Sponsor's Message

Yesterday I pointed out that a new vulnerability in MS Windows was exposing virtually all users of the OS to the risk of being smacked by malware which could be installed by the simple process of viewing an image or visiting a website containing such an image.

Microsoft are aware of the problem, in fact they've been aware of it for nearly a week now -- but they're still not planning to release a patch for nearly another weak.

This isn't new of course, there have been numerous occasions in the past where a flaw in Windows has exposed people to potential attack. However, this time there are some differences that I find hard to fathom.

Now have your say Got something to say about today's column, or want to see what others think?  Visit The Forums While you're here, why not visit the Aardvark Hall of Shame and perhaps make your own nomination. 7

First-up, this is no vector for "potential" attacks. Several tech-news sites are already reporting a growing range of very real exploits in circulation that are based on this vulnerability.

This means that a huge number of PCs have already been infected with malware as a result of Microsoft's inaction and goodness knows how many more will be infected by the time an official fix is released.

Secondly, the mainstream media has greatly underplayed the significance of this situation.

Let's be quite clear about the potential scale of this problem...

ALL PCs running all versions of MS Windows are affected.

There is no real way to avoid becoming infected if you inadvertently stumble across a suitably crafted image while browsing the web or reading your email.

The malware that may accompany such an infection could do just about anything to your PC -- including installing keloggers, trojans, viruses, or just totally wiping your hard drive.

Given just how dependent we have all become on the use of our PCs and the internet, why on earth aren't the mainstream media making a huge noise about this massive threat?

Why on earth aren't Microsoft pulling out all the stops to get that patch out TODAY rather than next week sometime?

Why aren't banks and other institutions that rely on a trustworthy and secure connection between users and their transactional systems slamming Microsoft for their tardiness and warning users about the risks of using any supposedly secure system while such a threat exists?

How long before a sensibly long patch testing programme becomes a negligently excessive delay that therefore makes MS culpable for the damages that such a flaw in their software might produce?

Quite frankly, I think we need to ask our mainstream media a few questions about prioritising their news items and someone at Microsoft needs their backside kicking.

So today's questions:

Until the patch is released, what steps are you taking to avoid being hit by malware that exploits this hole?

Have you installed (against the advice of at least one security company) the unofficial patch for this problem?

How do you feel about Microsoft's response time to this flaw?

Are you concerned that millions of Kiwi PC users are probably totally unaware of the risks they currently face and the fact that the mainstream media seems happy to keep them in the dark?

Tell us all and see what others have to say in The Aardvark Forums

If you feel that this is a good thing and/or you hold a "geniune affection" for yours truly -- then you are welcome to gift me some money using the buttons provided. In gifting this money you accept that no goods, service or other consideration is offered, provided, accepted or anticipated in return. Just click on the button to gift whatever you can afford. NOTE: PayPal bills in US dollars so don't accidentally gift more than what you were intending :-)

Contacting Aardvark
I'm always happy to hear from readers, whether they're delivering brickbats, bouquets or news tip-offs. If you'd like to contact me directly, please this form. If you're happy for me to republish your comments then please be sure and select For Publication.

Other media organisations seeking more information or republication rights are also invited to contact me.

Just add a couple of lines of JavaScript to your pages and you can get a free summary of Aardvark's daily commentary -- automatically updated each and every week-day.

Aardvark also makes a summary of this daily column available via XML using the RSS format. More details can be found here.

Contact me if you decide to use either of these feeds and have any problems.

Linking Policy
Want to link to this site? Check out Aardvark's Linking Policy.

Did you tell someone else about Aardvark today? If not then do it now!