Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Tuesday, January 31, 2006

Kama Sutra / MyWife worm

I know it’s going to be a busy day when my local CBS station calls to ask me about a new computer threat and wants to do an on-camera interview. Today, Microsoft released a Security Advisory for the win32/Mywife worm which if installed will damage computer files on the 3rd of every month.  This one has been making the news because it purposely removes most of the popular AntiVirus software like Norton/Symantec, McAfee, Kaspersky, Trend Micro PC-cillin, and Grisoft AVG.  This is one case where being a little guy like WinPatrol has an advantage.

I’m not freaking out too much about this one.  Users will have to physically download a file which is disguised as a zip file and run it.  Most local IP’s already know about the worm and have been filtering it out automatically before it reaches their users.  Both my AOL account and Road Runner accounts have been blocking it for a while.

If you’re a WinPatrol user, you’ll see an alert that “scanregw.exe /scan” has been added to your Startup Programs list.   For the most information and a link to a removal tool from Microsoft click here.

Updated 2/1/2006 2:30 PM
I’ve uploaded a video of  my latest TV appearance.  Click here for Kama Sutra on CBS6

Share on Facebook


Monday, January 30, 2006

180solutions makes it up as they go along

One of my early and most controversial Blog entry's discussed a lawsuit against Zone Labs Inc by 180solutions for mislabeling their applications. Today, 180solutions announced they were dropping their law suit. According to 180solutions press release, they dropped the lawsuit because “Zone Alarm’s action to download classification of 1800solutions’ S3–enabled search assistant software”.  What makes this fun is Zone Labs issued their own press release that says “No changes were made to ZoneAlarm’s software…”.  I wonder who we should trust?

This action follows yesterday’s press release by 180solutions claiming it was working to “stop a suspect in a Middle Eastern country from further distribution of 180solutions search assistant software”.  The announcement yesterday was conveniently timed to diffuse last weeks charges made by the Center for Democracy & Technology(CDT). The timing was interesting since 180solutions was notified by Facetime on January 6th and at that time, 180solution said they would be shutting down this Middle East affiliate.

Our friend PaperGhost has summed it up well with a post today at his VitalSecurity.org Blog. For an animated description that explains it all, click on the link that says “Here’s my conclusion.”

 

Share on Facebook


Sunday, January 29, 2006

Cop Car Donut Shop

My topics today are a little off topic but I’m told a truthful Blog should reflect a little personal information. That way your readers can get to know you and be aware of any personal bias.

Today I have an opportunity to share some information about my family. I have one older brother John who is the Chief of Police in our little community of Scotia, NY. I mention him today because tomorrow night the Discovery Channel is re-airing a segment that reveals another one of my brothers many talents.

Monday night, January 30th at 9:00 PM EST and later at 1:00 AM, the Discovery Channel airs an episode of Monster Garage created one week in the summer of 2003 we spent in Long Beach, CA. Jesse James along with a gang of cops and one doughnut guy, transform a 1998 Ford Crown Victoria Police Cruiser into a mobile Doughnut Shop. If it sounds like something you’d be interested in plug it into your TiVo.

 

Share on Facebook


Thursday, January 26, 2006

American Icons in China

Just last year most people had never heard of Lenovo.  I even spelled their named wrong in an article I wrote yesterday about their participation in stopbadware.org.  Even now the majority of folks in the high tech sector don’t realize that Lenovo is the third largest supplier of personal computers. 

How did they become the 3rd largest?  Last year Lenovo Group Limited acquired IBM’s Personal Computing Division for 1.25 billion dollars.   While IBM still has great brand recognition it surprises me that we didn’t read more about this last year.  Lenovo already had about 1/3 share in the overall PC market in China so its purchase of IBM’s PC division catapulted it to one of the top spots in the world.

Did I say China?  Yes, Lenovo’s headquarters are in Beijing, China.  You remember Beijing right? It was in the news a while back, something to do with human rights.
Tiananmen Square
     Tiananmen Square 1989

Well, the world has changed in the last 17 years. In July, 2005 Google announced it would open a product research and development center in China.  Unfortunately, being a communist country, the Chinese government is going to censor the results of Google searches.   Wal*Mart doesn’t just buy from China, they have 42 Supercenters there. Even the American icon Harley-Davidson is expanding into the Chinese market.

Harley-Davidson China

I find it odd that congress is now making a big deal out of Googles relationship with China.  It didn’t care about Wal*Mart changing what products it stocks on the shelves in China.  It didn’t get paranoid that the regime in China would make Lenovo put spy chips in IBM computers. So why Google now?

As I wrote a few days ago, it’s past the time we all start thinking globally. China’s economy grew 9.9% in 2005. It’s the second biggest contributor to global growth. The best hope we have is, that we have more impact on China then they do on us. Maybe Googling for a new hog will help put an end to communism.

 

Share on Facebook


Wednesday, January 25, 2006

Horror stories wanted

There’s a new sheriff in town.
StopBadware.org

Announced today, a new initiative led by Harvard Law School's Berkman Center for Internet & Society and Oxford University's Oxford Internet Institute. Corporate sponsors include  Google, Lenovo ( formerly IBM PC Computing Division), and  Sun Microsystems, Inc.

The group has adopted the term “Badware” to better define spyware, malware and deceptive adware. Adware companies frequently complain about being lumped together with Spyware.  Other companies and organizations have been quick to offer their support to this alliance which sees itself as a “Neighborhood Watch” of badware.

No matter what your level of computing knowledge, everyone is invited to get involved. Tell your badware horror story, submit technical data and/or participate in discussions by going to http://www.stopbadware.com/home/get_involved.

Share on Facebook


Blog Spam

For a relatively new Blog, I’ve been pleased with the traffic I’ve received from interested readers. Well, today I had my first indication that Bit from Bill was part of the Blogshere.  The Blog experienced its first link spam attack!

As a new Blog eager for feedback I have allowed comments to be posted by anonymous accounts.  I guess its only a matter of time before I’ll have to change this feature. 

It was easy to detect and delete the sale pitch and  I’m pretty sure you didn’t come here for Cash Advances. I traced the link spam back to a PO Box owned by Greg Vanden Berge, Bonsall, CA.  If anyone knows Greg tell him I said thanks.

Blogshere is the term used to describe the global network of blog postings.
Source: Naked Conversations by Robert Scoble and Shel Israel

 

Share on Facebook


Tuesday, January 24, 2006

Plan to Globalize Now

In January, 2002 web stats from WinPatrol.com indicated that approximately 80% of our visitors came from locations within the United States.  This month, visitors from the US is higher but now only makes up 63% of our traffic. Apparently, my new Blog is even more popular internationally as graph below shows.Visitors to Bit from Bill per country.

For the first time, last year more PC’s shipped to the Europe than to the US.  In my predictions for 2006, I noted that consumers really don’t have a good reason to upgrade. A strong Euro and demand for consumer laptops accounted for an 17.1% increase in PC sales across the little pond.

33.2 %  Europe, Middle East, Africa
30.7 %  North America
26.1 %  Asia-Pacific and Latin America

According to research firms IDC and Gartner, the big winner in Europe is the Taiwanese computer maker, Acer. Dell also saw their worldwide PC shipments increase 18.6%.

If you run a business that depends on the Internet, you better have a plan to globalize. I don’t mean having your customer support people reading scripts from India rather than Arizona.
Does your online store support non USD currency?
If you get Email in another language can someone respond?
Is your product or website localized so it can be read by non-English customers?

For now, at least, we’ve been saved by some excellent bilingual education in countries outside the US. Bits from Bill may not be the best indicator but according to the graph below I still could be losing 25% of my potential audience. 
Bits from Bill Language Stats
Graphs indicate traffic reports from the past week and were created through the use of Site Meter Plus.

Share on Facebook


Monday, January 23, 2006

180solutions: Scary Smart Individuals

The Center for Democracy & Technology (CDT) has stepped up their efforts to expose the illegal and deceptive practices of companies who have been hiding behind descriptions like “search marketing” or “targeted advertising”.  Today, the CDT presented the Federal Trade Commission(FTC) with over 91 pages of evidence against 180solutions, who claims to be “a leading provider of Internet search marketing solutions.”   Another 40 pages of evidence shows deceptive practices of 180solutions and CJB.net working together to defraud users.  In the complaint filed today, the CDT requested “Investigation, Injunction and other Relief” against 180solutions and its affiliate CJB.net  for the violation of section 5 of the Federal Trade Commission Act.

Documents also show a pattern of defiance by 180solutions to past complaints.  The company has been quick to place blame of illegitimate behavior on rogue affiliates.  The CDT has laid out a clear picture of how 180solutions supported tricks to force users to download their programs and even show how they’ve taken advantage of security flaws in Windows to install their code.

180solutions has no business model without the ability to have it’s data collection programs running on a users machine.  If you haven’t heard of 180solutions, you might have heard of some of their other names like Zango, Seekmo, or MetricsDirect. According to the company, they accomplish this by providing “free access to a large catalog of entertaining and informative content”.  Another words, they offer “free” music, videos and games to your kids in return for the ability to harvest data from your machine.  Disclosure of their data collection programs is typically done in new variations of what we’ve always called, “the small print”.

The scary part is, 180solutions isn’t a group of hackers in a former communist country but their techniques are the same.  The company has corporate offices less than 5 miles from the main Microsoft campus. Their headquarters are so expansive, they use Segways to get around. They have satellite offices in New York City and Montreal. Inc. They have over 200 employees and are actively hiring more.  Their job posting is for “scary smart individuals, who are also really cool”.

Instead of reading the CDT Press Release or the entire 91 pages, some of the important excepts and details on CJB.net’s 40 page involvement can be found on some of our favorite Blogs today. 

 

Share on Facebook


Sunday, January 22, 2006

Windows Blackout caused by AutoUpdates

I've never been a big fan of automatic software updates. I still recall the days when the rep from Sperry-Univac would update the operating system on our room size, mini-computers. We'd spend the next week updating our software to handle what the new OS Patch would break. Now, auto-updates are build into the software, including Windows.

I've often been asked why we don't include auto-updates in WinPatrol. I can see signature files or data being updated automatically, but I'm not comfortable making code changes if there is any chance it could somehow create an incompatibility. There are just too many unknown variables that could affect the performance of a Windows machine. My policy is to stick with a solid, well working version at least until new features are available and keep all our data online where we can update it without affecting the user.

Lately, I've been digging deeper into Windows Internals and how the OS has evolved over the years. This research increased after I experienced a night of down-time following the installation of Windows OneCare Live. I wasn't thrilled with how Windows OneCare worked but my real concern came when the Uninstaller failed and I couldn't remove OneCare from my system. I could not even “Exit” Windows OneCare. It had integrated itself into the system. After a little task/service stopping with WinPatrol I was able to connect to the internet and write to Microsoft. They did respond within 24 hours offering personal help and a more forceful uninstall script.  Between their help, WinPatrol and Regedit my machine is now back to normal.

This recent experience strengthens my belief that, it won't be long before we see a large scale "Windows Blackout". The time will come when a number of large companies and individuals will apply new update that causes far more trouble than it's worth. It could be a Windows Security Update or some other very popular program. Most users won't experience a problem but a small percentage will experience a serious production blackout. It won't be instantaneous like a power blackout but the cascading impact will be the same. So much of the world is dependent of Windows that, the big one won't be spyware or a rootkit deployed by a terrorist. It will be an automatic software update.

Share on Facebook


Friday, January 20, 2006

Child Porn on Google

This is a good example of the need for people to read more than the headlines.  Today, I received a comment  from a family friend, “I hear Google is in trouble with the government for child porn.”  ACK!!!! 
I always say, “It doesn’t matter what they say, as long as they’re talking about you…” well, this is a situation where that may not be true.

If you read beyond the headlines you’ll see that Google is the hero of this story trying to protect the rights of all internet users.  The Bush administration isn’t actually looking for information which would help them track users who search for porn. They’re looking for information to show trends. They want to prove that internet filters aren’t working.  While from their view point this seems like a reasonable request it’s not Google’s responsibility or mandate to provide this kind of information. The government could always contract with companies like Claria to spy on user habits.  (*tongue in cheek)

Google could easily have complied, as others have, to this subpoena for information but they didn’t.  Google is a privacy time bomb and this effort makes a huge statement about trusting Google. I fear it’s only the beginning of how the government could use internet tracking to abuse individual rights.

This is a big story that won’t go away.  There will be an impact on Google’s worldwide image. For those who support Google, they’ll continue to use their favorite search engine.  For those who don’t read beyond the headlines, it will hurt Google’s image.  Either way, it should make everyone aware, individual privacy isn't what it used to be.

* Tongue in cheek: To keep yourself from laughing at a bad time, you can thrust your tongue into your cheek. Back in the 1700's, this was used to signal contempt for another person. Over the years the meaning changed to be more humor related.

Share on Facebook


Tuesday, January 17, 2006

Sunbelt acquires Eric L. Howes

When I first met Eric L. Howes participating in DSLReports.com forums I knew immediately he had deep a passion for helping others. At that time, I was preparing a document for the Federal Trade Commission detailing my experiences fighting spyware and recommending solutions. Eric volunteered to help proof my paper and provided outstanding feedback. It wasn’t until later I found out he wasn't just some guy helping online. Turns out, he was teaching business and technical writing at the University of Illinois and already knew a thing or two about spyware.

Over the years,  Eric has spent his spare time picking apart spyware, exposing the methods used and even tracking the sources.  He has freely shared his research with AntiSpyware companies like ours and publicly on forums like SpyWarrior.com.  He’s most widely known for his list of Roque/Suspect Anti-Spyware Products & Web Sites as well as maintaining a list of sites for your browser to block called IE-SPYAD.

The folks at Sunbelt Software also recognized Eric passion and abilities. He has helped fine tune their Anti-Spyware approach and this week has accepted the position of Director of Malware Research.

The Good Guys
Alex Eckelberry, Ben Edelman, Dave Methvin, Wayne Porter, Eric L. Howes

Eric will now be able to spend full time fighting spyware and share his knowledge with a team of experienced researchers at Sunbelt. The good news is, Sunbelt is also very open with sharing information and helping others. Their president Alex Eckelberry,  the primary contributer to the SunbeltBlog, has set an example of public communication few executives would have the courage emulate.
 
I’m pleased to congratulate both Eric and our friends at Sunbelt Software.

Share on Facebook


Sunday, January 15, 2006

Your Printer Tells All

I thought this was fairly well known but the reaction to yesterdays printer comments have ranged from “Wow, I didn’t know that” to “Are you that paranoid?”  PC World actually reported this in 2004.

Most world governments require copier and printer manufacturers to include a method to track where a printed image came from. Originally, it was designed to trace counterfeits but now the explanation is mostly related to terrorism.  The only publicly disclosed technique at this time was created at Xerox in the 80’s and consists of a yellow pattern of microscopic dots.

Microscopic Printer Dots
Close up of actual tracking dots,  as seen through a microscope.

The information available is said to include the printer serial number as well as the date and time the image was printed. The Electronic Frontier Foundation is investigating and has published a list of those printers they’ve been able to identify as using the yellow dot technique.  So far, their list is limited to laser printers using the Xerox method. Any technique used by ink jet printers has not been disclosed to the public.


Exposed using a Photon blue LED light
Photos from www.eff.org

 

 

Share on Facebook


Saturday, January 14, 2006

Windows Back Door

Yes Steve, there are back doors in Windows. I’m just not sure the SetAbortProc call in WMF files is one of them.

If we had a PC Hall of Fame, Steve Gibson would certainly be a candidate. Steve’s been digging into and writing about the core functionality of Windows since before Windows 3.0 went public. He gained fame and ushered in a new age of internet security with the creation of his ShieldsUp! web site.  ShieldsUp! provides internet security tests so folks can check how well their firewall is working or if they have any nasty programs using open ports.  Steve invites users to his ad-free ShieldUp! site free of charge.  We now have many web sites duplicating and expanding his ideas like http://www.dslreports.com/tools and http://www.dnsstuff.com/.

Steve has also been responsible for finding a number of security flaws in Windows such as a vulnerability in how Microsoft implemented DCOM (Distributed Component Object Model). In 2003, Steve created a program called DCombobulator as a fix.

Steve has also been criticized at times for crying wolf when his alerts weren’t viewed by others as surprises or critical flaws. This week is another one of those times.

After some of his own testing and research, Steve has come to the conclusion that Microsoft intentionally put a “backdoor” into Windows via WMF’s. He’s published an audio and textual discussion with Leo Laporte on his website, http://www.grc.com/SecurityNow.htm#22.

Steve is so well known and respected that Microsoft responded the next day on its Microsoft Security Response Center Blog. The explanation is technical but knowing how things have changed over the years at Microsoft the explanation posted by Stephen Toulouse matches up with my own knowledge and research.

The story makes for good reading but I’m not surprised. Of course, there are back doors in Windows. Most back doors weren’t created for Microsoft use. They’re created to comply with federal laws.

Did you know what most printers include code to embed your printers serial number as a type of watermark in anything you print?  Ever wonder why the government discourages open-source programming? The Homeland Security Department is now providing funds to Coverity, a company which tests open-source programs and servers. Alas, this is probably the topic of an entirely new article.

 

Share on Facebook


Friday, January 13, 2006

Google Video

I had commented on the recent Google Pack announced at CES so I thought I’d evaluate the new Google Video Store.  My first purchase was quick and easy but the video never downloaded.  video-support(at)google.com responded to my report within 24 hours and was eager to help.  I was happy to receive a response that wasn’t canned and showed that the support staff had actually paid attention to my details. After another Email and a little time they did fix the problem and I was able to download my first video for $1.99.

The cost of the video varies which makes sense.  There are plenty of free videos like the 41 second,  “dumbest dog you’ll ever see”, which I had seen before on America’s Funniest Videos. For 99 cents there’s a video of Charlie Rose interviewing tech columnist Walt Mossberg. The highest price I saw was $5.95 for “The Hunting of the President”.

I tried out a $1.99 download of an episode of Star Trek Voyager.  Ok, ok… I’m not a true Trekkie or Sci Fi junkie, I’m frequently watch Star Trek episodes while programming.
Demo of Google Video before download
      Screen Capture of Google Video before purchase

I was ready to enjoy an episode of Voyager called “The 37’s” but what came next was disappointing.
The screen capture above is from the purchase page which shows a 31 second demo of the episode or video.
The screen capture below is from the video I finally received.
Screen capture of $1.99 video

 Is it me or is the quality of the video crap?
Click on either image to view the screen capture in its original size.

I really don’t feel cheated, its more of a surprise. I expected a little more from Google. I was never given the choice of bandwidth, but apparently someone there thinks we’re all still on dialup.

Share on Facebook


Thursday, January 12, 2006

Congratuations You Have Won the Microsoft Lottery

A new one to chuckle at made it past my spam filters today. Perhaps I just haven’t seen it before but it certainly is a new twist.  Essentially, it’s based on the original scam letters from Nigeria but it combines two popular scams of recent years.

Most of you probably remember how Bill Gates was testing a new Email feature and promised if you forwarded the Email to 10 of our friends, you’d receive a check in the mail? 
I’m sure you’ve all received and hopefully deleted “Congratulations, You’ve Won the Lottery” in your Email.

Today, the “Scientific Lottery Game Promotion” let me know that “You are therefore entitled to a cash award US$2,500,000.00 (TWO MILLION FIVE HUNDRED USD)”  In a new twist to add validity to scam, they’ve added the Bill Gates name to it.

This lottery program was organized by our group of philanthropist promoted and sponsored by Mr. Bill Gates of Microsoft Inc,eminent personalities like the sultan of Brunei, Multi Choice and other corporate organisations.This lottery program was organized to improving the use of computer softwares and for the benefit of every Microsoft user.

There’s no link to click on but it does include an Email address. The Email domain belongs to a company in Tel Aviv which provides free Email.  In my research, I’ve found identical scams going back to last September which also use free Email accounts at walla(dot)com.

Perhaps the best protection is for Email filters to add a new free Email classification. I would love it if Outlook or AOL tagged any Email that arrived from a free Email site.  I’m sure I have friends who use Free Email but I suspect 98% comes from Email addresses that won’t last more than 30 days. 

 I’m also think spam filters should feel safe deleting any Emails which mention “the sultan of Brunei”.  :)

 

Share on Facebook


Wednesday, January 11, 2006

Spyware threats continue

While all of us were updating our system with the newest Microsoft patch, reading about gadgets at CES and a new Intel based Mac’s the spyware foes were busy creating new threats for online users.

The most annoying Fakeware from last month called SpyAxe has resurfaced under the name SpywareStrike. This is another case of a bogus programs telling you that you’re infected but for $49.95 they’ll help you out.

Suzi Turner with ZDNet let me know there was a free tool devoted to the removal of this type of fakeware called SmitRem. This program is another great case of independent AntiSpyware zealots providing their time and efforts to the online community for FREE. Ilfak Guilfanov showed us how it’s done with his WMF fix and this week MVP NoahDFear has come to the rescue.  There are a lot of good people out there.

As part of their security update on Tuesday Microsoft includes more than just the WMF fix. They included an additional fix to fonts that are used on a web site. ( MS06–002 )
I haven’t heard of anyone using of this vulnerability but now that its public knowledge who knows. It’s another case of Microsoft looking at file types which could include executable code like I mentioned in my last article. 

Meanwhile, CastleCops reports a new phishing scheme that takes advantage of a vulnerability in something called XSS or Cross site Scripting.  Users may  think they’re at a Google site when in fact they’re being exploited and could be giving personal information to the bad guys.

Click on all the links and before long you’ll be an antispyware zealot too.

 

Share on Facebook


Monday, January 09, 2006

Don't Panic

After a long holiday week of bug fixing in Redmond it appears the WMF Exploit is just the tip of the iceberg.
The security flaw exposed by the Zero-Day WMF Exploit is a brand new type of code vulnerability.

In the past year, Microsoft has been on a security crusade to clean up any code which could be used by hackers to remotely execute malware. Unfortunately, the focus has been on buffer overflow, string formatting, SQL Injections and other traditional coding flaws.  There are however many file types besides WMF which provide locations for code execution and nobody has bother to consider this a possible threat.

My friends in Redmond now tell me a race has begun.  Microsoft has re-created a team whose goal is to find any other potential security flaws of this type before the hackers do.

Reports of additional flaws in the WMF file type have been widely reported. At this time, there is no need to panic as the use of these flaws are purely conceptual. Worse case scenario is viewing a doctored file could make your browser or other file application crash. There is no indication that code could be executed on the machine accessing a manipulated WMF file.  Many sites are referring to this as a denial of service attack which I think is a misleading description.  Some might think it generates a DoS attack when the only one denied is the person who views the image.

Meanwhile, I recommend taking normal precautions, get your Windows security updates and keep your eye out for new security bulletins.
The answer is 42.

Share on Facebook


Saturday, January 07, 2006

Google Pack

No new Google PC was announced but there was still a full house to hear Google co-founder, Larry Page, detail the new “Google Pack” software collection. Most attendee’s were more interested in how announcements would affect their Google stock which has been upgraded recently.  Apparently, the folks who reported a Google PC were mixed up with the Koobox which is under $300 and runs a version of Linux called Linspire. Google… Koobox, they both have double O’s and six letters so you can understand the confusion.

Google Pack is essentially a collection of Google owned software, popular free/trial software combined into a user friendly delivery system.  My initial installation automatically chose nine programs from the collection which included:

    •   Ad-Aware SE Personal
    •   Adobe Reader
    •   Google Desktop
    •   Google Earth
    •   Google Pack Screensaver
    •   Google Toolbar for IE
    •   Mozilla Firefox with Google Toolbar
    •   Norton Antivirus 2005  SE (Six month trial)
    •   Picasa  (Googles Photo Editor)


The installer, “Google Updater” was intelligent enough to know I already had copies of Ad-Aware, Google Toolbar, and Firefox on my system. It updated my version of Google Desktop and Adobe Reader.
The Updater Preferences allows users the option of hiding the icon in their taskbar once you’ve made your choices.

On the Google Pack website there is a checkbox in front of each application so users can decide which ones they’d like.  Other available programs include

    •   Trillian
    •   Google Talk
    •   GalleryPlayer HD Images
    •   RealPlayer

During the install, WinPatrol’s Scotty woke up and barked a number of times.  It could be one of the reasons WinPatrol wasn’t included. The main culprit was Symantec’s Norton AntiVirus which added

    •    1 Startup Program
    •    2 IE Helpers (1 BHO, 1 Toolbar)
    •    2 Scheduled Tasks
    •    8 Windows Services

I went ahead and approved all the additions and then used the Google Updater to Uninstall Norton Antivirus.  Updater made Uninstall a breeze and I was surprised to see all of the Norton/Symantec components were removed.  I was impressed that Ad-aware and Real Player weren’t automatically added to my Startup Program list. It could be because they were already detected on my system and weren’t installed.

I understand Google considered a number of AntiSpyware solutions before going with Ad-aware.The free version of Ad-aware is worthy and I’m told no money changed hands.  I’m sure Lavasoft, like many would have paid for the honor and visibility of being included. My only complaint with Ad-aware is their AdWatch program which blocks any additions to certain Run registry locations.  Users aren’t notified so even if they want a program to run all the time it gets blocked automatically.

Share on Facebook


Friday, January 06, 2006

Windows Vista

Today, along with a keynote speech by Bill Gates, Microsoft released more information about its next Windows version called “Vista”.  If you’re interested in reading the marketing buzz and viewing pretty images you can go to http://www.microsoft.com/windowsvista/default.aspx for more information.

One new interface enhancement is called “Sidebar”.  The Sidebar can be populated with a variety of new custom objects called “Gadgets”.
Vista Sidebar
Most of the gadgets demo’d provided dynamic displays like video or real-time RSS data.

The new Internet Explorer sports a new “Tabbed” interface which will display large thumbnails of all the pages you currently have open making toggling between sites easier.
New Internet Explorer
Internet Explorer also introduces a new Account Protection which allows you to protect many of the settings currently monitored by AntiSpyware programs like, Start/Search Page settings, HOSTS file, Trusted sites and Startup “folder” protection.  Not sure what they mean by Startup “folder”.  I would hope it includes all critical Startup locations in the registry.

Security and Spyware protection provided by “Windows Defender” will be built into Vista. According to Steve Dodson’s WebLog it can be disabled if you’d like to use a 3rd party anti-spyware application. One of the advantages Microsoft will have is, new “Signatures” which define malware will be updated via Windows own update engine as Automatic Updates. 
Defender Alert Window

 

 

 

Share on Facebook


Thursday, January 05, 2006

Microsoft WMF Patch Available

Microsoft has released the patch for the Zero-Day Exploit a little earlier than expected. While Microsoft first announced this patch would be ready on January 10th, they decided it was better to make it available immediately.

The patch is now available at
http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx

Find the section that says “Affected Software:” and click on “Download the update” following your operating system.

If you followed our previous advice to unregister shmgv.dll you’ll want to re-register this DLL.
Click on Start button, and select Run.
Type “regsvr32  shimgvw.dll”  and click OK

Share on Facebook


Wednesday, January 04, 2006

Sober Snore

I wasn’t going to comment on the “impending doom” that has been forecast from the so-called Sober worm but I’ve received more inquiries than I had expected.  The Sober worm first appeared last November and was spread via Emails with threatening subjects. Word on the street has been that one Jan 5th or 6th (depending on who you ask) the Sober worm is going to be re-launched around the world.

Chances are, if you’re reading this Blog you already have the protection and common sense you need to prevent any problems.  You probably have WinPatrol and/or other AntiSpyware programs installed. You probably have kept your Windows system up-to-date with recent security fixes from Microsoft.  Even if you haven’t there’s no need to panic.

Don’t be surprise if you receive some weird Emails over the next couple days but if you follow the advice I posted about "Have you been visiting illegal web sites?" you’ll be fine.

Microsoft has posted a new Security Advisory(912920) to address the issue.

 

 

Share on Facebook


Google PC

Our spys at CES have been buzzing about this Friday’s keynote speech by Google’s co-founder Larry Page. Keep your eyes out for news about a new low cost “Google PC”. I’m sure many news sites will be publishing details today but most details and photos will be available late Friday afternoon.

So far, speculation is the Google PC will be Linux based and be sold for under $300 at Wal*Mart type locations.  The system would immediately support Google Talk and AOL’s Aim but don’t expect a full AOL client.  AOL has however been pushing most its content and many features including Email to the web.

I’m sure if you look around you’ll find plenty of other folks with a lot to say. I’ll have more to say on Friday when the announcement is official.

Share on Facebook


Tuesday, January 03, 2006

Microsoft targets Jan 10th for WMF Patch

Microsoft has updated their Security advisory (912840)

“Microsoft recommends that customers download and deploy the security update for the WMF vulnerability that we are targeting for release on January 10, 2006.”

Meanwhile, Microsoft agrees with what we’ve all been saying since ” Day Zero” and posted the following suggestion:

Un-register Shimgvw.dll, follow these steps:

1.

  Click Start, click Run, type
"regsvr32 -u %windir%\system32\shimgvw.dll"
(without the quotation marks), and then click OK.

2.

  A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

Share on Facebook


Monday, January 02, 2006

Read me on your TiVo

I won’t go into all the details on why I’m a huge TiVo fan. I’ll just say my first TiVo was activated on Oct 14, 1999 and we currently have more than one connected via a wireless network. I’m not going tell you why TiVo is the best. I can tell you if you have networked TiVo you can read “Bits from Bill” on your TV.

The killer app for TiVo is something called Galleon.  This free open source application has been under development and testing for a while and it’s definitely ready for prime time.  If you’ve ever used your TiVo to view photos or listen to music you’ll love the extra features available from Galleon.

If you’re not networked with TiVoToGo yet you’ll need three things:

A TiVo Series2 DVR
A wireless router
A TiVo supported USB network adapter ($49.95)

Installing Galleon is simple and you’ll be able to pick which ever features you want to add to your TiVo’s, “Music, Photos & More” menu.  My favorites are Weather, Movies, Shoutcast and the RSS News Reader. 
In Galleon, File->New App. For App “Type” select “RSS”.  You can add the following url and read Bits from Bill on your TV via TiVo.
http://feeds.feedburner.com/BitsFromBill

Check other Blogs and favorite web sites and you’ll see an image indicating “RSS” or “XML”. Click on these images and you’ll get the required URL that can be entered into the Galleon.

 

 

Share on Facebook


Sunday, January 01, 2006

New WMF Exploit Patch

I had hoped I wouldn’t have to write about the Zero-Day WMF Exploit again but I feel a responsibility to anyone who has followed my advice.  I suspect most of my readers have already heard that a programmer named Ilfak Guilfanov beat me too it and and has created a patch for this problem.  If not, you can learn more on Ilfak’s Blog where he includes a link to newest patch available.

I have verified this patch will work on a system that hasn’t already been effected.  I can’t personally say for sure what the results will be on a system that has already been affected.

Downloading this patch is probably a good idea but only if you’ll remember to follow this story. When Microsoft does create an official patch you’ll need to follow Ilfak's instructions to Uninstall his software.

 

Share on Facebook


Predictions for 2006

It’s always dangerous to make predictions for a new year but I’ll take a stab at it. My most confident prediction is a change in PC sales for 2006.  At this time, there aren’t many good reasons to upgrade to a new computer. Normally, a new version a Windows will require new hardware and boost new PC sales.  Even if Microsoft Vista is released this year I’m not sure it will have the impact of past Windows launches.

Security/Spyware protection will the focus of major PC makers this year. I predict AMD and Intel will both announce  hardware solutions to Spyware and other security issues.  According to KGW Channel 8 in Portland, 8% of new computer sales are generated by Spyware infections. I feel safe predicting Microsoft Vista will be delayed to include support for additional protections including enhancements to DEP(Data Execution Protection)

I predict surprises from Apple this year even though the Mac has lost its huge usability advantage. The popularity of the iPod and Apple “style” has recaptured some of the intense brand locality that has kept Apple in business. I expect to see a new system from Apple this year along with some fun TV commercials. The theme of the ads will be how your new Apple computer won’t suffer from spyware like your PC.

My last prediction and recommendation for new PC sales would be customized Boot CD’s.  When you purchase your PC it should come with a specific boot CD. You’ll still be able to create start up profiles for new drivers and applications but let’s allow users more control over this process!  Who knows, maybe Apple will include a boot DVD with a choice of Mac OS X, Windows or Linux.

Share on Facebook