Month: August 2006

Ok, despite my efforts to keep self-laudatory blog posts to a minimum, this one is slipping through my filter.  

Windows IT Pro, the major magazine out there focused on the needs of system administrators, holds an annual Readers Choice award.  

For the second year in a row, we just won in every category in which we were nominated:

• Best Spyware Blocker – CounterSpy Enterprise
• Best Antispam/Mail Server – iHateSpam for Exchange/Sunbelt Messaging Ninja
• Best Antispam/Client – iHateSpam
• Best Firewall/Desktop – Sunbelt Kerio Personal Firewall
• Best Vulnerability Scanner – Sunbelt Network Security Inspector
• Best Network Analyzer – LanHound

The only laggard was our Active Directory analysis tool, Directory Inspector, which won third place in the Active Directory Tool category.

These awards are given by tallying votes from IT managers/end users.

PR here.

Alex Eckelberry

From the latest Vista build we’re testing:

 

Nice, eh?

 

Alex Eckelberry

Recently, I made the decision to discontinue development and distribution of our popular LanHound packet sniffer and transition customers to the good folks over at Network Instruments, makers of the award-winning Observer protocol analyzer.   This is part of our effort to continue our razor-sharp focus on our security product line, moving out of the system management business.   It was not an easy decision, as LanHound was one of the first products I worked on here and there are some fond memories.  But it was the best decision for our customers. 

The deal for LanHound customers is really good: All LanHound customers are eligible for a fully-functional software license for Network Instruments Observer and three licenses for the Network Instruments Advanced Single Probe for every LanHound license owned and currently under maintenance.  Of course, all existing LanHound maintenance support agreements will be honored.

Observer is a great product, providing our customers all of the functionality of LanHound with an easy-to-use interface, as well as greater reporting and analysis capabilities.  In addition to all of the features and functionality of LanHound, Observer provides an immediate and more in-depth view of network performance and activities through real-time reporting of performance statistics, traffic, and voice and video communications. Best of all, the Network Instruments family of solutions scales to meet customer network management needs.

If you’re a LanHound customer, you can visit the special site setup here:  www.networkinstruments.com/lanhound.  Press release .

Alex Eckelberry

Tenebril was acquired yesterday by Process Software.  Tenebril was backed by Sierra Ventures, who apparently bought into the company on the cheap and then brought in a couple of rock star Zone Labs execs (who left about six months later).  

Process is a subsidiary of Halo Technology Holdings, a company that trades on the OTB bulletin board.

 

Alex Eckelberry
Update: SEC Filing here.

Greenpeace announces the best and worst high tech companies in environmental responsibility.   Top of the class is Nokia and Dell, with Apple, Motorola and Lenovo down at the bottom.  

Link here.  And you can take action here to send an automated letter to the manufacturers who didn’t do well.

And yes, even though I’m not some Che Guevera-loving, granola-crunching, tree-hugging, Birkenstock wearing activitist, I do <confession coming…> drive a Prius; I believe that it is our responsibility as business leaders to make the least impact possible on our environment, and hopefully do something positive for it. 

Alex Eckelberry

 

Windows Desktop Search now supports 64 bit XP
Microsoft has released Beta 2 of Windows Desktop Search 3.0, and the good news is that it now supports 64 bit versions of XP and Server 2003. There are also a number of fixes, and you can upgrade from previously released versions without uninstalling them. You can download it here.

How to Use FolderShare to Transfer Big Files
Sometimes you need to send or receive files that are very large in size, even after they’re zipped. Your ISP or the sender’s/recipient’s on the other end may not support file sizes that are over a certain limit (usually a couple of MB), and you might not want to set up an FTP server for security reasons. One solution is to use FolderShare, a file synchronization service that was recently acquired by Microsoft and is now in beta as part of the Windows Live family. You can download the software for both Windows and Mac OS X. Here’s how to use it once it’s installed:

1. If you haven’t used FolderShare before, on the Welcome screen, click “I don’t have a FolderShare account.”
2. On the New Account Information page, choose a nickname and password and type in your email address. You also have to check a box certifying that you’re over 13 years of age.
3. The software will connect to the FolderShare server and create your account.
4. On the “choose a computer name” page, the default is your computer’s name on the network. Accept the default and click Finish.
5. Now you’ll see a flashing icon in the system tray. You can click a FolderShare library if you’ve been invited to share one, or click My FolderShare to go to the web site and set up a folder to share, sync your folders, share your folders with friends on the Internet, or access your files. FolderShare operates like a private P2P program. Those you invite can share items in the folder(s) you designate to share, but can’t access anything else on your computer.

You can find FolderShare here.

Need to get Windows to stop hiding some of the icons in your system tray?
Annoyed by having to expand the system tray whenever you want to see all of the icons there?  Windows hides system tray items that are inactive, but you can configure on a per-item basis which icons should be hidden when inactive and which ones shouldn’t.

Just right click an empty space in the toolbar and select Properties. On the Taskbar tab, at the bottom of the page uncheck the box that says “Hide inactive icons” if you don’t want any of them to be hidden. Or check the box and click the Customize button if you want to specify which ones should be hidden when inactive. In the Customize Notifications dialog box, for each item you can choose “Hide when inactive,” “Always hide” or “Always show” from the dropdown box.

Make Windows Explorer display Web view templates or HTML customizations
By default, Windows XP doesn’t display Web view templates (Folder.htt) from earlier versions of Windows. This is a security measure, to prevent content that might not be safe from running when you open a folder. If you need to display a folder in Web view, you can find out how to edit the registry to enable it in KB article 819028.

Can’t view or change Read-Only or System attributes of folders
When you use the Properties dialog box on a folder, you may wonder why the Read- only checkbox is grayed out and there is no checkbox to change the System attribute. This is because the Read-only attribute for folders is usually ignored by Windows and application programs and the System attribute is used to designate if a folder has special formatting. But some programs won’t allow you to save files to a folder that has Read-only or System attributes, so there may be times when you need to change these. Find out how (and read the caveats about doing so) in KB article 326549.

Vista Sidebar: love it or leave it out?
One of the most talked-about aspects of the new Vista desktop is the sidebar. This is a collection of “gadgets” (small applets) that are shown by default running down the right side of the screen. Vista comes with a number of gadgets that you can enable/disable: a calculator, analog clock, CPU and memory meters, currency converter, RSS feed tracker and feed watcher, notepad for jotting quick notes, slide show that displays the photos in your Pictures folder, stocks ticker, number and picture puzzles, games, and recycle bin. You can download additional gadgets to install here.

If you don’t like the sidebar, you can disable it. There are several ways to do so, as described here.

Or you just hide it, by right clicking an empty space in the sidebar and selecting Close Sidebar.

Deb Shinder, MVP

As those of you who follow my blog posts know, I’ve been happily using Vista as my main working computer for the last few months. Yeah, I know Russ Cooper disapproves  but I happen to disagree with his postulation that you shouldn’t run a beta on a production or Internet-connected machine. In fact, I am indeed running anti- virus software on it, and it’s safely tucked behind our ISA firewalls. I’ve had zero security breaches with it, and to all appearances it’s at least as secure as my XP machines and one heck of a lot more secure than all those Windows 98 computers that are still out there running on production networks and directly connected to the Internet.

Of course, the machine on which I run Vista isn’t my only system, and I’m dual booting Vista on it so I can always go back into XP if I need to do so. But I really love the Vista interface and I’d stay in Vista all the time – except for one not-so-minor issue that’s been driving me nuts, especially for the past few weeks.

For years, I’ve worked with three monitors on Windows 2000 and then XP. When I installed Vista, it recognized my ATI x600 PCI Express video card and the two monitors connected to it with no problem – but alas, the third monitor, which was connected to a Matrox 450G PCI dual head card, was sadly blank. After a bit of research, I learned that Matrox was not providing Vista drivers for their cards and has no plans to do so until the operating system is commercially released. Even then, who knows whether they’ll make Vista drivers available for “legacy” cards like the 450G?

Well, I slogged along with two monitors for a while, and most of the time, that works okay. Then I had a major research/writing project to work on, and I really missed having that third monitor so I could “spread out” and have my Word doc open on one screen, my browser on another, and the outline from which I was writing on another, without having to switch between windows. I know a lot of people who’ve never used multiple monitors think it’s silly and excessive, but everyone I know who has used them absolutely appreciates how much more productively you can work with all that screen real estate.

So I set out to get that third monitor functional again in Vista. I didn’t realize I was embarking on an adventure.

It was obvious that I was going to have to buy a new video card. So I thought I’d take the opportunity to add more “bling” to my Vista system, and get a card with a TV tuner, since the Vista beta is Ultimate Edition, which includes Media Center. There’s a CATV jack in the office that we’re not using, so I figured I’d run the cable to my computer and be able to record TV on my Vista machine.

I found an ATI All-in-Wonder 2006 that was very reasonably priced for a tuner- equipped card with 256MB of memory and HDTV output ($137 from Amazon). It was listed as compatible with Vista. Its interface was PCI Express, and my Dell workstation came with three PCIe slots, so that should work, right? Well, when the card arrived, I relearned a lesson I’d forgotten: never take anything for granted. I opened the case to find that, indeed, there were two empty PCIe slots – but one was a 1x slot and one was 4x. My cool new card, of course, needed a 16x slot, and the single one of those that I have was already taken by my ATI x600 video card.

Okay, so I could just replace the x600 with the All-in-Wonder, and have my Media Center functionality and be slightly better off than before, although still without the third monitor, right? Well, no. The All-in-Wonder has only one monitor connector, so if I did that, I’d lose my second monitor too. I could watch TV, but I wouldn’t be able to get much work done. The All-in-Wonder went into the closet and I went back to the drawing board.

I did have two regular PCI slots open, but it seems ATI has no PCI cards that are Vista-capable. Oh, I did read about a rumor that they released a PCI Radeon x1300 in Japan … hmmm. I’m afraid flying to Tokyo in search of a video card would cost more than the other alternative that I was actually seriously considering at this point: buying a whole new computer that has more than one 16x PCIe slot. Dell’s top of the line Dimensions and Precisions have two 16x slots, but they cost a bundle. Surely there was a less expensive solution to my problem. I even thought about buying a new 24 inch monitor to give me more screen space with just two. After all, that would cost less than $1000, whereas the new high end computer would cost close to $2000.

I keep looking, and finally found an Invidia Geforce 5200 card with 256 MB of RAM that supports DirectX 9.0 (required for Vista) and had a regular PCI bus. I read more and found that some folks were using that card with Vista. And the price was right, $82 at New Egg. So I clicked my way through the order and eagerly awaited its arrival.

It got here yesterday, and today I cracked open the case on the Dell again and installed it with much anticipation. Booted into Vista, downloaded the Vista drivers, and … got an error message saying the installation failed. Tried a few tricks that often work in such situations, but no joy. Now I had three video cards in my computer, with a total of six monitor connectors, but I still could use only two in Vista.

It was enough to drive me back to XP. And in fact, I booted back into XP to check whether the new card worked there. Yep, when I opened my display properties, there was the monitor that was attached to it. All I had to do was check the “Extend my desktop” box and I had three monitors again. And since the Matrox card was still in there, it actually thought I had four monitors. Well, it just so happens there was an extra 19 inch flat panel sitting on the floor in a corner of the office; it had come with a Dell computer we bought a few months ago and we didn’t need it. Just for kicks, I hooked it up to the Matrox card, and now I have a four-monitor array … but only in XP. Here are some photos Tom took as I was configuring them.

So now I have to choose between Vista with two monitors or XP with four. When it was two vs. three, the decision wasn’t as difficult, but I am loving having a desktop that just goes on and on. I have a feeling I’ll be working in XP a lot more now, at least until these video card vendors get on the ball and get me some Vista drivers.

How about you? What adventures have you had with Vista, and were they bad enough to drive you back into the arms of XP? Or if you haven’t tried Vista yet but use multi-monitors on XP, could you ever give up your extra monitors?

Tell us your experiences and opinions.

Deb Shinder, MVP

EICAR is a group of security experts that research malware.  Quite a while back, they created a test program that all antivirus scanners would recognize as being a “virus” file.  

It has no virus attributes.  In fact, it’s just a string of characters:

X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

That’s it.  Nothing more.  It’s not even designed to “simulate” a virus attack.  It’s just something to test your antivirus product to make sure it’s detecting things, useful for testing security in an organization, etc., and virtually all antivirus scanners recognize it.

Enter Jan Monsch, a security expert who decided to embed this EICAR file into various versions of Word files and then run the results against VirusTotal.com. 

He came up with results that to the casual observer, would be disturbing.  AVG, Ewido, NOD32 and others all came in with zero detection of this file, while Microsoft and McAfee detected all the “samples”.  Link here. 

I don’t want to malign Jan, as his heart is in the right place.  However, although well meaning, it’s not an entirely useful test. 

Here’s why, and I’ll paraphrase virus expert Andreas Marx:

The EICAR test file was used incorrectly. An EICAR test file is not suitable for this kind of testing,  as it should only be detected in its plain 68 byte version, according to the definition which can be found at the EICAR test site. 

No AV product should be able to detect this file in other forms, if they would follow the strict definition which has been put into place for security reasons. For example, a while back, there was a virus that propagated itself by a .bat file. Trying to evade detection, it started with the EICAR Test Signature and then executed the virus.  Many AV companies detected this BAT virus as being an EICAR test file, even though it was a very dangerous program. Similar issues can happen with other scripting languages, so the EICAR Test File definition was adjusted so that the file not only has to start with the EICAR Test File code, but it has a maximum length and only some whitespace characters (e.g. a CR/LF line-feed) were allowed.

Some AV companies are following this rule in a strict way (and they are blamed for not detecting the file, even they are following the rules), and other antivirus companies don’t care either way, so they are still detecting an EICAR test file — even if nothing should be detected.  

Using command line scanners for the test: VirusTotal.com was used for the tests, which only uses command line scanners.   The results of a command line scanner versus a full antivirus program can be different, such as the case of packed, archived or embedded malware.

Also, keep in mind that an embedded EICAR signature might or might not be stopped at a gateway; and it might or might not be stopped at the desktop by the on-demand scanner; but as long as the on-access guard is active, there should be no issue with the virus. If it gets in a state where it might be executable (e.g. extracted to a temp folder on disk), the real-time protection should be able to stop it. 

The theory behind the test (embedding different viruses inside of different flavors of Word) is not entirely without merit — although one wonders if MS Word would even execute a piece of malware in this type of scenario.  But this gets me back to a subject that I will keep harping on — simulators are not real world.  We have good, solid nasty malware that’s freely available from the security research community for these types of tests.  

Can we please all agree to stop using simulators for research and start testing with real malware?   That’s what Vmware is for!

 

Alex Eckelberry

Update/Clarification:  Jan explains that this exercise was to be used to test gateway scanning engines, which may change the argument about his not using a full antivirus product. More here. (I am in discussion with Jan about running a new test with real malware, which may be an interesting and potentially useful exercise.)

CounterSpy Enterprise 1.8 has shipped. This is a really good release — absolutely the best release of our enterprise version to date and one of the best releases in our history.  I’m very proud of all of those that worked on it.

The release is mostly “under the hood” improvements, but the difference in performance and scalability is dramatic.  

More company propaganda here.  Product link here.

 

Alex Eckelberry

Last night, I had the dubious honor of helping my mother with her AOL account.  The advertisements on her email screen made it look like some garish mixture between a third world candy store and a bordello.   

Why in the hell should she have to look at these ads?    She pays for AOL. 

Anyway, StopBadware doesn’t like AOL 9.0 much. According to an article today in Infoworld, a report is to come out today that:

…blasts the free version of AOL 9.0 because it “interferes with computer use,” and because of the way it meddles with components such as the Internet Explorer browser and the Windows taskbar. The suite is also criticized for engaging in “deceptive installation” and faulted because some components fail to uninstall.

The main problem is that AOL simply doesn’t properly inform users of what its software will do to their PCs, said John Palfrey, StopBadware.org’s co-director. “We don’t think that the disclosure is adequate and there are certain mistakes in the way the software is architected in terms of leaving some programs behind,” he said. “When there are large programs, some of which stay around after you’ve thought you’ve uninstalled them, they need to be disclosed to the user.”

Because AOL has taken steps to address StopBadware.org’s concerns, the group has held off on officially rating AOL 9.0 as badware, Palfrey said.

Link here.

Alex Eckelberry
(With copious thanks to Catherine)

Smart readers of my blog probably already know this, but it’s worth mentioning.

This grainy black and white picture is an “eavesdrop” of a flat screen monitor 75 feet away.

Link here.

Alex Eckelberry

Cade Fasset at PC Advisor writes about his recent run-in with spyware. 

Because of the battery drain caused by spinning the CD/DVD drive, and also because lugging around a stack of game discs in my briefcase is not very appealing for several reasons, I often go out on the web and download ‘cracks’ for my games to bypass the CD checks. I should say now that every game I play is legally purchased and owned by me, and is installed only on my computer. I only bypass the CD to save battery life and to avoid having to take my discs everywhere.

Link here.

Alex Eckelberry

Over the past two weeks, Consumer Reports has been slammed by the bulk of professional researchers in the security community for testing antivirus programs using 5,500 “fake” viruses. 

Consumer Reports fans and a minority group in the security community, however, fought back —– after all, Consumer Reports is seen by many as a competent, independent testing lab and antivirus companies are generally seen as lazy, self-serving, money-hungry companies who have been soaking users for years with crappy products and high subscription fees, etc, etc.  So even though Consumer Reports was lambasted by professional security researchers with no ties to antivirus companies, it was seen by some as whining by money-hungry antivirus companies.   

Well, ok, on to Chapter 2, which is more damning than the AV test. Because I have something which is so incredible, it boggles the mind

In addition to antivirus programs, Consumer Reports tested antispyware applications. And they have now confirmed that they did not test against any spyware for their antispyware testing.   (Feel free to read that sentence again.)

Instead, their entire test of antispyware applications was based on running applications against Spycar, a set of applications written by Intelguardians that mimic spyware behavior — directly against the explicit instructions of the Spycar developers.

The entire test.  Blocking. Scan and remove.  The works. 

From a letter to us:

We assessed the ability of products to detect and block malware that had not yet been explicitly included in definition updates. This required the software to be capable of examining typical behaviors using heuristic methods. In the case of spyware, we used the public suite of Spycar scripts as published by Intelguardians Network Intelligence LLC, at http://www.spycar.org.

For each tested anti-spyware product, installed as the only anti-spyware product in a virtual session, we did a fresh boot and an update check for the product. We then ran each of the Spycar suite’s 17 components, allowing the anti-spyware program to attempt to detect and either warn the user or block the behavior. We then ran the evaluation tool and noted the behaviors that had been allowed. We then refreshed the session (undid the actions), and repeated the “infections”, but this time, prior to evaluation, we ran a scan with the anti-spyware program and allowed it to detect and undo any behaviors it found post-infection. We then ran an evaluation to see how many behaviors still remained.

The results of our two runs formed the basis of the “Blocking” performance in our ratings.

What does Spycar do?  It does things like install fake registry keys, changes your start page and the like.   It is specifically designed to test how well antispyware programs block unknown applications — not scan and remove. 

Remember that antispyware applications generally should do three things: 

a) Scan for spyware. 

b) Remove spyware. 

c) Block new spyware, hopefully before it infects your system.  

Spycar is ONLY designed to be a limited test of the blocking capability of an antispyware program. 

As Ed Skoudis, one of the authors of Spycar, pointed out to me:

Spycar is focused on evaluating behavior-based detection mechanisms.  That’s labeled very clearly all over the Spycar website.  Its only use in testing signature-based scanning products is in showing that they are just that, signature-based scanning products.  That is, Spycar can be useful in determining that a product has no real-time behavior-based detection mechanisms.  But, it’s not useful beyond that determination in evaluating on-demand signature-based tools or comparing them against each other.  Now, it can be used to show that  one tool has real-time behavior based defenses, and another doesn’t.   That is a useful comparison point, provided that customers understand what it means (and, an article should explain that).  But, again, it cannot be used to determine which of two purely signature-based scanners is better [my emphasis].  

This fact is made clear in section 1 of Spycar’s EULA:

Intelguardians created Spycar so anyone could test the behavior-based defenses of an anti-spyware tool.  It is intended to be used to see how anti-spyware tools cope with new spyware for which they didn’t have a signature.   It is not intended to provide perfect anti-spyware tests, or to act as a substitute for any other form of evaluation.  In particular, it is designed to test solely the ability of anti-spyware products to conduct behavior-based (non-signature based) detection of spyware. It is also not intended to disparage any particular anti-spyware product.

It is also explicitly not to be used as a sole testing method, something the authors of Spycar make very clear on their website.  

Is Spycar a Comprehensive Test of Anti-Spyware Tools?
No.  Spycar models some behaviors of spyware tools to see if an anti- spyware tool detects and/or blocks it.  But, spyware developers are very creative, adding new and clever behaviors all the time.  Spycar tests for some of these common behaviors, but not all.  Also, with its behavior-based modeling philosophy, Spycar does not evaluate the signature base, the user interface, and other vital aspects of an anti-spyware tool.  Thus, Spycar alone cannot be used to determine how good or bad an anti-spyware product is.  We’ve used it to find several gaps in anti-spyware product defenses, but Spycar is but one tool for analyzing one set of characteristics of anti-spyware products.  A comprehensive review of anti-spyware tools should utilize a whole toolbox, of which Spycar may be one element…

In other words, Consumer Report’s methodology will not tell you if an antispyware application can remove Spyware Quake, Lop, Look2me, haxdoor, or any of a number of other vicious, nasty programs. 

And even more surprisingly, even though Consumer Reports used the Spycar testing methodology, they never even contacted the authors of Spycar for advice or feedback. 

So, Consumer Reports

a) Ignored the instructions of the Spycar authors and used the simulator as the sole method of testing.  

b) Ignored the instructions by the Spycar authors to not use Spycar to test scan and remove functionality.

Consumer Reports carelessly and arrogantly didn’t bother to read the documentation for the simulator, and in the process, did not serve the consumer. RTFM.  

But let’s add a little more color.

Spycar is a limited test that can only be used to test certain blocking characteristics of antispyware programs (in other words, the ability of an antispyware program to drive you nuts with constant inane warnings).

For example, one of the Spycar test applications, HKLM_Run.exe, tries to insert the following registry key:

HKEY_CURRENT_USERSoftwareIntelguardiansSpycar

Now, Consumer Reports tested the ability of an application to try to block that registry key.  But then it ran a scan on the machine to see if an antispyware application “caught” this supposed infection!

Absolutely mindboggling.  This is NOT an infection.  It’s a harmless registry key.   The entire antispyware scan and remove functionality was solely judged on the ability of an antispyware application to remove a harmless entry. 

The only way that an antispyware application would catch this harmless entry is one of two ways:

a) The antispyware company cheated, and made sure that all the Spycar entries were in their database or

b) The antispyware product has some type of “snapshot” ability, something not generally thought of as a requirement for an antispyware application (not necessarily a bad idea, but not entirely relevant to a test of scan and remove functionality).

Spycar can’t even test for some of the really nasty types of spyware out there, which would require a kernel-level driver to detect — malware that is inside a compressed file, unpacks a few kilobytes, hooks into the kernel without even executing an application, and happily installs a rootkit.  That’s the nasty crap that truly tests the ability of an antispyware application, contrasted with finding an adware application happily advertising itself in the Run key of the registry.

At any rate, Consumer Reports doesn’t necessarily agree. When presented with an overwhelming amount of evidence as to why they shouldn’t use Spycar, their response was:

Thanks for your insights on the use of behavior simulation to test the performance of anti-spyware programs. We believe we understand your concerns, however we chose this approach because we felt it best captured the flexibility of the software.

We are constantly re-evaluating our test program, and will take these and other considerations into account in future tests.

Brownie, you’re doing a heck of a job.  

Alex Eckelberry
(More commentary here by Eric Howes.)

A naughty CEO nabbed by using Skype. Link here via Fergdawg.

 

Alex Eckelberry

Direct Revenue settles on the Left Coast.  Still no word on New York

Direct Revenue has settled another case relating to allegations that it improperly downloaded its software onto computers. This case was brought on behalf of California residents. A copy of the proposed settlement agreement is available here.

Link.

Alex Eckelberry

How to configure IE to open Office docs in the appropriate program

Sometimes when you click a link on a web site to a Microsoft Office document (a Word .doc file, Excel .xls file or PowerPoint .pps file), sometimes it may open up in Internet Explorer instead of in the Office program associated with the file type. This happens because IE is configured to host Office documents by default. You can change this behavior by following these directions:

1. Open My Computer and click Tools | Folder Options.
2. Click the File Types tab.
3. In Registered File Types, click the file type you want to change and click Advanced.
4. In the Edit File Type dialog box, clear the checkbox that says Browse in Same Window.
5. Click OK.

Patch Reissue is coming on August 22
If you’ve been having problems with Internet Explorer crashing when you go to certain web sites since you downloaded and applied the critical MS-06-042 patch released on this month’s Patch Tuesday, you’re not alone. The problem is affecting a lot of folks who are running IE6 with SP1 on XP or Windows 2000. Here’s the good news: Microsoft has fixed the patch and will re-release the patch on August 22. Read more here.  

More on the Blue Pill Scare
Well, more new info keeps coming in about the “Blue Pill exploit”. Made to sound like a flaw in Vista and a big threat to users, it turned out that the exploit was actually aimed at AMD hypervisor hardware and didn’t work anyway without administrative privileges. Now another claim, that the Blue Pill exploit is undetectable, is being challenged by security experts. Read more here.  

Is there an easy way to back up driver files?
If youQUESTION:
If you’re looking for a software utility that will let you back up your hardware drivers in one fell swoop, there are a few options out there. One that’s free is WinDriver Expert from Huntersoft, which has a free version for non-commercial use. It finds driver files and saves them for you. It’s a small, quick download; the zip file is under 1 MB. You can find it here.  

Right-click commands in IE are unavailable
If you right click a link in IE and discover that the Save Target As and Print Target commands are grayed out, it may be because Content Advisor is enabled. You can fix the problem by disabling Content Advisor or by loading the page and using the File menu command. For detailed instructions on both of these solutions, see KB article 176316.

Outlook Express stops responding when you log onto your email account
If you start Outlook Express and type in your email account name and password in the Log On dialog box, then find that OE stops responding and the Log On dialog box disappears when you click the OE window, there is an update to fix the problem. If you don’t want to install the update, there’s also a simple workaround. You can find out about both solutions by seeing KB article 898123.

DVD-RW discs appear to be empty in Windows Explorer
If you try to view the contents of some DVD-RW discs in Windows Explorer on a Windows XP SP2 computer, you may see a root folder that appears to be empty even though you know there are files on the disc. This happens because of the Universal Disk Format (UDF) defect management system. There is a hotfix available. To find out how to get it, see KB article 899527.

Security Patches for Vista
Two of the security fixes released on the August 8 Patch Tuesday affect Vista beta 2. These are MS06-042 and MS06-051. The patch releases didn’t mention that Vista is one of the operating systems affected, since it’s not commercially available. If you’re running the Vista beta, you need to download and apply these patches. You can read more about it here.  

What’s New in Paint?
The venerable Microsoft Paint program is often overlooked, as most users opt for more powerful graphics packages such as Adobe PhotoShop or Corel PhotoPaint. But Paint has been quietly getting more robust and usable with each version of Windows, and it’s come a long way since its Windows 95/98 reincarnation (which is probably the last time many of you took a look at it). The Vista version finally includes a Crop tool, and since the program is small and faster than its feature-laden cousins, I’ve taken to using it for simple chores like saving screenshots for articles. If you’re running the Vista beta, be sure to check it out.

Deb Shinder, MVP

It’s great to have options, and being able to pay for the software features you want, and not have to waste money paying for features you don’t want and will never use, seems like a great idea. We got a taste of that with Windows XP: if you’re a business user or a home power user who needs to be able to connect your computer to a domain or wants to encrypt files with EFS or connect to your system from somewhere else via Remote Desktop, you could pay extra for XP Professional. If you only want to do simple home computing tasks such as checking email and surfing the web and running a word processing program, you could save a few bucks by getting XP Home instead. There are also a couple of special purpose editions, for Tablet PCs and Media Center home entertainment computers, but those operating systems come installed on the systems.

Now, with Windows Vista, there are even more choices – and some users are a little confused by the plethora of options that are expected to be available. Pundits are making fun of the abundance of choices; see this humorous article claiming that “Windows Vista to Ship in 33 Different Versions“.

In reality, Microsoft now lists five editions on the Vista web site.

Home Basic, Home Premium, Business, Enterprise and Ultimate editions (back in February, Microsoft announced six editions which included Vista Starter Edition, a very restricted version for “emerging markets” – read third world countries – only). Although pricing hasn’t yet been officially announced, we expect the cost to rise approximately in that order. How do you decide which one you need?

Home Basic will be the lowest priced of the retail editions and will be very, well, basic, much like XP Home. Perhaps most notably, it won’t support the cool Aero glass interface with its translucent windows and other eye candy. Cynics might wonder, if you don’t get Aero, why not just continue to run XP? Basic will, however, include security enhancements, parental control, improved search capabilities, Windows Mail, Calendar and Contacts, and other new features. Home Premium offers additional features, such as EFS encryption, as well as both Tablet PC and Media Center PC functionality and a host of entertainment applications such as DVD authoring, photo management, and extra games. Home Premium supports twice as much RAM as Home Basic (16 GB vs. 8 GB).

On the business side, you now have two choices, two – well, sort of. Business Edition is comparable to XP Pro. It includes IIS (web server software), fax support, Remote Desktop, and dual processor support, among other business oriented features, as well as most of the features of Home Premium except for Media Center. Companies that enter into a Software Assurance or Enterprise Licensing agreement with Microsoft can go a step further and get Enterprise Edition, which adds BitLocker drive encryption (enhanced security for company laptops that contain sensitive information), a built-in version of Virtual PC that runs a single VM session at a time, UNIX application support and better multi-language support. This version won’t be available to individuals through retail or OEM channels.

Finally, there’s the best (and most expensive) of all possible worlds: Vista Ultimate. It has all the features of Enterprise Edition, along with the entertainment features of Home Premium, including Media Center, and is the high end option for both home users/gamers and business users who are multimedia professionals.

To confuse matters a little more, there are also expected to be “N” editions of both Home Basic and Business editions, which don’t include Windows Media Player. These are made to comply with EU regulations and will only be available in the European Union.

All these choices may cause some folks to agonize a bit when they decide to take the upgrade plunge, especially home users. Should you stick with Basic, spend a little more for Premium, or bite the bullet, empty your wallet and go all the way with Ultimate?

The good news is that, if you start out conservatively and later discover that you want more features, Microsoft is making it easy for you to upgrade one version of Vista to another. The Anytime Upgrade licenses will be sold by PC vendors and solutions providers. If you have Home Basic, you can upgrade to either Premium or Ultimate. If you have Business Edition, you can upgrade to Ultimate. You can read more about the program, which started beta testing this month, here.

Unfortunately, if you buy a high end edition and decide you don’t need all those features, you can’t downgrade and get a refund for the difference.

How do you feel about all these different editions of Vista? Should Microsoft have stuck with two basic versions, a home and a business edition? Or do you appreciate the ability to pick and choose the feature set you want? Is the Anytime Upgrade program a great idea, or just a ploy to squeeze more money out of you? If/when you upgrade to Vista, which edition will you choose? Let us know what you think.

Deb Shinder, MVP

AOL fires three people, including the CTO, for the recent privacy breach.

 Three America Online employees, including AOL’s chief technology officer, are workplace casualties of a recent search-data breach that infuriated some members.

Link here. 

Alex Eckelberry

If you’ve ever spent time in Silicon Valley, this article by Guy Kawasaki is so real it’s almost painful to read.  

It’s not about getting a job so much as a commentary on the environment which is so unique to the area.

Expect the funny farm. Most likely you’ll go through a group grope of interviews by four or five people. Most likely only one of them has hired and managed people before. Most likely this is the cast of characters that you’ll meet. Use these stereotypes to prepare answers to their questions and concerns.

Link here.

Of course, why get a job in Silicon Valley when you can come work for Sunbelt Software in beautiful Tampa Bay, Florida?

Alex Eckelberry

Juha-Matti over at Securiteam has put together an FAQ on the latest zero-day exploit for PowerPoint.  Link here.

Alex Eckelberry
(Thanks Eric)