Domain Names May Never Be the Same

The Internet Corporation for Assigned Named and Numbers (ICANN) recently announced proposed changes that may change how you find things on the internet. ICANN is an internationally organized, non-profit corporation based in Marina Del Rey, California. ICANN describes its role below.

ICANN is responsible for coordinating the management of the technical elements of the DNS to ensure universal resolvability so that all users of the Internet can find all valid addresses. It does this by overseeing the distribution of unique technical identifiers used in the Internet's operations, and delegation of Top-Level Domain names

Translation: They control all the domain names on the Internet.

You may remember a couple years ago there were discussions about adding new top-level domains(TLD) such as .xxx or .sex to identify pornographic sites. While some new ideas like .biz, .jobs and .travel were added, most people continue to use the original six top-level domains of .com, .org, .edu, .gov, .mil and .net.

In 2009, ICANN will allow customized top-level domain names. That means just about anything is possible beyond the current 21 generic top-level domains. Imagine TLD’s like .obama, .twitterfans, .moms, .jokes, .pepsi, .white, .linux, .peace, .overthehill. I still have people who tell me to go to a web page like mary@domain.com and/or their Email address is www.something so I'm sure this will add to the confusion.

According to ICANN, they won’t be selling these names but an “established entity” will be able to submit an application that will go through an evaluation process. I suspect this process will eventually turn into a bidding process. I also expect that the established entity will then have the rights to sell and register new domains wanting to use their new TLD.

ICANN says that company trademarks will not automatically be protected. An “objection-based mechanism for trademark owners where their arguments for protection will be considered.”. The same “objection-based” procedures will make the decision on what TLD could be morally offensive.

“This process will be conducted by an international arbitration body utilizing criteria drawing on provisions in a number of international treaties.”

I wonder how you apply to be a member of the arbitration body? I do hope the arbitration body will meet more than twice a year. They could be very busy when this new plan is available.

One other significant result of the new ICANN rules will be support for more than just the 37 Roman characters currently allowed. This is a big step for non-english countries who may resent the Americanization of the internet. It should be a wake up call to anyone who thinks the world revolves around those of us who only speak English.

More:
CNET: ICANN adopts new Web site naming rules
Marketing Monster: .yournamehere: Changing the Faces of the Internet

Google 5th Worldwide Most Infected Web Sites

In a report by StopBadware.org, U.S. based Google is ranked 5th in hosting sites which are infected “badware” or attempts to deliver what we commonly called Malware. The top four sites on the list are all based in China.

After analyzing 200,000 sites, the report found 4,261 infected sites hosted by Google which may be small compared to the 48,834 infected sites found on #1 Chinanet-Backbone.

The majority of the problems I’ve seen have been on Google based newsgroups and their blogspot Blog hosting service. Google has made creating a Blogspot account so easy that it’s easily abused. Due to spam filters I was forced to create a BitsFromBill.com domain to use in my Email signature. This address just redirects users to this page but when I included billpstudios.blogspot.com in my Emails’ many spam filters blocked me. Ironically, I first disovered this when an Email to a friend at StopBadware.org bounced back.

Now here’s the twist. Google.com is a major sponsor and a one of the founding sponsors of StopBadware.org. I give them a lot of credit for helping to make this report available. Google has made an effort to take down malware sites as quickly as they can but it’s daunting task. Obviously, they still need to re-evaluate some of their procedures.

Bill Pytlovany for President

When I first started getting online and talking to others back in 1982 we never really knew what a power the Internet would become.

http://www.news3online.com/index.php?code=705RT4J14BB002RKy0Kz

Thanks to Steve Bass who seems to find lots of cool things online.

WinPatrol USB Wristband

After the creation of a stand alone version of WinPatrol it became obvious that users wanted to have their own flash memory based tool kit. I also thought it would be cool to have a WinPatrol brand flash memory stick so I created the WinPatrol USB Wristband.

WinPatrol Flash USB Wristband

I couldn’t get one for myself without ordering a large batch so I’m making the wristbands available in the BillP Studios online store. Wristbands are currently available for $24.95 plus shipping until the supply runs out.

Included:

• 1 GB flash memory ( Copy your favorite photos and tunes )


• WinPatrolflash.exe ( WinPatrol portable)


• wpsetup.exe ( newest install for FREE WinPatrol )

Use your WinPatrol USB Wristband to copy your music, photos or even your data from one computer to another.

Click here to order

(PLUS code not included)

Firefox 3 and WinPatrol

Just a note today to let WinPatrol users that Firefox 3 uses a new scheme for saving cookies so our normal support for filtering and managing cookies on FF3 is broken.

I’m currently working on a solution so that Scotty will be able to eat up cookies in Firefox 3 just like it has in previous versions.  Cookies are the only incompatibility problems.  Everything else relating to WinPatrol and Firefox 3 works as expected.

I can’t imagine you not wanting to keep Firefox 3 just because of this but if you do have problems older versions can be found at http://www.mozilla.com/en-US/firefox/all-older.html

 

 

Malware Attacking Your Router

WinPatrol was one of the first to detect malware based on “behavior” of program and continues to follow that model. One behavior we’ve seen a lot of lately is very scary.

Instead of installing malware that continues to run like a key logger or trojan, malicious programs are increasingly attacking the network router which is common with any internet connected home and/or office. An unwanted program can quickly make a change to your router settings that will immediately open all your computers to the world. The bad guys won’t have to install a key logger, they’ll be able to record every byte that goes across your network. It’s happening now to thousands of routers which are still using their default name and password.

Do you know if the password has been changed since your router was purchased?
Do you know how to access your router to change the password?

I’ve run across a number of users who follow all the recommendations to configure their networks for WEP or WPA2 encryption but they never bother to change their default name/password. They’ll even take the time to rename their default SSID but still don’t change the name/password from the factory setting.

It probably won’t surprise you that the factory passwords don’t change much and are widely available. The WinPatrol research group dissected some recent malware threats and could see the routers they were attacking.

• Linksys, uses the name and password, “admin”. Older units use a blank user name.
  
• Belkin, uses blank password for default access
  
• Netgear, user name is “admin” and the default password is “password”. Big improvement over their old default “1234”
  
• ActionTec, Some unit don't even require an admin login. New devices use "admin" and "password". (updated)

You get the idea. The program recently submitted to our research team had a list of 28 different routers complete with address, name and password clear for anyone to read with the proper tools.

As a security professional I’m reading more and more about vulnerabilities being found in wireless and non-wireless routers. There’s only so much we all can do but the first thing should be to change the default password.

If you don’t know how to access your router, just use your favorite search engine and type in your router name and “change default password”.

Review of my new Garmin Nuvi 760

Best Purchase I made all year.
If you’ve been shopping for a GPS units you’ll know how tough a decision it can be.  While I don’t do a lot of driving I picked up a Garmin Nuvi 760 mainly for my wife to use. I love having a GPS in the car but nothing is perfect and like many units the Nuvi just took a little education.

Click to shop for Garmin Nuvi 760
 Now $249.99 (Half of what I paid last summer)

While most reviewers tell you to forget the options I went all out with the MP3 player, Bluetooth and even FM traffic/weather. It was more expensive but I really wanted to get something that provided hands free cell phone use and I’m very happy I did. Having a SD card slot was also a must.

First the bad news. My unit came with a specific car charger which is required for the real-time traffic service. It was a pure piece of crap that required assembly although no instructions were included. Even after I figured it out, it wouldn’t stay together so I’ve ordered a real car charger and will pass on the real-time traffic service.

FM Receiver Car Charger

Update: Garmin support didn’t understand why it was in pieces until we realized black piece above was broken and they sent me a new one immediately. I was very impressed with their tech support (Joshua K) who even took the time to make a video with his cell phone on how to put it together.  Needless to say I’m very happy with this level of support.

Update: (11/2008) My daughter had a problem with her 11 month old Garmin unit. She contacted customer support and they replaced it, no muss, no fuss.

At first Battery life was also a disappointment.  Garmin’s online chart claims up to 5 hours but my battery warning comes up after two hours of just sitting on my desk. The kind folks at Garmin did have a simple explanation.  I should turn off Bluetooth and reduce the screen brightness which I admit was set much higher than the default. I had the screen up to 80%.  By turning it down to a still very visible 30% my battery now exceeds 5 hours even with Bluetooth enabled.

I’ve read a number of reviews from folks complaining about the accuracy of GPS units. I’ve discovered this can happen with the Nuvi as well but only when it first boots up.  The Nuvi remembers the last location you were at and until it finds enough satellites, it can have you driving through a field. The directions for driving around my small upstate village has a few issues but nothing that couldn’t be fixed with a map update.

Points of Interest work very well on the Garmin.  You can input where to go with very few touches. I love that the list of points in any category are automatically sorted by distance. The information was really good although they did include a restaurant that burned down 8 years ago.

The hands free Bluetooth was one of the reasons I chose the Nuvi 760 and I’m impressed. Once you pair up your cell phone it’s automatically detected and you’ll see a phone icon on the screen.  This is essential if I expect my wife to use it. Points of interest are automatically included as an address book for the phone so making calls is easier than any phone I’ve had. I’m actually considering using the Nuvi as my phone interface inside my house as well.

Ultimately, I’m very happy with the 760. (Thanks Steve) The screen is extremely easy to read and interface requires minimal touch. Even if I already know my way, having the arrival time feature is a great plus. Thanks to friends on Twitter I’ve also found a great site to compare GPS units. If you’d like more info on any unit check out http://www.gpsreview.net/

Top Ten Reasons to Try WinPatrol Again

 

Fathers Day, WinPatrol PLUS Special

Happy Fathers Day Weekend

It’s looking like a great Fathers Day weekend for me and I thought I’d show my support to all the other Fathers out there by providing a $10 off coupon for WinPatrol PLUS.

Good today and tomorrow, you can use the coupon code “DadRocks” if you’re ready to upgrade to WinPatrol PLUS.

Upgrade at the WinPatrol Store

WinPatrol Store

If you choose to purchase using PayPal, just include the coupon in your comments or Email support at WinPatrol.com and you’ll receive a $10 rebate.

 

Things Microsoft Did That Made Me Happy

I was very surprised recently when someone suggested I hate Microsoft. They had read my comments about Vista and auto updates and actually thought I might be a closet Mac lover. I don’t currently have a Macintosh but I have in the past.

I’ve spent a portion of my career working on products in both Cupertino and Redmond and still cherish my old project t-shirts. I’ve been a Windows programmer since Windows 3.0 beta so I’ve seen some great ideas come from Microsoft and I haven’t been shy of pointing out the bad ones. Over the years Microsoft has done many things that made me very happy so today, on the day of big Apple news, I’ll tell you a few of my favorites.

Standard Cut/Copy/Paste
You might say Microsoft stole the standard Copy/Copy/Paste standard from Apple but it’s not like Microsoft didn’t already have it implemented. They just made the decision to follow a reasonable standard. DOS was using some weird horrible combination of Insert/Delete and other keys that nobody could ever remember. Apple used the “Open Apple” key plus X-C-V for cut-copy-paste. Windows went with Ctrl X-C-V. Microsoft didn’t have to change but they did.

My Documents
I’m sure I’ve made fun of the My Documents and other “My” folders but it solves a serious problem. One of the biggest issue new users have always had was “Where did I save that file?”. Putting all the documents in one folder may get crowded but for novice users it’s a lot easier to find and is so much better than saving everything to the desktop.

Visual Basic
Anyone with a desire to be a programmer was suddenly able to create professional looking applications with just a little instruction. Professional programmers were able to create programs in a day that normally required months. I still use Visual Basic when I need a quick utility to process data.

Admitting Failures
You might not think so but Microsoft has an admirable history of giving up on bad ideas and admitting they were wrong. In the time I spent working at Microsoft I saw a number of projects killed. Examples include, an online replacement for HTML code named “Blackbird”, a video on demand service code named “Iceberg”, WinPad Handheld PC, the predecessor to Windows CE/Mobile and one that actually made it to market, “Microsoft Bob”.

International Localization
Microsoft made key decisions to launch Windows world-wide and make sure localized versions were available. While the US is still trying to figure out the metric system at least we have a standard operation system used globally. I can’t even begin to stress how important this is and how much it’s probably taken for granted.

So, what did Microsoft do to make you happy?

Is Vista Really More Secure?

First, I’ll admit as much as I’d like to be, I’m not a fan of Vista. I do find myself saying that Vista is more secure and that’s not a bad thing. I’ve noticed that most people associate the increase in security to User Account Control. There’s actually more to Vista security than UAC.

Everyone loves to hate User Account Control because it’s so annoying. Ars technica recently referred to WinPatrol as being UAC for Windows XP which motived me to create some new annoy-proof features. (Coming soon). I was pleased to see that even Vista evangelist Ed bott recently wrote “How Microsoft can fix UAC”. Ed pointed to comments by Sunbelts Software’s Alex Eckelberry who shares my own “cry wolf” fears with UAC. “Since over 80% of all infections are based on social engineering, the popups should focus on that weak point.”

Social engineering is when users are tricked into doing something and end up installing malware that they never wanted. I’ve mentioned many examples of social engineering but my favorite is the hacker who would leave a floppy disk with a virus/worm on it laying around at a company he wanted to infiltrate. On the label of the floppy disk, he hand wrote the words “Employee Salaries”.

Since social engineering isn’t addressed in Vista, is Vista really more secure?

Symantec recently published a number of papers on Vista security. While their work was balanced they weren’t shy pointing out some problems. For instance, most of the code that makes up Vista includes a compiler feature called GS Stack Protection which prevents a popular hack called “Buffer Overflow”. According to Symantec researcher Ollie Whitehouse “~150 binaries under the C:\Windows directory that do not contain GS protected code.”

According to AV-test.org, UAC stops many rootkits from being installed, and I know Microsoft takes these infiltrations seriously. One of my friends at Microsoft once told me, “They(root kits) scare the bejebers out of us”. Kernel Patch Protection prevents programs from hooking into the guts of Windows and is critical in the prevention of root kit infiltrations. Unfortunately, KPP only works with Vista x64 and breaks attempts at protection from many other security vendors. Thankfully, it’s not a problem for WinPatrol.

Microsoft also considers Windows Auto Update to be a security feature. They recommend users allow auto updates and when new security patches are available on Tuesdays, Windows users are automatically saved from possible threats by newly discovered vulnerabilities. If you’re a regular Bits from Bill reader you’ll know how I feel about auto updates. They’re just plain evil.

Vista Ultimate includes a feature called BitLocker. Essentially, this feature encrypts all data stored on your hard drive. This method has already been hacked by researchers at Princeton and sadly reminds me how much success I had with early Microsoft disk compression. I’ll pass for now.

Microsoft’s Strategy Director Jeff Jones recently published his “Windows Vista One Year Vulnerability Report” and the results show “Windows Vista has an improved security vulnerability profile over its predecessor.”

• Windows Vista had 30% fewer Security Bulletins than Windows XP
  
• Windows Vista had 20% fewer vulnerabilities than Windows XP
  
• Windows Vista had 28% fewer Critical and Important vulnerabilities than Windows XP
  
• 26 vulnerabilities on Windows Vista are less severe for any users running as standard user.

So, it appears for the 20% of non-Social Engineered vulnerabilities Vista has an advantage. Unfortunately, it’s still not enough for me. As long as any vulnerabilities are being found I’ll continue to be on watch using my favorite protection programs.