Rowhouse Logic - Breathtaking Inanity

As a migrant worker in the geek farming industry I deal a little with computer security issues, so I’m probably more aware of problems in that area than some. That said, I was somewhat stunned to see this:

Security researchers uncovered a record 5,198 vulnerabilities in software products this year, nearly 38 percent more than the number of flaws found in 2004, according to statistics published by US-CERT, a cyber security information-sharing collaboration between the Department of Homeland Security and the CERT Coordination Center at Carnegie Mellon University in Pittsburgh.

According to US-CERT, researchers found 812 flaws in the Windows operating system, 2,328 problems in various versions of the Unix/Linux operating systems (Mac included). An additional 2,058 flaws affected multiple operating systems. There may well have been more than 5,198 flaws discovered this year; these were only the ones reported to US-CERT.

Here’s the list. Needless to say, security flaws are a hot topic lately as the WMF exploit, for which there is no patch, is making everybody a little panicky and looks bound to be a disaster. Here are a few things you can do to provide yourself with some minimal protection. First, use a browser other than Internet Explorer for the time being. This will not insulate you by any means, but the exploit is a little more automatic with IE than it is with Firefox or Opera. Second, if you use Google Desktop or a similar utility, disable it until Windows has been patched. Google Desktop indexes any image placed on your computer automatically and that process alone will trigger an infected WMF. Lastly, you can keep WMF files from rendering. This is very easy. Click on Start and then run, type in “regsvr32 /u shimgvw.dll” without the quotes and hit OK. One side effect of this is that Windows Picture and Fax Viewer will no longer work. Keep in mind that none of these steps will insulate your computer 100%, but will provide some minimal protection.

Don’t say I never told you anything.

This entry was posted on Friday, December 30th, 2005 at 12:12 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.