February 25th, 2009

Posted by Ryan Naraine

After more than two weeks (months?) of inexplicable silence on mitigations for a known code execution vulnerability in its Reader and Acrobat product lines, Adobe has finally posted public information on the problem but the company’s response falls well short of providing definitive mitigation guidance for end users.

[ For background and a timeline on how *not* to handle incident response, HD Moore's blog post is a great start. ]

Adobe’s response simply confirms what we already know and reiterates that turning off JavaScript will NOT eliminate the risk entirely.  However, the company does not offer any definitive suggestions or workarounds, instead pointing to a list of anti-malware vendors blocking known attacks.

Here’s what we have from Adobe:

• We have seen reports that disabling JavaScript in Adobe Reader and Acrobat can protect users from this issue. Disabling JavaScript provides protection against currently known attacks. However, the vulnerability is not in the scripting engine and, therefore, disabling JavaScript does not eliminate all risk. Keeping this in mind, should users choose to disable JavaScript, it can be accomplished following the instructions below:

1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK

While this information is better than the silence we’ve gotten from Adobe since the attacks became public, it falls well short of providing the protection information that businesses and end users need when in-the-wild malware attacks are occuring.

The company did not offer any details on the actual vulnerability.  It did not provide workarounds.  It did not provide mitigation guidance.   Adobe simply rehashed what we already knew and confirmed that the public mitigation guidance from third parties is/was not definitive.

As my former ZDNet Zero Day blog colleague Nate McFeters points out, the issue is much worse than first imagined.

• I decided I’d test this out and found that on a fully patched Mac OS X build, Safari 4, Mail.app, Preview.app, and potentially others all crash using the proof of concept exploit provide on milw0rm.  The crash is actually in PDFKit, which supports all of those applications and likely much more.

According brand viagra without prescription to this Secunia’s Carsten Eiram,  his company managed to create a reliable, fully working exploit which does not use JavaScript and can therefore successfully compromise users, who may think they are safe because JavaScript support has been disabled.

• All users of Adobe Reader/Acrobat should therefore show extreme caution when deciding which PDF files to open regardless of whether they have disabled JavaScript support or not.

If Secunia can do it based on information that’s public, what’s to stop malicious hackers with major financial motivation?

So what now Adobe?

• Date: December 9th, 2008
• Author: Jack Wallen

With the help of Wine you can install Windows applications on Linux. But what if there are Linux applications you want to run on Microsoft Windows? Say, for example, you want to use Dolphin for your file manager instead of Windows Explorer. Thanks to a group of KDE developers, it’s possible.

Now don’t get overworked thinking you’re going to have the entire KDE workspace. You’re not. What you can get, however, is a lot of the KDE-specific applications up and running on Windows (2000, XP, and Vista). And many of these applications are integrated within themselves (so when you click an image in Dolphin, Gwenview automatically opens to display the image).

What is nice about KDE on Windows is that the aim of the project, since inception, is to create these applications as native ports. So there is nothing like Cygwin acting as a middle-layer to help run the KDE applications. This helps tremendously in keeping memory and CPU usage down to a minimum.

At this point I should warn you, some of the applications do not work perfectly. Take for instance Konqueror. Konqueror works perfectly as a file manger, but as a Web browser it is somewhat slow and prone to bugs. But it does work in both functions. Another application, Amarok, is unstable to the point of not being usable yet. That is not a problem; you can simply deselect the unstable applications during installation.

With that said, let’s get on with the installation.

This blog post is also available in PDF format in a TechRepublic download and as a TechRepublic Photo Gallery.

Getting and installing

The installation of KDE on Windows isn’t difficult, but it is time consuming. Fortunately much of this time is not interactive (so you can step away from the machine and get some work done). The first thing you need to do is download the KDE installer. Once the installer has finished downloading, double-click the .exe file and the installation will begin.

The first step in the installation is to select the Installation directory (Figure A).

Figure A

The default installation path is probably the best choice.

The next step is to choose the Install Mode (Figure B). The purpose of this is to dictate to the installer application if the installation is for an end user or a developer. If you are not planning to do any developing for KDE on Windows, your best bet is to select the End User option.

Figure B

If you select Development Mode you will also have to select a Compiler mode.

It’s very important that you select the proper Compiler Mode (if you plan on doing a Developer installation). Once you make your selection and install, you cannot change the compiler type without uninstalling and reinstalling. You can, of course, do another install and just install KDE into a different path on your hard drive. This will allow you to run different types of compilers on different installs.

Since most of you will not be doing a developer installation, we are going to continue on with an End User installation.

The next step is to configure a local storage location (Figure C). This local storage directory will be where all downloaded files are retained for the installation process.

Figure C

There shouldn’t be any reason you would need to change this directory.

Now it’s time to configure Internet settings (Figure D). This is necessary because the installer has to download everything it needs, so it must know how to get to it.

Figure D

If you are behind a proxy server, the installer will fail if the proxy is not configured here.

Along with the Internet connections configuration, you have to select a download server (Figure E). Naturally you will want to select the closest in proximity to your machine.

Figure E

Of course, even if the server is near you, that doesn’t always mean you will have the best speeds.

The next step is to choose the release you want to install (Figure F). As of this writing there are only four choices: 4.1.0, 4.1.1, 4.1.2, and 4.1.3. Installing 4.1.3 will bring you closest to the latest features of KDE 4.

Figure F

You can always go back and install other releases by installing them in different folders.

The next step is the final configuration in the installation. You now have to select the packages you want to install. As you can see in Figure G, I have opted to not install the unstable packages as well as the various language packages.

Figure G

Unless you have a need for the various language packages, not installing them will save a good deal of time during the installation.

The next window (Figure H) serves only to inform you what additional packages will be installed, based on your package selection. These are all dependencies (libraries, etc).

Figure H

You cannot deselect any of these packages.

Finally the installer will begin to download all packages necessary for the installation. In my case there are 50 packages to install (Figure I).

Figure I

Go work on that Apache server because you’re going to have the time.

Once everything has been downloaded, the installer will automatically compile and build the applications. When all is complete you will be greeted with a window (Figure J) informing you the installation is complete.

Figure J

Click Finish and you’re ready to rock the KDE way.

With the installation complete, there is no need to reboot. You are ready to take a peek at the KDE applications you now have installed on your Windows machine.

inexpensive cialis class=”entry” align=”justify”>A quick glance

One of the most welcome applications is the Dolphin file manager. I have never been a huge fan of Explorer, so having a Linux file manager is a welcome addition. To get to Dolphin you only need navigate to the KDE submenu in the Start menu. If you installed KDE 4.1.3 the menu entry will be titled “KDE 4.1.3 Release.” Within that submenu you will find a number of child menus (Figure K).

Figure K

You will notice as you navigate through the KDE menus that anything regarding the desktop is missing.

In the System submenu you will find the entry for Dolphin. Load Dolphin to see just how well the KDE applications have been ported to Windows. Figure L shows Dolphin in action.

Figure L

As you can see Dolphin contains many of the standard KDE features.

Like much of the KDE-ported applications, Dolphin works exactly as expected. The only feature I have yet to be able to take advantage of is connecting to a network connection. I have attempted to connect Dolphin through SSH (with the help of Putty) but have yet to have any luck. Outside of that small issue, Dolphin makes for an outstanding replacement for Explorer.

Final thoughts

There are many reasons why you would want to install KDE on Windows. And I am confident that eventually the developers will manage to port the entire desktop experience onto Windows. At this point, I can’t see any reason to run the standard Windows desktop.

Give KDE on Windows a try. Even if you find only one application that you use regularly, it will be worth the effort.

Here's a great program for all you photo enthusiasts out there! The program is called PhotoScape and it has a ton of features!

PhotoScape is a free program that does just about everything when it comes to photos and images. It can edit, alter, resize, crop, frame, combine and so much more. I couldn't even find enough time to go through everything this program does! The makers of the program even say it supports RAW files, which is something you don't find very often.

A couple of my favorite features are the easy to use page layout for making collages of prints and the cool clip art it comes with so that you can add a little flare to your photos!

cialis reviews border=”1″ width=”450″ height=”331″ />

You can download PhotoScape for yourself right here. Enjoy!

I don't know about you, but I've been dealing with a very frustrating issue with Windows Vista on my notebook computer lately. Here's what happened: I put the computer into sleep mode, closed the lid and then unplugged the network cable. But just a few moments later, the computer woke back up! It happened several times and typically, it did it when my computer was already in my laptop bag, so I didn't notice it until I got to my destination and the battery was nearly dead. What a nightmare!

As it turns out, there's a very easy fix for this problem! All you have to do is disable the "Wake on LAN" feature in Vista. Essentially, the computer is set to automatically wake up from network traffic, which seems to include pulling out the network cable.

To change the setting, type "Device Manager" into the Start menu search box and then browse through the Network Adapters section until you find your network adapter. In this case, mine is "Broadcom NetXtreme Gigabit Ethernet."

Right click on your network adapter and choose cialis review Properties from the menu. In the resulting dialogue box, click on the Power Management tab.

Next, uncheck the box next to "Allow this device to wake the computer" and the problem will be solved! You'll also notice there's a warning about having the option enabled in the first place. I hope this tip helps you!