There are worse attacks
than this"> Personally, I reserve the level of anxiety Im seeing out there for network worms like Blaster and Sasser, not for threats that, as far as we can tell so far, require user action. It could be that someone will come up with a way to make these exploits work without the user having to open a file or navigate to a Web site, but it hasnt happened yet, and it might not. And in the meantime, mainstream security products are dealing with the problem. And there are other things that proactive users and administrators can do. Theres Microsofts workaround, which disables the Windows Picture and Fax Viewer program (see Microsofts advisory for details). This is not a fix for the basic problem, but rather it blocks the most prominent vector for exploiting this vulnerability. There are other vectors, such as Microsoft Paint, Lotus Notes and probably many other applications. Still, this solution does have the advantages of being safe, albeit at the loss of some system functionality (your picture viewer and thumbnails in Windows Explorer), and having the explicit endorsement of Microsoft.But theres a better, although somewhat riskier, solution: A well-known programmer named Ilfak Guilfanov has released a patch he wrote that addresses the core problem by disabling the Windows functionality on which the exploits depend. Guilfanov has tested it on Windows 2000 (SP4), XP 32-bit, XP 64-bit and Windows Server 2003. This patch comes with an uninstaller that I have tested, albeit on a single box, and it works. The consensus in the security discussions I have read is that the removed Windows functionality is not something that will ever be missed, but that strikes me as an arrogant assumption. Theres an astonishing amount of code written for Windows and, as Guilfanov himself explained in a security discussion this weekend, there are legitimate uses for it. The real solution would be a real patch from Microsoft for the vulnerable code, one that has been tested on all the supported versions, including the international ones. I hope this next statement is quickly made obsolete, but as I write this we still dont have a patch. Im ready to say that Guilfanovs patch appears safe and effective for mainstream U.S. versions of Windows, but I would have preferred a more comprehensive test. Yes, we could still have a major outbreak on our hands, but Im reasonably satisfied that the people most likely to be affected are those who leave their PCs unprotected by anti-virus software and credulously open files sent by strangers. Indeed, the most likely way to be attacked through this vulnerability is by viewing an adware-infected Web site that you are most likely to visit when redirected by adware already on your system. Exploiting the already exploited doesnt score you any points in the malware business. And you do need to be either already exploited or credulous enough to get yourself there to fall for this. Actually, the very fact that you read this column probably makes you too aware of security issues to be attacked successfully. Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
More from Larry Seltzer