|
We guarantee your privacy: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy 
|
|
INTRODUCTION Shavlik opens up free registration By Brian Livingston I reported in a special news update on July 20 that Shavlik Technologies would begin allowing people with any valid e-mail address to download and license its NetChk Protect software for free. This program has a 1-year trial version that is superior to Windows Update, installing patches from Microsoft, Firefox, Adobe, RealNetworks, and many other companies. Unlike Microsoft's update program, NetChk Protect doesn't require you to install Windows Genuine Advantage — Microsoft software that many consider to be spyware. Shavlik spokeswoman Jill Teut confirmed in a telephone interview that all valid e-mail addresses began to be accepted at the end of last week. I tested this myself using an anonymous ISP-based address. Because Shavlik's products were formerly limited to corporate IT administrators, an old routine at the Shavlik Web site had not been accepting ISP-based e-mail addresses, such as Comcast.net, limiting downloads only to "corporate-sounding" addresses. If you had any problem downloading NetChk Protect, try downloading and registering it again now, using any valid e-mail address. I've received only one marketing message in the four weeks since I registered using a test e-mail address. I consider this to be a reasonable amount of contact in exchange for free use of Shavlik's software for one year. You need to know a few pointers, based on comments I've received from readers: 1. Place Shavlik.com in your "safe senders" list. Some readers haven't received the license code that's e-mailed by Shavlik because a spam filter blocked the message. I wish I could adjust your spam filters for you, but I can't. Add Shavlik.com to your e-mail program's filter and then download and register the program again using the same address. According to Shavlik executives, this will result in another key being e-mailed to you. 2. Follow the tutorial. NetChk Protect is an advanced tool that was designed for system administrators. It doesn't yet have an easy-to-use interface that's suited for average PC users. I feel the program can be understood by anyone, however, who follows the steps in my July 13 tutorial. 3. XP Home users must install separately. NetChk Protect can be installed on XP Home and XP Media Center Edition machines. XP Home and MCE can scan and deploy patches to other machines on a network that are running XP Pro, XP Tablet, Windows 2000, and NT 4.0 SP3. Patches, however, cannot be deployed remotely from any other machine to XP Home or MCE machines because they lack the networking software to handle the connections. This can be fixed by installing NetChk Protect locally on XP Home and MCE machines, as described in my July 20 news update. 4. Use the support forums. I'm now running NetChk Protect on my own, 5-user SBS 2003 network. But I'm by no means an expert on all the interactions the software can have with Windows. I have no way to provide support for individual questions. If you need help, first search Shavlik's support forum and then post a message, if necessary. Shavlik has a NetChk Protect forum with answers for that product as well as HFNetChkPro and other related software. Declining to use Microsoft's Windows Update service exposes us to the newness of third-party software. I feel that learning how to use NetChk Protect was worth it. But if Windows Genuine Advantage doesn't bother you, the official Windows Update and Microsoft Update services are still available (although they won't update non-Microsoft programs). To obtain Shavlik's 1-year free version for 1 to 10 PCs, visit the NetChk Protect download page. (Introduction continues below) |
Windows Secrets NewsletterIssue 80 2006-07-27 Contents (Scroll down to Index) INTRODUCTION Shavlik opens up free registration TOP STORY Should you use Windows Live Messenger? SECURITY BASELINE Symantec, McAfee outrank ZA in new test HOT TIPS Readers review alternatives to Windows Update OVER THE HORIZON IE bugs not fun for users PATCH WATCH Patching isn't just about Microsoft PERIMETER SCAN A bad month for Microsoft products USEFUL LINKS Phishing filter prevents e-mail identity theft WACKY WEB WEEK Letterman sends up the Gates man YOUR PREFERENCES About your subscription Newsletter Control Panel Windows Secrets home page How to subscribe Change your delivery address Change your preferences Access past free issues Access past paid issues Upgrade to paid version Search for info (WinFind) Submit a Windows tip Get subscription help How to unsubscribe Circulation: over 140,000 |
|
ADS
|
|
(Introduction continued from above) Executable installs keylogger on Firefox A new kind of spam e-mail has been spotted with an .exe file attachment that installs a keylogger. The novel part is that the spyware app, known as FormSpy, is in the form of a Firefox "event listener." This means any passwords, credit-card numbers, and other sensitive information that you type or which appears in the browser window could be sent to a hacker site. This isn't really a Firefox security flaw. Firefox can't protect you if you run an executable file that you receive in an e-mail. Fortunately, the attachment is already being detected by antivirus vendors such as McAfee, Sophos, and others. McAfee's alert says the malware also uses "an old VBS/Psyme exploit targeting Internet Explorer." Mozilla.org has released Firefox version 1.5.0.5, a security upgrade dated July 27, but this doesn't include a fix that affects FormSpy. In cases like this, it's ridiculous for so-called experts to say "don't open any attachments." PC users often must use attachments to share files with each other. The solution is to require, as soon as possible, that all e-mails and all active-content files be digitally signed. The signature establishes which domain name is responsible for creating a particular file. This in turn allows our PCs to automatically reject files from domains that don't have well-earned, positive reputations. Efforts to digitally sign all e-mails, such as the DomainKeys standard (which I last reviewed for Datamation on May 9) are moving forward. I hope full adoption comes sooner rather than later. For more information on FormSpy, see Harry Waldron's post at Microsoft's MVP site. Flaw is revealed in Opera 9.0 As part of the so-called Month of Browser Bugs, security researcher H.D. Moore is publishing one previously unknown browser hole every day in July. Most of these involve Microsoft's Internet Explorer, which is widely acknowledged to have security flaws that have never been patched by Redmond. A new hole in the usually secure Opera 9.0, however, was released by Moore on July 25. This flaw can silently infect your PC if you merely visit a hacked Web site. There is as yet no patch from the makers of Opera, according to FrSIRT (the French Security Incident Response Team), which rates the risk as "critical." For more information, see the FrSIRT advisory and Moore's Browser Fun blog. To protect yourself from the threats that have been revealed by the Month of Browser Bugs, read the detailed information in this issue's columns by Chris Mosby and Ryan Russell. These columns appear in the paid version of the newsletter. You can immediately receive the paid newsletter, and 12 months of all our paid content, by making a financial contribution of any amount it's worth to you. We don't have a set fee. We just want as many people as possible to have this information. How to upgrade Thanks for your support. —Brian Livingston, Editor |
|
TOP STORY Should you use Windows Live Messenger?
So which Microsoft Messenger is which? And you thought Microsoft's software was complicated. Microsoft has an amazing way with product names, wouldn't you say? I mean, any company that can call its desktop search program "MSN Search Toolbar with Windows Desktop Search" deserves some sort of prize. Over the past seven years, we've seen names like "Windows Messenger" (which is now presumably Windows Dead Messenger), "MSN Messenger," ".NET Messenger," and now "Windows Live Messenger" all applied to essentially the same product, its derivatives, and its plumbing. You're to be forgiven if you don't get the names straight. The original MSN Messenger first appeared in 1999. Microsoft made it fully compatible with AOL Instant Messenger. The folks at AOL took umbrage, changed a few bits, and knocked MSN off the AOL network. Lawsuits ensued. When the dust settled, AOL had its network, Microsoft had a different one, and Yahoo! had yet another. Google Talk came out with Jabber, an (arguably) open network. Trillian talked to all of them, to a greater or lesser extent. A true Tower of (Messenger) Babel. History repeats itself with Windows Messenger Five years ago, Microsoft "forked" Windows Messenger, removing that version from the MSN Messenger mainstream to handle NetMeeting and video conferencing in Windows XP. Windows Messenger was stodgy and dowdy and functional, but it was relatively stable. New versions appeared every year or two, whether we needed them or not. Meanwhile, MSN Messenger, the darling of the rapid-development, rapid-deployment crew, barreled ahead. We saw steady improvement in the product, delivered in a much more timely fashion. Too timely, in fact. New minor MSN Messenger versions seemed to roll out every week. Some versions of MSN Messenger didn't even communicate with Windows Messenger itself. Last week, Windows Live Messenger experienced some, uh, technical difficulties. Many folks complained that the servers weren't working, that they lost their Contacts (at least temporarily), and that they were seeing loads of inscrutable error messages. It isn't clear to me if the problems could be traced to the program itself or to the underlying network, but those Windows Live Messenger pioneers who tried the new version after Microsoft took it out of beta had to dig a lot of arrows out of their backs. By the way, you can make sure that you're running version 8.0.0792 by clicking the down-arrow to the left of the "minimize" icon, and choosing Help, About Messenger. The new Live Messenger features All right, I admit it. I don't use any instant messenger unless I have to. I find IM even more distracting and disruptive than the telephone — and I avoid the phone whenever I can! E-mail is so much less, ah, presumptive. That said, I will confess to using various IM programs from time to time. But I use them only if I've made an appointment with the other party in advance. I call that good manners. (You can call me Old School.) At its most irritating level, this new version of MSN Messenger, er, Windows Live Messenger, is just like the last one, only more so. Every nook and cranny is filled with advertising and come-ons. You can pay to join Match.com. You can buy music at Rhapsody. You can "find great deals on eBay." You can "get the latest scoop on Xbox and Xbox Live Gaming" or learn about your credit score or find a job or post a résumé. Golly. How thoughtful. There's even subliminal advertising. Many of the backgrounds and window accoutrement look like Windows Vista's forthcoming Aero user interface. One touted feature leaves me shaking my head: of course you can use Windows Live Messenger to make a PC-to-PC or PC-to-phone call. But you've been able to do that since MSN Messenger version 3, six years ago. Remember Net2Phone? Maybe Verizon is cheaper than Net2Phone, but we've been here, done that. The one new app that caught my eye appears to be a re-make of NetMeeting's folder-sharing capability. If you click on the Share a Folder icon, WLM asks you to specify which of your Contacts you want to share files with, then lets you drag files into the shared folder. You can't perform "whiteboard" kinds of functions on the shared files. In other words, you can't make changes to the file while others watch the changes being made in real time. But the files do get synchronized, sooner or later, when changes are made. I found the whole process glacially slow, but I'm running on a rather plain-vanilla ADSL line. The things Live Messenger misses So what's not to like? I found one PC running MSN Messenger that couldn't "see" that I was online and available with Windows Live Messenger. That's a show-stopper for me. I won't require all of my correspondents to switch to Windows Live Messenger simply to be able to see me. You still can't import your Contacts directly from Outlook. I guess we'll have to wait for Outlook 2007. I was really looking forward to trying the new interoperability between Windows Live Messenger and "Yahoo! Messenger with Voice (BETA)." Although building this bridge between Microsoft's messaging network and Yahoo!'s messaging network only rates as a tiny step compared to the long-standing polyglot capabilities of Trillian, at least it's a step in the right direction. Microsoft's effusive press releases about this newfound friendship between the two old rivals nearly drove me to a chorus of Auld Lang Syne. "With Windows Live Messenger, you can talk to your Yahoo! contacts. Forget needing multiple accounts to talk to all your friends — you’ll be able to see when they’re online and communicate with them from one place." Truly a match made in heaven. Or, perhaps, in desperation. Apparently, Microsoft couldn't get the bridge to work before it shipped Windows Live Messenger. So the Windows Live Messenger-to-Yahoo! Messenger with Voice connection is now being billed as a "beta." I tried everything and couldn't get the connection to work. You may have better luck. If you want to try it, fire up Windows Live Messenger and click the Yahoo! icon on the left. You're greeted with the news, "We're knocking down the wall! Now with Windows Live Messenger, you can talk to your Yahoo! Messenger contacts too... you'll be able to talk to all your friends from one place." Right. At least, if none of your friends use AOL Instant Messenger or Google Talk. At the bottom of the breathless prose sits a line that says: Try It. Click the line and you go through a very rudimentary "beta signup." Shut down Windows Live Messenger and bring it back up again, and you're supposed to be able to communicate with Yahoo! Messenger contacts. I couldn't, but it may have been the phase of the moon. Will Live Messenger/Yahoo beat 'open' IM? Although Windows Live Messenger has a few neat capabilities, in the final analysis I recommend that you use "open" networks such as Jabber (via Google Talk) or a polyglot system, such as Trillian. Maybe Microsoft and Yahoo! can come up with compelling reasons for people to sign on for their advertising-laden proprietary services. I certainly haven't seen anything that would convince me. Woody Leonhard writes books about Windows and Office. His most recent works are Windows XP All-In-One Desk Reference For Dummies, Windows XP Timesaving Techniques For Dummies, Windows XP Hacks & Mods For Dummies, Office 2003 Timesaving Techniques For Dummies, and Special Edition Using Office 2003 (with Ed Bott). |
|
THE SECURITY BASELINE Symantec, McAfee outrank ZA in new test  By Brian LivingstonIntegrated security packages have become big business, with every major antivirus player layering antispam and antispyware into a super-bundle. Now PC World Magazine has upset the established order by rating Symantec and McAfee's offerings higher than the venerable ZoneAlarm Security Suite. In its July 2006 issue, the magazine gave Symantec Norton Internet Security 2006 and McAfee Internet Security Suite 2006 nearly identical scores of 84 and 83 out of 100. ZoneAlarm Security Suite fell to 6th place out of the 10 suites tested, with a score of 77. ZoneAlarm's scores were dragged way down by its antivirus component, which is based on Computer Associates' eTrust engine. ZA's antivirus technology was overhauled last month, but at least some of PC World's tests were conducted back in February, before the change. All of the 10 competing suites that the magazine tested (except Microsoft's Live OneCare) caught 100% of the 1,822 viruses that are in common circulation — the so-called WildList viruses. But Symantec and McAfee caught more than 97% of the 168,523 known strains of rare nuisances, while ZoneAlarm detected only 35%. While Symantec and McAfee had the best antivirus software, PC World said, they fell down in their 2-way firewall protection. The ZoneAlarm suite was able to stop 100% of the malware attempts to call home. No competing product caught even half of them. Surprisingly, the suites' test scores in this area were left out of PC World's chart of the products' performance. The magazine simply described the weaknesses in prose as "very low scores." This is significant because 2-way firewall protection is crucial to your security. If you do happen to catch a virus or worm, it can't reveal your passwords or credit-card numbers to a hacker if it can't communicate with its remote server. ZoneAlarm invented the category of software firewalls in 2000 and was one of the first to blend antispam and antivirus components into a suite in 2005. Our fear about integrated security software has always been that Zone Labs may not be able to keep every component of its suite the best there is. Its competitors may be able to improve faster in their areas of specialty (although they apparently still can't make good firewalls). The situation is hardly black and white. The ZA Security Suite received CNET's Editors' Choice on June 4, besting Symantec and McAfee. And PC Magazine awarded ZA yet another Editors' Choice in a review published as recently as June 13. These results conflict with PC World's findings. It may be that the Security Baseline will have to break out its security suite recommendations into the separate categories of software firewall, antispam, and antivirus. Or it may be that ZoneAlarm has surpassed its competitors with its latest rev (which was released after PC World's test). I'll examine all the evidence and report to you next issue. If you've conducted your own tests, send the details to me using my contact page. In the meantime, more test labs give props to ZoneAlarm's suite than to any other, so it'll remain listed here for now. The Security Baseline as it stands Based on the latest published tests, the best four products to give your PC comprehensive protection against hackers are (1) a Linksys hardware firewall, (2) ZoneAlarm Security Suite, (3) Webroot Spy Sweeper for antispyware protection, and (4) Shavlik NetChk Protect for update management. See details below.
|
|
HERE'S A TIP You're reading the free version of the Windows Secrets Newsletter Subscribers to the paid version receive additional information in each issue. Some of the extras this week are:
Brian Livingston / Hot Tips. The best information available on making Windows
work the way you want it to:• Readers review alternatives to Windows Update • Leak in Automatic Updates burns up memory • More info on AutoPatcher as an alternative • New version of ZoneAlarm irks reader 
Chris Mosby / Over the Horizon.
The steps you need to take NOW to protect yourself, because patches aren't yet available for some known threats:• IE bugs not fun for users • IE graphics control can cause DoS • Framesets within tables cause IE crash • Exploited ActiveX object can compromise PC 
Susan Bradley / Patch Watch. We tell you which official patches have problems and,
more importantly, how you can work around them:• Patching isn't just about Microsoft • Even banner ads can harm you • Voice over IP needs patching, too • Patching at night and on weekends 
Ryan Russell / Perimeter Scan.
How you can use free or commercial software to automate patching and upgrading,
whether you're responsible for 5 PCs or 50,000:• A bad month for Microsoft products • The 'Million Malware March' for MySpace • A flood tide of Office vulnerabilities crests • Fuzzers help hackers find flaws Paid subscribers can access all old and new paid newsletter content Make a contribution to support our research into Windows and you'll immediately be able to read and search through scores of valuable articles. In addition, paid subscribers are entitled to download valuable content that we license for you at least once every calendar quarter. To upgrade, simply make a contribution of any amount you choose If you do this by August 9, 2006, you'll instantly be sent the full, paid version of today's newsletter. To upgrade to the paid version of Windows Secrets, please visit WindowsSecrets.com/upgrade. Thanks in advance. |
|
ELECTRONIC BOOKSHELF — new e-books from the editors 
Spam-Proof Your E-Mail Address, 2nd Ed.This 32-page e-book by Brian Livingston gives you step-by-step instructions that can eliminate 97% of the spam that would otherwise clog your e-mail account. You could call it "Livingston's Spam Secrets." The PDF-format e-book is the result of months of experiments and tests we conducted. We now receive little or no spam to the addresses we used as guinea pigs. These tests show that you can actually reduce your volume of spam to practically nothing, not just battle an unstoppable and ever-growing flood. The methods we describe work with Windows, Apple, and Linux and don't require any filters or block lists — but you can use those in addition to the book's techniques, if you wish. More info |
|
USEFUL LINKS Phishing filter prevents e-mail identity theft Scientists at Carnegie Mellon University have figured out a way to almost entirely detect and filter out phishing e-mails. These findings have a tremendous potential to reduce identity thefts. (By Brian Livingston, Datamation) More info Tableau 2.0 charts your business success Turning data into meaningful charts has, until recently, been the province of $100,000 business-intelligence software packages on the high end. But Tableau's more-powerful version 2.0 has just raised the bar. (By Brian Livingston, Datamation) More info |
|
WACKY WEB WEEK
|
|
ABOUT YOUR SUBSCRIPTION The Windows Secrets Newsletter is published twice a month on alternating Thursdays. Issues appear 2 days and 16 days after Microsoft Patch Tuesday (the 2nd Tuesday of each month). Only the first issue of the month is published in August and December to allow vacation breaks. A short "news update" is sometimes published between regular newletters. Publisher: WindowsSecrets.com LLC, 300 Queen Anne Ave. N. #456, Seattle, WA 98109 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editor: Brian Livingston. Contributing Editors: Susan Bradley, Woody Leonhard, Chris Mosby, Ryan Russell. Research Director: Vickie Stevens. Program Director: Brent Scheffler. Trademarks: Windows is a registered trademark of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Index of Reviews, Security Baseline, Briefing Session, Windows Patch Watch, Perimeter Scan, Update Management, and Wacky Web Week are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. How to subscribe: Anyone may subscribe to this newsletter by visiting our free signup page.
|
