I installed the patch and then had some second thoughts. Is the patch going to create problems?
So I thought I'd post a poll and find out how many of the people who know what they are doing have also installed the patch.
Here is a link with some discussion about the prs and cons of using unofficial patches:
http://www.sans.org/newsletters/newsbites/...sue=1&rss=Y#200
Edit: looks like I messed up with the poll. Oh well. In that case, please just hit the reply button
Full Version: Survey: Wmf Vulnerablility
I installed used grinlers app...I feel good .says I'm clean...I wouldn't go out to get something that grinler posted for us to use..
I probably should've done that 
So, we've got one so far(because I'm guessing Grinlers app just repackages the unofficial patch???
Or did grinlers utility just unregister the thingy(that's a technical term!) that microsoft said to unregister?? Shame on me for not having the time to fully read up on this - it's been a busy week ).
Anyone else?
So, we've got one so far(because I'm guessing Grinlers app just repackages the unofficial patch???
Or did grinlers utility just unregister the thingy(that's a technical term!) that microsoft said to unregister?? Shame on me for not having the time to fully read up on this - it's been a busy week ).
Anyone else?
Ilfak's patch was pushed out at my work yesterday, surprisingly as they are usually cautious to the point of inertia about new technologies (it was only a few years ago I was still supporting some OS2 machines *cough*), and it promptly broke $Major_Marketing_App and had to be removed from the pcs which use that (luckily only a few). The push has been left running, though, so I guess the PHB's have decided the risk of breaking a few apps is the lesser of two evils (and considering the ad and junkware littered websites many of our users insist on frequenting, I have to agree).
I would have no qualms about installing Ilfak's patch on my home Windows XP machine, but I also have no motivation to do so. I can keep "Lazarus" offline until MS comes out with their patch, while "Velma" (my Cube), "Precious" (my Powerbook), and I watch the show from the safety of OSX.
I would have no qualms about installing Ilfak's patch on my home Windows XP machine, but I also have no motivation to do so. I can keep "Lazarus" offline until MS comes out with their patch, while "Velma" (my Cube), "Precious" (my Powerbook), and I watch the show from the safety of OSX.
I have not installed Ilfak's patch, but only because I run ME. If I was able to I would.
He is an admired member in the tech community. As a matter of fact his site was down this past Wednesday, citing bandwidth issues.
There lies your answer BanditFlyer.
Also, the SANS Institute's Internet Storm Center recommends applying the patch, so....
An informative read: http://www.informationweek.com/software/sh...cleID=175801150
Excerpt:
I agree.
Pretty bad when ever a third party has to roll up his sleeves to do what M$ should of been doing all along.
Shame, shame. Shame's thier name.
He is an admired member in the tech community. As a matter of fact his site was down this past Wednesday, citing bandwidth issues.
There lies your answer BanditFlyer.
Also, the SANS Institute's Internet Storm Center recommends applying the patch, so....
An informative read: http://www.informationweek.com/software/sh...cleID=175801150
Excerpt:
QUOTE
While Microsoft has chosen to patch the WMF vulnerability during its normal Patch Tuesday download, this comes well after it should have. "They have historically released patches on special occasions, and this is clearly one of those occasions,"
I agree.
Pretty bad when ever a third party has to roll up his sleeves to do what M$ should of been doing all along.
Shame, shame. Shame's thier name.
Hi Scarlett? I have downloaded Ilfaks patch as per Grinler instructions...do Microsoft have theirs out yet then...and will they contact me ie. when i do an update on IE? I have kept Grinlers instructions regarding uninstalling and reinstalling the other...er..thingy he said to do.. 
sorry...me in blonde mode tonight!! Oh..and Happy New Year too...x oops...just looked around and seen that Microsoft have indeedy released theirs today and have uninstalled Ilfaks patch and did the DLL thingy..(love my knowledge of computer speak I do!!)so apologies...should read more!!
I asked on another forum if anyone was considering installing Ilfak's patch rather than the Microsoft one, permanently. I'm frankly on the fence as to which I feel more comfortable "trusting"...but I'll admit at this point I'm leaning in the former direction. A well respected programmer really pouring his all into his code and inviting everyone to check it out sways me more than a monopoly corporation scrambling to save face. 
Now that MS has been goaded into doing what it should have done in the first place, namely issueing a patch to a major security vulnerability in a timely manner, this question is rather moot.
All Windows users owe Ilfak an immense thanks both for his concern over the vulnerabilty, and by publishing it, his forcing MS to take some action. I also note that several commentators have also raised the question about MS's sluggishness after Ilfak published his solution.
Regards,
John
All Windows users owe Ilfak an immense thanks both for his concern over the vulnerabilty, and by publishing it, his forcing MS to take some action. I also note that several commentators have also raised the question about MS's sluggishness after Ilfak published his solution.
Regards,
John
QUOTE
Ilfak Guilfanov is far from a household name.
But that may soon change as the Russian software developer's unauthorized Microsoft security patch is increasingly installed onto computers worldwide......
Why do you think your unofficial patch has been so popular with users?
I cannot tell for sure, but most likely because of my reputation as the author of IDA Pro disassembler...Second, the fix comes with the source code. This makes much easier to verify it--this is what exactly happened at the SANS Institute. The experts confirmed that the fix does exactly what it is supposed to do and approved it.
But that may soon change as the Russian software developer's unauthorized Microsoft security patch is increasingly installed onto computers worldwide......
Why do you think your unofficial patch has been so popular with users?
I cannot tell for sure, but most likely because of my reputation as the author of IDA Pro disassembler...Second, the fix comes with the source code. This makes much easier to verify it--this is what exactly happened at the SANS Institute. The experts confirmed that the fix does exactly what it is supposed to do and approved it.
Full interview here:
http://news.com.com/Beating+Microsoft+to+t....html?tag=carsl
Microshaft probably pinched his to get their's out faster... IMHO 
Thank you Ilfak Guilfanov for your selfless efforts I owe you a dinner
Thank you Ilfak Guilfanov for your selfless efforts I owe you a dinner
QUOTE(jgweed @ Jan 5 2006, 08:12 PM) 
All Windows users owe Ilfak an immense thanks both for his concern over the vulnerabilty, and by publishing it, his forcing MS to take some action. I also note that several commentators have also raised the question about MS's sluggishness after Ilfak published his solution.
Regards,
John
Regards,
John
It's now history, isn't it? But for the record and the poll, I installed Ilfak's patch the day it came out. It installed well, It had CLEAR instruction about installing, uninstalling, and then after MS decided to slooooooooooooooowly follow suit of one HERO TO US all, it uninstalled cleanly. (I did not do the DLL tweaking, Ilfak explained it wasn't too good)
THANK YOU, ILFAK!! Way to go. Keep at it.
Hey, moderators, perhaps we should send this thread to Ilfak
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.