By By Scott Spanbauer
If you're thinking of skipping the next expensive Microsoft Office upgrade, you can begin preparing today for the move to a free Office-like suite or Web service.
A gradual and easy transition allows you to avoid any possible file incompatibilities, because you can still keep an old copy of Office available as a safety net.
I like almost everything about Microsoft Office except its price. Even so, like many people, I use only a fraction of the suite's features. I rely mostly on the basic formatting, spellcheck, grammar, and review features of Word, with an occasional Excel spreadsheet or PowerPoint slide thrown in for good measure. The rest of Office is bloatware to me.
I don't automate my documents with VBA macros; my Excel tables are rudimentary; and my PowerPoint presentations are just the facts, ma'am. Do I really need to pay to load a copy of Office on every computer I use?
I stuck with the Microsoft behemoth all the way through Office 2003. To date, I've never felt a need for Office 2007. In recent years, meanwhile, upstart productivity applications have seduced me away from Microsoft's ubiquitous suite.
I started using the free, open-source OpenOffice.org suite on a daily basis several years ago to see whether it could really replace Office. Though OpenOffice's menu commands, dialog boxes, and settings often vary only slightly from those of the corresponding Microsoft Office applications, I found the switch to OpenOffice's Writer and Calc applications easy.
And because OpenOffice is free, I can install the program on every one of the PCs I use, whether it runs Windows, Linux, or OS X. You can get your copy — or copies — at the OpenOffice.org download page.
I outlined the major differences between MS Office and OpenOffice in my Oct. 30, 2008, review of OpenOffice.org 3. There are a couple of reasons why I haven't given up Office 2003 entirely. For one thing, I maintain several important databases in Access. Unfortunately, OpenOffice's Base database program is not a replacement for Access. Base can't read and save Access files the way Writer does with Word files, Calc does with Excel files, and Impress does with PowerPoint files.
Another reason I keep a copy of Office around is because OpenOffice lacks a PIM analogous to Outlook. This is a hole you can fill with one of the many alternatives I reviewed in my July 31, 2008, and Aug. 14, 2008, Best Software columns. Another alternative is to use OpenOffice with Yahoo's free Zimbra Desktop service in place of Outlook.
Compatibility with Office file types remains a problem for OpenOffice and other Office alternatives. Before you make the switch, open your most important Office documents in the Office replacement of your choice to ensure that the files look and function as expected.
OpenOffice opens and saves files in .doc, .xls, and .ppt formats (among others), usually without a problem. In my experience, however, those documents may not always look and behave exactly as they do in Microsoft Office.
You can protect yourself from unwanted surprises by opening and printing a generous sampling of key files you've exchanged with co-workers and clients. More importantly, keep an old copy of Office installed on at least one of your computers, just in case.
Stick with standard Office file formats
You can minimize file-compatibility issues by standardizing on the most common file formats. By default, OpenOffice.org saves files in Open Document Format (ODF). Microsoft's by-the-book support for ODF, unfortunately, breaks some spreadsheet files, according to a recent ZDNet blog post.
OpenOffice reads and writes Office 2007's default .docx and .xlsx XML file formats. But the older .doc and .xls formats are still the ones most often used. I suggest that you make the classic Office formats your defaults in OpenOffice. To set .doc as the document default, for example, open any OpenOffice program and do the following:
* Step 1. Choose Tools, Options;
* Step 2. Select General under Load/Save;
* Step 3. Click Text Document under Document type in the Default file format and ODF settings section;
* Step 4. Choose Microsoft Word 97/2000/XP in the Always save as drop-down menu and click OK.
To make .xls the default worksheet format, open the same dialog box and follow the same steps, with the following differences:
* Step 1. Choose Spreadsheet under Document type in the Default file format and ODF settings section;
* Step 2. Choose Microsoft Excel 97/2000/XP in the Always save as drop-down list and click OK.
The best sites for taking Office files online
Both Office and OpenOffice are tied to a specific computer. If you're like me, you're constantly bouncing from one PC to another as you wend your way between home and office, coffee shops and airports, iPhones and Blackberries.
If you long to store your documents in the Internet cloud — where you can reach them any time from any Internet-connected PC — make Google Docs your first stop. Thanks to the recent addition of Google Gears offline caching, you can even view and edit your Google Docs when you board a flight or are otherwise unable to access the Net.
As with OpenOffice, be sure to upload, open, and print a representative sampling of your existing documents in Google Docs to check for compatibility before you make a permanent switch. Google's Web-hosted document, spreadsheet, and presentation apps offer far fewer features than their counterparts in MS Office and OpenOffice.
However, because your Google Docs files are online 24/7, you're not the only person who can access your stuff via the Net. You can also share the files with other Google Docs users. You can even publish documents to your blog with just a couple of clicks. And it's no surprise that Google Docs can also be seamlessly integrated with Gmail.
You may find that Google Docs and the similar, collaboration-oriented ThinkFree Online Web apps are too streamlined for you. If so, try Zoho Office, a Web service that offers feature-rich word processing, spreadsheet, and presentation applications.
Zoho Office matches Google Docs' offline support via Google Gears (in the Writer application only) and provides a dozen more free apps. Zoho even has a plug-in for Microsoft Office that lets you open, edit, and save Zoho-hosted files in Word, Excel, or PowerPoint themselves.
You can do the same trick with an extension called OpenOffice.org2GoogleDocs. This bit of software is available on the OpenOffice.org site. Despite its name, the OpenOffice extension also supports Zoho and WebDAV servers.
Microsoft offers a similar tool through its free Office Live Workspace. The software giant reportedly also plans to make online capabilities a part of the upcoming Office 2010.
Fortunately, you don't have to wait until 2010 to use the Office-like suite of your choice, either online or offline.
Thursday, June 18, 2009
Wednesday, June 17, 2009
Things you never knew your cellphone could do
•Emergency.The worldwide emergency number for mobiles is 112. If you find yourself out of your mobile network's coverage area, dial 112 and the phone will search any existing network to establish the emergency number for you. Interestingly, this number (112) can be dialed even if the keypad is locked.
•Locked your keys in the car?Does your car have remote keyless entry? This may come in handy someday. Good reason to own a cell phone: If you lock your keys in the car and the spare keys are at home, call someone at home on their cellphone from your cellphone. Hold your phone about a foot from your car door and have the person at home press the unlock button on your spare key while holding it near their phone. Your car will unlock. Saves someone from having to drive your keys to you. Distance is no object. You could be hundreds of miles away, and if you can reach someone who has another "remote" for your car, you can unlock the doors (or the trunk).
•Hidden battery power.Imagine your cell battery is very low. To activate, press the keys *3370# — your cellphone will restart with this reserve and the instrument will show a 50% increase in battery strength. This reserve will get recharged the next time you charge your phone.
•How to enable quick disabling of a stolen phone.To find your mobile phone's serial number, key in the following digits: *#06# — a 15-digit number will appear on the screen. This number is unique to your handset. Write it down and keep it somewhere safe. If your phone is stolen (or lost), phone your service provider and give them the serial number. They will then be able to block your phone so that even if the thief changes the SIM card, your phone will be totally useless.
•Locked your keys in the car?Does your car have remote keyless entry? This may come in handy someday. Good reason to own a cell phone: If you lock your keys in the car and the spare keys are at home, call someone at home on their cellphone from your cellphone. Hold your phone about a foot from your car door and have the person at home press the unlock button on your spare key while holding it near their phone. Your car will unlock. Saves someone from having to drive your keys to you. Distance is no object. You could be hundreds of miles away, and if you can reach someone who has another "remote" for your car, you can unlock the doors (or the trunk).
•Hidden battery power.Imagine your cell battery is very low. To activate, press the keys *3370# — your cellphone will restart with this reserve and the instrument will show a 50% increase in battery strength. This reserve will get recharged the next time you charge your phone.
•How to enable quick disabling of a stolen phone.To find your mobile phone's serial number, key in the following digits: *#06# — a 15-digit number will appear on the screen. This number is unique to your handset. Write it down and keep it somewhere safe. If your phone is stolen (or lost), phone your service provider and give them the serial number. They will then be able to block your phone so that even if the thief changes the SIM card, your phone will be totally useless.
Researchers Build Anonymous, Browser-Based 'Darknet'
Black Hat USA presentation will demonstrate how the latest browser technology makes underground, private Internet communities simpler to form, more secretive
By Kelly Jackson Higgins, DarkReading
June 15, 2009
URL:http://www.darkreading.com/story/showArticle.jhtml?articleID=217801293
A pair of researchers has discovered a way to use modern browsers to more easily build darknets -- those underground, private Internet communities where users can share content and ideas securely and anonymously.
Billy Hoffman, manager for HP Security Labs at HP Software, and Matt Wood, senior security researcher in HP's Web Security Research Group, will demonstrate a proof-of-concept for Veiled, a new type of darknet, at the Black Hat USA conference in Las Vegas next month. Darknets, themselves, are nothing new; networks like Tor, FreeNet, and Gnutella are well-established. The HP researchers say Veiled is the same idea, only much simpler: It doesn't require any software to participate, just an HTML 5-based browser. "We've implemented a simple, new darknet in the browser," Wood says. "There are no supporting [software] programs."
Unlike its predecessors, Veiled doesn't require much technical know-how to join, either. "The coolest thing about this is it lowers the barrier to entry to a darknet," Hoffman says. "You could put some very interesting applications on top of it. It could be a way to do secure whistle-blowing, [for example]. When you have something decentralized like this, no one can control or stop it." No one can take it down, either, he adds, all of which makes it more approachable for a wider community of legitimate users.
Darknets can also be abused by the bad guys as a way to cover their tracks, but Hoffman and Wood say they see this as more of an opportunity for adding legitimate and mainstream uses of darknets, such as anonymous suggestion boxes or other ways for users to express themselves anonymously without their IP addresses potentially giving them away. "Students are getting reprimanded at school because of their Facebook postings," perhaps criticizing something about school, Hoffman says. "They're being punished for free speech. Where can you freely express yourself without fear of consequences? This could be an interesting app."
"The point of our research is not to give bad guys a tool for nefarious use, but to get security researchers discussing and talking about the new concept of browser-based darknets," he says.
Veiled is basically a "zero footprint" network, in which groups can rapidly form and disappear without a trace. It connects the user's HTML 5-based browser to a single PHP file, which downloads some JavaScript code into the browser. Pieces of the file are spread among the members of the Veiled darknet. It's not peer-to-peer, but rather a chain of "repeaters" of the PHP file, the researchers say.
"It's a file on a Web server, but I can also host one on my Website, for example, and we can join those two files together," Wood says. "It's very distributed."
The researchers are building encryption into the file distribution network as a way for users to remain anonymous and communicate securely.
Hoffman says he and Wood mainly want to show that building a browser-based Darknet is possible. And they don't consider Veiled a replacement for existing darknets. "We don't think this is the best solution...Our message is that the technical barriers to these secure anonymity networks are not that high," he says. "We are trying to build an infrastructure for this type of communication and file storage to occur, and allow others to decide how they should architect it."
By Kelly Jackson Higgins, DarkReading
June 15, 2009
URL:http://www.darkreading.com/story/showArticle.jhtml?articleID=217801293
A pair of researchers has discovered a way to use modern browsers to more easily build darknets -- those underground, private Internet communities where users can share content and ideas securely and anonymously.
Billy Hoffman, manager for HP Security Labs at HP Software, and Matt Wood, senior security researcher in HP's Web Security Research Group, will demonstrate a proof-of-concept for Veiled, a new type of darknet, at the Black Hat USA conference in Las Vegas next month. Darknets, themselves, are nothing new; networks like Tor, FreeNet, and Gnutella are well-established. The HP researchers say Veiled is the same idea, only much simpler: It doesn't require any software to participate, just an HTML 5-based browser. "We've implemented a simple, new darknet in the browser," Wood says. "There are no supporting [software] programs."
Unlike its predecessors, Veiled doesn't require much technical know-how to join, either. "The coolest thing about this is it lowers the barrier to entry to a darknet," Hoffman says. "You could put some very interesting applications on top of it. It could be a way to do secure whistle-blowing, [for example]. When you have something decentralized like this, no one can control or stop it." No one can take it down, either, he adds, all of which makes it more approachable for a wider community of legitimate users.
Darknets can also be abused by the bad guys as a way to cover their tracks, but Hoffman and Wood say they see this as more of an opportunity for adding legitimate and mainstream uses of darknets, such as anonymous suggestion boxes or other ways for users to express themselves anonymously without their IP addresses potentially giving them away. "Students are getting reprimanded at school because of their Facebook postings," perhaps criticizing something about school, Hoffman says. "They're being punished for free speech. Where can you freely express yourself without fear of consequences? This could be an interesting app."
"The point of our research is not to give bad guys a tool for nefarious use, but to get security researchers discussing and talking about the new concept of browser-based darknets," he says.
Veiled is basically a "zero footprint" network, in which groups can rapidly form and disappear without a trace. It connects the user's HTML 5-based browser to a single PHP file, which downloads some JavaScript code into the browser. Pieces of the file are spread among the members of the Veiled darknet. It's not peer-to-peer, but rather a chain of "repeaters" of the PHP file, the researchers say.
"It's a file on a Web server, but I can also host one on my Website, for example, and we can join those two files together," Wood says. "It's very distributed."
The researchers are building encryption into the file distribution network as a way for users to remain anonymous and communicate securely.
Hoffman says he and Wood mainly want to show that building a browser-based Darknet is possible. And they don't consider Veiled a replacement for existing darknets. "We don't think this is the best solution...Our message is that the technical barriers to these secure anonymity networks are not that high," he says. "We are trying to build an infrastructure for this type of communication and file storage to occur, and allow others to decide how they should architect it."
Thursday, June 11, 2009
IE 8 causes big problems on some PCs
IE 8 causes big problems on some PCs
Dennis O'Reilly By Dennis O'Reilly
The new version 8 of Microsoft's Internet Explorer browser has some features that version 7 doesn't.
But that's no guarantee that upgrading to IE 8 will go smoothly on your PC.
The perils of software updates were brought home to computer-repair business owner Bob Millard as he attempted to heal the XP systems of three clients who had recently moved from IE 7 to IE 8:
* "I have a computer repair business. In the last two weeks, I've had to fix three XP laptops after the installation of IE 8 made them inoperable. In each case, after the update, the desktop on each of these computers was blank except for the desktop wallpaper.
"It didn't matter whether you started the system in normal or safe mode, all desktop items — including the taskbar — were missing. The only way I could get them back was by using one of my bootable utilities that would allow me access to the restore points. On two of these laptops, restoring back a few days corrected the problem.
"On one of them, even though I got all the desktop functions restored, I didn't have Internet access or any access to USB devices. I tried to remove IE 7 (IE 8 was gone after the restore) but there was no remove/uninstall option in the Add/Remove Programs window.
"I was able to use a remove-IE7 utility that I have [IE7 EasyRemove, available at the Drive Headquarters site] to get back to IE 6, and now the system is working again.
"Bottom line: There are big issues in Internet Explorer 8 land."
Bob told me that he subsequently reinstalled IE 7 on two of the laptops and everything worked as expected. However, the third still lacked USB access and had other problems with IE 7 installed, so Bob left IE 6 on that machine — at least until he could find the required fix.
Despite the potential pitfalls, I recommend that if you must use Internet Explorer, install the latest version that won't trash your system. If IE 8 crashes and burns, revert to IE 7. If IE 7 brings you grief, roll back to IE 6 — but only long enough to get things working again. Old versions of IE are too insecure for today's scary Web.
Dennis O'Reilly By Dennis O'Reilly
The new version 8 of Microsoft's Internet Explorer browser has some features that version 7 doesn't.
But that's no guarantee that upgrading to IE 8 will go smoothly on your PC.
The perils of software updates were brought home to computer-repair business owner Bob Millard as he attempted to heal the XP systems of three clients who had recently moved from IE 7 to IE 8:
* "I have a computer repair business. In the last two weeks, I've had to fix three XP laptops after the installation of IE 8 made them inoperable. In each case, after the update, the desktop on each of these computers was blank except for the desktop wallpaper.
"It didn't matter whether you started the system in normal or safe mode, all desktop items — including the taskbar — were missing. The only way I could get them back was by using one of my bootable utilities that would allow me access to the restore points. On two of these laptops, restoring back a few days corrected the problem.
"On one of them, even though I got all the desktop functions restored, I didn't have Internet access or any access to USB devices. I tried to remove IE 7 (IE 8 was gone after the restore) but there was no remove/uninstall option in the Add/Remove Programs window.
"I was able to use a remove-IE7 utility that I have [IE7 EasyRemove, available at the Drive Headquarters site] to get back to IE 6, and now the system is working again.
"Bottom line: There are big issues in Internet Explorer 8 land."
Bob told me that he subsequently reinstalled IE 7 on two of the laptops and everything worked as expected. However, the third still lacked USB access and had other problems with IE 7 installed, so Bob left IE 6 on that machine — at least until he could find the required fix.
Despite the potential pitfalls, I recommend that if you must use Internet Explorer, install the latest version that won't trash your system. If IE 8 crashes and burns, revert to IE 7. If IE 7 brings you grief, roll back to IE 6 — but only long enough to get things working again. Old versions of IE are too insecure for today's scary Web.
Big-name sites spread latest malware infections
Big-name sites spread latest malware infections
Susan Bradley By Susan Bradley
Going by such names as Gumblar, JSRedir-R, Martuz, and Beladin, a new generation of malware has managed to surreptitiously place malicious JavaScript code on tens of thousands of popular Web sites.
The hacker scripts try to infect site visitors and then attempt to use their compromised PCs to spread the infection to yet other sites.
Over the past month, the security services ScanSafe and Sophos have reported infections on such major Web sites as ColdwellBanker.com, Variety.com, and Tennis.com. Niels Provos reported in the Google security blog on June 3 that sites infected with Gumblar numbered about 60,000. Visitors became susceptible to infection simply by opening the sites in Internet Explorer.
After the script infects a PC, it attempts to spread its code to any Web site accessible via that machine's FTP client, if one is present. Webmasters often use FTP to make changes to the sites they manage. If FTP software is configured to save a webmaster's sign-in information, the malware can edit itself into a Web site's pages.
Once a PC is running this class of malware, the hacker code tries to trick the user into opening infected PDF and Flash files. If the PC has an unpatched version of Adobe Reader, Acrobat, or Flash, opening an infected file can install a keylogger or other malware. In the case of Gumblar, Google search results in an Internet Explorer window are rewritten — in a way that end users may not notice — so the links point to hacker sites laden with infected PDF and Flash.
Security firms have made efforts to block domains that serve as malware destinations in this latest round of attacks. But the bad guys quickly move to substitute other domains in what has been compared to a game of Whack-a-Mole.
Meanwhile, it's not so easy to shut down a well-known, legitimate site that's infected (although many such sites have quickly been cleaned up). You can't protect yourself simply by visiting only "trusted" sites, because there's no easy way for an end user to determine whether a legitimate site is infected.
Fortunately, you can stack the odds in your favor by following the guidelines in the Windows Secrets Security Baseline:
* Step 1: Use a hardware firewall.
* Step 2: Install a set of security software.
* Step 3: Scan your system regularly with a software-update service (more on these below).
* Step 4: Use Mozilla's Firefox or Google's Chrome browser, both of which are more secure than Internet Explorer.
The rise of a new form of Web-based threat
On May 27, the Microsoft Malware Protection Center blog reported that a malware family Microsoft refers to as Gamburl and Redir was infecting legitimate Web sites by embedding malicious scripts in the sites' HTML code. A system running Windows XP could become infected simply by opening a seemingly trustworthy site. (Gumblar, also called JSRedir-R and Martuz, doesn't affect Vista PCs, according to the Unmask Parasites blog.)
Once an XP machine is infected, passwords for FTP sites are retrieved and placed into a file called sqlsodbc.chm. This file is a legitimate SQL help file in Windows XP and 2000, but it's not used on Vista machines.
To determine whether Gumblar has struck your PC, test sqlsodbc.chm, which is located in XP's C:\Windows\System32 folder:
* Step 1. Download the free FileAlyzer program from the Softpedia site and install the program on your system.
* Step 2. Press the Windows key and E to open an Explorer window. Navigate to the C:\Windows\System32 folder, right-click the sqlsodbc.chm file, choose Analyze file with FileAlyzer 2, and note the file size and SHA1 hash value. (See Figure 1.)
FileAlyzer file-check utility
Figure 1. The FileAlyzer utility checks the sqlsodbc.chm file to determine whether your PC is infected with Gumblar.
* Step 3. Compare the file size and SHA1 hash value with the listing of good file types published on the Microsoft Malware Protection Center blog. If the file doesn't check out, update your machine's anti-malware software and run a full system scan. The scan should find and clean out the infection. On my test PC, the sqlsodbc.chm file had the expected values, which proved that the system wasn't infected.
Once your copy of sqlsodbc.chm comes up clean, you need to take steps to ensure that it stays that way. Download the latest virus definitions for your antivirus software. Also, ensure that Adobe Reader, Acrobat, Flash Player, and all your other third-party media players and applications have the latest patches.
Home and small-business users can run a free update checker such as Shavlik Patch, which you can download from the vendor's site. (Note that the program requires the free Google Desktop, which is available on Google's site.) A complete review of Shavlik Patch and several competing update programs is in my May 28 top story.
For business networks, I recommend Shavlik's NetChk Protect. I use this utility — which costs from U.S. $104 for two seats — to patch my own firm's network. You can find information about NetChk Protect on Shavlik's site.
For an added measure of protection, configure your PC to use the OpenDNS service, which lets you block categories of sites that you don't visit. You'll find complete instructions for making the required changes to your router on the OpenDNS tutorial page.
To make OpenDNS your DNS server, you can run your router's advanced settings program and manually set its DNS options to 208.67.222.222 and 208.67.220.220. (See Figure 2.)
OpenDNS settings dialog
Figure 2. Make OpenDNS your primary and secondary DNS server in your router's DNS settings to block potentially dangerous sites.
It's theoretically possible to manually enter in the OpenDNS settings page the URLs of sites you want to block. But trying to keep up with the latest list of Gumblar sites is nearly impossible. ScanSafe's STAT Blog indicates that the rate of Gumblar infection is slowing. But new infected domains — all of which use China's .cn top-level domain — are popping up as fast as others are being shut down.
Boost XP's defenses against Gumblar-like attacks
If you feel your XP system needs more protection — for example, you own a PC used by unsupervised teenagers — consider creating user accounts that lack administrator privileges. Granted, XP's limited accounts are often a pain to use because they restrict downloads, settings changes, and other common actions. An article on Microsoft's site explains limited user accounts and describes how to set them up.
Fortunately, the type of limited accounts in the forthcoming Windows 7 will be much easier to use. This is because the most common applications will run properly under Win7 without administrator rights. Steve Friedl's Unixwiz.net site includes a Tech Tip that describes Windows 7's enhanced User Account Control.
Gumblar definitely makes Web surfing with Internet Explorer more hazardous. If your PC is infected, merely searching in Google for seemingly innocent topics can lead you to a site you never intended to visit.
Google's Niels Provos recommends in his Top 10 Malware Sites blog that people use Firefox, Chrome, or another browser that taps into Google's Safe Browsing API. The API blocks Web destinations on Google's list of potentially dangerous sites, which the company claims to update continuously.
Here are some additional ways you can protect yourself:
* Make a full system backup. Create a backup of your PC using drive-imaging software such as the $50 Acronis True Image Home. (A 15-day free trial can be downloaded from the Acronis site.) Be ready to roll back to a prior image should your PC become infected.
* Use Windows SteadyState. This free program "freezes" a machine, preventing changes that could be harmful. For more information and a download link, visit the product page on Microsoft's site. (Windows Genuine Advantage validation is required for the download.)
* Browse in a sandbox. WS senior editor Ian "Gizmo" Richards described free sandbox programs in an Oct. 16, 2008, article. A sandbox lets you open suspicious links without putting your system's security at risk.
* Don't use Internet Explorer. All versions of IE are vulnerable to Gumblar and similar Web threats, but especially IE 6 is an infection waiting to happen. If a site or application requires Internet Explorer, update to IE 8 if you can. If you can't, download IE 7 as a bare minimum (although it's by no means a remedy). You can download IE 7 from Microsoft's Download Center and IE 8 from the browser's page on Microsoft's site.
If you simply must use IE 6 because some site or application requires it, urge the errant developers to make their code support the latest version of IE instead.
For tips on running and optimizing Firefox, Chrome, and other non-IE browsers — including OpenDNS and the security-enhancing NoScript extension for Firefox — see a comprehensive six-part article at MaximumPC.com.
Some of the above precautions may sound like paranoia, but I consider them the digital equivalent of locking your car doors and staying out of dark alleys.
Susan Bradley By Susan Bradley
Going by such names as Gumblar, JSRedir-R, Martuz, and Beladin, a new generation of malware has managed to surreptitiously place malicious JavaScript code on tens of thousands of popular Web sites.
The hacker scripts try to infect site visitors and then attempt to use their compromised PCs to spread the infection to yet other sites.
Over the past month, the security services ScanSafe and Sophos have reported infections on such major Web sites as ColdwellBanker.com, Variety.com, and Tennis.com. Niels Provos reported in the Google security blog on June 3 that sites infected with Gumblar numbered about 60,000. Visitors became susceptible to infection simply by opening the sites in Internet Explorer.
After the script infects a PC, it attempts to spread its code to any Web site accessible via that machine's FTP client, if one is present. Webmasters often use FTP to make changes to the sites they manage. If FTP software is configured to save a webmaster's sign-in information, the malware can edit itself into a Web site's pages.
Once a PC is running this class of malware, the hacker code tries to trick the user into opening infected PDF and Flash files. If the PC has an unpatched version of Adobe Reader, Acrobat, or Flash, opening an infected file can install a keylogger or other malware. In the case of Gumblar, Google search results in an Internet Explorer window are rewritten — in a way that end users may not notice — so the links point to hacker sites laden with infected PDF and Flash.
Security firms have made efforts to block domains that serve as malware destinations in this latest round of attacks. But the bad guys quickly move to substitute other domains in what has been compared to a game of Whack-a-Mole.
Meanwhile, it's not so easy to shut down a well-known, legitimate site that's infected (although many such sites have quickly been cleaned up). You can't protect yourself simply by visiting only "trusted" sites, because there's no easy way for an end user to determine whether a legitimate site is infected.
Fortunately, you can stack the odds in your favor by following the guidelines in the Windows Secrets Security Baseline:
* Step 1: Use a hardware firewall.
* Step 2: Install a set of security software.
* Step 3: Scan your system regularly with a software-update service (more on these below).
* Step 4: Use Mozilla's Firefox or Google's Chrome browser, both of which are more secure than Internet Explorer.
The rise of a new form of Web-based threat
On May 27, the Microsoft Malware Protection Center blog reported that a malware family Microsoft refers to as Gamburl and Redir was infecting legitimate Web sites by embedding malicious scripts in the sites' HTML code. A system running Windows XP could become infected simply by opening a seemingly trustworthy site. (Gumblar, also called JSRedir-R and Martuz, doesn't affect Vista PCs, according to the Unmask Parasites blog.)
Once an XP machine is infected, passwords for FTP sites are retrieved and placed into a file called sqlsodbc.chm. This file is a legitimate SQL help file in Windows XP and 2000, but it's not used on Vista machines.
To determine whether Gumblar has struck your PC, test sqlsodbc.chm, which is located in XP's C:\Windows\System32 folder:
* Step 1. Download the free FileAlyzer program from the Softpedia site and install the program on your system.
* Step 2. Press the Windows key and E to open an Explorer window. Navigate to the C:\Windows\System32 folder, right-click the sqlsodbc.chm file, choose Analyze file with FileAlyzer 2, and note the file size and SHA1 hash value. (See Figure 1.)
FileAlyzer file-check utility
Figure 1. The FileAlyzer utility checks the sqlsodbc.chm file to determine whether your PC is infected with Gumblar.
* Step 3. Compare the file size and SHA1 hash value with the listing of good file types published on the Microsoft Malware Protection Center blog. If the file doesn't check out, update your machine's anti-malware software and run a full system scan. The scan should find and clean out the infection. On my test PC, the sqlsodbc.chm file had the expected values, which proved that the system wasn't infected.
Once your copy of sqlsodbc.chm comes up clean, you need to take steps to ensure that it stays that way. Download the latest virus definitions for your antivirus software. Also, ensure that Adobe Reader, Acrobat, Flash Player, and all your other third-party media players and applications have the latest patches.
Home and small-business users can run a free update checker such as Shavlik Patch, which you can download from the vendor's site. (Note that the program requires the free Google Desktop, which is available on Google's site.) A complete review of Shavlik Patch and several competing update programs is in my May 28 top story.
For business networks, I recommend Shavlik's NetChk Protect. I use this utility — which costs from U.S. $104 for two seats — to patch my own firm's network. You can find information about NetChk Protect on Shavlik's site.
For an added measure of protection, configure your PC to use the OpenDNS service, which lets you block categories of sites that you don't visit. You'll find complete instructions for making the required changes to your router on the OpenDNS tutorial page.
To make OpenDNS your DNS server, you can run your router's advanced settings program and manually set its DNS options to 208.67.222.222 and 208.67.220.220. (See Figure 2.)
OpenDNS settings dialog
Figure 2. Make OpenDNS your primary and secondary DNS server in your router's DNS settings to block potentially dangerous sites.
It's theoretically possible to manually enter in the OpenDNS settings page the URLs of sites you want to block. But trying to keep up with the latest list of Gumblar sites is nearly impossible. ScanSafe's STAT Blog indicates that the rate of Gumblar infection is slowing. But new infected domains — all of which use China's .cn top-level domain — are popping up as fast as others are being shut down.
Boost XP's defenses against Gumblar-like attacks
If you feel your XP system needs more protection — for example, you own a PC used by unsupervised teenagers — consider creating user accounts that lack administrator privileges. Granted, XP's limited accounts are often a pain to use because they restrict downloads, settings changes, and other common actions. An article on Microsoft's site explains limited user accounts and describes how to set them up.
Fortunately, the type of limited accounts in the forthcoming Windows 7 will be much easier to use. This is because the most common applications will run properly under Win7 without administrator rights. Steve Friedl's Unixwiz.net site includes a Tech Tip that describes Windows 7's enhanced User Account Control.
Gumblar definitely makes Web surfing with Internet Explorer more hazardous. If your PC is infected, merely searching in Google for seemingly innocent topics can lead you to a site you never intended to visit.
Google's Niels Provos recommends in his Top 10 Malware Sites blog that people use Firefox, Chrome, or another browser that taps into Google's Safe Browsing API. The API blocks Web destinations on Google's list of potentially dangerous sites, which the company claims to update continuously.
Here are some additional ways you can protect yourself:
* Make a full system backup. Create a backup of your PC using drive-imaging software such as the $50 Acronis True Image Home. (A 15-day free trial can be downloaded from the Acronis site.) Be ready to roll back to a prior image should your PC become infected.
* Use Windows SteadyState. This free program "freezes" a machine, preventing changes that could be harmful. For more information and a download link, visit the product page on Microsoft's site. (Windows Genuine Advantage validation is required for the download.)
* Browse in a sandbox. WS senior editor Ian "Gizmo" Richards described free sandbox programs in an Oct. 16, 2008, article. A sandbox lets you open suspicious links without putting your system's security at risk.
* Don't use Internet Explorer. All versions of IE are vulnerable to Gumblar and similar Web threats, but especially IE 6 is an infection waiting to happen. If a site or application requires Internet Explorer, update to IE 8 if you can. If you can't, download IE 7 as a bare minimum (although it's by no means a remedy). You can download IE 7 from Microsoft's Download Center and IE 8 from the browser's page on Microsoft's site.
If you simply must use IE 6 because some site or application requires it, urge the errant developers to make their code support the latest version of IE instead.
For tips on running and optimizing Firefox, Chrome, and other non-IE browsers — including OpenDNS and the security-enhancing NoScript extension for Firefox — see a comprehensive six-part article at MaximumPC.com.
Some of the above precautions may sound like paranoia, but I consider them the digital equivalent of locking your car doors and staying out of dark alleys.
Wednesday, June 10, 2009
Movie studios create cable, online channel
Three Hollywood studios are starting a TV and Internet channel that will show films ahead of their DVD release date.
"Epix" will air high definition movies over cable and stream 720p videos online for free, with no advertisements, Ars Technica reports. The movies from Lionsgate, Paramount and MGM will run in the same window as pay-per-view and premium movie channels, before DVD release. That's not a huge development for TV, but such early releases for big movies has never been done online.
There is, of course, a catch: To watch online, viewers must subscribe to both cable and Internet for the service provider that carries the channel. In setting it up this way, the studios hope that cable companies will pick up Epix and tout it as a selling point to potential subscribers. They're also banking on setting up caching servers in ISPs' data centers, avoiding slowdowns when streaming across public internet.
It's too bad, then, that there won't be any way for people without cable to get the online version, but that's the point. You'd think Epix could make even more money by offering a paid online-only service, but that might anger cable companies because it would be another way for people to work around subscribing to television.
The question is whether cable providers will show interest in the first place, as Epix hasn't announced any partners. And even if Epix found willing cable participants, its not clear which tier will get the channel (I'm guessing it'll be bundled with premium packages that include other movie channels besides HBO).
I could also see a service like this getting rolled into other online packages as developed by cable companies, such as Comcast's OnDemand Online. Though I don't think any of these features will bring back customers who have already left, they're fine incentives to keep existing subscribers on board.
"Epix" will air high definition movies over cable and stream 720p videos online for free, with no advertisements, Ars Technica reports. The movies from Lionsgate, Paramount and MGM will run in the same window as pay-per-view and premium movie channels, before DVD release. That's not a huge development for TV, but such early releases for big movies has never been done online.
There is, of course, a catch: To watch online, viewers must subscribe to both cable and Internet for the service provider that carries the channel. In setting it up this way, the studios hope that cable companies will pick up Epix and tout it as a selling point to potential subscribers. They're also banking on setting up caching servers in ISPs' data centers, avoiding slowdowns when streaming across public internet.
It's too bad, then, that there won't be any way for people without cable to get the online version, but that's the point. You'd think Epix could make even more money by offering a paid online-only service, but that might anger cable companies because it would be another way for people to work around subscribing to television.
The question is whether cable providers will show interest in the first place, as Epix hasn't announced any partners. And even if Epix found willing cable participants, its not clear which tier will get the channel (I'm guessing it'll be bundled with premium packages that include other movie channels besides HBO).
I could also see a service like this getting rolled into other online packages as developed by cable companies, such as Comcast's OnDemand Online. Though I don't think any of these features will bring back customers who have already left, they're fine incentives to keep existing subscribers on board.
Tuesday, June 2, 2009
Protect files and folders on your USB drive via WinMend Folder Hidden
If you are the type of person that carries along a USB drive on a travel, you should pay attention to the security of your important files and folders. In case your USB drive is stolen or falls in wrong hands, your confidential data on the drive may be leaked. There are various ways that can be used to ensure that your data on the USB drive is protected. You may encrypt the data or lock the drive; but sometimes these security measures may incur some costs. In case you would like a free security for your important data, you can use WinMend Folder Hidden utility.
WinMend Folder Hidden is a simple yet effective security tool to protect important data on your USB drive. For the start, you need to download and install the WinMend Folder Hidden utility on your USB drive. Once installed, you need to create a username and password when the software first runs. You will be then produced with a program window where you can add files/folders to be hidden inside.
winmendfolder Protect files and folders on your USB drive via WinMend Folder Hidden
Now the hidden folders will be seen only on entering the password and username created by you. The hidden folders will remain invisible to others until the correct password is provided.
WinMend Folder Hidden can be useful in case of sharing your USB drive with friends and colleagues where you do not want them to browse the sensitive content inside your drive.
This program is really worth trying since you do not need to pay anything. However, if you use your USB drive for storing projects worth many millions, you should find more advanced and powerful security tool.
Download WinMend Folder Hidden by clicking here.
WinMend Folder Hidden is a simple yet effective security tool to protect important data on your USB drive. For the start, you need to download and install the WinMend Folder Hidden utility on your USB drive. Once installed, you need to create a username and password when the software first runs. You will be then produced with a program window where you can add files/folders to be hidden inside.
winmendfolder Protect files and folders on your USB drive via WinMend Folder Hidden
Now the hidden folders will be seen only on entering the password and username created by you. The hidden folders will remain invisible to others until the correct password is provided.
WinMend Folder Hidden can be useful in case of sharing your USB drive with friends and colleagues where you do not want them to browse the sensitive content inside your drive.
This program is really worth trying since you do not need to pay anything. However, if you use your USB drive for storing projects worth many millions, you should find more advanced and powerful security tool.
Download WinMend Folder Hidden by clicking here.
Subscribe to:
Comments (Atom)