Posts Tagged ‘microsoft’

Is your power supply compatible with NOSMOKE?

After expe­rien­cing dif­fi­cul­ties with his com­pu­ter, a poor, incog­ni­zant user called the sys­tem maker’s tech­ni­cal sup­port line for assistance…

Tech­ni­cian: Hello. How can I help you today?

Cus­to­mer: There’s smoke coming from the power supply on my computer…

Tech­ni­cian: Looks like you need a new power supply…

Cus­to­mer: No, I don’t! I just need to change the star­tup files…

Tech­ni­cian: Sir, what you desc­ri­bed is a faulty power supply. You need to replace it…

Cus­to­mer: No way! Someone told me that I just had to change the sys­tem star­tup files to fix the pro­blem! All I need is for you to tell me the right command…

For the next ten minu­tes, in spite of the technician’s efforts to explain the pro­blem and its solu­tion, the cus­to­mer ada­mantly insis­ted that he was right. So, in frus­tra­tion, the tech­ni­cian responded…

Tech­ni­cian: I’m sorry. We don’t nor­mally tell our cus­to­mers this, but there’s an undo­cu­men­ted DOS com­mand that will fix the problem…

Cus­to­mer: I knew it!

Tech­ni­cian: Just add the line ‘LOAD NOSMOKE.COM’ at the end of the CONFIG.SYS file and everything should work fine. Let me know how it goes…

About ten minu­tes later, the tech­ni­cian recei­ved a call back from the customer…

Cus­to­mer: It didn’t work. The power supply is still smoking…

Tech­ni­cian: Well, what ver­sion of DOS are you using?

Cus­to­mer: MS-DOS 6.22… Tech­ni­cian: Well, that’s your pro­blem. That ver­sion of DOS doesn’t inc­lude NOSMOKE. You’ll need to con­tact Mic­ro­soft and ask them for a patch. Let me know how it all works out…

When nearly an hour had pas­sed, the phone rang again…

Cus­to­mer: I need a new power supply…

Tech­ni­cian: How did you come to that conclusion?

Cus­to­mer: Well, I called Mic­ro­soft and told the tech­ni­cian what you said, and he star­ted asking me ques­tions about the make of the power supply…

Tech­ni­cian: What did he tell you?

Cus­to­mer: He said my power supply isn’t com­pa­ti­ble with NOSMOKE…

Microsoft Office 2010 Beta

So I am going through my email yes­ter­day and I come across an email from Tech­Net announ­cing the beta of Mic­ro­soft 2010.

Even though I am a huge sup­por­ter of Open Office, I deci­ded to give it a try. Since I already had a Hot­mail account, the regis­tra­tion was very sim­ple and within 5 minu­tes I was down­loa­ding the installer.

One of the first things I noti­ced when I began to ins­tall the appli­ca­tion, was the options that were not selec­ted. As seen in this screenshot, very few fea­tu­res are ins­ta­lled by default.

The ins­tall did seem to take a bit lon­ger than nor­mal, how much was part of the ins­ta­ller ver­sus my test machine is unde­ci­ded. None the less the ins­ta­ller did not take more than 20 minu­tes or so. Since I spend more time in the Word appli­ca­tion that was where I hea­ded first. It does appear that MS did lis­ten to a lot of users con­cer­ning the start orb and has repla­ced it with the File tab. The remain­der of the rib­bon bar looks remar­kably the same.

When you do go to the file tab, you get a lot more infor­ma­tion at your mouse point without having to do a lot of digging.

So off I go. As I men­tio­ned I use Open Office by default, so the first thing I did was open one of my docu­ments crea­ted in Wri­ter. It did take a few moments to bring the docu­ment up, but all of my for­mat­ting (such as it was) remai­ned. I could even save it back into the .odt exten­sion. There was the war­ning that the for­mat was not com­ple­tely com­pa­ti­ble. I ope­ned the file in Wri­ter again and everything was gol­den. That was a big check mark in my books right there. Mic­ro­soft has been drug over the coals (right­fully so) for not being more com­pa­ti­ble with other appli­ca­tions, this is a good step forward.

The next thing I wan­ted to look at was how it hand­les wri­ting to a blog (not just Mic­ro­soft Live spa­ces). I rea­li­zed how happy I was for the file menu to be back. With a cou­ple of clicks I was being promp­ted to setup my blog con­nec­tion. I selec­ted Word­press and ente­red the ser­ver and login infor­ma­tion. Next time I know, I am wri­ting the entry right now. One of the great fea­tu­res is the screenshot fea­ture. Like the snip­ping tool in Vista and Win­dows 7, the screenshot tool is won­der­ful. When you go to insert you see the option screenshot, with the down arrow, you have the abi­lity to just grab a full win­dow or use the snip­ping tool. All of the ima­ges in this post were crea­ted using this format.

So far, I must say I am actually impres­sed with the direc­tion of at least the Word por­tion. I will play with the excel por­tion later. Check back…

Abbot and Costello with new style ‘Who’s on First’

You have to be old enough to remem­ber Abbott and Cos­te­llo,
And too old to REALLY unders­tand com­pu­ters, to fully appre­ciate this. For those of us who some­ti­mes get flus­te­red by our com­pu­ters, please read on…
If Bud Abbott and Lou Cos­te­llo were alive today, their infa­mous sketch, ‘Who’s on First?‘might have tur­ned out something like this:

COSTELLO CALLS TO BUY A COMPUTER FROM ABBOTT
ABBOTT: Super Duper com­pu­ter store. Can I help you?
COSTELLO: Thanks I’m set­ting up an office in my den and I’m thin­king about buying a com­pu­ter.
ABBOTT: Mac?
COSTELLO: No, the name’s Lou.
ABBOTT: Your com­pu­ter?
COSTELLO: I don’t own a com­pu­ter. I want to buy one.
ABBOTT: Mac?
COSTELLO: I told you, my name’s Lou.
ABBOTT: What about Win­dows?
COSTELLO: Why? Will it get stuffy in here?
ABBOTT: Do you want a com­pu­ter with Win­dows?
COSTELLO: I don’t know. What will I see when I look at the win­dows?
ABBOTT: Wall­pa­per.
COSTELLO: Never mind the win­dows. I need a com­pu­ter and soft­ware.
ABBOTT: Soft­ware for Win­dows?
COSTELLO: No. On the com­pu­ter! I need something I can use to write proposals,

Track expen­ses and run my busi­ness. What do you have?
ABBOTT: Office.
COSTELLO: Yeah, for my office. Can you recom­mend anything?
ABBOTT: I just did.
COSTELLO: You just did what?
ABBOTT: Recom­mend something.
COSTELLO: You recom­men­ded something?
ABBOTT: Yes.
COSTELLO: For my office?
ABBOTT: Yes.
COSTELLO: OK, what did you recom­mend for my office?
ABBOTT: Office.
COSTELLO: Yes, for my office!
ABBOTT: I recom­mend Office with Win­dows.
COSTELLO: I already have an office with win­dows! OK, let’s just say I’m sitting

At my com­pu­ter and I want to type a pro­po­sal. What do I need?
ABBOTT: Word.
COSTELLO: What word?
ABBOTT: Word in Office.
COSTELLO: The only word in office is office.
ABBOTT: The Word in Office for Win­dows.
COSTELLO: Which word in office for win­dows?
ABBOTT: The Word you get when you click the blue ‘W’.
COSTELLO: I’m going to click your blue ‘W’ if you don’t start with some straight answers.

What about finan­cial book­kee­ping? You have anything I can track my money with?
ABBOTT: Money.
COSTELLO: That’s right. What do you have?
ABBOTT: Money.
COSTELLO: I need money to track my money?
ABBOTT: It comes bund­led with your com­pu­ter.
COSTELLO: What’s bund­led with my com­pu­ter?
ABBOTT: Money.
COSTELLO: Money comes with my com­pu­ter?
ABBOTT: Yes. No extra charge.
COSTELLO: I get a bundle of money with my com­pu­ter? How much?
ABBOTT: One copy.
COSTELLO: Isn’t it ille­gal to copy money?
ABBOTT: Mic­ro­soft gave us a license to copy Money.
COSTELLO: They can give you a license to copy money?
ABBOTT: Why not? THEY OWN IT!
(A few days later)
ABBOTT: Super Duper com­pu­ter store. Can I help you?
COSTELLO: How do I turn my com­pu­ter off?
ABBOTT: Click on ‘START’…

More Shortcuts for MS Word

   Command Name                  Shortcut Keys
   ------------------------------------------------------------------------

   All Caps                      CTRL+SHIFT+A
   Annotation                    ALT+CTRL+M
   App Maximize                  ALT+F10
   App Restore                   ALT+F5
   Apply Heading1                ALT+CTRL+1
   Apply Heading2                ALT+CTRL+2
   Apply Heading3                ALT+CTRL+3
   Apply List Bullet             CTRL+SHIFT+L
   Auto Format                   ALT+CTRL+K
   Auto Text                     F3 or ALT+CTRL+V
   Bold                          CTRL+B or CTRL+SHIFT+B
   Bookmark                      CTRL+SHIFT+F5
   Browse Next                   CTRL+PAGE DOWN
   Browse Previous               CTRL+PAGE UP
   Browse Sel                    ALT+CTRL+HOME
   Cancel                        ESC
   Center Para                   CTRL+E
   Change Case                   SHIFT+F3
   Char Left                     LEFT
   Char Left Extend              SHIFT+LEFT
   Char Right                    RIGHT
   Char Right Extend             SHIFT+RIGHT
   Clear                         DELETE
   Close or Exit                 ALT+F4
   Close Pane                    ALT+SHIFT+C
   Column Break                  CTRL+SHIFT+ENTER
   Column Select                 CTRL+SHIFT+F8
   Copy                          CTRL+C or CTRL+INSERT
   Copy Format                   CTRL+SHIFT+C
   Copy Text                     SHIFT+F2
   Create Auto Text              ALT+F3
   Customize Add Menu            ALT+CTRL+=
   Customize Keyboard            ALT+CTRL+NUM +
   Customize Remove Menu         ALT+CTRL+-
   Cut                           CTRL+X or SHIFT+DELETE
   Date Field                    ALT+SHIFT+D
   Delete Back Word              CTRL+BACKSPACE
   Delete Word                   CTRL+DELETE
   Dictionary                    ALT+SHIFT+F7
   Do Field Click                ALT+SHIFT+F9
   Doc Close                     CTRL+W or CTRL+F4
   Doc Maximize                  CTRL+F10
   Doc Move                      CTRL+F7
   Doc Restore                   CTRL+F5
   Doc Size                      CTRL+F8
   Doc Split                     ALT+CTRL+S
   Double Underline              CTRL+SHIFT+D
   End of Column                 ALT+PAGE DOWN
   End of Column                 ALT+SHIFT+PAGE DOWN
   End of Doc Extend             CTRL+SHIFT+END
   End of Document               CTRL+END
   End of Line                   END
   End of Line Extend            SHIFT+END
   End of Row                    ALT+END
   End of Row                    ALT+SHIFT+END
   End of Window                 ALT+CTRL+PAGE DOWN
   End of Window Extend          ALT+CTRL+SHIFT+PAGE DOWN
   Endnote Now                   ALT+CTRL+D
   Extend Selection              F8
   Field Chars                   CTRL+F9
   Field Codes                   ALT+F9
   Find                          CTRL+F
   Font                          CTRL+D or CTRL+SHIFT+F
   Font Size Select              CTRL+SHIFT+P
   Footnote Now                  ALT+CTRL+F
   Go Back                       SHIFT+F5 or ALT+CTRL+Z
   Go To                         CTRL+G or F5
   Grow Font                     CTRL+SHIFT+.
   Grow Font One Point           CTRL+]
   Hanging Indent                CTRL+T
   Header Footer Link            ALT+SHIFT+R
   Help                          F1
   Hidden                        CTRL+SHIFT+H
   Hyperlink                     CTRL+K
   Indent                        CTRL+M
   Italic                        CTRL+I or CTRL+SHIFT+I
   Justify Para                  CTRL+J
   Left Para                     CTRL+L
   Line Down                     DOWN
   Line Down Extend              SHIFT+DOWN
   Line Up                       UP
   Line Up Extend                SHIFT+UP
   List Num Field                ALT+CTRL+L
   Lock Fields                   CTRL+3 or CTRL+F11
   Macro                         ALT+F8
   Mail Merge Check              ALT+SHIFT+K
   Mail Merge Edit Data Source   ALT+SHIFT+E
   Mail Merge to Doc             ALT+SHIFT+N
   Mail Merge to Printer         ALT+SHIFT+M
   Mark Citation                 ALT+SHIFT+I
   Mark Index Entry              ALT+SHIFT+X
   Mark Table of Contents Entry  ALT+SHIFT+O
   Menu Mode                     F10
   Merge Field                   ALT+SHIFT+F
   Microsoft Script Editor       ALT+SHIFT+F11
   Microsoft System Info         ALT+CTRL+F1
   Move Text                     F2
   New                           CTRL+N
   Next Cell                     TAB
   Next Field                    F11 or ALT+F1
   Next Misspelling              ALT+F7
   Next Object                   ALT+DOWN
   Next Window                   CTRL+F6 or ALT+F6
   Normal                        ALT+CTRL+N
   Normal Style                  CTRL+SHIFT+N or ALT+SHIFT+CLEAR (NUM 5)
   Open                          CTRL+O or CTRL+F12 or ALT+CTRL+F2
   Open or Close Up Para         CTRL+0
   Other Pane                    F6 or SHIFT+F6
   Outline                       ALT+CTRL+O
   Outline Collapse              ALT+SHIFT+- or ALT+SHIFT+NUM -
   Outline Demote                ALT+SHIFT+RIGHT
   Outline Expand                ALT+SHIFT+=
   Outline Expand                ALT+SHIFT+NUM +
   Outline Move Down             ALT+SHIFT+DOWN
   Outline Move Up               ALT+SHIFT+UP
   Outline Promote               ALT+SHIFT+LEFT
   Outline Show First Line       ALT+SHIFT+L
   Overtype                      INSERT
   Page                          ALT+CTRL+P
   Page Break                    CTRL+ENTER
   Page Down                     PAGE DOWN
   Page Down Extend              SHIFT+PAGE DOWN
   Page Field                    ALT+SHIFT+P
   Page Up                       PAGE UP
   Page Up Extend                SHIFT+PAGE UP
   Para Down                     CTRL+DOWN
   Para Down Extend              CTRL+SHIFT+DOWN
   Para Up                       CTRL+UP
   Para Up Extend                CTRL+SHIFT+UP
   Paste                         CTRL+V or SHIFT+INSERT
   Paste Format                  CTRL+SHIFT+V
   Prev Cell                     SHIFT+TAB
   Prev Field                    SHIFT+F11 or ALT+SHIFT+F1
   Prev Object                   ALT+UP
   Prev Window                   CTRL+SHIFT+F6 or ALT+SHIFT+F6
   Print                         CTRL+P or CTRL+SHIFT+F12
   Print Preview                 CTRL+F2 or ALT+CTRL+I
   Proofing                      F7
   Redo                          ALT+SHIFT+BACKSPACE
   Redo or Repeat                CTRL+Y or F4 or ALT+ENTER
   Repeat Find                   SHIFT+F4 or ALT+CTRL+Y
   Replace                       CTRL+H
   Reset Char                    CTRL+SPACE or CTRL+SHIFT+Z
   Reset Para                    CTRL+Q
   Revision Marks Toggle         CTRL+SHIFT+E
   Right Para                    CTRL+R
   Save                          CTRL+S or SHIFT+F12 or ALT+SHIFT+F2
   Save As                       F12
   Select All                    CTRL+A or CTRL+CLEAR (NUM 5) or CTRL+NUM 5
   Select Table                  ALT+CLEAR (NUM 5)
   Show All                      CTRL+SHIFT+8
   Show All Headings             ALT+SHIFT+A
   Show Heading1                 ALT+SHIFT+1
   Show Heading2                 ALT+SHIFT+2
   Show Heading3                 ALT+SHIFT+3
   Show Heading4                 ALT+SHIFT+4
   Show Heading5                 ALT+SHIFT+5
   Show Heading6                 ALT+SHIFT+6
   Show Heading7                 ALT+SHIFT+7
   Show Heading8                 ALT+SHIFT+8
   Show Heading9                 ALT+SHIFT+9
   Shrink Font                   CTRL+SHIFT+,
   Shrink Font One Point         CTRL+[
   Small Caps                    CTRL+SHIFT+K
   Space Para1                   CTRL+1
   Space Para15                  CTRL+5
   Space Para2                   CTRL+2
   Spike                         CTRL+SHIFT+F3 or CTRL+F3
   Start of Column               ALT+PAGE UP
   Start of Column               ALT+SHIFT+PAGE UP
   Start of Doc Extend           CTRL+SHIFT+HOME
   Start of Document             CTRL+HOME
   Start of Line                 HOME
   Start of Line Extend          SHIFT+HOME
   Start of Row                  ALT+HOME
   Start of Row                  ALT+SHIFT+HOME
   Start of Window               ALT+CTRL+PAGE UP
   Start of Window Extend        ALT+CTRL+SHIFT+PAGE UP
   Style                         CTRL+SHIFT+S
   Subscript                     CTRL+=
   Superscript                   CTRL+SHIFT+=
   Symbol Font                   CTRL+SHIFT+Q
   Thesaurus                     SHIFT+F7
   Time Field                    ALT+SHIFT+T
   Toggle Field Display          SHIFT+F9
   Toggle Master Subdocs         CTRL+\
   Tool                          SHIFT+F1
   Un Hang                       CTRL+SHIFT+T
   Un Indent                     CTRL+SHIFT+M
   Underline                     CTRL+U or CTRL+SHIFT+U
   Undo                          CTRL+Z or ALT+BACKSPACE
   Unlink Fields                 CTRL+6 or CTRL+SHIFT+F9
   Unlock Fields                 CTRL+4 or CTRL+SHIFT+F11
   Update Auto Format            ALT+CTRL+U
   Update Fields                 F9 or ALT+SHIFT+U
   Update Source                 CTRL+SHIFT+F7
   VBCode                        ALT+F11
   Web Go Back                   ALT+LEFT
   Web Go Forward                ALT+RIGHT
   Word Left                     CTRL+LEFT
   Word Left Extend              CTRL+SHIFT+LEFT
   Word Right                    CTRL+RIGHT
   Word Right Extend             CTRL+SHIFT+RIGHT
   Word Underline                CTRL+SHIFT+W

Clampi Virus targets online banking

In the modern world, most peo­ple never see their bank (with the excep­tion of ATM with­dra­wals).  We use bill pay, direct depo­sit and bank debit cards.  This is the exact beha­vior that the Clampi virus is living on.

Clampi is a very stealthy virus, just biding it’s time on a com­pro­mi­sed machine and watching for con­nec­tions to online finan­cial web­si­tes.  So many so that the Lon­don Times Online reports:

The tro­jan has a list of more than 4,500 finance-related web­si­tes that it moni­tors, inc­lu­ding Bri­tish high street banks. Secu­rity experts war­ned that it was one of the stealthiest and most per­va­sive threats to com­pu­ters using the Mic­ro­soft Win­dows ope­ra­ting systems.

The virus appears to be gea­red with more of the busi­ness users ins­tead of the nor­mal home user (though it does infect home users).  If the virus does end on a work com­pu­ter, it will attempt to cap­ture login cre­den­tials admi­nis­tra­tors and spread itself through the net­work.  As it spreads, it con­ti­nually moni­tors for login infor­ma­tion to the watch list of finan­cial web­si­tes.  If this virus does infect the finance group of a com­pany, it will attempt to send wire trans­fers from that account.  You can ask Slack Auto Parts.  It has been repor­ted that they lost $75,000 July 3–7, says owner Henry Slack. Clampi-infected com­pu­ters sent nine pay­ments to six dif­fe­rent mules � and fai­led to trans­fer an addi­tio­nal $69,000 in eight other attempts.

A word of war­ning, if your com­pu­ter is desig­na­ted for finan­cial usage, please do not surf the inter­net or use social media sites to mini­mize the risk of infections.

Since this virus has been out for a while, all the major anti­vi­rus ven­dors have upda­ted defi­ni­tion files that inc­lude the scan for this par­ti­cu­lar virus.  Make sure your sys­tem is always upda­ted and scan­ned on a regu­lar basis.  If you would like to run a quick check, using a dif­fe­rent ven­dor, I recom­mend these online scanners:

Trend­Micro: http://housecall65.trendmicro.com/
Syman­tec: http://security.symantec.com/sscv6/WelcomePage.asp
McA­fee: http://home.mcafee.com/downloads/freescan.aspx?cid=60447
Panda: http://www.pandasecurity.com/activescan/index/

From Windows 1.0 to Windows 7 : Chronological Evolution

Have you ever won­de­red that how Win­dows evol­ved to such a beauty?

How was win­dows when it was first intro­du­ced and how it all impro­ved? The Win­dows 7, Latest mas­ter­piece by Mic­ro­soft offers a rich expe­rience to users with its eye-candy ani­ma­tions and solid programming.

To have a peak at the evo­lu­tion of Win­dows with time, read more.  http://techtified.com/2009/08/from-windows-1–0-to-windows-7-chronological-evolution/

What’s old is new again

Yes­ter­day, Mic­ro­soft put out an advi­sory to a secu­rity vul­ne­ra­bi­lity spe­ci­fic to the Win­dows Vista, Win­dows Ser­ver 2008 SP2, and Win­dows 7 RC ope­ra­ting sys­tems.  No other Win­dows ope­ra­ting sys­tems, inc­lu­ding Win­dows 7 RTM are impacted.

Holy cow, once again the older sys­tems (you go XP) are more secure then the new sys­tems.  Why is that you say?  Well this exploit was first found a decade ago.  Yes, you did read that correct, in 1999 this was dis­co­ve­red and patched for the ope­ra­ting sys­tems at the time.  Yet no one thought to put that into the: Newest, Most Secure, Latest and Grea­test ope­ra­ting systems.

So what is this vulnerability?

Accor­ding to Microsoft:

What might an attac­ker use this vul­ne­ra­bi­lity to do?
An attac­ker who suc­cess­fully exploi­ted this vul­ne­ra­bi­lity could take com­plete con­trol of an affec­ted sys­tem. Most attempts to exploit this vul­ne­ra­bi­lity will cause an affec­ted sys­tem to stop res­pon­ding and restart.

I like the last four words, “stop res­pon­ding and res­tart”.  We had an acronym for that back in the day.  BSOD.  But out of all of this, the thing that bothers me the most is Microsoft’s response:

Mic­ro­soft is con­cer­ned that this new report of a vul­ne­ra­bi­lity was not res­pon­sibly disc­lo­sed, poten­tially put­ting com­pu­ter users at risk. We con­ti­nue to encou­rage res­pon­si­ble disc­lo­sure of vul­ne­ra­bi­li­ties. We believe the com­monly accep­ted prac­tice of repor­ting vul­ne­ra­bi­li­ties directly to a ven­dor ser­ves everyone’s best inte­rests. This prac­tice helps to ensure that cus­to­mers receive com­prehen­sive, high-quality upda­tes for secu­rity vul­ne­ra­bi­li­ties without expo­sure to mali­cious attac­kers while the update is being developed.

Mic­ro­soft is con­cer­ned that this new report of a vul­ne­ra­bi­lity was not res­pon­sibly disc­lo­sed? Excuse me what?  It’s not new, it was disc­lo­sed pro­perly the first time.  Why do others become res­pon­si­ble for your oversight?

With that said Mic­ro­soft has issued two do it your­self reso­lu­tions until they can get a patch pushed.

The first is to Disa­ble SMB2 in the registry:

Impact of wor­ka­round. Host will not be able to com­mu­ni­cate using SMB2.

1. Click Start, click Run, type Rege­dit in the Open box, and then click OK.
2. Locate and then click the follo­wing registry sub­key:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
3. Click Lan­man­Ser­ver.
4. Click Para­me­ters.
5. Right-click to add a new DWORD (32 bit) Value.
6. Enter smb2 in the Name data field, and change the Value data field to 0.
7. Exit.
8. Res­tart the “Ser­ver” ser­vice by per­for­ming one of the following:
   • Open up the com­pu­ter mana­ge­ment MMC, navi­gate to Ser­vi­ces and Appli­ca­tions, click Ser­vi­ces, right-click the Ser­ver ser­vice name and click Res­tart. Ans­wer Yes in the pop-up menu.
   • From a com­mand prompt and with admi­nis­tra­tor pri­vi­le­ges, type net stop ser­ver and then net start ser­ver.

The second is to Block TCP ports 139 and 445 at the firewall:

Impact of Wor­ka­round: Seve­ral Win­dows ser­vi­ces use the affec­ted ports. Bloc­king con­nec­ti­vity to the ports may cause various appli­ca­tions or ser­vi­ces to not func­tion. Some of the appli­ca­tions or ser­vi­ces that could be impac­ted are lis­ted below:

• Appli­ca­tions that use SMB (CIFS)
• Appli­ca­tions that use mails­lots or named pipes (RPC over SMB)
• Ser­ver (File and Print Sharing)
• Group Policy
• Net Logon
• Dis­tri­bu­ted File Sys­tem (DFS)
• Ter­mi­nal Ser­ver Licensing
• Print Spoo­ler
• Com­pu­ter Browser
• Remote Pro­ce­dure Call Locator
• Fax Ser­vice
• Inde­xing Service
• Per­for­mance Logs and Alerts
• Sys­tems Mana­ge­ment Server
• License Log­ging Service

Per­so­nally, I would block those on your inter­net facing fire­wall of you broad­band router.

10 Immutable Laws of Security

Love Mic­ro­soft or hate them, this list of the 10 Immu­ta­ble Laws of Secu­rity is dead on.

Law #1: If a bad guy can per­suade you to run his pro­gram on your com­pu­ter, it’s not your com­pu­ter anymore

It’s an unfor­tu­nate fact of com­pu­ter science: when a com­pu­ter pro­gram runs, it will do what it’s pro­gram­med to do, even if it’s pro­gram­med to be harm­ful. When you choose to run a pro­gram, you are making a deci­sion to turn over con­trol of your com­pu­ter to it. Once a pro­gram is run­ning, it can do anything, up to the limits of what you your­self can do on the com­pu­ter. It could moni­tor your keys­tro­kes and send them to a web­site. It could open every docu­ment on the com­pu­ter, and change the word “will” to “won’t” in all of them. It could send rude emails to all your friends. It could ins­tall a virus. It could create a “back door” that lets someone remo­tely con­trol your com­pu­ter. It could dial up an ISP in Kat­mandu. Or it could just refor­mat your hard drive.

That’s why it’s impor­tant to never run, or even down­load, a pro­gram from an untrus­ted source—and by “source,” I mean the per­son who wrote it, not the per­son who gave it to you. There’s a nice ana­logy bet­ween run­ning a pro­gram and eating a sand­wich. If a stran­ger wal­ked up to you and han­ded you a sand­wich, would you eat it? Pro­bably not. How about if your best friend gave you a sand­wich? Maybe you would, maybe you wouldn’t—it depends on whether she made it or found it lying in the street. Apply the same cri­ti­cal thought to a pro­gram that you would to a sand­wich, and you’ll usually be safe.

Law #2: If a bad guy can alter the ope­ra­ting sys­tem on your com­pu­ter, it’s not your com­pu­ter anymore

In the end, an ope­ra­ting sys­tem is just a series of ones and zeroes that, when inter­pre­ted by the pro­ces­sor, cause the com­pu­ter to do cer­tain things. Change the ones and zeroes, and it will do something dif­fe­rent. Where are the ones and zeroes sto­red? Why, on the com­pu­ter, right along with everything else! They’re just files, and if other peo­ple who use the com­pu­ter are per­mit­ted to change those files, it’s “game over”.

To unders­tand why, con­si­der that ope­ra­ting sys­tem files are among the most trus­ted ones on the com­pu­ter, and they gene­rally run with system-level pri­vi­le­ges. That is, they can do abso­lu­tely anything. Among other things, they’re trus­ted to manage user accounts, handle pass­word chan­ges, and enforce the rules gover­ning who can do what on the com­pu­ter. If a bad guy can change them, the now-untrustworthy files will do his bid­ding, and there’s no limit to what he can do. He can steal pass­words, make him­self an admi­nis­tra­tor on the com­pu­ter, or add enti­rely new func­tions to the ope­ra­ting sys­tem. To pre­vent this type of attack, make sure that the sys­tem files (and the registry, for that mat­ter) are well protected.

Law #3: If a bad guy has unres­tric­ted phy­si­cal access to your com­pu­ter, it’s not your com­pu­ter anymore

Oh, the things a bad guy can do if he can lay his hands on your com­pu­ter! Here’s a sam­pling, going from Stone Age to Space Age:

• He could mount the ulti­mate low-tech denial of ser­vice attack, and smash your com­pu­ter with a sledgehammer.
• He could unplug the com­pu­ter, haul it out of your buil­ding, and hold it for ransom.
• He could boot the com­pu­ter from a floppy disk, and refor­mat your hard drive. But wait, you say, I’ve con­fi­gu­red the BIOS on my com­pu­ter to prompt for a pass­word when I turn the power on. No pro­blem – if he can open the case and get his hands on the sys­tem hard­ware, he could just replace the BIOS chips. (Actually, there are even easier ways).
• He could remove the hard drive from your com­pu­ter, ins­tall it into his com­pu­ter, and read it.
• He could make a dupli­cate of your hard drive and take it back his lair. Once there, he’d have all the time in the world to con­duct brute-force attacks, such as trying every pos­si­ble logon pass­word. Pro­grams are avai­la­ble to auto­mate this and, given enough time, it’s almost cer­tain that he would suc­ceed. Once that hap­pens, Laws #1 and #2 above apply.
• He could replace your key­board with one that con­tains a radio trans­mit­ter. He could then moni­tor everything you type, inc­lu­ding your password.

Always make sure that a com­pu­ter is phy­si­cally pro­tec­ted in a way that’s con­sis­tent with its value—and remem­ber that the value of a com­pu­ter inc­lu­des not only the value of the hard­ware itself, but the value of the data on it, and the value of the access to your net­work that a bad guy could gain. At a mini­mum, business-critical com­pu­ters like domain con­tro­llers, data­base ser­vers, and print/file ser­vers should always be in a loc­ked room that only peo­ple char­ged with admi­nis­tra­tion and main­te­nance can access. But you may want to con­si­der pro­tec­ting other com­pu­ters as well, and poten­tially using addi­tio­nal pro­tec­tive measures.

If you tra­vel with a lap­top, it’s abso­lu­tely cri­ti­cal that you pro­tect it. The same fea­tu­res that make lap­tops great to tra­vel with – small size, light weight, and so forth—also make them easy to steal. There are a variety of locks and alarms avai­la­ble for lap­tops, and some models let you remove the hard drive and carry it with you. You also can use fea­tu­res like the Encryp­ting File Sys­tem in Mic­ro­soft Win­dows® 2000 to miti­gate the damage if someone suc­cee­ded in stea­ling the com­pu­ter. But the only way you can know with 100% cer­tainty that your data is safe and the hard­ware hasn’t been tam­pe­red with is to keep the lap­top on your per­son at all times while traveling.

Law #4: If you allow a bad guy to upload pro­grams to your web­site, it’s not your web­site any more

This is basi­cally Law #1 in reverse. In that sce­na­rio, the bad guy tricks his vic­tim into down­loa­ding a harm­ful pro­gram onto his com­pu­ter and run­ning it. In this one, the bad guy uploads a harm­ful pro­gram to a com­pu­ter and runs it him­self. Although this sce­na­rio is a dan­ger any­time you allow stran­gers to con­nect to your com­pu­ter, web­si­tes are invol­ved in the overwhel­ming majo­rity of these cases. Many peo­ple who ope­rate web­si­tes are too hos­pi­ta­ble for their own good, and allow visi­tors to upload pro­grams to the site and run them. As we’ve seen above, unplea­sant things can hap­pen if a bad guy’s pro­gram can run on your computer.

If you run a web­site, you need to limit what visi­tors can do. You should only allow a pro­gram on your site if you wrote it your­self, or if you trust the deve­lo­per who wrote it. But that may not be enough. If your web­site is one of seve­ral hos­ted on a sha­red ser­ver, you need to be extra care­ful. If a bad guy can com­pro­mise one of the other sites on the ser­ver, it’s pos­si­ble he could extend his con­trol to the ser­ver itself, in which he could con­trol all of the sites on it—including yours. If you’re on a sha­red ser­ver, it’s impor­tant to find out what the ser­ver administrator’s poli­cies are.

Law #5: Weak pass­words trump strong security

The pur­pose of having a logon pro­cess is to esta­blish who you are. Once the ope­ra­ting sys­tem knows who you are, it can grant or deny requests for sys­tem resour­ces appro­pria­tely. If a bad guy learns your pass­word, he can log on as you. In fact, as far as the ope­ra­ting sys­tem is con­cer­ned, he is you. Wha­te­ver you can do on the sys­tem, he can do as well, because he’s you. Maybe he wants to read sen­si­tive infor­ma­tion you’ve sto­red on your com­pu­ter, like your e-mail. Maybe you have more pri­vi­le­ges on the net­work than he does, and being you will let him do things he nor­mally couldn’t. Or maybe he just wants to do something mali­cious and blame it on you. In any case, it’s worth pro­tec­ting your credentials.

Always use a password—it’s ama­zing how many accounts have blank pass­words. And choose a com­plex one. Don’t use your dog’s name, your anni­ver­sary date, or the name of the local foot­ball team. And don’t use the word “pass­word”! Pick a pass­word that has a mix of upper– and lower-case let­ters, num­ber, punc­tua­tion marks, and so forth. Make it as long as pos­si­ble. And change it often. Once you’ve pic­ked a strong pass­word, handle it appro­pria­tely. Don’t write it down. If you abso­lu­tely must write it down, at the very least keep it in a safe or a loc­ked drawer—the first thing a bad guy who’s hun­ting for pass­words will do is check for a yellow sticky note on the side of your screen, or in the top desk dra­wer. Don’t tell anyone what your pass­word is. Remem­ber what Ben Fran­klin said: two peo­ple can keep a sec­ret, but only if one of them is dead.

Finally, con­si­der using something stron­ger than pass­words to iden­tify your­self to the system.

Law #6: A com­pu­ter is only as secure as the admi­nis­tra­tor is trustworthy

Every com­pu­ter must have an admi­nis­tra­tor: someone who can ins­tall soft­ware, con­fi­gure the ope­ra­ting sys­tem, add and manage user accounts, esta­blish secu­rity poli­cies, and handle all the other mana­ge­ment tasks asso­cia­ted with kee­ping a com­pu­ter up and run­ning. By defi­ni­tion, these tasks require that he have con­trol over the com­pu­ter. This puts the admi­nis­tra­tor in a posi­tion of une­qua­lled power. An untrust­worthy admi­nis­tra­tor can negate every other secu­rity mea­sure you’ve taken. He can change the per­mis­sions on the com­pu­ter, modify the sys­tem secu­rity poli­cies, ins­tall mali­cious soft­ware, add bogus users, or do any of a million other things. He can sub­vert vir­tually any pro­tec­tive mea­sure in the ope­ra­ting sys­tem, because he con­trols it. Worst of all, he can cover his tracks. If you have an untrust­worthy admi­nis­tra­tor, you have abso­lu­tely no security.

When hiring a sys­tem admi­nis­tra­tor, recog­nize the posi­tion of trust that admi­nis­tra­tors occupy, and only hire peo­ple who warrant that trust. Call his refe­ren­ces, and ask them about his pre­vious work record, espe­cially with regard to any secu­rity inci­dents at pre­vious emplo­yers. If appro­priate for your orga­ni­za­tion, you may also con­si­der taking a step that banks and other security-conscious com­pa­nies do, and require that your admi­nis­tra­tors pass a com­plete back­ground check at hiring time, and at perio­dic inter­vals after­ward. Wha­te­ver cri­te­ria you select, apply them across the board. Don’t give anyone admi­nis­tra­tive pri­vi­le­ges on your net­work unless they’ve been vet­ted – and this inc­lu­des tem­po­rary emplo­yees and con­trac­tors, too.

Next, take steps to help keep honest peo­ple honest. Use sign-in/sign-out sheets to track who’s been in the ser­ver room. (You do have a ser­ver room with a loc­ked door, right? If not, re-read Law #3). Imple­ment a “two per­son” rule when ins­ta­lling or upgra­ding soft­ware. Diver­sify mana­ge­ment tasks as much as pos­si­ble, as a way of mini­mi­zing how much power any one admi­nis­tra­tor has. Also, don’t use the Admi­nis­tra­tor account—instead, give each admi­nis­tra­tor a sepa­rate account with admi­nis­tra­tive pri­vi­le­ges, so you can tell who’s doing what. Finally, con­si­der taking steps to make it more dif­fi­cult for a rogue admi­nis­tra­tor to cover his tracks. For ins­tance, store audit data on write-only media, or house Sys­tem A’s audit data on Sys­tem B, and make sure that the two sys­tems have dif­fe­rent admi­nis­tra­tors. The more accoun­ta­ble your admi­nis­tra­tors are, the less likely you are to have problems.

Law #7: Encryp­ted data is only as secure as the decryp­tion key

Sup­pose you ins­ta­lled the big­gest, stron­gest, most secure lock in the world on your front door, but you put the key under the front door mat. It wouldn’t really mat­ter how strong the lock is, would it? The cri­ti­cal fac­tor would be the poor way the key was pro­tec­ted, because if a bur­glar could find it, he’d have everything he nee­ded to open the lock. Encryp­ted data works the same way—no mat­ter how strong the crypto algo­rithm is, the data is only as safe as the key that can decrypt it.

Many ope­ra­ting sys­tems and cryp­to­graphic soft­ware pro­ducts give you an option to store cryp­to­graphic keys on the com­pu­ter. The advan­tage is con­ve­nience – you don’t have to handle the key – but it comes at the cost of secu­rity. The keys are usually obfus­ca­ted (that is, hid­den), and some of the obfus­ca­tion methods are quite good. But in the end, no mat­ter how well-hidden the key is, if it’s on the com­pu­ter it can be found. It has to be – after all, the soft­ware can find it, so a sufficiently-motivated bad guy could find it, too. Whe­ne­ver pos­si­ble, use offline sto­rage for keys. If the key is a word or phrase, memo­rize it. If not, export it to a floppy disk, make a bac­kup copy, and store the copies in sepa­rate, secure loca­tions. (All of you admi­nis­tra­tors out there who are using Sys­key in “local sto­rage” mode—you’re going to recon­fi­gure your ser­ver right this minute, right?)

Law #8: An out of date virus scan­ner is only mar­gi­nally bet­ter than no virus scan­ner at all

Virus scan­ners work by com­pa­ring the data on your com­pu­ter against a collec­tion of virus “sig­na­tu­res”. Each sig­na­ture is cha­rac­te­ris­tic of a par­ti­cu­lar virus, and when the scan­ner finds data in a file, email, or elsewhere that matches the sig­na­ture, it conc­lu­des that it’s found a virus. Howe­ver, a virus scan­ner can only scan for the viru­ses it knows about. It’s vital that you keep your virus scanner’s sig­na­ture file up to date, as new viru­ses are crea­ted every day.

The pro­blem actually goes a bit dee­per than this, though. Typi­cally, a new virus will do the grea­test amount of damage during the early sta­ges of its life, pre­ci­sely because few peo­ple will be able to detect it. Once word gets around that a new virus is on the loose and peo­ple update their virus sig­na­tu­res, the spread of the virus falls off dras­ti­cally. The key is to get ahead of the curve, and have upda­ted sig­na­ture files on your com­pu­ter before the virus hits.

Vir­tually every maker of anti-virus soft­ware pro­vi­des a way to get free upda­ted sig­na­ture files from their web­site. In fact, many have “push” ser­vi­ces, in which they’ll send noti­fi­ca­tion every time a new sig­na­ture file is relea­sed. Use these ser­vi­ces. Also, keep the virus scan­ner itself—that is, the scan­ning software—updated as well. Virus wri­ters perio­di­cally deve­lop new tech­ni­ques that require that the scan­ners change how they do their work.

Law #9: Abso­lute anony­mity isn’t prac­ti­cal, in real life or on the Web

All human inte­rac­tion invol­ves exchan­ging data of some kind. If someone wea­ves enough of that data together, they can iden­tify you. Think about all the infor­ma­tion that a per­son can glean in just a short con­ver­sa­tion with you. In one glance, they can gauge your height, weight, and appro­xi­mate age. Your accent will pro­bably tell them what country you’re from, and may even tell them what region of the country. If you talk about anything other than the weather, you’ll pro­bably tell them something about your family, your inte­rests, where you live, and what you do for a living. It doesn’t take long for someone to collect enough infor­ma­tion to figure out who you are. If you crave abso­lute anony­mity, your best bet is to live in a cave and shun all human contact.

The same thing is true of the Inter­net. If you visit a web­site, the owner can, if he’s suf­fi­ciently moti­va­ted, find out who you are. After all, the ones and zeroes that make up the Web ses­sion have to be able to find their way to the right place, and that place is your com­pu­ter. There are a lot of mea­su­res you can take to dis­guise the bits, and the more of them you use, the more tho­roughly the bits will be dis­gui­sed. For ins­tance, you could use net­work address trans­la­tion to mask your actual IP address, subsc­ribe to an anony­mi­zing ser­vice that laun­ders the bits by rela­ying them from one end of the ether to the other, use a dif­fe­rent ISP account for dif­fe­rent pur­po­ses, surf cer­tain sites only from public kiosks, and so on. All of these make it more dif­fi­cult to deter­mine who you are, but none of them make it impos­si­ble. Do you know for cer­tain who ope­ra­tes the anony­mi­zing ser­vice? Maybe it’s the same per­son who owns the web­site you just visi­ted! Or what about that inno­cuous web­site you visi­ted yes­ter­day, that offe­red to mail you a free $10 off cou­pon? Maybe the owner is willing to share infor­ma­tion with other web­site owners. If so, the second web­site owner may be able to corre­late the infor­ma­tion from the two sites and deter­mine who you are.

Does this mean that pri­vacy on the Web is a lost cause? Not at all. What it means is that the best way to pro­tect your pri­vacy on the Inter­net is the same as the way you pro­tect your pri­vacy in nor­mal life—through your beha­vior. Read the pri­vacy sta­te­ments on the web­si­tes you visit, and only do busi­ness with ones whose prac­ti­ces you agree with. If you’re worried about coo­kies, disa­ble them. Most impor­tantly, avoid indisc­ri­mi­nate Web surfing—recognize that just as most cities have a bad side of town that’s best avoi­ded, the Inter­net does too. But if it’s com­plete and total anony­mity you want, bet­ter start loo­king for that cave.

Law #10: Tech­no­logy is not a panacea

Tech­no­logy can do some ama­zing things. Recent years have seen the deve­lop­ment of ever-cheaper and more power­ful hard­ware, soft­ware that har­nes­ses the hard­ware to open new vis­tas for com­pu­ter users, as well as advan­ce­ments in cryp­to­graphy and other scien­ces. It’s temp­ting to believe that tech­no­logy can deli­ver a risk-free world, if we just work hard enough. Howe­ver, this is simply not realistic.

Per­fect secu­rity requi­res a level of per­fec­tion that simply doesn’t exist, and in fact isn’t likely to ever exist. This is true for soft­ware as well as vir­tually all fields of human inte­rest. Soft­ware deve­lop­ment is an imper­fect science, and all soft­ware has bugs. Some of them can be exploi­ted to cause secu­rity breaches. That’s just a fact of life. But even if soft­ware could be made per­fect, it wouldn’t solve the pro­blem enti­rely. Most attacks involve, to one degree or another, some mani­pu­la­tion of human nature—this is usually refe­rred to as social engi­nee­ring. Raise the cost and dif­fi­culty of attac­king secu­rity tech­no­logy, and bad guys will res­pond by shif­ting their focus away from the tech­no­logy and toward the human being at the con­sole. It’s vital that you unders­tand your role in main­tai­ning solid secu­rity, or you could become the chink in your own sys­tems’ armor.

The solu­tion is to recog­nize two essen­tial points. First, secu­rity con­sists of both tech­no­logy and policy—that is, it’s the com­bi­na­tion of the tech­no­logy and how it’s used that ulti­ma­tely deter­mi­nes how secure your sys­tems are. Second, secu­rity is jour­ney, not a destination—it isn’t a pro­blem that can be “sol­ved” once and for all; it’s a cons­tant series of moves and coun­ter­mo­ves bet­ween the good guys and the bad guys. The key is to ensure that you have good secu­rity awa­re­ness and exer­cise sound judg­ment. There are resour­ces avai­la­ble to help you do this. The Mic­ro­soft Secu­rity web­site, for ins­tance, has hun­dreds of white papers, best prac­ti­ces gui­des, chec­klists and tools, and we’re deve­lo­ping more all the time. Com­bine great tech­no­logy with sound judg­ment, and you’ll have rock-solid security.

Find your Microsoft Product Key

It is that time again.  Time to rei­mage your Win­dows PC.  You have gone through the chec­klist: Bac­kup data, found all of the dri­vers you will need, have your pro­grams ready for reins­tall, Win­dows ins­tall CD, Pro­duct key for CD.  Ok, except for that last one.  That blas­ted key.  Now you are thin­king “How will I ins­tall my OS without that?”

Never fear, there is an app for that.  Magi­cal Jelly Bean Key­fin­der.

This handy tool is on my USB disk that I always bring with me.  Most peo­ple I have hel­ped with rei­ma­ging a PC do not have their pro­duct key any­more for wha­te­ver rea­son.  With this tool and about 2 seconds of your time, you will be pre­sen­ted with the Pro­duct Key.  The web­site reports that it can pull the Pro­duct key for all Win­dows pro­ducts up to Vista (sorry Win­dows 7 beta users) and Mic­ro­soft Office up to 2007.

It is not a bad idea to get this infor­ma­tion for your records any­ways, just in case your sys­tem crashes.

New Computer Security Mistakes

I wan­ted to pass on what I see as some of the top com­pu­ter secu­rity mis­ta­kes that most casual com­pu­ters users make when first set­ting up a new computer:

1. Set­ting an non pro­tec­ted newly ima­ged com­pu­ter on the inter­net.  Before ins­ta­lling any com­pu­ter on the inter­net, you will want to ins­tall at least an anti­vi­rus and make sure that the built in fire­wall for Win­dows is ope­ned.  I per­so­nally have a DVD with a lot of first ins­tall appli­ca­tions on it.  This inc­lu­des Comodo Anti­vi­rus, Comodo Fire­wall, Win­dows XP Ser­vice Pack 3 (Net­work Admin Ins­ta­ller), and Vista Ser­vice Pack 2 (Net­work Admin Ins­ta­ller).  As well as a few other odds and ends.  I run these ins­talls before I ever con­nect my machine to the wire­less net­work.  I know the virus defi­ni­tion files for the Anti­vi­rus will be out­da­ted, but that is correc­ted shortly.
2. Not run­ning upda­tes as soon as online. After ins­ta­lling all the appli­ca­tions men­tio­ned above, I get my sys­tem on the net­work and run upda­tes on my anti­vi­rus soft­ware and then run­ning the Win­dows Update.  This is a very impor­tant step.  Just because an anti­vi­rus is ins­ta­lled or the latest Ser­vice Pack applied, it does not mean you are pro­tec­ted.  With more and more vul­ne­ra­bi­li­ties and viru­ses being relea­sed daily, it is a never ending battle to keep your­self pro­tec­ted.  Not only should you worry about the secu­rity soft­ware, but any appli­ca­tion you ins­tall, please run all the updates.
3. Set­ting your pri­mary login ID as an admi­nis­tra­tor.  I know this one is hard, but it has been brought to my atten­tion, and right­fully so, it is not recom­men­ded.  An admi­nis­tra­tor account has unli­mi­ted rights and power on a com­pu­ter.  You can create a sepa­rate user and make is a power user.  For the Admi­nis­tra­tor account, you should rename it from Admi­nis­tra­tor and put a secure pass­word on it.  Also, disa­ble the guest account on your sys­tem for safety measures.

1. Pass­word, Pass­word, Pass­word, and did I men­tion pass­word?  I know this is your home com­pu­ter and you won­der who would get into it.  Well, since the com­pu­ter has become so inte­gra­ted in our lives, we store everything on there.  From bank infor­ma­tion, impor­tant docu­ments, Tax infor­ma­tion, fami­lies infor­ma­tion, on and on.  If your com­pu­ter gets sto­len, someone else now has all of that infor­ma­tion.  If you do not have a secure pass­word (see ear­lier pos­ting) then it’s easy for them to get in.
2. Disk Encryp­tion.This is a topic I will dis­cuss more in depth in the next few days.  There are many free drive encryp­tion appli­ca­tions avai­la­ble that are very very good.  The rea­son for this encryp­tion is so that if someone comes in and just grabs your drive out of your com­pu­ter (less then 3 minu­tes for the most part) your data is secu­red.  See item 4.
3. Wire­less Net­work Secu­rity. Again another topic I will get into later, but for the most part I can sum it up quickly.  If you get a brand new wire­less rou­ter, the defaults are the same.  The same IP address, the same root pass­word, the same SSID (Net­work name).  With this infor­ma­tion anyone in your area can get into your net­work.  There are some things you can do to pro­tect your­self and I plan on dis­cus­sing it later, inc­lu­ding what some recom­men­ded set­tings are.  So please check back.

I hope that you found this use­ful infor­ma­tion.  Ques­tions, com­ments and feed­back is always welcome.