Thu, Dec 29 2005 17:09
Oh let's just rip out those dll's shall we?
One of the suggestions I see on many of the Security sites are to unregister certain DLL's to ensure that this WMF vulnerability can't be exploited. Now maybe it's just me...but unregistering DLLs that break image, thumbnails and what not... and especially if I have to worry about registering those files and sticking them back in seems to me a bit drastic. To me the saner approach is to ...again...use our Risk Analysis view....
Which machines in my office are most at risk.... uh... honestly? Mine. But do give extra protection for all in the office...what's an easy protection mechanism that I can do on my network?
Steps I've already done...block files at the mail gateway ....block image types at the firewall.....
Okay so what else can I do on my machine.... Enable DEP protection for all programs. Viruslist says that DEP is marginally effective and doesn't work if you have image viewers like Irfanview. Yo. Folks. Irfanview is a known image program in the forensic biz that can view ANYTHING. I don't define it as the 'viewer of choice for many'. Geeks maybe. But my Mom and Dad? No.
Do I have it on any other machine except for mine? Nope. Does it appear that enabling DEP for all programs is effective for mere mortals that have normal software at this time? Yes. Can DEP be enabled without major impact? You bet your bippy. Working just fine here and so I'm thinking...why the heck am I leaving it at the default?
P.S. Knowing my luck I'll probably find out that bippy means something obscene....
Filed under: Security