PDA

View Full Version : Symantec warns SP2 not safe



drb1
31-12-2004, 09:51 PM
http://www.theregister.co.uk/2004/12/30/ms_phel_vuln/

D.

FoxyMX
31-12-2004, 10:04 PM
Cripes, here we go again. :(

Thanks for that warning, drb.

From Symantec:


Trojan.Phel.A is a Trojan horse program, which is distributed as an .html file, and attempts to exploit the Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass Vulnerability (BID 11467).

Looks like we might be nice and safe using Opera and Firefox until MS produce a security patch though.

tedheath
31-12-2004, 10:07 PM
Symantec says nothing of the kind, it says this (cut and paste)

Trojan.Phel.A attempts to infect computers running Microsoft Windows XP Service Pack 2 or later.
Look squire people were writing viruses for MS W3.11 and winsock a few years ago.
So someone has written a virus for XP SP2, its no Microsofts fault.
The writer of the trojan horse is a just a scum, filthy, criminal person.

So stop being an alarmist and misleading people in this forum.

tedheath

Cicero
31-12-2004, 10:22 PM
Symantec says nothing of the kind, it says this (cut and paste)

Trojan.Phel.A attempts to infect computers running Microsoft Windows XP Service Pack 2 or later.
Look squire people were writing viruses for MS W3.11 and winsock a few years ago.
So someone has written a virus for XP SP2, its no Microsofts fault.
The writer of the trojan horse is a just a scum, filthy, criminal person.

So stop being an alarmist and misleading people in this forum.

tedheath
Trojan.Phel.A
Discovered on: December 27, 2004
Last Updated on: December 29, 2004 12:16:33 PM








Trojan.Phel.A is a Trojan horse program, which is distributed as an .html file, and attempts to exploit the Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass Vulnerability (BID 11467).




Just to clear on that Ted this is on the symantic site,

Safari
31-12-2004, 10:37 PM
It certainly is on the Symantec site and it is tedheath who is giving misleading information.

http://www.zdnet.com.au/news/security/0,2000061744,39175928,00.htm

"Microsoft is taking this vulnerability very seriously, and an update to correct the vulnerability is currently in development," the spokesperson said. "We will release the security update when the development and testing process is complete, and the update is found to effectively correct the vulnerability."


Microsoft has had significant problems securing its Web browser in 2004. As a result, the freely available open-source browser Firefox has gained market share. Security experts have recommended that computer users consider other browsers and some schools have told their students to use a non-Microsoft browser.

george12
01-01-2005, 12:48 AM
I don't think tedheath was trying to mislead us, he just made a mistake.

I use firefox = safe.

Phew

Mike
01-01-2005, 11:09 AM
It certainly is on the Symantec site and it is tedheath who is giving misleading information.
I'm sorry, tedheath was not giving misleading information - I agree with him; SP2 is not "unsafe" as this thread's title suggests. It has a vulnerability that has been found and targetted, but on a whole that does not make SP2 unsafe. All it means is that it is susceptible to attack. I haven't found where on the Symantec site that it actually says that SP2 is unsafe, nor have I found anywhere that they suggest you remove SP2.

Every version of Windows has had vulnerabilities targetted by virus writers. That hasn't made Windows unsafe to use, and generally those vulnerabilities have been able to be patched up very quickly.

There is a big difference between being "unsafe" and being "vulnerable". Lets not get caught up with semantics here (lol :D) but lets also get our facts straight and accurate.

Mike.

drb1
01-01-2005, 07:41 PM
There is a big difference between being "unsafe" and being "vulnerable". Lets not get caught up with semantics here (lol :D) but lets also get our facts straight and accurate.

Mike.[/QUOTE]


The US DOD, dont agree with you, pre or post sp2.

Their advice "use another brouser". Offically they have not said user another O/S.

Unofically. They recomend any other O/S.

Remember the dod GAVE us COBOL. In a project run by a Female Admarial.

Some people seem to be chucking English derogatory terms about.

They should try "ponce" to describe them selves.

The title of the thread is a direct "Quote" from the linked article.

D.

All the money spent on this new forum is a "ludricrous waster" without a decent spell check facility.

Take out smileys or some of the other junk if nessecary, and put in a decent spell checker.

Mike
01-01-2005, 09:59 PM
The US DOD, dont agree with you, pre or post sp2.
Their advice "use another brouser". Offically they have not said user another O/S.
Unofically. They recomend any other O/S.
...
The title of the thread is a direct "Quote" from the linked article.


Do you have a link to the DOD advice to use another browser? And what do the DOD have to do with it anyway - What do they have to do with internet browsing or the like. Surely this advice would normally come from computer experts rather than the military? :confused:

And I didn't find the word "safe", or a reference to Symantec warning that SP2 is not safe, in the linked article. Maybe they removed that comment before I got to read it?


A new Trojan horse - named Phel - that punishes users of Microsoft Windows XP operating system is in the wild.

Security software firm Symantec has issued a bulletin warning Windows XP users to be on the look out for the program, which is distributed as an .html file. The malicious code can attack systems running XP Service Pack 2. The vuln was first found in October, and Microsoft is busy trying to catch up to it.

"Microsoft is taking this vulnerability very seriously, and an update to correct the vulnerability is currently in development," the company told ComputerWorld. "We will release the security update when the development and testing process is complete, and the update is found to effectively correct the vulnerability."

Symantec warns that users will see two Internet Explorer windows pop up when an .html file with Trojan.Phel.A is opened. If the code does its worst, the Trojan will automatically be executed every time a Windows user turns on his machine.

More information from Symantec is available here.

Mike.

tedheath
01-01-2005, 11:24 PM
The facts are DRB you have a bee in your bonnet for some reason about XP and particulary SP2.
Well none of your misleading comments are fooling many people. XP SP2 isnt going to go away just yet. Virus writers are going to target the most commonly used OS so its a cat chasing its tail scenario.
As far as the US DOD recommending the military not to use sp2 thats a load of guano.
You remind me of those [removed] mass emailing all their friends a few years ago about spurious warnings of viruses targeting 98 ME etc.

tedheath

george12
01-01-2005, 11:59 PM
Do you have a link to the DOD advice to use another browser? And what do the DOD have to do with it anyway - What do they have to do with internet browsing or the like. Surely this advice would normally come from computer experts rather than the military? :confused:

And I didn't find the word "safe", or a reference to Symantec warning that SP2 is not safe, in the linked article. Maybe they removed that comment before I got to read it?

Mike.

Mike, it's right there at the heading:

"Windows XP users Phelled by new Trojan
Symantec warns SP2 not safe"

As for the DOD advice, I can't find it either, but I do remember seeing something like that a few weeks ago.

Chilling_Silence
02-01-2005, 12:10 AM
Lets just say that it would have been more appropriately titled "Symantec warns that even SP2 is vulnerable". Or a myriad of other things.

It happens people, no need to get worked up....

Firefox aint perfect either, you can still get popups :( Personally I like how it was in 0.9 best!

I still say ignorance is bliss!


Chill.

Codex
02-01-2005, 12:41 AM
I don't think tedheath was trying to mislead us, he just made a mistake.

I use firefox = safe.

Phew
same phew :thumbs:

drb1
02-01-2005, 01:44 AM
Do you have a link to the DOD advice to use another browser? And what do the DOD have to do with it anyway - What do they have to do with internet browsing or the like. Surely this advice would normally come from computer experts rather than the military? :confused:

And I didn't find the word "safe", or a reference to Symantec warning that SP2 is not safe, in the linked article. Maybe they removed that comment before I got to read it?



Mike.

Mike,

Cut and paste, just for you.

Windows XP users Phelled by new Trojan
Symantec warns SP2 not safe
30 Dec 2004 19:56

As to the dod google, there as so many references to this old news, or even forum search there may be links to the articles here, I may even have posted them.

As to any one who sujjests dod are not at the fore of computer and sw development, well really.

DOD develop languages that Corporations like M/Scam copy.

DOD fund NASA programs in conjunction with Red-hat and open source that developed Mars rover among other things.

The Tsunami warning systems were also developed in conjunction with dod as were most weather monitoring programs and globall warming reaserch which still gets much of its unadultarated inf from dod satallites and dod get all the G/W data and anayalsis in return, first.

dod funded the competetion for the best totally computer controlled transport vehicle, the winners got massive grants and reaserch assistance, and facility and equippment provided.

Because dod wants unmanned combatt vehicles, NOW.

DOD research gave us heads up displays on helmet visors, filtering down from Apache, private enterprise funds none of this cutting edge R and D, it just sucks it all up, and improves it and claims the credit.

And dod is not at the fore of computer related development, would you like to refrase that????????????

Can you tell us where Velcrowe which was never patented came from??

Just to clear something If anything I am Politically anti: Totally Capalist, Ecoligically and Socially Irresponsible America, and definatly anti G. Warmonger Bush.

I stated along with may others the day Warmonger started campaigning, a vote for Bush is a Vote for war.

We were not wrong 911 was just a Very unfortunate step along the way.

I do not deny reality because of any of this.

D.

drb1
02-01-2005, 02:10 AM
The facts are DRB you have a bee in your bonnet for some reason about XP and particulary SP2.
Well none of your misleading comments are fooling many people. XP SP2 isnt going to go away just yet. Virus writers are going to target the most commonly used OS so its a cat chasing its tail scenario.
As far as the US DOD recommending the military not to use sp2 thats a load of guano.
You remind me of those [removed] mass emailing all their friends a few years ago about spurious warnings of viruses targeting 98 ME etc.

tedheath


Ted Heath was a dissaster as a prime minister and you tedheath are an: Uninformed, Unfactuall, Reactionary.

I posted a link, and made no comment, I cut and pasted the title to the link from the article header. Let the reader decide?????????

Personally the sooner Opensource/linux develop a point click O/S with major H/W compatabilitys the better off much of the planet will be.

M/Scam and CO keep on changing the rules, to make this as hard as possible, and Slice as much profit from the consumer as possible using FUD spread by People like you, teadheath.

Whom attack anything like truth that is not 100% positive to M/Scam

My reply to your personall insults is to reiterate

[Edit: comment removed. Oh yeah, and a Moderator's reply to what you posted is to remove it and point out to the poster the Rules (http://forums.pcworld.co.nz/showthread.php?t=52243), specifically No. 1]

And you may know what that really means.

D.

FoxyMX
02-01-2005, 10:02 AM
Mike, it's right there at the heading:

"Windows XP users Phelled by new Trojan
Symantec warns SP2 not safe"

No it's not. I am sure that I saw it there when I first looked and a search with Google brings up a few results with "not safe" in the title but they must have removed it not long afterwards.

Prescott
03-01-2005, 05:03 PM
im still happy with sp1, ive got a firewall and virus scanner so im not worried

drb1
03-01-2005, 09:01 PM
My reply to your personall insults is to reiterate

[Edit: comment removed. Oh yeah, and a Moderator's reply to what you posted is to remove it and point out to the poster the Rules (http://forums.pcworld.co.nz/showthread.php?t=52243), specifically No. 1]

And you may know what that really means.


D.[/QUOTE]

Interesting to see Heaths posts complete with insults of a simular nature still.

Same double standards.

Twelvevolts
03-01-2005, 10:38 PM
There is one thing that is for sure - no matter how safe Windows XP is or isn't with SP2 -XP is still a lot safer with SP2 than without it. Furthermore, those older operating systems like 98 are less safe than XP.

Got XP SP 2 the day it was released - have had grand total of zero problems since. Kept it patched and the recent experiment by Kevin Mitnick demonstrated a SP 2 machine with firewall on wasn't compromised, but XP with no patches lasts about 4 minutes. Add in Zone Alarm Pro, Giant, Nod 32, Spyblaster and Adaware and I reckon I have a shot at survival!!!!

http://www.usatoday.com/tech/news/computersecurity/hacking/2004-11-29-honeypot_x.htm

Safari
04-01-2005, 08:48 AM
To keep things in perspective there are some relevant points on that report.
Connected to the Internet via broadband DSL not Dialup
3059,922 attempts only 9 successful and only where the XP firewall was not activated.
With an updated and patched XP with XP firewall running it appears that the chance of your system being compromised would be quite remote.
There were no successful compromises of the Macintosh even though the built in firewall was not activated.

From http://www.usatoday.com/tech/news/c...-honeypot_x.htm
Each PC was connected to the Internet via a broadband DSL connection and monitored for two weeks in September. Break-in attempts began immediately and continued at a constant and high level: an average of 341 per hour against the Windows XP machine with no firewall or recent security patches, 339 per hour against the Apple Macintosh and 61 per hour against the Windows Small Business Server. Each was sold without an activated firewall.

While attempted break-ins never ceased, successful compromises were limited to nine instances on the minimally protected Windows XP computer and a single break-in of the Windows Small Business Server. There were no successful compromises of the Macintosh, the Linspire or the two Windows XPs using firewalls.

Twelvevolts
04-01-2005, 09:08 AM
Yes - my point not very well made was that if you keep your system patched and the firewall on you already have a pretty good protection from hackers (providing you know enough not to do silly things that is).

I've found the Microsoft Baseline Security Analyser pretty handy to ensure you are fully patched, because Update doesn't always pick all updates up (strangely enough).

Very good idea to have a XP slipstreamed disk (incorporate the SP2 into the XP disk) and have all the patches avialable on a CD, so that when you reinstall you have everything available without any downloading required.

drb1
04-01-2005, 11:59 PM
Yes - my point not very well made was that if you keep your system patched and the firewall on you already have a pretty good protection from hackers (providing you know enough not to do silly things that is).

==
D.

Like even putting a toe near the WAREZ or PORN zone's

=====

I've found the Microsoft Baseline Security Analyser pretty handy to ensure you are fully patched, because Update doesn't always pick all updates up (strangely enough).

Very good idea to have a XP slipstreamed disk (incorporate the SP2 into the XP disk) and have all the patches avialable on a CD, so that when you reinstall you have everything available without any downloading required.


And have either a fully updated antivirus copy and firewall copy or a copy of all of the updates for said.

So they can be installed BEFORE the machine is introduced to the internett for the first time.

It has been shown (and people have come here for assistance after installing xp and sp2 and attempting to update anti virus and fire walls) that a machine with sp2 as a fresh install is still VERY vunerable whilst attempting to obtain download updates for its anti virus or downloading updates for its non M/S fire wall.

Exploitable vunrabilities in SP2 that M/S HAS know about since October have still not been patched.

Considering how many Billions M/SCAm makes every year, that is abusolutely discusting customer service.

This leaves me to reiterate the Question passed buy a promminent IT Juronalist,

Are Microsoft actually in league with: Phishers, Spammers, And Malware Writers?

Their constant failures in security, fairly beg's the question.

D.