[karajorma]

Thanks to MS looks like they're now a reality.

http://news.bbc.co.uk/1/hi/technology/3684552.stm


Thankfully it doesn't look like outlook is vulnerable to this particular exploit or we'd probably face one of the worst virus epidemics ever seen. After all though we've been telling people not to open unsolicited e-mails for years people have always said that some formats like jpg, gif etc were always perfectly safe.

[aldo_14]

I think MS actually invents new exploits to convince people to keep on DL-ing new versions of IE.......

because, apparently, the security fixes for IE are only available if you are running XP SP2 - i.e. it's payup time if you want security.

Worlds biggest beta test, indeed.......

[Kamikaze]

From what I've heard the image bug is universal to software that uses the MS' JPEG parser, which includes Office, IE, Outlook and so on.

[Clave]

Anyone using IE deserves what's coming to them...

[Mongoose]

Hey, I use IE!  Never had a problem with it, and I'll be damned if I'm going to bother downloading some browser that does the exact same thing as the one integrated into Windows.   Also, I'm far from a Microsoft fanboy, but these exploits aren't Microsoft's fault; they're the fault of the @$$holes who think, "Hey!  Let's write a virus!  It'll be teh funnay!!1!"  Those bastards deserve to be locked up for a very long time...:devil:

[Turnsky]

Originally posted by Mongoose
Hey, I use IE!  Never had a problem with it, and I'll be damned if I'm going to bother downloading some browser that does the exact same thing as the one integrated into Windows.   Also, I'm far from a Microsoft fanboy, but these exploits aren't Microsoft's fault; they're the fault of the @$$holes who think, "Hey!  Let's write a virus!  It'll be teh funnay!!1!"  Those bastards deserve to be locked up for a very long time...:devil:

i'll name one thing that most other browsers do, that IE can't... , i'll name two..
Tabbed browsing..
intergrated popup blocker.

[Zarax]

I'm sorry, but with XP2 there is integrated popup blocking...

[Mongoose]

And I don't see the point of everyone's infatuation with tabbed browsing, either.  Having a few IE windows open at the same time accomplishes the same purpose.

[aldo_14]

Originally posted by Mongoose
Hey, I use IE!  Never had a problem with it, and I'll be damned if I'm going to bother downloading some browser that does the exact same thing as the one integrated into Windows.   Also, I'm far from a Microsoft fanboy, but these exploits aren't Microsoft's fault; they're the fault of the @$$holes who think, "Hey!  Let's write a virus!  It'll be teh funnay!!1!"  Those bastards deserve to be locked up for a very long time...:devil:

I'm sure knowing that "it's not MS' fault" will be a source of great comfort next time someone exploits an IE vulnerabiity to **** up your computer.

Originally posted by Mongoose
And I don't see the point of everyone's infatuation with tabbed browsing, either.  Having a few IE windows open at the same time accomplishes the same purpose.

With more mess.

I can't say why tabbed is so much better, but using Ie just feels so...wrong not.

Besides which, firefox is just far, far, far, far more secure.  

And far more reliable and faster in my experience.

[Mongoose]

If you keep Windows updated and have good antivirus/firewall/antispyware programs, it's perfectly safe to use IE.  I've been using it for 3 years or so without a single problem. It just requires some level of common sense, which unfortunately most computer users seem to lack.

[delta_7890]

Firefox was perfect, except Flash didn't work for some reason.  And I missed my Google Toolbar.

[aldo_14]

Originally posted by Mongoose
If you keep Windows updated and have good antivirus/firewall/antispyware programs, it's perfectly safe to use IE.  I've been using it for 3 years or so without a single problem. It just requires some level of common sense, which unfortunately most computer users seem to lack.

http://www.theregister.co.uk/2004/09/13/german_ie_jitters/
"Michael Dickopf, spokesman for the German Federal Office for Information Security (BSI), has told the Berliner Zeitung that internet users should switch from Internet Explorer to Mozilla or Opera. Dickopf says Internet Explorer is hazard-prone, attracting too many viruses and worms. BSI already uses a combination of alternative browsers, Dickopf told the paper."

http://www.theregister.co.uk/2004/06/28/cert_ditch_explorer/
"US CERT (the US Computer Emergency Readiness Team), is advising people to ditch Internet Explorer and use a different browser after the latest security vulnerability in the software was exposed."

http://www.securityfocus.com/columnists/249
"IE is a buggy, insecure, dangerous piece of software, and the source of many of the headaches that security pros have to endure (I'm not even going to go into its poor support for Web standards; let that be a rant for another day). Yes, I know Microsoft patches holes as they are found. Great. But far too many are found. And yes, I know that Microsoft has promised that it has changed its ways, and that it will now focus on "Trustworthy Computing." But I've heard too many of Microsoft's promises and seen the results too many times."

(Date in URL/article)  note that these would relate to the latest patched software t the time.

Also, saying 'so long as you have firewalls, anti-virus, etc' is about as effective a defense for IEs' security-stroke-safety as it is to say a door made of tissue will protect your house, when your house is encased in a giant concrete box with no openings.

[Clave]

I try and use as little MS stuff as possible, just on principle...  

But I DO use Office vX, which is pretty good actually, and I have an X-Box, so it's hard to escape completely...

[karajorma]

Originally posted by Kamikaze
From what I've heard the image bug is universal to software that uses the MS' JPEG parser, which includes Office, IE, Outlook and so on.

I worry about this if Outlook is exploited by this. It really doesn't matter if MS release a patch cause for every person patching their PC on a weekly basis there are probably hundreds who don't bother.

This exploit was revealed a week ago. There are already proof of concept exploits out there. Every virus writer in the world is probably looking ito this because of the sheer scale of the problem this could cause.

[aldo_14]

Originally posted by karajorma


I worry about this if Outlook is exploited by this. It really doesn't matter if MS release a patch cause for every person patching their PC on a weekly basis there are probably hundreds who don't bother.

This exploit was revealed a week ago. There are already proof of concept exploits out there. Every virus writer in the world is probably looking ito this because of the sheer scale of the problem this could cause.

Especially the ones who 'arrange' zombie machines for Spammers...

Imagine this, every image-containing spam email containing a virus that turns your machine into a zombie PC, sending out more viral-image emails.........

.i'm glad I switched to Thunderbird, anyways - does Outlook leverage any of said JPG code from IE to view HTML emails?

[kasperl]

Erm, this is about all JPEG code from MS. Your image viewer, your office, your outlook, your outlook express, your desktop, MSN, everything.

[karajorma]

It gets worse. The virus toolkit is already out there now.

http://www.theregister.co.uk/2004/09/24/jpeg_exploit_toolkit/

[Martinus]

[color=66ff00]Seen this a month ago on slashdot, basically you create a jpeg with an invalid filesize (over 1 gig IIRC) and it causes the buffer overflow.

It's reckoned that the code leak allowed somebody to figure it out.

That is of course unless it's a new one, IE is kinda like a cadbury's flake; it's got the crumbliest, flakiest security in the world.
[/color]

[aldo_14]

I want one of those, now.................

[Martinus]

[color=66ff00]Sarnie's idea, I think it is a good one and honestly wasn't prompted by this thread (in my case).
[/color]