Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Wednesday, May 31, 2006

WgaTray.exe opens security hole

It’s called Windows Genuine Advantage.   I’ve received a couple Emails about the file WgaTray.exe which was part of this weeks Windows Update. Some questioned how this file was able to run on startup but isn’t listed by WinPatrol or other programs as an AutoStartup program.

Well, the answer is simple; this program is part of the Windows Operating system.  After Windows starts it looks for this file in the system32 folder and runs it.  Unfortunately, there’s a serious problem in with the way how Microsoft has implemented their anti-piracy system.  The way Windows handles this file opens up a big security hole that most programs won’t plug.  Any malicious program can delete the WgaTray.exe and replace it with its own malware using the same name.  Windows does nothing to verify this program before running it the next time you reboot.

Microsoft describes this program as follows: "By using genuine Microsoft software, you can be confident that your software is legitimate and fully supported by Microsoft.” As if  “you” didn’t already know.  More information can be found at http://www.microsoft.com/genuine/default.mspx and http://www.microsoft.com/genuine/downloads/WhyValidate.aspx

You can also find a discussion at Broadband Reports.com  http://www.dslreports.com/forum/remark,15963038  The topic of the discussion is more about flaws in Windows piracy then security.  If you have your system set for auto-updates the newest version of WgaTray.exe will have been downloaded this week.

 

Share on Facebook


AOL Not Number One

My new favorite magazine PC World recently published a great piece called “The 25 Worst Tech Products of All Time”.  It’s a fun and nostalgic list of products which have been released in the Internet age. Some have come and gone, some remain.   Many of the 25 were great concepts but failed to be implemented well.

Naturally Microsoft Bob made the list.  Bill Gates felt so strongly about this product he married the product manager. There wasn’t room for all the products so some like the Apple Newton and Microsoft WebTV  are listed under (Dis)Honorable Mention.

According to author Dan Tynan the number one worst product was America Online. Dan obviously has some issues with AOL but he’s not alone. AOL has always been the target of loathing by a large group of techies.  While I admit AOL has made some errors along the way, I regret it will never receive the credit it deserves.

If not for America Online, millions would still be without E-mail.  The Internet would be 5–10 year behind its current state. What AOL provided the web was “*critical mass”.  If not for critical mass companies like E-Bay, Amazon and even Google never would have had enough customers to cover the costs of doing business.

Yes, I am bias.  In a past lifetime, when I worked for AOL, our goal was to provide a service that allowed the general public to get online.  The techies at the time complained that we made the software to simple. When AOL members were first introduced to newsgroups they didn’t always know the accepted etiquette and were treated like lepers.  Luckily,  they came in such numbers the variety of newsgroup topics exploded to the point there’s a discussion out there for any obscure topic you can think of.

I was often quoted as saying, “We designed AOL so any idiot could get online…   and a lot of them did”.  Luckily, they also brought along a lot to offer. Millions of folks who started off with AOL are now among the largest contributors to the net.

*“Critical mass is the scale or volume at which processes become self-perpetuating.”

Share on Facebook


Friday, May 26, 2006

City wants to move your Dish

I woke up this morning to a post in our local message boards that said “Forget about the Dish TV”. At first, I thought it was going to be a discussion on how TiVo  is trying to get an injunction against EchoStar to have them disable DVR functions on all Dish Network boxes. (More Info)

Instead, it was about a junior council woman in Schenectady NY, promoting a law that would required satellite dishes to be removed or moved to back yards. It's bad enough when small housing communities try to enforce such restrictions but an entire city is too much.  It's especially ironic for Schenectady, the test tube of television.  Local inventor Ernst Alexanderson was responsible for making the old home antenna part of our 20th century landscape.

Many of you probably haven't stopped to realize that the satellite dish is a modern day compass. They actually helped me find my way once in London after my buddy Tim got us lost.

Consumer TV or Direct Broadcast Satellites are Geo-stationary.  This means they circle the earth at the same speed as the earth itself so they're always in the same position.  They also revolve around the earth at the same height, directly over the equator.

What the means is, all your dishes are going to be pointing in the southernly direction. (or north if you live in the southern hemisphere)   In Schenectady they're just a little south-west but it means if the back of your house doesn't have a southern view,  no dish for you!

Share on Facebook


Wednesday, May 24, 2006

UnSpyPC identified as "Badware"

The consumer watchdog group StopBadware.org has released  new reports today and has certified four more applications as "Badware". (More Info)

Their press release caught my eye this morning because of an application called UnSpyPC.  I had never heard of this program but apparently it identifies WinPatrol program as spyware and encourages users to remove it.

According to StopBadware.org

… “UnSpyPC," is an application that incorporates a non-standard hard drive scan upon installation and also identifies legitimate software, such as VMWare, WinPatrol, and Windows Defender as spyware. It also adds an UnSpyPC icon to Internet Explorer without notification.

Other newly certified “Badware” includes “Winfixer”, “Funcade” and “Jessica Simpson Screensaver”. They join the Badware.org Hall of Fame which currently includes “Kazaa”, “Mediapipe”, “Waterfalls 3”, and SpyAxe”.

Share on Facebook


Tuesday, May 23, 2006

Personal Information Protection Tips

The biggest risk to your personal information is not using your credit card on the Internet or giving it to a waiter or waitress. It’s certainly not so-called tracking cookies and isn’t even behavioral marketing companies like Claria. The biggest threat to your privacy are idiots who work for your credit card company, bank and trusted government employees. If they’re not leaving holes open to hackers on their servers, they’re getting their laptops stolen with all your personal information.

Vietnam War MemorialAs we prepare to memorialize our nations heros, over 26 million current Vets will be notified their sensitive personal information has been compromised. Apparently, an employee of Department of Veterans Affairs had his laptop stolen from his suburban Maryland home. The laptop included the names, social security numbers and birth dates of over 26.5 million U.S. veterans and their spouses. (More Info)

While officials recommend logging on to www.firstgov.gov or calling 1–800–FED-INFO, I have some additional, simple recommendations for everyone out there.

It’s fair to assume that your information is out there somewhere already so you really need to take the time to protect yourself. When your bank statement comes, take the time and reconcile your checking account.  When your stock portfolio arrives, review what has occurred to your retirement data.  When you open your credit card statement stop what you’re doing and review your charges.  You should be able to identify each and every purchase.

I learned about credit malaise while working with the online service now known as AOL. Our billing department pointed out that we had over a thousand members who had signed up for our service yet over the past year never signed on again.  These members were still getting billed $9.95 a month on their credit cards and paying even though they never signed online again.  This was almost 20 years ago but I doubt much has changed.

People continue to be the biggest threat to the security of any computer system. Today, PC World has an article about “Toughening up Your Passwords” which I would recommend reading. If you want to protect yourself, you can’t just buy the protection. You have to take the time and protect yourself.

 

Share on Facebook


Thursday, May 18, 2006

iPod more popular than Iraq

I found a great tip from Alex Eckelberry on this Sunbelt Blog.  He turned me on to a fun tool from Google Labs called the Google Trends.(More Info) This is a great way to view how often a particular search term is typed into Google.
 
I've been playing for days, entering in all sorts of terms.  Naturally, I checked out how WinPatrol searches have been and could even compare my searches against another program which has often been compared to Scotty the Windows Watchdog.
 WinPatrol versus other program
It looks like it’s time I spark some more interest in our WinPatrol program!
 
Google admits this tool is still in its early stages. There’s no way to know if the portion of their searches used by this tool meets a statistical critical mass to use for business plans.  I did notice a great trend in searches for “Kerio” so Sunbelt obviously knew they had a winner when they acquired the popular personal firewall.(More Info)
 
Still, it can provide hours of fun and give you a lot to think about.
You can see what terms have become popular like my comparison of searches for Iraq vs iPod below.
Iraq vs. iPod
Or, how much interest there is in say, Firefox vs. Netscape.
Netscape vs Firefox
 

Share on Facebook


Wednesday, May 17, 2006

Consumer Threat from Fakeware is Growing

When it comes to spyware, consumers really don’t know where to turn.  Hopefully, they find long time consumer advocates like Steve BassKim Komando, Brian Livingston,  Fred Langa or some of the other folks I list on the left side of this Blog. You can pretty much count on their recommendation.

If not, consumers end up downloading dangerous fakeware like SpyAxe/Spyware Quake or products like Spyware Cleaner which actually installs adware popups from WhenU.  In many cases, just because you see a product advertised on TV, doesn’t mean it’s not fakeware. There’s a lot of money to be made trying to get computers to work as they should.

One resource which has been around for a while is the Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites.  Next month it celebrates its 2nd anniversary and was just updated a few days ago. I recommend a visit here before downloading or purchasing any AntiSpyware product.

 

Share on Facebook


Friday, May 12, 2006

Spitzer says, Choose your own Music

I’ve long considered Eliot Spitzer and his AntiSpyware team led by Justin Brookman as good people.  They’ve been successful at exposing some of the evil spyware companies who try to infect computers with unwanted toolbars, pop-ups and redirected web pages. More Info  Spitzers office also found that CD’s containing root-kits were still on the store shelves after Sony claimed to have recalled them all.  More Info 

This week the NYS Attorney General has hopefully stopped Universal Music Group Recordings Inc in a radio payola scheme that would surely make Alan Freed turn over in his grave. More Info The company behind artists such as Ashlee Simpson, Lindsay Lohan, Brian McKnight and Nick Lachey has agreed to settle for $12 million.  The company admits no guilt but acknowledged some of their employees and independent promoters provided vacations, electronics and other bribes to radio stations.

UMG also used interns, employees and outside vendors to pose as radio listeners calling radio stations and repeatedly requesting songs they wanted to push.  This really sounds like a great way to obtain a million dollar return with just a few dollars to phone banks. 

I can’t help but imagine rooms full of phones in India with employees dialing up radio stations requesting the favorite new song. Within days we’re all humming songs we would have never heard of otherwise.  As scary as this is, it’s brilliant!

Luckily, this is apparently illegal.  UMG has a 26% share of the world market and sells one out of every three albums in the US.  I had a chance to meet Eliot Spitzer last year and I told him his AntiSpyware efforts would win him the election as governor of New York.  I’m re-considering my advice to him. I think he should blow past governor and start campaigning for the next presidential election. 

Share on Facebook


Wednesday, May 10, 2006

Public Photos Not Allowed in Troy NY

I was surprised today when I read a topic in one of my favorite blogs which should have appeared in more than one of my local papers.   Across the country in San Francisco, Thomas Hawk  featured an important article published in the TroyRecord based in Troy NY about 20 miles from me.

The City of Troy, home of Uncle Sam,  has been threatening photographers at its public Knickerbacker skating rink. Signs recently posted say “Any type of camera usage is prohibited unless authorized by rink management. The city claims the new policy is designed to thwart pedophiles. A petty argument between parents is what apparently initiated the policy.  Families wanting to capture their kids on film aren’t happy and it’s not sitting well with the New York Civil Liberties Union who is threatening to sue the city 

Just recently I have been looking into laws governing taking photos in public.  The law and constitution is currently behind photographers. The magazine JPG recently did an entirely issue with 31 stories of harassment called “Photography is not a Crime”. 

I still am courteous, respectful and careful when snapping photos in public where kids are around.  I experienced one awkward situation when a women opened a conversation at local concert by threatening me with physical man-pain if I took a photo of her child. Luckily, I live in a small community where people know me and most parents ask me to include their kids in our community photos

Kids on Stage

In this case, while photographing this band, I avoided taking photos of these kids dancing and playing unless requested. When their parents allowed them on stage for the finale I judged it was appropriate and welcomed. Technically, I have the legal right to take as many photos as I want in a public place.

Update: I did see one reporter, Kumi Tucker at WNYT cover this story.  Click Here

Share on Facebook


Monday, May 08, 2006

Apple iTunes keeps their logo

Apple Computer won a court battle over Apple Corps allowing them to continue using the Apple Logo for their iTunes Store. The High Court of London with Justice Edward Mann, dismissed a complaint by Apple Corps who objected to the Apple logo being used by the iTunes online music store.

Abbey Road Studios
Abbey Road Studios in London

The legal issues began in 1978 when Apple Records objected to an Apple logo being used by Steve Jobs and Steve Wozniak.  A settlement was reached in 1981 for $80,000 and the agreement that Apple Computer would stay out of the music business.  Who would have thunk it eh?  Made sense at the time.  Ten years later however when computers started to play MIDI music Apple Corps Ltd. sued again.  The Mac was hot in 1991 so Apple Computer paid $26.5 million for a new agreement.

Apple Corps is still owned by Paul, Ringo and the widows of John and George but is managed by Neil Aspinall their one time road manager.  Behind the scenes, Aspinall has been working on special releases of the Beatles catalog digitally re-mastered specifically for downloading.  He’s no fool on the hill.    

 

Share on Facebook


Thursday, May 04, 2006

Look out Microsoft for Yahoo TypoSquatters

First, Microsoft showed an interest in buying Claria which has long been accused of spyware practices.  They quickly back peddled due to the public outcry. Now there are serious “rumors” that Microsoft is interested in purchasing at stake in Yahoo.  I hope for Microsoft’s sake these are just rumors because some of Yahoo’s dirty deeds are being exposed.

Yahoo is accused of selling ad clicks and then making them available to spyware vendors to promote. They’ve also been accused of selling space on sites know as “typosquatters”.

ReveNews reports: “Yahoo Charged with Syndication Fraud
Washington Post reports “Suit Levels Spyware, Typosquatting Allegations at Yahoo

A typosquatter is someone registers a domain similar to popular websites and then takes advantage of the traffic sometimes fooling users into thinking they’ve reached their correct destination.  When it only costs about $20 to register a domain for a couple years it’s common for typosquatters to register hundreds of sites and prey on typo’s.

I found if you added an extra “r” to www.nickjr.com your kids would be in real trouble.
Four separate windows open including the game below.  The first time one of the windows was an ad for Orbitz.  The next time I got an add for InfoWorld magazine who ironically is also reporting today on this topic.  Click here.

According to SiteAdvisor after playing this game
they received 81 spam Emails a day.
Don't Play This Game

If you type M instead of the N in netscape.com you’ll get a site which claims to be Netscape.com but has links to x rated videos.

Leave off the last “d” in www.disneyland.com and Register.com tries to download the AvantBrowser and ads popped up and under for Monster.com and American Express.

I don’t recommend trying to put in your own typos to see what you get.
For more information on TypoSquatters.  Check out http://research.microsoft.com/Typo-Patrol/




 

Share on Facebook


Monday, May 01, 2006

Google, Site Advisor and IE7 Beta2

I really, really wish that Google had been the ones who bought SiteAdvisor.com.  It would have been an ideal match up.  I love Google and I use it everyday.  Usually, I can tell what web sites not to visit but god help the average computer user.  Google doesn’t verify if sites in their ads or on their results page are safe or suspicious. Site Advisor provides this function and is still available for free at http://www.siteadvisor.com/download/ie_learnmore.html

Sample Google Search with SiteAdvisor installed
 SiteAdvisor as seen on Google
When searching Google, Site Advisor will add the colored tag pictured above to let you know how safe a site might be.  I was sad to see that this feature is now broken on the latest version of IE7 Beta2
Site Advisor Badge
It would be so natural to have this functionality build directly into a Google results page.  Instead, I have Google Toolbar and a separate Site Advisor IE Add-on.  Currently, Site Adviser is free and simple to install. Now that McAfee has their hands on Site Advisor, what other features will they try and add to make it a premium product.

I love simple programs. I shudder with fear anytime I have to install a new program on my system. Each time I remove or install a program something breaks.  Most of the time is seems to be my internet connection.  I have enough experience that I can usually fix the problem but what to other people do?  Usually they reboot, re-install, reformat, or sometimes end up buying a new computer.

My rant today is mostly do to the hour it took me to update to the newest IE7 Beta2 preview.  All appears fine now but that wasn’t the case when I first followed the instructions to remove the previous “public” beta.  After multiple reboots things seem ok.  Public beta’s or (cough)”Preview releases” are becoming more common.  Anytime a company makes a public release they should have an easy upgrade policy in place and not expect everyone to be professional beta testers.

 

Share on Facebook