OK - I know you're tired of me and the Windows crap, but some users might need this, so please bare with me.
Next, and I don't mean to sound catty, but could we keep this thread as unaccusatory as possible? By that I mean, no statements like; "Get a Mac" or "Linux is better", etc.?
Some of us simply can't afford to upgrade in any form, and this information is for them, even if they may be in better shape than the rest of us were.
{Note: The OFFICIAL MS patch is NOW available for the rest of us. - Go GET IT installed!}I'm no computer geek by any means, so I can only share what I've learned. Please feel free to input any information you have that will help benefit users of
Windows98, Windows 98 SE, or Windows ME.First, this is what
Microsoft says:(Click the General Information/FAQ link)
Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by one or more of the vulnerabilities that are addressed in this security bulletin?No. Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, the vulnerability is not critical because an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions. For more information about severity ratings, visit the following
Web site.
In perusing the new
http://castlecops.com/f212-Hexblog.html">Ilfak Guilfanov Forum/Blog the
How about win98 thread shares
http://blog.ziffdavis.com/seltzer/archive/2006/01/03/39684.aspx">this article:
I have been testing a lot tonight and it appears to me that iDEFENSE is right: In a practical sense, only Windows XP and Windows Server 2003 (in all their service pack levels) are vulnerable to the WMF flaw. Here's why.
It is true, as F-Secure says, that all versions of Windows back to 3.0 have the vulnerability in GDI32. But most versions of Windows are not quite as vulnerable as they appear. Except for Windows XP and Windows Server 2003, no Windows versions, in their default configuration, have a default association for WMF files, and none of their Paint programs or any other standard programs installed with them can read WMF files. One ironic point to conclude is that not until their most recent operating system versions did Microsoft include a default handler - the Windows Picture and Fax Viewer - for what has been, for years, an obsolete file format. And now it comes back to bite them.
Therefore only consider applying the Guilfanov patch on Windows XP and Windows Server 2003. On other platforms, unless you have installed your own vulnerable default handler for WMF files, the likelihood of compromise even when a system is bombarded with malicious WMFs is low.
A "vunerable default handler" is another program that you've set up to open WMF files, that is not Windows-based. Some commentors took issue with his post, and he clarified with the following:
...here's the important point: On any version of Windows you need a program that can load and interpret WMF files in order to be exploited. On Windows XP and Server 2003 this is installed by default and made the default handler for WMF files, and Paint is updated to handle WMFs as well. But on earlier versions of Windows there is no such program installed by default. You would need a third-party program in order to be vulnerable, such as Lotus Notes.
So my conclusion is that if you're still running these older OS's (while you might still be vunerable), it's nowhere near what it is/was for those of us on a more up-dated system. Figures, doesn't it?
Anyway, without getting too long-winded here, visit Ilfak's forum occasionally (link above), because it seems to me I read that he was going to work on a hotfix for the older OS's anyway.
Also, keep tabs over at
Steve Gibson's GRC site.
Finally, keep up your safe-computing practices. I don't think I need to go over what they are.
Happy computing DU'ers!
:yourock: