Ventura County Computers E-letters

Table of Contents

You Have MICE!
Rick's Rant: It's a new year with the same old problems
CIPCUG Notice
Subscription Information

============== You Have MICE!

That is you have the Microsoft Metafile Image Code Execution vulnerability. Well, you do if you are running Windows NT, 2000, XP, 2003 (Server) or Vista. There has been a ton of stuff written and broadcast about this vulnerability, so I thought I'd try to provide some perspective and (hopefully) more accurate information.

First and foremost, Microsoft is still saying (in some venues, anyway) that the MICE vulnerability is in ALL versions of Windows -- even going back to 3.0. According to Steve Gibson (whom I consider the best authority on this kind of thing), that statement is incorrect. MICE was introduced into NT 4 and has been included in all versions of the NT kernel since. That specifically excludes Windows 3.1, 95, 98 and ME. If you are running Windows 95, 98 or ME you are safe. You can quit reading now, or keep reading so you can rub it in on those arrogant XP users.

Secondly, there are several ways to prevent the vulnerability from striking your computer. For Windows 2000, XP and 2003 (but not NT4) Microsoft has a security patch which you can install at the Windows Update page. Open Internet Explorer, get on the Internet and click on Tools, Windows Update. Do an Express update until no more show up and you are fixed. Some updates have to be run all by themselves, so you may have to do this more than once if you aren't up-to-date already.

If you want to make sure you are not vulnerable, grab Steve Gibson's MouseTrap at http://www.grc.com/wmf/wmf.htm -- he also has an interesting write-up on the page. There are two solutions that will work for NT4 and any system that cannot be updated: Paolo Monti's WMF Patch at http://www.nod32.ch/en/download/tools.php and Ilfak Guilfanov's hotfix at http://www.hexblog.com/2005/12/wmf_vuln.html The huge disadvantage to both of these latter two fixes is that they have to be running in the background at all times to protect you. They work, but they consume valuable processor cycles and will slow things down a bit.

Thirdly, how in the world did this happen? This looks like an intentional backdoor that someone at Microsoft created. A metafile is just a file that need graphical rendering. In the Windows 9x versions, Windows was not allowed to process image code. In NT 4 and later metafiles were allowed to execute code. This violates a well-known security law: Never, ever mix data and code. Code executes data, but data never executes code. Otherwise, you can get a virus just by viewing data. Someone at Microsoft took out the security failsafe to make the metafile vulnerable. The code works exactly as written. This is NOT the usual kind of bug where something isn't working the way it should.

This exploit and the malware that currently takes advantage of it are NOT worth all the hand-wringing and analysis that the vulnerability has received. The reason so many are so upset has much more to do with the possibility that MICE could have been an intentional backdoor for Microsoft to use to get into users' Windows systems. That has the conspiracy freaks seeing ghosts under every bed. Heck, it's caused quite a stir amongst the usually fairly calm commentators. A couple more of these and Linux will have the biggest advertising campaign in history -- provided to them courtesy of Microsoft. By it's very nature, an open source operating system cannot have backdoors because knowledgeable code writers would see it instantly and remove it. It's only when you cannot see the underlying code that something like this is possible. The fallout from this vulnerability could easily cost Microsoft billions in sales.

============== Rick's Rant: It's a new year with the same old problems

Happy New Year faithful readers. I've just finished putting away the Christmas lights and the few holiday decorations we dared to put out with an 11-month-old destructoid roaming the house. The empty wine bottles clink away as I throw them into the recycle bin, and so ends another year at the Smith house. 2006 is looking to be a very interesting year with all sorts of surprises (good and bad) awaiting us. But unfortunately instead of gleefully greeting the new possibilities of a new year I'm stuck in Internet Hell with, you guessed it, America Online!

I try not beat a dead horse and AOL has been put down so much in the Q & A's that I actually felt sorry for them and admire those club members that like a good friend stick with you through and through. But, alas, even in my sympathetic state I once again am aghast at the trends not only in this company but the industry as well. I am compelled to once again cry from the tower. If you ever need a reason to go to a local Internet service provider, just set out to correct a problem with this quickly declining company. Let me share with you my customer's tale of woe and despair.

We received a unit in from a 75-year-old man who uses his computer to run a prayer chain for his local Presbyterian church. His online access failed so he hauled the unit down for a checkup to see what caused the problem. On the phone, I'll admit that we jumped the gun a bit by suggesting that the problem could be caused by many things not being connected with AOL. So, believing that I knew what I was talking about, we agreed for a fee to have me give it a once over.

I've pretty well seen most everything horrible on a PC that you can imagine, and I'm not too surprised anymore, but lo and behold! This gentleman's computer was in tip-top shape, and his online habits would make any pastor proud. Upon finding no nefarious activity afoot, I surrendered and called AOL. What a surprise to find I was talking to a young woman from India.

I think now the only time you get to speak to an American from America Online is when you want to sign up or quit. Otherwise you get India Online!

Now, no one will talk to you unless you are the registered owner of the account, and I had to pass a bevy of questions as I posed as the legal owner.

But, alas, Roxy was the wrong answer to the favorite pet question, so I had to call my client to come down and get me connected.

Upon passing security, I explained my customer's plight and was told that I needed to speak to technical support, and I was transferred to another phone queue.

Upon reaching another person from a foreign land, I was told my account had been locked and I really needed to talk to customer service. So back again I was transferred to the same phone queue I started in.

Now, the third person for whom English is a second language informed me that I would have to talk to security. Now I'm really scared. I'm one of those people who would not pass a lie detector test even if I was innocent because I have a guilty conscience.

Upon reaching the security department, I really thought I was getting somewhere because his accent was mild, and he was easier to understand.

Apparently not just anyone gets to work security at AOL. He informed me in quite good English that my account was suspended because I was identified as a spammer. What? I looked over my shoulder at the kind gentleman behind me.

Could this man really be an Internet terrorist? I had to ask, "What did you get me for, copper?" He informed me that I agreed to an acceptable use policy that stated I was not allowed to email more than 10, yes 10, people at once. It seems that my client had the audacity to want to e-mail a dozen or so people in his church to ask them to pray for a sick friend. The gall of this man to put someone's personal needs above the greater good of the people. Not only did they shut down his e-mail but also his online access and didn't bother to inform him. By this time, I'm up to charging him for an hour and a half which morally I cannot charge -- so now I'm working for free. The security man said there were no exceptions to the rule. (What a surprise.) I politely told him that yet again AOL has found a new way to alienate their customers and drive them to seek service elsewhere.

So I packed up my client's PC and had him write me a reduced-amount check that we both chalked up as a learning experience and told him it would be a pleasure to switch his Internet service. But remember to get out a pen or pencil and start writing down every address in your address book because you will lose it because you do not own it! AOL does, and they are sore losers.

Oh, yes, you will have to re-enter all that information into a real address book, so don't make any mistakes. I certainly wouldn't want to be left out of the prayer chain.

============== CIPCUG Notice

You don't have to be a member of CIPCUG to subscribe to this E-letter, but we do make a short notice of upcoming events.

Don't forget this Saturday's general meeting, January 28, at the Camarillo Boys & Girls Club. It's back to the fourth Saturday of the month, not the third. The holiday schedule is over.

============== Subscription Information

Tell a friend to subscribe. Email listserv@vccomputers.com with the subject of: subscribe And a message body of: subscribe eletter [email address]

To unsubscribe, send an email to listserv@vccomputers.com with the subject of: unsubscribe In the body of the message, enter: unsubscribe eletter [your email address]

Entire message copyrighted by Ventura County Computers 2006 www.vccomputers.com Back issues of the E-letter are available at www.vccomputers.com/eletter.cfm

Home Sales Networks ISP Web Services Resources

For comments or corrections, please fill out our comments form.

E-Letter listing