Following on from our security alert this week MSN have not only delayed the release of an external beta but they're planning to remove crucial new features temporarily. According to sources close to MSN, MSN Messenger 7 beta will ship without 'winks' and deluxe display pictures. Currently it's easy for hackers to exploit the code of winks to display any flash movies on a users computer for any amount of time.
MSN took the decision following the public announcements of the exploits. We're unsure whether 'winks' are going to be axed from MSN Messenger 7 or whether MSN are merely revamping them to be included in later betas.
In other news, The Messenger team will be implementing a CVR update that will force all existing MSN Messenger V7.0 users to downgrade to V6.2. This CVR is scheduled to start on 6 Oct 2004. Anyone running MSN Messenger V7.0 build 0205 will need to downgrade. If you do not downgrade, you will be unable to sign into the Messenger service. We're unsure whether this will effect other builds.
News source: In-House
MSN took the decision following the public announcements of the exploits. We're unsure whether 'winks' are going to be axed from MSN Messenger 7 or whether MSN are merely revamping them to be included in later betas.
In other news, The Messenger team will be implementing a CVR update that will force all existing MSN Messenger V7.0 users to downgrade to V6.2. This CVR is scheduled to start on 6 Oct 2004. Anyone running MSN Messenger V7.0 build 0205 will need to downgrade. If you do not downgrade, you will be unable to sign into the Messenger service. We're unsure whether this will effect other builds.
News source: In-House
The Mydoom.m variant that appeared in August hung on to fifth place with the same occurrence rating. The main newcomers this month are two Mydoom variants that appeared in the space of a single day. Bagle authors were not caught napping and brought their summer holidays to a close by releasing several new variants, which all used email and file-sharing networks to spread. TrojanDownloader.JS.Gen is a catch all name for a huge number of Trojans written in Java Script.
We group them together because they all have only one function - to download other malware from the Internet. This summer virus coders were placing such Trojans on websites, wheras in September we saw a new trend: using spammer techniques to mass mail malicious programs. On the one hand, Bagle, LovGate and NetSky variants carry on creating a steady background of virus activity, moving insignificantly up and down in the ratings.
On the other hand, the old steadfasts Swen and Sobig.f have finally disappeared from the Top Twenty. In other words, September 2004 finally saw malware created in previous years vanish totally from the ratings: we now have only viruses created in 2004. Moreover, 16 out of 20 viruses in this month's Top Twenty are worms from only three families. The only serious competion Bagle, NetSky and Mydoom variants face comes from Zafi and Lovgate.
1 +3 I-Worm.NetSky.q 21.67
2 -1 I-Worm.NetSky.aa 13.79
3 +1 I-Worm.Zafi.b 12.70
4 -2 I-Worm.NetSky.b 9.63
5 - I-Worm.Mydoom.m 5.34
6 +2 I-Worm.Bagle.z 4.86
7 +2 I-Worm.NetSky.d 4.55
8 New TrojanDownloader.JS.Gen 4.41
9 -3 I-Worm.NetSky.t 2.51
10 +1 I-Worm.NetSky.y 1.62
11 -1 I-Worm.LovGate.w 1.41
12 New I-Worm.Bagle.as 1.35
13 +2 I-Worm.Mydoom.l 1.11
14 -2 I-Worm.NetSky.r 1.08
15 New I-Worm.Mydoom.t 0.93
16 +3 I-Worm.Bagle.gen 0.86
17 Re-entry I-Worm.NetSky.c 0.83
18 -5 TrojanDropper.VBS.Zerolin 0.73
19 New I-Worm.Bagle.ah 0.62
20 New I-Worm.Mydoom.u 0.51
Other malicious programs 9.50
also MSN have every right to do this if there are security issues, it's there software and there network.
The whole idea of Beta testing is to HELP the vendor, so if your not helping the vendor quit complaining
and its MY pc
it's their software and their network
then just don't install it/use it. It's that simple.
You can't steal an apple, put it in your house and later say: "NO, ITS MY HOUSE so you dont get it back"
What kind of logic is that? You can do whatever you want with your PC but don't be claiming "it's my PC, it's my PC" when you can't sign in because it is their network.
And they are't forcing you to uninstall it. You can keep it on there as long as you want. You jus twon't be able to use their network resources if you so choose to.
Edit: Removed the link myself *points at posts down the road*. It's on the Mess.be forum, anyhow (Under "MSN Messenger"
O well
Or, just send a wink that blocks all the other winks (like timothy's or mine)
Flash sigs would be dangerous too then. OMG Its an alert window, now my meguhurtz will be stoeled!111one
When it's running in messenger7 (just msn7, ms forgot to secure it), it's unsecured, it can read and write to the file system
Delays Delays Delays. I'm Lovin' it
I know i wouldnt.
It's just so funny that a mayor company like this seems to have huge problems with virtually every new thing they develop. They REALLY didn't knew about this problem before leaking this build???
Last edited by 22885 on 06 Oct 2004 - 19:44
http://www.neowin.net/forum/index.php?showtopic=225761&st=0
I made it more to joke, but in a way it's good they're taking security so seriously.
You only have to wonder why they didn't see this when it just took a matter of days to discover in the "public beta".
MSN Messenger 7 build 205 is still operating within normal parameters
moo
thx
I really like the new MSN, too bad i have to downgrade
Last edited by 98 on 06 Oct 2004 - 23:10
I was a bit late