Anti virus software vendors' own trouble

Recently McAfee and Symantec have troubles in their anti virus software.

McAfee's Security Centre 6.X, VirusScan 4.X/8.X/9.X has error in restricting the browser domain in which the ActiveX control mcinstcl.dll can be instantiated. In simple word, it can allow remote code running. It has been fixed by auto-update now. All users who have the stated version better update their product.

Nearly all Symantec antivirus product and Internet security product has a vulnerability that when they scan a malicious .rar (a recently popular compressed file format, another one is .7z format) they go wrong and allow arbitrary code execution! The workaround is to filter RAR file at mail or proxy gateways.

This is a good reminding that security is about a design and implementation of a policy - not depending on a single product without thought.

Adobe Reader 7.05

Adobe Reader 7.05 is recommended for use with Windows 2000 / Windows XP. It has better plug-in support for Firefox and Opera web browsers. It also fixes vulnerabilities in version 7.0.

For Win9X/ME, please keep using Adobe Acrobat Reader 5.0.5. Version 6.0.1 is just too large and slow.

Microsoft Windows Metafile Handling Buffer Overflow (Update)

Windows is vulnerable to remote code running through error in handling Windows Meta file format (.WMF). Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems. Other Windows versions may also be at risk.

Workarounds:

Do not access WMF files from untrusted sources (like unknown website)

IT personnels can block access to WMF files at mail gateway, http proxies and other network filtering technologies.

Update:

Microsoft will release a patch on 10 Jan 2006.

Meanwhile a 3rd party patch by Mr Ilfak Guilfanov ,a senior developer of DataRescue, Belgium has been tested and recommended by SANS Institute for the time being. According to Mr Ilfak Guilfanov, this is a temporary fix and should be un-installed after Microsoft's release of the formal patch.

This is the first time a private 3rd party patch has been approved by a renowned security institute. Part of the reason is that Guilfanov put the patch with complete source code on line as open source. So SANS personnel are able to thoroughly test and verify that this is an honest work without backdoor.

Openoffice.org 2.01 - is it for me? (Update)

Openoffice.org 2.0 (shortform Ooo2.0), a MS-Office compatible suite application, was released in November 2005.

Main differences from 1.1.X:
(1) Addition of an Access-like database - Base
(2) New document format - eXtensible Markup Language - based Open Document Format (1.1.X format is java-ziped XML but 2 formats are different)

Is it for me? Answer is: it depends.

It is yes if:
(1) you are satisfied that it is now not only "workable" (after 1.1.1 in late 2003) but "good enough" for general purpose;

(2) you need to repair MS-Office word/excel files - it can be a surprisingly effective last-resort means to save your corrupted MS files!

(3) you never have a legitimate copy of MS-Office and decide to stop your piracy but with a limited budget.

It is no if:
(1) you have a lot of Visual Basic for Application macros in Word/Excel - compatibility on macro application level is still limited - this can be critical for some accounting and finance personnels;

(2) you need or are required to use Outlook for integrated email, schedule management - Ooo simply does not have an Outlook counterpart

-although there is an open-source effort "Sunbird" calender/scheduler from the Mozilla Foundations to work with Firefox browser and Thunderbird email client, this is still a long way to go - "long" means at least 1 or 2 years for the application to become matured for beta.

I confess that I have used it for few years ever since 1.0 and install on every PC I need to frequently access. I have used it to save a few Simplified Chinese Word files corrupted during edition in SC Word, TC Word and Eng Word among some corporate users.

*******************************************************************
Note: after this has been posted soon, an update 2.01 is released to fix minor bugs and add some features:

(a) Extended bullet and numbering
(b) Ability to disable or hide particular application settings
(c) Improved mail merge

I can think of 1 more reason to use: export document to PDF file format - convenient for distribution.

My recommended setup

As you may know that recently there are lots of vulnerabilities about nearly everything (Microsoft IE, Sun Java Realtime, Realplayer, Flash, etc.), please note the followings:

WWW browser: highly recommend Mozilla Firefox 1.5 (the latest), or 1.07 (not the latest but stable). Only use IE for banking or visit trusted IE-specific website only. If you have to use IE, please add a Google/Yahoo/Netcraft toolbar and get Microsoft's antisypware beta.

Windows: update to the latest security patch of Windows/IE/Outlook Express for home machines.

Flash: update flashplayer to ver 8.X

Java realtime: update to Sun Java 1.4.2.09 or 1.5.05 depends on your limitation. If you have Microsoft Java, make sure it is ver 5.00.3810.

Apple Quicktime/iTunes: update to Quicktime 7 or version included with iTunes 6.

Realplayer: update to Realplayer 10.5 Gold version.

Yet another blog?

CL-roadlog is a misc blog about anything. However, CL is still an IT personnel. I still want to share with all viewers about my opinion about Information Technology or some urgent IT security alarms. It seems that another blog will be a better way to do so.

So here comes 路人CL - IT 手記.