Latest Version of MyDoom Exploits New IE Flaw 435
techentin writes " CNN Money is reporting a new and improved MyDoom variant which is spread by a hyperlink in email. Clicking the link connects the user to an infected machine, which exploits a recently discovered buffer overflow in Internet Explorer. McAfee has a more detailed description. Is this yet another good reason for running Firefox?" CNET also has a story.
CNN Story (Score:5, Insightful)
One of the coworkers downloaded FireFox right away. I actually expected him to take a little while to wean off of IE. After I showed him FireFox's features, however, he set FireFox to his default browser and deleted his IE shortcuts! I think we're definitely making headway.
A good reason for using Firefox, or ... (Score:3, Insightful)
users could pull their heads out of their asses and stop clicking on links in SPAM.
Better the losing side. (Score:5, Insightful)
Re:A good reason for using Firefox, or ... (Score:2, Insightful)
You mean like... (Score:2, Insightful)
Re:A good reason for using Firefox, or ... (Score:5, Insightful)
Bzzzt, wrong answer.
Most viruses come from people you know, since they exploit the address book feature. Most spam comes from people you never heard of.
Thus, it is the links in the e-mail from people you KNOW, not spam, that is the problem.
Re:CNN Story (Score:5, Insightful)
Okay, I'll grant you that FireFox is probably more secure than IE. But to say it lacks security issues is going a little further than I'd go, myself. In fact, I'd be willing to bet you $10 that it has security issues of it's own.
Don't sell your friend a dream. Set his expectations realistically. No software is bulletproof. No software lacks security issues.
Firefox f-ing rocks, no doubt about it. It blows IE out of the water. It probably has far fewer security holes. But to say it "lacks security issues" is naieve.
Don't believe everything you read on slashdot. A lot of these people have an agenda to meet.
Re:A good reason for using Firefox, or ... (Score:1, Insightful)
Most of the emails that I recieve that have "Click Here" are coming from people I don't know, and often seem like derived names from various first and lasts names.
BUT I STILL DON'T CLICK ON THE LINK.
Re:A good reason for using Firefox, or ... (Score:2, Insightful)
After watching the election this past week, I'd have to agree with you there.
I hate to be picky... but.... (Score:3, Insightful)
Impressive... (Score:3, Insightful)
Beware of bugs in the above code; I have only proved it correct, not tried it. -Donald E. Knuth [stanford.edu]
Re:Better the losing side. (Score:5, Insightful)
Sure, but will those flaws in Firefox as serious as the flaws in IE?
It seems like when Microsoft attempted to integrate IE with the OS, IE was allowed access the OS in some very dangerous ways.
For instance, why would earlier versions of IE write files to any directory without asking the User for permission?
New Exploits improves IE? (Score:2, Insightful)
until someone discovered a bug that redirects... (Score:4, Insightful)
Re:Install SP2 You Dummies (Score:2, Insightful)
Re:CNN Story (Score:5, Insightful)
It's like saying a program lacks features. Obviously you don't mean it has no features -- just that it lacks features, WHEN COMPARED TO ANOTHER PRODUCT.
Re:McAfee VirusScan (Score:3, Insightful)
I think I am missing something. Are you saying there are normally Windows versions of Dell machines that come without IE?
Didn't think so.
Re:A good reason for using Firefox, or ... (Score:5, Insightful)
Re:You mean like... (Score:1, Insightful)
Apache is more popular than IIS. Which is compromised more?
Re:Install SP2 You Dummies (Score:3, Insightful)
What kind of imbecil runs XP but not SP2?
What's easier to change, Windows 2000 => XP SP2 or IE => Firefox?
For a corporate evironment (where, in many cases, most still run Windows 2000), I think I know which.
Your trust is misplaced (Score:3, Insightful)
you're trusting your compiler and linker to provide you with the expected behaviour from compiling and linking your source code
you're trusting the kernel to not modify the behaviour of the syscalls required to print
you're trusting the CPU to execute the instructions you think it executes
Reflections on Trusting Trust [bell-labs.com]
Ken Thompson
Re:Your trust is misplaced (Score:2, Insightful)
We are -ASSUMING-, when evaulating code for security-conscious methodology, that the environment functions as advertised.
Your examples are very nice for theoretical discussions, but some of us don't live in the classroom, we live in reality, where software really needs to have security briefs that don't border on the philosophical.
Re:Software without security issues: (Score:3, Insightful)
(pseudocode)
program "evil":
main(){
close STDERR;
exec passwd;
}
program "passwd" running setuid
main(){
open >
print STDERR "Password: "
}
Oops. The password file just got deleted. Security is hard
(The reason? File descriptor STDERR is usually #2. However, fd #2 is closed and replaced with
Re:SP2 immunity (Score:3, Insightful)
IIRC, for every XP computer, there is one computer running Windows 2000 installation, and probably one running Win9x too. I wonder if this is the sooner updates is one feature Microsoft is trying to have to push people to upgrading.
Re:SP2 (Score:2, Insightful)
Re:CNN Story (Score:4, Insightful)
The last security bug I remember hearing about in Firefox had a working patch to fix the problem very quickly. In fact, it was released by about the time I had finished reading the alert in the first place. Microsoft, on the other hand, takes considerably longer.
It's one thing to admit there are security vulnerabilities in Firefox. There have been, and there will continue to be vulnerabilities discovered in Firefox. But as long as the Firefox community fixes these vulnerabilities as quickly as they have in the past, I don't think it's fair to say that Firefox has security issues.
Microsoft, of course, has both security vulnerabilities and security issues. It becomes an issue when the vulnerabilities aren't dealt with quickly enough.
Semantics, I know.... But there is a crucial difference.
Re:CNN Story (Score:3, Insightful)
Re:Install SP2 You Dummies (Score:3, Insightful)
I do, why upgrade? XP SP2 is slower, has even more annoying widgets, and there is a considerable risk that my computer won't boot anymore if I install it. I think the big question is what kind of imbecil still runs IE, even if they have XP SP2?
Re:SP2 immunity (Score:4, Insightful)