Wednesday, January 31, 2007

Workaround For Clean Install With Vista Upgrade DVDs

ActiveWin published a workaround provided by Microsoft internal documentation for Vista Upgrade DVDs that will not invalidate the Windows XP Key, as discussed here. Blair provided the original source, not credited by ActiveWin, as Paul Thurrott.
"Per Microsoft's new licensing requirements for Vista, users are required to install a Windows Vista Upgrade from within Windows XP. When this occurs, the Windows XP license is forfeited and the Windows Vista installation process can take place.

Now, however, this workaround allows users to perform a “clean install.” The process is a bit tedious, but is not hard are all to complete. Users have to perform these simple steps to perform a clean install of Vista without a previous version of Windows installed with an upgrade DVD:

1. Boot from the Windows Vista Upgrade DVD and start the setup program.

2. When prompted to enter your product key, DO NOT enter it. Click "Next" and proceed with setup. This will install Windows Vista as a 30-day trial.

3. When prompted, select the edition of Vista which you have purchased and continue with setup.

4. Once setup has been completed and you have been brought to the desktop for the first time, run the install program from within Windows Vista.

5. This time, type in your product key when prompted.

6. When asked whether to perform an Upgrade or Custom (advanced) install, choose Custom (advanced) to perform a clean install of Vista. Yes, this means that you will have to install Vista for a second time.

7. Once setup has completed for the second time, you should be able to activate Windows Vista normally. You can also delete the Windows.old directory which contains information from the first Vista install."

Tuesday, January 30, 2007

The "WOW" is Now!

At long last, with the arrival of the official consumer release of Windows Vista and Office 2007, the Wow is now. Along with the release came a few updates -- just a few fixes, no security updates needed yet.

If you missed the live Launch Event webcast, the re-run and several other videos are available at Microsoft Wow Launch.

Whenever something is new, there is always a learning curve. To assist in getting around that curve, ActiveWin has prepared an excellent review of Windows Vista, providing a look at some of the features in Vista, including over 200 screenshots.

Below is a "starter set" of bookmarks I have collected to add to your Vista Favorites. I expect to be adding to the list as other sites are expanded.

Microsoft Websites:

Microsoft Windows Vista Blogs:

Windows Vista Gadgets, Tips, and More:

Office 2007 Blogs and More:

Internet Explorer 7

Monday, January 29, 2007

Groundbreaking Anti-Malware Settlement Involving DirectRevenue

I certainly am glad that I subscribe to Brian Krebs "Security Fix" blog on the Washington Post. I just read his posting from about an hour ago announcing that Cingular Wireless LLC, Priceline.com and Travelocity.com have agreed to settle their part in an ongoing investigation. In 2006, the New York State Attorney General's office sued DirectRevenue for deceptively and fraudulently installing its pop-up ad-serving and Web-tracking software on millions of PCs without approval or consent of consumers.

Since one of the things I "do" is help in online security forums, I certainly completely agree with Mr. Krebs statement about one of the reasons this settlement is important:
"Online help forums are awash in desperate messages from consumers whose machines were besieged by pop-up ads after visiting a Web site that used slimy drive-by tactics to install DirectRevenue's software, which is notoriously difficult to remove from a host machine."
It is certainly well past time that for this type of action. I hope other states follow the example of New York State's Attorney General, Andrew Cuomo. Mr. Cuomo's statement serves as a warning to other advertisers turning a blind eye to adware purveyors:
“Advertisers will now be held responsible when their ads end up on consumers’ computers without full notice and consent,” Cuomo said. “Advertisers can no longer insulate themselves from liability by turning a blind eye to how their advertisements are delivered, or by placing ads through intermediaries, such as media buyers. New Yorkers have suffered enough with unwanted adware programs and this agreement goes a long way toward clamping down on this odious practice.”

New Microsoft Vista and Office 2007 Resources


As the hours count down to zero, Microsoft has readied resources for Microsoft Vista and Office 2007 customers.


Vista Orb Image downloaded and resized from Long Zheng.

Saturday, January 27, 2007

Celebrate Windows Vista and Office 2007 Release With Bill Gates

Bill Gates Celebrates Worldwide General Availability of Windows Vista and the 2007 Microsoft Office System

"January 29, 2007

1:45 p.m. PST / 4:45 p.m. EST

From Times Square in New York City, join Microsoft Chairman Bill Gates for a live webcast celebrating the worldwide launch of Windows Vista and the 2007 Microsoft Office System. The celebration pays tribute to the millions of Microsoft customers, partners and product testers around the world who provided input and feedback on these products -- helping Microsoft transform the way people communicate, create and share content, and access information and entertainment in the new digital age."


View Webcast:

Friday, January 26, 2007

Microsoft Security Advisory (932114)

Today Microsoft released Security Advisory 932114, described as relating to a vulnerability in Microsoft Word 2000 which could allow remote code execution. In order for the attack to be successful, it is first necessary to open a malicious Word file attached to an e-mail or otherwise provided by an attacker. Obviously, the common sense approach applies yet again to not open unexpected or unusually named attachments.

Reminder: As stated in the MSRC Blog on this advisory, Microsoft is aware of very limited, targeted attacks attempting to use the vulnerability.

Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.

International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Thursday, January 25, 2007

“…chose to fight the charges”

By way of Catherine’s Flying Hamster Blog, I see that the "Julie Amero mess" has sparked broader coverage. Brian Krebs published Substitute Teacher Faces Jail Time Over Spyware on the Washington Post site which includes information of his interview of Julie Amero.

As Catherine wrote:
"This does not sound like a teacher who, with malice of forethought, would plan to expose her pupils to pornography. Please keep in mind that she is a substitute teacher - and not a regular staff member of the school."
I agree completely. Read the article for yourself and see what you think.

By the way, reading that the “students” were accessing the computer, logged on by another teacher, not Ms. Amero, rather makes a person wonder about the so-called physical evidence of “typed URLs” from
Detective Lounsbury’s commentary:
"Physical evidence and electronic evidence is collected. In the case of crimes involving computers, the evidence is collected with tools designed to find the evidence. This evidence includes internet history, content, and registry data, including "typed URLs". It's these "typed URLs," gleaned from the registry, which are identified - not pop ups."


Microsoft Extends Support for XP Home and Media Center

Excellent news for Microsoft customers not yet ready to upgrade to Windows Vista, Microsoft announced extended support for Windows XP Home Edition and Windows XP Media Center Edition:
"With the addition of Extended Support, the support life cycle for Windows XP Home Edition and Windows XP Media Center Edition will include a total of five years of Mainstream Support (until April 2009) and five years of Extended Support, matching the support policy provided for Windows XP Professional."
With Windows Vista reaching the shelves next week, users with unsupported versions of Windows operating systems will likely be able to obtain discounted prices for Windows XP, knowing that security updates will be available until 2009, or with extended support to 2014.


Wednesday, January 24, 2007

Sensationalism, Irresponsible Journalism or Microsoft Bashing?

Both Ed Bott of Ed Bott's Windows Expertise and Robert McLaws of Windows Now have had their turn this week being upset with what, in my book, can be construed as sensationalism, irresponsible journalism, Microsoft bashing, or a combination of all three. (See Ed's remarks here and here and Robert's here and here.)

Now it is my turn.

In the hope of educating as many people as possible, I have been following and reporting on the latest "Storm" worm as it has evolved from the first reports by F-Secure. While checking headlines in my RSS feeds, I spotted "Storm" Trojan Hits 1.6 Million PCs; Vista May Be Vulnerable and followed the link to Information Week to read the article.

I hoped that I would cool off by not commenting on the article after reading it yesterday or have a different perspective today. If anything, it is just the opposite.

First, a couple of quotations from the InformationWeek article:

"The Trojan horse that began spreading Friday has attacked at least 1.6 million PCs, a security company said Tuesday.

In addition, it appears that Windows Vista, the new operating system Microsoft will launch next week, is vulnerable to the attack."

and
"Microsoft's soon-to-release-to-consumers Vista, however, does appear at risk, added Symantec Tuesday. 'It appears most if not all variants could execute on Vista,' the spokesman said. 'The only way the Trojan would be unsuccessful is if somehow Vista is able to detect/prohibit the e-mail. This seems unlikely.'"
Now my comments:

Let's start with the story headline which includes "Vista
may be Vulnerable". This story is about a nasty trojan but it appears the only way to get attention by journalists these days is including the name "Microsoft" or "Vista" in the title.

The next mention of Windows Vista is in the beginning of the article which includes the statement that "it
appears Windows Vista . . . is vulnerable. . ." Yet, neither there nor anyplace else in the article does the author provide any indication whatsoever of how or why Windows Vista may be vulnerable to this trojan, distributed as an attachment in emails.

Now we move to the end of the article where the next mention of Microsoft and Vista appear, this as a quotation attributed to a Symantec spokesman in which the spokesman made a ridiculous statement referring to the operating system deleting or prohibiting the email.

That is right, the Symantec spokesman is suggesting that the operating system, not the anti-virus software, should be deleting/prohibiting trojans. (Didn't I read somewhere that Symantec was one of the companies complaining that Windows Vista has too many restrictions?)

Other than the ridiculousness of the Symantec representative's statement, why do I find that quotation and the earlier innuendos irresponsible? It is this simple: The "Storm" worm is propagated as an attachment to spam emails. Assuming the email gets past the user's email filters, it requires user intervention to open the email and to then click open the attachment.

By the author's own admission:

"Anti-virus companies have updated their signature databases with fingerprints that identify and then delete (or quarantine) the Trojan as it arrives. Other defensive advice includes filtering traffic on UDP ports 4000 and 7871, update anti-spam products, and configure mail gateways to strip out all executable attachments."

So, for the trojan to reach the user, there must be a situation where the user and the ISP have no email filter and the user allows executables in their email program (or clicks on the .exe attachment in webmail). Since A/V companies have updated their databases, we then must presume that the user either does not have an anti-virus software installed or it is not up to date.

Remember, the article author and Symantec spokesman indicate that Windows Vista may be vulnerable. Thus, they must also have forgotten that the Vista user must have "administrator-like" UAC (User Access Control) authority in order to allow the executable to run after the trojan has by-passed email filters and anti-virus software. We would further have to assume that the user does not have any real-time protection (i.e., Windows Defender, AVG Guard, Ad-Watch, WinPatrol, and the like). Thus, a Windows Vista computer can be infected. However, that does not make Vista vulnerable. It means that the computer own/operator is responsible.

I would strongly suggest that both Gregg Keizer and his Symantec spokesman head over to the Windows Vista Blog and read Jim Allchin's excellent presentation of "Security Features vs. Convenience", noting in particular the bold text in the following quotation:
". . . we created a mode of UAC called admin approval mode. In this mode (which is on by default for all members of the local administrators group), every user with administrator privileges runs normally as a standard user; but when an application or the system needs to do something that requires administrator permissions, the user is prompted to approve the task explicitly. Unlike the "super user on" function from UNIX that leaves the process elevated until the user explicitly turns it off, admin approval mode enables administrator privileges for just the task that was approved, automatically returning the user to standard user when the task is completed."
I hope everyone takes the time to read the above article by Jim Allchin and realizes that articles like the one in InformationWeek and those that Ed Bott and Robert McLaws referred to have a purpose -- sensationalism and as Ed states, "fact-free journalism".


Julie Amero Saga Continues

Network Performance Daily provided the promised "Commentary by Detective Mark Lounsbury". Also very interesting today was the link from the SunbeltBLOG to the Norwich Bulletin summary of the school board meeting on Tuesday, January 23, 2007, entitled Norwich porn a fluke, expert says.

Indeed, it must be a "fluke", a mere "technical glitch" when

"From August to October 2004, the district's filtering system didn't regularly add newly discovered pornographic sites to its restricted Web sites database.

Hartz said Norwich's filtering software generally worked in 2004, but new offensive sites weren't blocked partly because Symantec, creator of the school's WebNOT computer filter, failed to send him a licensing certificate to activate the software's updates feature." {bold added}

I get it. It is Syantec's fault, not the system administrator.

Also of interest: Unpaid Invoice May Have Led To School Pornography Incident (by way of Catherine, Flying Hamster, a great source of news items).



Network Performance Daily
SunbeltBLOG

Tuesday, January 23, 2007

Julie Amero - Additional Info from "Network Performance Daily"

Yesterday, Brian Boyko of Network Performance Daily published commentary by the forensic examiner who provided information on his analysis of the infected computer as well as his courtroom experience. The anticipated article by Detective Lounsbury, expected today, has been delayed while information in the article is double-checked.

In the meantime, Mr. Boyko spoke with Steve DelGiorno, the CEO of ComputerCOP software, which makes some of the forensic software used in this case. In that conversation, Mr. DelGiorno stated that it is not the function of ComputerCOP software to determine the cause of files being on a computer, rather merely to locate existing, hidden and even deleted files and images.

In my opinion, Mr. DelGiorno's description of the purpose and use of ComputerCOP software further substantiates Mr. Horner's comment made in reference to the malware uncovered during his examination of the computer:
"Out of the 42, 27 were accessed or modified days if not a month before October 19, 2004."
I will be looking forward to reading Detective Lounsbury's article tomorrow followed by a news-analysis editorial concluding the Network Performance Daily coverage of the Amero case on Thursday.

Authorities Advise: "Remove old JRE!"

The Internet Storm Center/SANS Diary published the warning that members of the security community have been advising users for a long time, advising that Sun Microsystems Java and Jscript either be permanently disabled in your browser(s) or "keep as close an eye on JRE versions as you do Microsoft Windows patches!"

The ICS/SANS Diary advisory:
"Remove old JRE!
Published: 2007-01-22,
Last Updated: 2007-01-23 00:53:25 UTC
by Adrien de Beaupre (Version: 1)

As new versions of the Sun Java JRE keep coming out to address security vulnerabilities do NOT forget to remove the old versions. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run, update the applications and then update the JRE, and then remove the old JRE versions. Why? A Java applet can request which version of JRE it wishes to use, that's why."

ICS/SANS was not the only recognized authority issuing a warning. US-CERT issued Technical Cyber Security Alert TA07-022A indicating:

"The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system."

US-CERT substantiates the recommendation of ICS/SANS to uninstall the affected versions and disable Java in your browser(s).

The affected versions of Sun Java Runtime Environment (JRE) are listed below.

  • JDK and JRE 5.0 Update 9 and earlier
  • SDK and JRE 1.4.2_12 and earlier
  • SDK and JRE 1.3.1_18 and earlier
Illustrated instructions for updating and removing vulnerable versions are provided in "SunFlowers and SunJava Update.

Monday, January 22, 2007

Forensic Examiner Talks About Julie Amero Case

Like many interested members of the internet community, I have been following with interest as additional information becomes available in the Julie Amero case. (Background here.) I hope that it is some consolation to Ms. Amero to know that she has the support of so many people around the world. Oh yes, I said "around the world". In addition to the article in The Register, this case has been the topic of discussion among people located throughout Europe, including Sweden, Finland and the U.K.

It appears that those public and private discussions are having an effect. Today, the SunbeltBLOG posted a link to the "Network Performance Daily", in which Brian Boyko arranged for the forensic examiner to present his commentary of not only the extent of his analysis of the infected computer but also his courtroom experience.

See The Strange Case of Ms. Julie Amero: Commentary by Mr. Herb Horner then read Mr. Horner's concluding paragraph again:
"Let this experience stand as a warning to all that use computers in an environment where minors are present. The aforementioned situation can happen to anyone without fail and without notice if there is not adequate firewall, antispyware, antiadware and antivirus protection. That was not provided by the school administration where Julie Amero taught."
In the event you have missed other recent publications on this travesty, you may want to see the following:

A New Storm Brewing

The malicious worm generators have moved on to what F-Secure is calling "Stormy Love". I guess that is to be expected with Valentines Day a few weeks away. In fact, I would expect this type of enticement to pick up as the date gets closer to February 14 when everyone's heartstrings are easy pickings. As it is, the folks at F-Secure noticed that the list of subjects if very similar to the list of romantic cards at 2000greetings.com.

With all of these references to storms, I am hopeful that they don't pick on an old-time favorite, Stormy Weekend by the Mystic Moods Orchestra, pictured here. I believe we still have the old vinyl around somewhere.

The list that F-Secure has compiled so far is quite long and, as I suggested above, will probably grow over the next few weeks. This is what F-Secure has turned up to date:


A Bouguet of Love
A Day in Bed Coupon
A Monkey Rose for You
A Red Hot Kiss
Against All Odds
All That Matters
Baby, I'll Be There
Back Together
Breakfast in Bed Coupon
Can't Wait to See You!
Cyber Love
Dinner Coupon
Dream Date Coupon
Emptiness Inside Me
Fields Of Love
For You
Full Heart
I Believe
I Can't Function
I Dream of You
I Think of You
Internet Love
It's Your Move


Kiss Coupon
Love Birds
Love You Deeply
Made for Each Other
Miracle of Love
Moonlit Waterfall
My Invitation
Our Love
Our Love is Free
Our Two Hearts
Passionate Kiss
Pockets of Love
Puppy Love
Red Rose
Sending You My Love
Showers of Love
Someone at Last
Soul Partners
Summer Love
Take My Hand
That Special Love
The Dance of Love
The Long Haul


The Love Bugs
This Day Forward
This Feeling
Till Morning's Light
Till Morninig's Light
The Mood for Love
To New Spouse
Together Again
Together You and I
Touched by Love
Twice Blest
Until the Day
We're a Perfect Fit
Wild Nights
Will you?
When I'm With You
Worthy of You
Wrapped Up
Wrapped in Your Arms
You are our of this world
You Lucky Duck!
You Rock Me!
You Were Worth the Wait


The attachment names are not unexpected:
  • Greeting Postcard.exe
  • postcard.exe
  • greeting card.exe
  • Flash Postcard.exe
  • flash postcard.exe
The advice to follow is not new but is repeated once again. Just imagine an old vinyl copy of Stormy Weekend stuck and repeating . . . if your email spam filters don't pick it up, you can avoid infection by blocking executables in your email client. If you use webmail, do not click the attachment.

Sunday, January 21, 2007

Must Be a Slow News Day

ITWire published a story today that, according to new research, the public is no hurry to upgrade to Windows Vista. So what happens with a headline grabber like "No hurry for public to upgrade to Vista: new research"? It hits the news feeds and people think, "Hey, guess I better hold off with the Vista update."

Unfortunately, the fancy eye-catching headline is all people see. They miss the fact that the so-called "new research" only had 2221 respondents. In fact, the only information provided in the article on who participated in the survey was "40 blogs and 156 websites". For all we know, the blogs and websites were cooking, gardening, sports, open source, and other non-geek sites.

I really dislike irresponsible reporting, particularly by well known sites.

Saturday, January 20, 2007

The Storm Continues

Mother Nature may have finished ravishing Europe, but, as reported by F-Secure, the Storm Worm Gang continues. The rather far-fetched subject lines should spark a warning.

The subject lines reported to date by F-Secure include:
  • Russian missle shot down Chinese satellite
  • Russian missle shot down USA aircraft
  • Russian missle shot down USA satellite
  • Chinese missile shot down USA aircraft
  • Chinese missile shot down USA satellite
  • Sadam Hussein alive!
  • Sadam Hussein safe and sound!
  • Radical Muslim drinking enemies' blood.
  • U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
  • U.S. Southwest braces for another winter blast. More then 1000 people are dead.
  • Venezuelan leader: "Let's the War beginning".
  • Hugo Chavez dead.
  • President of Russia Putin dead
  • Third World War just have started!
  • The Supreme Court has been attacked by terrorists. Sen. Mark Dayton dead!
  • The commander of a U.S. nuclear submarine lunch the rocket by mistake.
  • First Nuclear Act of Terrorism!
The attachment names are:
  • Video.exe
  • Full Video.exe
  • Read More.exe
  • Full Text.exe
  • Full Clip.exe
As before, the same caution applies if your email spam filters don't pick it up, you can avoid infection by blocking executables in your email client. If you use webmail, do not click the attachment.

Friday, January 19, 2007

"Look for the Logo" Sweepstakes

By way of Josh's Windows Weblog, I learned of additional fun being sponsored by Microsoft to promote Windows Vista. It is the "Look for the Logo" Sweepstakes":
"Visit any partners' site to the right and look for the "Certified for Windows Vista" logo with the weekly four digit code. Then enter the code below for your chance to win.
Enter once a week now through March 4, 2007."

As explained at Look for the Logo:



"Software and devices that are Certified for Windows Vista have passed rigorous testing to ensure ease-of-use, better performance, and enhanced security, which means you’ll get the best experience."


Conversely,

"The black-and-white Works with Windows Vista logo signifies a product provides basic functionality and compatibility with the Windows Vista operating system. In contrast, products that are Certified for Windows Vista deliver the best experience."

Here's your opportunity to meet the certified partners, learn about the Vista Certified software and hardware available plus have a chance to win a prize.

Rules and prizes

Storm Battered Europe - Worm Batters Computers

The storm Germany calls Kyrill took the lives of at least 44 people across Europe, resulting in more than one billion euros damage in Germany alone. While that storm raged, another storm hit the cyber waves in the form of an email worm. As F-Secure reported, The Storm-Worm that F-Secure refers to as Small-DAM is a variant of Small:
Small.DAM, a variant of Small, is a Trojan that arrives on the system as attachment file to spam emails. Small.DAM loads a malicious service named "wincom32" in the affected machine.
Following are some of the possible subject headings reported by F-Secure, followed by sample attachment names:

Subjects:
  • 230 dead as storm batters Europe.
  • A killer at 11, he's free at 21 and...
  • British Muslims Genocide
  • Naked teens attack home director.
  • U.S. Secretary of State Condoleezza...
Attachments:
  • Full Clip.exe
  • Full Story.exe
  • Read More.exe
  • Video.exe
As reported by Sophos:
"The distribution has been so widespread that since midnight GMT the Trojan has accounted for over two thirds of all malware reports seen at Sophos's global network of monitoring stations, accounting for an infection rate of 1 in 200 of all emails being sent across the net."
Europe could not avoid the devastating storm but you can avoid infection. If your email spam filters don't pick it up, you can avoid infection by blocking executables in your email client. If you use webmail, do not click the attachment.

More at F-Secure
.

Thursday, January 18, 2007

Daylight saving time changes in 2007

With a new law enacted in 2005, daylight saving time will start and end on a different cycle in both the United States and Canada. In addition to having an effect on your sleep schedule, this change also affects your computer.

Many companies have custom scheduling, time calculation or billing applications that are date dependent. Calendars, both business and personal are also impacted by this change. The change also impact international companies as well, particularly if they interact with servers in North America.

Under the new law, Daylight Saving Time (DST) will start (spring ahead) on the second Sunday in March and end (fall back) on the first Sunday in November.

Microsoft has provided considerable information on update availability in Preparing for daylight saving time changes in 2007, including links to updates for supported operating systems and servers. Note also the following information which will be helpful for people who have not yet replaced an operating system that is beyond the "life support" by Microsoft:
All versions of Windows can be manually updated using the tzedit.exe utility or other techniques documented in Knowledge Base article 914387 and similar articles for other countries, which is the preferred method of remediation for any product outside of Mainstream Support.

Sun Microsystems Vulnerability Update Advisory

Sun Microsystems updated Sun Alert 102760 today, providing another "after fix" update posting. The vulnerability released by this alert is in processing GIF images in the Java Runtime Environment (JRE), which may allow an untrusted applet to elevate privileges.

It is strongly advised that Sun Java be updated to Version 1.5.0_10 or the new Build Java SE 6, both of which were released in December, 2006.

Illustrated instructions for updating Sun Java are available in "SunFlowers and SunJava Update".


Excel 2000 -- Microsoft Security Bulletin MS07-002 Revision

On 18 January 2007 Microsoft updated Security Bulletin MS07-002: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198).

========================================
Summary:
========================================

On Thursday, January 18th, 2007 Microsoft issued a targeted re-release of the MS07-002 update for Excel 2000.

This bulletin has been re-released to re-offer the security update to customers with Microsoft Excel 2000. The security update previously did not correctly process the phonetic information that is embedded in files that are created by using Excel in the Korean, Chinese, or Japanese executable mode. For additional information see Microsoft Knowledge Base Article 931183.

This re-release only affects Excel 2000. Later versions of Excel (2002, 2003, Excel for Mac) are not affected.

========================================
Recommendations:
========================================

• Customers running Excel 2000 are encouraged to download the re-released update through Office Update or the Download Center. Because the update affects only Excel 2000, the targeted re-release will not be automatically delivered through Automatic Update or Microsoft Update.

• Customers who are not running Excel 2000 need take no action regarding this targeted re-release.

========================================
Additional Resources:
========================================
  • Microsoft Knowledgebase Article 931183 - Excel 2000 does not open some files after you install security update 925524 that is documented in security bulletin MS07-002: http://support.microsoft.com/kb/931183

Wednesday, January 17, 2007

Family Safe Computing & Microsoft

As a Microsoft MVP in Windows Security, obviously my interests are security and malware related issues, fixes, tips and what-not around computer security. However, as a grandmother, I am even more concerned about safety.

When I read the Windows Vista Blog writeup on Family Safe Computing, I was very surprised to learn that only somewhere around 10 to 15 percent of family computers today have parental controls. Yet, 80 percent of the families have indicated in surveys that they want such controls. I was relieved to learn that my daughter's family computer is included among the 10 to 15 percent that does have parental controls.

The exciting news is that Windows Vista has customizable family settings and parental control features. In fact, as David A. George - Director, Family Safe Computing - Microsoft wrote in Family Safe Computing and Microsoft:
"With the release of the consumer versions of Windows Vista, Microsoft will have parental controls tools, family settings, or content controls across all of our major platforms (Windows Vista, Xbox 360, Xbox On-Line, Windows Live/MSN, MSTV, & Zune)."
It the above-linked blog writeup, David George provided a clearly illustrated walk-through of these features in Windows Vista. I hope all parents will take a close look at what is available to protect your children.
The beauty of the controls is that parents can place age-appropriate restrictions on each child's account. As they get older, adjustments can be made to their account, providing additional flexibility.

If you live in the east coast area, you may have an opportunity to catch the
Windows Vista Coach Tour, in which case you can ask for a live demonstration of the customizable family features, including parental controls.
Today they went to Cincinnati and then Jeffersonville. According to the schedule, they have Columbus, Pittsburgh, Philadelphia, Baltimore, Washington, DC, Charlotte, Savannah, Jacksonville, Orlando, Gainsville, Atlanta, and points in between to cover yet. Keep an eye on the Windows Vista Blog for where they are headed next.

Until you upgrade your family computer to Windows Vista, below are some sites for your consideration.
  • Child Safety on the Internet


Tuesday, January 16, 2007

WinPatrol 2007 Beta - Vista Compatible

As a long-time fan of WinPatrol, I was excited to see Bill Pytlovany's announcment today that WinPatrol 2007 Beta is available for download. His projected release date of the final version is scheduled for February 18, 2007.

In addition to the many features users have come to depend upon in WinPatrol, the 2007 version has a new feature called "Delayed Start". Delayed Start will be very helpful with software programs that think they need to be first, while the system processes are still loading. With WinPatrol 2007, users will be able to specify the time to wait before selected software programs are launched.

WinPatrol is Microsoft Vista compatible and, in fact, has a feature that Vista users will most likely appreciate. As Bill explains about WinPatrol, Delayed Start and Windows Vista:
"I'm pleased to say WinPatrol runs great with Windows Vista and takes full advantages of its enhanced security features. Using Vista's UAC(User Access Control), you may find some startup programs require your permission before they can begin. Moving these programs to the Delayed Start list can prevent simultaneous annoying systems pop ups."
The standard WinPatrol Features are described here.

WinPatrol remains free for personal use. Images and download information are available at "Bits from Bill". For a chance in a random drawing for a WinPatrol shirt, submit a bug report on WinPatrol 2007 beta. (I have one and its a really nice shirt.)




Sunday, January 14, 2007

Microsoft IE & Vista Teams Need WinPatrol!

The IEBlog Team reported that on January 8, 2007, they logged the 100 millionth IE7 installation. From their browser usage statistician the IE Team learned:
". . . as of this week, over 25% of all visitors to websites in the US were using IE7, making IE7 the second most used browser after IE6."
In addition to the Windows Vista Team needing to learn about the World's Best Vista Craplet Cleaner, perhaps the IE Team also needs to keep track of Bill Pytlovany, who reported even higher statistics for Internet Explorer 7 a full five days ahead of Microsoft's statistician:
"Today the percentage of IE7 users reading Bits from Bill hit 31.67% exceeding other browsers including all previous versions of Microsoft’s Internet Explorer."
It certainly seems that our long-time friend, Bill Pytlovany is way ahead of the game. Wink


Saturday, January 13, 2007

Miscarriage of Justice for Julie Amero?

Julie Amero was a substitute teacher of a seventh grade class at Kelly Middle school in Norwich, Connecticut. Now Ms. Amero is facing up to 40 years in prison after being convicted of risk of injury to a minor after several of the students in her class witnessed pornographic pop-ups.

According to the Norwich Bulletin, Ms. Amero had no criminal record, had undergone extensive background checks that included fingerprinting and had taught at Kelly for 1 1/2 years without incident.

Have you ever experienced pop-ups "gone mad" on a computer? Can you imagine the panic mode of trying to shut them down? When faced with such an overwhelming situation, would you be clear-thinking enough to know what to do with the computer? Is Ms. Amero a computer teacher?

There is a lot more to this story, including a rather strange posting at ComputerWorld by Preston Gralla, in which he akins the defense of Ms. Amero to the "Twinkie defense". It appears that Mr. Gralla is looking for attention, digging up random information without completing proper research. If he had, he would have known that the "Twinkie defense" is an urban legend. There goes any credibility to anything Mr. Gralla has to write about.

Alex Eckelberry, president, Sunbelt Software, provided background information and an excellent explanation of what can happen to a computer as obviously infected as the one in the classroom where Ms. Amero was substitute teaching. Mr. Eckelberry has offered Sunbelt Software's forensic services to the defense on a pro-bono basis for use in appeal. Bravo, Alex!

See Alex Eckeberry's posts at:
Dig the story

If you live in Connecticut, contact your state representatives and point them to Alex' posts linked above.

Thursday, January 11, 2007

Windows Vista -- CES "Best of Show"


Congratulations to the folks behind Windows Vista, named the winner of CNET's Best of CES 2007 award in the computers and hardware category!

Was there any doubt that the award would go to Microsoft? I really don't think so. The entire Microsoft Team was shining at the 2007 Consumer Electronics Show (CES) in Las Vegas. It began with Bill Gates giving the keynote address, followed by an incredible show at the Bellagio. (By the way, you can't win unless you play. Find the challenge at Vanishing Point.

Even though I wasn't there, I felt the excitement from the reports of those who were.


Congratulations!

Wednesday, January 10, 2007

VeriSign Inc. and Adobe Systems Inc. Collaboration

Being immersed in the goings on at CES this past week, of course I was reading Robert Scoble's blog posts today. His entry, "Netfix is dead" caught my attention, particularly when he described his experience in the VeriSign booth:
". . . demoing: a peer-to-peer system for selling and distributing high-def videos. It really rocks."
Since one of the things I "do" is help users clean malware from their computers, I cringe when I see references to peer-to-peer (P2P). So often the files passed around via P2P are infected. But, that wasn't the part that set off alarms. The ringing started when I read
". . . on Monday Verisign announced a deal with Adobe who’ll distribute their P2P infrastructure along with the next version of the Flash player. That’ll get it into tons of homes nearly overnight."
Great, just great. I already have to politely decline the Yahoo! toolbar when updating Adobe and now I am going to get stuck with VeriSign's P2P software on my computer if I want to use Adobe. This does not make me a happy person.

Tuesday, January 09, 2007

IE7 and Outlook Problem with Hyperlinks

After upgrading to IE7, some people encountered the problem that either hyperlinks do not work correctly or IE7 will not start with Microsoft Outlook Express after clicking on a link in an email.

Microsoft issued Knowledge Base Article 929867, which includes a two-step process to fix this problem. Follow Method 1 and if that does not work, follow the second Method presented.



Kodak Wins Awards at CES - More WOW!

Just to show that the 2007 Consumer Electronics Show (CES) is not only about Microsoft, there is some WOW being shared by other companies as well. For example, my employer of many (*cough*, many) years won three CES Innovations Awards and also received prestigious honors from Popular Science and PC Magazine.
"The KODAK EASYSHARE V610 Dual Lens Digital Camera was named “Best of Innovations 2007” award winner in the Digital Imaging category, while the KODAK EASYSHARE V570 Dual Lens Digital Camera and the KODAK Digital Picture System 900 (DPS 900) garnered Innovations 2006 Design and Engineering honors in the Digital Imaging (V570) and in the Eco-Design (DPS 900) categories respectively."
See Kodak Press Release for complete information on the awards.

Erin Lin, posting in Ryan Block spot at engadget, had quite a bit to say about the "Kodak Easyshare-One" wireless camera, including that it "might just be the big digital camera surprise of CES". It certainly is a beauty.



Nonetheless, as illustrated in this copy of the picture posted at engadget, Kodak did demonstrate how their products can also interact with Microsoft products.

The image on the left is a Microsoft X-Box 360 which is being used to display a Kodak image gallery.





Kodak's new introductions to the market include wireless Easyshare Digital Picture Frames and two exciting new digital cameras, the Kodak Easyshare V1003 and V703. I am rather taken with the V1003. With a price tag of $250, it is a lot of camera for the price and much more affordable on my budget than the Easyshare One.

Microsoft Security Bulletins - January 2007

In the Microsoft Security Bulletin Summary, the information below is provided on the updates for January, 2007.

Should you have difficulty with the updates, no-charge support is available at 1-866-PCSAFETY (1-866-727-2338). This number is available 24 hours a day for the U.S. and Canada for virus and other security-related support. For numbers outside the U.S. and Canada, please select your region and follow the instructions there.

Critical:
Important:

Backdoor in Acer Laptops

About those Acer laptops that AMD and Microsoft sent to some of the most influential Microsoft bloggers . . .

Reported by Heise Security today:
"Many Acer laptops have a dangerous backdoor, which can be used by websites to gain complete control over the laptop. The problem lies with the LunchApp.APlunch Active X control, which is installed by default and which heise Security found on all the Acer laptops it tested . . ."
"The control, with class ID D9998BD0-7957-11D2-8FED-00606730D3AA, is marked as safe for scripting by the manufacturer, so that any website can call it and control it using JavaScript. Using the Run method, it would be possible to launch any program on the system at will, and even pass parameters to programs it is launching. It would, for example, be possible to download and install a keylogger. . ."
From the Heise Security report, this works on IE6 without intervention, while IE7 requires permission from the user to allow automatic launching of programs. With Windows XP Service Pack 2 the LunchApp.APlunch can be deactivated from "Tools > Internet Options > Programs > Manage Add-ons".

Update: F-Secure's Report on Acer's "Preloaded Vulnerability".


Monday, January 08, 2007

CES (Consumer Electronic Show)

I don't know about you, but I am so envious of the people attending CES. I have been pouring through blogs and websites reading about all the innovations at the show. As a result, I expect I will spend more time the next few days reading blogs than doing my own blogging.

It started with Bill Gates Keynote Address, but the bloggers at the show are bringing it to life with their personal views. Here are just a few places, in no particular order, that have kept my interest:

CES.org

Microsoft at CES

All the great bloggers at the CES Blogs Aggregate (L

Joe Wilcox, Microsoft Watch

Microsoft Press Pass including
ActiveWin.com

The Insider at The Hive

engadget's special CES.engadget site

TechNet Slideshow

There is so much more and I have no doubt the excitement will build at we get closer to the launch date. Why not start now and "Show Us Your Wow".

Sunday, January 07, 2007

Gmer Download Locations

Gmer, a popular rootkit detection software, has been unavailable for download since some time in December, 2006. It appears that the rootkit scumware writers found the software too effective. The server hosting Gmer has been under a heavy and violent DDoS attack that successfully and completely blocked access to the download site. The host has deactivated the domain.

Other mirrors quickly underwent the same attack and had to remove the download. However, as
Marco Giuliani reported, Gmer is available for download at MajorGeeks and here.