Security Community in Dispute over Severity of WMF Flaw

By Larry Seltzer  |  Posted 2006-01-05 Print this article Print

Opinion: Is this really one of those extraordinarily dangerous problems? And why hasn't the sky fallen yet?

Inspired somewhat by the Department of Homeland Security Threat Advisory Level (or was it the other way around?), Symantec maintains a global threat level called ThreatCon, defined as "a measurement of the global threat exposure, delivered as part of Symantec DeepSight Threat Management System." On Tuesday, Symantec elevated ThreatCon to a level 3 (out of 4) out of concern for the potential threats from the WMF vulnerability in Windows. For some perspective, this is the first time ThreatCon has been this high since July 2004 for MyDoom.M, when it actually hit the maximum level of 4 (which I think indicates Global Thermonuclear War). Prior to that it had reached 3 in May 2004 for Sasser.

Click here to read more about smart WMF remediation.
Needless to say, ThreatCon at level 3 is not a common occurrence, and I agree its been a while since we had a really serious threat on our hands. Its also fair to say that Symantec is extremely concerned about the WMF vulnerability, in spite of the fact that they havent identified any actual attacks of any importance.

Theres logic to this, since they fear that even if everyone can protect themselves, and even if users with updated anti-virus are protected (a controversial hypothesis, but assume it for the sake of argument), there are still large numbers of systems that are completely unprotected. Microsoft uses a number that 50 percent of systems out there dont have updated anti-virus protection, and most outside observers think that 50 percent is an optimistic number.

Symantec isnt alone. Perhaps the most influential piece of writing in the gloom and doom school of this particular problem was this diary entry by Tom Liston of the Internet Storm Center. "Ive written more than a few diaries, and Ive often been silly or said funny things, but now, Im being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad." Actually, now that Microsoft has announced they are releasing the update early I bet Symantec downgrades. But of course, theres also some large percentage of users who dont apply updates, and theyll still be vulnerable. Its not over yet.

Next Page: Not an "elite" threat.

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel