Category: Uncategorized

Weird. AOL digs for gold.

AOL said Tuesday it intends to search for bars of gold and platinum that the company believes are hidden near the home of Davis Wolfgang Hawke’s parents on two acres in Medfield, Mass.

Link here via MediaPost.

Alex Eckelberry

In case of emergency: get notified
This public service web site will send you a notification when there is a local, regional or national emergency, to your pager, cell phone or email address. You can select which types of emergencies you want notifications for (severe weather, homeland security, cyber threats, missing children/Amber alerts, even organ donations). You can have the notices sent to your email address, cell phone, pager or fax number. You can also block non-emergency content during specific hours (such as when you’re sleeping or when you’re at work). Check it out here. 

How to change the location of the print spool folder
XP uses the spool folder on your hard disk to store queued print jobs. Without it, you’d have to wait until printing was finished to use other programs on your system. The spool folder is located on the partition where your Windows system files are installed, but if this partition gets low on free space, you can move it to a different location. This can also speed up performance. Here’s how:

1. First, be sure you’re logged on with an administrative account.
2. Click Start | My Computer.
3. Select the drive where you want to store the spool folder.
4. Click Make a New Folder under File and Folder Tasks in the left pane.
5. Type a name for the folder.
6. Click Start | Printers and Faxes.
7. Click File | Server Properties, then click the Advanced tab.
8. In the Spool Folder field, enter the path to the new folder you created in step 4.
9. Click Apply.
10. After any documents currently printing have finished, click Yes.
11. Click OK.

How to make make audio CDs from MP3s.
If you have lots of MP3 music files that you want to put on a CD and your player doesn’t support the MP3 format, one way to create a compatible CD is by using Windows XP with Windows Media Player 10 or Vista with Media Player 11 (and a CD burner, of course). Here’s how:

1. Open Windows Explorer (right click Start and click Explore) and navigate to the folder on the local machine or on the network that contains your MP3 files.
2. Select the files you want to put on CD, remembering that .cda files are larger than .mp3 files and you can only get about 74 minutes’ worth of music on an audio CD. Hold down CTRL to select multiple files.
3. Right click the selected files and choose Burn.
4. Windows Media Player will open to the Burn tab. Note that the files have been added to the Burn List.
5. Ensure that a blank CD is inserted in your CD burner. Click the Burn Now button.

That’s it! Windows will create a CD with your songs saved in CD Audio format, which will play on older CD players that don’t support the MP3 format.

Remove the Turn Off Computer button from the Start menu
Want to make it more difficult for other users of your shared computer to shut it down? You can remove the Turn Off Computer button from the Start menu (along with many other restrictions that can be applied using the local Group Policy). KB article 307882 walks you through the steps of creating a Group Policy Editor MMC and editing your local Group Policy object to remove the button.  Link here.

Sync information on multiple mobile devices
Do you have several handheld devices (such as Pocket PC and Windows Mobile phones)? Want to synchronize your files, contacts, calendar and email across all your devices? You can configure XP to do so, by following the instructions in KB article 314644 here.

Event Viewer gets a whole new look
If you use the Windows Event Viewer to view event log information for troubleshooting problems in Windows, you’ll be pleasantly surprised at how much more robust this administrative tool is in Vista. Accessed via the Administrative Tools applet in Control Panel, by typing “eventvwr.exe” at the command line or by simply typing “event viewer” in the search box on the Start menu, it now features a three-pane MMC with clickable Actions for performing common tasks in the right pane. There are many new application logs, and filtering the logs to find specific events is much easier and more precise. To see some screenshots of the new Event Viewer, click here.

When can we expect Vista and Office 2007 to be released?
The final release dates for Windows Vista, the next generation of Microsoft’s desktop operating system, and the next version of Office (2007) have been a moving target. We expected to get both before the end of the year, then Microsoft pushed release dates for both to sometime in early 2007. Now rumor has it that the two will debut together in January – but don’t hold us to that. Read the latest speculation here.

Vista coupons let you upgrade your hardware early
Been waiting to buy a new PC until Vista comes out? Now that the release of Vista has been delayed until 2007, you might think that means you won’t be able to take advantage of the 2006 Christmas holiday sales, but Microsoft and major computer vendors have found a way around that. They’re planning to sell PCs capable of running Vista with upgrade coupons that will let you get and install the new operating system at no extra charge when it’s released (whenever that turns out to be). See the story here.

Deb Shinder
Microsoft MVP

Upgrading is a good thing, right? Who among us wouldn’t, if we could afford it, always fly first class instead of cattle – er, economy – class? Who doesn’t prefer the deluxe suite to the standard hotel room? Who wouldn’t want to wear the latest fashions instead of last year’s? Oh. Hmm. So maybe upgrading isn’t always a good thing, after all.

When it comes to software, upgrades are a little like death and taxes; they’re inevitable. Sooner or later, no matter how fond you are of that old MS-DOS program, eventually you’re probably going to get tired of trying to make it work on evolving operating systems, or you’ll be seduced by the plethora of features offered by modern programs, and you’ll upgrade. Still holding on to Windows 98? A recent survey of our readers showed that a surprising number of you are. But sooner or later, that old computer will crump, and when you buy a new one, it’ll come loaded with XP or Vista or What Lies Beyond, and you’ll be … upgraded.

Personally, I embrace most new technology and consequently, I usually upgrade to new operating systems and applications before they even become commercially available. I’ve been running Vista as a secondary OS for well over a year and as my primary OS for many months. I run the Office 2007 beta on both main desktop systems and my laptop.

I guess when it comes to software, I’m like those folks who revel in new romances. I’m happiest when I’m “getting to know” a new version of Windows or a favorite productivity program. I delight in discovering cool new features (and writing about them). I even like finding the bugs, omitted features and other problems in new software, if for no other reason than to figure out workarounds that I can report to others.

But I know I’m not typical, and most folks just want their computers to work. You want to be able to read and send email, surf the web, create documents and spreadsheets and slideshows as quickly and easily as possible. And therein lies the trouble with upgrades: even when the new version is better, it usually involves some degree of learning curve, and that’s something that many of us don’t have time for or don’t want to bother with.

Lots of you subscribe to the “if it’s not broke, don’t fix it” philosophy, which in this context means if your current software works, there’s no reason to upgrade. And if you do upgrade – either because you have no choice because you’re using a company computer, or because you really need one particular feature in the new version – you want to be able to keep things as much like the old version as possible. The first thing that many users of a new operating system do is go through and switch everything to the Windows classic view, so their XP or Vista computer will look like Windows NT/2000. And the most frequent complaint I’ve heard about Office 2007 is that Microsoft “forces the new interface on you” – that there’s no way to turn off the ribbon feature and go back to the old, familiar menu format.

Human beings, in general, tend to react negatively to change. Never mind that the ribbon interface lets you do a lot of things faster; it’s different and, like the husband who hates it when his wife rearranges the furniture, some of you don’t want to spend even five minutes learning where things are now. Even those in the industry aren’t immune. Mary Jo Foley, editor of Microsoft Watch, proudly touts her “dinosaur” status in her June column for Redmond Magazine. You can read it here.

Of course, if you don’t like the ribbon, you can just keep on using Office 2003. If you upgrade to Office 2007 and don’t like it, you have only yourself (or perhaps your boss) to blame. But what about when upgrades become mandatory? We’ve talked before about Microsoft’s policy of discontinuing support for older versions of software, which has the effect of forcing you to upgrade to a newer version if you want to be able to get security fixes or help with technical problems. But you can still choose to keep the old versions and “go it alone” if you choose.

That may not always be the case. We reported a couple of weeks ago that Microsoft plans to distribute IE 7 as a high priority update via Automatic Updates, which means if you have auto update enabled, you’ll get it whether you want it or not.

The rationale behind this “update mandate” policy is, of course, security. The new version of IE contains numerous security improvements that will make the browsing experience safer. However, at least in the beta, IE 7 also has some problems (at least on the XP version) with rendering some pages correctly or even accessing them at all. Some people are likely to squawk loudly when you find that they’ve been involuntarily upgraded, even if it is “for their own good.”

What do you think?

Do you rush to be the first on your block to try out the latest and greatest new software versions or will they take away your MS-DOS and WordPerfect v. 4 only when they pry them from your cold, dead hands?

Or do you fall someplace in between? Should new versions of an application always allow you to “fall back” to the old look and way of doing things, or should choosing to upgrade mean you’re willing to accept boldly going where you’ve never gone before?

What about mandatory updates? Should Microsoft “push” new versions of their free apps, such as IE, on you through auto update, or should you have to explicitly download and install them (even if they add security)?

Tell us your opinions.

Deb Shinder

Hackers at a website have posted a number of cross-site scripting (XSS) vulnerabilities in a number of sites, including security vendors Eeye, F-secure and Cisco.

As you probably know, cross-site scripting is a method to where something from one source can be inserted into another.  A common use is in phishing, such as making a phishing site magically appear to be the real financial site.

For example, clicking here will take you to the Sun site, with a wonderfully self-serving message.  (And if you want to get really irritated, click here to go to the Cisco site, but don’t tell me I didn’t warn you). 

Brian Krebs has more details, here.

Alex Eckelberry 

UPDATE:  The XSS links above have been fixed by at least Cisco.  I think the Sun one should still work.  

I missed blogging this last week as I was in a mad scramble to travel to California, but my old employer, Borland, has revitalized the Turbo brand with a killer deal — a free compiler dubbed TurboExplorer.

From their press release:

The Turbo product set includes Turbo Delphi® for Win32, Turbo Delphi for .NET®, Turbo C++® and Turbo C#®. Each version will be available in two editions: Turbo Explorer, a free downloadable version, and Turbo Professional, a version priced less than $500 which is designed to accept thousands of available third-party tools, components and plug-ins. All Turbo editions enable developers to rapidly build high performance GUI, Database, Web, and Web Services applications for Microsoft Windows. Turbo Delphi for .NET and Turbo C# support the Microsoft .NET and ASP.NET platforms. More information is available at www.turboexplorer.com.

I was in Borland back in the 80’s when the company was still fairly small and it was a great place — great culture, great products and many brilliant people. Over the years, the company lost its way at various times and then recently established itself as a testing tools company (through the acquisition of Segue). The languages were to be sold off, but apparently that won’t be the case.

So if you’re interested in learning programming, get this free product.

Warms my heart, this does. 

More at /. also.

Alex Eckelberry

Well, not exactly, but this is what local photographer Hubert Heller named the photograph.  It’s our building at night.

Alex Eckelberry

unitedtoserve2005(dot)com redirects to a hard core porn site, search(dot)porn-info(dot)info, which offers “totally free porn videos”. 

These are Zango porn videos — you watch them but get Zango spyware installed on your system.

More curious is that viewing unitedtoserve2005 with Javascript disabled brings up some very disturbing keywords, like the following (WARNING: very offensive language):

pre-teen pussy
young teen models
animal sex pic
hot teens asian
Free teen pics
cartoon house
Kids masterbating
children masterbating
Adult Vhs Rape
Sex adult
incest sites
incest free stories
only incest stories
Incest Free Stories
Only teens
and much more.

The full text file is here, but it is very offensive.

It is unknown whether unitedtoserve2005 is owned by the same company that makes the porn-info(dot)info (and other sites).  However, there is clearly a relationship as unitedtoserve2005 redirects to the Zango-supported porn site.

Related sites are arcadeforum(dot)biz,  aiasinc(dot)info, angelsandinspirations(dot)com and others.

Thanks to blog reader Francesco for the tip, and for Sunbelt’s Adam Thomas for follow-up.

Alex Eckelberry

Washington State sues Movieland.com and others for “installing software that takes control of a consumer’s computer by launching aggressive and persistent pop-ups that demand payment for a movie download service.”

Link here, full complaint here.

Alex Eckelberry

I’ve talked before about the problems of doing business with some third party ad networks. Unfortunately, the folks over the Guardian signed up with one and the result is Zango!

It’s live right now, you can see it by going to any number of places on guardian.co.uk, including this site and refreshing your browser. After a while, you’ll get an ad that looks like this:

It’s an ad placed by Fastclick.

Nice, eh? 

Alex Eckelberry
(Thanks Paperghost)

So some poor guy sued by Warner, Sony BMG, UMG, BMG, Capital Records and Atlantic dies.

The plaintiffs have graciously allowed the family 60 days to grieve.  And then they’re back in business.

1. Plaintiffs have recently learned that Defendant, Larry Scantlebury, passed away on June 20, 2006. Please see the attached Death Certificate.

2. Prior to Mr. Scantlebury’s passing, Plaintiffs believed that there was potential to resolve the case. While at the time of Mr. Scantlebury’s death, he had not responded to Plaintiffs’ discovery (he had asked for and received extensions), he had indicated that others, in addition to Mr. Scantlebury, were involved in the infringement of Plaintiffs’ copyrights.

3. Plaintiffs do not believe it appropriate to discuss a resolution of the case with the family so close to Mr. Scantlebury’s passing. Plaintiffs therefore request a stay of 60 days to allow the family additional time to grieve.

4. In the event the parties do not reach a resolution with Mr. Scantlebury’s estate or the other family members involved, Plaintiffs anticipate amending the complaint following depositions of members of Mr. Scantlebury’s family.

Link here (more legal docs here) via John Paczkowski

As I’ve said before, I respect artists.  I have no respect for bullies.

Alex Eckelberry

Update:  They’ve withdrawn the suit out of an “abundance of sensitivity”.  (Thanks Mercen4ry.)

So our buddy PaperGhost blogged about some guy who made a skin for WinAmp, which installs Zango.

In a forum post, the skin maker defends his actions, saying:

haha, if you don’t want Zango don’t install the update. You have the option, it’s not forcing anything on you. We added it that in to potentially make some money doing this, but I didn’t want to make anyone upset over this.

Does this violate some winamp rule? There is nothing in the version downloaded from winamp.com that does anything to your computer, correct?

Please let me know what the ‘official’ winamp stance is on things of this nature.

Thanks! and sorry for any inconvenience

What an ass.

Alex Eckelberry

I got back in yesterday morning from a whirlwind trip to the west coast (hence the light blogging).  In the middle of our trip, we started hearing the reports of the big terrorist bust.  

We were fearing the worst when we got to San Francisco airport on Friday night .   American Airlines told us to get to the airport three hours before the flight to make sure we could get through.

Of course, the actual security check-in only took about 10 minutes.  For the first time in years, I got a pat-down, but otherwise, it was without incident.  We had hours to spend in the airport, which meant that we got to have a relaxing dinner and time to do some light shopping at a book store.  A waste of time but what the heck.

But I wonder about the security measures taken at airports these days.  Bruce Schneier editorializes today as to his thoughts on the matter:  

Hours-long waits in the security line. Ridiculous prohibitions on what you can carry onboard. Last week’s foiling of a major terrorist plot and the subsequent airport security graphically illustrates the difference between effective security and security theater.

None of the airplane security measures implemented because of 9/11 — no-fly lists, secondary screening, prohibitions against pocket knives and corkscrews — had anything to do with last week’s arrests. And they wouldn’t have prevented the planned attacks, had the terrorists not been arrested. A national ID card wouldn’t have made a difference, either.

Link here.

Good, solid intelligence work is what busts these plots.  9/11 was a failure of the intelligence community, not necessarily a failure of airport screeners.  The data was there, but it was ignored. 

While airport screeners have gotten much more polite and it’s not nearly as rough a situation as it was in the months after 9/11, we need to remind ourselves as a country that air travel is a vital, integral part of our economy.  Perhaps this means that we should stop allowing any bags, cell phones or laptops.  If that’s the case, then fine, let’s just make the decision and start making the security check-in process a rapid, pleasant experience.  It’s stressful enough to travel these days without having to deal with worrying about shaving cream and lighters.

Alex Eckelberry

Homeland Security: Fix Your Windows
In a rare alert, the U.S. Department of Homeland Security has urged Windows users to plug a potential worm hole in the Microsoft operating system. The agency, which also runs the United States Computer Emergency Readiness Team (US-CERT), sent out a news release on Wednesday recommending that people apply Microsoft’s MS06-040 patch as quickly as possible. The software maker released the “critical” fix Tuesday as part of its monthly patch cycle. The flaw addressed in MS06-040 is the only one among the updates that could let an anonymous attacker remotely commandeer a Windows PC without any user interaction. There will soon be worms that’ll exploit this MS06-040 vulnerability, so be quick to fix! It’s all over the press, but ZDNet has a good write up here.

Our friends at eEye created a free scanner that you can run on your network and quickly check which machines are vulnerable: It’s called the Retina MS06-040 NetApi32 Scanner and is here.

IT Pro: My Nine Biggest Professional Blunders
We’ve all had at least one or two embarrassing moments on the job, whether they involved inadvertently wreaking havoc on a system, making a social gaffe, or mishandling a project. IT pro Becky Roberts decided to come clean and share her worst career moments —along with the lessons she took away from each experience.

Mark Russinovich Teaches Very Last Public Windows Course
By now, many of you have heard about Microsoft’s acquisition of Sysinternals and Winternals and that Mark Russinovich has joined Microsoft as in the Platforms and Services Divison. Mark will be teaching his last public Windows OS internals and advanced troubleshooting class with David Solomon on September 18-22 in San Francisco. (David will continue to offer the class through his company, see www.solsem.com). For details or to register, click here.

Aberdeen Messaging Security Survey Invite
If you are into messaging security and want some free, fresh research, spend 10 minutes and fill out this survey. All responses are kept anonymous and the report strictly contains averages and statistics based on the results. To show their appreciation to anyone taking the time to fill out the survey, AberdeenGroup will send all survey participants a final copy of the report which they normally sell for $399. Here is the description of the survey:

AberdeenGroup is conducting a study to explore the successful methods used by best-in-class organizations to secure email, instant messenger, and web based communication while revealing the impact messaging security has on productivity and operational costs. Specific technologies will include inbound and outbound message and content inspection and control, anti-spam and phishing detection and protection, encryption, and messaging compliance monitoring and enforcement solutions. The solutions that will be examined will include appliances, software (server and desktop), messaging server, custom developed and ASP offerings based on both commercial and open source technologies. Take the survey here.

Windows Vista Upgrade Paths
WinITPro created a nifty little table that clarifies what Microsoft released about the available upgrade paths to the various versions of Vista. Any other versions of current OSs, including Windows 2000 and 64-bit versions of Windows XP, can’t be upgraded and will require a clean installation.

Step-by-Step Guide: Blocking Peer-to-Peer Applications
Although millions of people use peer-to-peer applications, don’t for a moment think these apps are above suspicion. They pose some very serious threats to your organization’s security. Learn more about these threats and ways to block peer-to-peer applications in this guide, here.

In-depth Guide: Server Consolidation Via Virtualization
In this special report, industry experts offer advice on why, when and how to use virtualization technologies to consolidate server workloads. At the new SearchServerVirtualization site here.

Windows Update Bug Brings Computers To Crawl With Scan
Windows experts said a bug in Microsoft Update causes computers to slow down considerably when scanning the system. Microsoft is looking into the problem. Find out more in this article at SearchWinIT here.

Redmond Comes Out With VoIP Hub
Did you know that MS is working on a single real-time communications and collaboration platform that includes a software-based voice infrastructure aimed at replacing IP-based voice hardware? Yup! They are going after those IP phones on your desk.

This Tuesday, Microsoft added yet another piece to the IP-based backend it is creating when it announced that its voice recognition technology would be folded into its forthcoming VoIP hub. The whole story is at Network World, and worth checking out, here.

Standardizing Management Modeling Language
Network World also came out this week with a an interesting piece of news about Microsoft taking a first step toward standardizing a management modeling language. This week Microsoft said it was working with a bunch of partners to create a standard modeling language designed to help corporations better manage their infrastructure.

Redmond and partners released the draft spec of the Service Modeling Language (SML) which is supported by system management heavies like HP, IBM, BEA, BMC, Cicso, Dell, EMS, Intel, Sun and is based on Redmond’s System Definition Model. If you run a large environment, this is worth reading, here.

Linux Cannibalizing Unix
According to IDC, in the US government enterprise server market, Unix is losing share to Linux. Unix used to be really strong in that segment, but it’s losing steam, being eaten alive by Linux which will rise from 11.6% in 2004 to 15.2% by 2009. Poor old Unix will drop from 34.8% to 30.1%.

Microsoft Readies VM Manager Beta
Microsoft’s foray into virtual machine management came closer to reality with the release of the first beta for its Virtual Machine Manager. Link here.

Stu

Symantec tears into Vista’s security model.  Good stuff, here. (Thanks JP).

Alex Eckelberry

How to decide whether to upgrade to 64 bit XP
Have you been tempted by the availability of 64 bit hardware to buy a new computer, but wondering what you’ll lose if you switch to the 64 bit OS? Aside from the issues over Blue Pill discussed in today’s editorial, here are some other things to be aware of before you take the plunge:

• You can’t upgrade 32 bit XP Pro to XP x64 and preserve your settings. However, you can dual boot the two on the same computer.
• MS-DOS and 16 bit Windows programs won’t run on XP x64, so if you have any of these that you still use, you’ll need to keep a 32 bit system around, or dual boot, to run them.
• Hardware devices must have 64 bit drivers to run on the 64 bit OS. Otherwise they won’t work.
• You can run 32 bit applications on XP x64, but they run in a Windows On Windows (WOW) subsystem.

If you’re running a 64 bit edition of Windows, let us know what you think. What 64 bit processor do you use (AMD or Intel)? What, if any, compatibility problems have you had (hardware and software)? What advantages have you noticed? Is the extra performance worth it? 

How to use the Network Diagnostics Tool
Networking problems are one of the most frustrating types of computer problem you can have these days, since so many applications – including browsing the Web – depend on Internet connectivity. Because networking is complex and just one wrong setting can cause you to get those irritating “cannot display the webpage” messages in IE, these problems can also be tough to diagnose. But you can better track down what’s wrong and fix it with Microsoft’s Network Diagnostics Tool. Find out how to get and run it here.

And for a detailed tutorial on using it, see Charlie Russel’s article here.

You get error messages when you try to start or install an MS-DOS or 16 bit program
You can run old legacy programs written for MS-DOS or 16 bit Windows on your XP computer, but sometimes you might find that you get error messages saying the system file is not suitable for running MS-DOS and Microsoft Windows applications. Your only option is to select Close to terminate the application. What’s up with that? Usually, it means your config.nt, autoexec.nt and/or command.com file is missing or corrupt. You can fix the problem by reinstalling the files from the XP installation CD. For instructions on how to do so, see KB article 324767.

Explorer.exe stops responding when you use network shortcuts
If you have a Windows XP computer with SP1 or SP2 installed and you’ve also installed security update 821557, you might find that Explorer.exe stops responding and hangs up if you try to access network shortcuts on another computer using the shortcuts in My Network Places. This happens because of an increase in network traffic. There’s a hotfix available that will fix the problem, but Microsoft recommends you install it only if you’re severely affected by the problem. To find out how to get it, see KB article 841978.

“Up” button replaced by something better
The new Windows Explorer interface in Vista takes a little getting used to. We’ve had several folks ask “Where’s the ‘Up’ button that used to let us go up one level in the file structure?” and the answer is: it’s gone. But that’s actually not a problem, because it’s been replaced by something better. The folder path shown in the address bar is now clickable – you can click on any level in the path to go up one or more levels instantly (instead of clicking “Up” several times to go up several levels). It makes navigation easier – once you get into the habit. Try it; we think you’ll like it.

Black Hat attendees impressed with Vista security efforts
The Black Hat crowd isn’t an easy one to impress, and many attendees come in with a pre-set anti-Microsoft attitude, so it was interesting both that Microsoft decided to put their Vista security improvements “out there” at this year’s conference, and that a surprising number of those in attendance admitted to being impressed with those improvements. Read more here.

Deb Shinder

 

As computer users, we want to know when there’s a threat out there that makes our systems vulnerable to attack. Like Neo in The Matrix, most of us have no desire to take the little blue pill that will make us think all is well when it’s really not. On the other hand, we don’t like alarmists who scream from the rooftops that the sky is falling and make the latest computer security threat sound like doomsday incarnated. Sometimes it’s hard to know where the middle ground is.

We’ve gotten email from several readers over the last couple of weeks, concerned about a new type of malware that was created by a Singapore security researcher named Joanna Rutkowska and appropriately named Blue Pill. IT publications and blogs have sounded the alarm bells, touting the “undetectable” nature of the code and, in some cases, implying that the scope of the threat is greater than it is. Here’s a more balanced report.

At last week’s BlackHat computer security conference in Las Vegas, Ms. Rutkowska herself gave a presentation on how this technology works on 64-bit Vista. BlackHat was logical venue for this type of presentation. The annual conference has been going on since 1997 and brings together IT computer specialists, law enforcement and legal experts, and hackers. I’ve been a BlackHat speaker in the past and my husband Tom developed the course materials for the ISA Ninjitsu training session at this year’s conference and was on hand to field questions.

The presentation demonstrating Blue Pill took place on the second day of the conference. Despite being scheduled at the end of the day, it drew standing room only (or more accurately, “no more standing room”) crowds – not a surprise after all the publicity. Here’s what we’ve learned about the threat:

Blue Pill is a type of rootkit – that is, malware that conceals itself from security software. Although some articles and blogs have given the impression that it’s based on a vulnerability in the Vista operating system, it’s actually based on AMD’s SVM Pacifica virtualization technology (and Rutkowska herself has been very clear that the exploit is not based on any flaw in Vista). The Pacifica technology provides “chip level” virtual partitioning to allow for running multiple operating systems simultaneously on the same computer (virtual machines or VMs). Pacifica is an extension to the 64 bit x86 architecture and is included on the Athlon 64 and Turion 64 processors. Although Rutkowska’s Blue Pill prototype was developed to run on Vista, it can be adapted for Linux or any other 64 bit operating system that runs on this hardware.

The reason this rootkit is so difficult to detect is because the operating system is running inside the hypervisor, or VM, whereas the rootkit is running underneath the VM. Since the rootkit files are outside of the virtual OS, there’s no way for the operating systm to detect that they’re there. Microsoft Research had previously developed a proof of concept VM rootkit called SubVirt. You can read more about the VM rootkit concept here.

Here’s the good news: Blue Pill was developed by a security researcher, not a hacker. Rutkowska and others are working on methods for detecting VM-based rootkits. Meanwhile, it’s not out there in the wild. Also, since it’s based on the Pacifica technology, unless you’re running an AMD 64 bit processor, your system is not vulnerable to Blue Pill. (However, Intel also has a hardware virtualization technology called VT, previously code named Vanderpool. It’s possible that such an exploit could be developed for it, too). Finally, Microsoft has vowed to find a way to prevent Blue Pill from being used on Vista before the final version of the OS ships.

Bottom line: it’s great that researchers like Joanna Rutkowska are warning us (and the hardware and software vendors who can do something about it) that threats like this exist. What’s not so great is the way some folks in their blogs and on the message boards are spreading the FUD (fear, uncertainty and doubt) that this is a sign that Vista is not secure. Ms. Rutkowska has diligently tried to counter this misinformation; here is one of her own posts on seclists.org.

What do you think? Should the tech media splash news of new exploit types all over the headlines, or does this just give hackers ideas? Should we wait to report on them until a solution has been found? Do you prefer to know about possible threats, even if they aren’t “in the wild” yet?

Or would you prefer to take a Matrix-type blue pill and live in your own little world, protected from such nasty knowledge? Do tech writers tend to oversensationalize these stories, or do we downplay them too much? 

Deb Shinder

Eegawds, I have never seen an attack like this on this blog.  Massive comment spam attack.

I’ve cleared them out, but may have inadvertently killed one or two comments.  Sorry, nothing intentional.

Alex

 

Some interesting pics here and here via Funsec.

Alex Eckelberry

 

We’re in the process of adding archiving functionality to our email security product, Ninja.  If you’re involved in managing email for a business, we’d love your feedback. Link here.

Alex Eckelberry

An “amateur” video posted on YouTube turns out to be made by slick PR firm DCI, who represents Exxon.

This is a stunt of pure audacity and sheer stupidity. 

I suppose what really ticked me off about this video is that it takes the position that science and fact are boring — and that X-Men is more fun!  Just the kind of message we want to send to our kids.

You can see the awful video at YouTube, here.  More at /.

Alex Eckelberry