Windows Tips and Tricks

Go here for an upgrade. PC world has a story on a new release

A new version of the Winamp player was released on Monday afternoon, one day after hackers posted exploit code on the milw0rm.com Web site that could be used to run unauthorized software on computers running Winamp 5.12 with Windows XP.

I don’t use it but Winamp is popular and I pass this along. Desktop Pipeline reports

The popular Winamp music player suffers from a zero-day vulnerability that attackers are already exploiting, a security company warns. A patch is not available.

One possible temporary procedure that they mention

Secunia recommended that users turn to alternate player programs, but Moscow-based Kaspersky Labs said that users could deflect attacks by setting Winamp’s .pls file format to “Confirm open after download” using Windows’ “Folder Options/File Types” dialog.

From its inception the search facility at FirstGov has been a very useful tool for finding the myriad of pages that the government has on the Internet. It has now been revised and Search Engine Watch describes the new search page

FirstGov’s new, sparse search page is just the tip of the iceberg for a number of powerful, useful new features unveiled by the U.S. government information portal.

The federal government provides a lot of useful services and free information that could easily be overlooked. This site will help you find them.

When I commented on Apple’s making a security update to the QuickTime player hard to get, I neglected to give a link to an alternative player. Jack Teems at Neat Net Tricks has an entry in his latest newsletter that reminds me that you can download a alternate player at free-codecs.com. Here is their description:

QuickTime Alternative will allow you to play QuickTime files (.mov, .qt and other extensions) without having to install the official QuickTime Player. It also supports QuickTime content that is embedded in Webpages.

I don’t know how far Windows Vista will go toward addressing the security problems discussed in the previous blog. Vista is still being developed and exactly what is in it when it is released remains to be seen. In the meantime, here is a report on the present state of its security features by Roger Grimes.

Here’s some more evidence (as if it were needed) to support my contention that we need a whole new way of addressing the Internet security problem. Robert Vamosi has an article giving the sorry story of how easy it was for a young man to carry out a career of cybercrime. One thing from the story that really gets me is that some of the computers that he infected with Trojans and then used in a botnet were not from clueless home users but belonged to the clueless US government.

Some of the bots included computers at the Defense Information Systems Agency (DISA) in Falls Church and at China Lake Naval Air Facility in California. The DISA offers network-based solutions for the President, the Vice President, and the Secretary of Defense.

The current system makes easy pickings on the Internet for criminals and other malefactors. Unless and until we change the way we approach the issue of Internet security, a career of cybercrime looks like an easy way to make a living. A related and perhaps even worse problem is the potential danger to the whole Internet from terrorists and Internet saboteurs.

As I have mentioned before, one of the attractive features of the Firefox browser is that it can be customized in many ways with what are known as extensions. There are hundreds of extensions, some good, some not so good. Here’s some help in finding the good ones. Internet Week has an article Firefox Essentials: 10 Must-Have Extensions. Another source of information is Scot Finnie’s article
Best Firefox Extensions and Customizing Tips .

The present way that is used to protect computers against malware such as viruses, worms, Trojans, and spyware is basically reactive. It depends on a local database of information about known malware in order to recognize and disarm the invaders. Some attempt is made at using so-called “heuristic” techniques to recognize new malware that is not in the database but maintaining the protection still requires constant updating of the local database. Also, since the different types of malware have different behavior patterns and signatures, more than one type of protection is needed. Although software suites may combine the different kinds of protection in one package, many people end up with a hodgepodge of different applications. For example, I have an anti-virus program, a software firewall (not counting the Windows XP version), three anti-spyware programs and two Trojan removers. I also have a hardware firewall.

Having to run all these programs and having to constantly update them is not only cumbersome but also makes a hit on system performance. For example, Symantec SystemWorks was such a drag on my system that I never ran it in the background but only used it manually before I finally chucked it in favor of AVG. Even with constant updating, systems are still vulnerable to so-called “zero-day” and undocumented exploits. The constant parade of new security problems makes it clear that something better than the current approach to safeguarding computers is needed.

There are already several possible alternative ways to go. One is the procedure used on many systems that are open to the public in places like libraries and schools. A standard system configuration is established and any changes, including malware, that occur on the system during an individual login session are erased when the user is finished. The system is simply returned to its standard configuration. This approach has been very satisfactory in our classes at SeniorNet where we use the program Deep Freeze. Students can do anything they want to the system or get it infected by malware but when it is rebooted it returns to its original state. This is very satisfactory for a setup which remains static but is tedious where a user installs a lot of new software or creates new files. Changes to the system can be incorporated into the standard configuration if desired but this is a multi-step process and not really suitable for dynamic systems where content changes frequently. However, this approach can be modified to add flexibility by having a separate unfrozen partition where data files and frequently changed programs are kept. Installations that require Registry entries will still need to be done in a multi-step process but the average home user who is an infrequent installer of new programs could certainly use this approach.

A related approach that is attracting more and more attention is the use of “virtual” machines. The equivalent of several independent operating systems can be created on one computer. This is especially attractive for those who try out or test a lot of software. David Berlind at ZDNet has an article on the virtues of VMWare. You can have one virtual machine that is the standard setup and another that gets exposed to the Internet.

A completely different approach is mentioned in an article at PC Magazine. Here is an excerpt

Sana Security’s Primary Response SafeConnect, currently in beta, takes a unique approach to protecting your PC from spyware and other unwanted programs. Rather than using a database of signatures to spot malware during a scan, SafeConnect closely monitors all running processes and zeroes in on suspicious behavior patterns. When it spots a malicious process, it uses data gained from its monitoring to identify and quarantine files and Registry keys related to the process. Because it specifically responds to what a program does rather than to what it is, it is most likely to detect malware immediately upon installation or just after a system restart.

However things develop it is clear to me that the present methods of safeguarding computers are inadequate. Maybe the new Windows Vista will have some solutions. (Mac and Linux users, please do not write saying that all that is needed is to switch operating systems. You have a point but the Microsoft PC monopoly is not going away.)

If you use Windows 98/Me you should note this announcement from Microsoft:

On June 30, 2006, assisted support will end for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition (Windows Me) operating systems and their related components.

After this date, Microsoft will no longer provide any incident support options or security updates. Online support will be available through the Microsoft Support Product Solution Center Web sites.

I have been writing off and on about the usefulness of thumb drives (or pen drives or flash drives or USB drives or whatever you want to call them) but there’e more. The price has come down to the point where there is no excuse not to have one (or several). It has even become possible to put an operating system on a thumb drive and to boot from it. First, a Linux setup was made possible but now there is a way to get a Windows XP system on a bootable thumb drive. Fred Langa gives details in this article.