2005 Gear of the Year, part 2

2005 Gear of the Year, part 2

By Brian Livingston

Reviewers of computer products often exhibit maddening differences in their ratings of identical sets of items. But when several unrelated reviewers all pick the same product as Editors’ Choice, you can be sure you’ve found a real winner.

That’s the concept behind my Gear of the Year awards. I’ve analyzed every objective test of computer products I could find in calendar year 2005. Out of that mass of data emerges a picture of the best of the best. Those products are featured here.

Back in the Nov. 10 issue, I reported my findings on Windows-compatible cameras, LCD screens, laptops, MP3 players, hard drives, PDAs, projectors, and printers. Today, I’m covering lower-priced items — perhaps a stocking stuffer for a loved one or, more likely, a treat you’ll be buying for yourself. (Ho, ho, ho!)

The latest test results from the dozens of reviewers we analyze are summarized during the year in the newsletter’s Index of Reviews section. I’ve left that section out this issue to make room for part 2 of the Gear of the Year. You can find every ranking we’ve indexed in the past 12 months — and use our search engine to locate any comparison you may need — in the Reviews section of WindowsSecrets.com.

	2005 PHONE OF THE YEAR Treo 650 takes the prize for calls A lot of powerful cell phones came out this year, but the dominant force in test after test is the Palm Treo 650 (photo, left). It’s barely 2 inches wide but managed to cram in a full Qwerty keyboard, which is admittedly tiny. The Treo was named Editors’ Choice by Mobile Magazine and Laptop Magazine and is top-rated by CNET. Motorola’s slinky RAZR V3 (right) also won props from Mobile Mag, but the Treo edges it out. More info: Palm Treo 650, Motorola RAZR V3 Link to all reviews of phones
	2005 INKJET OF THE YEAR Canon Pixma iP4200 is fast duplexer It’s impressive enough when an inkjet printer offers two separate paper trays and duplex printing. But Canon’s Pixma iP4200 (left) is also PC World’s Best Buy as the fastest of numerous inkjets tested. The new model improves upon the older Pixma 4000, which was top-rated earlier in the year by PC Magazine and PC Pro. Honorable mention for Gear of the Year goes to the Epson PictureMate Deluxe Viewer (right), an Editors’ Choice by PC Magazine. More info: Canon Pixma iP4200, Epson PictureMate Deluxe Viewer Link to all reviews of inkjet printers
	2005 USB DRIVE OF THE YEAR Verbatim’s U3 USB drive offers antivirus The biggest advance this year in USB drives — a category that suffers from Look-Alike Syndrome — is the U3 System. This new, open standard allows you to run many applications directly from a USB device without installing software on whatever PC you may be using. It’s too early for real comparative reviews, but Verbatim’s Store ‘n’ Go U3 Smart Drive (left) stands out as the best of the bunch so far. Verbatim bundles McAfee antivirus scanning and several other free programs with its 1GB drive. More info: Verbatim Store ‘n’ Go U3 Link to all reviews of USB drives
	2005 DVD RECORDER OF THE YEAR LG drive is the Switzerland of burners Can’t we all just get along? That’s the obvious question when we’re confronted with the varying DVD formats: DVD+R/RW, DVD-R/RW, and DVD-RAM. The LG Electronics Super-Multi Rewriter handles this with aplomb by supporting every format. As a bonus, it can burn labels directly onto so-called LightScribe discs. PC World gives it a Best Buy honor and calls it “in a class by itself.” More info: LG Electronics GSA-2166D Link to all reviews of DVD recorders
	2005 WI-FI PRODUCT OF THE YEAR Don’t just spot Wi-Fi, share it Lots of awards early this year went to the Canary Hotspotter (right), which tells you when Wi-Fi service is in range. But, based on newer tests, the Canary is far surpassed by the ZyXel Wi-Fi Finder/Modem (left). The ZyXel not only identifies available secure and nonsecure Wi-Fi near you and acts as your laptop’s Wi-Fi adapter. It also amplifies the signal for your companions whose own laptop antennas are too weak to connect. More info: ZyXel AG-225H Wi-Fi Finder/Modem, Canary Hotspotter Link to all reviews of wireless products That’s it for the 2005 Gear of the Year awards. I hope you find the ratings in this and the previous issue helpful in finding the best devices for your business or personal use. Good hunting! Brian Livingston is editor of the Windows Secrets Newsletter and the coauthor of Windows 2000 Secrets, Windows Me Secrets, and eight other books.

Security holes don't stop for the holidays

By Chris Mosby The coming holiday season isn’t keeping security flaws in software from being exploited. But don’t let that fact keep you from cooking your turkey this year — we’re here to keep you informed.

Popular apps allow hacker code to run

iDefense recently reported a vulnerability in several vendors’ applications, which allows hackers to easily launch any code they’ve managed to get installed on your PC. This hole is caused by these applications’ improper use of functions in the Microsoft Windows API (Application Programming Interface). This is a known side-effect of these functions and is described in Microsoft’s API documentation.

Ultimately, it comes down to quotation marks. When these vendors wrote their programs, parts of the code referenced executable files that are contained in folders with long file names. The long file names contain spaces, which are legal. But the apps didn’t use quote marks to enclose their command lines. This forces Windows to guess where the executable files are, instead of the names being defined explicitly in the program code.

For example, sending Windows the string c:Program Filesfolder nameprogram name causes the system to execute the first application it finds in the following search order:

• c:Program.exe Filesfolder nameprogram name
• c:Program Filesfolder.exe nameprogram name
• c:Program Filesfolder nameprogram.exe name
• c:Program Filesfolder nameprogram name.exe

If there’s an executable file called Program.exe in your c: directory, Program.exe will be executed instead of the intended program. Knowing that, the threat becomes all too clear.

Which applications are known to have this problem? It may surprise you to see the major players who are guilty of this lapse. Here’s the list:

• Microsoft AntiSpyware 1.0.509 (Beta 1)
• VMWare VMWare Workstation 5.0 .0 build-13124
• RealNetworks RealPlayer 10.5
• Kaspersky Labs Anti-Virus for Windows File Servers 5.0
• iTunes 4.7.1.30

So far, Apple and Kaspersky have both confirmed that the latest versions of their products are not vulnerable to this issue. No response has been seen from RealNetworks or VMWare, as of this writing.

Microsoft, for its part, confirms the situation but says the problem will not be addressed until Beta 2 of Antispyware comes out later this year. The version that’s currently available for download is still vulnerable.

What to do: The first thing to do, if you use one of the above applications, is to make sure you’re using the most up-to-date version of the software. This might not protect you from the problem described above, but it does protect you from other vulnerabilities, at least those that have been repaired.

You could also do what iDefense suggests, which is “ensure that unexpected files are not stored in locations that can be used for this attack.” That solution, unfortunately, is problematic. How often do you plan on checking all of your application folders?

I have a better idea:

Step 1. Uninstall and then reinstall the program in question;
Step 2. Install it into a folder that’s only one level below the root, if possible.

For example, you might install MS Antispyware into a new folder called c:antispyware (or any name that doesn’t contain spaces). That way, if malware that targets this specific software hits your computer, it won’t find what it’s looking for. Therefore, it won’t run because the app’s executable name is explicit.

Windows XP SP2 will probably alert you if there’s a Program.exe file located in the root of your c: drive, but this fact alone won’t necessarily protect you.

ZoneAlarm’s ‘Program Control’ can be bypassed

Secunia reports a weakness with some versions of ZoneAlarm’s personal firewall products. This could be exploited to get around ZoneAlarm’s “Advanced Program Control” functionality, possibly sending your sensitive data out to a hacker’s server.

This hole exists because Program Control fails to recognize malware that uses IE to connect to the Internet via Mshtml.dll.

This has been confirmed by Secunia to be a hole in ZoneAlarm Pro 6.0.667. It’s also found in the following other products made by Zone Labs:

• ZoneAlarm Pro 6.0.x
• ZoneAlarm Internet Security Suite 6.0.x
• ZoneAlarm Anti-Spyware with Firewall 6.1.x
• ZoneAlarm Antivirus with Firewall 6.0.x

The good news, such as it is, is that the free version of ZoneAlarm doesn’t have the Program Control feature and therefore doesn’t have the problem.

Secunia says it doesn’t normally regard this kind of bypass as a vulnerability in firewall software. Zone Labs, however, advertises that its products that contain Program Control can stop this kind of attack, which makes Secunia’s concern more urgent.

What to do: Secunia suggests, “Do not run untrusted programs.” Ho ho ho. If it were that simple, computer security wouldn’t be as big as a problem as it is today.

If switching to a browser other than IE is not an option for you, I recommend that you make sure IE is secured with Brian’s recommended hardening. Also, make sure you’re using his Security Baseline, above, at a minimum. And watch for an update to the Zone Labs products listed above.

Microsoft releases advisory on RPC vulnerability

Microsoft says it’s found proof-of-concept (PoC) code that exploits Windows 2000 SP4 and Windows XP SP1. The company has released a security advisory warning about the issue.

This vulnerability could be used to perform a denial-of-service (DoS) attack of limited duration on a computer with those service pack levels. Windows XP SP2 and Windows Server 2003 Gold and SP1 are not vulnerable.

This attack involves the denial of new memory allocations via RPC. To pull this off, the hacker sends data packets to a vulnerable computer. This would prevent new memory from being allocated, causing the computer to be unusable for a while.

What to do: To work around this problem, Microsoft gives several recommendations, one of which is to use a personal firewall. If you’ve put our current Security Baseline into place, then you’re already protected from this threat.

The Over the Horizon column informs you about threats for which no patch has yet been released. Chris Mosby is a contributor to Configuring Symantec Antivirus Corporate Edition and is the Systems Management Server administrator for a regional bank. In his spare time, he runs the SMS Admin Store.

Clean your parents' PC

By Ryan Russell I’ve seen the Ghost of Christmas Patch — it’s almost time to go home and fix your family’s computers. Whether or not your parents expect you to remove the nasties from their PCs, it’s a good idea, since you’re the expert. In this column, I give you a list of the tools you’ll want to take with you. Plus, I have important updates about the Sony BMG rootkit.

First, make a CD with everything

In most of the Western world, it’s now the start of the holiday season. That usually means feasting, exchanging of presents, and you fixing your relatives’ computers while you wait for the food to cook. The real problem isn’t your free consulting time, it’s that they usually have some horribly decrepit Windows 98 machine that you only vaguely recall how to administer. Worst of all, half the time they only have dial-up Internet access.

Unless you can tie up the phone line for 12 hours straight, that means you’ll need to bring most everything with you. Here, therefore, are my recommendations for the files to burn to a CD-R and take with you. It helps if you ask your family for some kind of minimal inventory of what they have, or at least ask them what version of Windows is installed.

It’s important that you let your family members know what you’re doing before you start, even if they can’t tell a bit from a byte. Make sure they understand how to update any software you’ve installed and how to respond to any new prompts that may be displayed. Also, ask your kin to use and print from their applications to ensure you haven’t broken anything. Otherwise, you may be called back to your folks’ place for a command appearance before New Year’s Day.

Quick quiz: Why do you want to burn a CD instead of using an external hard drive or a USB Flash drive? Windows 95 and 98 require special drivers to get any kind of USB functionality. Anything older than Windows 2000 supports few USB devices. Anything older than Windows XP is unlikely to have the drivers as part of the operating system, so your USB drive won’t “just work.” Older FAT32 drivers also won’t recognize drive partitions past a certain size. The old hardware might not even have USB ports at all.

So save yourself a big hassle: burn a CD that contains what you need. Make two, if it takes that much space. You might as well make the CD “single-session,” in case their CD-ROM drive is that old. And go ahead and make a second copy, in case you create a coaster, one of the CDs doesn’t survive the trip, or whatever. If you shop around, CD-Rs are as little as 10 cents a piece, so burn plenty.

Free antispyware tools

As a quick reminder, you can find Brian’s recent roundup of antispyware software in the Sept. 29 newsletter, with a small update on Oct. 27. As Brian says, pay a little and get the best. However, that’s for your computers. You understandably may not be willing to fund the software for everyone you know.

You could ask your relatives to hand over the credit card for a moment, while you get them the latest antivirus and antispyware, for a hit of around $40 or so. You can also suggest they switch to an ISP that gives away virus and spyware protection, as do Comcast and AOL.

But if your folks don’t want to spend any money, I’d like to recommend a few other tools you can take, simply because they’re completely free for personal use. That means you can install them on your friends’ and families’ computers without cost.

The first tool is Lavasoft Ad-Aware SE. Visit the Web site and download the SE version, which is the one that’s free for home use. You’ll probably be redirected to Download.com for the actual download. Naturally, there are some extra features in the for-pay versions, and you might consider those for other uses. The free version is the best free spyware scan tool, as far as I’m concerned. Don’t forget to download the latest signature updates, which will save you some later download time.

Another good antispyware tool that’s also free is Spybot Search & Destroy. The tool has no paid counterpart, although the authors do accept donations. Download the latest updates at the same link. There will, of course, be some overlap when you use more than one antispyware tool, but I find that each one has at least a few things it finds that the other tools don’t.

Last but not least is Microsoft’s AntiSpyware tool, now named Windows Defender. It’s free for the moment, while it’s in beta. Microsoft has not yet indicated whether it will continue to be free after that, but you can take advantage of it for now, at least.

One potential barrier for some home users will be the system requirements. MS Antispyware requires Windows 2000, Windows XP, or Windows Server 2003. It also requires Windows Genuine Advantage, which could result in a series of downloads and updates, if the computer hasn’t been patched recently.

One advantage of this tool over the other two mentioned is that it includes active blocking, while the others require you to perform a scan and removal after the fact. Lavasoft will sell you a version that does the active blocking, if you don’t wish to use Microsoft’s. (Don’t set up real-time antispyware scanning by more then one app.)

I wasn’t able to find an obvious way to pre-download updates for Windows Defender. You’ll probably have to spend a good bit of dial-up time to bring it up to date after the install.

Additional updates and tools to take

Don’t forget to grab any operating-system updates you think you might need. In particular, get the big downloads, like the DirectX update, the latest patches for Internet Explorer, and any service packs and rollups.

Pay particular attention to what you grab. Microsoft tends to give you a small downloader app instead of the full download. When you run the downloader app, it tries to connect to the Internet to download tens of megabytes of updates.

For Internet Explorer, in particular, the procedure to pre-download everything is fairly complicated, but it’s explained in a Microsoft article.

Next, try to grab new drivers from the various manufacturers’ Web sites for any peripherals you know your family members have. Pay special attention to video drivers, which are frequently updated and can solve a lot of problems.

Keeping an up-to-date inventory of everyone’s computers isn’t always easy though, so you may not know which video drivers to download until you get to Mom’s. If you know your family has a recent video card, you can simply grab some generic drivers from nVidia and ATI.

Be prepared to do some manual work, if necessary, which means having your favorite software tools with you. For example, I constantly use tools from Sysinternals. If I suspect there’s some rogue process loose on a Windows computer, but my scanners don’t spot it, I break out Regmon, Filemon, or the process tools. The Autoruns tool is also good for seeing all the things that have insinuated themselves into your startup collection.

I also sometimes want a packet-capture tool. My favorite is Ethereal. It’s not the most fun thing in the world, having to extricate a piece of malware by hand. But you’re better off having the tools with you, just in case.

I haven’t said a lot about antivirus software yet, though of course it’s also very important. That’s mostly because I don’t use any free antivirus tool, and therefore can’t recommend one.

However, Castle Cops lists some online antivirus tools you can use in a pinch. Again, that means more download, but antivirus software is a must-have if your family doesn’t already have any.

Don’t forget those home-computer gifts

Having prepared your toolkit, you may still not be looking forward to fighting an ancient version of Windows and decrepit hardware that’s full of dust bunnies. Don’t overlook the advantages of simply throwing a little money at the problem. With a little careful shopping, you can find some much-needed upgrades for relatively few dollars. Plus, it counts as your gift! If you’re like me, you don’t know what to buy anyway, so give a gift that keeps on giving (and saves you some tech-support headaches later).

I’m a big fan of shopping the surplus stores and eBay. I could link to some specific items, but chances are they’ll be gone by the time you read this. So I’ll provide some general examples instead.

One place I buy from frequently is Surplus Computers. As of this writing, I see they have some refurbished Dell Optiplex GX1 machines. We’re talkin’ PIII 500Mhz, 128MB of RAM, 6GB HD, CD-ROM, 10/100 NIC. They want $32.99 USD plus shipping and handling.

Is that pretty anemic by today’s standards? Of course. Is it significantly better than the pathetic K6-2 with 64MB of RAM and Windows 98 I’d otherwise be working on? You bet. I’ll happily transfer the old hard-drive contents to avoid having to keep the old machine limping along.

Other examples I see at Surplus Computers are a McAfee ViruScan 9.0 2-pack for $13.99 and Windows XP Home with Service Pack 2 OEM for $89.99. Unfortunately, the hardware requirements may keep Windows XP from being a complete slam dunk on the older hardware, but it’s probably the single best software upgrade you can give someone who has something older than Windows 2000.

So scout out your local surplus and discount stores. You may even find one close enough that you can avoid shipping costs on the heavy items.

The latest update on Sony BMG’s rootkit

I wish I could say “wrap-up” instead of “update,” but I don’t think we’ve heard the end of this story yet. I feel a little like a broken record talking about this again, but unfortunately it just keeps getting worse.

In the Nov. 10 newsletter, Chris Mosby went into detail about the rootkit. I had my say that week as well. I had expressed mistrust of Sony BMG’s uninstaller, and said the ActiveX control I looked at was highly suspicious.

Sadly, I guessed correctly. It turns out that the ActiveX control that’s used for uninstalling leaves a massive security hole behind. This hole allows any Web page you view in Internet Explorer to install any program it wants on your computer.

Fortunately, J. Alex Halderman and Ed Felten did the research necessary to figure this out and warn us. They even provide uninstall instructions for Sony BMG’s uninstaller.

Even with this terrible confirmation, I might not had written this update, since I’d already warned everyone to remove the rootkit, if possible. However, I was a little shocked to find out how many people have this thing installed. I had guesstimated that maybe thousands or even tens of thousand of people might have it. A little research I did, using one of the lists of affected CDs, indicates that it’s been shipping since April 2005.

Boy, was I wrong. A friend (and co-author) of mine, Dan Kaminsky, is a brilliant network researcher. One of his recent projects was to scan every DNS server on the Internet, checking versions, upstream links, and other general DNS statistics. So he’s a bit of a DNS wiz now. He got wind of the Sony BMG rootkit (who hasn’t), and put his experience to work. He checked all the DNS caches in the world, and found that at least 568,200 nameservers have the phone-home host name cached. About the only reason to have looked up this address is the rootkit phoning home.

As you know, most nameservers work on behalf of many DNS clients. This probably means that millions of Windows computers have this rootkit, and they are all vulnerable in some degree because of it. So yes, please add checking for this rootkit to your list of maintenance tasks as you make your rounds this holiday season.

Sony BMG seems to be finally trying to do the right thing, which is pulling the infected CDs from store shelves, and offering untainted replacements. I wonder if this about-face had anything to do with the several pending class-action lawsuits, the latest of which is from Texas?

Additionally, Sony BMG has indicated that it will exchange tainted CDs for clean ones, and even give you MP3 files of your songs, if you like. I don’t know anyone who has an exchanged CD yet, so it remains to be seen how clean is clean. It seems that Sony BMG might have a different idea of clean than I do.

If you missed any of the drama leading up this fiasco, Boing Boing has a very nice summary and a follow-up item. The Boing Boing guys exhibit just a wee bit of anti-Big-Media bias, but I’m not feeling particularly fair-and-balanced on this issue myself.

One bit of good news is that Microsoft has announced that it will detect and remove the Sony BMG rootkit with Windows Defender and the Malicious Software Removal Tool, as of the December update.

One question I had is whether Defender will mark the rootkit as “Ignore”or “Remove” by default. Microsoft previously downgraded some notorious spyware to “Ignore,” leaving it in place on most users’ PCs. You can still configure the Microsoft tool to remove the spyware, if you change the setting. But defaults are incredibly important for less-knowledgeable users.

Well, there’s some good news and some bad news. The good news is that I just tried the new Defender update, and it finds the rootkit, marking its importance as “High” and defaulting to “Remove”. The bad news is that Defender only detects the Aries.sys component, the one that hides $sys$ files. The other pieces are all left in place.

The Perimeter Scan column gives you the facts you need to test your systems to prevent weaknesses. Ryan Russell is quality assurance manager at BigFix Inc., a configuration management company. He moderated the vuln-dev mailing list for three years under the alias “Blue Boar.” He was the lead author of Hack-Proofing Your Network, 2nd Ed., and the technical editor of the Stealing the Network book series.

Play the "Best Search Engine" game

Everyone talks about which search engine is the best, but no one ever does anything about it. Until now.

The so-called Search Engine Experiment is a “blind taste test” that provides an objective rating system. You’re shown the top three results from three search engines, identified only as Brand X, Y, and Z. You then click a button to register your vote. You may be quite surprised.

With more than 10,000 testers so far, the figures are Google 42%, Yahoo 32%, and MSN Search 26% (see pie chart at left). The project just started on Nov. 21 and the results are fairly close, with the lead changing hands several times. They need more testers — only your first vote counts, so make it good. Play the game

Link of the Week: Lies, damned lies, and statistics

No one really knows who came up with that clever phrase, and in this instance it’s overstating the case. But a story in the Business Insider has a rather startling headline: To wit, “Internet Explorer Users Are Dumber.”

It’s an amusing piece with a couple of reminders: statistics don’t automatically translate into reality and what we read on the Internet should never be taken immediately at face value.