Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Thursday, September 27, 2007

Biggest Security Hole Continues to be People

In the old days the easiest way to access a computer system was to go directly through a human. It wasn’t always done through the use of wargames dialer which dialed up phone numbers in search of computers with modems. Most time it was as easy as calling a secretary at the computer center and saying…

“Hi, this is Fred from IBM. We found a problem with the computer system and it appears most of your data has disappeared. I’m not sure if you’re responsible but we need your account and password to fix this problem.”

It may sound silly but it worked and the same methods are used today. They’re just a little more sophisticated.

When the storm Trojan was first detected I didn’t give it a lot of consideration. I even suggested that everyone was over reacting.

“Are attachments like this still getting through Email filters? Are people downloading attachments with names like, video.exe, full video.exe, Read More.exe, Full Text.exe or Full Clip.exe to see new stories? I say no. At least not to the extent deserving of this weekends attention.”

I’m willing to admit my evaluation at the time may have been shortsighted. When the attack is this large, it doesn’t take a huge percentage of victims for a problem to become serious.

It’s not as difficult as you might think to get folks to fall prey to a socially engineered attack. I’m sure a large number of intelligent people believed it when “Your family member has sent you an eCard” arrived in their Email.

The most effective attacks I’ve been tracing try to scare readers into taking an action when they think they’ve already had their account or machine compromised.

The following are other examples I’ve seen regularly in my Email. What would you do if you thought someone had purchased a new Dell computer using your PayPal account?


Paypah phish says you've purchased a Dell computer


And how bad would you feel if someone gave you a bad recommendation on eBay?


Phishing Email threatens your eBay reputation


I have a pretty good imagination and it didn’t take me long to think of other examples on my own. Here’s one that targets users in the U.S and I’m guessing it would trick a number of folks into granting full access even pass their firewall.


Example of how easy it could be to trick people into downloading new malware


Obviously, user education will never be 100% effective but don’t panic. A lot of folks like myself will continue to spend time coming up with new ideas on how to reduce and/or prevent damages.

In case you are interested, you really can receive Amber alerts on your computer or mobile device by signing up at http://www.amberalert.gov/



Labels: , , , ,

Share on Facebook


Wednesday, September 26, 2007

Increased Sales Due to Falling Dollar

Soon after I started this Blog I wrote about the need to globalize your business. The Internet has made for a smaller world and the devaluation of the US dollar may be actually helping sales of some U.S. products.

It doesn’t make my trips to Europe cheaper, but it does make WinPatrol a good bargain. Since the price of WinPatrol PLUS is set in USD, every day the dollar is worth less, the cost of a PLUS upgrade for international users is reduced.

I decided to look at the PLUS sales to our friends outside the US over the last four years to see if there was a significant trend. I can’t say it’s entirely due to the failing US dollar but certainly shows how important international customers are. The following is based on a three month summer period.




Obviously, a declining dollar isn’t good new for the US economy. I’m no expert on economics so I’m just trying to be optimist. I’ve always believed the science of economics has far too many variables. I really don’t believe the GNP can be measured. I think President Roosevelt’s deal to link Saudi oil sales to dollars will come back to bite us. Still, if you’re a small company with a U.S made product this is a good time to think globally.

Labels: ,

Share on Facebook


Sunday, September 23, 2007

New WinPatrol PLUS Data Collection

Over the years we’ve been adding to our PLUS database and currently have over 16,500 files online available to our PLUS members. Unlike other program lists online we’ve tried hard to create descriptions that can be understood  by every level of user.  We also try to include program tips and links to other information including known error reports and how to update to the newest version.


Programs have been added to the database based on the frequency of requests, their level of danger and customer requests. We keep a count of unique filenames to help prioritize their popularity. Our current method works well but occasionally several descriptions are required when multiple programs use the same filename. Instead of reading long descriptions and forcing users to make a decision, we’ll be increasing the precision of our PLUS Info results.


To accomplish this, our new version (12.1.2007.5) will be collecting more data on requested programs. This is strictly information on the file and not the user. Typical data sent will incude version, company name, install path, file date, file size and date detected. The results will be better detection of rootkits and other more devious attacks. It will also help detect outdated system files which may create unstable versions of Windows. (Something which has caused me grief recently)


This will be an “Opt-in” decision for both free and PLUS WinPatrol users. By default, this option will be off. By checking the option users give permission for their data to be used to improve our results. New PLUS data option


 



Users can participate or not by downloading our newest version at http://www.winpatrol.com/download.html


 

Share on Facebook


Friday, September 21, 2007

Registry Tweaks Cause Unexpected Results

I recently wrote about the problems that can result from so many different files that make up Windows. This week I found out the hard way how simple registry tweaks generate unintended surprises.

A few years ago, a tweak started making the round that allow users to add “Move To” and “Copy To” to the Windows Explorer in XP. Just last September TechRepublic was promoting this registry hack which used some additions to the registry key…HKCR\AllFilesystemObjects\shellex\ContextMenuHandlers

Well, it turns out this tweak can cause some unexpected surprises. I can tell you I was surprised when my new friend Mark told me about the unexpected behavior he experienced. When he clicked on PLUS Info… he was greeted with a “Move Items” Dialog screen.

This dialog appeared when requesting Plus Info!  Weird


After doing some research I found many other unexpected surprises caused by this registry hack. This is just one of the registry changes which has caused problems since I’ve fixed a previous Windows quirk that impacted WinPatrol users.

Most of the registry flaws appear to be caused by 3rd party browsers or other internet programs which made changes when they installed, but didn’t restore the original values when they were Uninstalled

When it comes to our newest WinPatrol (12.1.2007.0) I’ve narrowed most problems to the registry key HKCR\InternetShortcut\shell\open\command. If you experience problems getting PLUS Info visit http://www.winpatrol.com/faq.html for help. If this causes a problem in WinPatrol it will most likely cause problems to other programs.

If you’re one of those people who like the “Move To” / “Copy To” registry hack I can point you to the correct solution. MVP Ramesh Srinivasan provides an explanation and new method at http://windowsxp.mvps.org/movetocontext.htm


Labels: , , , ,

Share on Facebook


Wednesday, September 19, 2007

Office 2003 SP3 Things You Should Know

I’m a big fan of the Service Pack updates that Microsoft provides for free. I’m also a big fan of being informed before you install any new software on your computer.

Like any update, I recommend against rushing out to be the first. It never hurts to let others be test subjects for a few weeks before making major changes to the machine that your productivity or life style may depend on.

Microsoft has released Service Pack 3 for Office 2003 which contains number of needed fixes and security enhancements. I’m pretty sure I’ll install the Service Pack on my machines running Office 2003 but it won’t be today. Even as it’s being released Microsoft has acknowledged a few possible quirks that you should certainly be aware of.

The known issues below should be reviewed before anyone installs SP3.
(Click number link for more info)

  • You are unexpectedly prompted to restart the computer after you install an Office service pack or an Office update (905726)

  • The functionality of an add-in, an ActiveX control, or a COM add-in is reduced, or the functionality is blocked after you install Office 2003 Service Pack 3 (938814)

  • Error message when you try to create a new MAPI form in Outlook 2003: "contact the administrator" (938816)

  • Attachments that contain the .gadget extension cannot be opened in Outlook 2003 after you install Office 2003 Service Pack 3 (938811)

  • The Fast Saves feature in Word 2003 no longer functions after you install Office 2003 Service Pack 3 (938808)

  • You may experience issues when you run the Microsoft Office Document Imaging program after you install Office 2003 Service Pack 3 (938813)

  • You receive an error message when you try to open a file or to save a file after you install Office 2003 Service Pack 3 (941636)

  • You cannot open Microsoft Excel 5.0/95 Workbook files that contain Visual Basic for Applications macros in Excel 2003 after you install Office 2003 Service Pack 3 (938806)

  • Office files that are saved in certain formats no longer contain the version number of Office after you install Office 2003 Service Pack 3(938807)

Some of these issues may not apply to everyone, but you should be familiar with them before installation. In time, I suspect this list will grow.

For detailed information about these issues as well as the benefits of Office 2003 Service Pack 3 go to http://support.microsoft.com/kb/923618.


Labels: , ,

Share on Facebook


Monday, September 17, 2007

Windows Versions are like Snowflakes

The Windows operating system is actually composed of a number of individual files which provide particular functions. Over time, the number of these files has grown.  A diagram of their dependencies would look much like the republicans flow chart of the Clinton Universal Health plan of the 90’s.


Even if you and I both have Windows XP SP version 5.01.2600 we really don’t have the same version of Windows.  This creates a problem for software developers who need to make sure their software works on everyones machine.  It can make testing and identifying problems a real challenge. It’s also one of the reasons auto-updating software freaks me out.  Have I mentioned “if it ain’t broke, don’t fix it”?


I bring this up to illustrate why after a very successful launch of our new WinPatrol I am releasing a new version today that doesn’t really have any new features. After two weeks and over 100 thousand downloads I had a handful of people who wrote letting me know they could no longer access our PLUS database.


I discovered the Windows component named shell32.dll works a little different depending on its version and/or its dependencies.  It seems that normally Shell32.dll supports the lengthy web addresses (urls) that WinPatrol uses when accessing PLUS Information. Unfortunately, some versions of this file, even on the newest versions of Windows limits programs from opening urls over 260 characters.


Our new version 12.1.2007.0 resolves this problem. Hopefully, the cure doesn’t find some new disease but so far all our testers have been pleased. If you’re a WinPatrol PLUS member and you’re not having problems there’s no need for you to update your software. For anyone not getting all the information available, you’ll be happy with the new version which is available to all at http://www.winpatrol.com/download.html. International versions will be posted within the next 48 hours.


Since I brought up the topic, I reluctantly feel a need to point out one more misconception.  The myth about no two snowflakes being alike isn’t exactly true either. Wink

Share on Facebook


Saturday, September 15, 2007

Show File Types and Hidden Files

I’m pretty sure author Ed Bott doesn’t read Bits from Bill yet on the same day I wrote about File Types, Ed blogged about a script he created to automatically turn on hidden files and display file type extensions.

In his Blog Ed says…

More than two years ago, I published a simple script that allows you to toggle the Explorer attribute that shows and hides System and Hidden files.

The script also assumes that you probably want the option to edit file name extensions, so it changes settings to make file name extensions visible as well for common data file formats.

Ed’s script is an easy way to make changes I recommend without having to find the options under Folder Options. Best yet, Ed has recently modified his script to work under Vista.

To test out Ed’s script and learn more Click Here

One caveat; Ed’s script is written in Visual Basic script.(VBS). As I discussed earlier, some security programs may have automatically re-associated the .VBS type for your protection. Instead of the script running, it may be displayed in Notepad.

If you just want to see what the script looks like in its text form, Click Here


Labels: ,

Share on Facebook


Tuesday, September 11, 2007

Crash Victim Identified by iPod

After two days Minneapolis authorities still could not identify Adam Ray Finley after his bicycle was struck by a school bus two blocks from his apartment. The 30 year old was killed. His only possessions at the time of the accident were keys and an iPod.


Recently NBC's Dateline did a story on stolen iPods. They contacted Apple and asked about using iPod serial numbers and iTunes to return lost or stolen iPods to this rightful (registered) owners. Apple Inc. declined to participate in the story.

Luckily for Finley’s family, some Apple employees came to the aid of Minneapolis investigators.  Obviously, when they want,  Apple can trace the rightful owner of an iPod. This may open a huge privacy issue but I’m personally  glad the Finley family did not have to wait any longer than possible for an answer to their grief.


Adam Ray Finley 
While I didn’t know Finley,he was well known as a film and TV reviewer for America Online and wrote for several other publications.  Like any tragedies affecting folks in our business we are all sadden and our thoughts go out to his families and loved ones. A tribute to his work is being featured at TV Squad.com
 

Share on Facebook


Monday, September 10, 2007

Don't Change My File Type Associations

Every file on your computer has a designated type. Some types contain programming code that performs an “executable” action, while most contain data used by an assigned program. For anyone using a Windows computer the file type has traditionally been designed by a three character extension separated by a Dot character. Microsoft Windows now hides this extension but that’s a topic for another post.

Examples of file types that contain programming code executed by Windows are .EXE, .CMD, DLL’s. Common examples that contain data include .TXT, .MP3, .JPG, .DOC and many others that can be registered in Windows. There are also executable “scripts” but they’re essentially data for a program that runs their commands. Examples include .VBS, .REG, .WSH

In the old days ( 2–3 years ago ) we preached the dangers of never clicking or opening any executable file type and considered data types as safe to open. Sadly, this is no longer true. Malware authors have found vulnerabilities that have allowed them to embed program code within a data file and trick Windows into running it.

What you’ll want to know about any file type is their “Associated” program. This is the program Windows runs when you click or open the file. Windows will run the associated program and tell it to open your file. Which program Windows chooses is actually designated in multiple places but there is an option screen that allows users to make changes.

The following can be found under the Windows Explorer(Windows key + E) Tools menu when you select “Folder Options….”

File Type dialog

This dialog allows you to change which program will open for any particular file type, but for most people this screen will never be used.

Vista users won’t find this feature under Folder options. Instead click on the Vista Start Orb, and select “Default Programs”.

Select the 2nd option to update your file types.

In most cases, file type associations will be changed by a newly installed program that you add to your system. Many an unwanted program or Spyware will modify file type associates to hide themselves or to allow them to run unexpectedly.

For a long time, malware authors used .VBS(Visual Basic Script), .REG(Registry script) and even .SCR(Screen Saver) file types to introduce infections. This was so common that most Email programs will block these files types just like they block EXE’s. Some security programs may even re-assign these types to safe programs like “Notepad” without letting you know. This can be annoying but might be a reasonable approach for novice high risk users.

Many legitimate programs may change a file type association so it becomes the program of choice. Well behaved programs will offer you an option when you run their setup programs.

One of the lesser known unique features of WinPatrol is File Type Protection monitoring. If a malicious program tries to hijack a system critical file type associations, you’ll be alerted and can prevent the change. This can also be useful if some normal program tries to change your favorite Media Player or Photo viewer without letting you know. If you don’t want to be alerted, you can also just check the option “Lock File Types” and WinPatrol will always protect the file types you’ve chosen to remain the same.

Options tabLock File Type





Share on Facebook


Sunday, September 09, 2007

Someone has sent you a Private Message!

This seems to be a new attack vector we're currently researching. It's starting to show up in many Emails.



You have just recieved a new Google Message!

You can view your message here: http://www.google.com/gmsgid=blablabla


Note: If you do not already have Google Message Viewer installed, you will be prompted to install it.


DELETE this message
DO NOT CLICK to install anything.


Share on Facebook


Friday, September 07, 2007

Minor WinPatrol release news

Word spreads fast on the internet so I figured I probably should mention that there’s a minor new release of WinPatrol made available today. This news will probably be lost among reports of new iPods and nude photos of Vanessa Hudgens, the 18 year old star of Disney’s High School Musical.


Just the same, I thought I’d let my WinPatrol fans know version 12.0.2007.5 is now available. Unless you’re having a problem getting PLUS Info, there’s no immediate need for you to download the new version. This is a minor release. The most notable change is a new option that allows folks to use the original black Scotty icon in the system tray.


New Options for WinPatrol


You can always download the newest version of WinPatrol by going to our web site, http://www.winpatrol.com/download.html. Scotty should remember you're a PLUS member and activate your PLUS features. If not click on the PLUS tab and enter your Name/Registration code combination to activate your PLUS features. For specific information on the new release see http://www.winpatrol.com/upgrade.html

Labels: , ,

Share on Facebook


Tuesday, September 04, 2007

Removing Ads in AOL

After writing nice about AOL, I promised I’d point out another annoyance along with a simple fix. It’s almost comical how AOL finds new ways to advertise everything and everywhere on its service. It’s personally ironic when I remember back to the early 90’s when I managed the AOL client software. We ridiculed and made fun of Prodigy for including ads on every screen.

I know most of my readers no longer use AOL but this is just too much. The subject line may also attract as many new readers as my articles on removing Zwinky.

The newest insult to “paying” AOL customer comes when they send an Email. Not only does the “Your mail has been sent” window come with an ad, some of the advertisements are complete video commercials.
AOL's indication that your mail has been sent, not includes an ad video for Dell


Not all my machines with America Online include this feature so I assume it’s being rolled out with some kind of “no choice” auto-update. While I seem to have plenty of bandwidth and horsepower, I don’t like AOL slowing me down anymore than needed.


Luckily, this one is easy to remove although you’ll lose your confirmation notification in the process. Just click on the “Mail Settings” link and you’ll see the following. Remove the checkbox in front of “Confirm that mail has been sent” and the ad will go away.


Remove the checkbox in front of




Labels: ,

Share on Facebook


Sunday, September 02, 2007

I've been Twitterpated

Still suffering from jetlag it’s hard to work on anything serious this holdiay weekend. Instead I’ve been just poking around for new ideas that don’t take much thought. I decided again to play around with the unique service called “Twitter”.  It’s hard to describe Twitter.  It’s like a Nano-Blog that only allows you to write your thoughts in 140 characters or less.


My wife Cindi always jokes about how she doesn’t believe anyone cares enough about what I say to read my Blog. She’ll really be shocked if anyone joins Twitter to follow the variety of mini-thoughts I have during the day. Twitter is becoming very popular so who knows, it may be the next big success in social networking.


On the left-side bottom of Bits from Bill, there is a Twitter “badge” that will display the last few comments I make via Twitter.  This way you don’t have to join Twitter to see what I’m thinking about.  If you do want to try Twitter, it’s free and you can sign up at http://twitter.com/home.


You can invite others to join Twitter but like other social networks I hate it when people give away my Email address. Instead, try searching for other people you know who may already be using Twitter at http://twitter.com/invitations.


This is still a big experiment for me so, if you click Follow Me, I’ll Follow you in return.

Share on Facebook


Saturday, September 01, 2007

AOL Active Update Doesn't Suck

Today, in a RARE move I’m going to say something positive of both America Online AND automatic updates. I’ll make up for it tomorrow by pointing out another new annoyance from AOL.

Recently, AOL has been “offering” an update of its “update” mechanism to fix potential problems. “This corruption can cause software updates to restart repeatedly until they are successfully completed.

Unlike most other updates, they actually have my approval on how this update is being presented.

AOL Update dialog









There are some things I really like about this update.


  1. They actually notify the user an update is going to occur.

  2. Date, Time and Update number(although cryptic) are displayed.

  3. They provide a “Let me do it later” option.

  4. They describe the purpose of the update.

  5. They even provide a link to more details that describe the update.

    If you click on the image above, it answers the questions...
    “What SoftwareUpdate am I Receiving?”
    “What is the AOL Software Update Mechanism and How Does it Work?

The only thing missing is an option, “Never Update” but I can understand this being a required due to the serious nature of the problem.

Unfortunately, this kind of update is rare but I sure would like to see more like it.


Labels: ,

Share on Facebook