Click here to view current Bits From Bill posts Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Thursday, April 10, 2014

April Security News is Serious

Many of my friends have been asking for my opinion of a couple security issues which have been in the news.

The first is Windows XP which was launched in September of 2001. Microsoft announced last year that after April 8th, 2014 it would no longer provide support for Windows XP and Office 2003.

The second concern is for something known as HeartBleed. This could be dangerous to anyone who visits a website no matter what kind of device you use.

Microsoft Windows XP
I realize that many of you can not or will not upgrade your computer currently running Windows XP.  It may not happen today or even next month but it’s only a matter of time before your computer is infiltrated and is useless.  Start putting aside some money, backup your data regularly and look for alternates to programs you can’t do without.  I’m sorry but it’s only a matter of time.

If someone on your home or business network is using Windows XP, turn off their access. When their machine is attacked it will compromise your entire network.
mifihotspot[8]

If they really need Internet access consider getting them a separate connection perhaps through their phone or with a separate hotspot.


Many of you asked about using WinPatrol which is a great idea but doesn’t address the big picture. The security guru’s at Microsoft spend a lot of attention on flaws or vulnerabilities in software.  When they find a hole that lets hackers in, they create a patch. After a great deal of testing they release fixes on what we called “Patch Tuesday."

WinPatrol will continue to notify you of regular changes to your computer but the ability to patch vulnerabilities isn’t its specialty. What I will be doing is paying attention to what I hear from hackers. When possible, we will notify WinPatrol users if a particular file or ActiveX component is found to have a vulnerability. WinPatrol PLUS will allow you to disable ActiveX components by setting their Kill Bit. This is the most we can do and will require quick action.

OpenSSL - Heartbleed
On Monday researchers disclosed a serious flaw in a open source program used by almost half the web servers around the globe. A version of the program called OpenSSL allowed hackers to grab a chuck of recently active protected memory.  This memory could contain anything from names and passwords to someone’s grocery list to decoded government or industrial secrets.  Any kind of data that is communicated could be snatched. After collecting unlimited chucks of data a hacker could make a game out of figuring out what segments could be valuable. Each chunk was 64K like the total addressable memory of the Commodore 64.

Some media outlets like the BBC have repeated the advise to change every password you have. There is no trustworthy list of up-to-date/time safe computers but a list created yesterday claims to have tested 10,000 popular sites. Most have been updated by now but you’ll want to be sure before changing any password or even signing on.  An updated list should be available soon.

A number of tools for consumers have sprang up allowing you to verify in real-time if a website is currently safe. I found the following to run my own tests.

 

heartbleed
Click image to test your favorite site

My web sites have been hosted by the company, Verio and I was pleased to see my information was safe It doesn’t mean it was always safe but if not, at least Verio was quick to apply a fix. I can confirm no personal or financial customer data is stored on our web servers.

I wouldn’t necessarily advise you to change all your passwords. Before you do, you’ll certainly want to be sure the company is aware of Heartbleed and has updated their security.  Over 56.8% of the companies on the list of 10,000 are listed as safe because they don’t even use OpenSSL.  Another 36.9% tested safe yesterday. That leaves only 6.3% were vulnerable when the news was announced.

I have changed some of my more important passwords but I regularly changes passwords anyway. I did change my Yahoo passwords since they were mentioned in many news reports and acknowledged using OpenSSL.  Considering Google was involved in disclosing this bug it’s interesting that Yahoo was used as an example. Many friends of Google were notified so they could update their version of  OpenSSL before the information was made public.


While you may notice my tone is not meant to create panic, I personally consider this failure as devastating. I started developing online services for consumers 30+ years ago and this is the “utmost cock-up”.  I don’t fear the damage caused by this threat as much as I worry about what this general lack of  oversight represents.


You can find more details online from our favorite security investigator,
Brian KrebsonSecurity  and official reports sponsored by Homeland Security on the Carnegie Mellon CERT database.   The list of 10,000 is located at
https://github.com/musalbas/heartbleed-masstest/blob/master/top10000.txt

Labels: , , , , , , , , ,

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit


Monday, December 22, 2008

Is Google Still the Best Search?

As a Microsoft MVP I was asked to just try Live.com for a week and report back to Microsoft. What I discovered surprised me. In May 2007, I wrote about testing Ask.com. In October 2007 I did some extensive testing of Yahoo Search. So I thought it was time to update my impression of various search engines.


Search Habits
I discovered that I never go to a main search page like Google.com anymore.  That means I miss what ever cool Google logo has been created for the day. The main Live.com has nice color photo background which changes daily but I guess I’ll never see that either.  Live.com does provide some mouse-over links relative to the image which is nice.


For the last couple years I found myself just using Google toolbar for my search. I’ve actually been using Google’s Chrome most of the time so now I just type my search directly into the address bar and voila. So good bye to toolbars and sayonara to main search pages.


Search Results
Using my traditional search, the Pytlovany Test Live Search didn’t score to bad.  For years I’ve been able to test search engines by using my last name because it’s so unique it has always worked well. 
Live Search reported it found 4,710 results
Google reported “about 5,720”
Ask.com now reports 1,330
Yahoo claimed the most with 32,500 pages in English. I didn’t get a chance to check them all out.


Search Value
Typically, I never go  past the first page of displayed results so the number of pages found becomes less important. I was surprised to see that Ask.com cleaned up their results so it no longer included a lot of the bogus sites they used to list. I started to test other search terms and Ask.com failed again. Live.com and Google both provided the best results in the way of relevant pages.


I did notice one big change in Google from previous tests and other search engines. They now seem to give more weight to the social Web 2.0 sites like Facebook, LinkedIn and even Twitter. 


Danger of Ads and Related Sites
Google and Live.com did best in presenting related ad based sites. Yahoo and Ask.com failed and displayed sites that are either dangerous or use keywords of their competitors to steal your business. I could still find some questionable ads on Google and Live.com so they both need to spend more resources on reviewing their advertisers.


Like Google, Live.com has been introducing some special features that will help bring on new users but as expected Google still maintains its hold on the search market. According to my most recent research Google still holds over 65% of the search market.  Yahoo and Live/MSN are still doing their best to put a dent in this but Ask.com has all but disappeared from the stats.


You never know what how the market will flow so Google will need to continue to innovate. During the coming year it will be fun to watch and evaluate what Google and Microsoft come up with. I’ll also be keeping an eye on other unique search engines like the following…


LeapFish

Cuil 

Dizzler


Boogami


And for real-time information you can’t really beat Twitter Search


 

Labels: ,

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit


Wednesday, October 01, 2008

Fun on Google's Birthday

This week our friends at Google are celebrating their 10th birthday. In the tradition of the Hobbits, Google had decided to give us all a present in the form of their oldest available search index.


Click on http://www.google.com/search2001.html and you can go back in history to 2001 and see what kind of results were delivered by Google. Search on Sarah Palin and you'll find nothing. A search on Windows Vista won't bring many computer related items. An iPod was an Image Proof of Deposit Document System.


I often use my own unique last name (Pytlovany) to test search engines. On Google in 2001 there were 77 items found when I searched. Today, Google reports that are 5,500 pages that include my last name. In 2001, WinPatrol was mentioned on 371 pages.  This morning a Google search on WinPatrol shows well over a million.


What makes this really fun is that Google as partnered with archive.org so that when you click on the results there’s a good chance you can see what the resulting page actually looked like in 2001. Searching on John McCain or Joe Biden will give you access to many of their historic positions. There’s even a chat with John McCain on AOL.

Click on “View old version of the Internet Archive
Click on View Internet Archives


Here’s what our WinPatrol web page looked like seven years ago.


WinPatrol 3.0 in 2001


WinPatrol.com in 2001. Click for more


I’m told that Google 2001 will only be available for the month of October so use your imagination and see what fun you can have.


 


More screen shots:
Technologizer: Time Travel via Google


 


 

Labels: , ,

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit


Wednesday, September 03, 2008

Chrome Proves, No Future for Web OS

It’s far to early for me to actually review of the new Google Chrome browser but my gut still says this beta is huge news. Based on what I’ve read so far, the real news about Chrome is that it proves the concept of a web based operating system will never work.

Google Chrome Beta As a web browser I like Chrome. It’s lighting fast and in the typical Google tradition it has a simple UI. It has a plain appearance like the Google home page and it’s not overly cluttered with useless icons I’ll never use. Each tab is a separate process which is a natural step in the evolution of a browser into a desktop platform. I especially love how they’ve speeded up the execution of javascript which I use on many of my web sites.


So far, the most compelling articles you’ll read about Chrome are two topics which are diametrically opposed to each other, Web based applications and privacy.

While many may look at Chrome as just another browser don’t be fooled. It’s a direct attack at Microsoft and it’s control over the who sees what on the Internet and eventually the desktop.


eWeek’s Joe Wilcox writes…

“Chrome's threat to Microsoft is much bigger than Web browsing or a new Web-based application platform. For years, Google has encroached on Microsoft's most important territory: the Windows desktop. Chrome will be Google's best attempt yet to supplant the desktop.”


Computerworld’s Heather Haverstein wrote…
Google's Chrome aims to kill Windows, make Web the OS of choice


Even Google’s says

We realized that the web had evolved from mainly simple text pages to rich, interactive applications and that we needed to completely rethink the browser. What we really needed was not just a browser, but also a modern platform for web pages and applications, and that's what we set out to build.

This all sounds great until you read what people are saying about Chromes Terms of Service.

For instance…

  • When you type URLs or queries in the address bar, the letters you type are sent to Google so the Suggest feature can automatically recommend terms or URLs you may be looking for. If you choose to share usage statistics with Google and you accept a suggested query or URL, Google Chrome will send that information to Google as well. You can disable this feature as explained here.

  • If you navigate to a URL that does not exist, Google Chrome may send the URL to Google so we can help you find the URL you were looking for. You can disable this feature as explained here.

I tend to agree with CNet’s Matt Also who wrote:

The primary problem with Google's terms of service (other than the auto-update feature that Ina also points out) is that Google allows itself too much, and restricts itself too little. I suspect that Google will actually do none of the evil privacy-busting practices that many will accuse it of preparing. My concern is that this language is so broad that Google could, if it were so inclined, invade user privacy on a grand scale. The terms of service allow it. Only Google's best intentions prevent it.

Even if I trust the folks currently in charge at Google, what about the future?

Googles Matt Cutts counters in his post:
Preventing paranoia: when does Google Chrome talk to Google.com


As the beta grows I’m hearing more and more concerns about privacy. What if every character you typed in to your Word document was sent to Microsoft? This is an inherent nature of running application on the web.

I’ll admit my customers/supporters are a little more concerned with privacy than your average user but I hear daily from folks worried about someone having access to their data. I just don’t see a future where your data exists on some a remote server under someone else’s control.
My newest quote; “From my cold, dead hard drive”.



Chrome users: To access Chromes first reported easter egg, type “about:internets” into the browser.

Update: Easter eggs thanks to our friends at CloudEight

about:version
about:stats
about:memory
about:plugins
about:histograms
about:cache
about:dns
about:network
about:crash


Download Google Chrome here



Labels: , , ,

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit


Tuesday, September 02, 2008

Chrome Steals Headlines back from Gov Palin.

Google Chrome
First it was hurricane Gustav. Today it’s a new internet browser called, Google Chrome. Even with the shocking announcement of VP candidate Sarah Palin other news stories keep taking attention away from the Republic National Convention.


There’s no doubt that everyone will be talking about and evaluating the possible success of Google’s surprise entry into the browser wars. Google’s announcement came in the form of a comic book. Hopefully, it will be a more successful launch than the recent PR disaster from Cuil.


Chrome PR
Comic adaptation by Scott McCloud


At the time I post this, Google Chrome isn’t yet available for public download but according to the Google Blog it should be available today. I was planning on rearranging my office today but instead I’ll be reviewing Chrome and making any needed updates to WinPatrol so it’s completely compatible. WinPatrol v16 is almost ready for release but won’t be coming with its own comic book.


Google Chrome with built in malware fishing
Click Here to Read the Google Chrome Comic book


It will be interesting to see what people think about Chrome. Techies will be pleased that it’s open-source, but so far, no word on a Mac version. I know I’m a geek and this is exciting to me but I still think this is big news. It will be the talk of main stream news media and is definitely more news worthy than another pregnant 17 year old.

Read More/Chrome Easter EggsChrome Proves, No Future in Web OS

Update: Download Google Chrome


Labels: , , ,

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit


Wednesday, June 25, 2008

Google 5th Worldwide Most Infected Web Sites

In a report by StopBadware.org, U.S. based Google is ranked 5th in hosting sites which are infected “badware” or attempts to deliver what we commonly called Malware. The top four sites on the list are all based in China.


After analyzing 200,000 sites, the report found 4,261 infected sites hosted by Google which may be small compared to the 48,834 infected sites found on #1 Chinanet-Backbone.


The majority of the problems I’ve seen have been on Google based newsgroups and their blogspot Blog hosting service. Google has made creating a Blogspot account so easy that it’s easily abused. Due to spam filters I was forced to create a BitsFromBill.com domain to use in my Email signature. This address just redirects users to this page but when I included billpstudios.blogspot.com in my Emails’ many spam filters blocked me. Ironically, I first disovered this when an Email to a friend at StopBadware.org bounced back.


Now here’s the twist. Google.com is a major sponsor and a one of the founding sponsors of StopBadware.org. I give them a lot of credit for helping to make this report available. Google has made an effort to take down malware sites as quickly as they can but it’s daunting task. Obviously, they still need to re-evaluate some of their procedures.


Labels: , ,

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit


Monday, January 21, 2008

How to "Fix" Advertising Keywords

I’ve often been asked why I don’t advertise WinPatrol and attract new PLUS customers using Google adwords or other online methods. Unfortunately, there’s competition for prime advertising space and since most folks use the free version of WinPatrol I just can’t compete.

Here’s an example of other companies taking advantage of our good name in their own advertising. When they bid for keywords like WinPatrol I don’t stand a chance. Ironically, the following ads show up when I go to my LinkedIn profile.

Google Ads found on pages that mention WinPatrol
Not sure what they claim to fix in WinPatrol


All the Google ads I’ve found seem to point to the same company although though they have multiple websites. I’m not familiar with the company that makes the RegCure program but it appears they use some heavy handed tactics to encourage users to pay for their software.


RegCure Website that claims to Fix WinPatrol
From one of multiple RegCure websites

There seems to be some debate online as to if RegCure is a “Rogue” application. When I searched for reviews on RegCure I found a number of websites that pretend to be review sites but just want to sell you RegCure or some other program owned by the same company. I can’t say they’re doing anything wrong other than annoy me but this kind of behavior sure is suspicious.

If you need to “Fix” WinPatrol just Email support and I’ll make sure you’re treated well and there won’t be a charge.


Labels: , , ,

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit


Saturday, December 29, 2007

Winter.exe comes in like a Lion

Earlier this month I started to see an increase in requests for a file name Winter.exe. I didn't have a good feeling about this filename and our follow up research proved I was correct. Our friend Temerc has a good write up on this infiltration at his forum, Temerc Internet Countermeasures. The other exe’s that appear to be included are infos.exe, autos.exe and a few randomly created filename. Fortunately, they all show up in WinPatrols’ startup programs list. The filename bronto.dll showed up in our IE Helpers list.


Google has done a good job at making it easy for people to create Blogs, but in many ways, it’s too easy. A huge number of Google Blogspot, blogs are being created and have become host sites for this file and other malicious programs. I wrote earlier his month that Spamhaus was blocking any Email which included a Google blog in the content of the message. This was a dramatic step but has proved to be necessary.


Trend Micro is referring to these blog traps as “Poisonous Blogs”. There are a number of ways you might get to these blogs including…

  • A link to the Blog is included in a teaser Email.
    (Typically, it’s a greeting card, free product, drug or naked celebrity. This week we’ve frequently seen what claims to be video of Bhutto’s assassination)

  • The blog might show up in a typical Google search.
    (These sites are too new to be validated by programs like SiteAdvisor)

  • You click on the “Next” button on a Blogspot site.
    (This feature is disabled on Bits from Bill)

Our friends at SunbeltBlog have also written about this topic and show how easy it can be to run across these blog traps. Alex at Sunbelt provided some good screen shots and stresses how video “codec” scams are frequently used as an malware entry point.

If you see a message that says “You need to download new version of Video ActiveX Object to play this video file”, run away! Don't press cancel or even trust the red close box in the corner. Press Ctrl-Alt-Del and look at your list of processes. Select your browser( iexplore.exe or firefox.exe) and click on End Process.

Labels: , , , ,

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit


Thursday, December 13, 2007

Spamhaus Blocks Google Bloggers

Like many others, I’ve always included a link to my Blog in my Email signature. Apparently, it’s not always a good idea. If you’re a Blogger who uses BlogSpot (and you include a link in your signature) some folks may never see your Email.

I recently tried to respond to a friend at Harvard’s Berkman Center for Internet and Society only to have my Email bounce back. Apparently, my blog is listed on the Spamhaus Block List.
When I checked the link included in the bounce I read the following…

Google's blogspot.com - seeming endless abuse (HerbalKing)

I wrote to Spamhaus and received the following reply.

Harvard is trying to protect their users from the tens of thousands of blogspot.com URL's set up by spammers in just the past month.

We advise all users to consider emails with blogspot.com links in them as probably spam. Your emails include your non-spam blogspot URL. Sadly, on the same IP address is the tens of thousands of spammer URLs.

Until Blogspot (Google) can come up with a solution to the abuse, we'd advise you to use tinyurl.com or easyurl.com to "mask" your blogspot.com link when included in emails.

--
Regards,

John Reid
The Spamhaus Project
http://www.spamhaus.org/

I personally think Spamhaus is being a little heavy handed but that’s why I don’t use any auto spam filter. By the time I publish this, HerbalKing and other spammers may be including Tinyurl links in their spam. This could potentially kill Tinyurl.

Luckily, I recently registered “BitsFromBill.com” and can use that domain to redirect folks to my Blog. This may not be an option for other BlogSpot/Blogger.com users so you may want to review how you sign your Email.


Labels: , , , ,

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit


Friday, November 30, 2007

Searchland Security Advisory High

If you haven’t gotten around to updating your anti-virus software and/or installed the newest Windows update patches the time is now! In the last few weeks our users have reported 3 times the normal number of malware attempts.

One new approach is to bomb search engines with malware sites. Google and others have been cleaning up their results as quickly as possible but it’s an ongoing battle.

HEADS UP: More Google poising on the way? SunbeltBLOG


Malware Advisory


If you think the search engines are in the business of filtering out the bad guys you would be wrong. Even some paid advertising was recently found to send folks to malware sites. They do their best to keep you safe but that’s not really their responsibility.

The bottom line is you need to take steps to stay safe. Here are just a few timely tips.

  • Update Windows
    One of the most common entries into your system is a well known vulnerability you’ll see referred to the IFRAME exploit. Microsoft has corrected this problem and as long as you’ve installed all the Windows Update patches you’re better off.

  • Don’t download that CODEC
    A popular trick to get users to download files is to make you think it’s required. It doesn’t have to be a video of a naked Brittney. It could be a video of a cute kitty but if it says, you must install this codec before viewing the video, STOP.

  • Your computer is not a “potential Spyware operation”.
    Don’t fall for a pop up that says your computer is infected. Even if this is true any web page that detects this without you asking is a scam. You’ll end up with is Rogue Anti-Spyware software which will exhort a payment from you before giving you control of your own computer. If you want security software go with a known company.

  • Disconnect your computer at night. (New)
    Turning off your computer at night has long been debated within the computer industry and I won’t get into it now. I will advise at the least, disconnect your computer from the Internet when not in use. Even if you think your computer is clean you could may infected and your computer could act as a “bot”. You’re also at risk to be infected by some vulnerability like MSBlaster that hasn’t been made public yet. If everyone got in the habit of turning off the internet when not in use it couldn’t hurt.

Labels: , , , ,

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit


Friday, October 12, 2007

Rumors About Google, NBC, Microsoft

Ever since I started to Blog I’ve been the recipient of plenty of news tips and rumors. Most are easy to spot as some kind of hoax or as viral marketing. Some are so juicy I really want to write about them but without verification I’d rather not look like a jackass.


Occasionally I get tipped off and it turns out to be true. It wasn’t long ago that someone told me that the security company Webroot had made a deal with IAC to distribute the Ask.com toolbar with their Spy Sweeper program. I considered that one to be really stupid yet it turned out to be true!


Sometimes the rumors are almost true. Earlier this year I had a reliable source tell me that Microsoft was working on various plans for ad supported software. One idea included the sponsorship of Windows Updates. Can you imagine who many people would view the ad? The next week I almost panicked when Microsoft announced they would be acquiring advertising firm aQuantive Inc. Luckily for all of us the tip wasn’t true. (Yet)


This week I received another fun tip. A friend with General Electric informed me that Google was in talks with GE to purchase NBC Universal. Immediately, I had memories of AOL’s purchase of Time Warner. Googles net worth on paper could actually make the deal possible. I wouldn’t bet on this one but it’s still so fun to imagine so I included it in today’s post. I’ll probably wait until I hear it from Jay Leno before I believe it.

Thanks to all. Keep ‘em coming.



Labels: , , , ,

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit


Tuesday, October 02, 2007

Yahoo! Surprises Me with Improved Search

Three months ago I spent some time researching the major search engines and concluded that Google remained the best search engine available. (More Info). Recent ratings have also showed that Google leads business of Internet searches. Yahoo! Inc has announced new search enhancements including something called “Search Assistant”.

Press Release

"The new Yahoo! Search is focused on getting consumers the most relevant information as well as providing the best user experience. We know that consumers want a complete answer, not a bunch of links, and the changes we've made are focused on getting people to the best answer -- whether it be a Web link, photo, video or music clip -- in one search," said Vish Makhijani, general manager and senior vice president of Yahoo! Search.

Unlike Ask.com who tried to lure new users with an expensive ad campaign about its algorithm, Yahoo! actually improved their search engine. Using my traditional “Pytlovany” search test the results from Yahoo! improved since early summer and now exceed the results from Google. For now, my testing is preliminary and I have found at least one invalid result but this appears to be a big step for Yahoo!

I’m not sure if Yahoo! has raised the bar on search technology but they appear to have grabbed onto it. This should cause the folks at Google to focus a little more on enhancing their search advantage. While both companies have diverse offerings, search is still the entry point to their business. I expect we’ll be hearing more about the “Search Wars” in the future.

Update: A little more research shows that Yahoo! may have put the cart before the horse on their new search technology. I found that while they may have increased their search results, Yahoo! fails to properly screen out some potentially dangerous sites. While my Safe Search options were set to “Filter out adult Web, video, and image search results” it didn’t work. I was sent to a couple sites with porngraphic videos asking me to download ActiveX files to view the video.

While some make argue this is not their responsibility safe searching is one enhancement even Google could improve on.


Labels: , ,

Share
WinPatrol 2014 - Free Download

Microsoft Windows 8.1 - Full Version

Windows 7 Professional SP1 64bit