Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft To Issue Emergency Fix For Windows .LNK Flaw

Posted by Soulskill on from the tee-plus-two-weeks dept.

Trailrunner7 writes "Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn't identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have been exploiting for several weeks now, most notably with the Stuxnet malware. The advance notification from Microsoft on Friday said that the company is patching a critical vulnerability that is being actively exploited in the wild and affects all supported Windows platforms. The LNK flaw in the Windows shell was first identified earlier this month when researchers discovered the Stuxnet worm spreading from infected USB drives to PCs. Stuxnet has turned out to be a rather interesting piece of malware as it not only uses the LNK zero day vulnerability to spread, but it had components that were signed using a legitimate digital certificate belonging to Realtek, a Taiwanese hardware manufacturer."

67 of 112 comments (clear)

  1. Friday sysadmin appreciation day, by Major+Downtime · · Score: 5, Funny

    followed by Monday-Out-Of-Band-Patch-Day.
    http://blogs.technet.com/b/msrc/archive/2010/07/29/out-of-band-release-to-address-microsoft-security-advisory-2286198.aspx

  2. Re:Too bad, it's a great conversion tool. by Nialin · · Score: 1

    I would learn Linux, if I wasn't completely retarded in regards to any type of coding or computer language in general. (this is based on the limited demos from Linux friends)

  3. Re:Slow news day by Dumnezeu · · Score: 1

    Microsoft has been suffering and fixing security holes for decades, not that interesting.

    Remember the Blaster worm? This is its younger cousin.

    --
    Yes, it's sarcasm. Deal with it!
  4. Re:Too bad, it's a great conversion tool. by Freultwah · · Score: 1

    When did they last show it to you? It's not 1995 anymore. It can be used as a desktop OS without knowing how to code and it has been this way for quite some time now. There can be problems with it, but they can definitely not be reduced to the lack of coding abilities. For most people, it's more like "too many varieties to choose from" and that applies to distributions, desktop environments and software.

  5. Re:Too bad, it's a great conversion tool. by poptones · · Score: 2, Insightful

    My GF uses ubuntu now and she's never touched linux before about a month ago. The only thing to "learn" is to lose the bad habits you pick up from a lifetime of windows use. Just back up your music, movies and emails and reload with ubuntu. Dual booting is poison because you will inevitably boot into windows more and more often because it is familiar and "easy." Just wipe out windows, reload the machine from the ground up with linux, use it for a month and you'll never go back. If you want to play games, buy a 360...

  6. Realtek certificate by John+Saffran · · Score: 4, Interesting
    The most interesting aspect of this rootkit was the use of the Realtek private key to sign the drivers. According to Kapersky:

    Microsoft malware researchers said on Friday that they had been working with VeriSign to revoke the Realtek certificate, a process that Realtek officials signed off on. The certificate in question actually expired in June. Microsoft oficials also said that they expect other attackers to begin using the techniques utilized by Stuxnet.

    In hindsight the vendor certificate is a weakness in the entire process simply because access to the signing key bypasses the controls in place. Hardware vendors aren't likely to be as concious, at least until this incident, of the need to maintain proper security around their singing keys, nor are there requirements enforcing such security. In comparison keys used for financial transactions are generally held in HSMs with strong access controls around them to prevent the revealing of the private key. This particular rootkit was specifically confined to SCADA so the impact was always going to be small, but the malware could've easily been targetted to attack general windows installs .. who knows how much damage it could've caused then?

    Luckily this specific certificate was going to expire soon so there was probably less resistance from the vendor in revoking it than there might've been, but if such revokation was going to invalidate significant numbers of drivers then that would've posed the problem of either leaving the certificate valid to be used for other types of malware or revoking it and invalidating however many drivers had already been signed by that key. Unfortunately it's not very likely that hardware manufacturers will ever submit to using HSM-type devices or the processes necessary to ensure key secrecy, so it looks like this will just have to be yet another potential attack vector that's caused by vendor negligence.

    1. Re:Realtek certificate by Calydor · · Score: 1

      Hardware vendors aren't likely to be as concious(sic), at least until this incident, of the need to maintain proper security around their singing keys

      Damn those karaoke bars streaming live to the net!

      --
      -=This sig has nothing to do with my comment. Move along now=-
    2. Re:Realtek certificate by icebraining · · Score: 1

      Can't Microsoft remove the certificate from Windows through a patch? Then they could say "secure your signing certs or we'll delete your certs from Windows and you'll have a shitstorm of angry clients who can't use your drivers to deal with".

      --
      Dilbert RSS feed
    3. Re:Realtek certificate by TheLink · · Score: 1

      The part I'm wondering about is are those Realtek signed components actually Realtek components?

      e.g. Did Realtek screw up on the cert handling or the components were actually made by realtek but were flexible enough to be abused by hackers?

      --
    4. Re:Realtek certificate by icebraining · · Score: 1

      Right, I was thinking about something closer to browsers, which include a large list of CA Certs, but you can remove on of them and then all the certs signed by that CA would not be trusted.

      I thought Windows included a large number of HW manufacturers' certs, not a single "Microsoft cert" with which HW certs were signed against.

      --
      Dilbert RSS feed
    5. Re:Realtek certificate by gad_zuki! · · Score: 1

      Its incredible that MS doesnt force a UAC check on signed drivers install. That's really the fix, not this patch. These companies will never be able to properly secure their keys. Its time we started admitting that the trust in signed code is forever broken.

    6. Re:Realtek certificate by sjames · · Score: 2, Insightful

      Fine then, the question is why doesn't MS REVOKE the Realtek cert?

      The USEFUL answer is that they did.

  7. Is copy-and-pasting"writing"? by Two99Point80 · · Score: 4, Insightful

    This is just a copy (minus links) of the article at Threatpost. How about at least crediting the source?

  8. what is this .lnk flaw anyway? by rduke15 · · Score: 4, Funny

    I still haven't understood what this .lnk flaw actually is, or what fun things it might be used for (and how).

    The previous discussion about this talked about SCADA systems, so I read the wikipedia article about SCADA but still don't quite get what it really is. And the vulnerability seemed to only be exploited on one particularly stupid system which used a hard-coded password.

    And it seemed to also require the use of Autorun/Autoplay which should obviously be disabled anyway. I have 2 files to take care of that on all my USB drives:

    Autorun.inf:

    [AutoRun]
    open=autorun.cmd
    shell\open\Command=autorun.cmd
    shell\explore\Command=autorun.cmd

    And autorun.cmd:

    @ECHO OFF
    ECHO ALERT: You have autorun enabled on this drive (%~d0)!
    ECHO.
    ECHO Trying to disable it:
    @ECHO ON

    REG ADD "HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun" /ve /t REG_DWORD /d 255 /f
    REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf" /ve /d "@SYS:Autorun-Disabled" /f

    @ECHO OFF
    ECHO.
    ECHO You may need to reboot.
    ECHO.
    @pause

    1. Re:what is this .lnk flaw anyway? by alexhs · · Score: 1, Interesting

      From what I've understood, it is a buffer overflow in the way .lnk are handled that has been exploited.

      It doesn't require autorun, just the reading of the .lnk (which happens when you're displaying the .lnk in the explorer)

      The flaw has been discovered from Stuxnet, a virus that happens to target specific systems, but is in no way limited to these systems.

      By the way, does anyone know if it is possible to put a noexec on USB keys like you can on unices ? Although it wouldn't help about this flaw, it is usually better practice (as long as you're not using portable apps).

      --
      I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
    2. Re:what is this .lnk flaw anyway? by noesckey · · Score: 5, Informative

      Stuxnet functions even if autorun is disabled: http://www.sophos.com/pressoffice/news/articles/2010/07/stuxnet.html

    3. Re:what is this .lnk flaw anyway? by Anonymous Coward · · Score: 1, Informative

      Please mod this down, the bug in the lnk handling does in no way require autorun, just browsing the folder will do. This btw also works with webdav shares (have fun ie users).

    4. Re:what is this .lnk flaw anyway? by Anonymous Coward · · Score: 1, Informative

      I still haven't understood what this .lnk flaw actually is,
      ...
      And it seemed to also require the use of Autorun/Autoplay.

      Than please do not comment upon it that way. And no, it does not need Autorun/Autoplay.

      Just getting the shortcut displayed in your file-browser window is enough to trigger the "exploit". And as most installations are "helpfull" enough to open the root-folder of the removable media you put into the machine that "looking at" is fully automated.

      Even if not, simply clicking on the USB-sticks icon in the file-browser will open that root-folder for you and it happens anyway. Other sub-folders can be infected the same way.

      The crux of the matter is that when the shortcut references a specific target that target gets activated to be able to get a specific icon from it (which the shortcut than displays).

      This is designed behaviour (one of the many "by design" blunders MS has made).

      The only work that needs to be done is to edit the target stored in the shortcut to point to another target (the malicious program) located on the removable/remote/anywhere else media. Even a script-kiddie can do that it.

      P.s.
      I removed some too-specific information, as MS did not yet make the patch available ...

    5. Re:what is this .lnk flaw anyway? by rduke15 · · Score: 1

      the side effect of turning off autorun [...] might not be desirable (e.g., if it's someone else's machine)

      For me, it is the desired side-effect, because these people will usually call me for help when they get a virus. I do tell them that I disabled it though, and try to explain why if they seem willing to listen.

      Also, if a worm blindly writes it's own autorun.inf file, then your modified one will get overwritten. Make sure you at least write-protect the file.

      The files do have the read-only attribute.

      autorun correctly disabled

      One of my 2 reg entries is actually what is recommended in your link.

      What I don't know yet is if it works on Win7 or if something else is needed. I'm not so much into fixing Windows any more, since I switched to Ubuntu. There's enough to do to try to fix/customize that now ... :-)

    6. Re:what is this .lnk flaw anyway? by rduke15 · · Score: 1

      Thanks for the detailed explanations. I got it at last.

    7. Re:what is this .lnk flaw anyway? by jroysdon · · Score: 1

      SCADA systems are the type of things that control nuclear reactors, power generation, power distribution, water distribution, and many more.

      For this reason the Siemens attack used a USB method, as typically SCADA systems are either heavily firewalled and/or air-gapped. Sneaker-net should be the only way to get into those networks when done right, and even then sneaker-net methods should be very restricted.

      Siemens HMI/SCADA.

  9. The really interesting bit by HangingChad · · Score: 4, Insightful

    Stuxnet has turned out to be a rather interesting piece of malware as it not only uses the LNK zero day vulnerability to spread, but it had components that were signed using a legitimate digital certificate belonging to Realtek, a Taiwanese hardware manufacturer.

    How do you suppose the crackers got a hold of Realtek's digital certificate? Seems to imply a level of sophistication that goes beyond most virus writers, many of whom are industry professionals these days. A government-backed organization maybe or well-funded industrial espionage.

    Behold the true face of cyberwar!

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
    1. Re:The really interesting bit by alphatel · · Score: 4, Insightful

      Agreed, who cares what the vulnerability is - exploits are never-ending. The digitally signed certificate is a sure-fire method of defeating a number of defense mechanisms and penetrate the MS core even further. As always, the benefit to the code writer is that any MS OS can be fooled, including server systems.

      --
      When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
    2. Re:The really interesting bit by Anonymous Coward · · Score: 1, Insightful

      Virus authors aren't script kiddies anymore. They're trained software engineers. Remember Conficker? It had an implementation of MD6 only a few weeks after the specifications were release(It even contained a buffer overflow which was a fault in the specifications). However, to get a digital certificate signed, I'm guessing some bribery was in order. I'm guessing spam pays a lot these day, when it's done right.

    3. Re:The really interesting bit by v1 · · Score: 1

      How do you suppose the crackers got a hold of Realtek's digital certificate?

      My best speculation on that is an actual hacker (or hacker group) managed to extract the private key through nefarious means, possibly via a botnet-controlled or similarly zombified computer inside realtek, and then it was sold on the underground malware market.

      It's very unlikely the makers of Stuxnet were actually the ones that stole the key in the first place. Does make one wonder how much such a key would go for? I would expect it to be very expensive, it's at least as good as a zeroday.

      You'd think MS would have some very tight restrictions and conditions on how vendors agree to protect their signed keys. I wonder what MS's response to realtek is going to be? Things like this are really damaging to MS's reputation. Even though MS is not generally known for security in the first place, users expected Vista/7 to be better, and afaik it's at risk here also. MS needs to give realtek some smackdown.

      But the real irony here may be that MS's standing security issues were probably a factor in realtek losing the key in the first place, so to some degree, MS contributed to this problem.

      "Effective August 2010, MS will require all driver signing keys to be stored exclusively on macintosh computers. Use of windows computers, unencrypted backups hosted on windows-accessible networks, and especially usb thumbdrives, will not be allowed." lol... wonder if that will help them?

      --
      I work for the Department of Redundancy Department.
    4. Re:The really interesting bit by AmberBlackCat · · Score: 2, Insightful

      So, if they had acquired the signature for Red Hat's online repository, Fedora wouldn't be vulnerable? If the user clicks yes to accept a Fedora key, that's less risky than clicking to accept a key on Windows?

  10. Windows 2000 users by trifish · · Score: 5, Informative

    A friendly warning to all Windows 2000 users out there, your OSs will remain vulnerable (unless you have a private agreement with MS).

    Support for you ended two weeks ago.
    http://support.microsoft.com/lifecycle/?LN=en-us&x=17&y=3&p1=3071

    1. Re:Windows 2000 users by Mhtsos · · Score: 2, Insightful

      This is especially important to anyone actually using the SCADA software this virus attacks. Some versions of WinCC are incompatible with XP (as in "only certified to run on windows 2000" i'm sure nothing technical prevents running in XP). So actually quite a large portion of the target group remains unpatched.

    2. Re:Windows 2000 users by gad_zuki! · · Score: 1

      This attack can only use the credentials of the logged in user. Running as limited user limits its ability to do anything outside of your profile. That and basic AV means Win2000 is usable for a long time in the future.

    3. Re:Windows 2000 users by antdude · · Score: 1

      Is the free version of the latest Avast AV enough for updated Windows 2000 SP4 users?

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  11. Thank %DIETY% by thegarbz · · Score: 1

    This virus made it's rounds through my work (Fortune 50 company). Man the clean-up was disruptive. Mcafee was quick with a patch to clean our computers, but I there were petabytes of storage to clean world wide.

  12. Re:Too bad, it's a great conversion tool. by rduke15 · · Score: 2, Interesting

    VirtualBox is great. I agree that dual boot is a pain, but no access to Windows at all is a pain too. I have an XP VM in VirtualBox (in Ubuntu), so I can use the few Windows-only programs I occasionally need without any trouble.

  13. Re:Too bad, it's a great conversion tool. by RulerOf · · Score: 2, Insightful

    I hear you. Those damn Linux boot loaders can be hard to get rid of.

    Indeed. I've been using SYSLINUX and COM32 for some time now and I love them to pieces. They make NTLDR, and, to a lesser extent, the Windows Boot Manager, look like kids' toys.

    --
    Boot Windows, Linux, and ESX over the network for free.
  14. The real flaw on 3 different OS won't be fixed by Ilgaz · · Score: 3, Insightful

    For some reason, MS will shy away from mandadory CRL/OCSP checks. Bandwidth issues for 1 kb traffic?

    Realtek drivers, as they are software/hardware hybrid (more like softmodem) with unneccesarry junk like an extra control panel weights around 40 MB. Everyone knows it since we have to deal with their aspx powered weirdo site when vendors, including Apple Inc. installs old version of drivers. What kind of harm would Windows do asking certificate vendor (Verisign in this case) if the certificate is real?

    This is also a mistake by Apple too, they don't enable ocsp, at least to "best attempt" in fresh OS X install. You gotta do it in keychain utility preferences. Sad that, on OS X way of doing things, that would mean an instant security boost since native OS X apps uses the same framework for SSL comms.

    Funny is, this is also a problem on Symbian which doesn't rely on "app store". For example, on Nokia E71, one must live a complete usability hell if he/she enables "online certificate revocation check". They just couldn't fix the freaking UI and disabled online certificate check for signed symbian apps. So what happens if some dumb shareware vendor loses their certificate or they actually freely sign malware? You install AV. All this for saving (!) 1 KB of traffic.

    So, even if Verisign revokes it (or hurries, whatever), it won't have any effect until MS/Apple/Symbian (don't know others) wake up and enable certificate revocation checks by default in these days even your heater is connected to the internet.

  15. Re:Too bad, it's a great conversion tool. by Servaas · · Score: 1

    I hear you. Those damn Linux boot loaders can be hard to get rid of.

    Indeed. I've been using SYSLINUX and COM32 for some time now and I love them to pieces. They make NTLDR, and, to a lesser extent, the Windows Boot Manager, look like kids' toys.

    The what now? Someone needs to tell Linux that the age of the 1-click iPad has begun. There is a reason for its success. Usability is one of them. Linux is good for being l33t though.

  16. Re:Too bad, it's a great conversion tool. by orangeplanet64 · · Score: 2, Insightful

    If you want to play games, buy a 360...

    i want to play starcraft 2 you insensitive clod..

  17. It is MS to do it by Ilgaz · · Score: 1

    Your fix doesn't matter as 99% of people out there will wonder around with autorun enabled.

    MS have to copy Apple's way of doing things. How long it took for Apple to fix the "startup items" flaw? They changed the scheme of doing things, did couple of permission tricks and prompted user with a complete non nerd window saying "Wrong permissions in Startup Items" like thing, with 2 options "fix" "don't fix", "fix" selected by default.

    Or, they figured Input Manager functionality which allows running from user's own "Input managers" directory (in $HOME) is flawed, about to get expolited. In next OS X, they made it ignore the Input Managers in Users home dir and allowed only Admin installed input managers. Didn't it create problem on a OS which is advertised as "it just works"? of course it did but it saved a lot of users who otherwise wouldn't have clue how powerful Input Managers can be.

    What MS have to do is, tell big vendors of boxed software/drivers/devices "this is it folks, talk to your DTP department to add instructions of installing your software to the box, we are disabling autorun by default". They can also add Windows 95 "install applications/drivers" control panel to a easy to reach place. E.g. right under their precious "Internet: Internet Explorer" start menu item :)

    Hotfixes, AV software, reg hacks won't cut it.

  18. Re:Too bad, it's a great conversion tool. by Jesus_666 · · Score: 2, Insightful

    If you want to play games, buy a 360...

    How do you install System Shock 2 on an X-Box 360? There are games that aren't supported by $CONSOLE but that people still want to play.

    If you want to do dualbooting right, just move all of your data to one of the Linux partitions and erase them from the Windows partition. Then uninstall the corresponding programs. Once you're unable to check your mail/chat/etc. in Windows you'll have a much smaller incentive to stay ther for longer than neccessary.

    --
    USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
  19. Re:Too bad, it's a great conversion tool. by RulerOf · · Score: 2, Funny

    ...SYSLINUX....COM32...NTLDR... Windows Boot Manager...

    The what now? ...the age of the 1-click iPad has begun. There is a reason for its success...

    My Lawn! You BASTARD!

    --
    Boot Windows, Linux, and ESX over the network for free.
  20. Re:Too bad, it's a great conversion tool. by dnaumov · · Score: 1

    If you want to play games, buy a 360...

    Do you want to sponsor me a 360 and a HDTV? No?

  21. The 1 click wonder? by poptones · · Score: 2, Funny

    An ipad? ROTFL. Let's see you develop SOFTWARE for that ipad... on your ipad.

    Apple users need to learn to speak without steve's hand up their anus...

    1. Re:The 1 click wonder? by Jesus_666 · · Score: 1

      You mean Apple fanboys. I own a Mac and I don't see the iPad as revolutionary, merely a previously-unexplored market niche. No, it doesn't fill the Tablet PC niche; those are essentially graphics tablets with built-in notebooks while the iPad is a scaled-up PDA. Of course it's never going to displace real PCs.

      --
      USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
    2. Re:The 1 click wonder? by RulerOf · · Score: 1

      No, it doesn't fill the Tablet PC niche;

      Ain't that the truth.

      I've got a Viliv S5, and for what I bought it for (portable MKV/h264 playback and general nerdiness), it function[ed] well (I add the past tense because there's an issue with the Windows 7 wifi driver for it that makes it damn near impossible to stream anything). I have though for the most part stopped using it in favor of AirVideo on my iPhone. Mostly because the phone fits in my pocket. While I find myself watching a TV show or something in bed and think "Hrmmz this would look better on an iPad," I can't really justify buying one because I know I'd never use the damned thing. Hell, my boss has bought half a dozen iPads and I'm not sure that more than one or two of them get any kind of regular use... he's a bit of a fanboy. I digress.

      What I'd really like to see is a tablet--any tablet--that runs any OS, be it Windows, [Insert favorite flavor here] Linux, iOS, OS X, even Windows CE or Windows Phone 7, that will act as a Windows Media Center Extender. There aren't any software MCE's currently available (other than in the bowels of Microsoft), but if I could have that experience on a tablet, when I'm away from home I can use the thing for what-the-hell-ever I please, but when I am home I can watch my entire media collection and live TV and DVR all on a single, wireless device. That would be worth $500. My guess is that Ballmer doesn't care though.

      [rant]
      Hrm, while I'm talking about shit that won't exist in a relavant time frame, I'll say again: Perhaps we can have ISP's that solve the bandwidth problem by capping bandwidth instead of capping transfer. I love being considered as the poster boy for the problem in spite of the fact that I download shit at one fifth of my pipe's speed... in the middle of the night. Really fucking it up for everyone else, I am.
      [/rant]

      --
      Boot Windows, Linux, and ESX over the network for free.
    3. Re:The 1 click wonder? by h4rr4r · · Score: 1

      How about not using Windows media center?
      Better more interoperable solutions exist. Heck you could even use vlc on your current setup and stream to whatever device you wanted so long as it can handle normal video streams.

    4. Re:The 1 click wonder? by RulerOf · · Score: 1

      There's a bunch of reasons. First and foremost really is the sharing of TV tuners and centralized configuration brought by extending WMC rather than replicating it. Second, extenders do all the heavy lifting on the back end via DXVA and whatnot, which would mean better battery life. Also, it'll optimize any video source, no matter what it is, to run over that network connection.

      It's neat stuff, but it's really waiting for a breakout to the mainstream. Windows 7 has made it vastly more powerful, but it'll be a couple more years (or Windows versions) before the average folks start digging into it... though perhaps those people will be more interested in Hulu Plus or whatever at that point :P

      --
      Boot Windows, Linux, and ESX over the network for free.
    5. Re:The 1 click wonder? by AnEducatedNegro · · Score: 1

      XBox 360's are cheaper and more compact than any computer that would fit the bill, and they have a nice remote

      You're welcome.

    6. Re:The 1 click wonder? by RulerOf · · Score: 1

      Very nice, but in the absence of a software WMC extender, it's still lacking a game breaking feature :(

      --
      Boot Windows, Linux, and ESX over the network for free.
  22. getting things done by poptones · · Score: 1

    Black hats everywhere would like to thank you for aiding them in their quest to own the internet...

    1. Re:getting things done by basscomm · · Score: 2, Informative

      Except for the fact that I've never had a Windows box that got compromised or infected with any kind of virus, trojan or malware. Most "vulnerabilities" in Windows are user initiated. Practice a little common sense (ie. don't run things that come from questionable or unknown sources) and you are unlikely to ever see a problem.

      Baloney. Let me guess, you don't have any antivirus installed either, because you don't need it? Either you haven't been using Windows for very long or your only Windows box is turned off in the corner. Back in the 90s I got a disk from my school that was infected with Stoned, and a few years later bought a CD-ROM game that came with Michelangelo on the disc itself. Even more recently, hardware from (more or less) reputable sources come preloaded with malware. Heck, part of my job is removing malware from PCs on a near-daily basis, and even though I know better, my USB key got hit by the Autorun worm last Summer. So yeah, common sense and safe browsing habits are wonderful things, but they're not a panacea. There are so many attacks coming from so many vectors, that if you use a Windows box you will get some kind of infection eventually.

      --
      http://crummysocks.com
  23. Re:Too bad, it's a great conversion tool. by KiloByte · · Score: 1

    All the reports on WineHQ say it works just fine.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  24. The real problem is who to trust... by leuk_he · · Score: 1

    They can revoke keys but then there is a new problem:

    -What if the system becomes unusable without a certain driver ( maybe even because the rootkit kills the system deliberate in that case). Who is responisble.
    -If the user gets prompted, what are his options? (e.g. in the simple case his system clock is wrong, but the error message is not clear).
    -What if revoking disables the sound of 66% of the windows machines and ONLY disable 0,001% the rootkit (but not even the actual virus).

    If you think this over, you realize how much issues there are with revoked/expired certificates. The math behind them is correct, but the consequences are much more complicated.

  25. "have been exploiting for several weeks now..." by euyis · · Score: 1

    Why is this called an "emergency" fix? Just curious.

    1. Re:"have been exploiting for several weeks now..." by Shados · · Score: 2, Informative

      because for various reasons (some that are even good), Microsoft only normally release patches once a month. When they can't wait, they call it an emergency fix. Simple enough?

  26. Re:Too bad, it's a great conversion tool. by Anarki2004 · · Score: 1

    If you want to play games, buy a 360...

    For those of us who don't have money, a 360 is rather expensive. I payed $20 for an NVIDIA GeForce 210 after the $30 rebate. That has 512 megs of DDR2 memory and some other pretty snazzy specs for the money. That opened up quite a few games for me. I've even managed to run Crysis (not at full spec, but it was smooth). An xbox is quite a bit more expensive than an upgrade.

    --
    The teachers will crack any minute, purple monkey dishwasher.
  27. LNK is an Open Specification by kingdominic · · Score: 4, Interesting

    The .LNK Binary File Format is an Open Specification provided by Microsoft via the following document:
    http://msdn.microsoft.com/en-us/library/dd871305(PROT.13).aspx
    ~ king

    1. Re:LNK is an Open Specification by Anonymous Coward · · Score: 1, Interesting

      How does that do us any good though? It's not like Microsoft's implementation can be easily replaced is it? Do they use a well documented stand alone library for working with .lnk files? One that I could just plug in an alternate implementation of by exporting the same symbols? Probably not. Its probably lumped in with hundreds of other unrelated functions in some binary that can't be replaced without a significant amount of reverse engineering.

      In the end you're still at Microsoft's mercy. Hope their fix works.

  28. Re:Slow news day by DAldredge · · Score: 1

    Remember the Morris Worm?

  29. Windows XP SP2 will not be patched by Anonymous Coward · · Score: 1, Informative

    SP2 support ended earlier this month. You know what that means. No patch unless you have a custom support contract. Hasta la vista.

    1. Re:Windows XP SP2 will not be patched by UnknowingFool · · Score: 1

      Or you could just update to SP3. That hasn't ended yet.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    2. Re:Windows XP SP2 will not be patched by antdude · · Score: 1

      Not everyone can upgrade though like IT, weird software issues, etc. Oh well, their losses. :)

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  30. Re:and hten any device needing that driver by icebraining · · Score: 1

    Yes, the drivers would stop working, which would bring the shitstorm against the HW manufacturer. That was my point.

    But according to your "sibling" post Windows HW certs don't work like that, so there's nothing Microsoft can do.

    --
    Dilbert RSS feed
  31. While they are at it by JimboFBX · · Score: 1

    While they are at it they should remove the functionality to open a .lnk file in media player. My wife had media player as the default player, and she had some .mp3 files on her system. I'm guess she got these from limewire or something. They wouldn't play in itunes, so I tried opening them in media player and it said it was a filetype that didn't match it's extension, open anyways? So I said yes, thinking that it might of been a wma that was renamed by a dummy, and then instantly a web browser window opened up to some website. The file itself was 5 megs, so I'm guessing it had a .lnk header and then either padded the rest with the original mp3 or just dummy data.

  32. Re:and hten any device needing that driver by Korin43 · · Score: 1

    I suspect it wouldn't work that way anyway. More likely, Microsoft would revoke the certificate, and then everyone would blame them because "My computer doesn't work". Seriously, think of normal people having this problem.

  33. Re:time to exploit XPSP2 installations! by Kaenneth · · Score: 1

    I could see putting off migrating to Vista/Seven... But not installing a service pack?, that's just dumb...

  34. Re:Slow news day by symbolset · · Score: 1

    Ah. *nix had, and fixed, network vulnerabilities long before there even was a Windows. Definitely before Windows even had networking.

    We know this. What's confusing is how pointing this out serves your desire for advocacy.

    Also curious is how this is an emergency. The patch blocks one hole in a colander. Couldn't that wait a week?

    --
    Help stamp out iliturcy.
  35. Re:Too bad, it's a great conversion tool. by jlarocco · · Score: 1

    If you want to play games, buy a 360...

    Comments like this kinda piss me off, because they make Linux users look like idiots.

    If you want to brag about the size of your e-penis, and how you "only use linux," then more power to you.

    But it's pretty ridiculous to basically tell other people, "Linux isn't good at that, so fuck you, you shouldn't use a computer for it."

    I use Linux on all four of my computers at home. But do you know what I would do if I wanted to play a Windows game? I'd install Windows on one of them.

    It's an operating system. Get over it.

    --
    Maybe not
  36. works about as well as windows ever did by poptones · · Score: 1

    Years ago I bought a CD of American McGee's Alice. This was the only game cd I ever actually paid for, and I even installed XP just to run it. Guess what? It never worked. I tried tracking down support info, I tried several tricks and patches and the goddamn thing never worked. The closest I ever got that damn disk to working was under wine. Oh, the irony.

    A 360 does what it does. A 360 is not a desktop with access to all my email and shit. A 360 may be a walled garden but that's fine just so long as it plays a fucking game CD when I bring it home. Why anyone would want to fuck around for hours with making a desktop play games is beyond me.