Month: January 2007

This is a silly blog post, but a personal triumph of mine. For years, we’ve had the domain sunbelt-software as our primary domain. And it drove me mad.

I remember once not getting an email because the person had addressed it to alex@sunbeltdashsoftware.com. And typing it out was always a pain, because the dash is one of those “stretch” keys that you have to move or stretch your finger a wee bit to get. So you’d mistype.

Finally, the dash is gone. You can access Sunbelt Software by either going to http://www.sunbeltsoftware.com or the old http://www.sunbelt-software.com.

I’m so happy.

Alex Eckelberry

Recently, NetNucleus, makers of the Mirar Toolbar, sent us a cease and desist letter demanding that we delist their product from our antispyware database.

As promised, we have finished our exhaustive review process and responded with a letter, which you can view here.

Alex Eckelberry

Just unreal.

Alex Eckelberry
(Credit to Patrick Jordan)

New Add-on for Digital Photo Buffs
This week, Microsoft released a free add-on for Windows XP SP2 and Vista called Microsoft Photo Info. It lets you add, change or delete properties for digital photos from inside Windows Explorer. For instance, you can record information such as the author of the photo, descriptions, copyright notices and more (even technical info such as the aperature, shutter speed and lens focal length). It’s a 4 MB MSI file that you can download from the Microsoft web site here.

XP Support Life Cycle Extended
Last week Microsoft announced that they are extending the support life cycle for Windows XP Home and Media Center Editions to April 2009 for mainstream support (with extended support lasting five years beyond that, to 2014). Normally consumer products lasts for five years, meaning XP Home’s support would have ended December 31, 2006 under the normal procedure. Microsoft had already extended that. This is good news for consumers who don’t plan to upgrade to Vista anytime soon. Read more here.

Microsoft PowerShell fits the Bill for Command Line Lovers
The GUI is great, but some computer users never got over their first love: the command line interface. Sure, there are hundreds of tasks you can perform at the command line in Windows, but some want even more. For command line lovers, Microsoft has developed PowerShell (formerly known as Monad), which gives you a more power at the command line. It runs on XP, Vista, Server 2003 and Longhorn Server, and it’s a free download here.

XP Events and Errors Database
What does that error code mean? Unfortunately, sometimes they’re pretty cryptic, but you can search the Microsoft Errors and Events database to get more information and find out what your operating system is trying to tell you. Check it out here.

Free Wi-fi Access for Vista Users
T-Mobile has teamed up with Microsoft to offer three months of free wireless hotspot access for those with Vista on their laptops. The offers runs from January 30 to April 30, and includes the company’s hot spots in Starbucks, Borders and Kinko’s. There are thousands of T-Mobile wi-fi hotspots around the country. For more information, click here.

Vista Service Pack 1 is already in the works
We know many computer users whose rule of thumb is not to upgrade to a new operating system until the first service pack is released. Well, Vista goes on the market to consumers at the end of January (it’s been available to businesses for a couple of months), but Microsoft is already hard at work on Service Pack 1. Companies that have deployed Vista have been contacted, requesting that they volunteer as beta testers of SP1. Speculation is that the service pack will be released by the end of the year. Read more here.

Test Drive Vista without Installing It
Want to see all the new features in Vista before you make the decision about upgrading? Sure, you could go hang out at your favorite electronics store and play with the machines there, but if you’d prefer to do it in the comfort of your home, without eager salesfolk hanging over your shoulder, you can use Microsoft’s web-based Business Test Drive to log onto a virtual machine running Vista and explore the OS on your own.

How to Distribute a Custom Desktop Theme
If you create your own customized theme in Windows XP, you might want to share it with others or put it on another computer that you use so you’ll have a consistent desktop appearance. The theme contains information about your wallpaper, screen saver, icons, fonts, colors, mouse pointers and sounds. To create a theme:

1. Click Start | Control Panel | Appearance and Themes.
2. Click Display.
3. Click the Themes tab and select an existing theme to modify.
4. Through the Display Properties dialog box, make the changes you want. Then click the Themes tab and click the Apply button.
5. Click Save As and type a name for the new theme.
6. Click Save, then click OK.

Your theme is saved by default in the My Documents folder with the .theme extension. You can send this file to others via email or put it in a network share. To install it on another computer, once it’s on that computer’s hard disk:

1. Right click the desktop and click Properties, then the Themes tab.
2. Click the Browse button and navigate to the folder where the theme file is located.
3. Double click the theme file and click OK to load the new theme.

How to force users to log off.
If you want to force users to log off (say, after an hour of no activity), you can use the Winexit.scr utility in the Windows 2000 Resource kit to do this (yes, it works with XP, too). It’s actually a screensaver file that logs the current user off after a specified time period. The resource kit tools can be downloaded here.

Locate the winexit.scr file on your hard disk, right click it and select Install. The Screen Saver tab of the Display Properties dialog box will appear. Click the Settings button and click Force Application Termination. In the Countdown For N Seconds field, type the number of seconds before the user is logged off. You can also type a message to appear during the logoff countdown. For more info, click here.

How to Prevent a Program from Being Displayed in Most Frequently Used Programs
The Most Frequently Used Programs list on the Start menu can be handy for quickly accessing your favorite programs, but if you share a computer with others, you may not wish for some of your programs to be displayed there. You can prevent a particular program from being displayed by editing the registry. For instructions on how to do it, see KB article 284198.

Remove User Account Name from Windows Messenger
If you log onto the .NET Passport service on an XP computer, your logon info is added to a list of user accounts that’s displayed when Windows Messenger starts. If you don’t want your account information stored here, you can remove your instant messaging account from Windows Messenger. Step by step instructions for both standalone/workgroup and domain computers can be found in KB article 310705.

Enable Automatic Completion for the Command Prompt
If you want to configure XP so it will automatically complete file and folder names when you’re typing at the command prompt, thus saving time and energy, you can do so in a single session by typing a control character, or you can activate it permanently by editing the registry. Find out how to do both in KB article 310530.

Deb Shinder, MVP

We all know that technology can be used for both good and evil: the splitting of the atom led to both nuclear power plants and nuclear bombs; GPS can be used to find lost children or by dictatorial governments to keep tabs on their citizens; RFID can be used to improve the efficiency of stocking a store’s inventory or to invade our privacy, and so forth. The Internet can be used to keep in touch with faraway family members and expand our knowledge base, or it can be used by pedophiles to prey on children. These are all well-known dangers of technology.

But what about the more hidden dangers that come with the proliferation of technological gadgets that we enjoy in today’s world? You might not see that cell phone or MP3 player in your pocket as a threat to anyone, but can it be putting you – and even others – in danger every day?

We’re not talking about the long-debated question of whether radiation from mobile phones causes brain cancer, or whether the anti-social lyrics of some popular songs are influencing young people to engage in anti-social behavior, although those are worthy topics for the medical community and psychologists/sociologists to investigate. What we’re talking about today is the possibility that our tech toys may be placing us in imminent physical danger, by distracting us from the world around us.

A few weeks ago, in this newsletter we discussed the trend toward high tech automobiles. Many cars today have built-in GPS, audio systems that are fancier than ever, DVD players built into headrests, and there are even full fledged computer consoles available that go into the dashboard, and companies are gearing up to offer mobile wi-fi connections designed to keep you on the Internet while you’re driving. All of this is very cool – but several readers wrote to bring up safety concerns about having all this entertainment equipment in vehicles.

Peter K. put it this way: “Remember now, you’re driving a 3000 pound car at 60 mph. Put another way, that’s 88 feet every second! It has been measured; taking your eyes off the road to change the radio station and back again comes to almost 3 seconds. Doing the math, that’s 264 feet. More than the length of 3 1/2 semi’s. That’s a 24 lane intersection! For the GPS navigation display, even more. Try and scroll through your cell phone’s numbers looking for a name to call. You may end up never making that call. At that speed, no seatbelt or air bag will save you.”

Of course, manufacturers of in-car DVD players market them as being for the use of the passengers – but I’ve passed vehicles on the road at night in which you could see a movie playing, and the driver was the sole occupant. In many jurisdictions, having the screen visible to the driver’s seat is against the law, but if the screen is movable, that can be difficult to enforce unless the driver is caught in the act.

And it is possible to carry the concept of having no distractions available too far. How many of us have had the experience of using the car radio or even a cell phone conversation to keep us awake and alert during a long, dull drive?

No one deals with more distractions while driving than the police themselves. Back in my law enforcement days, I found one of the most challenging aspects of the job to be routine patrol, where you’re expected to talk on the radio, look for suspicious behavior on the streets and still somehow drive safely. These days, most police cars also include mobile display terminals (MDTs), for an added distraction. Yes, in some jurisdictions, police work in pairs and the officer in the passenger seat operates the equipment, but in most smaller departments and many large, budget-challenged ones, two-officer cars is a luxury that’s unaffordable. Multitasking while driving is a way of life.

A National Highway Traffic Safety Administration study a few years ago estimated that 25% of police-reported accidents involve some form of distraction. But interestingly, cell phones and other high tech devices accounted for only a small percentage of those accidents. Many of the distractions that cause accidents are very low tech: talking to passengers, tending to children, adjusting the controls (windshield wipers, lights, air conditioning, mirrors), eating, smoking, swatting insects, and so forth. Still, it makes sense that having more and more devices in the car, even those that aid in driving such as GPS units, provide more potential for distraction.

And it’s not just in the car that the distraction of tech toys can pose a danger. I see people all the time now, walking down the street, in the mall, on airplanes and in other public places, whose glazed eyes give away the fact that they’re oblivious to what’s going on around them even before you notice the tell-tale earbud. Whether listening to music, audio books or their Bluetooth phones, they obviously aren’t paying attention to anything but the “bug” in their ears. Sometimes I wonder how many folks have walked out in front of traffic because of this. And maybe it’s just my old cop training, but if a terrorist takes over my plane or someone is robbing the store, I don’t want to be the last to know.

What do you think? Is the proliferation of high tech toys making the roads and other public places more dangerous for us all? Or can we, with the proper training, learn to effectively multitask while driving without creating a safety hazard? Have you ever been guilty of making cell phone calls, watching DVDs or fiddling with the sound system while driving? Should there be laws against such activities? If so, should there also be laws against non-high-tech distractions, such as crying babies, chatty passengers and drive-through restaurants that encourage behind-the-wheel eating? Let us know your opinions and experiences.

Deb Shinder, Microsoft MVP

American Public Radio (including interview with me and the defense’s forensic expert). Link here.

Earlier this week, I threw up a quick blog about a new service, TrustedID’s StolenIDSearch.com. That blog post generated a regrettable amount of rancor.

Unfortunately, I was moving quickly and didn’t sufficiently explain all the details in that blog post. I’ve been deeply embroiled in the Julie Amero scandal and then flew to the ISOI conference at Microsoft. At the same time, I have to run a software company. So sleep has been at a premium and I rushed a few things I shouldn’t have — like that blog post. (I’m not whining — I love my hectic life!)

First of all, let me agree with many of the comments and say that that I don’t believe StolenIDsearch.com is a perfect idea. There are problems with this type of service, and they’ve been picked up by others and I won’t rehash the details. However, a lot of the issues mentioned have been addressed in a blog post by the TrustedID CEO here.

A little background from our side: Over the past couple of years, we’ve come across lots of compromised data. At first, we did a variety of things, like contact individuals whose identities had been stolen, sharing stolen credit card numbers with banks, and of course, cooperating with organizations like CERT and financial institutions. After a while, however, we came to the conclusion that there simply wasn’t a valid clearinghouse of this type of information.

Enter TrustedID, a company well-funded by some of the top people in Silicon Valley. The company’s mission is to provide credit-protection services for consumers, and they seem to be doing a good job of it. The CEO, Scott Mitic, is a former senior executive with Fair Isaac, an organization with a very strong record of consumer protection and privacy (one doesn’t get a job easily at Fair Isaac ). The rest of the staff at TrustID are serious professionals with excellent backgrounds, and as Scott puts it, “consumer privacy runs in their blood”.

So Scott contacted me about a new idea they had, which was to provide consumers a way to check if their credit cards had been stolen. The idea was a simple: You went to a highly secure site, entered your credit card number, and it came back with whether or not it may have been compromised. Along the way, they would display an ad for their credit protection service in order to fund the service.

Subject to our performing a due diligence on the company, we agreed to collaborate with a small amount of information sharing, We started cautiously, and, in fact, are still treading cautiously.

However, we know that the fundamental problem is an international clearinghouse is needed for stolen information, with involvement by reputable financial institutions and government agencies. At the conference last week, we met with other security experts on the matter, and I hope to see some progress in this area.

As for StolenIDSearch, we may continue to collaborate with them to a limited degree, as we do with many other security companies. However, we are focusing our major efforts on creating this international clearinghouse with other security and privacy experts — I believe this is a much better solution to the problem of stolen data.

Alex Eckelberry

Video link here.

My only coment: Lis Wiehl, the former federal prosecutor who argues against Amero, needs to get a clue.

Alex Eckelberry
(Thanks John)

We’ll be at the RSA Conference 2007, February 5-9 in San Francisco. Stop by the Sunbelt Software Booth #2513. Of course, we’ll be giving away schwag. 

Alex Eckelberry

The furor continues over the Julie Amero scandal. Last night, there was a school board meeting where administrators tried to calm parents.

At Tuesday’s school board meeting, Information Services Director Bob Hartz
sought to calm the public furor regarding Julie Amero’s Jan. 5 conviction for
exposing Kelly Middle School students to sexually graphic Web sites in
2004.

Link here.

Alex Eckelberry
(Thanks Walter)

Back up Your Entire Computer without Third Party Programs
The new Backup and Restore Center in Windows Vista is one of its nicest little known features. Along with the ability to create backups of your important files and folders, you can create an image of your entire computer, which can be restored in case of a hardware failure. You can back up to another hard disk, so it’s super simple to install an additional internal disk in your computer or connect a USB removable drive and do a backup to it. The backup process is quick – I backed up both my C: and V: drives, which contain Windows XP and Windows Vista and all of the programs installed on each, in under ten minutes. And you can continue working while the backup proceeds. For more info about Vista Backup and Recovery, click here.

Run virtual machines on Vista
The latest version of Microsoft’s desktop virtualization software, Virtual PC 2007, supports Windows Vista as either the host or the guest operating system. It’s currently in beta testing, and you can apply to participate in the beta program here.

Note that only Vista Business, Enterprise and Ultimate versions are supported. I installed the 32-bit version on Vista Ultimate. The download is a little over 28 MB and installation went smoothly.

How to Prevent Network Share Shortcuts from being added to My Network Places
A shortcut is automatically added to My Network Places on your Windows XP computer if you open a file that’s located on a share on another computer on the network. If you don’t want this to happen, you can change Group Policy to prevent it. Here’s how it’s done on a computer that doesn’t belong to a domain:

1. Click Start Run and type mmc.exe. Click OK to create a new MMC.
2. In the new MMC, click Console and select Add/Remove Snap-in.
3. Click Add.
4. Click Group Policy, then click Add again.
5. Leave the default (Local Computer) and click Finish.
6. Click Close, then OK.
7. Expand User Configuration under Local Computer Policy in the left pane.
8. Expand Administrative Templates, then expand Desktop.
9. Right click Do Not Add Shares of Recently Opened Documents to My Network Places.
10. Click Properties.
11. Click Enabled.
12. Click OK.

Windows Home Server: What will it do for you?
One of the more interesting products that debuted at CES 2007 earlier this month was Microsoft’s Windows Home Server (formerly known as Quattro or “Q”). WHS is expected to go into private beta testing in February. Meanwhile, consumers are wondering exactly what this product is supposed to do for them. The idea is to create a server for home networks that’s simple to use and will provide you with a centralized storage place for your documents, videos, photos, music and other files, easily accessible from all the computers in your home. You can read more about it on Paul Thurrott’s SuperSite.

Vista Family Pack Discount
If you have several computers in your home, you might wish there were a way to upgrade them all to Vista without having to pay the full price for the operating system several times over. Well, Microsoft has announced a “family pack” discount for those who buy a copy of Vista Ultimate, which will allow them to purchase two copies of Vista Home Premium at a discounted rate (expected to be somewhere between $50 and $99 each). The regular price for Home Premium is $239.

It’s also going to be easy to upgrade from one version of Vista to another (for example, from Home to Ultimate) because several versions will be included on the DVD, and by paying the additional licensing fee you’ll be able to install the upgraded version and use it immediately. Click here for more information.

Network Magic: A Caveat
Last week, we mentioned a product called Network Magic that makes it easier to set up your home network. Some of you wrote to say that although it works fine if you have a broadband Internet connection, but it uses a lot of bandwidth and it doesn’t do so well with dialup. So, based on reader feedback, we don’t recommend this product if you’re still connecting to the Internet with a modem. Also, run the trial version through its paces. One user reported intermittent network connection problems with his wifi connection (this could be a bug that’s going to be corrected).

Having problems with WGA validation?
If you I get a message that says “Windows Activation Required. Windows must be activated in order to determine if the Windows product key installed on this computer is genuine”, one known reason that this sometimes happens is because the Wpa.dbl file has been set to read-only. Try this:

1. Click Start Run.
2. In the Run box, type: attrib -r %windir%sytem32wpa.dbl
3. Click OK

Or navigate to the wpa.dbl file in the System32 folder in Windows Explorer, right click the file and select Properties. On the General tab, under Attributes, make sure the Read-only checkbox is unchecked.

If this doesn’t work, check out KB article 916247, on how to use the WGA Diagnostics Tool to determine why the copy of Windows has not been validated:

Troubleshooting L2TP/IPsec VPNs in Windows XP
If you use L2TP with IPsec encryption to create a VPN connection on your Windows XP computer, for instance, to connect to your company network from home, there are a number of problems and issues that can come up. If you’re having problems or getting error messages on your VPN connection, check out KB article 314831.

XP stops responding if you log off when multiple users are logged on
You might find that, when more than one user is logged onto your XP computer with Fast User Switching enabled, when you log off, Windows hangs up with a black screen. This happens if a program is running in the context of another logged on user other than the one who logs off. The latest service pack should fix the problem, and there is also a hotfix available specific to this issue. To find out how to get it, see KB article 328934.

Deb Shinder, MVP

It’s official: Vista is here to stay – at least, at my home/office. Those who follow this column know that I’ve been running the new OS on one of my workstations as the primary operating system since Beta 2, but I also had the XP machine downstairs on which I did a lot of my work. That was due in part to the fact that, much as I love the Vista interface, I wasn’t able to get more than two monitors to work with it on any of my computers, whereas XP happily ran my four monitor setup.

Last week, the downstairs machine was demoted (it goes into one of the small offices upstairs to be another file server) and I got a brand new Dell XPS for the downstairs office. This is Dell’s top of the line Dimension, and it’s a monster. The photos on the Dell site don’t prepare you for the sheer size of this computer – I had to do some reconfiguring of my desk arrangement just to fit it in. If you’d like to see it, check out the photos on my blog posts of January 16 and 21.

I ordered the XPS 700 back in December, but several days after placing the order, I received an email message from Dell Small Business saying there was a supply problem with the model I ordered, and my order was being changed to a new model, the 710. The main difference was that this model’s motherboard would support Quad Core processors. Well, hey, I’m not complaining about that. Delivery date was given as 01/23 – but it showed up at my door on the 15th. Can’t complain about that, either.

I wanted a system that would last me for a while, so I went with a Core 2 Duo 2.4 GHz processor and 4 GB of RAM. Normally when I buy a computer from Dell, I get minimal memory and buy additional DIMMs from Crucial to save money. In this case, it ended up costing less to get it with the full 4 GB installed from Dell. Go figure.

The case is pretty impressive; a sleek, futuristic style that sort of leans forward. When you first turn the system on, it sounds like a 747 revving up, but after it starts, it runs almost silently. Oh, and it has running lights so you can always find it in the dark. There’s a massive 750 watt power supply and enough bays for six hard drives and two optical drives. There are two x16 PCIe slots – something that’s hard to find on computers from major vendors, along with one x1, one x8 and three regular PCI slots. There are ten (count ’em: 10) USB 2.0 ports. I can throw away my USB hub! There are also two IEEE1394 (FireWire) connectors.

It came with a Geforce 7900 video card (more on that later) and a Creative X-Fi Xtreme Music sound card in addition to the integrated audio on the motherboard. There are front jacks for the headphones and microphone, which is handy. Of course, it also comes with a gigabit Ethernet adapter built in, and unlike some modern systems, also has a serial port and PS/2 keyboard and mouse ports just in case you have legacy peripherals.

The system came with a 250 GB hard disk and Windows XP installed on one huge partition. I didn’t want to upgrade or wipe out the XP installation, just in case there were any hardware compatibility issues with Vista, so the first thing I did was download the latest version of Partition Magic (8.0). Symantec, as usual, tried to drive me nuts. After I paid my money and received the serial number both on the web site and in email, when I ran the installation wizard and entered that number, I was told it wasn’t valid. However, I was given the option to continue anyway, and the program installed. The instructions also said I’d have to activate the software the first time I tried to run it, but no activation request appeared. Oh, well. PM itself worked fine and I resized the partition to half its original size and created a new one, on which I then installed Vista Ultimate RTM. The installation went much more quickly than it has on any other system, and soon I was booting into Vista.

Next came the real test: multi-monitor functionality. I opened up the case and got a look at the guts of the thing, which were also impressive (there are “inside the case” photos on the blog site, too). Putting the second video card in was simple – no screws required; you just pop back the plastic clips holding the tops of the cards, slip it in, and pop the clips back. The second card was a Geforce 5200 GS that I’d bought to try to get Vista Aero on three monitors working on my other Dell, with no luck. This time – because it has the same chipset and uses the same driver as the primary card – the third monitor worked great.

I decided before I moved the new system from the workbench to its new home under my desk, I’d add some more storage capacity. Here’s where I saved money by doing it after the fact. Adding a second 320 GB hard drive with Dell cost $170. I picked up two 320 GB drives at Fry’s for $89 each. So now I have almost a terabyte of disk space.

As with the video card, installation of the hard drives was a breeze. Dell had already run power cables and SATA cables to the three empty internal drive bays, and again, no screws were required to put the drives in place. You just slide a holder out of the bay, pop the drive into it, and slide it back in. Attach the connectors, and you’re good to go.

Well, almost. When I booted the computer and went into Vista, all the drives showed up in Disk Manager. I partitioned and formatted them, then shut down the machine and moved it to my desk. I attached all my monitors and USB devices and other peripherals, powered it up, and – nothing. Oh, the Dell boot screen came up, but no Windows. Oops. Went into the BIOS and discovered that only one hard disk was set to “on” and it wasn’t the original one on which Windows was installed. Turned them all on, and everything was back to normal.

Setting up a new primary workstation is always a fun but anxiety-ridden experience. After all, this is where I’ll “live” for many hours a day for the next year or two. It went quickly this time; software installation was fast – in part because I didn’t need to install nearly as many third party utilities since so many functionalities they provided in the past are now included in Vista. And thanks to the speed of the machine, software packages I did install went on quickly. Microsoft Office 2007 installed in a matter of minutes, far faster than on the old machine (which is, itself, pretty powerful).

Despite one minor physical setback – I twisted my back crawling around under the desk, connecting all those cables, and could barely walk for a couple of days – the experience was a rousing success, and most of the small problems with Vista that I encountered on the old machine are now gone. I’ll be having lots more to say about Vista and new applications that run on it after the official release at the end of the month.

If you’ve bought or built a new computer recently, and if you’ve installed Vista on it or on your older system, tell us about your experiences.

Deb Shinder, MVP

The folks over at TrustedID have put together a new service — you input your credit card number, and it tells you if it’s been compromised.

The link is Stolenidsearch.com.

We’re collaborating with TrustedID to share information on potential ID theft victims.

Alex Eckelberry

Herb Horner, the forensic expert called in to testify on behalf of Julie Amero, has spoken out.

During the copy process we received several “Security Alerts!” from our antivirus program. We analyzed the activity log and noted that there were spyware/adware programs installed on the hard drive. We ran two other adware/spyware detection programs and more spyware/adware tracking cookie/programs were discovered. Out of the 42, 27 were accessed or modified days if not a month before October 19, 2004. We also noted that there was no firewall and there was an outdated antivirus program on the PC. The PC was being tracked before October 19, 2004 by adware and spyware.

We examined all internet related folders and files before October 19, 2004, during October 19, 2004 and after October 19, 2004. Most significantly, we noted freeze.com, screensaver.com, eharmony.com and zedo.com were being accessed
regularly.

On October 19, 2004, around 8:00 A.M., Mr. Napp, the class’ regular teacher logged on to the PC because Julie Amero being a substitute teacher did not have her own id and password. It makes sense that Mr. Napp told Julie not to logoff or shut the computer off, for if she did she and the students would not have access to the computer. The initial user continued use of the PC and accessed Tickle.com, cookie.monster.com, addynamics.com, and adrevolver.com all between 8:06:14 – 8:08:03 AM. During the next few moments Julie retrieved her email
through AOL.

http://www.hair-styles.org/ was accessed at 8:14:24 A.M., based upon the hair style images uploaded to the PC we were led to believe that there were students using the computer to search out hair styles. The user went to http://www.crayola.com/ at 8:35:27 A.M. The user continued accessing the original hair site and was directed to http://new-hair-styles.com/. This site had pornographic links, pop-ups were then initiated by http://pagead2.googlesyndication.com.

There were additional pop-ups by realmedia.com, cnentrport.net, and by 9:20:00
A.M., several java, aspx’s and html scripts were uploaded. A click on the
curlyhairstyles.htm icon on the http://www.new-hair-styles.com/ site
led to the execution of the curlyhairstyle script along with others that
contained pornographic links and pop-ups. Once the aforementioned started, it
would be very difficult even for an experienced user to extricate themselves
from this situation of porn pop-ups and loops.

All of the jpg’s that we looked at in the internet cache folders were of
the 5, 6 and 15 kB size, very small images indeed. Normally, when a person goes
to a pornographic website they are interested in the larger pictures of greater
resolution and those jpgs would be at least 35 kB and larger. We found no
evidence of where this kind of surfing was exercised on October 19, 2004.

More here.

Alex Eckelberry

Frank Krasicki, a teacher (who actually has taught in Norwich in the past) has been covering the Amero scandal on his blog, and he’s pissed.

And now he’s found out something pretty interesting:

I just searched the Bulletin for the word porn and came up with two hits that indicate that in June of 2004 the Griswold Middle school had children printing out graphic materials and that hard drives were seized containing pornography.

In fact there are so many porn stories during that period it looks as though it were a local cottage industry.

This indicates that both the public, the school board, the authorities, and the law KNEW there was a problem in Windham long before Julie Amero set foot in a classroom. For the responsible parties this suggests criminal negligence in not upgrading EVERY school’s anti-virus and anti-piracy software. Furthermore, by not providing policy guidance, procedural steps to take, and so on EVERY TEACHER in Windham county was being put at risk.

IMO, Norwich is going to have a LOT of explaining to do.

Good for you Frank.

Folks — this issue has still failed to get national media attention. If you have friends in high places, now is the time to alert them to this travesty. They can contact me or others covering the case. We need to get major people involved here.

The appeals process is not a certain one, and there’s a real chance she’s going to prison. And that would be a disaster for a whole lot of reasons.

Alex Eckelberry

Correction: As Dean writes: The Griswold Middle School, cited in the June 04, 2004 Norwich Bulletin article Mr. Krasicki mentions, is in Rocky Hill, CT, a suburb of Hartford located about forty miles from Norwich.

This “storm worm“, as it’s being referred to colloquially, is quite nasty and there is activity out there on this one. Also, F-Secure has reported that it’s started using rootkit technology.

Using email as an infection vector, it uses current events in the subject line, as F-Secure describes:

• Russian missle shot down Chinese satellite
• Russian missle shot down USA aircraft
• Russian missle shot down USA satellite
• Chinese missile shot down USA aircraft
• Chinese missile shot down USA satellite
• Sadam Hussein alive!
• Sadam Hussein safe and sound!
• Radical Muslim drinking enemies’ blood.
• U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
• U.S. Southwest braces for another winter blast. More then 1000 people are dead.
• Venezuelan leader: “Let’s the War beginning”.
• Fidel Castro dead.
• Hugo Chavez dead.
• And the attachment names are:
• Video.exe
• Full Video.exe
• Read More.exe
• Full Text.exe
• Full Clip.exe

There are other .exes it will use. These type of attachments are always a security risk, and blocking them is just a fine idea.

Alex Eckelberry
(Hat tip to Ferg)

Last Wednesday, I was on the national Computer America radio show discussing the Julie Amero case. Some of you asked for the podcast, and there is one available, but it’s full of commercials. I received gracious permissions from the show to edit it down a bit, and you can download the podcast here.

I was on the show with Steve Bass of PC World and Carey Holzman, who was hosting the show that week. It starts up with a mention of some Google searches I did while on hold to help a listener, and then Steve Bass introduces my story.

Alex Eckelberry

The local paper in Norwich has published my opinion piece on the Amero case.

When I first read of the case, my reaction was how illogical it all sounded: A middle-aged, substitute female teacher accessing porn on a classroom computer, in front of her students on one particular day? It made no sense.

Then I read on to find out the forensic examination of the computer clearly showed this machine was an old, poorly maintained system, riddled with spyware, without adequate protections in place, and it all became clear. Amero is the victim, not the perpetrator.

They did edit it a bit and it’s actually an earlier draft of the final, but the major gist of the storey is there. You can read the editorial piece here.

Note that the data I presented in the editorial came from Julie’s own testimony at the trial, information from the expet witness, along with actual forensic evidence (which I have reviewed parts of), and information from the defense. A later draft that I sent to the paper made my sources more clear (the edit did not make the final publication). The forensic evidence and expert testimony showed clearly that after a visit to Crayola.com, someone went to a site about hair styles which loaded a javascript that spawned popups. You can argue whatever you want, but it physically impossible to say that Julie “clicked on those links” from the physical evidence.

There’s so much more emerging on this case. I will likely interview Julie Amero and the expert witness this weekend, so watch this space for more.

Alex Eckelberry

Great blog post.

The teacher’s unions and every self-respecting citizen in this country should petition that this verdict be thrown out and that the school administrators who failed to help her turn off the computer be fired. If the judge in this case was derelict in duty then the State needs to take a hard look at what’s going on in the justice system in Norwich as well.

Link here.

Alex Eckelberry
(Thank Walter)

From Francesco, in our spyware research team:

Here’s a screenshot from one of the sites from the “Ricercadoppia/Lowzones” spammers/hidden dialers installers.

Coprocefalo literally means “sh*t” (copro) “head” (cefalo) and “zombie maker”. Iit’s pretty obvious what it means, especially since their trojan infector that allows them to send spam creates the file “cefalo.exe”.

In the past, this group has also been seen installing the Zango toolbar (and we suspect they may still be doing that).

Alex Eckelberry