PDA

View Full Version : Microsoft critical update for April 06


davidh
April 13th, 2006, 09:28 AM
latest security update package is now available at windowsupdate.microsoft.com

If your PC is not set up d/l such updates automatically, you should check it out at that website.

I have MS IE 6 on Win 98 and MS IE 6 did download the critical update successfully from that site.

I rarely use MS IE intentionally but my Foxmail email and Paltalk voice chat software (and whatever else software I don't know about) use components of MS IE so I update it "manually on demand" when I become aware of critical updates or just happen to remember to check for them while running MS IE.

I suspect that this fix is the one that they were working on testing, even tho exploits had already appeared "in the wild".

I figure "don't try to understand it, just update if you can".

David H.

Judy G. Russell
April 13th, 2006, 01:49 PM
This is a critical update, David -- it addresses a problem that has been exploited.

davidh
April 13th, 2006, 02:18 PM
This is a critical update, David -- it addresses a problem that has been exploited. I did not bother to read the details. I just assumed that they meant it when they said critical. And I had sort of remembered that the fix had still been in the testing phase.

IIRC there was a workaround involving disabling active X controls or active X scripting. I try to keep these set at "disable" or "ask permission" but sometimes I temporarily enable them and forget the fact. I don't worry about it much since I use Firefox, but unfortunately I also use the free version of Paltalk voice chat and it FORCIBLY FIRES UP IE to download ads from whoever pays to advertize on it. My virus scanner recently trapped a virus that happened to exploit IE somehow which virus came from one of their &*^%$%^ advertisers.

It's too bad that ordinary home users have to be almost at the level of system admins to adequately protect their computers.

David H.

Judy G. Russell
April 13th, 2006, 03:09 PM
It's too bad that ordinary home users have to be almost at the level of system admins to adequately protect their computers.I hear you. I really don't understand why some folks out there think it's "fun" to deliberately try to hurt others.

davidh
April 13th, 2006, 04:42 PM
I hear you. I really don't understand why some folks out there think it's "fun" to deliberately try to hurt others. From the reports I've read, the vast majority of malware is now from organized crime. This may also explain why the sophistication of attacks and rapidity of exploitation of holes seems to have increased.

Things might get so bad that most ISP's would not allow you to connect to internet unless your PC runs their own up to date protection software. That in turn could sell a lot of hardware and possibly impede spread of non-Microsoft OS's, even tho' MS sloppiness probably helped a lot of malware spread.

David H.

ndebord
April 13th, 2006, 08:12 PM
latest security update package is now available at windowsupdate.microsoft.com

If your PC is not set up d/l such updates automatically, you should check it out at that website.

I have MS IE 6 on Win 98 and MS IE 6 did download the critical update successfully from that site.

I rarely use MS IE intentionally but my Foxmail email and Paltalk voice chat software (and whatever else software I don't know about) use components of MS IE so I update it "manually on demand" when I become aware of critical updates or just happen to remember to check for them while running MS IE.

I suspect that this fix is the one that they were working on testing, even tho exploits had already appeared "in the wild".

I figure "don't try to understand it, just update if you can".

David H.

David,

It is good that MS finallly got around to putting out a bug fix for IE, but the bad news for legacy OS users like myself (W98se) is that there are unpatched vulnerabilities, one of which is critical for Windows Explorer which have NOT been patched yet. They say, just wait, it is coming, but when?

earler
April 13th, 2006, 08:48 PM
Worse news for you. Microsoft will stop further support for windows me, win98 and win98se this year. Time to move on.

-er

Judy G. Russell
April 13th, 2006, 08:51 PM
MS sloppiness probably helped a lot of malware spread.Probably?

davidh
April 13th, 2006, 08:59 PM
David,

It is good that MS finallly got around to putting out a bug fix for IE, but the bad news for legacy OS users like myself (W98se) is that there are unpatched vulnerabilities, one of which is critical for Windows Explorer which have NOT been patched yet. They say, just wait, it is coming, but when?

If you get a 4Ghz PC with 2 gigs memory, it still would probably boot slower than a 1983 IBM PC XT.

I'm still thinking of running LYNX browser and CROSSPOINT email on DOS. I could still read the news on the web to get depressed if I wanted to.

Lindsey
April 13th, 2006, 10:28 PM
From the reports I've read, the vast majority of malware is now from organized crime.
Organized crime as in the Gambino family or something? Nah, I don't buy that. What would be in it for them? Mafia types don't exist just to do bad things. The bad things they do are done in order to further their interests. Where's the profit motive in circulating malware?

--Lindsey

Never mind; I wasn't thinking about phishing expeditions and identity-theft operations. For some reason, I don't think of that primarily as "malware," though I don't know why. But maybe it's only that I've been dealing with insurance companies all day...

Lindsey
April 13th, 2006, 10:31 PM
If you get a 4Ghz PC with 2 gigs memory, it still would probably boot slower than a 1983 IBM PC XT.
Maybe, but a 1983 XT won't run Photoshop...

--Lindsey

davidh
April 13th, 2006, 11:55 PM
Organized crime as in the Gambino family or something? Nah, I don't buy that. What would be in it for them? Mafia types don't exist just to do bad things. The bad things they do are done in order to further their interests. Where's the profit motive in circulating malware?

--Lindsey Maybe I used the wrong words.

A lot of malware is distributed thru pornography, gambling, etc. sites.

The bad guys are hiring software engineers.

I'm talking about key loggers, phishing, root kits, etc.

I don't have a pointer to the breakdown of the statistics. Of course some of it would have to be tried in court to decide if it's a crime.

I'm sure there's plenty of smart but poor software writers in the world.

If your computer downloads so many ads that you can't even run your word processor because it crashes or runs too slow, basically somebodies have stolen your computer and internet connection to make money from ads displayed. And if somebody has that much malware on their system, chances are good there's something worse there too.

Best Buy charges $129 just to install a computer fresh out of the box at your house. If your computer is so messed up with malware that you need to hire somebody to fix it, it could well cost more than the computer to recover the data. I'd call that a crime and in some jurisdictions I'd think local laws would too.

And it's probably organized enough to have several parties involved in it. And according to what I read, some of it IS mafia types. Why not, teflon Don John Gotti was progressive enough to advance cosa nostra into hard drugs in USA a few decades ago? And I'm sure they already have enough experience in gambling and porn.

I'm not saying that more than 50% is cosa nostra. Just that the majority is now not loners and mostly criminal if the cops could get the evidence.

Probably will get worse before it gets better.

Sorry I did not save a link to the articles.

David H.

P.S.
My current ISP is earthlink. Members can d/l free security software, but it only runs on XP and 2000. I'd probably use it but my systems are 95/NT and 98SE.

They also had a free spyware scan for both non-customers and customers, done by an active X control, recently. Don't know if it's still available. It only scanned, no fix.

davidh
April 14th, 2006, 12:05 AM
Maybe, but a 1983 XT won't run Photoshop...

--Lindsey Yeah. I'd have a hard time getting pictures out of my camera, but I could still boot DOS from floppy or CD most of the time since I take very few pictures. I'd still have to boot windows to view pictures in PDF's and edit web pages.

Lindsey
April 14th, 2006, 10:55 PM
I'm talking about key loggers, phishing, root kits, etc.
Yeah, that occurred to me later on, and I stuck an amendment on my message, but that was almost certainly after you had read it. I think dealing with insurance companies all day had scrambled my brain. (Hey! I heard that, Ralph!)

You're right that porn and gambling are prime mafia businesses. So yeah, they've already got the perfect delivery system. :(

Geez, the big guys are horning in on Internet crime just like they're horning in on everything else on the 'Net.! You'd think there'd be some place left for the individual entrepreneur!

--Lindsey

Lindsey
April 14th, 2006, 11:00 PM
Yeah. I'd have a hard time getting pictures out of my camera, but I could still boot DOS from floppy or CD most of the time since I take very few pictures.
But ... but ... but ... what would you do with it after it booted? Just about everything I want to do with my PC these days requires a lot more horsepower than DOS or an XT ever dreamed of! (And besides, I rarely boot my laptop, anyway. I just close the lid and let it hibernate until I need it again. And frankly, I don't notice that it takes any longer to boot from a cold startup than my XT did.)

--Lindsey

davidh
April 15th, 2006, 11:16 AM
You're right that porn and gambling are prime mafia businesses. So yeah, they've already got the perfect delivery system. :(


I find it a little bit upsetting that when I go online to listen to the Rosary, live from voice chatters from around the USA and the world, that the software (Paltalk) often shows ads with women in various stages of undressing themselves to promote "intimate dating" services. They recently upgraded their software, and perhaps they are targeting their ads better now, because I have noticed a lot of blank ads appearing lately. I always keep the software set to have parental controls turned on to reduce the temptation, since I'm still a dirty old man.

I'm sure there are a lot of people who pay the extra money (basic voice chat with limited video is free) to get good web cam performance in their voice chat so that they can see their friends and family members in long distance voice chats, but I suspect that maybe a larger part of the income of the service comes from "adult XXX rated" public and private chat rooms with web cams (i.e. I assume amateur and maybe professional porn). So maybe I should publish a public thank you letter to the sex addicts for paying to support my listening to the Rosary?

I rather admire the orthodox Jewish lay people and clergy who started up excellent adult religious education on that service. Apparently when the ads and other things became too steamy they paid out their own cash to set up their own live virtual yeshiva (women allowed too though) service based on voice chat software. AFAIK they still have a "virtual farbrengen (get together)" every Saturday night with music and singing and l'chaim's, in addition to teaching. I don't think they allow web cams, but at least the Rabbi gets to drink whisky for the toasts :) Gentiles are allowed too as long as they don't try to proselytize. BYOB

I don't like censorship, but perhaps there ought to be some way to hold people a little bit responsible to "be their brother's keeper". How about a law to say that a current picture of the company CEO should appear plainly visible on advertising and packaging, or a web link to the picture? If you're proud of the service your product gives the consumer, why not put your face on it? I don't know if John Gotti's businesses ever had any legal products or not, but if so, I kind of think he would have enjoyed the publicity ;) Hey, people bought "pet rocks".

Hiding behind paper faces. A good way to make money. For the hiders and for the paper makers.

David H.

davidh
April 18th, 2006, 08:04 AM
Critical Windows Security Patch Butts Heads With HP Software

http://www.pcworld.com/news/article/0,aid,125420,00.asp