Saturday, May 31, 2008

Debunking Zango's "Content Economy"

Earlier this month, Certified Bug provided an update of the latest press coverage of Zango. It was from Certified Bug that I discovered the PCMag article, Must You Install Zango?, and Ben Edelman's comments there.

Ben hasn't been idle since then. His latest research analysis debunk's Zango's "content economy":

Zango often touts its so-called "content economy" -- purportedly providing users access to media in exchange for accepting Zango's popup ads. After four years of debunking Zango's claims, I've come to suspect the worst -- and my investigations of Zango's media offerings confirm that Zango's media library is nothing to celebrate. This article reports the results of my recent examinations. I show:

  • Widespread copyrighted video content presented without any indication of license from the corresponding rights-holders. Details.
  • Widespread sexually-explicit material, including prominent explicit material nowhere labeled as such. Details.
  • An audio library consisting solely of prank phone calls to celebrities (without the "music" Zango promises). Details.
  • Widespread material users can get elsewhere for free, without any popups or other detriments. Details.
  • Widespread material that content creators never asked to have included in any Zango library. Details.
See the complete report at Debunking Zango's "Content Economy".

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Windows XP SP3 Available on CD

After over eight years, I was finally able to obtain a reasonable broadband connection, leaving behind all those many years of dial-up. However, I know a lot of people still use dial-up to connect to the internet, some because it is the only means available and others based on financial considerations.

I know that downloading updates on dial-up can be painful at best. Fortunately, Windows XP users can now obtain Service Pack 3 on CD. I do not know the cost of the CD for other regions. For the United States, it appears to be $3.99 USD.

From TechNet:
Windows XP Service Pack 3 (SP3)

Updated May 6, 2008

Windows XP Service Pack 3 (SP3) is now available for download and install via Windows Update and the Microsoft Download Center. Windows XP SP3 includes all previously released updates for the operating system, in addition to a small number of new updates. Windows XP SP3 will not significantly change the Windows XP experience.

Installation media and documentation on disc for Windows XP SP3 may sometimes refer to Windows XP SP2. Windows XP SP2 installation guide instructions apply to Windows XP SP3.

Before installing SP3, I recommend reviewing the following:
Order the Windows XP Service Pack 3 CD:
Asia | Europe and Africa | North America | South America

via Security Ticker

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Bad Advice from Comodo and Loss of Trust

How does a security vendor lose trust? It likely begins when the company CEO becomes overly defensive and posts rants such the one at the end of this post:
"You know what pisses me off the most: Its ill-informing, mis-informing doing a disservice to users, because of our own agendas!!!! I have no problem with people liking or disliking what we have, we respect opinions, however people in the position to make a difference, abusing the trust that users have bestowed upon them by ill-informing is just plain wrong!!!"
Please pay particular attention to the words in bold in the above quotation while you consider the explanation on the Comodo website for providing a free firewall:
"You must be wondering - how can we stay in business by giving away high quality solutions that all other software vendors sell. Simply, Comodo's main revenue comes from authenticating web business with SSL certificates (e.g. we put the padlock on websites)."
Apparently that source of revenue must not be as lucrative as one might expect since Comodo has found it necessary to add to their revenue base by including the IAC/Ask Toolbar to the most recent version of the firewall.

Circling back to the subject of a vendor losing trust and considering the above text in bold, it seems that Comodo is indeed abusing trust when, in defense of including a toolbar provided by a known adware vendor, they are suggesting that users turn off their antivirus software!
NOTE: This "Toolbar" is being detected by various Anti-virus software as Adware/Malware *THIS IS A FALSE POSTIVE!!!*, There is NO Adware, Spyware etc in this Toolbar WHAT SO EVER. If you are having problems installing the Toolbar, turn off your AV if this is the case.
Edit Note, 04June08:
Comodo Support Forum Moderator deleted the above quote from the linked topic. See the comments for the evolution of this change. Interestingly, as of the last check of Comodo BOClean, Anti-Malware Version 4.26 continues to include both AskJeeves Toolbar and MySearch in the list of Current Covered Malware.
Indeed, Comodo is ill-forming, mis-informing and providing a major disservice to users. As illustrated at Calendar of Updates, when the Comodo toolbar was installed and the toolbar .dll scanned at virustotal and virusscan.jotti, the following were the results:
MD5...: ccc67b6b51bf3b004c6186c2da2faa2e

A-Squared Found Adware.Win32.MySearch.i
ArcaVir Found Adware.Mysearch.I
CAT-QuickHeal 9.50 2008.05.29 AdWare.MySearch.i (Not a Virus)
ClamAV 0.92.1 2008.05.29 Adware.Mysearch-1
Fortinet 2008.05.29 Adware/MySearch
Panda 2008.05.29 Suspicious file
Sunbelt 3.0.1139.1 2008.05.29 AdWare.Win32.MySearch.i
VBA32 2008.05.29 AdWare.Win32.MySearch.i

Everyone must decide for themselves. Personally, any vendor that not only condones but also recommends turning off users' antivirus software and intentionally includes known adware in their software is not one that I trust. As a result, I annotated the Comodo listing in Vista Compatible Firewalls as not recommended.

The full text of Comodo's ill-informing advice which is not only doing a disservice to users, but is also an abuse of trust has been preserved at Info: COMODO SafeSurf Toolbar.

Related Post: Comodo Disappointment

Update 01June08: via Donna at CoU, note that as of the time I checked, even Comodo's BOClean version 4.26 product detects Ask. Preserved at Comodo BOClean Detection of Ask.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, May 30, 2008

Microsoft Security Advisory 953818 Combined Attack With Apple’s Safari on Windows Platform

This alert is to notify you that on 30 May 2008 Microsoft released Security Advisory 953818, "Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform".

From the advisory:


Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default: it must be installed independently or through the Apple Software Update application. Customers running Safari on the affected platforms should review this advisory.

At the present time, Microsoft is unaware of any attacks attempting to exploit this blended threat. Upon completion of this investigation, Microsoft will take the appropriate measures to protect our customers. This may include providing a solution through a service pack, the monthly update process, or an out-of-cycle security update, depending on customers’ needs.

Mitigating Factors:

Customers who have changed the default location where Safari downloads content to the local drive are not affected by this blended threat.


Review Microsoft Security Advisory 953818 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ) and links to additional resources.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, May 27, 2008

Windows 7

I have avoided posting anything on Windows 7, the successor to Windows Vista, because the only information available at this time is rumor and speculation.

Although very little information was disclosed, the lines of communication from Microsoft are beginning to open. I suggest starting with this background post at the Windows Vista Team Blog, Communicating Windows 7. From there, move on to the interview of Steve Sinofsky at c|net by Ina Fried, Windows chief talks '7'. I was pleased to see these remarks by Sinofsky:
"We're very clear that drivers and software that work on Windows Vista are going to work really well on Windows 7; in fact, they'll work the same. We're going to not introduce additional compatibilities, particularly in the driver model."

. . .

"Finally, we are going to make sure that the release is available both in 32 bit and 64 bit, which is an additional help for maintaining compatibility, particularly with device drivers. As the 64-bit ecosystem catches up, we expect more and more people, particularly enthusiasts, to be running 64 bit. For many people that's a great scenario today. I know I run 64 bit on most of my machines, including my primary laptop."
I did get the impression that it isn't believed 64 Bit Windows is used by regular "home consumers":
"It's actually professional graphics people who use it, industrial design uses it. There are a lot of segments that are very active in using it."
Let's see if this is hype or true. Watch D6">Windows 7 at D6:

"So those rumors about Microsoft Windows 7 making an early debut at D6?

They’re true. During tonight’s interview with Microsoft CEO Steve Ballmer and Chairman Bill Gates, Microsoft (MSFT) will demonstrate Windows 7’s all-new user interface.

Check back here this evening for exclusive all-access coverage of the announcement."

Other interesting reports:

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, May 26, 2008

Comodo Disappointment

Well known Calendar of Updates has added yet another vendor to the list of discontinued updates. Comodo has joined the company of Zone Labs and Webroot of including the Ask Toolbar pre-checked for installation with Comodo Firewall Comodo's installation of the Ask Toolbar is under the guise of the Comodo SafeSurf toolbar.

If you are updating Comodo, you will not see the option to install the toolbar. However with a full install or reinstall, it is necessary to UNcheck BOTH the Toolbar and Home page.

Seeing as how I updated the Vista Compatible Firewalls listing today, I will add a warning about the toolbar to the entry.

Update: Bad Advice from Comodo and Loss of Trust

Edit Note: Due to the loss of the original documents at CoU, refer to the newly-linked Installer's Hall of Shame for products that include dodgy installers.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Windows Vista Compatible Firewalls

It has been a while since I checked the list of Vista compatible firewalls at Matousec. The list has grown considerably longer. More importantly, many more vendors have added 64 Bit support. I took the time this afternoon to update Vista Compatible Firewalls and hope it helps someone find the firewall that fits their needs.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Fixing Windows Vista File Associations

One of the most viewed Security Garden pages is
Ad-Watch Setting Can Kill .LNK and .EXE File Extensions. Although published in 2006, it still receives a dozen or more hits daily. That being the case, I can only suspect that users are still using the "Automatic" setting with the election to "Lock executable file associations" in Lavasoft's Ad-Watch.

Default file types such as .lnk, .exe, .com, etc. are system file types and should not be associated with any application. Windows knows how to handle those file types so why Ad-Watch breaks the associations when supposedly protecting them remains a mystery almost four years after the problem was first discovered.

It is apparent that many applications attempt to associate those system file types with their program. As a result, Microsoft MVP, Ramesh Srinivasan of Winhelponline, created registry fixes for Windows Vista to repair the some of the most common types of file associations.

To fix the association for a particular file type, download the corresponding fix from the links table at File association fixes for Windows Vista and follow the provided instructions. (Note: you need to be an administrator to apply the fixes.)

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Photo resized from the original by Daniel Wood ©2004.
See his complete photo essay entitled "Fallen Heroes".

Today marks the observed day in the United States for remembering those who have died serving their country. For me it is also a time when I remember a very special Canadian who likely knew more about U.S. politics and history than most U.S. citizens. Memorial Day 2007 was his last blog post, in part:
Memorial Day was officially proclaimed on 5 May 1868 by General John Logan, national commander of the Grand Army of the Republic, in his General Order No. 11, and was first observed on 30 May 1868, when flowers were placed on the graves of Union and Confederate soldiers at Arlington National Cemetery. The first state to officially recognize the holiday was New York in 1873. By 1890 it was recognized by all of the northern states. The South refused to acknowledge the day, honoring their dead on separate days until after World War I (when the holiday changed from honoring just those who died fighting in the Civil War to honoring Americans who died fighting in any war). For more history of Memorial Day visit Memorial Day History.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Saturday, May 24, 2008

Fraudulent sales of avast! products

Since AVG updated their product, I have heard of quite a few people switching to avast! If you are considering a switch, please be aware that avast! has learned of a number of locations participating in the fraudulent selling of their products.
"The web sites are mostly offering keys to our free Home Edition product, but not in all cases, though charging users as though it were for our paid-for Professional Edition, or, when email "invoices" are received by customers, there is no mention of avast! Instead a list of programs is usually offered that the customer has never heard of, let alone agreed to buy."
ALWIL Software has provided a list of site names that are not authorized resellers of their product. See Fraudulent sales of avast! products.

To select and purchase a licensed copy of avast! go to the Desktop Solutions page.

Note: avast! 4 Home Edition is available free for personal use.

via DP's Security Bits

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Trillian Multiple Vulnerabilities

Since I have friends and family who use the different IM clients and I also use IRC, Trillian is the perfect alternative for me rather than having multiple clients running. However, I discovered today that Securia reported several highly critical vulnerabilities in Trillian, popular instant messaging client.

As you will note when reading the report at Certified Bug:
Your Trillian client may not inform you of the updates. I used the drop down menu, “Check for updates” and was informed no updates were available.
Unlike Certified Bug, when I clicked Help > Check for updates . . . I was offered the update for Trillian. However, if the update was not offered and you download the latest version, it is very important that you pay close attention during the installation. Otherwise, you may be in for a couple of unwanted extras.

See the full report at Certified Bug.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, May 22, 2008

G'day! Is Oderoor all it's Kraked up to be?

First things first and that is to extend a warm welcome to the newest addition to Microsoft’s Security Research and Response global team located in Melbourne, Australia:
G'day: Jakub Kaminski, Scott Molenkamp, Hamish O’Dea, Heather Goudey, Raymond Roberts, David Wood, Chun Feng, Oleg Petrovsky, Hermineh Tchagatzbanian, Hil Gradascevic and Matt McCormack!
If you find it difficult imagining a writeup about a new family being detected by the Microsoft Malicious Software Removal Tool (MSRT) as an interesting read, you will be pleasantly surprised by Matt McCormack's explanation of the inclusion of Win32/Oderoor ("Kraken"). I know I was and look forward to hearing more from Matt and the rest of the team in Australia.

Read all about Oderoor - all it's Kraked up to be? in the Anti-Malware Engineering Team blog.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Another WinPatrol Innovation!

WinPatrolFlash has just been released. WinPatrolFlash is a portable version of my favorite security application. For people who are frequently called upon to help family and friends, this will come in very handy.

WinPatrol Flash can run from a USB/Flash drive without having to install any WinPatrol files or settings on the system to be fixed or optimized. For complete information and to download WinPatrolFlash, click the USB flash drive:


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thank you, Odidio!

Regular Security Garden visitors will notice a bit of a change to the blog today. Odidio, a friend from LandzDown Forum, agreed to add roses to the blog header. He created so many variations, I had a difficult time selecting. I had lots of help from LzD Friends and finally decided on the image you are seeing now.

I hope you like it.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, May 21, 2008

What's in Windows XP SP3?

What is in Windows XP Service Pack 3? Just take a look at Microsoft KB Article 946480, "List of fixes that are included in Windows XP Service Pack 3", published today. That is a some list.

Have you ever wondered why people who analyze HijackThis logs and propose fixes for malware removal at some time during the process also instruct the person receiving help to install the latest service pack? The reason is that, in addition to other patches and fixes, Service Packs include all of the security updates issued since either the time the software was released or last the Service Pack.

Our goal is not only to help get the infected computer clean but also provide suggestions to help the computer owner keep it that way. Having Service Packs installed is one step in that process.

List of Fixes in Windows XP Service Packs:

Windows XP Service Pack 3: Microsoft KB Article 946480
Windows XP Service Pack 2: Microsoft KB Article 811113
Windows XP Service Pack 1a: Microsoft KB Article 324720

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Sunday, May 18, 2008

XP SP3 Failure with Spyware Doctor 5.5 or earlier

It was reported in Microsoft Knowledge Base Article 951403 that "Spyware Doctor 5.5 or earlier versions of Spyware Doctor may cause Windows XP Service Pack 3 to stop responding when you try to install or to uninstall the service pack". Fortunately, the solution only requires disabling Spyware Doctor 5.5 (or earlier versions) during the install or uninstall process of Windows XP SP3.

Once again, the reminder to see the instructions at Recommendations before you install Windows XP Service Pack 3 before installing SP3 or, for that matter, making any major system change. Another good read is Harry Waldron's instructions in Windows XP SP3 - Read all prerequisites for a successful installation.

Considering the headaches with a damaged install, isn't it worth the extra time to prepare first?

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, May 16, 2008

Rumors of Extended Availability of Windows XP

Blogs, forums and news articles are filled with reports about Dell, HP and Lenova making Windows XP available after the June 30, 2008, OEM license availability date.

Until or unless Microsoft extends the date of product support for the Windows XP family and license availability, it certainly seems that vendors would be committing a major disservice to the public by continuing to offer the Windows XP operating system . As the date currently stands, mainstream support for Windows XP ends in April 2009, less than 10 months away. Extended support expires in 2014 (security fixes free all other help paid).

Rather than jeopardizing the security of their customers' computers, it appears that OEM manufacturers would rather put them at risk by selling an outdated operating system. Windows Vista was released to manufacturing over 18 months ago. Certainly sufficient time has lapsed for vendors to upgrade software to be compatible with Windows Vista. If this hasn't happened, you can be assured that it is intentional on the part of the vendor and the product will likely not be updated.

The one exception to the availability of Windows XP is for OLPC's (One Laptop Per Child) XO laptops. While the end date for all other OEM and retail licenses of Windows XP operating systems have a June 30, 2008 end date, the new OEM end date for will be the Ultra Low-Cost PCs will be the later of either June 30, 2010, or one year after the general availability of the next version of Windows.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, May 15, 2008

Windows XP SP3 and the Reboot Loop

Many people are aware of the issue with SP3 on OEM (original equipment manufacturer) machines with an AMD chip on an image that was originally Intel-based. The Microsoft Update Product Team blog describes the problem in More on Windows XP Service Pack 3...

"The problem is a registry value, present on images created w/ Intel processors, that causes a driver (intelppm.sys) to load at boot. When intelppm.sys attempts to load on an AMD-based system upon the install of SP3, it causes a blue screen and the continuous reboot."
Although the Update Product Team reports that a filter will be added to block SP3 from affected systems and are investigating a fix (See Edit Note below), Jesper has a complete explanation of the problem as well as a tool he has created to easily repair affected computers. You can find it at "Does your AMD-based computer boot after installing XP SP3?".

Please note that SP3 is not on Automatic Updates yet. It is, however, available from Windows Update. Also remember that Microsoft is providing free, unlimited installation and compatibility support for Windows XP Service Pack 3 (SP3) through April 14, 2009. Additional information is available at

Edit Note 12 June 2008:
See *Update for Windows XP (KB953356)*

Locale: English

Deployment: Windows Update, Microsoft Update, Automatic Updates, WSUS, and Catalog

Classification: High Priority, Non-Security

Target platforms: Windows XP

Approximate file sizes: ~ 509KB

Install this update to resolve an issue in which your computer may
restart continuously after you upgrade to Windows XP Service Pack 3 on
systems with non-Intel processors. After you install this item, you may
have to restart your computer.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, May 13, 2008

Zune Family Safety Tips

Recently I shared my excitement with my recent acquisition of a Zune in Tuned In to Zune! I assure you that the enjoyment I am getting has not diminished either.

For parents of teens with a Zune, you need to ensure that they are not exposed to inappropriate content. It is easy to follow the simple instructions to Configure your Zune family safety settings to protect your family. After setting up the settings, please take the time to share these 8 safety tips for using Zune Social with your teen:

Zune Social is a beta online community that is designed for use with Microsoft’s digital music player, Zune.

If you are over the age of 13, you can use Zune Social.

  1. Don’t post personally identifiable information on your Zune Card.
  2. Limit your Zune Card to friends only.
  3. Don’t post personally identifiable information in the Zune Forums.
  4. Never meet a person that you’ve met on Zune Social alone in the real world. If you are an adult and you feel that you must meet someone alone, meet in a public place.
  5. Be cautious about sharing your feelings on Zune Social. Your Zune Card and the comments you post can say a lot about you. A predator can use this information to make you feel important or special as a way of getting your trust.
  6. Be smart about your Zune Card background and picture. Photographs can reveal personal, identifiable information such as the name of your town or school on your clothing or the license plate number of your car.
  7. If you feel threatened, report it immediately. You can report abuse of Zune Social by clicking the Report Abuse at the bottom of any page on
  8. Use your real age in your Zune profile.


8 safety tips for using Zune Social
Configure your Zune family safety settings
Zune Code of Conduct

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

MSDN and TechNet Evolution

Microsoft is in the process of re-inventing MSDN and TechNet as community-driven sites. To that end, Microsoft General Manager, Dan Truax, provided the Microsoft vision as well as a brief outline of the changes for these two sites in his newly anointed blog:
Our vision is to be the largest and most vibrant online community for developers and IT professionals, enabling easy connections to the best resources and most knowledgeable people from Microsoft and the global community.
. . .
  1. MSDN and TechNet will include content, samples, scripts and code that are created and contributed by our customers in addition to what is developed and authored by Microsoft.
  2. Content, whether customer- or Microsoft-created, will be prioritized for placement and discoverable largely by customers through social activities such as tagging and rating.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

May 2008 Microsoft Security Bulletin Release

Microsoft is releasing the following four new security bulletins for newly discovered vulnerabilities described below.

Note in particular that MS08-026 includes additional security mitigations against attacks as identified in Microsoft Security Advisory 950627. It is recommended that both MS08-026 and MS08-028 be installed. For additional information on MS08-026, see MS08-026: How to prevent Word from loading RTF files.



Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
Product: Word
Affected Software: Office 2000, Office XP, Office 2003, 2007 Office System, Office 2004 for Mac, Office 2008 for Mac, Word Viewer, Word Viewer 2003, Office Compatibility Pack
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
Product: Publisher
Affected Software: Office 2000, Office XP, Office 2003, 2007 Office System
Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)
Product: Jet Database Engine
Affected Software: Windows 2000, Windows XP, Windows Server 2003


Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)
Product: Malware Protection (AV) Engine
Affected Software: Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, Microsoft Forefront Security


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, May 12, 2008

Windows Vista and Malware

Is Windows Vista more susceptible to malware than Windows 2000? I do not believe that it is and neither does Austin Wilson and members of the Microsoft security team. Austin explains why Microsoft rejects that claim in Windows Vista and Malware.

Based on what I see in the forums, most of the malware infections are due to computers that are not properly updated -- and this is not limited to Microsoft software. It is very common to see out of date, vulnerable versions of Sun Java and/or Adobe software.

To check if your system is missing security updates or has insecure applications installed, visit Secunia Software Inspector. The Secunia Software Inspector runs through your browser with no installation or download required and does the following:

  • Detects insecure versions of applications installed
  • Verifies that all Microsoft patches are applied
  • Assists you in updating your system and applications

Then, take Austin's advice and
"follow the Protect Your PC guidance of keeping the firewall turned on, keeping the operating system up to date, and having up to date anti-virus and anti-spyware software."

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, May 08, 2008

May 2008 - Microsoft Security Bulletin Advance Notice

In addition to an updated version of the Microsoft Windows Malicious Software Removal Tool, Microsoft is planning to release four new security bulletins on May 13, 2008 -- three critical and one moderate.

Two of the critical updates are to fix remote code execution vulnerabilities in Microsoft Office. The third critical update is Jet Bulletin in Microsoft Windows. For complete information see the Affected Software section of the Advanced Notification.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, May 07, 2008

Compromised file in Vietnamese Language Pack for Firefox 2

Just released on the Mozilla Security Blog:

"The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself. This usually results in the user seeing unwanted ads, but may be used for more malicious actions.

Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy. While we cannot determine the exact number of compromised downloads, there have been 16,667 total downloads of the Vietnamese language pack since November 2007, so we anticipate the impact on users to be limited.

Mozilla does virus scans at upload time but the virus scanner did not catch this issue until several months after the upload. We are also adding after-the-fact scans of everything to address this sort of case in the future.

A new language pack will be available shortly. Until then, Vietnamese language pack users should disable this package using the add-ons dialog on the Tools menu.

More information is available in bugzilla:"

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

SP3 Confusion

I have been reading posts in various locations that there is some confusion regarding the IEBlog post, IE and Windows XP Service Pack 3. Let's take a closer look.

Although IE7 is the current Internet Explorer "standard" and has been out for some time, for various reasons, there are many companies that have not been able to upgrade to IE7. As an example, perhaps there are custom or proprietary applications that are not compatible with IE7. With SP3, those companies who still are not in a position to tool-up for installing IE7 can take advantage of the additional security features and improvements afforded by SP3. The same can be said for home installations.

With that explanation, it makes sense that SP3 is "tailored" for IE6. So what happens to Internet Explorer if you use IE7 and install SP3? Actually, nothing except that you will not be able to revert to IE6 unless you uninstall both SP3 and IE7 and then reinstall SP3.

I would strongly advise anyone using IE8 Beta to uninstall IE8 Beta prior to installing SP3.

Important Additional Notes:

I learned from ravencajun at the Garden Web* that there appears to be issues with non-Intel OEM machines, particularly HP and COMPAQ, resulting in a reboot loop where only Safe Mode is possible. See Microsoft MVP, Bill Castner's instructions at BBR.

There have also been reports of people having problems with SP3 because they did not follow the instructions at Recommendations before you install Windows XP Service Pack 3. When installing any software, but most particularly a major update such as a service pack, always disconnect from the internet and close anti-virus, anti-malware and any "real-time protection" software.

If you use Avast anti-virus software, also disable the Avast Self-Defense Module (Right-click the Avast icon > Program Settings > Troubleshooting > place a check mark in the box: "Disable avast! self-defense module"). It can be re-enabled after the installation has been completed.

Microsoft is providing free, unlimited installation and compatibility support for Windows XP Service Pack 3 (SP3) through April 14, 2009. Additional information is available at

Note: For information on AMD-based machines, see the Windows XP SP3 and the Reboot Loop.

Most appropriate, Security Garden learning from Garden Web!

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, May 06, 2008

Windows XP SP3 Released

Windows XP Service Pack 3 (SP3) is now available on Windows Update and the Microsoft Download Center. Microsoft has also resumed automatic distribution of Windows Vista SP1.

With regard to the incompatibility between Dynamics Retail Management System and WIndows XP SP3 and Windows Vista SP1, Microsoft added a filter to block WU from offering Windows XP SP3 or Windows Vista SP1 to systems with RMS . A fix will be available soon. (See KB 951937).

Unless you are in a hurry to install SP3, I recommend waiting for Automatic Updates, which will begin some time over the next few months.

Very Important Information!

Because I am fearful that some readers may not appreciate the significance of the information presented by Jane Maliouta in the IEBlog, I have quoted it here. Please note the information relating to the version of Internet Explorer installed on your computer.

Update: After reading the information below, see the follow up at
SP3 Confusion as well as Recommendations before you install Windows XP Service Pack 3.

"Windows XP SP3 contains some new updates, and a number of bug fixes and security improvements. You can learn more about XPSP3 features by reading the white paper located here. We expect XPSP3 will be publicly available shortly and want you to have this information prior to its final release to the web.

Internet Explorer 6 Users

XPSP3 will continue to ship with IE6 and contains a roll-up of the latest security updates for IE6. If you are still running Internet Explorer 6, then XPSP3 will be offered to you via Windows Update as a high priority update. You can safely install XPSP3 and will have an updated version of IE6 with all your personal preferences, such as home pages and favorites, still intact.

If you are currently running IE7 or IE8 on Windows XP SP2 (XPSP2) and you are thinking of upgrading to XPSP3, read on.

Internet Explorer 7 Users

If you are currently running IE7 on XPSP2, Windows Update will offer you XPSP3 as a high priority update. If you choose to install XPSP3, Internet Explorer 7 will remain on your system after the install is complete. Your preferences will be retained. However, you will no longer be able to uninstall IE7. If you go to Control Panel->Add/Remove Programs, the Remove option will be grayed out.

This behavior is by design and here is why. When we install IE7 on Windows XP SP2, we backup the existing IE6 files in an uninstall directory. Those IE6 files are the ones that shipped on XPSP2 plus all the security updates you’ve installed while using IE6. Windows XP SP3 contains a newer version of the Internet Explorer 6 files. If you have XPSP3 on your system and uninstall IE7, your system would revert to the backed up (older) version of the IE6 files rather than the newer XPSP3 version. You would end up in a mixed file state in Windows where most files would be the upgraded XPSP3, except for the IE6 files restored when uninstalling IE7. This state is not supported and is very bug prone. To ensure a reliable user experience, we prevent this broken state by disabling the ability to uninstall Internet Explorer 7.

If you must uninstall IE7 after you have upgraded to XPSP3, then you have to first uninstall XPSP3, and then uninstall IE7. After this series of uninstalls, you will be reverted back to a XPSP2, and a stable version of IE6, so feel free to upgrade to XPSP3 again.

If you install IE7 after you install XPSP3, then you will be able to uninstall IE7 at any point and be reverted to the newer IE6 version that ships in XPSP3. The restriction on uninstalling only applies to when you install a Windows Service Pack release on top of a standalone IE release.

Keeping this in mind, you might want to uninstall IE7, upgrade to XPSP3 and then install IE7 again so you can uninstall IE7 in the future if need be.

Internet Explorer 8 Beta 1 Users

Installing IE8 Beta1 on Windows XP SP3 is fully supported, so go ahead and upgrade your computers to XPSP3 and then install IE8 Beta 1 to try out our new features. You will be able to uninstall IE8 Beta 1 at any point to revert back to either IE7 or IE6 depending on what you were using before.

However, if you already have IE8 Beta 1 installed on XPSP2, Windows XP SP3 will not be offered to you via Windows Update. This is because after you update your system to XPSP3, you will no longer be able to uninstall IE8 Beta 1 and the Remove option will be grayed out under the Add/Remove programs in Control Panel. The reason is the same as in IE7 case described above. Since people are more likely to uninstall beta software, we strongly recommend uninstalling IE8 Beta 1 prior to upgrading to Windows XP SP3 to eliminate any deployment issues and install IE8 Beta 1 after XPSP3 is on your machine."


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Saturday, May 03, 2008

Protect Yourself or a Friend from Phishing & Fraud

I have published quite a few posts on phishing since starting this blog. If you are a regular reader, you may have seen some of the previous posts and think to yourself, ok, nothing new here. Wait, please. Before you move on to another website, please
Think about your favorite aunt or the nice gentleman who lives next door. Has anyone explained to them about phishing? Perhaps not.
or consider
Are you the "family computer fixer"? You know who you are -- the person in the family that all the cousins, nieces and nephews call when they are having a problem with their computer. Do they understand phishing? Perhaps not.
Don't take a chance that your family or friends might fall for a phish and suffer possible financial loss and/or identity theft. Explain to them how serious the problem has become as well as how clever the phishers are these days.

Microsoft published a series of articles, individually linked below, on how to protect yourself from phishing and fraud. Use the information there to educate your family and friends and to refresh your own knowledge. If you volunteer at a community center or youth group consider making a presentation on phishing. You could show the FTC videos on phishing on YouTube at

How to help avoid phishing scams

How to recognize a phishing scam
Use technology to protect yourself from phishing and fraud

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...