I got a first look at Windows Desktop Search today (bundled with MSN Search Toolbar?) I was told that it was new on the system and had not been used. The systems owner didn’t know when it was installed and thought it must have been installed when he did a windows update. It looks like the MSN search toolbar adds tabbed browsing to internet explorer. I’m a bit suspicious of ANY software that the system owner is unsure of how it got to be installed on the system.
Category: Computers
-
Big block of blank space in Add/Remove Programs
This isn’t an earth shattering issue, but as I was looking into some other problems on a Windows XP Pro system, I noticed a HUGE blank space in the Add/Remove programs area of the control panel. It was something like this, there were several entries (10 maybe) and then a huge block of blank space perhaps hundreds of “pages” long. I scrolled a bit with the mouse wheel and was not making quick progress, so just grabbed the scroll bar and pulled down to see the next 30-40 entries.
-
Windows 98 and WMF exploit posts
Since there’s some interest…. here is a listing of all posts related to the WMF exploit and Windows 98 that have come out in the last week.
http://www.averyjparker.com/2006/01/04/lack-of-working-exploit-does-not-mean-windows-98-is-safe/
http://www.averyjparker.com/2006/01/03/wmf-exploit-vs-windows-98-again/
http://www.averyjparker.com/2006/01/03/wmf-exploit-testing-on-windows-98/
http://www.averyjparker.com/2006/01/02/windows-98-and-the-wmf-exploit/
http://www.averyjparker.com/2006/01/01/version-2-of-the-wmv-exploit-vs-windows-98-se/
http://www.averyjparker.com/2006/01/01/more-wmf-exploit-testing-on-windows-98/
http://www.averyjparker.com/2006/01/01/wmf-exploit-and-windows-98/
-
Another Sober.y reminder
f-secure.com has another warning for us about the pending awakening of the sober worm. From reports it’s expected to start looking for sites to download from January 5th into January 6th. There is an extensive list of URL’s to block. This from f-secure.com – if you’re in charge of block lists at a network, this could be a good start to make sure you don’t have any clients pulling a new version from the following sites…
-
Antivirus vs. WMF exploit
There are a number of references out today to a December 31st article (on a study by av-test) about how well antivirus products were keeping up with the shifting signatures of the WMF exploits. There was a list of about 12 products that were at 100% detection. Unfortunately, the important point is that the original article was December 31st. I don’t know if there are new variations in the wild, but I DO know that the metasploit module has changed and currently seems to evade detection from Clamav. (Although clamav has caught up to the most recent batch of the exploit.)
-
Google Video Player?
There’s a zdnet article that seems to indicate that Google may be close to releasing a standalone video player. Currently videos.google.com uses a plugin that’s called google video viewer. The above article gives some interesting information and a good bit of speculation. The speculation is that they will release vlc (video lan client) in a modified form to allow pay-per-view video.
-
Official WMF exploit patch leak
It looks like, the Windows patch (or a beta) for the WMF exploit has been leaked online. It sounds as though Steve Gibson got a hold of a copy and has tested it along side the unofficial patch. All seems to go well. He notes that the build date was December 28th. So, they have been on it since very early on. That’s reassuring. It would be nice if their testing process could be a bit streamlined though.
-
Antivirus scanning update for WMF
I hung on to the last batch of 20 wmf exploit samples I had been working with for the purpose of testing my clamantivirus install against them to see when “full detection” of all 20 had been acheived. Last night, with version 1227 of the daily.cvd database, they were still detecting 8 out of the 20. Now, the signatures seem to have improved as with version 1228 of daily.cvd clamav detects all 20 as Exploit.WMF.Gen-3 FOUND
-
XP Home support period
This is something you should consider if you are looking to abandoned a pre-Winxp operating system in favor of a flavor of XP. The product life cycle. In their infinite wisdom, Microsoft has different support plans for consumer products than “business-products”. As such… arstechnica.com has a post explaining why support for Windows XP Home will end the end of this year 12/31/06 and Windows XP Pro will continue to be supported perhaps as long as December of 2013.
-
Hexblog (WMF unofficial patch) back up
Yesterday the hexblog, which is the site of the person that wrote the unofficial patch for the WMF exploit, was offline for bandwidth over use. Several mirror sites popped up to host the patch. Today the site is back up at http://www.hexblog.com/ in a more minimal form. It’s suggested if you can’t reach the page to try the ip address directly http://216.227.222.95 As the DNS changes are likely still propogating.