:: 17-Oct-2000 10:00 (Tuesday) ::
I’ve updated my wormfree utility again to fix a number of other minor
issues. Previously it required a Win98+ or Win95 with IE4 desktop update
installed (now it should run on all Win95, Win98, Win98 SE, and WinME
systems). Additionally, there were rare cases where wormfree would perform
an access violation. It now also attempts to clean a few other no-impact
registry key locations. If you have used previous versions of my wormfree
utility and are really paranoid, you can try re-running this new one.
You can download this new version from:
http://www1.distributed.net/~bovine/wormfree.zip
A related issue is a recent security vulnerability that has been found in
all Win9x systems that would enable another user to access your file
shares, even if you have assigned a very complex password to it. Although
there are currently no worms that utilize this vulnerability, this reason
alone is sufficient to warrant not arbitrarily sharing potentially
vulnerable directories that contain things that get executed. Minimally
this means that you should not share any drive or directory that includes
your WINDOWS directory or your “Program Files”. If you really must use
file-sharing for collaboration, you should create a special folder someplace
on your hard drive, and share ONLY that folder itself (and possibly include
a password, with the understanding that no password or key is truly secure).
You can read about the Microsoft Security Bulletin at the following
location: http://www.microsoft.com/technet/security/bulletin/MS00-072.asp