Blog

Soon, an experiment in Linux.

Hi there everyone,

In the next few weeks (starting sometime in December), I’m going to experiment with Xandros Linux. There is a free version available that I’ve already installed on another hard drive. The main thing I’m waiting for is Kahuna (Hotmail’s new format) to be properly supported on Firefox. Since I’m a beta tester for it, and Microsoft no longer allows hotmail and MSN to be viewed inside of e-mail clients, I have to wait for support.
What I’ll probably do is start around December 10 – 15, and go until New Years Eve. Then, I’ll switch back, so I can beta test a few other applications (depending also on those betas). But, I’ll try to blog in here as much as I can about it. My experiences with Linux, and whatnot.
If anyone knows of a program designed for linux that will allow me to read my e-mails inside of Thunderbird, Evolution, or another e-mail client, that would be awesome. Then, I can start as soon as tomorrow. I’ve been looking, and there are a few potentials out there, but none that really strike my fancy. And, that’s about the only thing stopping me from doing this right now.
So, everyone… Keep an eye out. The installation went easy. I’ve got the Linux box set up as a dual boot with Windows Server 2003 R2 beta (which is RTM’ming anytime now). I’ve even got my MSN Messenger accounts set up in it, as well as my newsgroups for the betas. It’s just a matter of shutting the computer down, switching hard drives (mobile rack) and rebooting.

Have a great night everyone.
Patrick.

Your mail is here, come and get it!

Your mail is here, come and get it!

The “Kahuna” or Live Mail team announced a sneak preview of what’s to come. Spell Check as you type. As Imran Quareshi pointed out, no other free-webmail service (or paid webmail service as far as I know) has this feature built into it. This is something that no matter how minor or trivial it may seem, pretty much everyone has muttered at some time or another “I wish they had spell-check.”

You can find more information about the Spell-check feature, along with other information about Kahuna and other Windows Live projects at the links above. Also, you should check out http://www.live.com (a homepage for your web browser, that you can customize) and http://ideas.live.com (where they list all of the live.com features). On the live.com personalized homepage, if you sign in with a Microsoft Passport, the features that you customize will follow you to other computers (including any favorites that you upload). This is the culmination of the start.com sandbox page, and the Roaming Favorites beta program.

Have a great day, and a Happy Thanksgiving.

Patrick.

Internet Explorer exploit prompts SANS to change the Internet Status to Yellow.

Publication of Zero-day Exploit in Internet Explorer prompts SANS to change the status of the Internet to Yellow today.

http://isc.sans.org/diary.php?storyid=877

Mike Poor, an incident handler for the SANS Internet Storm Center, has changed the status of the Internet’s Security from Green to Yellow.  This is due to the publication of an exploit code for a JavaScript vulnerability in Internet Explorer, combined with the lack of a patch for this issue.

Previously, the vulnerability was only known to cause Denial of Service on computers when they visited sites with malicious JavaScript code on it.  But, a group in the United Kingdom known as Computer Terrorism, has released an exploit code today which allows the malicious sites to run executable programs such as .exe, .com, .bat, .cmd amongst others on the computers that visit the sites.  

The recommendation is to either disable JavaScript in Internet Explorer, or to use another browser such as Firefox (http://www.mozilla.org) or Opera (http://www.opera.com) instead.  Be advised that with Firefox, there are other security issues that you may face as well.  So, regardless of what actions you take, be careful where you surf.  

At this time, someone who wants to use this vulnerability has to trick the user into clicking on a link to their website.  They’ll probably use techniques like posting the links on forums, message boards, and other public places, and they’ll use e-mails with “Social Engineering” tactics as well.  

My advice to the public is this.  1)  Disable JavaScript or use a different browser altogether 2)  If someone new posts a link on your forum, and others haven’t confirmed or disputed it, don’t click on it.  Let the forum moderators check the links first.  3). If you get an e-mail with a link, and it sounds too good to be true (or if it’s not from someone you expect to receive a link from) don’t click it.  If it’s a person that you know, send them an e-mail back, asking about the link.  4). If you get the e-mails purporting themselves as being from your bank, PayPal, or somewhere else that you do business with, manually put the link that you NORMALLY would use into your web browser.  Do NOT copy their link, even if it’s the same one.  And, definitely do not click their link.  Now is definitely not the time to be lazy or lackadaisical and choosing to ‘click their link, instead of taking the time to type it in myself’.

You’ll notice in a post below, that I have the SANS Internet Storm Center button.  You can check back here on a regular basis to see if it’s changed or not.  Or, you can download their “InfoCon” desktop notifier from their website.  Good luck, surf safely, and have a great day.

Patrick.

Become a Microsoft/MSN Beta Tester

Microsoft is expanding their pool of beta participants for the Customer Experience Validation Program and the MSN Beta Program. If you are already a MSN Butterfly there is no need to sign up for CEV or the MSN Beta Program since you are already enrolled.
What is a Customer Experience Validation program?
A CEV program is a group of key customers who have agreed to test a new, unreleased version of a product in their home country. Through testing, these customers provide valuable feedback that we utilize to make MSN products and services more robust and tailored to each locale in order to better meet your communication needs. The CEV program is your chance to make a difference in MSN products!
What is the MSN beta program?
The MSN beta program offers you the exclusive opportunity to test a new version of a product before it is released to the general public. Membership lets select individuals like you share your ideas and play a key role in the development process of our products and services. You can make a difference with MSN!
This membership program has been created to build a trusted community of beta participants that will receive exclusive attention from the MSN Beta Team. You are the voice of our customers and we are offering you a direct channel of communication with our product teams.
What is beta testing?
In a beta program, a group of key customers agrees to test a new version of a product before it is released to the general public. Your participation allows you to share your ideas and have a positive impact on the development of Microsoft products.
The beta testing process is very important because it helps ensure that we release the best possible product. We have selected you from a large pool of applicants because we believe you will provide us with the feedback necessary to accomplish this goal.
What are the benefits of joining the MSN beta program?
Make a difference. By joining the MSN beta program you become an active member of our development team. Your participation will directly assist in improving the quality of MSN products that meet your need.
Be the first to try new products. You’ll be able to use MSN software before anyone else.
The program also gives you and your company the opportunity to use and become familiar with upcoming technology, allowing you to prepare for the new version. This will give you a head start on making a smooth transition and lessen the impact on your productivity.
Participation in the program will give you the opportunity to prepare training for fellow designers and engineers before the new version is released.

Stability of the beta product
Before you continue, it is important to understand that the beta release of any product will not display the stability of a shipped Microsoft product. We have tested our beta products extensively within Microsoft and do not expect major problems; however, use of any pre-release product carries the possibility that you may encounter problems which could potentially result in a loss or destruction of data. Therefore, we suggest that you back up your existing data before you install and run this software.
When will my membership take effect?
When we have a beta ready for testing we will contact you and ask you to complete a survey. Beta members are selected on a number of criteria including your existing knowledge of the product, your availability to use the software during the period of the project, your computer configuration, and which features you use.
We want your experience as a MSN beta member to be positive and productive for both parties.
What are the MSN beta team responsibilities?
1.  We will grant you access to the MSN beta program and guide you through the installation process. The website will give you additional information such as how to submit a bug, access the newsgroups, answers to frequently asked questions, and a known issue list.
2.  We will provide you with a support email address to be used for all communications with the beta team. This address will be available only to those members participating in the beta and it will be discontinued when the project is completed.
3.  We take your feedback very seriously and keep you informed of any work around and progress to resolve these issues.
What do we require from our beta members?
1.  Sign a Non Disclosure Agreement prior to starting. Understand that our beta members are part of an exclusive MSN community and by signing our Non Disclosure agreement, you agree to not disclose any information related to our beta outside of the MSN beta program community. Violation to the non disclosure agreement will lead to immediate removal from our program.
2.  Use the software in both your normal day’s business and spend some time experimenting with the software actively testing for faults. If we provide testing scenarios, just follow the directions and report any issue.
3.  Immediately submit a bug on our Connect website and gives us as much details as possible. We will also provide you with a bug guide with information on how to attach a screenshot, connection log or crash report to your bug submission.
4.  Ensure you have sufficient backups of any live data that you use with the Beta software to safe guard against the possibility of data corruption.
If you are selected as a participant, you will be sent a “Welcome” e-mail. That e-mail will contain information on how to download the software from the Microsoft Connect site.
Due to the high volume of responses, we will only be able to contact those customers who have been chosen for the program. Thank you for taking the time to review this information. We greatly appreciate your participation in the MSN Customer Experience Validation Program and your help to make a difference in MSN products.
Now that you read the requirements for participating, follow the directions below for joining our MSN Beta Program and the CEV Program:

  1. Go to http://connect.microsoft.com
  2. Enter you .Net Passport and password
  3. Enter the nomination ID for your country of residence (we will ship CDs to your home address and you will not be able to participate or receive awards if you are enlisted with an incorrect physical address). If your country is not listed below, we are not recruiting for your country at this time. Stay tuned!


Here are the Country Codes (as of 11-22-05)

Country     Invitation Code
Afghanistan                          AFPA-GJB4-4FCV
Arabia                         ENXA-P4WT-4QVJ
Australia                    AU-X8FG-XWR9
Austria                         AU-B86F-P6HH
Bangladesh                    BABG-BCWH-MCJW
Belgium                    BE-BFFD-FMV7
Brazil                         BR-MJYQ-DCRB
Canada                         CA-8VPP-8W8V
China                         CH-4PYP-H4D4
Czechoslovakia                    CSCZ-2PJ8-VDJ6
Denmark                    DADK-W8VG-GJT2
Estonia                         ESTO-Y4XF-MRKG
Finland                         FIFI-KHX6-87BH
France                         FR-XJGB-JV79
Germany                    GER-JJBM-9VFY
Greece                         ELGR-GVXH-XQ82
Hong Kong (Chinese Cantonese)     HGCH-T6D9-YDYG
Hong Kong (English)               HGEN-4438-YT89
Hungary                    HUHU-2WX8-3T4M
India – Bengali                    INBG-RD3W-WW9X
India – Indic                    ININ-CGBV-KJT6
India – Malayalam               INMA-YY3D-D4KM
India – Sanskrit                    INSS-BVP6-KPYF
Indonesia (Bahasa)               INDO-8QD2-BHW8
Israel                         ISR-3H7B-F4HP
Italy                         IT-3FCK-D8XM
Japan                         JA-DT6D-9YCY
Kazakhstan                    KAKA-X6C3-BT4W
Korea                         KO-9BV2-T2BP
Latin America                    ESLA-29D8-F99C
Latvia                         LATV-RQCX-4768
Lithuania                    LITH-4BFW-JJP6
Malaysia                    ENMY-K9YX-YQCG
Mexico                         ESMX-KBQB-CJKJ
Netherlands                    NE-3G4X-4M84
New Zealand                    ENNZ-HV6Q-QKDM
Norway                         NBNO-FVHV-8QMX
NW China – Kazakh               NWCK-7JXT-2Y6M
NW Mongolia – Kazakh               NWMK-FTJG-HJ2Q
Pakistan                    PAPA-CPCR-CHBR
Philippines – English               PHEN-FQ2T-4KXK
Philippines – Filipino               PHFI-Y7XB-XPQM
Poland                         PLPL-684W-D4QT
Portugal                    POR-FP8C-9M9F
Portugal                    PTPT-XTBD-6FTH
Romania                    RORO-6XXK-WHDT
Russia                         RURU-VKG3-3DC6
Saudi Arabia                    ARSA-RR6V-3BD3
Singapore                    ENSG-9G8C-DPTH
Slovakia                    SKSK-TFHK-PXF2
Slovenia                    SLSI-F6F8-YWPF
South Africa                    ENZA-BBX6-R3RY
South Siberia – Kazakh               SSKA-DB73-C3Q7
Spain                        SP-RKFT-CV2X
Sweden                    SVSE-3P4C-CPJD
Swiss German                    DECH-7PFK-VBFH
Thailand                    THTH-MDBJ-PKBJ
Turkey                         TRTR-JBJH-376K
UK                         UK-HQ69-6JBQ
US                         US-64JX-J2HJ
US/Spanish                    ESUS-2YB6-8C94

Finally you want to complete the nomination survey.
We will contact you as soon as we have a beta program opening for your country of residence.
As I hear of more country codes, I will update this blog entry with them.  Believe it or not, even though I talk about Open Source programs a lot, I’m a faithful MSN/Microsoft Beta tester.  Why?  Because I believe in making the product the best I can.  It doesn’t matter if it’s closed or open source.  All that matters is that it ends up being useful and good.  
Have a nice weekend everyone.  And, let’s get testing.
Patrick.

    

Boycott Sony/BMG

In the past couple of weeks, a lot of information has been coming out about Sony/BMG’s use of a “rootkit” to hide their XCP Copy Protection programs on your computer.  In one of the online communities that I manage, I called for a boycott of all Sony/BMG products.  Here are some reasons why this has been allowed to happen in the first place.

In the past couple of years, there have been sweeping changes to the Copyright laws in the United States.  The Digital Rights Millennium Act gave the companies more control over both the products they manufacturer, and over competitors ability to manufacture “generic” products.  This law passed with barely a whisper in the public forum, despite efforts by organizations like the Electronic Frontier Foundation.

To quote an article by Fred von Lohmann at  http://www.eff.org/deeplinks/archives/004145.php
“First, a baseline. When you buy a regular CD, you own it. You do not “license” it. You own it outright. You’re allowed to do anything with it you like, so long as you don’t violate one of the exclusive rights reserved to the copyright owner. So you can play the CD at your next dinner party (copyright owners get no rights over private performances), you can loan it to a friend (thanks to the “first sale” doctrine), or make a copy for use on your iPod (thanks to “fair use”). Every use that falls outside the limited exclusive rights of the copyright owner belongs to you, the owner of the CD. “
According to Sony/BMG however, you are NOT the owner of that CD you just purchased.  You only have a license (much like you only have a license to use computer software programs).
To quote Mr. von Lohmann again…

  1. If your house gets burgled, you have to delete all your music from your laptop when you get home. That’s because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD.
  2. You can’t keep your music on any computers at work. The EULA only gives you the right to put copies on a “personal home computer system owned by you.”
  3. If you move out of the country, you have to delete all your music. The EULA specifically forbids “export” outside the country where you reside.
  4. You must install any and all updates, or else lose the music on your computer. The EULA immediately terminates if you fail to install any update. No more holding out on those hobble-ware downgrades masquerading as updates.
  5. Sony-BMG can install and use backdoors in the copy protection software or media player to “enforce their rights” against you, at any time, without notice. And Sony-BMG disclaims any liability if this “self help” crashes your computer, exposes you to security risks, or any other harm.
  6. The EULA says Sony-BMG will never be liable to you for more than $5.00. That’s right, no matter what happens, you can’t even get back what you paid for the CD.
  7. If you file for bankruptcy, you have to delete all the music on your computer. Seriously.
  8. You have no right to transfer the music on your computer, even along with the original CD.
  9. Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling. The EULA forbids changing, altering, or make derivative works from the music on your computer.

So, this is what you paid your $14.99 for (or more in some areas of the country).  I’m not an advocate of piracy in any respect (especially since I’m majoring in the Computer Science field at my local college), but I WILL NOT purchase any music from any company who uses DRM tactics such as this.  I won’t purchase regular CD’s nor will I purchase songs or albums from online sources.  And, I encourage any people who read this blog to do the same.  Don’t acquire it illegally.  Simply DO NOT buy it.  You can live without that CD a few days/weeks/months longer, until they realize the stupidity in their ways and backtrack it.  Then, and only then, do you buy their music.  
As has been mentioned before (and I checked to confirm this) the most hilarious part about this all is, you can go online to the P2P sites, and download a few, if not most, of the albums that are “Copy Protected” with the DRM technology.  I haven’t downloaded them to see if the XCP software is included, but I’m willing to bet—No.  Way to go Sony.  Not only have you exposed the users who actually PURCHASE your CD to viruses and malware, you didn’t do anything to actually STOP the reason you’re doing this.  
Have a nice weekend (what’s left of it) everyone.
Patrick.

The latest news from Enterprise Open Source Journal (EOSJ)

Hi everyone,

If you’re even somewhat interested in using Open Source, whether it be at your home or your business, I highly recommend you read the latest edition of the Enterprise Open Source Journal. Their website is located at http://www.eosj.com/index.php.

In the latest issue, they tackle the subjects of Integrating Open and Closed Source sofware. Also they discuss how you can’t have one without the other (or more aptly, why you shouldn’t try to have one without the other). Possibly the most important article (IMHO) in the magazine is the clarification of what “Free” actually means, when it comes to Open Source.

People (myself included at one time) are under the misconception that “Free” in respect to Open Source, means free- as in free beer. This is further brought on because some of the people who provide Open Source software specifically state that in their description of it. The truth is, “Free” in Open Source is more like “Free Speech” rather then “Free Beer”.

Even though there is no cost to get the software (unless you purchase a Support Agreement or purchase additional features), there IS an investment cost. If you’re a consumer, then you’ll be investing your time in it. Whether it’s simply to keep it updated, or to code it to meet your needs (or code it to fix a bug), you’re still making an investment in the software. And, if you do have an issue with it, you’ll be investing time into researching and implementing the solution (or creating one of your own).

If you’re an Enterprise user, you’re not only investing the time that the consumer is, but you’ll also be investing money in paying someone a salary to invest the time. You may want to pay money to purchase the support that the developer offers. This reduces the amount of time that you or your Enterprise has invested, but it doesn’t remove it altogether. There will always be an investment of time on your end.

Now, by no means am I suggesting that Open Source is not a viable option. In many cases, it’s more viable then the closed-source versions of the same software. What I am trying to accomplish here is to make sure that anyone who is considering Open Source goes into this with their eyes wide open. I would rather see you go in knowing that you may end up spending some money or time (probably less then you would with the Closed-source versions), then see you going in with the misconception that it’s all “Free” (as in Free Beer), and being rudely awakened.

I highly encourage everyone to explore Open Source, and see if it’s right for you. Some will go totally Open Source.. Some will stick with all Closed (Proprietary) Source. But a lot will choose the path down the middle. The important thing is, that you are able to make the choice. That’s something that some people on both sides of the issue don’t want you to have. In your research, you will see people writing about how Microsoft (and other Closed-source) companies don’t want you to be able to use Open Source. This is not true. In fact, Microsoft had an exhibition at Linux World. And, they have exhibitions at other Open Source Expositions.

So, make the choice. Do the research. And do what’s right for you.

Patrick.

Hopefully the only Political thing I post here.

Hi everyone,

It’s been a little over a week and a half since Hurricane Katrina struck. Normally, I try to stay away from Politics and issues like that in here (since this is a computer-related blog), but this is one time that I’m digressing. I’ve been watching the news on and off since the Saturday before it hit, and I’m disturbed by a few things.

After the first 48 hours (probably after the first 12 hours, in reality), it was apparent that the entire Government dropped the ball on this. In fact, the ‘ball’ was dropped before Monday morning. Everyone from the local Government in New Orleans, up through the President screwed up. There should have been buses in New Orleans on Saturday and Sunday getting the people who couldn’t leave on their own out. The evacuation should have become mandatory on Saturday morning, and the buses should have been moving people. The voluntary evacuation should have been stressed on Friday morning (warning people that unless Katrina changed paths by Friday afternoon, it was going to become mandatory). From my understanding, the last bus left New Orleans sometime on Saturday.

After the hurricane hit, within 24 hours, New Orleans should have been SWAMPED with Emergency personnel. The National Guard (from more than just Louisiana) along with Active-duty soldiers should have been at the Convention Center and the Superdome immediately. Law & Order should not have been allowed to be lost.

I realize, this is all hindsight, and I hope that everyone from the individual up through all of the chains of Government will learn from this tragedy. But, only time will tell. And, hopefully it’s a LONG time before we are shown.

The thing that disturbs me the most about this is, within 3 days, people were saying that the lack of support and aid was a racial or a social-economic issue. My question is this…. The Mayor of New Orleans is African-American. I’m not sure what Nationality the Governor is. From the understanding I’ve gotten (by watching the news and reading blogs online), FEMA couldn’t come in until the local and State government asked them to. The local and State government said we can handle this (at first) This isn’t just in New Orleans. I’ve heard stories about a private church organization bringing aid to either Alabama or Mississippi, and being told to “Turn around, we’ve got it under control here.” by the local Aid organizations. So, if this is racially motivated, how? Politically motivated, Yes. Racial, NO.

It wouldn’t have mattered if everyone that stayed behind were African-American, Caucasian, Asian, Hispanic, or Martian. The point is, EVERYONE dropped the ball. Even the individual people who refused (and are still refusing) to leave their homes. As I mentioned above, the only things that matter NOW are that the ball is being picked up and carried, AND that hopefully everyone from the individual all the way up through the Government learns from this and doesn’t repeat the same mistakes.

Originally, I wasn’t going to accept comments on this post. The reason is, I’m just expressing my opinion as an intelligent human being. And, in the past, I’ve noticed that anything that is in any way politically charged will turn into a flame war. Call this venting, from someone who is mildly affected (occupationally) from the hurricane. Everyone has the right to their opinion, but since I don’t want to end up deleting this post and all of it’s replies because it becomes a flame war, I figured by not allowing comments, I’d be putting a stop to it in the beginning. But, I realize that I shouldn’t keep it one-sided. If you want to create a blog with your opinions about the Hurricane (or even about what I’ve said here) feel free to click the Blogger link at the top of the page. In fact, I encourage you to. If you want to post a comment to this, as long as it’s not considered a flame, I don’t have a problem. The only request I have is that you put some thought into it, and back up your information (if possible).

I also highly recommend viewing http://mgno.com/ A blog from some people still in New Orleans (at least they were until this week).

More importantly, I strongly encourage you to visit these sites. http://www.redcross.org and http://www.salvationarmyusa.com They definitely can use your support for the people that are directly affected by Katrina.
Patrick.

Opera 10 year anniversary deal.

Hi everyone,

This is a deal you can’t beat. Opera, one of the major alternative web browsers to Internet Explorer, is celebrating their 10-year Anniversary. And, they’re giving away registration codes for free. Normally, you have the option of text-based ads, graphical ads, or buying Opera for $19.95 in order to remove the ads.

But, until they run out of codes, you can get it free. This is truly a deal that can’t be passed up. Opera, as I mentioned above, is one of the major competitors for Internet Explorer.

So, check out the site, and if there’s still time, get your free code. Even if the offer isn’t good, I urge you to check out Opera anyhow. I’ve used it in the past, and I liked it. Right now, I use Opera, Mozilla Firefox and Internet Explorer for different things.

Patrick.

Spyware and what to do about it. And, why you should care.

Hi everyone.

Last weekend, I had to help a friend of mine try and fix their computer. It seems that he went to some sites that he shouldn’t have (in the terms of spyware) and got something nasty. In the end, it messed up the computer so bad, that he couldn’t go to Windows Update, and his wife couldn’t get into chat (or anything else that required JavaScript or ActiveX). We got the computer more or less back to normal on Saturday, but in the end they had to reformat it.

I’ve had to remove spyware from a number of my coworkers computers (and recommend programs to do so for others). And a couple of weeks ago, I had to help another friend of mine remove a nasty desktop/browser hijacker that her son got while visiting a website.

So, why am I posting about this? And why should you be concerned? You’re probably thinking “They went to Porn sites” or “Well, I definitely don’t go to THOSE types of sites”. That could be true (in the case of my older friend, it was a porn site), but it’s not limited to those sites (the desktop/browser hijacker has been found on WWF related websites). Even MSN and Yahoo have some type of “ad-ware” that they offer you. Granted, it’s mainly intended to provide the banner ads on the specific page, but it’s still ad-ware.

Ok, so I may have your interest. But, now you’re wondering what options do you have? Well, you can either live in a hole by not surfing any sites at all, never go online again, or download and use some types of anti-spyware and antivirus programs. A little common sense helps, but it isn’t required.

There are a lot of programs out that claim to remove spyware from your computer. And, there are probably just as many anti-virus programs out there. So, how do you decide which ones to use? Well, if you’re already using an anti-virus program, and are satisfied with it, then go to their website and find out if they offer an anti-spyware program as well. You don’t have to use theirs, if you find something better though.

Some of the best sources for information about Spyware, and the related anti-spyware programs include PC World and Spyware Information Org. PC World recommends CounterSpy by Sunbelt Security. While I haven’t used it, I have used other SunBelt programs and like them. Plus, I’ve used a ‘sister’ of sorts to CounterSpy. Most of the definition files for CounterSpy come from a company that was called “Giant Antispyware”. I say “was” because they were bought out by Microsoft. I’ve used the Microsoft Antispyware Beta, and highly recommend it to everyone.

Be ware of sites that offer you “Free Spyware Scans” then require you to purchase their program in order to remove the spyware. Some of those (not including CounterSpy or Microsoft) may actually give you false positives, or worse yet, install spyware on your computer. You can find more information about those sites in the Spyware Information Org website.

I won’t go into great depth about the antivirus programs in this post, but I will say that you need to make sure it’s updated regularly. If you’re on broadband, I highly suggest setting the automatic updates to check hourly. You shouldn’t notice any slowdown from the check. If you’re on dialup, I would still recommend hourly or at the most every 3 to 6 hours, and you should make sure it cannot connect (dial up) on it’s own. It should definitely check while you are online though. This also applies to your spyware and firewall.

Finally, using a little common sense will help you out also. If you go to a website, and it tries to install anything (ActiveX control or other controls) refuse the installation the first time. If the site doesn’t work, then hit your Refresh button (or the F5 key on your keyboard) and install the control. This DOESN’T include Shockwave or “Flash” (Macromedia) controls, as they typically are legitimate. Also, when surfing, if your antivirus or antispyware pops up, read the information carefully. If you know the item being questioned is safe, allow it. Otherwise block it (or select the Abort Connection option). And, make sure you do a scan every day. If you leave the computer on 24/7 (which I do), configure the automatic scanning settings. If you shut the computer down when you’re finished using it, then do a scan prior to shutting down each day.

If you’re considering an antispyware, antivirus, or firewall program and can’t find anything about it, feel free to post a comment here, or e-mail me about it. I’ll check into it, and let you know what I find out. Plus, I’ll be posting information about different ones in the future.

Patrick.

New Virus affecting Microsoft Windows raises Internet Security Alert to Yellow

Hi everyone,

This past Tuesday, Microsoft released six new updates for Windows, including one for Plug ‘N’ Play (PnP) that affects Windows 2000 users along with Windows XP SP1/SP2 users and Windows Server 2003 users. Originally, the vulnerability was thought to only be a ‘local’ issue (meaning you had to be physically at the computer in order to exploit this).
Shortly after that, an expoit code was released that showed how to use this vulnerability to attack computers remotely (via local networks or the internet). It wouldn’t be (and in reality wasn’t very) long before a virus came out using the exploit code. In fact, on Friday night, Zotob was named.
Because of the release of this worm into the wild (the internet), the Internet Security Alert status was raised to Yellow. Yellow means there is a threat that, while it won’t disrupt the internet as a whole, will dramatically affect some portions. More information on the “InfoCon” and meaning of the alert status can be found at http://isc.sans.org/infocon.php.

You will also be able to click on the link below to access the SANS Internet Storm Center.

So, if you haven’t already done so, you need to patch your Windows Computers. Even though this issue isn’t as effective on Windows XP SP2 or Windows Server 2003, you really need to patch for it anyhow. Because sooner or later, somebody will figure out how to attack those machines as well.

You can update your computers via Automatic Updates (recommended for Windows 2000/XP/2003 users) or going to Windows Update (http://windowsupdate.microsoft.com or http://update.microsoft.com). Be warned though that Microsoft has implemented their Genuine Advantage Program (Validation Tool) so, if you’re running a pirated copy or a crack serial code, it may not work. If that’s the situation you find yourself in, I strongly suggest that you purchase a valid copy from either an online store, or your local computer store (or Wal-Mart).

Patrick.

Internet Storm Center Infocon Status