Month: November 2006

Silver, Gold… but you’re not getting platinum, scumbags

Silvercodec10123991871

Last week, we found two more fake codecs sites — Silvercodec(dot).com and Goldcodec(dot)com.  Both of these install fake codecs which do all sorts of nasty things to your PC (oh, rootkits, that kind of stuff).

We got to thinking:  Silver… gold… it seems like it’s only going to be a matter of time before the slimeballs pick up Platinum… so we preemptively registered that domain to thwart them.  All major TLDs have been registered to Sunbelt Software, thereby keeping these domains out of the hands of the bad guys. 

Alex Eckelberry
(And thanks to Suzi for coming up with the idea)

Sunbelt Weekly TechTips

New look for Microsoft homepage being tested
Microsoft is testing out a new look for their web presence, and it’s definitely more elegant than the old one. In fact, it has a definite “Vista” flavor. The real question is whether it will be easier to navigate and find what you’re looking for. Meanwhile, tell us how you like the new look. It’s online here.

Read more about it here.

Updates kill Outlook 2007 beta
If you’ve installed the Office 2007 beta 2, you may have awakened a few days ago to find that Outlook wasn’t working properly. In my case, I could read mail with no problem, but suddenly I couldn’t send – neither by replying/forwarding nor by creating a new message. Trying to do so displayed a non-helpful error message.

Uninstalling the beta and replacing it with the Office 2007 RTM version fixed the problem, but what if you don’t have access to the RTM code? As an MSDN member, I do, but most consumers won’t be able to get the final version until January. You may need to uninstall Office 2007 and reinstall Office 2003 to regain Outlook functionality. That’s rotten, considering it was implied that the Office 2007 beta would be good until February.

Bitlocker_55x55Vista: Make laptops more secure with Bitlocker
Vista’s Enterprise and Ultimate editions include a new security feature that’s especially useful for portable computers: BitLocker Drive Encryption. It’s designed to protect your data when an unauthorized person gains physical access to the system (for example, a stolen or lost laptop). You can configure the computer to require a startup key (such as a USB flash memory drive) or a PIN to boot the computer. This makes data stored on portable computers much more secure, so that a thief can’t merely boot into a different operating system or use a boot disk to get to the data. You can read more about BitLocker here.

How to add the Encrypt/Decrypt command to the right context menu
Want to be able to right click a file or folder and select to encrypt or decrypt it, without having to click through the Properties | Advanced dialog boxes? You can do it by editing the registry. Here’s how:

  1. Open your favorite registry editor.
  2. Navigate to this entry: HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion Explorer Advanced
  3. In the right details pane, right click an empty spot and select New, then DWORD Value.
  4. Name the new value EncryptionContextMenu.
  5. Double click the new value, and in the data value box, enter 1.
  6. Click OK and close the registry editor.
  7. Restart the computer for the new setting to take effect.

Get patched now! The exploits are out there
If you don’t have your computer set to automatically install critical updates and you haven’t yet installed the patches released on this month’s Patch Tuesday, it’s probably a good idea, since there are already instructions circulating on the Internet for how to exploit some of the vulnerabilities that are fixed by those patches. Read more here.

Files from FTP site download into the wrong folders
If you download files from an FTP site and they don’t go into the folder that you selected, it may be caused by certain characters in the file name that match those of a folder you already have on your hard disk. This can be fixed by the latest service pack or, if you don’t want to install the service pack for some reason (such as incompatibility with legacy applications), there is a hot fix specifically for this problem. To find out how to get it, see KB article 810790.

Help window doesn’t appear when you click Help on the Office Online web site
If you visit the Microsoft Office Online web site and click the Help link in the upper right corner of the page, you might receive a warning message instead of the Help page you were expecting. This can be caused by having your popup blocker set to High. You’ll need to either override the popup blocker or temporarily enable popup windows. For information on how to do so, see KB article 884183.

Deb Shinder, MVP

IE 7: Are we there yet?

Internet Explorer 7 was released in final version just over a month ago, and it’s distributed as an automatic update. The auto upgrade is relatively painless, and the new IE offers many advantages over its predecessor, such as tabbed browsing and the anti-phishing filter, ActiveX opt-in and other security enhancements. Unfortunately, it still contains a few bugs (or are they “undocumented features”) that result in my using Firefox much more often than I would otherwise.

One of the most annoying in everyday life is the tiny font problem. We’re talking really small here, and changing the text size in the View menu has no effect. You can use the zoom here to make the text readable (118% does the trick), but the problem is that the tiny fonts only appear on some web sites, so when you go to another site that doesn’t have the problem, you have to adjust the zoom again. Firefox displays both pages in a reasonable font size without the need for adjustments.

The other, potentially more worrisome but much less frequent problem is IE lockup. Every once in a while (maybe once every three days), IE 7 just quits working. I’ll be browsing with no problem and then when I click a link or type in a URL, it just won’t connect, just sits there spinning its wheels for minutes. Meanwhile, Firefox will connect to the same site immediately.

Are you experiencing any problems as well? 

Deb Shinder, MVP

What Effects will the Election have on Technology Issues?

Unless you’ve been way out of the country (visiting Jupiter, for example), you’re probably well aware of the imminent changing of the guard in Washington D.C. brought about by the national elections earlier this month. The vote in many races was “squeak by” close, as it has been in so many recent elections – but a win by one vote has the same result as a win by one hundred million. So our law-making bodies are now under the control of the “other side” for the first time in twelve years – a fact that makes some people very happy, others very sad, and many (who believe the only difference between the two major parties lies in the specific methods by which they’ll make our lives miserable rather than the amount of misery) a little indifferent.

Even if you live in another country, the actions of the U.S. government are likely to affect you in ways both subtle and overt. And those in the technology industry, like others in different fields, are wondering how this “takeover” will impact the issues that matter most to us.

As the old saying goes, there’s good news and there’s bad news. And your perspective is likely to depend in part on where you stand in the technology food chain (business owner, tech worker, or consumer). Perhaps surprisingly, the Democrats’ traditional stances on tech issues aren’t always friendlier to the “little guys” lower down the list.

An article that ran on CCN.com a week after the election proclaimed that “the new Congress may be the most technology-friendly in history.” That sounds like reason to celebrate – and if you own a software company, it just might be. The new legislators are expected to raise the ceiling on H1-B visas. That means tech companies will be able to hire more programmers and other skilled workers from other countries. That’s definitely good news for those companies.

It may not be such good news for American tech workers, who are typically used to much higher salaries than their counterparts in India and China. Will more foreign workers result in fewer jobs for Americans and/or lower pay all the way around? I guess we’ll have to wait and see. Meanwhile, lower paid tech workers might result in lower prices for consumers. That’s how it should work, and sometimes it even does.

The CNN article goes on to discuss the “net neutrality” issue. The new Congress is likely to be more in favor of laws prohibiting service providers from setting up “tier” systems charging more for higher bandwidth applications. Both consumers and content providers like Microsoft and Google are in favor of such laws. ISPs and libertarians who think the ‘net is already regulated enough oppose them. Should those who use more bandwidth pay more? It seems logical, but proponents of the neutrality laws say no. If ISPs are prevented from charging more for the high bandwidth use, will they just raise prices on everyone instead? That, too, remains to be seen.

What about an issue near and dear to the hearts of many at the consumer level: copy protection? You’d think the Democrats would be on the side of the little guys, right? Surely they’ll be rushing to repeal laws that allow big corporations and organizations like RIAA to harass elderly grandparents and eight year old kids for allegedly sharing a song. Surely they’ll get tough on music companies that install rootkits on their customers’ computers. Surely they’ll make it easier for us to enjoy our legally purchased music on multiple devices and make backups in case the originals are damaged or lost.

Oops. Think again. Based on their past votes, you shouldn’t expect the cavalry to come riding in on the wave of the mid-term elections. Remember that the Digital Millennium Copyright Act (DMCA) was signed into law by a Democratic president. That’s the law that makes it illegal for you to circumvent copy protection technology, even if you’re doing it to make your own backups of content you legally bought. And Congressional Democrats have proposed legislation that would make it legal for record companies and movie studios to hack into P2P networks. When you think about it, this probably shouldn’t come as a surprise at all, since Hollywood provides so much financial support to the party.

Just prior to the election, CNET News.com published a voter’s guide based on current legislators’ records on technology-based issues. Interestingly, the most technology-friendly member of the House was shown to be Ron Paul, a Texas Republic, who scored even higher than Democrats who represent Silicon Valley (80%). Republican George Allen of Virginia held the highest Senate score (78%). Overall, Democrats slightly beat Republicans in the House while Republicans scored an average of 10% better than Democrats in the Senate. You can read more here.

So what do you think? Selecting the candidates to vote for is always a trade- off, so most people cast their votes based on the issues they care about most (the war, taxes, privacy rights, abortion or some other “hot button” issue). Regardless of how you think they’ll do overall, do you think this election will be good or bad for technology innovators, workers and consumers? 

Deb Shinder, MVP

What to do after your big Thanksgiving feast

Go to a website that has some graphics.

Then paste the following code into the address bar of your browser:

javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI= document.getElementsByTagName(“img”); DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position=’absolute’; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+”px”; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+”px”}R++}setInterval(‘A()’,50); void(0);

(Don’t worry, it’s safe — at least from a security standpoint.  But your stomach may feel otherwise.)

And if I don’t get a chance to say it:  Happy Thanksgiving, all!

Alex Eckelberry
(Thanks, Robert!)

Some ugly new fake codecs

Moviecodec, tvcodec and watchfree — all malicious fake codecs.

Obviously, do not install these on a system as they are a hotbed of malware. The promises are all false:  They do not improve video or audio, and installing them under the premise of “free video” or any other reason is a very bad idea. I am saying this only because I’m seeing lots of search engine hits on this blog from people trying to find out more about particular fake codecs, and I want to make sure people don’t install them!  

Moviecodec.net11182006
MovieCodec(dot)net 

Tvcodec.com11182006

Tvcodec(dot)com 

Watchfree.net11182006

Watchfree(dot)net

These have domain registration courtesy of estdomains, hosting by malware-friendly Intercage.

And finally, StrCodec, located at strcodec(d0t)be(dot)cx as well as clusif(dot)free(dot)fr.  

Alex Eckelberry
(Thanks to Andrew Clover for passing these on to us, and Patrick Jordan for the screen shots.  Thanks to Andrew Stevenson for finding StrCodec.)

Microsoft: No, no, no, the Xbox stays in its place

Xbox1231231008098_small123123123

Yesterday, I posted a slightly tongue-in-cheek blog commenting on a story from CRN Magazine that Microsoft is expected to come out with an appliance.

Turns out (at least according to Microsoft), that the rumor is totally and completely wrong.

As strange as it may seem, “Fresno” doesn’t exist.  I’m not talking about the city in California which I can say unequivocally does exist since I’ve been there 🙂 but the “Windows Server appliance” that was recently referred to in a CRN article.   You might not think that another “product announcement” such as this one would be a big deal around here (since we make a number of them) but this particular kind of story actually amps a lot of people in my building (which is where Windows Server development lives) especially since after checking with various people in the know it was determined that “Fresno” simply doesn’t exist.  Apparently, the unnamed source’s information to the contrary is good enough so you likely won’t see a retraction. 

And even more interesting, the “code name” Fresno is likely something completely different, as Susan Bradley writes:

So I’m reading the blogs tonight and see this and just about absolutely fall out of my chair….

A little background on this “so-called” Code Name Fresno… you see it does not exist..well…. honestly… it doesn’t ….but you see… for me… it does.  The name “Fresno” is the name that I started calling the 15 user core Windows OS of SBS 2003…(must be a PDC, must hold FSMO roles, etc).  It’s the base and foundation of SBS.  If you end up buying it you usually have screwed up… I started calling that core OS as a joke….. FRESNO stands for  “For REally Small NetwOrks”.. you know Fresno… known enough as a name… but a hick town name….especially since Microsoft is known for picking vastly exotic places for their beta names… If someone came into the newsgroup saying they’d bought it, I’d say “Oh you bought the Fresno version”.  It was a funny way to keep the versions straight.

But I mean honestly… do you really and truly think that Microsoft would call a beta name “Fresno”…. oh how hillariously funny….I’m like OMYGOSH.. I can’t believe that my joke about the slang name for the core OS of the SBS server …. which is a joke about my own hometown got taken so seriously and so wrong.

I LIVE in Fresno… it’s my hometown… and I called that core OS the name of Fresno as a joke…..

I admit, even I was a bit baffled by this rumor.  But it was such a fun story!

Oh well.

Alex

In other news, Microsoft to rebrand Xbox 360 as a server

Xbox1231231008098

Microsoft is expected/rumored to be coming out with a hardware appliance that works as a small business server.  Designed for really small shops (five users, that kind of thing), it’s Microsoft’s bid to go up against Linux.  Generously, the server will allow up to five users without CALs (Client Access Licenses).  This is currently the problem cost-wise for shops looking to get a cheap server.

“It’s very low-end and designed for incredibly small shops that are not using servers,” said another source familiar with the appliance effort, who requested anonymity. “Microsoft realizes small shops will move to servers, and they’re going to make sure they’re not going to Linux appliances with Google applications on it.”

Link here.

Microsoft’s move here (which looks like putting Small Business Server in a box) is sensible in one regard:  Keeping the small business customer from moving to Linux.  However, it does does not appear to address the major problem — people using Linux servers for all kinds of uses, such as firewalls and antispam gateways. 

The problem with Microsoft server software has always been the cost.  For example, while ISA is arguably a very robust firewall, it’s hard to compare it to the free solutions (IpTables, Smoothwall, IPCop, etc.) that have been out in the Linux space for years and have a tremendous following in the open source community.  Lack of developer support becomes a problem, because companies like Sunbelt can’t easily ask a customer to buy a dedicated server and install a Windows server license on it — and then pay for our software.  Battling Linux on the server side is going to take much more than this attempt on Microsoft’s part — Linux may not get the desktop, but it is firmly entrenched as a robust, solid and highly reliable server solution, and the cost is only one part of that equation. 

Alex Eckelberry
(Thanks Greg)

UPDATE:  Bad rumor. More here.

Inside the mind of a kernel hacker

Ryan Naraine has an interesting interview with LMH (the person being MoKB):

RN: Can you introduce yourself? Who is LMH? Is there a real name?

LMH: Well, I have a name as we all do. LMH is in fact a reference to my real name. The reason for ‘hiding’ behind it is that while I don’t mind appearing on public mailing lists, news media, etc., I want to be recognized by the work I do. A name is pretty much like a trademark, and I’m not into trading with my name, thus I prefer to use a rather simple nickname such as ‘LMH’. That way people focus on the work and not who has done it. It’s also good to keep a low profile sometimes. I’m based in Europe.

Link here.

Alex Eckelberry

Public beta of CounterSpy 2.0

Sunbelt Software is pleased to announce the start of a public beta for the next version of its flagship antispyware application, CounterSpy 2.0. This public beta will allow our users to test drive a pre-release version of CounterSpy 2.0, which incorporates a number of major improvements over CounterSpy 1.5.

New & Improved Features in CounterSpy 2.0
CounterSpy 2.0 includes the following new features or improvements:

  • Significantly reduced memory footprint
  • Re-designed/re-coded scan and removal engine
  • Faster full scan times
  • Improved remediation capabilities
  • New heuristics engine for improved detections
  • New scan-on-boot technology
  • New kernel-level Active Protections
  • Incremental definition updates

And much more…

System Requirements
Microsoft Internet Explorer 5.5 or higher IBM Compatible 400MHZ Computer with at least 128MB of RAM Windows 2000 Pro SP3+ and Windows XP (Pro, Home, Tablet, or Media) 150MB of available free space on your hard drive

Click here to download the CounterSpy Consumer 2.0 Beta.

Our beta forum is located at  http://beta.sunbelt-software.com.

Alex Eckelberry

Note on Beta Quality Software: Interested users should bear in mind that this is beta quality software. As such, users can expect to encounter bugs of all shapes and sizes, including some that could in rare cases cause catastrophic system crashes. Users are cautioned not to install or run beta quality software in a business “production” environment or in an environment where bugs and system crashes are flatly unacceptable. In the event you encounter a Windows System failure or CounterSpy crashes and you are given the option to send your log information to Microsoft, please send it so we can quickly analyze any compatibility issues CounterSpy may encounter.

Excellent malware case study

Our friends over at Secure Science and Michael Ligh have finished a great analysis on a very interesting (and nasty) piece of malware that we alerted and provided them with.

This document contains details of an exploratory case study that was conducted on a malware specimen found in the wild by members of the Mal-Aware Group (Secure Science and Sunbelt Software). The trojan was hosted on web servers located in the Ukraine and Russia, and existed among several gigabytes of data encoded with a proprietary algorithm. There were nearly 10,000 individual files available, each containing between 70 bytes and 56 megabytes worth of stolen data that only criminals could read…until now.

Link here.

Chalk one up for the good guys!

Adam Thomas

Creative image spam

Image spam, a plague on email right now, continues to get more and more creative. 

Creativeimagespam

Toa123108

123080980981231sdfkjkj1230

For the most part, the images are embedded in the email, although sometimes they’re sent as a hyplink (an email client like Outlook can show images in the email when formatted in HTML, either through a hyperlink or as an embedded image, a technique that also works with RTF through OLE embedding).

Some people may wonder why the images are getting all odd looking, with slashes and odd text and the like.  That’s largely to bypass OCR filters (for example, SpamAssassin uses an OCR plug-in to detect image spam).  It’s also to continually change the checksum on the image.

Expect much more creativity as the spammers continue to try to get through the filters.

Alex Eckelberry

Laptop pyrotechnica

Our friends over at PC Pitstop decided to see just how bad these smokin’ batteries can be.  Amazing video — a must watch.

 

When I asked Dave Methvin (PC Pitstop’s CTO) about the experiment today, he mentioned a few things:

There’s an article with a quote from an airline person saying: “They’re no more hazardous than any other battery-powered piece of equipment,” Hill told eWEEK in an exclusive interview. Hill said that while such batteries can catch on fire, “If you’re carrying it into the passenger cabin, the flight attendants should be capable of using an extinguisher and controlling it easily.”

However, I don’t think the cabin fire extinguishers could put out a LiION fire. There have been some FAA tests that say the cargo cabins (which have a halon system) would be effective as long as the pressure from a battery explosion didn’t blow a hole in the pressure containment of the cargo cabin.
And if you can trust an engineer more than some airline official, they say
this:

And an article here: “Here’s the short version: if you abuse a lithium battery, it can experience a “discharge with flame” and you can’t put it out. It generates its own oxygen to keep the fire going. Also, as we discovered this week, errors in manufacturing can give them the potential to self-ignite.”

Nice work guys. 

Oh, and the obvious statement — the PC Pitstop guys did this with professionals in a controlled environment.  This is a dangerous experiment to conduct and is not something to do on your own.  The fumes alone are extremely toxic, especially at these temperatures, and the risk of fire and explosion is not trivial.

Alex Eckelberry
(And a hat tip to Juha-Matti)

Perfect Codec — a brand new fake codec

As always, DO NOT download these fake codecs, they are a hotbed of malware. 

Perfectcodec.com11142006

Brand spankin new.

http://www(dot)perfectcodec(dot)com

WHOIS information for: perfectcodec.com (85.255.116.251):

   Domain Name: PERFECTCODEC COM
   Registrar: ESTDOMAINS, INC.
   Whois Server: whois.estdomains.com
   Referral URL: http://www.estdomains.com
   Name Server: NS2.PERFECTCODEC COM
   Name Server: NS1.PERFECTCODEC COM
   Status: REGISTRAR-LOCK
   EPP Status: clientTransferProhibited
   Updated Date: 13-Nov-2006
   Creation Date: 13-Nov-2006
   Expiration Date: 13-Nov-2007

Last update of whois database: Tue, 14 Nov 2006 23:23:52 EST

Incidentally, the same owner alias as qualitycodec(dot)com.

Sunbelt Sandbox report here

Virustotal results here.

You can download the free trial of CounterSpy if you feel you might be infected.

Adam Thomas and Patrick Jordan