Microsoft have released a security update which affects all their operating systems from 2000 to Vista; but they only offer it to Vista and Server 2008 users. Is this a forerunner of a return to the old days of the secret update?

An alert has recently been issued by The National Cyber Alert System of US-CERT (part of the Department of Homeland Security): Flaws in Microsoft Windows’ AutoRun functionality.

AutoRun is a feature of Windows that automatically reads the contents of mapped drives. These mapped drives could be anything: An optical drive, a network share, a USB stick, a memory-card reader, an external hard-drive…

You’ll notice probably that if you insert a CD into the optical drive, the first thing that happens is that it is recognised by the operating system, and AutoRun reads its contents. If that CD should contain malware then that is also read and it instantly infects the system in a lot of cases. – Malware is designed to do just that usually.

The advisory states that the AutoRun and NoDriveTypeAutorun registry values don’t work as advertised in Microsoft’s literature. Even setting the NoDriveTypeAutorun registry value to 0xFF can still result in problems.

There is, however, a fix: -

Microsoft has provided support document KB953252, which describes how to correct the problem of NoDriveTypeAutoRun registry value enforcement. After the update is installed, Windows will obey the NoDriveTypeAutorun registry value. Note that this fix has been released via Microsoft Update to Windows Vista and Server 2008 systems as part of the MS08-038 Security Bulletin.

Windows 2000, XP, and Server 2003 users must install the update manually.

Tests have shown that installing this update and setting the NoDriveTypeAutoRun registry value to 0xFF will disable AutoRun.

- Unless Server 2003, XP, and 2000 users know about it, how will they know about it?

Do Microsoft think that only Vista and Server 2008 customers are likely to be compromised via AutoRun? Clearly not. – So why only offer the update to the 2 groups containing users of the latest of their operating systems only? Suspicions would lead one to believe that Microsoft are being favouritistic towards users of the operating systems they’re pushing.

So Microsoft are guilty of favouritism; but on the other side of the coin they’re also guilty of stopping users of older operating systems from installing an important update which will protect their computers.

Having said that though, not even all Vista and Server 2008 customers are competent when it comes to editing the registry. (I myself try to avoid doing so if at all possible.)

In the light of the above; wouldn’t it have been better for Microsoft to include the registry fix in their update; therefore setting the AutoRun-related key to 0xFF by default, and then to make the update available across the board to all customers via Microsoft Update?

This is a rather bad case of Microsoft inefficiency in combating malware attacks. It’s been badly handled without any real foresight whatsoever. In fact it’s reminiscent of a return to the old days where Microsoft would publish a security update and wait until and if the customer discovered it and decided to install it.

‘Sorry Microsoft; but this just isn’t good enough on your part. We your customers have come to expect more from you.

Am I starting to have vision problems in my middle-years, or has OSX suddenly begun to look attractive? What do you think? Have Microsoft gone soft on safe-computing here?

Latest reports appear to indicate that Apple  aren’t quite as bad as it seems; in fact it might appear at first sight that they had a windfall.

That’s not exactly the case though: Despite news of their taking top customer-satisfaction honours among personal computer manufacturers, as released on Tuesday of this week, there are two things you should note before assuming that Apple are the tops and that this blog is heavily biased against them:

Firstly nobody even thought to ask Kustom Komputa if they even wanted to be included in this award; probably because they knew Kustom Komputa would trounce Apple into second place. On a more serious note, though, the index measures results only for the three-month period ended in June – Before the crap began to hit the fan for Apple, starting with the release of the iPhone.

Also on Tuesday; Apple admitted that a software update for their much troubled iPhone only partly fixes the connection problems it has had in connecting to 3G networks: In other words; honestly this time: “FAIL: We scratched again.”

It has been reported that it isn’t only Apple’s buggy software that’s to blame: There have been reports that the Infineon Technologies 3G chipsets used in the iPhone are faulty. That could mean that no matter how good the software, the hardware issue might cause the problem to never totally go away.

It has been reported that it isn’t only Apple’s buggy software that’s to blame: There have been reports that the Infineon Technologies 3G chipsets used in the iPhone are faulty. That could mean that no matter how good the software, the hardware issue might cause the problem to never totally go away.

The crap certainly has been hitting the fan lately for Apple; and maybe rightly so too: It seems that Steve Jobs has always been a bit of a dreamer;   and now incarnated as “Jobsweh”; the god of all things Apple; it appears that the power has gone to his head and mingled with his dreams, turning his wallet into a bottomless pit that seeks filling with loot, no matter what the cost.

As reported here on kkomp.com; Apple were recently forced to extend the free trial of MobileMe in a face-saving operation.

“We have already made many improvements to MobileMe, but we still have many more to make.” Said Apple.

To me that sounds like: “We did it again by releasing a service well ahead of schedule in order to market before the competition: It wasn’t actually ready to be released; but we did so out of a case of having to. We hope we can eventually get it to work.”

If they don’t it’ll end up costing them a few dollars more; which could incur the wrath of Jobsweh!

In the same email Apple stated “We know that MobileMe’s launch has not been our finest hour.” ROFLMAO – You’re telling me! What exactly has been Apple’s finest hour during the past two months? Steve Jobs seems to think he’s Apple’s answer to Bill Gates of late. The question is; is Jobsweh, the god with the bottomless pockets, fit to run Apple any longer? Should someone more competent and less greedy take over?

Fire Your Computer Technician!

A computer technician spills the beans and makes available the knowledge he has charged clients hundreds in service fees for.

CLICK HERE

In the post I made earlier entitled “A Geek’s Toolkit Supplement: Loaded USB Drive ” I spoke of what I described as “branding files”: Files that I add to the operating system to indicate that I am supplier, builder, and maintenance tech for a particular computer.

I can hear your brains whirring; so before you start thinking that I’m up to something naughty I’ll show you exactly what I mean. Oh yes; this only works if you have Windows XP installed, so don’t go trying it with a Linux or a OSX installation and then comment that I’ve messed up your operating system or “I can’t find those files in Ubuntu!” – “It doesn’t work with Leopard!” You’re quite right; it doesn’t – So be forewarned.

If this information has already been added to your operating system by the manufacturer then I suggest it best to just leave it anyway.

(Why are you playing about with your computer like this anyway? What do you hope to achieve? Oh well; your problem, not mine.)

The aim of the exercise is to customise Windows XP’s general tab in the System Properties dialogue box that you call up by right-clicking the My Computer icon and selecting Properties.

This customisation involves adding support contract information and a logo. It involves using only Notepad and whatever program you like to use to create a 256-colour bitmap.

Buy “WordPress on Crack” – Build your own WordPress plugins: Click Here!

OK let’s start with the details: I won’t tell you exactly what details I put for computers that I build; so for this exercise we’ll assume that these details are regarding a computer built by the Acme Computer Corporation:

The computer is a Datamax, model 55102. Support line is 1-800-ACME…

Open Notepad and type the following text, replacing the example with your company’s details etc:

[General]

Manufacturer=Acme Computer Corporation

Model=Datamax 55102

[Support Information]

Line 1=Call 1-800-ACME for technical support

Line 2=  ">.invalid

Line 3=500 Billion Byte Drive

Line 4=Pixelgraphicsville, USA

Save this file to %windir%\Windows\System32 as Oeminfo.ini

Create a 256-colour bitmap of your company’s logo that is no more than 96X96 pixels in size. Save this file to %windir%\Windows\system32 as Oemlogo.bmp

Yes I deliberately soiled the picture: ‘Better safe than sorry.

To see the results either right-click on the My Computer icon or press the Windows and the Break key simultaneously.

And that’s how it’s done – No registry edits, no hacking into anything. This is a white box system builder’s trick; but it’s no massive secret. The files aren’t permanent anyway; if you remove them or reinstall your operating system the dialogue box reverts to default.

Fire Your Computer Technician!

A computer technician spills the beans and makes available the knowledge he has charged clients hundreds in service fees for.

CLICK HERE

At 01:40GMT (02:40 BST) this morning the following email was delivered to my inbox. I’ve added my comments to it in regular Arial 12pt text:

“I’m sending you this note because you registered a mobile device
to work with Twitter over our UK number. I wanted to let you
know that we are making some changes to the way SMS works on
Twitter. There is some good news and some bad news.”

“I’ll start with the bad news. Beginning today, Twitter is no
longer delivering outbound SMS over our UK number. If you enjoy
receiving updates from Twitter via    +44 762 480 1423   , we are
recommending that you explore some suggested alternatives.
Note: You will still be able to UPDATE over our UK number.”

What this means is that UK telephone companies are refusing any concessions to Twitter in the interests of their own continued 100% profit; as if they needed to do so – The greedy money-grabbing penny-pinching slimeballs! Doing so might reduce their profits by a fraction of a percent; which might mean the Director will only get 5 paid-holidays and less than £500G a year or something equally ridiculous.

“Before I go into more detail, here’s a bit of good news: Twitter
will be introducing several new, local SMS numbers in countries
throughout Europe in the coming weeks and months. These new
numbers will make Twittering more accessible for you if you’ve
been using SMS to send long-distance updates from outside the UK.”

Note the absence of the word “free” or “Freephone”.

Fire Your Computer Guy or Girl!

A computer technician spills the beans and makes available the knowledge he has charged clients hundreds in service fees for.

Computer Secrets Unleashed

To find out more

CLICK HERE

You may or may not be aware that I run this blog on WordPress; a ready-made php blogging suite available free from WordPress.org. http://wordpress.org/

Yesterday I opened the admin account to discover that a new version of WordPress had been released. It was emblazoned across every page (Not on the public blog but on the pages I use.): “A new version has been released – Upgrade now” or some similar linked wording. I ignored it for the time being, and went to Windows Live Writer to write up yesterday’s scoop. Having uploaded that to my blog I returned to WordPress the edit screen within WordPress to give it a final edit and proof-read prior to publication pending addition to the RSS feed. Still nagging me in my vision were the linked words “Upgrade now”.

After I’d published the scoop I decided to click the link in question: The manual upgrade instructions looked fairly straightforward and none too baffling but it was a case of getting it right first and only time: ‘Not one of my specialities. I decided to leave it for now and clicked the back button in my browser. “…Upgrade now” was the first thing I saw. Nag , nag, nag. OK it needed doing. but can I please turn the notification off until I reboot or something?

No. Upgrade NOW…NOW…It was starting to make me feel guilty for not doing so. I read a few other blogs – Words like “I upgraded my WP install today without any problems – ‘Piece of cake…”.

F..k this! I am not going to be made to feel guilty for doing my upgrade in my own time. I will not bow to pressure. I’ll do it tomorrow for definite. Close Page, make more coffee.

Today I log in. ‘First thing I see: “…Upgrade now”: Oh for f..k’s sake! Yes I’ll do it NOW – All right?! (Redhead part of me activated.) I’d heard or read somewhere that there was an auto-upgrade plugin. I know it’s NMA (Negative mental Attitude) but I knew I was going to make just the one mistake with a manual upgrade that would send the whole thing tits-up and lose everything: Murphy’s Law in action.

I Googled and found the plugin:-

http://techie-buzz.com/wordpress-plugins/wordpress-automatic-upgrade-plugin.html

Save to local machine – done – unzip- done -ftp up to the correct directory on kkomp.com – done…”This is too easy: Whatever you do don’t start panicking. Hold it together girl”… log in to account – done – activate plugin – done – run plugin (Hovers mouse over link; closes eyes…and…) – done:

Five self-explanatory steps or so later and – Yes: Target neutralised! (I sooo wish I’d captured the screens – but I was too emotional to care at that point.) Success!

My experience with the auto-update plugin was a happy and positive one. The plugin’s creator, Keith D’sousa, has put a lot of time and effort into making this plugin and fully debugging it to enable it to work flawlessly. If you use it either now or in the future please please do donate: Even $5USD is a minimum amount as a thank-you for all the effort that’s been put into it.