Log’N’Rock Move Complete!

The boxes are unpacked, tutorials are on the shelves, and the staff at Log’N’Rock is ready to go.

Log’N’Rock is dedicated to helping users with computer issues while providing education about Computer Security. The main focus of the site is on Malware Removal & Computer Security related matters. Other help offered includes software, operating systems as well as internet browsers.  Access to our Security Tutorials & Guides is available from the Log’N’Rock Tutorials & Guides links.

If you are having computer problems, expert assistance by trained staff is available at Log’N’Rock for removing malware, computer viruses, trojans, and the like. Operating System, hardware and software assistance are also available.

Although thank you and a smile are always welcome, the help provided is free of charge.

Even if you aren’t having a problem with your computer, stop and in at the Rockin’ Lounge to say, “Hi”.

Log’N’Rock!

Whoa, what happened here?  What is with the name change?  Simply put, we’re movin’ on.  Yes, you have it.  The staff behind this site is relocating.  We will be known as Log’N’Rock.

The logo here is just temporary to get your attention.  Our star designer will come up with a brand new and exciting look for Log’N’Rock.  We are also planning some redecorating on the forums as well.  After all, why put all of the furniture back in the same place?

It is time for a change and we hope you will join us.  We will “Rock the House” together!

Stay tuned for details of this exciting move.

Symantec – The Good, The Bad, The Ugly

The Good:
For some time, Symantec’s anti-virus product had a reputation for being bloated. Then along came the Norton Internet Security 2009 package and with it rave reviews. The improvements included a leaner footprint, improved speed, white listing and other technologies to mark clean files as trusted, as well as continued free technical support.

AV-Comparatives.org reported the product achieving ADVANCED+ in detection tests and proactive ADVANCED due to improved heuristics. The biggest improvement noted by AV-Comparatives.org was the impact on system resources, with the new version running light on the system and no major impact on performance.

The Bad:

Could it be that that Symantec was not able to build sales on the favorable press results and bundling with Hewlett Packard and Dell computers? Instead, Symantec announced a partnership with IAC/Ask:

“Oakland, CA and Cupertino, CA – Feb. 03, 2009 – Leading search engine Ask.com, an operating business of IAC (Nasdaq: IACI) with 76 million monthly unique users, and Symantec Corp. (Nasdaq: SYMC), whose Norton brand is the world’s security market share leader for consumer software and services, today announced a multi-year, strategic partnership to deliver the best answers and even safer search results on the Web.”

The Ugly:

If you can get past the Symantec self-promotion in the above quote, I suggest that you read Ben Edelman’s report in Current Practices of IAC/Ask Toolbars and learn more than you ask for:

“As the fifth-biggest search engine, Ask faces a clear problem: How to get users to leave their favored search engines, to conduct their searches at Ask instead? One Ask strategy is to buys ads on TV and in other media, claiming to offer a better product. But Ask also drives traffic to its search engine by enticing users to install its toolbars. This article looks at Ask’s current and recent toolbar practices, including:

• Promoting its toolbars on sites targeted to kids. Details.
• Promoting its toolbars through ads that appear to be part of other companies’ sites. Details.
• Promoting its toolbars through other companies’ spyware. Details.
• Installing without any disclosure whatsoever and without any consent whatsoever. Details.
• Soliciting installations via “deceptive door openers” that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link. Details.
• Making confusing changes to users’ browsers — increasing Ask’s revenues while taking users to pages they didn’t intend to visit. Details.

Throughout, I compare these practices to the statements of Ask’s staff, and I compare these practices with applicable legal and ethical duties.”

Understand that IAC pays vendors per install of their product. Thus, the pre-checked option to include the toobar in products such as Check Point’s ZoneAlarm Firewall, Webroot, Comodo Firewall, and StopZilla has resulted in their inclusion in the Calendar of Updates (CoU) Installers Hall of Shame.

Tell me, are you ready to pay $39.99 (U.S.) for Norton Antivirus 2009 and get the “bonus” IAC software included?

IAC/Ask References:

• Attention: Anti-spyware Coalition and to All Security Scanner software vendors
• Ask.com’s Privacy Tool Tracks Users, Groups Tell Feds
• Ask.com Will Keep Your Secrets (Although Its Advertisers Won’t)
• Ask.com Complaint (PDF from Epic.org)
• Ask Jeeves Toolbar Installs via Banner Ads at Kids Sites
• Current Practices of IAC/Ask Toolbars
• Dealing with Unwanted Spyware and Parasites
• Installers Hall of Shame
• Not happy with this: Symantec partners with Ask.com
• SecurityGarden Posts Labeled “Ask”
• The Ad / Content Separation, and Ask.com Advertising at MySpace
• Would you like Toolbar with your Software Order?

Hat Tip: Donna’s Security Flash

Remember – “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

Windows 7 Editions Announced

Although additional “sku’s” are available, Microsoft is anticipating that two versions of Windows 7 will meet the needs of most people. Those two versions are Windows 7 Home Premium and Windows 7 Professional.

According to Mike Ybarra, general manager of Windows (see PressPass), the changes in Windows 7 will be three-fold:

1. Make sure that editions of Windows 7 are a superset of one another. Thus, if you upgrade from one version to the next, you will not lose features and functionality that was in a previous edition.
2. Windows 7 is designed so different editions of Windows 7 can run on a very broad set of hardware, i.e., netbooks to gaming desktops. My interpretation is that we should not be anticipating hardware shortfalls in Windows 7.
3. Communication to make the choices clear.

Following is a description of the Windows 7 versions that will be available:

Windows 7 Starter – Intended for Small Notebooks (Netbooks)

• Broad app and device compatibility with up to 3 concurrent applications
• Safe, reliable, and supported
• Ability to join a Home Group
• Improved taskbar and JumpLists

Windows 7 Home Basic — Only for emerging markets

• Unlimited applications
• Live Thumbnail Previews & enhanced visual experience
• Advanced networking support (ad-hoc wireless networks and internet connection sharing)
• Mobility Center

Windows 7 Home Premium — Recommended for most home consumers

• Unlimited applications
• Aero Glass & advanced windows navigation
• Easy networking & sharing across all your PCs & devices
• Improved media format support, enhancements to Windows Media Center and media streaming, including Play To
• Multi-touch and improved handwriting recognition

Windows 7 Professional — Home consumers needing additional features and functionality and for small business activities

• Unlimited applications
• Ability to join a managed network with Domain Join
• Protect data with advanced network backup and Encrypting File System
• Print to the right printer at home or work with Location Aware Printing

Windows 7 Enterprise and Ultimate — Medium-to-large business and enterprise customers that choose to license Windows through Software Assurance

• Unlimited applications
• BitLocker data protection on internal and external drives
• DirectAccess provides seamless connectivity to your corporate network.
  (requires Windows Server 2008 R2)
• Decrease time branch office workers wait to open file across the network with BranchCache. (requires Windows Server 2008 R2)
• Prevent unauthorized software from running with AppLocker

Note: Ultimate includes all Enterprise and all Home Premium features, including multi-language packs. Windows 7 Enterprise is available only through Microsoft Volume Licensing

Press Pass:

• Windows 7 Lineup Offers Clear Choice for Consumers and Businesses
• Windows 7 Wins on Netbook PCs
  

Remember – “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

WinPatrol v16 Monitors Changes to UAC

For the past several days, discussions in various venues have centered around what has been described as a security flaw in Windows 7 UAC. To illustrate the concern for this issue, at the end of this post is a sampling of blog posts by many well known bloggers in the tech community.

As has been pointed out, this change by Microsoft is “by design”. However, regardless of whether UAC is changed on the PC by a family member or malicious software, Bill Pytlovany has added a new feature to WinPatrol v16 (Beta) which Monitors Changes to UAC Settings.

I installed the new beta on the Windows 7 test installation and changed the UAC from the default (medium) security setting. Scotty warned me of the change and allowed me to prevent the change by clicking Yes to block the change and restore the original setting.

Had I installed a program that made this change, this warning would have allowed me to have WinPatrol restore the original setting.

In the event the change is intentional, merely click No and WinPatrol will not prevent the change and restore the original settings.

Once again, I applaud Bill Pytlovany!

See Bits from Bill: WinPatrol v16 Monitors Changes to UAC Settings.

Blog Post Sampling:

1. Adrian Kingsley-Hughes, ZDNet: Microsoft neuters UAC in Windows 7
2. Andrew Nusca, ZDNet: UAC security flaw in Windows 7 beta
3. Aubrey, Windows Connected: Massive Security Hole In Windows 7
4. Bill Pytlovany, Bits From Bill: Windows 7, Not Ready for Prime Time
5. Dana Epp, SilverStr’s Blog: Is UAC really broken in Windows 7? More importantly, does it make us less secure?
6. Dwight Silverman, TechBlog: Updated: Windows 7’s UAC is now insecure ‘by design’
7. Ina Fried, c|net News: Windows 7 less annoying, but also less secure?
8. John Leyden, The Register: Windows 7 UAC shutoff ‘bug’ leaves Microsoft unmoved
9. Larry Seltzer, PCMag, SecurityWatch: Is UAC Emasculated in Win7?
10. Long Zheng, I Started Something: Sacrificing security for usability: UAC security flaw in Windows 7 beta (with proof of concept code)
11. Long Zheng, I Started Something: Microsoft dismisses Windows 7 UAC security flaw, continues to insist it is “by design”
12. Paul Thurtott, Supersite for Windows: Microsoft response to UAC ‘issue’
13. Tom Warren, Neowin.net: Microsoft: Malware can disable UAC in Windows 7 ‘by design’
14. Tom Warren, Neowin.net: Microsoft insists UAC vulnerability is not a flaw
15. Rafael Rivera, Within Windows: Malware can turn off UAC in Windows 7; “By design” says Microsoft
16. Sumeeth Evans, Bink.nu: UAC security flaw in Windows 7 beta (with proof of concept code)
17. Swa Frantzen, SANS Diary: Windows 7 – not so secure ?

Remember – “A day without laughter is a day wasted.”
May the wind sing to you and the sun rise in your heart…

Firefox Update

Mozilla has released a Firefox Update, identified in the release notes as fixing MFSA 2008-20 Crash in JavaScript garbage collector. The latest version is now 2.0.0.14.

If you have not yet been offered the update, Click Help >Check for updates.

The MVP Program In-Depth

From Channel 9:

“The next 4 podcasts will focus on the ins and outs of the MVP program. Microsoft Most Valuable Professionals (MVPs) are exceptional technical community leaders from around the world who are awarded for voluntarily sharing their high quality, real world expertise in offline and online technical communities.”

Tune in to the podcasts:

• The Voice of Support – Show 12: The MVP Program In-Depth (Part 1 of 4).
  Ed Hickey and Brian Boston, who are both MVP leads @ Microsoft, give an overview of the program.

• The Voice of Support – Show 13: The MVP Program In-Depth (Part 2 of 4)
  April Spence and Ben Miller, MVP leads @ Microsoft, talk about where MVPs can be found and the MVP site.

• The Voice of Support – Show 14: The MVP Program In-Depth (Part 3 of 4)
  April Spence and Mike Fosmire, MVP leads @ Microsoft, provide some details on what the “MVP awards” are all about – and what kinds of events do Microsoft organizes for the program.

• Sean O’Driscoll: General Manager for Community Support and the MVP Program

“Sean O’Driscoll, a General Manager for Community Support and the MVP Program at Microsoft, is interviewed by Ken Levy discussing the history, current state, and future of Microsoft MVPs and the MVP Program. For the past 5 years, Sean has been responsible for the MVP Program which now includes about 4,000 MVPs worldwide. Microsoft MVPs (Most Valuable Professionals) are a select group of experts representing technology’s best and brightest people who share a commitment to community. For more information about the MVP Program, refer to http://mvp.support.microsoft.com/.”

Windows Vista SP1 For All Supported Languages

Microsoft released Windows Vista Service Pack 1 (SP1) to Windows Update or for download of the standalone installer from the Microsoft Download Center (x86 and x64) for any of the 36 supported languages.

References:

• Prerequsites
• Releasing Windows Vista SP1 for more languages
• Want Vista SP1? Here’s what to expect
• Windows SP1 FAQ
• Windows Update

SunJava SE Update 6

Update 6 has been released by SunMicrosystems for Java SE.

I do not have Java installed on my home computer. It has been a year without the SunJava update headaches and I have yet to find anything that has not performed properly due to this bit of freedom I have experienced without it. However, I know there are many others who use SunJava so have updated the widely used tutorial, SunFlowers and SunJava Update to reflect the latest release.

Note: If you do not have the Google Toolbar installed on your computer, it may be offered with the update. Be sure to UNcheck the option if you do not want the toolbar.

References:

• Release Notes: SunJava SE 1.6.0_06
• Instructions: SunFlowers and SunJava Update
• Download: Java SE Downloads

Microsoft Security Bulletin Summary for April 2008

Microsoft released the Security Bulletin for April, 2008. In addition to an updated version of the Microsoft Windows Malicious Software Removal Tool, there were five critical and three important security update released.

Critical

• MS08-018 — Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)
• MS08-021 — Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
• MS08-022 — Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
• MS08-023 — Security Update of ActiveX Kill Bits (948881)
• MS08-024 — Cumulative Security Update for Internet Explorer (947864)

Important

• MS08-019 — Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
• MS08-020 — Vulnerability in DNS Client Could Allow Spoofing (945553)
• MS08-025 — Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
  

References:

TechNet: Microsoft Security Bulletin for April 2008

MSRC Blog: April 2008 Monthly Release