Saturday, March 31, 2007

ReadyBoost to the Extreme

The biggest hit I have been seeing here at Security Garden the past few days was when I updated Window Vista Bookmarks to include additional links on ReadyBoost. I had already made note to add the InformationWeek article, ReadyBoost: Better Windows Vista Performance In A Flash, from a couple of days ago. However, after receiving a question at one of the forums I frequent about RAM for Windows Vista, I decided to see what other reputable resources are available for Windows Vista users. I discovered sufficient reference material for ReadyBoost for it to justify a page all to itself. The dozen additions were added to the original collection.

Of particular interest for anyone considering ReadyBoost is the bookmarked Microsoft Windows Help and How-To topic which indicates that the recommended amount of memory to use for ReadyBoost acceleration is one to three times the amount of RAM installed. The example provided there is with a computer having 512 megabytes (MB) of RAM, plugging in a 4 gigabyte (GB) USB flash drive and setting aside from 512 MB to 1.5 GB of that drive will offer the best performance boost.

Click to find the bookmarks for Windows ReadyBoost.

Friday, March 30, 2007

(Last?) Daylight Saving Time Update

A very timely reminder from Mary Jo Foley about this Sunday. It will indeed be an "April Fools Day" surprise to users who have not installed the Microsoft's updates and instead manually adjusted the time on their computer. If you fall within this group, I suggest that you download the appropriate Microsoft update. Go to for more information.

Beware false Daylight Saving Time resets on April 1

Thursday, March 29, 2007

The Browser Battle and More Bookmark Updates

There has been a fair amount of discussion on the browser war. In Has IE 7 turned back Firefox? it appears that the controversy continues with a a management consulting firm saying that the growth of Firefox has slowed in favor of IE7. The linked article reports that a web metrics company immediately disputed the conclusion saying that IE7's introduction has helped Firefox rather than the other way around.

Not that Security Garden is a "major player", I do check the analytics on occasion. Until I published the article last night with IE7 in the title, it was exactly even with IE7 and Firefox 2.0 sharing an equal 32% of the readership here. However, that article upped the percentage to 39% for IE7. On that note, I have made some additional updates to the Internet Explorer 7 page.

Another popular bookmark page is ReadyBoost. That has also had an addition as have the other pages listed below.

Internet Explorer 7

Features and Tutorials
Vista Security Features

Windows Vista Bookmarks and IE7

I have yet to figure out the problem, see that Windows Vista Bookmarks is not rendering correctly in IE7. It is fine in Firefox and IE6 but there is a huge space before the first bookmark sections in IE7.

When I was looking to "remodel" the bookmark site, I checked out Windows Spaces Live and Word Press. There were too many advertisements on Windows Spaces Live to suit me. Word Press also had a rendering problem with IE7.

Although I really like the look, particularly the simplicity of Windows Vista Bookmarks, I may have to find yet another new template. In the meantime, if you use IE7, you will have to scroll down the page to see the most recently updated section.

Edit Note: In the template I used for development, I noticed that the most recent post did not show in IE7, apparently taking up the large white space. I published a test post with only a title and that moved the rest of the posts up the page. After repeating the process in "production" in Windows Vista Bookmarks with a blank post entitled, "Welcome to Windows Vista Bookmarks", the white space was substantially reduced in IE7. The Welcome post does not show in IE7 but is visible in other browsers. Very strange.

Microsoft Security Advisory 935423 Released

Microsoft Security Advisory (935423) relates to a vulnerability in Windows Animated Cursor Handling. According to the Advisory, Microsoft is investigating new public reports of targeted attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files.

Please note that for this this attack to work, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or e-mail attachment sent to them by an attacker.

So, what is the warning again? Practice safe surfing, do not open e-mails from strangers or attachments.

Windows Live OneCare has already been updated and the information will be shared with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks.

Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Update 31Mar07: See the MSRC Blog Update on Microsoft Security Advisory 935423


Beware of IE7 Beta Spam

I was quite impressed with the quality of the image in the email in my Inbox. The subject of the email is "Internet Explorer 7 Downloads" and the sender is shown as The image is great, very realistic looking. The only problem is that when you mouse over the original image the address is not, of course, a Microsoft address.

If you receive an email like this do NOT click on the image!

  • Microsoft does NOT send beta or other software download links via email.
  • IE7 was just released. There is no beta program.
  • Mousing over the image shows a non-Microsoft address.
I submitted the full header information and URL to appropriate forces, including CastleCops. I see that Alex Eckelberry reported in the SunBeltBLOG that the payload is a trojan and "Antivirus coverage is mediocre."

Wednesday, March 28, 2007

Optimizing ReadyBoost in Windows Vista

WinHelp2002 posted a tip for systems with 2GB Memory or less that will result in an improvement with ReadyBoost.
You should dedicate a (approved) USB Flash Drive and just leave it plugged in ... in other words there is no need to use the "Safely Remove Hardware" icon in the system tray, even though it exists. This allows you to reboot or shut down the system and Windows will remember and set it up on the next restart.
See his illustrated post in Optimizing ReadyBoost, which has been added to the Features and Tutorials bookmark page along with the sites below, also suggested by WinHelp2002.

Edit Note 31Mar07: The bookmarks for Windows ReadyBoost have grown sufficiently to warrant a dedicated page. See Windows ReadyBoost.

Tuesday, March 27, 2007

AOL and Winfixer.. the malware advertisements should be gone.. for now

Bravo, Sandi!

A contact at Microsoft put me in touch with the appropriate people at AOL this morning - an advertising tech lead and a gentleman involved in policy and compliance. Thanks to a network capture that I gave to AOL they were finally able to track down the rogue advertiser who had infiltrated the AOL ad network to serve up winfixer malware advertisements and shut the ads down.

Once the guys at AOL and I actually hooked up, it only took a few hours to get the account shut down. Damned if I know why it took so long for us to connect, but it did.

AOL's official statement on the incident is:

"We use a wide range of technical and policy measures to prevent malware distributors from placing advertisements on our networks, but apparently one was able to circumvent those measures. We have blocked this ad campaign and [are] working with our technical and legal teams to take additional steps to block similar issues in future."

See the full story here.

Webhelper Updated CWS Sites List

My good friend Patrick Jordan, aka Webhelper, has just finished adding 342 sites to the CWS Sites List. For a complete list including older sites and records, see his CWS (CoolWebSearch) list in spreadsheet format.

Sites List In Text format -- 27 March 2007

Master Sites Listing Spreadsheet (replaces the 2006 CWSList11502006.xls) -- 08 January 2007

Vista Compatible Firewalls and Other Bookmark Updates

Vista Compatible Firewalls

I am excited about the addition of Vista Compatible Firewalls to Windows Vista Bookmarks. This collection provides Vista users with a complete list of Microsoft and third-party firewalls. I came by the information via Donna's article, "
Third-Party Firewall Software for Vista" providing a link to Matousec. Matousec recently added Windows Vista compatible firewalls to their extensive list of personal firewalls and their vendors.

With Matousec's icon system, I picked out all of the firewalls that run on Windows Vista and included whether they support 64 bit. The firewalls are separated between Free, Free and Full-Feature Pay Versions and Pay Versions only.

Vista Security Features

Microsoft Websites
Features and Tutorials

Windows Vista Microsoft Updates Available

The following Windows Vista updates are available:

Update information via

Monday, March 26, 2007

AOL Customers Beware!

There is nothing I can say that will top what Sandi Hardmeier has uncovered. If you use AOL or visit AOL sites, please be cautious. Read Sandi's report here.

Saturday, March 24, 2007

Windows Vista BitLocker Tip

Vista Security Features

It seems that every time I refresh a page or take "one last look at the feed list", I find something new to bookmark or a page that needs a bit of sprucing. This time it was a find at Michael Howard's Web Log --
A Real-world Windows Vista BitLocker Tip.

Defrag Windows Vista Faster

Features and Tutorials

The Unofficial Windows Vista Weblog is a good source of information. The site is recognized by Microsoft as a Windows Vista Community Blog and has been included in my feed list for a while.

Today I found a great tutorial via Milo at Windows Vista Weblog from VistaRewired for speeding up the Windows Vista Defrag tool and added it to the growing list of Vista Features and Tutorials.
Note: Many people are of the opinion that it is unnecessary to defrag NTFS systems. Granted, unlike the earlier Windows operating systems, NTFS systems do not require frequent defraging. However, if you notice the system getting a bit "sluggish", particularly after heavy add/remove activities, running the defrag tool or the tools in the VistaRewired tutorial may help return the computer to its earlier zippy state.

Friday, March 23, 2007

Vista Bookmarks Updates Plus Another Remodel

Internet Explorer 7

After congratulating Robert McLaws on his site, Windows-Now, being added as a Vista Featured Community, I moved on to reading his post, Can't Save Favorites in Vista's IE7? I added a bookmark to the solution.

Although Robert credits Windows MVP Jimmy Brush, the solution and explanation Robert provides address the needs of my target community.

Features and Tutorials

While at WindowsNow, I located a working link to HOW-TO: Switch to Windows Vista 64-bit painlessly by Kristan Kenney. I had read a leader to his tutorial at another site, but the link didn't work. I was so happy to finally have Kristan's tutorial that I (finally) completed the revision of the Features and Tutorials bookmark page. I hadn't been happy with the presentation. It seems much easier to locate bookmarks on that page now.

Kodak EasyShare Printers Vista and Mac Compatible

I saw a demonstration of the Kodak EasyShare 5300 All-in-One Printer yesterday and, let me tell you, it is sweet! For a home or small business printer it is hard to beat $199.99 to get 32 ppm (pages per minute) for black and 22 for color prints. But that isn't all.

The printer has a built in tray for 4 X 6 inch prints, a high-definition scanner which can, of course, be used as a copier. For the super-geeks, the Kodak EasyShare 5300 is also BLUETOOTH® Wireless Technology-enabled. With memory card slots and a 3-inch color LCD display for editing/cropping digital images at the printer you're almost there.

That isn't all. The price for ink cartridges is unbeatable. The color ink cartridge is only $14.99, black ink cartridge $9.99 or a package deal of $21.99 for both black and color ink cartridges!

I can only speculate that Kodak is not leveraging the fact that the EasyShare printers are compatible across all operating system platforms because the printers are flying off the shelves faster than they can be made. That is right -- ALL platforms, including the Mac and Windows Vista.

But, I am not finished yet. Behind the fast printing, flexibile, multi-function printers is something else -- something that I am extremely proud of -- Kodak technology created by Kodak people. There are not nearly as many of *us* left as in years past, but just look at what *we* are doing to provide an economical means for preserving your every Kodak Moment!

If you think I may be biased (and I am), take a look at this testimonial at epinons by someone with no connection to Kodak, This is a must buy let me explain.

Windows Vista Application Compatibility Update

See Microsoft Knowledge Base Article 932246

The March 2007 Windows Vista Application Compatibility Update is a package of software updates that address common application compatibility issues in Windows Vista. When you try to install and run certain legacy games or applications in Windows Vista, you may experience one or more of the following symptoms:

  • The game, the application, or the firmware may not be installed correctly.
  • The game, the application, or the firmware may cause system instability.
  • The primary functions of the game, the application, or the firmware may not work correctly
This update is cumulative and supersedes update 929427. (This update also includes fixes that are contained in update 929427.) In addition to the fixes that are contained in update 929427, this update improves support in Windows Vista for the following games, applications, and firmware:
Lenovo Presentation Director
ACDSee 8
Trend Micro Internet Security 2006 (PC-cillin) 14.0 – 14.59
Trend Micro Internet Security 2007 (PC-cillin) 15.0 – 15.19
Microsoft Windows Server 2003 Service Pack 1 (SP1) Administration Tools Pack
RealNetworks RealPlayer 6.0.12
AOL Safety and Security Center
Toshiba Tecra M7 1.70

Note After you install this update, a CD device or a DVD device may not work correctly. If you select the device in Device Manager and then view the properties for the device, you may receive the following error message:

The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
This problem occurs because a legacy application may install drivers that are incompatible with Windows Vista.

For more information about how to work around this problem, click the following article number to view the article in the Microsoft Knowledge Base:
  • 314060You can no longer access the CD drive or the DVD drive, or you receive an error message after you remove a CD recording program or a DVD recording program in Windows XP: "error code 31"

Wednesday, March 21, 2007

Mozilla Firefox Security Update

Mozilla updated both supported versions of Firefox to and, respectively, with a security and stability update. See Security Advisory 2007-11.

It is strongly recommended by Mozilla that the update be installed as soon as possible. If you have turned off the update notification, you can manually "check for updates" from the Help menu.

Note: Firefox 1.5.0.x will be maintained with security and stability updates until April 24, 2007. All users are strongly encouraged to upgrade to Firefox 2.

What's New in Vista Bookmarks?

I have been doing more bookmark "remodeling", including many new additions. As much as I would like the authors to know I have created links to their work as well as provide appropriate "hat tips", I was making so many changes that I will apologize up front if I missed anyone. It is not intentional.

Vista Security Features
The Vista Security Features bookmarks are now separated in a more comprehensive manner. (Hat tip to Donna's post which served as inspiration for the new format.) In addition to quite a few Microsoft links, the following non-Microsoft additions were included:
Drivers, Hardware and Software

Office 2007 and More
  • An excellent collection that I discovered is the Office UI Bible by Microsoft MVP Patrick Schmid. It is essentially the equivalent of Windows Vista Bookmarks, but strictly for Office. It is a compilation of the MSDN blog posts by Jensen Harris, Program Manager of the Office UI Team.

Proxy Settings When Using a Router on Windows Vista

I had this document "saved as a draft" because I haven't had a chance to add the links below to Windows Vista Bookmarks. This is being published in hopes of having an answer for Bits from Bill: Great New Dell Vista Laptop but No Internet

Proxy settings in the browser need to be disabled when using a router as the gateway for the Internet connection. Although I did not find instructions for disabling proxy settings in Opera, below are instructions for Firefox and IE.

Here is the full set of articles at Linksys: Windows Vista Articles Listing

Update: This may also be of interest, recently published at InsideMicrosoft by Nathan Weinberg: Vista Confusing Wireless Routers

Monday, March 19, 2007

VistaRewired Bookmarked

Edit Note: When I originally drafted this post, I debated whether I wanted to include a link with instructions on how to disable Vista UAC. At the time I decided to go ahead. After reading George Ou's comment today, I have to admit that I agree with him and have removed that link.

"If Vista UAC really bothers you that much, you can turn Vista UAC off and simply accept the risk of running with full administrative privileges. I’m not going to link to any tutorials on disabling UAC because anyone who can’t figure out how to turn off UAC probably shouldn’t be turning it off in the first place. I’m sorry if that sounds blunt; but I don’t want to give any advice that endangers anyone’s PC."

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

I was catching up the postings at Windows Vista Magazine which led me to a nice tutorial on how to Disable unnecessary services the quick and easy way at VistaRewired.

There is a lot more at
VistaRewired, which is why the site has been bookmarked in Reviews and Collections. The individual tutorials are linked below. Perhaps when time allows (!), I will break those links down further into suitable bookmark pages. In the meantime, there is a lot of information at VistaRewired:

Sunday, March 18, 2007

Norwich Bulletin: "Porn was Amero's burden"

To be specific, the infamous Norwich Bulletin went on to show as a subtitle, "Failure to protect children is the crime".

Do you know what is a crime? The Norwich Bulletin and the people of Connecticut who put up with complete unconscionable reporting and editorializing. IMO, the Norwich Bulletin is exemplifying the very worst that journalism has to offer.

Read the facts here and here because, like Paperghost, I am going to throw up.

Microsoft Updates Added to Windows Vista Bookmarks

In addition to adding the two Microsoft updates described below, the Drivers, Hardware and Software bookmark page has been revamped a bit.

Via Sidebar Geek, The Wow:
"Microsoft Windows Mobile Device Center Driver for Windows Vista (64-bit) Hardware

Brief Description: The Microsoft Windows Mobile Device Center enables data synchronization between Windows Mobile-powered devices and Windows Vista."

Via Robert McLaws, Vista Daily #14:

Microsoft revised Knowledge Base Article 925528, providing a"Reliability update for the USB stack in Windows Vista:

"Apply this update if you experience one or more of the following issues after you resume a Windows Vista-based computer from sleep or from hibernation:
  • A device stops responding (hangs) or stops working correctly. There may be a yellow exclamation mark next to the device in Device Manager. Or, the device may not appear in Device Manager. The device may be a fingerprint reader, a Windows Media Center remote control, an optical drive, a FeliCa reader, or some other device.
  • After you resume the computer, you use the Safely Remove Hardware option to remove a device on a portable Windows Vista-based computer. However, in this situation, you cannot reconnect the device. After this issue occurs, the computer may stop responding when you try to shut it down or to perform a restart.
  • A device such as a fingerprint reader is not available for use at the Welcome screen.
  • The LED lights that represent NUM LOCK, CAPS LOCK, and SCROLL LOCK functionality on a universal serial bus (USB) keyboard do not assume their pre-sleep or pre-hibernation status after the computer resumes. Additionally, these lights now remain off, regardless of the status of the corresponding keys.
  • You receive an error message that states that a device does not meet the Logo requirements.

This update also addresses two issues in which you may receive a Stop error message that resembles one of the following.
  • Error message 1: STOP 127 PAGE_NOT_ZERO_NVIDIA_USB

    This error occurs on a Windows Vista-based computer that uses 2 gigabytes (GB) or more of RAM and an nVidia nForce EHCI controller.
  • Error message 2: STOP 0x1000007E usbhub.sys SYSTEM_THREAD_EXCEPTION_NOT_HANDLED

    This error occurs because of a race condition in the Usbhub.sys driver. This condition occurs if a USB device driver tries to enter a selective suspend state when a previously canceled selective suspend request has not yet been fully processed."

Saturday, March 17, 2007

Outbound Rules List for Windows Vista Firewall

Last month I added Donna's tutorial, “Vista’s Windows Firewall with Advanced Security” to Windows Vista Bookmarks. Donna's tutorial includes illustrated instructions on how to create an outbound rule for Windows Vista Firewall.

Shortly thereafter, I saw Outbound Rules List, by HTRegz. It is the start of a list of outbound rules for “standard” applications and default install locations that can be imported into the Windows Vista Firewall. The imported list is used to configure outbound filtering without the need to configure each program individually. HTRegz is
"more than willing to create additions to the list (assuming I know the software to be “safe”)

I suggested a few software programs that came to mind. If you have suggestions of others to be added, post them as a comment to HTRegz' Outbound Rules List. Just tell him Corrine sent you. Smile

Friday, March 16, 2007

The Microsoft Anti-Malware Team Lives!

When the first report was issued that Windows Live One Care failed an antivirus test, I was more upset that we had no statements, updates, or any type of information from the Microsoft Anti-Malware Team in many months, let alone any comment, explanation, or path forward with regard to the test results. After all, veteran McAfee failed the same test.

A short time ago, however, I had a wonderful surprise when I decided a check of my RSS feeds would be a good companion to the New England Clam Chowder that I picked up from the cafeteria for lunch. There before me was (finally) an indication of a new entry in the Microsoft Anti-Malware Engineering Team blog!

Jimmy Kuo, Microsoft Security Research & Response team (MSRR), addresses the concerns raised with regard to the detection capability of Windows Live OneCare. What I particularly like about Jimmy Kuo's post is that it is in "normal English", not "Geek-Speak". This is important to me because my focus is on the home PC user -- the very people who are likely to consider Windows Live OneCare for their computer. I can point to his explanation with confidence that my readers will not get lost after the first sentence.

That said, without further adeau, I encourage taking a few minutes to read "Hello World" by Jimmy Kuo.

Update: Although MIA since the end of January, the Windows Live OneCare blog team has also posted today. See
Update from OneCare. I hope we are seeing a come back.

Thursday, March 15, 2007

Microsoft to Adjust Vista EULA for Anytime Upgrade Transfers

Power to the people! Well, ok, power to Robert McLaws! Major kudos as well!

What happened? Its this simple. Through interaction with someone who contacted him, Robert realized there was an apparent error in the Vista EULA (End User License Agreement) for Anytime Upgrade providing a limit of one transfer after running an Anytime Upgrade of Home Premium to Ultimate. Rather than ignoring the issue, Robert contacted Microsoft, calling the error to their attention.

Read Robert's report about how

Update: As promised, Nick White reported Windows Vista EULA Modified for Windows Anytime Upgrades.

Browser War

A bit of fun going on --

Wednesday, March 14, 2007

Cingular and Travelocity Apparently Defy NY Attorney General

It was just the end of January when the security community was excitedly reporting the precedent set in a groundbreaking anti-malware settlement. Cingular Wireless LLC, and agreed to discontnue serving up spyware in their advertisements. It wasn't the dollar amount of the settlement that caused the excitement but rather that there was finally a legally binding agreement in the Assurances of Discontinuance (PDF) .

Unfortunately, it appears that agreement has not meant much to Cingular and Travelocity.

"Cingular and Travelocity continue to receive spyware-originating traffic, including traffic from some of the web's most notorious and most widespread spyware, in direct violation of their respective Assurances of Discontinuance. That said, Priceline seems to have succeeded in substantially reducing these relationships -- suggesting that Cingular and Travelocity could do better if they put forth appropriate effort."
Ben Edelman illustrates six examples from mid-February through March 9 where both Cingular and Travelocity continue Advertising Through Spyware -- After Promising To Stop.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

On a side note, warmest congratulatons to Ben who has successfully defended his Ph.D. dissertation and will be joining the faculty of
Harvard Business School in April as an assistant professor in the Negotiation, Organizations & and Markets unit.

Tuesday, March 13, 2007

Installation Resources for Windows Vista 32-bit and 64-bit Systems

The Windows Vista Support Team has published two Knowledge Base (KB) articles with helpful information on upgrading and/or installing Windows Vista from a Windows 2000 or Windows XP machine.

A third KB article published describes how to perform a custom installation of Windows Vista to work around upgrading versions of Microsoft Windows XP to Windows Vista because of language pack issues between the two products.
  • KB 932616: "Installation choices for consumer versions of Windows Vista (32-bit only)"
  • KB 932795: "Installation choices for 64-bit consumer versions of Windows Vista"
  • KB 932856: "You cannot upgrade certain language versions of Windows XP to Windows Vista"
As a handy reference, the search page for the Support Knowledge Base (KB) link for Windows Vista has been added to the Microsoft Websites page of Windows Vista Bookmarks.

Reference: Installation Resources for Windows Vista 32-bit and 64-bit Systems

Windows Vista DreamScene Content Pack

The Windows Ultimate Team announced today that the Windows DreamScene Content Pack now available in a preview version in Windows Update. Four videos are included:
  • A field of thistle, with a bee gathering pollen
  • The rushing water of a forest stream
  • A streetlamp reflected in a puddle, with softly falling rain
  • Orange wisps flowing in a computer-generated scene

Please note, however, that the preview version is an pre-release and, thus, unsupported. If Windows DreamScene Preview is installed, go to Windows Update and "Check for updates". The Content Pack is listed as an Ultimate Extra.

Windows Vista Bookmarks, Customizing Vista, has been updated to include the Content Pack and the DreamScene FAQ's.

Complete Report: Windows Ultimate Blog Announcement

Monday, March 12, 2007

Was Corrine Lost in the Daylight Saving Time Changes?

No, I didn't get lost in the time change. Automatic updates properly adjusted the time on my computer, cell phone, pager and cable.

I forget how many clocks we have in the house until it is time to set them ahead or back -- stove, microwave, coffee pot, thermostat, VCR, DVD, grandfather clock, mantle clock, wall clocks, alarm clocks, watches . . . the list seems to grow every year.

As much as I would have liked to, unfortunately, I was not boarding a plane for Redmond along with approximately 1900 other Microsoft MVP's, including many of my "on-line friends". Perhaps I'll be able to attend the next MVP Summit.

So, what kept me away from blogging this weekend? I decided to do a bit of remodeling of Windows Vista Bookmarks. I tried WordPress but the poor rendering in IE of the templates that fit my purpose was unacceptable. So I looked around again at Blogger templates and found K2. I selected it for its clean lines, created my own custom header, removed extras and there you have it. I think it came out pretty good. What about you?

Do you have a bookmark to suggest? Easy enough to do in a special topic at Security Cadets in
Your Vista bookmarks, Add your Vista bookmarks here.

Friday, March 09, 2007

Black Viper is Back!

For many years, a favorite resource for computer users the world over has been Black Viper. Black Viper turned off his web server almost two years ago but has now brought it back up and will be getting back into it. Yes, that includes Windows Vista. Black Viper reports that he has been using Windows Vista a few months and will be including Vista on his site in due time.

Read about it here:

Via Old Charlie at LandzDown Forum.

Thursday, March 08, 2007

Advance Notification - March 2007 MSRC Security Bulletin Release

As of today, no new Security Bulletins are scheduled for release on 13 March 2007. Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool but no security updates are scheduled.

There will, however, be several Non-security High Priority updates on MU, WU, WSUS and SUS:
  • Microsoft will release four non-security high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
  • Microsoft will release two non-security high-priority updates for Windows on Windows Update (WU) and Software Update Services (SUS).


Wednesday, March 07, 2007

Unofficial Daylight Saving Time Updates for Windows 98, NT, Me, & 2000

I really thought I was finished posting updates on Daylight Saving Time for a while but something else came my way today. Although I provided instructions for using tzedit.exe, the time Zone edit utility, Blake Handler posted information on unofficial Daylight Saving Time patches for Windows 98, NT, Me and 2000 in The Road to Know Where:
"The IntelliAdmin website has two unofficial Daylight Saving Time patches for Windows 98, NT, Me, & 2000.
While I personally think that Microsoft's TimeZone program is pretty easy to use, this does make it a bit easier. (^_^)
Thanks, Blake. This will be very helpful for those folks with older computers.

Tuesday, March 06, 2007

Mozilla Announces Two Critical Vulnerabilities

The following critical vulnerabilities have been posted by the Mozilla Foundation. If you use the affected software, please update to the latest version, as indicated in the provided workaround.
  • MFSA 2007-10 Potential integer overflow with text/enhanced mail
Impact: Critical
Fix released: March 1, 2007
Reporter: Georgi Guninski
Products: Thunderbird, SeaMonkey

Fixed in: Thunderbird
SeaMonkey 1.0.8


Georgi Guninski discovered a potential integer overflow in the code that handles mail formatted as text/enhanced or text/richtext. This could in turn lead to a buffer overflow and potential code execution.

To exploit this flaw a malicious mail message would have to include a line more than 400 megabytes long. Many mail systems have storage quotas and transport filters that would prevent a message of that size from reaching its destination, but should the message get through its size would provide more than sufficient space for a payload.


Do not open mail messages that are megabytes in size unless the sender is someone you know and from whom you were expecting that specific mail. Delete the message without opening it by shutting the view pane (F8, or from the "View | Layout" menu) before selecting the message in the thread pane and then deleting.

Upgrade to a version containing the fix.

  • MFSA 2007-09 Privilege escalation by setting img.src to javascript: URI
Title: Privilege escalation by setting img.src to javascript: URI
Impact: Critical
Announced: March 5, 2007
Reporter: moz_bug_r_a4
Products: Firefox, SeaMonkey 1.0.7

Fixed in: Firefox
SeaMonkey 1.1.1
SeaMonkey 1.0.8


moz_bug_r_a4 reports that the fix for MFSA 2006-72 in Firefox and Firefox introduced a regression that allows scripts from web content to execute arbitrary code by setting the src attribute of an IMG tag to a specially crafted javascript: URI.

The same regression also caused javascript: URIs in IMG tags to be executed even if JavaScript execution was disabled in the global preferences. This facet was noted by moz_bug_r_a4 and reported independently by Anbo Motohiko.

Thunderbird is not affected by this flaw as it will not execute javascript: URIs in IMG tags.


Upgrade to a version containing the fix. Disabling JavaScript does not protect against this flaw.

Vista and UAC (User Account Control)

Allow me to repeat Jesper Johansson's statement in Confusion about Vista Features: What UAC Really Is with regard to Vista's UAC (User Account Control):
"UAC does not, nor is it intended to, stop malware."
What UAC does do is enable running a computer with Windows Vista installed as a standard user. The result of this is important. By following the recommendation to keep UAC running, the computer is significantly less vulnerable since currently most malware requires administrator privileges.

Does running as a standard user protect against the computer operator allowing installations? Absolutely not. However, it is certainly hoped that the average computer user will recognize the difference between an unexpected request for elevated privilege and a request when intentionally installing software.

For in depth look at User Account Control for Windows Vista, tune in to the Channel 9 interview of Jon Schwartz, UAC Architect, and Chris Corio, UAC Technical Program Manager, where they tackle UAC from various angles:
1) What problems does UAC attempt to solve?
2) How does UAC actually work?
3) Why did we implement UAC UI to be so aggressive, from a user experience point of view?
4) How will UAC evolve?
UAC - What. How. Why.

Monday, March 05, 2007

More Vista Bookmarks Added

It certainly isn't taking long to come up with new additions to Windows Vista Bookmarks. It seems that as soon as I send out notice of the most recent updates, I find others. To keep my confusion to a minimum and also so the update notices aren't too long, I'll continue sending an update after getting a few. I am also updating the post date when adding a new bookmark which will bump the post to the top of the queue.

Here are the most recent additions:

Internet Explorer 7
Reviews and Collections
  • Steve Sinchak's Windows Vista Usability Tips Articles

    This is a wonderful collection of very useful articles by Steve, a Microsoft MVP, author and most definitely a Microsoft Enthusiast!

  • Windows Vista RTM FAQ and Quick Start Guide - March 2007 Edition

    "Andre is excellent at writing extremely useful and comprehensive FAQ's and I've used him as a resource for directing folks to the right information - especially with Windows Vista and Office 2007. Andre is also responsible for ActiveWin's 70+ page Windows Vista Review. You should check that out too."

    ActiveWin's review has long been bookmarked and now Andre Da Costa's updated FAQ/Quick Start Guide has also been bookmarked in Reviews and Collections.

  • Windows Vista User Guide

    "This site contains information about the various editions of Windows Vista, from Windows Vista starter to Windows Vista Ultimate Edition. Details on pricing and feature comparisons can also be found as well as methods of upgrading your current pc running Windows XP to Windows Vista will be detailed in easy to follow steps and plenty of screenshots to explain the exact procedures on how to upgrade.

    While you are at Windows Vista User Guide, check out the collection of Windows Vista Screenshots, a gallery of all the applications within Windows Vista

Windows Vista Customizations
  • Desktop Wallpaper

    I came by this gadget via VistaJuice. The following description is from the download page:
    "Similar to the MS Slide Show Gadget, but also changes your desktop wallpaper at set intervals. It also allows more scaling options that Vista supports by default, such as "Maintain aspect ratio" and "Crop to fit screen". If you don't want the slide show, you can set it to "preview next wallpaper" instead. Any issues, please visit the Gadget home page on"
Vista Feature Tutorials

Daylight Savings - Clocks Spring Ahead on March 11

Based on the analytics of readers finding last month's Spring Ahead March 11, 2007 - Computer Clock Update post, there are still a large number of computer users concerned about the time adjustments due to the changes taking effect this year.

Where Daylight Saving Time used to "spring ahead" on the first Sunday in April and "fall back" on the last Sunday in October, the timeframe has been extended so "spring ahead" will now occur on the second Sunday in March, with "fall back" on the first Sunday in November.

So, what's the big deal? Without the appropriate patches/updates, not only will your computer be out of sync with thetime change, so also will the Sun Java Engine, your e-mail calendar program as well as any mobile devices.

As I indicated in the above-linked document, if you have Windows Vista or have Automatic Updates turned on, your computer and Outlook calendar (if you use it) should be updated. See that document also for information and instructions on using the tzedit.exe utility.

For information on other vendors, Blake Handler has additional information available in
Resources to Prepare for 2007 Daylight Saving Time Changes.