November 6, 2008
IrfanView
IrfanView is a fast and compact image viewer/converter that's added even more features to its best attribute: resizing and cropping pictures quickly.
License: Free
OS: Windows 95/98/Me/NT/2000/XP/2003 Server/Vista
September 10th, 2008
I’m reading lots of complaints about the new iTunes 8 update causing horrific problems on Windows machines, including widespread reports of STOP errors, aka the Blue Screen of Death. My colleague Adrian Kingsley-Hughes has asked readers for reports and Gizmodo has a sketchy post as well. How can this be happening? Assuming that the underlying hardware is working correctly, STOP errors can only be caused by kernel-level drivers or system services. A poorly written program can crash itself but not the entire system. So how can a supposedly simple software update cause a fatal crash?
Maybe because this isn’t a simple software update. Once again, Apple is using its automatic update process to deliver massive amounts of new software to users, including a device driver that has a long and buying cialis checkered history of causing the Blue Screen Of Death to appear. And it’s delivering this massive payload without even a pretense of proper disclosure and without asking consent from its users.
I was able to reproduce a crash using an iPod and iTunes 8 and fixed it by removing the suspicious driver. I’ve dissected the process and put together a gallery that shows how extensive the infiltration is and where you can find the likely culprit.
To see what software is sneaking along with the upgrade,
see my image gallery: Apple’s sneaky iTunes 8 install
Here’s a blow-by-blow analysis of what happens when you allow Apple Software Update to install iTunes 8:
The first thing you see is a notice from Apple Software Update. It promises an update to iTunes+QuickTime and says nothing about any other software.
Next, you accept a license agreement, which also makes no mention of anything other than iTunes. According to a code at the end of the license agreement, it has not been updated since October 2007.
After you enter your administrator’s credentials in a dialog box, the download and installation proceed automatically. The downloader dialog box notes that the complete install package is nearly 80MB in size, but the size shown in its progress bar changes several times.
Opening the folder where Apple Software Update stores its temporary files reveals what’s really going on. The download consists of five installer packages and a master setup program. In addition to iTunes and QuickTime, the package includes the Bonjour service (which has been a part of iTunes for a long time), plus Apple Mobile Device Support and MobileMe. The latter two packages appeared for the first time, according to Ars Technica and other sources, in the July update to iTunes. And a look inside Control Panel shows that this time around, Apple is giving Windows users an opportunity to uninstall MobileMe, which they didn’t do in the previous update.
When I used an antispyware tool (Sunbelt Software’s VIPRE), it detected that a new Apple program was loading at startup. Although it went by the prosaic name AppleSyncNotifier, its icon reveals that it’s actually MobileMe.
But in addition to all that software, Apple is also sneaking a couple of driver updates onto the system. One is a USB controller update, which is apparently used when connecting an iPod or iPhone to the system. On my system, this driver file was copied to the system but was not installed until I connected an iPod Mini via a USB port. Most of the trouble reports on the Apple forum indicate that this driver is identifying itself in the text that appears on the STOP error page. The only clue that this driver is being installed is in the System Restore dialog box.
In addition to this driver, the system also updates the GEARAspiWDM.sys driver (in Windows\System32\Drivers). I had to dig deep to discover this change, which is not documented anywhere. This driver is typically used with third-party programs that write to CD and DVD drives. The old iTunes versions of this driver is dated January 29, 2008. The new one is from April 17, 2008. This driver has a long and colorful history of causing Windows crashes. [Update 17-Sep: After looking deeper, I can confirm that Apple’s driver is the culprit and that Gear’s driver is unrelated to these crashes. In fact, Gear’s signed driver might even be an innocent bystander in a separate iTunes support issue. See my follow-up post “Apple, not Gear, deserves the blame for iTunes crashes” for details.] I remember dealing with it back in Windows 2000 days. And sure enough, a search for GEARAspiWDM.sys BSOD turns up thousands of hits. I’ve also found anecdotal reports of this driver causing iTunes to crash, including this one from the Gear Software forum last May. The image below shows the Previous Versions dialog box, which I used to determine that the file had been updated.
When I plugged an iPod Nano into my Windows Vista system for the first time, it offered to install a driver and then asked me to reboot. When I restarted, I plugged in the iPod again and the machine locked up solid. No blue screen, just a black screen that didn’t respond to any input. After a restart, I tried again and got the same result when I attempted to open iTunes.
For the third try, I decided to replace the GEARAspiWDM.sys driver file with its earlier version. I used the Previous Versions feature of Windows Vista Ultimate to find the older version, copied it to my desktop, deleted the newer driver, and then copied the January version to the Drivers folder. This time iTunes opened just fine, displaying the contents of the iPod. (When I simply deleted the driver file, I got an error upon starting iTunes warning me that my installation was incomplete and that I might not be able to burn CDs or DVDs until I completed it.)
I can’t say my tests are conclusive, but my long history with this file suggests that it might well be at the root of the problem for others as well.
An even bigger problem is Apple’s attitude toward its Windows customers. These additional software packages and drivers are being installed with no disclosure and no consent. A pile of software, including the troubled MobileMe service, is also being installed and enabled at startup on Windows machines, even where the user has no MobileMe account and, for that matter, no mobile device.
Apple’s Get a Mac ads love to tweak Microsoft for its frequent crashes. Someone from Apple needs to look in the mirror and realize that they’re the problem in this case.
September 24th, 2008
In what is slowly turning into a endless loop of hacktivism activities, Bill O’Reilly’s BillOreilly.com has been compromised during the weekend, with personal details including passwords in plain text for 205 of the site’s members already leaking across Internet forums, as a response to his remarks regarding Wikileaks as a “one of those despicable, slimy, scummy websites” which recently published private information of Sarah Palin’s private email.
On Friday, Wikileaks issued the following press release :
“Fox News demagogue, Bill O’Reilly, has been hacked and the details passed to Wikileaks. Wikileaks has been informed the hack was a response to the pundit’s scurrilous attacks over the Sarah Palin’s email story–including on Wikileaks and other members of the press, Hacktivists, thumbing their noses at the pundit, took control of O’Reilly’s main site, BillOReilly.com. According to our source, the security protecting O’Reilly’s site and subscribers was “non-existent”.
The following image, submitted to Wikileaks and confirmed by Wikileaks staff, offers proof of the hack. The image, clearly obtained from BillOreilly.com’s administrative interface, shows a detailed list — including passwords — of BillOreilly.com subscribers. Although Wikileaks has only released one page, it must be assumed that Bill O’Reilly’s entire subscriber list is, as of now, in the public domain.”
How did they do it “this time”?
According to the article at Wikileaks, the hacktivists seem to have been brute forcing the URL for the administration panel, and once successfully finding it, access the unencrypted data :
“According to Marston, the hackers were able to access the list by trying a large number of variations of the website’s administrative URL. He said all affected members have received an email and a phone call informing them of the breach and urging them to change their password. The site has since been completely locked down, Marston said.”
Moreover, it’s also worth pointing out that the passwords were stored unencrypted, evidence of the practice can also be seen within the screenshots of the admin panel. As far as the website’s administrative URL is concerned, it has since been changed once it leaked online (w3.billoreilly.com/pg/jsp/admin/managecustomers/newpremiummembers.jsp), which isn’t excluding the opportunity for abuse of the subscribers email addresses in spear phishing attacks, “for starters” since some of the users have already admitted of using the same password at different web sites, including PayPal.
The impact of the breach, and the measures taken to notify the victims according to the site :
“The BillOReilly.com site experienced a minor hacking incident on Friday, September 19th, 2008.
** ALL CREDIT CARD INFORMATION FOR EVERY MEMBER IS SAFE
** NO MEMBERS WHO JOINED BEFORE WEDNESDAY, SEPTEMBER 14th, 2008 WERE AFFECTED AT ALL.
** 205 new Premium Members who signed up last week had their name, hometown, email address, & BillOReilly.com password stolen.
** We have contacted those 205 members by email and telephone.
** We are working with the proper authorities to track down the perpetrators. “
Another personal message issued by Bill O’Reilly regarding the process of tracking down the “perpetrators” was posted on Sunday :
“The FBI and Secret Service are close to indicting some of the perpetrators and we will keep you posted when the arrests are made. All premium members receive the full backing of our legal team and if anyone is hassled in the least, please inform us immediately. In the latest case, no proprietary information was obtained by hackers and we have safeguards in place to protect everyone who does business with us.
Rest assured that we are on this. Our defense of Sarah Palin has led some criminals to attempt to disrupt our enterprise. At this moment federal authorites and our attorneys are compling information against these people. Again, if any person is bothered in any way – please let us know. We stand behind our products but, most importantly, we stand behind you. We’ll get the bad guys. Count on it.
Bill O’Reilly
9/21/08″
Who’s claimed responsibility? 4chan members planning at Ebaumsworld using “secret words” :
“According to my source this is a common tactic among the secret hacking group hidden amongst the users of ebaumsworld. he states “yeah we will start planning on 4chan so ebaums doesnt get in trouble…we use secret words and stuff to let the others know who we are” when i asked why he was telling me all this he said “man this has just gone too far.. at first it was a joke then we found out that the same usernames and passwords worked for those peoples paypal accounts and im afraid of what they will buying cialis without prescription do.”
It appears that the “forum fraction” is also planning a DDoS attack against BillOreilly.com according to this interview, which wouldn’t be the first time the site has been under DDoS attack, and definitely not the last. From an analyst’s perspective, nation2nation hacktivism conflicts always provide the best and most accurate understanding of a particular’s country’s capabilities into this space, compared to hacktivism actions basically sticking to the standard practices as DDoS attacks, which just like any tip of the iceberg receive most of the attention due to the ease of measuring their impact next to the rest of the hacktivism tactics used.
The bottom line – good time to point out why you shouldn’t use the same password on different web services, and that the big picture having to do with Wikileak’s vision of a little less secrecy, and a little bit more transparency, ultimately better serves the world and gives power to the people whose collective consciousness, if not brainwashed, is supposed to be shaping the way we live.
October 7th, 2008
He appeared to be getting more and more frustrated with something and my daughter, Lori, suggested that I go over and see if I could help. He couldn’t get OpenOffice to open the PowerPoint deck. As I’m able to do that magic trick with the version I have on my Windows, Linux and Mac systems, I was pretty sure that he merely needed to download a recent update.
<start ominous sound background music>
As I approached the Acer laptop we purchased for Steven as a birthday gift, I remembered that his machine came loaded with Windows Visita. Since I’ve done my best to avoid that operating system, I sat down at the buying cialis without a prescription machine with some trepidation.
Although it was a bit difficult, I was able to find all of the usual functions even though some of them had been renamed and could be found in different places. I guess the folks at Microsoft thought that folks using their systems would enjoy a treasure hunt while working with the system.
The next thing I noticed was how poorly the machine performed doing simple tasks. Steven’s laptop has a similar processor, memory and storage configuration to my infamous Dell laptop that runs Windows XP, I expected to see similar performance. It was like trying to get something done in slow motion.
I was finally able to get the Web browser pointed at the openoffice.org website and tried to find and then download the required update. Every time I tried to do something a string of system messages popped up asking me if I really wanted to do what I just told the machine to do. Even though I clicked through the messages, I was never able to get anything to download.
So, I did what anyone else would do including, sending curses to the folks who designed the user interface and security protection for Windows Vista and then spoke with my daughter about reloading Steven’s system with Linux. Then I did something that most could not do – I took the thumb drive over to one of my office systems. I was easily able to open the slide deck, save it in an earlier PowerPoint format and make the presentation work with the software on Steven’s system.
<Turn off ominous sounding music>
What do you suppose a typical parent would do when these issues came up? Most don’t have a home office containing so much computer equipment and different types of software.
Have you run into this problem?
September 21st, 2008
If MS is pushing up Win 7, what is going to happen to all the Vista users? Are they going to get screwed by a short term OS? It seems that MS is stuck between a rock and a hard place on this one. If Vista becomes a speed bump, then the Vista users will be angry. If they don’t then all the people who hate Vista will be angry. While in total numbers Vista users are small in number now it still is a large number of people.
I might quibble with the characterization that the total number of Vista users is small. Even if you discount Microsoft’s numbers by 50%, you still have 100 million people using Vista today. That’s a huge number by almost any standard and is only small when you compare it to the billion or so Windows machines in existence. So, are those millions and millions of customers out in the cold when buy tadalafil cialis Windows 7 comes out?
In a word, no. Microsoft has a well-documented support lifecycle for its software products. It’s part of the agreement that the company makes with everyone who installs Windows, especially business customers who want some assurance that they’ll be able to get updates and support for operating systems and applications even if they choose not to upgrade to the latest and greatest. Here are the high points and how they relate to Windows Vista.
The lifecycle includes two main phases:
-
The Mainstream Support phase includes security updates, non-security hotfixes, no-charge incident support, paid support, warranty claims, design changes and feature requests, and access to online resources such as the Knowledge Base and Microsoft Help and Support.
-
In the Extended Support phase, Microsoft continues to provide security updates, paid support, and online information. Customers who want hotfix support can purchase an extended agreement within 90 days of the end of the Mainstream Support phase.
After the Extended Support phase ends, you can continue to use online self-help resources, but all other support has to be provided through third parties or through custom support agreements such as those enjoyed by some large corporate customers.
So how do these support options map for you? That depends on whether you’re using a business or consumer product.
-
For Business and Developer products (which includes Business, Ultimate, and Enterprise editions of Vista), the Mainstream Support phase runs for a minimum of five years or two years after the release of the next edition of the product, whichever is later. Assuming that Windows 7 ships in 2009 or 2010, that means Vista will enjoy mainstream support until at least November 30, 2011. The Extended Support phase runs for an additional five years, so you can count on security updates for Vista until at least November 30, 2016.
-
For Consumer products (which includes Vista Home Basic and Home Premium), Microsoft provides Mainstream Support only. Because the launch of the consumer version of Vista was two months later than the business launch, the support lifecycle provides for full support until at least January 30, 2012, or two years after the release of Windows 7, whichever is later.
Good news for consumers is that security updates apply to all Windows versions, so any Vista security updates made available via Windows Update should be delivered to consumers and businesses alike, even during the Extended Support phase. So your copy of Vista Home Premium will continue to receive security updates for at least eight more years.
And what about XP? When Vista came out, conspiracy theorists were quick to predict that Microsoft would abandon it and force customers to switch to Vista. I debunked that notion shortly before Vista shipped. A few months later, in January 2007, Microsoft officially expanded its support terms for XP, covering home editions under the Extended Support phase (see “XP gets a new lease on life” for details). So, if you use any XP edition, you’re covered through April 2014.
By that time, of course, Windows 8 will probably have been released, which means that Microsoft will be actively supporting four separate desktop editions of Windows.
