Spyware Sucks

Internet Explorer and tabbed windows...

I’ve been having a closer look at IE7’s new tabbed windows feature over the past few days.  There are some things I like, and some things I don’t.

Remember, this article is written about IE7 as it appears in Beta 1 – Beta 2, Beta 3 (if there is one) and Gold will most likely behave quite differently.

Nice stuff…

There are some lovely touches in the way tabs work – for example, when we open a new tab it defaults to about:blank and the address bar is already highlighted allowing us to quickly enter the URL that we want to visit.  The first benefit of opening to about:blank is that the new tab opens very quickly, the second benefit is that a common complaint from the past (being that IE opens new windows with pre-populated, duplicate, content) is no longer an issue.

The tabs resize very nicely as more windows are opened, without using the horrid ‘torn tab’ look that programs such a FrontPage use.

Context menu:  the ‘close other tabs’ option is a nice feature, as is ‘refresh all’.  I wish there was also a ‘close all tabs’ option, similar to that offered by, for example, Deepnet Explorer.

Uh oh…

There is a minimum width for IE tabs.  Once that minimum width is reached, pre-existing tabs are pushed out of view to the left of screen, at which time navigation becomes a bit awkward.  The only way to access these hidden tabs is by double-clicking the far left tab which make the IE window ‘jump’ one full screen of tabs to the left.  The applies when navigating to the right.

But (there’s always a but).  IE will only jump a full screen the first time that you double click a far left or right tab.  After that it will only jump two tabs at a time.  There is no way, that I can see, to jump from a far left to far right tab.

How could tabs be improved…

Better navigation ability when tabs scroll off screen.

A close all tabs option.

IE7 starts a new process when clicking on a hyperlink in an email.  Now that IE supports tabs, this should not be happening.  All hyperlinks should be opening in a new tab in the instance of IE that is already running.

Also, the right click context menu has two options – ‘open in new tab’ and ‘open in new window’.  There is no need for the latter option anymore.

Some sites are opening windows outside of the tabs frame (is that the correct terminology?).  To see what I mean, go to www.anz.com.au and click on the ‘log on’ button for web banking.  A new window will open that is not a tabbed window – probably because they’re using javascript instead of a classic hyperlink.

Admittedly, this site works much better in IE than in Deepnet.  When using Deepnet, the log-in window does open as a tabbed window, but it is not properly sized in that once user name and password are entered and we have logged in, the window must be maximized before an essential navigation button is accessible, there being no scroll bars until the window is maximized.  I’ll see about uploading some screen shots later so that you, kind reader, can easily compare the two browsers.

Windows Vista, Longhorn Lab, IE7 and Secret Squirrel....

As mentioned earlier in my blog I traveled to Seattle last week, staying in town from 19 until 23 July.  The karma for this trip were very good – first I was upgraded to Business Class between Sydney and Los Angeles, then Terri and I were picked up by a black stretch limousine at SeaTac courtesy of a much loved, mutual friend, then I was upgraded to Business Class once more for the flight between Los Angeles and Melbourne – Qantas Skybeds are heavenly.

One of the reasons for this trip is that I was invited to attend an Expert Zone Featured Community event dubbed the ‘Longhorn Lab’ on 22 July.  It was very interesting to put a face to some (infamous) names, and gauge other attendees’ reactions to the Windows Vista (ex Longhorn) and IE7 features that were revealed during the Lab.  I had already seen a lot of the stuff that was on show that day, so was able to settle back and absorb the reactions of those around me. 

The ‘Windows Vista’ name was announced while we were there, and we were lucky enough to be given some of the very first swag with the new Vista name emblazoned on it –baseball caps and wall posters :o)  Anyway, other attendees at the Longhorn Lab have already shared their experiences, so I won’t repeat what has already been said elsewhere…. Let’s allow our friend Secret Squirrel out of his box.

Secret Squirrel says…. “So….what did you do during the rest of your time at Microsoft?”  I am so glad you asked!

On 20 July Terri Stratton (of www.thetabletpc.net and http://themediacentrepc.com fame) and I spent a very enjoyable day with the Internet Explorer team.  I can’t share details about what Terri and I saw during our day with the team but I can say this.  Beta 1 (now released to MSDN and TechNet subscribers) is a work in progress – later builds are even more impressive, and there is a very clever, yet-to-be-revealed treasure (that is not in Beta 1) which absolutely blew Terri and me away.  The IE team is justifiably excited, and proud, about what they have done with IE7.  Some have said that the new browser is simply Microsoft’s attempt to play catch up with its competitors, but what I have seen shows me that IE7 is going to be much more than that.  I am going to really enjoy watching reactions as more is revealed about IE7, and can’t wait for the final version to hit the streets.

Then, on the 21^st, I had lunch with the Outlook Express team, followed by in-depth sessions with various team members about the next version of OE.  Just like IE, OE is also undergoing major improvements, and just like IE, the time is not right to reveal further details.  But fear not, kind readers, the minute I can share, I will…

All in all, it was a very productive, interesting, hectic, fun, exhausting trip to Seattle.  My new web site will (hopefully) go live soon, and will be home-base for all information about IE7 that I am allowed to share and, if I am really lucky, a scoop or two.  As for when it will go live, that I cannot answer because finalizing DNS, without which it is impossible for me to proceed, is dependent on the actions of another.  I’m hoping some time over the next few days….

Microsoft Internet Security Videos.

There are several short educational  videos available on the Microsoft Security at Home website tha discuss spyware, phishing, viruses and worms, keeping your computer up to date, spam, protecting your privacy and using newsgroups.

I've always believed that visual and aural learning is far more effective than the written word.  These videos are an excellent starting point for the new computer user.

http://www.microsoft.com/athome/security/videos/default.mspx

Redmond revelry

Firefox web site (www.spreadfirefox.com) hacked?

Oops:
http://www.toptechnews.com/story.xhtml?story_id=37368

“Dotzler explained the problem as SpreadFirefox's failure to install security updates for its content-management software, Drupal. When the intrusion became apparent, it took the site down for several days.”

Yet another Firefox update...

Now we're up to version 1.0.6 which is apparently a 'stability update' (oops, what did they break)... ah, here we go, they need to “Restore API compatibility for extensions and web applications that did not work in Firefox 1.0.5.”

Go and get it :o)

http://www.mozilla.org/products/firefox/releases/1.0.6.html

Trend Antispyware - update on false positives and other issues

I had a very productive (and very early morning) teleconference with the Senior Spyware researcher at Trend today, as well as with an Internal Expert at the same company, regarding the various false positives previously reported in this Blog and usability issues affecting various versions of Trend Antispyware (web, consumer and small/medium business).

Now, I'll admit, after barely three hours of sleep I was not my normal sharp self, but we still managed to get a lot of work done.

Now for the good news:

Adgoblin false positive - fixed in an upcoming definition update (the lead developer at Camtasia will be very pleased to hear about this)...

Bonzi false positive - fixed in an upcoming definition update

bjkh_coolwebsearch false positive - fixed in an upcoming definition

Problems with mvps.org HOSTS file (malware site entries being detected,but routing to local host not being detected) - flagged for attention of AV team.

Not being able to selectively delete 'threats' in the SMB version - roadmapped - hopefully will be fixed in the future.

Let me be very clear about this... Trend have been extremely responsive, and have gone to a lot of trouble to liaise with me and address *all* problems that I have raised with them.   A lot of companies *listen*, but not many companies *act* so promptly on complaints or problems brought to their attention.

There is still a lot of work to be done regarding usability and network issues (SMB version) but I am very confident that Trend are listening, and more importantly, acting quickly on feedback from their customers.

Firefox updated again

Version 1.0.5 has been released which includes two critical and four highly sensitive security patches (plus six other patches).  Let's hope THIS version doesn't break something (remembering the XML debacle).

Details of the critical vulnerabilities are “embargoed“ until 20 July.

WARNING: Before installing 1.0.5 make sure that the target installation directory is EMPTY (ie uninstall old versions of Firefox if using the default installation directory).

Windows 2000 users with Media Player 9 may experience system crashes - get the latest version of Sun Java to resolve this problem - available here: http://www.java.com/en/download/manual.jsp

Your system may hang if you try to view PDFs using an older version of Acrobat.  Update your copy of Acrobat Reader if you see this problem, available here: http://www.adobe.com/products/acrobat/readstep2.html

If you are using Windows 98 or Windows ME, your Firefox icon may display as a 'Windows icon'.

Firefox 1.0.5 can be downloaded here:
http://www.mozilla.org/products/firefox/

Sandi and Patchou in Redmond at the same time.....

Hmmm, it seems that Patchou of Messenger Plus! fame is going to be in Redmond at the same time as me... {{bummer, missed him by a few days.. oh well, would probably have scared him too much anyways...}} ;o)

<Patchou's message>

<My analysis of Messenger Plus!> (overdue for an update to discuss changes in the latest version of the installer)

What an exquisite coincidence.. I shall keep an eye out for the guy whilst at Microsoft ...

Oh, and I have an update on Trend Micro's false positive for AdGoblin when Camtasia's SnagIt product is installed.  I've been having an email conversation with the Lead Developer at Camtasia, and he confirms  that the CLSID is theirs, and that the adgobin detection is a false positive.

Now, all we have to do is get Trend to fix the problem.

Microsoft Security Advisory (903144) – vulnerability in the Microsoft Java VM

This vulnerability (otherwise known as Bloodhound.Exploit.40) affects the Microsoft Java VM (which has been ‘out of circulation’ for quite a long time, but may still be on older operating systems).

Carefully read this article:

http://www.microsoft.com/technet/security/advisory/903144.mspx

My recommended (and the least disruptive) workaround is the first one – “disable the javaproxy.dll COM object from running in IE”.

Some antivirus programs are starting to detect attempts to take advantage of this exploit.

If you choose to remove the Java Virtual Machine, you can replace it with the Sun version, available here:

http://www.java.com/en/download/download_the_latest.jsp

While we’re on the topic of vulnerability java virtual machines, if you have Sun Java installed, make sure you are using the latest version, and more importantly, uninstall old versions of Sun Java which may still be installed – old, vulnerable versions of Sun Java can be accessed by hostile web sites or programs:

http://msmvps.com/spywaresucks/archive/2005/03/25/39584.aspx

Spyware –are we winning this war? Not yet.

A group called the "Pew Internet & American Life Project" (PIALP) has released a report examining the effect that spyware has had on (an American's) behaviour when on the Internet.

The report is available in PDF format here:
http://www.pewinternet.org/pdfs/PIP_Spyware_Report_July_05.pdf

The media release can be seen here:

http://www.pewinternet.org/PPF/r/108/press_release.asp

To summarise PIALP concluded that:

52% of home internet users say their computer has slowed down or is not running as fast as it used to.

51% of home internet users say their computer started freezing up or crashing, requiring them to shut down or reset.

25% of home internet users say a new program appeared on their computer that they didn’t install or new icons suddenly appeared on their desktop.

18% of home internet users say their internet home page changed without them resetting it.

In an attempt to stem the flow of spyware or adware onto their computers, those surveyed reported taking the following preventative steps:

81% of internet users say they have stopped opening email attachments unless they are sure these documents are safe.

48% of internet users say they have stopped visiting particular Web sites that they fear might deposit unwanted programs on their computers.

25% of internet users say they have stopped downloading music or video files from peer-to-peer networks to avoid getting unwanted software programs on their computers.

18% of internet users say they have started using a different Web browser to avoid software intrusions.

PIALP then goes on to say that 43% of those surveyed reported spyware or adware had managed to get onto their machines and that 60% did not know where it had come from.

I'm not surprised that so many do not know the source of malware on their machine – there is a GLARING omission in the above list, that being, what percentage of users have stopped downloading and installing advertising supported freeware (adware).

Unfortunately there is nothing that can be done to prevent a user from consciously downloading and installing adware or spyware.  Anti-spyware software can detect malware or spyware during or after installation, but (just like anti-virus protection) such programmes are only as good as their last update.

According to the survey, only 1 in 10 people surveyed believed that clicking through an EULA is sufficient notification for the purposes of obtaining permission to install adware, yet an EULA is the primary defence (nay, excuse) given by adware companies when challenged about their wares.  Personally I'm sick of adware suppliers and bundlers hiding behind long winded, and sometimes difficult to understand, disclaimers and disclosures (whilst ignoring the fact that the person installing their wares may be legally too young to agree to an EULA anyway – as happens far too often with 'toy' freeware such as fun cursors, IM client add-ons etc).

I have seen one installer that forces a user to scroll to the end of an agreement before allowing the 'next' button to be clicked – and that is the OpenOffice installer.  More programmers should start doing the same thing.  I acknowledge that forcing a user to scroll through an EULA will not force them to actually read what they're seeing, but when combined with the judicious use of colour and bolded text the salient points can be made very obvious.

Bearing in mind that this telephone survey consulted only 1,336 people some other points really concern me.  For example:

Only 68% of broadband users use a firewall (compared with 44% for dial-up users);

9% of those surveyed said they did not know if their anti-virus updates automatically, and 18% (of those that do know?) do not know how often it updates;

Fully 20% of those who attempted a fix [of spyware] said the problem has not been solved.

Viruses, trojans and worms are not the only risk that such unprotected machines face.  Broadband connected PCs are at grave risk of being hijacked by spammers looking to steal bandwidth, phishers looking for somewhere to set up a fake financial institution web site, or script kiddies looking for unprotected hard drive space to spread their wares.  It is simply unacceptable that so many PCs are unprotected, but how do we address the problem?  Users cannot be forced to upgrade to a new operating system, nor can they be forced to use firewalls and anti-virus.

The only silver lining that I can see at the moment is my belief that the drive-by adware and spyware downloads will slowly die out as Internet Explorer continues to be security hardened, and Windows XP SP2, and later Longhorn, slowly replaces older operating systems.  Windows XP with SP2 was the first time the Windows Firewall was enabled by default, and the new Security Centre ensures that computer users know if their firewall or anti-virus are not working, or if the anti-virus is not up to date.

But, that being said we MUST NOT depend on Microsoft, computer manufacturers, ISPs or any of the other popular targets in the spyware debate to protect us from ourselves.  Knowledge is power – not only self education but educating those we have contact with.