GlitchNYC.com

IE 7: So Much for Molly Wood.

IE 7: so much for Firefox
By Molly Wood, senior editor, CNET.com

I just read through this, and I think it's honestly a troll article (designed simply to elicit angry comments, which it has in spades). Come on Molly, you can do better as Senior Editor at CNET.

The big reasons IE7 will not "win" completely as Molly Claims it will:

• Only for Windows XP SP2 - what about all the other legitimate windows 2000 and even 95 98 and ME customers?
• What about everyone with a pirate version of XP who can't get SP2 (a bigger group than you'd think)
• What about the Mac users
• What about the Linux users (This group is growing fast, a year from now when IE7 is out of beta, it may be truly bigger than Mac users)

Aside from that, it's almost guaranteed that MS will not play nice and actually implement web standards properly, making web developers choose between "right" and "works in IE"... once again.

Finally, the big hurdle for M$ is trying to make IE secure - but they won't give up activex controls in IE because it would break a lot of their own sites (like windows update), which are part of what make it so easy to exploit.

They'll also have a default install base of really computer-illiterate users, users who don't know yet not to click on the "Your time is wrong, click here to install TimeKeeper" popups and ads. Add all that to being the biggest target simply because it has around 90% of the market, and they're still going to be fighting the same old problems.

Yes, it means Firefox may not be as clear a choice for users of XP SP2, but SP2's IE updates (popup blocking and security enhancements) already did that. What will keep users on Firefox is the familiarity. Once you can use tabs on your computer at home, to go to work and have to "open new window" for every link you want to click on when you don't want to lose your starting page is torture. Firefox has the distinct advantage of being available and secure for every computer you own.

12:02 pm | permalink | /technology/microsoft | 0 writebacks |

Who Decides What Software Is Running On Your Computer?

Now, I'm all in favor of Anti-Spyware and Anti-Adware tools becoming mainstream. In fact, I think offerings from all the major vendors from Symantec to Microsoft are long overdue.

That said, installing an application by Microsoft which allows them to decide which programs can and can't run on my computer has a bit of an ominous feeling to it.

I'm sure ADP (who is the company that provides many of our paychecks. Literally.) isn't too happy about their products being one of the first "false positive" casualties of Windows AntiSpyware.

It's an interesting question. How much control do you give Microsoft in exchange for the safety of your PC?

I can feel us inching closer to Palladium *Ahem* - I mean "Next-Generation Secure Computing Base for Windows"

1:09 am | permalink | /technology/microsoft | 2 writebacks |

Hotmail Misses Its Own Deadline.

Years ago, Hotmail was awesome. You could sign up for a free email account that didn't change with your ISP, and access it from anywhere. You could even link your Hotmail account to other pop3 accounts and read them all in one web enabled spot! One of the survivors of the dot-com bust, Hotmail stayed afloat by offering great service and and using it's first rate status to bring in advertisers and eventually get bought by Microsoft.

After the bubble burst, Microsoft, to its credit, did not shutter the free email service and switch completely to paid accounts. However, over the years it has severely limited the space and functionality of its free accounts, finally squeezing free users down to 2 megabytes of space. At that small a threshold, everyone has to clean out their account regularly and keep signing in to make sure they don't get cut off and miss important emails.

It was time for a successor to the free email throne to appear, and Microsoft's able rival in the "search engine wars," Google, stepped up to the plate with an audacious offer: virtually unlimited storage for free, keep your email forever and search it quickly and effectively.

Not willing to be trumped by Google's new free email offering, Gmail, which is now in the process of a slow and steady roll out to new users via "invites" to join the beta test, Hotmail has announced that they are making storage a "non-issue" by allowing their free customers 250 megabytes of space. The announcement comes with promises of better spam and virus filtering and other upgrades to the service.

250 megabytes isn't great, but to be honest, it's enough to get me to keep my account. If they come through with it before Gmail comes online, that is.

Two weeks ago, on July 8th, Hotmail Staff sent out a message to all users detailing the changes. It also promised more communication "within two weeks." Today, two weeks later, I eagerly opened my email and was excited to find another message from Hotmail.

Dear MSN Hotmail Member, Your MSN Hotmail account is approaching the 2 MB storage limit. You need to take immediate action to avoid losing messages!

If your e-mail account reaches the 2 MB limit, you.ll be sent a second notification. You must then reduce the size of your e-mail account within five days. If you do not, some of your messages will be automatically deleted and cannot be recovered.

Increasing user storage space by nearly a factor of 8 is no small feat, and I understand that it will take time for Microsoft to upgrade its underlying systems appropriately, but they themselves promised communication within a certain time frame, and then failed to deliver.

In the meantime, they've successfully rolled out the new 2gb storage limit to at least some of their paid users.

Although I'm excited for my Hotmail account to be useful once again, Microsoft has a history of making the service subtly more and more annoying to use, and then offering to "fix" those problems if I just pony up the cash.

Although that may make for a viable business model when you're the only real player in the market, when there's other choices, annoying people isn't going to get them to buy a real account, it's going to get them to leave.

3:19 pm | permalink | /technology/microsoft | 2 writebacks |

Who's the Girl in the Beagle.24 Virus Messages

Beagle.24 (aka WORM_BAGLE.X) is still running rampant on a few systems, and has spammed our directors account with some very heavily socially engineered emails designed to lure lonely computer geeks into clicking.

The address is also forged to look like it's coming from inside our machine, and with no SPF (or Microsoft CallerID) patch from M$, we're stuck getting these. We're going to have to check out the open source spf exchange plugin soon if this gets any worse.

Check out how creepy these emails are. I know quite a few people who might click on something like this if they thought for a minute it was real.

My big question: who are these poor girls that have ended up all over the internet, in a virus email no less! How bad would that suck to have someone you know get this thing if it was you?

12:22 pm | permalink | /technology/microsoft | 0 writebacks |

Messenger Spam is Evil

Wow, I'm out of touch with every day users. I've been running on properly firewalled network now since the summer of 98' and on Linux for over a year now. Consequently, I completely missed one of the nastyest side effects of having your computer plugged straight into the Internet.

If you've got a WinNT/2k/XP machine and aren't behind a firewall, you'll be barraged by so called "Messenger Spam" which pops up real looking windows message boxes as if they were coming from a system administrator. This is because they use the same exact interface as admins would use inside a private network. Yes, I know this is old news, but I'm just catching now as I work on a friend's PC which is, *gasp*, out on the net without a firewall. (Yes I'll be fixing that too, don't worry.)

The idea is simple, I just can't believe Microsoft left this glaring a hole in their product. You should at least have to be authenticated to the same domain to send a message like this. Ug.

Anyway, the fix is easy - just disable the "messenger" service. (not to be confused with Windows Messenger, which is another ball of wax entirely with it's own bugs and spam). To disable the service, just go into the services console in "Administrative tools" and change the messenger service from "Automatic" to "Disable" and then right click and stop the service.

Oh yeah, while you're at it, you'll probably want to update to keep out nasties like the new sasser worm.

1:52 pm | permalink | /technology/microsoft | 0 writebacks |

New Virus Exploits MHTML Dumbness

We've just encountered a new virus that I can't seem to find anything about. It exploits one of the weaknesses of Mail-HTML, namely using a link to run an executable.

For Example, this mail body reads:

Received message is available at:

www.cg.org/inbox/nprotected/read.php?sessionid-3140

But the link goes to:

mhtml:mid://00005642/!cid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re

displayed in source as

When you click on it, it runs the attachment, even on my fully patched install of outlook.

Thank god the server doesn't let through executable attachments, but I have a feeling home users are in for a doozy.

Most techs I know only advise users not to click on attachments; links, until this point, have been fair-game. If this virus propogates as quickly as I think it might, we won't have time to warn the users.

After a wonderfully successful install of Mozilla Thunderbird at my parents house, I don't see any reason to keep home users on Outlook Express while it's being targeted so heavily.

4:12 pm | permalink | /technology/microsoft | 0 writebacks |

One Step Further

Well, both viruses in cyber and meat- space have gone one step further than I would have liked.

The Bagle virus has just gotten really nasty, spoofing mail to our users to make it look like it came from "administrator" and also signing it "The $domainname Team" where $domainname is the current suffix on your email addresses - in my case, commonground.org.

Meanwhile, it seems the real-world-need-to-go-to-a-doctor type of virus or infection that has me may have shrugged off the 10 doses of levaquin I just dutifully took. The last one is still in my system, and I'm already waking up with green-sleepy eyes and may yet have a sinus infection.

In both cases, I'm rebelling against extreme measures - in cyberspace, I have yet to filter and block all mail from the outside with our domain name in the from, for fear of screwing up all internal email. In meatspace, I refuse to go and demand a "bigger gun" like cipro until I know I really still have this cold and can't kick it myself.

Come on Immune System! Do your thing.

3:17 am | permalink | /technology/microsoft | 0 writebacks |

New Virus Is a Kick in the Head for Admins

There was a new virus out yesterday, and it's nothing that scary - just another NetSky variant. Everyone's virus server is handling it just fine, spitting out emails to users saying things like "you had a virus in your inbox, but i've quarantined it."

Unfortunately, all users (and pointy haired bosses) ever read is AHHH VIRUS, MUST CALL EYE TEE! STAT!

Of particular note about NetSky-D is that is appears to have a new mail forging algorithm. Instead of just faking the from address, it attempts to fake it specifically from someone you know. This little nasty is harvesting addresses from both address books and any file on your C: through Z: drives.

The reason this sucks so much is that ALL of the email addresses at Common Ground appear to have been harvested, possibly from infections on certain home user's pcs. The code in NetSky-D seems to be realizing that it has multiple addresses in the same domain and is using them together to make it look like internal mail. This isn't helped by the fact that Exchange translates email address, forged or not, to the complete name of the sender when they match.

Although these messages are being caught by the virus scanner, they look like legit mail which was inappropriately blocked. For example, I get errors saying that a message from John Doe to Tom Cruise was blocked due to an unscannable message body. In reality, a forged mail to tcruise@cg.org had jdoe@cg.org in the from, confusing the hell out of my server.

What a mess.

1:10 pm | permalink | /technology/microsoft | 0 writebacks |

We've Got a Live One!, err, umm... Three!

Holy Crap! I've seen three, count'em, three live viruses in one day.

See more ...

4:50 pm | permalink | /technology/microsoft | 0 writebacks |

Time for Updates!

In keeping with the current run of tech-related news items - PATCH YOUR SYSTEMS.

Click that Windows Update button and get your system up to date, because Microsoft just made public a deep, vulnerable hole in nearly every current version of Windows. Every malicious virus writer in the biz is hoping to beat you to the punch right now, and get their exploit out before you get your system patched.

Update Now!

Read more about the security hole

As Remy put it, "Not to harp on Linux, but I was just reminded of one of the reasons I quit Windows"

4:41 pm | permalink | /technology/microsoft | 0 writebacks |

Ka-Blam!

Well, it seems that I've done something to upset the computer gods. I came in today after busting my butt this week to give a presentation, and had to move the computer into the conference room.

I don't know if I walked through the bermuda triangle of computing or what, but by the time I'd made it the 20 feet to the conference room, the thing was toast.

See more ...

3:34 pm | permalink | /technology/microsoft | 0 writebacks |

Stumped!

Well, I just finished up an hour and a half of troubleshooting on a co-workers PC, and for the first time in quite a while, I had to throw my hat in.

See more ...

12:00 am | permalink | /technology/microsoft | 0 writebacks |