The Legacy Sunbelt Software Blog
The Great Years: 2004-2010
IP: 85.255.116.250
qualitycodec(dot)com
IP: 85.255.118.243
iesecurepage(dot)com
IP: 85.255.118.242
iednserror(dot)com
iednserror(dot)com and also idnserror(dot)com use fake 404 error pages.
Patrick Jordan, Sr. Researcher
Virtual PC is free
I’ve had a number of inquiries recently about virtual machine software. It seems that a lot of folks either want to run Vista in a VM instead of installing it outright on their computers, or they have upgraded to Vista and want to run XP in a VM so they’ll have access to some old applications that don’t work with Vista. You’ll be happy to know that Microsoft’s Virtual PC (VPC) VM application is now a free download. You can install VPC 2004 on XP and run Vista in the VM, or you can install VPC 2007 (beta) on Vista and then install XP in the VM. Find out more here. There are also various free options at Vmware, here.
Vista: Hail the new Reliability and Performance Monitor
A new and useful feature in Windows Vista is the Reliability and Performance Monitor, which is a more sophisticated version of the Performance tool in XP Professional. You can open it in the same way: in the Run box, type perfmon, or you can click the Resource Monitor button on the Performance tab in Task Manager.
The top level node (Reliability and Performance) provides a nice resource overview, with graphs showing CPU, disk, network and memory usage. The Performance monitor is similar to XP’s; you can add counters for various performance objects (for instance, your processor) and measure performance in real time on a graph or output the performance information to a report. The “new guy on the block” is the Reliability Monitor, which shows software installs and uninstalls, application failures, hardware failures and Windows and miscellaneous failures. For example, the Monitor on my Vista machine shows that Outlook had a failure on October 21. A more technical overview is available here. (Thanks to Microsoft for the screencap above).
| How to keep tabs on the mouse pointer Sometimes it’s difficult to find the pointer arrow on certain desktop backgrounds, especially if you have vision problems. You can make it easier to keep up with the pesky pointer by following these steps:
|
Is Anti-Virus Software Ineffective?
Joanna Rutkowska, the same researcher whose BlackHat presentation last summer resulted in all the headlines alleging a security flaw in Vista (the vulnerability turned out to be in AMD’s virtualization technology) now is making headlines again. According to Rutkowska, she’s “not impressed” with any of today’s existing anti-virus solutions and wants to see a solution based on integrity checking of all system components. Read more here.
How to turn off the “New Programs Installed” notice
Whenever you install a new program in XP, the operating system may pop up a balloon saying that a new program has been installed and then the program itself is highlighted on the Start | All Programs menu. If you’re annoyed by this feature, it’s easy enough to turn it off. Just follow these steps:
You’ll also find a number of other Start menu items that you can configure here, such as how to display the Control Panel, My Documents, My Computer, and which items to include or not include on the Start menu.
Windows Media Player has encountered a problem and needs to close
If you get an error when you try to start Windows Media Player in XP, it may be because a third party application has installed an incorrect version of the Wmpui.dll file. Luckily you can fix the problem by registering the dll. For step by step instructions on how to do so, see KB article 555494.
Access denied when you delete folders from a mounted drive
If you try to delete folders that are stored on a mounted drive and send them to the Recycle Bin, you may receive an error message that says “Cannot delete
There are a couple of workarounds you can use to solve this problem. Read about them in KB article 243514.
You get an “access denied” message if you try to move files at the MS-DOS prompt
If you try to copy or move files to a CD-R or CD-RW drive using a command at the MS-DOS prompt, you may get a message that access is denied. Instead, you’ll have to use a different method to copy or move files for staging. You can find out what your options are by reading KB article 279118.
Deb Shinder, MVP
Remember the old kids’ mantra celebrating the arrival of summer? “No more pencils, no more books, no more teacher’s dirty looks.” Well, students may be stuck with that last one for a while longer, but the first two are about to become obsolete year ’round, at least in some school districts.
My local newspaper ran a story last weekend titled “Schools toss aside texts for e-books”. It seems several districts in our area are doing away with traditional textbooks altogether. And who can argue with the fact that electronic books offer several advantages? They’re a lot easier to keep up to date, and they certainly weigh a lot less than those fat hardbacks that students are used to lugging around. Kids can carry dozens of books with them in the same space and weight that one “real” book occupies. Link.
On the other hand, the digital nature of e-books also makes it easier to manipulate the content (a little rewriting of history, anyone?), and in order to use them, each student needs a computer. Asking parents to buy a laptop along with the rest of the list of first day school supplies seems a bit much, so the schools themselves are buying them and issuing them to students (at a cost of almost $900 each, according to the article). So, while students and teachers may be happy about this new way of doing things, already overburdened taxpayers may be less so (my property taxes for the public school district this year are well over $4000 – more than the taxes for the city, county, hospital district and community college district combined – and my district hasn’t even started buying laptops yet).
I’m a big advocate of teaching everyone to use new technology, but it seems to me there are some practical problems with this approach that haven’t been considered (or at least, haven’t been mentioned by reporters enamored with the “cool factor” of what the schools are doing). For instance, administrators expect to have to replace the laptops every four years. I wonder if that’s realistic, considering the fragile nature of portable computers combined with the rambunctious nature of school children.
What happens if a child drops his computer on the concrete and demolishes it a week after he gets it? Do the taxpayers get to pay for the repairs or replacement? Or do you require the parents to pony up, like when a child loses or damages a library book? What if they can’t afford it? Does the kid go without a computer (and thus without any of his textbooks) for the rest of the year? Will there be kiosks where kids who’ve lost their computers can stay after school to study?
And as we all know, physical damage isn’t the only thing that can render a computer unusable. Kids love to experiment; when they inevitably delete the wrong files, install some sort of malware, or otherwise mess up the operating system so that their programs won’t run, who’s going to fix it? Will the schools also have to hire on-call tech support personnel to spend all their time troubleshooting software? Or will they teach each child how to format and reimage the hard drive whenever anything goes wrong?
If the children will be doing all or part of their work on the computers (which seems logical and is implied in the article), where will they save their documents? On removable media so that when/if the OS gets corrupted as described above, the data won’t be lost? Will the school issue flash memory cards or USB drives, too, for that purpose? What if a child labors for hours or weeks to complete a paper, and then the file gets corrupted (will “my computer ate my homework” fly any better than the old dog excuse?)? Or will they be required to print everything out? Maybe the school will buy everybody a printer, too?
The article stated that some teachers still order “back up” textbooks to keep in the classroom, but many don’t. Suppose there’s a power outage. Does all learning come to a halt? Or what if the power goes down for the evening in a particular neighborhood? Will the students in that neighborhood be excused for not doing their homework? No more studying by candlelight these days.
How locked down will the student laptops be? Will students be able to get online with them, or will they be configured to use as standalone machines only? If the former, how do you keep kids from using them to chat with friends, surf the web (perhaps to inappropriate sites), play computer games, etc. Or should you even try to restrict their use to learning only?
Of course, the student laptop programs are being pushed by computer vendors (what a surprise) and some educators. But what do you think? Will giving every student a computer better prepare them for life in the 21st century and bridge the digital divide? Or will such initiatives turn into budgetary monsters that will devour taxpayers with far too little return on the investment? Is there a better way to provide access to technology, such as installing the computers in the classrooms instead, or helping to subsidize home computers for students whose families can’t afford them, rather than giving a portable to every child?
Deb Shinder, MVP
Randy Franklin Smith at ultimatewindowssecurity.com wrote us yesterday about some tips for using adminstrative template files (adm) to rapidly roll-out killbits against various zero days.
We continue to get nailed by ActiveX vulnerabilities including advisories on the XMLHTTP 4.0 and WMI Object Broker ActiveX controls.
This nasty trend of zero-day vulnerabilities leaves you defenseless until Microsoft releases a patch unless you take the time to set the kill bit.
[I recently] pointed out that a custom administrative template would help you to push out kill bits via group policy and subsequently roll them back after associated patches are released and deployed.
Well, don’t bother trying to write the custom ADM template, I’ve already done it for you and shot a video, Death of an ActiveX Control, demonstrating how to install it in about 5 minutes.
It’s free and there’s no forms to fill out. To watch the video and download the ADM template browse over to http://www.ultimatewindowssecurity.com/killbit.asp. I can’t say the video is as dramatic as its title but I think you’ll find the content valuable.
Thanks Randy!
Alex Eckelberry
On the XMLHTTP vulnerability: So far, we have only one confirmed sighting of this exploit, and it’s on an obscure website. If you ask me, this is a pretty crappy exploit (in that it doesn’t work all that well). We downloaded the page and according to Virustotal, only McAfee detected it.
Meanwhile, we are seeing the daxtcle.ocx exploit on a couple of sites, but it also is not widespread.
Just be careful out there.
Alex Eckelberry
(Thanks to Roger Thompson)
Looks like the Vxgames crew (nasty malware distributors) is getting into fake codecs. These sites do not have links to files… yet.
IP: 66.235.181.40
video3x-codec(dot)com
IP: 66.235.181.40
3xcash(dotbiz
And the lies from the Video3x-codec site:
Q: What is a Video3X-codec?
A: Video3X-codec is a special next generation video codec for ADULT movies only.Q: How is it work?
A: While processing adult movies, all the peculiarities of them are taken into consideration. So, on the base of that the quality of image and sound is greatly improved and they become more real than an ordinary movie.Q: What’s the difference between free and paid versions?
A: Paid version does not contain any loadable advertising modules. Movie and codec updates are made automatically and absolutely free.Q: What do I get if I use the codec? What is it for?
A: You get access to a huge collection of porn movies. Everyday’s update of movies, multinisheness and structered, convenient list.Q: How often are the movies updated?
A: Practically every day.Q: Cool! Will it run on my computer?
A: If you computer’s operating system is Windiws 95 – Windows XP, then you can use the codec. It integrates to Windows drivers and you can watch movies by any player, compatible with Microsoft Windows.
Obviously, do not download these codecs. They are bad news.
Patrick Jordan
There is a new vulnerability out there, and SANS has reported it in the wild.
We are on the lookout for sites and I will update as we get more information.
For now, here are your references:
Microsoft Security Advisory #927892 “Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution”
Secunia “Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability”
Securiteam “ActiveX – reason of the newest Windows 0-day, again”
CERT advisory.
Alex Eckelberry
(And thanks to Juha-Matti Laurio)
If you’re in Orlando for the CSI conference, a number of Sunbelters (including me) will be wandering the halls — causing inordinate amounts of trouble, of course.
Alex Eckelberry
Gromozon is a vicious piece of malware which installs on a user’s PC and does almost every crafty trick available to avoid detection and removal, including creating its own user account, using rootkit technology, renaming its files, and a whole host of other nasty things. And it’s certainly popping up on the radar out there in the security community.
But now these Gromozon jerks have gone a step further — making the program itself seem like it’s authored by someone else — a legitimate security researcher.
Of all things, the authors of this malware have inserted code in Gromozon which implicates Marco Giuliani of authoring it! Marco is a perfectly upstanding security researcher who, in fact, created a Gromozon removal tool for PrevX.
It’s absolutely incredible. Marco has the whole story here.
Alex Eckelberry
Ever since the BBC did an article on fake codecs, there’s been a flurry of press on the issue. We’ve been talking about these for over a year and it’s good they’re getting attention. These fake codecs are certainly out there, and while they are currently mostly used on porn sites, there is certainly the opportunity for them to move to more mainstream venues (no surprise, since porn is often the leading indicator of technology on the Internet. [I might, however, question seeing these fake codecs on sites like YouTube (baring being promoted through banner advertisements and the like), due to the way these fake codecs work and how videos are uploaded.]
Now, some of the articles infer that downloading videos themselves is potentially dangerous. Just to clarify for everyone, these fake codecs need to be installed, which requires a direct user action. The way they typically work is that you click on a video, and get a fake dialog box which says something like “you need to install this in order to view this video”.
For example, here’s a sample from today:
First, you get a message in the Windows Media player
Clicking on “click here” brings up the XP security dialog:
That’s a bad codec. But here’s an example of Zango (180Solutions) doing the same type of thing for the adware Seekmo, isntalled from a video site called smithhappens(dot)com:
In the case of Seekmo, you’ll get popup ads from 180solutions.
If you don’t allow the codec to be installed, you’re very likely going to be ok (of course, there is always the chance of an exploit being used to install a codec, but I’m giving you the general picture here).
So if you go to a website to view a video and it asks you to install something, be very careful. Even legitimate codecs like DivX have the chance to be abused. In the case of DivX, for example, I would go to the DivX site and install it directly.
Alex Eckelberry
Vista: Only the Shadow Folder Knows
One of the most potentially useful new features in (some editions of) Vista is the concept of “shadow folders,” which uses the shadow copy technology to allow you to revert back to previous versions of your files. The shadow copies are created automatically each day, and whenever you install an application or driver. To find a previous version of a file, you just open its Properties and click the Previous Versions tab — but note that this feature only comes with the Business, Enterprise and Ultimate editions of Vista. See how it works here.
How to Reinstall System Restore
The System Restore feature in Windows XP is a great one – but sometimes it quits working properly (or at all). In this case, you may need to reinstall it. Here’s how:
After the System Restore files are reinstalled, restart Windows.
Important note: this process will remove any existing system restore points.
How to Find Out if your Processor is Overheating
Here’s a handy little free utility that will read the sensors built into your motherboard and warn you if your processor is overheating. It works on all Windows operating systems from 9.x to XP (we haven’t tried it on Vista yet). Link here.
Download: Outlook Junk E-Mail Reporting Tool
Unlike anti-virus programs, multiple spam filters can play nicely together and provide you with better protection against unwanted email. If you use Microsoft Office, you can add another layer of spam catching with the built-in junk mail filters. And now you can make those filters more efficient by reporting any spam that still gets through to Microsoft. Doing so is a one-click operation when you download and install the Junk E-mail Reporting Tool here. (If you’re not happy with the Junk Mail filters in Outlook, you might consider doing a free trial run of our antispam tool, iHateSpam.)
Can’t configure automatic updates?
If you are having trouble configuring automatic updates (going into the Automatic Updates dialog box in Control Panel and all the options are grayed out), there are a couple of solutions.
The simplest and most common solution is that you aren’t logged on as an administrator. So first try logging on with an admin account.
If that doesn’t work, it may be that a policy has been enabled in the registry. To fix this, in your registry editor go to HKEY_LOCAL_MACHINE SOFTWARE Policies Microsoft Windows WindowsUpdate AU. In the right pane, delete two values: AUOptions and NoAutoUpdate.
Now go to this location: HKEY_CURRENT_USER SOFTWARE Microsoft Windows CurrentVersion Policies WindowsUpdate. In the right pane, delete this value: DisableWindowsUpdateAccess.
The above assumes you’re using a standalone (non-domain) Windows XP computer. If your computer is a member of a Windows domain, a Group Policy applied by your domain administrator may be preventing you from changing the auto update settings.
Error 1068 when you try to turn on ICS
If you attempt to enable Internet Connection Sharing in XP by running the ICS wizard, you might get an error message that says the dependency service or group failed to start. This means there is some service that’s needed by ICS, which is not turned on. To address the problem, you need to check out the status of the relevant services and turn on any that are disabled. For a list of the dependency services and instructions on how to turn them on, see KB article 827328 here.
Can’t log onto XP after removing spyware
If you use Ad-Aware by Lavasoft and it removes the spyware program wsaupdate.exe, you may not be able to log onto your XP computer because the spyware also makes a change to the registry that is not fixed by removing it. You can use the Recovery Console to fix the problem. For complete instructions, see KB article 892893 here.
Deb Shinder, MVP
Fake sites which lure you into either a fake codec or a security scam program. Stay clear of these.
85.255.118.242
iesafepage(dot)com
These were created yesterday, on Halloween:
85.255.118.210
iesecuritybar(dot)com
85.255.118.197
ivideocodec(dot)com
85.255.118.198
ns2.ivideocodec(dot)com
85.255.118.197
ns1.ivideocodec(dot)com
Patrick Jordan, Sr. Researcher
IP: 69.50.188.107
vidcodecs(dot)com
IP: 69.50.188.107
truecodec(dot)com
These codecs are bad news, don’t install them.
Patrick Jordan, Sr. Research
Yesterday during Halloween, we held our first-ever (and hopefully last) Lucha Libre fight, right here at Sunbelt Software.
The fight, between El Perro Grande and Senor del Dolor was refereed by Eduardo Rapido and took place in our building lobby and outside.
If you really want to completely waste time, you can view the footage for yourself.
Part 1 (indoors):
Part 2, outdoors, which shows El Perro Grande being unmasked
Bonus footage — more of the same
Credits:
El Perro Grande: Sunbelt’s IT Manager, John Jacobson
Senor del Dolor: Sunbelt’s VP of Product Management, Greg Kras
Eduardo Rapido (Spanish for “Fast Eddie”): Martin Hine, sales account manager
As a final note, I want to assure everyone that yes, we do actually perform work at this company. It’s just that we also take our time to have a bit of fun!
Alex Eckelberry
My friend Song Z. Huang, co-founder of Soonr (a startup in the mobile data space), shared his insight with me today as to “what’s the best phone”.
Which phone do I recommend? This is a question that I get ALL THE TIME… we are always testing on many different phones. Also, I get to do a lot of demos. Often times certain carriers work better in a particular location than others. So what’s the solution? Multiple phones of course! So recently I took all the phones out of my bag an took a picture of them all.
Here’s a little picture and a quick overview of every phone in my bag.
Left to Right, top to bottom:
LG Fusic – Sprint EVDO service. Great for demo of a consumer phone. Unique feature is the iPod like front control with a built in FM transmitter to send music to the radio. Problem is that the FM transmitter is super weak.
Nokia N93 – Cingular (unlocked World Phone). This phone has a 3.2megapixel camera that does a good job on pictures. It also has a video recording mode which is quite good for a camera phone. The unique feature is that it has real optics and a video outcapability for projected demonstrations. It also has wifi, which can make for a snappy demo.
Sony Ericsson K800i – Cingular (unlocked World phone). This is the undisputed champ of camera phones. It has a 3.2megapixel camera that doesn’t suck! The flash is a real xenon flash instead of a sorry LED that does nothing useful. The unique feature is the excellent camera.
Palm Treo 700P – Sprint EVDO. The elegance of the Palm OS is still prevalent. This phone is fast and works flawlessly. The 320 x 320 screen is stunning and the Bluetooth profles are not restricted in anyway. All this, and it does mobile TV. If only I could get an Ajax browser on this, life would be perfect.
Motorola Q – Verizon Wireless EVDO. This is my 3rd Q. The first one just died one day and started flashing weird bars on the screen. The second one I got wouldn’t hold a charge for a day and kept shutting itself off. When I was just about ready to crush the crap phone, they sent me a third. This one is delivering on the promise. This stylish form factor and nice feature set makes it a phone I can live with….until it probably dies again.
HTC PPC6700 – Sprint EVDO. The keyboard on this phone and the wifi make it very useful. The surprise is that it’s sluggish a hell even though it has a 400mHz processor. We’ve all passed this phone around the office and it doesn’t stick anywhere. I think it’s Windows Mobile 5 that is slowing things up and making it hard to use. There’s promise here, but for now, there are better phones out there. Unique feature is the slide out keyboard and the built in wifi.
BlackBerry 8700c – Cingular. The undisputed champ when it comes to email. That’s what you buy a Blackberry for. These guys have still done the best job of creating the ultimate email machine. The browser is sub-par, the phone is only passable, and there’s no multimedia features at all. Still, the stellar screen and email capability makes this the one to take when you absolutely must do email.
Which phone is the best? It all depends on the location, situation, and need. There is no one best phone… sorry, but that’s the truth.
Personally, I’ve had my share of PDAs and Blackberries, but I’ve settled on a simple Nokia GSM phone with no bells and whistles. But that’s because I like something that fits small in my pocket and really don’t need all the advanced features. I’ve even gotten to the point where I don’t bother to bring a laptop with me when I travel — it’s a hassle in airports, and technology is so ubiquitous these days that I just grab any old machine while on the road or borrow a co-workers laptop and remotely access my office email when I need it. Now that I have a car with Bluetooth capability, I’m thinking of upgrading to a Bluetooth compatible phone, but I still won’t bother with a smart phone. Of course, that’s just me — I’ve become fairly ascetic when it comes to technology.
What do you think? What’s your favorite, bestest phone ever?
Alex Eckelberry
Since the early days of the company, Halloween has been a major event here at Sunbelt. It’s evolved into a highly elaborate ritual which includes a parade down our main drag to the local coffee shop (replete with the locals gawking), a contest for best costume, and then a feast of pizza at lunch.
With so many employees, it’s hard to get all the pictures in here, but here are some choice ones.
A friendly fellow in tech support. Really, it’s ok — you can call us anytime, toll-free.
Allen McDaniel, lead programmer on our iHateSpam consumer product. I think he’s been reading too much spam.
No software company is complete without its complement of witches.
Lucha Libre, Sunbelt style. More on that later…
People in marketing… never trust them, bloody pirates.
Yes, it’s true. The clones have arrived.
Taking over the local coffee shop.
That’s Ruthanne in sales. I guess we need to pay more to our sales people.
The leaning tower of Sunbelt pizza.
Last year’s Halloween blog post here.
Alex Eckelberry
