.com.unity Forums
  The Official e-Store of Shrapnel Games

This Month's Specials

Raging Tiger- Save $9.00
winSPMBT: Main Battle Tank- Save $6.00

   







Go Back   .com.unity Forums > Illwinter Game Design > Dominions 3: The Awakening

Reply
 
Thread Tools Display Modes
  #1  
Old October 27th, 2007, 05:08 PM
Edi's Avatar

Edi Edi is offline
National Security Advisor
 
Join Date: Oct 2003
Location: Helsinki, Finland
Posts: 5,425
Thanks: 174
Thanked 695 Times in 267 Posts
Edi is on a distinguished road
Default OT: Serious Windows & Adobe Security Flaw

I've posted this same in a couple of other forums I frequent, so I decided to do the same here. Since I need to deal with fallout from crap like this at work, might as well spread the word and help the Dom3 community avoid the problem.

http://www.theregister.co.uk/2007/10...o_fix_windows/

Basically, there's a serious new vulnerability related to Windows handling 3rd party programs, another big one in Adobe and it's often triggered by malicious PDFs. Patch your Adobe Reader to v8.1.1 and be on your toes after that. Even then, you might get hosed. Machines that get infected by the Adobe PDF vulnerability or through the Windows one tend to become spam servers spewing out maliciously constructed PDFs to spread the infection.

Just so you have a heads up on this, it's very recent, but I've already run into one case at work. If it doesn't get patched soon, it'll get worse.

Another thing regarding the malware (type unknown) I encountered: It has at least some anti-AV capabilities, since it was able to evade detection by F-Secure software except indirectly and could apparently interfere with the scanning process and abort it prematurely. That kind of crap is a real ***** and half and then some to root out of a machine and you generally need at least half a dozen different programs to make sure. Most often it's easiest to nuke the site from orbit and do a complete reinstall, which is at least as much of a hassle if you need to do extensive data backups first. I don't know what other big name AV software besides F-Secure might be affected, but Norton would be one good candidate, so would CA, Panda, TrendMicro and other significant security software vendors.
Reply With Quote
  #2  
Old October 27th, 2007, 05:13 PM
lch's Avatar

lch lch is offline
General
 
Join Date: Feb 2007
Location: R'lyeh
Posts: 3,861
Thanks: 144
Thanked 403 Times in 176 Posts
lch is on a distinguished road
Default Re: OT: Serious Windows & Adobe Security Flaw

Alternatively, uninstall Windows.

(come on, somebody HAD to do it!)
__________________
Come to the Dom3 Wiki and help us to build the biggest Dominions-centered knowledge base on the net.
Visit my personal user page there, too!
Pretender file password recovery
Emergency comic relief
Reply With Quote
  #3  
Old October 27th, 2007, 05:58 PM

Evil Dave Evil Dave is offline
Corporal
 
Join Date: Jan 2004
Location: Wilmington, Delaware, USA
Posts: 191
Thanks: 1
Thanked 13 Times in 2 Posts
Evil Dave is on a distinguished road
Default Re: OT: Serious Windows & Adobe Security Flaw

Ich beat me to it: "serious vulnerability in Windows" is not news. [img]/threads/images/Graemlins/MacLogo.gif[/img]
__________________
No plan survives contact with the enemy.
--Helmut von Moltke

Have too may pretender files to keep track of? Use catgod to view them.
Reply With Quote
  #4  
Old October 27th, 2007, 06:39 PM
Autochthon's Avatar

Autochthon Autochthon is offline
Corporal
 
Join Date: Aug 2007
Location: SoCal, USA
Posts: 91
Thanks: 0
Thanked 0 Times in 0 Posts
Autochthon is on a distinguished road
Default Re: OT: Serious Windows & Adobe Security Flaw

Quote:
lch said:
Alternatively, uninstall Windows.

(come on, somebody HAD to do it!)
I would, but the withdrawal pains would mess me up pretty badly

Hopefully, with WinDoze being so widespread, someone will figure out a fix before this gets out of hand.
__________________
"Hello, mother. I come bearing a gift. I'll give you a hint. It's in my diaper and it's not a toaster."
- Stewie Griffin

"The artifact which is the source of my power will not be kept on the Mountain of Despair beyond the River of Fire guarded by the Dragons of Eternity. It will be in my safe-deposit box. The same applies to the object which is my one weakness."
- The Top 100 Things I'd Do If I Ever Became An Evil Overlord
http://www.eviloverlord.com/lists/overlord.html

The Brain: Pinky, are you pondering what I'm pondering?
Pinky: I think so, Brain, but then it'd be Snow White and the Seven Samurai...
-Pinky and the Brain

http://www.lolthulhu.com/
-Props to S.R. Krol
Reply With Quote
  #5  
Old October 28th, 2007, 12:08 AM
Tuidjy's Avatar

Tuidjy Tuidjy is offline
Major
 
Join Date: Apr 2004
Location: La La Land (California, USA)
Posts: 1,244
Thanks: 0
Thanked 30 Times in 11 Posts
Tuidjy is on a distinguished road
Default Re: OT: Serious Windows & Adobe Security Flaw

I found this on a PC at my workplace as well, less than 8 hours ago. I went with a
full wipe (easy when all your desktops are not much more than dumb terminals) What
really pisses me off is that the vulnerability is due to a problem with Explorer7,
which the user installed against company policy... but given that she is one of
the owners, she gets to keep her administrator account. On the other hand, I'm
testing whether she will notice that I forgot to add it to the administrator group.

If you have to have Windows, just make sure that you do not upgrade Explorer beyond
six unless an application you need requires it. There is a patch for Adobe, but
the vulnerability exists in a number of other applications, because it is a
problem of Microsoft's, not one of the third parties.
__________________
No good deed goes unpunished...
Reply With Quote
  #6  
Old October 28th, 2007, 01:07 PM

Lord_Bob Lord_Bob is offline
BANNED USER
 
Join Date: Aug 2007
Posts: 214
Thanks: 0
Thanked 0 Times in 0 Posts
Lord_Bob is on a distinguished road
Default Older is more stable, and less bugs

One of the good things about people being forced to upgrade, but no actual improvements happening is that you can use the old stuff, like Windows 2000, and you don't have any bug problems. It's really irritating actually that QuatroPro hasn't got any better since Fast Hand's Bill stole it and renamed it "Excel". But that's pretty much Bill Gate's entire carreer. Look up "Gary Kildall" to see what I mean.
Reply With Quote
  #7  
Old October 28th, 2007, 03:32 PM
Hadrian_II's Avatar

Hadrian_II Hadrian_II is offline
Major
 
Join Date: Oct 2006
Location: Bern, Switzerland
Posts: 1,109
Thanks: 14
Thanked 17 Times in 14 Posts
Hadrian_II is on a distinguished road
Default Re: Older is more stable, and less bugs

Is this not the same bug that made problems with firefox before and microsoft did say that there is nothing wrong with their software?

things like that dont happen on linux
SCNR
Reply With Quote
  #8  
Old October 28th, 2007, 04:06 PM
Edi's Avatar

Edi Edi is offline
National Security Advisor
 
Join Date: Oct 2003
Location: Helsinki, Finland
Posts: 5,425
Thanks: 174
Thanked 695 Times in 267 Posts
Edi is on a distinguished road
Default Re: Older is more stable, and less bugs

Yes, it is, except the Firefox crew patched their software, thus eliminating that particular attack vector, but it is now a confirmed issue with IE and the Windows XP operating system in general.
Reply With Quote
  #9  
Old October 29th, 2007, 03:36 AM
Velusion's Avatar

Velusion Velusion is offline
Colonel
 
Join Date: Dec 2006
Location: Dallas, Tx
Posts: 1,712
Thanks: 0
Thanked 3 Times in 2 Posts
Velusion is on a distinguished road
Default Re: Older is more stable, and less bugs

This isn't a problem with Vista for those curious.
Reply With Quote
Reply

Bookmarks


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


All times are GMT -4. The time now is 09:52 PM.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©1999 - 2024, Shrapnel Games, Inc. - All Rights Reserved.