Discussions of Mormons and Mormon life, Book of Mormon issues and evidences, and other Latter-day Saint (LDS) topics.

Monday, August 14, 2006

The Danger of Trust in a Wicked World: Microsoft's Warning

Due to security flaws in its products, Microsoft has recently warned computer users not to open Microsoft Office attachments (PowerPoint, Word, and Excel files) even sent by trusted friends if the file is not expected. The problem is that new security holes have been found that can allow criminals to install keyloggers on your computer if you open attachments they send out from other people's infected computers to those on their email contacts lists. Thus, email that appears to come from a trusted friend may contain malware that could track all your passwords and allow criminals to wipe out your bank accounts, commit identity theft, or destroy your life in other unpleasant ways.

The real problem is not Microsoft but the vicious evil of malicious hackers and other criminals, driven by greed and malice. Their crimes affect all of us, making trust a dangerous virtue, at least when it comes to email. It's not just cyberspace where trust is risky. Child abuse, theft, malicious gossip, and many other vices all make it more dangerous than ever to simply trust someone. Sad that we must be so cautious, but necessary.

Here is an excerpt from the story in Eweek:
In the midst of back-to-back zero-day attacks against select businesses in the Far East, Microsoft on July 17 released a security advisory with a terse message: Do not open or save unexpected Microsoft Office files, even if they come unexpectedly from a trusted source.

The company's advisory comes less than a week after virus hunters discovered that a previously undocumented flaw in Microsoft PowerPoint was being exploited to plant a keystroke logger on infected Windows systems.

Microsoft confirmed that the vulnerability exists in Microsoft PowerPoint 2000, Microsoft PowerPoint 2002 and Microsoft PowerPoint 2003 and said a patch is being developed and tested for release on August 8. "In order for this attack to be carried out, a user must first open a malicious PowerPoint document attached to an e-mail or otherwise provided to them by an attacker," the Redmond, Wash., software maker said in its advisory.

There are no prepatch workarounds in the advisory. Instead, Microsoft said Windows users should avoid opening or saving Office files, especially those that arrive from untrusted sources.

If an Office file--Word, Excel or PowerPoint--arrives unexpectedly from a trusted source, the advice remains the same.

7 comments:

Michael said...

When will you people finally learn your lesson and get an Apple Macintosh. You will NEVER have to worry about this stuff again and you will have the most advanced and user-friendly operating system in the world.

gui said...

Sorry, but the problem is Microsoft.

You pay for a product for that you hope that it does not produce these results. If the problem was not Microsoft and was generic, would have
the same problem in mac, linux, wordperfect or openoffice, and it is not like that.

Anonymous said...

In response to michael: You do realize that there have been Mac viruses and vulnerabilities? This leads to my next response.

gui: Ask yourself: How many people use these Microsoft products? What do these people who make viruses/loggers/etc. want?

A keylogger is mainly used to get money out of victims.

Linux? If you can run it, the hackers probably think you know how to protect yourself anyway.
Mac, wordperfect, openoffice? Not as many victims.

Jakob said...

Anonymous at 2:38: Name 5. (Mac viruses and vulnerabilities) Just because you hear something from your friends about how "Macs have viruses too" doesn't make it true. The closest anyone has come is a script that requires administrator privileges to run and has not been proven to actually exist in the wild.

The problem is Microsoft. They have far more security problems per capita of user base than other platforms.

Anonymous said...

Why don't you ask my friend sometime? His name is Google. I'll be too busy asking him about your claims.

Seriously though, google it. You can even find pro-mac sites that say it. You know, as much as I love Firefox, I can admit it's flaws. Can you do the same with Macs?

Also, I guess I can't prove that Microsoft is mostly targeted because of it's popularity. I can say that with as many exploits and such as Firefox has had while it's not that popular; just imagine if it were the most popular browser?

I will always believe that most popular means most targeted. Infamy or cash are the reasons people make these viruses/loggers/etc. They like to cause the most mayhem they can. There has to be someone out there testing Microsoft's defenses all the time. At least MS is patching these problems. Mozilla seems to have trouble doing that with my dear Firefox... but Mozilla is perfect, MS is bad, of course.

Helaman said...

What I find funny about mac fanboys is that they think they're safe from everything. But if I remember correctly, some of the first 'virus' were written for the Apple. The reason why - because 'that' was the most popular OS at the time.

If Apple enjoyed the same marketshare as MS does today, I firmly beleive that Apple would have the same problems MS does.

I run mutiple OS's (no apple, I'm just not ready to shell out that kind of money) and I find them all to have multiple updates, sometimes daily (ever run Red Hat?) and most of them are security related. I also haven't had a major problem in years - I use the tools out there, comcast provides a great free virus scan program (Mcafee Enterprise - which is a corporate version, not there poopy consumer junk) Spybot and Windows Defender for spyware and I enjoy trouble free computing even with kids and a wife opening anything that comes their way.

But let me bring one last point, a majority of web servers are run on Linux - and there are daily attacks on them, and guess what - they don't always survive, does that mean Linux is a bad operating system? No, it just goes to show that even seemingly tight OS's have problems. MS has done a fine job in my opinion in creating a OS that works with thousands of hardware configurations with minimal issues, Linux flavors have done a great job along the same lines, and well Apple has done a great job in getting an Unix based OS to work with very specific hardware and nothing else.

Jakob said...

Wow. Talk about avoiding the question, anonymous. You didn't name a single virus for the Mac, much less one that's been proven in the wild. I admit that it is possible to hack a mac personally (i.e. not in an automated fashion) but it's not nearly as easy as it is with Windows, for which there are dozens of automated exploits. As you seem so fond of it, why don't you google it?

And name the exploits. Just because there is a theoretical vulnerability in a product doesn't mean someone has exploited it.