Computer Security Weekly, July 3, 2000


Want to protect yourself against MS Outlook/Office viruses, but don't want to use Microsoft's rather draconian patch? Other otions are available. One, called "Just Be Friends," is from Reliable Software Technologies. No endorsements or recommendations, just for your info.

http://www.rstcorp.com/news/jbf.html.

And, what with Microsoft's long record of not caring about security, would you buy a used firewall from these people? Well, Microsoft is now wanting to get into the security field. Some people are skeptical, others are ready to buy anything with the Microsoft name on it.

http://www.itworld.ca/dailywire/dailyitw... http://www.internetwk.com/story/INW20000...

How about some soft SOAP? The Simple Object Acess Protocol is a proposed standard for connecting Internet applications, across platforms, using XML messages. No security is required in most standard Internet applications, and SOAP doesn't call for any, either. At the moment, I would view this one with skepticism. There are all kinds of chances to mess up real good when you start making things more convenient without thinking it through. In Microsoft's own words on the subject, SOAP is a way to get around those pesky firewalls.

http://soap.weblogs.com/ http://msdn.microsoft.com/library/period...

Hate that annoying paperclip "helper" in Office? You just got a whole new set of reasons. Apparently the Microsoft Office Assistant is programmable, and an attacker can write scripts that are able to do all kinds of wonderful things. Oh, and by the way, all Office Assistant scripts are considered "safe" by default.

http://www.zdnet.com/zdnn/stories/news/0... http://www.microsoft.com/technet/securit... http://officeupdate.microsoft.com/2000/d...

You heard that Burger King was giving away free demo copies of Net Nanny, and then suddenly wasn't? It seems that the program displays a list of restricted sites as it is beign installed. This is probably a good thing, considering other programs which try to hide what they are doing. However, a number of kids were using the list as a set of suggestions for sites to visit.

Windows 2000 uses Windows File Protection, just like NT. One enterprising user has found that a specific value, plugged into a standard Registry setting, will completely disable it. Watch for WFP disabling viruses and trojans to become the norm.

Georgi Guninski's been at it again. This time he's found two related quirks using the OBJECT tag in IE 5 with Office 2000 versions of Access and Excel. A malicious WEb page can sliently load VBA code and get the Office programs to execute it. There isn't much that can't be done at that point. Oh, and, by the way, if you have your system set to alert you to ActiveX controls being run, the prompt won't appear until *after* the code has been executed.

http://www.nat.bg/~joro/access.html http://www.nat.bg/~joro/sheetex.html

mailto:rslade@vcn.bc.ca
mailto:rslade@sprint.ca
mailto:robertslade@usa.net
mailto:p1@canada.com Robert Slade's Guide to Computer Viruses, 0-387-94663-2, (800-SPRINGER)
The copyright of the article Computer Security Weekly, July 3, 2000 in Computer Security is owned by Robert Slade. Permission to republish Computer Security Weekly, July 3, 2000 in print or online must be granted by the author in writing.

Go To Page: 1

Articles in this Topic    Discussions in this Topic