Monday, June 30, 2008

Windows XP SP3 Hotfix

Early this month, I reported that Symantec had addressed the issues customers using Norton 2008 experienced when installing Windows XP Service Pack 3 or Windows Vista Service Pack 1.

Based on a post by dickw at LandzDown Forum, I learned that Microsoft has provided a hotfix for users who have installed Windows XP Service Pack 3 with an antivirus application still running during the installation, which could result in Device Manager not showing any devices and/or and Network Connections not showing any network connections.

The hotfix is available at Update for Windows XP (KB953979).

Before installing SP3, I recommend reviewing the following:
References:



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft Security Advisory 954960 Released

Microsoft released Microsoft Security Advisory 954960, "Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates."

Although a security advisory, it is a non-security issue that prevents the distribution of updates deployed via WSUS (Windows Server Update Services) to systems that have Microsoft Office 2003 installed in their environment. Microsoft is aware of reports from customers who are experiencing this issue.

According to the advisory, upon completing the investigation, Microsoft will take appropriate action to resolve the issue within Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1.

Note:
  • The issue affecting System Center Configuration Manager 2007 first described in Microsoft Security Advisory 954474, where System Center Configuration Manager 2007 systems were blocked from deploying security updates, is separate from the issue described in this advisory.
References:



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Saturday, June 28, 2008

Beware: Rogues and MediaTubeCodec at Free Hosting Site

Hot off the press:

See Donna's security alert at Calendar of Updates (CoU) regarding webpages being hosted freely by hostinggratisargentina.com and spreading malware. As Donna explains, this is because the pages use script and redirect the user to URLs with rogue/fake scanners and fake codecs. See Donna's report at Free hosting spread rogue products and MediaTubeCodec.





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, June 24, 2008

Microsoft Source Code Analyzer for SQL Injection

This is in direct response to the Microsoft Security Advisory 954462 posted today (see Microsoft Security Advisory 954462 Released for additional references and information).

In response to the recent mass SQL injection attacks, Microsoft has developed a new static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Web developers can run the tool on their ASP source code to identify the root cause of the attack and address them to reduce their exposure to future attacks. The tool will scan ASP source code and generate warnings related to first order and second order SQL Injection vulnerabilities. The tool also provides annotation support that can be used to improve the analysis of the code.

See Microsoft Source Code Analyzer for SQL Injection in the Microsoft Download Center.

Additional References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

"Windows Vista Inside Out, Deluxe Edition"

I have been a fan of Ed Bott's two blogs, his Microsoft Report at ZDNet and Ed Bott's Windows Expertise. So, when Ed provided the opportunity to Win a free copy of Windows Vista Inside Out, Deluxe Edition by providing a link to one of his ZDNet posts, including a reason for the recommendation and a feature or capability in Window Vista that has improved your productivity, I jumped at the chance.

For the first part of the submission, I found it difficult to pick just one post but since I link to the Hands On Vista series in Windows Vista Bookmarks, I started there. The Hands On Vista collection of tips was very timely for early adopters of Windows Vista and continues to be very helpful. In looking at that collection, I selected my favorite within that category -- 10 tips and tweaks for Vista experts.

It was a lot easier to recommend a feature in Windows Vista that has improved my productivity. It was from 10 tips and tweaks for Vista experts that I learned about the Snipping Tool, a handy tool for making quick screen or partial screen captures. One use is when paying a bill online where the vendor e-mails a receipt of payment. I make a screen capture with the Snipping Tool as a record of payment. It is much easier than writing a long reference number by hand.

My submission was selected as one of the winners and my autographed copy of Windows Vista Inside Out, Deluxe Edition arrived yesterday. All I can say is, WOW! Even though I have been using Windows Vista for a little over a year, there are still many areas I have only touched on. The book is 36 chapters on 1202 illustrated pages, 7 appendixes, plus a companion CD that contains tools and resources, including downloadable gadgets and other tools, Microsoft resources and other resources, and so much more.

It is very helpful that many of the explanations include differences in Windows Vista from Windows XP. I have already tweaked some of the settings based on my readings thus far. If you need a handy reference, Windows Vista Inside Out, Deluxe Edition is one that I can personally recommend.





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft Security Advisory 954462 Released

Microsoft has released Security Advisory 954462 – Rise in SQL Injection Attacks Exploiting Unverified User Data Input. This Advisory is a result of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. When a SQL injection attack succeeds, an attacker can compromise data stored in these databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded unknowingly to malicious sites that may install malware on the client machine.

The purpose of Security Advisory 954462 is to assist Web site administrators in identifying possible issues with their Web application code being susceptible to possible SQL injection attacks and to provide a stopgap solution to mitigate SQL injection attacks against the server while the applications are being fixed.

Web site owners and administrators are encouraged to review Microsoft Security Advisory 954462 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ) and links to additional resources.

References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

NebuAd/Claria (Gator) In the Blogosphere

When I spotted the latest Certified Bug blog posting in my RSS feeds, I quickly followed the link to read about NebuAd and Claria (Gator) connection. The initial attraction wasn't to NebuAd but rather seeing Gator in the title that really caught my attention. The reason is in the earlier days of providing help in the forums, I dealt primarilly in an area dealing with privacy. "Converting Gator" was one of the topics of information I would provide the user if I saw Gator in their log. I still have the instructions, last edited 25 February 2004:
Claria/Gator tracks the sites that you visit and forwards that data back to the company's servers. Gator sells the use of this information to advertisers.

If you installed and are or were using Gator to store your information, you may be interested in looking into RoboForm. You can import your Gator data to it. Check this out Convert your Claria/Gator before you remove Claria/Gator.
I haven't spotted Gator in logs that I review in a very long time. Thus, my surprise to see the latest information at Certified Bug. It is a interesting story. I suggest starting at NebuAd and Claria (Gator) connection where you will get both the background information as well as links to other stories on this topic. Happy reading!



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Sunday, June 22, 2008

Windows Live Hotmail and Firefox 3 Issue

It isn't only Firefox 3 cookie management with WinPatrol that is a problem. When attempting to access Windows Live (my.live.com), the page opened but when I clicked on the sign in link to check my mail:
"You can see your Windows Live Hotmail inbox here if you sign in."
the following message was displayed after signing in:
"The Windows Live Hotmail service is currently unavailable. Please try again."
Opening the page with an IE Tab allows me to continue with just one browser open. I really am dependent upon the Firefox add-ons when helping on the forums.

References:



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Apple Issues

Apple issued Safari 3.1.2 for Windows which addresses Microsoft Security Advisory 953818 and is recommended for all Safari Windows users. However, it does not appear that is the end of the problem. It has been reported that when Safari is used on a system that also has Firefox 2 or 3, it could lead to providing an attacker the opportunity to steal arbitrary files from the file system. Fortunately, Firefox 3 has some protections that somewhat mitigate the issue.

For a complete roundup, see Nathan McFeters, Researcher keeps ‘carpet bomb’ attack alive, despite patch and the original report by Billy Rios at BK on Safari, hunting Firefox….


References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

WinPatrol News

WinPatrol Goodies:

Let's start with the fun and useful stuff -- a WinPatrol USB Wristband:


The 1 GB wristband includes WinPatrolFlash, the latest install for the Free version of WinPatrol and plenty of room for adding other tools and portable files, pictures, etc. Get all the details at Bits from Bill.

Firefox 3 Cookies and WinPatrol:

Firefox 3 uses a new scheme for saving cookies. As a result, the normal WinPatrol support for filtering and managing cookies on FF3 is broken. Bill Pytlovany is working on a solution. Personally, I have very little concern about tracking cookies. The option to accept third-party cookies is unchecked (Tools > Options > Privacy). For additional help with cookie management in Firefox 3 see the Firefox Support for Cookies.

Bill Pytlovany for President
:

Now there is a candidate I could support! Enjoy the Bill Pytlovany Phenomenon.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, June 20, 2008

Microsoft Malware Protection Center (MMPC) Blog

If you are looking for the Anti-Malware Engineering Team blog, they have moved. In fact, not only have they moved, but they have a refreshing new look and a more fitting title: Microsoft Malware Protection Center Blog (MMPC). Vinny Gullotto introduced the team in the initial post:
"The MMPC is the team that builds Microsoft’s anti-malware and ant-spyware tools and technologies; you’ll find our work powers all of Microsoft’s antimalware and antispyware tools and products such as the Forefront suite of products and Windows Live OneCare as well as in free tools and utilities such as the Malicious Software Removal Tool (MSRT), Windows Defender (built into Windows Vista) and the Windows Live OneCare safety scanner."
To top it off, it looks as though Matt McCormack will be a regular contributor at MMPC, continuing from his initial post to tell us Taterf – all your drives are belong to me!!!1!one! In addition to providing information on Taterf, Matt's post includes a special message to all you gamers:
"As a PC gamer (RPGs and First Person Shooters on consoles just seems wrong to me...), and somewhat of a performance junkie myself, I get why many gam0rz don’t run AV. But seriously, a good AV product shouldn’t affect your FPS that much (if you’re chronically being pwned, don’t blame your AV and FPS - just l2p). Also, many gamers are in a higher risk category – downloading dodgy copies of games and the cracks to match, make you much more likely to get infected (NEWSFLASH: Not all cracks are actually cracks)."
Don't forget to update your RSS feed. You don't want to miss the next report in the MMPC Blog.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, June 19, 2008

Microsoft Security Bulletin MS08-030 Revised

For Windows XP SP2 and Windows XP SP3 only:

Microsoft identified quality issues with Microsoft Security Bulletin MS08-030, which was originally released June 10, 2008. The original version of MS08-030 did not effectively address the vulnerability MS08-030 was intended to address. The intended fix is in the Bluetooth stack in Windows that could allow remote code execution.

Microsoft has provided updated versions of the affected security updates and re-issued MS08-030. This is a critical update and it is recommended that it be re-applied as soon as possible.

Note: All other versions of the security update provide protection against the issues discussed in the security bulletin.

Refererences:

MSRC: MS08-030 Re-released for Windows XP SP2 and SP3
TechNet: MS08-030


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, June 18, 2008

Mozilla Firefox 3.0 Vulnerability

Were they waiting for the release to report this? Note that the vulnerability also affects Firefox 2.0.x. I would expect a fast fix.

DVLabs
What we can confirm is that about five hours after the official release of Firefox 3.0 on June 17th, our Zero Day Initiative program received a critical vulnerability affecting Firefox 3.0 as well as prior versions of Firefox 2.0.x. We verified the vulnerability in our lab, acquired it from the researcher, then promptly reported the vulnerability to the Mozilla security team shortly after. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page.
(Bold added)

C|Net
Mozilla is reported to be working on a fix.

The Zero Day Initiative has been criticized in the past for paying researchers who find vulnerabilities.





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Firefox 3: Over 8 Million Downloads

Quite impressive for an open source software update -- over 8 million downloads of Firefox 3 in a 24 hour period. People are still downloading the update, with the Total Downloads at last check at 9,023,063.

If you participated in Download Day, be sure to get your certificate at Download Day 2008. Here's mine, reduced to fit:





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, June 17, 2008

Ten Top Tweaks for Windows Vista

As promised, Ed Bott published part 2 of his top ten tweaks for Windows Vista series. The second part includes the following:

6. Save your favorite searches

The Start menu search box works just fine for quick, ad hoc searches. To really tap into the power of Windows Search, though, spend a little time to create searches that bring together the types of files you use most often (Word documents modified this month or last month, e-mail messages from Fred or Rick, and so on). Then save those searches so you can reuse them later or copy them to another computer.

7. Fine-tune your search settings

Speaking of Windows Search, did you know that there are three separate areas where you can tweak settings that control search behavior? Use these tweaks to make Start menu searches more useful, simplify the complicated advanced search syntax, and add IFilters to search inside types of files that aren’t supported by a default Vista installation.

8. Make the most of System Restore and shadow copies

Did you know that System Restore in XP and Vista use completely different techniques to save snapshots of data? In this tweak, I explain why you might want to increase the amount of space set aside for volume shadow copies. I also introduce a free utility that lets users of Windows Vista home editions find and restore files from automatically created backups.

See supplemental information by Ed in A workaround for the dual-boot System Restore bug.

9. Bring network files closer

The fastest way to get to files in any network location is via a shortcut. And the best place to save those shortcuts to network locations is in the Computer window. You can add shortcuts to shared folders, FTP sites, or websites where you publish files. Here’s how.

10. Master power management

In XP, you have standby and hibernate. Vista adds a third power state, called hybrid sleep. Here’s what you need to know and how you can tune a desktop system to take advantage of this useful mode.

This part two set of tweaks has been added to the bookmarks in the Features and Tutorials section of Windows Vista Bookmarks.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Make History with Firefox

Today you'll make history with Firefox

Are you ready to make history? Are you ready to set a World Record? Today is Download Day. To become part of the official Guinness World Record you must download Firefox 3 by 17:00 UTC on June 18, 2008, or roughly 24 hours from the time Firefox 3 was officially released.


Windows English is here: http://www.mozilla.com/en-US/firefox/

Other operating systems and languages are located here: http://www.mozilla.com/en-US/firefox/all.html





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, June 16, 2008

Firefox 3

For all you folks getting ready for Firefox 3 Download Day 2008, you may want to check out all of the new features. Deb Richardson has provided an excellent Field Guide to Firefox 3 which includes links to articles and weblog posts containing more details.

Get ready for . . .


Download Day

Tuesday, June 17, 2008


References
:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Saturday, June 14, 2008

AVG Scanner Blasts Internet With Fake Traffic

AVG is certainly getting a fair amount of coverage these days, but not in a manner that company management likely appreciates.

  • The first topic that received a lot of attention was the inclusion of the search bar pre-checked and disguised as a "Security Toolbar".
  • Yesterday I reported that AVG included a false/positive of "sbautoupdate.exe", a legitimate component of SpywareBlaster 4.1. (Side bar: Update the SpywareBlaster 4.1 update provides compatibility with Firefox 3.0.).
What is the latest AVG news?

As originally reported by OSBlues, AVG Destroys Web Analytics. The problem is caused by users who have the AVG Linkscanner installed. Linkscanner automatically scans links to ensure they are free of malware before they are clicked and regardless of whether you plan on clicking those links. This process is resulting in popular websites being slowed down by the extra traffic as well has getting double of their normal bandwidth usage. This extra bandwidth usage can end up being costly to small websites.

See LinkScanner for instructions on how to install AVG without the LinkScanner.


References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

WinPatrol Plus Father's Day Special Discount!

Whether it be for the Father in your life or because this is an opportunity to get a $10 discount on the purchase of a WinPatrol Plus license, today and tomorrow are your lucky days! Details are available at Fathers Day, WinPatrol PLUS Special.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, June 13, 2008

Vista UAC PM Interview

Learn how User Account Control (UAC) helps Windows Vista users work as a standard user from Austin Wilson. Vista UAC PM Interview:
Austin Wilson has been working with the product team on UAC well before it was even created in Windows Vista and gives us some insight into why it is the way it is. He clears up what UAC really is and speaks about the parental control capabilities with UAC.
The video is almost 20 minutes long but presented in an easy-to-understand, informal manner and well worth giving it a listen.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Attention AVG and SpywareBlaster Users

As reported at Wilders Security Forums by Javacool, the developer of Spyware Blaster and the other wonderful Javacool software programs, "sbautoupdate.exe" is a legitimate component of SpywareBlaster 4.1. AVG is detecting "sbautoupdate.exe" as a trojan.
The legitimate sbautoupdate.exe file is digitally signed by "Javacool Software LLC", and has the following checksums:

MD5: 5D0E5821EB35CDA9C320C1BDF1A4B695
SHA1: 62B09B3503C05A3CC853BB8BDFCC8292FD200E53
Although originally reported at C|Net that the detection of "C:\Program Files\SpywareBlaster\sbautoupdate.exe" as a trojan was correct, Javacool recently indicated at Wilders that AVG has informed them that a fix will be pushed out for the false-positive detection in a new virus database update. Be sure to keep checking AVG for new updates.

Visit Javacool Software to learn more about Spyware Blaster and EULAlyzer.

Hat tip: Donna at CoU

Update 14JUN08:

Hi,

AVG has just released the 270.3.0/1502 virus update.

As of this update, the false detection issue with "sbautoupdate.exe" is resolved.


If you continue to see "sbautoupdate.exe" detected as a virus by AVG, please update your AVG anti-virus database.


If AVG has already mistakenly detected and removed sbautoupdate.exe, you can resolve the problem by updating AVG and then:

1.) Reinstalling SpywareBlaster 4.1

OR

2.) Restoring the deleted file from the AVG Vault:

Quote:
AVG 7.5
- Open AVG Virus Vault (Start -> Programs -> AVG 7.5 -> AVG Virus
Vault).
- Locate the file that was incorrectly removed (by default: "C:\Program Files\SpywareBlaster\sbautoupdate.exe")
- Right click on it and choose the "Restore File(s)" option.

AVG 8.0
- Open AVG User Interface.
- Choose the "Virus Vault" option from the "History" menu.
- Select the false positive file (one click) (by default: "C:\Program Files\SpywareBlaster\sbautoupdate.exe")
- Click on the "Restore" button.

Best regards,

-Javacool



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, June 12, 2008

Safari on Windows - not looking good

If your preference is the Safari browser, please note the SANS report, indicating

"Over the last weekend, a security researcher released proof of concept code that exploits this "feature" in Safari with another "feature" in Windows (yeah, a lot of "features" working together = a vulnerability).

The two "features" we're talking about here are these:

  1. In some cases, Internet Explorer will load DLLs from Desktop. This is an old "feature" that has been known since December 2006. It also works, as far as I'm aware, only with Internet Explorer 7 (and probably 8 beta) on Windows XP. My tests failed on Vista.
  2. Safari for Windows will, by default, save files on Desktop. This would not normally be a problem, but Safari does that without any prompts to the user (Firefox does the same, for example, but prompts the user before saving the file)."
Also note Microsoft Security Advisory 953818 Combined Attack With Apple’s Safari on Windows Platform. Best practice is not to download files to the desktop. Instead, create a folder for your downloads and save them there. Organization is much easier that way and your desktop is both cleaner and your computer safer.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Firefox 3: Download Day 2008

Download Day

Tuesday, June 17, 2008

What's New in Firefox 3






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, June 11, 2008

AntiSpyCheck, Another Rogue

AntiSpyCheck is another member of the Zlob Trojan family. Although it has been in detection for a while, it seems to be making the rounds. There is a removal guide at Bleeping Computer.

As indicated in the Bleeping Computer guide, Malwarebytes' Anti-Malware is the tool needed for removal. At current count, Malwarebytes' Anti-Malware removes over 260 rogues, including AntiSpyCheck. See the current list at Malwarebytes' Anti-Malware Detection List. Simply go to Malwarebytes for a download link; double-click the downloaded file to install the application on your computer. Once the application is installed, double-click on the Malwarebytes' Anti-Malware icon to start the program. When the application is open, select Scan and the application will guide you through the remaining steps.





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Introducing CarbonGrove by JacksonFishMarket

Do you remember the folks who created They're Beautiful the online virtual florist? Their latest creation is Carbon Grove. As described by Chris Flores in the Windows Vista Blog:

"Carbon Grove is a carbon footprint reduction reminder service that empowers users to reduce their impact on the environment, and through the use of Windows Internet Explorer 7 with Dynamic Security Protection, users can also help improve the internet environment. Internet Explorer 7 is architected with security features that help defend against malicious software (also known as malware) and better protect against the theft of personal data by fraudulent websites.

By participating in Carbon Grove's campaign, internet users nurture a virtual tree seedling and after six weeks of continued commitment to carbon reducing efforts, Internet Explorer will then sponsor the planting of a tree in a region of need around the world."

Help our environment. Head on over to CarbonGrove and follow the steps to plant a tree. While you're there, you can visit the Security Garden tree:



IE7 or IE8 beta & Silverlight Required.

References:


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Ten Top Tweaks for Windows Vista

Ed Bott strikes again! It seems that every time I get side-tracked, Ed will pop up a great series of helpful topics that are a must read for anyone using Windows Vista. He recently completed a five-part series on "Fixing Windows Vista" (bookmarked in the Features and Tutorials section of Windows Vista Bookmarks).

Today, Ed published the first part of 10 top tweaks for Windows Vista, described by Ed as follows:

1. Get installed programs organized and up-to-date

The default format for the list of installed programs in Control Panel is a dull, gray list that matches its Windows XP predecessor. But with a few clicks, you can add a wealth of useful information (like current version numbers for every program in the list) and group entries in ways that are more useful.

2. Tweak the taskbar and desktop

The first thing I do with every new Windows system I set up is to make the taskbar taller. I also make desktop clutter vanish completely without losing access to files and shortcuts on the desktop. Here’s how.

3. Set up a smart, automated backup system

How often should you have to reinstall Windows? The correct answer is “Never.” Using built-in backup tools that are included with some Vista editions, you can save a system image that can be restored from disk – complete with drivers and your installed programs - in a fraction of the time it would take to reinstall.

4. Get fast access to common tasks

I constantly hear that some tasks in Windows Vista take too long, especially those that have to do with networking. Want one-click access to network settings and other useful tasks, complete with automatic keyboard shortcuts? Follow the step-by-step instructions.

5. Fine-tune Windows Explorer

Vista’s version of Windows Explorer is a radical reworking of the XP-style Explorer you know and probably don’t love. With three tweaks and a slightly adjusted mindset (hint: think of a modern airline’s hub-and-spoke model), you’ll find most file-management tasks significantly easier.

The first group has been bookmarked in the Features and Tutorials section of Windows Vista Bookmarks and I'll add the second group next week. In the meantime, go directly to the source.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

God's Garden

It has been a year and my thoughts are still with the special friend who was taken to God's Garden. For you Pat.

GOD’S GARDEN

God looked around His garden
And found an empty place.
He then looked down upon earth.
And saw your tired face.
He put his arms around you
And lifted You to rest.
God’s garden must be beautiful
He always takes the best.
He knew that you were suffering.
He knew you were in pain.
He knew that you would never
Get well on earth again.
He saw the road was getting rough,
And hills were hard to climb.
So he closed your weary eyelids,
And whispered “Peace be Thine,”
It broke our hearts to loose you
But you didn’t go alone
For part of us went with you
The day God called you home..



Paddy, thanks for locating the poem.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, June 10, 2008

Windows Firewall Tutorial Addition

The Vista Security Features bookmark page has been updated to include a new tutorial by Vista4Beginners how to use the built in firewall in Windows Vista. Unlike the firewall introduced with Windows XP SP2, the Windows Vista firewall provides both inbound and outbound protection.

A nice benefit of the Windows Vista firewall is that it is pre-installed as part of the operating system, there are not extra costs involved and, even better, no concerns about add-on toolbars.

Learn how to use the firewall at Vista4Beginners in Windows Firewall. Don't worry if you lose track of the link, it can always be found in Windows Vista Bookmarks.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

June 2008 Microsoft Security Bulletin Release

Following is a summary of the security updates released by Microsoft today:

Critical:

MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)

MS08-031: Cumulative Security Update for Internet Explorer (950759)


MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)

Important:

MS08-034: Vulnerability in WINS Could Allow Elevation of Privilege (948745)

MS08-035: Vulnerability in Active Directory Could Allow Denial of Service (953235)

MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)

Moderate:
MS08-032: Cumulative Security Update of ActiveX Kill Bits (950760)


Microsoft also re-released MS06-078 and MS07-068 with a detection only changes.

This month, the Security Vulnerability Research & Defense blog discusses MS08-036, MS08-033, and MS08-030.


SQL Server 2000 and SQL Server 2005 administrators are specifically referred to the important information in the MSRC Blog post regarding deployment and future security updates.


Complete details are available in the MSRC Blog and the Technet Security Bulletin Summary, referenced below.


References:







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, June 06, 2008

Norton 2008 Fix for XP SP3 and Windows Vista SP1

Symantec has addressed the issues customers using Norton 2008 have experienced when installing Windows XP Service Pack 3 or Windows Vista Service Pack 1. If you are using Norton 2008, please see FAQ: Upgrading to Windows XP Service Pack 3 or Windows Vista Service Pack 1 with your Norton 2008 product installed.

This solution will address one or more of the following issues::
  • Windows Device Manager is empty
  • Missing Wireless network adaptors or other hardware devices
  • Unable to connect using a wireless adapter
If you have already installed XP SP3 or Vista SP1 Symantec has developed a tool to remove the registry entries that were added during the Windows XP Service Pack 3 or Windows Vista SP 1 upgrade.

For Norton 2008 subscribers who have not yet installed the service packs, install Symantec's LiveUpdate solution first. This prevents the issues from occurring. Ensure that you run LiveUpdate and restart your computer before installing the Service Pack.

See FAQ: Upgrading to Windows XP Service Pack 3 or Windows Vista Service Pack 1 with your Norton 2008 product installed.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Phish: 2008 Economic Stimulus Refund!

The following is NOT from the Internal Revenue Service. It is a cleverly created phish. Rest assured anyone who provides their bank information at the link in the email (removed in this copy) will soon find their bank account emptied.

Don't you just love the note at the end.

From: Internal Revenue Service
To: Undisclosed Recipients
Subject: 2008 Economic Stimulus Refund!





Over 130 million Americans will receive refunds as part of President Bush program to jumpstart economy. Our records indicate that you are qualified to receive the 2008 Economic Stimulus Refund. The fastest and easiest way to receive your refund is by direct deposit to your checking/savings account. Please follow the link and fill out the form and submit before June 10th, 2008

Submitting your form on June 10th,2008 or later means that your refund will be delayed due to the volume of requests we anticipate for the Economic Stimulus Refund.

To access Economic Stimulus Refund, please click here.

Note
: If you received this message in your SPAM/BULK folder, that is because of the large amount of e-mails we are sending out or because of the restrictions implemented by your ISP,




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, June 05, 2008

Malwarebytes' Anti-Malware Version Update

Malwarebytes' Anti-Malware released version 1.15 today.
  • Version: 1.15
  • File Size: 1.53 MB
  • Operating Systems: Microsoft ® Windows 2000, XP, Vista.
  • Languages Available: English, Albanian, Catalan, Danish, Dutch, Finnish, French, German, Hungarian, Italian, Norwegian, Portuguese, Romanian, Serbian, Slovak, Slovenian, Spanish, Swedish.
I switched from asking users to scan with AVG to Malwarebytes' Anti-Malware (MBAM) when helping in the forums and have been very pleased with the results. If you need an anti-malware scanner software, consider MBAM.

It is free for personal use. There is also a subscription version available to add real-time protection.

See Malwarebytes.org




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Fixing Windows Vista

Now that Ed Bott has completed his five-part series on "Fixing Windows Vista", the series has been incorporated in Windows Vista Bookmarks.

My favorite of the series is Part 4: Get smart about services. It is another example of Ed coming out against the tide. As always, not only does Ed provide a complete explanation, it is accompanied by illustrated information on how to measure the impact of services on system performance and decide which services are worth disabling.

Find links to all five articles in the Features and Tutorials section of Windows Vista Bookmarks.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

June 2008 - MSRC Security Bulletin Advance Notice

This is an advance notification of security bulletins that Microsoft is intending to release on June 10, 2008.

Critical

Bluetooth Bulletin

Impact of Vulnerability: Remote Code Execution
Affected Software: Windows XP and Windows Vista.

Internet Explorer Bulletin

Impact of Vulnerability: Remote Code Execution
Affected Software: Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

DirectX Bulletin

Impact of Vulnerability: Remote Code Execution
Affected Software: DirectX on Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

Important

WINS Bulletin

Impact of Vulnerability: Elevation of Privilege
Affected Software: Windows 2000 Server and Windows Server 2003.
Active Directory Bulletin
Impact of Vulnerability: Denial of Service
Affected Software: Windows 2000 Server, Windows XP, Windows Server 2003 and Windows Server 2008.

PGM Bulletin

Impact of Vulnerability: Denial of Service
Affected Software: Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

Moderate

Kill Bit Bulletin

Impact of Vulnerability: Remote Code Execution
Affected Software: Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.
References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, June 02, 2008

Windows Vista Bookmarks Blog Repaired

Although I am fairly convinced that the gentle readers from PCMag (Hallo there!) referred by Larry Seltzer's




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Bravo, "The Planet"

I am happy to report that LandzDown Forum is back up and running. Particularly considering the magnitude of the situation, the communication and efforts by The Planet staff, contractors and suppliers has been nothing short of incredible.

You can get an idea of the magnitude of the situation from http://service-update.theplanet.com/




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Sunday, June 01, 2008

What Happened to Windows Vista Bookmarks?

I admit that I use Firefox 99.999% of the time. The primary reason is for some of the add-ons that I use on the forums. As a result, I seldom look at my blog pages with IE. Apparently, that is a big mistake. Either there is some compatibility issue that has evolved between the template and IE or all the readers of

So, folks, if you want to check Windows Vista Bookmarks, please use an alternate browser until I figure out the problem with IE.

If anyone has a suggestion of what the issues is with IE7, please post a comment.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Are You Getting "Server Not Found"

Have you been getting a "Internet Explorer cannot display the webpage", "Problem loading page" or "Server Not Found" message when attempting to reach your favorite website or forum? If so, the reason could well be that site is on one of the 9000 servers located in The Planet's H1 Data Center in Houston, Texas.

Yesterday at 4:55 PM CDT, electrical gear shorted creating an explosion and fire that knocked down three walls surrounding the electrical equipment room. Fortunately, no one was injured. After evacuated personnel were allowed to re-enter the facility, they determined that no servers in the data center were damaged.

The return to normal service by that data center is going to be a long process. They expect to be able to provide initial power to parts of the H1 data center beginning at 5:00 p.m. CDT today. At that time, they will begin testing and validating network and power systems, will turn on air-conditioning systems and monitor environmental conditions. It is expected that the testing will last approximately four hours.

After a determination is made that all systems are properly working, they will be able to begin to power-on customer servers in phases. Considering that this huge server farm impacts around 9,000 servers and 7,500 customers, do not be surprised if it takes a while before your favorite site is available.

I am only aware of a few of the thousands of impacted sites, those being LandzDown Forum, MyCity, Trojan Hunter Forum and VoiceOfThePublic (and VOP customers).

Update: I just learned that this outage has impacted approximately 1/3 of the avast! download/update servers. Please be patient if you are attempting to update your avast! software.





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...