Russian company picks hole in XP Service Pack 2

Become a member of the CGSociety

Connect, Share, and Learn with our Large Growing CG Art Community. It's Free!

THREAD CLOSED
 
Thread Tools Search this Thread Display Modes
Old 02 February 2005   #1
Russian company picks hole in XP Service Pack 2

Originally Posted by InfoWorld

Russian security company Positive Technologies has released a patch to a security hole it said it discovered in Microsoft (Profile, Products, Articles) Corp.'s Windows XP Service Pack 2 (SP2) last year.

"It has been over one month and we have not heard from Microsoft, so we decided to issue our own patch," Maximov said. "We understand that Microsoft wants to protect its product, but we feel it is more important for people to know about the problem and to know there is a tool to protect them."...

The PTmsHORP utility can be can be found online for download at http://www.ptsecurity.ru/ptmshorp.asp or at http://www.maxpatrol.com/ptmshorp.asp.


Did anyone heard about it?
__________________
 
Old 02 February 2005   #2
I'm not going to come out for or against this, but it sounds like a great way to spread a virus.
__________________
"Facts? You can use facts to prove anything that's even remotely true" - Homer Simpson
 
Old 02 February 2005   #3
Yes, that's why I worry about it...

Though in a 2nd thought, my computer was attacked 4 times in the next week - 1 begin2search spy, 2 times a bla.exe appeared on my c:\ and tried to run (my antivirus stopped it) and 1 time, the most frightening one, 3 files from c:\ were missed, luckily I have another computer that helped me to find how to fix it via the internet (NTDLR is missing or something...)... So I feel like someone took arrive on my computer... I have a router, norton antivirus and internet security (but only 2004 i think) and i check spies with spybout... nada! When those appear, i find them, but i can't find any backdoor / torjan that let anyone to put them in my computer :S

So, maybe this babe is my hope... and maybe it's just a new torjan
__________________

Last edited by Self-Designer : 02 February 2005 at 04:10 PM.
 
Old 02 February 2005   #4
Yea...this is brilliant! Let's all patch Windows with this right away!
[WARNING: Sarcasm alert! Do not under any circumstances update a Windows installation with a non-Microsoft released "patch".]
__________________
(( DePingus ))
 
Old 02 February 2005   #5
It'd feel a lot safer if they'd release the source code with the download...
 
Old 02 February 2005   #6
And how can you know that the exe file contains exactly the source code?

Anyway, i gave adaware a try and i found some new spies... Hate those thingies
__________________
 
Old 02 February 2005   #7
I need to rant about something here. I keep hearing about all these people who go digging into Windows to find security holes and leaks etc... I want to strangle these people with their own intestines.

If everyone would just use the OS and leave it the F*#@ alone none of these 'security issues' would ever see the light of day. Microsoft doesn't make security holes, people dicking around where they shouldn't be are the problem.

ARGH!! I'm really angry about this because I recently spent four days fixing all the computers in my house because of a goddamn virus that leaked in through my router.

I'm not angry with Microsoft, I'm angry with the prepubecent, greasy, fat, idiots sitting in their parents basements 'finding security holes' to 'help us'. F*$# these idiots.
__________________
Kiaran Ritchie
Game Developer / Programmer / Rigger
www.bigfatalien.com
 
Old 02 February 2005   #8
Where in the world do you guys get these viri???

I never get them (not complaining here).

And how can a company that doesn't have access to Windows Source code, write a security patch for Windows...
__________________
JDex
(Sans Gerfuffle)

On a VFX Hiatus
 
Old 02 February 2005   #9
This is either a hoax because Windows are not open source, or the patch is actually a stand alone application.
__________________
Dennik

Animusing Productions
old animation stuff.



 
Old 02 February 2005   #10
Originally Posted by kiaran: ...If everyone would just use the OS and leave it the F*#@ alone none of these 'security issues' would ever see the light of day. Microsoft doesn't make security holes, people dicking around where they shouldn't be are the problem...


Right! And we didn't have to use locks in our homes and cars if there were no thiefs! And our cars were so much simpler if we knew how to drive save! Who needs safe belts??

Sorry, but i had to take it that far

But, that's how it is, the world is not perfect, u know
__________________
 
Old 02 February 2005   #11
OK, I'm no coding genius, but I think I understand what these guys are claiming.

Apparently, Microsoft added code in SP2 that allows the developer to mark memory areas as non-executable (presumably to help protect against buffer-overrun attacks). These guys claim that they have found a way to execute code stored in one of these non-executable memory areas. If this is the case, it could be a valid windows vulnerability.

However, I can't see how releasing their own 'patch' could resolve this, if the problem is as deeply embedded as they imply.

I also have a problem with going around Microsoft if indeed MS has ignored them for over 30 days. Sure, their 'patch' may work, but what else does it break? Does it affect performance to an annoying degree? It could also be that MS is still investigating the issue themselves, or they have found that the vulnerability is only present in unrealistic situations (my favorite was one of those where you could elevate yourself to admin levels, but you needed admin privileges to do it!).

Furthermore, last year MS switched to a monthly, or quarterly (can't remember which) schedule for releasing security updates. Critical updates were the exception. It could be that this issue is not considered 'critical' and will be addressed in an upcoming security update. It could just as well be that these guys haven't applied all the security updates themselves, and they have 'discovered' a known problem that was already fixed.

I'm just speculating, but I still recommend against applying an OS patch from a third party.
__________________
"Facts? You can use facts to prove anything that's even remotely true" - Homer Simpson
 
Old 02 February 2005   #12
But, that's how it is, the world is not perfect, u know


Agreed. But that won't stop me from ranting about it
__________________
Kiaran Ritchie
Game Developer / Programmer / Rigger
www.bigfatalien.com
 
Old 02 February 2005   #13
It appears that MS has released several security updates today:
http://www.microsoft.com/technet/security/current.aspx

I can't tell if one of these addresses the Russian firm's findings...
__________________
"Facts? You can use facts to prove anything that's even remotely true" - Homer Simpson
 
Old 03 March 2005   #14
Autopatcher

OK, and what do u say about this: http://www.autopatcher.com/

I've found it via: http://www.fileconnect.net/comments...ws=8830&catid=3
__________________
 
Old 03 March 2005   #15
lol. I love reading posts about Microsoft users having security issues. Seems to be soo many.
I sleep well being a mac user.
Just buggin.
Microsoft needs to fix these things. I'd actually consider getting a pc is it wasnt for all these problems they have.
__________________
+smooth+
 
Thread Closed share thread



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
CGSociety
Society of Digital Artists
www.cgsociety.org

Powered by vBulletin
Copyright 2000 - 2006,
Jelsoft Enterprises Ltd.
Minimize Ads
Forum Jump
Miscellaneous

All times are GMT. The time now is 05:07 AM.


Powered by vBulletin
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.