Use OpenDNS to surf safely with these tricks

Fire at Web host affected Windows Secrets

By Brian Livingston

A serious electrical fire cut power to a large Web hosting company in Seattle, knocking numerous sites off the Internet on July 3 and the early hours of July 4, including WindowsSecrets.com.

All of Windows Secrets’ data was fully backed up, and all subscriptions will continue just as before the power outage, but it took longer to get our site back online than I’d like.

In February 2006, as I described in an article at the time, we upgraded Windows Secrets’ server equipment and relocated it to a secure carrier hotel in Seattle named Fisher Plaza. Our Web host in this building, named Adhost (short for “advanced hosting”), maintains an elaborate system of uninterruptible power supplies and two diesel generators that can supply electricity indefinitely if city utility power is cut.

An electric arc blaze in Fisher Plaza’s basement garage, however, destroyed the connection between the city’s power and the building. The fire forced the evacuation of Adhost and every other company in the building, including KOMO-TV, Seattle’s ABC network affiliate. The station’s newscast that evening stated that the fire reached a temperature of 5,000F/2,760C and melted thick metal plates. (See Figure 1, photo courtesy of KOMO News.)

Figure 1. The Fisher Plaza fire, which knocked out hundreds of Web sites, was so hot that it melted metal plates in the basement.

Besides Windows Secrets’ little collection of articles, the fire wiped some very big sites off the Internet:

• Authorize.net, one of the world’s largest credit-card gateways, is headquartered in Massachusetts but chose to locate servers at Adhost on the strength of the hosting company’s redundant systems. The credit-processing firm maintained a completely separate data center as a backup, but the servers there failed to come online when the crisis struck, according to a Data Center Knowledge article. Authorize’s 238,000 clients were unable to process credit-card transactions for more than 12 hours.
• Bing Travel (a feature of Microsoft’s new Bing.com search engine) was the last affected Web site to restore connectivity, according to the Dennis Schall blog. The travel site was down for 36 hours.
• Geocaching.com, a real-time geolocating service, was down for 29 hours. Jeremy Irish, president of parent company Groundspeak, spoke for many webmasters when he explained in a blog entry why his firm didn’t pay to keep two data centers running at all times:

  “We’re not a bank, so although 29 hours is a long time to be down, we do not plan to duplicate our infrastructure so we are completely redundant. It is just too expensive to make fiscal sense.”

Back in 2006, my staff and I made a decision for Windows Secrets that was similar to Jeremy Irish’s. Keeping two data centers synchronized in real time can double or triple a firm’s hosting expenses (including the added layer of network engineering). Given Adhost’s heavy-duty generating capacity, a total loss of power seemed so unlikely that using a single data center was regarded as a reasonable choice.

To be sure, Fisher Plaza did experience an earlier electrical fire on June 21, 2008 (as described in John Cook’s Venture Blog). But connectivity in that case was completely restored in “only” eight hours. At the time, we thought that our server being down for a few hours was an acceptable risk as a rare, worst-case scenario.

WindowsSecrets.com was unavailable for about 34 hours on July 3 and 4. For most of that period, however, we were able to display to visitors an alternative home page. This backup page displayed a notice that a fire at our hosting company had affected our site, so at least some explanation of what was happening was provided.

Low-cost tricks for short-term disaster recovery

If your company maintains a Web site, you might be interested in some low-cost, minimalist disaster-recovery systems we maintain in case of a catastrophe:

• Alertra is a service that periodically tests Web services and notifies the affected parties if a site is down. We pay about U.S. $7 per month for Alertra to monitor our Web site and our separate mail server’s SMTP service. My developers and I were notified by e-mails to our cell phones just before midnight, about 20 minutes after the Fisher Plaza outage began. (Alertra’s e-mail notifications are free; text messages and automated voice calls cost a few cents per incident.)
• EasyDNS offers a real-time DNS (domain name system), which allows a Web site to switch from one IP address to another within minutes. Without a service like this, a new server may not be findable by visitors for 24 to 48 hours while its IP address “propagates” gradually around the Internet. We pay EasyDNS about $20 per year. Once my developers determined that Fisher Plaza wouldn’t come back up for hours, they were able to reroute visitors from our power-deprived Web equipment to a spare server that displayed our explanatory notice.

Windows Secrets has no other business relationships with Alertra or EasyDNS, and we receive nothing if you visit them or sign up for their services. We just like them a lot.

After Fisher Plaza restored power, and our server got back to normal on July 4, I e-mailed a short news update to Windows Secrets subscribers, apologizing for the inconvenience of the outage.

Interestingly, the cost of maintaining duplicate data centers has dramatically dropped in just the last three years. I explained in my update that Windows Secrets has been testing virtual servers using “cloud computing” since January 2009.

My staff and I plan to move our site to a Web service like EC2 (Elastic Compute Cloud) within one year. When that upgrade is completed, a new virtual server can be created automatically within minutes if any one data center goes down. Little cost is incurred unless the backup server is needed.

Since my news update went out, a few readers have contacted me, wondering whether their e-mail addresses will remain private if Windows Secrets uses cloud computing. I can assure you that the security of our subscriber list will be even better after we make the move.

If you’re really paranoid, you should consider this: every time you send or receive an e-mail, your address is revealed to the owners of every router your message passes through. Mail servers routinely exchange your e-mail address in plain text. Until a new, super-secure e-mail standard is adopted, it’s theoretically possible for dishonest ISP workers to “sniff” addresses at will. So much for privacy.

I’ll give you more technical details about cloud computing as soon as our plans firm up. In the meantime, please enjoy Windows Secrets and thanks for your understanding during our all-too-human stumbles.

Brian Livingston is editorial director of WindowsSecrets.com and co-author of Windows Vista Secrets and 10 other books.

Use OpenDNS to surf safely with these tricks

By Becky Waring

Windows Secrets editors frequently recommend OpenDNS, a free service that blocks dangerous sites so you can browse the Web securely.

Unfortunately, OpenDNS has a few tricky gotchas for the unwary, but most of the problems can be solved if you set up an account and take advantage of a few tweaks.

In her June 11 Top Story, WS contributing editor Susan Bradley described how to use OpenDNS to help combat malicious Web sites. In essence, you quit letting your ISP’s server convert domain names (like Google.com) into IP addresses (74.125.45.100) for your browser. When you type a domain name, the conversion to an IP address goes through OpenDNS instead.

This simple substitution of one set of DNS servers for another should eliminate the intermittent server outages that many broadband subscribers experience. OpenDNS uses a global network of servers that can be redirected in case of overload or failure. The service’s main page shows the servers’ locations in the U.S. and Europe. In addition, OpenDNS claims to resolve requests quicker than the DNS servers of most ISPs, which means pages should load faster.

However, the real power of OpenDNS — and the reason Susan and other experts recommend it as a defense against Web-based malware attacks — lies beyond mere name-to-number serving.

By filtering the URL requests that come to you through its servers, OpenDNS can block your browser from surfing to phishing sites and other kinds of undesirable content. The service also corrects typos you make, such as google.cmo, and lets you create URL shortcuts for quick access to the sites you visit most often.

OpenDNS is currently beta-testing a new SmartCache feature that loads the last known-good address for a Web site, even if its nameserver is offline. This kind of outage can happen due to distributed denial of service attacks, for example. This spring, Amazon.com and other big-name sites were unavailable for several hours due to this type of assault, as described in ZDNet’s Between the Lines blog. With SmartCache, OpenDNS users can access these sites even though other Internet users cannot.

With such a simple premise, OpenDNS sounds great, right? Unfortunately, some people — including several WS readers who wrote in after Susan’s story appeared — have had problems when attempting to use the service.

The correct way to set up OpenDNS

The issues our readers and other OpenDNS users report are due mainly to an incomplete or incorrect setup of the service. Many articles that recommend using OpenDNS say only that you should replace the DNS servers in your computer or router with two OpenDNS-controlled IP addresses: 208.67.222.222 and 208.67.220.220. These articles, while meant to help users, fail to tell the rest of the story.

A simple IP address replacement is indeed all most OpenDNS users need to do. Full control of your OpenDNS experience, however, requires that you create an account on OpenDNS.com. Without an account, you’re stuck using the default preferences, which may not work for your setup. For example, you may not be able to access a VPN (virtual private network) or Windows Home Server without changing your account preferences.

Similarly, you can’t take advantage of OpenDNS’s powerful filtering options without establishing an account. By default, OpenDNS uses a so-called PhishTank list to block phishing sites; the list is maintained by OpenDNS itself. But if you’re a parent or employer who also wants to block sites in such categories as pornography, illegal downloads, social networking, or video sharing, you need to do so by configuring your account preferences.

To set up a free account, simply go to OpenDNS.com and sign up. You must also change the DNS servers in your router to the two IP addresses mentioned above. Instructions for doing this on most routers can be found on the Use OpenDNS page. Once your account is confirmed, sign in at the OpenDNS site and open the Dashboard to change your account preferences. (See Figure 1.)

Figure 1. Customize your OpenDNS settings via the service’s Dashboard.

To customize OpenDNS for a typical home PC user, you would first add your home network using the Networks tab. By configuring OpenDNS in your router and adding your home network, you can protect all your computers and network devices — including smartphones that connect via Wi-Fi — with the same account settings. If you use multiple networks, you can add them all under the same account.

When you travel, you can change the DNS settings for your laptop’s Wi-Fi and Ethernet adapters to connect to OpenDNS directly, rather than relying on your home network to make the connection. Instructions for Windows, Mac, and Linux computers are available on the OpenDNS Change DNS settings page. (It’s fine to use both computer and router OpenDNS at the same time.)

Next, click the Settings tab to choose and customize your Web-filtering preferences. I have mine set at the second level, Low, which blocks phishing and pornography sites. Parents may want to choose a higher level of protection. You can also create custom lists of allowed and blocked sites, regardless of the level of protection you select.

Accessing the real OpenDNS mother lode, however, may be a bit more difficult for the typical user to figure out. Click Settings, Advanced Settings. (See Figure 2.) This is where you can add your VPN or Web server, activate the SmartCache feature, and enable dynamic IP updating — which is particularly useful for travelers.

Figure 2. The OpenDNS Advanced Settings page lets you customize your use of the proxy service.

To reach a VPN or corporate intranet domain, or to access such resources as network printers and network shares, you have two options. For home networks, simply add a “Domain typo exception” in the name of your VPN server or network domain; for example, vpn.mycompany.com. Together with dynamic IP updating, this solves a problem with remote access and Windows Home Server.

If you’re already running a local DNS server such as Windows Server 2008 with Active Directory, your second option is to forward only external DNS requests to the OpenDNS servers and continue to resolve local domains locally. In this case, you update the external DNS settings to OpenDNS on your server, not in your router or client computers.

People who rely on a dynamic IP address from their ISP or who travel frequently can download and install the OpenDNS Updater, which is available on the OpenDNS Support page.

Putting OpenDNS to the speed-comparison test

Once you’ve got OpenDNS configured properly, it’s time to try it out. First, you can attempt to verify OpenDNS’s speed claims with the handy DNS Performance Test from Silverwolf’s Auditorium. Run the test on your regular ISP’s DNS servers and on OpenDNS’s servers.

In Northern California, where I live, the results confirmed some complaints of slowness by the alternative service. AT&T’s DNS servers, accessed via my standard DSL service, were twice as fast at resolving DNS requests as OpenDNS: 89ms versus 187ms.

While 187ms is a fairly good response average, the OpenDNS folks indicated that my results were atypical, especially since they have a server located near my house. When I asked several other Windows Secrets editors to run the same tests from their locations around the world, their results varied widely.

For example: In New Hampshire, Fred Langa got a test result of 132ms from the servers at his FairPoint ISP and 146ms from OpenDNS. In Colorado, Scott Spanbauer’s Comcast connection registered 119ms compared to OpenDNS’s 116ms. And in Phuket, Thailand, Woody Leonhard’s TT&T MaxNet DNS served up 547ms against OpenDNS’s score of 414ms. These results are virtual ties.

The bottom line is that your mileage may vary. I recommend that you run the same tests on your connection before committing to using OpenDNS. Even if you find a small performance deficit from OpenDNS, the minor slowdown should be evaluated against the security and reliability benefits OpenDNS can bring.

If you find a larger difference, this may argue against using OpenDNS from your area. In that case, you can also try DNS Advantage, a similar service from NeuStar. DNS Advantage is still under development but will soon be adding site-blocking and typo-correction services similar to those offered by OpenDNS.

NeuStar already has a large network of DNS servers for its paid, corporate UltraDNS service, so DNS Advantage is likely to become a big player.

Assessing readers’ reports of OpenDNS glitches

As I mentioned above, some WS readers reported difficulties in using OpenDNS after Susan’s story appeared. David Cagle complains that his ISP is blocking the service:

• “Here in Florida, with Comcast as my service provider, it’s almost impossible to reach the OpenDNS Web site. After several days, I became suspicious and began doing some Web searches. Thread after thread of angry Comcast subscribers are all reporting that OpenDNS is either blocked outright or hobbled to the point of being useless.”

While several readers reported problems when using OpenDNS with Comcast, Scott Spanbauer experienced no such difficulties when he tested OpenDNS over his Comcast connection. Further, OpenDNS CEO David Ulevitch assured me that “we have many millions of users in the U.S. and many of those are Comcast customers. We’ve had no complaints from them. We also know the Comcast DNS engineers reasonably well, and we know they aren’t doing any blocking.”

It’s likely that David’s problems stem from his particular setup. (OpenDNS contacted David to try to help him out, but as of early July, he hadn’t responded.)

Reader Ernie Mandoky warns of another potential problem related to OpenDNS use:

• “Windows Secrets readers who employ Windows Home Server should be warned that OpenDNS will not translate the server’s IP address correctly and will prevent clients from connecting to the server through both [Recovery] Console and Remote Desktop. Backups will continue to function automatically, and you can even access the server by entering the server’s IP address directly into the browser, but the Console will no longer connect.”

As I described above, to protect a home network simply add a “Domain typo exception” in the name of your VPN server or network domain — for example, vpn.mycompany.com. Together with dynamic IP updating, this should eliminate problems concerning Windows Home Server and remote access.

Rick McLeod found that his system performance slowed to a crawl after he installed OpenDNS, and he concluded that his PC had become infected:

• “Because of following [your] advice on OpenDNS, I now have a browser hijack when I enter an invalid URL. It goes to their search page. I didn’t ask for that and am having big difficulty getting rid of it.”

OpenDNS isn’t any kind of a hijack or exploit. Displaying a search box when a user types a domain name that doesn’t exist is an OpenDNS feature. If a common error is made — such as typing google.cmo — the service just sends you to the correct page. If there’s no easy match, however, OpenDNS directs you to a search page, which contains advertising that supports the service.

I feel this is a small price to pay for such a valuable free offering. This is especially true because most of the typos I make while using OpenDNS are automatically routed to the correct domain, saving me the hassle of retyping. Few Internet services as useful as OpenDNS are truly free. As long as the ads don’t get in my way, I’m willing to make the trade-off.

WS contributing editor Becky Waring has worked as a writer and editor for CNET, ZDNet, Technology Review, Upside Magazine, and many other news sources.

Can Microsoft make a name for itself in search?

By Katy Abby When Google hit the Internet stage in September 1998, it changed the face of computing forever. Web searching was suddenly quick, easy, and fun. It didn’t take long for this burgeoning starlet to grab hold of our minds and mice. Soon Google had left an indelible skid mark on the information superhighway. Several other search services have vied for Google’s cyberspace crown, most recently Bing, Microsoft’s revamped “decision engine.” The company certainly has an entertaining and memorable ad campaign, but will Microsoft be able to overtake Google as the go-to search site for the geeky masses? Take a look at this tongue-in-cheek short, and decide for yourself! Play the video

Buy Cheap Custom Papers Here

Reliable and Cheap Custom Papers

A lot of students are looking for quality but cheap custom papers because they are not equipped to produce a good one on their own. They look for the best custom writing service to help them to meet the requirement for academic purposes. You will certainly find a lot of companies online offering cheap writing services but not all are trustworthy or reliable. In fact, a lot of them are fraud companies that lure people in with their very low prices and promises of many benefits if you order cheap custom papers from them. Make sure that you scrutinize any company you plan to hire for writing your custom papers. They should be known for their good reputation and ability to meet deadlines.

Cheap Custom Papers Done to Perfection

An important guarantee of our best custom writing services is that although it is cheap or affordable, it is also of top quality. Our company does not compromise originality or quality and always adhere to the specific details of your paper. They produce papers that are flawless and customized to your needs. They also have great knowledge in how to organize papers to be free from grammar and spelling errors among others. It is a guarantee that you will be satisfied with the best custom writing service there is to offer.

You Get Total Satisfaction With Our Cheap Custom Papers

We organize the pricing of our cheap custom papers to ensure that everyone is able to access our services. It is recommended that you use the best custom writing assistance that we provide because we have more concern regarding the academic career or our clients than about the money we can make from them. The customers’ needs always come first. Total satisfaction is what we aim for and people that use our services usually come back for more or send their colleagues to enjoy our services also.

Do not be afraid to contact us right away for your cheap custom papers that will be written by professionals. We are providers of the best custom writing service that you will ever find anywhere.

Microsoft Security Essentials: a privacy risk

By Woody Leonhard Late last month, Microsoft released a public beta of Security Essentials — code named Morro — and invited “genuine” Windows XP, Vista, and Windows 7 users to give it a try. While free antivirus and antispyware from Microsoft resonates with this Windows victim, you need to be aware of privacy concerns and other compromises entailed in using MSE before you test the program.

MSE may enable Windows automatic updates

Free is good. Microsoft’s offering of free protection for security flaws in the company’s own products is long overdue.

Microsoft Security Essentials consists of a free, realtime anti-malware scanner — and that’s it. If you have a “genuine” copy of Windows XP SP2 or later, Vista, or Windows 7, you qualify to take the MSE beta out for a test drive. (Note that as of July 8, the MSE beta program remains closed.) But don’t get ahead of yourself just yet. There are some, uh, tradeoffs you should know about.

When Microsoft Security Essentials installs, it disables Windows Defender. As I describe in my September 4, 2008, column, Windows Defender includes a spyware tracker as well as several ancillary utilities. It’s an optional download for Windows XP but a major component of Vista; in Win7, Windows Defender is relegated to a backwater.

Microsoft claims that MSE replaces and improves upon Windows Defender, but that’s only partially true. The biggest loss comes for XP and Vista users who rely on the Software Explorer feature in Windows Defender to control programs that start automatically. Fortunately, a free program called AutoRuns provides a good alternative to Software Explorer, as I describe in my April 23 column.

No ‘middle way’ for virus-signature updates

If you have Windows set to update automatically — a practice I and others here at Windows Secrets strongly advise against — MSE refreshes its virus database in the background. If you don’t enable automatic updates, you have to update MSE’s signature file manually.

Whenever you go more than a week without updating the signature file — either manually or via Windows’ Automatic Update — MSE warns you through a message that appears in the notification area in XP and Vista and via a red flag in Windows 7’s Action Center.

Unfortunately, MSE doesn’t appear to have a “middle way” setting, where you can download signature files automatically without invoking the Windows Automatic Update 800-pound gorilla.

The MSE Privacy Statement includes this assertion, which I find troublesome:

• “By installing Microsoft Security Essentials on your computer, you also agree to receive updates from the Microsoft Update Center. This will ensure that Microsoft Security Essentials uses the latest updates against malware threats and can update your computer with the latest anti-malware updates as needed.

  “Please note that if you do not enlist into Microsoft Update Center, you will not be able to install and operate Microsoft Security Essentials.”

If the referenced “Microsoft Update Center” is, in fact, Microsoft Update, it appears that the MSE Privacy Statement may allow MSE to change your Automatic Update setting without your explicit consent. (It all depends on what Microsoft means by “enlist,” eh?)

Over the course of several weeks of testing, I haven’t seen this happen. But the fact that it could happen — and that the EULA terminology obfuscates mightily — gives me pause.

Let Microsoft SpyNet track your PC’s apps?

Historically, Windows Defender has tied into a large database that Microsoft calls SpyNet. I have long warned against sending details about your computer’s programs to Microsoft via SpyNet because — despite its noble goals — there’s simply no compelling reason to add a list of your PC’s programs to Microsoft’s database.

When you install MSE, it turns off Windows Defender. But at the same time, it also turns on SpyNet. And, at least in the beta version of MSE, you can’t turn SpyNet off. Everyone who uses Microsoft Security Essentials allows Microsoft to see which programs are on their PCs.

Even worse, SpyNet reports that information to Microsoft in ways that can be tracked to an individual’s Internet Protocol (IP) address. For more details, see the Microsoft Security Essentials privacy statement.

There are other disconcerting privacy details surrounding MSE. Ed Bott’s Microsoft Report blog states that Theresa Burch, director of product management for Microsoft Security Essentials, told him, “We collect no information from you at all. No Windows Live ID, nothing. You agree to the EULA, validate, download, and you’re done.”

That may be true, but in order to download the beta version of MSE, you have to provide a Windows Live ID. The process of validating a copy of Windows XP, Vista, or Win7 leaves behind a trail that Microsoft may or may not collect.

The forced membership in SpyNet assures that Microsoft can track programs on your PC in ways documented in the EULA, which admonishes, “Reports might unintentionally contain personal information.” Unintentionally? That’s like your telephone company saying its operators may unintentionally listen to your private conversations.

There’s no question that MSE collects detailed information about the software on your PC and relays at least part of that inventory to Microsoft. There’s also no question that the information provided can be traced to your computer — or at least your IP address. You have to decide whether you feel comfortable with the disclosure.

Time is right for nag-free antivirus software

MSE arrives on the heels of Microsoft’s now-defunct protection-racket package known as Windows Live OneCare. The timing couldn’t be better: most big AV products these days raise bloat and extortion to an art form. Even the free versions of antivirus products — AVG, for example, and Avira AntiVir — have grown fangs and use such scare tactics as warning messages and dire entreaties to upgrade to the oh-so-much-better paid versions.

MSE doesn’t do that. The program sits in a corner and keeps to itself. Microsoft sells a corporate antivirus product called Forefront, but the company doesn’t even offer a paid consumer version of MSE, to which I say bravo! I only hope things stay that way.

Despite what you may have read about the program being Web-based, the MSE app runs on your computer: there’s nothing “cloud” about it. The program works with a database called Dynamic Signature Service that’s maintained in a co-operative effort by many smaller antivirus software manufacturers.

This collaboration has led some people to claim MSE runs in the cloud, but it doesn’t. Full details are in Scott Fulton’s June 23 Betanews blog post.

It’s uncertain when the MSE beta will again be available for download. Supposedly, the first round of beta testers could download and install the program only on PCs located in the U.S., Brazil, and Israel; but hundreds of people who live in other countries — including me, here in Thailand — had no problem at all installing the beta, possibly because we used Firefox to download the bits.

The safe way to install Microsoft’s new AV app

Microsoft Security Essentials is still in the beta test stage. While I haven’t encountered any problems using MSE, I advise you to wait until Microsoft irons out the bugs — and until independent test results of the antivirus component’s effectiveness are available — before using it on your work PC.

That said, if you have a test PC sitting around, you might want to take MSE for a drive. Doing so is easy. Here’s the safe way to get rid of your current antivirus product and replace it with MSE:

• Step 1. Go to Microsoft’s Connect site, log in with your Windows Live ID, click the appropriate link to download — but don’t install — the version of MSE that works on your computer.
• Step 2. Make sure you know how to uninstall your current antivirus product and then close your computer’s Internet connection.
• Step 3. Uninstall your current antivirus program. For well-behaved programs, that’s usually as simple as turning off the program and running through the Control Panel’s Add or Remove Programs routine — or the program’s own uninstall option on the Start menu, if it offers one. For messy programs — can you say “Norton”? — you may have to download an uninstaller and/or take a blowtorch to your hard drive.
• Step 4. Reboot your computer.
• Step 5. Double-click the downloaded MSE installer file and follow the instructions. The installer will tell you when you need to reconnect to the Internet.

Once MSE’s installed, click the Update tab and go through one update. After the update completes, run a full scan. If you have a broadband Internet connection, the whole process — including download, installation, and update — should take about 10 minutes. The initial scan can take anywhere from 5 minutes to several millennia.

Don’t expect to see MSE on new PCs. The tired, old, and rich giant anti-malware companies spend enormous amounts of money enticing hardware manufacturers to include “free trial versions” of their crapwa— er, software — on new PCs. But when the time comes — after MSE is out of beta and ready for prime time — remember that the program is easy to install, fast to run, and blissfully free.

For Microsoft, that’s something of a record. Now, about that spyware . . . .

Woody Leonhard‘s latest books — Windows Vista All-In-One Desk Reference For Dummies and Windows Vista Timesaving Techniques For Dummies — explore what you need to know about Vista in a way that won’t put you to sleep. He and Ed Bott also wrote the encyclopedic Special Edition Using Office 2007.

New IE zero-day exploit targets XP, Server 2003

By Susan Bradley A malware attack masquerading as a video file targets Windows XP and Server 2003 users who visit infected sites. Microsoft has issued a workaround for the exploit and made it available on the company’s support site, although it’s uncertain when a patch for the vulnerability will be available.

972890
ActiveX control used in zero-day IE attacks

A zero-day attack against Internet Explorer targets a vulnerable video ActiveX control to execute malicious code on the system remotely. Merely browsing to an infected site can trigger the attack and install malware on your machine. The good news is that there are two ways to protect yourself from the exploit.

The first is enabled as a “Fix it” solution that you can access via Microsoft Knowledge Base article 972890. (See Figure 1.) The vulnerability affects only Windows XP and Windows Server 2003, but the fix can also be applied to PCs running Vista or Server 2008. According to Microsoft’s security advisory, Microsoft recommends that Vista and Server 2008 users deactivate the ActiveX control in IE as a “defense-in-depth measure.”

Figure 1. Microsoft offers a one-click workaround that enables or disables the vulnerable IE ActiveX control.

Use OpenDNS to block sites affected by the hole

If you don’t want to install the workaround and instead want to wait for the actual patch, you can keep a close eye on Incidents.org’s list of the Web sites being used to launch the attacks. Keep in mind that we don’t know when the actual patch will be available. In fact, we’re still waiting for the patch for the DirectShow hole described in Microsoft security advisory 971778. Microsoft wasn’t quite ready to release that fix in time for the June 2009 Patch Tuesday.

So far, I’m still in wait-and-see mode for the ActiveX exploit because the domains listed by Incidents.org are not ones that I or my family would normally surf to. If I subsequently see a URL listed that I think I — or someone whose PC I manage — might visit, I’ll use the custom settings in OpenDNS to block those sites for all the PCs I control. (See Figure 2.) Today’s Top Story offers more information on using OpenDNS to browse safely.

Figure 2. OpenDNS lets you block known malicious sites from one PC or from several systems simultaneously.

This is one of those times when I wish OpenDNS would allow uploading an entire list of sites to block; but for now, the proxy service is a useful, free way to protect my family’s networks.

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She’s also a partner in a California CPA firm.