Important Announcement if you are running Windows

Started by Vekseid, July 21, 2015, 01:28:01 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Fenrisulfr

Quote from: Dallas on July 24, 2015, 03:10:00 AM
Stupid question but... Are Adobe Flash and Macromedia Flash the same thing?
Yes. Adobe acquired Macromedia in 2005.

Fenrisulfr

Quote from: Haibane on July 23, 2015, 03:40:00 PM
I made a bit of progress just now. On an MS help page I found out my Windows Updater was out-of-date. So I updated my updater and its now up-to-date. I rebooted and windows updated... something... it was very quick though (about 30 secs). I didn't think it took anywhere near long enough. I then went to my Windows Update and.. I get the same error message. *pulls hair out and bites the door frame in frustration*
After the reboot, were the services still started? If not set to automatic, they won't start when the system starts up. So it could be that there are a few updates that will need their own reboots.

Twisted Crow

Well guess I'm getting rid of Flash, then. Thanks for the heads up, Veks. And thanks for the info Fenrisulfr. :-)

AmberStarfire

#103
Quote from: Haibane on July 23, 2015, 03:40:00 PM
I made a bit of progress just now. On an MS help page I found out my Windows Updater was out-of-date. So I updated my updater and its now up-to-date. I rebooted and windows updated... something... it was very quick though (about 30 secs). I didn't think it took anywhere near long enough. I then went to my Windows Update and.. I get the same error message. *pulls hair out and bites the door frame in frustration*

Search this file on your computer. Don't make changes to it but it might have some information on what's going on:
windowsupdate.log

I think it's in the Windows folder. At least on 8 it is, but if you try and run it or search it, it should open it up.


Yano2mch

Interesting...

For the longest time I've had Windows Update disabled, since I don't particularly trust MS anymore... Course I also have FlashBlock enabled on Firefox so Flash doesn't affect me unless I give it permission to. Quite annoying more and more sites require Javascript AND Flash to view anything on the site. Where has all the simplicity gone?  Quite annoying...

Sessha

 I'm pretty dumb when it comes to computer code. So did MS actually fix the problem with an update or what? I'm totally confused here folks.
Locked, cocked and ready to rock!


hellrazoromega

Quote from: Vekseid on July 21, 2015, 01:28:01 AM


As an aside, if you have Adobe Flash installed, I would highly recommend removing it. The more people who get rid of Flash, the more websites will stop relying on it, and the less you'll miss.


The sad part is so many people won't . Steve Jobs tried for years to end Flash and if a guy that influential could not end it, I have to wonder if anything other that a widely publicized and costly hack can. "People in the know," may take Flash off but the average member of the sheeple won't and Adobe will shamble on, as it always has. I'd have taken Flash off long ago but sadly too many sites I need to visit for my living use it ( and don't have non Flash version--*grumble*)  and I am stuck not being able to change until they do*sigh*. I wish you luck in getting [a significant number of] people to change, I really do, because what you say it true, if less people use it change will be inevitable. It's just that I have heard this call many times before and still there is Adobe.  :(

Oniya

One side benefit I just discovered to removing Flash is that a number of those irritating 'pop-under' ads use it - and therefore can't fully load. 

Victory!
"Language was invented for one reason, boys - to woo women.~*~*~Don't think it's all been done before
And in that endeavor, laziness will not do." ~*~*~*~*~*~*~*~*~*~*~Don't think we're never gonna win this war
Robin Williams-Dead Poets Society ~*~*~*~*~*~*~*~*~*~*~*~*~*~Don't think your world's gonna fall apart
I do have a cause, though.  It's obscenity.  I'm for it.  - Tom Lehrer~*~All you need is your beautiful heart
O/O's Updated 5/11/21 - A/A's - Current Status! - Writing a novel - all draws for Fool of Fire up!
Requests updated March 17

gaggedLouise

#108
If I've understood this right, the fonts that would be dangerous have to be specially crafted and then used on a page where you'd have to access them (that is, open the actual document or video where they're used). So then, does that mean the following?

1) the 'type infection' is not contagious to ordinary fonts. Somebody might craft a font that looks a lot like a well-known font, but it would only be the "crooked font" that carried the attack.

2) the font would have to be used in something you actually click on or start? A specific article, a video clip or a pdf file you'd open. The attack mode isn't simply a drive-by attack from some random webpage or embedded clip in the page, as soon as the wider page is accessed.

or even (since Adobe has featured so much in the discussion)

3) the fonts affected would mostly be special fonts used in graphic and video images (and crafted by the hackers, see above), not in straight written text documents, articles or blog posts, but rather as "show fonts" in Flash and other images?

If all three of those are true it would sort of limit the severity of the threat a bit, at least when it comes to day-to-day internet surfing.

Good girl but bad  -- Proud sister of the amazing, blackberry-sweet Violet Girl

Sometimes bound and cuntrolled, sometimes free and easy 

"I'm a pretty good cook, I'm sitting on my groceries.
Come up to my kitchen, I'll show you my best recipes"

Yano2mch

Quote from: Sessha on July 25, 2015, 07:46:53 AM
I'm pretty dumb when it comes to computer code. So did MS actually fix the problem with an update or what? I'm totally confused here folks.

Not long ago I watched the history of the computer virus, quite an interesting semi-documentary. Quite simply Microsoft gave security the middle finger for years and years, until more recent internet viruses were quite rampant, forcing restarts on computers before they could get patched, and making systems that you'd think wouldn't need windows were failing (like elevators). Hospitals, railroads got closed down for a period of time while they couldn't do anything.

At some point I think starting with XP they actually started to take computer security somewhat seriously... But really base systems with no protections, user account differences and you always running as root/admin and you could sneeze on their system and infect it. So many features for 'convenience' that end up being totally backwards... autorun for example, I hate it, and it was an easy way to infect computers be it flash drive or cd's.


Here's a link, flash free!(I think) If it's JS free as well it won't ask you annoying questions and just provide the links for the raw videos.



Quote from: Oniya on July 25, 2015, 02:26:25 PMOne side benefit I just discovered to removing Flash is that a number of those irritating 'pop-under' ads use it - and therefore can't fully load. 

I remember getting flashblock years ago BECAUSE of flash ads. I'd open several pages so I could get download links and flash would run on every one of them as ads, and bring my laptop to a total and utter crawl. Disable flash and everything works hunky-dory.

gaggedLouise

Well, from reading around some about this vulnerability it seems that the first two points I listed in the next-to-last post are accurate. The attack doesn't spread over to legit fonts, and to run the risk of getting the machine infected you'd have to actually visit a page, or open a document, a video etc, that's been set up with a "poisoned font" deliberately included. The threat won't make any kind of random page you've visited several times before suddenly toxic, and one has to count on that webmasters and web security people at e.g. news sites, Youtube, Amazon, Facebook and so on will be upping their antennas for infected content.

Good girl but bad  -- Proud sister of the amazing, blackberry-sweet Violet Girl

Sometimes bound and cuntrolled, sometimes free and easy 

"I'm a pretty good cook, I'm sitting on my groceries.
Come up to my kitchen, I'll show you my best recipes"

Oniya

Hate to say it, but there have been several times that Mr. Oniya has gone to a site that 'he's gone to many times before' and had a warning pop up about some virus or other getting blocked.  And this was before the whole Flash thing came out.  Just consider how much content gets put up on Elliquiy every day.  Then multiply that by a metric crap-ton, and you have how much content gets put up on a site like Facebook.  Now, consider the logistics of visiting and scanning each link that the entire user-base posts to one of these sites - realtime, so that a post doesn't sit there and get clicked on by a thousand people while it waits in the 'to be scanned' queue (if the site vets after posting), or so people don't post the same thing five times in a row because 'their post didn't go through!' (if the site vets before posting.)
"Language was invented for one reason, boys - to woo women.~*~*~Don't think it's all been done before
And in that endeavor, laziness will not do." ~*~*~*~*~*~*~*~*~*~*~Don't think we're never gonna win this war
Robin Williams-Dead Poets Society ~*~*~*~*~*~*~*~*~*~*~*~*~*~Don't think your world's gonna fall apart
I do have a cause, though.  It's obscenity.  I'm for it.  - Tom Lehrer~*~All you need is your beautiful heart
O/O's Updated 5/11/21 - A/A's - Current Status! - Writing a novel - all draws for Fool of Fire up!
Requests updated March 17

Al Terego

For those that are still running XP:

There is a registry hack that makes your Windows XP masquerade as the XP-based "Windows Embedded POSReady 2009" which is supported until April 9, 2019 (and before you ask, POS means "Point Of Sale" rather than the arguably more apt "Piece Of Shit")

Check here:
http://www.zdnet.com/article/registry-hack-enables-continued-updates-for-windows-xp/

Or just google: posready registry hack

This vulnerability appears to be patched (http://tinyurl.com/ndg2tew)
                    

Vekseid

Quote from: gaggedLouise on July 25, 2015, 03:32:22 PM
If I've understood this right, the fonts that would be dangerous have to be specially crafted and then used on a page where you'd have to access them (that is, open the actual document or video where they're used). So then, does that mean the following?

1) the 'type infection' is not contagious to ordinary fonts. Somebody might craft a font that looks a lot like a well-known font, but it would only be the "crooked font" that carried the attack.

Yes

Quote
2) the font would have to be used in something you actually click on or start? A specific article, a video clip or a pdf file you'd open. The attack mode isn't simply a drive-by attack from some random webpage or embedded clip in the page, as soon as the wider page is accessed.

No, it's been possible since IE 5.5, Firefox 3.6, Chrome since it's inception, etc. to embed a font directly into a web page. So all you have to do is visit a malicious page and you have code running in kernel context.


Peripherie

I deleted Adobe Acrobat Reader and downloaded Foxit but had numerous problems, from printing to saving to the program just stalling/freezing on me. I removed it and downloaded Sumatra and haven't had any issues.

Just wanted to provide that feedback unless someone else was going to delete Acrobat and wanted some info on the ones Veks suggested (and thank you for that!).
"Clouds come floating into my life, no longer to carry rain or usher
storm, but to add color to my sunset sky." - Rabindranath Tagore

Vekseid

Yeah, I normally use Sumatra but have had problems with a few pdfs where I needed Foxit to view them properly.

Sumatra is extremely lightweight.

Geeklet

There is a site I visit that requires flash to be viewable, but something Ive discovered, which might help other people too, is that there is a Chrome Extension called FlashControl, which can disable anything that requires flash automatically, but still allow it to be viewed with a click if you desire to see it.

Haibane


Yano2mch

Quote from: Vekseid on July 27, 2015, 10:29:20 PMSumatra is extremely lightweight.

I love Sumatra, been using it for years. I sorta found it curious how Adobe PDF Reader will take something like a minute to load and get everything going, when Sumatra is instant, and gives me everything I need. If we can drop flash altogether I'll happily forget Adobe exists.

Vekseid

Quote from: Geeklet on July 27, 2015, 10:51:48 PM
There is a site I visit that requires flash to be viewable, but something Ive discovered, which might help other people too, is that there is a Chrome Extension called FlashControl, which can disable anything that requires flash automatically, but still allow it to be viewed with a click if you desire to see it.

Gwuh, there's an equivalent for Firefox too, called Flashblock. Had completely forgotten about it : /

Geraint

#120
Quote from: Vekseid on July 28, 2015, 10:42:47 AM
Gwuh, there's an equivalent for Firefox too, called Flashblock. Had completely forgotten about it : /
There's a way of setting Internet Explorer to do the same, as long as you don't mind a box popping up at the bottom of the screen every time you visit a site with Flash asking you if you want to enable it for that site.

On a sidenote, I'm running 64bit Windows 7 Professional and IE10 and have Flash entirely removed, but am finding that my computer plays flash files anyway (from a site Veks identified as still using flash) though with a somewhat different looking player.  I can't figure out what is playing them, as I haven't installed another Flash player, but it's not Adobe and I'm not going to complain ... especially as it seems to play them better.

Yano2mch

Quote from: Geraint on July 28, 2015, 12:46:39 PM
On a sidenote, I'm running <snip> IE10 and have Flash entirely removed, but am finding that my computer plays flash files anyway (from a site Veks identified as still using flash)

Hmmm is IE10 HTML5 compliant? I heard more features were added to help with multimedia and getting around flash perhaps loading a local/default player instead of using adobe's plugin as a middleman (But for non-video I'd be a little more scared).

But I'm not fully certain on this. You might check the task manager, see if any interesting programs are open that weren't open before...

Oreo

I have noticed that flash/Youtube still plays, but any page on E or the net that I open that has a video or gif takes at least 45 seconds to load the thread/page. Also the page never stops loading, the load indicator keeps circling.

She led me to safety in a forest of green, and showed my stale eyes some sights never seen.
She spins magic and moonlight in her meadows and streams, and seeks deep inside me,
and touches my dreams. - Harry Chapin

Geraint

Quote from: Oreo on July 29, 2015, 12:38:24 AM
I have noticed that flash/Youtube still plays, but any page on E or the net that I open that has a video or gif takes at least 45 seconds to load the thread/page. Also the page never stops loading, the load indicator keeps circling.
That happened for me when I had Flash. :D

Oreo

Quote from: Geraint on July 29, 2015, 01:05:42 AM
That happened for me when I had Flash. :D
Funny that! It's starting to make me question whether I want to open certain threads or FaceBook.

She led me to safety in a forest of green, and showed my stale eyes some sights never seen.
She spins magic and moonlight in her meadows and streams, and seeks deep inside me,
and touches my dreams. - Harry Chapin