microsoft vulnerablity to jpeg virus

_ox · September 15, 2004, 8:25am

http://www.newscientist.com/news/news.jsp?id=ns99996408

better switch to linux and be done with it!

JD-multi · September 15, 2004, 8:57am

Lol, Well I use windows and if you read articles like this, each file on your system could infect your OS. Even mac, linux and win computers can be infected by each file or virus code. Even a simple blender file, python file or else could contain a virus code.

You’ll be never save on which os you can think about if you imagine each file can be infected, or be a virus. About the jpeg virus, a couple of years ago when I was on my 2th school, I was creating viruses with friends for school pc’s We used jpeg and gif files to use trojans to enter pc’s to control them from home like restarting, open close cd-rom player and more.

This is not new for me.

_ox · September 15, 2004, 9:29am

Actually the article posted wasn’t the main press release. I had seen the news on several sites but the main release came from Redmond headquarters today. I guess they’re just catching up to you guys.
Actually, the issue wasn’t the transmitability of image viruses as much as the M$ method of processing JPEG’s. It has a buffer overun.

sundialsvc4 · September 15, 2004, 11:26am

The main secret is this: you can’t realistically stop rogue code from getting in, but you can stop it from succeeding.

Imagine if someone walked into your office (without a gun…) and said, “Delete all your files!” “Modify the system registry!” Would your office-staff say, “duh, okay.” Nope, but your computer would.

So… set up a user-ID for yourself that is not all powerful; is not an Administrator. Use that user-ID for “nearly everything.”

Lock your files and folders. Viruses expect everything to be unlocked.

And so on. Viruses, like cat-burglars, are opportunists. They know that most doors are open and unlocked; they are thwarted by the simplest efforts to make things otherwise.

Make your computer “just say ‘No!’”

MacGyver · September 15, 2004, 1:51pm

“Lol, Well I use windows and if you read articles like this, each file on your system could infect your OS. Even mac, linux and win computers can be infected by each file or virus code. Even a simple blender file, python file or else could contain a virus code.”

This is false, a computer cannot become infected by any file unless the code for loading that file has errors in it.

The basic gist is that the code that loads and displays JPEG’s in windows lets you put a filesize of -1, which can then give you control over the memory and processor of the machine.

HOWEVER all the programmer would have to put in is something like “make sure the filesize is 0 or greater” and then the exploit is fixed.

Now I don’t know why microsoft or anyone else let code out out of the labs with this problem in it, but it doesn’t change the fact that only executed programs can mess with your computers.

In this case, the “executed program” is the program that loads and displays jpegs.

I’m just saying its incorrect to say that “each file could corrupt your system”.

valarking · September 17, 2004, 10:05pm

Or maybe just stop downloading all those suspicious porno images and learn how to use a damn computer without screwing up by opening a jpeg.

Alltaken · September 17, 2004, 10:23pm

my windows has had maybe 3 virus’ in history (over the last two years) and crashed only about 3 times (proper crashing this is, not just a program like blender crashing)

the virus’ were caught instantly and deleted instantly, without issue.

if someone can get 6 channel sound working correctly on my 6 channel sound card then i would be glad to use linux.

but untill that day Windows is great.

Alltaken

NOR.J · September 18, 2004, 4:16am

this type of virus is not new for me, I never had virus and i have had windows many years, i dont think it is nessesery to switch to linux…

mifune · September 18, 2004, 6:07am

i looked at the known bugs website of firefox and this type of executing harmfull code was one of the bugs. its not only microsoft that makes mistakes.

Alltaken · September 18, 2004, 6:25am

Mifune, Firefox on my computer has a Number of security bugs.

for example (bugs i have, not all security)

favorites/bookmarks list asks for login to my websites control panel due to it trying to find a favicon. this logs me into a secure site every session of browsing. and if someone comes to my computer and looks at things, thy may have once overlooked the site but because of the login they might think WTF.

since my login is saved in the password manager, it makes for a bad combo.

update notice shows on ever single time i open the browser, if there is or isn’t an update available for Firefox. also where it says “click here for update” does not funciton nor respond to clicking on it. just as the downloads complete etc… popups.

there are a few issues really. i don’t know if they fixed the crashing of browsers when many tabs were open with images in them.

Alltaken

mifune · September 18, 2004, 6:27am

i dont mind that firefox has bugs. its open source . but something like a gmail notifier makes up a lot. there is a pre release of 1.0 btw.

JoOngle · September 19, 2004, 3:04am

Depends on what soundcard you have.
Personally I have the SoundBlaster Audigy2 and it didn’t have proper
support for that one for many years, it worked with Audigy drivers
but only on 3 channels (and the REAR channels only…weird)

But…that has changed, the latest SuSE linux distro’s have good
Audigy2 support now. I was enjoying full 5.1 sound on my 5.1
amplifier under SuSE Linux 9.1 …where in the “old” days I had to
settle for 2 of the rear speakers and the subwoofer.

Another thing I’ve noticed is how fast Blender OpenGL is under
Linux. It outruns windows by far…and is a real pleasure to work
with.

I do have to use windows at work though…but as soon as I’m
allowed to do so…I’ll switch to Linux at work too.

Alltaken · September 19, 2004, 3:20am

built in 6 channel sound chip.

works beautifully under windows, don’t work for crap under linux.

it says its an intel i810 (but i don’t believe it LOL)

its the chip off the GA-8PE667 Ultra 2 mobo.

Alltaken

sundialsvc4 · September 19, 2004, 7:15am

The reason why Linux has a good reputation for security, certainly one of the reasons anyway, is that it has always been deployed with “security turned on.” You don’t simply create one (“root”) userID at installation time; you create (at least) two. One is root, the other is an average joe.

Probably the biggest reason why modern versions of Windows have garnered the opposite reputation is that “everyone’s Administrator” by default. Stupid, stupid, stupid. And completely avoidable.

Realistically speaking, you can practice “computer hygeine” all you want but someday, somehow, some nefarious code is going to arrive and is going to be executed and is going to try to do something nasty. If it has the misfortune of executing in the context of a user-id that simply can’t do anything nasty, then its mission is foiled.

It is of-course wise and smart to filter out as many questionables as possible at-the-door, but humans with a nasty streak are also endlessly inventive. Something will slip through. But if it runs into an office where the filing cabinets are locked (or even just “closed”); and the office staff won’t obey the virus’ orders to wreck the place… nothing happens.

_ox · September 19, 2004, 10:04am

Similar to jpeg buffer overrun in IE

mifune · September 19, 2004, 10:12am

but it doesnt affect firefox 1.0 pr. and what did i installed three hours ago…

_ox · September 20, 2004, 6:54am

Nor does it effect Mozilla 1.7.3 or the latest version of thunderbird.