The Microsoft Solution Accelerators Team is happy to announce the release of the Windows Vista Hardware Assessment 2.0 Public Beta. Windows Vista Hardware Assessment is an automated software tool that helps business customers and consultants make informed decisions about desktop deployment and migration to Windows Vista. Specifically, this tool provides users a very quick way to inventory and assess PCs network-wide for their hardware and device readiness. Through auto-generated readiness reports, organizations can more quickly identify computers that can migrate to Windows Vista “as is” without any hardware upgrades and others with recommended hardware upgrades.
Posts tagged as:
Software
Opera Torrent File Handling Buffer Overflow Vulnerability.
Advisory: Malicious torrent files can execute arbitrary code in Opera
Severity: Highly critical
Opera Software has released Opera 9.21 with a fix for this vulnerability.
An update to Symantec’s anti-virus software Friday, crippled thousands of Chinese Users PCs when it mistook two critical Windows .dll files for malware.
Chinese Internet Security Response Team (C.I.S.R.T.) Article
It’s a terrible day for lots of Chinese users (especially Enterprise Users) who use Norton products today. Since this morning, we have received many reports from lots of users. They meet the same problem that Norton detects two system files “netapi32.dll” and “lsasrv.dll” as Backdoor.Haxdoor when they finish upgrading their database to May.17,2007 , and these two files will be deleted. After reboot, the operate system will be loaded into blue screen, and display the following windows file protection message box:
In an e-mailed statement, Symantec acknowledged the signature update bug and said it re-released a new update late Thursday, U.S. time. The Cupertino, Calif.-based security vendor also said that only Simplified Chinese versions of Windows XP SP2 that have been patched with a Microsoft fix from November 2006 were impacted.
Normally I don’t bother to go through all the spams received on this blog before deletion, however today one Spam caught my eye: “download free removal spybot spyware | http://removalspyware.info |” because I have seen it advertised a lot via Google Ads.
http://www.removalspyware.info/content/Detecting_Spyware_on_your_computer.php
Which lists: spywareremoversreviewed.com and Spyware Remover 2006: Free Scan! 5 Star AntiSpyware - Recommended SpywareBot.com
Spyware Warrior Blog 2004:
http://netrn.net/spywareblog/archives/2004/09/12/beware-of-spyware-removal-software-sites/
There seems to be an ever-growing list of websites offereing reviews of spyware removal products. A Google search for “spyware removal” brings up a number of paid ads for such sites.
This site: http://www.spywareremoversreview.com has this disclaimer at the bottom of the page which says:
This site provides the comparisons as a service to the Internet community. We do not endorse any of the companies, products, or services mentioned. Each product or service is the trademark of their respective company. All information is provided as opinions only.
Zoom to 2007 and sounding familiar….
spywareremoversreviewed.com
This site provides the comparisons as a service to the Internet community. We do not
endorse any of the companies, products, or services mentioned. Each product or service
is the trademark of their respective company. All information is provided as opinions only.
Copyright © 2007 SpywareRemoversReviewed.com. All rights reserved.
http://www.spywarewarrior.com/rogue_anti-spyware.htm#notes
CompareSpywareRemovers.com
CompareSpywareRemoval.com
SpywareRemoverComparisons.com
SpywareRemoversReview.com pushes rogue/suspect products
I have seen Google ads pushing Rogues on more than one security site/blog, which is disappointing.
For instance, ads for spywarebot, which is on the Rogue List for exploiting the name of Spybot-Search & Destroy.
http://www.spywarewarrior.com/rogue_anti-spyware.htm#notes
SpywareBot spywarebot.com exploits name “Spybot Search & Destroy” exploits name “Spybot Search & Destroy”; same app as AdwareAlert [A: 5-14-06 / U: 1-9-07]
As Bill Pytlovany blogged at “Bits from Bill”:
AntiSpyware Advertising Gets Nasty
I’m pretty confident, both Spywarebot ads are from the same company who have a couple dozen AntiSpyware products available under different names and domains. Neither are related to the popular “Spybot, Search and Destroy” program.
{ 0 comments }
Microsoft TechNet
Updated: May 3, 2007
On Tuesday 8 May 2007 Microsoft is planning to release:
Security Updates
- Two Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
- Three Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
- One Microsoft Security Bulletin affecting Microsoft Exchange. The highest Maximum Severity rating for these is Critical. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
- One Microsoft Security Bulletin affecting CAPICOM and BizTalk. The highest Maximum Severity rating for these is Critical. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
Microsoft Windows Malicious Software Removal Tool
- Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
- Microsoft will release 1 NON-SECURITY High-Priority Update for Windows on Windows Update (WU) and Software Update Services (SUS).
- Microsoft will release 6 NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Attorney General McKenna Settles with Movieland.com and Associates Concerning Pop-Up Payment Demands
Press release April 19, 2007
SEATTLE – Washington State Attorney General Rob McKenna today announced a settlement with three California-based businesses that resolves allegations they installed software that took control of a consumer’s computer by launching aggressive and persistent pop-ups that demanded payment for a movie download service. The software was installed after users signed up for a seemingly anonymous free trial for the service.
“Under this settlement, Movieland.com and its associated companies agree to cease offering anonymous free trials to Washington consumers for their movie download service,” said Attorney General Rob McKenna “Additionally, the defendants must receive express consent from Washington consumers before installing any billing software on the user’s computer, disclose whether the software will cause any pop-ups and clearly state all important contract terms in any advertisement.”
The state filed its original lawsuit last summer following an investigation by the Attorney General’s Consumer Protection High-Tech Unit. The suit accused the following of violating Washington’s Computer Spyware and Consumer Protection acts: Digital Enterprises of West Hills, doing business as Movieland.com; AccessMedia Networks of Los Angeles; Innovative Networks of Woodland Hills; and Alchemy Communications of Los Angeles.
Allegations against Alchemy were subsequently dismissed and the state reached a stipulated agreement with the remaining defendants that was filed today in King County Superior Court. Two company officials, Digital Enterprises’ Easton A. Herd, and Alchemy’s Andrew M. Garroni, are also parties to the settlement, which does not include a finding or admission of wrongdoing.
The defendants agreed to pay a total of $50,000 to resolve the allegations. They also agreed to provisions that limit their business practices.
According to the state’s complaint, the defendants promoted a movie download service through Web sites including movieland.com, moviepass.tv and popcorn.net that offered consumers a free three-day trial. Billing software was then downloaded onto the personal computers of consumers who accepted the offer.
After the trial period, defendants remotely activated the billing software, causing a popup window to appear that indicated the trial period had expired. Consumers who clicked on a “Continue” link on the pop-up were then shown a 40-second video that recurred hourly and told them that they were legally obligated to purchase a subscription. A statement on the company’s Web site also indicated that failure to pay “may result in an escalation of collection proceedings that could have an adverse effect on your credit status.”
“Despite the warning, defendants weren’t able to affect a consumer’s credit record because they did not have any way to personally identify a consumer,” said Senior Counsel Paula Selis, who helped lead the state’s investigation. “The software was difficult to remove and many frustrated consumers ultimately paid between $19.95 and $80 for the service in order to stop the pop-ups.”
Washington’s Computer Spyware Act prohibits, among other things, installing software on a computer without a user’s consent, taking control of a user’s computer, and interfering with the user’s ability to identify and remove that software.
Under the settlement terms, the defendants must not offer anonymous free trials in Washington for their movie download service. If they use a software-based collection method, they must:
- Not attempt to collect payments from Washington residents unless they have a valid contract. In order for a valid contract to exist, consumers must click on a button indicating they understand and consent to the contract terms, provide a credit card number or other personal form of identification and state that they are 18 or older and authorized to download software on the computer.
- Prominently disclose contract terms in any advertisement for goods or services. This would include the cost of any subscription service.
- Not install any software program on the computer of a Washington resident without the express consent of the computer owner or an authorized user. Before seeking consent to install software, they must disclose whether downloading the software would cause any pop-up messages concerning payment obligations and the nature, frequently and duration of those messages. If consumers give consent, the defendants can’t send more than five pop-up messages in a day or more than one message per hour. Consumers must also be able to close the pop-up windows and silence any audio messages.
Washington’s settlement does not affect other legal actions concerning the defendants.
The Attorney General’s Office is offering a refund program for consumers who believe they have been subject to the defendants’ practices. Washington residents who believe they are eligible for a refund should file a complaint with the Attorney General’s Consumer Protection Division online at www.atg.wa.gov or call 1-800-551-4636 (number only available in-state) to request a complaint form.
Additional Materials:
Movieland Settlement (PDF)
Movieland Complaint (PDF)
Microsoft TechNet
Updated: April 5, 2007
On 10 April 2007 Microsoft is planning to release:
Security Updates
- Four Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates will require a restart.
- One Microsoft Security Bulletin affecting Microsoft Content Management Server. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
Microsoft Windows Malicious Software Removal Tool
- Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
- Microsoft will release 2 NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
- Microsoft will release 4 NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released.
Original Author: © 2007 Microsoft Corporation. All rights reserved.
Microsoft TechNet
Updated: April 1, 2007
On Tuesday 3 April 2007 Microsoft is planning to release:
Security Updates
One Microsoft Security Bulletin affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
Microsoft Windows Malicious Software Removal Tool
- Microsoft will not release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center on Tuesday 3 April 2007.
Non-security High Priority updates on MU, WU, WSUS and SUS
- Microsoft will not release any NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS) on Tuesday 3 April 2007.
- Microsoft will not release any NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS) on Tuesday 3 April 2007.
Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released.
Today Grisoft announced the extension of user product support for AVG Anti-Virus Free Edition 7.1 through February 18, 2007.
The extension provides additional time for users to upgrade to AVG Anti-Virus Free Edition 7.5 which is Windows Vista-ready and also available via Windows Security Center as a security solution.
Feature Overview - The Secunia Software Inspector:
- Detects insecure versions of applications installed
- Verifies that all Microsoft patches are applied
- Assists you in updating your system and applications
- Runs through your browser. No installation or download is required.
Of 400,000 detected applications, over 35% were insecure.
- 4.12% of IE 6.x users
- 53% of Adobe Flash 9.x users
- 35.47% of Firefox 1.x users
- 13.04% of Opera users
- 6.8% of Skype 2.x users
Run the the Software Inspector here.
