to get it installed. And then not fix bugs and not implement some basic features in the drivers.

    The reason there is not a strong gaming community for *nix is because there aren't enough games. There aren't enough games because there isn't a strong gaming community. Catch 22.


    I would say that there is a market but it's largly untapped because the hardware support is lacking. It pisses me off that I have Doom 3 and a good card to play it with, but I can't enjoy the game on my platform of choice because the drivers either don't exist (in the case of the X800, 850, 1600 series) or they don't work as well as the Windows versions (see my comment above about features not being implemented.)
    --
    Do not read this .sig