Hot Off The Net – Oct. 23, 2008 2:18PM EDT
Microsoft issued an emergency critical update today addressing a malicious Internet worm that could allow attackers to infiltrate systems remotely and take control over users’ computers without any user interaction.
The critical update is one of a handful of patches released out of sequence in the past few years. Microsoft issues regularly scheduled updates on the second Tuesday of every month, which has become known in IT circles as “Patch Tuesday.”
The fact that Microsoft has released what’s known as an “out-of-band” patch indicates the vulnerability is pretty severe.
The vulnerability, which affects almost every Windows operating system, is rated critical for multiple versions of Windows 2000, XP and Server 2003, but is given the less severe rating of “important” for Vista and Server 2008.
The error, if left unpatched, allows remote attackers to infiltrate systems in order to take control of users’ computers and steal data without any user interaction or social engineering lures. What makes this bug particularly nasty for business networks is that it has the ability to rapidly spread to other vulnerable computers within the network.
Security experts confirm that an exploit is loose in the wild, meaning that there is evidence that an attacker has already used the exploit code to conduct attacks on unsuspecting users. Microsoft also suspects that the code has been used in targeted attacks.
While Microsoft has provided possible workarounds for the vulnerability, users are advised to simply apply the patch as soon as possible. Normally we like to test these updates because you don’t want to break anything with the patch but with a critical patch such as this, it’s best to just get it installed.
Security updates are available on the Microsoft Update, Windows Update and office Update sections of the Microsoft Download Center.
As additional information becomes available, I’ll update this post.
The June 30 date for Windows XP “end of life” has come and gone, and Microsoft has officially placed Windows XP on the long road to retirement. Support for the most widely used operating system in the world will still be available for some time, but there are signs that the software giant is forging ahead deeper into an all .Net model, while scrapping the Win32 code altogether—even in legacy mode. Windows 7 might just be that turning point.
With the fundamental shift in the way its desktop operating system functions, Microsoft has placed millions of users in a tough position. The new XP technician must be crafty and resourceful to solve performance problems, security flaws, unstable environments and countless other issues.
But not everyone is tech-savvy enough to solve the arcane errors that pop up from time to time. With that in mind, here’s a simple list of fixes, tools and automated techniques that can satisfy most users needs with little to no technical understanding of XP.
Similar to adjusting a carburetor to produce the right mix, XP requires up-front adjustments to get the OS to perform at optimal conditions. But before looking under the XP “hood,” follow these steps:
1st. Back up all your critical data to an external storage device.
2nd. If working with a laptop, make sure the laptop is plugged in and not running on battery power.
3rd. Make sure you have administrative access and are logged on as the administrator.
Probably the simplest and most reliable way to optimize storage and improve OS performance is to buy Diskeeper 2008 Professional. But for those on tight budgets, free solutions (and free is always my personal favorite) are also available.
Increasing the physical RAM size is probably the easiest way to manage memory, but if that’s too expensive or not an option, I’d recommend resizing the Windows System Cache and its Registry settings. Here’s how:
1. Go to the Control Panel, click on System Properties, Advanced tab, Performance/settings button. In the Performance Options pane click on the advanced tab, users can increase the size of the virtual memory, and set up processor and memory usage priorities.
2. Controlling cached icons in memory is simple to change in XP. To change the system cache, go to Start, Run and type and run Regedit. Press F3 to find this key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer. Lower the value of the Max Cached Icons.
3. To optimize memory, we recommend using Process Lasso. The tool is free, reliable and powerful. Process Lasso provides fine control over applications and services by allowing users to change running priorities and restrain memory usage.
Process Lasso: http://www.bitsum.com/prolasso.php
4. Have only a single primary disk partition for XP. Creating a single hard drive partition for XP has been proven to be the fastest way to set up system storage.
5. Detect and repair disk errors on a regular basis. There’s no special software to complete this function as the feature is built into Windows XP SP2 and above. Go to Start | My Computer | and right click on the hard disk you want to check, then click Properties. In the properties dialog box, click on the Tools tab and click the Check Now button. In the Check Disk dialog box, select the Scan for and attempt recovery of bad sectors check box and click Start. You do not have to select “Automatically fix file system errors” unless you think that your disk contains bad sectors. If bad sectords are found, simply choose to fix them.
Know Your System
Here are more tips on how to avoid corrupting the registry. Take advantage of tools like CCleaner, RegCleaner and RegSupreme.
IMPORTANT! Back up the Registry by simply saving copies every time software is installed. By this I mean to backup your registry BEFORE you install a new software package. That way, if the installation messes up your computer and you can’t successfully uninstall the offending software, you’ll be able to revert to a good registry
And lastly, here’s how to know if you’ve been hacked:
Never depend on antivirus software and personal firewalls to automatically protect an XP computer. If a user knows what to look for, even sophisticated Windows forensic tools can work quite well.
For years now we’ve been been using Process Explorer and we highly recommend it. Process Explorer provides a listing of all processes running within an XP system, including all interdependencies for the processes.
Process Explorer: http://www.download.com/Process-Explorer/3000-2094_4-10223605.h
TPCView and FPort are simple tools that provide realtime information on all ports. If a hacker is attempting to enter through a port, FPort will show the pathway of the port access and map it to services in the OS.
Becoming an XP mechanic doesn’t require popping the hood and getting your hands dirty. Users just need to be proactive and smart enough to use sophisticated tools without having to learn the inner complexities of XP. Fortunately, the information provided here can help even the most nontechnical user figure out tough problems in minutes.
What are you waiting for Tonto?
Unfortunately, my heading will be lost on some younger viewers/listeners but I thought it was cute…
The Internet remains the biggest opportunity for most companies jockeying for your eyeballs and Silverlight is Microsoft’s attempt at gaining market share in the enormous Internet multimedia market (sometimes referred to as RIA – Rich Internet Applications).
Essentially, Silverlight is a competitor to Adobe’s Flash which currently has an estimated 90% market share; both are web development platforms.
Most everyone is familiar with Adobe’s Flash as the engine that renders the videos at sights like YouTube.com and CNN.com, but it’s also the technology used for just about anything visual that has movement or animation (if you right-click on any video or animation that is being generated in flash, a dialog box will appear with the last item being “About Adobe Flash Player…”)
Microsoft’s approach with Silverlight is quite different from Adobe’s Flash in that it is currently more focused on application development (it works directly with the .Net development platform), but at the end of the day, they both want you to use their software to view video and rich media on the Internet.
In order for Microsoft to get more web surfers to use the Silverlight viewing software (often referred to as a ‘plug-in’), they have to convince more website developers to use their development tools for generating multimedia content. In order for more website developers to commit to using Silverlight development tools, they want to see more web surfers that have the Silverlight viewing software installed, so it is a bit of a ‘Catch-22’ at the moment.
One of the highest profile partnerships that Microsoft landed for Silverlight was NBC’s Olympics website, which required the Silverlight software in order to view the live streams that were available during the games.
Oddly enough, now that the Olympic games are over, all of the archive videos at NBCOlympics.com are encoded using Adobe’s Flash. Many are speculating that NBC realized that 40 million US visitors to their Olympics site did not have Silverlight installed yet and that the extra annoyance of having to download the software in order to view the video was not worth the hassle.
So the real question is, do YOU need it? The answer to that question is different for everyone reading this and the sights you visit on the Internet will be the biggest factor. Until you go to a website that requires the download and you deem the content valuable enough to do so, you don’t need to install it.
Many of you may be seeing it as a download during Windows updates, which is another way to get it installed. In general, I am not seeing anything outside the ordinary problems for those that have installed Silverlight, so installing it before you find a need for it shouldn’t impact a properly running computer (never install anything new if your computer is not running properly – it just adds more variables to the problem).
Silverlight is still in its infancy (Version 2 is currently in Beta testing and available at microsoft.com/silverlight), so Microsoft has another long battle in front of it if they want to grab market share away from Adobe.
If you happened to be a business and in the market for development tools for web-based applications, you would do well to evaluate all of the options in the family of development tools offered by Microsoft including Silverlight (www.silverlight.net) in your search.
Learn more about Silverlight here:
Install the newest version here – it’s a 4 MB download and a 10 second install
As for my headline: Backed by the William Tell Overture, the full mantra of the Lone Ranger went like this: “A firey horse with the speed of light. a cloud of dust and a hearty Hi-Yo Silver!” Want to hear it for yourself – click here
Just doing what I can to keep the legend of the Lone Ranger and Tonto alive.
Do You Pay Comcast For Your High Speed Internet Access?
If so – pay close attention to their “new” rules effective Oct 1, 2008.
Here’s a copy of the email I’ve received from my account on Comcast.
Dear Comcast High-Speed Internet Customer,
We appreciate your business and strive to provide you with the best online experience possible. One of the ways we do this is through our Acceptable Use Policy (AUP). The AUP outlines acceptable use of our service as well as steps we take to protect our customers from things that can negatively impact their experience online. This policy has been in place for many years and we update it periodically to keep it current with our customers’ use of our service.
On October 1, 2008, we will post an updated AUP that will go into effect at that time.
In the updated AUP, we clarify that monthly data (or bandwidth) usage of more than 250 Gigabytes (GB) is the specific threshold that defines excessive use of our service. We have an excessive use policy because a fraction of one percent of our customers use such a disproportionate amount of bandwidth every month that they may degrade the online experience of other customers.
250 GB/month is an extremely large amount of bandwidth and it’s very likely that your monthly data usage doesn’t even come close to that amount. In fact, the threshold is approximately 100 times greater than the typical or median residential customer usage, which is 2 to 3 GB/month. To put it in perspective, to reach 250 GB of data usage in one month a customer would have to do any one of the following:
* Send more than 50 million plain text emails (at 5 KB/email);
* Download 62,500 songs (at 4 MB/song); or
* Download 125 standard definition movies (at 2 GB/movie).
And online gamers should know that even the heaviest multi- or single-player gaming activity would not typically come close to this threshold over the course of a month.
In addition to modifying the excessive use policy, the updated AUP contains other clarifications of terms concerning reporting violations, newsgroups, and network management. To read9 some helpful FAQs, please visit
One of the reasons I mention this is that there’s long been talk about ISP’s (Internet Service Providers) charging customers based on the bandwidth they consume. Until now, ISP’s have been afraid to upset the apple cart and institute a pay as you use service model. Looks like that reluctance is finally gone. Comcast is instituting “bandwidth” control and calling it a benefit for those users who do not take advantage of the system and use excessive amounts of bandwidth.
So… let’s all just wait and see who else jumps on this gravy train. Can Verizon be far behind? Will Comcast users simply sit still and take it or will they rebel and take their internet elsewhere. In the future, will we be paying for every email we send, every video we view or download and perhaps every website we visit? Only time wil tell, but now that Comcast has taken the first step, others are sure to follow.
On a lighter note – Comcast is announcing a new service called SmartZone. This service is supposed to make your comcast.net email experience better with an imporved design, email, voice mail and address book all in one area and get upgraded to 10 Gigabytes of mailbox storage (apparently 40x more then the current account has). Take a sneak peek here:
Comcast has instituted a new Online Security Newsletter for subscribers with a link to a service/site named comcast.net Security. This website is very informational and goes a long way towards helping computer users identify and protect themselves from many Internet threats. Take a look – you don’t even have to be a Comcast subscriber to avail yourself of this resource so take advantage of it while you can.
Napster Inc., the online music community that rose from a dorm room project to became the scourge of the global recording industry, is being purchased by Best Buy Inc. for nearly $127 million as the electronics retailer tries to boost its digital music business.
On Monday, September 15th, Best Buy, agreed to acquire Napster for $126.9 million, or $2.65 a share. The deal, which is nearly double Napster’s Friday closing price of $1.36 a share, has been approved by the company’s board and will be supported by its directors and executive officers.
In a statement, Best Buy valued the deal at $121 million, and said the difference was due to unvested employee stock awards at Napster. According to its most recently quarterly filing, Napster had about 47.9 million shares outstanding as of Aug. 8, implying a price of $126.9 million.
Napster, a once-free file-sharing network, was a favorite tool among college students earlier in the decade. But as the service gained popularity, the company became the sworn enemy of heavy metal band Metallica and along the way fueled a cultural, legal and political debate about copyrights and intellectual property while at the same time helping popularize digital music.
Although Best Buy and Napster have digital music download services, the companies hope the combined service will put pressure on Apple’s iTunes, which currently holds roughly 70.0% on the digital music download market. Best Buy’s relationships with mobile device makers and access to new digital device buyers will use Napster’s well-known brand and Web platform to offer new ways to find and use digital entertainment across a broader range of devices.
Best Buy has been making headway into selling mobile handsets recently, and has been offering a Best Buy Music Store (powered by Rhapsody) for some time. Best Buy will most likely utilize Napster as a means of bundling digital content with its PC and mobile handset offerings.
This deal is also a boon for Napster, which last month reported a loss of $4.4 million, or 10 cents per share, as revenue slid 6 percent. Experts said Napster would likely face more struggles on its own as the popularity of Apple Inc.’s iTunes grows.
The takeover, which must receive regulatory and shareholder approval, is expected to close in the fourth quarter.
Napster was launched in 1999 as an online file-sharing service by Northeastern University student Shawn Fanning. Members could access millions of songs stored on other members’ computers without paying a fee. The music industry, through the Recording Industry Association of America and performers such as Metallica and Dr. Dre, claimed copyright violations and attempted to shut down the service with numerous lawsuits.
The lawsuits were effective and Napster, in its original incarnation, was eventually forced to close in 2001. However, it soon reemerged as a seller of fully licensed digital music tracks after its brand and logo were acquired by private concerns. Today Napster has a subscriber base of over 700,000.
Check out Napster’s current site:
Internet Explorer 8 Beta 2 and A Warning To XP Users
Users anxious to upgrade their Web browser to Microsoft’s Internet Explorer 8 Beta 2 may encounter a snag if they’ve downloaded Windows XP Service Pack 3. After announcing IE8 Beta 2, the Microsoft team quickly wrote a blog post warning users that IE 8 Beta 2 combined with Windows XP SP3 will not be able to uninstall IE8 Beta 1 or SP3.
Here’s how it breaks down. Microsoft released IE8 Beta 1 before XP Service Pack 3 became available. Users who downloaded and installed SP3 after IE8 Beta 1 are urged by Microsoft to manually uninstall Beta 1 before upgrading to Beta 2; otherwise, neither SP3 or Beta 1 will be able to be uninstalled from your machine.
According to the Internet Explorer Blog, users who have Automatic Updates turned on will be prompted by the operating system to upgrade to Beta 2, but the update message won’t explain the ramifications of putting IE8 Beta 2 on top of Beta 1 and SP3.
Personally, I think it might be a scheme orchestrated by Microsoft to retroactively add another feature to IE8. Is it too outlandish to consider that Microsoft is hedging its bets on IE8 Beta 2 by making sure Beta 1 will always be tied to a machine? And isn’t it just a tad suspicious that the flaw only affects Windows XP — the very operating system that many users refuse to migrate away from in favor of Vista?
Anyway, we (the users) should be the final decision makers when it comes to the software we allow to run on our systems. If you’re considering IE 8 Beta 2 I urge you to read the blog post BEFORE attempting to download and install this updated version.
Explorer 8 Beta 2
http://www.microsoft.com/windows/internet-explorer/beta/ what’s next in the browser wars.
I’m sure you’ve all heard about Google and their newly released “Chrome” browser. Here’s a link to their 38 page comic book introducing Chrome – way too much information in my opinion but:
I’ll report back on how Chrome works when I’ve had an opportunity to fully test it – stand by…..
In the meantime, if you’re the adventureous type, here’s the download link for Chrome BETA:
I really don’t know why I’m posting this but here you go:
The Top 10 reasons you don’t want GM to engineer cars like Microsoft engineers their Windows Operating Systems.
Below is the content of an email I received last week. The original author of the content is not known and the quotes have not been verified. Even so, it provides food for thought and could be the beginnings of some interesting water cooler discussions.
For all of us who feel only the deepest love and affection for the way computers have enhanced our lives, please read on.
At a recent computer expo (COMDEX), Bill Gates reportedly compared the computer industry with the auto industry and stated, ”If GM had kept up with technology like the computer industry has, we would all be driving $25.00 cars that got 1,000 miles to the gallon.”
In response to Bill’s comments, General Motors issued a press release stating: If GM had developed technology like Microsoft, we would all be driving cars with the following characteristics:
TOP 10 LIST
Microsoft vs General Motors
1. For no reason whatsoever, your car would crash……..Twice a day.
2. Every time they repainted the lines in the road, you would have to buy a new car.
3. Occasionally your car would die on the freeway for no reason. You would have to pull to the side of the road, close all of the windows, shut off the car, restart it, and reopen the windows before you could continue. For some reason you would simply accept this.
4. Occasionally, executing a maneuver such as a left turn would cause your car to shut down and refuse to restart, in which case you would have to reinstall the engine.
5. Macintosh would make a car that was powered by the sun, was reliable, five times as fast and twice as easy to drive – but would run on only five percent of the roads.
6. The oil, water temperature, and alternator warning lights would all be replaced by a single ”This Car Has Performed An Illegal Operation” warning light.
7. The airbag system would ask ”Are you sure?” before deploying.
8. Occasionally, for no reason whatsoever, your car would lock you out and refuse to let you in until you simultaneously lifted the door handle, turned the key and grabbed hold of the radio antenna.
9. Every time a new car was introduced, car buyers would have to learn how to drive all over again because none of the controls would operate in the same manner as the old car.
10. You have to press the ”Start” button to turn the engine off.
Have a GREAT Day!
Windows 7 “Ultimate” video
First glimpse – let’s fire up the rumor mill!
Windows 7 “appears” to look a lot like Windows Vista, judging from a video purporting to show the “Ultimate” version of Microsoft’s next operating system. The video popped up on the Internet and has drawn more than one and a half million hits on YouTube.
The three minute and 48 second video claims to show Windows 7 Ultimate at “Milestone 1.” For the record, Windows 7 isn’t slated for release until January 2010 at the earliest.
Not much happens in the video’s first 30 seconds, then a screen appears showing the words “Windows 7 Ultimate”, version 6.1, along with Microsoft’s usual licensing disclaimers. The video then runs through an assortment of screens.
The most interesting, and credible, portion shows a scrollable menu that’s subdivided into areas such as TV and Movies, Pictures and Videos, Music, Tasks and Online Media. It doesn’t feature the sort of touch screen interface that Microsoft demonstrated for Windows 7 “Surface” technology earlier this year at the All Things Digital Conference. You can view a YouTube video of Surface technology in action here – it’s pretty darn cool: http://www.youtube.com/watch?v=GqDQ0wUcSPQ
But beyond a few new bells and whistles, what’s most noticeable about Windows 7, at least as it’s shown on this video, is how similar it looks to Windows Vista. That’s probably bad news for Microsoft, if it turns out to really be the case.
Early word from Microsoft indicates that Windows 7 will include many of Vista’s useless CPU and memory munching “features” and then some. In other words, it will be time to upgrade your hardware again when the OS arrives in the next year or so.
The fact is, most users don’t want all these extras, especially if they require hundreds of dollars worth of additional hardware. Computer users — in business and at home – simply want a machine that can handle word processing, e-mail and the Internet, and that’s about it.
To experience all of Vista ‘s bloated features, PC users need a computer with at least a 1-GHz processor, 1 GB of memory, and a 40-GB hard drive. By contrast, Windows XP Professional requires only a 300-MHz processor, 128 Mbytes of RAM, and a 1.5 GB hard drive.
Here’s a YouTube video showing some screen shots.
Microsoft has also launched a blog called Engineering Windows 7 to keep developers informed on progress on its forthcoming operating system. Take a look.
Windows 7 News
August is bad weather month here on the South Shore and it’s not uncommon for a severe storm to hit without warning. That’s why protecting your computer and printer with a surge suppressor is more than a good idea—it’s an absolute must.
While a home circuit breaker can protect some of your appliances, they were not built to protect the sensitive electronic equipment in a computer. If a high electrical surge hits your computer, it could fry your motherboard and CPU in seconds causing you to lose data AND the use of your computer.
The biggest mistake most users make is thinking that their power strip will protect them, when in reality, it won’t. To adequately protect your sensitive electronic investments, you need a quality surge suppressor designed to handle the job.
There are main 2 things to look for in a surge suppressor:
First is response time. This is the amount of time it takes this device to react to a power surge. This should be 10 nanoseconds or less; any longer and you run the risk of damaging your PC.
The second thing to look for is the amount of energy it can absorb and dissipate before it blows, measured in joules. I recommend at least 800 joules or higher.
Another feature to look for is a failure indicator light. This light will come on when the suppressor is fried and no longer protecting your computer. Most surge suppressors will have this.
If you’re using a dial-up modem (hopefully only for your fax machine), be sure the suppressor blocks electricity that can come in from the phone lines. If you have a fax or cable line, make sure the suppressor you chose handles those too. You also want to make sure the suppressor you choose meets the UL 1449 specifications (this will be listed on the box).
There are three levels of protection: 330, 400 and 500. This number refers to the maximum voltage that the suppressor will allow to pass through the line. The lower the number, the better off you are.
Finally, unplug your computer and all computer equipment, telephone, and modem lines during a lightning storm. This is the ultimate protection against sudden and devastating power surges.
For more information, visit one of my favorite wewbsites – How Stuff Works
Researchers at the University of Washington and the University of California, San Diego, have launched Adeona, an open source service aimed at helping consumers and businesses track the location of lost or stolen laptops.
Adeona may have been the goddess of safe returns, but if a group of computer science professors and graduate students get their wish, they’ll be viewed as the patron saints of secure laptop computer data, thanks to their new open source software service named after the Roman deity.
Also, for those who worship at the altar of bargains, Adeona may indeed be a godsend: It’s free.
Adeona, the result of a yearlong joint research project at the University of Washington and the University of California, San Diego, allows users to track the location of lost or stolen laptop computers.
It’s designed to answer the needs of corporations and government entities that have seen an increase in personal data breaches because of missing laptops, as well as consumers who are putting more music, photos and memories onto their portable computers.
Security vs. Privacy
For one of the graduate students involved in the project, Adeona became a search for a truly private system for laptop users. “The research project at first was initially not about delivering a service for the general public,” Thomas Ristenpart, graduate student from UCSD says. “We were originally looking at the privacy implications of some of the device-tracking systems now on the market. But as we got into it, we realized we were going to develop a client that people would be interested in using.”
That interest stems from the fact that existing commercial laptop-tracking products involve someone besides the owner having access to personal data. Ristenpart has no information that any abuse has taken place, he said, but his team understood the concerns some users might have regarding those products.
How It Works
Users install Adeona onto their laptops, which then set up encrypted connections to the open source OpenDHT storage servers on the Web. If a user loses a laptop or is the victim of theft, another download and a password allows him to track his device via last-known Internet protocol (IP) addresses and Internet nodes that were used to connect to the missing machine. Users are the only ones to see the information about their laptops — not outside companies or law enforcement agencies.
“We think that one of the cool contributions of this type of research is not only can you develop a system that successfully tracks your laptop, but it can do so with privacy mechanisms in place. People don’t have to sacrifice privacy to get these kinds of benefits,” Ristenpart said.
Open Source Security
There are some questions about whether an open source-based tracking system would itself be secure, since any developer would have access to the source code. The fact that it’s open source makes the structure of security visible to the bad guys as well. … many Corporations don’t open source security for that reason.
Tracking systems focused on the hardware and not the data itself face challenges. The thieves steal the laptops, and within an hour just throw them away. What they really wanted was the data, they wanted the identity on the laptop.
Adeona runs on Mac’s, PC’s with Windows XP and Vista and of course, Linux.
Here’s the link to Adeona’s home page for additional information and downloads: