Forgot your password?
typodupeerror
Bug Operating Systems Security Software Windows Microsoft

Public Exploit For Windows JPEG Bug 509

Posted by michael
from the here-comes-the-worm dept.
Khoo writes "A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software. Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft's software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file." We mentioned this earlier.
This discussion has been archived. No new comments can be posted.

Public Exploit For Windows JPEG Bug

Comments Filter:
  • Knew it (Score:3, Funny)

    by Anonymous Coward on Thursday September 23, 2004 @08:09AM (#10327688)
    I knew there was something wrong with Goatse when I saw it!
  • Almost... (Score:3, Interesting)

    by mirko (198274) on Thursday September 23, 2004 @08:10AM (#10327694) Journal
    Now, to convince my company's managers to switch their userbase to Firefox, I just need it to support Sso (Single sign-on), please, tell us it's coming otherwise we'll keep using this tyrabrowsaurus...
    • Re:Almost... (Score:3, Interesting)

      by pcardno (450934)
      Is anyone working on Single Signon for the Firefox/Mozilla platform? We're stuck using IE here as well as we've integrated Netegrity's Siteminder with Windows Single Sign On into the whole Active Directory thing (i.e. sign into your Windows computer and from that IE can figure out who you are so personalises our Intranet) but I'd rather we could get over to Firefox simply cos it's faster and less buggy!

      Oh, and then other people in the company wouldn't sniff at me for using it!!
      • Re:Almost... (Score:5, Informative)

        by AstroDrabb (534369) on Thursday September 23, 2004 @09:08AM (#10328074)
        We use Netegrity as well. However we went against the single sign-on thing since it was less secure. Our users get stopped by a Netegrity form and enter their username password and then can go to any corporate intranet web app without signing in again until they close their browser or the session expires (about every hour). Firefox/Mozilla already support Windows authentication for single sign-on. It prompts a user for their name and password instead of just silently sending it. The user can even check a "remember password/username" option so they don't have to enter it again. Some management tried to get the admins to turn on windows authentication with Netegrity but the admins and we programmers stood our ground and said how bad an idea it was. Our users can get to all types of personal information and personal financial information on our corporate intranet. It is really dumb to not authenticate a user at least once per session. If a user walked away from their desktop without locking it (happens all the time), anyone could walk up to their box and get to all their personal data if we used just windows authentication. We do have a policy that locks a desktop after 15 minutes, however that is still a 15 minute windows for someone to do get to someone elses personal and financial data.

        Tell your management to turn off the Netegrity/windows authentication and use Netegrity form authentiation over SSL. Also, there is no reason why your users cannot user Firefox/Mozilla since it has had cross-platform support for Windows authentication for a few versions now.

    • Re:Almost... (Score:5, Insightful)

      by lphuberdeau (774176) on Thursday September 23, 2004 @08:21AM (#10327763) Homepage
      Browsers are not the only problem. Many companies use outlook as a mail client. Someone could simply include a jpeg image to the mail and since images are loaded by default, they would infect everyone. Seriously, the only way around this is to update software. Microsoft already has a patch for this I think.
      • by Anonymous Coward on Thursday September 23, 2004 @08:29AM (#10327811)
        You can make a big fucking quilt with all those patches they keep giving out!
      • Re:Almost... (Score:5, Interesting)

        by SenseiLeNoir (699164) on Thursday September 23, 2004 @08:33AM (#10327847)
        This is exactly the problem I fear. All it takes is one spammer/cracker to bulk mail a hundred of pictures to random HTML accounts (Hotmail, etc).. and you can see exactly where this is going to lead.

        Also those who use Firefox may not be 100% protected, because consider this scenario.

        1. Install Firefox
        2. Set Firefox as default browser
        3. Use MSN Messenger.
        4. MSN messenger pops up "you have new hotmail"
        5. Click link to see new mail, MSN Messenger opens up in INTERNET EXPLORER despite setting firefox as the default browser.
        6. You are owned.

        I am more concerned that after this, people may even mistakenly critisize Firefox, thinking that Firefox was there default browser, and that they got infected via firefox, instead of IE.

        "I set up this firefox thingie, and set it as a default browser, yet I still have a virus, by just reading my email. Firefox is just as bad as IE"

        A second attack vector could be to change the mimetype of the JPEG, causing Firefox to download, then open it in the system handler for JPEGS.. and a possibility of being owned that way.

        Still this may also be very good grounds for a class action against MS, as they are not honouring a users request NOT to use IE.

        This all goes to prove, MS is a security hole, that can even make secure applications appear insecure

        Ow, my head hurts from thinking of this.. let me get some Paracetamol.
        • Re:Almost... (Score:5, Informative)

          by liquidpele (663430) on Thursday September 23, 2004 @08:42AM (#10327895) Journal
          That's why you:
          1) go close msn messenge
          2) go to c:\program_files\messenger
          3) rename that directory to something else.
          4) Msn won't start up again. yay!

          Why anyone would use msn messenger is beyond me, I hate that thing. It's more annoying than clippy. They just need a soundbyte with it that yells "you've got spam!" and it'll be complete.
        • Don't worry.... (Score:3, Insightful)

          by Kjella (173770)
          Still this may also be very good grounds for a class action against MS, as they are not honouring a users request NOT to use IE.

          That anti-trust case will be raised by 2006 and resolved by 2014, by which time the successor to the successor to the successor of Longhorn will be released, with a few more dozen anti-trust issues and another slap on the wrist from the DoJ.

          Kjella
        • Re:Almost... (Score:4, Insightful)

          by Megor1 (621918) on Thursday September 23, 2004 @11:20AM (#10329405) Homepage
          Just set Internet Explorer to use an invalid proxy, and set the user policy that they cant change it. Now the user can't use IE on the Internet at all.
      • Re:Almost... (Score:5, Informative)

        by YrWrstNtmr (564987) on Thursday September 23, 2004 @08:39AM (#10327882)
        Many companies use outlook as a mail client. Someone could simply include a jpeg image to the mail and since images are loaded by default,

        OL2003 has image loading off by default. "RightClick to display this image."
        Of course, most people are on earlier versions, but at least MS is putting in an effort to stem the tide.

        • Then mail them an image they want to see. The user will right-click, see a perfectly normal piece of porn and in the meantime will be silently getting owned.
    • Re:Almost... (Score:5, Insightful)

      by enigmals1 (667526) on Thursday September 23, 2004 @08:29AM (#10327816)

      Switch to Firefox?! Why, what's that gonna do for you? The exploit is in almost every major app Microsoft makes that handles any graphics, including Windows itself, .Net Framework, all Office products, etc.

      People are so quick to blame IE when there's so many other products they can go after. ;)

    • Re:Almost... (Score:5, Informative)

      by tcr (39109) on Thursday September 23, 2004 @09:37AM (#10328270)
      Now, to convince my company's managers to switch their userbase to Firefox

      Before we get too smug, the article (anyone read those?) did mention an (albeit unrelated) vulnerability in Moz amongst others (PNG support) from August. Reproduced below.

      To avoid getting the flameproofs on, I should point out that Firefox is my browser of choice. But let's avoid the whole stones and greenhouses scenario, yeh?


      update Six vulnerabilities in an open-source image format could allow intruders to compromise computers running Linux and may allow attacks against Windows PCs as well as Macs running OS X.

      The security issues appear in a library supporting the portable network graphics (PNG) format, used widely by programs such as the Mozilla and Opera browsers and various e-mail clients. The most critical issue, a memory problem known as a buffer overflow, could allow specially created PNG graphics to execute a malicious program when the application loads the image.

      Among the programs that use libPNG and are likely to be affected by the flaws are the Mail application on Apple Computer's Mac OS X, the Opera and Internet Explorer browsers on Windows, and the Mozilla and Netscape browsers on Solaris, according to independent security researcher Chris Evans, who discovered the issues.
    • It does (Score:3, Informative)

      by Rayban (13436)
      Check out the setting "network.automatic-ntlm-auth.trusted-uris". It will automatically send your Windows credentials to any URL listed in the comma-separated list.
  • Patch is Already Out (Score:5, Informative)

    by darkmeridian (119044) <william@chuang.gmail@com> on Thursday September 23, 2004 @08:10AM (#10327695) Homepage
    The patch for this one is already out. Furthermore, SP2 systems do not have this vulnerability unless Office is installed. SP2 by default has auto-updates enabled. And for Office to be exploited in a SP2 system, the user has to open the file manually.

    Code is always buggy. Even Firefox had a JPEG vulnerability of its own. This is dumb ownership, if this bug becomes prevalent.
    • by RDosage (694318)
      This is dumb ownership, if this bug becomes prevalent.

      Sort of like it was dumb ownership to leave your SQL machine open to the Internet, allowing port 1334 open?

      Or it was dumb to open any of the attachments claiming to be from your administrator sending a passworded zipped file with some "clean-up tool" attached?

      We have proven that users aren't the one's responsible enough not to do something dumb. And, SP2 is still undergoing testing in many office environments.

    • by Gzip Christ (683175) on Thursday September 23, 2004 @08:17AM (#10327738) Homepage
      This is dumb ownership, if this bug becomes prevalent.
      Phew... I was worried there for a second. It's a good thing we can rely on Windows users to not be dumb, otherwise the Internet would be bogged down in viruses, spyware, and spam.
      • by darkmeridian (119044) <william@chuang.gmail@com> on Thursday September 23, 2004 @08:21AM (#10327765) Homepage

        This is dumb ownership, if this bug becomes prevalent.

        Phew... I was worried there for a second. It's a good thing we can rely on Windows users to not be dumb, otherwise the Internet would be bogged down in viruses, spyware, and spam.


        Well, most users are, uh, stupid. Even if we used Linux, in order to make it simple enough to use, there will be vulnerabilities. For example, getting people to use "sudo" with a limited account makes sense to you and me, but might confuse the heck out of some newbie in Tennessee.

        So it is not a Windows-specific problem. If Linux ever becomes popular as a desktop platform, we will then have dumb Linux users.
        • by Cecil (37810)
          For example, getting people to use "sudo" with a limited account makes sense to you and me, but might confuse the heck out of some newbie in Tennessee.

          That hasn't stopped Mac OS X from doing exactly that. You know, Apple, the guys who are all about usability to the point of having a set of UI design guidelines for all developers to abide by.
          • The difference is that it actually works in MacOS. Because MacOS is now Unix programs have a Unix context. You can see the context of your shell by running the "id" program (this is in cygwin, which is what I have handiest):

            uid=11008(service) gid=10513(Domain Users) groups=0(root),545(Users),10513(Domain Users),11071(Matric),11040(Tech),11233(visio2000)

            Unix programs spawned from a prior program always inherit the user context of the spawning process. On Windows, this is simply not true. I don't kno

    • by Epistax (544591)
      Still, I have to wonder how they internally wrote code to let things like this happen. It seems to me you want to write your program such that if something unintentioned does happen, it is at least bound by what it can do. Execution stemming from a jpeg? Oh, come on :P
      • by maxwell demon (590494) on Thursday September 23, 2004 @08:39AM (#10327886) Journal
        Well, you know, that's called a software bug. A software bug is by definition something you didn't intend.

        Actually, it's a buffer overflow. A buffer overflow means that there is some area of memory reserved for some data, and then there's more data written to it than fits in. This causes some other data to be overwritten; if that other data happens to be a return address (basically a number which tells the computer where to continue after finishing the current task), then you can get the computer to execute arbitrary code which is in memory - including the code you just conveniently placed into the memory as "image data".

        I don't know details of the JPEG image format, but with a simple bitmap format, a buffer overflow might happen as follows:

        The image contains the number of pixels, and the bytes per pixel. The program takes those numbers, multiplies them, and reserves that much memory to take the pixel values. Then it reads the rest of the file as image data into that memory.

        Now, this simple program for this simple image format may be easily exploited: Just put more data into the image than the product of number of pixels and bytes per pixel. Then the program as written will not reserve enough memory for that data (because the values at the beginning don't tell the truth), and therefore the data will overwrite anything following the data.

        Ok, the fix is easy: Don't read more data than you allocated memory for. The problem is that on one hand, there are C standard functions which make it easy to get that wrong, and second, there can be more subtle ways to produce the same result. For example, the multiplication could overflow, resulting in too little memory being allocated, while the given number of pixels is read in (under the believe that you have reserved enough memory for that).

        And yes, buffer overflows happen in open source software as well as in Microsoft software.
      • I'm more curious that they introduced it since windows2000!
        Ya, w2000 is not effected. That means they are introducing NEW exploits into their software! Christ, we'll never be safe!
  • PNG too? (Score:4, Interesting)

    by cpghost (719344) on Thursday September 23, 2004 @08:11AM (#10327699) Homepage

    What about the vuln. in the PNG libs? Any exploit in the wild?

  • Spammers (Score:5, Interesting)

    by sleepnmojo (658421) on Thursday September 23, 2004 @08:11AM (#10327700)
    The biggest problem here is when spammers use this in there opt out link. This would probably be much more effective than the scrollbar hack they are using now. It just has to render the damn page, and wham you're infected.
  • by Boss, Pointy Haired (537010) on Thursday September 23, 2004 @08:13AM (#10327711)
    ...because I have not seen this mentioned at all.

    Is the JPEG rendering in Firefox running on Windows independent of any underlying MS library and is therefore not affected?
    • I can't confirm for 100%, but I can confirm there was a similar exploit for the JPEG rendering system Firefox uses, and it is patched at 1.0PR, and _maybe_ in previous versions.
      • It was a bug in libPNG (a free implementation library) used for rendering PNGs, and strangely effected IE too (hmmm).

        This has definately been patched by Mozilla in all current releases, and in Netscape 7.2
    • by darkmeridian (119044) <william@chuang.gmail@com> on Thursday September 23, 2004 @08:23AM (#10327778) Homepage
      ...because I have not seen this mentioned at all.


      Is the JPEG rendering in Firefox running on Windows independent of any underlying MS library and is therefore not affected?


      It is independent of all MS libraries. The recent JPEG vulnerability in Firefox is a separate issue. Firefox is OSS, and thus cannot use closed-source libraries such as the MS one in trouble.
      • by Sanity (1431) on Thursday September 23, 2004 @08:29AM (#10327814) Homepage Journal
        The recent JPEG vulnerability in Firefox is a separate issue. Firefox is OSS, and thus cannot use closed-source libraries such as the MS one in trouble.
        If that were true, then you wouldn't be able to use OSS on a non-OSS operating system, since eventually the OSS needs to link with non-OSS code.
        • And, for that matter, closed source does not necessaraly mean that you are not allowed to use it. Im sure there exists at least one library, prodced by a money grubbing company, released as binaries only, but you are allowed to use it any way you want.
        • I think what he meant to say is that in order to be portable, FireFox can't
          use system specific libraries to do any rendering. Actually, no I don't. After
          reading it again, it looks like he's just wrong.
    • Whoever modded as "informative" please burn your mod points and answer me - WHAT'S INFORMATIVE IN THERE? A QUESTION??? Yes, as for the question - what NT kernel version Linux uses? (Mod me up! :)
    • Is the JPEG rendering in Firefox running on Windows independent of any underlying MS library and is therefore not affected?

      Furthermore... What about Opera? I did a quick scan of their forums and found nothing.
  • On November 5 1999 we had the "Burn all GIFs" day because of patent issues. Shall we announce a "Burn all JPEGs" day because of Microsoft security issues now and switch all to PNG?
  • Related links? (Score:5, Interesting)

    by caluml (551744) <slashdot AT spam ... OT calum DOT org> on Thursday September 23, 2004 @08:14AM (#10327722) Homepage
    What's all this stuff in the related links?

    . Bug whitepapers
    . Best deals: Bug
    . More Bug stories
    . Security whitepapers
    . Best deals: Security
    . More Security stories
    . Windows whitepapers
    . Best deals: Windows
    . More Windows stories
    . Microsoft whitepapers
    . Best deals: Microsoft

    When did that start happening?
  • Are you patched? (Score:5, Interesting)

    by UnderAttack (311872) * on Thursday September 23, 2004 @08:14AM (#10327725) Homepage
    These early POC exploits are covered in todays
    ISC Diary [sans.org]. Note that now there is a script to generate images to add an Admin level user (username "X").

    Not too long until we see a remote shell.

    Some people are tlaking about seeing it used in an MSN Messenger worm.

    The hard part about patching this one is that a lot of third party software may overwrite the Windows JPEG GDI library with its own older version :-/
    • by ajs (35943) <<moc.sja> <ta> <sja>> on Thursday September 23, 2004 @09:33AM (#10328243) Homepage Journal
      Not too long until we see a remote shell.

      And therein lies the rub. For the people that write these things, it's reaching the point of diminishing returns in terms of getting the tools installed that they need in order to efficiently, remotely manage these boxes. It was all fun and games when you just wanted 10,000 boxes to send out ping-of-deaths or SYN floods, but now you have to manage a farm of zombies and get real work out of them. The competition is fierce and the other guy is trying just as hard as you are to get large-scale admin working, and of course, like all large-scale Windows installations, they're finding that this sucks.

      Several things would help:

      * A virtual OS layer is needed so that the user can have Windows for their games, but the crackers can do their admin from a maintainable OS. Heck, even DOS would be more managable.

      * Users should make themselves available to the crackers for physical admin needs like reboots.

      * Microsoft needs to stop pushing these auto-updates. It's not as if the crackers can't find new holes faster than MS can push the updates, but the rapid change to an installed base is just too difficult to remotely manage. Bill: you're killing profits here!

      Overall, we just need to start making doing business on the Internet more friendly. I don't understand why people can't understand this!

      PS: ;-)
  • Why so much noise? (Score:2, Insightful)

    by Cyberax (705495)
    So much noise about an ordinary Windows insecurity...

    IMHO, Longhorn with .NET core is the last Microsoft's chance to correct its public image as the 'most insecure software vendor'.

    Another question: when will Longhorn be out before Duke Nukem Forever?
  • safe sex (Score:5, Funny)

    by gusmao (712388) on Thursday September 23, 2004 @08:16AM (#10327732)
    Does that mean when you watch porn on the Web it is not safe sex anymore? Damn it!!!
  • by jeffs72 (711141) on Thursday September 23, 2004 @08:18AM (#10327746) Journal

    And it actually works fairly well. It scans for any program that reads these files and makes sure they don't have the bug in them. If it can't patch them, it bugs you about it so you can find a fix for the app. Only Microsoft apps of course, I don't think Adobe wants Microsoft pushing out software updates for them.

    Most of the users I have to support aren't savvy enough to add a printer (omg, with active directory it's like 3 mouse clicks) or install software or apply updates (we use some banking software and it notifies you with a text box to click "OK" and then "File, Update" but I still get called on it every time). That's why at our offices we use Microsoft System Update Server (SUS). It lets us approve patches and then roll them out to all the clients in the domain automagically.

    I shudder to think what would happen if I tried to roll out firefox or mozilla to everyone. I'd probably get calls that their "e" was missing and they couldn't connect to the internet. I swear, some people just shouldn't be on computers.

  • by minus_273 (174041) <{moc.oohay.MAPS} {ta} {aaaaa}> on Thursday September 23, 2004 @08:24AM (#10327782) Journal
    about a year or so back there was a slashdot story about i think macafee researchers talking about viruses being transmitted over images. Everyone called it stupid market speak from a firm trying to sell more AV products by scaring people with somthing that is not possible. I think we all need to offer them an apology. I think this is a bizzare parallel to when people used to joke about email viruses way back in the min 90s. Kind of sad that it is real now. It will be even more so when images are used for exploits too. Though, i suspect those at most risk are those that go to websites looking for lots of images...
    • by Anonymous Coward
      Yeah, it's pretty ridiculous that virus scanners need to scan pretty much EVERY file on your hard drive now. It started with just .EXE and .COM files, back in the DOS days. Then there was that batchfile virus (which used DEBUG)--add .BAT. Windows caught on--add .DLL. Then came macro viruses--add .DOC. And the AV companies caught on and decided to scan compressed files--add .ZIP and nowadays even .RAR. Then Windows started including scripting--add a half-dozen extensions there. Some JavaScript and Act
      • by Reziac (43301)
        I've *always* scanned ALL files -- because even in the DOS era, you could never rely on the extension and the functionality having anything to do with one another. (Remember XTreeGold for DOS? the *.XTP files are *executables*, called by XTG.EXE as needed.)

        Occasionally even then, the front end of a virus was named whatever.com and was itself "clean" (so would be passed by most scanners), but its job was to call the REAL executable, named something like whatever.dat, which contained the virus code (and if y
  • Hard to patch (Score:5, Interesting)

    by Manip (656104) on Thursday September 23, 2004 @08:25AM (#10327788)
    This bug exists in most Microsoft Software. So for someone to patch they can't simply connect to Windows Update and consider themselves safe, they also have to patch Office, Visual Studio, some Microsoft Games, Server Software (misc, not covered by Update) and more.

    So don't sit there on an SP2 system and consider yourself safe. There is more than likely a whole host of ActiveX controls just waiting to be called and exploited by this bug.

    Also note that some applications written in Visual Basic can also be exploited.
    • Re:Hard to patch (Score:2, Informative)

      by mikechant (729173)
      Yes, and also note that the not totally clear wording in the MS article might lead (for example) one to think that you are safe in Win98 because MS lists it in the 'Software not affected' list. But IE6 *is* affected even if you are running it on Win98.
  • ho to find it? (Score:2, Insightful)

    by RosCabezas (610805)
    Is there a tool to proccess jpg files searching for malicious content?
  • by slot32 (815657) on Thursday September 23, 2004 @08:36AM (#10327859) Homepage
    M$ Release Sp2 for XP. People resist installing cause they hear it can screw things up etc so they delay installing. M$ announce a new flaw with sample code in the wild, show how every O/S they have (practically) is suseptable EXCEPT XpSp2. ...? Funny order of events no?
  • by Anonymous Coward on Thursday September 23, 2004 @08:44AM (#10327905)
    http://sylvana.net/test/AP4.jpg

    will crash IE on an updated xp sp2 system.
  • by 0x0d0a (568518) on Thursday September 23, 2004 @08:47AM (#10327923) Journal
    You know, it might be worthwhile to write things like libjpeg in safe languages.

    Ocaml is pretty fast, but I realize that not everyone wants the runtime. How about cyclone [harvard.edu]? It's an extended version of C that's backwards compatible with C, but can pick up unsafe errors at compile time -- sounds pretty much like what folks might want.
    • Ah, I was thinking about how useful a safe C dialect would be only the other day. If Cyclone is the real thing, then getting a GCC frontend for it up and running then convincing maintainers of important libraries to port to it (or forking) might be a great way to help out open source security.

      /me goes back to reading the website

  • by DanMc (623041) on Thursday September 23, 2004 @08:55AM (#10327986)
    Autoupdate and Windowsupdate only install a fraction of the patches released for this bug. (Windows OS and IE basically)

    WindowsUpdate does install a "GDI+ Detection Tool", but I have run this tool on systems with unpatched Visual Studio, Outlook, and Office and it does not detect that the patches are missing. I looked at the strings in this tool, and it basically looks like it checks for MS Photo software.

    Manually visiting "officeupdate.microsoft.com" and running those updates will probably cover the most common attack vectors (Outlook, Word), but how many people do this on a regular basis? My users are not admin-level (yet) so they can't use this update site.

    Incidentally, every default configuration of IE/Word I have seen allows DOC files with jpegs to be opened in the browser window with no prompting. It will not be hard to get people to run the exploits, and there's plenty of ways for worms to automate themselves without users opening things.

    I'm working on a script to detect and run the patches (there's about 17 of them for this bug) but it's going to be a while because of the pre-reqs for many of the patches, and the very specific revisions that must match the patch. "If Visio 2002 is installed, detect which Visio SP level is running. If it's SP0 or SP1, run Visio SP2, then reboot, and run GDI patch"...

    Sorry if I'm spreading panic, but this bug sucks.

  • by R.Caley (126968) on Thursday September 23, 2004 @09:06AM (#10328066)
    but it was too late, she'd already been wormed.
  • by jmcmunn (307798) on Thursday September 23, 2004 @09:41AM (#10328298)

    I better make sure to convert all of my porn to .png format from now on. It'd suck if someone hijacked my computer while I was busy...
  • by TheLink (130905) on Thursday September 23, 2004 @10:52AM (#10329071) Journal
    They're written in the notorious "buffer overflow" languages, so most people will have these problems for the near future.

    Meanwhile what you can do is to run each program as a different more restricted user.

    On windows XP, run IE with using a shortcut with a runas with savecred (you should modify those in the start menu and quick launch too), and set it so it runs using a very restricted account. The restricted account should either have access to your bookmarks, history and temporary files, or you should run it so it changes to the restricted user's home directory and you allow your main account access to the restricted user's home directory.

    Look up the runas command for the options. It'll be more convenient on WinXP since there's the savecred feature.

    On UNIX, I think you can use sudo or something similar. Sudo to a restricted account and then run the browser.

    This way, if your program gets exploited it can only ruin what the restricted user has access to, it can't easily touch the rest of the system.

    Exploits can still theoretically touch the rest of the system since there's stuff like shatter attacks (for windows, not sure about KDE/GNOME), and I'm sure display drivers have bugs of their own and they run in ring 0 (on windows).

    But if you do this it raises the bar significantly.

    There are other options if you're really paranoid and don't mind the extra effort.
  • He knew it... (Score:5, Interesting)

    by insac (623145) on Thursday September 23, 2004 @11:30AM (#10329521)
    When I was in University there was an old professor who gave us to write relation about JPEG format with code examples...

    When we were leaving his room he gave us this advice: "Beware the JPEG virus". It was 9 years ago and he was quite old and sometimes he acted/talked nonsense so we made fun of his advice (we thought: since it was not an executable file, how could it bring a virus): but he was right and we were wrong..

"Don't discount flying pigs before you have good air defense." -- jvh@clinet.FI

Working...