Um...not to be Chicken Little, but you might want to check this out.

[katallison]

OK, show of hands, everyone who's been vegging out for the holiday and who was consequently unaware of a major new Windows security hole? ::raises hand::

This is the Windows metafile exploit, as described in a good quick overview and FAQ from SANS. Secunia has rated it as "extremely critical." Looks like it has the potential to be very nasty indeed; I've both installed the unofficial patch and temporarily unregistered the affected .dll, but I'm also going to scale back my web browsing until this thing is resolved.

[Insert obligatory rantage directed Microsoft-wards, and yes, all you Mac and Linux users, I can hear you snickering...]

Comments

[bethbethbeth.livejournal.com]

Okay...I see this and it's "extremely critical," but I have to tell you, my eyes are glazing over because I have *no* idea what any of it means. Random cod? Vulnerability? WMF files?

More like WTF files.

God. I know I sound like the biggest Luddite, but...

*whimpers*

[bethbethbeth.livejournal.com]

Okay, that was supposed to be "random code," but honestly, "random cod" makes just as much sense to me. *g*

[ardent-muses.livejournal.com]

I was wondering what a random cod was, but seriously thought it was just another of the many, many terms I don't understand. *G*

I followed a link to the Microsoft explanation and it was a little easier to understand. Of course, they don't make it sound as dire (and I don't trust them for a second). According to their FAQ, *if* I'm reading it right, if you're up to date on McAfee or Symantic or several other anti-virus softwares, you're protected. At this point, I'm going to have to believe that, since installing an unofficial patch or getting into the registry would be, with my computer "skills", almost certainly fatal to my computer.

Thanks Kat -- I hadn't even heard of this.

[(Anonymous)]

Lie, lie, lie. I'm perfectly up to date with Symantic, never hit yes to random downloads, and have SP2 installed, and I've got it all over my computer after visiting a fanfic archive.

[katie-m.livejournal.com]

Erm, that was me. Not that it matters, I suppose.

[katallison.livejournal.com]

I saw your post last night before I went to bed, and was wondering if this might be what you'd encountered. If it's any consolation, there was a guy posting on Metafilter who's a very knowledgeable sysadmin, highly security-conscious, who'd done both the patch and the .dll disable, and who *still* got hit himself.

Me, I've started using Firefox with images disabled -- not that it's entirely clear that that'll help. (It does make websurfing a strange and curious experience, through.)

In any event, I'm really sorry that happened to you. Best wishes for quick recovery of your computer!

[ratcreature]

You know, this somewhat common impression that having a Linux system was somehow that much more complicated technically seems to be totally unfounded. I mean, I have no idea what a windows metafile exploit even is, and after I clicked on this link out of curiosity I didn't really understand anything either. And Windows users have to follow stuff like that?

But then I haven't used a Windows computer for longer than five minutes since back when the years still started with 19.. so I guess it could be basic without me knowing. It's not that I switched to Linux out of any deep ideological reasons, Mainly I just can't afford to buy Windows software, and as a secondary reason I also was fed up that the problems with Windows always seemed so irrational and you never could do anything to fix stuff, whereas with Linux mostly I encounter annoying stuff that I can resolve in at least a somewhat workable fashion with patience (admittedly lots and lots of patience sometimes *g*) and a bunch of how-to files.

[basingstoke.livejournal.com]

*nod* The money is why I do it too. As opposed to $60 for one program, it's $60 whenever I feel like updating my OS, which is about every two or three years.

Kat, I am totally not snickering! I really wish the most popular OS in the world wasn't also the least secure. :(

[mlyn.livejournal.com]

Thanks for the info. I got a Mac this fall for school work, but my parents still run a PC, so they will be glad for the information. (Actually, my four-year-old PC still sitting on my desk runs Windows ME, but I already knew it was a dinosaur.)

[planetalyx.livejournal.com]

I'm so glad we use Firefox now. Snicker snicker.

Rotsa ruv and a happy new year, Kat.

[aukestrel.livejournal.com]

^
|
|
Points at icon

::tries not to snicker::

[namastenancy.livejournal.com]

I never snicker. Well, maybe a loud bellylaugh but Dargie won't let me get away with much. What about using Firefox? I understand that it's far less vulnerable than IE.

[tracy-rowan.livejournal.com]

LOL, you have my number, don't you?