February 13, 2009

Google Knol

According to Google, a knol is "a unit of knowledge, an authoritative article about a specific topic." The Google Knol service just reached 100,000 articles and it's finally being recognized as a potential cialis news competitor to Wikipedia. If you'd like to learn more, here’s how you can get started reading and contributing to Google Knol!

Reading It

Reading a Knol is simple! All you have to do is point your Web browser to http://knol.google.com and search for whatever you'd like to read about. The search is powered by Google, so you know it’s good!

As you can see, there are a lot of Knols (774) about Barack Obama, ranging from his foreign policies to buying cheap Obama memorabilia. Knols can be written by anyone, so the content varies quite a bit.

Writing Your Own Knol

To write a Knol of your own, go to http://knol.google.com again and click on Write a Knol.

Click on the Write a Knol button again. You’ll then see the basic structure for writing a Knol. You can choose your license as well, which I think is great! Pick from three Creative Commons licenses (saying that people can use it, but with conditions) or All Rights Reserved (only under limited circumstances can people use it).

Happy Knolling, my friends!

Bookmark to:

Hide Sites

Filed under Google by al

Permalink • Print • Email • Comment

Drivers

Q:
Can you tell me what drivers do?

A:
Drivers are mini-programs (instructions) that tell your computer how to use its hardware. Each hardware device has a driver.

Some, like drivers for a keyboard or mouse, are built into the computer itself. Others, like video card drivers or modem drivers, need to be installed when you get a the new hardware device. Without the proper driver, your stuff won't work.

If you're having trouble with a particular hardware cialis natural device, chances are that an updated driver may solve your problem. These can be found at the website for the company that made your equipment. Two good sources to help you locate updated drivers are Windrivers and DriverGuide.

Bookmark to:

Hide Sites

Filed under OpSys, software by al

Permalink • Print • Email • Comment

February 12, 2009

If NoAutoRun.reg doesn’t work, you may need space

By Dennis O'Reilly

The way word-wrapping alters line breaks in some browser windows thwarted a few of our readers' attempts to disable AutoRun.

If you manually typed a line break where the code requires a space, and you couldn't get the file to work, a simple change will do the trick.

Windows Secrets contributing editor Woody Leonhard authored a Jan. 22 Top Story on the Conficker/Downadup worm and included a link to a Nov. 8, 2007, article.

That article, by associate editor Scott Dunn, explained how to add a Registry key to block Windows' AutoRun function. After you do this, if you unknowingly insert a hacked CD, DVD, USB drive, or other external drive, it won't automatically infect your PC. The technique involves copying and pasting three lines of code into a NoAutoRun.reg file, then right-clicking the file, merging it into the Registry, and rebooting.

One of the lines of code is very long and looks as follows (it's all one line, but it word-wraps to two lines in small windows):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf

Reader Rob Oppenheim wasn't the only reader who found that merging into the Registry the file he created had no effect, because he'd entered a line break where his e-mail program had word-wrapped that line:

"In your [most recent] newsletter, you refer to a Web page that describes how to disable autoruns. The page describes a .reg file with a key that displays cialis mg dosage broken across two lines (at least on my machine it displays that way). Unfortunately, it's not obvious that there's a space in the key; that is, it should be 'Windows NT' and not 'WindowsNT.'
"The page does explain that the key should be all on one line but does not mention that the space is required."

If this key shows up in your e-mail program as a single line, all is fine. However, if it wraps to two lines between "Windows" and "NT," and you manually type in the key, you may not realize that there should be a space between the two words, not a carriage return.

Regardless how the Registry key appears in your browser, if you copy the lines from Scott's article and paste them into your text editor to create a NoAutoRun.reg file, the space between "Windows" and "NT" will be included.

Delete the key to restore your AutoRun

Several people tried life without AutoRun and decided they missed the feature. For example, after disabling AutoRun, you must manually open the autorun.inf file on any software disc you might want to auto-install. Marlin Brutlag puts it succinctly:

"Is there a safe way to remove it [the block on Windows' AutoRun feature] if no longer desired?"

To restore Windows' default AutoRun behavior, simply delete the key that was created when you merged the NoAutoRun.reg file. To do this, open the Registry Editor: in Vista, click Start, but in XP, click Start, Run. Then type regedit and press Enter. In the left pane, navigate to the IniFileMapping key in the Registry path shown above. Expand the key, right-click Autorun.inf below it, and choose Delete.

See Microsoft Knowledge Base article 310516 for details on adding, deleting, and modifying Registry keys.

Resuscitate a dead drive by giving it the gas

After reading reader Scotty Burrous's description of how he brought a hard drive in his mother's PC back from the dead, I started to think I'd been watching too many scary movies:

"My mom's laptop recently croaked. The two-year-old 60GB hard drive decided it had had enough and the platter quit spinning. I hooked it up to a 2.5-inch USB adapter after removing the cover, negating any and all out-of-date warranties, etc. When energized, the indicator LED — normally green — was red and the platter didn't move.
"There were a few files my mom hadn't backed up — sigh, she's 86 years old — but decided she desperately needed. With tweezers, I manually rotated the platter on the hub, not touching the disk. I noticed it was difficult to turn, so I figured, 'What the hell?'

"I purchased a container of butane — the stuff you refill a cigarette lighter with — and dispensed some of it (frequently) onto the bottom bearing. When energized, the platter spun up and I managed to get all the pertinent data from the drive! And with continued application of the butane, I ended up copying all the data from the (now) ex-drive."

I'm going to take Scotty's word that this tip actually worked — but kids, don't try the butane-on-the-bearing trick without adult supervision! (I can't help wondering what Scotty tried on the sick drive before he turned to lighter fluid.)

Bookmark to:

Hide Sites

Filed under OS XP by al

Permalink • Print • Email • Comment

Keep the latest worm infestation off your PC

By Woody Leonhard

It's been a hellacious week for security admins all over the world: the polymorphic worm known as Downadup, Conficker, and Kido has infected millions of computers.

Fortunately, you can scan, scour, and secure your systems by following four relatively simple steps.

Remember the patch that Microsoft released suddenly — "out of cycle" in the parlance — back in October 2008? Windows Secrets followed suit with an out-of-cycle news bulletin about the patch on Oct. 24. Susan Bradley recommended that readers immediately install the update described in MS08-067 (KB article 958644) to protect against "a remote-code attack that could spread wildly across the Internet."

Just as Susan predicted, the remote-code attacks started appearing shortly thereafter. On Oct. 26, Christopher Budd of the Microsoft Security Response Center posted the following in the MSRC blog:

"We are aware that people are working to develop reliable public exploit code for the vulnerability. We are aware of discussion about code posted on a public site, but our analysis has shown that code always results in a denial of service, to demonstrate the vulnerability. So far, we've not seen evidence of public, reliable exploit code showing code execution."

By mid-November, the Microsoft Malware Protection Center (MMPC) said in a blog posting that it had collected "over 50 distinct exploits of this vulnerability." However, MMPC said the instances were very limited: "We're getting a very small number of customer reports for these attacks."

Then Conficker.A hit the fan. (McAfee and Microsoft call the worm "Conficker," Sophos uses the name "Confick," and Symantec and F-Secure call it "Downadup"; but it's the same virus.) By Nov. 25, MMPC was raising the alarm on its blog in an attempt to get individuals and — especially — organizations to install the MS08-067 patch, which stops Conficker.A dead in its tracks.

At this point, the Conficker furor should've died down and the worm been relegated to the history books. Two inexorable forces, however, combined in early January 2009 to give the worm new life: system admins who weren't applying key patches and a ferociously fecund variant called Conficker.B.

How Conficker differs from other worms

In the not-so-good old days, Conficker.A arrived as a Trojan: in order to infect a PC, somebody had to run an infected program on the machine. It could also try to hit your machine directly, but any sort of firewall would thwart that attack. If the infected system was attached to a network, Conficker.A used the hole (that MS08-067 closes) to spread to other computers on the network. This modus operandi is kinda boring but moderately effective.

Conficker.B uses the Conficker.A approach, plus a whole lot more — as a "blended threat," it's an equal-opportunity infecter. The MMPC's TechNet blog offers an excellent, graphical overview of the ways that Conficker.B can get into your network. Here are the main attack vectors:

Conficker.B uses the old Conficker.A approach: simple Trojans that arrive via e-mail or by downloading an infected program.
Once a PC on a network is infected, Conficker.B reaches across the network to see whether any of its PCs have not yet patched the MS08-067 hole. After infecting these unprotected PCs, Conficker plugs the MS08-067 hole, presumably so other, similar worms can't get in. What a sneaky buzzard!
If Conficker.B finds that it can't get into a computer via the MS08-067 hole, it tries to break in by using the standard Windows admin account, entering each of 248 common passwords. This weak password list (which you'll find under the Analysis tab) includes such all-time favorites as admin, mypass, test, foo, 1111, and many others you may have seen before.
Once Conficker.B gains entry to a networked machine, it drops a copy of itself onto the target's hard drive and creates a scheduled job that runs the infected file. Conficker.B also loads itself onto all accessible shared folders. Ho-hum.
Finally, Conficker.B scans and infects all removable devices on the system, including USB drives and external hard drives.

That last step intrigues me the most because the person or persons who wrote Conficker gave the USB-drive-infection routine a diabolical little twist. As you might expect, the infection comes in the form of an autorun.inf file, which (usually) runs automatically when the USB stick gets stuck in the computer. But the social engineering in that autorun.inf file is quite remarkable.

The worm's tricky twist on autorun.inf

Bojan Zdrnja at the SANS Internet Storm Center detailed in this blog post how Conficker.B's autorun.inf file works. To see the brilliance in the deception, it helps to understand how autorun.inf files usually work.

Let's say I put an autorun.inf file on an empty USB drive that includes the following command:

[Autorun]
open=ACoolProgram.exe

Then I stick a file called ACoolProgram.exe on the USB drive. When I plug that USB drive into a bone-stock Vista machine, I get the AutoPlay notification message shown in Figure 1.

Autoplay reacting to a normal autorun.inf
Figure 1. Vista's Autoplay displaying the results of a normal autorun.inf file.

On the other hand, if I wanted to get tricky, I could change autorun.inf so it takes over the default wording on Vista's Autoplay dialog. This autorun.inf file does that very thing:

[Autorun]
Action=Open folder to view files
Icon=%systemroot%\system32\shell32.dll,4
open=ACoolProgram.exe

When this file is placed on a USB drive that's inserted into a stock Vista PC, the AutoPlay notification shown in Figure 2 appears.

Autoplay reacting to a fancy autorun.inf
Figure 2. Vista's AutoPlay with a slightly altered autorun.inf file.

Note that the altered file pastes an icon into the AutoPlay notification that looks just like a folder icon. The autorun.inf file can say it's going to open a folder when in fact it's going to run an executable program.

When Conficker.B infects a USB drive, it creates just this type of autorun.inf file that pops up an AutoPlay notification identical to Figure 2. Clever — and for PC users, scary. Amazingly, this bit of autorun.inf infectious sleight-of-hand also works on the beta version of Windows 7.

Guide to cleaning and preventing Conficker

As of Jan. 16, 2009, F-Secure estimates in its blog that the number of Conficker-infected PCs jumped from 2.4 million to 8.9 million in just four days. Unfortunately, that number has been increasing by a million infections a day.

I don't blindly accept F-Secure's analysis, nor that of any other security-software vendor, but it has become quite apparent that an enormous number of PCs have caught this worm.

Even though a Conficker-infected PC may not be able to access Microsoft.com — and Conficker probably disabled the PC's automatic-update function, too — getting rid of the worm is surprisingly easy.

Step 1: Check your passwords. If you have an administrator account with an easily guessed password, change it. Microsoft provides a guide to strong passwords that includes a link to the company's online password checker. If somebody other than you controls your computer's admin password, make sure that person understands the gravity of this situation.
Step 2: Make sure you've installed the patch described in MS08-067. Open Control Panel's Add or Remove Programs list to ensure that KB 958644 has been installed. Click Start (plus Run in XP), type appwiz.cpl, and press Enter. In XP, make sure Show updates at the top of the window is checked. In Vista, click View installed updates on the left to see all of your PC's patches.
The update in question was probably installed in late October or November of last year; look for Security Update for Microsoft Windows (KB958644). If this patch isn't installed, browse to Microsoft's Download Center to retrieve and install it. If your PC is blocked from visiting this site, use a noninfected PC to download the patch to a removable medium and install the update on the wormed PC from that device.
Step 3: Run Microsoft's Malicious Software Removal Tool (MSRT). The latest version of this Microsoft tool identifies and removes all of the Conficker variants I've heard about. The easiest way to get MSRT is through Windows Update, but if you can't get through to that service on the infected PC, borrow a computer and download the tool from Microsoft's site.
Step 4: Disable AutoPlay. If Figure 2 doesn't convince you of the risk of using Windows' AutoPlay feature, nothing will. Simply stated, you don't need AutoPlay that much. Follow the advice in Scott Dunn's Top Story from the Nov. 8, 2007, issue for comprehensive instructions to disable AutoPlay.

Those four steps will ensure that your PC isn't one of the million — or nine million, or 12 million — machines currently playing host to the Conficker worm and its variants.

Bookmark to:

Hide Sites

Filed under security by al

Permalink • Print • Email • Comment

Downgrading Vista to XP is possible … maybe

By Dennis O'Reilly

Reverting a Vista PC to XP requires an installation CD for each OS and can be done only on OEM editions of Vista Business and Ultimate.

Users of Vista Home Basic and Home Premium — and anyone who used a retail version of Vista to upgrade an XP machine — must buy a copy of XP to make the switch.

Last week's Top Story on Microsoft's decision to extend yet again the deadline for buying a PC with Windows XP installed caused many readers to wonder whether they could dump their copy of Vista in favor of its predecessor. Reader Jim Harvey put it this way:

"We have Vista Home Edition installed on a newly refurbished Gateway computer purchased for my wife for Christmas. However, trying to cope with all the operational changes in Vista has proven to be too frustrating for her.
"We would like to downgrade the new computer back to the old XP license we have on our replaced computer, but we don't know how to do so. Is there a legitimate way to install our old licensed version of XP , still on the replaced computer, onto our new Gateway and get rid of Vista?"

Unfortunately, the only way you can revert a machine running Vista Home Basic or Home Premium is to buy a copy of XP and install it over the Vista configuration. However, anyone who bought a PC with an OEM edition of Vista Business or Vista Ultimate can downgrade to XP Pro.

Even if you installed a retail version of Vista on an XP machine, you have to purchase a new copy of XP to revert to that OS. Fortunately, OEM versions of XP Home and Pro cost as little as $90 and $120, respectively, online. (Note that OEM releases can be installed on only one system and come with zero support from the vendor.)

Computerworld's Gregg Keizer describes the XP-downgrade limitations and offers step-by-step instructions for making the Vista-to-XP switch in this FAQ.

Other places to look for missing disk space

Fred Langa's Jan. 8, 2009, column (paid content) described several ways to recover hard-disk space. Reader Kevin Kleinhomer wrote in to remind us of a couple of other tools that might help track down the missing bytes.

"In his most recent article, Fred talks about a reader with missing space, but I think he missed a very important tip for the reader: Chkdsk. It could be a corrupted file system that is the root cause of the missing disk space. I have seen this many, many times.
"A less likely possibility would be a rootkit. Booting off one of the many recently reported-on [rootkit-revealing] tools would hopefully turn this up."

Running Windows' built-in disk-checking utility couldn't be easier: click Start, Run (in XP) or just Start (in Vista), type cmd, and press Enter. At the command prompt, type the following:

chkdsk x: /r

The x represents the letter of the drive you want to check, and the /r switch instructs the utility to repair errors, find bad sectors, and recover whatever data it's able to.

Microsoft's Help and Support site provides complete instructions for using the Chkdsk utility in article 315265 (the article specifies XP, but the information applies to Vista as well).

Scott Spanbauer reviews several free tools for detecting and removing rootkits in his May 22, 2008, Best Software cialis mail order title=”http://windowssecrets.com/links/casamqr63t9zd/16600eh/?url=windowssecrets.com%2F2008%2F05%2F22%2F05-Top-free-tools-for-rooting-out-rootkit-spies”>column (paid content).

Go to the source for a copy of Ubuntu on disc

The rap on Linux — at least among Windows users — has long been that the alternative OS is too difficult to install and use. Scott Spanbauer's Jan. 8, 2009, Best Software column (paid content) described the free Wubi installer utility for the Ubuntu distribution of Linux. Reader Howard Harner points out that you can also get a free copy of Ubuntu on disc, if you're patient.

"I'm glad to see your discussion of Ubuntu, since I have been using it as an alternative to uSoft [Microsoft Windows] for years. For older computers, cruising the Web, and copying CDs, it's great.
"You didn't mention that one can get a free disk from Ubuntu that contains two versions of the OS — a full-install copy and a version that will run on top of Windows — by going to their Web site and filling out the short application form. It usually takes less than two weeks to receive it."

In fact, many Windows users choose to run Ubuntu off the CD rather than to create a hard-drive partition for the OS. Of course, you can burn your own Ubuntu CD. You'll find the download and instructions for creating your disc on the Ubuntu Community Documentation page.