beforeyoukillyourcomputer.com Saving computers one at a time from their owners

An anonymous reader recommends a Computerworld article on a new report from Australian security vendor PC Tools. The company released figures on malware detection by its ThreatFire product, and in its user base 27% of Vista machines were compromised by at least one instance of malware. From the article:

“In total, Vista suffered 121,380 instances of malware from its 190,000 user base, a rate of malware detection per system [that] is proportionally lower than that of XP, which saw 1,319,144 malware infections from a user base of 1,297,828 machines, but it indicates a problem that is worse than Microsoft has been admitting to.”

Microsoft hasn’t responded yet to this report.

Source

Windows Vista customers can now receive the first service pack for the operating system via the Microsoft Automatic Update service, Microsoft said Wednesday.

Windows Vista Service Pack 1 will download automatically to PCs that have the automatic update feature of the OS turned on, the company said. Previously, Vista was available to customers via Windows Update, but people had to specifically download it.

Not all customers will receive SP1 immediately via Automatic Update, however. The company is distributing it in phases to “ensure a seamless download experience,” Microsoft said. A timeline for when all customers would receive Vista SP1 via Automatic Update was not immediately available.

SP1 is a rollout of software updates that fix bugs and glitches in Vista and is seen as a milestone that will inspire many customers — especially those in the business market — to adopt the OS. In fact, in a recent report, “Building the Business Case for Windows Vista,” Forrester Research said more business customers plan to upgrade to Vista now that SP1 is available. This comes as no surprise, considering companies often wait for the first service pack after a major Windows release to update corporate desktops.

However, even SP1 will not guarantee that enterprises and business customers currently running XP or an earlier version of Windows will upgrade, as some have said they would skip the OS altogether. The same Forrester report said as much, although the research firm is recommending that companies don’t skip Vista because they would not be well-positioned for future versions of Windows if they do.

Microsoft has acknowledged problems with application compatibility and lack of driver support, among others, that customers have had with Vista.

Maybe I can help you with that.

What is it lately with Microsoft Service Packs? To be fair, once the Windows XP Service Pack 3 is installed everything works just fine. However, I tested the SP3 install today and came across a problem. The install went through most of the install then would, nearly upon completion, die when attempting to write to the registry. So, then, I tried making sure the antivirus program was off and not just disabled, disabled everything in the start tray, killed any other non-necessary processes in the Task Manager. After these checks were made I then ran CCleaner to ensure any temp files were gone. So, at this point, I feel fairly confident that regardless of the outcome the install would not fail due to any firewall or antivirus program or any other running process. So, I run the install it fails again with the end result “Access Denied”.

Since this is a known legit install of XP that’s not of concern. I mention this as when many on the internet would post in forums and mention this problem the first question asked was “Is your XP install legit?”. OK, it’s legit so I continue Googling for possible solutions. Google is your friend and was mine once again today (although the solution I am about to post came from one of a few possible websites - so… I can’t quite give the credit where it duly belongs but, for full disclosure, it is not from my brain - I just happened to have success with this particular suggestion and thought I would post the steps I took and paste the code I discovered).

OK.

Majorgeeks has posted download links to the 316MB Windows XP Service Pack 3 Final download. It seems like you can get it sooner than the MSDN and Technet folks. Oh… they’re not happy. No. Not happy at all after Microsoft delivered a second “slap to the face”. Not my words… Read story below.

Download Windows XP Service Pack 3

Subscribers to TechNet and the Microsoft Developer Network (MSDN), who pay Microsoft hundreds of dollars a year for the right to download software for testing and development purposes, called the move a “farce,” a “slap in the face” and “ludicrous.”

Yesterday, Microsoft announced that it had finished Windows XP SP3, the last major update for the six-and-a-half-year-old operating system, and said that it would post the upgrade on Windows Update and its own online download site next Tuesday, April 29.

But subscribers to the TechNet and MSDN services won’t be able to obtain SP3 until sometime “within the next month,” according to Chris Keroack, the service pack’s release manager.

Another Microsoft employee, Nick MacKechnie, a senior technical account manager with the company’s New Zealand operation, was more specific about dates. In a blog post yesterday, MacKechnie listed several dates in an SP3 timetable, including a May 2 release to TechNet and MSDN. The timetable has since been pulled from MacKechnie’s blog.

The delay — whether a month or several days — did not sit well with some TechNet and MSDN subscribers. Many, in fact, brought up the February incident, when Microsoft first refused to let subscribers download Vista SP1. After pressure from users, it reversed that decision about two weeks later.

Windows DreamScene Content Pack #3
Download size: 43.9 MB

You may need to restart your computer for this update to take effect.

Update type: Optional
This Windows Ultimate Extra contains a set of high-resolution videos for you to use with Windows DreamScene. After you install this item, you may have to restart your computer.

More information:
http://go.microsoft.com/fwlink/?LinkID=80990
Help and Support:
http://support.microsoft.com/

Windows Sound Schemes
Download size: 7.8 MB

You may need to restart your computer for this update to take effect.

Update type: Optional
When you install this Ultimate Extra, you will be able to switch from Windows Default to Ultimate Extras Glass or Ultimate Extras Pearl in Change System Sounds of the Control Panel. This will allow the user to hear new sounds for common Windows tasks. After you install this item, you may have to restart your computer.

More information:
http://go.microsoft.com/fwlink/?LinkID=80872
Help and Support:
http://support.microsoft.com/

Release dates for Windows XP SP3, according to Neowin, are:

• April 14, 2008: Support is available for the release version of Service Pack 3 for Windows XP
• April 21, 2008: Original Equipment Manufacturers, Volume License, Connect, and MSDN and TechNet subscribers
• April 29, 2008: Microsoft Update, Windows Update, Download Center
• June 10, 2008: Automatic Updates

Overview of Windows XP Service Pack 3.pdf

A new bot can crack defenses erected by Microsoft to keep spammers from creating large numbers of accounts on its Live Hotmail service within seconds, a security researcher said Friday.

Dan Hubbard, vice president of security research at Websense, said the bot broke Live Hotmail’s CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) within six seconds, on average. CAPTCHA is the name given to the distorted, scrambled characters that many Web services require users to decipher and type in to create a new account; the tests are meant to block automated account registration by spammers and malware authors.

The bot, Hubbard acknowledged, is similar to one Websense uncovered in February.

“In the past, though, it was kind of questionable whether the CAPTCHA breaking was automated,” Hubbard said Friday, noting that there had been some evidence that spammers were paying people to decode and type in the CAPTCHA characters. “But the bot’s breaking [CAPTCHA] in six seconds, so it’s definitely automated.”

In a long post to the Websense blog Thursday, Sumeet Prasad — “our CAPTCHA expert,” said Hubbard — provided technical details of how the bot automatically registers Live Hotmail accounts and then immediately begins using those accounts to spew spam.

The bot’s total response time — how long it takes the program to grab a CAPTCHA image, analyze it and return with the correct code — is considerably shorter than that of earlier such bots, said Prasad in the blog.

One in every eight to 10 attempts to create a Live Hotmail account is successful, added Prasad, meaning that the success rate is 10% to 15%.

Microsoft Corp. (MSFT) Chairman Bill Gates indicated Friday that the successor to Microsoft’s Vista operating system will be available sooner than the company previously had indicated.Gates, in response to a question during a public appearance in Miami on Friday, said to expect Windows 7 “sometime in the next year or so.” Gates was speaking at the Inter-American Development Bank in Miami, and didn’t elaborate.

When asked to elaborate on Gates’ remarks, a Microsoft spokesman said Gates was alluding to a test version of the new software, and not the full-on commercial version. The spokesman didn’t offer additional comments outside the statement.

“As is standard with the release of a new product, we will be releasing early builds of Windows 7 prior to its General Availability as a means to gain tester feedback,” according to Microsoft’s statement. “We’re not sharing additional information at this time.”

Microsoft last said it expected a follow-up to its Vista software around January 2010. Should Gates be referring to a full-scale release, his timetable on Friday lops at least a year off the wait.

Source

Well, it’s something to keep an eye on. With the messy (and some would say, incomplete) release of Microsoft’s Windows Vista operating system, it is no small wonder that Microsoft wants a successor out as soon as possible, if for no other reason than to quiet the masses about wanting to keep XP rather than upgrade to Vista.

Microsoft likely may want to give people something else (positive) to desire and talk about, thus drowning out the XP concerns, driving people to a feeling of more acceptance of where things are and that things are “moving forward” so they might as well accept the direction as it would be futile to swim against the current.

Still in “testing”… Let’s review. Microsoft releases Vista SP1 then holds on to the service pack release for XP for additional “customer feedback”. As I scour the Web, the feedback is quite clear: Release the service pack, already!

A skeptic may believe that Microsoft is trying to get all the publicity for the Vista service pack in hopes of getting more Vista purchases before releasing the XP Service Pack. A skeptic may also believe that Microsoft didn’t exactly want a side-by-side comparison of the service packs and the speed differences covered between the two updated operating systems on the same hardware with a nearly simultaneous release. Whatever the truth of the matter is the end result is the same - no service pack 3 release yet for XP. Well, at least mid-April isn’t too far off.

Yes, Microsoft, regardless of yet another slight, most of your customers will wait patiently or impatiently, quietly or roaring as loud as their fingers can type, but do not get too comfortable with this operating system monopoly. Competitors will rise that you won’t be able to buy out or squash and that competitor may just give you a run for your money. Regardless of who wins in that pending duel, one thing is clear: competition is good and as a side-effect, us, the forgotten customer, will likely get a better product from one or the other or both.

It took a couple of weeks for Microsoft to get confirmation, but yesterday they did go on record and released a warning about Microsoft Word that’s running on Windows 2000, XP and Server 2003 SP1. Microsoft originally seemed to think there was little threat, but after receiving several legitimate complaints (from companies like Symantec and Panda Security) they acknowledged that the .mdb file (and even .mdb file format blocking in Outlook) and the Jet Database Engine were vulnerable to targeted attacks.

At the moment, there’s no fix available, but Microsoft is working on it. The next regularly scheduled patch release day isn’t until April 8th, but we’ll get notification sooner if Microsoft determines that enough users are being impacted. In the meantime, Jet should be disabled or .mdb files should be blocked at the gateway. And by the way, if you’re an Apple user running Word like me, you too should update when our Microsoft brethren do

Source, H/T: Uncle Monster