What is Digg?Sponsored by HowLifeWorks
How to Make Your PC as Fast as the Day You Bought It view!
howlifeworks.com - What's the fastest way to restore a computer to its original blazing glory
163 Comments
- joeshlub, on 10/12/2007, -31/+187Not really. It has no potential as virus/worm, the user has to set up the payload themselves. And this exploit works in pretty much every version of windows. Read into it a bit, this was already on the front page yesterday. and in order to do it, you have to save an animated cursor file, take it out of protected mode, and put it on your desktop (in vista). There isn't any means of delivering the payload.
I'm not fan of vista, but this is pure FUD. It's a minor security problem that will never be implemented and isn't vista specific being touted as a vista's 'suicide'. Ugh. - keyboardduder, on 10/12/2007, -17/+83Wow, i cant believe Mcafee did something useful other than make computers go slower.
- fuzzmeister, on 10/12/2007, -7/+56Making computers go slower is useful?
- Clearz, on 10/12/2007, -19/+62"Windows Vista, Microsoft's extensively applauded most secure Windows platform to date can be taken down by nothing more than a mere animated cursor"
That sentence alone caused my screen to leak FUD all over my keyboard. You fanboys make me sick. Go get laid or something. - edzieba, on 10/12/2007, -14/+57"Still, the fact that it needs a protected mode as described, lol..."
You mean, like Linux's user mode? - sid0, on 10/12/2007, -13/+54If you run Vista IE in protected mode (default) you are not affected.
- lbradeen, on 10/12/2007, -9/+44@joeshlub
Actually the issue can be exploited by forwarding an email w/ the .ani attached to it so it's not as innocuous as you've described. It wont give rise to the next blaster but it can still be exploited. - wolferz, on 10/12/2007, -13/+47@BigManOnCampus
There is no mode in Vista like the one described in the mac/pc commercials. The protected mode talked about in this article is actually referring to a system of sand boxing used by Outlook and Internet Explorer.
There is a mode in Vista that asks you to allow or deny certain things. These things include when you, a program you are using, or a piece of malware attempt to install a program, change important/security settings, edit the registry, access sensitive administration utilities, and edit/delete/copy/move important system files. All it does is lock the desktop and display a message alerting you that something some where is attempt to change something that could have a negative effect, allow with the option to allow or deny the changes.
The average Joe user could go a year or more without seeing this message once. Computer savy people like me who are constantly installing new software and changing stuff could expect to see it once or twice a month. Checking your email, listening to music, and browsing the web will not trigger these messages unless you run into malware that attempts to do something without you knowing about it, which is the whole point.
EDIT
And its not duct taped in. Vista was late because they started over from the ground up to implement features such as this. It amazes me that even when they do something right... it's somehow still wrong... - bennyboy371, on 10/12/2007, -9/+41Yes you are. You said "cos."
- bmartin, on 10/12/2007, -17/+43Linux people who push their views in Windows topics are as bad as Jehovah's Witnesses that come to my door uninvited, except I haven't contemplating shooting any of the Linux people yet.
- ahhell, on 10/12/2007, -8/+33Anyone else notice that Security Centre was either off or disabled and that Defender was flagged. It also appeared that UAC was disabled too.
Nice test there McCrappy. - 4DFX, on 10/12/2007, -9/+33Yea, yea, Macs are great... Wanna buy me one?
- sid0, on 10/12/2007, -9/+33Here's a patch by a third party that won't allow any .ani files except from the default directory. It will stop the attack.
http://research.eeye.com/html/alerts/zeroday/20070328.html
(source included)
</comment abuse> - JoyrexJ9, on 10/12/2007, -4/+28Who in the world would trust any news or info from McAfee?
Their software is worse than 95% of viruses... - sid0, on 10/12/2007, -0/+21@1000: No, that's a different one.
- sid0, on 10/12/2007, -14/+35Since a third party has already fixed it, all of you owe me 5 each.
- inactive, on 10/12/2007, -14/+34This is a very stupid article, given that 2000, XP, 2003 and Vista are ALL affected. Yes, fan boys, you read that right. Get your news from M$ instead of these FUD loving rags:
http://www.microsoft.com/technet/security/advisory/935423.mspx - DubbleA, on 10/12/2007, -8/+27Direct link: http://www.youtube.com/watch?v=hf0S0Vk7j6I
- whiledo, on 03/25/2009, -2/+20Wow, I thought I had managed to catch the billion posts about the animated cursor hole. But this one slipped through. Of course, as many have pointed out, it's not just Vista. People are really doing everyone a disservice by phrasing it that way. I'm sure some people will miss it simply because they don't run Vista and think it doesn't apply to them.
So anyway, I'll just repost what I posted to the other submissions:
For those people who will say "turn off animated cursors" and such, I don't think that's a solution. IE allows a webpage (or email if you're using the IE rendering engine in Outlook) to replace your cursor using some IE-specific CSS code. It's as easy as changing the background for a webpage. Examples:
body {cursor: url('cursor.ani');}
<BODY style="CURSOR: url('cursor.ani')">
<BODY style="CURSOR: url('http://www.example.com/cursor.ani')">
You can do it for the <BODY> element, or for other elements like <A>s. It then loads the specified .ANI file which exploits the hole in IE. It's probable you could also do it with javascript and an .ANI extension/mimetype is not required.
I am almost positive there is no way to disable this in IE. - Lasander, on 10/12/2007, -4/+20@ eatbeefjerky
By that logic windows users should spam linux support forums to switch to windowsXP. - Azio, on 10/12/2007, -6/+211998 called. They want their jokes back.
- 5thfreedom, on 10/12/2007, -4/+18@wolferz
While I agree with MOST of your comment, I know I see the allow/deny message much more often than once or twice a month. It is a daily occurrence for me, sometimes multiple times a day. Very annoying. It is typically a permissions issue, or an open-source program checking for updates. I wish there were settings for UAC so I can fine-tune the level of protection. - 5thfreedom, on 10/12/2007, -5/+18The thing that amazes me is that all the fanboy comments seem to suggest not only trying Linux/OSX, but also never using Windows again as long as you live. Why the hell can't we be multilingual and accept each OS for its strengths rather than rejecting it for its weaknesses. I'll never understand...
- kris33, on 10/12/2007, -1/+14yeah, with ntfs-3g
- redlemon, on 10/12/2007, -2/+14my uac is enabled. it's actually kind of useful, not annoying, and it's interesting to watch it pop up when AIM tries to run exec.exe!
further, looking up exec.exe on google produces this link, http://www.liutilities.com/products/wintaskspro/processlibrary/exec/ , and that description would scare the hell out of a general user. when they dont give the program permission to run, there is no adverse effect on AIM. they would either look and give up on it when they couldn't find anything, or possibly end up calling tech support (dell, hp) and because of the "language barrier" be forced to reinstall with a fresh os. - sid0, on 10/12/2007, -7/+19Sorry for the self-reply but...
http://www.microsoft.com/technet/security/advisory/935423.mspx
"Customers who are using Internet Explorer 7 on Windows Vista are protected from currently known web based attacks due to Internet Explorer 7.0 protected mode." - ihaveplans, on 10/12/2007, -16/+27This is a great video and I'll Digg this despite the use of "pwnd". Please stop.
- fcekuahd, on 10/12/2007, -3/+14There appears to be an easy way to avoid the drive-by web exploit: use Firefox 2.0.
Preliminary tests demonstrate that Internet Explorer 6 and 7 running on a fully patched Windows XP SP2 are vulnerable to this attack. Windows XP SP0 and SP1 do not appear to be vulnerable, nor does Firefox 2.0. Exploitation happens completely silently.
http://blogs.zdnet.com/security/index.php?cat=30 - 5thfreedom, on 10/12/2007, -8/+19Congratulations! Since you aren't using that Vista license anymore, why don't you send it my way?
- colincornaby, on 10/12/2007, -8/+19"And its not duct taped in. Vista was late because they started over from the ground up to implement features such as this. It amazes me that even when they do something right... it's somehow still wrong..."
It's not that Microsoft does things wrong, it's that other groups do things better. Yes, Microsoft ran late to spend time making justified improvements to Windows. But other groups (Apple, Linux) shipped perfectly good, if not better operating systems, without running as late as Microsoft. - ahhell, on 10/12/2007, -1/+12Ah, yes...a thread isn't complete until the cockless wonder makes an appearance.
- saska, on 10/12/2007, -4/+14Windows admins worth their salt should know this trick:
1. If Explorer is dead, start Task Manager with Ctrl+Shift+Esc.
2. On the Applications tab, click New Task... and then type cmd.exe and press Enter to open the command prompt, which will open in your user folder.
4. Type cd desktop and press Enter.
3. Delete the file.
4. Wait for Explorer to restart, or, back on the Applications tab, click New Task... again, type explorer.exe, and press Enter.
As a note to folks who do this in Vista: if you click the button to show tasks from all users, which re-opens Task Manager running as Administrator, you need to close it and do Ctrl+Shift+Esc again to re-open the control panel running under your own user account before you re-launch Explorer from the New Task... button. If you don't do this, you'll start Explorer as Administrator, which -- in addition to being annoying because the taskbar for your applications is gone -- is not a very secure thing to do. - keyboardduder, on 10/12/2007, -6/+16yeah i worded that badly. Something besides make computers go slower is that i meant XD
- Ngai, on 10/12/2007, -0/+10No one install this on their Vista!
http://digg.com/microsoft/Windows_Vista_Suicide_Courtesy_of_McAfee_VIDEO#c5933369
I installed it and I rebooted and now it takes about 8 minutes for my computer to boot and I'm getting errors on .net apps and my computer is acting retarded....
My 2cents...
Don't install this "patch" until you know for sure you know what your doing.
grr - nova1989, on 10/12/2007, -7/+17Boot into Knoppix distro browse to the desktop.....delete file....problem solved.
- Philluminati, on 10/12/2007, -4/+13
Lol @ people saying Vista is busted. Guys, Just use Vista with Firefox, problem solved! - TheGrandGeneral, on 10/12/2007, -8/+17You're coming to a sad realization... Cancel? or Allow?
- Philluminati, on 10/12/2007, -1/+9
I don't care how vunerable operating systems are. I don't care how great they are. I'm happy with what I have (I'm not telling). People get really 'in your face' about this stuff and all you do is convince non-tech people that computers are *****. - bmartin, on 10/12/2007, -11/+19"The zero-day Windows Animated Cursor Handling vulnerability [...] allows for remote code execution [...] highest severity rating from Microsoft, namely Critical."
Yeah, it's bad. Remote code execution is severe. - gstuartj, on 10/12/2007, -2/+10Judging by the description of the problem, I don't think the 64-bit edition would protect you any more than the 32-bit version. Sorry.
- sid0, on 10/12/2007, -1/+9What kind of ***** wouldn't block you?
- crpietschmann, on 10/12/2007, -10/+17"send Windows Vista into a perpetual "crash-restart" loop by simply dragging a malformed .ani file to the operating system's desktop"
ok, first off, you'll notice that Windows itself is not crashing and restarting. Only Windows Explorer is. Yes that still would be a problem, but the malformed .ani is not crashing Windows at all. - MioTheGreat, on 10/12/2007, -1/+8"You mean, like Linux's user mode?"
No. Vista' default behavior is as follows: even while running as an Admin, applications don't have admin privileges unless you explicitly give such privileges to them. - whiledo, on 03/25/2009, -2/+9@fcekuahd
Don't forget Thunderbird. Or just something other mail client than Outlook/Outlook Express using the IE renderer for HTML emails. - joeshlub, on 10/12/2007, -3/+9@lbradeen
If you've already got code from a worm running, you could do much better things than put a damn animated cursor on their desktop. All they have to do to get rid of this is boot in whatever lower level mode vista uses anyway.
I realize this could be implemented. But it's pointless. What i'm saying is that any situation were it could, there would be much better things the malicious coder could implement. You've all got to realize that. - stalefries, on 10/12/2007, -2/+8...if you have write capabilities for NTFS.
Does Knoppix have that support yet? Serious question. - Azio, on 10/12/2007, -7/+13There needs to be an option to bury a story because it is misleading and biased, like this one. I guess we'll have to make do with Inaccurate for the time being.
- Inqu, on 10/12/2007, -7/+12Gee, I wonder what will happen if I turn off all my protection and drop a known issue right where I'm not supposed to? Pure FUD.
- manitoba98xp, on 10/12/2007, -7/+12http://en.wikipedia.org/wiki/Windows_Vista#Security-related_technologies
See third paragraph. - saska, on 10/12/2007, -7/+11As a matter of fact, I don't have UAC disabled, and I think that would be stupid. So do most people I talk to who actually use Vista.
-
Show 51 - 100 of 164 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is