Automatic Update MySpace Popup Trick; No Treat

Imagine a huge Water park for kids with no fence, adult supervision and plenty of little places to hide.  There are no rules and instead of admission fees, kids are encouraged to bring their personal information and keys to their house.  That’s basically how I see sites like MySpace.  Sure, they can be a world of fun but at what price?

MySpace, Zwinky and other social sites have been become a magnet for pedophiles, drug dealers, criminals and anyone wanting to perpetrate a new scam. This is the ultimate in a targeted audience.

Alex over at Sunbelt is reporting his research department is following another clever new social engineered scam that is appearing on MySpace. Kids are invited to view a profile and a familiar popup appears encouraging them to download the latest security update for Windows.

This pop up dialog looks so real that even if they stop and ask mom or dad, it’s likely parents would be fooled into downloading this nasty Trojan with the filename, “updateKB890830.exe”.

I’m told that MySpace abuse team is quick to respond to such scams but the scammers out number MySpace employees and have much better tools to distribute their tricks. Parents should read MySpace Tips for Parents which includes a link on how to delete your childs MySpace profile.  ( WinPatrol users, if you want to completely block MySpace.com send a note to support and I’ll tell you how.)

I’ve seen many Halloween activities curtailed over the years because of fear. Well, it seems a lot safer to allow your kids to Trick-or-Treat and/or dress up for school parties than it does to let them go online without supervision.

 

No Breaks for Windows Vista

Most of us who have used PC’s since Windows 95 have always looked forward to new versions of Windows. While it’s been almost a year since Vista was introduced to the public, I’m now waiting for the next new version.

I really wanted to fall in love with Vista but like many I feel like I’ve been cheated on.  I’m seeing folks who don’t even own Macintosh's writing reviews for the new Apple Mac OS X Leopard operating system.

Yesterday one of my favorite authors Steve Bass said it as best he could, “There’s No Doubt: Vista Sucks”.

Steve also had a link to one of the best Vista video’s I’ve seen yet.

Detect Changes to Windows Automatic Updates

There has been a lot of controversy lately over the Windows Automatic Update feature. First Microsoft made change some files used in the Auto Update mechanism on a users machine without ever making it an option. Now, Microsoft has been accused of making changes to the Windows AutoUpdate settings. Some claim during the last Windows update their configuration was changed to “Update Automatically”. Microsoft denies the accusations. Others report that Microsoft One Care or other application make changes for you.

WinPatrol has a long history of monitoring unique settings that most other programs don’t worry about. Many new WinPatrol features are requested by users but a lot of changes are based on things I want for myself. I thought “Hey, I’d like to know if something changes my Automatic Update settings”.

Available today, WinPatrol 12.2.2007 will now alert you if changes are made to your Automatic Update settings. Like most features, the intention is to protect users from changes made by malicious programs. As a side however, it will also detect if Microsoft or one of their applications decide to change these settings without your knowledge.

Also included in this new version will be detection of a few other unique settings like the prefix inserted by your browser (http://). If you don’t include http:// when you type in an address, Windows automatically adds it. If I changed this setting to http://www.billp.com/ no matter what you typed into your browser you’d always come to me. Depending on what comes after it, I could display a fake look-alike phishing page and grab your eBay, or Paypal account number.

I didn’t have a lot bugs to fix so I also included a few other safe changes. WinPatrol will now correctly read registry startup entries that use invalid formats. I’ve also included an online component to the PLUS activation process. This will finally allow the creation of an affiliate partner program and can accurately thank the folks who help promote WinPatrol.

As always, this version is a free upgrade to all WinPatrol users and is available at http://www.winpatrol.com/download.html.

My personal recommendation for Windows Automatic Update has always been “Notify me but don’t automatically download or install them”. I like to wait at least a week to see what problems are reported.

Headlines:

WinPatrol 12.2.2007 Press Release

Newest Windows Update Snafu Puzzles Microsoft

Microsoft: We Didn't Change Automatic Updates

Microsoft OneCare Silently Changes Automatic Updates

Direct Revenue Wasn't a Better Internet

I’ve had a lot to celebrate this month. I have a new grand niece, Ella Grace Pytlovany born Oct 11th. On October 15^th our nephew John returned from his 2^nd long tour in Iraq. Today, I received the good news that Direct Revenue LLC and Best Offers Networks have ceased operations.

The folks behind “A Better Internet” and MyPCTuneUp.com were well known for invading and taking over PC’s without a users knowledge or permission. In April 2006, New York State sued Direct Revenue and I reported on the results here in my post, “Death Threats for A Better Internet “. These guys knew all the tricks and showed no mercy yet, they thought it was a legitimate business model.

Last years lawsuit included relief and penalties from, the company's founders and chief officers Joshua Abram, Alan Murray, Daniel Kaufman, and Rodney Hook. It will be interesting if these names appear in any new companies or if they’ve learned anything from past consumer responses to their dastardly deeds.

Thanks to researcher Ben Edelman, Assistant Attorney General Justin Brookman and all the others who spent time and resources to expose these guys.

Xbox Has a Brief Win Over Nintendo Wii

Microsoft recently announced sales figures for the Xbox 360 for September and for the first time this year, Xbox out sold the Nintendo Wii. If you ever wonder how much a kick-ass game can impact console sales here is the proof.

There’s no doubt the surge in Xbox sales were due to the release of Halo 3 exclusively on Microsoft Xbox. Halo 3 broke all records taking in $170 million in sales during the first 24 hours. In the first 12 days, 3.3 million copies of Halo 3 were sold. Revenue from this single game has far exceeded any profits from Xbox hardware. Oh wait, Xbox still hasn’t recorded any profit.

In the 90’s I worked at MicroProse Software in an office next door to industry guru Sid Meier but I make no claims to be a true serious gamer. I will however still put my money on the Nintendo Wii. Sales of the Wii have out performed expections and will continue to do so.

When the Wii was first announced most gamers looked at the graphics and walked away unimpressed. Game developers wrote Nintendo off and went with Microsoft and Sony. Now they’re scrambling to create games which take advantage of the Wii’s unique features. The Nintendo Wii provided something completely new and innovative in game play while the other consoles just enhanced the pretty polygon graphics you control your with fingers and thumbs.

Some folks claim people will eventually get bored with Wii, but they neglect to see how this machine has attracted a much wider mass audience than just serious gamers. I predict we’ll eventually see additional tactile feedback devices for your body and custom controllers for your feet and head as the Wii phenomenon takes off.

If you’re into selling things on eBay for double or triple their retail price, start now and get your hands on every Nintendo Wii currently available. You won’t find them on the shelves in December.

( Ancient BillP quote of the day, “If they had only called it the Cabbage Patch Computer, the Coleco Adam may have had a better chance to succeed.” )

Sell Your Domain Appraisal Rip-Off

Thanks to Tyler Reguly who writes at .:Computer Defense:. for letting us know about this notorious scam which has recently resurfaced. If you’ve registered a domain name, your personal information including your Email is probably accessible to anyone.

So what would you do if someone sent you an Email saying they’d like to purchase your domain name for what ever price you want? This happens daily to a lot of folks and while they’re already spending the money in their head, a follow up Email usually includes the following catch.

“Have you had your domains appraised already? Can you show me your valuation certificates? As fas I know it’s a common practice to show appraisal of domain name (even without traffic and web site) before doing business.

Without appraisal I risk to overpay. In other words I won’t be able to make a profit on reselling this name. It’s very important for you and me to know the current market value of your domains.

Naturally, the Email contains a link to a site which claims to be a forum discussing various domain appraisal web sites. Not surprising, it’s a read-only message forum. While I haven’t done all the investigative work to connect the dots, it’s pretty clear the domain appraisal fee will be the only transaction that occurs. A number of victims have come forward to report after $100 or more in appraisal fees, the buyer changed their mind.

There are legitimate sites who will appraise your site and provide services to help sell your domain name but beware. Personally, I think parking a domain name just to resell it is wrong but it’s a pretty common practice.

So here are a few tips.

• If your name and other contact information shows up in a WhoIs request, you should check with your provider. Most web hosting services offer a feature to hide your contact information.
  


• If someone does offer to purchase your web site make sure the transaction is final before turning it over. Even certified bank checks can be faked. Just because your bank hands you the cash it doesn’t mean the check is good.
  


• Set your domain name to automatically renew without you doing anything. A lot of folks have tools which let them know the minute a domain name has expired so they can swoop in and register it.
  


• You may receive regular mail from a company telling you that your domain is about to expire with a handy return envelope to send a payment to renew your domain. This company probably isn't the one you used to register your domain and they're just trying to steal your business so you're registered through them.
  

AOL Name Change to Advertising OnLine

I was sad to read that AOL in Dulles, VA has laid off another 2000 workers as part of a “incredibly complex and significant transformation“. Just last month AOL officially moved their headquarters to New York City not far from Madison Avenue. Until now, AOL had been the 2^nd largest employer in Loudoun County, Virginia.

It’s time I accept the reality, AOL is no longer the innovative online service that I once knew and loved. Our vision was to create a service that could be used by anyone and didn’t require knowledge of parity bits, baud rates and intricate commands. We were proud to provide clickable graphical content instead of black and white scrolling screens of text.

According to CEO Randy Falco in his letter to employees, “my vision for AOL is to build the largest and most sophisticated global advertising network”. This is change from the late 80’s when AOL employees laughed at Prodigy because their service had advertising covering the lower third of the screen. Now I wonder if AOL will be looking to purchase adware companies the likes of 180Solutions, Claria or Direct Revenue.

The point was hammered home last night when I received “Certified AOL Mail” from a travel search company called Side Step.

AOL Certified SPAM

I never signed up or requested Emails from Side Step. The Email was very careful to follow the minimum requirements of the Can-Spam Act of 2003. Having this Email “Certified” by AOL means nothing to me other than “Advertising OnLine” was paid by this company to spam my Email account.

These days AOL has little to offer besides a familiar interface and that’s slowly being eroded. This is a far cry from efforts like the original AOL Greenhouse designed to encourage unique and interesting content. The current AOL Greenhouse is an Add-on tool development group for AOL staffers only.

Previous AOL posts:
Ads in AOL Email
Remove AOL Free Email Advertising
Full Pay & Benefits for forum volunteers
Welcome to the End of the Computer Age

Who is Responsible for URL Security?

Note: This post is more technical in nature than most.

There’s has been a big debate this summer over who should fix a possible security flaw outlined in Security Advisory 943521. Most examples use of malformed “mailto” tags to show how Windows passes along info to the function ShellExecute based on registered url handlers.

In the past, Microsoft has voiced its opinion that it should be the applications responsibility to verify any URL before it’s passed to Windows. Many have encouraged Microsoft to somehow create a global fix with a security patch in Windows.

This was a case where I was on Microsoft’s side of the argument. Of course my reason was selfish because I fear any changes could break the functionality of WinPatrol PLUS requests. This week Microsoft announced it would look at a fix on their end.

“Our plan is to revise our URI handling code within ShellExecute() to be more strict”. For the tech savvy, here’s what happens.

“With IE6 installed, ShellExecute() passes the URI to IE which accepts it and inside IE determines it to be invalid. Navigation then fails harmlessly. With Internet Explorer 7 installed, the flow is a bit different. IE7 began to do more validation up front to reject malformed URI's. When this malformed URI with a % was rejected by IE7, ShellExecute() tries to “fix up” the URI to be usable. During this process, the URI is not safely handled. IE7 rejects the URI, and on Windows Vista ShellExecute() gracefully rejects the URI. That’s not the case on the older versions of Windows like Windows XP and Windows Server 2003 when IE7 is installed.

The % is a very special character. It can be used to hide and embed potentially dangerous code. It can also be used to represent characters which in my case, I want to pass in the parameters of an url. For instance, %20 represents a space character which is safer for me to send and easy to parse on our server. It’s also used so I can pass & and ? characters within the parameters of my URL request.

Microsoft has not announced a time frame for any fix so I’ll be keeping an eye on this one and my fingers crossed. I’m guessing I won’t be the only one affected by a major change in how ShellExecute handles an Url. If you read my previous post “Windows Versions Are Like SnowFlakes” you’ll see why these changes scare me.

Rumors About Google, NBC, Microsoft

Ever since I started to Blog I’ve been the recipient of plenty of news tips and rumors. Most are easy to spot as some kind of hoax or as viral marketing. Some are so juicy I really want to write about them but without verification I’d rather not look like a jackass.

Occasionally I get tipped off and it turns out to be true. It wasn’t long ago that someone told me that the security company Webroot had made a deal with IAC to distribute the Ask.com toolbar with their Spy Sweeper program. I considered that one to be really stupid yet it turned out to be true!

Sometimes the rumors are almost true. Earlier this year I had a reliable source tell me that Microsoft was working on various plans for ad supported software. One idea included the sponsorship of Windows Updates. Can you imagine who many people would view the ad? The next week I almost panicked when Microsoft announced they would be acquiring advertising firm aQuantive Inc. Luckily for all of us the tip wasn’t true. (Yet)

This week I received another fun tip. A friend with General Electric informed me that Google was in talks with GE to purchase NBC Universal. Immediately, I had memories of AOL’s purchase of Time Warner. Googles net worth on paper could actually make the deal possible. I wouldn’t bet on this one but it’s still so fun to imagine so I included it in today’s post. I’ll probably wait until I hear it from Jay Leno before I believe it.

Thanks to all. Keep ‘em coming.

Task Scheduler Provides Malware Hiding Place

One of the least used features of Windows has been its control panel applet, Task Scheduler. In 2003, I added a feature to WinPatrol 6.0 which monitored Task Scheduler jobs and warned users if some kind of malware injected itself in the Scheduler list. In the past, I found few incidence's of malware using this as a method to run programs which might take over a system, replicate or just do nasty stuff. This has always surprised me since most Anti-Malware programs won’t alert users to newly created scheduled tasks jobs.

I have noticed more legitimate programs finally using Task Scheduler but unfortunately many obnoxious programs are also taking advantage of this poorly monitored launch location. There is a variant of the nasty Adware called “Lop.com” that now adds a program to the Scheduled Task list. Malware frequently creates file names using random letters like IS-HDKEUL.exe. Lop is distinguished by file names created by random words like “BASH ACE STUPID.EXE”, “EXIT FIVE GLUE.EXE, sometimes without spaces between the words.

Some recent detections to watch for in the Task Scheduler include:
RVHOST.exe – Yahoo Messenger Worm
At1.job – Multiple worms installed using old Windows vulnerability
BLASTCLNNN.EXE – Sohana/YahLover Worm
WUNAUCLT.EXE – Possible Zoih A Trojan
WINMDS.EXE – Porn Dialer Trojan
And many LOP type using file names created with random words.

Anyone who reads this Blog knows how I feel about AutoUpdates, especially when they run in the background all the time. The Task Scheduler is an ideal place for autoupdate programs. These programs shouldn’t run constantly but it couldn’t hurt to have them scheduled to check for updates on a regular basis and then shutdown.

Some of the annoying auto updaters that need to be moved to Task Scheduler come from Google, Adobe and InstallShield which looks for updates of any programs that used InstallShield as their setup package.

According to recent requests for PLUS Info, the following are now using Task Scheduler.
MPCMDRUN.EXE – Windows Defender
SOFTWAREUPDATE.EXE – Usually Apple/iTunes/Quicktime
SYSTEMOPTIMIZER.EXE – TuneUp Software GMBH
MSFEEDSSYNC.EXE – Microsoft IE7 RSS Support
WALIGN – Window 98 File Optimizer
MSNTBUP.EXE – Microsoft Live Toolbar

Microsoft has made radical changes in Task Scheduler for Vista. This has encouraged many developers to take advantage of its power. It also has appeared to provide a little better security so that malicious programs will have a harder time infiltrating systems this way. You’ll still be surprised by how many unnecessary services run here slowing you down when you least expect it.

You’ll definitely want to keep an eye on your Scheduled Tasks either by using WinPatrol or occasionally opening the Task Scheduler applet in the Windows Control Panel. It might help explain where that “Do you want to update…?” message appears to come from.

Music Available only $9,250 a song

The biggest news story today was a guilty verdict against 30 year old, Jammie Thomas of Minnesota. This story was even picked up by the Aljazeera Network. You know how evil those American women are!

A jury found in favor of the Recording Industry Association of America and ordered the mother of two young boys to pay $220,000 or $9,250 per song that she allegedly shared over the Kazaa P2P service.

Clearly, a single song isn’t worth ten grand but the verdict wasn’t based on Ms. Thomas downloading music to her personal computer. The RIAA didn’t even have to prove the files still existed on her computer. The price tag was based on a simple premise that by making these files available she was a distributor of copyright material.

According to the judges instructions to the jury #15

“The act of making copyrighted sound recordings available for electronic distribution on a peer-to-peer network, without license from the copyright owners, violates the copyright owners’ exclusive right of distribution, regardless of whether actual distribution has been shown.”

The penalties for just "making a file available" to millions is judged to be a more serious infringement then just illegally downloading a song to your own computer. Given this hotly debated instruction, proof of any transfer didn’t even need to be proven.

If you read Bits from Bill because you’re interested in my personal opinion I’m not sure there is enough room here to share all my thoughts.

Do I think the judgment is excessive?
Yes. It’s very unlikely a sufficient number of those who may have downloaded a file from Ms. Thomas would have ever made legal purchases of the song to generate $9,250 in revenue.

Who are the real winners?
Lawyers, ITunes and other pay download sites, not necessarily the music industry or artists.

Message from Jammie Thomas

"Some of you have sent me messages asking where to send money to assist with paying this debt. I must tell you first, from the bottom of my heart, I thank you for your kindness. Now, this debt isn't finalized. There are more options available my attorney is currently seeking out before I am stuck with this ridiculous bill from the RIAA. We'll worry about the debt part once it's finalized that I will have to pay it. Also, other's have been asking where to send money to assist with an appeal (I'm not saying there will be one yet, but there might be). If you feel you would like to help with an appeal, any correspondance can be sent to my attorney, otherwise known as Batman :D, at the address below. IF you decide to send something (and please do not take this as me asking, I know alot of you are in the same financial boat as I am, so I could never ask you to send money), please send it marked with my case number 06cv1497 Capital Records v Jammie Thomas, to:"

Chestnut & Cambronne
Attn: Brian Toder
3700 Campbell Mithun Tower
222 South Ninth Street
Minneapolis, MN 55402

Apologies to regular readers and Email readers for any duplication of this information. My last post was flawed by my efforts to report news and try make a point which really didn’t apply to this case.

Yahoo! Surprises Me with Improved Search

Three months ago I spent some time researching the major search engines and concluded that Google remained the best search engine available. (More Info). Recent ratings have also showed that Google leads business of Internet searches. Yahoo! Inc has announced new search enhancements including something called “Search Assistant”.

Press Release…

"The new Yahoo! Search is focused on getting consumers the most relevant information as well as providing the best user experience. We know that consumers want a complete answer, not a bunch of links, and the changes we've made are focused on getting people to the best answer -- whether it be a Web link, photo, video or music clip -- in one search," said Vish Makhijani, general manager and senior vice president of Yahoo! Search.

Unlike Ask.com who tried to lure new users with an expensive ad campaign about its algorithm, Yahoo! actually improved their search engine. Using my traditional “Pytlovany” search test the results from Yahoo! improved since early summer and now exceed the results from Google. For now, my testing is preliminary and I have found at least one invalid result but this appears to be a big step for Yahoo!

I’m not sure if Yahoo! has raised the bar on search technology but they appear to have grabbed onto it. This should cause the folks at Google to focus a little more on enhancing their search advantage. While both companies have diverse offerings, search is still the entry point to their business. I expect we’ll be hearing more about the “Search Wars” in the future.

Update: A little more research shows that Yahoo! may have put the cart before the horse on their new search technology. I found that while they may have increased their search results, Yahoo! fails to properly screen out some potentially dangerous sites. While my Safe Search options were set to “Filter out adult Web, video, and image search results” it didn’t work. I was sent to a couple sites with porngraphic videos asking me to download ActiveX files to view the video.

While some make argue this is not their responsibility safe searching is one enhancement even Google could improve on.