Month: March 2006

Get a free iPod!

In a civil complaint (click here for PDF) released Thursday, New York Attorney General Eliot Spitzer accused Washington D.C.-based Gratis Internet of deceptive business practices. The suit requests monetary penalties and an injunction against the activity in question.

The suit, filed in the state’s supreme court in Manhattan, marks the latest chapter in Spitzer’s charge against what he has labeled the largest deliberate breaches of privacy in Internet history. Earlier this month, the attorney general announced a $1.1 million settlement with Datran Media. The e-mail marketer had been accused of buying at least 6 million files from Gratis, despite knowing that the transaction ran contrary to the seller’s privacy policy.

Link here.

Alex Eckelberry

Not Good.  505 cameras to be installed in NYC.

The NYPD is installing 505 surveillance cameras around the city – and pushing to safeguard lower Manhattan with a “ring of steel” that could track hundreds of thousands of people and cars a day, authorities revealed yesterday.

NYCLU is battling back:

But don’t expect the NYPD to install its cameras without battling the New York Civil Liberties Union. The watchdog group’s associate legal director, Chris Dunn, questioned the plan.

“Commissioner Kelly may be ready to launch us all into a surveillance society, but we believe cameras are not a cure-all for crime and terrorism,” Dunn said. “It is far from clear that cameras deter crime.”

Link here.

Alex

This site in Russian is offering eBay accounts for sale.

While it’s in Russian, the basics of the text in the website are that:

• They sell e-Bay and PayPal (rarely) accounts.
• They have a Trojan that steals account info from e-Bay logs and prefer to steal accounts with minimal seller/buyer activities.
• The better feedback on given account the more expensive it is. Real account holder e-mails are available as well.

They even have a list of users to buy:

As is our normal practice, we have reported this to our security contacts at eBay. 

Alex Eckelberry
(Thanks Sunbelters Adam Thomas for the site and Olexiy for the translation)

How to Delete Files with Illegal or Reserved Names
Sometimes an application will create a file that has an “illegal” file name (that is, a name that’s reserved by the operating system, such as LPT1 or PRN). If this happens, you may not be able to delete these files using the graphical interface. Here’s how to delete them:

1. If the partition on which the files reside is formatted in FAT, at the MS-DOS prompt, type DEL and then the file name with wildcard characters, such as DEL LPT?.*
2. If the partition is NTFS, you’ll need to use a syntax that bypasses the normal reserved word checks: DEL \.(drive letter):(path)(file name) (for example: DEL \.c:myfolderlpt

How to Add the Comment Pane in Word
You can add a comment pane feature in Word 2002 or 2003 by creating a macro and running it in a Word document that contains comments. Instructions and code for the macro are shown in KB article 913759 here.

How to Edit the Registry to Replace In-use Files at Windows Startup
There are several ways to replace a file that’s in use by Windows at startup. One way is to edit the Registry. Always back up the registry before editing it.

1. Start your favorite registry editor.
2. Navigate to the following key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager
3. Create a new value of the type REG_MULTI_SZ and name it PendingFileRenameOperations.
4. In the value data field, type the following on two separate lines: ??c:tempwin32k.sys !??c:winntsystem32win32k.s
5. Close the registry editor.

Direct Hosting of SMB over TCP/IP
Windows 2000/XP/2003 supports file and printer sharing traffic by using Server Message Block (SMB) directly hosted on TCP, unlike earlier versions of Windows that required NetBIOS over TCP (NetBT). Disabling NetBIOS has several advantages. KB article 204279 includes instructions for disabling NetBIOS over TCP/IP here.

How to Configure the Popup Blocker in XP SP2
When you install Service Pack 2 for Windows XP, it adds a popup blocker to Internet Explorer, which is turned on by default. You can configure its settings to allow popups on certain web sites or block all popup windows. You can also configure IE to play a sound to notify you when a popup window is blocked. KB article 843016 tells you how to configure the popup blocker to suit your needs here.

No Results Returned when you Search for Files or Folders
Sometimes if you run a search for files or folders over a slow network link, you Windows XP computer may give you a message that says “Search is complete. There are no results to display” even though the files or folders you’re searching for exist. It happens because Windows mistakenly determines that the files or folders are offline and excludes them from the search. To find out what to do about the problem, see KB article 885843 here.

Deb Shinder

Make IE 6 a Little More Like IE 7: One of IE 7’s new features is a “clear my tracks” option that lets you delete all temporary Internet files (browser cache), cookies and web browsing history.

That’s especially useful when you share a computer with others and don’t want them snooping in your web browsing habits. If you’re not ready to install IE 7 but you’d like to be able to do the same thing with IE 6, you can download this little free program from Microsoft or run it from the web site.

Deb Shinder

According to a subscriber email we just received from Client Server News, the consumer version of Vista won’t ship until January. 

According to Client Server News, “the delay it being done in the name of quality, according to Vista boss Jim Allchin.”

Commercial volume licensees will see it in November.

Alex Eckelberry

I often warn computer users about the importance of backing up all your important data. Whether it’s the first few chapters of your Great American Novel, the outline for your ten-year career plan, all that financial information you painstakingly entered into a spreadsheet or tax program, digital photos and home videos, or just a huge collection of (legally downloaded, we hope) MP3s, it represents time, effort and sometimes a lot of money.

Yet a week doesn’t go by that we don’t hear someone lament that “my computer crashed and I lost everything.” A lot of people seem to regard hard disk failure in much the same way they look at plane crashes or tornadoes or fatal diseases – as things that happen to “other people.” Until it happens to them. The good news is that unlike those much more horrific disasters, a computer disaster is something that you can prepare for and recover from with a minimum amount of loss – if you take the time and plan properly.

There are lots of ways to back up your data. You can copy it to a second hard disk (internal or removable), write it to a CD or DVD, copy your files to another computer on your home network, or even invest in a tape backup system. Any of those options is a start, but it’s not enough. Unfortunately, when it comes to their personal data, most folks stop there. But what happens if your computer is stolen (along with its second hard disk and the DVD that you left in the tray of the writer)? What if a flood or fire destroys your computer room, along with the removable disk or tape backup in the desk drawer? What if a tornado wipes out the whole house, including the second computer upstairs to which you copied your data?

That’s why an effective backup plan has to include some sort of off-site storage. A number of online services have popped up, offering a way for you to upload your data to their servers (which may be in another state or even another country – about as off-site as you can get). Some offer a limited amount of free storage, others charge a fee ranging from a few dollars per year to much more for professional level “electronic vaults” that automatically back up your data continually and store it in redundant locations with a high degree of physical security.

Most home users aren’t interested in paying hundreds or thousands of dollars for that level of protection, but you might very well be tempted by some of the free services such as Xdrive or Streamload. The price is certainly right – but you may find that the free plans aren’t really as useful (or as free) as the ads make them sound.

For instance, Xdrive’s front page touts “5GB to unlimited gigabytes of online storage.” Unfortunately, it’s only the 5 GB that’s free. Once upon a time, 5 GB of data was an almost unimaginable amount (a mere ten years ago, in 1996, my computer had a total of 3 GB of hard disk space – two 1.5 GB drives – and I was wondering how I’d ever fill up all that space). Today, with high quality digital photo files that are 100MB or more in size and the ability to record TV shows on your Media Center PC (at about 1.5 GB per half hour program), 5 GB isn’t much space at all. It’s likely it won’t be enough to back up all your data files. To get more space, you have to pay for it. And you have to provide credit card information even to sign up for the free trial. In addition, the service doesn’t support FTP access or allow versioning of your documents, even with the paid plan. On the positive side, they do offer automated backup of selected folders so you don’t have to remember to manually back them up each time.

Streamload, at first glance, looks a lot better. They offer 25 GB of free storage. And they don’t ask for a credit card to set up a free account. However, there is a catch: Although you can upload 25 GB to the site, you’re limited to downloading 100 MB per month. Paid plans range from $4.85 per month (unlimited storage, download up to 1 GB) to $39.95 per month (unlimited storage, download up to 60 GB). This means if you store your 20 GB of data on Streamload and then you need to restore it all at once, you’ll have to upgrade your account to the $19.95 per month plan (allows up to 25 GB download). Of course, you might never need to download the whole thing at once, and if you do, that means all your on-site backups are gone and you probably would be willing to pay to get your data back.

These are just a few examples of consumer-level online storage services. There are many others: IBackup , Online Storage Solutions, My Net Storage. Companies better known for other products also offer online storage options; an example is Apple’s iDisk.

One question you have to consider before signing up with any of these services: how secure is your data on their servers? Remember that anyone who gets your username and password can access your data from anywhere in the world. If you only have music, videos and low-security documents that you want to back up, this probably isn’t an issue. If you have highly confidential information, you might not want to upload it to an online service, or you might want to pay more for a business-grade service that guarantees a higher level of security.

What about reliability? Web businesses come and go, and if you upload your data to one that subsequently goes out of business, you may never see that data again. That’s why I’d recommended using the services as one part of a backup plan – not as the whole plan. Put your non-sensitive data there for convenience, but also make a DVD or tape and take it to work with you and store it in your desk there, or keep it at a friend’s or relative’s house or even in a bank safe deposit box.

There are other options for storing your backup files online, too. Many ISPs give their customers a certain amount of Web space free with an Internet account. If you don’t have a Web site, you can still FTP copies of your data files to the Web server to store them. Note that this isn’t a particular secure option, so only use it for non-sensitive files.

If you have a friend who has a network with extra server space, the two of you could upload files to one another’s servers. This is a good plan if your friend is technically savvy and trustworthy, and you will probably have more control than with a service run by people you don’t know personally.

Tell us your opinions on the backup dilemma. Do you keep copies of your important data off-site? Do you use an online service or do it another way? Have you had good or bad experiences with the services? Comment away.

Deb Shinder

Claria, which had tried to go public a couple of years ago, is claiming that they are exiting the adware business. 

Earlier this year, Claria retained Deutsche Bank Securities, Inc. to handle the sale of the company’s adware assets, and Claria is in active discussions with a number of interested buyers. A condition of any sale of Claria’s consumer software applications, however, will be the requirement that any purchaser agrees to adhere to emerging industry standards outlined by TRUSTe and other industry coalitions.

Link here.

Alex Eckelberry
(Another thanks to Amanda)

The Interactive Travel Services Association (ITSA), an industry trade group whose members include Expedia, Orbitz, Hotwire, Hotels.com and others, has made an announcement: 

Advertising in adware is ok, as long as it’s not spyware.  ITSA believes adware “can be useful to many consumers because it provides timely, relevant and money-saving information, or it helps defray the cost of free linked software programs” (link).

According to their press release:

The ITSA best practices document encourages adware companies to: 1) obtain “affirmative consent,” or prior approval from consumers for downloading adware, while simply explaining what the adware will do; 2) for consumers who already have downloads, go back and obtain their approval now; 3) provide an easy to find, understand and use method of uninstalling the adware; and 4) identify who has created or is providing the adware in any download offers or any other promotions, such as pop-ups or pop-unders. In addition, 5) advertisers should require their adware companies and any marketing groups they work with to abide by these practices.

Link here.

Alex Eckelberry
(Thanks Amanda)

From cdfreaks.com (thanks Jarrett):

Now, Futuremark has uncovered a very dangerous anti-piracy system Starforce is now using.  This copy protection system installs a driver that runs at the highest level of access on the system, which gives it low level access to the PCs hardware and any drivers and processes.  This driver runs regardless of whether the game runs; keeping an eye out for any suspicious activity such as attempting to copy a protected disc.  If something suspicious is detected, it forces the PC to make an immediate reboot, regardless of any other applications running and whether or not the user has any unsaved work.

Link here.

(The validity of this report is still uncertain).

Alex Eckelberry

180Solutions director of corporate communications Sean Sundwall has left 180Solutions.   According to sources close the company, Sean resigned on March 1st.

Sean started in June of last year and was the spokesperson for 180 during a time of change for the company.

Alex Eckelberry

A bunch of Sunbelters are going to InfoSec Orlando (April 3–5).  I’ll be there, along with our VP of R&D, Eric Sites, and a number of other Sunbelt staff.  We’re going to be showing our new Ninja Messaging Security suite for Microsoft Exchange as well as our CounterSpy product line. 

Alex Eckelberry

A new version of the IE 7 beta 2 preview is available.

According to Paul Thurrott at Windows IT Pro, it’s to be announced today at the MIX 06 conference today, and that Microsoft is describing this release as “feature complete”. 

You can download it here.

Alex Eckelberry

This site is an affiliate of Coolwebsearch.com that installs a toolbar which hijacks the home page without a EULA.

Run by our Best Friend Ever, Vadmim Praha

Whois Data:
Fedorov Vadim   Praha    CZ         hali @ volny.cz
Fedorov Vadim   Praha    CZ         sp @ prague-sex.com
Fedorov Vadim   Prtaha 5 CZ     sovsem @ nevest.net
Fedorov Vadim   Praha    CZ         radmin @ radmin.kirov.ru

And he’s got lots more sites under the IP 194.187.96.195, which you are welcome to put into your blocklists.

Alex Eckelberry
(Thanks to Sr. Researcher Patrick Jordan)

Just follow the money.  It’s all you need to do. 

Large well-respected companies are helping to fund the virulent spread of unwanted and potentially harmful “adware” by paying for advertisements generated by those programs, a new report by CDT finds.

In “Following the Money: How Advertising Dollars Encourage Nuisance and Harmful Adware and What Can be Done to Reverse the Trend,” CDT details how — through a complicated network of intermediaries — major advertisers pay to have their products and services advertised though pop-ups and other ads generated by unwanted advertising software or “adware.”

The report dissects the financial relationships behind those arrangements and identifies a number of mainstream companies that advertise through one particularly unscrupulous adware distributor.

Link here.

Alex Eckelberry

Well, this will be interesting:

The fight against invasive software will take a step forward this week as the Center for Democracy and Technology (CDT) and the Google-backed Stopbadware Coalition will release two separate reports that state the names of undesirable software programs and the advertisers who help fund them.

Link here.

Alex Eckelberry
(Thanks Amanda)

IPv6 (Internet Protocol version 6) is an upgrade to the current version 4 which has the primary purpose of increasing the amount of Internet addresses available. While it’s been fairly slow to get adoption, it’s on track to become the standard over the coming years. 

IPv6 addresses are composed of two parts:  a 64–bit network prefix and a 64–bit host part.   In IPv6, the 64–bit host part is either “automatically generated from the interface’s MAC address or assigned sequentially.”  

Well, IPv6 has at least one Chinese internet authority rubbing his hands in glee.

“There is now anonymity for criminals on the Internet in China,” said Hu Qiheng, chair of the Internet Society of China, a public-private group founded five years ago to promote the Internet in China. “With the China Next Generation Internet project, we will give everyone a unique identity on the Internet.”

Hu, who was interviewed on a visit to Paris this month for an Internet workshop organized by the Organization for Economic Cooperation and Development, does not represent the Chinese government, but she has long been prominent in the development of China’s Internet and served as adviser to the Chinese government both domestically and at Internet policy meetings of the United Nations.

Link here via Funsec.

Alex Eckelberry

Slick.

This is a tool developed by Mark Meiss and Filippo Menczer at the Indiana University School of Informatics in March of 2006 to allow you to explore the differences in the results returned by different countries’ versions of the major search engines. We currently work with the Web search and image search functions of four national versions of Google and Yahoo!: the United States, China, France, and Germany.

Link here via beSpacific. 

Alex Eckelberry
PS— In order to have the most accurate comparison, they turn off Safe Search, so be warned.

Certainly off the subject of spyware, but we recently did a study with the Yankee Group on server reliability, with over 400 participants.

From Laura DiDio at Yankee:

All of the major server operating system platforms have achieved a high degree of reliability, though Unix-based servers still record the least amount of annual downtime. Microsoft’s Windows Server 2003 notched the biggest reliability gains over the past 3 years and the Microsoft server platform, along with some custom Linux distributions ranked close behind Unix for the most reliable server operating system platforms.

Those are the results of the latest independent Yankee Group/Sunbelt Software Web-based global survey of nearly 400 IT administrators worldwide. The survey also indicated that heterogeneity is the order of the day: a majority of respondents indicated they had an average of three server operating systems running in their environments.

And, in what can only be described as welcome news for corporate users, all of the major server operating system environments: Linux, Windows, Unix and open source environments exhibited a high degree of reliability — with a surprising lack of disparity among the platforms.

Businesses reported that on average, their firms experienced fewer than two, Tier 2 reliability-related outages per server, per year and approximately one of the most severe Tier 3 outages per server, per year across all server OS platforms.

The survey also highlighted a number of crucial IT trends and revealed some surprising everyday administrator practices. Foremost among these is that a majority of IT administrators opt to manually apply patches and updates because they are not yet fully comfortable with automated patch rollouts. Perhaps the most surprising patch management statistic is that Unix administrators spend the most time patching their servers overall — about 58 minutes and about 62 minutes for each server that they patch manually.

Microsoft IT administrators used automated patching far more than their Linux and Unix counterparts — 32% of Windows 2000 Server IT managers and 38% of Windows Server 2003 managers use automated Group Policy to apply their patches. After Windows, automated patch management was most prevalent in the Novell SuSE environment where 28% of admins said they use Group Policy mechanisms to automatically update their systems. Red Hat and Unix administrators were least likely to deliver their updates automatically — only 5% of Red Hat Enterprise Linux managers and 7% of Sun Solaris, HP/UX and IBM AIX Unix managers apply their patches manually. Other survey highlights include:

• Not surprisingly, the UNIX distributions – Solaris, AIX and HP UX took top reliability honors. Corporate UNIX users reported experiencing just under 600 minutes of per server, per year.
• Windows Server 2003 and Red Hat Linux with customizations and Novell SuSE Linux all reported roughly equivalent per server, per year outage times of just under 800 minutes. Surprisingly, Red Hat Enterprise Linux standard distribution users reported said they experienced 900 minutes of per server, per year.
• Windows 2000 Server and Windows Server 2003 recorded the greatest number of Tier 1 Reliability related incidents — nearly 3 incidents per server, per year for Windows 2000 Server and 2.5 Tier 1 reliability incidents for each Windows Server 2003 system annually. Still, the actual number does not vary substantially from rival platforms.
• The Reliability and patch management of Windows servers has improved dramatically — about 20% from Windows 2000 Server to Windows Server 2003.
• Custom SuSE Linux delivers the highest reliability and fewest minutes — about 430 minutes of per server, per yearly outages. However, because so few of the respondents — less than 2% of businesses — use a customized implementation of Novell SuSE Linux, it is not a statistically valid response. Hence, among mainstream server OS platforms, Unix must still be considered the most reliable server environment.
• There were several write-ins for Novell’s legacy NetWare server OS platform — seven to be exact — taking us to task and asking why NetWare was left out of the survey. Overall, we included 11 different server OS configurations that represent the largest share of the current user base as well as the projected server OS environment going forward over the next three to five years. NetWare as a standalone server OS platform is rapidly disappearing. It currently accounts for approximately 3% of the installed base. However, for the record, the respondents still utilizing the legacy NetWare platform had high praise for its reliability and said they suffered little if any downtime.

Alex Eckelberry

In a workplace etiquette-themed survey released by Randstad USA, a temp agency, they reported among the top pet peeves:

• Condescending tones (44%)
• Public reprimands (37%)
• Micromanaging (34%)
• Loud talkers (32%)
• Cell phones ringing at work (30%)
• Use of speakerphones in public areas (22%
• Colleagues engaged in personal conversations in the workplace (11%)
• The use of PDAs during meetings (9%)

Link here.  

Well, my two cents.  All of these are irritating to some degree to all of us.  I put cell phones and PDAs pretty high on my list of irritations, but it depends on the context.  For example, a while back we had a financial type come by the office for a briefing on our strategy.  Hours of careful planning were wasted as he constantly checked his Blackberry, nodding “uh huh, uh huh” as a weak indication that he was listening to our presentation. On the cell phone front, I had a friend who wanted to go out for a personal lunch.  He spent about 50% of the time on the cell phone (I’m not exaggerating), as I looked on, bored out of my mind.  When he asked me out to lunch again, I politely mentioned that I would — so long as he’d leave his cell phone back at the office.  He was surprised and hopefully got the message.

What are your workplace etiquette pet peeves? 

Alex Eckelberry