|
We guarantee your privacy: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy 
|
|
INTRODUCTION Reviews do your research for you We've completely revamped our review section! It's moved out of the newsletter to our Web site and taken on a tighter look that hopefully will be even more useful to you. Our feature is now called Reviews Overviews. We discovered a couple of years ago that it wasn't always easy to find the latest comparative test scores of tech products. To put this information at your fingertips, we follow the top reviewers who rank products, and we link you directly to their current Editors' Choice pages so you know what new gizmos are scoring at the top of the charts. This collection of links was known as the Index of Reviews until last month. That name conflicted with the good old Index you now find at the end of every newsletter (below), which provides links to the topics in each issue. Ranamed as Reviews Overviews, our links to the latest product ratings are updated between each newsletter so we can keep the list timely. As you probably know, Windows Secrets rarely rates products as such, because we have no lab and prefer to concentrate on the use of Microsoft Windows. About 20 to 30 respected test labs, however, do produce quality reviews. That's what we help you keep track of. We hope you'll enjoy the new format. You can jump to any of our 43 categories of products from the home of Reviews Overviews. Patch fixes Outlook Express conflict I reported last issue that installing Microsoft's Apr. 11 security bulletin known as MS06-016 (911567) made it impossible for some Outlook Express users to reply to e-mails. The upgrade also made it impossible for affected users to open their OE Address Books or use an unsent message as a template. Shortly after that article appeared, Microsoft released patch 918766 to fix the problem, at least on XP Service Pack 2. Even after you install both patches, unfortunately, there's still one more step you need to take if you wish to regain OE's template ability. Outlook Express expert Tom Koch explains that a line needs to be added to the Windows Registry, too. The best way to handle this is to run the small .reg file Tom makes available for free. The Registry change and the automated file are all at his site, Inside Outlook Express. Computer America rescheduled to June 28 Craig Crossman's Computer America radio show, which is syndicated to broadcast stations across North America and in several other countries around the world, interviewed me about Windows for an hour on May 31, as previously announced in this space. The second installment on June 7, however, was canceled when the show's host fell ill. I'll have another hour, and even more Windows secrets to tell you, at 8 pm Pacific/11 pm Eastern on Wed., June 28. To determine which U.S. stations carry Computer America, use the ZIP Code Search Page at the Business Talk Radio Network. If you find a participating station near you, check that it does broadcast Computer America at the scheduled time. To do this, tune in at 8 pm Pacific/11 pm Eastern one or two nights before the show to see whether Computer America is coming through. Whether or not there's a broadcast station near you, you can listen to Computer America's live signal. Visit the show's Web page and use its "Listen to the Streaming Audio" link. The feed requires Windows Media Player. (Free upgrades are at Microsoft's download page.) If you've never streamed Internet radio via your browser before, test your player at the scheduled time one or two nights beforehand. Here's looking at you! —Brian Livingston, Editor |
Windows Secrets NewsletterIssue 77 2006-06-15 Contents (Scroll down to Index) INTRODUCTION Reviews do your research for you TOP STORY Genuine Advantage is Microsoft spyware SECURITY BASELINE ZoneAlarm and Spy Sweeper on top WOODY'S WINDOWS User Account Control: Vista cries, "Wolf!" OVER THE HORIZON IE patches are close but not complete PATCH WATCH Just say no to one patch this month PERIMETER SCAN MS updates and a new USB threat USEFUL LINKS New credit-card numbers shared with businesses WACKY WEB WEEK Diet Coke explodes with, um, flavor? YOUR PREFERENCES About your subscription Newsletter Control Panel Windows Secrets home page How to subscribe Change your delivery address Change your preferences Access past free issues Access past paid issues Upgrade to paid version Search for info (WinFind) Submit a Windows tip Get subscription help How to unsubscribe Circulation: over 140,000 |
|
ADS
|
|
TOP STORY Genuine Advantage is Microsoft spyware By Brian Livingston Windows Genuine Advantage — the controversial program Microsoft auto-installed as a "critical security update" on many PCs starting on Apr. 25 — not only causes problems for many users but has now been proven to send personally identifiable information back to Redmond every 24 hours. This behavior clearly fits any plausible definition of "spyware." Some tech writers have said categorizing WGA as spyware is arguable. But I have no hesitation in calling the program a security nightmare that Microsoft should never have distributed in its present form. In my May 25 newsletter, I called Microsoft's WGA download a "severe blunder." It causes serious problems for some legitimate Windows users and was sprung on customers with no notice other than a press release the day before. No PC-using company that values security and reliability can allow a program like WGA to send data to a distant server, download additional software, morph its behavior, or remotely change the functionality of Windows (as I describe below). I don't believe individuals should put up with this, either. Today, I'll explain the problems and let you know what you can do to fix them. If the spyware label fits, wear it In a statement released on June 8, Microsoft officially denies that WGA is spyware. Let's settle this question right off the bat so we can quickly move on to more important things. Microsoft's denial is based on its own definition of spyware:
What makes a program spyware, among other things, is that it operates in ways that aren't clearly disclosed before installation and it reports data back to a central server. Furthermore, this activity needn't be malicious. Many spyware programs do nothing more than serving up targeted advertising or tracking anonymous marketing behavior. If a user wants such tracking functions, they might be fine. But if the user wasn't clearly made aware of this, whether or not such software has a malicious purpose, it's still spyware. The majority of published definitions of spyware focus the fact on that a program quietly gathers and transmits data. For example, here's an excerpt from the first definition returned by Google when define spyware is entered:
What Genuine Advantage actually does What we've found about WGA fits neatly into four behaviors that are typical of all spyware: 1. Lack of disclosure before installation. Windows users in the affected countries (U.S., U.K., Australia, etc.) who had Automatic Updates set to "auto-install" received WGA without user action, as though it was a critical security update — which it clearly was not. Even those users who ran Windows Update or Microsoft Update manually, however, were misinformed about what WGA would do. In 17 pages of screen shots, ZDNet blogger David Berlind demonstrates this, concluding:
2. Transmits data to a central computer. The WGA Validation Tool contacts a Microsoft server every time a PC is booted up and every 24 hours after that. (Some of the earliest alarms about this were sounded by Lauren Weinstein, a co-founder of People for Internet Responsibility, in postings June 5 through 13.) WGA's "phone home" events, like all Internet packets, contain the IP address of the affected PC and the date and time, indicating when it booted up or had run for 24 hours. In addition, Microsoft's WGA director, David Lazar, told the Associated Press in a June 7 interview that the program also:
3. Downloads other software and morphs itself. WGA's daily contact with Microsoft's servers is specifically designed to allow the company to download new instructions. According to Microsoft's June 8 statement and Lazar's interview, this includes: • Changing how often WGA contacts Microsoft's servers; • Disabling features of WGA or disabling the WGA software entirely; • Adding to the license keys that WGA treats as invalid; etc. 4. Cannot easily be uninstalled. No entry appears in the Add/Remove Software control panel for patches 892130 or 905474 — the Validation Tool and the Notification Tool. If you manually delete WGA's executable file, Windows regenerates it. (I'll discuss remedies for this below.) Perhaps most shocking is a trait of WGA that most other spyware doesn't suffer from. WGA is beta software that even Microsoft doesn't consider ready for release. Section 4 of the WGA Validation Tool EULA (End User License Agreement) states:
At least that explains some of the many problems that Windows users are having with WGA. Problems with WGA — and some solutions It's important to remember that Windows Genuine Advantage is not an omnipotent, do-everything program. Its stated goals are simple. If an instance of Windows doesn't seem to have a valid license, (1) display notices to the user and (2) prevent any updates being downloaded from Microsoft.com except security upgrades that are rated "Critical." Despite these limited tasks, WGA seems to cause a wide variety of headaches. Since my May 25 article appeared, I've collected reports from the field and from readers describing the following categories of issues: 1. False positives of legitimate copies of Windows. Numerous users report that WGA refuses to validate licensed copies of Windows that are unquestionably genuine. At Microsoft's official online forum called WGA Validation Problems, many people report problems even with packaged copies of Windows that were purchased directly from Microsoft. 2. No updates at all unless WGA is accepted. Although a WGA failure is supposed to only prevent affected users from downloading nonsecurity updates, many Windows Secrets readers report that legitimate copies of Windows refuse to display any updates except the WGA download — until the Validation and Notification Tools are installed. Phillip "Skip" Lehrfeld writes:
Numerous other readers say that Microsoft's update site also reported to them that there were no patches except WGA, although important updates were, in fact, available. 3. "Notify only" options disabled. We have some reports that the "notify only" options in Automatic Updates are greyed out and can't be selected. G. Allen Taylor, M.D., writes:
The solution requires a change to Group Policy or the Registry. The procedures are described at the Windows XP MVPs site. 4. Reinstalls from valid CDs fail the Genuine Advantage test. By far the most serious side-effect of WGA is that it doesn't validate instances of Windows that are reinstalled, even when a genuine CD-ROM from a major computer maker is used. Lauren Weinstein writes:
Despite all of the reported problems, Microsoft officials aren't very forthcoming on the subject of WGA. On June 9, I asked to interview David Lazar in Redmond and submitted a few questions in writing. Five days later, a spokesman replied, "Unfortunately, we will not be able to participate in this opportunity." Many Windows users seem to be in denial that WGA could be spyware, because Microsoft is such a big, well-known company. Unfortunately, that was what people thought of the Sony BMG recording label before it started distributing music CDs last year with rootkit software that infected PCs. I don't feel that Microsoft or Sony BMG are evil incarnate. But we must recognize that Microsoft is now just one more spyware distributor among the many we have to watch out for. How to make sure WGA doesn't bite you It's important not to panic about Windows Genuine Advantage. At this point, its worst side-effect is interfering with the normal patch process — but far more common is that it merely displays annoying warning messages for no apparent reason. If you've already allowed WGA to install, I can't recommend that you try to uninstall it. That's because Microsoft has made a passing grade on Genuine Advantage a requirement for almost every kind of download you might want from Redmond. Without passing a Genuine Advantage checkup, most Windows users now can't get Internet Explorer beta 7, for example, although you might not care. But you just might have a good reason to install a newer, more secure version of Windows Media Player or any of dozens of other official updates. If you insist on trying to uninstall WGA, the My Digital Life site has posted no fewer than 15 proposed hacks that attempt to circumvent Microsoft's anti-uninstall measures. Most of these methods no longer work, due to recent Microsoft code changes. Even if you did disable the app, it's pointless to have done so if you ever need to download any Microsoft widget some day that requires WGA. Again, I don't recommend that you bother trying to remove WGA if it's installed. Instead, I strongly advise that you simply suppress WGA's negative side-effects: Step 1. Stop the misleading installation of possibly unwanted programs. If you really don't need to download anything from Microsoft for a while, set the Automatic Updates control panel to Notify but don't download or install. When you're notified of new security updates, first read the free and paid versions of the Windows Secrets Newsletter for our reviews. Then manually run Microsoft Update and select only the patches that have no reported conflicts. If Microsoft Update subsequently refuses to download patches you need, go ahead and accept the WGA installs, then take steps 2 and 3. Be aware that some programs, such as Microsoft's Windows Defender (formerly MS Antispyware Beta), won't update themselves unless Windows' auto-update is on. (Thanks to reader Raymond Combs for his research into this.) Step 2. Disable WGA's incessant notifications. If WGA guesses, correctly or incorrectly, that your copy of Windows is unlicensed, it displays a warning at least once a day for 14 days, then once an hour after that. Fortunately, Microsoft has made it easy to disable all such warnings. Right-click the WGA logo in the system tray, then select Change notification settings. Turn off the display of notifications, click Save Settings, select I understand, and finally click Yes I'm Sure. Reboot the PC. The WGA logo will remain in the tray but notifications will no longer appear. The notices will come back, however, if you happen to install a future version of WGA from Microsoft. Step 3. Prevent WGA from phoning home to Microsoft servers. The WGA process that calls out to its remote masters can be blocked by 2-way software firewalls such as ZoneAlarm and McAfee. To do so, simply deny the connection when your firewall pops up an alert about Windows Genuine Advantage trying to use the Internet. Alternately, hard-code a denial via the firewall's user interface. No ill effects of preventing WGA from establishing a connection have been reported. This story has legs I'm afraid I'll have more tales to tell in future weeks as the fallout expands. Microsoft executives seem totally oblivious to how much public trust they've squandered by installing WGA in a sneaky way. Microsoft has repeatedly assured users that Automatic Updates would only be used to download critical security fixes. "Delivering security updates right to your computer automatically," they said. Abusing PC users' need for security patches is a betrayal that Microsoft can ill afford. Whoever the marketing geniuses are who've seized Microsoft's security infrastructure to push out spyware, they need to be fired. I'm not holding my breath waiting for that. Instead, I'm researching a totally independent way for Windows users to keep their PCs tuned without depending on Microsoft Update at all. Stay tuned. To send us more information about WGA, or to send us a tip on any other subject, visit WindowsSecrets.com/contact. You'll receive a gift certificate for a book, CD, or DVD of your choice if you send us a comment that we print. Brian Livingston is editor of the Windows Secrets Newsletter and the coauthor of Windows 2000 Secrets, Windows Me Secrets, and eight other books. |
|
FORWARDING INSTRUCTIONS Please share this information with your friends You're encouraged to refer your friends and colleagues to this free newsletter. Because most e-mail programs don't correctly display a formatted message that's been forwarded, simply call people's attention to the permanent Web address of this issue: WindowsSecrets.com/comp/060615. |
|
THE SECURITY BASELINE ZoneAlarm and Spy Sweeper on top By Brian Livingston Another roundup of editor's picks recognizes ZoneAlarm Security Suite and Webroot's Spy Sweeper as the best all-around security package and antispyware program, respectively. Ultimate Mobility Magazine, in its summer 2006 review of the best PC products in all categories, includes the two products in its overview of security software. The magazine lauds ZoneAlarm's "full coat of system armor" and Spy Sweeper's "unobtrusive operation and regular profile updates." These two products, as a result, remain in the Security Baseline as the top-rated products in their respective categories. If and when other products gain more Editors' Choice awards, the new leaders will be added to the standings instead. Stay tuned, I'll let you know. The Security Baseline as it stands Based on the latest published tests, the best four products to give your PC comprehensive protection against hackers are (1) a Linksys hardware firewall, (2) ZoneAlarm Security Suite 6 (or Panda Platinum Internet Security 2005, which recently received a high rating in PC World tests), (3) Webroot Spy Sweeper for antispyware protection, and (4) an update-management tool of your choice. See details below.
|
|
HERE'S A TIP You're reading the free version of the Windows Secrets Newsletter Subscribers to the paid version receive additional information in each issue. Some of the extras this week are: 
Woody Leonhard / Woody's Windows. You get a pointed look at Microsoft's
operating system through our guru's flat screen:• User Account Control: Vista cries, "Wolf!" • UAC raises its head • The user's perspective • Thinking outside the box 
Chris Mosby / Over the Horizon.
The steps you need to take NOW to protect yourself, because patches aren't yet available for some known threats:• IE patches are close but not complete • IE frames can still be injected • Multiple browsers have data disclosure flaw • IE still has unpatched XML flaw 
Susan Bradley / Patch Watch. We tell you which official patches have problems and,
more importantly, how you can work around them:• Just say no to one patch this month • The WGA so-called critical patch • JScript could cause attacks from Web sites • Patching 98 and ME? They're dead, why bother? 
Ryan Russell / Perimeter Scan.
How you can use free or commercial software to automate patching and upgrading,
whether you're responsible for 5 PCs or 50,000:• Updates and a new USB threat • Firefox 1.5.0.4 is released • Acrobat Reader 7.0.8 is released • Beware some new U3 Flash drives Paid subscribers can access all old and new paid newsletter content Make a contribution to support our research into Windows and you'll immediately be able to read and search through scores of valuable articles. In addition, paid subscribers are entitled to download valuable content that we license for you at least once every calendar quarter. To upgrade, simply make a contribution of any amount you choose If you do this by June 28, 2006, you'll instantly be sent the full, paid version of today's newsletter. To upgrade to the paid version of Windows Secrets, please visit WindowsSecrets.com/upgrade. Thanks in advance. |
|
ELECTRONIC BOOKSHELF — new e-books from the editors 
Spam-Proof Your E-Mail Address, 2nd Ed.This 32-page e-book by Brian Livingston gives you step-by-step instructions that can eliminate 97% of the spam that would otherwise clog your e-mail account. You could call it "Livingston's Spam Secrets." The PDF-format e-book is the result of months of experiments and tests we conducted. We now receive little or no spam to the addresses we used as guinea pigs. These tests show that you can actually reduce your volume of spam to practically nothing, not just battle an unstoppable and ever-growing flood. The methods we describe work with Windows, Apple, and Linux and don't require any filters or block lists — but you can use those in addition to the book's techniques, if you wish. More info |
|
USEFUL LINKS New credit-card numbers shared with businesses Credit-card issuers have come up with a way for businesses to ensure that recurring monthly charges on customers' credit cards continue indefinitely. Almost any business that asks for it can now learn a consumer's new account number — even after the original card has expired or the number has changed. (By Brian Livingston, Datamation) More info Recurring credit-card charges may irk consumers As credit-card issuers increasingly encourage recurring charges by merchants, some consumers are finding themselves caught in the middle. Can two new features, which most businesses and consumers are unaware of, pose risks? (By Brian Livingston, Datamation) More info Click-fraud tools, now totally free If your company buys pay-per-click ads in search engines, and you're concerned that you're paying for click fraud, you've got new tools to fight it — and they're absolutely free. (By Brian Livingston, Datamation) More info |
|
WACKY WEB WEEK
|
|
ABOUT YOUR SUBSCRIPTION The Windows Secrets Newsletter is published twice a month on alternating Thursdays. Issues appear 2 days and 16 days after Microsoft Patch Tuesday (the 2nd Tuesday of each month). Only the first issue of the month is published in August and December to allow vacation breaks. A short "news update" is sometimes published between regular newletters. Publisher: WindowsSecrets.com LLC, 300 Queen Anne Ave. N. #456, Seattle, WA 98109 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editor: Brian Livingston. Contributing Editors: Susan Bradley, Woody Leonhard, Chris Mosby, Ryan Russell. Research Director: Vickie Stevens. Program Director: Brent Scheffler. Trademarks: Windows is a registered trademark of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Index of Reviews, Security Baseline, Briefing Session, Windows Patch Watch, Perimeter Scan, Update Management, and Wacky Web Week are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. How to subscribe: Anyone may subscribe to this newsletter by visiting WindowsSecrets.com/info.
|
