Update: A Sneak Look Through The New Windows

By | November 24, 2011
0 Comment
 Further to my earlier post about the delays behind the next version of Windows, Paul Thurrott of Windows & .NET Magazine has gotten hold of some screenshots of what is codenamed Longhorn that perhaps show they’re further down the road than we thought. His conclusions?
  • this Windows version will finally fulfill Microsoft Chairman and CEO Bill Gates’s goal of making Windows the center of our digital lifestyle.
  • Longhorn will offer a sound volume “mix” so that users can independently control any software that generates sound; in one of the screen shots, the volume for Microsoft Outlook’s new mail sound and the main speaker volume are independently controlled.
  • Continuing the Activity Center work that began with Windows Me, Longhorn aggregates common elements into central locations, rather than requiring users to navigate around the system and control discrete elements independently. For example, instead of requiring users to independently synchronize equipment such as portable audio devices, Pocket PCs, and USB memory fobs and software elements such as Offline Files, a new Longhorn SyncManager control panel will give users a central location for managing synchronization tasks. From this
    location, users will be able to set up all device and software synchronization partnerships, manage devices, and perform other related activities.

Update: Sobig’s 9/11

By | November 24, 2011
0 Comment
 Here’s some more evidence that the Sobig worms may be part of something more sinister: Central Command, a provider of PC anti-virus software and services, says its latest incarnation, Sobig.F, “is estimated to have infected millions of systems worldwide and may draw on them to be part of a cyber army focusing a digital assault against major online services”.
 
Here’s how it may work: When particular conditions are met, Worm/Sobig.F will attempt to download additional components of the attackers choice. The pre-configured conditions include performing tests to determine if the current day is Friday or Sunday between the hours of 19:00 (7PM) and 22:00 (10PM) UTC time. When these conditions are met, the worm will attempt to retrieve further instructions that may include the downloading and execution a backdoor hacker program. Backdoors can allow someone with malicious intent to gain full control of the infected computer.
 
“The virus author(s) of Sobig have developed a predictable pattern of releasing new variants soon after the current version de-activates itself,” said Steven Sundermeier, VP Products and Services at Central Command, Inc. “If the past repeats itself we could be looking at a newly constructed creation shortly after September 10th. A potential risk is that the massive army created by Worm/Sobig.F could be used to launch an all out attack on large Internet infrastructures, for example, by means of a Distributed Denial of Service attack (DDoS).”
 
This may not happen, like the LovSan worm’s planned attack on Microsoft. But to make sure you’re safe check you’ve not got the Sobig worm aboard and if you have, remove it.

Update: Microsoft May Stop Footing Pussies

By | November 24, 2011
0 Comment
 Security Wire Digest, published by Information Security Magazine, reports that Microsoft may stop pussyfooting around on updates to its Windows operating system. In the wake of the worm that ripped through networks worldwide by exploiting a vulnerability for which a patch had been released more than three weeks before, the company is considering several plans to beef up security in its products which may automatically install patches on PCs.
 
 
Privacy advocates will have a problem with this, but it’s logical. Most folk don’t update properly, or even know they’re supposed to, although I wonder whether it may leave Microsoft vulnerable legally. It’s tantamount to saying ‘what we’re selling you isn’t safe unless you let us keep patching it.’

News: Another Reason To Dump MSN Messenger?

By | November 24, 2011
0 Comment
 Microsoft look like they’re going their own way again. An article by IDG says it’s making changes to its MSN instant messaging (IM) service that will lock out users of third-party software that uses the service as well as users of older versions of Microsoft’s own Messenger client.
 
 
Users have to upgrade to the latest versions of MSN or Windows Messenger by Oct. 15 or they will no longer be able to log on, Microsoft spokesman Sean Sundwall said. This will lock out, at least for a while, users of IM software such as Trillian, Imici and Odigo that allow users to consolidate multiple IM accounts in one client.

Update: Manually Extracting Worms

By | November 24, 2011
0 Comment
 Here are some tips for manually removing the Sobig.F worm, from Global Hauri, which sells something called a ViRobot Expert to filter unwanted emails caused by this virus (sorry, I haven’t tidied up the somewhat eccentric language):
 
 
To repair the virus, install anti-virus software and update to the latest definitions. Once the antivirus update is complete, scan the whole HDD to remove the Sobig.F virus. It is possible to remove the virus manually by searching the virus on the system. Here are the steps to get rid of the critical file called “win32ppr.exe” from infected
systems:
 
1.  Unplug from the network out of your computer.
2.  Boot the computer, then hit F8 Function key above numeric key until it goes through options to choose ‘safe mode’
3.  Wait until boot process completed with ‘safe mode’
4.  Open Task Manager to press simultaneously three keys (Ctrl+Alt+Del) and select ‘Process’ tab.
5.  Find and Highlight ‘winppr32.exe’ from Process tab.
6.  To kill ‘winppr32.exe,’ click ‘End Process’ button in the bottom of Process tab window.
7.  Go to ‘Start’ at button lower left corner of Microsoft Window, select ‘Search’ button.  (It looks slightly different from OS versions between NT, Win2000, and XP)  Choose ‘All files and Folders’ and type ‘winppr32.exe’, and then search it thru the entire Hard Disk Drive.  (If you have more then one Hard Disk Drive, select both)
8.  Delete all ‘winppr32.exe’ from the search window.
9.  Reboot in normal mode and plug to the network (It will not reboot itself since deleting all ‘msblast.exe.)
10. Install Anti-Virus and update the latest anti-virus definition.