June 29, 2006
Dump Windows Update, use alternatives
The Internet interprets Microsoft as damage and routes around it. My apologies to John Gilmore for tweaking his famous 1993 quote about censorship. But the above statement just happens to sum up the alternatives Windows users are adopting ever since Microsoft's "Windows Genuine Advantage" (WGA) debacle. Read more »
Live Safety Center is good and free
When Microsoft first announced Windows Live OneCare, I figured Redmond had a lot of cojones to charge consumers for protection against flaws in its own products. In OneCare's first month, however, it appears to my jaundiced eye that MS has responded admirably to two real, in-the-wild, zero-day attacks — first in Word, then in Excel — via a little-known free service called the Windows Live Safety Center. Never heard of it? Read on. Read more »
How to disable unexpected attacks
There are a lot of ways your machines can be attacked. Not all of them are via the Internet. Some attack vectors require physical access, but many others can hit you without notice when you do something as simple as accessing an external device. Read more »
Excel flaws pose a triple threat
The last few weeks haven't been good for Microsoft Excel. Three serious vulnerabilities affecting the popular spreadsheet program have been revealed. Two of these are already being actively exploited in the wild. This is a serious concern, as there currently isn't a patch for any of the three holes. But I'll arm you with workarounds that should keep hackers from storming your computer. Read more »
June patches break dial-up scripts, etc.
With the June patches being so numerous this month, even some folks who ordinarily patch quickly are just now getting around to patching. But with proof-of-concept code and live exploits already on the Net for many of the flaws announced on June 13, if you haven't yet updated, now's the time to test and patch. Read more »
June 15, 2006
Genuine Advantage is Microsoft spyware
Windows Genuine Advantage — the controversial program Microsoft auto-installed as a "critical security update" on many PCs starting on Apr. 25 — not only causes problems for many users but has now been proven to send personally identifiable information back to Redmond every 24 hours. This behavior clearly fits any plausible definition of "spyware." Some tech writers have said categorizing WGA as spyware is arguable. But I have no hesitation in calling the program a security nightmare that Microsoft should never have distributed in its present form. Read more »
Just say no to one patch this month
I believe in patching, sometimes even if things get broken — because it points out that the software that broke was probably written poorly in the first place. But this time, there's one patch I want you to make sure you select not to install this month. Read more »
User Account Control: Vista cries, 'Wolf!'
Windows Vista Beta 2 may be the most-downloaded program in history — but heaven help ya if you use it for real work. Bugs and lock-ups come with the territory — it's beta software, after all, and you'd be crazy to run Vista Beta 2 on a production machine. (Or go crazy trying.) Having spent months struggling with various incarnations of the Vista beast, I'm worried about something more fundamental than bugs. More insidious. One Vista feature, User Account Control, just keeps getting in the way. Read more »
MS updates and a new USB threat
With the large number of Microsoft patches this week, I don't want you to forget about the third-party programs that you and probably all of your users have. These apps need updates too, and there are some security updates that need to be installed. I've also taken note of what I think is a novel "attack" based on USB Flash drives. I thought I was too smart to fall for this one, but I was wrong. Read more »
IE patches are close but not complete
If you're like me and the other writers of this newsletter, you were probably overwhelmed the number of patches Microsoft released on Patch Tuesday. Microsoft released yet another cumulative rollup for IE, which fixed eight open holes — but once again, there are plenty left open to talk about. I wrote about the last IE patch in my Apr. 13th column. Comparing that column to what was patched in Tuesday's release shows that only 1 out of the 3 flaws I talked about then have been patched in the latest IE rollup. Read more »
