HOME
TOPICS
ABOUT ME
MAIL

 
Here's what Microsoft itself says: 'Make sure you have no trusted publishers, including Microsoft.' How much longer should we stand for this?
  technofile
Al Fasoldt's reviews and commentaries, continuously available online since 1983

Christmas 'gift' for Windows users could be a virus or break-in


Dec. 25, 2002


By Al Fasoldt
Copyright © 2002, Al Fasoldt
Copyright © 2002, The Post-Standard

   This is the best time of the year for computer hackers. They know that millions of kids, teenagers and grownups will be spending the next few days playing with new computers, paying little attention to Internet security and computer safety.
   Windows PCs are inherently unsafe. If you use a Windows PC, you need to take extra precautions to protect your privacy and your files. Windows itself has almost no built-in protection, and it can't even do anything on its own to block the thousands upon thousands of computer worms and viruses that attack PCs running Windows.
   There are 10,000 new worms and viruses every year. The problem is getting worse month by month. Most Windows users might think they don't have to worry about worms and viruses if they are careful about opening e-mail attachments. But this is dangerously wrong.
   Worms and viruses can enter Windows PCs in many ways. They don't need to arrive hidden in attachments. Your Windows PC can get infected by computer worms and viruses even if you never open attachments that come in the mail.
   The problem of Internet security and safety is far worse than most experts understand. Let me give you two examples.
   A few days ago, Microsoft admitted that Windows XP -- the version of Windows that nearly all new PCs come with -- has a gigantic flaw that allows anyone to steal files from your PC just by creating an MP3 music file a certain way.
   This sounds hard to believe, but it gets worse. You don't even have to download this kind of malicious file to set off the time bomb. Here's the warning from Microsoft:
   "If a user were to hover his or her mouse pointer over the icon for the file (either on a web page or on the local disk), or open the shared folder where the file was stored, the vulnerable code would be invoked."
   If you're still wondering if you really need to get serious about protecting your computer, you just saw your reason. All you (or your kids) have to do is place your mouse pointer over the icon for the file. No clicking involved.
   But it gets even worse. A few months ago, when Microsoft warned about yet another security flaw in Windows, the company explained that the mistake in its operating system threatened nearly every Windows PC ever made because it involved what are called "Data Access Components" (DAC) universally used in Windows.
   Windows is so full of inconsistencies that not even the usual procedure for fixing this DAC problem is reliable. Even if you use the Windows Update program to replace the bad DAC with a good one, Windows itself can undo your fix and put the bad code back on your PC.
   When would it do that? When you check the box that says "Always trust Microsoft" when a Web site wants to install something on your computer. (The checkbox lets you establish which software "publishers" can be trusted.)
   Here's what Microsoft itself says: "Make sure you have no trusted publishers, including Microsoft."
   Is this crazy? You bet. If you use Windows, it's time you installed good antivirus software and a script blocker. I recommend AVG antivirus and Script Sentry, both free. Use those words in the search form on my site, http://technofileonline.
   And take Microsoft's advice. Don't trust a company that can't get things right. Take security and safety into your own hands. That's one way to have a Merry Christmas and a safe New Year.