Category: Uncategorized

Earlier we showed Microsoft’s security solutions being pushed in Vista.  Now we see the same thing in Exchange 2007 (beta 2), right from the console, thanks to some pictures forwarded to me by a faithful blog reader.  

In this first image, you can see a page in the console. Note the link that says “Secure your Exchange Servers from viruses, worms and other malware.”

The next picture shows the dialog you get when you click the link.

And then this picture shows the download site you’re taken to when clicking on the download link. 

Combine this type of activity with ruthless price undercutting, and you just have to say: “where’s the love, people?” 

 

Alex Eckelberry

A lawsuit against Zango was dismissed. 

Zango crows:

“We are pleased, but frankly not too surprised, by the voluntary, with-prejudice dismissal of the lawsuit by the plaintiffs,” said Ken McGraw, Zango’s executive vice president, general counsel and chief compliance officer. “We have maintained from its inception that this case had no merit. The dismissal vindicates that position.”

Note that detractors from Zango’s model are a “small group of fixated critics”.

“Despite occasional distractions like this unfounded lawsuit and the background noise of a small group of fixated critics, I’m very proud of the fact that our desktop advertising business continues to grow and progress nicely…”

This was the lawsuit by the cool-handed, gun-slinging firm of Collins Law, which has been active in the space, having also sued companies such as Direct Revenue and eBates.  

What’s the real story?  The case was dismissed with prejudice because Collins Law asked that it be.  There was no court decision, or impending decision, that played any role. The Judge did not order this dismissal.  It was voluntary.
 
The case involved only three individuals as plaintiffs.  It was not a class action lawsuit.  This case has no impact on the ability of other people who want to bring a lawsuit against 180Solutions/Zango.
 
Collins asked to dismiss the case because they did not believe that this particular case stood a good chance of being approved by the court as a class action.  The hope for a class action was why they brought the case in the first place.  

Vitalsecurity weighs in, not charitably to Zango’s case.

What can I say?  I’ve said my share already.

Alex Eckelberry

Doug Barney at Redmonmag preaches:

What should you do? Don’t blindly buy bigger and bigger Microsoft stacks. Just because it’s integrated doesn’t mean it’s best in the long run. Remember, the chief advantage of any monopoly is price control.

Support third parties. Don’t let Microsoft have it all, or you’ll have to live with it when they do.

(I’m so obviously biased I won’t even bother to add further commentary. )

Link here.

Alex Eckelberry

Text in a message is interpreted as a blank attachment by Outlook Express
When you use certain versions of Microsoft’s Outlook Express email client, you may find that some messages or newsgroup postings are incorrectly interpreted as blank attachments. This happens when the message body contains invalid attachment headers or footers. There’s a workaround to the problem, which you can find out about in KB article 898124.

How to Start and Run the XP Recovery Console
The Recovery Console is a tool built into Windows XP that will allow you to repair problems when your XP computer won’t start. Here’s how to start it:

1. Insert the Windows installation CD in your computer’s CD-ROM drive.
2. Reboot the computer from the CD.
3. At the Welcome to Setup screen, press F10 or R for Repair.
4. On a dual boot system, you’re prompted to enter the number of the Windows installation that you want to log onto.
5. Enter the administrator password when prompted.

You can use the Recovery Console commands to change file/folder attributes, run batch files, change the boot configuration, run chkdsk to repair disk problems, copy and delete files, disable and enable services, manage disk partitions, overwrite the boot sector, repair the Master Boot Record, format drives, and more. For a complete list of Recovery Console commands, click here. 

Using the New and Improved Vista Search Feature
The new search functionality in Vista makes it far easier to find what you’re looking for, whether that’s a document, program, picture or song. For instance, if you don’t want to click through the Programs menu to find an application such as Corel PhotoPaint, just type “Corel” in the search box on the Start menu and you might see several lists: one labeled Programs with any Corel programs you have installed, one labeled Files showing any files that contain the word “Corel” and one labeled Favorites and History that list any URLs you’ve visited on the corel.com web site.

If you click Search on the Start menu and then click the Advanced Search button on the Search dialog box, you can set very specific search parameters, including the types of finds you want to search (email, documents, pictures, music, contacts, games, instant messages, and many, many more), the location(s) to search, file sizes, dates, authors, filenames, or tags. You can save your searches, too, to prevent having to conduct the same searches over again. For more info about Vista search, click here. 

Uninstalling Vista from a dual-boot configuration. 
Uninstalling Vista from a dual boot machine is relatively straightforward – most of the time. Nonetheless, we recommend that you back up everything before you start. Then follow these steps:

1. Put your Windows XP installation CD in the CD-ROM drive and reboot the computer (be sure the BIOS is set to boot from CD).
2. Start the Recovery Console from the CD (see “How to Start the Recovery Console in XP” above).
3. Run Fixboot from the Recovery Console.
4. Run Fixmbr to reset the master boot record.
5. Exit the Recovery Console and reboot the computer.
6. Edit the boot.ini file to remove the Vista entry.
7. Format the partition on which Vista was installed.

Vista RC1 is out
As you probably know, Vista build number 5600, Release Candidate 1, was posted on the Microsoft web site on September 1. This code is said to be pretty much what we’ll see in the final commercial release. We’ll be testing RC1 this week and reporting back to you on our experiences. Meanwhile, Amazon posted the availability dates of Vista and Office 2007 as January 30, 2007, although Microsoft has not confirmed those dates. You can read more here.

Deb Shinder, MVP

Last week I did a bit of traveling from Dallas to San Diego and back, and had two of the most pleasant flights I’ve had in years. There were no snakes in sight, but there were other reasons that flying was so much less of an ordeal than usual. It was due in equal parts to the piloting skills and/or good weather that resulted in zero turbulence, the less-than-crowded plane that allowed two of us to spread out across three seats, and all my nice little electronic toys that occupied my mind and made the time pass quickly.

I had, in my nifty vertical briefcase that’s so much easier to haul down narrow airplane aisles than a traditional horizontal one, my extremely lightweight and compact Sony TX series laptop and my Samsung i730 Pocket PC phone. My son, who was traveling with me, had his own laptop and a Creative Zen Vision M portable media player. Looking around the plane after we reached cruising altitude, I noticed that about half the passengers were plugged in to their MP3 players, portable DVD players or electronic games, or were working on their computers.

I had to wonder how much of the peace and quiet in the cabin could be attributed to all those electronic gadgets. If deprived of my tech toys, I’d probably just read a book, but lots of people these days aren’t readers, and would probably be talking, drinking, etc. if they weren’t involved in their music, movies or work.

On the flight out, across the aisle and one row up from us was a young mother with a small baby. Unlike on a recent flight to Las Vegas where a crying baby went on and on for almost two hours (eventually reducing the mom to tears, too), we never heard a peep out of this one. I overhead the mother showing her seat mate that she had an earbud up next to the baby’s ear, and she explained that she was playing soft classical music to the baby. It certainly seemed to be working.

I was disappointed to read a couple of weeks ago that Boeing is dropping the Connexion onboard wireless Internet service because most passengers found the $9.95 per hour charges ($26.95 for the entire flight) too expensive. I had hoped the service would spread to domestic airplanes and that the cost would come down. I’d love to be able to surf the Web and send and receive email while I’m in the air.

Even without the ‘Net, though, there’s plenty I can get done with my gadgets. Putting business before pleasure, first I fired up Word on the laptop and finished an article I was writing. While I worked, I was also listening to a talk radio show I’d recorded previously. I had about fifteen hours of radio on the SD card in my PPC phone, and I can listen to them on that device or by popping the card out and inserting it into the built-in SD card reader on the laptop. After finishing the article, I opened up Microsoft Streets and Trips and looked up the route from the car rental agency to my destination in San Diego. All that out of the way, I shut off the radio show and decided to watch a movie. Despite it’s tiny size (under 3 lbs. and under 1 inch thick), the Sony has a built in DVD drive.

Listening to music, radio shows or movies is a great experience with my Shure sound-isolating earphones. They’re a little pricier than other brands, but the sound is fantastic; it’s like being right there in the middle of the movie or sitting onstage with the band. If I’d had them on that flight to Las Vegas, the crying baby might not have been an issue.

On the flight back, I was in the mood to read a book. Thanks to my electronics, though, I didn’t have to lug a heavy hardback or even a paperback onto the plane. Instead, I brought twelve novels – all ebooks that fit on that same 2 GB SD card along with my music and talk programs, and plenty of free space to spare. It’s easy to read on the Pocket PC without even having to break out the laptop. My husband prefers audio books, and you can store plenty of them on an SD card, too. My son spent most of the flights watching past episodes of “House” on the Zen. If only we’d had that in-flight Internet service, I could have used Orb to connect back to my Media Center PC and watch all the programs it had recorded, or even live TV. Oh, well.

One thought struck me as I watched so many of those around me using their own electronics, though. Being the obsessive-compulsive type that I am, I’m always careful to put the phone on flight mode as soon as I board the plane, and the Sony has a convenient switch for turning wireless on and off without opening the lid. Of course, the flight attendants always include a warning to turn off your devices in their standard spiel. But I’ve always wondered how many people ignore or forget those instructions – and just how much of a hazard that really poses to the plane’s navigational systems.

There have been a number of documented cases where pilots got erroneous instrument readings that were tracked down to computers, cell phones and even hearing aids. That’s why FAA rules restrict the use of portable electronic devices during takeoff and approach/landing. Use of cell phones and wi-fi is prohibited at any time during flight by most airline policies. Link here.

Despite all this, there has been an effort by some passengers and members of the cell phone industry to get the rules relaxed banning cell phone calls during flight, in particular. We saw during the September 11 terrorist attacks that many of Flight 93’s victims used their cell phones to find out from people on the ground what was going on. On the other hand, cell phones and other portable electronics can easily be adapted to detonate explosives devices, too.

But the more insidious threat is perhaps the unintentional interference posed by signals emanated by our tech toys. David Watrous, president of the RTCA (Radio Technical Commission for Aeronautics), who testified in July 2004 before a U.S. House of Representatives subcommittee on aviation hearing about the use of cell phone on aircraft, said that all portable electronic devices have the potential to interfere with avionics (radio navigation signals), especially when the plane is close to the ground. You can read his testimony here.

There have also been some “air rage” incidents that occurred when passengers were told to turn off their electronics. It appears that some of those “electronics addicts” take their habits very seriously. There are probably many other passengers who think they’re complying when they aren’t. With some devices, it’s not at all clear when they’re completely off and when they’re just in standby mode.

And even if allowing cell phone calls during flight doesn’t pose a risk to our safety, it certainly carries a potential threat to our peace of mind. Do you really want to listen to your fellow travelers babbling endlessly to their friends while you try to work or sleep? We already have to put up with that in grocery stores and restaurants.

Hmmm … it’s beginning to look as if electronics on planes could be as scary as snakes. MSNBC is running a poll on which you’d rather see on your next flight: snakes or cell phones. So far, the snakes are way out ahead. You can cast your vote here.

What do you think about electronics on planes? The best thing to happen to flight since the Wright Brothers, or a menace that should be eradicated? What electronic devices do you use on the plane? Do you always remember to turn off your devices when you’re supposed to? Have you seen other passengers using their cell phones or other prohibited electronics in flight? Do you think it really poses a safety threat or are the experts just being overly cautious? Would you like to see the ban on cell phone calls during flight lifted? 

Deb Shinder, MVP

Investigative complications because of ancient computer:

Maj. Gen. Gerhard Lang of the Federal Criminal Investigations Bureau said kidnapper Wolfgang Priklopil, who killed himself by jumping in front of a train within hours of Kampusch’s escape on Aug. 23, relied exclusively on a Commodore 64 computer — a model popular in the 1980s but now considered an antique.

Link here (with a hat tip to Ferg).

Alex Eckelberry

We’ve been holding seminars on spyware (our next seminar is in Pittsburgh).  One blogger went to our event in Seattle and wrote a nice blog entry about it, complete with a picture!

The overall presentation of the seminar was great, and Eric shared his insights into the antispyware space and its challenges, and the attendees’ participation helped in raising valid points about the state of the industry. Though I will not probably have the chance to use the enterprise management tool that was mentioned and demo-ed in the presentation, the apparent ease of use and managability of such a tool did give me some points to ponder about future enhancements to the system I’m managing.

Link here.

Alex Eckelberry 

Last week, I had criticized Jan Monsch’s tests on how well antivirus engines detected viruses inside of variants of Word files, since he had relied on a fake EICAR signature for his testing (Jan was trying to see if viruses could evade antivirus programs by embedding themselves into RTF files, XML documents, and the like).

Jan is a good guy and to his credit (unlike others), he took the critique well and we started a discussion.  After a series of follow-up emails with Andreas Marx and me, Jon created a new test with a real, live virus (Netsky), and the test results are interesting to observe.  Basically, here is how virus engines fared by file format (I’ve edited his table for clarity):

(It’s worth noting that these document types are not being used as an attack vector for viruses at this time.)

Link to the full PDF here.

Alex Eckelberry

A feature of social networking sites like MySpace and Tagworld is for people to ask to be your “Friend”.   Fellow Blogger Technocrat got an unpleasant surprise, a “Friend” request that delivered a WMF exploit. 

Not necessarily a big deal if you’re patched against the WMF exploit, but not all that nice if you aren’t, or don’t have AV protection that stops it. 

More here.

Alex Eckelberry
(Thanks Todd)

Configuring the WinXP firewall from the command line.
A tip from a SANS security specialist.  Link here.

Free Server Virtualization Seminar
SearchServerVirtualization.com has an upcoming seminar entitled “Server Virtualization: When, Why and How to Virtualize.” Whether you’ve already deployed virtualization or are just starting to consider it, attend this seminar in New York City to find out about server virtualization. Independent experts Bernard Golden and Chris Wolf will explain which servers you can virtualize and offer advice on how to effectively set and implement your virtualization strategy. Register here.

Dissecting The AD Architecture: Cross-references And Phantoms
Part one on the Infrastructure Master focused on the technical motivations, the role and general behaviors of the Infrastructure Master and a number of the related and/or dependent technologies. In this article, learn how cross-references, link-pairs and phantoms are critical to the AD architecture. Link here (free registration required).

Tips To Keep Your Windows Servers Humming
Servers that don’t perform well lead to unhappy users, and unhappy users can make your life hell. Check out this list of tips that can help you maintain the performance of your server. Link here.

Tip: Troubleshooting OWA Problems
Outlook Web Access is highly dependent on Internet Information Server. An improperly configured IIS server can cause OWA to malfunction for some or all of your remote users. In this article, learn which symptoms point to potential IIS configuration issues and how to resolve them. Link here (free registration required).

Windows System Configuration Utility: An Unexpected Antispyware Tool
The System Configuration Utility is a tool that shows you everything that is being run at system startup. It also gives you the option of disabling anything that should not be running. In this tip, learn how this utility can be particularly effective in the war against spyware.  Link here (free registration required).

Fast Guide: Clustering in SQL Server
There are many options to choose from when it comes to clustering. Choices include what to do when a server is failing or getting bogged down, do you want another to take over full operation or just some of its tasks? Will it be a complete fail-over design or just load balancing? What’s the best way to minimize downtime? This fast guide will help direct you towards the clustering design fit best for your environment. Link here.   

Microsoft Restructures Custom Support Agreements
Microsoft announced this week it has restructured its Custom Support Agreement (CSA) program for legacy products to provide large customers with more options when it comes time to begin migrating off of products for which log-term support has expired. No use repeat the whole story, you can read the rest at here.

Virtual Server 2005 R2 SP1 Beta 2 Released
Try saying this three times quickly: Microsoft is shipping Beta 2 of Virtual Server 2005 Release 2 Service Pack 1. The company made the Beta 2 code available for download on Thursday. According to statements on Microsoft’s Web site, Virtual Server 2005 R2 SP1 Beta 2 includes compatibility with both AMD Virtualization (AMD-V) and Intel Virtualization Technology (IVT), as well as providing Active Directory integration using service connection points. Read more at ENTMag here.

Redmond Drops Support For WinXP SP1 October 10
Our friends in Redmond will discontinue all public support of WinXP SP1 this Oct 10th. From there on out, no new security patches or hotfixes will be released. SP1 is getting a bit long in the tooth anyway, as it was replaced by SP2 Sept. 17, 2004. Keep in mind that all tech support will end Oct 10 as well! If you want to to get support, you will need to be updated to SP2. This move has been expected for a while. It’s a few months after Redmond’s announcement they ended all support for Win98 and ME this July 2006.

You might think, “Hey, but MS promised a full 10 years of mainstream and extended support for my business products!” Yes, that’s true, but that doesn’t apply for individual service packs. Their policy for service packs is that, “when a service pack is released, Microsoft will provide 12 months of support for the previous service pack…Support may be extended to 24 months for those service packs when Microsoft believes customers will need additional time for testing and deployment.”

So if you have not done it yet: You gotta move to SP2!

Stu

“Winning the War on the Spyware Battlefield”
Join renowned spyware researcher and Sunbelt’s Director of Malware Research, Eric Howes, for an engaging discussion on the scope of the spyware problem.

Hosted at the Microsoft office in Pittsburgh, PA on Thursday, September 21st. Register here.

Ok, despite my efforts to keep self-laudatory blog posts to a minimum, this one is slipping through my filter.  

Windows IT Pro, the major magazine out there focused on the needs of system administrators, holds an annual Readers Choice award.  

For the second year in a row, we just won in every category in which we were nominated:

• Best Spyware Blocker – CounterSpy Enterprise
• Best Antispam/Mail Server – iHateSpam for Exchange/Sunbelt Messaging Ninja
• Best Antispam/Client – iHateSpam
• Best Firewall/Desktop – Sunbelt Kerio Personal Firewall
• Best Vulnerability Scanner – Sunbelt Network Security Inspector
• Best Network Analyzer – LanHound

The only laggard was our Active Directory analysis tool, Directory Inspector, which won third place in the Active Directory Tool category.

These awards are given by tallying votes from IT managers/end users.

PR here.

Alex Eckelberry

From the latest Vista build we’re testing:

 

Nice, eh?

 

Alex Eckelberry

Recently, I made the decision to discontinue development and distribution of our popular LanHound packet sniffer and transition customers to the good folks over at Network Instruments, makers of the award-winning Observer protocol analyzer.   This is part of our effort to continue our razor-sharp focus on our security product line, moving out of the system management business.   It was not an easy decision, as LanHound was one of the first products I worked on here and there are some fond memories.  But it was the best decision for our customers. 

The deal for LanHound customers is really good: All LanHound customers are eligible for a fully-functional software license for Network Instruments Observer and three licenses for the Network Instruments Advanced Single Probe for every LanHound license owned and currently under maintenance.  Of course, all existing LanHound maintenance support agreements will be honored.

Observer is a great product, providing our customers all of the functionality of LanHound with an easy-to-use interface, as well as greater reporting and analysis capabilities.  In addition to all of the features and functionality of LanHound, Observer provides an immediate and more in-depth view of network performance and activities through real-time reporting of performance statistics, traffic, and voice and video communications. Best of all, the Network Instruments family of solutions scales to meet customer network management needs.

If you’re a LanHound customer, you can visit the special site setup here:  www.networkinstruments.com/lanhound.  Press release .

Alex Eckelberry

Tenebril was acquired yesterday by Process Software.  Tenebril was backed by Sierra Ventures, who apparently bought into the company on the cheap and then brought in a couple of rock star Zone Labs execs (who left about six months later).  

Process is a subsidiary of Halo Technology Holdings, a company that trades on the OTB bulletin board.

 

Alex Eckelberry
Update: SEC Filing here.

Greenpeace announces the best and worst high tech companies in environmental responsibility.   Top of the class is Nokia and Dell, with Apple, Motorola and Lenovo down at the bottom.  

Link here.  And you can take action here to send an automated letter to the manufacturers who didn’t do well.

And yes, even though I’m not some Che Guevera-loving, granola-crunching, tree-hugging, Birkenstock wearing activitist, I do <confession coming…> drive a Prius; I believe that it is our responsibility as business leaders to make the least impact possible on our environment, and hopefully do something positive for it. 

Alex Eckelberry

 

Windows Desktop Search now supports 64 bit XP
Microsoft has released Beta 2 of Windows Desktop Search 3.0, and the good news is that it now supports 64 bit versions of XP and Server 2003. There are also a number of fixes, and you can upgrade from previously released versions without uninstalling them. You can download it here.

How to Use FolderShare to Transfer Big Files
Sometimes you need to send or receive files that are very large in size, even after they’re zipped. Your ISP or the sender’s/recipient’s on the other end may not support file sizes that are over a certain limit (usually a couple of MB), and you might not want to set up an FTP server for security reasons. One solution is to use FolderShare, a file synchronization service that was recently acquired by Microsoft and is now in beta as part of the Windows Live family. You can download the software for both Windows and Mac OS X. Here’s how to use it once it’s installed:

1. If you haven’t used FolderShare before, on the Welcome screen, click “I don’t have a FolderShare account.”
2. On the New Account Information page, choose a nickname and password and type in your email address. You also have to check a box certifying that you’re over 13 years of age.
3. The software will connect to the FolderShare server and create your account.
4. On the “choose a computer name” page, the default is your computer’s name on the network. Accept the default and click Finish.
5. Now you’ll see a flashing icon in the system tray. You can click a FolderShare library if you’ve been invited to share one, or click My FolderShare to go to the web site and set up a folder to share, sync your folders, share your folders with friends on the Internet, or access your files. FolderShare operates like a private P2P program. Those you invite can share items in the folder(s) you designate to share, but can’t access anything else on your computer.

You can find FolderShare here.

Need to get Windows to stop hiding some of the icons in your system tray?
Annoyed by having to expand the system tray whenever you want to see all of the icons there?  Windows hides system tray items that are inactive, but you can configure on a per-item basis which icons should be hidden when inactive and which ones shouldn’t.

Just right click an empty space in the toolbar and select Properties. On the Taskbar tab, at the bottom of the page uncheck the box that says “Hide inactive icons” if you don’t want any of them to be hidden. Or check the box and click the Customize button if you want to specify which ones should be hidden when inactive. In the Customize Notifications dialog box, for each item you can choose “Hide when inactive,” “Always hide” or “Always show” from the dropdown box.

Make Windows Explorer display Web view templates or HTML customizations
By default, Windows XP doesn’t display Web view templates (Folder.htt) from earlier versions of Windows. This is a security measure, to prevent content that might not be safe from running when you open a folder. If you need to display a folder in Web view, you can find out how to edit the registry to enable it in KB article 819028.

Can’t view or change Read-Only or System attributes of folders
When you use the Properties dialog box on a folder, you may wonder why the Read- only checkbox is grayed out and there is no checkbox to change the System attribute. This is because the Read-only attribute for folders is usually ignored by Windows and application programs and the System attribute is used to designate if a folder has special formatting. But some programs won’t allow you to save files to a folder that has Read-only or System attributes, so there may be times when you need to change these. Find out how (and read the caveats about doing so) in KB article 326549.

Vista Sidebar: love it or leave it out?
One of the most talked-about aspects of the new Vista desktop is the sidebar. This is a collection of “gadgets” (small applets) that are shown by default running down the right side of the screen. Vista comes with a number of gadgets that you can enable/disable: a calculator, analog clock, CPU and memory meters, currency converter, RSS feed tracker and feed watcher, notepad for jotting quick notes, slide show that displays the photos in your Pictures folder, stocks ticker, number and picture puzzles, games, and recycle bin. You can download additional gadgets to install here.

If you don’t like the sidebar, you can disable it. There are several ways to do so, as described here.

Or you just hide it, by right clicking an empty space in the sidebar and selecting Close Sidebar.

Deb Shinder, MVP

As those of you who follow my blog posts know, I’ve been happily using Vista as my main working computer for the last few months. Yeah, I know Russ Cooper disapproves  but I happen to disagree with his postulation that you shouldn’t run a beta on a production or Internet-connected machine. In fact, I am indeed running anti- virus software on it, and it’s safely tucked behind our ISA firewalls. I’ve had zero security breaches with it, and to all appearances it’s at least as secure as my XP machines and one heck of a lot more secure than all those Windows 98 computers that are still out there running on production networks and directly connected to the Internet.

Of course, the machine on which I run Vista isn’t my only system, and I’m dual booting Vista on it so I can always go back into XP if I need to do so. But I really love the Vista interface and I’d stay in Vista all the time – except for one not-so-minor issue that’s been driving me nuts, especially for the past few weeks.

For years, I’ve worked with three monitors on Windows 2000 and then XP. When I installed Vista, it recognized my ATI x600 PCI Express video card and the two monitors connected to it with no problem – but alas, the third monitor, which was connected to a Matrox 450G PCI dual head card, was sadly blank. After a bit of research, I learned that Matrox was not providing Vista drivers for their cards and has no plans to do so until the operating system is commercially released. Even then, who knows whether they’ll make Vista drivers available for “legacy” cards like the 450G?

Well, I slogged along with two monitors for a while, and most of the time, that works okay. Then I had a major research/writing project to work on, and I really missed having that third monitor so I could “spread out” and have my Word doc open on one screen, my browser on another, and the outline from which I was writing on another, without having to switch between windows. I know a lot of people who’ve never used multiple monitors think it’s silly and excessive, but everyone I know who has used them absolutely appreciates how much more productively you can work with all that screen real estate.

So I set out to get that third monitor functional again in Vista. I didn’t realize I was embarking on an adventure.

It was obvious that I was going to have to buy a new video card. So I thought I’d take the opportunity to add more “bling” to my Vista system, and get a card with a TV tuner, since the Vista beta is Ultimate Edition, which includes Media Center. There’s a CATV jack in the office that we’re not using, so I figured I’d run the cable to my computer and be able to record TV on my Vista machine.

I found an ATI All-in-Wonder 2006 that was very reasonably priced for a tuner- equipped card with 256MB of memory and HDTV output ($137 from Amazon). It was listed as compatible with Vista. Its interface was PCI Express, and my Dell workstation came with three PCIe slots, so that should work, right? Well, when the card arrived, I relearned a lesson I’d forgotten: never take anything for granted. I opened the case to find that, indeed, there were two empty PCIe slots – but one was a 1x slot and one was 4x. My cool new card, of course, needed a 16x slot, and the single one of those that I have was already taken by my ATI x600 video card.

Okay, so I could just replace the x600 with the All-in-Wonder, and have my Media Center functionality and be slightly better off than before, although still without the third monitor, right? Well, no. The All-in-Wonder has only one monitor connector, so if I did that, I’d lose my second monitor too. I could watch TV, but I wouldn’t be able to get much work done. The All-in-Wonder went into the closet and I went back to the drawing board.

I did have two regular PCI slots open, but it seems ATI has no PCI cards that are Vista-capable. Oh, I did read about a rumor that they released a PCI Radeon x1300 in Japan … hmmm. I’m afraid flying to Tokyo in search of a video card would cost more than the other alternative that I was actually seriously considering at this point: buying a whole new computer that has more than one 16x PCIe slot. Dell’s top of the line Dimensions and Precisions have two 16x slots, but they cost a bundle. Surely there was a less expensive solution to my problem. I even thought about buying a new 24 inch monitor to give me more screen space with just two. After all, that would cost less than $1000, whereas the new high end computer would cost close to $2000.

I keep looking, and finally found an Invidia Geforce 5200 card with 256 MB of RAM that supports DirectX 9.0 (required for Vista) and had a regular PCI bus. I read more and found that some folks were using that card with Vista. And the price was right, $82 at New Egg. So I clicked my way through the order and eagerly awaited its arrival.

It got here yesterday, and today I cracked open the case on the Dell again and installed it with much anticipation. Booted into Vista, downloaded the Vista drivers, and … got an error message saying the installation failed. Tried a few tricks that often work in such situations, but no joy. Now I had three video cards in my computer, with a total of six monitor connectors, but I still could use only two in Vista.

It was enough to drive me back to XP. And in fact, I booted back into XP to check whether the new card worked there. Yep, when I opened my display properties, there was the monitor that was attached to it. All I had to do was check the “Extend my desktop” box and I had three monitors again. And since the Matrox card was still in there, it actually thought I had four monitors. Well, it just so happens there was an extra 19 inch flat panel sitting on the floor in a corner of the office; it had come with a Dell computer we bought a few months ago and we didn’t need it. Just for kicks, I hooked it up to the Matrox card, and now I have a four-monitor array … but only in XP. Here are some photos Tom took as I was configuring them.

So now I have to choose between Vista with two monitors or XP with four. When it was two vs. three, the decision wasn’t as difficult, but I am loving having a desktop that just goes on and on. I have a feeling I’ll be working in XP a lot more now, at least until these video card vendors get on the ball and get me some Vista drivers.

How about you? What adventures have you had with Vista, and were they bad enough to drive you back into the arms of XP? Or if you haven’t tried Vista yet but use multi-monitors on XP, could you ever give up your extra monitors?

Tell us your experiences and opinions.

Deb Shinder, MVP

EICAR is a group of security experts that research malware.  Quite a while back, they created a test program that all antivirus scanners would recognize as being a “virus” file.  

It has no virus attributes.  In fact, it’s just a string of characters:

X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

That’s it.  Nothing more.  It’s not even designed to “simulate” a virus attack.  It’s just something to test your antivirus product to make sure it’s detecting things, useful for testing security in an organization, etc., and virtually all antivirus scanners recognize it.

Enter Jan Monsch, a security expert who decided to embed this EICAR file into various versions of Word files and then run the results against VirusTotal.com. 

He came up with results that to the casual observer, would be disturbing.  AVG, Ewido, NOD32 and others all came in with zero detection of this file, while Microsoft and McAfee detected all the “samples”.  Link here. 

I don’t want to malign Jan, as his heart is in the right place.  However, although well meaning, it’s not an entirely useful test. 

Here’s why, and I’ll paraphrase virus expert Andreas Marx:

The EICAR test file was used incorrectly. An EICAR test file is not suitable for this kind of testing,  as it should only be detected in its plain 68 byte version, according to the definition which can be found at the EICAR test site. 

No AV product should be able to detect this file in other forms, if they would follow the strict definition which has been put into place for security reasons. For example, a while back, there was a virus that propagated itself by a .bat file. Trying to evade detection, it started with the EICAR Test Signature and then executed the virus.  Many AV companies detected this BAT virus as being an EICAR test file, even though it was a very dangerous program. Similar issues can happen with other scripting languages, so the EICAR Test File definition was adjusted so that the file not only has to start with the EICAR Test File code, but it has a maximum length and only some whitespace characters (e.g. a CR/LF line-feed) were allowed.

Some AV companies are following this rule in a strict way (and they are blamed for not detecting the file, even they are following the rules), and other antivirus companies don’t care either way, so they are still detecting an EICAR test file — even if nothing should be detected.  

Using command line scanners for the test: VirusTotal.com was used for the tests, which only uses command line scanners.   The results of a command line scanner versus a full antivirus program can be different, such as the case of packed, archived or embedded malware.

Also, keep in mind that an embedded EICAR signature might or might not be stopped at a gateway; and it might or might not be stopped at the desktop by the on-demand scanner; but as long as the on-access guard is active, there should be no issue with the virus. If it gets in a state where it might be executable (e.g. extracted to a temp folder on disk), the real-time protection should be able to stop it. 

The theory behind the test (embedding different viruses inside of different flavors of Word) is not entirely without merit — although one wonders if MS Word would even execute a piece of malware in this type of scenario.  But this gets me back to a subject that I will keep harping on — simulators are not real world.  We have good, solid nasty malware that’s freely available from the security research community for these types of tests.  

Can we please all agree to stop using simulators for research and start testing with real malware?   That’s what Vmware is for!

 

Alex Eckelberry

Update/Clarification:  Jan explains that this exercise was to be used to test gateway scanning engines, which may change the argument about his not using a full antivirus product. More here. (I am in discussion with Jan about running a new test with real malware, which may be an interesting and potentially useful exercise.)

CounterSpy Enterprise 1.8 has shipped. This is a really good release — absolutely the best release of our enterprise version to date and one of the best releases in our history.  I’m very proud of all of those that worked on it.

The release is mostly “under the hood” improvements, but the difference in performance and scalability is dramatic.  

More company propaganda here.  Product link here.

 

Alex Eckelberry