This makes it look like I made this ignorant quote. I did not. It is
Bruce's statement.

Whether Bruce posted this through ignorance of his newsreader or with
malicous intent I cannot say. Perhaps he will enlighten us as to why he
would make it appear that i had said something that I did not (check the
threads).

Jim

"CountryLover" <crazygonuts@pcgeek.invalid> wrote in message
news:ujimr1tvjf3a5au1a0763iglm5c8v393o5@pcgeek.inv alid...
> On Tue, 03 Jan 2006 19:36:35 -0700, Bruce Chambers
> <bchambers@cable0ne.n3t>
> wrote:
>
>>Jim wrote:
>>
>>
>>
>> What kind of an idiot would install an "unofficial" patch. I can't
>>think of a more common way currently used to spread malware.
>
> Been living under a rock for the last week or so, eh?

"John Waller" <johnw@REMOVETHISpinnacleweb.com.au> wrote in message
news:OhIzhVOEGHA.3148@TK2MSFTNGP10.phx.gbl...
>> 1) One could also ask what guarantees come with an official Microsoft
>> patch. I have never seen a guarantee associated with any Microsoft
>> patch.
>
> And should my system develop problems from this unauthorised patch, where
> would that leave me?

Restoring the restore point before applying the patch. You do use restore
points....right?

>
> I subscribe to following the manufacturers instructions. Microsoft would
> never endorse this procedure.

Microsoft would not endorse this procedure because thier corporate customers
have forced Microsoft to go through more testing of patches before they are
released. Although, there is nothing keeping Microsoft from issuing a
pre-release patch. Heck, it may even help find and prevent problems in the
final patch release.

>
> I'm not inclined to download and let loose a non-Microsoft .exe file,
> promising to patch my Windows XP, onto my system.

What do you think installing a program does? It usually makes registry
changes, updates DLLs and does God-knows-what else to your system.

>
> That contravenes every anti-spyware, anti-spam, anti-malware,
> good-practice guideline I can think of.

Your decision to install or not should be based on the trustworthiness of
the person writing the application or patch and the trustworthiness of those
advocating the application or patch.

Microsoft has told you that the exploits exist and are increasing.
Anti-virus vendors and watchdog groups like F-Secure and the SANS Institute
are advocating using the patch because of the seriousnes of the
vulnerability that the exploit exposes.

Microsoft has also told you that thier hands are tied because thier
corporate customers demand more testing before a patch is issued (if only
the hackers demanded as much testing before ecpliots were issued).

It is, as always, your choice.

Good luck to you.

Jim

I'm outta here.

I have shown you what I know about the patch and protecting yourselves. I
have projects to get out and must concentrate on them at this time.

Ultimately (in PCs as in life), your seurity is in your hands. Do your
research. Listen to whom you trust.

I wish you all the very best in this new year.

Have fun and be safe.

Jim

I see that Microsoft is targetting their official patch for this issue for
next Tue 10 Jan 2006 once testing is complete.

http://www.microsoft.com/technet/sec...ry/912840.mspx

--
Regards

John Waller

On Wed, 4 Jan 2006 14:44:36 +1030, "John Waller"
<johnw@REMOVETHISpinnacleweb.com.au> wrote:

>> 1) One could also ask what guarantees come with an official Microsoft
>> patch. I have never seen a guarantee associated with any Microsoft
>> patch.
>
>And should my system develop problems from this unauthorised patch, where
>would that leave me?

I did not argue as to the effectiveness, or not, of the patch, I only
made the assertion that it was not malware. By the way, what does
the guarantee from Microsoft say about it if one of their patches
causes problems with your system?

>I subscribe to following the manufacturers instructions. Microsoft would
>never endorse this procedure.

Good for them, it makes sense not to endorse third-parties messing
around with their OS.

>I'm not inclined to download and let loose a non-Microsoft .exe file,
>promising to patch my Windows XP, onto my system.

Then do not do it, you are certainly entitled to your opinion.

>That contravenes every anti-spyware, anti-spam, anti-malware, good-practice
>guideline I can think of.

If you want to prove it is spyware/malware then by all means go for
it, but perhaps others want to make a more informed and balanced
decision rather than just blindly rejecting it out of hand based on
some speculation about spyware. If it is malware then be the hero
and show us. If it is not why bring it up in the first place on this
particular item? By all means argue your point about OS impact and
potential problems, that is far more reasonable then falsely stating
something (spyware) as fact which has not been shown to be the case
here.

--
Ciao,
Falcon

Bruce Chambers <bchambers@cable0ne.n3t> writes:

> What kind of an idiot would install an "unofficial" patch. I
> can't think of a more common way currently used to spread malware.

A desperate one who
lacks official patch choices
faces an extremely critical threat with attack vectors via web
browsing (even trusted sites that might be defaced),
IM, and email channels
has an option for an unofficial patch coded by one of the best
low level windows programmers on the planet
and recommended by one of hte most respected security
organizations on the planet (SANS)


It's either that or disconnect your computer from the net until next
Tuesday.

Best Regards,
--
Todd H.
http://www.toddh.net/

> If you want to prove it is spyware/malware then by all means go for
> it, but perhaps others want to make a more informed and balanced
> decision rather than just blindly rejecting it out of hand based on
> some speculation about spyware.

That wasn't really my point.

I was just saying that this is a non-Microsoft solution. Installing non-MS
patches is not recommended practice at any time.

According to online reports the security community is divided. Some say,
install the non-MS patch now. Others say wait for Microsoft.

As others have posted here, it's a judgement call for PC
owners/administrators.

The software vendor advises waiting a few more days while they test their
patch.

I'm in the camp which will wait for the MS patch.

--
Regards

John Waller

Jim wrote:
> I'm outta here.
>
> I have shown you what I know about the patch and protecting
> yourselves. I have projects to get out and must concentrate on them
> at this time.
> Ultimately (in PCs as in life), your seurity is in your hands. Do
> your research. Listen to whom you trust.
>
> I wish you all the very best in this new year.
>
> Have fun and be safe.
>
> Jim

Thank you. Although many respected people here have disagreed with you it
has been a valuable discussion. Personally I have seen enough of my
customer's computers that have been compromised and done enough testing to
prove to myself that the patch works to block the exploit that I have
installed it. Yes, it may cause some unforeseen problems but it can be
easily uninstalled if it does. I look forward to uninstalling it when
Microsoft releases their patch. I agree with the way Microsoft is releasing
their patch. Their patch has to work and has to be well tested before
general release. I really take offence with the way Microsoft is downplaying
the severity of the exploit and how prevalent it is. They are giving many
people a false sense of security and causing untold damage to unsuspecting
users by lulling them into a false sense of security. To anyone who doesn't
believe this then try this. Build a clean machine. Update Windows. Install
your favourite anti-virus and anti-spyware programs. Visit a few of the
known bad sites. You will be infected. Fine you say. I just won't visit
those sites. There has already been known legitimate sites that have been
hacked and frames added with the exploit. Microsoft is right to test the
patch completely. They are wrong to minimize the exploit's impact.

Kerry

Jim wrote:
> This makes it look like I made this ignorant quote.

But you DID make all the other ignorant quotes.

--
They call it PMS because Mad Cow Disease was already taken.

JP wrote:

> Yo ucan check if your vulnerable and get a patch there:
>
> http://www.grc.com/sn/notes-020.htm
>

What exactly is shimgvw.dll and what does it do?

How will unregistering it affect my system?