Software

Channel8 announced a new program, which will give millions of qualified students the opportunity to download Microsoft professional-level developer and design tools at no charge.

It is our hope that the DreamSpark program will spark your creativity and help you harness software’s transformative magic to turn your good ideas into reality, by equipping you with the tools you need to succeed and excel during your academic experience and skills you will need after graduation.

The program starts off in 11 countries/regions: the United States, the United Kingdom, Canada, China, Germany, France, Finland, Spain, Sweden, Switzerland and Belgium. More countries will be added throughout the year.

Get started here.

Bill Gates talks about Free Software, Students, and Technology

{ 2 comments }

Adobe Reader 8.1.2 Release Notes

The absence of a bulletin with details and severity ratings has raised eyebrows in the security research community.

The patch, included in Adobe Reader 8.1.2, plugs at least one known critical issue that allows rigged PDF files to be used in code execution attacks, says Kostya Kortchinsky, a vulnerability researcher at Immunity.

eWeek

{ 0 comments }

RealPlayer by RealNetworks is a popular alternative to Apple’s QuickTime and Windows Media Player.

StopBadware

We find that RealPlayer 10.5 is badware because it fails to accurately and completely disclose the fact that it installs advertising software on the user’s computer. We additionally find that RealPlayer 11 is badware because it does not disclose the fact that it installs Rhapsody Player Engine software, and fails to remove this software when RealPlayer is uninstalled.

We currently recommend that users do not install the versions of RealPlayer that we tested, unless the user is comfortable with the software behaviors we identify or until the application is updated to be consistent with the recommendations in this report.
This alert represents StopBadware’s findings during our initial testing period. Additional badware behaviors that were not initially detected may exist in the application.

Announcement

http://www.stopbadware.org/pdfs/realplayer_press_release.pdf

Expect to see further developments.

{ 0 comments }

Today is the 10th Anniversary of the public release of WinPatrol.

The majority of new features came as suggestions from friends of Scotty. So, THANK YOU, THANK YOU to all of you who have encouraged and supported my WinPatrol project. It’s been a rewarding ten years.

Reminisce: Bits from Bill

{ 0 comments }

If you have Norton installed on your computers you should pay attention to this.

Chris Quirke’s Blog: Norton Security Scan - False Positives

Unfortunately, it detects protective settings applied by Spyware Blaster and similar tools, as being the malware these tools are protecting against.

Hosts News: Symantec detects suspicious entries in the MVPS HOSTS file

… seems Symantec added a new update SecurityRisk.URLRedir which they describe as “detection for suspicious entries added to the hosts file”

{ 0 comments }

Firefox v2.0.0.7 released.

Update from an administrator account by opening Firefox > Help > Check for Updates.

Release Notes

Download from Mozilla

Secunia has updated the Secunia Software Inspector with new rules for detecting insecure software.

{ 0 comments }

TechNet

Microsoft Security Bulletin MS07-048 - Important
Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)
This important security update resolves two privately reported vulnerabilities in addition to other vulnerabilities identified during the course of the investigation. These vulnerabilities could allow an anonymous remote attacker to run code with the privileges of the logged on user. If a user subscribed to a malicious RSS feed in the Feed Headlines Gadget or added a malicious contacts file in the Contacts Gadget or a user clicked on a malicious link in the Weather Gadget an attacker could potentially run code on the system. In all attack vectors, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This is an important security update for all supported editions of Windows Vista. For more information, see the subsection, Affected and Non-Affected Software, in this section.

This security update addresses the vulnerability by improving validation code within the Feed Headlines and Contacts Gadgets. The Inspect Your Gadget document outlines secure programming best practices that should be followed when building Gadgets. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation: Microsoft recommends that customers apply the security update.

Known Issues: Microsoft Knowledge Base Article 938123 documents any currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.

Please see full page and information:
http://www.microsoft.com/technet/security/bulletin/MS07-048.mspx

Source: Dana Epp’s Weblog

{ 0 comments }

Upgrading, tweaking etc. Please excuse any odd errors.

The home of Spybot-Search and Destroy.
News Link 11. June 2007

Also, after struggling for months with Microsoft about Spybot - Search & Destroy 1.5 and the more advanced Certified for Vista logo, we have decided not to get our next release certified. While we found the “Certified for Vista” logo requirements to be very useful to enforce a high software quality in general, it has a huge drawback, which essentially makes every certified security software prone to getting disabled by malware. Under these circumstances, version 1.5 will only receive the “Works with Windows Vista” logo, but at least there’s nothing left blocking the release, which will take place as a beta version this week.

For those interested in the technical background of the decision:

Microsoft requires software that applies for this logo program to immediately crash when confronted with a situation described by Microsoft in detail. The background of this still is useful in a standard situation - software that has bugs should actually crash instead of just trying to hide them, so that Windows Error Reporting can log the problem and forward it to the developer. This way Microsoft can assure that applications that are part of the “Certified for Vista” program are of high quality.

However, In the context of a security application, this is hazardous: if malware writers can use a perfectly documented way to crash a security application, the overall security is greatly harmed. To avoid this, we suggested some alternatives to Microsoft that would not compromise the goal of submitting bug reports on errors that are the fault of the developer of the software. In the end though, some people at Microsoft seem to be too certain that Vista is absolutely safe, upon which we do not intend to comment, since key Microsofts employees have already done so, for example Jim Allchin or Mark Russinovich.

http://www.spybot.info/en/news/2007-06-11.html