This week, a potpourri of items, mostly revolving around PC security issues, everything from security flaws in Internet Explorer to the latest variant on the Bagle / Beagle worm, and what Microsoft is planning to do about it.
U.S. Steers Consumers Away From IE

Was reading fellow Vancouver blogger Darren Barefoot the other day, and ran across this EE Times story in which the U.S. Department of Homeland Security’s Computer Emergency Response Team (CERT) “recommended for security reasons using browsers other than Microsoft Corp.’s Internet Explorer.”
Whether the forthcoming release of Windows Service Pack 2 (Windows Media Player video) will resolve the IE security flaw is yet to be seen.
In the meantime, as Darren suggests, you might consider downloading the latest version of the Firefox browser, which among its other features offers pop-up blocking and tabbed browsing (an amazing and addictive innovation), as well as, with its Thunderbird add-on, a next generation e-mail client that makes “e-mailing safer, faster and easier than ever before with features such as intelligent spam filters and a built-in spell checker.”
VanRamblings employs Firefox parent Mozilla as our default browser.
An Oxymoron: Microsoft Customer Service?
Allison Linn, an Associated Press business writer, in a story titled Microsoft Beefing Up Customer Service, writes that in response to “increased grumbling over its litany of security flaws (Microsoft will be) paying more attention its customers.” About time, wouldn’t you say?
Question of the Week

My PC takes about 5 minutes to shut down. What’s causing the problem, and how can I fix it? — Submitted by: Georgia S., Annapolis Royal, Nova Scotia

Remember when turning off an electronic gadget meant flipping a switch? Shutting down a PC is much more complicated. Sometimes Windows takes an extremely long time to close, and too often the operating system doesn’t shut down at all.
First, the more programmes you have running on your system, the longer it takes for Windows to close each one before shutting itself down. You should simply close your programmes manually before exiting Windows.
Second, here’s some general advice: Bugs in hardware drivers cause most shutdown difficulties. Before you do anything else, go to the Web sites of your hardware (i.e. graphics card, network interface card, sound card, modem, printer) manufacturers and look up the latest updates.
Third, you might try restoring your Windows registry to an earlier point, when your computer was functioning properly (you will lose the use all programmes installed since that restore point, but you will not lose data).
Close all programmes, and return to your desktop. Select Start / Programs / Accessories / System Tools / System Restore. ‘Restore my computer to an earlier time’ should be selected. Click Next. Choose an earlier restore point. Click Next. On the following screen, click Next again. Wait. Your computer will restart in about 5 minutes, and your computer registry will have been restored to an earlier, hopefully pristine, restore point.
Fourth, the root of the s-s-l-l-o-o-w-w shutdown problem could be a software conflict. You might try updating the programmes you use (e.g. Irfanview, Quicktime, RealPlayer, Mozilla, Spybot, Acrobat Reader) to the latest versions. Oftentimes this will resolve a shutdown problem.
Otherwise, you might try this: to verify that you’re not clearing your virtually memory (swap file) whenever you exit Windows. Select Start / Run, type in gpedit.msc, and press Enter. Navigate the left pane as if you’re in Windows Explorer to Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ Security Options. In the right pane, scroll to Shutdown: Clear virtually memory pagefile. If the option is enabled, double-click it, select Disabled, and click OK.
For additional shutdown tricks, surf to PC World for more hints.
Security: Bagle/Beagle Variant Includes Source Code
According to a ZDNet story, “two new Bagle worm variants and the worm’s original assembler source code were spreading around the Internet on Sunday — a dangerous development, according to security experts.”
The gist of the story is this: infected PCs download a Trojan that effectively enlists that computer into the worm author’s Zombie army, which can be used to distribute spam and other malware and to launch distributed denial-of-service (DDoS) attacks.
Because the Bagle worm’s author has included the source code comments, the fear is that several new variants could be authored and distributed, employing tricks to bypass mail filters and antivirus scanners, thus disabling our computers when their nefarious work has been completed.
By the way, Network Associates has just released their version 2.3.0 of McAfee Stinger which will rid you of several of the Bagle / Beagle variants. The latest version of McAfee Stinger is your best defense against Trojans.

Darl McBride: The Linux Killer

Tech’s most hated man

Wonder why your computer is under almost constant attack by worms, Trojans and malicious code of all kinds? Meet Darl McBride (pictured to your right), the chief executive officer of the widely unpopular SCO Group. For most of the past year, hackers across the globe have set about to hijack computers (including yours) in order to launch a devastating web attack on SCO to physically and psychologically destroy the company. The MyDoom Trojan, in particular, was designed specifically to launch attacks on SCO and Microsoft (more on Microsoft in a moment).
Friends (as well as detractors) comment to McBride that in just two short years, he has displaced Bill Gates as the most hated man in high tech. It took Gates decades of hard work to achieve that distinction.
What has the son of a farmer, a devout Mormon, and the father of seven done to so swiftly earn the honour? In the past year, McBride has transformed SCO — the late 70s developer of the UNIX® operating system — into a legal missile aimed at the heart of the open source software movement. His strategy threatens to undo the progress of Linux and other free operating systems developed by programmers who believe that their selfless efforts have produced a free, robust and reliable operating system.
SCO claims it owns the intellectual property rights to the Unix operating system and that contributors to Linux — the free, open source operating system of the future, and the OS that many believe will transplant Windows in the not-too-distant future — have pilfered that code. Every Linux user, now and into the future, SCO has concluded, owes or will owe it money.
What does this mean to you? First, while at the moment, every three years, or so, most computer users are forced to purchase the latest iteration of Microsoft’s Windows OS — which is bloated with code, expensive and unstable — most techies believe that in the near future a free, lean, stable, widely available and consumer-friendly version of Linux will come onto the market, displacing Microsoft’s core software development business.
Second, because most open source programmers know that they have created Linux and that it is not based on Unix source code, and given that these programmers wish to preserve domain over Linux as a free and available operating system, for months now hackers and programmers worldwide have launched continuous attacks on SCO and Microsoft, compromising not only those two companies, but every computer user in the world whose computer system risks infection and hijacking, in order that our computers might be employed to launch concerted attacks …

“It seems to me that the battle isn’t really SCO versus IBM (a supporter of Linux), or SCO versus Linux,” McBride says. “I think there’s a war going on. The war is around the future of the operating system, and whether it’s going to be free or not.”

What do SCO and Microsoft have to do with one another? Earlier in the year, VanRamblings published an article on the ties between the two.
The Wired article on the SCO-Linux controversy is well worth reading.
Will XP’s Service Pack 2 Cause Chaos?
With the anticipated release of Windows Service Pack 2 just around the corner, the major changes Microsoft has made to Windows XP through the release of Service Pack 2 (SP2) will almost inevitably cause major headaches for most computer users.
In an article published on Monday, PC World’s Joris Evers suggests that the automatic SP2 download will create a raft of problems, from application breakdown (your programmes won’t work), to disruption of your network access (you won’t be able to get onto the ’Net), as well as misconfiguration problems with your computer’s operating system and ’Net access, arising from inappropriate responses to prompts by Windows XP. Yikes !!!
At the moment, Microsoft doesn’t know how it will deliver the required support to computer users experiencing major glitches with XP2. The company could establish a dedicated, toll-free support line. At present, in North America, Microsoft offers the (866) PCSAFETY support line for issues related to computer viruses; that line could be extended to cover SP2.
Otherwise, make sure you’re on very good terms with your techie friends. Chances are, you’re gonna need their help.
Question of the Week

When I use Internet Explorer for Windows, I often get a message that says “Runtime Error has occurred. Do you wish to debug?” What does this mean, and is there a way to avoid it? — Submitted by: James S., Vancouver, B.C.

An Internet Explorer runtime error — one that occurs when a programme is running — can be caused by several problems. Some older versions of the Internet Explorer browser will display the message if you try to open a Web page that contains an apostrophe in the title.
Runtime errors are frequently caused by a mistake in the programming for a script on a Web page.
Compared with early sites, today’s Web pages can be quite complex, with pop-up windows, animations and programming scripts designed to enhance your Web-browsing experience. With all of those bells and whistles, it is possible for a page’s author to make a programming mistake that goes unnoticed during testing. Typically it is only programmers who need to use the debug option in the error box.
Some types of spyware (particularly the subset known as adware), may be trying to open windows or run other types of scripts, and some of these programmes may be causing the runtime errors. If you have installed ‘pop up’ blocking software to cut down on distractions while you browse, the programme may be zapping the extra windows before the rest of the Web page’s intended script can run, thus causing the runtime error message.
You can adjust your settings so that you are not alerted every time the browser programme trips over some bad code. In Internet Explorer, go to the Tools menu, select Internet Options and click on the Advanced tab. Check the box next to “Disable script debugging,” uncheck the box next to “Display a notification about every script error” and click on O.K.

Summertime, And The Livin’ Is Easy. Or Is It?
Summertime, and the living is supposed to be easy — unless you happen to be an IT worker employed in any kind of security-related capacity. In that case, it was just new kinds of trouble this past week, as worms, hacker attacks and other threats made life miserable.
The biggest of the headaches was last Tuesday’s attack against Web infrastructure company Akamai, which knocked Yahoo, Google, and various Microsoft and Apple Computer sites offline.
Akamai executives said the denial-of-service attacks initially targeted four large Akamai customers, rendering their sites inaccessible. But the effects quickly rippled across the company’s network, causing a failure in its domain name server (DNS) system, which translates word-based website addresses into numeric Web addresses to link surfers to websites.

Are security companies ahead of hackers?

Akamai later determined that the attack was launched by a herd of zombies — computers infected with a Trojan horse that programmes the machines to launch Web attacks at specified times.
Sleep tight, knowing that there are potentially millions of zombies out there, programmed to wreak mischief ranging from spam spewing to attacks such as the Akamai caper.
Those more concerned with old-style threats pondered Microsoft’s potential entry into the antivirus market. Representatives from the software giant said it’ll happen, but details on when and how are still being worked out.
Updating Your ZoneAlarm Firewall
ZoneLabs releases an update to their firewall product

As mentioned in a previous Tech Tuesday column, ZoneLabs — the company which produces the ZoneAlarm firewall product — was recently purchased by an Israeli company. The company, upon purchase of ZoneLabs, made a new version of ZoneAlarm available, and required of owners of the Pro version that they either re-register their ZoneAlarm product, or purchase the new ZoneAlarm v.5.0.590.015 iteration.
Today, ZoneLabs released a necessary update to the initial version of ZoneAlarm v5, which resolves a number of problems that were occurring with the first iteration of ZoneAlarm 5 …
As ZoneLabs points out, the new ZoneAlarm Pro version v 5.0.590.043 …

• fixes conflict issues with Norton AntiVirus, particularly as it affects scanning of incoming e-mail for Trojans, worms, viruses, malware, etc.
• fixes issues with SSH timeouts, which may have compromised the integrity of your online communications protocol
• fixes installation issues with the McAfee Security Center, and conflicts with the McAfee AntiVirus programme
• fixes stability issues on your computer associated with the ZoneAlarm product
• resolves routine maintenance items associated with the ZoneAlarm product

Most software on your computer is a work in progress (this is particularly true of your operating system, be it Windows, MAC OS or Linux). Computer users must be aware that most of the software programmes on their computers are updated periodically, and that it is necessary (and often imperative) to download and install the updates.
If you have the ZoneAlarm firewall installed on your computer, in order to avoid all of the re-register, re-license rigamarole entailed in updating your ZoneAlarm, simply click on this link, and follow these directions. And remember: slow and easy does it.
Question of the Week

Hi, I have Norton Internet Security 2003, valid until October 2004, set on my Windows 98SE desktop. Do I need any other spyware or adware, such as Spybot Search and Destroy or Ad-aware 6.0? Do I need to upgrade to Norton Internet Security 2004 now or wait until October 2004?
— Submitted by: David C., Edmonton, Alta.

Norton Internet Security 2003 did not contain anti-spyware software, so you will need an anti-spyware app, such as Spybot: Search and Destroy. You should also download Ad-Aware, and McAfee Stinger.
As for Norton Internet Security renewal, you can re-subscribe in October 2004 for another year. Symantec offers updates for two years after the release of a product. So, in October 2005, you will need to upgrade to the company’s latest offering.
All efforts on your part to make your surfing life secure will likely go for naught, though, as a consequence of the fact that you’re running an unsupported, insecure operating system. As of January (and, actually much earlier than that) Microsoft discontinued support for Windows 98.
You may want to read Fred Langa’s article, Microsoft’s ‘Product Lifecycle’ Plans for more information on why you should consider upgrading your computer’s operating system to Windows XP (or, for a challenge, Linux).
And, by the way, just in case you’re considering ‘borrowing’ a copy of Windows XP from a friend to install on your computer — you could, but an unregistered copy of Windows XP will almost immediately be identified as being pirated, and you run the risk of having your machine ‘locked’ by Microsoft, and enjoying an impromptu visit from the local constabulary.
Even if the above Windows XP issue is of no concern to you, pirated copies of Windows XP will not allow you to download Windows Service Pack 1 or 2 — and without those 100, or so, critical operating system security ‘patches’ you might as well be running Windows 95 / 98 / ME for all the security support you’ll be afforded by Microsoft … which is to say, none.
For more information on related Windows XP issues, have a look at Fred Langa’s article on Windows Product Activation.

A Simple Plan
Virus-proof your PC in 20 minutes, for free.

One can never be too secure when it comes to computing. Viruses, trojans, worms, malware, spyware, and any number of malicious intrusions impact minute-to-minute on our ability to surf the web in a safe and salutary manner.
In the past, VanRamblings has written about the pre-conditions necessary to surf safely. This past week, Paul Boutin, writing in Slate, offered even more advice to protect yourself while online, beginning his article with this piece of disquieting news:

The antivirus company Sophos reported last week that it sighted 959 new viruses and worms on the Net in May. Some of them, like the Sasser worm that infected a million or so computers, connect to idle home desktops, rather than arriving as e-mail attachments. Others aren’t viruses but sneaky spyware that’s bundled with popular programs like KaZaA. Sophos also claims that up to a third of spam is sent by PCs that have been infected with remote-control programs that can turn a computer into a spammer’s zombie slave.

Specifically, Boutin suggests that you …

• Set your browser and e-mail security
• Get Microsoft’s security updates, and
• Check for spyware (read this week’s Tech Tuesday question below)

First of all, though, warns C|NET editor Robert Vamosi, you’d better make sure that your antivirus application is working, given that “many new viruses have been shutting down antivirus and firewall apps, or, in other cases, disabling the software’s automatic update feature.”
Speak Up

The immense popularity of the Apple iPod has had an unintended side effect: we’re at risk of becoming a nation of zombies wandering the streets plugged in to those omnipresent white earbuds. If you recognize these signs, do not panic. There is a cure for iPod-itis: pick up one of these portable speaker systems for MP3 players. The cool, one-piece designs fold up, and they’re perfect for sharing your tunes at a party.
Question of the Week

Recently, while downloading, my computer advised me that I had received a Trojan horse. I immediately ran my Grisoft AVG antivirus. It told me that the Trojan horse was “ms\lagent.exe” and advised me to put it in the AVG Vault as it could not delete it. How do I get rid of the Trojan horse? Appreciate any help you can give me. —Submitted by: Harry S., Langley, B.C.

Run another free application often recommended by VanRamblings, Spybot: Search and Destroy, to remove “lagent.exe.” Spybot specifically removes Trojan horses and spyware. Other good choices include Ad-Aware, and McAfee Stinger (there’s a new version just out this week).
You might also consider surfing to the Symantec security response site. Locate the specific virus or Trojan that’s infected your system (or place the name of the virus / Trojan in the search box), and follow the directions for removal. Most often, Symantec (who make Norton Anti-Virus) will have created a clickable ‘removal tool’ which will automatically scan your hard drive, and your computer’s registry, removing all incidences of the virus or Trojan offender. Your computing life should then return to normal.