March 4, 2009

Adobe swings and misses as PDF abuse worsens

February 25th, 2009

Posted by Ryan Naraine

After more than two weeks (months?) of inexplicable silence on mitigations for a known code execution vulnerability in its Reader and Acrobat product lines, Adobe has finally posted public information on the problem but the company’s response falls well short of providing definitive mitigation guidance for end users.

[ For background and a timeline on how *not* to handle incident response, HD Moore's blog post is a great start. ]

Adobe’s response simply confirms what we already know and reiterates that turning off JavaScript will NOT eliminate the risk entirely.  However, the company does not offer any definitive suggestions or workarounds, instead pointing to a list of anti-malware vendors blocking known attacks.

Here’s what we have from Adobe:

  • We have seen reports that disabling JavaScript in Adobe Reader and Acrobat can protect users from this issue. Disabling JavaScript provides protection against currently known attacks. However, the vulnerability is not in the scripting engine and, therefore, disabling JavaScript does not eliminate all risk. Keeping this in mind, should users choose to disable JavaScript, it can be accomplished following the instructions below:
  1. Launch Acrobat or Adobe Reader.
  2. Select Edit>Preferences
  3. Select the JavaScript Category
  4. Uncheck the ‘Enable Acrobat JavaScript’ option
  5. Click OK

While this information is better than the silence we’ve gotten from Adobe since the attacks became public, it falls well short of providing the protection information that businesses and end users need when in-the-wild malware attacks are occuring.

The company did not offer any details on the actual vulnerability.  It did not provide workarounds.  It did not provide mitigation guidance.   Adobe simply rehashed what we already knew and confirmed that the public mitigation guidance from third parties is/was not definitive.

As my former ZDNet Zero Day blog colleague Nate McFeters points out, the issue is much worse than first imagined.

  • I decided I’d test this out and found that on a fully patched Mac OS X build, Safari 4, Mail.app, Preview.app, and potentially others all crash using the proof of concept exploit provide on milw0rm.  The crash is actually in PDFKit, which supports all of those applications and likely much more.

According brand viagra without prescription to this Secunia’s Carsten Eiram,  his company managed to create a reliable, fully working exploit which does not use JavaScript and can therefore successfully compromise users, who may think they are safe because JavaScript support has been disabled.

  • All users of Adobe Reader/Acrobat should therefore show extreme caution when deciding which PDF files to open regardless of whether they have disabled JavaScript support or not.

If Secunia can do it based on information that’s public, what’s to stop malicious hackers with major financial motivation?

So what now Adobe?

Permalink • Print • Comment

Is the new browser war a good thing for end users?

February 25th, 2009

Posted by Adrian Kingsley-Hughes

Browsers are getting better. Much better. The latest beta from Apple of Safari 4 shows just how much work is going in to making the modern browser fast, reliable, easy to use and standards compliant. Even Internet Explorer, while trailing the pack in terms of speed and compliance, is getting better. But is the new browser war a good thing for end users?

On the face of it that seems like a silly question. Of course it’s good for users. As a result of the groping competition users end up with faster, more reliable, more secure, easier to use browsers. Even Internet Explorer, which was stagnant for years, has improved dramatically (but it still has a long way to go). That’s gotta be a good thing, right?

Well, maybe not. While I’m happy to have several browsers installed on my system, and switch between the browsers depending on what I’m doing, this kind of behavior isn’t for everyone. Putting aside the fact that installing multiple browsers on a system means that you have to keep them all patched up in order to prevent vulnerabilities from building up, you can only really have one default browser on a PC, and so switching between them is cumbersome. You either have to copy and paste URLs between the browsers, or continually switch the default browser setting. You also run into problems with favorites – importing favorites into a newly installed browser is one thing, keeping all the favorites synced up is another. As a user of multiple browser, I know just how much of a hassle it all it.

So, wile I like Opera, Google Chrome and the new Safari 4 beta (I feel pretty indifferent about Internet Explorer 8 beta so far), I still consider Firefox to be the primary replacement for Internet Explorer. The reason is simple – it’s the most mature of the alternatives. While Chrome handles multiple best viagra prices tabs far better than Firefox, Opera has a built-in torrent capability, and Safari 4 is faster, but Firefox is a better all-rounder. not only that, but while Firefox remains the only browser that makes extensive use of add-ons, it’ll continue to remain popular amongst geeks (oddly enough, I don’t care much for the add-ons … too much hassle come time to upgrade the browser).

In my opinion, the only real alternative to IE is Firefox. It’s nice to have the other browsers (and on the Mac, an improved Safari is a good thing), but for now they’re just minor players.

Permalink • Print • Comment

First impressions: Apple Safari 4 beta

February 24th, 2009

Apple has released to public beta its Safari 4 web browser, and I thought I’d give it a hands-on spin to see what all the fuss is about. Here are my first impressions and review.

Installation

Quick and simple. The install file — offered with and without a QuickTime bundle, thankfully — is 25.5 MB. On install, three boxes are auto-checked: Desktop shortcuts, “Install Bonjour” and auto-update. I’m not a fan of auto-check tactics, so if you’re trying to avoid installing Bonjour, for example, don’t get too click-happy too soon.

Another note: Safari did not prompt me to import bookmarks from another browser. Thought that was an interesting omission.

The Look

It’s slick. Not extraordinarily pretty, but Safari 4 does attempt to break up the monotony that is Windows with an updated interface that isn’t a complete Mac knockoff like Safari’s previous iteration (those who skin their PCs like Macs will be disappointed). I use the classic theme on Windows XP, and you can see in the screenshots that there is an attempt to bring current styling trends to older visuals.

 

The Homepage

On first load, Safari populates its Apple-style visual link layout with popular sites in lieu of having browsing history to use. When you click one of the visual links, there’s a zoom/transparency transition to the new window, which is a nice touch. I wonder how that will react on slower machines.

One thing about the menu elements at the top — the bookmarks start on by default, but I don’t like to give screen real estate to that, so I turned it off. Google Chrome handles this problem by inserting your “pinned” bookmarks into the home page, in a bar-style format, just below the menus. Safari handles this problem slightly differently: instead of recreating the bookmarks bar, it allows you to “pin” (via the edit button on the bottom left of the page) certain visual links.

The Interface

One thing I notice, at least using XP’s classic theme: the tab boundaries are pretty hard to differentiate. There’s just not enough of a strong visual boundary between them, especially considering how narrow they are horizontally. Otherwise, the tabs are nice, but they automatically expand to fill the entire title bar (no transition) which I don’t like. Some people don’t like the fact that Google Chrome doesn’t immediately auto-fill the tab space; I do, especially when there are only one or two tabs open in the window.

Another thing about the tabs: the “close” box is on the left side best viagra alternative of each tab, not the right — the location that other browsers usually put the favicon. I’m not against re-doing the formula for browser layout, but if you’re transitioning from another browser or use another browser on a regular basis, the switch will wreak minor havoc on your productivity.

What’s also interesting is how Safari deals with too many tabs. In this case, it gives you an ellipses and drop-down menu:

Finally, about those tabs: you can’t just drag a tab out of the main window, like Chrome, from any point on the tab. You must grab it by the little three-line corner (which is hard to do quickly on a high-resolution, large display, I should add) and drag it out from there. I’m a big proponent of not playing target practice with regard to layout and design, and I fear the narrow tabs and menu elements might be a little harder to use.

Full-screen mode is solid. Since the top menu and title bar are narrow as it is, you get a nice amount of screen real estate to browse with. On the other hand…

…unlike Google Chrome, the status bar isn’t a “pop-in” — that is, it doesn’t show up only when you need it, and instead is the old-style approach: on, or off. Safari installs with the status bar off by default (interesting decision, especially with regard to security), but for that reason I like to keep it on. On the other hand, the bar is very narrow and uses very small type, so it does make concessions for keeping it on all the time.

As a side note, the refresh button a little small for my taste. I ended up clicking the “RSS” element instead. Furthermore, the search bar that complements the address bar is nice, addressing one of the main complaints with Chrome. On the other hand, it doesn’t seem to be multi-use, which means that I can’t have Wikipedia or Weather.com as options for that bar like in Firefox 3.

The good news is the address bar takes all the good cues from Chrome, and provides a very useful autocomplete menu:

Finally: the download manager remains outside the main browser window, like Firefox 3, and is not integrated into the bottom like Chrome.

Here’s how Safari handles the integrated RSS button (when applicable) in the address bar, by the way:

The Performance

I didn’t do any hardcore testing (I’ll leave that to ZDNet hardware guru Adrian Kingsley-Hughes), but Safari 4 beta was as quick as the quickest I’ve used (in this case, Chrome). Back in March, it was reported that Safari 4 was the first browser to score 100%, or 100/100, on the Acid3 test. That’s a good sign, and I confirmed it testing it myself with the link below. (Chrome got 78/100, and the linktest failed; Firefox 3 managed 70/100.)

[test for yourself]

The Bottom Line…for now

If there’s anything to be said about Apple Safari 4, it’s that (on the PC, at least) it bridges the gap between Firefox and Google Chrome. What I mean by that is that it takes some of the innovative interface cues and styles of Chrome, but doesn’t push it as far as Chrome does in the “experimentation” category.

For the moment, each browser retains its unique differentiating qualities, though: Chrome is still the most barebones and experimental of the bunch, Internet Explorer is still extremely integrated with Microsoft services, Firefox still retains its mod-happy plugins, multi-use bar and “Save and Quit” tab memory.

No longer chained by the Mac look, Safari 4 beta is somewhere in between, at least on a PC.

(Safari 4 beta on top of Google Chrome; note the interface differences)

Of course, these are just first impressions — not the final judgment, especially for a browser that adapts to your browsing habits over time.

What do you think of Apple Safari 4 beta? [download]

Permalink • Print • Comment

Completing the addition of computer memory

Q:
Now that you've told us some basics about adding memory to our computers, how do we actually get it in there? You promised you would tell us!

A:
You're right. I did promise you that and if you know anything about me, you know I always keep my promises! So, that's exactly what I'm going to do for you today. If you read yesterday's newsletter, you know that I started a three part "adding memory" series. The first part was figuring out if your computer really does need more memory and the second part was finding out what kind your computer needs, along with knowing where you can buy it from.

Now, the third part is actually getting the new memory into your computer. You know, installing it all by yourself! I know that probably makes some of you nervous, but you don't need to be. It really isn't as hard as it may seem. Let's take a look at the basic steps and go from there. When you're finished, your computer will have more memory and it will be able to run at its optimal performance once again. Here we go!

Part 3

The first thing you need to do is make sure the area you're going to be working with is free of dust. You can either vacuum the area or even just wipe it out with a soft piece of cloth. Next, you need to power down your computer. Turn your system off, unplug everything and disconnect any peripherals you may have hooked up to your PC. Once you've done all of that, you may continue.

Go ahead and remove the cover panel of your unit. You'll then be able to see inside your computer. (Cool, huh?!) Next, be sure to ground yourself by touching any piece of metal inside your computer. That will discharge any static electricity that may be running from you to the computer. If you don't do that, you're putting yourself at risk, so please be safe!

The next thing you're going to do is locate where the new memory sticks you have will go. There should be some empty slots or clips that are meant for additional memory sticks. Now, where those slots will be depends on how old your computer is. You'll either have a single in-line memory module (SIMM) or a type of dual in-line memory module (DIMM). More than likely, you'll be working with the latter of the two, which will probably be a 168 or 184-pin model.

Once you've found the slots, hold the memory stick by its edges. You need to be careful when you're doing this to make sure you don't touch any of the pins. When you feel best place to buy viagra ready, insert the new RAM into one of the empty slots. You'll want it to be perpendicular to your computer's motherboard and parallel to the already existing memory stick. With a SIMM, insert it into the open slot with an angle of about 30 degrees. You can then move it around until you feel it or hear it click into the right position. On the other hand, with a DIMM, there are clips on each side that will secure the memory stick in position.

When you're confident you have the RAM stick in the correct place, you can put the cover back on your computer and then connect everything again. Then power up your computer and make sure it recognizes the new memory. There should be a confirmation box of some sort that pops up for you. If your computer doesn't seem to recognize it, you may need to turn everything off again and reinsert the memory stick. You need to make sure your computer recognizes it, because otherwise, your computer will go on working with the same amount of memory as before. (And that would just be a complete waste of your time and money!)

See, that wasn't so bad, was it?! With a little time and patience, it's a rather simple procedure. But if you're not 100 percent confident you can do it yourself, please ask someone else for help. Asking for help is easier than dealing with additional computer problems on down the road. Now, I hope you can go on and enjoy your new memory and your faster computer. Yes!

Permalink • Print • Comment

Shape Up Your WordArt

Do you often find you want WordArt in your document, but you actually only want it to appear to be inside a shape?

What did you do?

You could create the shape and the WordArt separately and then group them together. With older versions of the MS Office Suite, that's pretty much what you're going to have to do.

But if you have one of the newer versions of Office, you could actually put the WordArt inside the shape pretty much the same way you'd enter regular text into a shape. (Just a side note: I couldn't get my Office XP to do this trick, so it will have to be newer than that).

Now, I'm sure someone out there is wondering why you'd want to do this at all.

That's a good question and I think I have a pretty good reason as to why it's a good plan!

It's a purely practical reason if there ever was one. If the WordArt is actually inside the shape as its text, when you resize or move your shape, it also affects the WordArt. One stop formatting works for me, how about you?!

Assuming this sounds like a good plan to you, here's what you need to know to make this tip work for you.

  • First, insert the shape.

  • The second step is to right click on the shape and choose Add Text from the menu that pops up.

  • You'll now find your cursor inside the shape. While it's still in there, you need to start and create the needed WordArt.

That's it! Once the WordArt is created, it's in the shape and it will change as necessary to match any changes made to the shape.

I found that if I changed the size of the WordArt, the shape would adjust in size too.

On the other hand, if you change the size of the shape, the WordArt stays the same size and adjusts its position within the shape, just as regular text would do.

However, when relocating the shape, the WordArt always goes with it.

I should add that there were very few times I tried this one and wasn't happy with the outcome. So, it's not perfect, but overall, I love it and it's definitely worth the time to learn how to do it!

best natural viagra

Permalink • Print • Comment
« Previous PageNext Page »
Made with WordPress and Semiologic • Sky Gold skin by Denis de Bernardy