Vegas machines' new jackpot? iPods

Apr 28, 2007

LAS VEGAS--Architecture, entertainment and vice. Everything about this city is famous for being over the top. You can now add vending machines to the list.

Can't sleep after bucking the roulette wheel? Forget the flat soda and stale chips. Patter downstairs and pick up an 80GB iPod for $349. Don't worry about scrounging for change. The machine only takes credit cards.

This from Zoom Systems resides in the lobby of the Las Vegas Hilton. The hotel is a stone's throw from where the is holding its annual conference this week.

In addition to an array of multicolored Nanos, from $199 to $249, the machine also dispenses headsets from JBL and Sony.


Myth crushed as hacker shows Mac break-in

Dino Dai Zovi was able to remotely break into a Mac as part of a contest designed to illustrate security flaws in OS X

By Nancy Gohring, IDG News Service

April 20, 2007

A hacker managed to break into a Mac and win a $10,000 prize as part of a contest started at the CanSecWest security conference in Vancouver.

In winning the contest, he exposed a hole in Safari, Apple's browser. "Currently, every copy of OS X out there now is vulnerable to this," said Sean Comeau, one of the organizers of CanSecWest.

The conference organizers decided to offer the contest in part to draw attention to possible security shortcomings in Macs. "You see a lot of people running OS X saying it's so secure, and frankly, Microsoft is putting more work into security than Apple has," said Dragos Ruiu, the principal organizer of security conferences including CanSecWest.

Initially, contestants were invited to try to access one of two Macs through a wireless access point while the Macs had no programs running. No attackers managed to do so, and so conference organizers allowed participants to try to get in through the browser by sending URLs via e-mail.

Dino Dai Zovi, who lives in New York, sent along a URL that exposed the hole. Because the contest was only open to attendees in Vancouver, he sent it to a friend who was at the conference and forwarded it on.

The URL opened a blank page but exposed a vulnerability in input handling in Safari, Comeau said. An attacker could use the vulnerability in a number of ways, but Dai Zovi used it to open a back door that gave him access to anything on the computer, Comeau said.

The vulnerability won't be published. 3Com's TippingPoint division, which put up the cash prize, will handle disclosing it to Apple.

The prize for the contest was originally one of the Macs. But on Thursday evening, TippingPoint put up the cash award, which may have spurred a wider interest in the contest.

One reason Macs haven't been much of a target for hackers is that there are fewer to attack, said Terri Forslof, manager of security response for TippingPoint. "It's an incentive issue. The Mac is not as widely deployed of a platform as, say, Windows," she said. In this case, the cash may have provided motivation.

The contest was a chance for hackers to demonstrate techniques they may have boasted about. "I hear a lot of people bragging about how easy it is to break into Macs," Ruiu said.

Some attendees didn't think it was a coincidence that on late Thursday Apple released a patch for 25 vulnerabilities in OS X.

Macs haven't been targets for hackers and malicious code writers nearly to the degree that Windows machines have historically. That's in part because there are fewer Macs in use, thus making the potential impact of malicious code smaller than on the more widely used PCs.

Also, Apple is "extremely litigious when people do find stuff," noted Theo de Raadt, OpenBSD project leader and an attendee at the conference. He suspects that will backfire on Apple, which could begin to "look evil" if hackers begin to publish potentially threatening letters from the company.

This story was updated on April 20, 2007

How to zap the crap on a new Windows PC

Dave Methvin

April 25, 2007 (Computerworld) When you take a brand-new Windows PC out of the box, it's shiny and scratch-free, but on the PC's hard disk, it's a different story entirely. Most major hardware makers clutter their systems with preinstalled applications, browser toolbars, search settings and utilities -- not to mention self-launching advertisements enticing you to try out even more software.

In essence, they have sold your PC to the highest bidder long before you take it out of the box. Instead of having Windows defaults or your own preferences, the system is set up to maximize the profits of the computer maker and its business partners at the expense of your convenience.

All this extra unwanted software takes its toll on system performance and reliability. Each time the system starts, many of the applications run in the background. While running, they may access the Internet to find updates or change the behavior of standard Windows functions. These freeloaders also take up system resources such as processor, memory and disk space, resulting in longer start-up and shutdown times.

Many of them clutter the desktop, system tray and browser with icons, buttons, yellow balloon dialogs and other visible reminders in the hope that you will click on them and use their services. Apple even pokes fun of this phenomenon in one of its "I'm a PC; I'm a Mac" commercials, called "Stuffed" (requires QuickTime plug-in).

Out of the box, my brand-new Acer notebook had a system tray brimming with icons, including two volume controls.

Out of the box, my brand-new Acer notebook had a system tray brimming with icons, including two volume controls.

Uninvited applications and utilities often target product or service categories where competition is fierce. Take music, for example. Nearly every new computer comes with preinstalled software designed to grab your business for music downloads. It may be Napster, MusicMatch, RealPlayer or Microsoft's own Windows Media Player. The preinstalled software usually takes over all sound-related file extensions, such as .MP3 or .WAV, and launches an in-your-face barrage of advertising any time you want to play something as simple as a sound effect.

Uninstalling isn't always as simple as it should be, either -- many preinstalled processes don't offer a standard uninstall routine.

Internet Explorer 7 is loaded down with preinstalled toolbars.

On my new notebook, Internet Explorer 7 is loaded down with preinstalled toolbars. (Click image to see larger view.)

Microsoft is certainly aware of this problem, but to some extent the solution is out of its hands. The computer maker, not Microsoft, is responsible for the extra software installed on the system and for making sure the final combination works correctly before it's sent to the customer.

When Windows XP was released in 2001, Microsoft attempted two changes to address this problem. The first was to prompt the user with a message offering to clean up unused desktop icons a few weeks after the system is installed. The second was a prompt offering to hide the tray icons that the user has not clicked on recently. But both changes merely mask the clutter; neither removes the underlying mess.

For all its changes in other areas, Windows Vista hasn't improved things much when it comes to dealing with the junk installed by hardware makers. I just purchased a new Acer notebook with Vista Home Premium installed, and it suffers from the same old plague of icons, advertisements and start-up utilities.

And several of the third-party applications consistently misbehave in ways that make me think that they are not yet Vista-compatible. For example, the PC came with Symantec's Norton Internet Security, which would often pop up error dialogs when the system resumed from sleep. The Windows error logs indicated that several Symantec software components were causing trouble.

Vista's error logs showing Symantec software impacting system performance.

Vista's error logs showing preinstalled Symantec software impacting system performance. (Click image to see larger view.)

Is there any way to avoid the clutter? For medium and large businesses, yes. Hardware makers often give bulk buyers more flexible setup options than they do consumers. You may be able to get a bare-bones operating system setup or even select your own preinstalled set of software. Small system makers may also offer bare-bones Windows setups to both consumers and businesses.

However, if you purchase these you should be sure that you are getting a legal Windows license for the system. The system builder should provide a certificate of authenticity at the very least, and preferably an original Windows DVD that you can use to reinstall or repair the operating system. You can verify that your Microsoft software is not pirated by going to the Genuine Microsoft Software site.

Taking Out the Trash

Nearly every name-brand consumer or small-business PC will have the same software mess that I've seen on my Acer. So, the first thing to do with any new PC isn't to start using it, but to clean it up.

Step 1: Back up.
Before starting, plan for a way to recover in case you delete important files. If you've literally just taken the system out of the box and haven't yet moved over your own files, you can just restore from the recovery CD or DVD that the manufacturer provides -- assuming that they provided one. Some vendors don't offer a disc but provide a reinstall image on a hidden partition on the drive.

If you've been using the PC for a while, backing up your own documents and data is a necessity. An external USB hard drive is a great option.

Step 2: Run PC Decrapifier.
After the backup, you're ready to start hacking through the clutter. One quick way to remove the junk is to use a utility called PC Decrapifier, which can automatically uninstall programs that it knows to be supplied by many hardware vendors -- even those that don't provide uninstallers. It's free for personal use or $20 for IT personnel who plan to use it on multiple computers.

When you run PC Decrapifier, you'll be presented with a list of items it can delete or change for you. Although it was originally written to clean up the junk installed by Dell on its computers (and still works best with Dell machines), it can be useful on other brands as well. The screenshot below shows what it found on my Acer.

PC Decrapifier at work.

PC Decrapifier at work. (Click image to see larger view.)

Step 3: Uninstall programs manually.
Even after using PC Decrapifier, you will probably find that there are other programs that you would like to eliminate. To uninstall programs manually, go to Control Panel, then to Add or Remove Programs (for XP) or Programs and Features (for Vista). You may need to switch to Classic View to see these options listed.


Just a few of the applications preinstalled on my new Acer.

Just a few of the applications preinstalled on my Acer. (Click image to see larger view.)

All of the vendor's preinstalled programs will be shown here. Keep an eye open for any entry with a name that includes words like "registration," "tour," "offer" or "trial." Also be suspicious of any entry with "toolbar" in its name; these are often browser toolbars that redirect your searches to sites that you haven't chosen. All of these are good candidates for removal.

On the other hand, do not remove entries that are listed as drivers; they are often required so that the associated hardware will work properly.

A few examples of software that can be deleted on my system include Acer Registration, Acer ScreenSaver and Acer Tour. Most of the other Acer software is optional as well, but you might want to keep Acer Arcade Deluxe if any of the games there interest you. I don't plan to use Symantec's Norton security software, so that can be uninstalled. Finally, I prefer the simplicity of Google's home page and don't like toolbars in my browsers, so the Yahoo Toolbar can be uninstalled as well.

To uninstall a program in XP, select it, click the Remove button, and click Yes. On Vista, right click the program and choose Uninstall.

Step 4: Boot into Safe Mode to uninstall any remaining programs.
It's not uncommon for programs that are OEM installed to either not have an Add/Remove Programs option or to have one that doesn't work. Your next step is boot into Safe Mode (hold down the F8 key as Windows begins to start) and try to uninstall the program in Add or Remove Programs (for XP) or Programs and Features (for Vista).

Unfortunately, some applications block their own uninstallation from Windows Safe Mode. To get around this problem, try installing a utility called SafeMSI, which lets you uninstall software from Safe Mode. Once it's installed, reboot to Safe Mode and try again.



Tip: Use SafeMSI to clean up Vista software conflicts
When you've installed Windows Vista as an upgrade to your existing Windows XP environment, you might find that many background programs for supporting minor hardware-oriented functions (such as DVD label creation) don't work under Vista or conflict with Vista in some way. It's quite common to see a bunch of error messages inside Windows after it boots on Vista-upgraded machines.

The way to turn off these errors is to eliminate software, but oftentimes it just won't uninstall. And Vista seems less permissive than XP about letting you uninstall things in Safe Mode, which is when SafeMSI can come in very handy.

Step 5: As a last resort for software that remains "stuck," turn to Google.
Despite your best efforts, certain pieces of software may resist being removed through normal channels. In most cases, a Google search on its name will turn up some custom instructions for removing it. There are also various third-party products for removing unwanted software, but cleanup for these tenacious programs is likely to be very app-specific and you'll likely have more luck with specialized instructions you find via Google.

Step 6: When you're done removing software, do a driver check.
While you're doing cleanup, it's also a good idea to check for new drivers. The most recent official drivers for a system are usually available at the vendor's site. Often you'll find that the drivers installed on the system are not the most recent versions available. This is especially true with PCs sold in retail stores, where the computer may have been on the shelf for several weeks or even months.

When the vendor doesn't have a working driver, another source is the Windows Update site. The Automatic Updates feature of Windows does not update drivers, so you must do this manually by going to windowsupdate.microsoft.com.

Step 7: Defragment and clean the disk.
Once all the undesirable software is removed and the drivers updated, you can defragment the drive (Start > Programs > Accessories > System Tools > Disk Defragmenter). Deleting and creating files creates significant disk fragmentation, and a fragmented drive degrades performance. You will also want to run Disk Cleanup (Start > Programs > Accessories > System Tools > Disk Cleanup) as well, because some setup or uninstall programs leave junk files behind.

Defragmenting the drive on a weekly basis will keep performance from degrading. Vista does this automatically through a scheduled task, but you'll need to do this yourself on XP.

Finally, the system is clean and ready to install the software that you really want. You may be surprised how much better the system behaves once you remove the junk that was put there by the system manufacturer.



Tip: Down the road, don't fall into the renewal trap
If you decide to purchase or subscribe to any of the applications or services preinstalled on your new system, remember that these companies expect you to stay with them when the time comes to renew. When a dialog pops up telling the user that his subscription has expired, most users will simply enter their credit card without doing any competitive shopping. Microsoft, Symantec and McAfee have even started to automatically bill users when their renewals are due.

As a result, companies generally offer the least favorable deals to renewing customers. Better prices are available through retail purchases or through competitive upgrades to different products. Even if you want to stay with Symantec, for example, you may be financially better off uninstalling it and purchasing a local copy from a retail store that includes a rebate.

Dave Methvin is chief technology officer of PC Pitstop, a free site that automatically diagnoses and fixes common PC problems.

Fear and anger erupt over $3 Microsoft Suite

Apr 26, 2007

Blogger: George Ou

By now, most people have heard that Microsoft will be selling a $3 version of Windows XP Starters Edition along with Office and some other educational software to students in the third world, but fear and anger have erupted in some circles in the Internet community. The two primary concerns I'm hearing across the forums are:
  • Isn't this illegal dumping and unfair to open source solutions?
  • Why aren't (insert first-world country here) students getting these prices?
To address the first question, we must look at the definition of dumping. It is generally accepted that dumping is taking place when a product is being sold below the cost of production as a means to undercut a competitor's price to put them out of business. Some may view the mere act of selling a product at lower prices in the recipient country than in the country of origin as an act of dumping, but the recipient country wouldn't usually file a complaint unless its local industry is being undercut in prices. In this case, the competitor in question is open source software, which isn't really owned by anyone, and Microsoft obviously isn't undercutting the price since $3 > $0.

Educational discounts are also nothing new, and companies are free to donate software to the schools. I've even seen programs where Microsoft actually gives away entire suites of software, including Windows, Office, Visual Studio, SQL Server, and more to computer science departments in American universities for the mere cost of the media and shipping.


But why is there so much fear of a $3 software suite comprising a crippled version of Windows XP along with Office and a few other educational titles? Surely this is a great opportunity for Linux and OpenOffice.org to compete in a market where people have no attachment or habit on any platform, since the open source solution is 100% free. These are countries where $3 might be a few weeks' food supply, and it's still a serious challenge for those nations to pay Microsoft millions of dollars in licensing fees. Surely in a situation where we're starting with a clean slate and the potential untapped market is bigger than the entire present computing user base, free has to be more attractive than not free. For the Microsoft suite to stand any chance of winning, it would have to be head and shoulders above a much cheaper competitor.


From my test results last year, Desktop Linux required significantly more hardware power than Windows XP, and it lagged behind in performance. While Desktop Linux has lower hardware requirements than Windows Vista, it is definitely more memory hungry than Windows XP, especially when you factor in the bloat and sluggishness from OpenOffice.org (OpenOffice.org wiki on performance). Since third-world nations will be getting a lot of old and refurbished computers, a modern GUI-based Linux plus OpenOffice.org will definitely present some challenges. From a novice user and administrator standpoint, Linux is still going to be more challenging than Windows. Now I am perfectly willing to accept the possibility that my assessment of the performance and usability situation is in some way, shape, or form wrong or misguided. But if that's the case, Microsoft will surely fail, and there is no need for open source advocates to fear a $3 suite from Microsoft.

The other big question among Americans and people in other first-world countries is why they aren't getting these kinds of breaks in pricing. The perception here is that the first-world nations are subsidizing the third-world nations in software, but is that really what's happening? Earlier this week, I read the news that Vista sold only 244 copies in China (that would be 243 more copies than I expected). All joking aside, I'm not surprised by these numbers in China or in any other developing nation where people make less than 1/10th the income of first-world nations. You cannot expect someone who's making $200 a month to fork out $200 in OEM software licensing costs. They'll save up for the hardware, since that can't be copied and you would actually have to deprive someone else of their goods in order to steal it. But they're not going to pay hundreds of dollars for software when they can just copy it. What this means is that first-world nations are subsidizing what is essentially free software to the third-world countries under the current system.

Full subsidization isn't the only problem; we're all under constant attack from the hordes of zombie armies born from software piracy. The vast majority of pirated black-market software being sold in the back alleys from Moscow to Bangladesh are laced with backdoors and rootkits. Not selling them software at prices proportional to their income levels simply means the bad guys get rich selling the software and they get a zombie army to boot. Software companies like Microsoft have the opportunity to undercut the pirates by selling low-cost legitimate software, since people would rather not break the law and they would rather not have infected computers. We would all benefit with fewer zombie botnet armies roaming the Internet.

External USB drives may have 'silent' CRC error failures

Apr 20, 2007

Serdar Yegulalp, Contributor
04.17.2007

I have two external USB/Firewire hard drive enclosures that I use for backup and offline storage. They're indispensible, especially when I'm dealing with a notebook computer or a mini-micro-tiny-tower that doesn't let you install a new drive internally.


But these drive enclosures have their fair share of pitfalls, including bad ribbon cables and faulty USB connectors. Not to mention the problem I ran into when migrating 50GB of data from an external drive to an internal one.


External drives use a "bridge" device—a controller that converts the IDE (PATA) or SATA signals from the drive to something that can be sent over the USB bus. Normally the bridge controller works fine ferrying messsages between both types of buses, but if there's a CRC error on the drive, it may not be reported back to the host the same way a locally mounted drive would.


While I was migrating the 50GB of data, the copying process seemed to go to sleep about halfway through; after a certain point, there was absolutely zero disk activity. I quit the copy action, then retried it from the console via Robocopy (I'd done it in Windows Explorer, basically because I was lazy) and watched the whole thing unfold. When a certain file was reached, the copy operation stopped hard.


Time for a different tactic. I disconnected my DVD drive to free up an IDE socket, then took the external drive out of its cage and mounted it in my PC. When I retried the copy operation with the drive running internally, it threw a CRC error with that file and died. In the end, about three files out of the 50GB batch were bad and couldn't be copied. Fortunately, none of them were irreplaceable, so I was spared the possibility of calling a data recovery clinic and begging them on bended knee for assistance.


I'm still trying to figure out if the problem is due to the bridge controller, or if it's a shortcoming in the way Windows handles external USB storage devices. My guess is the problem is due to the controller in question -- the drive cage only cost me $30, and I suspect in this case I got what I paid for. But my mind remains open to the possibility that this is a Windows issue.


About the author: Serdar Yegulalp is editor of the Windows Insight, (formerly the Windows Power Users Newsletter), a blog site devoted to hints, tips, tricks and news for users and administrators of Windows NT, Windows 2000, Windows XP, Windows Server 2003 and Vista. He has more than 12 years of Windows experience under his belt, and contributes regularly to SearchWinComputing.com and SearchSQLServer.com.

Detect Drive Failure Before It Happens

Apr 18, 2007

Monitor the condition of your disk drives for predictions of failure. Roughly 60% of all disk drive failures are mechanical in nature—from spindle-bearing wear to read/write heads banging into delicate disk platters and now technology built into the drives can report anticipated and specific failures to give you a chance to rectify the situation, hopefully before it is too late to retrieve your data.

In addition to monitoring a variety of parameters related to mechanical events (disk platter RPM, time to spin up, motor current, head seek failures, and sudden shock to the drive chassis), S.M.A.R.T. (Self-Monitoring, Analysis, and Reporting Technology) can report read and write retry attempts necessary due to defective areas on the disk or head failure or drive temperature. Many S.M.A.R.T.-enabled drives can also report how many times they have been turned on and off and the number of hours the drive has been on.

If S.M.A.R.T. is enabled in your system BIOS, the BIOS will check and
report any early or permanent signs of disk failure. You can also monitor your drive’s condition with a S.M.A.R.T.-aware disk monitoring program.

To view all available S.M.A.R.T. information about your drive, try the free
DiskCheck utility from http://www.passmark.com/products/diskcheckup.htm. DiskCheck is a nonresident utility that will show you exact drive information and all of the supported S.M.A.R.T. statuses from your drive. There’s also Ariolic Software’s ActiveSMART (http://www.ariolic.com/activesmart/) resident monitoring tool, which provides a wealth of detail on drive status and notification of potential failures. If you get a S.M.A.R.T. warning about a drive failing, back up your data immediately and replace the drive.
Hacking the Hack


A failing disk drive is no fun. A failed disk drive is even less so. In my work
in various IT shops, I’ve encountered a lot of grieving “Have I lost all of my data?” looks from end users. It is indeed a sad time, but an opportunity to become a hero. If you can spend the time with various tools to attempt, and even better succeed, at saving someone else’s work, you can feel like you actually accomplished something in the course of your day besides resetting some forgetful user’s password or plugging their mouse back in.

A plethora of disk drive repair and data recovery tools are available to help
you emulate that fictional superhero “Super DataMan.” (OK, he doesn’t really exist, I made him up…)

I’ve long since given up on the pedestrian Norton Utilities like Norton Disk Doctor because it does not do enough to spend the time running it, especially for those really cranky lost partitions, erratic mechanical problems inside the drive, and when S.M.A.R.T. says the drive is bad or going to be bad soon.

When it’s time to recover partitions and data I unlock my arsenal of serious disk recovery tools, which are:
• Steve Gibson’s SpinRite 6.0 (http://www.spinrite.com) for finding and fixing or moving bad data blocks on FAT, NTFS, Linux, Novell, Macintosh, and even TiVo volumes
• Ontrack’s Easy Data Recovery (http://www.ontrack.com) for digging deep inside a drive and extracting recovered data to other media
• Symantec’s GHOST (http://www.symantec.com) to “peel” data off a bad drive to a disk image for replacement onto another drive, or to extract individual datafiles with Ghost Explorer
• Kurt Garloff’s dd_rescue (http://www.garloff.de/kurt/linux/ddrescue/) to image Linux partitions to other media for later recovery use (see http://www.oreillynet.com/pub/wlg/5205 for an excellent write-up and tips)

If your own data recovery efforts fail, you can always resort to a data recovery service like Ontrack (http://www.ontrack.com) or ActionFront (http://www.actionfront.com).

This material has been adapted from PC Hacks by Jim Aspinwall, published by O'Reilly Media, Inc. Copyright O'Reilly Media, Inc., 2004. All rights reserved. To purchase this or other O'Reilly publications, click here.


Microsoft releases patch for Windows ANI flaw

Apr 2, 2007

By Bill Brenner, Senior News Writer
02 Apr 2007 | SearchSecurity.com

Microsoft Corp. on Tuesday released the anticipated out-of-band patch for the critical Windows ANI cursor-handling flaw. The company originally had planned to release the patch next Tuesday with its normal set of monthly fixes, but officials decided to publish it early because of ongoing attacks against the vulnerability.

This fix marks just the third time that Microsoft has released a security patch outside of the monthly cycle, a clear indicator of the severity of the vulnerability and the company's concern about the attacks. Microsoft officials said the attacks at this point are limited, but they're continuing to monitor the situation. The vulnerability is in how Windows handles animated cursor (.ani) files. Microsoft confirmed last week that attackers could exploit it to run malicious commands on a victim's machine. The flaw can be exploited when users visit a malicious Web site or open a tainted email attachment. Users are at risk even if they are browsing with Internet Explorer 7 on a system running Windows Vista. Most versions of Windows are vulnerable.

Indeed, attackers have wasted no time in exploiting the flaw, according to a variety of security vendors. The Bethesda, Md.-based SANS Internet Storm Center (ISC) took the rare step of raising its alert system to yellow over the weekend because of the number of sites hosting malware that could exploit the flaw.

"We continue to receive reports of sites hosting the malware, possibly to get ready for the Monday work day in Europe and the US," ISC handler Kevin Liston wrote on the organization's Web site.

The Chinese Internet Security Response Team (C.I.S.R.T) has detected a worm-like payload that exploits the ANI flaw. According to the organization's report, "It has the same behavior as Worm.Win32.Fujacks [and] can infect .html .aspx .htm .php .jsp .asp and .exe files." The exploit inserts malicious links into such files and can also be used to send out spam, the organization said.

McAfee Inc. is also reporting a spam campaign that exploits the flaw, saying it has detected "many Web sites linking to other sites that attempt to exploit this vulnerability."

Late last week, third-party security organizations started releasing their own fixes for the flaw, including Aliso Viejo, Calif.-based eEye Digital Security and the Zero-Day Emergency Response Team (ZERT).

"This is a very serious vulnerability that is almost certain to be exploited on a wide-scale basis," ZERT member Randy Abrams said in an emailed statement. "If the vulnerability were limited to animated cursors alone it would not be as serious, but there are reports of .jpg files, which are very commonly used in Web pages, being exploited as well."