04.22.10
Eye on Security: MSBBC Misinformation, McAfee Chops Windows, Vista 7 Severely Broken
Summary: The BBC continues to deceive readers into thinking that “computer” is “Windows”; McAfee bites off parts of Windows; Vista 7 said to have the “biggest bug of the 21st century”
YESTERDAY we wrote about journalists who refuse to explicitly blame Windows for Windows problems. This is unfair because when GNU/Linux- or OS X-specific issues surface, then the press is quick to point fingers at GNU/Linux and OS X, respectively.
One of the networks that are worst when it comes to naming Windows as a culprit/problem is the MSBBC, and it’s so easy to see why [1, 2, 3, 4, 5, 6]. Yesterday we found this example where the MSBBC warns “computer users” and not “Windows users” about problems that are obviously Windows specific. To quote one sentence (there’s more of that in the article):
Computer users should ensure that their anti-virus software and operating systems are kept up to date, he advised.
“Operating systems”? Plural? Really?
The MSBBC makes it sound like many operating systems are affected? Does the MSBBC count different versions or editions of Windows as separate operating systems?
Also found in the news is the following gem from McAfee. [via]
McAfee’s “DAT” file version 5958 is causing widespread problems with Windows XP SP3. The affected systems will enter a reboot loop and loose all network access. We have individual reports of other versions of Windows being affected as well. However, only particular configurations of these versions appear affected. The bad DAT file may infect individual workstations as well as workstations connected to a domain. The use of “ePolicyOrchestrator”, which is used to update virus definitions across a network, appears to have lead to a faster spread of the bad DAT file. The ePolicyOrchestrator is used to update “DAT” files throughout enterprises. It can not be used to undo this bad signature because affected system will lose network connectivity.
Here is a Microsoft booster describing the problem (all liability passed to McAfee, of course).
McAfee pushed out a virus definition update, 5958, at 06:00 PDT that causes false positive identification of the critical Windows system file svchost.exe. Machines running Windows XP Service Pack 3 using the 5958 definitions will delete the file, causing many key Windows services to fail to start. The Windows file is being mistakenly detected as W32/wecorl.a. Failure to start svchost.exe causes Windows to automatically reboot, hindering repair efforts.
“Yep, anti-viruses becoming as bad as viruses,” said Oiaohm, who gave us the latter link. This is not the first time such a thing happens. It happens several times per year.
Separately, SJVN writes about what Robert Pogson calls the “Biggest Bug of the 21st Century”. It affects Vista 7 and in the words of SJVN:
Still in trouble? Well, besides letting Microsoft know that this isn’t just an “issue” to you but a “bug, you can try to work around it by only using Windows 7’s Public Folders. Of course, this comes with the wee problem that any sub-directories and files in these folders will be available to anyone with a user account and password on the computer. Since this problem is most troublesome when a Windows 7 system is sharing files with other users, this can be a real security annoyance even if multiple users aren’t sharing a single PC.
Here is what Pogson writes:
The issue SJVN brought up was a persistent bug in file permissions for that other OS from XP to “7″. File permissions! Haven’t we been doing that right for 40 years?
Microsoft has not even existed for 40 years. Perhaps it never will. █
“Although UNIX is more reliable, NT may become more reliable with time.”
–US Navy Fleet Introduction deputy director Ron Redman explaining why the Navy uses NT back in the 90s
