Windows Secrets logo

 

 

   
       
   
Windows Secrets Newsletter • Issue 149 • 2008-04-17 • Circulation: over 275,000
 		   
     
Contents
 INTRODUCTION: Two search engines help you find Windows info
TOP STORY: Flash ads bearing malware plague popular sites
WACKY WEB WEEK: The U.S. election process, in a nutshell
LANGALIST PLUS: Three fast, thorough, easy-to-use disk cleaners
PC TUNE-UP: The best — and worst — personal firewalls
PATCH WATCH: .NET Service Pack 1 creates a tax-season .MESS
YOUR SUBSCRIPTION: How to change your address or unsubscribe

    
   

For links to every topic in this issue, scroll down to the Index


    
   
ADS
Push your PC to full throttle   Push your PC to full throttle
 The more you use your computer, the slower it will get. Run the all-new, free PC Pitstop PC Optimize 2.0 scan now, and in just minutes receive a custom report showing you how to keep your PC running like new. Run the FREE scan now!
 PC Pitstop

Back up your data with ZipBackup   Back up your data with ZipBackup
 Finally, a backup program that's easy to use. ZipBackup's Wizard makes backups a snap for beginners. Filtering, scheduling, and disk spanning make it a powerful tool for experts. For a limited time, Windows Secrets readers receive 25% off.
 ZipBackup

Attend Softletter's SaaS University   Attend Softletter's SaaS University
 Softletter's SaaS University: Selling, Marketing, Infrastructure & Finance. Boston, June 18–19. 31 sessions, 5 tracks, 3 keynotes, 2 days. Register before May 11 and save $200. SaaS University enables your company to succeed in Software as a Service.
 Softletter

See your ad here

    
   
INTRODUCTION

Two search engines help you find Windows info

Brian Livingston By Brian Livingston

How many times have you said to yourself, "I know I saw an article three or four months ago, but now I'm danged if I can find it"?

Our site now makes it easier for you to locate the exact trick you're looking for in more than 6,000 articles that our contributors have written in the past few years — or on the entire Web.

Query our content or all Windows sites

1. Search within Windows Secrets, LangaList, and Brian's Buzz

We've added the ability for you to search every individual article that's ever appeared in the Windows Secrets Newsletter, the LangaList Newsletter (published by Fred Langa from 1998 to 2006), and Brian's Buzz on Windows (a newsletter I wrote in 2003 and 2004).

The Windows Secrets Newsletter was formed in 2004 by merging Brian's Buzz with Woody's Windows Watch, a newsletter published by our contributing editor Woody Leonhard from 1998 to 2004. LangaList merged with Windows Secrets in 2006. (We've managed so far to catalog Fred's articles going back to 2001. We plan to add Woody's back issues to our search index in the weeks to come.)

Free subscribers: You can now see a summary of all our articles, even the paid ones, on every page of our search results. The summary might be all you need to jog your memory! If you'd like to read the full text of any paid article, however, there's no big fee. We accept any financial contribution of any amount — and you get a full 12 months of paid content to boot! How to upgrade

Windows Secrets search
Figure 1. The "Windows Secrets" tab searches our own content, whereas the "All Windows-related sites" tab queries Google's index of tech sites.

To search within all Windows secrets articles, click the Search tab in our top-level menu, or surf to our search page. To add LangaList and Brian's Buzz articles to your query, simply turn on the check boxes for these titles in Advanced Options (as shown in Figure 1).

2. Search within ALL sites related to Windows

What if you can't find the specific Windows tip you need, even after you've gone back through several years of Windows Secrets content?

We've developed a second, specialized search engine that queries all of the top Windows-related sites. This feature uses code we've created based on the API (application programming interface) of Google.com.

Why wouldn't you just use Google.com itself to search the Web? Our front-end makes Google crawl through only those Web sites that focus exclusively on Microsoft Windows. Instead of seeing row after row of sites that sell Windows, you'll get results from sites that have great information about Windows.

Google itself decides which Web sites are "Windows-related." That means it ain't just our friends who appear in the search results — thousands of sites are searched. If your favorite geek site doesn't show up, we aren't the ones who excluded it. You'll have to complain to the billionaires at the Googleplex.

I think you'll find, though, that Google does a very good job of determining which sites have worthwhile info. Using our "Windows-related sites" search, you'll never again get information about stained-glass windows when you're looking for technical help.

To query all Windows-related Web sites, visit our site search page.

Golly, gee — it's trickier than it looks

It might seem easy to craft a search engine, but it turns out to be one of the hardest development jobs to get right. Imagine a program that accepts one or two words of input and gives you back only the results you wanted.

My old WinFind 1.0 service was launched back in 2003. Major enhancements were released as WinFind 2.0 in 2004. This week's new search engines represent WinFind 3.0, although that's like saying a Porsche is just an upgraded Model T. (I announced WinFind in InfoWorld magazine on Feb. 6, 2003. WinFind 2.0 was unveiled in the Windows Secrets Newsletter on July 8, 2004.)

Prior to today, our search page was powered by technology from Atomz.com. (Atomz was acquired by Web Side Story in 2005, which changed its name to Visual Sciences and was recently acquired in turn by Omniture.) By contrast, our two new search engines are entirely based on our own code, plus the Google API.

Credit for the development effort should go to Windows Secrets research director Vickie Stevens and program director Brent Scheffler. An earlier launch of theirs brought you our new Library feature — an improved way to browse our articles, as I described in a Mar. 20 article.

Like any .0 version, our two new search engines may still have some quirks. Please run a few queries. If you find any results that look odd, let me know using our contact page, and we'll soon bring out a .01 version.

 Brian Livingston is editorial director of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books.

Contents  Index

   
   
ADS
Maximize your computer's performance   Maximize your computer's performance
 Stop waiting for your PC to startup and shutdown. Remove performance bottlenecks. Avoid system failure. Optimize your PC for peak performance using Proactive Defragmentation. Save 25% with coupon code WINDOWSSECRETS. Try DiskMagik for free today!
 DiskMagik

Don't compromise your security   Don't compromise your security
 People worldwide trust Spyware Doctor to protect PCs from spyware, adware and online threats. Daily updates provide advanced real-time detection and removal. Scan your system for free now. Defend up to 3 PCs and save 20% with coupon code pctools.
 Spyware Doctor

Convert any text into spoken audio   Convert any text into spoken audio
 Listen to your e-mail, Web pages, and documents on your PC, iPod, or CD player. TextAloud automatically makes any text on your screen audible. Combine TextAloud with AT&T Natural Voices to make your PC sound human. Save $5 with coupon code SECRETS.
 TextAloud

See your ad here

    
   
TOP STORY

Flash ads bearing malware plague popular sites

Scott Dunn By Scott Dunn

A Flash-based advertisement that appeared last week on the USA Today site downloaded malicious code to users' computers, generating erroneous warnings of a malware infestation and offering a phony solution.

The Flash vulnerability is so widespread that such "malvertisements" may be present on thousands of sites, but there are measures you can take to reduce your exposure.

Just opening the page puts you at risk

Visitors to USAToday.com last Thursday got more than they bargained for. A hacked Flash advertisement meant that merely viewing a page in your browser was capable of triggering a malware attack on your PC. According to an alert on the security site Websense, the ad can take control of the browser without any user interaction at all.

Two days after the ad appeared on the USA Today site, two prominent Utah-based news sites, DeseretNews.com and SLTrib.com, were found to have similarly dire banner ads. These ads directed users to various unexpected locations, including the site for AntiSpywareMaster. This destination has been called a "corrupt anti-spyware parasite" and a "fake program" by the RDV Group, a safe-computing organization.

News sites aren't the only victims of what Sandi Hardmeier, who authors the blog Spyware Sucks, calls "malvertisements." The ads themselves may appear perfectly harmless, notes Hardmeier, who's been recognized as an MVP (Most Valued Professional) by Microsoft. "The criminals behind such malvertisements . . . have no shame," she writes, "impersonating everything from WeightWatchers to Oxfam."

Advertisements are not the only source of the problem. The principal conveyors of this malicious code are Flash animations (or .swf files), which are commonly used to create intro screens, online video, and other Internet content in addition to Web ads.

Of particular concern are Flash files that are vulnerable to insertion of malicious code using a technique called cross-site scripting, or XSS.

This vulnerability was widely publicized earlier this year by Google researcher Rich Cannings and his co-authors in their book Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions. According to a report in the U.K.–based tech-news site The Register, a Web search revealed more than 500,000 vulnerable files on major Web sites.

A permanent fix is a long way off

Makers of Flash-building tools, including Adobe, Autodemo, TechSmith, and InfoSoft, quickly updated their development environments to patch the holes, according to a March story in The Register. But because many of the vulnerable files have to be regenerated from scratch, a titanic number of high-risk Flash files remain online.

Speaking at last month's CanSecWest security conference in Vancouver, B.C., Cannings estimated that over 10,000 sites host the risky files, The Register reported.

But that estimate may be low. In his security blog, Jeremiah Grossman, founder and chief technology officer of WhiteHat Security, writes that "potentially hundreds of thousands" of Web sites could be at risk. "Reasonably workable fixes are going to be a long time coming," he adds.

Even diagnosing the problem can be a challenge, notes Spyware Sucks's Hardmeier. She points out that advertising commonly appears on Web sites in one of two ways: either the Web site's staff handles its own advertising and posts the ads directly, or the site is served ads from an advertising network, which typically manages the content.

Unfortunately, it isn't always easy for sites or advertising networks to detect problem ads. "Malvertisements are coded to exclude particular IP addresses, cities, states, and even entire countries," Hardmeier explains. "It is standard operating procedure for a malvertisement to be coded so that it will not trigger a redirect if displayed on a computer within the IP range of the victim Web site or victim advertising network."

What you can do to protect yourself

Even though the long-term solution is for the providers of Flash-based content to create more-secure versions of their files, there are some measures users can take to protect themselves. These protections are not foolproof, but they at least reduce the risk of exposure to malware via compromised Flash files.

Some of these tips come from Andre Gironda, Secure SDLC Consultant and author of the ts/sci security blog, who posted his pointers in a comment to Grossman's blog posting.

The no-Flash option

The most effective – albeit drastic – way to protect yourself from malware-bearing Flash files is to uninstall Flash entirely. Adobe provides a special tool for doing this; you can find instructions and a link for downloading this file in a Technote published on the Adobe site.

The part-time-Flash option

If going without Flash entirely is too extreme, you can limit the sites that use this and other risky plug-ins by installing free browser add-ons that let you manage active Web content more granularly:

For Internet Explorer, TurnFlash lets you toggle between blocking Flash files and allowing them to run. A tray icon lets you turn Flash on or off, but the setting takes effect only in any new IE windows that you launch, not in the existing browser window.

A similar utility called No! Flash also switches Flash on and off, but it also gives you the ability to turn off several other elements, such as Java applets and other scripts. As with TurnFlash, the changes take effect in the next IE window you open.

For Mozilla Firefox, a plug-in called Flashblock disables all Flash content on Web sites and replaces it with a round Flash logo. You can selectively enable Flash files by clicking their icons.

For more comprehensive security, the plug-in NoScript not only disables Flash but also turns off Java, Silverlight, and other active Web elements. A NoScript icon in the Firefox status bar provides a pop-up menu for adding a site you trust to the add-on's "whitelist," which enables all scripts and animations on the site (but not necessarily those on the site's pages that are served up by ad networks). You can also right-click a link in Firefox to set its NoScript options via the context menu.

The minimal option

At the very least, update the Flash Player software on your system to the latest version (9.0.124.0 or higher). In the last three months, Adobe has patched a number of security holes in this product. The update won't protect you from all buggy Flash files on the Web, but it will make your browsing much safer.

You can download the latest Adobe Flash Player from the Adobe Web site.

After you install the update, run the free Secunia Software Inspector online malware scanner to find old versions of the Flash Player that may have been left behind on your system. Secunia's on-screen report will show the path and filename of the old files you need to delete. You may have to run the inspector more than once to make sure all the old files are deleted. If you delete a needed file by mistake, simply run the newest Flash Player installer again to correct the problem.

One danger posed by Flash bugs is the ability of hackers to get your login credentials for a given site. Andre Gironda recommends creating multiple Firefox profiles, each with its own NoScript (or, if you prefer, Flashblock) settings. He uses his Flash-enabled profile to browse sites such as YouTube, but he exits that browser and launches his Flash- and script-blocked copy of Firefox when he conducts online banking and visits other sites that require logins.

To set up a Firefox profile, do the following:

Step 1. Choose Start, Run. Type cmd.exe and press Enter.

Step 2. At the command prompt, type:

"C:\Program Files\Mozilla Firefox\firefox.exe" -profilemanager

Then press Enter. (Note that the quotation marks are required and that your path may differ.)

Step 3. If you want Firefox to prompt you for a profile each time you launch it, uncheck the option Don't ask at startup in the Firefox — Choose User Profile dialog box.

Step 4. Click Create Profile and follow the steps in the wizard to name your new profile. Repeat the steps to create a second profile. For example, you might name one profile Flash-Yes and another Flash-No. When you're done, click Exit.

Step 5. Rather than being prompted for a profile each time you open Firefox, create separate shortcuts to launch each profile. For example, if you have a shortcut to Firefox in your QuickLaunch toolbar or on the desktop, drag the shortcut with the right mouse button pressed, drop it, and choose Create Shortcuts Here.

Step 6. Right-click one of your Firefox shortcuts and choose Properties. Click the Shortcut tab and edit the command line so it ends in with -p followed by a space and the name of one profile. For example, the entire command line might read:

"C:\Program Files\Mozilla Firefox\firefox.exe" -p Flash-Yes.

Repeat these steps for a second shortcut to launch your other Firefox profile.

Step 7. You may need to download and install one of the plug-ins described above for these profiles and configure each profile's browser differently. However, any changes you make should be saved with that profile, so they will be in effect the next time you launch it.

A complete solution to high-risk Flash files may not come any time soon. Until the creators and managers of these files can ensure a high degree of safety, users have to be extra cautious to avoid the risks of Flash-borne malware.

For more on Flash security vulnerabilities, see Windows Secrets contributing editor Mark Edwards's Apr. 10 PC Tune-Up column.
Readers receive a gift certificate for a book, CD, or DVD of their choice for sending tips we print. Send us your tips via the Windows Secrets contact page.

 Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here's How section of that magazine.

Contents  Index

   
   
ADS
Never waste time with software installs   Never waste time with software installs
 PCmover is the only migration utility that automatically moves installed programs and files to your new PC. It even transfers bookmarks and e-mail settings! Stop wasting time waiting for installs and updates. Let PCmover automate your upgrades.
 Laplink PCmover

Get your product seen by 275,000 readers   Get your product seen by 275,000 readers
 Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 275,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement.
 Windows Secrets Newsletter

See your ad here

    
   
TELL A FRIEND

How you can share this information

 We love it when you send your friends links to our articles. But please don't forward your copy of our e-mail newsletter to people, which subjects us to spam complaints. Instead, simply suggest that your friends visit this issue's permanent Web address, shown below. A complete index at the bottom of the Web page provides you with hyperlinks to any article you'd like to recommend.

The address of this issue is http://WindowsSecrets.com/comp/080417

 		   
   
EDITOR'S BOOKSHELF

Windows Vista Secrets Get the tips you need about Windows Vista
The all-new Windows Vista Secrets helps novices and experts alike understand Microsoft's latest operating system. "To really appreciate what is in Vista, you almost need to read through the leading book on the product, Windows Vista Secrets, by Brian Livingston and Paul Thurrott," writes Rob Enderle, principal analyst of the Enderle Group, in TechNewsWorld. "It's 595 pages of things you can do with this product — most of which you probably wouldn't have discovered for some time, let alone right at first." Check the book out now for tips you can use.
More information: United States (B&N) / Canada / Elsewhere

Spam-Proof Your E-Mail Address, 2nd Ed. Spam-Proof Your E-Mail Address, 2nd Ed.
This 32-page e-book by Brian Livingston gives you step-by-step instructions that can prevent 97% of the spam that would otherwise clog an e-mail account. You could call it "Livingston's Spam Secrets." The PDF e-book is the result of months of experiments and tests we conducted. We now receive little or no spam to the addresses we used as guinea pigs. These tests show that you can make your e-mail addresses invisible to spammers, not just battle an ever-growing flood. The methods we describe work with Windows, Apple, and Linux and don't require any filters or block lists — but you can use those in addition to the book's techniques, if you wish. More info

    
   

Contents  Index

   
   
WACKY WEB WEEK

 The U.S. election process, in a nutshell

Electoral system  It's a campaign for the record books. First, a neck-and-neck race for the Democratic nomination will be won by either the first African-American nominee or the first female nominee of a major party. That winner will go up against the oldest person ever to vie for an initial term in the White House.

For the first time in decades, voters of all stripes are actually paying attention. But just how does the whole U.S. political system work, anyway?

Luckily, Newstopia, an Australian comedy news show, has taken the liberty to sum up the process for us in this brief — albeit hilarious — clip. Get ready to take notes; this will be on the final! Play the video

Contents  Index

   
   
INDEX

The following topics appear in the free version

INTRODUCTION   Two search engines help you find Windows info
  Query our content or all Windows sites
   
TOP STORY   Flash ads bearing malware plague popular sites
  Just opening the page puts you at risk
  A permanent fix is a long way off
  What you can do to protect yourself
   
WACKY WEB WEEK   The U.S. election process, in a nutshell
   
You get all of the following in the paid version

LANGALIST PLUS   Three fast, thorough, easy-to-use disk cleaners
  De-junkify your drive for little or no money
  CCleaner super-scrubs your drive
  Remove locked files with Cleanup Assistant
  DTweak Pro cleans well but has rough edges
  Readers suggest even more disk-cleaning options
   
PC TUNE-UP   The best — and worst — personal firewalls
  Firewalls that pass the leak test
  The ultimate Windows boot CD
  Make Windows XP look like Vista
  Reset a lost Administrator password
  XP SP3 and Vista SP1 aren't available on CD
   
PATCH WATCH   .NET Service Pack 1 creates a tax-season .MESS
  .NET 2.0 SP1 wreaks havoc on tax deadlines
  Un-botching a botched .NET update
  How do you know whether you need .NET?
  Installation problem hits VBScript and JScript
  Internet Explorer patch may block all Web access
  A Vista update knocks out mice and keyboards
   
It's easy to get all our paid content! Contribute whatever it's worth to you
Readers who make a financial contribution of any amount will immediately receive the latest issue of our full, paid newsletter and 12 months of new paid content. Pay as much or as little as you like — we just want as many people as possible to have this information.

 Gabriela A portion of your support helps children in developing countries
Each month, we send a full year of sponsorship to a different child. In April 2008, your contributions help us to sponsor Gabriela Ivón (left), a 5-year-old girl from Zapopan, Jalisco state, in the central region of Mexico. She lives with her family and has two siblings. Aid to Gabriela and her village is provided by Children International, a nonprofit organization that serves 11 countries. We also sponsor kids through Save the Children and other respected agencies. More info

 To upgrade, simply make a contribution of any amount you choose
If you do this by Apr. 23, 2008, you'll instantly be sent the full, paid version of today's newsletter.

Use the link below to learn more benefits of becoming a paid subscriber!

More info on how to upgrade

Thanks in advance for your support.
   
   

Contents  Index

   
   
YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, plus the week of Thanksgiving and the last two weeks of August and December.

Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editorial Director: Brian Livingston. Editor-at-Large: Fred Langa. Associate Editor: Scott Dunn. Contributing Editors: Susan Bradley, Mark Edwards, Woody Leonhard, Ryan Russell. Research Director: Vickie Stevens. Program Director: Brent Scheffler. Editorial Assistant: Raef Harrison.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
 Copyright © 2008 by WindowsSecrets.com LLC. All rights reserved.

Contents  Index