| Reason 373 to dump Windows: the WMF Flaw |
Dec. 30, 2005
Why should you dump Windows for Linux?
Well, there's Microsoft's security-hole-of-the-month-club, which far too many people have got compliants about.
And then there's the WMF (Windows Metafile Format) hole.
This may turn out to be the root cause of the worst Windows security problem ever.
I know what some of you are thinking: "Oh that sjvn, he's just a Linux fan. He'll use every chance he gets to take a potshot at Windows."
Wrong.
While I have little love for Microsoft, I believe in using whatever the best solution is for a given problem. So it is that I still use Excel and PowerPoint over their StarOffice and OpenOffice equivalents.
But that's not the point right now. The point is that this is a potential Windows killer security problem.
This horrible hole is already being used, according to F-Secure, by 57-different malware and worm programs.
By the time the New Years Day holiday is over, and millions of now idle Windows desktops are turned on again, I suspect there will be hundreds of worms using this program out there. I'm also sure that some of them are going to be carrying keyloggers, file-deleters, zombie programs, and God alone knows what else.
While on the Simpsons, C. Montgomery Burns may only stay alive because he suffers from so many diseases, that he ends up with a condition where the infections fight it out to a draw and thus stabilize his metabolism, in the real world, I see the potential for worms that will make Blaster look as harmless as Maggie Simpson.
Don't believe me? Try my colleague Larry Seltzer, who's about as pro-Windows as I am pro-Linux. In his latest column, Another WMF (Windows Major Foul-Up), he wrote, "Research suggests that the WMF format has been officially ruined." And, "[his] own research confirms that the potential for spreading this attack far and wide is immense and that easier vectors than Web pages exist."
So, what can you do about it on your Windows machines?
Well, you can start by running Start/Run and then entering the following command: regsvr32 /u %windir%\system32\shimgvw.dll This de-registers a DLL (dynamic link library) from the Windows registry that's meant to be used by the Windows Picture and Fax Viewer program, but which is now an open highway into your system.
This solution, though, may not be enough to protect Windows systems from worms using this hole.
The best answer? The answer that will be good for the long run?
Switch to Linux.
Linux isn't perfect. Linux has security problems too.
But, what Linux doesn't have, are obscure application holes -- the Windows Picture and Fax viewer for Pete's sake! -- that open up your entire PC like an oyster.
Now, and as ever, Linux is the more secure choice.
Windows? It's insecure junk.
Unfortunately, for everyone who uses Windows, they may be learning the harsh lesson in the worse possible way in the next few days.
--Steven J. Vaughan-Nichols
Do you have comments on this story?
Talkback here
(Click here for further information)
|
|
|
7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.
4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.
Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.
Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.
Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.
Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.
Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.
Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.
Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.
|
|
|
|
|
news feed