From:         Patrick Douglas Crispen 
Subject:      TOURBUS - 24 JAN 2006 - WMF Vulnerability


The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
Copyright © Bob Rankin and Patrick Crispen - All rights reserved

Howdy, y'all, and happy December from deep behind the orange curtain in beautiful Irvine, California, now with 17% more sea sewage.

Closing the Door on Windows' WMF Vulnerability

The past few weeks have been interesting for PC users. At the end of December, Microsoft announced a vulnerability in the way Windows displays certain images, a vulnerability that could allow attackers to take complete control of your computer [check out the bulletin at ] More frightening is the fact that this vulnerability uses images--WMF images, to be exact--to execute arbitrary code on your computer. Open Internet Explorer, view a web page that has an image containing the WMF exploit, and *BOOM*...your computer is no longer yours.

How do you fix this? Well, if you have a PC, you need to double-check that you have all of Microsoft's most recent patches. To do this, just run Windows Update by opening Internet Explorer, going to Tools > Windows Update, and following the on-screen prompts.

That's it. No, really.

Closing the Door on Future Vulnerabilities

How can you protect your computer from future vulnerabilities? As silly as this may sound, the answer is simple:


Your antivirus software has two distinct parts:

1. A computer program that scans your computer for viruses; and
2. Antivirus definitions that tell your antivirus program
exactly what to look for.

Everyone pays close attention to antivirus definitions, and rightfully so. BUT, updating your antivirus definitions—-which you should do frequently—-is NOT the same thing as updating your antivirus software. Antivirus definitions protect your computer from *known* viruses, but they don't do squat when it comes to protecting your computer from a new virus threat or vulnerability.

That's where heuristics came in. Heuristics are hard-coded into your antivirus software and are "rules of thumb" that tell your antivirus software to watch out for and prevent certain behavior that could be a sign of a brand new, unknown virus or vulnerability. In fact, many modern antivirus programs were able to detect and defeat files that exploited the WMF vulnerability *DAYS* before there were any new antivirus signatures and *WEEKS* before Microsoft [finally] released a patch. Check out for a list of which antivirus programs blocked the exploits and which ones didn't.

Now for the bad news. Unless your computer is only a few months old, your antivirus software may not have the latest heuristics. Because of that, your antivirus software may not be able to detect and prevent the newest, polymorphic viruses in time.

Just like you need to change the oil in your car every few months, you need to change your antivirus software every 12 to 18 months. Completely uninstall the old version [like Norton Antivirus 2002] and then purchase and install the latest version [like Norton Antivirus 2006.] This is the ONLY way to make sure you're running the latest heuristics.

Free Antivirus Software?

For more information on computer security and tips on where to get high-quality FREE antivirus software, go to

and read the article titled "Should I Buy Anti-Spyware or Anti-Virus Software?" Then work your way down the list. :-)

Feds Subpoena Google Data

Talking about computer security and privacy, the tech news of the past week involves the United States Department of Justice and Google. According to the San Jose Mercury News,

In court papers filed in U.S. District Court in San Jose, Justice Department lawyers revealed that Google has refused to comply with a subpoena issued last year for ... 1 million random Web addresses and records of all Google searches from any one-week period.

You can find the full article at this story has raised a great deal of fear, uncertainty, and doubt [FUD] among your fellow netizens. Fortunately, search engine guru Danny Sullivan has done some digging and posted a wonderful, in-depth, constantly updated report of what is *really* going on behind the scenes:

According to Sullivan, Justice's requests don't involve any user data at all. Yet. [Tourbus riders, meet the slippery slope. Slippery slope, meet the Tourbus riders.] Seriously, though, read Sullivan's postscript number 9 to see why Justice's request isn't a horrible as a LOT of people are making it out to be:

Of course, if you're looking for FUD, it is hard to beat Slashdot [Warning: the following link contains coarse language]:

My two favorite posts appear near the top:

>> The solution is obvious! Let's all submit [inappropriate]
>> requests to Google.

> Way ahead of you. Been doing this for years.

Have a safe and happy weekend, and we'll talk again soon.

           .~~~.  ))
(\__/)  .'     )  ))       Patrick Douglas Crispen
/o o  \/     .~
{o_,    \    {    
  / ,  , )    \   
  `~  -' \    } ))    AOL Instant Messenger: Squirrel2K
_(    (   )_.'
---..{____}                  Warning: squirrels.

The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
Copyright © Bob Rankin and Patrick Crispen - All rights reserved
WMF Vulnerability, viruses, hoaxes, urban legends, search engines, cookies, cool sites
TOURBUS Site Search