Eight Security Bulletins coming

Microsoft has nnounced that there are eight Security Bulletins in the wings, due to arrive on Black Tuesday.

This crop seems particularly worrisome: two “critical” Windows patches; yet another Internet Explorer patch; a Visual Basic patch; one each for Word, Excel and SharePoint Server; and one for Windows Media Player. Blech.

The November patches appear to be stable. I’m therefore recommending that you apply all outstanding Windows and Office patches EXCEPT if you’re running Windows XP and you haven’t yet upgraded to Service Pack 3, be sure you check out Susan Bradley’s article in the current edition of Windows Secrets Newsletter. Yep, there’s yet another problem with SP 3.

We’re at MS-DEFCON 4: There are isolated problems with current patches, but they are well-known and documented here. Check this site to see if you’re affected and if things look OK, go ahead and patch.

Sorry I”ve been offline

Many of you know that I live in Phuket, Thailand. I’ve been a bit pre-occupied with the goings on around here, and for that I apologize.

For those of you who haven’t been following closely, Thailand has gone through yet another change in leadership, accompanied by demonstrations that were largely peaceful and (in my opinion) for a good cause – although the means employed were disruptive to many people, and potentially harmful to the Thai economy.

The bottom line: this is shaping up to be the best year ever to visit Phuket. Prices are down: airfares are supposed to hit rock-bottom shortly. For the first time in years, hotel rooms are readily available over the Christmas/New Year season. The beaches aren’t crowded. There aren’t any lines, even for the best restaurants. Your money will go farther than ever. And the weather’s great.

If you can make it to Phuket, be sure to drop me a line and I’ll show you around.

New Apple MacBook has copy protection built in

It’s amazing what a few bucks will do.

Eighteen months ago, Apple’s Steve Jobs posted a few very insightful comments about Digital Rights Management (I call it CRAP music in my books) and how Apple would shun the unholy siren of copy protection.

magine a world where every online store sells DRM-free music encoded in open licensable formats. In such a world, any player can play music purchased from any store, and any store can sell music which is playable on all players. This is clearly the best alternative for consumers, and Apple would embrace it in a heartbeat. If the big four music companies would license Apple their music without the requirement that it be protected with a DRM, we would switch to selling only DRM-free music on our iTunes store. Every iPod ever made will play this DRM-free music.

Now comes word from Ars Technica and other sources that Apple has baked DRM into its new aluminum MacBook .

While HDCP is typically used in devices like Blu-ray players, HDTVs, HDMI-enabled notebooks, and even the Apple TV in order to keep DRMed content encrypted between points A and B, it appears that Apple’s new aluminum MacBook (and presumably the MacBook Pro) are using it to protect iTunes Store media as well.

Looks like Steve bowed to the big labels. Ka-ching.

Bye-Bye OneCare, hello freebie

File this in our “not a moment too soon department”…

Microsoft has just announced that it’s going to get out of the business of competing with the antivirus software community. Windows Live OneCare is to die a deserved death next June.

In its place, Microsoft will apparently offer a free utility that concentrates on zapping malware.

“Morro” will be available as a stand-alone download and offer malware protection for the Windows XP, Windows Vista and Windows 7 operating systems. When used in conjunction with the ongoing security and privacy enhancements of Windows and Internet Explorer, this new solution will offer consumers a robust, no-cost security solution to help protect against the majority of online threats.

If you’ve seen any of my Windows XP or Vista books, you know that I rake Microsoft over the coals about OneCare. It’s payola, pure and simple: how in the world can Microsoft charge you for protecting yourself from flaws in Microsoft’s software? The day Microsoft released OneCare in May 2006, I bellered, and I haven’t stopped bellyaching since.

It’s about time.

AVG Gets a Clue – Maybe

After trashing many Windows XP machines with a false positive on a system file called user32.dll, AVG finally seems to be getting a clue about how to handle a disaster.

AVG now has four related security bulletins:

1574 explains how to fix AVG 8.0 with a Windows XP installation CD
1575 explains how to fix AVG 8.0 without a Windows XP installation CD
1579 explains how to fix AVG 7.5 with a Windows XP installation CD
1580 explains how to fix AVG 7.5 without a Windows XP installation CD

To see the bulletin that applies to you, go to the
AVG FAQ site and type in the appropriate number.

AVG has posted a press release that says the bug “only affects users of the Dutch, French, Italian, Portuguese, and Spanish language versions of Windows XP.” The false positive has been fixed, so if your Windows XP machine is still alive, you dodged the bullet.

The November Security Bulletins

As expected, Microsoft released two Security Bulletins, both of which are (as best I can tell) real yawners.

The first, MS08-068, allows people to mirror back an incoming connection, and log on to the originating computer. The bottom line is that Microsoft only considers it “Important” – just “Moderate” for Vista users. Details on the MS security blog.

The second fixes a security hole in XML that was originally made public in January, 2007. Not exactly a barn-burner.

The usual admonitions apply: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

AVG brings WinXP to its knees

Yesterday, AVG issued an update to its signature files for versions 7.5 and 8.0 that, on some systems, incorrectly identified user32.dll as being infected with either the Trojan PSW.Banker4.APSA or the Trojan Generic9TBN. AVG then, helpfully, plastered a THREAT DETECTED! message on the screen, and offered to remove the offending (but innocent) file.

If you happened to click Heal or Move to Vault, AVG obliged by moving or removing user32.dll.

Which is all well and good, except clicking on the Heal button immediately zapped your PC with a Blue Screen of Death. Every time you try to re-boot your machine, when WinXP comes up for air and tries to run any of a zillion startup programs that rely on user32.dll, it crashes and burns, either freezing the PC, showing a BSOD, or going into an endless reboot cycle.

If you’ve encountered that problem, scurry over to AVG’s support site and click on the link that says 1574: False positive “user32.dll” AVG has posted step-by-step instructions that show you how to run the Windows XP Recovery Console, and replace user32.dll.

One little problem: if you don’t have an original Windows XP installation CD, you’re hosed. Completely hosed.

Personally, I found the instructions very confusing. In Step 4, AVG says “you have to type the following commands (some of them might not be present in all AVG editions)”. What they mean to say is “Type in all of the following commands, and if Windows comes back and tells you that it can’t find the service, don’t worry about it.”

Three black marks against AVG: First, pushing a signature update that triggers a false positive on user32.dll is unforgivable. Second, the instructions posted on the AVG site are misleading and clear as mud. Third, if you don’t have a WinXP boot disk, AVG offers absolutely no advice. None.

My friends have been urging me to change to Avast or NOD32. Guess it’s time to follow their advice.

NOTE: If you’re running the older version of AVG, version 7.5, you may be able to get your system running again by booting into Safe Mode and updating to AVG 8.0 while in Save Mode. See the ghacks site for details.

Got Java? Get MSN Toolbar and Windows Live Search too!

Golly gee, the free offers just keep rolling in.

Microsoft has just announced an astounding alliance with archirival Sun, to distribute MSN Toolbar with updates to Sun’s Java runtime environment.

Not too many years ago, Microsoft agreed to pay Sun $20 million and stop using the phrase “Java compatible” in Windows and Internet Explorer.

How times have changed.

Why, you may ask, did Microsoft specifically include the MSN Toolbar in the download? After all the name “MSN” has been all but obsolete since Windows went Live. Good question. I don’t have an answer, except maybe Microsoft is trying to leverage an old, widely recognized brand name.

Mary Jo Foley has a thoughtful analysis of the Byzantine power plays afoot. Apparently Google and Sun are no longer playing footsie. And Microsoft appears to be brandishing the cash.

Ever the skeptic, I downloaded and installed the latest version of Java. I found that the old opt-out checkbox for the OpenOffice installer was gone, replaced by a splash screen extolling OpenOffice’s virtues. The old Google toolbar wasn’t there, either (it’s been gone for a long time). Surprisingly, I wasn’t given the (cough, cough) opportunity to download or install the MSN Toolbar, or to turn Windows Live Search into my default search engine.

No doubt that will change in the coming days.

Two security bulletins coming

Microsoft has just announced that there are just two security bulletins waiting in the wings for next Tuesday.

Time to get yourself completely patched. Yes, even the MS08-067 out-of-sequence patch. MS08-067 was one of the most widely advertised patches in recent history. It looks like there’s one small exploit – but the sky didn’t fall, and the Internet didn’t come to a screeching halt, in spite of all the dire predictions.

Get patched. Then make sure you have Automatic Update turned off.

Got Windows 7? Enable the SuperBar

If you were fortunate enough to attend the Professional Developer’s Conference last week, you no doubt came away with a shiny new CD packed with a pre-beta copy of Windows 7. So-called Windows 7 Build 6801 is remarkably stable, but it remains to be seen if all of the features in the build will make it into the final product.

One of the features that MS demonstrated extensively at PDC, but doesn’t appear in Build 6801, is called the SuperBar. It’s a Mac-like version of the Windows TaskBar with several interesting twists.

Rafael Rivera, the Windows user interface guy who runs the Within Windows site, has posted a rather convoluted sequence of steps that you can use to unlock the SuperBar. Assuming you have Windows 7 Build 6801.

I’ve got Build 6801 up and running, and I’m marginally impressed. More details as I get more experience with the beast. If you’re curious about the next version of Windows (which I still guess will be widely available on store shelves on September 1, 2009), check out Ed Bott’s ZDNet blog, Ars Technica’s overview of the new user interface, or Paul Thurrott’s five-part preview.

As usual, Long Zheng’s IStartedSomething blog has lots of insider details.

Old Friends in New Places, Steve Bass Edition

I just got word that Steve Bass has changed jobs. Sorta. Actually, it’s a long story, and it’s best if you hear it from the horse’s mouth. (I mean that in the nicest possible way, Steve.)

I’ve known Steve for so long that I’ve forgotten how or when we first bumped into each other. You probably know him as a tremendous columnist for PC World, the author of PC Annoyances, the founder of PIBMUG – likely the largest PC user group anywhere – or perhaps as a writer, raconteur and muckraker of the first degree. (I also mean that in the nicest possible way, Steve. Honest.)

Anyway, Steve has a new newsletter called TechBite, and it promises to deliver lots of down-to-earth advice on a wide variety of topics, including PCs. Check it out.

MS-DEFCON 3: Get patched up

I’ve been watching the progress of Microsoft’s “out of band” Security Bulletin MS08-067, which I talked about earlier.

It looks like milw0rm has the beginnings of an exploit posted, although it isn’t much more than a start. Brian Krebs warns of a “Data Stealing Trojan” that doesn’t seem to have made much of a splash. The SANS Internet Storm Center has moved back to a “normal” alert status. Pretty ho-hum. The sky didn’t fall.

Juha-Matti has posted a thorough FAQ on the SecuriTeam site. It claims that Proof of Concept code has been posted, although everything I’ve seen is pretty benign.

At any rate, I haven’t heard of many problems with installing the patch, other than some obscure conflicts, so I’m going to recommend that you go ahead and install the patch.

While you’re at it, the October Black Tuesday patches seem to have gone pretty well, so I recommend that you install them, too.

Bottom line: I’m moving us to MS-DEFCON 3: Patch reliability is unclear, but widespread attacks (more accurately, the threat of attacks, in this case) make patching prudent. Go ahead and patch, but watch out for potential problems.