Monday, April 30, 2007

Windows Vista Tips & Tricks

After learning about Vista Made Easy: 50 Tips And Tricks at PC Magazine from Andre Da Costa, I realized I was also missing Andre's Windows Vista RTM FAQ and Quick Start Guide - March 2007 Edition in Windows Vista Bookmarks. That omission has now been remedied with the addition of both references.

Since I added the RSS feed for by Kristan M. Kenney yesterday, saw her tip to
Correct Disk Cleanup shortcut for Windows Vista 64-bit and bookmarked that as well.

For now, these have all been bookmarked in "Features and Tutorials". I may need to break out a separate "Tips and Tricks" page when I have a bit more time.

WGA Team, What Have You Done Now?

I was not a fan of the rollout of the WGA (Windows Genuine Advantage) Tool for installation on computers that had been purchased many years ago and already validated through other means. However, I expected that WGA would be incorporated in any licensed version of Windows Vista and accept that as part of the Windows Vista license.

The story linked below, however, certainly implies that the WGA Team has sunk to a new low. Please tell me there was a mistake.

WGA - The “A” stands for Advertisments by ZDNet's Adrian Kingsley-Hughes -- Just when you think that WGA can't possibly get any worse, it suddenly does.


Sunday, April 29, 2007

Vista Screensavers, Wallpapers, Gadgets . . .

I am certain I have more customization links stashed away, but this is a good start. Included below is a link to beta utility for Windows Speech Recognition. If you are using a production machine, it might be wise to avoid any beta software.

Robert McLaws, the registry edits for accessing the settings for the Windows Vista screensavers have been added to the Customizing Vista bookmarks. If you are a novice working in the registry, please consider asking someone with more experience to make these changes. Either way, it is recommended that you make a back up before performing any of the steps outlined in the links below.
From Blake Handler and "The Road to Know Where", I discovered an array of desktop wallpapers from Microsoft's Silverlight Team. Here's a sample of Silverlight Dusk from the Silverlight Desktop Wallpapers collection:

As long as I seem to be on a roll with customizations for Windows Vista, see Useful Windows Vista Sidebar gadgets by Rick Broida, Lifehacker associate editor.

No Windows Vista bookmark update would be complete without checking to see what Joe has been up to at ITsVISTA. Sure enough, I found a posting by Joe describing a "little utility that turns off Vista's Speech Recognition (SR) after a few minutes with no activity." This sounds like a useful tool for those using Windows Vista Speech Recognition. Please note, however, that the software is still Beta.

See Greg's Cool [Insert Clever Name] of the Day: Vista Speech Saver Beta Released for a complete description and the download link.

Saturday, April 28, 2007

Classic Menu for Office 2007

Have the best of both worlds -- the Ribbon introduced with Office 2007 as well as the old menus you became so accustomed to. Via Deb Shinder, I've learned of an add-on for Office 2007 that does just that -- provides the Office 2003 menus and toolbars to your copy of Microsoft Office 2007.

The software includes the Classic Menu for each of Excel 2007, Word 2007, and PowerPoint 2007.


Friday, April 27, 2007

The Windows Experience

Anyone who has been following the excitement over the official release of Windows Vista has probably also followed the posts of Brandon LeBlanc, AKA Sidebar Geek, at The Wow, the blog he introduced specifically for this purpose at The Hive. A couple weeks ago, Brandon apologized for the quiet, explaining he was working on a new project. Now we know why!

Brandon has been hired on as a vendor to blog about Windows Vista experiences. As Brandon explains in his initial post:

"With the Windows Experience Blog, the idea is to showcase and talk about all the amazing experiences one can have with Windows Vista. I’m taking my lead from Nick who will continue to share news, information, and technical insight about Windows, and I’ll expand on that with the Windows Experience blog. The Windows Experience blog is focused on Windows Enthusiasts and dives deeper into the fantastic experiences within Windows. And the experiences here won’t always be experiences from myself or other folks at Microsoft. We want to highlight experiences *you* have as well! Expect to see lots of videos and lots of screenshots! Just like Nick, I plan to spend a lot of extra time beyond simply posting blog posts. I plan to continue the conversation into the comments on the blog posts as well."

Congratulations, Brandon! You and Nick will make an excellent "tag team".

I am excited about this additional resource available for learning more about Windows Vista. You and my readers can be certain that
The Windows Experience Blog has been added to Windows Vista Bookmarks! You will be able to find it with the Microsoft Blogs and Websites bookmarks.

Update on Microsoft Security Advisory 935964

Kudos to the MSRC Team on the excellent communication provided to the community!

Highlights from the MSRC
Friday Update on Microsoft Security Advisory 935964:
  • An update is expected for the May 8, 2007, monthly bulletin release
  • Attacks are not widespread and no new malicious software has been found attempting to exploit this vulnerability
  • The anticipated security update will NOT undo any of the workarounds that have been applied and will need to be undone
  • The security update will require a reboot.
Also of importance in the referenced MSRC Blog update is that support for Windows Server 2003 expired on April 10, 2007, with the April monthly bulletin release. Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 are the currently supported versions. See the Microsoft Support Lifecycle.


Thursday, April 26, 2007

Enigma Software, A Mystery?

The definition of "enigma" according to the Webster Merriman Dictionary:
"One entry found for enigma.

Main Entry: enig·ma
Pronunciation: i-'nig-m&, e-
Function: noun
Etymology: Latin aenigma, from Greek ainigmat-, ainigma, from ainissesthai to speak in riddles, from ainos fable
1 : an obscure speech or writing
2 : something hard to understand or explain
3 : an inscrutable or mysterious person
synonym see MYSTERY"
Considering the history of Enigma Software as well as current events, it appears that the company selected a appropriate name.

In 2004, the following was written when de-listing Enigma from renown list of Rogue/Suspect Anti-Spyware Products & Web Sites:
Note on Enigma SpyHunter: Enigma's SpyHunter anti-spyware application was listed on this page primarily because of the company's history of employing aggressive, deceptive advertising (1, 2, 3, 4, 5). The company was also known for exploiting the name "spybot" in its domain names and online advertising. These objectionable business practices were employed primarily from late-2002 to mid-2004.

Sometime during summer of 2004 the company halted the most obnoxious and objectionable aspects of its online advertising. It also unloaded all the "spybot" domains (which were promptly picked up by Paretologic for its XoftSpy anti-spyware application).

While there are still unresolved allegations that SpyHunter transmits the Windows Product ID from users' PCs (1), we can no longer classify this application as "rogue/suspect." Nonetheless, SpyHunter -- at least in its current state -- cannot be recommended because of its mediocre performance as an anti-spyware scanner. Testing indicates that it does not recognize some well-known spyware installations and has difficulty removing critical spyware/adware files even from those it does recognize (1). Given the many excellent competing anti-spyware applications that are available (some for free), users would do better looking elsewhere for trustworthy anti-spyware protection. [Ed. Note: Bold added]


[A: 6-26-04 / U: 8-22-04]

What has happened since then? It appears from what I am reading, this "Enigma" is still seen in the industry as "something hard to understand or explain". Why do I say that? Following is a quote from one of the many (dare I suggest spam) press releases by Enigma Software today as a result of Symantec adding Enigma's software, SpyHunter, to detection as a "Security Risk".

(They're taking on the big boys now. Just because Lavasoft caved, do they think Symantec will?):

"In addition to Symantec, other competitors of Enigma, including,,, and, have been coordinating a campaign to have SpyHunter listed as rogue software. Each of these entities is a competitor of Enigma Software Group that either has competing products or is an affiliate of competing products. Enigma is evaluating closely its legal options with respect to this anticompetitive campaign."

"Enigma wishes to engage the Internet security community at large in a neutral open discussion at a neutral forum. Executives and employees of Enigma agree to discuss technical details of Enigma's software product SpyHunter. Enigma invites security experts such as Susan Turner, Ben Edelman, Eric Howes, and other security experts to discuss SpyHunter. Enigma requests that there be no anonymous posts permitted in this discussion thread, to help ensure it will not be subverted by those who would post comments for anticompetitive purposes. Accordingly, Enigma requests that participants in this forum thread should provide their name, address, and phone number."
Two amazing bits in what might be considered an "obscure speech or writing" or perhaps "something hard to understand or explain":
The first is the identification of,,, and, security blogs and help sites as "competitors" of a software company.

The second is that a company, reputed over the years as hiding behind false identities, expects participants in a public forum to provide their name, address and phone number. Remember, readers, this is a statement from a company reportedly dealing with privacy and security.
The Webster-Merriman Dictionary has indeed provided an excellent definition of the word "Enigma", a true mystery.

A few References:

Microsoft Malware Protection Center (Preview)

On one hand, I have been very impressed with the regular communications from the Microsoft Security Response Center (MSRC) Blog, while on the other I have been whining about the lack of communications from the Anti-Malware Engineering Team. However, it looks as though public activity is up in that environment.

Last night, I wrote about the second edition of the Microsoft Security Intelligence Report but ran out of time before I could provide a link to the preview of the new Microsoft Malware Protection Center. The Malware Protection portal appears as though it will evolve into an excellent resource. Take some time to look the site over and provide feedback on the portal preview as well as additional features you would find useful.

Go to the
Microsoft Malware Protection Center.

Wednesday, April 25, 2007

Microsoft Security Intelligence Report (July – December 2006)

First a bit of background

My computer has never (knock on wood) been infected with a virus, trojan, keylogger, etc. So, how did I end up moving from helping users create a dial-up networking connection to helping users remove infections from their computers in help forums, and, ultimately, a Microsoft MVP?

Blame it on Aaron Hulett, Microsoft Security Research & Response Team. One evening in 2003 as I was updating definitions to a popular anti-malware scanner, I followed a link in the GUI to the vendor's home page. There I listened to a recording and spotted a link to the support forums. Aaron was responsible for the link I followed and it was his voice on the recording. The end result? I got hooked and the rest, including friends like Aaron and the team at LandzDown Forum, is history.

Back on Topic

How does that history relate to the publication of the second volume of the Microsoft Security Intelligence Report? Aaron contributed to the publication, as did another friend, Subratam Biswas. Knowing both individuals and knowing how deeply dedicated they both are to their work, makes me particularly proud to provide a link to the Security Intelligence Report that includes their contributions.

The latest version of the Security Intelligence Report focuses on the second half of 2006 (from July to December) and builds on the the data published in the first volume. The report provides "an in-depth perspective of trends in the malicious and potentially unwanted software landscape" and is packed with data!


Tuesday, April 24, 2007

Amero Sentencing Delayed (Again) to 18May07

Once again we learn that the sentencing for Julie Amero has been postponed. According to Bob Johnston at Blog E-Computer-Security.Info:
"I determined the rescheduling to May 18th by calling the GA-21 Criminal Clerks office in Norwich Superior Court this morning at about 11:30PM EDST. I was told by the media it was not official yet and I suspect that is why none of the media seem to have picked this up yet. None-the-less, I was told the following, "The Julie Amero sentencing hearing has been rescheduled for May 18th in Norwich Superior Court." Thus, I have no reason to doubt its accuracy."
Mr. Johnston's report was confirmed later by the (IMO, biased) Norwich Bulletin.

In the event you are not familiar with the Amero case, click on the "Amero" tag in this post and you'll get quite an earful. However, you won't find any new information from Alex Eckelberry at SunbeltBLOG. He is no longer discussing the case publicly as he is part of a forensic team working with the defense. Go, Alex!


April 2007 Cumulative Update for Media Center for Windows Vista

Microsoft released the April 2007 Cumulative Update for Media Center for Windows Vista. The update contains several improvements and resolves several issues.

Microsoft Knowledge Base Article 932818:

  • Windows Vista Home Premium
  • Windows Vista Ultimate
Download Sites:
Windows Update:

Windows Download Center
Hotfix replacement information

This is a cumulative update and replaces the following updates:
  • 929011 ( Windows Media Center does not correctly configure a combo TV tuner that supports both ATSC and NTSC signals on a Windows Vista-based computer
  • 932753 ( When you resize the Windows Media Center window in Windows Vista, video playback may stop

Issues that are resolved by this update

In addition to the fixes that are contained in the updates that are listed in the "Hotfix replacement information" section, the April 2007 Cumulative Update for Media Center for Windows Vista resolves the following issues:
  • The video may appear to freeze when the movie begins in some DVDs.
  • When you rotate a picture during a slide show in Windows Media Center, the wrong photo may be rotated.
  • The cover art for recorded TV movies may not appear in the DVD library view.
  • When you delete a picture in Windows Media Center, you may receive an error message that resembles the following:
    The Url contains one or more invalid characters.
  • When you try to play a DVD by using Autoplay, you may receive an error message that resembles the following:
    Tuner not installed
Improvements in this update
  • Online Media support has been added for Windows Media Center on 64-bit versions of Windows Vista Home Premium or Windows Vista Ultimate.
  • Video Playlist support has been added for Windows Media Center Extenders
  • Improvements have been made to Online Media caching.
Information for Windows Media Center Extenders
Windows Media Center Extenders, such as the Microsoft Xbox 360, use network ports to communicate over the network to computers that are running Windows Vista Home Premium or Windows Vista Ultimate. This cumulative update contains updates to Media Center programs that may have been previously configured as "approved" or "allowed" by a third-party firewall. If you use a third-party firewall, you may have to manually update your firewall to let the new versions of these programs access the ports. If you do not perform these firewall updates, you may experience failures when you try to connect the Windows Media Center Extender to the Media Center computer.

Monday, April 23, 2007

Finally, Vista Bookmark Updates

I accumulated a few links to add to the Windows Vista Bookmark collection. I am still tweaking the bookmark pages. Here are the highlights of the recent additions and changes.

Microsoft Blogs and Websites

The Microsoft Blogs and Microsoft Websites pages were combined to one page. Erika Ehrli's collection of Microsoft Office blogs was added. The biggie no one should miss is Todd Bishop's collection of Microsoft Blogs. Todd is a reporter for

Customizing Vista

A makeover for this group of bookmarks includes the addition of the Sidebar Category from "Inside Microsoft, part of the Blog News Channel." For the past couple months, Nathan Weinberg has been posting his comments and links to Sidebar gadgets -- not one or two, but twenty or so at a time. As of today's posting there are eight issues.

Via Windows Vista Magazine, I discovered Vista4Beginners and added the excellent tutorial, Windows Sidebar - the complete guide to the customizing bookmarks under Sidebar Gadgets. When I have more time, I'll add bookmarks to more of the Vista4Beginner tutorials. In the meantime, the site is also included in Blogs and Community Forums.

Blogs and Community Forums

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

As more and more homes and offices upgrade to Office 2007, users of older versions of OFfice will need to install the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats. See the important information below from Microsoft before completing this installation:
"Users of the Microsoft Office XP and 2003 programs Word, Excel, or PowerPoint—please install all High-Priority updates from Microsoft Update before downloading the Compatibility Pack.

By installing the Compatibility Pack in addition to Microsoft Office 2000, Office XP, or Office 2003, you will be able open, edit, and save files using the file formats new to Word, Excel, and PowerPoint 2007. The Compatibility Pack can also be used in conjunction with the Microsoft Office Word Viewer 2003, Excel Viewer 2003, and PowerPoint Viewer 2003 to view files saved in these new formats. For more information about the Compatibility Pack, see Knowledge Base article 924074.

Note: If you use Microsoft Word 2000 or Microsoft Word 2002 to read or write documents containing complex scripts, please see for information to enable Word 2007 documents to be displayed correctly in your version of Word.

Administrators: The administrative template for the Word, Excel, and PowerPoint converters contained within the Compatibility Pack is available for download."

Saturday, April 21, 2007

Work Around for RPC Vuln on Windows DNS Server - KB Article 936263

If you don't think the Microsoft Security Research Team hasn't been busy and isn't concerned about the RPC Vulnerability on Windows DNS Servers, just take a quick look at the MSRC Blog links listed below in References. Further, if you think that the May 8, 2007, date for inclusion in the monthly bulletin release is too much time for Microsoft to be taking to issue an update, consider this from the 17 April MSRC Blog entry:
"For this issue, our teams are working on developing and testing 133 separate updates: one in every language for every currently supported version of Windows servers. Each of these has to be tested to ensure they effectively protect against the vulnerability. Because DNS is a critical part of the networking infrastructure, they also have to be tested to ensure that changes introduced by the updates don’t pose a greater risk than the security issue we’re addressing."
That's right 133 separate updates to be tested, with new findings needing to be retested!

The most recent update is the release of Knowledge Base Article 936263, linked below. KB 936263 is a repackaged version of Jesper's instructions for disabling RPC management on DNS when this needs to be performed on a large number of DCs or DNS servers. Microsoft added some error handling to the package.

Please see the references below for complete information.


Thursday, April 19, 2007

Unethical Antispyware Company?

It was not long ago that I wrote about Ethics and Antispyware. That topic was rather general in nature about companies using "scan and scare" tactics. This post, however, is specifically directed to a company allegedly using tactics way beyond "scan and scare".

It appears that Webroot may be having difficulties maintaining their customer base as they are allegedly actively soliciting Sunbelt Software customers from publicly published case studies. As Alex Eckelberry reported in
This is just weird, Sunbelt has been receiving complaints from their customers regarding contacts by Webroot personnel attempting to convince them to move to their product, including providing misleading information.

This is just weird and be sure to read the comments. Not nice, Webroot, not nice at all.


WinPatrol 2007 Build 3

Bill Pytlovany announced WinPatrol 2007, Build 3 today with the following feature additions and bug fixes:
  • Added new "Open As..." option to Delay Startup program options
  • Fixed bug moving Startup Folder programs to Delayed Start.
  • Programs will now start as expected.
  • NEW Setup/Uninstall program. Much smaller and prevents multiple Add/Remove entries.
  • Fixed bug when using "Confirm Exit..." option.
  • Fixed bug adding Programs/Services to “Detected” registry when file no longer exists.
Get WinPatrol.

Reminder: Support Ends for Firefox 1.5 April 24

As I reported last month, Firefox 1.5.0.x will be maintained with security and stability updates until April 24, 2007. All users are strongly encouraged to upgrade to Firefox 2. As reported by Heise Security, there are plans to provide an automatic update from version 1.5 to 2.0 but it appears that this may not happen until the end of April, as there are still technical problems with the automatic update.

"Firefox versions and will be published before that date, with the update from 1.5 to 2.0 being launched shortly afterwards, offering users the Major Update. From version upwards, Firefox has included the auto update function for upgrading to a Major Release.

Since heavy loads are expected when these updates are downloaded, users are advised to perform a manual upgrade to version now."

Tuesday, April 17, 2007

Windows Media Player on Firefox

Great news for us Firefox users. (Yes, in addition to IE7, I use Firefox. I would be hard pressed to survive without the BBCode Add-on for formatting help posts on forums.) Microsoft released a plug-in that makes Windows Media Player (WMP) work once again on Firefox.

Download: Windows Media Player Firefox Plugin:
  • Windows XP SP2 (x86)
  • Windows XP SP2 (x64)
  • Windows Vista (x86)
  • Windows Vista (x64)
Installation Instructions

1. Installation of the Windows Media Player Firefox Plugin may require administrative access to your PC. It is recommended that you close all other open browser windows before continuing with the installation.
2. Click the Install button to automatically download and install the Windows Media Player Firefox Plugin.
3. Depending on your security settings, you may see a Security Warning dialog box. Click Install to install the plugin.

Note: There is a known issue if you are using Firefox version on Windows Vista with the installer failing with error code -203. To work around this simply restart Firefox (you will get a notification that Windows Vista will be changing the Firefox compatibility settings) and then install again - the second time should succeed.
Via Windows Vista Blog

Microsoft Security Advisory 935964: Additional Updates

The Microsoft Security Response Team is working around the clock to provide a solution to the vulnerability in RPC on Windows DNS Servers which could allow remote code execution, relating to the following:
  • Microsoft Windows 2000 Server Service Pack 4
  • Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Small Business Server 2000*
  • Microsoft Windows Small Business Server 2003*
*The listed SBS run the DNS Server Service by default and are also affected by this vulnerability.

Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as they do not contain the vulnerable code.

Please note, in particular, that new information about the impact of some of the workarounds on systems with 15 character, or longer, system names has been added to the Security Advisory. In addition, Microsoft staff have noted that it is possible for a user with valid logon credentials to access the vulnerability over port 445.

See the workaround in the below-referenced Security Advisory and Jesper's Blog post, Turn off RPC management of DNS on all DCs for instructions for disabling RPC management on DNS on a large number of DCs or DNS servers.


Sunday, April 15, 2007

Tax Time in the U.S.

Yes, I know that its late. But sometimes that is just the way it goes. So, we're finishing up the tax returns today and e-filing tomorrow. Hopefully I'm not missing any big news items in my RSS feeds. If so, we'll catch up tomorrow . . . or Tuesday.

Friday, April 13, 2007

Windows Vista Speech Recognition

Via ITsVISTA's links for April 12, 2007, a helpful Vista Speech Recognition tutorial from ExtremeTech has been added to Windows Vista Bookmarks in Features and Tutorials.
"If you have Windows Vista, even the Home Basic version, you already have one of the more powerful speech recognition systems available. Microsoft has invested many millions of dollars in research regarding speech recognition over the years. Some of what they study in the R&D labs is years away from being a product, but there's a lot of new fancy speech recognition technology built right into Vista."
For the complete tutorial, see ExtremeTech:

Microsoft Security Advisory (935964)

Microsoft has released Security Advisory 935964 – Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution - on 12 April 2007.

Update: See Jesper's Blog post,
Turn off RPC management of DNS on all DCs, for instructions for disabling RPC management on DNS on a large number of DCs or DNS servers.


Microsoft is investigating new public reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as these versions do not contain the vulnerable code.

Microsoft's initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM.

Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.


Review Microsoft Security Advisory 935964 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ) and links to additional resources.

Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1-866-PCSAFETY). International customers can use any method found at this location:

International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site:


Wednesday, April 11, 2007

"Bits from Bill" Made My Day!

This has been a rather hectic week and it seems as though life has been just a bit off kilter. As a result, I have also been behind in my reading. Perhaps it is just as well, because just when I needed it most, I caught up with an article my on-line friend, Bill Pytlovany, posted yesterday, Female Journalist in the Media.
After reading Bill's kind words, I went out into the yard with the dogs to unwind. It is a late spring in Upstate NY this year. Rather than seeing the barren trees and shrubs, I admired the bed of primroses that are already flowering. I saw that the three miniature rose plants I purchased on clearance last fall at the end of the season for fifty cents each are beginning to sprout leaves. The grape hyacinths have peeked through the inevitable leaves that always accumulate after the last fall cleanup. The daffodils that were drooping from the cold and snow on Easter, have perked up and the crocuses are flowering.
I still have a lot on my mind, but, thanks to Bill, I am seeing things in perspective.

Thank you, Bill.

Be sure to read what Bill has to say about my friends, Donna, Sandi, Nellie2 and LilBambi. Deb Shinder doesn't realize it, but I am also a fan of hers and am subscribed to her blog and read her SunBelt articles.

Tuesday, April 10, 2007

Windows Defender Update

An update is available for Windows Defender on Windows Vista. From Microsoft Knowledge Base Article 931099:
An update for Windows Defender on Windows Vista has been released. The update corrects a problem in the functionality of Windows Defender malware sample submission. This update applies only to Windows Defender version 1.1.1505.0 on Windows Vista. This problem does not occur in Windows Defender version 1.1.1592.0. This problem also does not occur in later versions of Windows Defender on Windows XP.
Windows Defender offers real time protection for your computer. Regardless of your Windows Operating System, if you need help with alert messages after scanning with Defender, click on over to the Security Tips & Talk Blog where you can learn "What do Windows Defender warnings mean?"

Alert: Critical Product Vulnerability, April Microsoft Updates

Microsoft released the security bulletins listed below today. Note that MS07-017 and MS07-021 also apply to Windows Vista. Each of the patches repairs a vulnerability that could allow remote elevation of privilege.

  • MS07-017 - Vulnerabilities in GDI Could Allow Remote Code Execution (925902) (Hotfix to help resolve known issues related to this update, originally issued 03Apr07)
  • MS07-018 - Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution. This update resolves two newly discovered, privately reported vulnerabilities. (925939)
  • MS07-019 - Vulnerability in Universal Plug and Play Could Allow Remote Code Execution. This update resolves a newly discovered, privately reported vulnerability. (931261)
  • MS07-020 - Vulnerability in Microsoft Agent Could Allow Remote Code Execution. This update resolves a newly discovered, privately reported vulnerability. (932168)

  • MS07-021 - Vulnerabilities in CSRSS Could Allow Remote Code Execution. This update resolves several newly discovered, privately and publicly disclosed vulnerabilities. (930178)
  • MS07-022 -- Vulnerabilities in Windows Kernel (An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.) (931784)


Thursday, April 05, 2007

Black Viper: Windows Vista Service Configurations

I posted last month about the return of a long time favorite of many people -- Black Viper. Although he has just begun with the default values for the services, the intend is to provided registry files and PDF versions soon.

Of course the site has been added to Windows Vista Bookmarks in Reviews and Collections.

Black Viper: Windows Vista Service Configurations Introduction

Welcome back, Black Viper!

April 2007 MSRC Security Bulletin

On 10 April 2007 Microsoft is planning to release the following security updates:
  • Four Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates will require a restart.
  • One Microsoft Security Bulletin affecting Microsoft Content Management Server. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
See the Microsoft Security Bulletin for further details.

Wednesday, April 04, 2007

Protected Mode for IE7 in Windows Vista

If you read the MSRC Blog post update about the Animated Cursor vulnerability, then you would have also read the following:
"If you are using Windows Vista, the Internet Explorer 7 protected mode provides additional protections against web-based attacks."
In a very timely manner, Sharath Udupa, a developer on the IE team, explained how to tell if the Protected Mode feature is turned on or off for Internet Explorer in Windows Vista. (Note that the Protected Mode feature is available only in Windows Vista.) By default, Protected Mode is enabled for Internet, Intranet and Restricted zones while disabled for the Trusted Sites and Local Machine zone.

Sharath explains that at times the text in the status bar may indicated “Protected Mode: Off” even when the Internet Options dialog indicates that Protected Mode is enabled. Following are a few exceptions that could potentially turn off Protected Mode:
  • User Account Control (UAC) is disabled – If UAC is disabled, Protected Mode is turned OFF. When UAC is disabled, some of the protections which Protected Mode depends on are not available, for example, UI Privilege Isolation (UIPI) is disabled. Hence, Protected Mode is turned off in this scenario.

  • IE is running with Administrator privileges – Protected Mode is turned off when IE is launched by right clicking on the IE icon and selecting “Run as administrator” or when IE is launched with administrative privileges from another application. This generally occurs when an installer/setup program running with administrator privileges starts a new IE process.

  • IE is navigated to a local HTML page – When the page being viewed is a local file, Protected Mode is turned OFF since the contents of the page are considered safe. Caveat: If the page was saved from a zone (for example Internet) which has Protected Mode enabled, then Protected Mode is turned ON.

See the illustration and follow the comments in Protected Mode for IE7 in Windows Vista - Is it On or Off?

Should you need to reference this information again, I've added the link to the Internet Explorer 7 page in Windows Vista Bookmarks.

Tuesday, April 03, 2007

MS07-017 For Animated Cursor Handling Released

MS07-017 is a Critical Update and everyone is strongly urged to obtain this update as soon as possible. This update is for all supported Microsoft operating systems, including Windows Vista. If you do not have automatic updates turned on, please visit the Microsoft Update site now. The update is small, only 455 KB - 1.7 MB and requires a restart, but well worth it to protect your computer from infection!

Please note this important information provided in the MSRC Blog, referenced below. I have taken liberties with the format to call important information to your attention:
"We noted in our original advisory that attacks against this vulnerability affect all supported versions of Windows and Windows Server, including Windows Vista, and have been web-based and e-mail based.
  • If you are using Windows Vista, the Internet Explorer 7 protected mode provides additional protections against web-based attacks.

  • If you’re using Outlook 2007, you’re protected against e-mail based attacks.

  • Running as a standard user further protects you by limiting the attacker’s code with the same limitation on the logged-on user.
We call these out in the Mitigating Factors section of the security bulletin MS07-017."

Of further interest is that there is currently a regular update scheduled for next Tuesday, April 10, 2007. The details of that update will be released on schedule on Thursday, April 5, 2007.

Important Note: There is an issue on a computer that is running Microsoft Windows XP with Service Pack 2, in that the Realtek HD Audio Control Panel may not start. The following error message may also be received:

Rthdcpl.exe - Illegal System DLL Relocation

The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.

See Microsoft Knowledge Base Article KB 935448 for further information regarding a hotfix for this issue.


Monday, April 02, 2007

Ethics and antispyware

Have you ever wondered how certain antispyware companies get such high ratings when their removal rate is not on par with what would be expected? Why do their "trials" only detect but not remove unless you shell out the big bucks for a license key?

Alex Eckelberry explains the "scan and scare" tactics used by these companies in simple terms -- the payback to the companies is significantly greater. CounterSpy V2 does not work that way. A trial version of their product is fully functional. Not only that, the cost of a license is about one-third less than most of the companies using the "scan and scare" technique.

After you read what Alex wrote about Ethics and antispyare, consider something else. Sunbelt has some of the best known people in the security community working for or consulting with them, including a number of Microsoft MVP's.

If you or someone you know needs security software for their computer, I strongly suggest considering Sunbelt's Counterspy and WinPatrol by Bill Pytlovany. I consider Alex Eckelberry and Bill Pytlovany two of the most honest, ethical people in the security industry.

WinPatrol 2007 v11.2

My apology to WinPatrol fans for not letting you know about release of WinPatrol 2007 v 11.2 last week. It seems I have been spending a bit too much time between analyzing log files and updating Windows Vista Bookmarks.

Following are the updated features:
  • Major performance improvement reading the Windows registry when duplicate reading is being done by other security programs.
  • Right-click access to a programs Folder and Properties including Vista Security settings, Digital Signatures and Shadow copies
  • Fixed a bug moving some Startup Folder items back from Delayed Startup to normal startup folder.
  • Added backup method to launch programs that failed to start at the appropriate time.

Note for Windows Vista Users:

The sound function works a bit differently on Windows Vista. As a result, Scotty's bark will be missing when launching WinPatrol from the task bar or if Scotty alerts you to a change.
Here is what Bill Pytlovany said about Scotty's Bark on Windows Vista:

"Yea, this is one I really hoped to have an answer by now on. I've left messages on Microsofts Vista Developer help board but it looks like I may have to use one of the phone calls I'm allowed to get someone at Microsoft to explain what has changed.

WinPatrol hasn't made any changes to how we call the sound function but it apparently works a little different in Vista. I'm happily surprised that with all that could possibility go wrong, this remains the number one bug that people are reporting.


Get WinPatrol.