page3

Elephant Boy Computers Reports

We occasionally send out email reports to our clients and friends covering various Windows security issues, computing tips and tricks, and other information we hope will be helpful. You can view the reports either by date or by subject. Please note that some of the links to online articles in older EBC Reports might not be live any more. However, there may still be useful information in the Reports so they still have a home here.

Administrivia - Since the mailing list is private, directions for members who receive EBC Reports by email to unsubscribe, change the email address at which they receive the Reports, and/or add members to the list are at the end of each EBC Reports email.

EBC Reports Chronologically: 2007, 2008, 2009, 2010

EBC Reports for 2002, 2003, 2004, 2005, and 2006 are archived here.

Back to top
Home

2007:

01-02-07 - More on Vista; New Year's Resolutions; Happy New Year
01-03-07 - New F-Prot AV; Avast! AV; bug in QuickTime; 2006 Darwin Award; some websites I like
01-22-07 - Outlook and new Daylight Savings Time rules; more on Vista; buying a new computer
02-15-07 - Update on Daylight Savings Time patches; Vista Grand Openings; Vista and antivirus programs; Vista on new machines; Book review (learning Vista)
03-22-07 - Various program updates; more Vista links
04-03-07 - Patch for Windows Animated Cursor vulnerability
04-24-07 - Staying safe online; Scammers exploit tragedy; Spring cleaning; Thunderbird 2.0; Dell continues to offer XP as an option
05-08-07 - Changes in Microsoft email; Old-style worm spreading through usb thumbdrives; Save your MS Office settings and other great tips from Lifehacker; Live Earth News
05-29-07 - Warning about false Microsoft email; Apple OS X security udpates; Apple-related security issue; Parental Control software (Windows)
07-11-07 - Patch Tuesday; useful Microsoft websites; buying a laptop for school
07-21-07 - Various security warnings; Windows Home Server
09-13-07 - Firefox extensions; Picasa Web Albums; Best Buy is Evil; Talk Like A Pirate Day
10-12-07 - eBay Desktop; Storm worm; Zlob trojan and codecs
10-24-07 - Online safety and security; Adobe Reader and Acrobat malware exploit
11-03-07 - The Consumerist's Ultimate Guide; IRS warns of email scam; more on malware from codecs; "Really Achieving Your Childhood Dreams"
12-16-07 - Fun things for Christmas

Back to top
Home

2008:

01-09-08 - Another year of malware; Xbox Live holiday problems; using legal software
01-17-08 - Rogue antispyware for the Mac; Valentine's Day Storm Worm; social engineering
01-30-08 - Income Tax-related scams; New MSN worm
02-22-08 - Upcoming Service Packs - Vista and XP
03-11-08 - Fake Government emails; Malware disguised as 3D screensavers; "The Myth of the Transparent Society"; Pi Day and Albert Einstein's birthday
04-08-08 - New phishing prevention website; Email attack tied to Microsoft's April Security Bulletin; End of the line for Windows XP and what to do about it
04-23-08 - Hotmail and Outlook Express; MSN Music Store is dead; Windows XP Service Pack 3 RTM
06-19-08 - Rogue antispyware programs; Firefox 3; DNS Changer Zlob trojan
08-23-08 - XP Antivirus 2008; Malvertisements; Recycling; Restore Disks
10-16-08 - Java update; Adobe Flash update; Infostealer trojan; Warezov botnet is back
11-12-08 - Staying safe by not getting tricked - email security; Too much security; Charity
11-27-08 - "Staying Safe" and "Too Much Security"; Christmas/Holiday images and links; EBC Christmas Card
12-17-08 - Microsoft out-of-band patch for Internet Explorer security flaw; Apple update; Fun things - ringtones and clipart; Holiday guests using your computer

Back to top
Home

2009:

01-24-09 - Recycling; Conficker worm; Webmail vs. Email Client
02-09-09 - Firefox and Java updates; Keeping track of updates; Tax-related scams
02-22-09 - Adobe vulnerability; hardware lifespans and Mac vs. PC
03-05-09 - Firefox update; Gaming scam, Apple tip
03-23-09 - Program updates - Adobe Reader, iTunes, Thunderbird; Internet Explorer 8
03-28-09 - Firefox update; Passwords; Mac malware; Fonts
04-11-09 - Java & iTunes updates; Telemarketer scammers; Internet Explorer 8 rollout
04-29-09 - Firefox 3.0.10; Microsoft Office 2007 Service Pack 2; IE8 as a "High Priority Update"; Odds and Ends - Replica and ooVoo
05-09-09 - Vista Service Pack 2; Windows 7
06-06-09 - HP Battery Recall; Apple OS X Update; Adobe Update; Windows and Office Updates; Windows 7
06-27-09 - Various program updates; Microsoft Money discontinued; Microsoft Morro; Windows 7 pricing
08-04-09 - Firefox, Adobe, and Java updates; Windows 7 RTM and upgrading; Seagate's Replica
08-12-09 - Mac OS X & Safari updates; Java update; Rogue security product; Antivirus programs on Mac OS X
09-10-09 - Updated Firefox and iTunes; Outlook troubleshooting; Snow Leopard; Guides to Snow Leopard and Windows 7; Reminder about Microsoft's Patch
Tuesday; International Talk Like A Pirate Day (and other fun Days)
09-25-09 - Program updates; New phishing worm; Casual gaming sites; Cuteness
10-13-09 - Security Updates for Adobe Reader and Acrobat; Patch Tuesday; Serious bug in Snow Leopard resulting in data loss; Fences; MS Office 2010
11-04-09 - Program updates; Recommendations for setting up users in Vista and Windows 7
11-30-09 - Holiday computer safety; Buying a computer for Christmas
12-14-09 - Staying computer-safe during the Holidays; Holiday music; Seasonal amusements

2010:

02-07-10 - Pre-Internet Explorer 8 vulnerability; Current versions of popular programs; Reminder about rogue security programs; Facebook as a vector for infection

1-2-07 - Cheops' Law - Everything takes longer and costs more. Named for the pyramid-builder, who presumably found it out the hard way.

Contents:

1. More on Vista
2. New Year's Resolutions for you
3. Happy New Year

1. I've installed Vista RTM (Release To Manufacturing - means the final version) on one of my machines (named "Merlin") and am doing a bloggish thing on my experiences with Microsoft's newest operating system. I'll try to update this regularly but since Vista is installed as a dual-boot on my son's computer and he's still on his winter vacation, I won't really be able to work with Vista intensively until he goes back to school next week. For anyone who might be interested, here's the link:

http://www.elephantboycomputers.com/vista_diary.html

As of this writing, there's only the one entry there. Yes, yes, I'm working on it. ;-)

Although Vista RTM won't be available to the general public (retail) until the end of this month, many of you may be considering the upgrade so I wanted to address that. I haven't changed my mind on upgrading advice, which is basically don't do it yet. When changing to a new operating system, you always must take two ("no, three my Lord") things into account:

a. Driver availability
b. Program compatibility
c. Bugs

a. Drivers - As I'm sure you know, all hardware in a computer must have software which tells the operating system how to use that hardware. This software is called a "driver". Without proper drivers, you might have a physical sound card in the machine but no sound within the operating system. Vista ships with 19,500 drivers provided to Microsoft by the hardware manufacturers. This is far more than XP shipped with and you would think it would be enough, but it isn't. One of the difficulties in working with PC's as opposed to Mac's is that there are thousands of different hardware components, in a zillion* different combinations.

Drivers come from the hardware manufacturers, not Microsoft. Vista has far more stringent requirements for drivers than previous MS operating systems did, which is A Good Thing. Many hardware manufacturers have not written drivers yet for current hardware, have only beta drivers so far (means "not fully cooked"), or will not be writing drivers for Vista at all for older hardware. For instance, Merlin has a very common - and not terribly old - Creative SB Audigy2 ZS sound card. Creative only has beta drivers available and they will expire in 30 days. They work OK, but I will need to uninstall them when they expire and get new ones from Creative at that point. Hopefully they will work. Merlin also has a lovely Logitech G5 gaming mouse which is current-generation hardware.. Logitech has not yet written drivers for Vista, which means that you can't configure the mouse properly. It works, but only with the most basic functions because it is using the generic mouse driver provided in Vista. Because of this, I can't get my son to even surf in Vista - spoiled brat. He insists in booting into XP instead.

Some of the XP drivers for Merlin's hardware worked, and some didn't. So it is still a crapshoot. If you plan to upgrade your existing XP operating system with Vista, I believe the upgrade process will automatically check for potential problems, including driver issues and report back. An interesting fact is that you can no longer do a clean install with an upgrade version of Vista as you could do with the earlier operating systems. Upgrading XP with Vista requires you to install from within the currently installed operating system. If you have Win9x/ME, you will not be upgrading to Vista on that machine. Don't even think about it.

So you must be sure that there will be drivers for all your hardware - motherboard, sound, video, network adapters, joysticks, printers, mice, etc.

*Obviously the exact number is estimated by me based on the "it's a very very large number" theory where you just say "a zillion" and leave it at that. But you get the idea.

b. Programs - You must take the time to research whether the programs you depend upon will run in Vista. In some cases, you will need to upgrade to the very latest version (which may not be out yet). An example is QuickBooks, an accounting program made by Intuit and used by millions. Intuit has announced that no version of QuickBooks prior to QuickBooks 2007 will run properly (if at all) on Vista. On the other hand, older programs may run just fine in Vista either natively or in compatibility mode. The point is that you can't just jump into an upgrade and then find out the hard way that the specific program on which you depend won't run. There will be Tears Before Bedtime, or worse. We'll go into options for running older software on Vista in later Elephant Boy Computers Reports or you can always contact me directly for specific help if you're a client.

c. Bugs - There is no perfect software. Even though Vista had a huge beta testing program (and I was a beta tester) because of the zillions (see note above) of hardware and software combinations possible in PC's, many bugs won't surface until the operating system has been in use "in the wild" for a while. Businesses should never upgrade their operating systems without doing extensive research and testing. A good rule-of-thumb for businesses is to wait until the first Service Pack is released and even then, don't just throw a new operating system onto your production machines. Always use a testbed box first.

For people who bought a new computer this past Christmas from big OEM's (Dell, HP, Sony, etc.) who offered an upgrade coupon - you'll be fine. Presumably those OEM's will be providing drivers and any OEM-supplied preinstalled software with the upgrade. Otherwise, for most end users the smartest thing to do is to wait until computers are available from the big OEM's with Vista preinstalled. That way you'll know the hardware will Just Work. You will still need to research whether your favorite/necessary programs will work, though.

Here are a few Vista links, to which I'll be adding as I collect them:

http://www.elephantboycomputers.com/page5.html#vista-links

2. New Year's Resolutions for you to remember:

a. Back up your data
b. Keep your antivirus subscription current
c. Stay safe out there

3. Happy New Year - Finally, let me wish each one of you and your families a very Happy New Year. All of us here at Elephant Boy Computers (me and my thousands of imaginary minions) hope that 2007 brings you Wonderful Things.

Back to top
Home

1-3-07 - If only God would give me some clear sign! Like making a large deposit in my name in a Swiss bank. -- Woody Allen

Contents:
1. New F-Prot version for home users out.
2. Good antivirus - Avast!
3. Unpatched bug in Apple's QuickTime
4. The 2006 Darwin Award
5. A few interesting websites I like

Yes, yes, I know I wrote you only yesterday but Some Things Have Come Up.

1. For those of you who use F-Prot Antivirus, there is a new version out for Windows 2000 and Windows XP - F-Prot 6. Older MS operating systems are not supported by F-Prot 6. The new version is for home use only; the corporate version is apparently still in beta. Current subscribers can upgrade to the new version for free. Go to the download site, log in with your Customer Number (you can find this in F-Prot's Updater section), and continue to the Downloads section. You'll see two choices - you want F-Prot 6. You will get a new Subscription Key - write this down because you'll need it during the installation. It is not the same as your old Customer Number. You can run the executable and it will ask you if you want to uninstall the older version of F-Prot. Click "yes" and follow instructions not to restart your computer after the uninstallation. The installation of the new version will commence. At the end of that, do restart your computer.

I use F-Prot on my Windows machines (don't need antivirus on Linux, hahahahah) so I downloaded the new version and have installed it on one of my machines so far. I haven't played with it much, but here are my impressions:

a. The user interface is a definite improvement over the older version.

b. You can now exclude detections, which is a welcome addition for when a scan finds a false-positive or detects something you want to keep and know is safe.

c. The older version of F-Prot would not automatically update from within a Limited User account (XP) without a registry hack. I don't have any Limited User accounts on my machines so I'll need to set one up to test if this has been fixed.

d. There is one thing which may be a deal-breaker as far as me recommending F-Prot 6 to end users; the installation is apparently hard-coded to default to C:\Program Files. For most end users this will not be a problem since they either have only one hard drive and/or their Windows installation is on the C:\ drive. However, it is completely possible to have XP installed on a drive other than C:\ and in fact two of my machines are configured that way. According to F-Prot's site, if you want to install elsewhere you'll need to do the install from the command line with switches. For end users, doing that is Right Out.I will experiment with this and post the results along with the Limited User account question in a later EBC Report.

Here are the subscriber login and the upgrade instructions links:

http://subscription.f-prot.com/login/index.html
http://www.f-prot.com/support/windows/fpwin_faq/482.html

2. Avast! is a very good antivirus for Windows made by Alwil. They have a free version as well as a commercial version. The free version works quite well. Avast! even installs and works on Vista, so that is what I'm using there.

http://www.avast.com/eng/avast_4_home.html - Free Home version
http://www.avast.com/eng/avast_4_professional.html - Professional version
http://www.avast.com/eng/avast_4_professional2.html - Professional pricelist
http://www.avast.com/eng/av4_version_comp.html - Comparison between Free and Professional versions

Frankly, for most people the Free version is just fine and I recommend it.

3. There is a vulnerability in Apple's QuickTime 7x that as of this writing has not been patched. The vulnerability affects both Windows and Mac OS X and would allow a user's system to be compromised by hackers. Stay away from questionable sites and watch your pr0n on some other media player until Apple patches the program.

http://www.theregister.co.uk/2007/01/03/quicktime_vuln/

And now for something completely different...

4. Two Florida people have received the 2006 Darwin Award for contributing to the "improvement of the human genome by accidentally removing themselves from it". Read all about it here:

http://darwinawards.com/newsletter/200701.txt

The main Darwin Awards site is here: http://darwinawards.com/ - don't go there unless you have a rather black sense of humor. You Have Been Warned.

5. I thought you might be interested in knowing about a few websites I find amusing and/or useful. Please note that these are sites that I like and so reflect my own peculiar tastes.

Acronyms used:

NASFW - Not always safe for work. May have adult pictures and language. Definitely not for children.
NSFW - Not safe for work, ever. Actually, I don't go to any of those types of sites but I thought you might like the definition. ;-)
FF - Family-Friendly. Safe for children and adults of all ages.

http://www.boingboing.net/ - One of the oldest "interesting things" sites around. In fact, its motto is "A Directory of Wonderful Things". NASFW

http://www.penny-arcade.com/ - A famous web comic aimed at gamers. NASFW
http://en.wikipedia.org/wiki/Main_Page - Wikipedia is always interesting, not always accurate.
http://cuteoverload.com/ - Pictures of adorably cute animals. Awwwwww. FF

http://consumerist.com/ - NASFW because of language, not pictures. A blog whose motto is "Where Shoppers Bite Back". Very useful and interesting. Includes the Walmart Nazi T-shirt watch, now in its 52nd day.

http://bibliodyssey.blogspot.com/ - FF but I don't think children would care for it. BiblioOdyssey is a visual blog where the owner posts scans of rather wonderful images from "Books, Illustrations, Science, History, Visual Materia Obscura, Eclectic Bookart". Lovely stuff, but don't go there unless you have broadband.

http://xkcd.com/ - One of my favorite web comics. NASFW because of language and subject matter. The drawings are done with stick figures so you can't see any naughty bits, but sometimes they are referred to. The comic is unabashedly for geeks and math people, calling itself "a webcomic of romance,sarcasm, math, and language".

Well, that's enough for now. It's time for me to explore Vista some more and later, brush the cats. My life is one of stunning interest and diversity.

Back to top
Home

1-22-07 - Ce qui embellit le désert, dit le petit prince, c'est qu'il cache un puits quelque part... ("What makes the desert beautiful," said the little prince, "is that somewhere it hides a well.") -- Antoine de Saint-Exupery, "Le Petit Prince"

Contents:

1. Outlook users and the new Daylight Savings Time rules.
2. More on Vista
3. Buying a new computer (related to #2 above)

1. In August of 2005 the United States Congress passed the Energy Policy Act. The Energy Policy Act changes the start and end dates of daylight saving time (DST). When this law goes into effect in 2007, DST will start three weeks earlier (March 11th, 2007) and end one week later (November 4th, 2007) than what had traditionally occurred.

Those of you using Outlook 2000, Outlook 2002 (Office XP), or Outlook 2003 should download the Time Zone Data Update Tool from Microsoft. Here's the MS article:

http://support.microsoft.com/kb/931667

For most of you, the information about Exchange Server will not be applicable, but the rest of the article will be and it is worth taking the time to read it if you rely on Outlook for your email and calendaring.

For more information about how to prepare for changes in daylight saving time in 2007 for all affected Microsoft products, visit the following Microsoft Web site:

http://www.microsoft.com/DST2007

2. I'm getting quite a few questions about Vista as we are getting closer to its retail release date (1/30). I'd like to repeat my previous caution:

Do not upgrade lightly. Run the Vista Upgrade Advisor and make sure your computer meets/exceeds Vista system requirements. Vista will not even install on a computer with less than 512MB of RAM. If you have a computer that was designed for Windows 98/ME, it will not run Vista. Buy a new machine.

I'm still suggesting that people who wish to buy a new computer soon wait until Vista is available preinstalled. This will insure that all OEM (Dell, HP, Sony, etc.) drivers and preinstalled software will work.

If you must buy a new computer and get it with XP preinstalled, be aware that in order to have the fancy Vista user interface (Aero) you must have the right video card. Computers that are being sold "Vista Capable" instead of "Vista Premium" mean that they can run Vista but not the Aero interface. Most big OEM's like Dell and HP are offering a "free express upgrade to Vista" on their machines that currently come with XP preinstalled.

Make sure that all your important programs will run on Vista. This means going to the program mftr.'s website and reading any information available. Make sure that all your peripherals such as printers, scanners, PDA's, etc. will work with Vista. If they will require new drivers/software, you'll need to get this.

Be an informed consumer or you may have an unpleasant experience with Vista.

http://www.microsoft.com/windowsvista/getready/default.mspx

Like XP, Vista comes in more than one version. You can read about the different versions at the link above. Most home users will want Vista Home Premium.

I've been working on learning Vista and there is some information at my website here:

http://www.elephantboycomputers.com/page5.html#Vista

You can read my Vista Diary, an informal bloggish page about my experiences with Vista, here:

http://www.elephantboycomputers.com/vista_diary.html

There aren't a lot of entries right now since I've been working on learning Apple's OS X on my new MacBook for the last week. See #3. below for more about that.

And understand that you must be willing to learn a new operating system. Much about Vista will be familiar to XP users, but much is different.

I do not suggest that businesses upgrade to Vista at this time. Wait at least 6 months or until the first Service Pack comes out. Do your research about any industry-specific software you use first.

3. Buying a new computer

a. General comments - The first thing to do when considering purchasing a new computer is to ask yourself what you want to do on the machine. If all you do (and will ever do) is email, word processing, and play Solitaire you will want a different machine than one on which you will do video editing, photo management, 3D gaming, creating music, etc. You can buy a much less expensive machine for the first situation; you will be unhappy if you want to do some of the latter items if you buy only a basic PC.

As a general rule, except for some very basic PC's, you can upgrade the memory, hard drive, optical drive, and video card later so if your budget doesn't allow you to get the Desktop you really want, buy one with a fast processor and leave the other components at the default. Whether you buy a lower-end machine or not, I would not buy any computer with less than 1GB of RAM and without a DVD burner.

Laptops are different since in most cases you can only add memory and a bigger hard drive. I think you should buy the most machine you can afford when you purchase a laptop. Always buy at least a 2-year warranty and matching accidental insurance when you purchase a laptop. Only buy a laptop from a well-known company which you believe will be around for a long time. Since many parts on laptops are not user-serviceable, your hardware tech support/repair will come from the laptop mftr.

b. Should you buy a Mac? - I've had quite a few clients ask me this lately, particularly since now that Apple is using an Intel processor you can dual-boot the Mac OS X with Windows (or use Virtual Machine software).

As a new MacBook owner, I can tell you that the MacBook is truly lovely. But there is no perfect hardware and there is no perfect software. Here are a few things to ask yourself first:

1. What do you want to do on the machine? This will help you make the decision as to which Mac you buy.

2. Are the programs you need to use available in Mac versions? Do you want to purchase them? If you have a lot of expensive PC programs such as Photoshop and Microsoft Office, you would need to purchase new ones for your Mac.

3. Will any peripherals you have (printers, PDA's, etc.) work on the Mac? Remember, you must have drivers for all your hardware for whatever operating system you are running. Are Mac drivers available?

4. Are you willing to learn a new operating system? OS X is very user-friendly, but it isn't Windows. An excellent book for people making the switch to OS X is "Switching to the Mac - Tiger Edition" by David Pogue and Adam Goldstein. "Tiger" is the name of the current Mac OS X version. A new version, "Leopard", is expected to be released sometime this year. If you're not in a hurry, you may want to wait.

Back to top
Home

2-15-07 - If you wait long enough, it will go away... after having done its damage. If it was bad, it will be back. - Anonymous

1. Update on Daylight Savings Time patches
2. Vista Grand Openings; Vista and antivirus programs
3. Vista on new machines - be prepared
4. Book review (learning Vista)

1. Microsoft has an updated Daylight Savings Time Help & Support Center:

http://support.microsoft.com/gp/cp_dst

Apparently the XP SP2 patch will be included in automatic Windows Updates (and this past Tuesday 2/13 was February's Patch Tuesday). If you don't have Windows Update at the automatic setting, go to the Windows Update site. See the DST Help & Support Center for instructions for older Microsoft operating systems and for XP installations that are still pre-SP2.

For Outlook, use Office Update or download the patch directly from the Microsoft Download Center. Since Daylight Savings Time is starting three
weeks earlier (and ending one week later), Microsoft suggests that you double-check with all participants of scheduled meetings during that time to make sure you are all on the same time. This is just good common sense. There are bound to be people who haven't patched Outlook and will think the meeting starts at 2:00 when it really starts at 3:00.

Here's Microsoft's Outlook page about DST:

http://office.microsoft.com/en-us/outlook/HA102086071033.aspx

2. As you probably know, Vista officially came out on January 30th. Many MVPs ("Microsoft Most Valuable Professionals"*) were present at the
various "Grand Openings" at places like BestBuy and CompUSA. I was not one of them, but several MVPs reported some disturbing behavior by store employees at these openings. For example, one BestBuy had turned off the User Account Control ("UAC") feature on all their demonstration models which severely reduces Vista's security, were pushing Norton Antivirus which does not yet work well with Vista, and were trying to sell a
"3-hour setup service" which frankly is excessive to get Vista up and running.

If you do purchase a computer from one of these "big box stores", please be aware of how the store has set up the computer. Be an informed
consumer. Ask questions. We (the MVPs) speculated that UAC was turned off in order to make Vista look more like XP. Vista is not XP. Take the time to learn about UAC and how it protects you from viruses, spyware, and other damage to the operating system.

"What is User Account Control?" - MS Windows Help and How-to

http://tinyurl.com/2prnqy

Norton antivirus and security products are not recommended. Ever. Neither are McAfee's offerings. Here is a list of antivirus programs that are certified to be compatible with Vista now (the recommendations and comments are mine of course):

Avast! - Recommended and works (am using this one on my Vista box)
http://www.avast.com/

CA Antivirus - Not recommended. Although I liked CA's antivirus offerings a few years ago, they now seem slow to produce virus definitions and their website, customer service, and tech support is awful.
http://shop.ca.com/virus/antivirus.aspx

Kaspersky Anti-Virus - Recommended
http://usa.kaspersky.com/products/anti-virus.php

McAfee (various products) - Not recommended and that's why I'm not giving you the url. If you want it that badly, look it up yourself. ;-)

Norton (various products) - Not recommended; see McAfee comments.

Panda Antivirus - Not recommended; I've never been impressed with this software and it has caused issues on some of my clients' machines.
http://www.pandasoftware.com

TrendMicro - Maybe - I've never been a fan of their products on consumer machines although their corporate software is reported to be excellent. Might be worth trying.
http://www.trendmicro.com/en/products/us/personal.htm

Recommended antivirus programs that currently do not work with Vista:

Avira AntiVir (Vista support scheduled for April 2007)
http://www.avira.com/en/pages/index.php

F-Prot (unknown when support for Vista will be available)
http://www.f-prot.com/products/home_use/win/

Microsoft does have its own combination antivirus/antispyware program - Windows Live OneCare. I cannot recommend OneCare since its antivirus has one of the lowest catch rates in the industry. It may improve, but I don't suggest gambling with your antivirus protection. Use a program that is effective and has a proven track record. Microsoft's Windows Defender antispyware program is part of Vista. It is way too early to know if Vista will fulfill Microsoft's promises about its security or whether it will still be vulnerable to malware. At this point, most security and tech professionals are suggesting that Windows Defender will be adequate for a resident antispyware program. You do not need to buy a separate antispyware program. I do not recommend those "all-in-one" security suites in any case since they are usually too heavy on the system and not all components work equally well.

As for the setup service, you may want a tech to set up your new computer. This is your choice. But you should not think it is*necessary* with Vista, any more than it was *necessary* with Windows XP. Yes, if you want the tech to physically set up the computer, transfer data/settings from an old computer to a new one, install printers, join Vista to an existing home network, get you on the Internet, etc. - that could definitely take 3 hours, or even longer. But if you handled these chores yourself just fine with XP there is no reason to think you can't handle them with Vista.

*Microsoft Most Valuable Professional
http://mvp.support.microsoft.com/

3. You can no longer can buy consumer-level machines with XP. While computer manufacturers like Dell are still offering XP on their business
machines, you should be making an effort to determine if any crucial niche software your company uses will run on Vista. There's no rush or need to panic; I'm just reminding you to be prepared.

4. O'Reilly is a very well-known and highly-respected publisher of computer-related technical books. O'Reilly offered review copies of various Vista and Office 2007 books to the MVPs. I read "Vista - The Missing Manual - For Starters" and "Vista - The Missing Manual", both by the marvelous David Pogue. Both books are great. The "For Starters" series have less in-depth technical information than the regular "Missing Manuals" but are still rich and meaty. Mr. Pogue writes clearly, with great humor, and covers all the aspects of learning Vista you will need and he does so in an extremely accessible way. Strongly recommended.

Back to top
Home

3-22-07 - The computer allows you to make mistakes faster than any other invention, with the possible exception of handguns and tequila.
-- Mitch Ratcliffe

1. Various program updates
2. Some more Vista links

1. If you have these programs, you should update them if you haven't already:

a. Apple iTunes - http://www.apple.com/itunes/download/

iTunes has been updated to be more compatible with Vista. There are still a few problems; Microsoft and Apple are reported to be working on ironing out the last compatibility wrinkles.

http://docs.info.apple.com/article.html?artnum=305042

b. Apple Quicktime (if you don't have or want iTunes) - http://www.apple.com/quicktime/download/win.html

This update is particularly important if you or your children use MySpace since malicious pages on MySpace have appeared which will take advantage of the vulnerability in older versions of QuickTime to install malware on your computer.

c. Firefox - http://www.mozilla.com/en-US/firefox/all.html

Please note that this update brings Firefox up to version 2.0.0.3 and 1.5.0.11. If you are still running a pre-Firefox 2 version, you need to update. There will be no more updates to Firefox 1.5 after April 24th. There is no reason to remain with Firefox 1.5; Firefox 2 is much better. You don't need to uninstall the old one first; just download the latest Firefox and run the installer.

d. OpenOffice - http://download.openoffice.org/2.1.0/index.html

e. Microsoft Office - Go here - http://office.microsoft.com/en-us/downloads/FX101321101033.aspx

Click on the link for Office Update at the top right corner of the page and follow the instructions that will appear.

Only click on the yellow button "Check for Microsoft Updates" if you are using Microsoft Update instead of Windows Update. There are still reports of problems with using Microsoft Update instead of Windows Update so I continue to use the latter on my Windows machines. If you have Vista, you can only use Microsoft Update.

Remember, keeping your applications patched is as important as patching your operating system.

2. I haven't gotten around to updating the portion of my website concerned with Vista, but here are some useful links about the new operating system:

Homepage - http://www.microsoft.com/windowsvista/default.aspx

Upgrade planning - http://www.microsoft.com/windowsvista/getready/upgradeinfo.mspx

MVP John Barnett - http://vistasupport.mvps.org/upgrading_to_windows_vista.htm

Comparison chart by MVP Tom Porterfield - http://support.teloep.org/vistaver.htm

Windows Vista Solution Center - http://support.microsoft.com/default.aspx/windowsvista

Other helpful general sites -

MVP Kerry Brown's site - http://www.vistahelp.ca
Robert Firth - http://winvistainfo.org/default.aspx
MVP Jimmy Brush - http://www.jimmah.com/vista/
MVP Ramesh - http://www.winhelponline.com
Vista Tips & Tricks - http://www.windowsvistatnt.com/

And for those of you using Windows Mail (Vista's successor to Outlook Express) MVP Steve Cochran - http://www.oehelp.com/

Back to top
Home

4-3-07 - If you drink much from a bottle marked 'poison' it is almost certain to disagree with you, sooner or later. ~ Lewis Carroll

1. Patch for Windows Animated Cursor Handling vulnerability

1. Microsoft is expected to issue a patch today for the Windows Animated Cursor Handling vulnerability. The patch is expected to be on Windows Update today instead of in the normal patch release cycle next Tuesday in order to cope with the widespread exploits that have surfaced. Those of you who have Microsoft operating systems for which there are no security patches (Windows 9x/ME/XP-without SP2) should be particularly careful and follow the suggestions in the Microsoft Security Advisory below.

Microsoft Security Advisory #935423 here has detailed information about the vulnerability and workarounds:
http://www.microsoft.com/technet/security/advisory/935423.mspx

Here is another description of the vulnerability and some workarounds from US-CERT (Unisted States Computer Emergency Readiness Team):
http://www.kb.cert.org/vuls/id/191609

Microsoft Security Central - a site that is of interest to anyone concerned with their computer's security:
http://www.microsoft.com/security/default.mspx

Microsoft Support Lifecycle:
http://support.microsoft.com/lifecycle/?LN=en-us&x=18&y=14

4-24-07 - I was reading the dictionary. I thought it was a poem about everything. -- Steven Wright

1. Staying safe online
2. Scammers exploit tragedy
3. Spring cleaning
4. Thunderbird 2.0
5. Dell continues to offer XP as an option

1. Cnet.com has a great guide for keeping your kids safe online - http://www.cnet.com/2001-13384_1-0.html

Remember, it's important to teach your children how to be safe on the Internet as well as in meatspace (the Real World). You don't do them any favors by just saying "don't go there". They will "go there", wherever "there" may be - MySpace, chat rooms, etc. So prepare them instead; it will be good for you to know these things, too.

2. Whenever a tragedy occurs - Katrina, earthquakes, school shootings - the Scum of the Earth are not far behind trying to separate you from your money. Make sure your donations go where they belong and don't make your computer vulnerable. Here's an article from The Register about scammers exploiting the Virginia Tech tragedy:

http://www.theregister.co.uk/2007/04/19/virginia_tech_malware_attack/

3. It's Spring! Don't forget to including your computers in your Spring Cleaning:

http://www.computerhope.com/cleaning.htm
http://www.computerairfilter.com/Dust_prevention.htm

4. Thunderbird 2.0 is now available. Upgrading is easy; just download the latest version from http://www.mozilla.com and install it. No need to uninstall the older version first.

5. Dell has announced that because of customer demand they will continue to offer XP as a choice (instead of only Vista) on certain consumer systems (business systems were still available with XP). According to the Dell IdeaStorm website, consumers can buy these models of Inspiron laptops and Dimension desktops with either XP Home or XP Pro:

Dell Inspiron: 1405, 1705, 1505, 1501
Dell Dimension: E520, E521

http://www.ideastorm.com/article/show/66023/DELL_will_continue_to_sell_XP_loaded_computers

This is a Good Thing because Vista isn't really ready for Prime Time yet. To be fair, this is not completely Microsoft's fault. Many hardware companies - who must write drivers for their devices - apparently were waiting until the commercial version of Vista was released at the end of January. There is still a lot of hardware that is not supported in Vista or the drivers are still in beta, buggy, etc. Also, some major software companies have not been on the ball or have definitely announced (like Intuit for Quickbooks and Adobe for Photoshop) that older versions of their flagship software will simply not be supported on Vista.

Before you upgrade to Vista, make very sure that all your hardware - including peripherals like printers, webcams, cameras, etc. - is supported in Vista. Make sure that all the important programs you use will work under Vista. You do this by going to the websites for the various hardware and software manufacturers and seeing what they say about Vista compatibility.

Business owners who rely on niche software (industry-specific programs) should contact tech support for those programs and find out what is planned for Vista compatibility. Naturally, when Microsoft stops selling XP entirely (probably by January, 2008) your current installations of XP will not magically disappear. But you need to be prepared for when you have to buy new computers and Vista will be your only choice for a preinstalled Microsoft operating system (and possibly no drivers available for XP).

Be an informed consumer and you will not have an unpleasant surprise and Tears Before Bedtime.

Back to top
Home

5-8-07 - Hofstadter's Law - It [a task] always takes longer than you expect, even when you take into account Hofstadter's Law. Named after Douglas Hofstadter.

1. Changes in Microsoft email
2. Old-style worm spreading through usb thumbdrives
3. Save your MS Office settings and other great tips from Lifehacker
4. Live Earth News

1. Microsoft's Hotmail is officially dead. The company has announced that Windows Live Mail will replace Hotmail, Outlook Express, Windows Mail (Vista), and Windows Live Mail Desktop (which was in beta). Apparently you can use the revamped Hotmail (now called Windows Live Hotmail) with the downloadable Windows Live Mail client to be available sometime in the near future.

Here are some articles about it:

http://www.theregister.co.uk/2007/05/07/microsoft_takes_windows_live_hotmail_public/
http://news.zdnet.com/2100-9588_22-6181819.html
http://blog.wired.com/monkeybites/2007/05/hotmail_joins_w.html

And if all the "Windows Live" names are too confusing, there's always:

http://www.gmail.google.com
http://www.mozilla.com/en-US/thunderbird/

;-)

2. With usb thumbdrives (also called "memory sticks", "flash drives", etc.) so commonly in use now, it was only a matter of time before virus writers would see this as a new opportunity to infect computers. This takes me back to The Old Days when viruses were passed on floppy disks. So be cautious about plugging in a usb thumbdrive from someone else and keep your antivirus updated.

http://www.theregister.co.uk/2007/05/08/usb_worm/

3. There's an article on the always-excellent Lifehacker site about how to save your MS Office settings for transfer to a new computer. Lifehacker has lots of great tips to make your life easier, more efficient, and fun.

http://www.lifehacker.com/

4. And in other news, Spinal Tap will reunite to save the earth from devastation as part of the Live Earth concerts scheduled for July 7th. Read about it and see a short film here:

http://www.liveearth.msn.com./spinaltap

Back to top
Home

5-29-07 - "I invented the piano key necktie! I invented it! What have you done, Derek? You've done nothing! NOTHIIIING!!!!" -- Mugatu

1. Warning about false Microsoft email
2. Apple OS X security udpates
3. Another Apple-related security issue - Photoshop CS3 installation disables the firewall
4. Parental Control software (Windows)

1. As I'm sure you all know, Microsoft does not send emails with patches attached. However, a reminder never hurts. F-Secure has received reports of a new malicious email purporting to be from Microsoft. The "patch" is really a trojan.

http://www.f-secure.com/weblog/archives/archive-052007.html#00001200

Per F-Secure, "The sample contained in the link is now detected as Backdoor:W32/VanBot.CA since 2007-05-28_05. Updates are always good, but in this case, keep your virus definitions updated instead."

2. All operating systems have vulnerabilities, not just Microsoft ones. If you or a loved one has a Mac, make sure you check for security updates occasionally. Go to System Preferences>Software Update. You can set the checking options there also.

3. During the installation of the newest version of Adobe CS3 on OS X, the Version Cue component will disable the Mac OS X Firewall. Most unfortunately, it doesn't enable it again after the installation is finished. This is a rather nasty security vulnerability, particularly if your Apple isn't behind a router. The fix is very simple - enable the Firewall yourself from System Preferences. Shame, shame Adobe!

http://www.macfixit.com/article.php?story=20070517083422529

4. There is an interesting article about parental control software in this month's issue of "Maximum PC". The article isn't on line yet (http://www.maximumpc.com) but the upshot is that parental control software can be gotten around by a reasonably bright and computer-savvy person. This is nothing new but the interesting thing about the article was how the parental control programs were circumvented. The magazine had three geeks of varying ages try and bypass Net Nanny, PC Tattletale and Safe Eyes. All were successful using different methods.

I'm not a fan of parental control software; I think the best parental control is provided by parents who are watching and who take the time to learn about their computers and teach their kids how to stay safe. Keep the computer in a public room like the family room where you can see what your little darlings are looking at. If the computer must be in the child's room, make unannounced spot checks. When you catch them looking at the naughty bits, use that as an teaching opportunity. Just my two cents and yes, I do have children - two boys, 18 and 14 so been there, done that.

However, if you really want to install parental control software I can suggest two things:

A. Naomi is a free Internet-filtering program recommended by my Brilliant Techie friend Don Olson.
http://www.radiance.m6.net/

B. The Parental Controls in Windows Vista are quite good and might be effective for younger children. Of course, the disadvantage is that you have to be running Vista. ;-)

Back to top
Home

7-11-07 - "I'm delighted you have survived another night. May I add my own congratulations to the roar of the world's approval? Thank you, sir." -- Stephen Fry as Jeeves

1. Microsoft Patch Tuesday yesterday - 11 bugs fixed, 8 critical
2. Useful new Microsoft webpages
3. Laptops for the kids - school laptop programs

1. Yesterday was Patch Tuesday. You all know what to do. Two of the patches are for Windows Server 2000 and Server 2003 so if you are a small business owner, don't forget to update your server since these are critical.

http://www.microsoft.com/protect/computer/updates/bulletins/200707.mspx

2. In searching for the link to the Update Bulletin for you, I came across these Microsoft webpages that might be of interest.

http://www.microsoft.com/athome/default.mspx - Microsoft At Home

Aimed at home users with a lot of useful information links. In a welcome departure from the usual Microsoft website design, this page looks very well organized and clear.

http://www.microsoft.com/atwork/default.mspx - Microsoft At Work

This page focuses on work issues - MS Office tips, how to use your laptop in meetings, that sort of thing.

http://www.microsoft.com/protect/default.mspx - Security At Home

Security information and tips for the end user (you!). Again, the page is very well done. There are tips about spyware, how to limit your kids' time online, how to protect yourself.

Good job, Microsoft.

3. It's that time of year when parents are thinking about buying laptops for their kids, either for a middle school laptop program or for your older child to take to college. Before you buy a laptop, check with the school and buy what the school suggests! Here's why:

a. Ease of repair - The reason the school IT Dept. wants you to buy a laptop model on "the list" is because it can be imaged for quick restoration. When setting up large numbers of computers, big companies don't hand-install/configure hundreds or thousands of machines. One computer is set up perfectly just the way the IT Dept. wants it. For a school, this means installing all the school software programs and printers, too. Then special software is used to create an image of the hard drive. This image is applied to all the other computers with the same hardware as the "master". This means that when your kid downloads stuff s/he shouldn't and the laptop is completely messed up, the school IT Dept. can reapply the image and have that laptop back to pristine condition in just a few minutes instead of hours.

Note: You can do this with your own home or small business computers to restore them to good condition quickly. Two examples of imaging software are Acronis TrueImage and Norton Ghost. I prefer TrueImage. Buy the imaging program and a usb external hard drive. The images will be saved onto the external hard drive for quick restoration. TrueImage can also do incremental backups. Backups are A Good Thing.

b. The laptop will need to connect to the school's network. The school will have requirements regarding the operating system and method of connecting. You need to meet these requirements.

c. Expense - See Item a. above. Restoring a laptop to clean condition usually costs nothing if the IT Dept. can image it. If you need to take it to a third-party repair shop (like mine), it will cost anywhere from $120-$160 each time. Most kids, at least the ones in middle school, need to have their laptop restored at least twice during the year. Even if your little angel would never download something dodgy, other kids in his/her class will and persuade other kids to "try this really cool program".

Some other things to consider when buying a laptop for a young person:

a. Sturdiness vs. weight - You want a nice solid laptop because these machines will get a lot more wear than those carried by an adult. They will be put in backpacks and thrown on the floor. So a delicate ultra-light isn't a good choice. However, remember that the kids are going to be carrying the laptops back and forth from school and to classes so a huge 8 lb. machine will also not be a good idea.

b. Don't buy a very expensive laptop for a kid - I work with the Brilliant Don Olson at St. Anthony's School and at the end of every year we need to remove all the School's software from the outgoing 8th grade students' machines. The first time I did this, I was horrified at the condition of most of those laptops. People, they were thrashed. In fact, I came home and hugged my own kid and praised him for taking such great care of what, after all, is really my laptop.

c. Warranty - Definitely buy a warranty *and* the additional accidental insurance. You should always do this for any laptop you buy, but trust me that you will use that warranty on a kid's laptop more than once. You should get at least 2-year coverage; 3-year coverage is best.

d. The gaming question - Boys want to play graphically-intense games (there are heavy-duty girl gamers but they are rare) and they will push you to buy them a fancy gaming laptop instead of the model the school want you to get. Just say "no". Acceptable gaming laptops start at around $4,000. Excellent gaming laptops start at around $6,000. Gaming laptops are heavy, too. These are not suitable for your middle-school child to take to school or for your college-bound young person to take to classes. Go back to the very beginning of this article and read what I wrote: "Buy what the school suggests". Repeat this like a mantra and all will be well.

Back to top
Home

7-21-07 - Clarke's Second Law - The only way of discovering the limits of the possible is to venture a little way past them into the impossible. -- Arthur C. Clarke

1. Various security warnings - people who want iPhones targets; eGreeting cards again; ransomware
2. Windows Home Server

1-A. Botnet targets people who want iPhones.

http://arstechnica.com/news.ars/post/20070710-botnet-targets-wannabe-iphone-owners.html

According to this ArsTechnica article, there is a trojan going around (Aifone.A) that redirects people trying to buy an iPhone from Apple's website to a fake site. Needless to say, if the victims enter their credit card information on the fake site it will go right to the scammers. The trojan is run by end user action such as opening an email attachment. You all are too smart to open attachments, right?

1-B. I previously warned you all about the flood of malware pretending to be eGreeting cards. I just wanted to let you know that the flood has apparently not abated. I see at least a dozen of these a day caught in my spamtraps so Stay Vigilant!

1-C. The return of ransomware - Recently there were a few posts about this in the MS newsgroups so I thought it might be widespread enough (or getting there) to give you a warning. "Ransomware" is malware that, when your computer gets infected with it, encrypts all your files so your data is inaccessible. The malware comes with an extortion note saying that the only way you can get your data files decrypted is to send $300 to the criminals. There's an interesting article about the newest ransomware in The Register, here:

http://www.theregister.co.uk/2007/07/19/ransomware_trojan/

One way the malware is being distributed is via a Monster.com phish. Monster.com is a website for job-seekers (and actually not a good place to find jobs, either). The file is sometimes called Jobseeker_tool.exe. The major antivirus companies such as Kaspersky should have virus definitions for this, so as always keep your antivirus updated and your subscription current.

If you get infected, we might be able to get your data back but the best thing to do is not get infected in the first place. Be careful, stay safe, and always have good and current backups of your data.

http://www.viruslist.com/en/weblog (Blog maintained by Kaspersky analysts)
http://www.prevx.com/blog.asp?ID=31

2. Windows Home Server goes RTM (Release to Manufacturing) - Windows Home Server is an interesting new product from Microsoft. It will come on a device that you'll buy and hook up to your home network. I didn't participate in the beta test, but other MVPs I know did and they thought it was promising. Basically, Windows Home Server will be a device that will be a central place to back up all your data. There are ways of doing this now, but Windows Home Server is aimed at end users - home users - and therefore won't require a high degree of technical expertise to set up and use. According to its homepage, we should start seeing Windows Home Server devices in retail stores by the end of this year.

http://www.microsoft.com/windows/products/winfamily/windowshomeserver/default.mspx

Back to top
Home

9-13-07 - "If you say something stupid and no one is there to hear it, are you still an idiot?" -- Tycho Brahe, Penny Arcade

1. Firefox Add-ons
2. Picasa Web Albums
3. Best Buy continues being Evil
4. Talk Like A Pirate Day coming up

1. Most of you know that I recommend using Mozilla's Firefox as a browser. Not only is it faster and generally safer than Internet Explorer, it is also far more versatile because of the many extensions that people have written for it. Extensions (also known as "add-ons") provide additional functions for your browser. There are hundreds of extensions for both the Firefox browser and the Thunderbird email client. Some extensions are purely practical and some are just for fun. Here are the main Add-ons pages for Firefox and Thunderbird:

https://addons.mozilla.org/en-US/firefox/
https://addons.mozilla.org/en-US/thunderbird/

Here are the add-ons I have installed in my Firefox:

Flashblock - https://addons.mozilla.org/en-US/firefox/addon/433
Forecast Fox - https://addons.mozilla.org/en-US/firefox/addon/398
FoxClocks - https://addons.mozilla.org/en-US/firefox/addon/1117
TinyURL Creator - https://addons.mozilla.org/en-US/firefox/addon/126
AdBlock - https://addons.mozilla.org/en-US/firefox/addon/10
Clear Fields - https://addons.mozilla.org/en-US/firefox/addon/2408
Auto Copy - https://addons.mozilla.org/en-US/firefox/addon/383

In Thunderbird, I have several add-ons to add functionality such as:

Delete Junk Context Menu - https://addons.mozilla.org/en-US/thunderbird/addon/149
Signature Switch - https://addons.mozilla.org/en-US/thunderbird/addon/611

Don't be afraid to explore the world of extensions!

2. One of the nicest free image managers is Google's Picasa. Recently the Picasa people have added the ability to set up a web account to share your pictures, right from within Picasa itself. This is very easy to do and free. So stop emailing those pictures to Aunt Sally and post them to a Family Picture Album on the web instead! Note that doing this will not be feasible if you are still using a dialup Internet connection.

http://picasa.google.com/ (Picasa program)
http://tinyurl.com/2egaso (Picasa Web Albums)

3. Best Buy continues being Evil. "PCWorld" reports that Best Buy and Circuit City salespersons push customers to buy unnecessary recovery disks. I've also seen some posts about this disgusting practice in the Microsoft newsgroups recently and one of my own clients nearly got clipped. Luckily for her, she called me first.

There are a lot of you who purchase new computers from these stores and you should be aware that all the extra "services" that they urge you to buy are unnecessary, turning what may be a good deal on a computer to one that is more expensive than if you purchased it elsewhere. So be an educated consumer. If you have questions about buying a new computer, you can always call Elephant Boy Computers for advice. Here's a link to the article:

http://www.pcworld.com/article/id,136496/article.html

4. I can't believe another year has gone by already and Talk Like A Pirate Day is almost upon us. Celebrate your piratey goodness (or badness) with the rest of us believers on next Wednesday, September 19th. You don't need anything more than attitude and the ability to say "Arrrgghh, Matey" but if you want to get some pirate accessories, ThinkGeek is a great place to go. Unfortunately you can't loot, but they do take credit cards. ;-)

http://www.talklikeapirate.com/
http://www.thinkgeek.com/brain/whereisit.cgi?t=pirate&x=15&y=6

Avast me hearties - yo ho!

Back to top
Home

10-12-07 - "Just remember what old Jack Burton does when the earth quakes, the poison arrows fall from the sky, and the pillars of Heaven shake. Yeah, Jack Burton just looks that big old storm right in the eye and says, Give me your best shot. I can take it.' " -- "Big Trouble in Little China"

1. eBay Desktop program
2. More on the Storm Worm(s)
3. Zlob trojans related to downloading codecs (long, but serious so please read)

1. eBay Desktop is a new application that interacts with the auction website. Here's an article about it on Lifehacker.com:

http://lifehacker.com/software/screenshot-tour/a-first-look-at-ebay-desktop-308039.php

I don't use eBay but for those of you who do, this might be a good program. I don't recommend installing the eBay toolbar* but the eBay Desktop might work for you. Oddly enough, I couldn't find a link to it on the main eBay site, but here's a direct link which I got from Lifehacker:

http://desktop.ebay.com/

Note that this program is still in beta and you should always be careful when installing beta software. On XP and Vista, I'd suggest making a System Restore point first.

*In general, stay away from installing third-party toolbars. They often cause issues with Internet Explorer 7 and/or the Windows graphical user interface (Explorer.exe).

2. The Storm Worm is still with us, in many variants. Infection can be extremely difficult to remove so you should be aware of this threat. Websense Security Labs has reported on a new version of the Storm infection. You will get a spam email with a link to a website posting as a free ecard site. No exploit is on the site itself. However, when users click any of the URLs, they are prompted to download and run a file called "SuperLaugh.exe." This file contains the Storm payload code.

Sample email subject line: View your Kitty Card now! (URL REMOVED)

There are many variants of the Storm attacks. A common characteristic seems to be that the malicious email will have a subject line that seems logical and is often tied to current events. For instance, now that it is football season there are subjects referring to teams, games, etc. As always, be extremely cautious about opening email attachments and keep your antivirus program subscription current and its definitions updated.

http://www.websense.com/securitylabs/blog/blog.php?BlogID=147 - Storm Worm Chronology
http://www.cyber-ta.org/pubs/StormWorm/ - fairly technical information but with more links

3. We've seen a lot of serious infections that are caused by users downloading codecs in order to play multimedia files, usually videos. Here is a very good explanation of "codec" from About.com. I quote the information rather than just give you the link because About.com has popups.

"'Codec' is a technical name for 'compression/decompression'. It also stands for 'compressor/decompressor' and 'code/decode'. All of these variations mean the same thing: a codec is a computer program that both shrinks large movie files, and makes them playable on your computer. Codec programs are required for your media player to play your downloaded music and movies.

"Because video and music files are large, they become difficult to transfer across the Internet quickly. To help speed up downloads, mathematical 'codecs' were built to encode ('shrink') a signal for transmission and then decode it for viewing or editing. Without codecs, downloads would take three to five times longer than they do now.

"...there are hundreds of codecs being used on the Internet, and you will need combinations that specifically play your files. There are codecs for audio and video compression, for streaming media over the Internet, videoconferencing, playing mp3's, speech, or screen capture. To make matters more confusing, some people who share their files on the Net choose to use very obscure codecs to shrink their files. This makes it very frustrating for users who download these files, but do not know which codecs to get to play these files. If you are a regular downloader, you will probably need ten to twelve codecs to play your music and movies."

The need to download codecs most often arises when people are using peer-to-peer file sharing (P2P) such as Lime Wire, Shareaza, eDonkey/eMule, WinMX, etc. Another reason is when people want to view "adult" movies and you get a prompt from the website to install a missing codec.

Codecs are licensed by their creators and most are not free. When you have a legitimate music/video player - Windows Media Player, WinDVD, Nero Showtime for example - that program comes with included codecs paid for by the programs' creators so they are free for the end user. As explained in the About.com information above, the problem comes about when your player doesn't include the codecs necessary to view a particular multimedia file. So then the search is on for a free codec that will work and that's where the malware comes in. Most of the malware picked up this way belongs to the Zlob trojan family and some of it installs a rootkit* which makes the infected computer system almost impossible to clean. In most cases, a Zlob infection picked up by downloading dodgy codecs will require a clean install of Windows.

Here is a link from the excellent CounterSpy Research Center which shows you how very nasty one of these Zlob codec-related infections can be:

http://tinyurl.com/yymn2f

How do you deal with this issue?

a. You know that using P2P is risky so.... ;-)
b. You know that viewing pr0n is risky so... ;-)
c. If you are a parent, you discuss #a and #b above with your kids and are vigilant about their computer use.
d. Download some alternative video players that may be able to play your files. Here is a list of various players with ratings:

http://www.afterdawn.com/software/video_software/video_players/

e. Use a different operating system such as Linux. I don't know if there are Zlob versions for Mac OS X so I'd be cautious in this operating system, too.

f. And if you choose to be risky and are running a Microsoft operating system, make sure your data is always backed up since you need to be prepared for a clean install of Windows.

*Rootkits are very serious pieces of malware that run hidden services on your computer, making them difficult and often impossible to remove.

Back to top
Home

10-24-07 - The Dude abides. -- "The Big Lebowski"

1. Online Safety and Security
2. Adobe Reader/Acrobat exploit

1. Various bits of (hopefully) useful information about online safety and security:

A. From Carnegie Mellon University ("CMU"), we have MySecureCyberspace, "A free educational resource created by Carnegie Mellon University to empower you to secure your part of cyberspace". Sounds fancy, but they have some really solid information geared toward you - the end user - and not techies.

https://www.mysecurecyberspace.com/

This is a large, informative site and well-worth spending some time on. The parents among you will be interested in the many topics in the Family Room such as "Keep Your Kids Safe from Online Predators" and "Feeling Confident About Allowing Kids Online".

Check out some of the articles about Privacy Tools; an Encyclopedia of risks, threats, and solutions; social engineering to trick victims into giving out personal information; and how to keep your small business/home office secure.

I give it 10 gold stars (and not just because my kid goes there!).

B. Linked from MySecureCyberspace, we have GetNetWise. "GetNetWise is a public service brought to you by Internet industry corporations and public interest organizations to help ensure that Internet users have safe, constructive, and educational or entertaining online experiences. The GetNetWise coalition wants Internet users to be just 'one click away' from the resources they need to make informed decisions about their and their family's use of the Internet. More information is available. GetNetWise is a project of the Internet Education Foundation."

http://www.getnetwise.org/

GetNetWise has sections on "Keeping Children Safe Online", "Stopping Unwanted E-Mail and Spam", "Protecting Your Computer From Hackers and Viruses", and "Keeping Your Personal Info Private". It also has a database of Internet filtering tools.

http://kids.getnetwise.org/tools/

C. Although some of us are pretty grumpy about the fact that stores are putting up Christmas decorations and it isn't even Halloween yet, it's never too early to talk about safety while doing online shopping. Here's an article about "Six Online Shopping Scams" from SmartMoney.com:

http://tinyurl.com/yp876z

D. CMU has an online game to teach about how to identify phishing sites. Even though this is a cute game, I recommend it even for grownups. And you'll be helping the CMU researchers field-test Anti-Phishing Phil. Researchers from the CMU Usable Privacy and Security (CUPS) lab found that "people who spent 15 minutes playing the Anti-Phishing Phil game were better able to identify fraudulent Web sites than people who spent the same amount of time reading anti-phishing tutorials or other online training materials. "

Information about the CUPS test and phishing:
http://www.cmu.edu/news/archive/2007/September/sept24_phishing.shtml

Link to the Anti-Phishing Phil game:
http://cups.cs.cmu.edu/antiphishing_phil/

2. New versions of Adobe Reader and Acrobat are now available for download/install to patch a serious vulnerability. Now it is reported that there is a nasty .pdf (the file format for which you need Adobe Reader) malware exploit which takes advantage of the vulnerability (like we're surprised!). Email boxes are being filled up with malware-ridden .pdf attachments. If you open the attachment, your computer will be infected with a trojan that will allow The Bad Guys to control your computer.

So update your Adobe Reader and Acrobat (if you have it - Acrobat is the rather expensive program by Adobe that allows you to create .pdf files; most people will only have the free Reader installed).

Article by The Register explaining the exploit:
http://www.theregister.co.uk/2007/10/24/pdf_exploit_in_the_wild/

Link to the updated Adobe Reader:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3806

Link to the patch for Acrobat:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

Back to top
Home

11-3-07 - Dreams are where messages start, not where they arrive. -- Randall Munroe

1. The Ultimate Consumerist Guide to Fighting Back
2. IRS warns of email scam, know if a charity is legitimate
3. More on malware from codecs
4. Off Topic - "Really Achieving Your Childhood Dreams"

1. As Faithful Readers of EBC Reports ;-) you know that The Consumerist is one of my favorite websites. It's a great online resource for a wide range of consumer-related issues. They've just posted "The Ultimate Consumerist Guide to Fighting Back" which gathers a ton of tips in one place.

Section 1: "I've been wronged! What do I do next?"
Section 2: The Consumerist Corporate Executive Directory
Section 3: Success Stories

Here's the link:

http://consumerist.com/consumer/consumerist-kit/the-ultimate-consumerist-guide-to-fighting-back-revised-edition-316524.php

2. The IRS has issued a warning about a new email scam going around posing as the IRS and soliciting donations for the California wildfire victims.

http://www.irs.gov/newsroom/article/0,,id=175392,00.html

"In an effort to appear legitimate, the bogus e-mails include text from an actual speech about the wildfires by a member of the California Assembly.

"The scam e-mail urges recipients to click on a link, which then opens what appears to be the IRS Web site but which is, in fact, a fake. An item on the phony Web site urges donations and includes a link that opens a donation form which requests the recipient’s personal and financial information.

"The IRS also believes that clicking on the link downloads malware, or malicious software, onto the recipient’s computer. The malware will steal passwords and other account information it finds on the victim's computer system and send them to the scamster."

As always, be extremely selective about contributing to charities. Here are a few links to help weed out the real ones from the fakes:

http://ag.ca.gov/charities/faq.php - from the Office of the CA Attorney General
http://www.scambusters.org/charities.html - great resource for scam-related information

3. In the 10/12/07 EBC Report I told you how malware gets into your computer if you install dodgy codecs. Alex Eckelberry of Sunbelt has an excellent illustration of this on his blog here:

http://sunbeltblog.blogspot.com/

Scroll down to the 11/1 entry, "Bundle of mayhem: mmcodecs" for an interesting read. Alex always has good security-related information in his blog and earlier posts such as "Beware targeted fake complaint emails" (10/29/07) are well worth reading also.

And if you want to know why these malware writers are so anxious to infect your computers, read the well-written (accessible to non-geeks!) three-part article "Who's Stealing Your Passwords? Global Hackers Create a New Online Crime Economy" by Scott Berinato here:

http://www.cio.com/article/135500/

4. This is really off-topic for a computer-related report but I was so moved by Randy Pausch's Last Lecture (Words to Live By) and felt that what he said was so important that I wanted to share it with you. Dr. Pausch is a professor at Carnegie Mellon University with a long and impressive list of technological and academic achievements. What Dr. Pausch has to say is vitally important to parents, teachers, and human beings in general. You can watch the lecture online if you have broadband or read it. Although the Lecture lasts about 1-1/2 hours, Dr. Pausch is an engaging speaker and if you possibly can watch it, that's what I recommend. Here's the link:

http://www.cmu.edu/homepage/innovation/2007/fall/words-to-live-by.shtml

Back to top
Home

12-16-07 - Words to live by: "Don't genetically engineer crabs to be as big as men." -- Garth Marenghi

Fun things for Christmas

As we come to the end of the year and are in the holiday season, I thought it would be nice to have a change from all the serious tech talk and just give you some pleasant Christmas-related things.

1. Old-time radio Christmas plays - free, public domain MP3s - http://www.oldradiofun.com/main/?page_id=18

2. The Web is wonderful - How to wrap a present - http://www.wikihow.com/Wrap-a-Present

3. Some fun Christmas (and non-Christmas) desktop wallpapers - http://www.vladstudio.com/home/

You have to be very careful with "free" wallpaper and screensaver sites. This one looks good and also has a lot of other nice Christmas-related stuff - http://simplyxmas.wordpress.com/2007/12/13/desktop-wallpaper-bw-retro-christmas/

This is a very good (and absolutely reputable) site that has tons of skins, themes, icons, and wallpapers to make your computer pretty for the holidays - http://www.wincustomize.com

Caedes is a nice wallpaper site. Here's a link to their Christmas gallery:
http://www.caedes.net/Zephir.cgi?lib=Caedes::Gallery&gallery=holidays-%3Echristmas

And of course, there's Flickr. Here's a link to pictures tagged with "Christmas". They have 1,840,614 photos in this category today!
http://www.flickr.com/photos/tags/christmas/

I put up some Christmasy pictures on my website for you. Some of them are large enough for desktop wallpaper; others are more for clipart. Here's the link: http://www.elephantboycomputers.com/xmas.html

4. And here is a variety of useful tips from my favorite How-to site, Lifehacker.com:

Do-It-Yourself Christmas Cards Roundup
http://lifehacker.com/software/holidays/diy-christmas-cards-roundup-331412.php

Pick the Greenest Christmas Tree
http://lifehacker.com/software/how-to/pick-the-greenest-christmas-tree-330875.php

Build the Perfect Holiday Playlist in iTunes
http://lifehacker.com/software/playlists/build-the-perfect-holiday-playlist-in-itunes-319956.php

Photo Tips for Christmas
http://lifehacker.com/software/digital-photography/photo-tips-for-christmas-223749.php

How to Photograph Christmas Lights
http://lifehacker.com/software/photography/how-to-photograph-christmas-lights-221400.php

There are plenty more - just go to http://lifehacker.com and use the search term "Christmas".

5. And of course, don't forget to track Santa's progress around the world from the NORAD website:
http://www.noradsanta.org/en/home.htm

I hope you have a very Happy Holiday Season and that the New Year brings you much joy.

Back to top
Home

1-9-08 - No matter where you go, there you are. -- Buckaroo Banzai

1. Another year, more security warnings
2. Xbox Live problems during the holidays
3. Using legal software

1. Another year, more of the usual - just nastier:

A. Evil codecs - Here is a very good post by MVP Harry Waldron about deceptive music sites to avoid:
http://tinyurl.com/ys7qeh

It references the Sunbelt Blog, which also has some new information on more fake codec sites.
http://sunbeltblog.blogspot.com/2007/12/fake-codecs-on-blogger.html

The Sunbelt blog is an excellent source of information for new forms of malware, evil websites where you can pick up malware, etc. Highly recommended.

B. Malware-laced banner ads, etc.:

From The Register - "If you haven't patched that media player or web browser in a while, now might be a good time. MySpace, Excite and Blick have been caught serving banner ads that attempt to install malware on machines running unpatched software."

http://www.channelregister.co.uk/2008/01/04/malware_laced_banners/

Secret Crush widget on Facebook spreads malware. Don't use this!
http://www.theregister.co.uk/2008/01/04/facebook_adware/

Update: Facebook has blocked Secret Crush
http://www.theregister.co.uk/2008/01/08/facebook_blocks_secret_crush/

Also see the Sunbelt Blog for good articles on RealPlayer vulnerabilities, the malicious ads on MySpace, and phishing/malware on Facebook:
http://sunbeltblog.blogspot.com/

2. For those of you (like us) who bought an Xbox 360 during the holidays and had problems with Xbox Live - Microsoft apologizes for the inconvenience. Apparently they had a lot of issues with the service because of the huge number of signups. They will be offering "all of our Xbox LIVE members around the world" a free LIVE Arcade game. No details on the offer or what game, but here's the link:

http://www.majornelson.com/archive/2008/01/03/xbox-live-holiday-performance.aspx

3. You know how I'm always warning my small business clients about getting caught by the BSA using illegal copies of Microsoft software? Seems the BSA just scored $420,000 in fines from three firms. So, I'm just sayin'...

http://www.theregister.co.uk/2008/01/09/six_firms_unlicensed_software/
http://www.bsa.org/country/News%20and%20Events/News%20Archives/en-01082008-General-Finance.aspx

Back to top
Home

1-17-08 - Well, I've wrestled with reality for 35 years, Doctor, and I'm happy to state I finally won out over it. -- Elwood P. Dowd in "Harvey"

1. Rogue antispyware program for the Mac
2. Storm Worm gearing up for Valentine's Day
3. Beware of social engineering

1. Well, well, well... the first rogue antispyware program for the Mac has just surfaced. This is not really such a surprise; this sort of scumware has been targeting PCs for years - Winfixer, SpySheriff, WinAntivirus, and all their unpleasant cousins. With a lot more people buying Macs - and a lot of those people are coming from the Windows world where spyware is a Fact Of Life - it was only a matter of time before The Bad Guys would try to get a piece of that.

Even we Mac users need to be sensible and exercise common sense. You all know how to stay safe; it isn't any different on the Mac side. Here's F-Secure's post about the rogue "MacSweeper":

http://www.f-secure.com/weblog/archives/00001362.html

Protect your Mac - http://www.getsafeonline.org/nqcontent.cfm?a_id=1165

I don't agree with them about antivirus software - I never ran it on my Linux machines and I don't run it on my MacBook (but I don't do risky computing, either) - so this is your call. In any case, I wouldn't use products from Symantec (Norton) or McAfee.

2. Users should beware of email or e-card Valentine's Day type themes as these are already circulating. You may receive a Valentine-themed email with a subject like “I Dream of You”, “For You….My Love”, “Sending You My Love”, etc. The body text will prompt you to click on a link typically looking like http://some.numeric.address. Of course you are smart and won't click on it!

Storm Worm - Gearing up for Valentines Day - http://isc.sans.org/diary.html?storyid=3855

http://www.avertlabs.com/research/blog/index.php/2008/01/15/from-nuwar-with-love/
http://sunbeltblog.blogspot.com/2008/01/new-storm-variant-in-time-for-valentine.html
http://blog.trendmicro.com/storms-spamming-out-some-love/
http://blog.trendmicro.com/chasing-storm-into-2008/
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NUWAR.BK

3. Remember that social engineering is a big part of getting malware onto your computer and/or stealing your personal information (phishing). Social engineering plays on the facts that a) most people are nice and want to help others; b) most people are easily frightened by emails from "official" sources. I was reminded of this because Doug, one of my smartest clients, called to ask about an email he'd received that looked like a legal complaint. The complaint was supposed to be contained in an attachment which looked like a legitimate .pdf file - except it wasn't. The ever-brilliant Doug felt sure this email wasn't legitimate but he just thought he'd get my input. Naturally he deleted the email, but it was official and scary-looking enough to give him - and me! - pause initially.

So be cautious and unless you are in the middle of legal entanglements and are expecting an email with an attachment, delete those messges unread.

http://en.wikipedia.org/wiki/Social_engineering_(computer_security)
http://www.securityfocus.com/infocus/1527
http://www.getsafeonline.org/
https://www.mysecurecyberspace.com/
http://www.antiphishing.org/

The latest IRS email scams - http://blogs.consumerreports.org/money/2008/01/the-latest-irs.html

Back to top
Home

1-30-08 - "Logic clearly dictates that the needs of the many outweigh the needs of the few... or the one." -- Mr. Spock

1. Income Tax-related scams
2. New MSN worm

1. I got a very useful email from Alexis Vollgraff (one of my smartest clients!). Alexis would like to share this with all of you:

"Just a few reminders you might want to send out, since I work for the IRS. We never ever email people. You would have to be on our secure messaging to get an email.   Also & this is one that is really important, when you go into any government site, local, state or federal, it will be .gov, not .com. I was checking out the JK Harris site, that I won't even comment on & found what looked like a link to the IRS, but it was the .com site & wasn't ours. We offer the free file file which is really good, but you just have to be so careful."

Thanks very much for this, Alexis. I also went to the JK Harris site Alexis mentioned and saw the link. They certainly make it look official. Creeps.

I see that MVP Harry Waldron has some excellent information on a new wave of IRS and tax-based scams. This should come as no surprise as malware writers/phishers are well known to time attacks based on Real World events; e.g., Katrina, devastating weather in Europe (Storm Worm), and of course US tax time (possibly not as much of a crisis as natural disasters but still A Big Deal to most of us). Here's Harry's blog entry:

http://msmvps.com/blogs/harrywaldron/archive/2008/01/30/irs-and-tax-based-scams-new-wave-of-attacks.aspx

2. Just in case you need a reminder (or your kids do) not to click on links that come in instant messages, a polyglot worm is spreading over MSN. See this article by The Register for details:
'
http://www.channelregister.co.uk/2008/01/23/polyglot_msn_worm/

Here's a description of it from TrendLabs Malware Blog:

http://blog.trendmicro.com/namedropping-msn-worm-also-a-polyglot/

"A new worm detected as WORM_IRCBOT.SN is currently making its rounds via MSN Messenger. In some instances, it drops popular social networking sites’ names MySpace and Facebook as it spreads itself. It sends any of the following messages together with a link where the picture referred to in the messages can be “viewed” by its recipients:

    * can i throw this picture of you and me on myspace?
    * Wanna see my pictures before i send em to facebook?
    * can I throw this picture of us on my facebook.. please?
    * I think this picture is terrible. but my friends on myspace want to see it. please dont show noone.
    * do I look dumb in this picture? I want to put it on myspace.
    * do you think I look ugly in this pic? its one of my new ones too :(
    * hey i found your picture on hotornot.com! I swear its you!
    * OMG, i found ur pic on cuteornot.com! im not kidding either!!!
    * jesus this person really looks like you!
    * This picture isnt you… right? lol

"This is only a partial list; it has a lot more lines that are mostly talking about photos. Another interesting thing about this worm, as observed by our senior analysts, is that the messages change according to the language of the affected operating system used. Based on the ploys used (using the MySpace and Facebook names and having references to country codes in its registry) as well as the varying languages by this localizing MSN worm, its authors are trying to capture a wide audience."

Update: Since I made a note of this last week for the next EBC Report (this one!), I see that this trojan is really picking up steam. So remind your kids (and yourselves!) to be careful out there.

Back to top
Home

2-22-08 - ++?????++ Out of Cheese Error. Redo From Start. -- Hex (Terry Pratchett, "Interesting Times")

Upcoming Service Packs - Vista and XP

Service Pack 1 (SP1) for Vista is finished. Those of us with MSDN/TechNet subscriptions have already received it. At this writing it is expected that end users will receive SP1 from Windows Update next month. (Microsoft issues regular Windows Updates on the first Tuesday of each month.) Service Pack 3 for XP is still in beta but getting close to RTM (Release To Manufacturing, a fancy way of saying "it's ready"). Do not just slide into an operating system Service Pack install without any preparation. You might get lucky, but then again there might be Much Gnashing Of The Teeth.

For instance, there is a new Microsoft Knowledge Base article listing some programs that will not work after Vista SP1:

http://support.microsoft.com/kb/935796

Of the programs listed, probably only Trend Micro Internet Security and Zone Alarm Security Suite are commonly found on most people's computers but you should still take a look anyway. I've seen a fair number of new laptops with the Trend Micro program preinstalled.

Proper preparation is essential to having a successful experience installing any operating system Service Pack.

Make sure you have set your Windows Updates to not be automatic. Choose the option that downloads the updates and then alerts you that updates are ready. Then take the Custom installation option in XP or click on the link that will let you view the updates in Vista. If you haven't done preparation for a Service Pack, don't take the update until you do. You'll be offered it again. And again. ;-)

Typical preparation for an operating system Service Pack upgrade:

1. Back up all your data to external media. This can mean burning to CD/DVD-Rs, copying to an external hard drive, creating an image of the system with something like Acronis True Image and storing it on an external hard drive, or a combination of all of these things. Having an image of your working system is a wonderful thing and now that external hard drives (like a MyBook or One-Touch) and imaging software like True Image are so reasonably priced, this procedure is easy.

2. Make sure the computer is completely virus/malware-free. This is crucial.

3. Do maintenance - clean up temporary files, defrag, get rid of stuff you don't need, etc. You want your system to be in tip-top shape before you apply a Service Pack.

4. People who have OEM machines (HP, Dell, Sony, Toshiba, etc.) should first go to the OEM's website to see if there are special instructions. For example, there were approximately 8 patches that needed to be installed on HP computers before installing XP's SP2.

5. If you have major software that you use every day - QuickBooks, ACT, antivirus programs, third-party firewalls, industry-specific programs, etc. - go to the companies' websites first and see if there are special instructions or known issues with a Service Pack. If you just install a Service Pack blindly and then find out that the program your company uses to do business is broken afterwards, there will be Tears Before Bedtime (at the very least).

6. If you know that some of your programs won't work with the Service Pack - CD/DVD burning software, antivirus/firewall/security programs, etc. - uninstall them first. Don't just not run them.

7. Once you've done all your prep work, close all programs before you install a Service Pack. This means your antivirus and firewall also. If your computer connects directly to a cable/DSL modem, unplug the ethernet cable first so you are not connected to the Internet and will be protected. If you have a router, you will be safe during the time your antivirus and firewall are off. If you have a laptop, make sure it is plugged into a wall outlet and not running on battery. If you think there is a possibility of a power outage, purchase an Uninterruptible Power Supply (UPS) and have the computer plugged into it. Having a UPS is a good idea anyway. A UPS is not the same thing as those power strips; a USP is an actual battery backup.

8. Be patient while you install the Service Pack. If you followed best practices for your prep work as outlined above, everything should go smoothly.

Back to top
Home

3-11-08 - "If you can't get the threat model right, you can't hope to secure the system." -- Bruce Schneier

1. Targeted malware spam attacks disguised as official Government email - Spy-Agent.cf trojan
2. Spam pushing malware disguised as 3D screensavers
3. "The Myth of the Transparent Society"
4. Pi Day and Albert Einstein's birthday

1. Be on the lookout for spam that appears to be official Government business. These new attacks will even download actual PDF forms from the government site to make them appear more legitimate. Of course you should delete these emails without opening them; under no circumstances should you open the attachments.

http://vil.nai.com/vil/content/v_142478.htm

As you can see from the McAfee description of Spy-Agent.cf at the link above, the emails can be quite frightening and official-looking. Don't be fooled.

2. Alex Eckelberry of Sunbelt has some interesting blog entries about a rash of spam pushing malware disguised as screensavers. You don't need that "free" 3D screensaver, people! Don't help the Bad Guys by downloading this garbage.

http://sunbeltblog.blogspot.com/2008/03/rash-of-new-spam-pushes-malware.html
http://sunbeltblog.blogspot.com/2008/03/dangerous-loadscc-malware-gang-re.html

3. Bruce Schneier, my favorite security guru, has a great article at Wired.com about "The Myth of the Transparent Society". There has been a lot of talk in security/IT circles lately about the virtues of transparency; i.e., if I have nothing to hide, you have nothing to use against me. Schneier punctures this myth by saying that the theory of transparency sounds nice but doesn't work because "it ignores the crucial dissimilarity of power". A very interesting read and not just for the paranoid among us.

http://www.wired.com/politics/security/commentary/securitymatters/2008/03/securitymatters_0306

Even if you are a person who doesn't pay too much attention to IT/security issues, the ongoing debates about privacy are interesting and important to all of us.

http://www.schneier.com/blog/

4. And on the lighter side, March 14th is Pi Day and Albert Einstein's Birthday. Coincidence? I think not. Celebrate by eating pie and thinking of Relativity. Have another piece of pie and don't think about Mass. ;-)

http://en.wikipedia.org/wiki/Pi_Day
http://www.piday.org/

http://en.wikipedia.org/wiki/Albert_Einstein

Back to top
Home

4-8-08 - "Roads? Where we're going we don't need... roads." -- Emmet Brown - Back to the Future

1. New phishing prevention website
2. Email attack tied to Microsoft's April Security Bulletin
3. End of the line for Windows XP and what to do about it

1. There is a new and rather well done site from the Federal Trade Commission (go, FTC!) with tips to help you avoid Internet fraud. The "Phishy Videos" are actually rather cute. This one is worth your time.

http://onguardonline.gov/index.html

2. US-CERT (United States Computer Emergency Readiness Team) has a brief notice about a targeted trojan.

"US-CERT has seen reports of an email attack targeting Microsoft's April Security Bulletin release cycle. This attack arrives via email messages withthe subject line 'Critical Patch Released: Microsoft Security BulletinMS08-64738.' These email messages contain a link to a fraudulent Microsoft Update web site that hosts malicious code or contains an attachment that is embedded with malicious code. Users who follow the link or open the attachment may become infected with a Trojan."

http://www.us-cert.gov/current/index.html#email_attack_targeting_microsoft_s

I know all of the Gentle Readers of this Report are smart enough not to get Windows Updates from anywhere except Microsoft. Still, it's good to remind you what an excellent resource US-CERT is. They have information targeted at non-technical users, alerts and tips, and lots of security-related goodies.

"The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security and the public and private sectors. Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation."

http://www.us-cert.gov/index.html

3. We are rapidly coming up on the end of XP's availability preinstalled on regular computers and in the normal retail channels. Except for preinstallation on specialized mini-PCs like the Asus EeePC, XP will not be sold on their computers by OEMs (Dell, HP, etc.) by the end of June, 2008. I know I wrote about this issue before, but after participating in a newsgroup thread yesterday about the difficulties of moving to Vista, I wanted to remind everyone about the issues involved here.

Note: If you are a home user who mostly uses the Internet, does email, has a recent version of MS Office, and doesn't have specialized software/hardware needs, Vista will work just fine for you. You can skip this lengthy part and go do something amusing instead. We're done with you. ;-)

A. Not all software will work under Vista. Now is the time to find out and be prepared, particularly if you are a small business owner using proprietary (niche) specialized software that is crucial to your company's well-being. You need to plan your actions if the computers you're currently using need to be replaced.

You - or one of your many minions - need to sit down and inventory what software you use. If you use niche software, contact that program's tech support or go to its website and find out if it works with Vista. The fellow I was working with in that newsgroup thread found out that the program his entire company used for its major business would not run under Vista and there are no plans to make it compatible with Vista. If you don't use this type of niche software, you still need to inventory your main programs. This includes knowing the version of the program. Usually you can find this information by clicking Help>About from within the program itself. You need to know whether your program version will work with Vista or plan for its upgrade. Examples are QuickBooks, Microsoft Office editions older than Office 2003, Adobe programs, etc.

B. Not all hardware will work under Vista. Usually this involves printers, but also includes any specialized hardware like bar scanners, point-of-sale equipment, health-related monitors or the like. To find out about Vista-compatibility, go to the hardware manufacturer's website and look for drivers for your specific model machine (like a printer). If there are no Vista drivers, you can't use that piece of hardware with Vista.

Don't make assumptions either way about hardware and software - check.

C. What do you do if you can't run your stuff under Vista?

1. Small business owners should consider purchasing a few extra XP computers from a decent OEM like Dell or HP. You can stick them in the closet if you don't need them now. As always, I recommend that you not be "penny-wise, pound-foolish"; if you have a business you should not buy crap like eMachines computers from Costco.

2. You can do what is called "virtual computing" on Vista. This means using either Microsoft's Virtual PC 2007 (free) or VMware Workstation (not free but I like it better than VPC) and creating a virtual machine running the older operating system. The operating system running in the virtual machine is a real operating system and you must have a license for it. You can't use the XP that came with your OEM machines so if you think you might want to do this, purchase a few extra retail copies of XP from your favorite online or brick-and-mortar store. You will probably want to get technical help from someone like Elephant Boy Computers if you are going to set up virtual computing.

3. If you are considering purchasing a Vista computer and then downgrading it to XP, here are some things you must consider first:

a. Go to the OEM's website and look for XP drivers for your specific model computer. If there are no XP drivers, then you can't install XP. End of story. If there are drivers, download them and store on a CD-R or USB thumbdrive; you'll need them after you install XP.

b. Check with the OEM - either from their tech support website or by calling them - to see if you will void your warranty if you do this. If you will void the warranty, you make the decision.

c. If the OEM does support XP on the machine, call them and see if you can have downgrade rights and have them send you an XP restore disk. This will be far the easiest and best way of getting XP on the machine.

d. If XP is supported on the machine but the OEM doesn't have an XP restore disk for you, understand that you'll need to purchase a retail copy of XP from your favorite online or brick/mortar store.

e. Also understand that you will need to do a clean install of XP so if you have any data you want, back it up first.

f. If none of the above is applicable to you because you can't run XP on that machine (see Item #1 above), return the computer and purchase one running XP instead.

Back to top
Home

4-23-08 - "You should listen to your heart, and not the voices in your head." -- Marge Simpson ("The Simpsons")

1. Hotmail and Outlook Express - the party's over
2. MSN Music Store is dead - another party that's over
3. Windows XP Service Pack 3 RTM

1. For those of you who still use Hotmail and who access it via your Outlook Express inbox, the party is over after June 30th.

http://emailsupport.spaces.live.com/Blog/cns!5D6F5A79A79B6708!5359.entry

"As of June 30, 2008, Microsoft is disabling the DAV protocol and you will no longer be able to access your Hotmail Inbox via Outlook Express. As an alternative, we recommend that you download Windows Live Mail, a free desktop e-mail client that has the familiarity of Outlook Express and much more."

I read this as meaning that while MS isn't getting rid of the Hotmail.com webmail service, they really really would prefer you move over to Windows Live Mail. Since I don't use Hotmail, Windows Live Hotmail, or Windows Live Mail, I can't comment on the differences between them. Since Windows Live Mail is free, it won't hurt you to give it a try. It doesn't seem as though you'll lose anything:

"After you provide your user name and password, you will automatically be linked to your Hotmail account, providing continued access to your email and contacts."

Personally, I use Google's Gmail for a free webmail account because it doesn't have all those ads and blinkenlights. But maybe you like those. ;-)

2. Another reason why DRM (Digital Rights Management) is Evil - If any of you were unfortunate enough to have purchased music from the now-dead MSN Music store, Microsoft is giving you another shaft by turning off their license servers at the end of this August.

Ars Technica has the story:

http://arstechnica.com/news.ars/post/20080422-drm-sucks-redux-microsoft-to-nuke-msn-music-drm-keys.html

"Customers who have purchased music from Microsoft's now-defunct MSN Music store are now facing a decision they never anticipated making: commit to which computers (and OS) they want to authorize forever, or give up access to the music they paid for. Why? Because Microsoft has decided that it's done supporting the service and will be turning off the MSN Music license servers by the end of this summer.

"MSN Entertainment and Video Services general manager Rob Bennett sent out an e-mail this afternoon to customers, advising them to make any and all authorizations or deauthorizations before August 31."

As the article suggests, the only way to be sure you'll always have this music is to burn it to audio CD.

3. Windows XP Service Pack 3 has now released to manufacturing (RTM) and will be available for separate download and from Windows Update on April 29th. While I'm not expecting anything really dreadful to come out of installing SP3, as I've previously pointed out it would be extremely foolish to blindly apply an operating system service pack without doing any preparation work at all. Again, check on your OEM's website (Dell, HP, Sony, etc.) to see if there are any pre-SP3 patches to apply. Have all your data backed up first in case Something Goes Sour. Businesses should definitely test before deployment. It's never a bad idea to wait a few weeks after the release of a Service Pack to see if anything crawls out of the Windows Rift Between The Worlds anyway. Do you really want your computer to be in thrall to the Elder Gods? Oh wait, you're using Windows so it already is. ;-)

Back to top
Home

6-19-08 - Osborn's Law - Variables won't; constants aren't.

1. Beware of rogue antispyware programs
2. Firefox 3 is out
3. DNS Changer Zlob trojan warning

1. One of my favorite clients recently got nailed by several rogue antispyware programs and fell for the scam. I've also had a rash of infected machines come into the shop with this sort of thing. So this is just a reminder about what we in the industry call "rogue antispyware" programs. We call them "rogue" because they pretend to be one of The Good Guys but are really Bad Guys. If you see popups with messages like "Warning! Your computer is infected with Spyware! Click here to purchase the removal for only $29.95" or the like, you need to a) clean up your computer (or have someone like Elephant Boy Computers do it for you); and b) don't click on that!

Here are some examples of rogue antispyware programs:

XP Cleaner, Antispykit, Antispywareshield, Virusprotect, Ultimate Cleaner, Privacy Protector, Registry Cleaner 2.5, Systemdoctor, WinAntivirus. There are many more. You can look at some of them and view the removal steps here:

http://www.bleepingcomputer.com/forums/forum55.html

2. The Firefox 3 browser is available now and it's great. For those of you who are going "what?", a browser is a program that allows you to "see" the Internet graphically. Internet Explorer is the browser that comes built into Windows. Safari is the browser that comes with Mac OS X. There are other browsers in the world (Opera, Sea Monkey, Epiphany, etc.), but Firefox is probably the best-known alternate browser (one that isn't built into or comes with an operating system).

It's always good to have more than one browser installed. That way if you have any Internet issues, you can determine if the problem is just with your browser (Internet Explorer for example) or if the problem is systemic. And it's nice to try new things!

Get the new Firefox here:
http://www.mozilla.com/en-US/firefox/?from=getfirefox

You can take a short video tour at that link, too.

See the new features:
http://www.mozilla.com/en-US/firefox/features/

And try some tips and tricks:
http://www.mozilla.com/en-US/firefox/tips/

If you already have Firefox 2 installed, you can install Firefox 3 right over it. Your bookmarks and preferences will be preserved.

3. There's a new nasty going around called DNS Changer. This is a member of the Zlob trojan family which checks to see if the victim's computer is on a network governed by a router. If it finds a router, the trojan will try and guess the router's password so it can get into the configuration utility and from there change the victim's DNS settings. This means that all your network's Internet traffic can flow through the Bad Guys' servers instead of your Internet Service Provider's. These articles explain this:

Malware Silently Alters Wireless Router Settings
http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html

http://www.trustedsource.org/blog/42/New-DNSChanger-Trojan-hacks-into-routers

When I set up a router for a client, I always change the router configuration utility's username (when applicable) and password. I also change the wireless settings to an SSID (network name) that isn't the default and an encryption scheme that is as high as all devices on the network will support. You never want to leave these settings at the default to protect yourself from neighborhood hackers and now also to protect yourself from the DNS Changer trojan. I'm sure that the DNS Changer is just the first of its kind and that there will be others.

Refer to your router's manual or the router manufacturer's website for instructions if you don't know how to administer your router. Or you can always have Elephant Boy Computers do it for you. Oh, and don't forget to write down the username and password you choose!

Back to top
Home

8-23-08 - "OH!!! THEY HAVE THE INTERNET ON COMPUTERS NOW!!?" - Homer J Simpson.

1. XP Antivirus
2. Malvertisements
3. Tech recycling
4. Making Restore Disks

Yes, I've been very remiss in not writing more EBC Reports. Frankly, I assumed that you all know not to open attachments, to ignore spam tied to current events (like the Olympics), and not to click on Questionable Content. But there have been a few developments in the malware world that I think you should know about, particularly because I'm seeing lots of people who don't surf irresponsibly get nailed by XP Antivirus 2008/09 recently. Most of these machines will need to have a clean install, unfortunately. So onward....

1. There is a whole class of malware that we in the industry call "rogue antispyware". We call these programs "rogue" because they pretend to be Good Guys but are really Evil. You'll get a notice from one of these rogues saying that your computer is infected and the only way to clean it is by paying [some amount] to the rogue. Some of these rogues can be easily removed by someone skilled (like me!), but many of them also download Zlob and Vundo trojans that are protected by a rootkit. Rootkits run invisibly and are extremely difficult to remove. For all practical purposes, if your computer is infected with rootkit-protected malware and multiple trojans, a clean install is the way to go.

The extremely Awesome And Talented security expert Jesper M. Johansson has written an excellent article, "The Anatomy of a malware scam - The evil genius of XP Antivirus 2008". It is well worth reading.

http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/

2. One way we've seen malware get onto users' computers lately is from legitimate websites unknowingly hosting malware-laden advertisements. People in the security industry have dubbed these "malvertisements". MVP Sandi Hardmeier has written extensively about them on her "Spyware Sucks" blog, and the Windows Secrets website has some suggestions as to how to combat the problem.

http://msmvps.com/blogs/spywaresucks/Default.aspx (scroll down for the various entries about malware)
http://windowssecrets.com/2008/04/24/03-Keep-malvertisements-from-infecting-your-PC

In addition to having the latest version of Flash Player, it is also wise to make sure you have the latest version of Java. To get Java, go here:

http://java.sun.com/javase/downloads/index.jsp (you want the JDK Runtime Environment (JRE) [some number some update] that is in the middle of the page)

First go to Add/Remove Programs (or Programs & Features if you have Vista) and uninstall any older versions of Java. Sun usually updates Java because of vulnerabilities and if you leave the older versions installed, you aren't protected.

3. When you replace an older computer, the question arises as to what to do with the old hardware. You can't just throw it in the trash because computers have dangerous heavy metals and most municipal garbage services have restrictions. So here are a few suggestions:

a. When you purchase a computer or printer from Dell, they offer you the opportunity to recycle the old equipment. Depending on the equipment, the option is free or a low $20.

b. Local schools - California State University Fresno has a recycling program, as does St. Anthony's School. You need to call them to see when the recycling is offered. If you aren't in Fresno, check with your own local schools. You get rid of your old equipment for nothing and the school makes a little money from it.

c. I noticed that Office Depot has a "tech recycling" program now. You ask a salesperson for a box, put your old stuff in it, and bring it back to the store. The store does make some money from recycling the equipment, but it costs you nothing. Again, if you're not in Fresno you can check at your own local office supply stores.

d. The City of Fresno has a once-a-year "big garbage pickup". There are restrictions on how much of what you can put out for pickup, but that's another way to get rid of old equipment for nothing.

4. It's that time of the year when lots of people are buying new laptops for kids returning to school. For quite a few years now, OEM ("Original Equipment Manufacturer") computer companies like HP, Sony, etc. no longer include physical disks so you can restore your computer to factory condition. Most new computers come with a restore image on a special and/or hidden partition on the hard drive. However, if your hard drive dies or the special partition is damaged, you won't be able to use this image. This is why it is important to have physical CD/DVD restore disks. If you don't have the option of purchasing restore disks (or operating system/drivers disks) when you buy the machine (Dell still offers this option), then make sure you create the restore disks right away. Since each OEM's method of doing this varies (and often varies from model to model within an OEM's line), refer to your manual, the OEM Help files, or the OEM's website for how to do this in your particular case. Then put the restore disks in a safe place and don't lose them! Sometimes you can purchase restore disks from the OEM later at a nominal cost (HP is very good about this), but some OEMs don't provide restore disks for older models. So Be Prepared.

Back to top
Home

10-16-08 - "Some books contain the machinery required to create and sustain universes." -- Tycho Brahe, Penny Arcade

1. Java update
2. Adobe Flash update - fixes clickjacking attack
3. Infostealer trojan attached to fake emails from "Microsoft"
4. Beware using "free .mp3 downloads" sites - Warezov botnet is back

1. As I've told you before, it is important to keep software updated to close security holes. While the first software one thinks of is your operating system, other programs also get patched. Sun has released a new update for Java. Go here and download Java Runtime Environment (JRE) 6 Update 10. Uninstall older versions of Java (Add/Remove Programs in XP, Programs & Features in Vista) and then install the latest version. Most people will want the 32-bit version but if you're running Vista 64-bit, download the 64-bit version of Java. If you are still running XP, you would have installed a 64-bit version yourself (and therefore know this) so if you didn't, don't worry about it; download Java 32- bit.

http://java.sun.com/javase/downloads/index.jsp

How to tell if your computer is running 32-bit or 64-bit Windows:
http://support.microsoft.com/kb/827218

2. There has been quite a bit of talk in tech news about the clickjacking exploit arising from vulnerabilities in Adobe Flash Player. A temporary workaround for Firefox was to install the NoScript extension. Nothing was available to protect Internet Explorer. While useful, NoScript can be more restrictive than desired. Adobe has come out with a new version of the Flash Player which fixes those vulnerabilities. I strongly recommend updating to the latest version of Flash Player. There are separate Flash Players for Internet Explorer and plugin-based browsers like Firefox and Safari, so if you have both types of browsers installed you need to download and install both Players.

Clickjacking article - http://blogs.zdnet.com/security/?p=1972

Go to http://www.adobe.com/ using each of your different browsers and download/install Flash Player 10. You don't need to uninstall the older version first.

3. I'm sure you all know this already, but I'd like to remind you that Microsoft never sends updates or patches attached to emails. The latest social engineering spoof email purports to come from Microsoft Customer Service and urges you to install an attached patch. The patch is the Infostealer trojan. I know that everyone reading this is way too smart to get caught by this.

4. Just another reason to beware of "free" .mp3 download sites - the Warezov Russian botnet is back.

http://www.theregister.co.uk/2008/10/16/warezovs_second_coming/

Back to top
Home

11-12-08 - "It does not matter who wins, it matters who helps." -- Alex Nichol

1. Staying safe by not getting tricked - email security
2. Too much security
3. Charity

1. Back in late July there was a surge of malicious emails purporting to be from UPS (and later FedEx). These emails looked official, The subject line was "UPS Tracking Number [some number]. The message body said something like:

"Unfortunately we were not able to deliver postal package you sent on [some date] in time because the recipient's address is not correct. Please print out the invoice copy attached and collect the package at our office."

The attachment was called "UPS_INVOICE-[some number].zip. If you were tricked and opened the attachment, your computer was infected with a very nasty trojan that was very difficult - and sometimes impossible - to remove. I've got a machine in the shop right now waiting for me to pull the client's data and clean-install Windows because the owner was tricked into opening the attachment. With the holiday season upon us we can expect to see an upsurge in this type of malicious email so please be on your guard.

Remember, UPS and FedEx do *not* send emails with attachments.

http://www.ups.com/content/us/en/about/news/service_updates/fraud.html
http://fedex.com/us/fraud/

2. We all know the old saying "you can never have too much money or be too thin"*, but can you have too much security? Absolutely. In the last month I've had two computers in the shop from different clients. The complaint in both cases was that the computer couldn't get on the Internet or Internet access was unbearably slow, they couldn't get email, and even off the Internet, Windows was so sluggish that it was basically unusable. Classic case of malware infection, yes? No.

In both cases, each computer owner had installed multiple firewalls, multiple antivirus programs, multiple antispyware programs, and had set the security "immunization" features of all those programs to "High" without really understanding what they were doing. And although that was bad enough, they had also chosen the most bloated, problematic, resource-hogging, and invasive security programs out there. Major culprits with these characteristics are products from Norton (Symantec), McAfee, Zone Alarm, and Webroot SpySweeper, to name only a few. No wonder those computers performed so badly and couldn't get to the Internet - their owners had unknowingly crippled them in the name of "security".

And even though they had piled on all this "security", some of the programs used were obsolete, other applications that are avenues for attack (Java, Adobe Reader) were not updated, and Windows itself was not patched to the latest Service Pack. The machines were also jammed up with unwanted programs preinstalled by the computer mftr., all running in the background.

This is typically what happens when someone thinks he knows a lot about computer security and enjoys tinkering - a perfect example of "a little knowledge is a dangerous thing". Once I removed all the cruft and did basic maintenance and optimization, both computers ran sweetly. Here's how to do it right (and what I do on my own Windows machines):

a. Install and keep current one antivirus. I recommend NOD32 or Kaspersky for commercial programs, Avast if you want a free one.

b. Use the Windows Firewall built into XP and Vista.

c. Install the free version of MalwareBytes' Antimalware (MBAM) from http://www.malwarebytes.org. Update it and do a Quick Scan once a week. Vista has Windows Defender built into it. I don't care for WD in XP and I don't like antispyware programs that run resident in the background, but it doesn't hurt to have WD in Vista. There is no need to have more than these antispyware programs installed.

d. Keep Windows patched. Keep major programs that are known vectors for attacks updated - Microsoft Office, Adobe Reader, Java, Adobe Flash.

e. Do other general maintenance regularly. See http://www.elephantboycomputers.com/page2.html#Maintenance for more details.

f. And remember to practice safe computing. None of the foregoing will help you if you indulge in risky behavior. See #4, "Practice Safe Hex" here:
http://www.elephantboycomputers.com/page2.html#Removing_Malware (scroll down to "E. After the machine is clean").

*I certainly agree with the first part although the second part is questionable.

3. Even with the economy so bad, we are entering the season when many people give to charities. Be wise about to whom you give and don't get caught by charity fraud. Give to legitimate organizations like the Red Cross, your church/synagogue/mosque, etc. Here are some websites to help you avoid charity fraud:

http://www.ftc.gov/charityfraud/
http://www.ftc.gov/bcp/edu/pubs/consumer/telemarketing/tel18.shtm
http://en.wikipedia.org/wiki/Charity_fraud
http://www.usps.com/postalinspectors/fraud/charity.htm

My favorite charity is Child's Play, a community-based charity that donates toys, games, books, and cash to kids in children's hospitals all over the United States.

http://www.childsplaycharity.org/

Back to top
Home

11-27-08 - Ninjas can't catch you if you're on fire.

1. "Staying Safe" and "Too Much Security"
2. Christmas/Holiday images and links
3. EBC Christmas Card

1. I have written two small articles that I hand out to my clients. The first one, which I usually give to people after I've dealt with viruses and malware on their computers, is "Staying Safe or How to Not Have This Happen Again". I wrote the second one, "Too Much Security", after covering the subject in the last EBC Report. I've put both of those informational articles on the website for download in case you might find them useful. You can download them in .pdf form by right-clicking on the links and choosing "Save Link As".

http://www.elephantboycomputers.com/staying-safe.pdf
http://www.elephantboycomputers.com/Too_Much_Security.pdf

2. Once Thanksgiving is finished and we've recovered from too much turkey and pumpkin pie, our thoughts naturally turn to Christmas. I wrote an EBC Report last year with some good tips/sites for Xmas. Some of the URLs in that Report are obsolete (or have changed unpleasantly*), so here is an updated list:

How to wrap a present - http://www.wikihow.com/Wrap-a-Present

http://simplyxmas.wordpress.com/2007/12/13/desktop-wallpaper-bw-retro-christmas/

http://www.wincustomize.com - General Desktop images but you can search for holiday ones

Caedes is still a nice wallpaper site. Here's a link to their Christmas gallery:
http://www.caedes.net/Zephir.cgi?lib=Caedes::Gallery&gallery=holidays-%3Echristmas

The Lifehacker URLs are all still good and they will undoubtedly have more for this year - http://lifehacker.com/

I see that NORAD will continue its great tradition of tracking Santa - http://www.noradsanta.org/

*The Flickr URL in the 2007 Report now leads to a number of rather naughty pictures so you may want to give this one a miss. A better solution for Flickr is to just go to http://flickr.com and then search for "Christmas". This will get you quite a few very nice images and you won't take the chance of seeing something you would rather avoid.

The excellent wallpaper site VladStudio has put all the Christmas-related wallpapers up in one place. Go to http://www.vladstudio.com/home/ (don't forget to click the "view all..." link just below the first set of Xmas pictures to see all of the related images).

InterfaceLIFT has a nice collection of Desktop wallpaper. I don't see any way to sort by holiday theme but I would expect to see some Christmas-y stuff appear as the holiday nears - http://interfacelift.com/wallpaper_beta/downloads/date/any/

Another thing you can do to get seasonal images is go to Google Images and search for "Christmas". Just bear in mind that the images are not hosted on Google's servers so you need to exercise your usual good caution on unfamiliar websites. Stay away from places like Freeze.com or you'll pick up something nasty.

I added a few more vintage Christmas-y clipart images to my own page for you - http://www.elephantboycomputers.com/xmas.html

3. Like everyone else, I'm watching my pennies very carefully. I decided not to spend the hundreds of dollars it normally costs to send Christmas cards this year, but I made you one anyway because I still love you. ;-) Here it is - http://www.elephantboycomputers.com/page4.html#Christmas_Messages

Best wishes to all of you for a joyous Holiday Season and a New Year filled with Hope and Happiness.

Back to top
Home

12-17-08 - "Give a man a fire and he's warm for the day. But set fire to him and he's warm for the rest of his life." -- Terry Pratchett

1. Microsoft out-of-band patch for Internet Explorer security flaw
2. Apple update
3. Fun things - ringtones and clipart
4. Holiday guests using your computer

1. Microsoft is issuing an out-of-band (not on the regular first Tuesday of the month) patch for a very serious vulnerability in Internet Explorer. Do not delay in applying the patch to your systems.

ALERT: Out of band security patch to be released tomorrow, 17 December at 10.00am Pacific time
http://msmvps.com/blogs/spywaresucks/archive/2008/12/17/1656924.aspx

Microsoft IE Security Advisory
http://www.microsoft.com/technet/security/advisory/961051.mspx

F-Secure: Extremely Dangerous Internet Explorer Security Hole - Beware!
http://www.f-secure.com/weblog/archives/00001561.html

Microsoft will issue emergency Internet Explorer fix on December 17th
http://www.msnbc.msn.com/id/28258894/
http://isc.sans.org/diary.html?storyid=5497
http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx
http://www.theregister.co.uk/2008/12/16/microsoft_ie_emergency_patch_warning_dec_16_2008/

2. On the Mac side, Apple has issued a new security rollup for both Leopard and Tiger. Get the update by either running Software Update from System Preferences or going to Apple and downloading the update for your particular system.

http://www.apple.com/downloads/macosx/apple/

3. On the lighter side, I found this great site where you can download ringtones in .mp3 format for free. It is safe and malware-free. You can also upload your own ringtones if you want to share them. Another site I found recently has lots of free, safe clipart.

http://audiko.net/en.html - ringtones
http://www.wpclipart.com/ - clipart

4. This is the time of year when it is common to have holiday guests visiting. If you are a hospitable sort and want to let them use your computer but are concerned about security, here are a few tips. They are applicable to both XP and Vista.

a. Do not use the Guest account you see in the User Accounts applet in Control Panel. The Guest account is a special system account, not one meant for when you are feeling hospitable. It is disabled by default in Windows XP, Vista, Linux, Unix, and OS X for a reason. If you want the technical explanation:

http://technet.microsoft.com/en-us/library/bb418978(TechNet.10).aspx

b. Instead, create a new user account called "Visitor" or "my precious mother-in-law" or the like. In XP, make this user a Limited Account. In Vista, make this user a Standard account.

c. If you are concerned about the visitor being able to see your personal files (maybe Grandma shouldn't see your collection of "playful pictures"), you can make your My Documents private in XP.

HOW TO: Set the My Documents Folder as "Private" in Windows XP
http://support.microsoft.com/kb/298399

In Vista, only an administrative account can see inside your Documents folder.

d. Some people will get the bright idea to encrypt the files. Encryption is not available natively in XP Home and Vista Home Basic/Premium but it is in XP Pro and Vista Business/Ultimate. If you decide to do this, read about encryption and really understand what you are doing. I can't tell you the number of newsgroup posts I've seen over the years where people are wailing about not being able to get their encrypted files back because they didn't take the necessary precautions.

e. You could move any "sensitive" files to a USB thumb drive or an external hard drive and hide that device in a Really Good Place.

Back to top
Home

1-24-09 - "Scotty, I need warp speed in three minutes or we're all dead." - James T. Kirk (Star Trek: The Wrath of Khan)

1. Electronic recycling at St. Anthonty's School
2. Conficker worm
3. Webmail vs. Email Clients

1. St. Anthony's School will take your old electronic devices for recycling February 15th through February 21st, 9:00 AM to 3:30 PM. The service to you is free. They will take:

TV's, Monitors, LCD Screens, Plasma Screens, Laptops, Computer Towers, Printers, Copiers, Faxes, Calculators, Stereo Systems, Keyboards, Mice, Cell Phones, Telephones, Toner and Ink Cartridges

The School's address is 5680 N. Maroa in Fresno, just south of Bullard. So if you are wondering what to do with that old computer, you can bring it there. They ask that you drop off items next to the trash bins near the southeast corner of the School parking lot. If you want more information, contact Mr. Don Olson at dolson@sasfresno.com.

2. The big news in security circles recently is the attack of the Conficker worm. According to security company F-Secure, more than one million Windows PCs have been infected with the worm (also known as Kido or Downadup). Since the malware is a worm, this means that it spreads throughout unpatched computer networks. The worm works by exploiting the vulnerability in Windows patched by the Microsoft security update MS08-067. If you install Windows Updates when they are available, you have received the patch. The reason I'm writing is that a surprisingly large number of people either turn off Windows Updates or don't install them. I had a client in here last week and he told me that he never installed Windows Updates because he was afraid to. Other people have not applied the patch because they're running pirated versions of Windows and so don't receive Windows Updates. I'm sure that the latter case doesn't apply to any of you!

Conficker infection has created a massive botnet comprised of millions of Windows computers (see http://en.wikipedia.org/wiki/Botnet for a definition). It is only a matter of time before security researchers find out to what uses the Conficker botnet will be put.

So make sure that all your Windows computers (home and business) are fully patched. Here are various links with good information about Conficker:

General information - http://en.wikipedia.org/wiki/Conficker

How the worm works (illustrated)
http://arstechnica.com/news.ars/post/20090116-conficker-worm-spikes-infects-1-1-million-pcs-in-24-hours.html

Alert - http://aumha.net/viewtopic.php?f=48&t=37919

Centralized information from Microsoft Malware Protection Center
http://blogs.technet.com/mmpc/archive/2009/01/22/centralized-information-about-the-conficker-worm.aspx

Speculation about the "superbotnet" being formed
http://www.theregister.co.uk/2009/01/23/conficker_worm/

3. Webmail vs. Email Client - I've had quite a few clients lately who were confused about the difference between webmail and email clients like Outlook Express so I wrote up this little explanation:

When you sign up with an Internet Service Provider (ISP) like AT&T or Comcast, they give you an email address, like YourName@comcast.net or YourName@att.net. When someone sends an email to you at that address, the email goes and lives on one of your ISP's computers. This computer is called a mail server. Now you have a choice as to how to get that email.

A. You can access it by reading it online in your browser (Internet Explorer, Firefox, etc.), using your ISP's mail program. This is called webmail.

1. The advantage of webmail is that you can read your mail from any computer that's on the Internet. You just need to open a browser, go to the ISP's website, login, and go to your Inbox. The email still lives on the ISP's mail server, not on your computer and it stays there until you delete it from the webmail's Inbox. It is scanned for viruses by the ISP's antivirus software. Since your email and your addressbook are on the ISP's mail server, you don't need to back anything up unless you want to change ISPs.

2. The disadvantages to webmail are a) if you have dialup and/or pay for Internet access by the minute, you have to be online to read your mail; b) you might not like the ISP's webmail interface.

B. The alternative to webmail is accessing your email by using an email program (called an email client) like Outlook, Outlook Express, Windows Mail, Thunderbird, etc. Using an email client downloads the email onto your computer. The email has been scanned for viruses by the ISP's antivirus software and again by the antivirus software you have installed on your own computer when you download it. Unless you choose to keep the messages on the ISP's mail server and remember to delete them from webmail regularly, once downloaded onto your computer those email messages are gone from the ISP's mail server. You can no longer access your email from anywhere except on your own computer in the email client you use. Since your mail and addressbook are on your computer in your email client, backing up regularly is your responsibility.

So if you don't want to use the ISP's webmail, you need to set up an email client. Go to the ISP's website and they will have instructions for doing this with whatever email client you chose. No matter which method you choose - webmail or email client - it's the same email account. One method isn't inherently "better" than the other; it's a matter of personal preference.

Back to top
Home

2-9-09 - "Ever tried. Ever failed. No matter. Try again. Fail again. Fail better." -- Samuel Beckett (Worstward Ho)

1. New updates for Java and Firefox
2. Keeping track of updates
3. Tax-related scams

1. There are new versions of Java and Firefox out. I'm pleased that Sun (maker of Java) has finally come to its corporate senses and this latest update will uninstall all the older versions instead of leaving your computer vulnerable. So all you need to do to update both Java and Firefox is to download the updates to a location where you will find them (the Desktop or a Downloads folder are good choices) and double-click each file to install.

Java - http://java.sun.com/javase/downloads/index.jsp
You want the first Item, JRE 6 Update 12

Firefox - http://www.mozilla.com

2. Updates are important because they patch vulnerabilities in programs that can be exploited by malware writers. How do you find out when updates are available for various programs? Some of this can be done automatically and some can be done manually. Here are a few suggestions:

A. Windows operating system - This is handled by Windows Update settings. You have a choice here. I prefer to set Windows Update to download updates automatically and then notify me when updates are ready. Then I look at the updates to see what they are. This is important because sometimes driver updates are included and it's a bad idea to install driver updates from Windows Update. The end result is usually Tears Before Bedtime. See Item B. for information about updating drivers. The alternative is to just set Windows Update to download and install automatically. You know yourself best - if you are the type of person who won't know what to look for and/or doesn't think about updates, then the automatic option is preferable for you. Neglecting to patch is not an option!

B. Drivers - Every piece of hardware inside and outside (like printers) a computer has software called a "driver". Drivers tell the operating system (Windows) how to use the hardware. The First Law of Driver Updates is "if it ain't broke, don't fix it". Normally if everything is working you want to leave things as they are. The exception is that heavy-duty gamers will usually want to update their video and sound drivers to squeeze every last bit of performance out of the hardware to get the fastest frame rates. If you're not one of those people, you don't need to update your drivers if there are no problems you are trying to solve.

Never get drivers from Windows Update. Get them from:

a. The device mftr.'s website; OR
b. The motherboard mftr.'s website if hardware is onboard and you have a generic-built computer; OR
c. The OEM's website for your specific machine if you have an OEM computer (HP, Dell, Sony, etc.).

Read the installation instructions on the website where you get the drivers.

To find out what hardware is in your computer:

a. Read any documentation you got when you bought the computer.
b. If the computer is OEM, go to the OEM's website for your specific model machine and look at the specs (you'll be there to get the drivers anyway)
c. Download, install and run a free system inventory program like Belarc Advisor or System Information for Windows.

http://www.belarc.com/free_download.html - Belarc Advisor
http://www.gtopala.com/ - System Information for Windows

Note: It is never necessary and is definitely undesirable to use a third-party program to check for driver updates. Most of these third-party "driver guide" programs cost money and are very often wrong. In addition, using them contravenes The First Law of Driver Updates.

C. Important program updates - It is necessary to keep important programs updated, in particular programs that are known targets for malware exploits. The most common examples are Microsoft Office, Java, Adobe Reader, browsers (Internet Explorer, Firefox, Safari), and Apple Quicktime.

a. Microsoft Office - You can manually check for updates by going to the Microsoft Office website and clicking on "check for free updates". There is a confusing link there to Microsoft Update, which is not the same thing. Microsoft Update replaces Windows Update and will check for operating system *and* Office updates. In my experience, Microsoft Update doesn't work well under Windows XP and I manually check for Office updates. It does work well under Vista and in fact, using Microsoft Update is the only way you can "check for free updates" for Office under Vista. Again, you know yourself best. If you know you'll never check for Office updates and you have Windows XP, Microsoft Update is the better choice for you.

b. Java - Now that Sun has finally written software that will remove the old, vulnerable version of Java when it updates, you can leave Java to automatically check for updates (the default) if you like. I don't like extra processes running in the background (and if you have an old, slow machine this can negatively impact performance) so I disable automatic checking and do it manually. But that's me - you do what's best for you.

c. Adobe Reader - Adobe products will automatically check for updates. Again, it's your choice whether to leave this as automatic or manually check periodically.

d. Browsers - The default behavior of Firefox is to automatically check for updates. I think this is a good idea and you should leave it that way. Internet Explorer updates are covered by Windows/Microsoft Update. Safari (Apple's browser) is covered by Apple Software Update (see #e. below).

e. Apple Software Update covers Safari, Quicktime, iTunes, and of course other Apple software if you're using a Mac. On Windows, I prefer not to have this automatic update checking run in the background. On the Mac, I leave it at the default of automatically checking once a week. Again, it's your choice what to do.

An informed computer user will look at the options in all of the programs s/he uses to see if there is automatic update checking enabled and make the correct decision based on the "Know Thyself" data.

3. Scams are commonly tied to current events. As we all know, the big upcoming event right now is getting ready for April 15th and Income Taxes. Of course, I'm sure all the EBC Report readers are far too wise to get caught by one of these scams, but you might have friends and relations who aren't as smart as you. Here's the link to the IRS's page about "How to Report and Identify Phishing, E-mail Scams and Bogus IRS Web Sites":

http://www.irs.gov/privacy/article/0,,id=179820,00.html?portlet=5

Beware of this Property Tax Reassessment scam. The Consumerist (http://www.consumerist.com) has an article about this evil company that is sending junk mail disguised as a tax document. The scam tries to get California homeowners to pay $179 before February 26th to avoid missing a "deadline". Here's the link to the full article:

http://consumerist.com/5148469/property-tax-reassessment-company-sends-junk-mail-disguised-as-tax-doc

Back to top
Home

2-22-09 - Let me correct you on a few things; Aristotle was not Belgian! The central message of Buddhism is not "Every man for himself!" And the London Underground is not a political movement! Those are all mistakes. I looked them up. -- Wanda in "A Fish Called Wanda"

1. Zero-day vulnerability in Adobe Reader and Acrobat
2. Computer lifespans and Mac vs. PC

1. Adobe has issued a critical security alert for its Adobe Reader and Adobe Acrobat, versions 7 through 9. If you downloaded a malicious .pdf file this vulnerability could cause the program to crash and potentially allow an attacker to take over your computer. There is no need to panic, but you should always be careful about what you download. Windows, Linux, and Mac OS X are affected.

http://www.adobe.com/support/security/advisories/apsa09-01.html
http://arstechnica.com/security/news/2009/02/adobe-issues-critical-security-alert-for-acrobat-and-reader.ars

Adobe has stated that it expects a fix for the latest version (9.0) on March 11th with fixes for older versions coming shortly thereafter. You'll be able to download the new version (or a patch for Acrobat; I'm not sure how Adobe will handle this) from Adobe's website. In the meantime, you can mitigate the threat most easily by using a different .pdf reader. In Windows, Foxit is a very good reader. In Mac OS X, I prefer to use Preview. If you don't want to do that, then at least disable JavaScript (not the same thing as Java) in your Adobe Reader/Acrobat products. In the Adobe program, Edit>Preferences>JavaScript and uncheck "Enable Acrobat JavaScript".

Again, there is no reason to panic. I just want you to be an informed user. Here's the download link for Foxit (Windows only). If I recall correctly, the last time I installed the free program it came bundled with some toolbar or other. Don't install the toolbar! That said, Foxit is quite good.

http://www.foxitsoftware.com/pdf/rd_intro.php

2. I've had quite a few clients purchasing new computers lately. One of them asked me whether she should get a Mac or a PC. Her concerns were reliability and she wanted the laptop to last until she got to college (2 or 3 more years for her). I thought that the information I gave her might also be useful to the EBC Report readers, so here it is:

As to its reliability, I can't really know how a Mac will last for you. The average lifespan of a laptop is 4-5 years and it will typically have had some repairs during that time (the reason for an extended warranty!). My IBM Thinkpad is 5 years old and still going strong but it was very expensive and well-made. Its hard drive and CD drive failed last year (so in Year 4) and I got a new keyboard since the old one was faded, all replaced under warranty. My Dell Inspiron 6000 is 4 years old but has had 3 motherboards, speaker issues, 2 keyboard replacements because of broken keys, and a loose screen over the course of its life (all replaced under warranty).

My MacBook is now 2 years old and its hard drive died this past December (replaced under warranty). I bought a new MacBook Pro while the black MacBook was being fixed by Apple. As I always do with laptops, I bought the extended warranty* (Apple Care).

Hardware fails. This is a fact of computing life. That's why we buy warranties (and why we back up our data regularly). Usually if a component is faulty it will fail very quickly, sometimes out of the box or in a month. If it makes it through the early days, most hardware will normally stay good for years. The average life of a hard drive is 3-4 years. Same for an optical drive. Motherboards and processors tend to last longer because there are no moving parts. Laptops owned by kids (even careful ones) don't usually last as long as laptops owned by careful adults. I mean no disrespect to kids when I say that and of course it's a generalization, but it's one that my friend who runs the tech at St. Anthony's School has seen for years.

I hope this has given you more accurate expectations for computer lifetimes. You should make the decision whether to buy a Mac or a PC based on which operating system and computer you like best. If you really want a Mac, then you should get one. The difference in cost between a Dell Studio laptop (after you include both warranties) and a MacBook with AppleCare (Apple's warranty) is a few hundred dollars. Now, I'm not turning up my nose at a few hundred dollars but in the bigger scheme of things it isn't that much more to get something you really want and hope to have for quite a while. But I can't promise you that the MacBook will last forever, any more than I could promise you the PC would.

*I always counsel prospective laptop buyers to spend the extra money and purchase at least a 3-or-4-year extended warranty PLUS matching accidental coverage (if offered). You will be very glad you did. I never purchase an extended warranty on a desktop computer because the parts that generally fail are easily and relatively inexpensively replaced - hard drive, optical drive, memory. If the motherboard (or its onboard components) fails, it will usually do so in the first year while still under the basic warranty. By the time the computer is 4 or 5 years old, if the motherboard fails it will be almost as expensive to replace as just buying a new computer. The exception to this is Apple. Because of their proprietary nature and the difficulty of end user repair on some Apple models, I would probably purchase Apple Care for a Mac desktop computer too.

Back to top
Home

3-5-09 - Hello. My name is Inigo Montoya. You killed my father. Prepare to die. ("The Princess Bride")

1. Firefox update
2. Avoid gaming scams
3. Apple tip

1. Firefox 3.0.7 security and stability release is now available:

http://blog.mozilla.com/blog/2009/03/04/firefox-307-security-and-stability-release-now-available/
http://www.mozilla.com

Download the update and install or start Firefox, click on Help>Check for updates.

2. My gamer kids love Steam and probably so do yours. Steam is a digital service for PC games and while it is really good, if someone steals your username/password they've stolen all your games. Of course adults can be caught by phishing scams, but kids are particularly vulnerable.

Chris Boyd at SpywareGuide has written an excellent short two-part series about Steam scams.

Part 1 - http://blog.spywareguide.com/2009/03/the-gift-of-steam.html
Part 2 - http://blog.spywareguide.com/2009/03/the-gift-of-steam-part-2.html

And interestingly, today Consumerist.com has an entry about some poor guy whose Steam account seems to have been stolen. He's having a hard time getting attention from Valve, Steam's owners. So make sure the gamers in your life are aware of Steam phishing scams.

http://consumerist.com/5164851/months-later-valve-has-still-not-reset-my-steam-password

3. For those of you who are switching to a Mac from Windows for the first time, here are some very useful How-To videos from Apple:

http://www.apple.com/findouthow/mac/

For new switchers, the tutorial "PC to Mac: The Basics" is excellent. These are short videos and are very well done.

Back to top
Home

3-23-09 - The Analytical Engine weaves Algebraical patterns just as the Jacquard loom weaves flowers and leaves. -- Ada Augusta, Countess of Lovelace, the first programmer

1. Program updates available - Adobe Reader, iTunes, Thunderbird
2. Internet Explorer 8

1A. Anyone using Adobe Reader should update to the latest 9.1 version to protect against vulnerabilities. Go to http://www.adobe.com/ and click on the "Get ADOBE READER" button. You don't need to uninstall the older version first. In spite of how much most people hate software that does this, Adobe insists on installing Adobe AIR and a link to Adobe.com (on your Desktop!) when you install Reader as well as sticking the Adobe Speed Launcher into your Startup. Adobe AIR is another developer's tool like Flash and Shockwave which can be used to write programs. The AIR component you get with Reader is a player in case you go to a website that has AIR-based programs. You can do what you like of course, but after I install Adobe Reader, I always:

a. Go to Control Panel>Add/Remove Programs (XP) or Control Panel>Programs and Features (Vista) and uninstall Adobe.com and Adobe AIR. I don't like extra stuff loaded in my computers and if I ever need AIR on a website (haven't yet), I'll be prompted to install it then.

b. I also don't like updaters, "speed launchers", etc. running in the background on my machines. Again, you need to make the choice for yourself. If you want to remove the Adobe Reader Speed Launcher you'll need to edit the Registry or run the System Configuration Utility. Since doing the latter is safer for you (messing up in the Registry can immediately hose your Windows installation) here are the instructions:

For XP - Start>Run>msconfig [enter]

This brings up the System Configuration Utility. Look on the Startup tab and find Adobe Speed Launcher. Uncheck the box next to its name, Apply and OK out. You don't need to restart immediately, but the next time you do you'll get a dialog saying you've used the Utility. Just tick the box that says in effect, "don't bother me about this again".

For Vista - Start Orb>Search box>type: msconfig and when it appears in the Results box above, right-click and choose "Run as Administrator".

If you are prompted for an administrator password or for a confirmation, type the password, or click Continue. Then do as above. The dialog after restart will usually be blocked by Windows Defender and you'll need to allow it so you can then tick the "don't bother me about this again" box.

(Important Safety Note - Do not use the System Configuration Utility to stop processes. You won't need to be on that tab to stop Adobe Reader and tinkering with processes here can make your computer unbootable.)

1B. iTunes 8.1 is now available from Apple. Go to http://www.apple.com/downloads/ to get it. You don't need to uninstall the older version first. Apple also shoves extra stuff in Startup - QuickTime and iPod Helpers. If you don't want these things running, use the System Configuration Utility (msconfig) to disable them.

1C. Mozilla Thunderbird 2.0.0.21 an excellent free email client, is available from http://www.mozillamessaging.com/en-US/thunderbird/. You don't need to uninstall the older version first.

2. Internet Explorer 8 is now out of beta. This doesn't mean you should run right out and install it. Unless you have a testbed machine and/or like living on the bleeding edge (and are prepared to reinstall Windows), it is always smarter to wait until a new version of IE has been out for a while and the first patches/fixes have been created. Microsoft may say this browser isn't beta any more but reportedly there are still a lot of rough spots and incompatibilities. I'll be installing it in one of my virtual machines so as not to mess up anything used for production so I can play around with it. I've gathered some links and advice for you. I would definitely read and follow the installation/incompatibility caveats. In addition to all of that, many of you have Windows Update set to automatically download and install updates. While IE8 will not appear in Windows Update as a critical update for a while, eventually it will. Since a successful installation requires quite a bit of research and work on the end user's part, I strongly suggest you change the Windows Update settings to "Download updates and prompt me to install when they are ready" (paraphrasing here). Then you can look at what the updates are and if IE8 is there, uncheck it so you can prepare your system for it instead of just blindly installing it. I know this is more work, but much better safe than sorry.

IE8 System Requirements - http://www.microsoft.com/windows/internet-explorer/support/system-requirements.aspx

IE8 Fact Sheet - http://www.microsoft.com/presspass/newsroom/windows/factsheets/IE8FS.mspx

IE8 Home Page (with Download link) - http://www.microsoft.com/windows/internet-explorer/default.aspx

HOW TO solve IE8 installation problems - http://support.microsoft.com/kb/949220

Per MVP Robear Dyer (an IE expert) - "I would strongly recommend disabling your anti-virus application and any anti-spyware applications (other than Defender [in Vista]) before installing (or uninstalling) an IE upgrade. If you're running a third-party firewall, I would recommend disabling it and then enabling the Windows Firewall before installing (or uninstalling) an IE upgrade.

"Tip: Reboot twice after installing IE8 Final.

"Tip: Make certain that your anti-virus application, any anti-spyware applications (other than Defender), and your third-party firewall (if any) is supported in IE8 Final before you decide install it.

"No-charge support for Internet Explorer 8 installation, set-up and usage (only) is available via the phone based on your locale through 31 December 2009. Customers must be running Windows XP or Windows Vista in a non-domain environment. US & CA Residents: 866-234-6020. Other: https://support.microsoft.com/oas/default.aspx?&prid=13043

http://blogs.msdn.com/ie/archive/2006/10/11/IE7-Installation-and-Anti_2D00_Malware-Applications.aspx " [end of quote]

In addition to Mr. Dyer's advice, I would also suggest uninstalling any security software that uses the Host/Restricted Sites such as SpywareBlaster, IE-Spyads, custom Hosts file (return to default), and Spybot Search & Destroy immunization. With the latter, make sure to turn off immunization and stop TeaTimer (if being used) before you uninstall the program since the registry changes will not revert to default if you don't.

A few articles about IE8 features:

http://arstechnica.com/microsoft/news/2009/03/mix09-internet-explorer-8-released-progress-unmistakable.ars
http://news.cnet.com/8301-17939_109-10200670-2.html
http://www.pcworld.com/article/161587/is_ie8_actually_safer.html

Back to top
Home

3-28-09 - I'm delighted you have survived another night. May I add my own congratulations to the roar of the world's approval? Thank you, sir. -- Jeeves to Bertie Wooster

1. Important Firefox patch
2. Passwords
3. Macs and malware
4. Fonts

1. There is an important Firefox update (to 3.0.8) that fixes some very nasty vulnerabilities. Everyone using Firefox should install this.

http://www.mozilla.com/en-US/
http://blog.mozilla.com/security/2009/03/26/cansecwest-2009-pwn2own-exploit-and-xsl-transform-vulnerability/

2. Passwords are a fact of life for all of us. It's hard to balance having strong passwords and having passwords you can remember. I have all of mine on a spreadsheet because there is no way my aged brain could remember them all. I've collected some useful links and programs to help you:

Microsoft Password Checker to see if you have a strong password
http://www.microsoft.com/protect/yourself/password/checker.mspx

Microsoft - Strong passwords and how to create them
http://www.microsoft.com/protect/yourself/password/create.mspx

Microsoft - Security at home
http://www.microsoft.com/protect/default.mspx

Password Lesson and Tips:
http://lifehacker.com/5180925/password-lessons-and-tips-from-our-readers

Choose (and remember) great passwords:
http://lifehacker.com/software/top/geek-to-live--choose-and-remember-great-passwords-184773.php

Write passwords down:
http://lifehacker.com/software/passwords/use-a-wallet-to-keep-passwords-safe-330057.php

Password Safe (written by security expert Bruce Schneier and free)
http://passwordsafe.sourceforge.net/

KeePass Password Safe (free)
http://keepass.info/

3. We Mac users tend to be a bit smug about not getting viruses and malware the way That Other Platform (OK, it's Windows!) does but complacency in this case is foolish. While OS X isn't the main object of attack that Windows is, Macs can get infected too. The fact that one needs to supply an administrator's password to install anything is no deterrent. Sophos (a major security protection company) has published an interesting demonstration of Mac malware in action. Watch the short video to see what happened:

http://www.sophos.com/blogs/gc/g/2009/03/25/apple-mac-malware-caught-camera/

Of course, in the video Sophos Antivirus saves the day. Now, I don't run antivirus software on my Macs and have no intention of doing so but I'm very very careful about what I download. Many Mac users aren't particularly computer-savvy and could be fooled into installing malware, especially if they think they are getting a legitimate program which looks like something they want. This is no reason to panic; I just want you all to be well-informed.

4. Lots of you enjoy fonts. Lifehacker has a great article on typography tools and links to font downloads that you might like:

http://lifehacker.com/5182958/killer-typography-tools-and-free-font-downloads

Back to top
Home

4-11-09 - Do not meddle in the affairs of wizards, for they are subtle and quick to anger. -- Gandalf

1. Java and iTunes updates
2. Telemarketers scamming malware
3. Internet Explorer 8 rollout

1. Both Java and iTunes have been updated.

A. Java - JRE 6 Update 13 - http://java.sun.com/javase/downloads/index.jsp

You don't need to uninstall JRE 6 Update 12 first; the new installation will remove it for you. However, it will put the Sun Java Update back in Startup, change the Control Panel applet's preference to automatically update, and start the Java Quick Start Service (XP only). If you don't want this, use msconfig to remove the update from Startup, go to the Java Control Panel update and change the preference to "never check for updates", and stop the service using services.msc (I always set mine to Disabled).

a. Msconfig - For XP:

Start>Run>msconfig [enter]

This brings up the System Configuration Utility. Look on the Startup tab and find the Sun Java Update. Uncheck the box next to its name, Apply and OK out. You don't need to restart immediately, but the next time you do you'll get a dialog saying you've used the Utility. Just tick the box that says in effect, "don't bother me about this again".

For Vista:

Start Orb>Search box>type: msconfig and when it appears in the Results box above, right-click and choose "Run as Administrator".

If you are prompted for an administrator password or for a confirmation, type the password, or click Continue. Then uncheck Sun Java Update. As with XP, you don't need to restart immediately, but the next time you do you'll get the dialog saying you've used the Utility. Usually in Vista this will be blocked by Windows Defender and you'll need to allow it so you can then tick the "don't bother me about this again" box.

b. Services - For XP, Start>Run>services.msc [enter] - scroll down to the Java Quick Start. Double-click it to get its Properties, stop the service, and set it to Manual or Disabled (your choice). For Vista, Start Orb>Search Box>type: services. When Services appears in Results above, right-click it and choose "Run as administrator". Then follow the XP directions.

B. iTunes - http://www.apple.com/itunes/download/

You don't need to uninstall the older version of iTunes first. However, the update will put the iTunes Helper and QuickTime Task in Startup, start the Apple Mobile Device and iPod Service in Services, and sometimes sets the Quick Time Control Panel applet to automatically check for updates. You can deal with this the same way as you do with Java. If you have an iPod or iPhone that you connect to your computer, leave the Apple Mobile Device and iPod Service alone (in Services).

2. Beware of telemarketers trying to sell you rogue antivirus/spyware programs. The Register has an interesting article about this:

Scareware scammers adopt cold call tactics - Supportonclick scam spreading - http://www.theregister.co.uk/2009/04/10/supportonclick_scareware_scam/

It is particularly worrying that these scammers are claiming to be from Malwarebytes since I install the legitimate Malwarebytes' Antimalware (MBAM) program on all my clients' machines.

Of course I know that all of you are intelligent people who are wary of telemarketers, but I thought I'd give you a heads-up because of the false MBAM connection.

3. IE8 rollout information from Microsoft:

"Starting on or about the third week of April [2009], users still running IE6 or IE7 on Windows XP, Windows Vista, Windows Server 2003, or Windows Server 2008 will get will get a notification through Automatic Update about IE8.This rollout will start with a narrow audience and expand over time to the entire user base. On Windows XP and Server 2003, the update will be [a] High-Priority [update]. On Windows Vista and Server 2008 it will be [an] Important [update].

"IE8 will not automatically install on machines. Users must opt-in to install IE8. Users will see a Welcome screen that offers choices:
Ask later, install now, or don’t install.

"Users who decline the automatic update can still download it from http://www.microsoft.com/ie8 or from Windows Update as an optional update.

"Automatic Updates will notify all such users (including those with Automatic Updates configured to automatically download and install updates) when Internet Explorer 8 has been downloaded and is ready to install. The notification and installation process will not start unless and until a user who is a local administrator logs on to the machine. Users who are not local administrators will not be prompted to install the update and will thus continue using Internet Explorer 6 or Internet Explorer 7."

I strongly suggest that you do not install IE8 without extensive preparation.* In addition, I normally don't install a new version of Internet Explorer until it has been out for 6 months or longer, giving the inevitable bugs time to surface and Microsoft to patch them.

*See EBC Report 3-23-09 for details.

Back to top
Home

4-29-09 - "It's today!" said Piglet. "My favorite day," said Pooh. -- A. A. Milne

1. Firefox 3.0.10
2. Microsoft Office 2007 Service Pack 2
3. IE8 as a "High Priority Update"
4. Odds and Ends - Replica and ooVoo

1. Last week Mozilla updated Firefox to 3.0.9; blink and you missed it because this week there is another update bringing Firefox up to 3.0.10. Quite a few vulnerabilities have been patched, so download Firefox 3.0.10 from http://www.mozilla.com. You don't need to uninstall the older version first.

2. Service Pack 2 for Office 2007 is now available for download. There are apparently a lot of improvements and everyone with Office 2007 is encouraged to install Service Pack 2.

Overview of Service Pack 2 improvements - http://support.microsoft.com/kb/953195
Download details - http://support.microsoft.com/kb/968170

3. Internet Explorer 8 is now included in Windows Update as a "High Priority Update". That is Microsoft's assessment of its importance; my tech colleagues and I will wait at least 6 months before deploying IE8 to clients' machines. I previously gave you links to help prepare for IE8 (EBC Report 4-11-09). I strongly urge you to read that information thoroughly before installing IE8. Then if you still want it, by all means install it. Note: Even if you have Windows Update set to automatically download and install updates, it is my understanding that you will be prompted to accept the IE8 update and that it will not be installed automatically - so you can still refuse it even if you use automatic updating.

4. Here are a few odds and ends:

a. Seagate has taken a page from Apple and produced what they say will be a Time Machine for Windows. For those of you unlucky enough to not have Macs running Leopard, Time Machine backs up your entire Mac once an hour. You can in effect go back in time to restore deleted or changed files, and you can also restore an entire system - even to a completely different Mac. Time Machine works on any external hard drive and while it has a few little quirks, it performs beautifully. Up until now there have been no backup/restore solutions as elegant and easy as Time Machine for Windows.

Seagate has announced "Replica", an external hard drive appliance that is supposed to do the same thing as Time Machine, with availability in May. Their suggested price is around $130 for a 250GB drive and probably $100 more for a 500GB drive. They are billing the 500GB drive as a device for multiple computers. The 250GB drive seems a tad small to me for one machine and I think 500GB/1TB sizes might have been more practical. I also haven't seen any information on the mechanics of a full restore. Still, Replica sounds like an intriguing backup/recovery possibility for Windows. I don't know that I'd run right out and buy first-generation hardware for something as important as backup, but I'll definitely be keeping an eye out for Replica news and reviews.

Seagate's Replica - http://www.seagate.com/replica/
Available in May - http://foxyurl.com/wh

b. Lots of people use Skype with their webcams for video chat. One of my favorite clients has a brilliant and beautiful daughter who says that "Skype is old"* and recommends ooVoo video chat software instead. I haven't tried ooVoo because I'm too boring for video conferencing, but some of you with-it young people might like it.

You can video-conference with up to 3 people for free, up to 6 people for a $10/month. This might be a good solution for small businesses if you have a lot of video conferencing needs.

Thanks and props to Taylor for being so cool. Check out ooVoo if you're interested and then get off of my lawn. ;-)

http://www.oovoo.com

*Imagine that damning assessment said in the scornful tones that only a 13-year-old person can utter.

Back to top
Home

5-9-09 - "I've got a bad feeling about this." -- Han Solo

1. Vista Service Pack 2
2. Windows 7

1. Vista Service Pack 2 is officially out of beta and the final version is available. As of this writing, while the Service Pack is available on Microsoft Technet and MSDN as a hefty combination download (Service Pack 2 for Vista/Server 2008 32-bit, Vista/Server 2008 64-bit, and Server 2008 with Itanium processor), the individual downloads aren't on Microsoft's public download site yet. I'm writing about this now so you will know what to do when Windows Update offers you Service Pack 2.

Service Packs in general are rollups of previous security patches and will often include bug fixes and sometimes added functionality to an operating system or program. It is extremely important to keep your operating system patched and up to the current Service Pack level and you definitely want to update your Vista machines to Service Pack 2. I was a beta tester and can tell you that almost no one experienced any problems with the upgrade. However, you should always take precautions before installing a Service Pack. If you follow the steps below, your upgrade experience should be a good one. Naturally Elephant Boy Computers is always available to do this work for our clients.

a. Back up your data to external media (external hard drive, CDs or DVDs). You should be doing this regularly anyway, of course. In all probability nothing will go wrong, but since Stuff Happens you should be prepared. You Have Been Warned.

b. Do system maintenance.

1. For Internet Explorer's Temporary Files, go to Control Panel>Internet Options>General tab. You'll see where you can delete cookies and files.
2. For Firefox, clear its cache by going to Tools>Options>Privacy>Cache> Clear.
3. For Windows Temporary files, run the Disk Cleanup.You can find the shortcut for Disk Cleanup in your Start Menu under Programs>Accessories>System Tools>Disk Cleanup.

A very good utility for cleaning things out is CCleaner. CCleaner is a powerful tool and I strongly urge you not to use the more advanced tools unless you totally know what you're doing. I never use the registry cleaner portion of this utility and I do know what I'm doing! If you don't know how to work in the registry by hand, you shouldn't be playing in there. You Have Been Warned.

c. Make sure your computer is completely virus/malware-free. After you've done the system maintenance, run a scan with Malwarebytes' Anti-malware (MBAM). Make sure to update MBAM before scanning. Do not attempt to upgrade Vista to Service Pack 2 if your computer is infected! You Have Been Warned.

d. If you have one of those really annoying and invasive garbage antivirus programs like Norton or McAfee, now would be a great time to uninstall it. After you have applied Service Pack 2, you can install something better. I recommend NOD32 (commercial) or Avast (free). Disable/shutdown all running programs - particularly antivirus and third-party firewall programs - before you start the Service Pack install.

e. Now you are ready to install the Service Pack(s). In a bone-headed move that is too annoying for me to write about, Microsoft has made it so Service Pack 2 will only install onto a computer that already has Service Pack 1. If your computer has NO Service Pack, you will need to install Service Pack 1 first and then Service Pack 2. You can tell what Service Pack level Vista is at by doing:

Start Orb>Search Box>type: winver [enter]

Or you can go to the System applet in Control Panel.

f. Getting Service Packs - Most people will wait until Service Pack 2 is offered from Windows Update. If you need Service Pack 1, it probably is already being offered to you and you're ignoring it. Or you can download the Service Packs from Microsoft directly. If you go this route, you must be sure to get the correct version - 32-bit or 64-bit. If you have Vista 64-bit, it will say so on the System applet and also from the winver command.

You can keep an eye on this page for links to Service Pack 2. Right now it is only linking to Service Pack 1.

http://www.microsoft.com/windows/downloads/default.aspx

g. Now you are ready to install the Service Pack. Do the installation from a user account with administrative privileges. Accept the End User License Agreement and leave the box for "Automatically reboot" checked. Your computer will reboot two or three times during the Service Pack installation process. Just let it go. Service Pack 2 takes slightly less time to install than Service Pack 1, but we're still talking about a fair slice of time for the job. To give you an idea, I had a client's machine in here that needed both Service Packs installed. I started installing Service Pack 1 around 11:00 AM and Service Pack 2 was finished at 2:30 PM. After each Service Pack is finally finished installing, you will be at the Welcome Screen. Log into the same user account from which you started the Service Pack installation and you will be presented with a box telling you that the Service Pack was installed successfully. Reward yourself with the treat of your choice. I had a vodka.

2. Now that Windows 7 Release Candidate 1 (RC1) is publicly available, I suppose it's time to talk about it. A Release Candidate is usually the last version of the software before it is finished and Released To Manufacturing (RTM). However, there can be more than one RC so the software it is still considered Beta and not fully cooked. Here are a few observations about Win7:

a. It is less demanding of hardware than Vista. While I wouldn't upgrade a very old machine to Win7, Win7 runs really well on my older testbed computer on which Vista was sluggish at best.

b. Most hardware that works with Vista will work with Win7. Most hardware.

c. Although there are some new features (which some people will love and some will hate), Win7 is similar to Vista but a lot less annoying. It has its own annoyances, of course. It is much better than Vista, but then again what isn't?

d. There has been quite a bit written about the XP Mode feature. XP Mode will allow you to run Windows XP in a special version of Microsoft's Virtual PC. In effect, XP Mode gives you a free copy of XP along with your Win7 but there are some important limitations. XP Mode is only available in the far more expensive Win7 Business and Win7 Ultimate versions. The processor and motherboard must support hardware virtualization and not all do. Of course even if you don't have the proper hardware and/or you have Win7 Home you can still run XP in a virtual machine using software like Virtual PC or VMware Workstation (my preference) but you will need to purchase a legal copy of XP. Virtual machines don't support heavy 3D gaming; they are most appropriate for when you have an important business program that isn't supported in your host operating system.

e. I was very pleasantly surprised at how much Local Area Networking has been improved. I filed quite a few bugs about this area of the operating system and someone must have been listening.

By making Win7 RC1 publicly available, Microsoft is in effect letting people try their new operating system for free. If you want to play with it, be aware of the following:

a. NEVER EVER EVER install beta software on a production machine or on a computer which you are unwilling to wipe and lose everything. RC1 is still beta, which means there are still bugs. In fact, a huge ugly I-Can't-Believe-This-Bug-Wasn't-Caught-In-Testing bug was discovered a few days ago. The kind of bug that is a show-stopper (it has to do with permissions on root folders not being created properly which means Things Will Break). We beta-testers were quite surprised at the speed at which Microsoft is rushing this operating system out the door. It definitely feels like this is a Marketing push to me. That doesn't mean Win7 won't be good, but it does mean that when a bug of the magnitude of this one got overlooked it is probable that there are other unpleasantnesses lurking under that pretty interface. You Have Been Warned.

b. Win7 RC1 is time-bombed. It will expire on June 1, 2010 at which point it will Stop Working. Starting on March 1, 2010 your computer will begin shutting down every two hours. To quote Microsoft, "To avoid interruption, you'll need to install a non-expired version of Windows before March 1, 2010". This means that when next March comes around, you will need to do a clean install of the operating system of your choice on that computer. If you want Win7, you'll need to buy a copy. No more free ride. While there were some hacks floating around at the end of the Vista beta to allow people to install the final version over the RC, they didn't always work. When you have a beta or an RC, you always have to go on the assumption that you will need to do a clean install of the final. You Have Been Warned.

c. There is no "official" support of RC1. If you have problems with it you can post in Microsoft's forums, other public forums, or newsgroups. You're a tester, not a customer at this point. You have to troubleshoot issues yourself. You Have Been Warned.

If you still want to give Win7 a spin, you can download it here - http://www.microsoft.com/windows/windows-7/download.aspx

If any of my clients don't want to do this but are curious and want to take a look at Windows 7, give me a call. You can come over and try it out here if you like.

Back to top
Home

6-6-09 - If you drink much from a bottle marked 'poison' it is almost certain to disagree with you, sooner or later. ~ Lewis Carroll

1. HP Notebook PC Battery Pack Replacement Program
2. Apple OS X Leopard update to 10.5.7
3. Adobe updates
4. Windows and Office updates
5. Windows 7

1. http://bpr.hpordercenter.com/hbpr/M14.aspx

"In cooperation with the U.S. Consumer Product Safety Commission, on May 14, 2009. HP announced a worldwide voluntary recall and replacement program for battery packs used in certain HP notebook PCs."

"HP and the battery cell manufacturer believe that certain battery packs shipped in HP notebook PC products manufactured between August 2007and January 2008 may pose a potential safety hazard to customers. The batteries can overheat, posing a fire and burn hazard"

You can validate your battery from the link above.

2. Apple has released the 10.5.7 update to OS X. You can get it by using the Software Update on your Mac or by downloading the Combo Update from here:

http://www.apple.com/downloads/macosx/apple/macosx_updates/macosx1057comboupdate.html

Even though it is a larger download (729MB in this case), I always use the Combo Update on my Macs. And of course, never do a major update like this without taking the precaution of backing up your system first. I use a combination of Time Machine and SuperDuper since I don't have a Time Machine drive for my backup MacBook.

3. Adobe has gone to a quarterly patch cycle, beginning this Tuesday, June 9th. This means that if you don't have your Adobe products set to automatically update, you should go to Adobe's website and download them or manually check for updates from within whatever Adobe products you have. Tuesday's update will include a patch for vulnerabilities in versions 7.x, 8.x, and 9.x of Adobe Reader and Adobe Acrobat.

http://blogs.adobe.com/psirt/2009/06/adobe_security_bulletin_advanc.html

4. Microsoft will have some very critical updates this upcoming Patch Tuesday also (6/9). These updates will include important patches for various versions of Microsoft Office, so if you aren't using Microsoft Update (as I don't on my XP machines - I prefer to use Windows Update there), then go to the Office Downloads page and click on Office Update in the left-hand column.

http://www.microsoft.com/technet/security/bulletin/ms09-jun.mspx

http://office.microsoft.com/en-us/downloads/FX101321101033.aspx

5. Microsoft has announced that their newest operating system, Windows 7, will be available for purchase (retail and preinstalled on new computers) on October 22, 2009.

http://www.winsupersite.com/win7/

I'll be covering Windows 7 in more detail as we get closer to the RTM (Release To Manufacturing) date. Of course my clients are always welcome to give me a call about Windows 7. I'll be putting up a page for it on the Elephant Boy Computers website pretty soon.

Basically, although there are changes from Vista, Windows 7 is similar to Vista (only better). If you are happy with Vista or XP, there will be no reason to upgrade to Windows 7. If you are running Vista and don't like it, then upgrading to Win7 might be A Good Thing. If you are running XP and have older programs and hardware (like printers) that wouldn't run under Vista, they won't run under Win7 either. Businesses should always be cautious about upgrading to a new operating system, with savvy techs preferring to wait a year or until the first Service Pack comes out.

Most consumers will get Win7 preinstalled when they buy a new computer. It has also been announced that new computers purchased after July will be eligible for a free upgrade to Win7 when it comes out. Of course, this will also depend on the computer manufacturer so you should be very clear on what you are getting if you purchase a new computer late this summer.

Side-by-side, feature-by-feature comparison of the different editions from Paul Thurrott:
http://www.winsupersite.com/win7/win7_skus_compare.asp

Windows 7 Homepage - http://windows.microsoft.com/en-US/windows7/home

Back to top
Home

6-27-09 - And the Lord spake, saying, "First shalt thou take out the Holy Pin. Then, shalt thou count to three. No more. No less. Three shalt be the number thou shalt count, and the number of the counting shall be three. Four shalt thou not count, neither count thou two, excepting that thou then proceed to three. Five is right out. Once at the number three, being the third number be reached, then, lobbest thou thy Holy Hand Grenade of Antioch towards thy foe, who, being naughty in My sight, shall snuff it." -- "Monty Python and the Holy Grail"

1. Various program updates
2. Microsoft Money discontinued
3. Microsoft Morro
4. Windows 7 pricing

1. Various program updates

a. Adobe Reader has an update to 9.1.2. If you have Reader set to update automatically, accept the patch. If not, you can download the update here - http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

b. Adobe Shockwave has also been updated - http://get.adobe.com/shockwave/

Do not install any extraneous toolbars (Google/Yahoo/etc.)!

c. Java has been updated to JRE 6 Update 14. You can get it here - http://java.sun.com/javase/downloads/index.jsp

d. Firefox has been updated to 3.0.11 - http://www.mozilla.com

e. Thunderbird has been updated to 2.0.0.22 - http://www.mozillamessaging.com/en-US/thunderbird/

Note that there is a bug in this new version that sets the .dll path in the Registry incorrectly. Steps to reproduce:

Right click on file
Select 'Send To'
Select 'Mail Recipent'
Actual Results: Nothing
Expected Results: Should open Thunderbird with attachment

You can fix the bug by downloading this file - https://bugzilla.mozilla.org/attachment.cgi?id=384731

This will give you a file called TB Sendmail.reg. Double-click the file and answer "yes" to merge it into the Registry. Or you can just wait until there is a new update to Thunderbird.

2. If any of you are still using Microsoft Money, it is being discontinued and activation servers will be shut down on 1/31/2011. Per Microsoft:

Microsoft Money Pus will not be available for purchase after June 30, 2009. All purchased Money Plus products must be activated prior to Jan. 31, 2011.

http://www.microsoft.com/money/default.mspx
http://www.microsoft.com/money/faq.mspx

Of course activation isn't applicable if you are already using the program, but reinstallation in the future would be an issue and there won't be any updates after 1/31/11. It's time to transition to another consumer-level accounting program like Quicken. Intuit says that Quicken can transfer transactions from Microsoft Money.

http://quicken.intuit.com/transfer-from-microsoft-money.jsp

3. Microsoft's free antivirus/antimalware solution - called "Morro" - is in beta now. Their Live OneCare product was a commercial flop which was no loss since it wasn't very good. We'll see how Morro measures up. I installed it on my testbed machine running Windows 7 and it looks good. However, with antivirus programs it is wisest to wait until a product has proved itself before taking a risk on a new one. As of now, I still recommend Eset's NOD32 Antivirus (commercial) and Avast (free). Most emphatically not recommended are Norton and McAfee products which continue to be bloated and invasive.

Even though the technology inside of Morro is not really as raw as a "normal" beta because it came from other previous Microsoft security offerings, I strongly urge you not to install a beta antivirus program on your computer unless it is a testbed machine that you are willing to completely wipe. Beta software is buggy and you don't want to leave an important computer vulnerable because you installed an uncooked antivirus.

I will be keeping an eye on Morro since it may turn out to be an excellent alternative to the free Avast Antivirus. I still prefer NOD32 for a commercial product.

4. Microsoft has announced Windows 7 pricing:

Retail:

Windows 7 Home Premium (Upgrade): $119.99
Windows 7 Professional (Upgrade): $199.99
Windows 7 Ultimate (Upgrade): $219.99

Windows 7 Home Premium (Full): $199.99
Windows 7 Professional (Full): $299.99
Windows 7 Ultimate (Full): $319.99

Purchase a new computer running Vista from 6/26/09 to 1/31/10 and upgrade to Win7 for little or nothing from participating PC mftrs.:

http://www.microsoft.com/windows/buy/offers/upgrade.aspx

It is up to the particular computer mftr./retail store to decide what deal they want to offer so do your research first.

Back to top
Home

8-4-09 - “I would offer congratulations were it not for this tentacle gripping my leg.” - Jack Vance, "The Dying Earth"

1. Firefox, Adobe, and Java updates
2. Windows 7 upgrading
3. Seagate's Replica backup

1a. Firefox 3.5.2 is available from http://www.mozilla.com

Release notes - http://www.mozilla.com/en-US/firefox/3.5.2/releasenotes/

1b. Adobe Reader patch 9.1.3 is out. You must have the 9.1.2 patch installed first. The easiest way to update is from within the program. Start Adobe Reader and check for updates. For the rest of us who don't like automatic updates, the direct download page is here:

http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

1c. Last week Sun released Java JRE 6 Update 15 and then pulled it after a few days. It is expected to be released sometime later this week so you might want to keep an eye out for it.

http://java.sun.com/javase/downloads/index.jsp

2. Windows 7 has gone gold (Released To Manufacturing). It will be available to MSDN/TechNet subscribers on August 6, to the OEMs on September 6, and new computers will have it preinstalled starting October 22. It will also be available from retail stores on October 22.

There's an interesting article about whether to move to Win7 in Mark Minasi's latest newsletter. Skip down past the "ads" for his seminars to the "Tech Section". He lays out the pros and cons very well. Mark Minasi is a tech writer who has authored many books; while those books are aimed at IT professionals, his prose is eminently readable. This is a two-part article.

http://www.minasi.com/newsletters/nws0907.htm

Note: Mark mentions "XP Mode" at the end of this article. It is important to understand that XP Mode is XP running in a virtual machine using a special version of MS Virtual PC and that the native XP Mode in Win7 will not run on every machine. The actual hardware must support it and not every machine will. You can still install virtualization software like Virtual PC or VMware Workstation and purchase a legal copy of XP to run in a virtual machine, but that's a different story.

Here is Part Two:

http://www.minasi.com/newsletters/nws0908.htm

I basically agree with Mark. If you hated Vista, you won't like Win7. If you have important software/hardware that didn't run on Vista, it probably won't run on Win7. As far as I'm concerned Win7 is better than Vista, but it is really Vista 1.3 and not a whole new thing. If your computer is running Vista well, I see no reason to change unless you just want the novelty.

If you do decide to upgrade, then here's an important issue that has just come up. If you are running a third-party firewall (ZoneAlarm, Comodo, etc.) and/or a third-party security solution such as ESET Smart Security, Norton security suites then you must UNINSTALL those products before upgrading to Windows 7. Do the upgrade and then you can reinstall the programs. Apparently plain vanilla antivirus programs aren't affected. Here's a Technical Alert from ESET about this.

http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6331&Itemid=2

However, I think it would be a very good idea to uninstall any antivirus programs before doing an upgrade to Windows 7. In the case of any Norton or McAfee (>shudder<) products being installed, I suggest also running their removal tools.

Since upgrades from Windows XP are not supported (you must do a clean install), this only affects upgrading directly from Vista SP1 and SP2.

3. I have been looking at Seagate's Replica "backup solution" as something similar to Apple's Time Machine for Windows users. Last week I called their sales department to learn a bit more about Replica. It turns out that Replica is running a special version of Acronis True Image, an excellent imaging program that also does incremental backups. You can always buy True Image and an external hard drive, but the beauty of Replica is that everything is in one package and the backup imaging is done for you automatically on a schedule. I'm not rich enough to buy a Replica drive to test it out, but maybe one of you is!

Back to top
Home

8-12-09 - "What are your fees?" inquired Guyal cautiously. "I respond to three questions," stated the augur. "For twenty terces I phrase the answer in clear and actionable language; for ten I use the language of cant, which occasionally admits of ambiguity; for five, I speak a parable which you must interpret as you will; and for one terce, I babble in an unknown tongue." — Jack Vance, "Guyal of Sfere", The Dying Earth.

1. Mac OS X updates and Safari update
2. Java update
3. Rogue security product
4. Antivirus programs on Mac OS X

1. The Mac OS X 10.5.8 update is available either through Software Update on your Mac or direct download from Apple.

http://www.apple.com/downloads/macosx/apple/

I had no issues installing this update on my two Macs, but as always you should make sure you have backups made first with Time Machine or a program like SuperDuper. It's always good to Be Prepared.

And immediately on the heels of that update there is a patch to speed up the AirPort client (wireless) that has plagued some users after updating to 10.5.8. Run Software Update from Preferences to catch this one and the Safari update. Here's the link directly to the Safari update if you'd prefer to download it directly - or you're running Windows.

http://support.apple.com/downloads/Safari_4_0_3

2. *Another* Java update already! Get JRE 6 Update 16 here:

http://java.sun.com/javase/downloads/index.jsp

3. The Register had a good summary of a study about rogue security products (Personal Antivirus, WinAntivirus, etc.) last week. The study was done by Panda Security. For those of you still wondering why "those bastards" want to infect your computer, according to the Panda study fraudsters are making approximately $34 million a month - yes, a month! - off their victims. Here's a link to The Register article:

http://www.theregister.co.uk/2009/08/07/scareware_market/

4. I have a lot of clients moving to Macs. There are plenty of good reasons to do this but former Windows users should not think this makes their new systems invulnerable to malware. While OS X isn't plagued with all the viruses/malware that Windows operating systems are, it can still get infected. You must continue to practice "Safe Hex"!

(See Item 4. under Section E here for links and articles):
http://www.elephantboycomputers.com/page2.html#Removing_Malware

New trojan that hijacks your Mac's DNS spotted in the wild:
http://arstechnica.com/apple/news/2009/08/new-trojan-that-hijacks-your-macs-dns-spotted-in-the-wild.ars

This trojan is installed when the websites involved tell the surfer that they need a "QuickTime Player update" to view the content. These particular websites are hosting pr0n. This is exactly what happens to Windows users who go looking for free thrills and are told to install a "Player" or "codecs" to see the exciting movie. Obviously - at least I *hope* this is obvious - in none of those cases are the offered programs really a QuickTime Player update, a Player of any kind, or codecs.

I still don't believe in installing an antivirus on OS X. If you are smart and don't install dodgy programs, you'll be fine. If you don't trust yourself to just say "no", then here are a few solutions:

a. Avast has a Mac Edition and a Mac+PC Edition. The latter is for when you run a Windows operating system on your Mac and will let you share the license. A 1-year subscription to the Avast Mac Edition is $39.95; the Mac+PC Edition is $49.95. Of course, you could save yourself the $10 and run the free version of Avast on your Windows install.

b. Sophos is a business solution and is not aimed at home users although there is nothing preventing a home user from doing so. Their Antivirus Small Business Edition will run on Windows and OS X and you have to purchase it from a reseller. Prices are calculated by how many users and for how long a subscription is ordered and start at around $45.

c. Another free solution is the venerable Clam AntiVirus mostly used in Unix and Linux operating systems. ClamAV is pretty much do-it-yourself and requires a fairly high level of geekery to set up and use.

Under no circumstances should you buy/install anything from Norton (Symantec) or McAfee. Their Mac offerings are just as crappy as their Windows programs.

In summary, I don't think it's necessary to install an antivirus in OS X unless you are a high-risk computer user. If you are, then buy one of Avast's Mac antivirus programs.

Back to top
Home

9-10-09 - My Time Machine Finally Finished. I’m off to warn them about the bomb. If there’s a city where Chicago used to be, it worked! -- Time Travel Tweets by Christopher Moore

1. Updated Firefox and iTunes
2. Outlook troubleshooting
3. Snow Leopard
4. Guides to Snow Leopard and Windows 7
5. Reminder about Microsoft's Patch Tuesday
6. International Talk Like A Pirate Day (and other fun Days)

1a. Firefox has been updated to 3.5.3 - http://www.mozilla.com/en-US/
Release notes - http://www.mozilla.com/en-US/firefox/3.5.3/releasenotes/

1b. iTunes 9.0 is out now - http://www.apple.com/itunes/download/
What's new in iTunes 9.0 - http://www.apple.com/itunes/whats-new/

2. For those of you who use Outlook, there's a very good and concise troubleshooting guide at Lifehacker.com.

http://lifehacker.com/5344262/complete-guide-to-making-outlook-faster-than-molasses

It has suggestions (and links) that even non-geeks can do, so if your Outlook is indeed slower than molasses you might want to try some of the tips there. I find that the first thing I do when a client's Outlook is slow is to disable Add-ins.

3. Apple's next iteration of OS X, Snow Leopard (10.6) is out now. Snow Leopard is a nice upgrade from Leopard (although not crucial) and very reasonably priced. Of course, you should do some preparation before installing Snow Leopard. I've already discussed the importance of having a full backup of your system (if this is important to you) by using Time Machine or a third-party program like Super Duper. At the very least, back up your data. If you are going to do a clean install (boot with the install DVD, use Disk Utility to Erase your hard drive), make a list of all the programs you'll want to put on later. Also do your research about application compatibility first.

http://www.theregister.co.uk/2009/08/27/snow_leopard_incompatibilities/

And here's another list of incompatible programs from Apple itself:

http://support.apple.com/kb/HT3258

For instance, my Books.app library cataloging program isn't compatible so I had to replace it with Bookpedia. You don't want to find out a major application on which you rely doesn't work with Snow Leopard *after* the fact. If a program on which you depend won't work in Snow Leopard, you might need to give Snow Leopard a miss.

Don't forget to consider your printers. Here's a list of supported printer and scanner software:

http://support.apple.com/kb/HT3669

If you don't see your printer listed, you may be able to use a substitute driver. For instance, my Dell Laser 1720dn isn't listed but it uses the Lexmark E250dn drivers which are on the list. I found this by Googling "Dell 1720dn drivers OS X", so doing a bit of research is A Good Thing.

Snow Leopard installation choices:

Here's a good blow-by-blow description:
http://www.macfixit.com/article.php?story=20090827094401824

And from my favorite DIY site Lifehacker:

http://lifehacker.com/5345690/prep-your-mac-for-snow-leopard?skyline=true&s=x
http://lifehacker.com/5348150/how-to-upgrade-from-leopard-to-snow-leopard

I did a clean install on both my Macs because there was a lot of cruft on them. The operating system installation was very quick. Getting my data and various programs installed and set up took a few hours, but because I had great backups everything was fine. I find both machines to be a bit faster (they weren't slow to begin with), startup/shutdown is quicker (not slow to begin with either), and there are some nice features. Snow Leopard has a few wobbles in stability but nothing big.

4. I found these great "Complete Guides" to Snow Leopard and Windows 7 here:

http://gizmodo.com/5150298/windows-7-the-complete-guide
http://gizmodo.com/5352889/mac-os-x-snow-leopard-the-complete-guide

5. Just a reminder that Tuesday was Patch Day for Microsoft operating systems. There are some important security updates in this batch, so don't ignore your Windows Update notification.

http://www.microsoft.com/technet/security/bulletin/ms09-sep.mspx

6. Saturday, September 19th is International Talk Like A Pirate Day. Don't forget to throw a few arrrgh, matey's around! Here are some other fun geeky dates:

Winter-een-mas - January 25 (Week-long celebration of videogaming - see online comic Ctrl+Alt+Del
Darwin Day (Charles Darwin's birthday) - February 12
Pi Day - March 14
Albert Einstein's Birthday - March 14
Ada Lovelace Day - March 24
Tolkien Reading Day - March 25
Velociraptor Awareness Day (see online comic XKCD) - April 18
420 Day (Stoner Day) - April 20
Opposite Day (SpongeBob SquarePants) - April 25 (also on May 6th. Or not.)
Jedi Day - May 4 (May The Fourth Be With You)
Whacking Day - ("The Simpsons" - snakes are driven to the center of town and beaten to death)
Free Comic Book Day - First Saturday in May
Towel Day - May 25 (tribute to "Hitchhiker's Guide to the Galaxy")
X-Day (Church of the SubGenius) - July 5 (the scheduled end of the world every year)
International Talk Like A Pirate Day - September 19
Hobbit Day - September 22 (Bilbo and Frodo Baggins' birthdays)
Ask A Stupid Question Day - Last school day of September
Day of the Ninja - December 5
Grav-mass (Sir Isaac Newton's birthday) - December 25
Unbirthday - whenever it isn't your birthday

Back to top
Home

9-25-09 - Talked the Vikings into changing out the wiener dog heads on the front of their ships with dragons. We’ll see. -- Time Travel Tweets by Christopher Moore

1. Program updates - iTunes and Picasa
2. New phishing worm spreads across Twitter
3. Casual game sites
4. Cuteness

1. iTunes 9.01 is available for Mac and PC. Don't forget to get the 64-bit version if you have Vista 64-bit.

http://www.apple.com/itunes/download/
http://support.apple.com/kb/DL925 (64-bit)

Picasa has been updated to 3.5 and apparently has all sorts of interesting additions such as face recognition. There have been a few reports on the Mac side of 3.5 not been fully "cooked", so if you are a Picasa power user you might want to wait until 3.5.1 or check on the Picasa user forums to see what other people have experienced before you take the plunge.

http://picasa.google.com/index.html
http://www.google.com/support/forum/p/Picasa?hl=en (forums)

2. A new phishing worm spreads across Twitter - http://www.theregister.co.uk/2009/09/24/twitter_phishing_worm/

Once again, malware is being spread on social networking sites by people clicking on links in messages.

For those of you reading this who don't know what social networking sites are or don't use them - your kids do. Time and time again I've had parents tell me that their kids were computer savvy - as I've just finished fixing their severely infected computer. The computer that got infected because the kids weren't really "computer savvy" and clicked on everything - links in IMs, links on Facebook or MySpace, used P2P file sharing, etc.

If you use social networking sites, exercise extreme caution. If you don't use them and you have tweens/teenagers, educate yourself and your kids. I've had "Safe Hex" links on my website for ages. Here are some of the links again for your convenience:

http://www.getsafeonline.org/
https://www.mysecurecyberspace.com/ (Carnegie Mellon University resource)
http://www.getnetwise.org/
http://www.microsoft.com/protect/default.aspx (Microsoft Online Safety)

3. Speaking of clicking on links and installing stuff from social networking sites - I just had a machine in the shop which was so infected that I had to do a clean install of Vista. The owner had installed some applications from Facebook. Not good! Don't install any apps from Facebook unless you like to Live On The Edge. And if you do, have your precious data backed up first. The client asked me if it was safe to download games from Facebook and I had to say "no". But there are plenty of safe and free sites for casual gamers. Along with the usual Yahoo! Games and MSN Games, here are some sites that have good casual games:

http://www.armorgames.com
http://www.newgrounds.com
http://www.kongregate.com/

Orisinal is a beautiful little game site that has been around for years. It's still lovely and the games are original and fun.

http://www.ferryhalim.com/orisinal/

I'd be cautious about casual gaming by subscription but only because one of my clients had a really hard time unsubscribing from Comcast's Chill service. I don't know if she ever got clear of it.

4. I don't usually pass on links to sites that don't have a technical slant here in the EBC Report, but it is the end of September and still Blazing Hot here in Fresno and that's Depressing. So here is a dose of Cuteness if you need it. If you don't or you hate Cuteness, just ignore this section!

The original Cute trove - http://cuteoverload.com/
The original edgier Cute trove - http://icanhascheezburger.com/

For people who could care less about cute animals but need something Cute, there's Cute Food! (Actually, a lot of the entries are just gorgeous but not necessarily cute by my definition of "cute".) - http://epicute.com/

And when Life has been particularly Gross, you need a Unicorn Chaser* to wash the ugliness away - http://unicornchaser.com/

*Term originated by the always-interesting (but not necessarily Safe For Work) BoingBoing website.

Back to top
Home

10-13-09 - Freaked Ben Franklin out with my iPhone. Couldn’t get a signal in 18th century Phlly, though. ATT sux -- Time Travel Tweets by Christopher Moore

1. Security Updates for Adobe Reader and Acrobat
2. Patch Tuesday - Massive amounts of security updates for Windows
3. Serious bug in Snow Leopard resulting in data loss
4. Useful program - Fences
5. Possibly not so useful program - MS Office 2010

1. Security Updates Available for Adobe Reader and Acrobat - http://www.adobe.com/support/security/bulletins/apsb09-15.html

This is an important security update so if you use those products (and almost all of you have Adobe Reader; Acrobat is the full-featured and quite expensive .pdf creation program) you should install the appropriate update.

2. There are also important security updates in today's Windows/Microsoft Update offerings:

Microsoft Security Updates - October 2009 - http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx

ISC Patch Tuesday overview - http://isc.sans.org/diary.html?storyid=7345

Huge Patch Tuesday Update - October 2009 - http://blogs.zdnet.com/security/?p=4585

"Microsoft today released its largest ever batch of Patch Tuesday updates to fix a whopping 34 security holes in a wide range of widely deployed software products.

"The latest patch batch covers critical vulnerabilities in software products that are bundled with Microsoft’s dominant Windows operating system (Internet Explorer and Windows Media Player) — and several known security problems (SMB v2 and FTP in IIS) for which functioning exploit code has already been publicly released.

"The SMB v2 issue, which has been in the news over the last month, has been addressed with MS09-050, a critical bulletin that actually addresses three separate documented vulnerabilities."

Make sure you restart the computer after installing updates. In particular the security update for the GDI+ will not be in effect until a restart and the computer will still be in a vulnerable state.

3. Serious bug in Snow Leopard - Some users have experienced data loss after logging into the Guest account. The exact cause of the glitch is unknown but it is believed it may happen if Guest was enabled and then the system was upgraded from Leopard to Snow Leopard. It seems that not a lot of people are affected, but no one wants to be the person whose data disappears. Even if you have backups - and all of you do, right? - it will be an unpleasant shock.

Details here:

http://www.tuaw.com/2009/10/12/bug-tracker-snow-leopard-guest-account-deleting-files/

http://news.bbc.co.uk/2/hi/technology/8304229.stm

In any case, you should not have the Guest account enabled on any operating system. The Guest account is a special system account, not one meant for when you are feeling hospitable. It is disabled by default in Windows XP, Vista, Linux, Unix, and OS X for a reason.

From Microsoft TechNet:

"The Guest account is intended for users who require temporary access to the system. However, if this account is enabled, a security risk may exist because an unauthorized user could gain anonymous access to the system through this account."

http://technet.microsoft.com/en-us/library/bb418978(TechNet.10).aspx

So if you enabled Guest, disable it now and create a Standard/Limited (OS X, Vista, XP Pro/XP Home) for your visitors. Call the new user account something like "Visitor", "Poor Relations", or "Go Home".

4. A useful program - Many of my clients have a special way they like to organize their Desktop icons. In fact some of you have been irritated about the way Windows decides to move all your shortcut icons around for no particular reason! You might be interested in Stardock's Fences, which is free:

"Fences is a program that helps you organize your desktop, and can hide your icons when they're not in use...."

http://www.stardock.com/products/fences/index.asp

5. And possibly not so useful - Apparently new PCs with Windows 7 preinstalled may ship with an ad-supported version of Microsoft Office 2010. According to BetaNews, instead of shipping with the old Microsoft Works OEMs (HP, Dell, Sony, etc.) will have the option of including a limited form of Office 2010 which will include advertisements. The buyer can then buy a more full-featured version if desired, presumably without the ads.

This is early days and this information is by no means set in stone, but the reason I'm mentioning it is that this probably means the writing is on the wall for Microsoft Works. Works has always been Office's unloved stepchild, and files created in Works have notoriously not been compatible with the rest of the productivity software world. My concern is for the people who have stuck with Works and who may be left with files that nothing will open. I don't want to be an alarmist and there is no reason to panic, but the three of you left who are still using Microsoft Works should consider switching to something else in the near future.

Frankly, I'm not convinced that a limited version of Office 2010 will be all that useful. If you're not going to purchase Office 2010, then there are better alternatives. OpenOffice is a full-featured free office suite which can read/write Microsoft Office formats. In my opinion, OpenOffice is far superior to a limited version of Office 2010. Of course, if you still have a copy of Office 2007 (or even the quite elderly Office 2003), it will install and run just fine in Windows 7.

http://www.betanews.com/article/Microsoft-to-replace-Works-with-adsupported-Office-Starter-2010/1255022321

Back to top
Home

11-4-09 - Just Time traveled to Ancient Macedonia. Gave a pep talk to a kid named Alexander the Mediocre. Hope that worked out. -- Time Travel Tweets by Christopher Moore

1. Program updates, Firefox, Java, iTunes
2. Recommendations for setting up users in Vista and Windows 7

1. Recent updates:

a. Firefox 3.5.4 - http://www.mozilla.com
b. Java - JRE 6 Update 17 - http://java.sun.com/javase/downloads/index.jsp
c. Shockwave - http://get.adobe.com/shockwave/

2. After seeing so many clients setting up their user in Vista insecurely and not optimally for disaster recovery, I thought it would be good to give you my recommendations. Running as a Standard user, with the limitations that provides of not being able to install software or make global system changes, is always best practice. This helps to protect you against malware drive-by installs and from making changes which would damage your operating system. Of course you can still get infected if you don't take precautions and you can still trash Windows by rash tinkering, but every little bit of safety helps.

Unfortunately, under Windows XP this wasn't practical in the Real World(tm). Too many programs needed to write to areas of the operating system reserved for administrators. With Vista and Windows 7, this has changed. Any program written to be compatible with Vista and/or Windows 7 is designed to run under a Standard user account. So why do so many people run as administrator?

a. Because they are used to doing so from XP;
b. And because when they buy a computer with Vista or Windows 7 preinstalled, they use the first user account they are logged into after turning on the computer.

When you run as a Standard user in Vista and Windows 7, you will need to provide a password for the administrative user in order to install software and make global system changes. If security isn't an issue, you don't need to set a password for that administrative account.

Recommended Setup

You absolutely do not want to have only one user account. Like XP and all other modern operating systems, Vista and Windows 7 are multi-user operating systems with built-in system accounts such as Administrator, Default, All Users, and Guest. These accounts should be left alone as they are part of the operating system structure.

You particularly don't want only one user account with administrative privileges on Vista and Windows 7 because the built-in Administrator account (normally only used in emergencies) is disabled by default. If you're running as an administrator for your daily work and that account gets corrupted, things will be Difficult. It isn't impossible to activate the built-in Administrator to rescue things, but it will require third-party tools and working outside the operating system.

The user account that is for your daily work should be a Standard user, with the extra administrative user (call it something like "CompAdmin" or "Tech" or the like) only there for elevation purposes. After you create "CompAdmin", log into it and change your regular user account to Standard. Then log back into your regular account.

If you want to go directly to the Desktop and skip the Welcome Screen with the icons of user accounts, you can do this:

Start Orb>Search box>type: netplwiz [enter]
Click on Continue (or supply an administrator's password) when prompted by UAC

Uncheck the option "Users must enter a user name and password to use this computer". Select a user account to automatically log on by clicking on the desired account to highlight it and then hit OK. Enter the correct password for that user account (if there is one) when prompted. Leave it blank if there is no password (null).

Back to top
Home

11-30-09 - Zaxa rode a small pacing wole, and carried his fabulous sword Zil, while the others of the party rode steeds of other descriptions. -- Jack Vance, "The Green Pearl"

1. Holiday computer safety reminder
2. Buying a computer for Christmas

1. Just a reminder as we get into the Holiday season that it's common to get emails purporting to be from FedEx and other courier services with a subject along the lines of "Arrival of Special Consignment". These emails are malicious and will have an attachment or want you to click on a link. Do not do either of these things! Just delete the email(s) unread.

There will also be plenty of Christmas-related malware - screensavers, themes, special offers if you "click here". Already there has been a report of the Koobface malware campaign offering a Christmas theme. Needless to say you will not get dancing Santas - you will get the Koobface worm which is extremely difficult to remove. Be particularly cautious at popular social networking sites like MySpace and Facebook.

I've given you safe Christmas-y sites in past years. Here are links to those posts:

http://www.elephantboycomputers.com/page3.html#12-16-07
http://www.elephantboycomputers.com/page3.html#11-27-08

You can still get great holiday wallpapers at the sites I mentioned in those Reports. I see that VladStudio has a new Christmas wallpaper up now, too.

http://www.vladstudio.com/wallpaper/?where_xmas_gifts_are_born

The point is to stay away from screensavers.com and freeze.com and all those sites that offer you "free" stuff that come with ad-supported toolbars.

2. I've had several calls from clients who are thinking about buying their child a computer for Christmas. Netbooks are particularly attractive for a child's gift because they are small (10") and relatively inexpensive. The nicer version of the Dell Mini 10 is $349 for instance. I see that the Dell Mini comes with either Ubuntu (Linux) or Windows XP. I think most of my clients will be happiest with Windows XP. My concern is that other companies such as HP and Acer are offering netbooks with Windows 7 Starter Edition at very good prices and I wanted to warn you away from those.

Windows 7 is a really nice operating system but no one in his/her right mind will want Windows 7 Starter Edition. It is a severely limited version of Windows 7; you can't even change the Desktop wallpaper with it. There are other limitations as well. I'll be blunt (and when am I not?!), as far as I'm concerned Windows 7 Starter Edition owes its existence to nothing more than Microsoft greed - because you will be so unhappy with it that you'll spend the money to upgrade to Windows 7 Home Premium.

With laptops, I always recommend buying a 2-3 year warranty plus accidental coverage. This can add $265+ to the base price and you should take that into consideration when pricing laptops. Bluntness again - if you don't spend the money up front to get good warranty coverage, you will be sorry. This is the only time (outside of when you are purchasing office computers) that I think it's worth buying an extended warranty.

Netbooks are my exception to the "buy a laptop-buy a warranty" rule. I just priced adding a 2-year warranty plus accidental coverage to the Dell Mini 10 and that bumps the price up to over $500. At that point you could almost buy a new Mini for the cost of the warranty. So I didn't bother with an extra warranty when I bought my own Mini.

Back to top
Home

12-14-09 - Make the world better. ~ Lucy Stone

1. Staying computer-safe during the Holidays
2. Holiday music
3. Seasonal amusements

1. Holidays bring joy, cheer, and computer malware. Scammers often target their slimeware towards big occasions.

The Complete Guide to Avoiding Online Scams
http://gizmodo.com/5420356/the-complete-guide-to-avoiding-online-scams-for-your-less-savvy-friends-and-relatives

Accepting friend requests from people you don't know is a recipe for ID theft
http://lifehacker.com/5421597/accepting-friend-requests-from-people-you-dont-know-is-a-recipe-for-id-theft

Koobface worm dons tinsel to snag seasonally-affected marks - http://www.theregister.co.uk/2009/12/08/xmas_koobface/
http://blog.trendmicro.com/christmas-themed-koobface-campaign-seen/

2. There is lots of legitimate free music for the holidays available - http://lifehacker.com/5420786/bolster-your-holiday-playlist-with-40%252B-free-mp3s

Free Christmas download from Cigar Box Nation - http://www.cigarboxnation.com/

Chanukkah music provided by the Idelsohn Society - http://idelsohnsociety.com/home.html

Free Christmas songs from Apple's iTunes Store - http://itunes.apple.com/us/album/itunes-holiday-sampler/id344104720

And from Amazon MP3 Downloads, "25 Days of Free" - http://tinyurl.com/ydl6nf3

3. Go to Google and leave the Search box blank. Now click on the "I'm Feeling Lucky" button. You'll see a live countdown of the number of seconds left in 2009.

And a brief history of Christmas lights from Gizmodo - http://gizmodo.com/5425395/christmas-lights-the-brief-and-strangely-interesting-history-of

Back to top
Home

2-7-10 - Gettysburg, I’m like,”Abe, just say eighty seven years ago. It’s like you wrote this on the train here. Jeeze.” -- Time Travel Tweets by Christoper Moore

1. Make sure you are current with Windows Updates to cover the pre-Internet Explorer 8 vulnerability
2. Current versions of Java, Adobe Reader, Firefox, and a new Avast Antivirus
3. Reminder about rogue security programs
4. Facebook as a vector for infection - even more ways for the Bad Guys to get your computer

Hello All - It's been a while since I sent out an EBC Report. Sorry for the delay but I've been busy making the world safe, one computer at a time. Let's catch up.

1. About a month ago there was a very serious vulnerability in Internet Explorer 6 and 7. The rather technical details are here:

http://www.theregister.co.uk/2010/01/15/ie_zero_day_exploit_goes_wild/
http://www.howtogeek.com/howto/10340/protect-yourself-from-the-latest-internet-explorer-security-hole/

The bottom line is that you need to update to IE8. Personally, I prefer Firefox anyway but there is no point in having a vulnerable program like IE6 on your system. For those of you still running operating systems older than Windows XP like Windows 2000, you won't be able to upgrade to IE8 so use the latest version of Firefox instead. As for older operating system like Windows 98/ME, they should not be on the Internet at all. End of that story.

You can download IE8 from here - http://www.microsoft.com/windows/internet-explorer/default.aspx
IE8 System Requirements - http://www.microsoft.com/windows/internet-explorer/support/system-requirements.aspx

Per my colleague MVP Robear Dyer - I would strongly recommend disabling your anti-virus application and any anti-spyware applications (other than Defender) before installing (or uninstalling) an IE upgrade. If you're running a third-party firewall, I would recommend disabling it and then enabling the Windows Firewall before installing (or uninstalling) an IE upgrade.

2. It's important to keep programs that tend to be targets for malware writers updated. Current versions of important programs (not counting IE):

Java - JRE 6 Update 18 - http://java.sun.com/javase/downloads/index.jsp
Adobe Reader 9.3 - http://www.adobe.com/
Also from Adobe - Flash Player and Shockwave Players
Firefox 3.6 - http://www.mozilla.com
Avast Antivirus 5.0 is out, replacing 4.8 in both free and professional versions - http://www.avast.com/index

3. Here's another reminder not to be tricked into installing rogue security programs - In particular, I'm seeing quite a few computers coming into the shop infected with Internet Security 2010. Right now it's running about 50/50 as to the percentage of these machines which need to have Windows reinstalled. It really depends on whether the victim actually installed this rogue and whether the machine is infected with other trojans or not. A lot of these rogues look very real, so don't be fooled.

http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010

4. Facebook in itself is an excellent way to keep up with friends and family. The problem with it is that it is a target for The Bad Guys. I know I've warned you about not installing Facebook Apps and not clicking on links, but it's a new(ish) year and so here's your reminder for 2010.

Websense Security Labs discovered several spam messages on Facebook that trick the user into visiting BINSSERVICESONLINE, a malicious website. When the link in the message is clicked, the website redirects the user to an online scam site similar to the Google Scam Kits they wrote about in mid-December 2009. The use of Facebook to distribute links that lead to Google scam kits is fairly new, and is sure to fool some users into buying the kits.

A lot of users have apparently received this message, as it quickly became a popular search string on Google. Websense Security reports that there are criminal groups monitoring the popular search terms on Google and other search engines to start their own malicious attacks, so it didn't take long before they started seeing Google search results for BINSSERVICESONLINE leading to rogue AV products. According to Websense Security, the two attacks are done by separate groups of criminals. One group started the spam attacks on Facebook and another started manipulating Google results.

The Websense Security Labs blog is interesting, albeit a bit technical.
http://securitylabs.websense.com/content/blogs.aspx

There is an interesting blog article about the (non)safety of Facebook apps by CSO Online reporting from the ShmooCon security conference.
http://www.csoonline.com/article/533113/ShmooCon_Inside_FarmVille_s_Sinister_Underbelly

Be careful out there, people!

Back to top
Home

EBC Reports by Subject:

Ad-aware	10-19-02; 10-20-02; 1-2-03; 2-12-03; 2-23-03; 10-31-04; 6-2-05;
Address labels	12-9-02
APC product recall	1-20-03
Apple	1-22-07; 5-29-07; 1-17-08; 12-17-08; 2-22-09; 3-5-09; 3-23-09; 3-28-09; 4-11-09; 6-6-09; 8-12-09; 9-10-09; 10-13-09;
Attachments	12-22-02; 2-27-05; 6-2-05; 7-10-05; 1-2-06; 10-12-07; 10-24-07; 1-17-08; 10-16-08; 11-12-08;
Amusements, Web, Free Stuff	12-22-02; 2-23-03; 9-19-04; 3-20-05; 8-12-05; 9-11-05; 2-1-06; 3-27-06; 9-16-06; 11-3-06; 12-11-06; 1-3-07; 5-8-07; 7-11-07; 9-13-07; 12-16-07; 3-11-08; 11-27-08; 12-17-08; 4-29-09; 9-10-09; 9-25-09; 10-13-09; 11-30-09; 12-14-09;
Backing Up	2-12-03; 4-21-03; 4-28-05; 11-2-05; 12-8-05; 3-27-06; 4-28-06; 6-13-06; 7-11-07; 7-21-07; 4-29-09; 8-4-09;
Browsers, Alternate	10-16-02; 5-29-04; 6-26-04; 2-10-05; 2-27-05; 4-28-05; 5-14-05; 7-10-05; 7-13-05; 9-11-05; 9-20-05; 11-30-05; 12-2-05; 1-26-06; 3-27-06; 11-1-06; 3-22-07; 9-13-07; 6-19-08; 10-16-08; 3-5-09; 3-28-09; 9-10-09;
Browser Pop-up ads	10-19-02; 10-31-04;
Browser Trick	9-4-02
Computer Cleanliness	1-20-03; 1-01-05; 6-2-05; 7-10-05; 8-12-05; 9-11-05; 9-20-05; 10-12-05; 12-8-05; 1-2-06; 2-1-06; 4-28-06; 5-27-06; 7-12-06; 4-24-07; 10-12-07; 10-24-07; 11-3-07; 1-9-08; 1-17-08; 8-23-08; 11-12-08;
Domain Names	3-18-03
DRM Issues	11-30-05; 3-27-06; 4-23-08;
E-Greeting Card Malware	10-25-02; 7-21-07; 10-12-07; 1-17-08;
Email Clients, Alternate & Etc.	10-25-02; 12-2-05; 12-8-05; 1-26-06; 10-12-06; 4-24-07; 5-8-07; 9-13-07; 4-23-08; 1-24-09; 6-27-09;
File Extensions	5-22-03
Google	10-16-03; 10-12-05; 8-9-06;
HTML In Email	10-30-03
IM Issues	5-2-05; 10-12-05; 5-27-06; 1-30-08;
Internet Explorer Security	10-16-02; 10-6-03; 6-26-04; 7-10-05; 9-20-05; 12-2-05; 1-2-06; 2-1-06; 3-27-06; 6-13-06; 6-15-06; 7-12-06; 4-3-07; 1-9-08; 10-16-08; 12-17-08; 2-7-10;
IE7	10-12-06; 11-1-06; 2-7-10;
IE8	3-23-09; 4-11-09; 4-29-09; 2-7-10;
Internet Safety	5-19-03; 5-2-05; 5-14-05; 7-10-05; 2-1-06; 12-11-06; 4-24-07; 5-29-07; 10-24-07; 11-3-07; 1-9-08; 1-17-08; 1-30-08; 3-11-08; 4-8-08; 6-19-08; 8-23-08; 10-16-08; 11-12-08; 11-27-08; 12-17-08; 2-9-09; 2-22-09; 3-5-09; 3-23-09; 3-28-09; 6-27-09; 9-25-09; 11-30-09; 12-14-09; 2-7-10;
Linux	11-3-06;
Messenger Spam	4-21-03
Misc. Info	1-24-05; 2-27-05; 3-20-05; 4-28-05; 5-2-05; 7-13-05; 8-12-05; 9-11-05; 9-20-05; 10-12-05; 11-2-05; 11-30-05; 12-8-05; 1-26-06; 1-30-06; 2-1-06; 3-27-06; 4-28-06; 5-27-06; 6-13-06; 6-15-06; 7-12-06; 8-9-06; 9-16-06; 11-1-06; 11-3-06; 12-11-06; 1-2-07; 1-3-07; 1-22-07; 2-15-07; 4-24-07; 5-8-07; 7-11-07; 7-21-07; 9-13-07; 10-12-07; 11-3-07; 12-16-07; 1-9-08; 1-30-08; 3-11-08; 4-23-08; 6-19-08; 8-23-08; 10-16-08; 11-12-08; 11-27-08; 12-17-08; 1-24-09; 2-9-09; 2-22-09; 3-5-09; 3-23-09; 3-28-09; 4-29-09; 6-6-09; 6-27-09; 8-4-09; 9-10-09; 9-25-09; 10-13-09; 11-4-09; 11-30-09; 12-14-09;
MSBlaster Worm	8-12-03
Networking	9-16-06;
Newsgroups	12-9-02
Newsletters	10-3-02
Online Music Sites	3-30-03; 10-16-03; 5-01-04; 5-14-05; 2-1-06; 11-3-06; 1-9-08; 4-23-08; 10-16-08; 12-14-09;
Patches & Upgrades	2-23-03; 5-14-04; 08-01-04; 08-07-04; 9-14-04; 9-19-04; 9-25-04; 1-16-05; 2-10-05; 2-27-05; 3-20-05; 4-28-05; 5-14-05; 6-2-05; 7-10-05; 7-13-05; 8-12-05; 9-11-05; 9-20-05; 10-12-05; 11-2-05; 11-30-05; 12-2-05; 1-2-06; 1-26-06; 1-30-06; 3-27-06; 4-28-06; 6-13-06; 6-15-06; 7-12-06; 8-9-06; 9-16-06; 10-12-06; 11-1-06; 11-3-06; 12-11-06; 1-2-07; 1-3-07; 1-22-07; 2-15-07; 3-22-07; 4-3-07; 4-24-07; 5-29-07; 7-11-07; 10-24-07; 2-22-08; 4-8-08; 4-23-08; 10-16-08; 11-12-08; 12-17-08; 1-24-09; 2-9-09; 2-22-09; 3-5-09; 3-23-09; 3-28-09; 4-11-09; 4-29-09; 5-9-09; 6-6-09; 6-27-09; 8-4-09; 8-12-09; 9-10-09; 9-25-09; 10-13-09; 11-4-09; 2-7-10;
Phishing	11-18-03; 12-12-03; 2-2-04; 2-10-05; 3-20-05; 11-30-05; 2-1-06; 8-9-06; 10-12-06; 12-11-06; 7-21-07; 10-24-07; 1-17-08; 1-30-08; 4-8-08; 6-19-08; 10-16-08; 11-12-08; 2-9-09; 3-5-09; 9-25-09; 12-14-09;
Postmaster Bounces	8-27-03
Scam Warning	7-9-03, 2-26-04; 2-27-05; 9-11-05; 9-20-05; 11-30-05; 7-12-06; 10-12-06; 12-11-06; 4-24-07; 5-29-07; 7-21-07; 10-12-07; 11-3-07; 1-9-08; 1-17-08; 1-30-08; 3-11-08; 4-8-08; 6-19-08; 10-16-08; 11-12-08; 2-9-09; 3-5-09; 4-11-09; 11-30-09; 12-14-09; 2-7-10;
Security - Gen'l.	3-11-08; 4-8-08; 6-19-08; 8-23-08; 10-16-08; 11-12-08; 11-27-08; 12-17-08; 1-24-09; 2-9-09; 2-22-09; 3-23-09; 3-28-09; 4-11-09; 4-29-09; 6-6-09; 6-27-09; 9-25-09; 10-13-09; 11-30-09; 12-14-09; 2-7-10;
Shopping Spots	12-12-03
Social Networking	9-25-09; 11-30-09; 12-14-09; 2-7-10;
Spam	2-12-03; 3-30-03; 1-2-06; 2-1-06; 3-11-08; 11-12-08;
Spyware	5-29-04; 10-31-04; 1-16-05; 2-27-05; 5-14-05; 6-2-05; 7-10-05; 7-13-05; 8-12-05; 9-11-05; 9-20-05; 10-12-05; 12-8-05; 1-2-06; 1-26-06; 3-27-06; 7-12-06; 5-8-07; 7-21-07; 10-12-07; 10-24-07; 11-3-07; 1-9-08; 1-17-08; 1-30-08; 4-8-08; 6-19-08; 8-23-08; 10-16-08; 11-12-08; 1-24-09; 3-28-09; 4-11-09; 8-12-09; 11-30-09; 12-14-09; 2-7-10;
Telemarketers	7-9-03; 4-11-09;
Telezapper	10-25-02
Trojan.Xombe	1-13-04
Upgrading	1-26-06; 6-13-06; 6-15-06; 7-12-06; 10-12-06; 11-1-06; 11-3-06; 1-2-07; 1-3-07; 1-22-07; 2-15-07; 3-22-07; 4-24-07; 4-8-08; 4-23-08; 2-9-09; 2-22-09; 3-5-09; 3-23-09; 3-28-09; 4-11-09; 4-29-09; 5-9-09; 6-6-09; 6-27-09; 8-4-09; 8-12-09; 9-10-09; 10-13-09; 11-4-09; 2-7-10;
Viruses and Hoaxes	9-4-02; 9-23-02; 10-3-02; 11-7-02; 1-16-03; 3-18-03; 5-19-03; 5-22-03; 11-18-03; 1-13-04; 1-28-04; 3-23-04; 5-01-04; 5-07-04; 5-14-04; 2-27-05; 3-20-05; 5-2-05; 6-2-05; 7-10-05; 8-12-05; 9-20-05; 11-30-05; 12-2-05; 1-2-06; 1-30-06; 5-27-06; 6-13-06; 10-12-06; 12-11-06; 1-3-07; 2-15-07; 4-24-07; 5-8-07; 5-29-07; 7-21-07; 10-12-07; 10-24-07; 11-3-07; 1-9-08; 1-17-08; 1-30-08; 3-11-08; 8-23-08; 10-16-08; 11-12-08; 12-17-08; 1-24-09; 2-7-10;
Windows Security Issues	8-27-02; 9-9-02; 10-3-02; 10-16-02; 12-14-02; 12-22-02; 9-10-03; 10-6-03; 10-16-03; 10-30-03; 2-2-04; 5-1-04; 5-29-04; 6-26-04; 9-19-04; 9-25-04; 1-01-05; 1-16-05; 2-10-05; 2-27-05; 7-10-05; 7-13-05; 8-12-05; 9-11-05; 9-20-05; 10-12-05; 12-2-05; 12-8-05; 1-2-06; 1-26-06; 3-27-06; 4-28-06; 5-27-06; 6-13-06; 6-15-06; 7-12-06; 8-9-06; 10-12-06; 12-11-06; 1-3-07; 4-3-07; 5-29-07; 7-11-07; 7-21-07; 10/12/07; 10-24-07; 11-3-07; 4-8-08; 8-23-08; 10-16-08; 11-12-08; 11-27-08; 12-17-08; 1-24-09; 2-9-09; 3-23-09; 3-28-09; 4-11-09; 6-6-09; 9-10-09; 9-25-09; 10-13-09; 11-30-09; 12-14-09; 2-7-10;
Windows Support Life Cycle	12-22-02; 1-13-04; 1-16-05; 1-24-05; 1-26-06; 6-15-06; 7-12-06; 4-24-07;
Windows Update	8-27-02; 10-25-02; 1-2-03; 2-12-03; 4-21-03; 7-9-03; 11-18-03; 2-2-04; 9-19-04; 9-25-04; 4-28-05; 7-10-05; 7-13-05; 9-11-05; 10-12-05; 1-26-06; 4-28-06; 6-15-06; 7-12-06; 8-9-06; 12-11-06; 2-15-07; 4-3-07; 4-8-08; 4-23-08; 2-9-09; 3-23-09; 6-6-09; 9-10-09;
Windows 7	5-9-09; 6-6-09; 6-27-09; 8-4-09; 11-4-09; 11-30-09;
Windows Vista	6-13-06; 10-12-06; 11-3-06; 1-2-07; 1-22-07; 2-15-07; 3-22-07; 4-24-07; 4-8-08; 11-4-09;
Windows Vista Service Pack 1	2-22-08;
Windows Vista Service Pack 2	5-9-09;
Windows XP Service Pack 1	9-4-02
Windows XP Service Pack 2	8-7-04; 9-14-04; 1-16-05; 6-15-06; 7-12-06;
Windows XP Service Pack 3	2-22-08; 4-23-08;

Home

Hardware Troubleshooting	Backing Up	Reinstalling Windows	Maintenance
Basic Security	Viruses/Malware	Removing Malware	Getting Tech Support
Vista	Links	Extras	EBC Reports Archives