Security warning

[Gary Richardson]

Yet another way for the bad guys to directly infect Windows without any aid from you. Important you attend to this.

Quote:

Once again there is a browser vulnerability that allows for the remote execution of code. And the only action necessary to become infected is to view a malicious webpage using Internet Explorer or an HTML formatted e-mail...Like the WMF exploit it is advised to unregister the susceptible dll from the system as a workaround for the vulnerability.

Quote:

"Microsoft has confirmed new public reports of a vulnerability in the Microsoft Windows implementation of Vector Markup Language (VML)...A security update to address this vulnerability is now being finalized through testing to ensure quality and application compatibility Microsoft’s goal is to release the update on Tuesday, October 10, 2006, or sooner depending on customer needs...

There are already sites using this exploit, so to protect yourself from this till October when M$ get round to patching things, follow these instructions from Grinler at Bleeping Computer. http://www.bleepingcomputer.com/forums/topic66086.html

[Doug Nelson]

Good catch, thanks Gary.

[Gary Richardson]

You're welcome.

Figured that as a group we're more likely to use sites with Vector graphics than others do, and are therefore more at risk than the average user.

[1STLITE]

Thanks, Gary! I switched to Firefox some time ago, but I have been having issues with it, and have been having to use IE every now and again lately. No idea what the problem is, but for some reason when I try to log in to my website controls at Yahoo, it ends up creating some Error and closing Firefox.

I want a Mac!!

Is it true you don't even need antivirus software on a Mac? That is just freakin awesome!

[chrishoggy]

Quote:

Is it true you don't even need antivirus software on a Mac? That is just freakin awesome!

NO it's not true. thats the same thing people were saying about using Linux. You are not as much at risk as a windows PC, but you are still a target. And those not using AV etc on a Mac are the ones being used to spread windows viruses etc

[Gary Richardson]

Hi 1st Lite,

What version of Firefox are you using? Are you using "No Script" or any of the other javascript blocking extensions?

So that you can continue to use Firefox as your browser, yet use IE when accessing Yahoo, try using the IE View extension for Firefox.

http://ieview.mozdev.org/installation.html

Once installed, go to Tools > Extensions in Firefox, and double click on IE View.
This will open the IE View Preferences window.
Add your Yahoo website to the Always in IE Sites window and click OK

Now whenever you visit Yahoo using Firefox, it will automatically open the site using IE.
All others will open with Firefox.

As for running Macs without an AV, Chris is right, this would be a foolish thing to do.

[Cameraken]

Hi Gary

Thanks for the info. I followed the instructions at Bleeping Computer and installed their patch.

I see that Microsoft has now got an update available for this. Should I just install the MS patch or does the bleeping computer patch need uninstalling first?

Thanks

Ken.

[Gary Richardson]

If you read through the Bleeping Computer article, you'll find there's a re-enable batch file regvml.bat run that first before installing the M$ update.

If you don't find it

Click Start > Run type Notepad.exe then click OK.

This will open a Notepad file.

Now copy and paste the following text into it.

Quote:

@echo off
%WinDir%\system32\regsvr32.exe "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
exit

Name it regvml.bat and save as file type All files.

Now double click on it to run it.

Now install the M$ update.

[Cameraken]

Hi Gary

Quote:

If you read through the Bleeping Computer article, you'll find there's a re-enable batch file regvml.bat run that first before installing the M$ update.

Sorry I should have read that.
Thanks, and congratulations on your new Position.

Ken.

[Gary Richardson]

You're welcome.

Thanks for the congratulations, much appreciated.

Gary.