Windows Security Vulnerability

[Bill, KD0HG]

Just a heads-up, folks.

Over the holidays, a serious security vulnerability was discovered
on Windows systems. Simply by viewing a "trick" jpg image on a web site
or email, your computer can be infected with a trojan that allows an
attacker complete control over it, including stealing passwords and other
secure information.

This affect ALL versions of Windows except for 16-bit 3.X.

This, I'm afraid, is going to be a huge problem for the public

Microsoft is to release  patches on the 10th, next Tuesday, to
address the issue. Until then, I'd suggest NOT visiting questionable
web sites and keep that AV software up to date.

-bill/hg

[w1guh]

Dunno if this is the same thing but I ran into a really malicious website over the holidays.  It was in Russian and I came across it looking for pix of Pat Benatar.

When I went to the site it started opening many, many, many windows.  When I finally killed that I found it had installed and was running something called "spysheriff."  I couldn't close the window and couldn't even kill it with the Task Manager - it was grayed out on the menu.  Luckily, I just happened to have a recent restore point and that took care of the problem. 

I don't know if any viruses or whatnot came along with that onslaught and, luckily again I was running from an old system disk.

Beware

Paul

[k4kyv]

One thing that helps is to make your personal profile a limited account, and create a new profile named "Admin" (or whatever you wish to name it) and give it administrative privileges, for the purpose of installing new software and/or updates.  A limited account is much less vulnerable to the unintentional installation of software, since it purposefully prevents even the intentional installation of most programs.

Warning - create the new admin account before changing your main profile to limited account.  Otherwise, you have locked yourself out of the innards of the machine.  If this happens it is easy to work around it and regain access to administrative privileges, but it may take some time figuring out how to do that.  Much easier not to have to.

One problem is that automatic updates to the operating system and anti-virus software will not install using the limited account, for the same reason unwanted software won't install, so you will have to temporarily switch to "Admin" to accomodate normal updates.

Another trick I have found useful is to install a custom HOST file.  Details on how and why to do this are available at
http://www.mvps.org/winhelp2002/hosts.htm
I highly recommend this site; they offer the download for free, and you can configure it to automatically e-mail you whenever the HOST file is updated (usually about twice a month).  The download and installation of updates to the file takes about 60 seconds to do once you get the hang of it. 

Also, be sure to follow the instructions on how to prevent the HOST file from slowing Windows XP down.  I also have a "renhost" icon on my desktop to temporarily disable the HOST file, since it occasionally prevents a desired web site from opening.  That also is explained in detail on the above web page.

Since installing the HOSTS file, banner ads and other commercial junk that flashes and blinks at you while you are visiting a website or trying to read mail have all but disappeared, even from my Hotmail e-mail account. 

[Blaine N1GTU]

i recommend using Firefox. not IE

otherwise remove Windows and install linux...OR
get a Mac

seriously, this is getting crazy

[W5AMI]

i recommend using Firefox. not IE

otherwise remove Windows and install linux...OR
get a Mac

seriously, this is getting crazy

Ditto Ditto Ditto !

[W1RKW]

Though I haven't educated myself on Linux so I don't know to much about it other than people say its a good OS. I've been curious to try it.  I have a box I'm not using right now and thought about loading it up.  What apps can run on Linux?  Do they have tobe  Linux specific? Can windows based programs (non-MS) work on Linux?

[Steve - WB3HUZ]

The applications have to written or compiled for Linux (this is no different than Windows or any other OS). But, with something called WINE, you can run Windows apps on Linux. I'm not up to speed on just how well the apps run. But, don't sweat it. There are Linux apps for all the main things most people do with there computers (maybe to not include games) - web browsers, email apps, word processors, graphics editors, audio editors, etc. Much of it is free.

[Bill, KD0HG]

Many of the Linux distros now available are incredible. You can have the look.N-feel of Windows if you want, IMO the hardest part of the transition is gaining an understanding of the unix file system. But now they even have replica Windows-style file managers.

I set up a Linux box and put it on our corporate office network, I'm able to do just about anything I can do on an XP box, even access Windows file servers and network printers. Conversely, there's some very cool Linux programs available (for free, like most of them) that have no Windows counterpart.

The major downside to Linux remains hardware support. It's not even close to Windows in scope. You need to make sure your hardware is compatable with the Linux distribution that you get. I dual-boot my home computer between Linux and Windows 2000, when I boot into Linux I need to disable the RAID drives in BIOS first or the kernel crashes. My RAID hardware ins't supported. I also can't run the TV and video in/out functions on my video card, which is not supported on Linux. And I've never been able to get my HP scanner working properly on Linux. It's important to check the hardware compatability lists before proceeding.

And...installing software on Linux can be a HUGE pain in da butt. Install a program, and as often as not you'll get messages about certain other things that need to be installed to satisfy dependencies between programs. One program might need others to be installed first, or versions revised until they all play nice together. Sometimes I'll install a program, then I can't find any link to it.

In spite of all this, Linux distributions like Mandrake and Xandros are well worth looking at for a newbie. Once I started playing with Linux, I really got hooked. And the majority of the software is free for the downloading. Legally.

..

[AJ1G]

After reading about the latest security threat on CNNs website, I clicked on a link there and went to Microsoft's Windows Update site.  Spent several hours on my dialup downloading and installing a long list of updates to Windows XP, which is what I run on my home system.  After the update site said I had successfully installed all needed updates, I logged off.   I went back to the update site a short while later, and was told that I now needed 1 more update - Windows XP Service Pack 2.   The 5 plus hour download to my dialup service crapped out somewhere along the way due to a dialup timeout or drop, so its still left to be done.

The questions left?

Assuming that the updates I downloaded appled to Service Pack 1, am I currently up to date protected?  The CNN site stated that MS had released the patch for the latest threat for SP1 and SP2 XP. 

Can I obtain an SP2 update on disk from MS to avoid the long download on the dialup?

Once I install SP2, will I then be hit with a long list of updates to SP2 that now need to be installed?  Hopefully the update on disk to SP2 will include any subsequent updates to it as well?

[Jim, W5JO]

Probably so Chris,  I have SP 2 installed and have had since it came out, you wouldn't believe the number of updates that have come along since then.  Since you have dialup, you are in for a real trial.

I alternate between IE and Firefox and at the risk of starting a real debate, I have had troubles with Firefox and Thunderbird.  So choose your poison.  Firefox is smaller to download and is immune to many of the control issues of IE.  But you should keep your IE updated since you are using XP.  Some of the updates apply to XP and not necessarlyto IE or Outlook Express.

[Pete, WA2CWA]

Last week Firefox gave me a real pounding. I was trying to load a web page that seemed to be taking an unbelievably long time to load. Finally, the upper top right corner rotating dots stopped moving, page still hadn’t loaded, and all mouse functions ceased. Could not even close Firefox. Was able to do the alt-ctrl-del and then closed out the Firefox application. Rebooted the machine to make sure there were no gremlins still lurking about. All things looked normal. Clicked on the Firefox icon and the initial screen that you get when you first installed Firefox came up. Everything else looked normal except all the bookmarks that I had installed (the ones I imported from IE and all the new ones since then) were gone. The only ones that were there were the ones Firefox initially puts in (quick searches and their sites). Search of the Firefox directory indicated all my bookmarks had disappeared. Fortunately, I still have all my IE Favorites (IE name for Bookmarks) so I was able to import them back into Firefox, but any that I specially installed in Firefox after I started using Firefox a number of months ago were gone. Still haven’t figured out what happened here.

[Steve - WB3HUZ]

Windows released the patch for the Metafile problem on Thursday, 5 January. If you DLed patches from MS after this date, you should be up to date, but not necessarily safe.

[k4kyv]

Last week Firefox gave me a real pounding. I was trying to load a web page that seemed to be taking an unbelievably long time to load. Finally, the upper top right corner rotating dots stopped moving, page still hadn’t loaded, and all mouse functions ceased. Could not even close Firefox. Was able to do the alt-ctrl-del and then closed out the Firefox application. Rebooted the machine to make sure there were no gremlins still lurking about. All things looked normal. Clicked on the Firefox icon and the initial screen that you get when you first installed Firefox came up. Everything else looked normal except all the bookmarks that I had installed (the ones I imported from IE and all the new ones since then) were gone. The only ones that were there were the ones Firefox initially puts in (quick searches and their sites). Search of the Firefox directory indicated all my bookmarks had disappeared. Fortunately, I still have all my IE Favorites (IE name for Bookmarks) so I was able to import them back into Firefox, but any that I specially installed in Firefox after I started using Firefox a number of months ago were gone. Still haven’t figured out what happened here.

The exact same thing happened to me a couple of days ago, right after I had installed avast! anti-virus.  I thought that had something to do with it.  But after restarting the computer, the bookmarks were back again, just as usual.

It would be a good idea to back up the bookmark file.  It's easy to do with Firefox.

First, click Bookmarks>>Manage Bookmarks. In the window that
opens, select File>>Export. Type a name for the file and click Save.  I simply name mine "bookmarks" and save it in a folder I already have on the desktop, or you could stick it somewhere in My Documents.

Once you have created a backup file, open it just to make sure the bookmarks are really there.  They should all be listed by name, in HTML format. Selecting a bookmark and clicking on "properties" should give the url.

To restore your bookmarks, click Bookmarks>>Manage Bookmarks. In the
window that opens, select File>>Import. Select From File and click
Next. Navigate to your backup file and highlight it. Click Open. Voilà!

Or you can manually open the folder in the the Firefox directory and copy the backup file, replacing the blank one that mysteriously appeared there.

[k4kyv]

Can I obtain an SP2 update on disk from MS to avoid the long download on the dialup?

Once I install SP2, will I then be hit with a long list of updates to SP2 that now need to be installed?  Hopefully the update on disk to SP2 will include any subsequent updates to it as well?

Go to the M$ site.  I was able to order the SP2 CD, free of charge!!! They even encourage you to pass along the disc to a friend after you have used it.  The website said it would take a couple of weeks to get the CD but mine came in the mail the same week.

I kept the CD as a backup, and have since used it to install SP2 in my daughter's computer.

I sat on the CD for a month or so after receiving it, wating to see if there were any problems.  Initially, after SP2 had been released, some people had problems ranging from a complete crash of Windows, to certain applications not working.  After my self-imposed waiting period, I decided to go ahead with the installation.  It worked without a hitch, and caused me no problems whatever.

Since SP2, new updates to Windows have been fewer and further between than before.  They used to release several new updates every week.  Now I get them every few weeks at the most.

[Pete, WA2CWA]

It would be a good idea to back up the bookmark file.  It's easy to do with Firefox.

First, click Bookmarks>>Manage Bookmarks. In the window that
opens, select File>>Export. Type a name for the file and click Save.  I simply name mine "bookmarks" and save it in a folder I already have on the desktop, or you could stick it somewhere in My Documents.

Once you have created a backup file, open it just to make sure the bookmarks are really there.  They should all be listed by name, in HTML format. Selecting a bookmark and clicking on "properties" should give the url.

To restore your bookmarks, click Bookmarks>>Manage Bookmarks. In the
window that opens, select File>>Import. Select From File and click
Next. Navigate to your backup file and highlight it. Click Open. Voilà!

Or you can manually open the folder in the the Firefox directory and copy the backup file, replacing the blank one that mysteriously appeared there.

Probably would have a good thing to do if I had heard of others experiencing similar problems like that. But, I guess I was still rolling with the hype that Firefox was the greatest.

[Steve - WB3HUZ]

The loss of your bookmarks may have nothing to do with Firefox. The bookmarks are just another file - something the operating system is supposed ensure proper integrity.

[k4kyv]

Probably would have a good thing to do if I had heard of others experiencing similar problems like that. But, I guess I was still rolling with the hype that Firefox was the greatest.

All may not be lost.  Check out this website:

http://kb.mozillazine.org/Lost_bookmarks

[Pete, WA2CWA]

Probably would have a good thing to do if I had heard of others experiencing similar problems like that. But, I guess I was still rolling with the hype that Firefox was the greatest.

All may not be lost.  Check out this website:

http://kb.mozillazine.org/Lost_bookmarks

Thanks Don. After reading through the link that you provided and also reviewing the MozillaZine Forum http://forums.mozillazine.org/viewtopic.php?p=1252725#1252725, the situation that I encountered was not that all uncommon with Firefox. From what I read, it most likely happened when I alt-ctrl-del out of Firefox when the loading of a page seemed to lock up everything. Had I been aware of the web page you pointed to, or had a previous similar encounter, I would have had a much better idea on how to proceed rather than proceeding in the direction that I did.  All in all, not a big deal here. Whatever bookmark pages that are missing can easily be set up again when I want or need them. Google generally finds what I need very quickly.

So I came away with: If you have to, for whatever reason, alt-ctrl-del out of Firefox, check your bookmarks, and if missing, proceed with the procedures outlined in the URL above.

[John Holotko]

Though I haven't educated myself on Linux so I don't know to much about it other than people say its a good OS. I've been curious to try it.  I have a box I'm not using right now and thought about loading it up.  What apps can run on Linux?  Do they have tobe  Linux specific? Can windows based programs (non-MS) work on Linux?

I have been running Linux  since 1995. back in those days the operating system kernel was monolithic and hardware device drivers had to be compiled directly  into the kernel. This meant  that if you wanted support for a specific device, say a specific sound card, you  had to recompile the entire kernel which was a lengthy, daunting task on the hardware of yesteryear.

These days the Linux kernel is modular. In order to add driver support for hardware  you just have to dynamically load the module and even that process is automated on a lot of distros. So yes, Linux has become much much easier for almost anyone to run.There is a diverse choice of desktops many of which very closely resemble the Windows desktops in appearance and functionality.

The best software to run on Linux is native software written and compiled to run on linux. Virtually every  piece of Windows software has a Linux counterpart. FGor example the Linux answer to Microsoft Office os "OpenOffice". For everypossible choice of Windows software there are usually multiple choices of Linux software that perform the same  functionalityand many of these can be downloaded for free.  In addition using utilities like WINE (free) or VMWare (commercial) you can run some Windows applications on your Linux desktop. There is one interesting utility called Crossover Office, see http://www.codeweavers.com  that utilized WINE to run things like certain Windows browser plugins and assorted office apps on your  Linux brosser or desktop. Numerous full featured broswers also run under Linux i.eNetscape,  Mozille  firefox, Opera, Konqueror, etc.

At home I have my whole family up and running on the Linux desktop and they like it very much. They do have the option to use Windows but they rarely do. Linux handles most of their needs without the constant security headaches associated with Windows.

One last  note, if you don'twant to give  up Windows entirely you can set up your computer to work as a dual boot machine. To do this you keep your windows distribution and install your Linux on a separate hard drive or drive partition. Then every time you  boot your machine you are  given the choice whether  to boot up and run in Windows or to boot and run into Linux. That way you don;t have to sacrafice one for the other.

ize