Well, as it’s pretty much 8pm GMT (my time), I think it’s probably best to say this as some of the world is now celebrating 2006 while America still has a good few hours to go!

On behalf of the MSBLOG team, Patrick Squire, Patrick Elliott, Jabez Gan, Joseph Bittman, André Nogueira, Dennis Fraederich and me, Zack Whittaker, would all like to wish you a very happy new year for 2006.

Now… on with the part-ay! 😀

MSBLOG has just hit 202 posts breaking the 200 posts mark! We have also just hit 430 comments, a great mile stone indeed for MSBLOG. A blog that started small and has expanded. What started as a hobby has become a passion and keeping readers up-to-date with the latest & current tech news has been fun. I cannot wait to hit 500 and keep on going.
Perhaps an expansion to a new content management system is in order…who knows.
But for now we will keep on keeping on!

From me to you…Thank you!

Patrick S

Zack’s Posts are completely true and acording to F-Secure Microsoft and CERT.ORG have issued bulletins on the Windows Metafile vulnerability:
http://www.microsoft.com/technet/security/advisory/912840.mspx
http://www.kb.cert.org/vuls/id/181038

Microsoft’s bulletin confirms that this vulnerability applies to all the main versions of Windows: Windows ME, Windows 2000, Windows XP and Windows 2003.
They also list the REGSVR32 workaround. It’s a good idea to use this while waiting for a patch. To quote Microsoft’s bulletin:


Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)
1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll"
(without the quotation marks), and then click OK.

2. A dialog box appears to confirm that the un-registration process has succeeded.
Click OK to close the dialog box.

Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started
when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.

To undo this change, re-register Shimgvw.dll by following the above steps.
Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).

This workaround is better than just trying to filter files with a WMF extension. There are methods where files with other image extensions (such as BMP, GIF, PNG, JPG, JPEG, JPE, JFIF, DIB, RLE, EMF, TIF, TIFF or ICO) could be used to exploit a vulnerable machine.

And finally, you might want to start to filter these domains at your corporate firewalls too. Do not visit them.

toolbarbiz[dot]biz
toolbarsite[dot]biz
toolbartraff[dot]biz
toolbarurl[dot]biz
buytoolbar[dot]biz
buytraff[dot]biz
iframebiz[dot]biz
iframecash[dot]biz
iframesite[dot]biz
iframetraff[dot]biz
iframeurl[dot]biz
So far, we’ve only seen this exploit being used to install spyware or fake antispyware / antivirus software on the affected machines. I’m afraid we’ll see real viruses using this soon.

Being the sort of fool that I am (hehe!) I decided to try this one out for myself. You don’t get many people who will openly try and see what different attacks to do a system, but I’m certainly one of them 😀

There is a new exploit that really is being exploited… a lot, and it targets users of Windows XP Service Pack 2 systems. Not sure if it exploits any other version of XP or not, but either way it’s best to keep careful and your guard up. It’s all about the Windows Metafile (.wmf) files. They are image files and support bitmap data as well as vector graphics.

My friend Paul yesterday sent me a link attached to his server with an affected file in – thank goodness I was in a pretty much blank XP SP2 virtual machine at the time 😉 The point of this exploit, is that someone can hide malicious code inside the .wmf file and email it around or even put it on a webpage. All you’ll see is the Windows Picture and Fax Viewer open (if it’s an external file) and it’ll crash. If you see it in Internet Explorer, it’ll crash… but there’s a good chance it’ll let in spyware.

“Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources” Microsoft said.

Quick fix: When opening an image file or a .WMF, right click on the file and select Open With, and then select Paint or if there, Microsoft Office Picture Manager and don’t use the Windows Picture and Fax Viewer.

Remedy: If things go wrong, and you notice your system going slow after an “attack”, the best thing to do is to download Windows Defender (codename AntiSpyware), as although the attack would have hit, you might still be able to remedy things. Download it from: http://www.microsoft.com/antispyware

Live Safety Center: Also try out the Windows Live Safety Center if you have been hit from an attack. It’s in beta, but it’s still pretty good. Check it out at: http://safety.live.com.

There is no MSN Messenger 8 yet. Not in public beta anyway.

However, there’s a new virus going around pretending to be “MSN Messenger 8 Working BETA”.

There’s two ways to catch it. First, by downloading it from a fake site where it has been supposedly “leaked”:

Click for bigger view

If you download and run BETA8WEBINSTALL.EXE from that site, you won’t get a new chat client. Instead, your existing MSN Messenger will start to send download links to everyone in your contact list. It also connects your machine to a botnet server.

The download link always contains the recipients’ email address. For example, if you’d have a friend with email address huuhaa@foobar.com, he would get a download link like msgrbeta8.com/im.php?msn=huuhaa@foobar.com:

Click for bigger view

Source-F-Secure

Online Crash Analysis is now capable of detecting some Internet worms and viruses. This error report was generated right after Internet Explorer became unresponsive and was closed by the user. OCA page shows that the application error was likely caused by Small.M worm and it is right. After doing a full scan in Windows Live Safety Center (http://safety.live.com) you can see that the computer has been infected.

Click for bigger view

Direct link to site Here

Lately in the newsgroups for the Windows Vista beta and a number of different online forums people are disabling one of the key pillars of Windows Vista’s increased security, UAC (User Account Control) formerly UAP (User Account Protection).

This is really rubbing me the wrong way as it is ultimately going to hurt this technology succeed. Plus, it will undermine the effectiveness of much of the testing these individuals are doing on Windows Vista. Not only is how to do this making its way around the beta audience, but now even the main stream tech sites are advertising how to do this.

Without this technology you are losing a large part of the security value adds for Windows Vista. You instantly lose the ability to do Protected Mode Internet Explorer which one could argue is the major attack vector for today’s malware. You lose Protected Admin which, it seems many admin’s are not too fond of but it helps protect us from ourselves. You can say you don’t need this, you’re too good to make a mistake like some common user, but you are fooling yourself.

The sad truth is that Malware is getting far more sophisticated and soon even the well intentioned and educated admin will end up with malware on his system and probably from an unlikely place. Take Mark Russinovich’s recent experience with a rootkit on a Sony CD, I can’t think of anyone I know, that knows more about Windows and he still got a rootkit on his machine, that just scares me.

[Counter-Argument]: Alternatively, Microsoft should see this as feedback to the effect that they need to make UAC less obtrusive. If people are looking for a way to turn it off, you’ve got to ask the question ‘why?’, and try and rectify the source of the problem, not just moan at the resultant. – Andrew.

Continue At Source

Well its Christmas On behalf of the MSBLOG team-we would like to wish you a very merry Christmas and a prospers and happy New Year!
Eat lots, Drink lots, hang with friends, spend time with family and stay safe!

Kind Regards,

MSBLOG Team

Happy Holidays!
Hopefully the posts wont stop 😛

It’s got to be said – so far I am incredibly pleased with the Microsoft Beta team with their work on Windows Vista and Windows Longhorn Server. When I was playing with Longhorn Server 5112, I was complaining at the fact that “it was simply Windows Vista with the ability to add a few server roles” and to be honest it’s exactly the same… but I’m far from complaining! A few things to highlight on – there are a few more noticeable bugs in Longhorn Server than Windows Vista at the moment with some things not working, but the server capabilities are astounding. I’ve been running my network at home off Longhorn Server, and it’s been practically no trouble at all from the rest of the computers point of view. The only problem, is that it took me bloody ages to find the ‘classic’ Network Properties, and eventually had to create a shortcut on my Desktop to the .cpl file in my System32 folder to get there. Now, the wireless capabilities on it are crap, even in Windows Vista it’s confusing but as long as it connects, it’s OK. However with Longhorn Server, wireless just isn’t happening, so I’m very glad I can Ethernet it to my wireless router for the rest of the house.

Also we see some absolutely lovely new graphics card capabilities. My Nvidia GeForce 6200 isn’t compatible with 5239 and earlier builds for the Aero Glass effects, and this time I was amazed to see Aero Glass working on Longhorn Server… without installing the beta Forceware drivers off the Nvidia website! I’ll include a few to look at below (not like you haven’t seen them before!) So, it proves that Windows Vista and Longhorn Server are more compatible for Aero Glass, just as the video card manufacturers are so at least the two are meeting in the middle.

A little disappointed that the Aero Glass won’t work on my mega-beefed-up-amazingly-fast laptop and they will on my relatively poor server, but pickers can’t be choosers (excuse the British proverb!)

Overall, the December CTP of Windows Vista and Longhorn Server are actually really good and although a lot of work is still to go into them… it really excites me to know that it can only get better from this point on, and if it’s already pretty cool… how good can it get?

Apple Mac OS 10.4 eat your electronic heart out, Windows Vista is on it’s way! 😀

Windows Live Messenger 8.0 has been in beta for quite a few weeks, and each official testers have received a few invites to send out to their family and friends. However on searching eBay, you will see that testers are selling the highly in demand invites for money.

See eBay “Messenger Beta Invite”

Want an invite? Currently you can bit from USD$0.50 and the bidding goes as high as USD$20.

Source: Betanews

Say you’ve just recovered from a serious worm attack. You’ve run your anti virus and adware/malware removal tools, installed the latest patches, even double checked to make sure your security privacy settings are at “High”. You’re fine now right? Maybe not.

Microsoft recently released a security advisory (along with an update to Windows SP2 containing the fix) warning about “unexpected behaviour” in Windows Firewall that could let a clever attacker who had broken into your PC leave a back door to the web unlocked for next time. Only PC’s running XP with SP2 or server 03 are in danger.

Hackers sometimes get into a PC by taking advantage of the ports that Windows uses to talk with the world (the net). There are thousands of ports available, but Windows Firewall automatically blocks most of them to protect you. You can let programs connect to your PC through specific ports by entering those ports as exceptions in the firewalls user interface (found in the Windows control panel). The UI also lists there exceptions on your system. Information about these ports are stored in the Windows registry.

Recently, someone figured out that if you insert port exceptions directly into the Registry and give then ‘malformed” names, the firewalls UI wont able to display them and you’d never know the port was open. Fortunately, no exploits of this venerability have been reported yet.

The security advisory is available HERE. It also explains how you can determine if any sneaky exceptions already lurk on your PC.

OK, so Microsoft Beta released a new build version of Windows Vista yesterday, with their trademarked catchphrase of “clear, confident, connected”, so far it’s caused me nothing but trouble. Not happy at all to be honest. I download the ISO file (the DVD contents but as one file to make it easier) and then find that I can’t extract the files with my usual program. So I have to trawl round the Internet looking for a specific program which is a bitch to get hold of, and finally download and install it.

I get the “Welcome to Windows Vista” install screen up and sit back and click through the pages. Then, it tells me that the hard disks on my laptop have been formatted with a FAT file system (the way Windows arranges the files). Now, this laptop was preinstalled with Windows XP when I bought it, and recovery disks so that I just put them in and it’s an exact copy as as I first bought it. Great for some…

So, I get my Windows XP disc (not the recovery one) and put that in – I restart and try and get it to boot up but nothing, carries on loading the operating system. So then I put in the Windows 98 disc I have which I know for a fact will boot up. I reinstall Windows 98 onto it twice because it froze half way through. So, Windows 98 is up and running which means that I will be able to put Windows XP onto it (not the recovery disk) and in the setup of that, converts it to an NTFS file system, the one required to install Windows Vista onto.

Now, the problem with Windows 98 is, is that it’s so bloody old! I’d totally forgotten how to work the networking in it! So I couldn’t get the ISO image off the DVD disk of genuine Windows XP because I couldn’t download the program again! So I had to…. resort to… transferring the ISO onto my iPAQ Pocket PC… and Bluetoothing it to my USB dongle plugged into my laptop!! It took a while I’ll tell you that… 6 hours and 17 minutes… is when I stopped counting.

Anyway, I’ve finally got an NTFS partition and it’s finally installing… but it’s taking bloody ages to install. That’s my one top tip – when you get Windows Vista when it’s released, make sure you have a spare fortnight to install it…

Source: Zack’s Blog of Weird and Wonderful Things
Website: ZackNET Enterprises

Microsoft’s next major operating system looks different from the Windows you may be used to. But the parts of it you can’t’ see might be even more important.
It has just been over 10 years since Microsoft launched Windows *8 to great fanfare (whoa a task bar 😉 )Now, as Microsoft prepares its next major operating system launch, scheduled for roughly the end of 2006, an appropriate theme song might be “The Security Blues”

Microsoft is focusing a lot of effort on securing users from the legion of viruses, worms and other malicious attacks that have become such a problem in the last decade.

But security isn’t the only focal point of Windows Vista. Also included are additional gaming features, a stronger desktop search function, a reworking of the graphical user interface, compatibility with high-definition TV and other multimedia tie-ins.

What’s more, Vista is the first mainstream OS from Microsoft built to handle 64-bit applications. The new OS should combine with the latest CPU’s to improve gaming, system performance and of course security.

Of course, exactly what Vista will include will remain in flux. Among the rumours that Microsoft wont comment on: Vista may ship in several different version ranging from an ultra stripped down version for Third-World countries to a full-featured edition. Not everyone sees such an arrangement as a good idea.

Right now, Microsoft has lots of concerned customers, primarily because Windows is a favourite target for malicious code writers. Vista aims to stop attacks in a number of innovative ways. One is by making it easier to create ‘limited user’ accounts, which can be set to allow a user the most basic rights (the ability to download a graphics driver, but not install an application). In previous versions of Windows, only network administrators could control this.

Another way is by having the OS encrypt all the data on your hard drive by default-the first time Microsoft has offered this level of security. Vista will also isolate various applications and components, to is a virus comes in through IE, the amount of damage it can wreck throughout the os is limited. (one of the best features IMHO)!

If Windows Vista delivers on most of what Microsoft has promised, what the beta release suggests and what the rumours predict, it will be a dramatic upgrade. From I know so far, the out look of vista is pretty promising indeed.

Patrick S

—————————————————-
Look out for my article before Christmas regarding the highs and lows of 2005’s IT

Following are 10 things you need to know when dating a developer (or any kind of techie.)

\1. When projects have a deadline approaching, all plans are tentative.

\2. Your body/sex appeal are nothing compared to the power of a processor.

\3. You will NEVER be the Apple of his eye.

\4. Profanity is his friend.

\5. If you love him you will be standing by with a lot of caffeine.

\6. There is no rest for the weary.

\7. Rubies and Pearls are not what you think.

\8. One screen is never enough.

\9. if (loveBoyfriend = 1 ) {learn();}

\10. There is nothing like being the one there when he completes something new.

Do you think it’s true? Let’s ask Joseph 😛

Credits to Emily

Source: Dating an Apple Developer

Everyone’s favourite news journalist Paul Thurrott from WindowsITPro has announced that Vistas CTP will indeed be released to testers on Monday. By crikey what doesn’t this man know?

“Sources at Microsoft have told me that the eagerly-awaited December Community Technical Preview (CTP) build of Windows Vista will be delivered to beta testers on Monday. According to my sources, the CTP is build 5270 (5270.x86fre.winmain_idx03.051212-1830).
In various meetings with the Windows Vista team last week, I was told on the record that the December CTP would be build 5276 “give or take one build.” I was shown both builds 5270 and 5276 at the time.”

Hopefully the man is right,
Vista testers have been anticipating the launch of the Vista CTP for a long time. This build will most probably be a benchmark compared to previous builds-in the sense that hopefully we can have a taste of high stability and improved performance. To be honest…I cannot wait!
(Sorry if this news is a tad old)

-Patrick S