Tuesday, February 27, 2007

Rant Re: "Microsoft probes IE 7, Vista bug reports"

I have seen so many blog posts the past couple of days incorporating the title Microsoft probes IE 7, Vista bug reports, copied from a ZDNet article, that I am beginning to wonder if people are reading what they are copy/pasting or even giving the articles much more than a cursory glance.

Obviously, ZDNet was practicing a bit of headline grabbing by specifically using the words "Microsoft" + "probe"
+ "IE7" + "Vista" + "bug" in the title of the article. Even more obvious, too many others (whether reporting services or individuals) did not read the article either or chose to go on with the headline grabbing. As of this posting there are 82,100 search results for "Microsoft probes IE 7, Vista bug reports".

The reality of the French Security Incident Response Team alert
FrSIRT/ADV-2007-0713 is that there is an Internet Explorer vulnerability which could be exploited in phishing attacks. This vulnerability affects both IE6 and IE7. According to the ZDNet article, Microsoft is quoted as saying:

"The IE flaw could only be exploited if an attacker were to lure a victim to a malicious Web site and then persuade the user to enter the address of a trusted site into the address bar. "Customers can avoid this attack by opening and using a new instance of IE before visiting an untrusted site," Microsoft said.

ZDNet explains the Windows issue as being "due to a problem with a component that does not properly validate user permissions", further indicating that this "could be exploited by an attacker with access to the machine to get information on protected files." The FrSIRT/ADV-2007-0701 alert reports states that Microsoft Windows Server 2003 SP1; XP SP2; 2000 SP4 and Windows Vista are affected.

It is, however, important to note Microsoft's explanation of this low-risk vulnerability:

"The Windows problem, aside from requiring the attacker to be logged on to the vulnerable computer, appears to only expose file information, not the actual contents of the file, Microsoft said."

So what is the real headline?

Microsoft is investigating two recently disclosed low-risk security vulnerabilities that affect Internet Explorer and the Windows operating systems.

Vista Codec Package x64Components 1.0.3

Having helped my share of computer users remove fake codecs from their computers, I am making a point of keeping track of Vista Codec Package x64Components 1.0.3. The publisher's description:

"With Vista Codec Package installed, you won't need to install any other codec or filter. Many user suggested default settings are implemented. It does not contain a media player. It does not associates filetypes. With this package installed you will be able to use any media player (limited only by the players capabilities) to play DVD's, movies and video clips of any format. Streaming video (real and quicktime) is supported in web browsers. Visit the homepage to get a 64bitAddon which enables xvid, divx and DVD playback in Vista's MediaCenter.

Do you want to watch your favorite video in MediaCenter? These components are tested on Vista Ultimate x64. This release is fully compatible with the 32bit codecs installed by the Vista Codec Package. t is fully uninstallable through the Windows interface. This release will not install on a x86 systems."

The software is "freeware" and is supported on Windows 2003, XP and Vista.

Updated Windows Vista Bookmarks

It seems that every day I am reading a blog that leads me to a new site or tutorial to add to Windows Vista Bookmarks. Since that site remains "static" with new posts only when new categories (labels) are added, I will do an update post here periodically listing the additions.

A major addition was a compilation of Vista Compatible Antivirus Software. The compilation updated the posts made here on Security Garden. Thanks to Jesper's 64-Bit Anti-virus for Vista and his link to Malke's list of 32-bit anti-virus programs, I was to provide that breakdown as well.

Virtual PC 2007 is another added category.

Additions to Vista Security Help and Tutorials include:
A bookmark to the incredible photography in the Windows Vista Desktop Wallpaper Pack by Hamad Darwish | World of Photography was added to Windows Vista Customizations.

Thanks to VistaJuice, I found DriverMax (backup drivers) for Drivers, Hardware and Software, which also was updated to include Microsoft's update to the list of "Certified for Windows Vista" and "Works with Windows Vista" (see Microsoft Knowledge Base Article 933305)Mentioning VistaJuice above, reminds me that I also added a few sites to Vista Blogs and Forums including Microsoft MVP James M. Fisher's website, Windows Talk, Windows-Now, and VistaJuice.

I may have missed one or two additions but the information above is enough to clue you in that Windows Vista Bookmarks is a good place to start when looking for information on Windows Vista.

By the way, Windows Vista Bookmarks is mirrored in a page per category layout format at Connected to Vista Bookmarks with a topic in the Windows Connected Lounge for submissions.

Monday, February 26, 2007

Important for Vista Users -- WGA Activation Issues

Having just finished reading a series of articles by Ed Bott's Microsoft Report regarding Vista WGA (Windows Genuine Advantage) problems, I am hoping others will spread the word to Vista users to install update 931573, described in Microsoft Knowledge Base Article 931573, "You may be prompted to activate Windows Vista on a computer on which Windows Vista activation was not previously required", last reviewed 15Feb07.

KB 931573 rather obscurely advises users that activation prompts may unexpectedly occur on a Windows Vista computer if the user does one or more of the following:
  • Install a device driver
  • Install a program
  • Run a new program
  • Remove a program
Since those are pretty ordinary activities performed by a computer user, I am disappointed that Microsoft has not released KB 931573 at least as an "Important" update. First and foremost, if you operate Windows Vista, visit Windows Update: http://windowsupdate.microsoft.com or the Microsoft Download Center for Windows Vista:
Before I send you off to read Ed Bott's articles, if you have experienced this issue, be sure to pay attention to the cause, in particular the "Note", as well as the resolution reproduced from KB Article 931573. This is an important update for Windows Vista users.

This problem may occur because a specific system setting is removed when a program runs with administrative credentials. The removal of this system setting may cause a BIOS validation check to fail. The BIOS validation check is part of the system activation process. Therefore, you may be prompted to activate Windows Vista, even though the system did not previously require activation. For example, this problem is known to occur when you use Intuit QuickBooks 2007. However, this problem may also infrequently occur when you install other programs or device drivers.

Note This problem does not occur because of an issue in the installed program or device driver. This problem is caused by a system problem in Windows Vista.


To resolve this problem if it has already occurred, use one of the following methods:
  • If you have been prompted to activate Windows Vista, and you have not used the product key to manually activate Windows Vista, install update 931573, and then restart the computer.
  • If you have been prompted to activate Windows Vista, and you have used the product key to manually activate Windows Vista, install update 931573, and then activate Windows Vista by telephone. For more information about how to activate Windows Vista, click the following article number to view the article in the Microsoft Knowledge Base: 925616 Error message when you start Windows Vista: "Your activation period has expired"
Enough of the boring stuff. Now read Ed's articles:
  • A brief history of anti-piracy at Microsoft by ZDNet's Ed Bott -- "I’m revisiting Microsoft’s Genuine Advantage program this week, in light of the introduction of a new WGA Notifications tool for Windows XP and Windows Server 2003. As background, I thought it might be interesting to post a brief history of how Microsoft’s anti-piracy programs have evolved over the past 25 years."

  • Problems arise with Vista’s validation by ZDNet's Ed Bott -- "Microsoft announced its new anti-piracy measures for Windows Vista last fall with an assurance that its tight integration into the operating system would reduce the number of false positives. But its own message boards tell a different story, with at least four third-party applications now known to cause validation problems and even outright activation failures."

  • Vista WGA problems confirmed by ZDNet's Ed Bott -- "I've seen Vista's new WGA problems up close and personal, and I've got the screenshots to prove it. Why are some programs able to convince Windows that the operating system has been tampered with? Why is Windows Defender allowing them to do it? And what can you do if you're caught in the crosshairs?"

Saturday, February 24, 2007

Vista Compatible Antivirus Software Bookmarks Added

Although I have continued adding bookmarks to Windows Vista Bookmarks, I realized today that I had not included Vista compatible antivirus software. That omission has been corrected. The list includes both 32-Bit and 64-Bit compatible software.

Windows Vista Bookmarks: Vista Compatible Antivirus Software

Mozilla Firefox and Released

mozallaZine announced security and stability updates for Mozilla Firefox. This is an important update.

Mozilla Firefox, a security and stability update for Firefox 2 addresses several security issues. All users are encouraged to upgrade to this release. For more information, refer to the Mozilla Firefox Release Notes.

Mozilla Firefox, a security and stability update for Firefox 1.5 addresses several security issues. Users of Firefox 1.5 are encouraged to update to Firefox 2. Security updates for Firefox 1.5 will be discontinued on April 24, 2007. For more information, refer to the Mozilla Firefox Release Notes

Thursday, February 22, 2007

From Substitute Teacher to Library

"If you find yourself the victim of pop-up ads on a computer, with children in the vicinity, you could face decades in prison."
The above is a quotation from Ryan Russell's Windows Secrets article, "Pop-up ads can land you in jail". Mr. Russell presents an excellent synopsis of the situation Julie Amero, a substitute teacher, has found herself embroiled in as a result of pornographic pop-ups witnessed by children on an infected computer in her classroom.

The Children's Internet Protection Act (PDF) states that local educational agencies, elementary and or secondary schools and libraries that accept revenue from a federal tax on telecommunications services must have web filtering in place. The web filtering is to block sites with obscenities and child pornography must filter Web access to block sites with obscenities and child pornography.

In the Julie Amero case, there was no web filtering in place yet she is facing up to 40 years in prison. As published in the Democrat and Chronicle (article no longer available) (D&C), it appears that the Central Library of Rochester has apparently been following a rather unusual policy of turning off the web filtering:
"Web sites blocked by filtering software may be unblocked at the request of an adult. A privacy screen is put on the monitor, and places where people can view unblocked sites is limited."
Unfortunately, the "privacy screen" was rather less than effective as hidden cameras by a local television network illustrated pornography on the computers in plain sight of passers by.

Monroe County Executive, Maggie Brooks, is threatening to pull $7.5 million in county funding for the Library if the library doesn't tighten restrictions to Internet access to pornographic materials. The D&C article indicated that accounts for about 70 percent of the library's budget and would essentially put the library out of business and cripple the library system in Monroe County.

In a follow-up article (also no longer available), the legal representative to the local American Civil Liberties Union (ACLU) was indicated by the D&C as saying the ACLU will consider suing the library if it doesn’t allow adults to get Web sites unblocked.

What did the Central Library overlook by allowing such a policy?  
First, of course, it certainly sounds to me, although I am certainly not a lawyer, that the library was disregarding the Children's Internet Protection Act by allowing library patrons to view pornographic websites.

Second, the library staff apparently has not been following the Amero case. An infected computer can essentially take on a life of its own. Pornographic websites are notorious for being sources of computer viruses, trojans and rookit infections.

If a library patron visits a site with a new variant that is not in detection by the library network's antivirus software, what happens to the next person who uses that computer? What happens if the library network is infected? What happens if a child or children are exposed to pornographic pop-ups as a result of such an infection?

I would remind the ACLU that public libraries are funded by tax-payer monies. As a result, in addition to the obligation to follow the law, it is also the obligation of the library to protect public property.

On one hand is a substitute teacher, a victim of what is in my opinion, an irresponsible school system who is facing sentencing on March 2. On the other hand is library system jeopardizing the the entire library computer network by allowing the unblocking of pornographic websites on library computers.

What a sad state of affairs.

Wednesday, February 21, 2007

CastleCops: "We Will Not Be Silenced!"

You may have heard about the DDoS (Distributed Denial of Service) raged against CastleCops. Paul posted a chart showing some of the details from the other day. That chart illustrates just a minor aspect of what the site went through.

As you can see from the title of this post, Paul, Robin and the CastleCops Team are not deterred. Although there may be some additional outages here and there as Paul and Robin make adjustments to the site, CastleCops is back full steam and anxious to get on with the CastleCops 5th Year Anniversary Celebration.

I posted updated details on the additional prizes added prior to the DDoS. You can read about it
here or just follow this link to the CastleCops Contest 2007. There are lots of great prizes to be claimed and you may be lucky enough to have your entry drawn.

Tuesday, February 20, 2007

Windows Vista Bookmarks

I have been collecting some favorite links and references on Windows Vista. Rather than keeping them to myself, I created a special blog just for Windows Vista Bookmarks.

Windows Vista Bookmarks is and will remain a "work in progress". I haven't quite decided on the layout, whether I will use "labels" or create HTML tags. Either way, the posts will be edited and other categories added as I learn about other resources.

A handy link has been added here just above "My Garden Roots".

Monday, February 19, 2007

Security for the Mind: Standal Alp Center

No, this post is not about security in the Alps or, for that matter, any type of computer security. However, if you consider peace of mind a form of security, as I do, then read on.

A friend did the web design and gave me a link to the site. I am indecisive. Is it a beautifully designed website or is it the Norwegian Alps that make the site beautiful?

If you are in the market for an Alpine retreat, this site is a must visit. Even if you just need a bit of peace of mind, enjoy the scenery and history of this beautiful area via the
Standal Alp Center.

Language Preferance:

Sunday, February 18, 2007

Juror and Detective in Julie Amero Case Speak

While catching up on my reading today, I did a double-take at Tashi's blog post at CertifiedBug in Juror and Detective in Julie Amero case speak, which led to two articles by Steve Bass at PCWorld:
Mr. Bass received an e-mail from one of the jurors on the Julie Amero case. He confirmed from the Court transcripts that the individual was who he said he was. The juror asked Mr. Bass not to reveal his real name, but to use his nom de plume, ConnYankee1951. Scary isn't it that a 55 year old man thinks he can hide behind a previously used nom de plume leading to personal information.

Follow that article with yet someone else involved in the Amero case writing to Mr. Bass wanting to be heard. Yes, the Detective involved in the case also wrote to Mr. Bass and made statements like the following:
"Those in the courtroom saw and heard the truth. Once sentencing is done the truth CAN BE presented to the world IF they want it. I'm thinking the world doesn't want to hear the truth."
Sorry, this isn't finished yet. To add to the bizarre, as Frank Krasicki describes the situation at Region 19 BOE Gazette,
"Just when you think the Julie Amero case has safely resolved itself as being the strangest case of community madness since the Salem Witch trials, it... gets even stranger.
He is right. The real kicker is the report from WTHN TV, which certainly puts a question on the integrity of the Detective:
"Newspaper: Officer admits to drinking beer during sting

(Norwich-AP, December 20, 2001, 12:40 PM) _ A Norwich police detective has admitted to drinking beer while driving a minor around the city on a sting targeting alcohol sales to underage drinkers.

That's according to a report in today's Day of New London newspaper.

Detective Mark Lounsbury, who drove the police van used in the undercover sting operation on November 30th made the admission last week to Deputy Chief Warren Mocek, the newspaper reported.

Mocek is overseeing an investigation into a misconduct complaint against Lounsbury and Lieutenant James Daigle.

A 20-year-old woman claims Daigle photographed her topless while she was working for the department in the same sting operation."

There is more. I won't steal his thunder. Read the rest of Mr. Krasicki's post for yourself at "More Porn in Amero Case".

MSN Messenger Delivers Winfixer

Same song, different pew this time. Sandi Hardmeier reported that MSN Messenger banner advertisements were distributing Winfixer. It was reported to secure@microsoft.com and it is being actively investigated by them and MSN ads team. As of now, the three featured advertisements seem to be gone, although Sandi is still in touch with those behind secure@microsoft.com and should have more to report tomorrow.

This is extremely disturbing. However, rather than repeat what Sandi wrote about the problem, its best for you to read it first hand in WARNING: Winfixer and Errorsafe being distributed via MSN Messenger banner advertisements. DiggIt here.

What I will repeat here is Sandi's strong admonition if you feel you still have to use MSN Messenger:

"I strongly recommend that all users of MSN Messenger ensure that their antivirus and antispyware applications are up to date. Do not click on any buttons in pop-up windows that you may see, and do not believe Web sites that report that they have found a problem on your computer - seriously, how the hell would they be able to tell?

Do not click on OK or Cancel buttons in the pop-up windows. Close the window using the red x close button.

I also strongly recommend that MSN Messenger users download and install Mike Burgess's HOSTS file to help block winfixer and other bad guys. You can find Mike's famous HOSTS file here: http://www.mvps.org/winhelp2002/hosts.htm"

Saturday, February 17, 2007

Spring Ahead March 11, 2007 - Computer Clock Update

Last month I provided you with information on updating your computer to accommodate the Daylight Saving Time (DST) changes soon going into effect. If you have Windows Vista or have Automatic Updates turned on, your computer and Outlook calendar (if you use it) should be updated. Note, however, that Outlook 98 and all earlier versions are no longer supported and Microsoft is not providing daylight saving time updates for these products.

Home users who wish to confirm the update has been applied can follow the steps in the Daylight Saving Time Update Guide at the Microsoft Daylight Saving Time Help and Support Center.

The best way to get the update is via Automatic Updates. However, according to
Preparing for Daylight Savings Changes in 2007:
All versions of Windows can be manually updated using the tzedit.exe utility or other techniques documented in Knowledge Base article 914387 and similar articles for other countries, which is the preferred method of remediation for any product outside of Mainstream Support.
The tzedit.exe utility is easy to use, although I do not know if it will work on unsupported versions of Windows. Please read Knowledge Base article 914387 for instructions on completing this update manually. To use the Time Zone edit utility:
  • Backup your files and close all open programs.
  • Navigate to where you saved the file and double-click to launch the file: WindowsXP-KB913446-x86-ENU.exe
  • If you did not back up your files and close other programs, do so now and then click Next.

  • As always, the standard license agreement must be accepted before proceeding.

  • In addition to checking the system, with Windows XP, a restore point will be created. I did create my own restore point first, as I always do before making system changes.

  • Click finish and its done!

Thursday, February 15, 2007

Julie Amero Sentencing Scheduled for March 2

The big news in Norwich, Connecticut and at the Norwich bulletin is that Julie Amero is scheduled to be sentenced on March 2, 2007. Security experts from all around the world have blogged and posted comments in the Norwich Bulletin articles.

I think tashi said it best:
"Comments I have read on the web remind me of The Salem Witchcraft Trials history, circa 1692."
Read the article and comments in the latest article in the Norwich Bulletin.

Alert - Microsoft Security Advisory 933052 Released

From TechNet:

Vulnerability in Microsoft Word Could Allow Remote Code Execution

Published: February 14, 2007

Microsoft is investigating new public reports of very limited, targeted attacks against Microsoft Word “zero-day” using a vulnerability in Microsoft Office 2000 and Microsoft Office XP.

In order for this attack to be carried out, a user must first open a malicious Office file attached to an e-mail or otherwise provided to them by an attacker.

As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability.

Microsoft intends to actively share information with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks.

Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.

International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

CastleCops Anniversary Bash Continues to Grow!

Even if you aren't a member of CastleCops now, you can sign up and take a chance in the sweepstakes give-away of security software and tools to Castle Cops forum members. From the original announcement:

"The Contest celebrates CastleCops five years of operation and recognizes its volunteer community outstanding achievements and excellence in Internet security. Our promoters have donated their products as prizes estimated total at $130,000 US for this contest. We thank our promoters and our community for making our anniversary a special occasion. "

Since then, additional promoters have joined in, bringing the value of prizes available to

$220,000+ US Avg Value in Prizes

You need to register at the forum, go through the email validation, and then click the link at the top of the forum to enter the contest. But that is all it takes.

Check as many (or all) of the boxes on the entry form as you wish to enter for a chance to win. If you aren't sure if you would be interested in the particular software/book, etc., that's ok. You can return and check the box later to enter that particular drawing.

Note: there is only one entry per "category". In other words, you won't be able to place multiple entries for Prevx, WinPatrol Plus, Windows Vista Ultimate or Nullbound (worth $3200), etc. After checking the box(es) and submitting your entry, should you return, those options will no longer show as available to enter.

Check out the list here: http://www.castlecops.com/modules.php?name=Contest2007 and join in the fun.

Wednesday, February 14, 2007

Did You Update Yet?

Yesterday, I posted the security updates Microsoft released. If you haven't updated your computer yet, I strongly suggest you read Bill Pytlovany's blog post. Note in particular:
"To many it was just another security update but it was one of the most important updates I’ve seen and one of the most embarrassing for Microsoft."
Read the complete transcript at Bits from Bill: Vulnerability in Live OneCare and Defender.

Tuesday, February 13, 2007

Alert - Critical Product Vulnerability - February 2007 Microsoft Security Bulletin Release

Microsoft released the security bulletins listed below for newly discovered vulnerabilities. Note that Windows Vista is not affected by these vulnerabilities. Only MS07-016 has an impact on IE7, although the impact is much more critical with relation to IE6.

The Summaries, indicating which products are effected by the various bulletins is available at Technet, MS07-Feb.

  • MS07-008 HTML Help ActiveX Control (Remote Code Execution)
  • MS07-009 Microsoft Data Access Components (Remote Code Execution)
  • MS07-010 Microsoft Malware Protection Engine (Remote Code Execution)
  • MS07-014 Microsoft Word (Remote Code Execution)
  • MS07-015 Microsoft Office (Remote Code Execution)
  • MS07-016 Internet Explorer (Remote Code Execution)

  • MS07-005 Step-by-Step Interactive Training (Remote Code Execution)
  • MS07-006 Windows Shell (Elevation of Privilege)
  • MS07-007 Windows Image Acquisition Service (Elevation of Privilege)
  • MS07-011 Microsoft OLE Dialog Could (Remote Code Execution)
  • MS07-012 Microsoft MFC (Remote Code Execution)
  • MS07-013 Microsoft RichEdit (Remote Code Execution)

Monday, February 12, 2007

Lavasoft's Rebuttal

Hat tip Oliver . . .

Michael Helander, Director of Communications and PR for Lavasoft, published Lavasoft's rebuttal to the recent publications regarding outstanding obligations to the Swedish Tax Authority.

Comments on a local Newspaper Article Regarding Lavasoft. My original post on this topic is here.

Somewhat off topic: Before Michael was handling publicity, it would have been very unlikely that there would have been such a prompt response from Lavasoft, if any at all. Compliments to Michael for her efforts in providing this and similar communications to Lavasoft customers.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

On another Ad-Aware topic, if you updated the definition files this morning, please note that the definition files were updated again this afternoon to fix yet another false/positive. The Reference Number is unchanged at SE1R151 12.02.2007. However the MD5 checksum was changed in the new version. If you have

MD5 checksum 7c5278b1a148d44099d30ab557ade458

you need to update to

MD5 checksum b081efede3304424b19ce49d0d1ea511

Confusing isn't it. How difficult is it to increment the Reference number to avoid this confusion? Perhaps Michael has some influence with Lavasoft Research.

Vista Capable WinPatrol 2007

Bill Pytlovany, freshly returned, rested and relaxed (we hope) from his Techie Carribean Cruise, has rolled out the release version of WinPatrol 2007.

Friends and readers should know that I am cautious about beta software. However, I had not hesitated to install the beta version of WinPatrol 2007 on my computer and was pleased with the results.

Now that WinPatrol 2007 has been released in final, I encourage everyone to give it a try. Once you do, you won't be sorry that you have "Scotty on Patrol". Don't be misled by the title of this post. WinPatrol 2007 is compatible with Microsoft Win95 through and including Windows Vista.

By the way, it looks like the folks at Security Cadets have something up their sleeves for this spring involving WinPatrol. Sounds like something worth watching.

Download WinPatrol 2007

Bits from Bill: Vista Capable WinPatrol 2007

Microsoft Security Team Expansion

Wooing Vincent Gullotto away from McAfee's AVERT team has begun showing positive results. As reported at Computerworld, Mr. Gulloto discussed Microsoft plans to open new security research centres in Europe and Asia at RSA last week.

The plan is to use the centres to provide 24-hour monitoring of emerging security threats. Such monitoring will also provide faster access to threats for Windows Live OneCare.
The European head of operations will be Katrin Tocheva, formerly a malware researcher at F-Secure.

Referring to the failure of OneCare to pass the VirusBulletin VB100 test, Mr. Gullotto was quoted as explaining:
"We missed one virus in their collection. While missing one virus isn't huge, it is not a good thing either. It can put the thinking into the mind of folks that we can't keep them protected."
Let's face facts -- whether an anti-malware, anti-trojan or anti-virus software, all vendors have an occasional false/positive and no software will have every variant of every virus, trojan, or other nasty-ware in detection. Microsoft's new security research centres will certainly go a long way toward placing OneCare in excellent position to at least have all major variants in detection.

Windows Vista Security Explained

Paul Thurrott uploaded his Power Point presentation "Windows Vista Security Explained", including presenter notes.

"Windows Vista Security Explained, is an overview of Microsoft's security innovations and features in Windows Vista, including User Account Protection, BitLocker Drive Encryption and EFS, Windows Defender, Windows Firewall, Windows Security Center, Internet Explorer 7, and much more. I also discussed low-level security technologies in Windows Vista such as the Address Space Layout Randomizer and x64-specific security features, and discuss how PC security has changed since Windows XP, with a look at how third party security solutions are evolving to meet these needs."

Download links:

Sunday, February 11, 2007

Mozilla, Kodak Offer Photo Gallery Tool

There's good news for Firefox photo buffs from Kodak. Its called the Firefox Companion for Kodak EasyShare Gallery and is available for Mozilla Firefox 2. Its compatible on the Macintosh, Windows, and Linux. At this time it is only in English, but Mozilla reports that future versions will support additional languages.

Release Notes


Saturday, February 10, 2007

Trouble In LavaLand?

I was quite upset when I learned of the irresponsibility exercised by Lavasoft personnel when a BETA definition file was posted on the download server for approximately 4.5 hours yesterday. It was quietly replaced and an update was posted as "Fixed False Positive" with the same reference number as three days before, but with a new date and hash.

It appears, however, that managing the updates is the very least of the problems at Lavasoft these days. While checking the forums at Freedomlist today, I came across a post indicating that Lavasoft is in trouble with the Swedish Tax Authorities. The post included links to several on-line Swedish language articles from sites identified as one of the largest Swedish newspapers and largest tech news site.

Considering that I have spent a considerable amount of personal time over the years helping users with Lavasoft's Ad-Aware and Ad-Watch products, needless to say, I decided to investigate further.
Using the Swedish to English translator at Systran, the following is roughly the gist of some of the issues being raised against Nicolas Stark and Ann-Christine Åkerlund from the articles linked at the end of this post:
  • Lavasoft has not submitted financial statements to the Swedish Tax Authority since 2004

    {Note: 2004 is the year Ad-Aware SE was released and the new research facility was opened in Finland (and closed soon after).}
  • Numerous suppliers have petitioned "Senior Enforcement Officers" for payment.
  • Nicolas Stark and Ann-Christine Åkerlund, declared together 8,8 millions sek in private income last year - and large amounts the year before.

    {So, what was Nic and Ann-Christine's personal income last year? Here's the conversion of 8,8 SEK to U.S. Dollars. Read million dollars:

    88.00 Sweden Kronor = 12.4588 United States Dollars
    (1 SEK = 0.141577 USD) | (1 USD = 7.06330 SEK)}
  • The Swedish Government apparently does not appreciate that company funds were used to protect Nic and Ann-Christine's weekend cottage
  • Millions in salary and benefits have not been paid

  • Confusing company funds with personal monies, including the purchase of TV devices and exercise bike, invoiced to the company.

  • Use of the company car/driver by Ann-Christine for transportation to and from work.

  • The Swedish Government is also questioning Nicolas Stark and Ann-Christine Åkerlund about property in Germany that it appears from the translation is in the name of Lavasoft, and that Nic's brother lives in free of charge, purportedly for his providing web design services free of charge.
  • Among other things, there has apparently been large, continuous payments to different American bank accounts, without invoices or written agreements.
As most people know, when there is a problem in the security world, the place to check first is BroadBand Reports Security Forum (commonly referred to as BBR). I was not disappointed. A thread at BBR led me to this post by someone using the nickname "Diablo2". It appears that the translation by Diablo2 is very similar to what I obtained from Systran.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

The final financial determination with regard to Lavasoft, Nicolas Stark and Ann-Christine Åkerlund is up to the Swedish Tax Authorities. As to the determination of false/positives, Beta files posted as final product on the download server and a promised update to software that has been in the making since 2004, that is up to the public.

Disclaimer: The information presented herein is based on translations from Swedish to English of the referenced publications using the on-line translator at Systran. No warranty of the accuracy of the translation is provided.

Friday, February 09, 2007

Windows Connected Online User Group Meeting

From Windows Connected:

"Want to learn more about Vista, Office 2007, & Exchange 2007? If so, join us on Feb. 21st for the first WindowsConnected Online User Group Meeting. Josh, Jeff & Aubrey will be our presenters - and if that isn't reason enough to attend, we'll be giving away some excellent SWAG! Expect 300 level content and plenty of opportunity for Q&A.

Sign up today- space is limited. Step-by-step details below:

  1. Check your calendar for availability on Feb. 21st from 4:30-6:00 PST (- 08:00 GMT)
  2. Sign in to the site, or join if you aren't already a member (Note: this is a members-only event)
  3. RSVP by posting to the User Group Discussions forum. You just need to post saying 'Yes, I'll be there'
  4. We will send Live Meeting information to the e-mail address associated with your account
  5. If necessary, prepare your computer for Microsoft Live Meeting (Note: Audio will be VoIP, so don't worry if you can't dial-in)
  6. That's it - just show up on Feb. 21st and enjoy some free training

We'll be giving away 2 copies of Vista and a Vista Launch Kit similar to the one mentioned here. Please join us and help make our first Live Meeting a success. Thanks!"

Sounds like fun and a great way to get your questions answered.

Thursday, February 08, 2007

Advance Notice-Microsoft Updates February 13, 2007

Microsoft is planning to release the updates described below on 13 February 2007 at approximately 10:00 am PT. As always, the listed updates is subject to change. Also included will be an updated version of the Microsoft Windows Malicious Software Removal Tool.

Security Updates:

Five Microsoft Security Bulletins affecting Microsoft Windows.
The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. Some of these updates will require a restart.

Two Microsoft Security Bulletins affecting Microsoft Office.
The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

One Microsoft Security Bulletin affecting Microsoft Windows and Microsoft Visual Studio.
The highest Maximum Severity rating for this is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates will require a restart.

One Microsoft Security Bulletin affecting Microsoft Windows and Microsoft Office.
The highest Maximum Severity rating for this is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

One Microsoft Security Bulletin affecting Step-by-Step Interactive Training.
The highest Maximum Severity rating for this is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.

One Microsoft Security Bulletin affecting Microsoft Data Access Components.
The highest Maximum Severity rating for this is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.

One Microsoft Security Bulletin affecting Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, and Microsoft ForeFront.
The highest Maximum Severity rating for these is Critical. These products provide built-in mechanisms for automatic detection and deployment of updates. Some of these updates may require a restart

Microsoft will also release a number of non-security, high-priority updates.

See the full report at Microsoft Technet

Tuesday, February 06, 2007

Windows Live OneCare Failed VB100 Test

In a report by BetaNews, it was indicated that a Microsoft spokesperson confirmed that Windows Live OneCare antivirus failed a test conducted by Virus Bulletin. Windows Vista Business Edition was the operating system used in the test. The BetaNews report confirms the report I read by F-Secure a couple of days ago that also stated Microsoft Live OneCare for Vista did not get the VB100.

This is the statement from Microsoft Representative as quoted from BetaNews:
"We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests," the Microsoft spokesperson told us, "and, most importantly, as part of our ongoing work to continually enhance Windows Live OneCare to ensure the highest level of protection and service that we can provide our customers. As we have more information to share from our review of this particular test moving forward, we will keep you updated via our anti-malware blog." {bold added}
I have a problem with that statement by the Microsoft spokesperson. Over the past year, communications by Microsoft staff have been on a rapid incline and, I might add, very appreciated. There is one area that I follow, however, where there has been a distinct lack of communication. That is the Anti-Malware Blog. As of this posting, the most recent entry in that blog is October 30, 2006. That gives me the feeling that we won't be seeing much information sharing in the near future.

On a positive note, there were a number of anti-virus software programs that did pass the test by being able to positively detect a series of known viruses without a false positive, in as many as three trials on two separate machines. The combined list from the BetaNews and F-Secure reports of products that passed the test includes:
  • Avast
  • AVG
  • CA's Home and eTrust (enterprise) products
  • Fortinet's FortiClient
  • F-Secure Anti-Virus
  • Kaspersky Anti-Virus 6.0
  • NOD32
  • Quick Heal
  • Sophos Anti-Virus 6.5
  • Symantec AntiVirus 10.2
Two other failures were McAfee's VirusScan Enterprise 8.1 and the Norman Virus Control. There are plenty of options to select from if you are looking for a new antivirus software for Vista.

Monday, February 05, 2007

Sunbelt Launches CounterSpy V2

With their usual "touch of class", Sunbelt launched CounterSpy V2, their next generation antispyware product. It is important to note is that users of Windows 98SE and ME will need to continue to use version 1.5, which is still available and will continue to be supported with definition updates. With those operating systems no longer supported by Microsoft for critical updates, I hope those users will be able to upgrade soon.

Very briefly, the key features include:
  • Hybrid engine — CounterSpy uses a new hybrid engine, which incorporates our traditional antispyware engine with VIPRE, our new antivirus technology.

  • It’s faster and more efficient

  • Kernel-level Active Protection — Counterspy’s Active Protection(tm) now resides in the kernel — the core of the operating system.

  • FirstScan — CounterSpy V2 also has FirstScan technology, which scans certain locations of the drive and removes malware prior to Windows launching. (FirstScan will only run when CounterSpy finds suspicious files).

  • Vista support — CounterSpy V2 supports Vista 32 bit and integrates with the Vista Security Center. Support for 64-bit will be added in the forthcoming months.
You will want to read the complete details, available here. What I want to call your attention to is the Evolving the antimalware technology model which led to the newly released V2. I consider that article a "must read".

Unlike other vendors who find it necessary to bad-mouth the competition days before releasing their new software, Sunbelt has developed a software program for the future and introduced it with class.

Introducing CounterSpy V2
Evolving the antimalware technology model


Saturday, February 03, 2007

Message to Microsoft -- Dial-Up Is Not Dead

As impressive as the WOW Microsoft Vista release must have been, I was not able to watch the Webcasts. Microsoft seems to be under the impression that the world has all moved to fast broadband connections. Well, let me be the first to tell Redmond, "It just ain't so!"

The slowest speed provided for viewing is 100K. On Demand Webcasts are no better. In testing, the fastest playback I am able to achieve is 56 kbs. That just doesn't work well for Microsoft customers who use dial-up and are interested in learning more about new Microsoft offerings.

Dial-up? Yes, I am still on a dial-up connection at home. As a matter of fact, I have been using the same Internet Service Provider since Bluefrog Internet's debut in 2000 as a free ISP. It is no longer free, but the service has been excellent and fits within my budget.

Being curious on how many people Microsoft is missing by essentially ignoring dial-up consumers, I did a bit of investigating. After all, I was under the impression, based on a study a friend conducted last fall before going into business that approximately 40% of Internet access from home users in the U.S. is via dial-up connection.

The first thing I did was ask at Freedomlist. After all, a primary focus of FL is $10 & Under Cheap ISP's. A helpful reference to an InfomationWeek article was posted by member "Z". That article led me to a Government Accounting Office (GAO) report from May, 2006. Data from the GAO report is included in the References section at the end of this post.

A long-time Freedomlist friend also replied to my inquiry. Steve has has been involved in the ISP business for many years, having also founded his own successful ISP business. This is what Steve replied:
"The only stats I have are for the biggest ISP's by volume. Unfortunately the consortium who used to put all of this together is I guess working more on net neutrality these days than statistics.


That was for Q3 2006. You can see some big numbers still in the dial-up arena, such as United Online at 2.4 million, LocalNet at 240,000. AOL still shows a large 15.2 million subs, but we really don't know the breakdown of dialup to dsl without more research. They are not allowed to count plans though with access from another carrier, so no BYOA plans included.

Some glaring omissions from this is that MSN no longer publishes its dialup data, and Earthlink just combines everything into one big fat publishing, so there could be another estimated 4 million subscribers in there alone.

Add to it the other ISP's section (that may or may not include Microsoft's MSN) and you may have as much 25.2% of the market on dialup from other ISP's who don't report. Those figures don't include DSL or cable though either, so smaller regional companies like Cablevision or Cincinatti Bell, etc. compile the ending.

Adding all of this up, I'm going to roughly state that maybe 35-40% of people are still on dialup at this point, although we don't really know if that is their primary connection or simply a backup too. So many factors to consider."
Based on the additional research I conducted, it is apparent that Steve's numbers are right on target. For example, in the 4/26/2006 Pew/Internet.org report below, of the 147 million adults who responded one year ago, only 42% had a broadband connection. Based on those figures, that leaves over 80 million adults who responded to the survey who would not be able to view the Webcasts or, most likely, download a trial copy of Office 2007.

The Government Accounting Office (GAO) reported on May 5, 2006, that "Broadband Deployment Is Extensive throughout the United States, but It Is Difficult to Assess the Extent of Deployment Gaps in Rural Areas". The summary quoted below the Pew/Internet.org briefs explains why the data may not provide an accurate picture.

When considered in conjunction with the
2/26/2006 Pew/Internet report, there are then two reputable sources that are reflecting low/slow broadband growth in rural America. Also note the screen copy of the GAO "In Brief" section of the PDF. Merely having broadband networks deployed in a wide expanse of zip codes does not mean that such service is available.

According to the figures published January 11, 2007, at Internet World Stats for the United States, there are 210,080,067 Internet users in the United States. Even if an extravagant 60% use a broadband connection, that still comes out to about the same 80 million on dial-up as the shown in the Pew/Internet survey.

What about other parts of the world? As is shown below, dial-up is on the rise in New Zealand. In the U.K. the figures from August of 2005 indicated a bit over 52% had broadband. That leaves a large percentage of the population with dial-up connections. Consider also that broadband connections vary widely. There are many so-called broadband connections that are considered "slow broadband".

The bottom line is that Microsoft is missing a lot of people by not providing media for dial-up customers. I am afraid that it isn't merely trials of software like Office 2007 that dial-up and slow broadband users are missing. Security Updates often take quite a while to download. When a connection gets dropped, that also ends the download of the update. Making cumulative updates available on CD, even for a nominal fee, could go a long way in making security updates more accessible to customers with slow connections.

Unfortunately, I expect that I am crying in the wind. The reason is that countries like Japan and South Korea, with a huge sales base, has a much greater percentage of the population on high speed than the rest of the world. In addition, it is not unreasonable to suspect that major supporters and stakeholders are telephone and cable companies who want to make it as attractive as possible to move to DSL or Cable.


From Pew/Internet.org:
Home Broadband Adoption in Rural America

2/26/2006 | MemoMemo | John Horrigan, Katherine Murray

Rural Americans are less likely to log on to the internet at home with high-speed internet connections than people living in other parts of the country. By the end of 2005, 24% of adult rural Americans went online at home with high-speed internet connections compared with 39% of adults in urban and suburban areas.
View PDF of Report

Internet Penetration and Impact

4/26/2006 | MemoMemo | Mary Madden

Over time, internet users have become more likely to note big improvements in their ability to shop and the way they pursue their hobbies and interests. A majority of internet users also consistently report that the internet helps them to do their job and improves the way the get information about health care.

While the share of internet users who report positive impacts has grown, the sheer size of the internet population also continues to increase. Surveys fielded in 2006 show that internet penetration among adults in the U.S. has hit an all-time high. While the percentage of Americans who say they use the internet has continued to fluctuate slightly, our latest survey, fielded February 15 – April 6, 2006 shows that fully 73% of respondents (about 147 million adults) are internet users, up from 66% (about 133 million adults) in our January 2005 survey. And the share of Americans who have broadband connections at home has now reached 42% (about 84 million), up from 29% (about 59 million) in January 2005.
View PDF of Report

Home Broadband Adoption 2006: Home broadband adoption is going mainstream and that means user-generated content is coming from all kinds of internet users

5/28/2006 | MemoReport | John Horrigan

Adoption of high-speed internet at home grew twice as fast in the year prior to March 2006 than in the same time frame from 2004 to 2005. Middle-income Americans accounted for much of the increase, along with African Americans and new internet users coming online with broadband at home. At the end of March 2006, 42% of Americans had high-speed at home, up from 30% in March 2005, or a 40% increase. And 48 million Americans -- mostly those with high-speed at home -- have posted content to the internet.
View PDF of Report
View PDF of Questionnaire

GAO 06-426 Summary:
"About 30 million American households have adopted broadband service, but the Federal Communications Commission's (FCC) data indicating the availability of broadband networks has some weaknesses. FCC conducts an extensive data collection effort using its Form 477 to assess the status of advanced telecommunications service in the United States. For its zip-code level data, FCC collects data based on where subscribers are served, not where providers have deployed broadband infrastructure. Although it is clear that the deployment of broadband networks is extensive, the data may not provide a highly accurate depiction of local deployment of broadband infrastructures for residential service, especially in rural areas.

GAO 06-426 (PDF) In Brief:

New Zealand: Computer World reported in April 2006:
New Zealand dial-up customers are on the rise, with Statistics New Zealand reporting a 4.1% increase in the number of active accounts between March and September last year.
UK: National Statistics says UK now has 52.4% broadband connections
18 August 2005

Category: Research - Regional, National & International
Location: UK Wide

National Statistics has released its latest monthly update to the survey of Internet Service Providers (ISPs) which shows that in June 2005, broadband connections formed 52.4 per cent of all connections, up from 50.7 per cent in May 2005. The index of all connections showed that between June 2004 and June 2005 there was a 5.2 per cent increase in the total number of active subscriptions to the Internet. The index decreased, by 0.2 per cent, between May and June 2005. Dial-up connections continued to decline and now account for 47.6 per cent of all connections.