Windows WMF vulerability affects Fx users?. What can we do?

User Help for Mozilla Firefox
Post Reply
Yay!
Guest

Windows WMF vulerability affects Fx users?. What can we do?

Post by Yay! »

I know this is a Windows problems (sigh) again. But is there anything Fx users can do to block downloading any malicious code from websites? Some little setting, tweak, or extension that may be available for use within the browser?

http://www.redherring.com/Article.aspx? ... AndDefense
Guest
Guest

Post by Guest »

The only 100% effective thing you can do for now is to shut down your computer and come back to it in around six months when Microsoft may have released a patch for it.
old np
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post by old np »

Never download WMF files?
Guest
Guest

Post by Guest »

That won't work because a malicious site could rename a .wmf to .jpg or something and when Windows gets hold of it, it is going to execute it as .wmf anyway based on its content type instead on notifying you that the file extension is incorrect for the file content and asking what to do.

Simply letting Windows get a sniff of the file will blow up in your face.
old np
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post by old np »

If the site renamed a wmf file to jpg, I believe one of two things will happen in Firefox:

1. The malicious server will start sending it as image/jpg and you'll end up with a garbage image in Firefox
2. The malicious server will keep sending it as (whatever the content type is for wmf) and you'll get a download prompt in Firefox that tells you what type of file it is.
Guest
Guest

Post by Guest »

I have to agree with you there.

As long as the browser serves as a buffer zone between the content and Windows you should be alright.

However should you save such a file to your drive and try opening it later...
old np
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post by old np »

Should you have Firefox set to download to the Desktop automatically, as soon as you save it you're hosed.
Guest
Guest

Post by Guest »

One of the most effective precautions you can take is to install Spyware Blaster.

Appearently many of these wmf exploits use this exploit as a method of installing spyware on a persons computer.

If Spyware Blaster is installed, then there is a good chance that it will prevent the malicious software from being installed.
Yay!
Guest

Post by Yay! »

I have had Spyware Blaster installed for a long time. I also have Fx set to show the download manager anytime there is a file being downloaded. I reset it to ask where to save every file rather than just automatically putting in my default folder.

I hope that is enough to at least alert me if anything "odd" is going on.

As for going offline for six months, that is not an option. I would prefer to track down these hacks with too much time on their hands and relieve them of a typing finger or three with my trusty dull plastic butter knife. I am sick to death of feeling like I am under assault all the time.

If the Linux folk would make a really solid small business bookeeping program for use on one their platforms (and quit cranking out so many different flavors long enough for a body to really learn one version), I would switch to it completely. I currently own Xandros, two different Red Hat versions, and SuSe Linux. Just cannot find a good solid bookkeeping program to use on any of them. I keep hoping. I heard rumors of something in the works some time ago, but then it seemed to fizzle out.

Meanwhile, I have to just keep trying to dodge the bullet with Windows.
User avatar
Handle With Care
Posts: 753
Joined: September 15th, 2004, 9:14 am

Post by Handle With Care »

Okay; this one's real easy: The major good anti-virus scanners, properly updated and configured already offer protection from most if not all of these files. Ummmm...you do have a good properly configured and updated anti-virus program running full time, don't you? I said "good" not "Norton/Symantec."

Additional protection involves, for heaven's sakes, keep cookies, popups, java and javascript blocked/disabled unless you absolutely require them and know for sure you can trust the website where you need them. Then disable them immediately as soon as you are finished with that website. Tools | Options | Content | Uncheck/untick both Enable Java and Javascript

Have your Firefox configured: Tools | Options | Downloads | View & Edit Actions -- make sure absolutely NOTHING is marked as Open with .... unless you know you can absolutely trust the file type and the program used to open that file.
AMD A8-3800 APU Radion HD Graphics 2.40 GHz; 64-bit Win-7 SP1 Home Premium w/latest patches; Fx 91.0.1 (64-bit); Tb 92.0B3(64bit)
EFnet oper irc.Prison.NET
VanillaMozilla
Posts: 13808
Joined: November 7th, 2005, 11:26 am

Post by VanillaMozilla »

Handle With Care wrote:... make sure absolutely NOTHING is marked as Open with .... unless you know you can absolutely trust the file type and the program used to open that file.

Just to keep you paranoid, that leave out PDF and a whole lot of other stuff. I'm afraid that any plugin you use poses potential security problems. For example, PDF Reader and Java have had security vulnerabilities fairly recently, although not of this magnitude. If you remember that you really <i>are</i> under attack and software is generally pretty poorly designed, you should be fine.

By the way, anti-spyware programs may save your bacon, but you can't rely on them. Reports indicate that they are remarkably ineffective at finding even <i>known</i> threats.

As for anti-virus programs, my ISP takes care of that. Even so, a virus still slipped into several e-mail messages recently. Ironically, the forged return address was my ISP security group.

St paranoid, folks, and don't rely on software as your sole protection. But we digress.
Last edited by VanillaMozilla on December 30th, 2005, 3:27 pm, edited 1 time in total.
Guest
Guest

Post by Guest »

Quit blaming Windows and get a clue!!!

Its not the gun, son!

Its the cowboy!

got it?
User avatar
venus_de_mpls
Posts: 1059
Joined: December 23rd, 2004, 3:43 pm
Location: Minneapolis, MN, USA, Earth

Post by venus_de_mpls »

Handle With Care wrote:Okay; this one's real easy: The major good anti-virus scanners, properly updated and configured already offer protection from most if not all of these files. Ummmm...you do have a good properly configured and updated anti-virus program running full time, don't you? I said "good" not "Norton/Symantec."


I thought the same until I read this from PC Magazine:

Anti-Virus Protection for WMF Flaw Still Inconsistent
Win XP Pro SP1
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
Thunderbird version 2.0.0.0 (20070326)
User avatar
trolly
Moderator
Posts: 39851
Joined: August 22nd, 2005, 7:25 am

Post by trolly »

They are still not sure what to look for ...
Think for yourself. Otherwise you have to believe what other people tell you.
A society based on individualism is an oxymoron. || Freedom is at first the freedom to starve.
Constitution says: One man, one vote. Supreme court says: One dollar, one vote.
VanillaMozilla
Posts: 13808
Joined: November 7th, 2005, 11:26 am

Post by VanillaMozilla »

The truth is that we have no idea how much junk has sneaked through all the safety nets. The odds are the white hats can't find it all. The really good malware does its dirty work silently and undetected, like rattlesnakes that have learned not to rattle (with my apologies to snakes).
Post Reply