Thursday, May 31, 2007

Windows Live Mail and Other "Live" Betas

There has already been sufficient coverage of the three Windows Live betas released yesterday. However, there is one comment that seems to be overlooked in all the postings. From the Windows Vista Team Blog:
"And, there will not be any graphical advertisements in Windows Live Mail at this time." {emphasis added}
So, if not "at this time", when and what kind of graphical advertiesments can we expect to find in Windows Live Mail?

Windows Live Beta Information:

Pre-Release Vista Versions Expire Today

Today is the end of the road for pre-release versions of Windows Vista. Starting tomorrow, after 2-hour sessions, anyone operating a pre-release version of Windows Vista will find the PC automatically rebooting without providing the opportunity to save any data. The ability to log in normally for 2-hour sessions will only be available until August 28, 2007.

Upgrade information is available at the
Windows Vista Preview pages. See the Windows Vista Blog for additional information.

ValueClick Reprieve Short Lived

Let's hope the FTC is paying attention because it appears that ValueClick is still serving up Winfixer! See Sandi Hardmeier's report in Valueclick and Winfixer continue to be a problem.

See FTC Note: ValueClick turns to the Dark Side for instructions on submitting an FTC Consumer Complaint Form.

Wednesday, May 30, 2007

Firefox 1.5 support ends today

I'm still in the process of transferring files to my new machine so blogging has been lagging a bit. However, this is important information for those people still using Firefox 1.5. From Computerworld:

"Mozilla Corp. will issue the last security update for its open-source Firefox 1.5 browser today. It will include an automatic update mechanism to give users the option of upgrading to Firefox 2.0.

"The upgrade offer will be enabled within in a few weeks," said Mozilla in a blog on its developer center.

The long-anticipated end to Firefox 1.5 support was originally slated for April 24, but last month, Mozilla pushed back the drop-dead date, saying it needed more time to craft the automatic updater. When Mozilla triggers what it has called "major updates," users will be offered an in-place upgrade to Firefox 2.0, which they can decline if they wish. Users can also permanently suppress the upgrade message so it never appears again.

Today's Firefox will be the final security patch for the 18-month-old browser. Also due for delivery is Firefox Both, Mozilla said, are "standard stability and security updates."

Firefox will be posted here, while Firefox will be available from this page of the Mozilla site. A list of the vulnerabilities patched by both updates will be posted sometime after and go live.

In related news, the Alpha 5 preview of the next Firefox, Version 3.0, will be available for download Friday. Mozilla has pegged Firefox 3.0's final code release for sometime this year."

Monday, May 28, 2007

Memorial Day 2007

Today marks the observed day in the United States for remembering those who have died serving their country.

On this Memorial Day, I extend my prayers for the day when we no longer have new names to mourn.

The image above is a resized version of an original image by Daniel Wood ©2004. See his complete photo essay entitled "Fallen Heroes".

Reference: U.S. Memorial Day History

Sunday, May 27, 2007

Parental Guides for Child Safety

As parents (grandparents, aunts, uncles, older siblings), we have reason to be concerned about child safety on the internet. It is no longer merely a concern about the child installing a software that includes a trojan, browser hijack or other malware. An even greater concern is for their privacy and personal safety.

Blake Handler has written several guides for parents, the most recent of which is Parent's Guide to Microsoft’s Windows Vista where he has provided step-by-step guidelines to assist parents in setting up computer access rights based upon the child's age and maturity.

Although the Vista Security Features bookmark page was updated to include Blake's article, below is a link to other articles I have written on child safety as well as articles either written or referenced by Blake at The Road to Know Where.

Above all, please keep an open dialog with your children regarding Internet safety. Don't make the controls too restrictive, but don't give them free reign either.

Edit 30May07:

Parental Guides for Child Safety

Blake Handler:

Fred Stutzman:
Kevin & Dale Farnham:

Alfred Thompson

Security Garden:

Saturday, May 26, 2007

ValueClick Reform or Afraid of the FTC?

A big "thank you" to anyone who submitted an FTC Consumer Complaint Form in response to the post I wrote a couple weeks ago referring to the studies illustrating ValueClick was serving up WinFixer. Whether it was from that effort, fear of the FTC investigation, the analysis by fellow MVP, "winhelp2002", or a combination thereof, it appears to have been successful.

ValueClick cuts ties with the WinFixer Group

There has been no official notice yet but it looks like ValueClick has severed it's ties with the WinFixer Group.

I have checked quite a few of the links that I had previously mentioned [1] [2] [3] and they now no longer redirect to "".

Thursday, May 24, 2007

Windows Vista: Pre-Release Versions About to Expire

Time is running out! All Pre-Release versions of Windows Vista are set to expire on May 31, 2007. This includes the Beta 2, RC1, and RC2 versions that were part of the Customer Preview Program (CPP).

What happens if you don't upgrade the pre-release version? After May 31, 2007, after 2-hour sessions, the PC will automatically reboot without providing the opportunity to save data. Even the ability to log in normally for 2-hour sessions will only be available for a limited time.

Upgrade information is available at the Windows Vista Preview pages. See the Windows Vista Blog for additional information.

Wednesday, May 23, 2007

Extremely dangerous Better Business Bureau spam with malware

Reported by SunbeltBLOG as seen in the wild is highly "personalized" spam that appears to be from the “Better Business Bureau”. The RTF (rich text format) document is loaded with malware and when opened, it downloads:

1. More malware

2. TightVNC

3. WinRAR

As reported by Sunbelt researchers, this thing is designed to steal data and results from Virus Total yield very thin coverage. You've been warned!

SunbeltBLOG Report

Tuesday, May 22, 2007

Microsoft Security Advisories 927891 and 937696 Released

Microsoft issued two new Security Advisories for non-security updates, reproduced below.

Summary for Security Advisory 927821

Today, 22 May 2007, we are announcing the availability of an update that does not address a security vulnerability, but is a high priority for customers in keeping their systems updated. The update addresses the following issue:

Your system may appear to become unresponsive when Windows Update or Microsoft Update is scanning for updates that use Windows installer, and you may notice that the CPU usage for the svchost process is showing 100%.

When you try to install an update from Windows Update or from Microsoft Update, you experience the following symptoms:
  • Your system may appear to become unresponsive when Windows Update or Microsoft Update is scanning for updates that use Windows Installer.
  • You receive an access violation error in svchost.exe. This access violation stops the Server service and the Workstation service.
  • A memory leak occurs when Windows Update or Microsoft Update is scanning for updates that use Windows Installer.
  • Windows Update or Microsoft Update scans take a very long time, sometimes hours, to complete.
We encourage Windows customers to review and install this update. This update will be offered automatically through Automatic Updates. For more information about this issue, including download links for the available non-security update, please review Microsoft Knowledge Base Article 927891 (

Please note that this update is the first part of a two-part fix that is the comprehensive solution to the problem. In June, another update will involve the Windows Update client. The update for the Windows Update client will also be automatically offered through Automatic Updates.

Summary for Security Advisory 937696

Yesterday, 21 May 2007, Microsoft announced the availability of the Microsoft Office Isolated Conversion Environment (MOICE) feature and more widely notified customers of the File Block functionality for Microsoft Office 2003 and the 2007 Microsoft Office system. Both features are designed to make it easier for customers to protect themselves from Office files that may contain malicious software, such as unsolicited Office files received from unknown or known sources. MOICE makes it easier by providing new security mitigation technologies designed to convert specific Microsoft Office files types, while File Block provides a mechanism that can control and block the opening of specific Microsoft Office file types.

The Microsoft Office Isolated Conversion Environment (MOICE) uses the 2007 Microsoft Office system converters to convert Office 2003 binary documents to the newer Office open XML format. The Conversion process helps protect customers by converting the Office 2003 binary file format to the Office open XML format in an isolated environment. In summary, MOICE provides a mechanism for customers to pre-process potentially unsafe Office 2003 binary documents, by virtue of the conversions process it provides customers with a greater degree of certainty that the document can be considered safe.

We encourage Microsoft Office customers to review the related Knowledge base article and consider whether MOICE can help protect users in your IT environment. For more information about this release, see Microsoft Knowledge Base Article 935865.

The File Block Functionality for Microsoft Office 2003 and the 2007 Microsoft Office system allows administrators to restrict via registry and Group Policy specific Office file types that can or cannot be opened when using Microsoft Word, PowerPoint, and Excel. Blocking specific Office file types allows administrators to temporarily deny users the ability to open certain files, such as when a threat of attack from a given Office file type exists.

We encourage Microsoft Office customers to review the related Knowledge base article and consider whether File Block can help protect users in your IT environment. For more information about this release, see Microsoft Knowledge Base Article 922849, Microsoft Knowledge Base Article 922848 and Microsoft Knowledge Base Article 922847.

When MOICE and File Block are used together they are an effective mitigation strategy for customers when the threat of attack using certain Office types exists. This enables customers to continue using Microsoft Office with a high degree of assurance that the files being opened are considered safe and will not infect users with malicious software.

Additional Resources

Security Advisory 927891:

• Microsoft Security Advisory 927891 - Fix for Windows Installer (MSI):
• Microsoft Knowledgebase Article 927891:

Security Advisory 937696:

• Microsoft Security Advisory 937696 - Release of Microsoft Office Isolated Conversion Environment (MOICE) and File Block Functionality for Microsoft Office:
• Microsoft Knowledgebase Article 935865:
• Microsoft Knowledgebase Article 922849:
• Microsoft Knowledgebase Article 922848:
• Microsoft Knowledgebase Article 922847:


• MSRC Blog:

Google Introduces Online Security Blog

Google has introduced a new blog in their repertoire, Google Online Security Blog, supported by their Anti-Malware Team.

Their first bit of advice is sound, particularly in providing a link to Webmasters on how to clean and secure a website:
"Guidelines on safe browsing
First and foremost, enable automatic updates for your operating system as well your browsers, browser plugins and other applications you are using. Automatic updates ensure that your computer receives the latest security patches as they are published. We also recommend that you run an anti-virus engine that checks network traffic and files on your computer for known malware and abnormal behavior. If you want to be really sure that your system does not become permanently compromised, you might even want to run your browser in a virtual machine, which you can revert to a clean snapshot after every browsing session.

Webmasters can learn more about cleaning, and most importantly, keeping their sites secure at's Tips for Cleaning and Securing a Website."
There is no doubt when reviewing the analytics of my blogs that Google search is without a doubt the most widely used. As a result, the more security aware Google staff, the better for us. One helpful feature is the identification of sites that may install malicious software on your computer through the use of the annotation, "This site may harm your computer.", followed by a large warning if the link is clicked.

I have added the site to my list of RSS feeds and will certainly pass along interesting tidbits.

Monday, May 21, 2007

WinPatrol: 100 Best Products of 2007

PC World selected my favorite, WinPatrol, as Lucky 13 in the The 100 Best Products of 2007! In honor of the selection, Bill Pytlovany announced that he is taking $5 off all WinPatrol PLUS upgrades for the rest of the month. (Offer good until June 1st. Go to

Although WinPatrol is free for non-commercial use, there are additional features and benefits to the Plus version. The table below from the WinPatrol comparison page clearly illustrates the many functions available in WinPatrol. Unlike other real-time protection software, there isn't an annual fee to renew your WinPatrol license. So, in honor of this great acknowledgment of an outstanding software program, consider WinPatrol Plus.

Features Free PLUS
Detect and Review New Auto-Startup Programs Yes Yes
Automatically Disable Reoccuring Startup Programs Yes Yes
Monitor BHO's and IE Tool Bars Yes Yes
Monitor Creation of Scheduled Tasks Yes Yes
Display and Kill Multiple Running Tasks Yes Yes
Monitor, Stop and Control Window Services Yes Yes
Manage and Automatically Remove Unwanted Cookies Yes Yes
Monitor IE Home and Search pages Yes Yes
Monitor and Edit HOST File Yes Yes
Detect and Lock Changes to File Type Associations Yes Yes
Detect and View Newly Created Hidden Files Yes Yes
Track Date/Time when programs are first detected on your system Yes Yes
Delay Auto-Startup programs for quick bootup Yes Yes
WinPatrol PLUS
Premium Access to WinPatrol PLUS Knowledgebase (24/7) No Yes
Real-time Infiltration Detection without slowing you down No Yes
Detect newly created Undocumented or HIDDEN Registry Startup Keys No Yes
Support future WinPatrol Research and Development No Yes


Sunday, May 20, 2007

Secunia Software Inspector Report

Via Brian Krebs, I see that Secunia has issued a report on the Software Inspector they introduced six months ago. The object of the Software Inspector is to scan the computer not only for Microsoft updates, but also to find out what other software is out of date. Read Brian's post for his thoughts about the browser comparisons.

I am not as concerned with the browsers, since those numbers are not too bad. There is more awareness of browser security than other applications. Firefox has a built in update feature. Even people who don't have Microsoft updates automatically installed on their computer are likely to be aware of "Patch Tuesday". This explains why Secunia reports that the patch level for Microsoft products are relatively high.

It is other applications where I have a concern, particularly when Secunia reports
"But looking at media players such as Quicktime and WinAMP, then the figures are more worrying, as 26.96% of all WinAMP 5 installations miss important security updates and 33,14% of all Quicktime 7 installations are outdated."


"This constitutes a significant problem because many of those applications, like WinAMP and Quicktime, are readily used whenever users encounter media files of various kinds. Most people wouldn't hesitate to open an .mpg, .jpg, .mov, or .mp3 file from any source if it seems the least bit interesting and relevant. It's easy to embed a movie in your homepage, for example, and all it takes is one unpatched Quicktime vulnerability and a provocative video title to compromise a lot of visitors."
Consider the effect of 33.14% of Quicktime 7 outdated in conjunction with the report by Joris Evers, Cybercrooks add QuickTime, WinZip flaws to arsenal providing a warning by Symantec that security holes in QuickTime and WinZip are being exploited by sites appearing to be trusted financial institutions. Instead, they are using the vulnerabilities to attempt to silently install keystroke-logging software.
"Symantec discovered the attacks when one of the PCs that it uses as bait was breached earlier this week.

"This compromise was especially interesting, because the site made use of a QuickTime vulnerability discovered in January 2007 and a WinZip vulnerability discovered in November 2006," Symantec said. "Before our analysis, it was not known that these issues were being exploited in the wild."

QuickTime is Apple's widely used media player software, WinZip is a popular tool for compressing and decompressing files."

What can you do to avoid such exploits? First, of course, make sure you use the phishing filter in your browser. Visit Microsoft Updates to ensure you have all the latest security updates. Then, head on over to Secunia to check for other out of date software on your computer. There is a link is on the left side-bar. Go ahead, check it out.

Saturday, May 19, 2007

FTC Note: ValueClick turns to the Dark Side

As Sandi suggests, let's spread the word about ValueClick's dirty connections. Why? Because beyond the FTC investigating ValueClick because of potential violations of the Can-Spam Act, it seems that ValueClick seems to be facilitating more than the distribution of malware like Winfixer. See ValueClick involved with Trojan.Zlob.N and ValueClick turns to the Dark Side.

Action You Can Take:

If you have been infected as a result of ValueClick/MediaPlex as described in the above topics, submit an FTC Consumer Complaint Form. With sufficient consumer input from people affected, the FTC may just do as Sandi suggested and take a closer look at the company.

"Use this form to submit a complaint to the Federal Trade Commission (FTC) Bureau of Consumer Protection about a particular company or organization. This form also may be used to submit a complaint to the FTC concerning media violence. The information you provide is up to you. However, if you do not provide your name or other information, it may be impossible for us to refer, respond to, or investigate your complaint or request. To learn how we use the information you provide, please read our Privacy Policy.

While the FTC does not resolve individual consumer problems, your complaint helps us investigate fraud, and can lead to law enforcement action. The FTC enters Internet, telemarketing, identity theft and other fraud-related complaints into Consumer Sentinel®, a secure, online database available to hundreds of civil and criminal law enforcement agencies worldwide.

We use secure socket layer (SSL) encryption to protect the transmission of the information you submit to us when you use our secure online forms. The information you provide to us is stored securely."

Friday, May 18, 2007

Windows OneCare Re-Certified

Good news for the Windows OneCare Team. The West Coast Labs and the ICSA re-certified OneCare. According to the Windows OneCare Blog:

". . .one of the reasons certification from West Coast Labs and the ICSA is considered significant is that their testing methodologies reflect malware threats “out in the wild.” Testing in this manner provides an accurate indication of how security products perform against real world threats."

Windows OneCare is Windows Vista compatible on 32-Bit systems.


Windows Live OneCare - Home
Windows OneCare - Blog

Thursday, May 17, 2007

Amero Sentencing Postponed & Moved

The Julie Amero sentencing has been rescheduled several times now. This time, however, it has been both rescheduled and relocated. Rather than this Friday in Norwich Superior Court, sentencing is now set for June 6 in New London Superior Court.

I cannot help but feel that a change in venue is a positive thing.

(To learn more about the Amero case, click on the Amero tag at the bottom of this post.)

Source: Norwich Bulletin

Windows Vista Security Blog Returns

Following a lengthy absence, Austin Wilson announced today that The Windows Vista Security Blog is Back with a promise for regular posting again. Also included was a link to the newly published whitepaper, Security Enhancements in Windows Vista™, described as including
information about security enhancements in Windows Vista and how Microsoft used the Security Development Lifecycle to increase the security of the Windows operating system.
Too much to handle right now? No problem. The references have been bookmarked for you to find later in Vista Security Features under "Security-Related Topics".

Now if some influence could be extended to the "Related Product Teams" linked there, we could see some real customer communication provided. Except the IEBlog Team which has been consistent, not much has been seen from these Microsoft Team blogs:

User Account Control, System Integrity Team, Anti-Malware Team, BitLocker™ Drive Encryption, SmartCard Infrastructure, Windows Authentication Team, Network Access Protection


IE7 Problems After May Security Update?

It was reported at the IEBlog that some people have experienced an unexpected “Save File” security dialog when they launch Internet Explorer. It appears that this happens if you have moved the “Temporary Internet Files” folder to a custom location and IE does not have appropriate access rights to the new folder location.

While the IE Team works to resolve the issue, use the workaround in Microsoft KB Article 937409, The "File Download – Security Warning" dialog box opens when you try to open Internet Explorer 7.


Wednesday, May 16, 2007

The "WOW" Finally Arrived At My Door!

Any long-time readers as well as friends and family will likely recall the post I made in November:
And That's All She Wrote!

Regarding Bits from Bill: Vista Countdown:

"Like me, most of my Blogger friends took it easy this long weekend. I know I had more than my share of turkey and cranberry sauce. There was one exception. I can only guess they opened up a new Starbucks across the street from Corinne at the Security Garden. She’s been writing like crazy and has lots of news to share."

There was a purpose behind the madness. Some day I may explain but can assure you there is no Starbucks across the street from me.
I can finally explain. Last fall, I competed with other Microsoft MVP's in a BlogRocker contest. The post linked above was made the day after the contest ended.

Being a new blogger, the contest seemed like a nice way to break the ice. As it turned out, in addition to blogging, various points were applied for other activities, including forum help, which I was very busy with at the time and, as a result, accrued a lot of points.

Since this was the first BlogRocker contest, there was a lot of confusion. In fact, except for the "grand prize winner", positions shifted toward the end of the contest. However, when the final tally was announced, I had come in second place, winning "first prize".

So, why has it taken me all these months to explain? Because of uncontrollable events, the prize arrived today:

Voodoo ENVY Hu:709 Notebook*

For my personal computers, I've only had AMD and this is an Athlon 64 bit dual core processor with 2GB Crucial DDR RAM. I think the 100 GB 7200 RPM SATA Voodoo drive will suit me quite nicely, as will the 512 MB nVidia GF 7950 video card and 17" LCD monitor.

So, except those days when I have time before work, during lunch, etc., I expect blogging and other online activities will be taking second place as I spend much of my "play time" poking around this incredible new machine. It has been quite a few years since I have had a new computer to set up. One nice thing I have already discovered, there are no "trials" and extra goodies that I need to remove.

First priority is getting Eset NOD32 antivirus software, WinPatrol Plus and Office 2007 installed. The Windows Vista firewall is already activated. After I get my connection set up on that machine, there will be quite a few security updates to install and firewall rules to deal with. Rather than blindly transferring everything from the old machine, I plan on being selective. Its a good opportunity to do a bit of records management.

*There seems to have been some changes in the Notebook availability as I no longer see the 709 in the options at VoodooPC. I guess things changed since my order was placed 4 months ago.

Sunday, May 13, 2007

Forever and ever and ever. . .

When my son was young, he would frequently tell me that he was going to stay with me "forever and ever and ever." I would suggest that when he grew up, he would want to have his own home. He would always reply in the negative, repeating that he was going to stay with me "forever and ever and ever."

Several years ago my son purchased his own home. My daughter's employer relocated her family to a location 1,000 miles away. So, on this Mother's Day, I reflect on the many images of my children growing up -- their first steps, my daughter's first sentence -- half English, half Ukrainian, my son as a toddler enchanted with hats, their many school activities, awards and achievements, all leading to the time when they would be adults, making their own path in life. Needless to say, I am very proud of them.

Even though my children are grown and have their own lives to follow, with very divergent paths, I now know my son was right. Beyond the remembrances and cards from both of them for Mother's Day, the magic words, "I love you, Mom" assures me that both of my children will remain with me forever -- forever in my heart.

orever and ever and ever.


I am proud to congratulate the staff of for being accepted in ASAP.

stands for the Alliance of Security Analysis Professionals. The goals of ASAP are:
  • To ensure a high standard and quality of security support no matter where you seek help.
  • To recommend in an equal and fair manner products available to keep your computer clean and safe, regardless of pricing.
  • To ensure that end users are not affected by so called "product wars" and unfair marketing tactics, which have plagued several industries in recent years. is indeed deserving of this recognition. Congratulations!

Saturday, May 12, 2007

Windows Vista Search

I started writing this the other day when Nick White posted the first segment in the Windows Vista Team Blog highlighting advanced searching in Windows Vista. Knowing he was going to add another part to the piece, I held off publishing.

Now that Part II has been posted, below is a brief synopsis of
Putting advanced searches to work for you and Searching, part II: Using Search Folders along with additional links collected.

All links have been bookmarked in Features and Tutorials.

  • Explorers (Microsoft)
    In the new Explorers, the menus, toolbars, Navigation Pane, Task Pane, and Preview Pane have all merged into a single intuitive interface that's consistent across all of Windows Vista.
  • Using Search Folders (Advanced Search) (MSDN Blog)
    Examples of using Search Folders. Be sure to read the additional information in the comments.

Remove Trojan Posing as Windows Product Activation

Just as I initially learned about the trojan posing as windows product activation last Friday from fellow MVP, Donna, when I was reading the post made yesterday at the Windows Genuine Advantage blog, I saw that Donna had located Removal Instructions for Trojan.Kardphisher at Symantec's blog.

Way to go, Donna! You have again reaffirmed why a few months ago I wrote: It is no wonder that Donna deserves to be in the spotlight.


Wednesday, May 09, 2007

Spybot Search & Destroy Bows To No One!!

Safer Networking's Spybot Search & Destroy was recently served a Cease and Desist (C&D) letter. Actually, it was more than a C&D. Instead of working with Safer Networking to stop the trojan being installed with their software (or Oska's affiliates), via their attorney, Oska Educational Systems Pty Limited are suing for damages to their reputation done by the trojan. In addition,
"They also asked us to no longer detect their software even if installed without user consent by this trojan horse, to post a public apology in this place after removing any other reference to their name, delete any correspondence from and to Spybot-S&D users who had been this trojan, stop helping further Spybot-S&D users that get infected with this trojan."
read more | digg story

Tuesday, May 08, 2007

Apple iPod Compatibility Update for Windows Vista

Nick White announced at the Windows Vista Team Blog that the final compatibility update is available for Windows Vista users of the Apple iPod.

The update is available at the Microsoft Download Center now and will be available via Windows Update on Tuesday 22 May 2007.
"The release is for users worldwide and works with the latest version of Apple iTunes to correct an issue that caused some iPods to become corrupted when ejecting them using Windows Explorer or the "Safely Remove Hardware" function in the System Tray.

The long and short of it is this: Apple and Windows have partnered together to ensure a great experience in using Windows Vista with iTunes and the iPod, and both companies recommend you download this update."


Microsoft Security Bulletins - May 2007

In the Microsoft Security Bulletin Summary, the information below is provided on the updates for May, 2007.

Edit to add:
  • The IEBlog published the reminder that IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.

Should you have difficulty with the updates, no-charge support is available at 1-866-PCSAFETY (1-866-727-2338). This number is available 24 hours a day for the U.S. and Canada for virus and other security-related support. For numbers outside the U.S. and Canada, please select your region and follow the instructions there.

Microsoft has provided information, about how you can help protect your computer system, at the following locations:
  • Consumers can visit Security At Home, where this information is also available by clicking “Latest Security Updates”.

There are 7 Critical Updates:
  • MS07-023 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233), Affected Software: Office.
  • MS07-024 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232), Affected Software: Office.
  • MS07-025 Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873), Affected Software: Office.
  • MS07-026 Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832), Affected Software: Exchange.
  • MS07-027 Cumulative Security Update for Internet Explorer (931768), Affected Software: Internet Explorer, including IE7 on Windows Vista
  • MS07-028 Vulnerability in CAPICOM Could Allow Remote Code Execution (931906), Affected Software: CAPICOM, BizTalk.
  • MS07-029 Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (935966), Affected Software: Windows

    Reminder: The MS07-029 security update will NOT undo any of the workarounds that may have been applied and will need to be undone.

Vista, Windows Calendar and UAC Tutorials

I delayed adding the three-part "Windows Calendar" tutorial preapred by Vista4Beginners because I had not decided on the bookmark category to place the links. Now that I have created the new Windows Mail page, it occurred to me that calendar would be a nice accompanyment.

As a result, the new bookmark page has been renamed "Windows Mail and Calendar" where you can find
The complete guide to the Windows Calendar by Vista4Beginners bookmarked. I also added several other Vista Windows Calendar bookmarks that you may find useful.

Today, Vista4Beginners added another helpful tutorial, "Manager User Accounts". The tutorial illustrates how simple it is to create a new user account, change the account type, password, and more. This tutorial, along with several others on UAC and other security features of Windows Vista, can be found bookmarked at Vista Security Features.

Monday, May 07, 2007

"You've Got Mail"

Yes, Microsoft said "you've got mail". The question is what mail?

Windows Live Hotmail

After some confusing renaming, it appears the evolution is complete from MSN Hotmail --> Windows Live Mail --> Windows Live Hotmail.

Read about all of the new Windows Live Hotmail features in the announcement,
Microsoft Launches Windows Live Hotmail Worldwide.

For help and support with Windows Live Hotmail, go to the Email Support Space, described as the official technical support site for MSN Hotmail, Windows Live Hotmail and Windows Live Mail (32-bit client). (What about 64-bit machines?)

Windows Live Mail

A bit more confusing is the announcement of the name change for Windows Live Mail Desktop to Windows Live Mail. From what I have ascertained, Windows Live Mail will eventually incorporate the features from OE, Windows Mail and Windows Live Mail desktop.

To follow the developments and provide feedback, visit the new Windows Live Mail (client) Support Team Space:
"Welcome to customers of Windows Live Mail (desktop), and welcome to customers who are considering a migration from Outlook Express 6 and/or Windows Mail (Vista). Your client support team has built this site so we can keep you aware of late-breaking announcements, ask for your assistance when we're troubleshooting emerging issues, and finally request feedback on various issues involving the client."
Help and support for Windows Live Mail is available by submitting a Support Incident.

See the Windows Live Mail blog for general update information.

Confused? It will all fall in to place eventually. In the meantime, be sure you have updated Mozilla Thunderbird to 2.0.

To help you keep track of these pages plus the Beta mail programs, a new Windows Mail page has been added to Windows Vista Bookmarks.

Saturday, May 05, 2007

Security Tips To Keep You Safe While Traveling

Do you travel for business or have a family holiday approaching?
Do you plan on taking your laptop with you to complete a project?
Will you be logging in on a public computer to check your personal email?
Will you need access to your company's network?

As "The Gonz" indicates in his article, Security Tips To Keep You Safe While Traveling,
"It is easy to be complacent when traveling. And, unfortunately, there are plenty of people out there willing to take advantage of this fact. By taking a few extra moments to think about what needs to be protected, take inventory of your technology rich possessions, and take the extra time to protect your data, you will ensure a more worry-free travel experience."
See the complete article, chock full of suggestions to protect both personal and business data, at Gonzo's Garage - Computers and One-Liners: Security Tips To Keep You Safe While Traveling.

Friday, May 04, 2007

No Charge for Windows Genuine Advantage

I learned from fellow MVP, Donna Buenaventura, that Symantec has identified as Trojan.Kardphisher. The Trojan is installed when the PC is restarted. A window appears that has been designed to look like the Windows Genuine Advantage (WGA) Activation Form.

There are two options presented on the form -- activate now or later. According to Symantec, it isn't possible to run Task Manager or any other applications. Choosing no results in immediate shutdown of the computer. Selecting yes presents an activation window, but not quite what is provided by Microsoft.

The trojan window requests credit card information.
Microsoft does NOT request credit card information for WGA Activation. Do not be tricked into providing credit card information. Instead, update your antivirus software and run a full system scan. If you need assistance, visit one of the ASAP Member Sites.

Thursday, May 03, 2007

Advance Notice - Microsoft Updates for May 2007

On Tuesday, 8 May 2007, Microsoft is planning to release updates affecting Microsoft Windows, Office, Exchange, CAPICOM and BizTalk.

Of important note, there has been no change since the update provided recently with regard to Security Advisory 935964. (See Update on Microsoft Security Advisory 925964, including consolidated list of update links.)

Security Updates
  • Two Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
  • Three Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting Microsoft Exchange. The highest Maximum Severity rating for these is Critical. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
  • One Microsoft Security Bulletin affecting CAPICOM and BizTalk. The highest Maximum Severity rating for these is Critical. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.

Microsoft Windows Malicious Software Removal Tool

  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.

    Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

  • Microsoft will release 1 NON-SECURITY High-Priority Update for Windows on Windows Update (WU) and Software Update Services (SUS).
  • Microsoft will release 6 NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).


Don't Tell Susan Bradley!

For Sandi, it was a bit of procrastination. Me, well, I just needed a break. Just don't tell Susan Bradley!

Wednesday, May 02, 2007

Cyber Space and Ethics Initiative

Since I started this blog last year, I have posted a fair number of articles connected to child safety on the internet and have provided information on parental controls, child safety, the dangers of MySpace, and more. I backtracked and labeled some of those postings with the safety tag.

The Rochester Institute of Technology, known locally as RIT, has started a new endeavor that, if nothing else, will result in better educating the parents, teachers and students in the local area on internet safety, cyberethics and information security.

The program is beginning with surveys, grade-targeted for the children, as well as surveys for both parents and teachers. The data from the surveys will certainly go a long way in determining a path forward -- which I certainly hope evolves similarly to the D.A.R.E. program. Providing appropriate education is the key for success.

Read about the Rochester Regional Cyber, Security and Ethics Initiative (RRSEI):

The Rochester Regional Cyber, Security and Ethics Initiative is a unique non-profit partnership between the Rochester Institute of Technology (RIT), numerous area school districts, the Diocese of Rochester Department of Catholic Schools, other higher education institutions and private schools, and regional offices of three national organizations, including:
  • The National Center for Missing and Exploited Children (NCMEC)
  • Information Systems Security Association (ISSA) Rochester Chapter
  • InfraGard Member Alliance (IMA of Rochester), a program of the Federal Bureau of Investigation (FBI).

The mission of the Initiative is to improve cyber safety, security and ethics at the K-12 level, as well as for teachers, parents, employers and other members of the community."

Tuesday, May 01, 2007

Cerulean Studios Trillian Multiple IRC Vulnerabilities

A close friend, who knows I use Trillian for the convenience of an all-in-one chat program, alerted me to the IDefense Labs PUBLIC ADVISORY 04.30.07, copied below. Thanks, ETR!

If you use Trillian but would rather not read all the technical jargon below, make sure that you update to the latest version!

Edit Notes 02May07:

Cerulean Studios posted an update to their blog today and included the direct download link for Trillian Version, advising users to update as soon as possible. Please use the Cerulean Studios link, provided below, rather than an obscure site that may not be trustworthy.

Dowload link:

Edit Notes 01May07
  • I originally posted a link to but removed it after receiving two corrupt download copies from that link. Even though it references the latest version, as of this evening, BetaNews was still pulling 3.1 from so I changed the download link to and got the latest version.

  • A change from the 3.1 download file is the addition of the optional install of a weather add-on and the toolbar. I made sure to uncheck both. I dislike toolbars and will select my own weather media.
    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
"Cerulean Studios Trillian Multiple IRC Vulnerabilities


Cerulean Studios Trillian is a multi-protocol chat application that supports IRC, ICQ, AIM and MSN protocols. More information can be found on the vendor's site at the following URL.


Remote exploitation of multiple vulnerabilities in the Internet Relay Chat (IRC) module of Cerulean Studios' Trillian could allow for the interception of private conversations or execution of code as the currently logged on user.

When handling long CTCP PING messages containing UTF-8 characters, it is possible to cause the Trillian IRC client to return a malformed response to the server. This malformed response is truncated and is missing the terminating newline character. This could allow the next line sent to the server to be improperly sent to an attacker.

When a user highlights a URL in an IRC message window Trillian copies the data to an internal buffer. If the URL contains a long string of UTF-8 characters, it is possible to overflow a heap based buffer corrupting memory in a way that could allow for code execution.

A heap overflow can be triggered remotely when the Trillian IRC module receives a message that contains a font face HTML tag with the face attribute set to a long UTF-8 string.


Exploitation of this vulnerability allows remote attackers to intercept private communications for Trillian IRC users or execute code with the credentials of the currently logged on user.

In order to exploit the highlighted URL vulnerability, users would have to highlight the malicious URL.


iDefense has confirmed the existence of this vulnerability in Cerulean Studios Trillian 3.1.


iDefense is currently unaware of any effective workaround for this issue.


Cerulean Studios has addressed these vulnerabilities within version of Trillian. For more information, visit their blog at the following URL."