Windows WMF vulerability affects Fx users?. What can we do?
-
- Guest
Windows WMF vulerability affects Fx users?. What can we do?
I know this is a Windows problems (sigh) again. But is there anything Fx users can do to block downloading any malicious code from websites? Some little setting, tweak, or extension that may be available for use within the browser?
http://www.redherring.com/Article.aspx? ... AndDefense
http://www.redherring.com/Article.aspx? ... AndDefense
-
- Guest
-
- Guest
That won't work because a malicious site could rename a .wmf to .jpg or something and when Windows gets hold of it, it is going to execute it as .wmf anyway based on its content type instead on notifying you that the file extension is incorrect for the file content and asking what to do.
Simply letting Windows get a sniff of the file will blow up in your face.
Simply letting Windows get a sniff of the file will blow up in your face.
-
- Posts: 0
- Joined: December 31st, 1969, 5:00 pm
If the site renamed a wmf file to jpg, I believe one of two things will happen in Firefox:
1. The malicious server will start sending it as image/jpg and you'll end up with a garbage image in Firefox
2. The malicious server will keep sending it as (whatever the content type is for wmf) and you'll get a download prompt in Firefox that tells you what type of file it is.
1. The malicious server will start sending it as image/jpg and you'll end up with a garbage image in Firefox
2. The malicious server will keep sending it as (whatever the content type is for wmf) and you'll get a download prompt in Firefox that tells you what type of file it is.
-
- Guest
-
- Guest
One of the most effective precautions you can take is to install Spyware Blaster.
Appearently many of these wmf exploits use this exploit as a method of installing spyware on a persons computer.
If Spyware Blaster is installed, then there is a good chance that it will prevent the malicious software from being installed.
Appearently many of these wmf exploits use this exploit as a method of installing spyware on a persons computer.
If Spyware Blaster is installed, then there is a good chance that it will prevent the malicious software from being installed.
-
- Guest
I have had Spyware Blaster installed for a long time. I also have Fx set to show the download manager anytime there is a file being downloaded. I reset it to ask where to save every file rather than just automatically putting in my default folder.
I hope that is enough to at least alert me if anything "odd" is going on.
As for going offline for six months, that is not an option. I would prefer to track down these hacks with too much time on their hands and relieve them of a typing finger or three with my trusty dull plastic butter knife. I am sick to death of feeling like I am under assault all the time.
If the Linux folk would make a really solid small business bookeeping program for use on one their platforms (and quit cranking out so many different flavors long enough for a body to really learn one version), I would switch to it completely. I currently own Xandros, two different Red Hat versions, and SuSe Linux. Just cannot find a good solid bookkeeping program to use on any of them. I keep hoping. I heard rumors of something in the works some time ago, but then it seemed to fizzle out.
Meanwhile, I have to just keep trying to dodge the bullet with Windows.
I hope that is enough to at least alert me if anything "odd" is going on.
As for going offline for six months, that is not an option. I would prefer to track down these hacks with too much time on their hands and relieve them of a typing finger or three with my trusty dull plastic butter knife. I am sick to death of feeling like I am under assault all the time.
If the Linux folk would make a really solid small business bookeeping program for use on one their platforms (and quit cranking out so many different flavors long enough for a body to really learn one version), I would switch to it completely. I currently own Xandros, two different Red Hat versions, and SuSe Linux. Just cannot find a good solid bookkeeping program to use on any of them. I keep hoping. I heard rumors of something in the works some time ago, but then it seemed to fizzle out.
Meanwhile, I have to just keep trying to dodge the bullet with Windows.
- Handle With Care
- Posts: 753
- Joined: September 15th, 2004, 9:14 am
Okay; this one's real easy: The major good anti-virus scanners, properly updated and configured already offer protection from most if not all of these files. Ummmm...you do have a good properly configured and updated anti-virus program running full time, don't you? I said "good" not "Norton/Symantec."
Additional protection involves, for heaven's sakes, keep cookies, popups, java and javascript blocked/disabled unless you absolutely require them and know for sure you can trust the website where you need them. Then disable them immediately as soon as you are finished with that website. Tools | Options | Content | Uncheck/untick both Enable Java and Javascript
Have your Firefox configured: Tools | Options | Downloads | View & Edit Actions -- make sure absolutely NOTHING is marked as Open with .... unless you know you can absolutely trust the file type and the program used to open that file.
Additional protection involves, for heaven's sakes, keep cookies, popups, java and javascript blocked/disabled unless you absolutely require them and know for sure you can trust the website where you need them. Then disable them immediately as soon as you are finished with that website. Tools | Options | Content | Uncheck/untick both Enable Java and Javascript
Have your Firefox configured: Tools | Options | Downloads | View & Edit Actions -- make sure absolutely NOTHING is marked as Open with .... unless you know you can absolutely trust the file type and the program used to open that file.
AMD A8-3800 APU Radion HD Graphics 2.40 GHz; 64-bit Win-7 SP1 Home Premium w/latest patches; Fx 91.0.1 (64-bit); Tb 92.0B3(64bit)
EFnet oper irc.Prison.NET
EFnet oper irc.Prison.NET
-
- Posts: 13808
- Joined: November 7th, 2005, 11:26 am
Handle With Care wrote:... make sure absolutely NOTHING is marked as Open with .... unless you know you can absolutely trust the file type and the program used to open that file.
Just to keep you paranoid, that leave out PDF and a whole lot of other stuff. I'm afraid that any plugin you use poses potential security problems. For example, PDF Reader and Java have had security vulnerabilities fairly recently, although not of this magnitude. If you remember that you really <i>are</i> under attack and software is generally pretty poorly designed, you should be fine.
By the way, anti-spyware programs may save your bacon, but you can't rely on them. Reports indicate that they are remarkably ineffective at finding even <i>known</i> threats.
As for anti-virus programs, my ISP takes care of that. Even so, a virus still slipped into several e-mail messages recently. Ironically, the forged return address was my ISP security group.
St paranoid, folks, and don't rely on software as your sole protection. But we digress.
Last edited by VanillaMozilla on December 30th, 2005, 3:27 pm, edited 1 time in total.
-
- Guest
- venus_de_mpls
- Posts: 1059
- Joined: December 23rd, 2004, 3:43 pm
- Location: Minneapolis, MN, USA, Earth
Handle With Care wrote:Okay; this one's real easy: The major good anti-virus scanners, properly updated and configured already offer protection from most if not all of these files. Ummmm...you do have a good properly configured and updated anti-virus program running full time, don't you? I said "good" not "Norton/Symantec."
I thought the same until I read this from PC Magazine:
Anti-Virus Protection for WMF Flaw Still Inconsistent
Win XP Pro SP1
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
Thunderbird version 2.0.0.0 (20070326)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
Thunderbird version 2.0.0.0 (20070326)
- trolly
- Moderator
- Posts: 39851
- Joined: August 22nd, 2005, 7:25 am
-
- Posts: 13808
- Joined: November 7th, 2005, 11:26 am