Sunday, March 29, 2009

Questionable CyberDefender Using MBAM

First it was Symantec support claiming Malwarebytes (MBAM) as a Norton tool and now CyberDefender, a company with a questionable reputation anyway, is doing the same. As Steve Burn of hpHosts reported:
"I've written previously about CyberDefender, and looking at what this guy went through after falling for their scam to the tune of $249.99 (approx £150), they've not changed one bit - they're still rogue."
Members of the security community know MBAM is an excellent program -- and apparently so do the security vendors (both real and rogue). Get the real thing from

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, March 27, 2009

Conficker Information for the Home Computer User

This message about Conficker is not for people in the security industry. It is directed to the home computer user.

Is the Internet coming to the end on April 1? Will your computer crash and burn if you are online on that day?

The answer to both questions is NO.

Has there been a lot of hype about Conficker and April 1? Yes, there has and it will likely continue. Earlier this week I added to the Conficker hype in Time is of the essence. Why am I concerned about the health of your computer? Consider the known capabilities of the current Conficker variants, as described at Security Focus,
". . . the worm program blocks security software, distributes code by creating a peer-to-peer network, and attempts to prevent anyone but the authors from updating its code by authenticating updates using a hash algorithm — known as MD6 — that is only a few months old. The collection of those capabilities worried the researchers."
With that in mind, there is reason to worry if you or your friends have file sharing turned on, use P2P (Peer to Peer) programs, or share information via USB (thumb) drives.

Let's start with file sharing

If you have file-sharing turned on and become infected, the Conficker worm could allow remote code execution. In other words, the worm would take control of your computer. Microsoft KB Article 307874 includes instructions for turning off file sharing. Also available is a Microsoft Fix it to make the change for you.

Disable Autorun

USB/thumb drives use autorun to load files when the drives are plugged into the USB port. To prevent malware from spreading to your computer, disable autorun. The How-to Geek has simple instructions for disabling autorun on both Windows XP and Windows Vista:
This from Microsoft: How to disable the Autorun functionality in Windows

Other reasons to be concerned is the state of security protection.

Check Security Updates

Although it is recommended that all security updates be installed on your computer, at a minimum, ensure that "Security Update for Microsoft Windows (KB95688)" is installed:
  • Windows XP: Start > Windows Update > Other options > View installation history
  • Windows Vista: Programs > Programs and Features > Installed Updates
In the event you cannot find that update installed on the computer, go to Security Bulletin MS08-067 and click the link for your operating system to be redirected to the download location.


Surprisingly, there are still too many people on the internet without a software firewall. If this is true for your computer, at a minimum, activate the Windows Firewall. For help with this, go to How can I turn on or turn off the firewall in Windows XP Service Pack 2 or later versions?

Antivirus Software

Both Avast! and Avira AntiVir are free for personal use. If you do not have an antivirus software, install one now.

Pay It Forward

Conficker has affected the operation of hospitals, military, large corporate systems, and even the House of Commons. (There is a long list of articles below from The Register if you are interested in the extent of the impact of the various variants of this worm.) New readers of Security Garden may not be familiar with "Pay It Forward:
"3 people helped each day, ‘paid forward’ by each person helps 4.7M people in two weeks."
If each Security Garden reader checks with one or two of their friends and they in turn check with their friends, to make sure the computer(s) in their home have file sharing disabled, are updated, have a firewall and up to date antivirus software, worms like Conficker will have less of a chance of spreading.

Whether it is the best or worst case scenario as depicted at Security Focus, don't let your friends be part of this:

" 'In the best case, Conficker may be used as a sustained and profitable platform for massive Internet fraud and theft," wrote Phillip Porras, Hassen Saidi and Vinod Yegneswaran, all of SRI International. "In the worst case, Conficker could be turned into a powerful offensive weapon for performing concerted information warfare attacks that could disrupt, not just countries, but the Internet itself.' "

Help from Microsoft:

For the curious who are interested in additional reading on the history of Conficker, the articles from The Register paint quite a picture from November through March:

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Firefox 3.0.8 Critical Security Update

Mozilla has updated Firefox to 3.0.8 version to address two security issues. As of this posting, the Firefox 3.0.8 Release Notes have yet to be updated to identify the issues. However, Bug 485217, that I quickly reported on Wednesday as a "Zero Day" security flaw has been identified as resolved.

Resolved/Fixed: Bug 485217 – Exploitable crash in xMozillaXSLTProcessor::TransformToDoc

Update: Via Ryan Naraine, the second bug fixed in the security update was the drive-by download issue used to win the CanSecWest competition

Use the "Help -> Check for Updates" option to update your browser.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, March 26, 2009

Microsoft DreamSpark: MS Software for Students

As part of the Microsoft Elevate America program, verified students can download Microsoft developer and design tools at no charge.

As reported at Windows Talk Blog,

"This site enables students to download professional-level Microsoft developer tools to advance your learning and skills through technical design, technology, math, science and engineering activities."

See the DreamSpark site for more information:

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Exploit code sends Mozilla scrambling to fix Firefox

I have just a couple minutes to post this before my lunch break is over but wanted to share this report by Ryan Naraine,, about what is being referred to as a "Zero Day" security flaw.
"Mozilla’s security response team is scrambling to ready a patch for what appears to be a serious security flaw affecting its flagship Firefox browser.

The vulnerability, released alongside proof-of-concept code on several security sites, could lead to malicious code execution attacks if a Firefox user is lured to a Web site rigged with exploits. It affects all versions of the open-source browser, including the newest Firefox 3.0.7."

Read the complete report at Exploit code sends Mozilla scrambling to fix Firefox


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, March 25, 2009

Time is of the essence

You may or may not have heard of "Confiker" or "Downadup". At this juncture, it does not matter what you have heard.

It is time to take action.

Forget the technical jargon. If your computer is not updated and is unprotected by a firewall, it is a target for what is expected to be a massive attack.

If you cannot reach any of the Microsoft, antivirus or other security-related websites, it is likely your computer is among the million plus computers already infected with this worm. In that case, you need to do the following:
  • Disconnect the infected computer from the internet
  • Use an uninfected family member or friend's computer to get information, updates and removal tools from the information provided by SANS ISC.
Even if your computer is not now or never has been infected, take the following steps to help prevent infection by this worm:
  • Enable a firewall on your computer.
  • Get the latest computer updates for all your installed software, most particularly Security Bulletin MS08-067.
  • Use up-to-date antivirus software. (Avast! and Avira AntiVir are free for personal use.)
  • Use caution when opening attachments and accepting file transfers.
  • Use caution when clicking on links to web pages.
  • Protect yourself against social engineering attacks.
Update: Additional information is available in Conficker Information for the Home Computer User.

It is estimated that there are well over a million Windows PC’s currently infected with Conficker. As illustrated in code at the CA Security Advisor Research Blog, on April 1, 2009, the infected machines will attempt to generate 50,000 URLs daily to download an additional component with new instructions.

Although time zero for setting off the worm is April 1, 2009. As Bill Pytlovany points out in Conficker Judgement Day on April 1st, the day begins earlier in other parts of the world than in the western Europe and the North and South American continents. That means that when April 1 arrives in China, in New York, it will be March 31 at noon.

Take steps now to protect your computer. Go to Windows Update.

Calculate at your time
when the first seconds of April 1, 2009 arrive.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, March 24, 2009

ESET NOD32 Smart Security 4.0

Congratulations to WinVistaClub Forum member JonPaulOnLine, the winner of the first ESET license in the 7 license give-away.

There are six more chances to win an ESET license. The current contest runs until 29 March, with the illustrious judges Choto Cheeta and HappyAndyK, with new chances in the following weeks.

If you not yet a member of the WinVistaClub, you can register here for free instantaneously. To enter is simple.
  • Post a tip or tech article in the appropriate forum at WinVistaClub Forum.
  • Prior submissions will not be considered.
  • Entrants must post the link of 1 or more of their entry posts in the Announcement topic. is thread.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Win a Kodak OLED Wireless Photo Frame!

Would you like to win a Kodak OLED wireless photo frame (worth around 800$)? The folks at OLED-Info would love to give you one if you are the winner of the contest. The Kodak photo frame has a 7.6" AMOLED display, 800x480 resolution and a contrast ratio of 30,000:1 (made by CMEL). It has built-in Wi-Fi, 2GB of storage and accepts USB drives or memory cards.

Details for entering the contest are available at OLED-Info Kodak Photo frame contest.

Not familiar with OLED? These days, LCD monitors, camera and cell phone displays are fairly commonplace. However, you may well find a different image in the future -- OLED, organic light emitting diode.

Seeing is believing and if you have not seen an OLED screen, you may want to watch the first few minutes of the video below. (If you are like me, you will enjoy the full 15 minutes.) The contrast between an LCD screen and an OLED screen is, as described in the video, "Kodak OLED - From Any Angle",
"Bold, bright and beautiful. From any angle, the future belongs to Kodak OLED, the enabler of the future display industry."
You have a chance to be part of that future today and own your own Kodak OLED Wireless Photo Frame! There are three ways to enter. Check out the details at OLED-Info Kodak Photo frame contest. The contest is open to world-wide participants.

About the video:
Kodak Organic Light Emitting Diode: "Kodak OLED - From Any Angle" video shows a recent overview of Kodak's key technical advancements, cutting edge Kodak OLED products, and an in-depth discussion from some of Kodak's OLED leadership team on how Kodak's efforts will continue to enable the OLED industry from within both the solid state lighting and flat panel display markets.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Sunday, March 22, 2009

Meet Ciprian -- WinVistaClub Interviews the Interviewer

Ciprian has been having all the fun conducting the interviews. In a turn-about, Anand Khanse (HappyAndyK) decided it was time that we had the opportunity to learn a bit more about the person doing the interviewing.

Meet Ciprian of at Windows Vista Help Forum.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Saturday, March 21, 2009

IE8 Installation Do's, Don'ts and Resources

Unless you have not been online the past few days, you have already heard the Internet Explorer 8 Final Available Now announcement made at the MIX09 Conference. Internet Explorer 8 is available in 25 languages and is available in 32- and 64-bit versions for Windows Vista, Windows XP, and Windows Server

An updated IE8 will be available for Windows 7 Beta testers as part of the next Windows 7 milestone.

Before installing IE8, review the complete installation instructions and the known compatibility issues listed in the Release Notes. IE8 will be distributed via Automatic Update (AU), Windows Update (WU) and Microsoft Update (MU) sites. For information and screen copies of how AU will work, see IE8 Blocker Toolkit Available Today!

Problems reported at Calendar of Updates:

There is high CPU usage if you use SpyBot Search and Destroy with Immunization. The response by Eric Law, MSFT, was provided in following her report at Internet Explorer 8 Final Available Now:

"@Donna: We have determined that there is a problem with the SpyBot Search and Destroy "innoculate" feature which puts 10000 domains in the restricted sites list.

*** It's possible that this might be causing the performance problems on startup that some folks are reporting here. ***"

Similarly, IE8 will not load fast or it will hang if restricted sites exist in the IE Restricted Sites zone, e.g. using IE-SPYAD or Spyware Blaster.

IE8 Overview:
IE 8 Beta Users:

Although the Release Notes do not specify that it is necessary to uninstall IE8 Beta or RC, it is generally advisable prior to updating to the released version, but not required. Following are the instructions provided by Ed Bott in How to uninstall IE8:
"Microsoft has made a confusing and inconsistent decision in the way it handles IE8 under XP/Server 2003 and Vista/Server 2008.
  • In XP, open Add or Remove Programs from Control Panel, where you will find Windows Internet Explorer under the Currently Installed Programs list. Select its entry in the list and click Remove.
  • In Vista, you won’t find IE8 in the Programs and Features list, because Vista considers IE8 an update. Instead, look for the View Installed Updates link in the navigation pane. (A similar link is available from Windows Update; look in the lower left corner for Installed Udpates.) You’ll find Windows Internet Explorer 8 under the Microsoft Windows category. Click its entry in the list and then click Uninstall.

If you want to remove an earlier IE8 beta or the release candidate, or if you need to install the released version and roll back to IE7 on your Vista machine, you should be able to do so pretty easily at this point.

Update: In the comments, Dan asks whether it’s necessary to uninstall the Release Candidate first. I checked the Release Notes and the IE8 Readiness Toolkit and the Internet Explorer TechCenter and found no indication that uninstalling the older version was required. It is a reasonable precaution, but probably not necessary."

IE8 Installation Instructions:

A. Make sure all necessary updates have been installed first:
  1. Open Windows Update: Click the Start Start button button > All Programs > Windows Update.
  2. In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.
  3. If any updates are found, click Install updates. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
    • Note: Install all updates to ensure Internet Explorer has everything needed to install properly.
  4. Restart your computer.
B. Create a System Restore point.
  1. How to set a system restore point in Windows XP
  2. Create a Restore Point for Windows Vista's System Restore :: the How-To Geek
C. Disable your antivirus scanner and any "real-time" protection.

D. Close all open any applications and do not run any other programs during the installation process.

E. If you use a "security suite" or other vendor firewall, disable the third party firewall and enable the Windows Firewall. Reverse the steps after the installation is complete.
  1. How to configure the Windows Firewall feature in Windows XP Service Pack 2
  2. Turn Windows Firewall on or off - Windows Vista Help
F. Download only the official version from the Microsoft site: Download IE8
  1. Begin the process by clicking Run. Depending on your connection speed, the download may take up to a few minutes.
  2. Follow the steps shown in the wizard to choose your settings. You will have to restart your PC once setup is complete.
  3. The first time you open Internet Explorer 8, you’ll be asked to select a few more settings to personalize your browsing experience. Follow the onscreen steps or select Ask me Later to be prompted with these setup questions when you have more time. You’ll only be asked these questions once.
  4. Restart the computer one more time.
No-charge support for Internet Explorer 8 installation, set-up and usage (only) is available via the phone based on your locale through 31 December 2009. Customers must be running Windows XP or Windows Vista in a non-domain environment.
  1. US & CA Residents: 866-234-6020.
  2. Other:

Microsoft IE8 Reference Sites

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Symantec Ask/IAC "Safe Search" Update

After reading the Safe Search update by Rowan Trollope, Symantec Senior Vice President, and the eloquent response by Don Hanson my response to Safe Search update, I was prepared to write an explanation about why I still cannot recommend Symantec products. However, I could not have explained it half as well as my friend Donna Buenaventura did in the discussion thread at Calendar Of Updates.

You too will have a better understanding of why I feel as I do about Symantec products after reading the references. There are other excellent vendors who do not need to resort to relationships with third-parties in order to sell their product. I encourage Symantec customers to consider a different vendor for their security software. In fact, Avira has launched its new Version. See for information.

I suggest you start with the first article and follow through the list, being absolutely certain not to miss Donna's posts.

  1. Rowan Trollope: Safe Search update
  2. Don Hanson: my response to Safe Search update
  3. Calendar of Updates: Safe Search update

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, March 19, 2009

Pwn2Own Trifecta: Safari/MacBook, IE8 and Firefox

CanSecWest is underway in Vancouver, British Columbia. A part of CanSec is the Pwn2Own contest. In order to be owned, the competitor must demonstrate both loss of information (user data) and that financial cost would be incurred.

As described by Sarah Blankinship, Microsoft Senior Security Strategist, she said that it is
"a contest that pits researchers against technologies to see whether technology or human wins. It’s also a contest that presents interesting challenges to Microsoft and a contest which you might think Microsoft opposes. Like many other issues in the security ecosystem – it’s not that simple. The contest exemplifies two basic tenets behind the TwC Security teams’ efforts. You can’t hide from the truth (wishing doesn’t make it so) and every issue is an opportunity to learn and improve."
Interestingly, it took seconds for a fully patched MacBook with the Safari browser to be hacked. As described by Ryan Naraine at Pwn2Own 2009: Safari/MacBook falls in seconds:
"Charlie Miller has done it again. For the second consecutive year, the security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apple’s Safari browser.

“It took a couple of seconds. They clicked on the link and I took control of the machine,” Miller said moments after his accomplishment."
It took longer to perform a clean drive-by download attack against Internet Explorer in what was described as a “brilliant IE8 bug!”, that in the wake of the release of IE8 today at the Mix Conference today. Ryan Naraine's report can be found at Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari.

In accordance with the contest rules, Tipping Point will be the owners of the vulnerabilities and will not release the details until a patch is ready. Tipping Point will also work with security vendors on expediting patches.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, March 18, 2009

Security Updates for Adobe Reader and Adobe Vulnerabilities

This is a very important update. Don't wait, update to Adobe Reader 9.1 now. Available here:

Release date: March 18, 2009
Vulnerability identifier: APSB09-04
CVE number: CVE-2009-0658, CVE-2009-0927
Platform: Windows and Macintosh


Critical vulnerabilities have been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that one of these issues is being exploited (CVE-2009-0658).

Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.4, and users of Acrobat 7 update to Acrobat 7.1.1. For Adobe Reader users who can’t update to Adobe Reader 9.1, Adobe has provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates.

These updates resolve the issue from Security Advisory APSA09-01 and Security Bulletin APSB09-03. Users who have previously updated to Adobe Reader 9.1 and Acrobat 9.1 for Windows and Macintosh need not take any action. Adobe now plans to make available Adobe Reader 9.1 and Adobe Reader 8.1.4 for Unix by March 24.

Update to Adobe Reader 9.1, available here:
Complete details here: Security Updates available for Adobe Reader and Acrobat

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, March 16, 2009

Win a License for ESET Smart Security V4

I meant to post this over the weekend but ran out of time. Since I am helping Anand judge the entrants for the first week of the contest, I feel particularly negligent for not making Security Garden readers aware of this great opportunity to win a licensed copy of ESET Smart Security V4. The details are copied below from the announcement.
"WinVistaClub is pleased to offer, 7 copies of the latest ESET Smart Security v 4 edition free as giveaways to the members of WinVistaClub, in a 'simple to participate contest'. The product otherwise costs $59.99.

ESET Smart Security adds a firewall and antispam technology to ESET NOD32 Antivirus, protecting your family from Internet threats while blocking annoying junk email. ESET Smart Security 4 sports an easier to use firewall and delivers smarter antispam for Outlook, Outook Express, Thunderbird and other popular mail clients.

What's New:
Smarter Scanner — Threats don't always enter in ways you expect. ESET Smart Security inspects SSL-encrypted communication channels like HTTPS and POP3S, and intelligently scans compressed files to find threats that other products miss. ESET's Smart Optimization feature makes file scanning faster than ever.

Time-saving Firewall — The new Learning Mode saves time by automatically creating firewall rules by observing how you use your computer, while offering advanced firewall modes for power users.

Upgraded Antispam — ESET Smart Security now takes care of annoying spam with a smaller, faster, and even more effective spam filter.

Removable Media Security — Threats can enter your PC from removable media such as USB thumb drives. For self-running media, ESET Smart Security scans autorun.inf and associated files on mount, in addition to scanning any file on any removable device when it is accessed, or during a full-scan of the media. Power users can adjust ESET Smart Security to perform additional levels of scanning on removable media.

System Tools — ESET SysInspector and ESET SysRescue simplify diagnosis and cleaning of infected systems by allowing deep scans of system processes to find hidden threats, and creating bootable rescue CD/DVD or USB drives to help you repair an infected computer.

Self Defense — ESET Smart Security has built-in technology to prevent malicious software from corrupting or disabling it, so you can rest assured your system is always protected.

Usability Improvements — ESET Smart Security has numerous speed, security and usability upgrades.

-Energy-sipping battery mode extends laptop battery life without compromising security
-Advanced Protection Status screen informs you of detected threats
-Information pop-ups are hidden when running full screen applications like games, video players or presentations
-Password protection prevents ESET Smart Security from being uninstalled by strangers
-New interface and keyboard shortcuts simplify use for visually impaired users

Eset vs Competition makes an interesting read.

And what do you have to do to win this license ? Simply make a separate new post, in any section on any tech topic.

It could a tip or an article or a development. It could be from your blog or another source. The best or most interesting article or tip will get the license. This way one license will be given free every week. If there are less than 10 entries, the license will not be given away for that week but carried forward. You can post multiple entries too. Preference will be given to members having more than 10 posts .

I am taking the liberty of announcing the MVP members from this forum as the Judges. Hope it is alright with all.

Judges for the first 4, weekly contests.
1. Corrine & myself (Today - 22 March)
2. Choto Cheeta & myself (23 March - 29 March)
3. James & myself (30 March - 6 April)
4. Ramesh & myself (7 April - 13 April)
The Judges for the next 3, weekly contests, can be decided later.

If you not yet a member of the WinVistaClub, you can register here for free instantaneously."

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Sunday, March 15, 2009

Introducing WinPatrol 2009

Bill Pytlovany has done it yet again. Somehow he has made a great program even better by adding even more helpful features to WinPatrol. Although WinPatrol 2009 is compatible with all Microsoft operating systems, it was specifically designed to work with Windows 7.

WinPatrol is free for personal use and WinPatrol PLUS is available for a one-time $29.95 charge.

Following is a description of the additions to WinPatrol 2009.


One of my favorite additions to WinPatrol is the "Recent" tab. Although WinPatrol provides when a service, hidden file or registry entry are first detected, Recent places the information together on one screen so you can see at a glance what is added when installing a new program. (Thanks again to WinVistaClub member alsiladka for the suggestion. See WinPatrol Beta Update With New Feature!)

Monitor UAC Settings

Just as WinPatrol notifies you if there are changes to your Windows Update settings, monitors Windows User Account Control (UAC) settings. In the event malware attempts to change the settings, click "Yes" and WinPatrol will prevent the change.

Windows 7 and User Access Control

There are two versions of the small WinPatrol monitor component. One requires UAC permission, one does not.

Initially, the non-UAC version will run so you don’t have a UAC alert every time you reboot. If however, a change is detected and WinPatrol needs permissions we’ll swap the WinPatrol monitor with the one which requires UAC.

Lets user know that UAC access is required

This dialog will only be seen by Vista and Windows 7 machines with UAC activated. It will only occur once and only if needed."

Hide Alerts

With Hide Alerts, you can configure WinPatrol so that alert messages are hidden from users. The "Hide Alert Messages" is only available to WinPatrol PLUS subscribers (remember a WinPatrol PLUS subscription is a one-time charge with no annual renewal fees). The Hide Alerts feature also includes the option to ignore “RunOnce” changes to the registry.

To access Hide Alert Messages, launch WinPatrol and click the Options tab. The new feature is available via the button on the left next to "Lock File Types". This feature is helpful recommended if there are multiple users on the computer.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Saturday, March 14, 2009

Privacy and Google Ads, Voice, Docs

Yesterday morning I was reading about Google's change to "interest-based advertising" when I received a message from a friend at WinVistaClub directing me to a Preston Gralla article at ComputerWorld about Google Voice. Then I came across an article at TechCrunch about "inadvertent" sharing of documents. Individually, these three topics are worth being concerned about. Taken in combination, one followiong the other, I find it quite disturbing.

Google Ads

Google has given in to their advertisers and announced "interest-based advertising". What is the difference between "interest-based advertising" and the ads you see now? With the current format of serving ads, if you are on a website reading about computer keyboard shortcuts, the ads presented will be targeted toward the key words on that page -- i.e., keyboards, mice or other computer-related products.

With interest-based advertising, the ads will be based on the types of sites you visit and the pages you view. For example, if you spend a lot of time on sports-related websites, you are likely to see ads for running shoes when investigating the purchase of a new refrigerator. In other words, the ads will be based on your browsing history.

As Google admits:
This kind of tailored advertising does raise questions about user choice and privacy — questions the whole online ad industry has a responsibility to answer.
As a result, in the Google Privacy Center, Advertising and Privacy, there is an Opt out option:

Edit Note: It appears that my security settings were such that I was unable to access the Opt Out links. Thanks to the comment posted by Microsoft MVP Donna Buenaventura and the information she provided at Calendar of Updates, I followed Donna's lead and as a result have accordingly edited this posting.

Only one minor problem. When I clicked the Opt out link, this is what happened each time I tried:

[Image Removed]

It didn't matter which browser I used.

[Image Removed]

There is also supposed to be the ability to edit the preferences that are associated with the cookie at the Ads Preferences Manager. That link does not work either.

Based on the inability of those opt-out options to work, do I really want to trust installing the browser plugin to permanently opt-out of the Double Click cookie?

Google Voice

Google Voice unifies your phone numbers, transcribes your voice mail, blocks telemarketers and allows you to archive and search all of the SMS text messages you send and receive and more. (Features: Google Voice).

As Marc Rotenberg indicated, with those features come other concerns.
"The service would allow Google, which already collects vast amounts of data about the behavior of Internet users, to gather information on their calling habits.

“It raises two distinct problems,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center. “In the privacy world, it is increased profiling and tracking of users without safeguards. But the other problem is the growing consolidation of Internet-based services around one dominant company.”"

Google Docs

As reported at TechCrunch, Google sent a notice to a number of users of its Document and Spreadsheets products informing them that it may have inadvertently shared some of their documents with contacts who were never granted access to them. Reportedly the sharing was limited to people “with whom you, or a collaborator with sharing rights, had previously shared a document”.

TechCrunch reported that they were informed by Google that the error affected less than .05% of all documents. Is that .05% of one hundred documents or multiple millions of documents? Consider carefully what you share and who you share documents with.


Remember - "A day without laughter is a day wasted."

May the wind sing to you and the sun rise in your heart...

Thursday, March 12, 2009

Shake, Rattle and Log'N'Rock

What happens when there is a bit of a shake-up at an on-line forum? The results could be disastrous. In this situation, it was just the opposite. After a bit of shake, rattle and roll* Log'N'Rock was born. For the back-end story on how this evolved, see the Log'N'Rock Blog post linked below. In the meantime, allow me to tell you what is shakin' at Log'N'Rock.

As a bit of background, I have known the Administrators at Log'N'Rock for many years. Having known Rawe from several other security help forums, he invited me to the original BFC site to offer any suggestions on its development when it opened. I stopped in periodically over the years and got to participate in the excitement in the move to Log'N'Rock.

Other Admins include fellow Microsoft MVP's who go by Jasper the Rasper and Roddy32 on the forums. The show is kept running on schedule by ColdinCbus who also keeps Log'N'Rock's sister site, Calendar of Updates running smoothly.

The "Rock Stars in Computer Security" at Log’N’Rock are dedicated to helping users with computer issues as well as providing education about Computer Security. Although the main focus of the site is Malware Removal & Computer Security related matters, other help offered includes software, operating systems as well as internet browsers. New tutorials are being added to both the Windows Tutorials and Guides and the Security Tutorials & Guides forums.

The team at Log'N'Rock has had a lot of fun providing a new twist for a security help site. The name evolved from member suggestions. From there, the fun took off -- from the header, "Log'N'Rock, Rockstars in Computer Security" to forum names, such as Log'N'Fix, Rockin' The Web and First Aid Tent. Instead of the typical "user ranks" found at most forums, member titles include Garage rocker, Log'N'Rocker, Hardcore Rocker, Oldie Rocker, and Mick Jagger.

Clever forum names and fun user titles are a small part of the changes made in the evolution to Log'N'Rock. The rattle part of shake, rattle and roll resulted in adding additional forums.
  • Rockbot's New Office -- Rockbot posts news from various popular RSS feeds.
  • Microsoft Updates Forum -- This is where you can find the monthly updates, bulletins, and advisories. The forum will also include new updates for popular Microsoft programs when they are released at the download center.
  • AntiMalware Specialty Tools and Scanners -- This is a subforum of the Security Software forum and includes current information about various Anti-Malware Specialty Tools and Scanners to choose from to keep your computer both secure and private.
  • Polls -- Although just added, the members are getting into discussions about the poll topics.
If you are having computer problems, expert assistance by trained staff is available at Log'N'Rock for removing malware, computer viruses, trojans, and the like. The help provided is free of charge, although a thank you and a smile are always welcome. Even if you are not having a problem with your computer, stop in the Rockin' Lounge to say, “Hi”.

Take me to Log'N'Rock

Should you be looking for the BFC founder, Tazz1964 started a new site at ZetaBoards, linked below.


*"Shake, Rattle and Roll" Lyrics by Charles E. Calhoun, original recording by Big Joe Turner in 1954, followed by recordings and lyric modifications by numerous other recording stars.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Was BBC Use of Botnet Against UK Law?

With the reported assistance of PrevX, the BBC program "Click" obtained a "low-value botnet" via chatrooms on the internet. This botnet was used to hack into 22,000 PCs in a special investigation the program was conducting of the kind of damage that can result from a network of compromised computers.

As evidence of their presence on the computers, the BBC apparently changed the desktop wallpaper of affected computers to display a message from BBC Click. As Graham Cluley of Sophos described, other steps in this "investigation" included:
"BBC reporter Spencer Kelly and security company PrevX took over an existing botnet of approximately 22,000 computers, and used them for their spam experiment - ordering the innocent third-party computers to send 500 spam messages each to Hotmail and Gmail accounts under the control of the BBC."
As someone who helps in the security forums helping people clean their computers of malware, I am of the strong opinion that this so-called investigation by BBC Click was, if not against the Computer Misuse Act, at the very least highly in appropriate. I am surprised there is not more censure of PrevX for their participation.

You can follow the comments in Twitter using the hash code #bbcbot


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Windows 7 Security Enhancements

Paul Cooke, Director, Windows Client Enterprise Security, Microsoft Corporation, provided a brief writeup on three areas of security enhancements in Windows® 7. The three primary topics focused on in the article include the following:
  • Windows 7 is built upon the security foundations of the Windows Vista® operating system while improving auditing and the User Account Control (UAC) experience.
  • Windows 7 helps IT control what software can run in their environment with AppLocker™.
  • Windows 7 enhances the core features of BitLocker™ Drive Encryption with the introduction of BitLocker To Go™ for removable storage devices.
See Windows 7 Security Enhancements for more detail about these enhancements.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Webroot Returns to Unfavorable Status

The Webroot reprieve was short-lived. The pre-checked Ask Toolbar was returned to their installer in Spy Sweeper v6.1.0 (Build 107). Apparently, the newly discovered ethics of Webroot Software, Inc. were either short-lived or omission of the pre-checked toolbar was in error.

My suggestion to Webroot software users:

It is time to find a software vendor that is not double-dipping. Why are you paying an annual fee of $29.95 when other, more effective, software vendors have a successful program without similar pay-per-install add-ons?

  1. Webroot adds Ask Toolbar again!
  2. IAC/Ask Topics

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, March 10, 2009

Norton Customers: Beware of Searches for "PIFT.exe"

Elusive information and disappearing requests for help from the support forums at Norton Internet Security / Norton AntiVirus support forums has caused all kinds of speculation as to the source and/or purpose of PIFT.exe, added to unsuspecting Norton customers in a recent update. As reported by the SANS Diary at conspiracy fodder: pifts.exe:

"Several readers wrote in with samples of a file PIFTS.exe that seems to be related to a Norton update and gets flagged for its behavior.

The file has been confirmed to call home to ."

The more serious problem at the moment is that Graham Cluley of SOPHOS has reported in Malware authors jump on the PIFTS.EXE bandwagon:

"We're seeing evidence that websites containing malware are showing up in search engine results when people hunt for more information about PIFTS. Sophos's WS1000 Web Appliance is already picking up some of these sites as Mal/BadRef-A, and preventing users from accessing them.

The Mal/BadRef-A script redirects to another malicious script (detected by Sophos as Troj/Reffor-A) which then itself redirects to a page detected as Mal/FakeAvJs-A.

That page leads to a fake anti-virus scan (also known as scareware) designed to frighten computer users out of their hard earned cash. It's ironic that a scare about a file in an anti-virus program is leading users to search and visit a page where they will be scammed by a fake anti-virus program. Ho hum."

Please stick to the "mainline" sites when seeking information on PIFT.exe. In the event you do hit one of the infected sites, close any pop-up via Task Manager (Ctrl+Shift+Esc > Applications > End Task).

A statement has been issued by a "davecole" a Symantec employee at the support forum. See Norton product patch "PIFTS.exe" and Norton Users Forum [Edited]

The way things have been going, I will stay with my Recommendation: Replace Norton!


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


The story below was posted by one of the members at LandzDown Forum. I hadn't seen it before but when searching for the author see that it has been around for a while. Titles vary from "The Stranger" to "A Stranger in Our Home" but no author is evident. I chose to use the same title as posted at LandzDown.

I agree with the sentiment that this should be required reading in every household. I hope you appreciate it as much as I did.
"A few years after I was born, my Dad met a stranger who was new to our small town. From the beginning, Dad was fascinated with this enchanting newcomer and soon invited him to live with our family. The stranger was quickly accepted and was around from then on.

As I grew up, I never questioned his place in my family. In my young mind, he had a special niche. My parents were complementary instructors: Mom taught me good from evil, and Dad taught me to obey. But the stranger...he was our storyteller. He would keep us spellbound for hours on end with adventures, mysteries and comedies.

If I wanted to know anything about politics, history or science, he always knew the answers about the past, understood the present and even seemed able to predict the future! He took my family to the first major league ball game. He made me laugh, and he made me cry. The stranger never stopped talking, but Dad didn't seem to mind.

Sometimes, Mom would get up quietly while the rest of us were shushing each other to listen to what he had to say, and she would go to the kitchen for peace and quiet. (I wonder now if she ever prayed for the stranger to leave.)

Dad ruled our household with certain moral convictions, but the stranger never felt obligated to honor them. Profanity, for example, was not allowed in our home... Not from us, our friends or any visitors. Our longtime visitor, however, got away with four-letter words that burned my ears and made my dad squirm and my mother blush. My Dad didn't permit the liberal use of alcohol. But the stranger encouraged us to try it on a regular basis. He made cigarettes look cool, cigars manly and pipes distinguished.
He talked freely (much too freely!) about sex. His comments were sometimes blatant, sometimes suggestive, and generally embarrassing.

I now know that my early concepts about relationships were influenced strongly by the stranger. Time after time, he opposed the values of my parents, yet he was seldom rebuked... And NEVER asked to leave.

More than fifty years have passed since the stranger moved in with our family. He has blended right in and is not nearly as fascinating as he was at first. Still, if you could walk into my parents' den today, you would still find him sitting over in his corner, waiting for someone to listen to him talk and watch him draw his pictures.

His name?.........







We just call him 'TV.'

He has a wife now...We call her 'Computer.' "

Author: Unknown

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Sunday, March 08, 2009

Recommendation: Replace Norton!

I can no longer find any forgiveness for Symantec. Nor can I recommend any Symantec products. Continue reading to discover what led me to recommend replacing Norton with another security vendor's product.

Generally, an update to a security product is considered a good thing. In this case, it is just the opposite. As evidenced by a thread at, the Symantec announcement reproduced below regarding the latest update of Norton Internet Security and Norton Antivirus to version 16.5 indicates that Symantec has proceeded with their IAC relationship and incorporated Ask in their Norton products.
"An update has been released for Norton Internet Security 2009 and Norton AntiVirus 2009. Just like the last patch, we're using new technology. Because of this, we are distributing this patch in a more controlled manner. Some of you may not receive the update as quickly as others. We will post another announcement with more detailed information shortly when deployment is more widespread. In the meanwhile, your patience is appreciated while the patch continues to be distributed.
Tim Lopez
Norton Forums Administrator
Symantec Corporation"
If you are not familiar with the issues regarding IAC/Ask there are numerous references in this recent article.

Including Ask is not the full reason why I am so adamantly against Symantec. The other reason is their apparent disregard for the terms of service of Malwarebytes' Anti-malware (MBAM). MBAM is an outstanding anti-malware application that is free for personal use. There is also a full version which unlocks realtime protection, scheduled scanning, and scheduled updating. For consumers and personal use, MBAM is a one-time fee of $24.95.

As seen in the PCMagazine slide presentation included with the article Symantec Support Gone Rogue by Neil J. Rubenking, Symantec has totally disregarded the licensing terms of MBAM, completely ignoring that MBAM is not free for corporate use. Mr. Rubenking reported that
After finishing the scan, the agent offered to run "a scan from the Norton security." He also called it "a deep scan just from a online Norton program."
Low and behold, it was not a Norton program but the free for personal use version of Malwarebytes' Anti-Malware that the Norton representative presented:

Screen capture excerpt copied from the slide Hey, That's Not Norton!

"The "Norton program" turned out to be a free non-Symantec product called MalwareBytes' Anti-Malware. I watched the whole process – no Symantec product was involved. Symantec says this should not have happened and won't happen in the future."
Symantec charges $79.99 (USD) for their Norton 360 product and $59.99 for Norton Internet Security 2009. Yet, their products are apparently not good enough to clean a computer and their support resorts to using another vendor's product.

Do you trust Norton products now? I certainly do not. There are many trusted vendors that provide an excellent solution to your computer security needs. Free for personal use antivirus software vendors include Avast! and Avira AntiVir. Both also have subscription versions. Additional solutions include the following:
If you are replacing Norton, you may find that the Norton Removal Tool is needed to remove the remnants.

Hat Tip: Donna's Security Flash


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, March 06, 2009


This is definitely the day for blogging about friends. This time it is about my friend, Subratam Biswas who has published two excellent articles in the Microsoft Malware Protection Center blog about a nasty rogue.

Read Subratam's excellent reports:

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Spread the Word: Automatic Updates and New Computers FAIL

I have long been a proponent of using the Automatic Update settings to "Download updates for me, but let me choose when to install them". Having a dial-up connection for so many years, that setting was ideal for me. The updates would be downloaded in the background when I was connected to the Internet and I would be notified when they were ready to install -- which was usually three to five days after release.

Even though I now have a broadband connection, I wouldn't dream of changing the Automatic Update setting. I still review the updates before installing. Its easy to do -- just right click on the checked update and select "View details". A window will open describing the update and providing a link to any relevant Microsoft Knowledge Base (KB) article.

Read my friend, Bill Pytlovany's article and see why "new computers FAIL" and then join in helping to spread the word.

--> Bits from Bill: Automatic Updates and New Computers FAIL <--

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...