Intel Centrino patches

If you have any of the following Intel chips:

Intel PRO/Wireless 2100 Network Connection
Intel PRO/Wireless 2200BG Network Connection
Intel PRO/Wireless 2915ABG Network Connection
Intel PRO/Wireless 3945ABG Network Connection

you should head over to the Intel support site and apply the appropriate security patches.

If you have a “Centrino Inside” and aren’t sure if you’re affected, Intel has a quick scanning page that will set you straight.

When will Vista ship? Wanna bet? The Windows Vista Ship Date Raffle

OK. I put my neck out, and put my money on the table. Will you do the same for a good cause? I’m betting that shrinkwrapped copies of Windows Vista will be widely available on store shelves in the US on March 15, 2007.

What, you think that’s too late? Too soon? Heh heh heh. Alright, bucko. I thought you might. Care to put some money where your mouth (or at least your guess) is? Here’s what I’m going to do. If you have an opinion as to when Windows Vista will be available in shrinkwrapped packages on store shelves in the US, click the link below to join the raffle.

You can donate any amount you like. Every cent that I receive will go to a charity here in Phuket, Thailand, to help people who were impacted by the tsunami. If you include your name on the PayPal submit form, I’ll take that as an “OK” to publish it on these pages. (And, yes, you can guess as many different dates as you like – but only one guess per donation, please.)

Soooooooooo….. whaddya think? Care to put a wager on it? Fame an’ fortune await. Ya pays yer money and ya takes yer chances!

UPDATE August 8: Symantec has released a detailed report demonstrating security holes in Microsoft’s brand new Vista networking stack. Apparently the stack was completely re-written from the ground up – and brand new code always carries with it unknown potential problems. “The amount of new code present in Windows Vista provides many opportunities for new defects.” It’s a sobering report.

Meanwhile, the black-hat (or, I guess, by definition gray-hat) folks attending DefCon in Las Vegas continued to crack away at Vista. Joanna Rutkowska created quite a stir when she demonstrated her

“Blue Pill” stealthy attack on Vista, which uses AMD’s Secure Virtual Machine to cloak itself. She also found a way to bypass the 64-bit unsigned driver protection built into Vista, but her hack required a user to click through a Vista User Access Control message.

What bugs me the most about Vista’s approach to security: nobody – but nobody – is going to take User Acccount Control seriously after the first hundred mind-numbing clicks. In spite of what you might’ve read or heard, Vista doesn’t have to act that way. Vista is quite capable of telling the difference between when you launch a program, and when a rogue application launches a program. UAC is a huge waste of your time, and it’s going to become the number-one security exposure in Vista. Guaranteed.

So Paul Thurrott was running a pirate copy of Windows

Last week I pointed you to long-time columnist Paul Thurrot’s article expressing surprise that Windows Genuine Advantage pegged one of his Windows machines as being, uh, undocumented. As I said at the time, Paul gets all of his Microsoft software for free – he needs a pirate copy of Windows like Jessica Simpson needs pimply-faced fans.

Apparently Microsoft offered to trace down the source of Paul’s problems and discovered that, somehow, he had acquired a pirate copy of Windows XP Media Center Edition. He bought it online as part of a USB-cable-and-Media-Center-Edition bundle, back when you couldn’t buy a legit copy of MCE without buying hardware to go along with it.

Details here.

Thanks to reader Roger M for the heads up!

Microsoft Antispyware has expired

If you never updated Microsoft Antispyware to Windows Defender, the copy you have expires on August 1. So if you woke up this morning to a message with a big red “X” on it saying that Microsoft Antispyware has expired, and suggesting that you download the latest version, you can safely ignore it.

Why? Because Microsoft won’t let you install Windows Defender – the successor to Microsoft Antispyware – unless you install Windows Genuine Advantage. And WGA still has spyware and backdoor written all over it, in spite of all the uproar.

Don’t lament Microsoft Antispyware’s passing. Instead, pick up a copy of Webroot Spy Sweeper. It works better, blocks more – and it doesn’t kowtow to scumware manufacturers with deep pockets and fast-talking reps.

Office 2007 Beta 2 Refresh to cost $1.50

Dawn Kawamoto at CNet News reports that Microsoft will charge $1.50 for the privelege of downloading Office 2007 Beta 2.

Microsoft plans next week to charge a nominal fee for Office 2007 Beta 2 downloads, in a move that runs counter to the practice held by most software companies.

Consumers who download the 2007 Microsoft Office system Beta 2 will be charged $1.50 per download, beginning next Wednesday at 6 p.m. PDT

Don’t know about you, but I had to double-check my calendar and make sure it wasn’t April 1.

No word yet on how Microsoft is going to charge for the beta – or precisely what they’ll be providing for the $1.50. Perhaps a 16-hour wait on an overloaded server?

MS06-035-related exploit not much to worry about

Just wanted to make sure that you knew about a “proof of concept” program that’s making the rounds. Apparently it takes advantage of a security hole similar to the one patched in July by MS06-035.

Nothing to worry about: if you go to a (im)properly fashioned Web site, your system will crash with a blue screen of death. Re-boot and nothing permanent has happened.

Details on the Microsoft Security Response Center blog.

Firefox version 1.5.0.5

If you use Firefox (please tell me you use Firefox), you probably already know that there’s a new version available. I suggest you install it immediately – version 1.5.0.5 patches many security holes.

If AI Roboform stops working, click Tools | Extensions, click on AI Roboform Toolbar for Firefox, and click Update. Most of my Firefox extensions still work with version 1.5.0.5. I imagine the few holdouts will be updated shortly.

Internet Explorer 7 will be pushed as a High Priority update

Microsoft has just posted a “blocker tool” that will help companies prevent mass semi-automatic conversion from Internet Explorer 6 to Internet Explorer 7, later this year.

To help our customers become more secure and up-to-date, Microsoft will distribute Internet Explorer 7 as a high-priority update via Automatic Updates for Windows XP and Windows Server 2003 soon after the final version of the browser is released (planned for fourth quarter 2006). Microsoft is making a non-expiring Blocker Toolkit available for those organizations that would like to block automatic delivery of Internet Explorer 7 to machines in environments where Automatic Updates is enabled.

Yet another reason to turn off Automatic Updates, eh?

I’ve been using IE 7 beta versions for quite some time now, and it’s OK – nothing particularly exciting, especially for folks who have tried the Firefox 2 beta. I particularly prefer the way Firefox handles RSS feeds. But that’s what makes a horse race, I guess.

Windows Genuine activation woes

Think you have problems with WGA mis-identifying your copy of Windows as, er, non-genuine?

Check out Ed Foster’s Gripelog.

Random security notes – why I won’t be updating Windows Defender

Just wanted to keep y’all abreast of the latest. There are some clever – potentially desctructive – pieces of malware making the rounds, and you should be aware of them. No need for alarm. But four-warned is four-armed, or something like that…

First, there’s an update to Windows Defender that you might’ve missed unless you’ve been looking for an exclamation mark on the Defender icon in your system tray. You have to clear the “Genuine Advantage” hurdle to get the update, and it looks to me like you have to install the latest version of Windows Genuine Spyware in order to clear the hurdle. I won’t do that. So I guess this is the point where I kiss Windows Defender good-bye. Ah well. Webroot SpySweeper works better anyway.

(Parenthetical note: Funny that the Windows Live stuff doesn’t require you to install Microsoft’s spyware. Windows Live Messenger comes down without a hiccup. I wonder if the Live folks know something we don’t?)

Next, there’s a new Haxdoor virus (Trojan) variant that arrives attached to email messages that say,

Dear Sir/Madam,

…and so on. The main problem is that the attached Haxdoor-infected file wasn’t picked up by most antivirus programs. By the time you read this, chances are good your AV software will be updated, but if you got a message like that, run a manual AV scan. Details at the SANS Internet Storm Center.

And, exploit code is now publicly available for the MS06-034, MS06-035, and MS06-036 security holes. You’re all patched up, right?

Finally, there’s a good synopsis of the recent worm making the rounds at MySpace, also on the SANS Internet Storm Center. MySpace has become quite popular, and this worm is propagating like crazy. No, it didn’t cause the outage at MySpace last weekend – apparently a power problem took the site down.

AMD Processor prices hit the floor

Thanks to Joe Greene for the heads-up…

Adrian Kinglsey-Hughes has just posted a chart comparing AMD processor prices from two months ago, with the prices currently quoted.

The drop is phenomenal. Check it out.

Windows Genuine Spyware – Thurrott edition

Paul Thurrott, who needs pirate copies of Windows like Jessica Simpson needs pimply-faced fans, has posted an interesting article, including screen shots of his “undocumented” copy of Windows.

Will Microsoft stand up and face the music? Will we see at least a little contrition from the largest spyware company in history? Nawwwwww. Instead we get drivel like this series of Microsoft blog entries which prove, repeatedly and unmistakably, that the brass at Microsoft doesn’t have a clue.

As if we needed a reminder.