Tuesday, January 10, 2006

Spyware Blaster update

Every week or so I check for an update to Spyware Blaster's website definitions in order to protect myself from malicious spyware. This morning I found out that they've updated the software to version 3.51. Download it from them if you use it. I recommend that you do use it and update it regularly either manually (for free) or automatically (by purchasing a license).

Also, a reminder that today is Microsoft's monthly update day. Be sure to either have automatic updates on or go to the website later today. There are at least 2 more security updates.

WMF update: SANS is reporting today that there may be another vector for the WMF update that is exploitable even after Microsoft's patch. No one is using it yet - it's just theory - but it's being explored. Microsoft announced that they are going to comb over all of their old code and check for vulnerabilities like the WMF one. We may not be out of the woods yet on this one. I keep preaching it and writing about it, but some people don't get it: usanti-virus programs and keep them up to date, use both Windows Firewall and a third party firewall, use Firefox or Opera instead of Internet Explorer, use spyware detection software (I recommend more than one), and if all else fails, use some good sense.


Albatross said...

>Microsoft announced that they are going to comb over all of their old code and check for vulnerabilities like the WMF one.

Ooookay, they're going to comb over all of their old code... they'll be getting back to us about, oh, 2009?

While they're at it why don't they just go through and audit their memory allocation, deallocation, and utilization schemes? I suspect if they got rid of all the char *ptr; and replaced them with char ptr[BUFLEN]; we'd see 90% less buffer overrun attacks.

Yeah, I'll hold my breath while Microsoft "goes over all it's old code." Hey, Bill, I gots an idea for ya! Try writing some new code... with things like "quality" and "engineering" tossed in for fun.

B.D. said...

LOL...good points. Note that I just reprinted what Microsoft announced and let it lie there. I did not comment on their words because it's one of those situations where I've heard this same song from them all before.

Albatross said...

I keep wondering why an organization as big as Microsoft hasn't, by now, simply created a whole new organization to write, from scratch, a whole new Microsoft operating system. Gates has more money than god: he could pay for an entirely new, compatible operating system, written in assembler, and as secure and tight as a drum.

B.D. said...

I agree. Wasn't Longhorn supposed to be a completely re-written OS? I believe that it was marketed that way until they realized that their poor management was not getting a product out of the door.