I just got done reading a blog post about how you could with an easy to make script disable UAC all together. According to Long Zheng, he states that how a malicious software could circumvent the UAC by turning it off. I simply love the new look and feel of the UAC and hope they can come up with a way to fix the problem. [ad#ad2-right]According to him there is a way to fix this and keep all the new features set. He has provided the proof of concept for turning of UAC without having it ask. You can download it yourself and try it out, but be careful it will disable UAC.
I hope Microsoft fixes this little flaw and makes it more secure than Vista. According to Microsoft though, they claim UAC functionality is “by Design“. I don’t know if it is or isn’t but I do know that it could easily let more Malware into Windows 7 before it got enough people on board. That is one of the reasons I don’t want Windows 7 Released now. I don’t want this to become a failure in the minds of people. I want to look back and see this being successful. Hopefully Microsoft fixes this and makes it even more secure in the future.
Category: Windows
Everything About Windows
Microsoft released KB951847 out of Cycle For January
I woke up this morning and found this was released KB951847. here is what it is:
kb925492 FIX: Error message when you add a Web reference to a project in Visual Studio 2005: “The custom tool ‘MSDiscoCodeGenerator’ failed”
kb928563 FIX: The System.Net.HttpWebRequest class may not maintain a persistent connection to a proxy in the .NET Framework 2.0
kb943175 FIX: The XmlSerializer class generates an unexpected result when you use the XmlSerializer class to serialize the numeration attribute in the .NET Framework 2.0
[ad#ad2-right]kb943412 FIX: You may experience delays when an operating system shuts down if the computer is running a managed service together with the .NET Framework 2.0
kb943804 FIX: Certain Unicode characters returned by the Application.ExecutablePath property in the .NET Framework 2.0 are displayed as “?”
kb944099 FIX: Error message when you use the SQL Native Client data provider to connect to an instance of SQL Server 2005 that is configured to use database mirroring: “Internal .Net Framework Data Provider error 6”
kb944100 FIX: You cannot access tables that are used in a SQL Server transaction if you end the thread that executes the transaction before the transaction is finished in the .NET Framework 2.0
kb944157 FIX: You may experience a significant delay when you make the first request to an ASP.NET Web application that is running on Windows Server 2003
kb946102 FIX: An ActiveX control will not receive keyboard navigation events when you use a System.Windows.Forms.WebBrowser control to host Web pages
kb946223 FIX: The input language in a text box on the Microsoft Expression Design surface does not function correctly when you change the input language to an East Asian language
kb946411 FIX: When you print an XPS file on a Windows XP Service Pack 2 or Service Pack 3-based computer, the characters in the XPS file print incorrectly
kb946503 FIX: Error message when you use the installer tool to install an assembly that is located on a remote computer: “An exception occurred during the Install phase”
kb946660 FIX: The headers attribute of a cell is rendered incorrectly when the cell is associated with multiple headers in an ASP.NET 2.0 Web application
kb946927 FIX: An installation may fail with error 1935 when an .msi file tries to install many policy files on a computer that has the .NET Framework 2.0 installed
kb947148 FIX: Incorrect methods are called when you call some COM APIs that are included in a .NET Framework 2.0-based 64-bit application
kb947317 FIX: In a Windows Forms application that was built by using the .NET Framework 2.0, the CurrencyManager object triggers additional instances of some events when you delete the last row from a table
kb947461 FIX: An update package is available for the .NET Framework 2.0 Service Pack 1
kb947581 FIX: The value of the “WsdlContractConversionContext.WsdlPortType” property is null in the .NET Framework 3.0 Service Pack 1
kb948233 You receive a System.InvalidOperationException exception error when you run a Microsoft .NET Framework 2.0-based application after you install security update MS 07-040 on a computer
kb948646 FIX: Objects are not serialized correctly when you serialize and deserialize the DataSet objects by using the SerializationFormat.Binary format parameter in a .NET Framework 2.0-based application
kb948815 Availability of the .NET Framework 2.0 post-Service Pack 1 hotfix rollup package for System.Data.dll and System.Data.OracleClient.dll
kb948873 FIX: You may receive a System.Xml.XmlException exception when you use one-way Web methods to communicate with Web services in a .NET Framework 3.0-based application
kb948887 FIX: An exception occurs when a Web application that is based on the .NET Framework 2.0 uses the HttpWebRequest class and receives an HTTP 1.0 response that contains the HTTP status code 401
kb949272 FIX: A Windows Forms application that uses ActiveX controls may crash, and a null reference exception occurs after you install the .NET Framework 2.0 Service Pack 1
kb949777 FIX: Error message if you deploy an executable application to a path that contains escape characters in the .NET Framework 2.0: “Absolute path information is required”
kb950230 FIX: You receive a System.ArgumentException exception error message when you use the Sgen.exe tool and the XmlSerializer JIT compiler to generate an XmlSerializer assembly for a Web service proxy in the .NET Framework 2.0
kb950986 FIX: In the .NET Framework 2.0 Service Pack 1, the ModuleBuilder.GetTypeToken method returns an incorrect token
kb951111 FIX: Warning message when you use the SvcUtil.exe tool to import service metadata in the .NET Framework 3.5: “The policy expression was not fully imported because it exceeded the maximum allowable complexity”
kb951113 FIX: The set of values returned from the row.GetColumnsInError method is empty when a client computer that has the .NET Framework 2.0 installed receives a DataSet object from a WCF service
kb952324 FIX: You cannot download the .application file when you deploy an application by using ClickOnce deployment in a secure environment
[ad#ad2-left]As you can see this fixes 30 things in this one service pack. I see one or t wo things that might be exploitable and that is why they released this out early. The ones that I see are Like the ActiveX controls. I don’t know why but this is for all systems on windows or at least it doesn’t say anything other wise. This is .net frame work and should be installed quickly as possible. You should also consider making a new Autopatch ISO to install into all the necessary computers. Also if you haven’t installed a Free Anti-virus or goodFree Fire
wall now is a good time to install them also. I would expect this to Service Pack to have to reboot your system but other than that you should be fine.
*UPDATE*
After installing this service pack, I couldn’t web browse. It is one of 8 updates that were installed in the service pack that will need to be resolved so I will be having to install the service pack again and then start uninstalling until I get my web browsing back. You May need to reboot each time to clear it out of the system before you get your internet browsing back. The recommended procedure is to write the ones you remove so you can go back in install them later once you find the main update that is causing the problem. I’ll update when I find out the one that is causing the problem!!
*Update #2*
I did a system restore for Thursday night just before I upgraded my AVG program. (It also needs to be restarted to update the core of AVG). I installed the Service Pack and it seems to be running. I am thinking there is a conflict with AVG and The Service Pack now. I am updating AVG to the current version and rebooting. I’ll see after that!
People coming from Sites that don’t exist
So I woke up today checking out my sites, and looking outside. So As I was checking my Stats for my blog. I cam across a referring site that brought Supposedly Two people to my site. I looked at the URL for the site:
- http://trojan.fiftystatesclassifiedads.com/index.php
[ad#ad2-right]So after seeing the “trojan” Prefix and I am wondering if this was an attempt by Malware to infect my domain. So I go check this domain out. I got to it and I get a 404. I then do a Cache Check with OPENDNS. I also Then decided to see if it was even Registered domain by the doing a Whois. So I am opening this up to people who might know. I did do some research and here’s wha I’ve found out so far.
According to How2hack, they talk about how people want privacy and that it might be someone who does not want to be found. I tend to agree with them, Privacy for Privacy sake is good but if you want to be private you would you even be checking out websites knowing people will want to find out who really is coming to your site. The How2Hack site also talks about how this might happen and I see where they are coming from.
This was the only site I could find that even looked like it was relevant to what I was searching for. I don’t see how someone can come to my site saying they were referred by another site and that site does not exist? Anyone want to try to answer this question and give insight as to why this would happen?
‘Life Owner’ won’t delete your data!
I received this email from a friend and wanted to talk about this:
VERY IMPORTANT , PLEASE READ THIS
Anyone-using Internet mail such as Yahoo, Hotmail,
AOL and so on.[ad#ad2-right]This information arrived this morning,
Direct from both Microsoft and NortonPlease send it to everybody you know who has
access to the Internet.You may receive an apparently harmless e-mail titled ‘Mail Server Report’
If you open either file, a message will appear on your screen saying:
‘It is too late now, your life is no longer beautiful.’Subsequently you will LOSE EVERYTHING IN YOUR PC,
And the person who sent it to you will gain access to your
name, e-mail and password.This is a new virus which started to circulate on Saturday afternoon.
AOLhas already confirmed the severity, and the anti virus software’s are not capable of destroying it.The virus has been created by a hacker who calls himself
‘life owner’.PLEASE SEND A COPY OF THIS E-MAIL
TO ALL YOUR FRIENDS, And ask them to
PASS IT ON IMMEDIATELY!THIS HAS BEEN CONFIRMED BY SNOPES.
http://www.snopes.com/computer/virus/mailserver.asp
After doing my little research, I’ve come to the conclusion that this is nothing more than a warning that someone went over board on. I’ve check this on Snopes and it says that:
This latter version is difficult to classify as either “true” or “false”: The virus it references (i.e., the Mail Server Report worm) was a real one, but it’s neither new nor currently rampant (as claimed in the warning text), nor does it manifest itself in the fashion described (since the “symptoms” provided in the warning are merely a reworking of the text of an earlier virus hoax). All in all, that message doesn’t really merit the dire warning to “SEND A COPY OF THIS TO ALL YOUR FRIENDS, And ask them to PASS IT ON IMMEDIATELY!”
I decided to send a reply to my friend who email me this “Warning” and tell him this:
[ad#ad2-left]Although, This is a real worm. It however is over hyped and under no circumstances will it delete your files. I’ll quote from F-secure:
Warezov.W is a mass-mailing worm that sends itself as e-mail attachments to addresses found on the infected computer.
Typically, a mass-mailer arrives on a computer with an infected e-mail message. In some cases, the infected attachment can start automatically. In other cases, the system is infected when the user opens the attachment. When a typical mass-mailer is activated, it installs itself to the system and creates a startup key for itself in the Windows registry. It then stays active in the system’s memory. While active, the mass-mailer searches for specific files (HTML files for example) on all available hard disks for e-mail addresses. Finally, it connects to an available mail server and sends itself to all the addresses it has found.
Aside from this, Warezov.W also downloads another worm variant from a specified website on the Internet.
According to all my sources is if you are worried about this worm, then I highly recommend a good Anti-virus and Software firewall. This worm is easily detected by all the free anti-virus software out there. I like AVG because it scans all incoming emails before you even touch the email. Please don’t forward that to anyone else it seems to be an old email warning that isn’t really a warning anymore. It seems to be a scare email where there is no real chance of your data going bye bye. Just thought you’d like to know!!
So I tell you this, if you have any question of the likely hood of any emails you happen to come buy, you best best it to google it or ask your friend before you open the email up. It is best also to scan all email attachments before even considering opening them.
Valentine’s Day Brings More Malware!
Panda Labs talks about this new technique where it tries to install W32/Waledac.C.worm under the thought of someone special. It sends out email to people hoping to click links such as:
- [ad#ad2-right]
- hxxp://goodnewsreview.com
- hxxp://worldnewseye.com
- hxxp://www.spacemynews.com
- hxxp://www.worldnewsdot.com
- hxxp://www.worldtracknews.com
- hxxp://www.wapcitynews.com
- hxxp://linkworldnews.com
- hxxp://goodnewsdigital.com
- hxxp://waleprojekt.com
- hxxp://expowale.com
- hxxp://topwale.com
- hxxp://waleonline.com
- hxxp://goodnewsdigital.com
- hxxp://wapcitynews.com
- hxxp://bestgoodnews.com
- hxxp://spacemynews.com
- hxxp://linkworldnews.com
Once your at the site, clicking on the hearts you would then download an file that is the worm!! SO here are some things to remember.
If you don’t know the person, then it’s probably spam. If you know the person you need to ask them before you run the program. You also need to scan any downloads before you run them. Go to my Malware Page and get a free Anti-virus and Firewall. For the likely possibility this worm seems to search the computer and harvest email addresses, you should also warn the person who email you the link to let them know that they are infected.
