Microsoft Warns That Flame Virus Exploits Windows Flaw

[exfileme]

Last week's Flame virus was able to install itself thanks to a previously undisclosed flaw in Windows, Microsoft says.

Microsoft Warns That Flame Virus Exploits Windows Flaw : Read more

 

[A Bad Day]

On the bright side, looks like it might not hit a company (that will remained unnamed), that still uses Windows NT 4.

Majority of major weaknesses in all software is the organic meatbag sitting at the computer, or deciding if he/she should give pay raises to the high ranking executives or give the cash-starved IT department some funding.

 

[amuffin]

Still not as many computers infected as that crapple catastrophe that happened a few weeks back.

 

[livebriand]

"Most antivirus products will now detect and remove this malware if detected"
Huh?

 

[livebriand]

[citation][nom]A Bad Day[/nom]On the bright side, looks like it might not hit a company (that will remained unnamed), that still uses Windows NT 4..[/citation]
WOW... I guess XP and IE6 really isn't that bad then.

 

[WR2]

Oh great.

 

[ahnilated]

and this is a prime reason why closed source OS's don't work.

 

[unksol]

"We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft."

"Does that shuttle have a clearance code?"

"It's an old code sir, but it checks out. I was about to clear them"

 

[proxy711]

[citation][nom]ahnilated[/nom]and this is a prime reason why closed source OS's don't work.[/citation]
Ya because when everyone can see the code for a OS there's no way anyone will find any exploits. Such flawed logic.

 

[house70]

Virus made by US and Israeli govt. agencies. That means they did not need to crack anything, just go to the source (MS) and ask for the code for "national security" purposes. Betcha they did not even need a subpoena for that, just flash their badges.
Of course, once the beans were spilled, they allowed MS to "patch" it, so it doesn't spread to the "good" guys.
Right?
Problem is, what goes around, comes around. I would be surprised NOT to find any stepchildren of this virus (and Stuxnet, a close relative) after a little while, wreaking havoc on people's PCs.

 

[A Bad Day]

[citation][nom]ahnilated[/nom]and this is a prime reason why closed source OS's don't work.[/citation]

Then you have yet to be disillusioned by Android OS.

 

[hawkwindeb]

[citation][nom]ahnilated[/nom]and this is a prime reason why closed source OS's don't work.[/citation]

[citation][nom]A Bad Day[/nom]Then you have yet to be disillusioned by Android OS.[/citation]

It's that a well run Open Source OS "should be" more secure than closed source and there are examples, Solaris, RedHat, etc. Well run as in reviewed by many security experts (real experts that is) and other OS experts, etc. Android OS is not one of these, so I agree with "A Bad Day"

 

[jurassic512]

[citation][nom]livebriand[/nom]WOW... I guess XP and IE6 really isn't that bad then.[/citation]

Silly rabbit. If you clicked the Security Advisor link, you'd see XP SP3 IS affected. And oh yea, XP is NT 5.1

PS, stay away from tech sites if you can't read or be bothered to click on the links in the story.

 

[Christopher1]

[citation][nom]A Bad Day[/nom]On the bright side, looks like it might not hit a company (that will remained unnamed), that still uses Windows NT 4.Majority of major weaknesses in all software is the organic meatbag sitting at the computer, or deciding if he/she should give pay raises to the high ranking executives or give the cash-starved IT department some funding.[/citation]

Personally, I would rather those 'raises to executives' be voted on by law by the stockholders. If you cannot get a majority who are willing to give them raises, then these guys just have to stay with 10 million dollars+.

 

[rds1220]

So I'm confused. How exactly is this virus infecting computer. Is it through emails or pretend updates from MS? Do you have to download something to get infected or is it just compleatly random?

 

[CaedenV]

[citation][nom]hawkwindeb[/nom]It's that a well run Open Source OS "should be" more secure than closed source and there are examples, Solaris, RedHat, etc. Well run as in reviewed by many security experts (real experts that is) and other OS experts, etc. Android OS is not one of these, so I agree with "A Bad Day"[/citation]
As if MS, Apple, and Google do not have both in-house talent, or hire people to do such work? If it is open source it is mostly safe for the same reason that OS9/X were safe for so long; Not because they are necessarily secure, but because the people targeted simply do not use the systems.
Most attacks are in order to gain personal information for ID theft, most people who do not care about ID theft are in the general public, and the general public uses Windows. Therefore Windows is the most attached OS in the world.
Macs have traditionally been either for work machines (audio/video/photo work, or school lab PCs) with little personal information, or are owned by people who have wealth, and know how to protect that wealth, so there was little point to attacking such machines. Now macs (and more specifically mac devices) are used more and more by the general public... and what do you know... exploits are coming out.
Linux/unix kernel is quite secure, which makes it excellent for storing large amounts of sensitive information, but as a home system, the security is only as good as the software that runs on the machine which can be infected. Specifically the web browser, store, and music apps that may have a store. Again, small population, so there is little reason for hackers to really go there, but if it was really used, people would find a way in.

The only truly secure machine is the one that is turned off and locked away. When in use there is no amount of security that can make up for stupidity.

 

[CaedenV]

... think of it another way; If someone has a lunux machine, or if a business or gov't agency uses something out of the ordinary for the sake of security measures, then it does not matter what the security level really is. What matters is that people who use such systems are typically more educated, and are more likely to hunt a person down to retaliate in one way or another. The average user of Windows, OSX, iOS, or Android will simply call their credit card or insurance company, who will normally just revoke the fees, and will not put much effort into prosecution unless the problem is large enough to bother with.

 

[ahnilated]

[citation][nom]Proxy711[/nom]Ya because when everyone can see the code for a OS there's no way anyone will find any exploits. Such flawed logic.[/citation]

When the are tons of eyes on it exploits are found much quicker and patched quicker. With no one knowing about it, IE Microsofts stuff, they have no reason to patch it unless they "feel" it is an issue. There are numerous report out there about security companies letting Microsoft know about security issues and they don't fix them because they don't "feel" it is an issue. Well I am sorry but if there is a security flaw found they ALL should be fixed.

And if you want to talk about Linux, I have had my Linux system on the web for the last 21 yrs and never had a virus. I put my Windows system on the web for under 30 seconds and had a virus. Which do you think is more secure?

 

[eddieroolz]

[citation][nom]john_4[/nom]Just another reason to run OS X or Linux[/citation]

And lock yourself out of what the software world has to offer.

No thanks.

 

[curiosul]

[citation][nom]unksol[/nom]"Does that shuttle have a clearance code?" "It's an old code sir, but it checks out. I was about to clear them"[/citation]

Best comment of the day. Period.

 

[mihaimm]

If it is open source it is mostly safe for the same reason that OS9/X were safe for so long; Not because they are necessarily secure, but because the people targeted simply do not use the systems.

If you believe attacks are limited to identity theft and personal spying then you really are not thinking right about security. The real money are in the industrial spying business where you manage to penetrate your competition servers and get their secrets or in the other spying business (http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage/).
Apple and MS most certainly have the money to hire the right people. But they also have marketing, investors, deadlines and so on. When you announce Win8 on that date, you simply can't move it. There are millions of disks to be manufactured, user manuals, etc. Can Microsoft live with an unfixed vulnerability that they are aware of for at least 6 months? (Google "Windows 7 UAC code-injection vulnerability" for the answer). Can Apple ignore antivirus companies and refuse to do what they want? Yes... they can.

What happens to the security of the Linux kernel? It get's scrutinized by thousands of developers and some companies like... Canonical, SuSE, RedHat, Google, IBM, Oracle, Mandriva, Intel... and others. Because they can (open source software). And they care (selling products using Linux). They do have deadlines but they rarely care if they miss them. Because they generally have an incremental development process.

 

[f-14]

[citation][nom]ahnilated[/nom]and this is a prime reason why closed source OS's don't work.[/citation]
i know of 2 company's that developed their own OS back in the early 1980's they are still using today, they have never been attacked or hacked despite the millions of credit card info stored in their data bases

 

[Guest]

General Keith Alexander will be COMPLETELY delighted to answer ALL of your questions concerning Stuxnet, Duku and Flame Viruses. He will be happy to give you all of the source code and full documentation, especially after ANONYMOUS Fries his nutsack in Bluffdale, Utah. Seriously, though, Google Keith Alexander and Bluffdale Utah. You'll get the picture, even if you are a subhuman Microsoft Moron. (Sorry Morons, I didn't mean to insult you).

YES!! Windows 8 is completely compatable with the Flame Virus!! Big Brother has got you covered!!