Stuart J. Johnston

I feel some nostalgia as I write this column because, after penning Bugs & Fixes for eight and a half years--102 columns total--it's time for me to sign off. I've immensely enjoyed writing for you through all those years, and I'm grateful that PC World gave me the opportunity to do so.

I've always had two goals in mind: helping you ward off current threats, and providing useful information about how security holes and attacks on them work, so you'll be better prepared to deal with future problems. I hope that I have fulfilled at least the spirit of those goals. Now, as my dad back in Montana used to say: "nuff said."

Microsoft recently released two new patches, one of which fixes a security hole that the company has been trying to plug since 2001. Amazingly, no one exploited the hole during those seven years.

Previous patches had mitigated the problem, so Microsoft rated its severity level as Important, the second-highest rating on the company's four-tier scale.

A scary security flaw that would allow malicious worms to infect one PC and then automatically jump to others prompted Microsoft to release a rare out-of-cycle patch in October. The glitch is critical for both 32-bit and 64-bit versions of Windows XP and Windows Server 2003, and for Windows Server 2000. Microsoft says that targeted attacks exploited the hole prior to the patch's release, and that "detailed exploit code" is currently available online.

This marks the first time since April 2007 that Microsoft has released a fix outside of its normal Patch Tuesday cycle; it wa s sparked by lessons learned from worm epidemics like Blaster and Slammer, which cost users billions of dollars to disinfect in 2003.

Apple's hugely popular devices may have become gold standards, but recent glitches in the new iTunes 8 bring an unwelcome blast from the past to Microsoft's latest operating system. Connect an iPhone or iPod, and some Vista PCs either crash with the dreaded Blue Screen of Death or spontaneously restart.

Apple says the problem can have more than one cause, and the company hasn't yet promised a patch. But if you're suffering from this unhappy pairing, Apple suggests a few options, including reinstalling iTunes 8, updating old device drivers, and checking for address conflicts be­­tween USB devices. For details, including which iPod models can have trouble (all iPhones do), head to Apple's support page.

Illustration: Harry CampbellMozilla's Firefox 3, upon its recent release, set a new record for browser downloads in a single day: more than 8 million copies in just 24 hours. So it's no surprise that these days hackers are spending more time hunting for Firefox holes.

Mozilla issued updates to patch two security holes in both Firefox 2 and 3. The first fix blocks a malicious attack program from crashing Firefox by sending more pipe (the vertical line, or "|") characters than the browser can handle. The second vulnerability involves a similar overflow attack risk.

Illustration: Harry CampbellThese days, the makers of popular software may as well put big bull's-eyes on their products. When nearly everyone uses a particular program, a security hole in that application instantly creates a huge pool of targets for online crooks.

Here's an example: This month Adobe closed a hole in its Acrobat and Reader programs even as they were already under attack--a true zero-day scenario.