Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Friday, March 31, 2006

You Read It Here First

I decided recently that I wasn’t going to try to be the first to report breaking news in this Blog. While it’s very exciting to be the first but I’m not sure Blogs were ever meant to the source of breaking news. As a new comer to the Blogsphere it’s taken me 6 months to realize Blogs are great for commentary and entertainment but should not always be the best source of new bulletins. Subscribing to a news alert service is a far better choice if you want to be the first to know. Blogs should contain well researched and well thought out information.

I guess I’m heading in the right direction. One of the best known Bloggers, Robert Scoble recently admitted he was human and made mistakes in recent log postings. Scobleizer kinda lost it after all the Blogs,(including this one),  linked to a story about Microsoft re-writing most of its WindowsXP. While Microsoft may not be re-writing 60% of its code things aren’t rosy in Redmond and Scoble won’t be able to fix things by himself.

Another good example is the author of “Ramblings of a Computer Guru”.  The Guru reported on the new Anti-Phishing initiative by Sunbelt Software and ComputerCops.com called PIRT.  He questioned PIRT’s motives, legality and methodology. After actually finding out what PIRT’s methods were he took back his previous post and now says PIRT is Wonderful!.

Anyone who knows the folks behind PIRT knows there’s an excellent chance this effort will make a difference. Paul Laudanski put it best when he commented…

“Unlike other companies that are paid to take down phish for clients, we do it for free for everyone because we're all one big family on the Net.  I don't want to see my mom fall prey to phish just like the next guy, so we're all professionals working with teams around the world with the same cause: terminating phish.  Why?  Its our passion, to do the right thing.”

If you think you have passion and would like to volunteer, get more information at  http://wiki.castlecops.com/PIRT.  Fry your Phish at http://castlecops.com/pirt

What is Phishing?   Click Here

Share on Facebook


Wednesday, March 29, 2006

Internet Explorer 7 Beta 2 Add-ons

IE 7 Beta 2 Review Part 1
This isn’t really a full review but after using IE 7 beta 2 for a couple weeks I can comment on some changes.  First the most important issue for many folks is going to be Internet Explorer Add-Ons or IE Helpers as WinPatrol calls them.   I can tell you about the ones I use and welcome comments from other IE7 users.

  • Google Toolbar  BHO/Toolbar (Compatible but harder to access most features)
  • SiteAdvisor  BHO/Toolbar (Works OK)
  • ieSpell Extension (Works OK)
  • Local Website Archive 1.15e Extension (Load worksAdd Fails)
  • Adobe Acrobat BHO/Toolbar (No longer works.  Only shows when viewing 1st tab)
  • BlogJet Extension (Works OK)
  • Epson Web-To-Page BHO/Toolbar  (No longer works.  Only shows when viewing 1st tab)
  • HP/Veritas/Sonic DLA BHO (No idea why this is installed as an IE Helper)
  • Researcher Extension (Disappeared)

Overall, I’m pleased. I depend on the top three items everyday.  I really do miss being able to add pages to my “Local Website Archive”. 

The Acrobat feature that broke isn’t the ability to read PDF file. It’s the feature that comes with Acrobat Professional that lets you convert the current web page into a PDF document.

The Epson Web-To-Page helper functionality is now included in IE although most web sites still suck at formating their data for printing.

Share on Facebook


Monday, March 27, 2006

Dual Tuner TiVo Series2

Amazon has added a New TiVo Series2 Dual Tuner 80 Hour DVRto their database although it's not yet available to order. It claims that TiVo has finally given us one of the most commonly requested features.
  • Record shows from two basic cable channels, or one basic cable and one digital cable channel, at once

So, it still can’t record two digital channels and no report of CableCard support.
Engadget.com has posted the following photo in article today.

TiVo Dual Tuner

Disclaimer: BillP Studios holds some investment in TiVo Inc.


Click Here to Pre-Order
If you do get a new TiVo, tell them BillP@aol.com referred you.

Share on Facebook


"Take Care" ZeroDay Vulnerability

Last week most of our Blog friends reported on a new ZeroDay IE vulnerability that is related to a scripting call “createTextRange()”.  Microsoft confirmed this problem on March 22nd and recommend users might want to turn off Active Scripting. 

March 25th, Microsoft released additional data on what systems were vulnerable. The Microsoft Security Response Center Blog also had this brilliant advice…

“I want to caution everyone that they should take care not to visit unfamiliar or untrusted Web sites that could potentially host the malicious code.”

I do believe Microsoft when they say, they have been working on this day and night.  No update was available today but Microsoft did take the opportunity to promote the Windows Live Safety Center.

According to an alert from WebSense Security Labs, over 200 unique URL using this threat have been found.

For the latest on Security Advisory (917077) Click Here
March 28, 2006 Advisory updated with information regarding additional security software protections, current limited scope of attacks, and the status of the Internet Explorer security update

Share on Facebook


Friday, March 24, 2006

Microsoft on the Edge

I can’t imagine what the Microsoft campus is like these days but they have my sympathy. The announced delay of Windows Vista was certainly a bummer. Vista originally planned to ship 2003.  According to Australian based SmartHouse, “60% of Windows Vista Code To Be Rewritten.”  Making Windows a multimedia savvy machine has always problem for Microsoft.  Early multimedia attempts broke features like power management. Windows ME caused many more incompatibilities. It’s not an easy task to make plan years ahead of time when the multimedia landscape changes every 4–6 months.

Adding insult to injury Microsoft also reported Office 2007 will be later than announced but will be available to business customers in October 2006.

Meanwhile, new security patches are being called for to fix a recently exposed flaw in Internet Explorer 6. Folks online have been publishing how to use this exploit in a scripting object called, “createTextRange”.  Web sites have already been found trying to exploit the flaw and infect users.  As of today, no patch exists from Microsoft or third parties  Microsoft says “Our initial investigation has revealed that if you turn off Active Scripting, that will prevent the attack as this requires script.” 

Microsoft has long been accused of taking good ideas from other products and integrating them directly into the Windows. As they’ve done this, the growing complexity of Windows has created  2–4 year delays in new releases. Microsoft could have easily competed with many companies by creating their own separate product lines. Instead they killed off competitors and shot themselves in the foot along the way.

Share on Facebook


Thursday, March 23, 2006

Full Pay & Benefits for forum volunteers

Are online forum helpers volunteers or employees?  This is a discussion that goes back over 20 years. In 1999 a group of chat room helpers filed a lawsuit against America Online requesting employee status and rights.

AppleLink Personal Edition
AppleLink Personal Edition (pre-AOL)

Tuesday, District Judge Kevin Duffy rejected Time Warners request to dismiss a lawsuit which could affect over 12,000 former AOL online helpers and cost tens of millions of dollars. The primary litigants in this case are named as Ann Johnson, Pamela Spencer Johnson, Kelly Hallissey,and Donald LoweWikipedia also mentions a Brian Williams. The Department of Labor dismissed this case in 2001 but apparently it continues on.

While AOL may not have a lot of fans in current online forums, this is one I hope is successful for America Online and Time Warner.  Community Leaders at AOL deserved much more than they received but they knew from the start what they were agreeing to.  Many web sites online would not function without the help of dedicated volunteers who ask nothing in return.  If the courts decided they were all employees eligible for minimum wage many sites couldn’t afford to stay online.

It doesn’t look like a possible win in this suit has been taken too seriously.  Most news organizations haven’t picked it up and it certainly hasn’t affected trading of Time Warner Inc.(NYSE:TWX) 

Share on Facebook


Wednesday, March 22, 2006

Kazaa is Badware

According to StopBadware.org, peer-to-peer fileshaing agent Kazaa from Sharman Networks tops their first list of "Badware".

“We find that Kazaa is badware because it misleadingly advertises itself as spywarefree, does not completely remove all components during the uninstall process, interferes with computer use, and makes undisclosed modifications to other software..”  
Specifically, it includes the following Badware behavior.

Today’s report is the first to be released by the “Neighborhood Watch” campaign led by Harvard Law School's Berkman Center for Internet & Society and Oxford University's Oxford Internet Institute.

Other Badware reports issued today include

For a full report in PDF format, click here

Share on Facebook


Santa stocking up on TiVo's and Mac's

It’s only March and already the retail landscape for this years Christmas shopping is being defined.  Computer manufacturers were hoping Windows Vista would be available and be the reason for new computers to be on everyone list to Santa.

When Microsoft announced Vista would slip until January Wall Street immediately punished computer manufacturers with lower expectations.  One potential winner may actually be TiVo. Some analysts saw Windows Vista, with CableCard™ support for HDTV, as a competitor to TiVo’s Series 3 system. The new HDTV TiVo is rumored to be available in September.  It may also give Apple an opportunity to capture a little larger sliver of the desktop market.  Both stocks have gained in early trading today.

Apparently, some of the eight versions of Vista will be available as early as November but the more consumer oriented systems including  Media Center machines won’t be available until January.  As someone who remembers the nightmare called Windows 98 Media Edition, I hope they wait as long as possible to be sure they get it right.

Meanwhile, computer manufacturers should starting looking at what holidays might encourage sales in China, India and other growing international markets.

TiVo GuyDisclaimer: BillP Studios holds some investment in TiVo Inc.

Share on Facebook


Tuesday, March 21, 2006

Phishing for Chase Bank Credit Cards

For some reason this weeks big phishing party is looking for Chase Bank members. Since I don’t have any accounts at Chase Bank it’s an obvious fake but I’m sure some folks will fall for it.  It did give me a chance to try Internet Explorer 7’s new phishing controls.  The “Beta 2 Preview” of IE7 was released yesterday and I’ll tell you what I think later this week.

Phishing Controls in IE 7
Click for full size.

Even though I feel obligated to download and review the latest preview of IE 7, I still wouldn’t recommend the average computer user ever download beta or preview software.  Luckily, there’s another new tool in the fight against phishing that I expect to be announced later today.

 

Share on Facebook


Monday, March 20, 2006

Advertisers funding Spyware

The Center for Democracy and Technology has released a new report called Following the Money: How Advertising Dollars Encourage Nuisance and Harmful Adware and What can be Done to Reverse the Trend. Many of the other Blogs I’ve read today(listed on the left) have already reported this news and have been exposing the names of companies mentioned in the report like NetZero, eHarmony, NetFlix and Club Med.

This report is a follow up to an earlier FTC complaint filed by the CDT against 180solutions Inc. The report presents a good model on how legitimate companies can easily end up advertising with illegitimate adware vendors.  I was a little disappointed that the report did not include the full company list. Even though they were negligent, some companies brave enough to response weren’t exposed.

One of the consultants on this report was spyware crusader, Ben Edelman .  If you’d like even more information on how the report was created and see some screen shots, Click here.

Share on Facebook


Windows Vista, As Seen on Oprah

Sometime this year, Microsoft’s marketing machine will start its effort to convince users they should upgrade to the new Windows Vista operating system.  We’re starting to get more hints on how Microsoft will approach this big sales push.

In the past, Microsoft used a unique approach to sell their new operating system. At New York City launch of Windows XP Bill Gates explained how Windows 98 was flawed and even demonstrated to the audience how easy it was to get the dreaded Blue Screen of Death. The premise was, upgrade to our new version because our old version really sucks.
The only thing that drew more laughs was when host Dana Carvey tried to get the girl signing the event to come up with sign language for “Monkeys flying out my butt”.
Monkey Sign Language for the Deaf

Microsoft has figured out that security and privacy are big user issues so Vista is already being promoted as the ultimate way to be secure while connected to the Internet.  You won’t hear them discussing improved performance because their new security comes at a cost. Stunning new graphics are also catching peoples attention, but again, these new graphics come with a cost to your system performance.

In a change on its typical strategy Microsoft will be raising the profit margin given to retailers who sell Windows Vista. This will motivate stores to do their own advertising and promotions to sell as many Windows Vista boxes as they can. 

Unfortunately, this means more aggressive tactics. Since most resellers have affiliate programs we can expect more spam and more malware designed to steal away the royalties from the sale of Windows Vista.  Who knows, we could even see ads for Microsoft Vista in free products from Claria or spam with the subject line, “Windows Vista, As Seen on Oprah”.

 

Share on Facebook


Friday, March 17, 2006

Symantec Update Blocks AOL

I never intended to create a Blog about flawed updates but they seem to keep on coming. Today, BetaNews.com released a story about a faulty update for users of Norton AntiVirus and Norton Internet Security.  Seems that their last update mistook AOL traffic as malicious and is blocking users from reconnecting.

Error messages include:
Lan connection lost
TCP/IP has lost the connection because network subsystem has failed


Symantec recommends AOL users run LiveUpdate and download all available updates. Ummmm… This could be a real problem.  If AOL users can’t get online, how will they receive the update?

Share on Facebook


Tuesday, March 14, 2006

Take the Spyware Quiz

I’ll bet you’re pretty good at picking out Email that is fraudulent but what about web pages?  Can you tell a dangerous website just by looking at it?

SiteAdvisor has posted a quick and nifty Spyware Quiz with eight questions.

Go to http://www.siteadvisor.com/spywarequiz and see how you do.

When you’re done, check out SiteAdvisor’s Plug-in for Internet Explorer and see how it can help keep you informed.

 

Share on Facebook


Monday, March 13, 2006

AutoUpdates are Evil

Auto Updates of Windows has been the topic of I’ve covered before but I doubt its one that will go away. This week we have two interesting stories related to automatic updates.

Update breaks Windows Media Player
According to PC World recent security updates may cause problems with Windows Media Player.  “Users who have applied the patches may experience problems when seeking, rewinding, or fast-forwarding files”  I’ve been suffering from a weird Media Player DRM issue but doesn’t seem to be related.

DRM Error
Unlike Windows Movie Maker, at least I could find how to reinstall Media Player via Add/Remove Programs.

Update breaks Microsoft Excel
I used to say, “Well, auto-updates of virus definitions are probably still a good idea”.  Now McAfee has demonstrated that even virus definition files can be evil.  On Friday, McAfee customers discovered they could no longer use Microsoft Excel. The new virus definition for W95/CTX went through Microsoft Office and quarantined Excel.exe and Graph.exe.  It also found a problem with Adobe’s AdobeUpdateManager.exe. While removing AdobeUpdateManager wasn’t a bad idea, I’d be a little annoyed if anyone removed my access to Excel.   More from CNet, Click Here.

According to the Washington Post, Brian Krebs,

“The files identified by McAfee as malicious included excel.exe (Microsoft Excel) and gtb2k1033.exe (Google Toolbar installer), as well as programs that run Macromedia Flash Player, Sun's Java application and Adobe update manager. The erroneous flags even apply to updaterui.exe, McAfee's own update program.”

 

Share on Facebook


Saturday, March 11, 2006

Eagle Fishing on Collins Lake

I was beyond thrilled to be able to snap this photo from my back yard today.  This magnificent bird went fishing in Collins Lake in  our little village of Scotia, New York. This is off my typical topic but I just had to share it.

Eagle Fishing at Collins Park
Click photo for larger image

 For the fellow digital photo nuts out there, it was taken with a Canon Powershot Pro 1 at about 6x zoom.

Share on Facebook


Friday, March 10, 2006

Real Life Simpsons

Steve Bass clued us in recently about the British doing a new series of the Simpsons only with live actors. Unfortunately, the Sun Online site which had the video has since removed it and replaced it with a rude trick.

When clicking on the video link now sends users to a HTTP 404 – File not found page.  That page then tried to load Avant Browser when I clicked on Back and tried to make it my browser. Naughty, Naughty Sun Online!

I did find a copy of the video a YouTube.com

http://www.youtube.com/watch?v=brh6KRvQHBc

 

Share on Facebook


Thursday, March 09, 2006

Origami, Exposed

As promised Microsoft has provided Bloggers with more information on Project Origami. It’s not an official product introduction.  It’s really meant to suck more Bloggers like myself into writing about it.  Robert Scoble interviewed Otto Berkes, architect/general manager of the Ultra-Mobile PC team and has posted the video on MSDN Channel 9.  Click here

I do owe an apology to Robb Donewood and other BlackBerry fans  who I annoyed by not making my point clear. My previous posts were not meant to compare the features of the BlackBerry against those expected to be included in Origami.  

The point I hoped to express was that Microsoft was in fact targeting the BlackBerry user base with this unique introduction/leak.  Recent events with the BlackBerry patent issues has certainly made some BlackBerry users pause and wonder about the future.  Was Microsoft exploiting this concern?  As Robb points out in his blog yesterday, MSN Money has an article called “RIM’s outlook is grim”. 
RIM = “Research in Motion” makers of BlackBerry

The New York Times recently ran an article about the Wal*Mart using Bloggers to carry out a PR campaign. There’s a good summary of this by Brook Schaaf on ReveNews. I’m not sure I see a difference between this and what Microsoft is currently doing with Origami.

The Origami viral marketing campaign is now detailed by its creator Dustin Hubbard on his Blog.

Share on Facebook


Tuesday, March 07, 2006

Hello Origami, Bye Bye Blackberry

I still can’t help feeling that Microsoft orchestrated last weeks leak about the Origami Project. Blogs we’re full of photos, videos and stories about this new device.  According to Robert Scoble’s Blog, there will be an official announcement on Thursday, March 9th on http://channel9.msdn.com/


Intel’s Origami Prototype
Origami
Thanks to Scott Ard/CNet News.com

Meanwhile, Pocket-lint in the UK is showing a slightly different image.

Origami

According to Scobleizer

It’s not an iPod killer.
It’s not a portable Xbox.
It’s not an OQO killer.
It’s not a PSP killer.
It’s not a Nokia N90 killer either..
It’s not a Treo 700w killer either…
Hey, Palm Addicts, it’s not a Palm killer either.

I note, as of today, there’s no denial of it being a BlackBerry killer.  I tend to be suspicious but I can’t help repeating what I suggested 10 days ago.  The timing of this announcement comes at a very vulnerable time for the BlackBerry. I’m not the only one who thinks someone planned this early pre-announcement but it probably won’t stop me from getting one when it’s available.

Share on Facebook


Sunday, March 05, 2006

Consumer Reports on Mac Spyware

As if to throw down a challenge, Jeff Fox from Consumer Reports recently insisted the Macintosh is “less hospitable” to spyware and it wasn’t just because the Mac had a smaller installed base. I mentioned these remarks last month in my report on Mac Malware at the recent ASC Conference on February 9th.  Ed Skoudis from SANS Institute, warned Mac users not to be lulled into a false sense of security. He noted that, “OS10 has had a number of significant security flaws” and that they’re not as widely publicized because they don’t impact as many people.

Apparently the Mac is more hospitable then Mr. Fox thought.  One a week later, Symantec discovered the OSX.Leap.A worm spreading via the iChat Instant Messenger program.  The next day, Symantec published information on OSX.Inquanta.A which uses an Apple Mac BlueTooth Directory Traversal Vulnerability.  On Feb 21st, SANS Institute reported about a “Serious flaw on OS X”  discovered by Michael Lehn according to Heise Online.

This past week I had 3 requests for a Mac version of our WinPatrol program. I’m sorry to report we don’t have a MacPatrol program.  I would recommend Mac users check their Safari preferences and deactivate the option “Open Safe Files after downloading”.  It would also be a good idea to visit http://www.apple.com/support/downloads/ and check out any security updates.

 

 

Share on Facebook


Wednesday, March 01, 2006

Paypal Phishing Contest

I’m not sure why, but this week almost half my Email has been some kind of PayPal phishing scheme. I’m thinking there must be an online PayPal Phishing contest for hackers.

The subject lines vary but all have some kind of connection to PayPal. Just today I received multiple copies of the subject lines below to Email account that have no connection to PayPal.  They’re all bogus.  If you want to check your PayPal account, go there directly, not by clicking on an Email link.

PayPal Email ID PP321
Notification of Limited Account Access (Routing Code: C840-L001-Q190-T1812)
Notification of Limited Account Access
Update your PayPal account
Confirm your PayPal account
Question from PayPal Member

Under the good news headlines are reports that AOL continuing to aggressively go after organized Phishing groups. Click Here for more.

Share on Facebook


First Person Plural

Here’s one to watch. 
A new technology is about to be introduced to gamers and target them with ads based on their age, location and interests.  Montreal’s First Person Plural has created a 3–D racing game called “Human Limit” to show their “Witness” technology and will offer a million dollar grand prize in hopes to entice gamers and advertisers.
Press Release: Click Here

Working with FPP, advertisers are able to develop advergames or websites that use Witness to build a detailed demographic profile on individual users, allowing them to send specific marketing messages to a chosen demographic, collecting consumer intelligence throughout the process.

More information available at GameDaily Biz: Click Here

In the UK, First Person Plural is an Association for Dissociative Survivors of Abuse and Trauma. Sounds like a fitting name for an adware company.

Share on Facebook