Watch a live video, share your PC with CNN

Home

Newsletter

Search

Reviews

Polls

Contact

This issue

Library

Upgrade

Preferences

Unsubscribe

Windows Secrets Newsletter • Issue 183 • 2009-02-05 • Circulation: over 400,000

Why is your PC so slow?

In just minutes, find out why your PC is so slow. Run the free PC Pitstop Optimize 2.0 scan and receive a free custom report detailing common issues that might be keeping your PC from running at top speed. Over 100 million scans run. Scan for free now!

PC Pitstop

Table of contents
TOP STORY: Watch a live video, share your PC with CNN
KNOWN ISSUES: If NoAutoRun.reg doesn't work, you may need space
WACKY WEB WEEK: Giving up on society? Get one of these!
LANGALIST PLUS: Make sure your PC's BIOS supports USB
WOODY'S WINDOWS: Microsoft claims Windows 7 UAC flaw is by design
PATCH WATCH: Conficker/Downadup woes may not be over

ADS

Optimize your PC by updating your BIOS
Are you looking to improve the performance of your PC? BIOSAgentPlus is a free utility that scans your PC and matches the correct Phoenix or AMI BIOS update and finds the exact driver updates for your desktop or laptop. Scan today for a free report.
BIOSAgentPlus

Free CompTIA A+ exam preparation
For a limited time, ExamForce is offering Windows Secrets readers a free download of our popular CompTIA A+ exam prep. Includes both the CompTIA A+ Essentials and CompTIA A+ IT Technician. Hundreds of questions, answers, and detailed explanations.
ExamForce CramMaster for CompTIA

See your ad here

TOP STORY

Watch a live video, share your PC with CNN

By Brian Livingston

Many people who watched live streaming video of the inauguration of U.S. President Barack Obama on Jan. 20 may not realize that their PC was used to send the video to other PCs, too.

Clicking "yes" to a CNN.com dialog box installed a peer-to-peer (P2P) application that uses your Internet bandwidth rather than CNN's to send live video to other viewers.

The P2P application is called Octoshape Grid Delivery and is managed by Octoshape ApS, a company based in Copenhagen, Denmark.

Web surfers who visit CNN.com and select a live video stream for the first time see in their browsers a dialog box, shown in Figure 1, saying, "This site requires the Octoshape Grid Delivery enhancement for Adobe Flash Player." The dialog box doesn't appear when playing an ordinary video file, only when starting a live feed. (Feeds labeled LIVE typically appear in the upper-right corner of CNN.com's home page during business hours.)

CNN Octoshape dialog box

Figure 1. Users who select a CNN.com live video feed see a dialog box to install the Octoshape Grid Delivery application.

According to Octoshape's end-user license agreement (EULA), what's installed is a peer-to-peer app that will "deliver parts of the video and audio stream to other end users of the Software."

Why should you care? Windows Secrets contributing editor Ryan Russell, using a network sniffer, measured Octoshape using upstream bandwidth of 320 kilobits per second on a broadband connection. Dan Ferrell, in a comment on contributing editor Susan Bradley's blog, reports seeing 600 Kbps of upstream traffic. At first glance, Ferrell adds, the multiple connections to his PC looked on his security alert system like some kind of SQL attack.

The Internet Storm Center, an Internet security organization, reported that traffic on Jan. 20 had jumped to a level thousands of times higher than usual on port 8247, which is used for UDP, the User Datagram Protocol. (See Figure 2.) The center quickly identified the source as legitimate — CNN — but security consultant Raul Siles warned in his report, "It would be easy for an attacker to hide his actions on this port if we simply ignore it."

ISC Octoshape UDP traffic

Figure 2. The Internet Storm Center measured an enormous increase in UDP traffic on Jan. 20.

In a telephone interview, Octoshape's P2P nature was confirmed by Mike Wise, group technical advisor for platform R&D at Turner Broadcasting System, the parent of CNN.

Wise emphasized that the news network had selected the most considerate software for the job: "The Octoshape technology uses a congestion control mechanism that's less aggressive than TCP and most UDP implementations." As one example of the way Octoshape gives priority to user tasks, he explained, "we chose an implementation that wouldn't interfere with consumer's VoIP [Voice over Internet Protocol] applications."

As a European company, Octoshape's technology was initially used on the continent to stream live feeds of such high-profile events as the Eurovision Song Contest and the UEFA Cup. "We're their first big United States customer, as least that I know of," says Wise.

"We did some limited trials leading up to the election" on Nov. 4, as Wise describes it. The big test came with the Jan. 20 inaugural address. More than 26 million live feeds (including restarts of crashed streams) were served that day by CNN.com, according to a Jan. 25 article and chart in the New York Times. CNN's nearest rivals served "only" 9.1 million (MSNBC) and 8 million (AP).

To my surprise, I've seen only a few blogs comment on the implications of CNN using so much upstream bandwidth — and almost no headlines in the mainstream U.S. media.

Most Internet service providers support far less bandwidth in the upstream direction (from a PC to the Internet) than they do downstream (from the Internet to a PC). But that isn't the only concern with CNN's use of people's Internet connections:

Deceptive marketing. Octoshape's dialog box warns that playing a live video "requires" installing new software. Despite this, however, if you click "no" to Octoshape, you can play the feed using the streaming video capability built into Windows Media Player or Adobe's Flash Player, although possibly with less fidelity. Small links to choose one of the two standard formats appear in the bottom-right corner of the playback window.

The Octoshape EULA doesn't become available until after the user is required to select "yes" or "no" to install the app. But even if the EULA appeared before the buttons, burying in legalese the commandeering of a person's PC isn't my idea of "informed consent." Only a clear explanation of the repurposing of a PC's bandwidth — in on-screen text, readable without scrolling — is an adequate way to inform users of such a technique.
Cost-shifting to ISPs. CNN's use of Octoshape might make live feeds look somewhat smoother to end users, but the primary benefit is a reduction in cost to the cable news network.

The TorrentFreak blog cites an unnamed insider as saying 30% of CNN's live feed traffic was served from individual PCs and not the network's own servers. That saves CNN big time on bandwidth. But the cost doesn't just disappear — it's shifted to ISPs.

Brett Glass, the owner of Lariat.net, a small ISP in Laramie, Wyoming, testified before the FCC last year on cost-shifting. Bandwidth, he explains, can cost hundreds of dollars per Mbps per month to providers in rural areas like his. "CNN is setting up a server on the ISP's network without permission or compensation," he told me in an interview. "CNN's not a charity, in fact it's doing a lot better than some ISPs."
Costs to end users. Many ISPs around the world restrict how much bandwidth users can consume. Those providers charge by the megabyte for any traffic above that level. Users who installed Octoshape's app and served traffic upstream as well as down may get an unpleasant surprise in their next monthly bill. Octoshape anticipated this in the company's EULA by saying, "You are responsible for any telecommunication or other connectivity charges incurred through the use of the Software."

In addition, ISP terms of service usually prohibit customers from using their Internet connection to host a server. The FCC ruled last year against Comcast, a major U.S. ISP, on peer-to-peer restrictions, as explained in an Ars Technica article. But other legal issues on home-grown servers remain unsettled.

(In an interview, Comcast spokeswoman Jenny Moyer declined to address CNN's use of Octoshape, saying, "I don't think it's anything we're going to be able to comment on at this time.")
Ludicrous license terms. Anyone who reads Octoshape's EULA after clicking "yes" to install the app finds that they've agreed to some hilarious prohibitions:

"You may not collect any information about communication in the network of computers that are operating the Software or about the other users of the Software by monitoring, interdicting or intercepting any process of the Software. Octoshape recognizes that firewalls and anti-virus applications can collect such information, in which case you not are allowed to use or distribute such information."
Company policies on outbound traffic. No one has suggested that Octoshape is doing anything other than relaying live video streams to other PCs. In a blog comment, Johan Ryman, Octoshape manager of strategic partnership and sales, assures users that the app is well-behaved and stops consuming upstream bandwidth within five seconds of a live stream being closed.

Many companies, however, have policies against sending data outside their LAN. How many CIOs will be comfortable with an app that sends unknown information to random PCs?
Use of Flash's install mechanism. Octoshape is the only outside company that's allowed to download software using the Adobe Flash Player's so-called Express Install feature, according to a Flash Magazine technical analysis. Express Install is used by Adobe to push updates and other software, such as Acrobat Connect and the Adobe AIR runtime.

IT admins who'd like to turn off the installation of Octoshape within their companies could disable Flash's update mechanism, as explained in Adobe TechNote 16701594. But doing so would disable all auto-updates from Adobe, not just Octoshape.
Security vulnerabilities. The Octoshape app is supported by an established company and is not any kind of virus or worm. However, most programs have bugs, and Octoshape specifically communicates with its own servers and other PCs in ways that are not apparent to end users.

Any Web site you visit that is "Octoshape aware" can invoke the application. If a security vulnerability is discovered in the Octoshape software, hackers could exploit the weakness.

Media players expose PC users to serious security flaws more often than Windows itself does, as WS associate editor Scott Dunn reported on Aug. 16, 2007. For instance, several new vulnerabilities were discovered in Flash Player version 9 in 2008 alone, including one rated "highly critical," according to advisories by the security firm Secunia.

In a follow-up article on Sept. 6, 2007, Scott reported that Flash Player 9 was found to be unpatched in 62% of the Windows PCs that participated in a test. End users can correct these holes by patching the player or upgrading to version 10, but too few do so.
Corporate revolving doors. It's remarkable to see how a small company in Denmark has managed to gain exclusive contracts with Adobe and CNN. I'm all for innovative software firms selling cutting-edge technology.

At the same time, I wonder how these relationships came into being. Last month, Octoshape hired as its new U.S. CEO Scott Brown, previously a vice president of Turner Broadcasting, according to the Business of Video blog. Sounds like the connection between CNN and Octoshape is getting stronger all the time.

The question isn't whether peer-to-peer technology is "good" or "bad." P2P is here to stay.

But if all TV programs are going to be streamed live by media giants, as I'm sure will eventually happen, the question is what impact this will have on Internet bandwidth — and who will pay for it.

I'd like to see the computer industry start a well-publicized discussion in the major news media about this. If we're going to stream TV across the Internet, shouldn't we select an open standard (the TorrentFreak blog likes P2P-Next), rather than proprietary technology that's restricted to a few parties with patents?

What to do if you have Octoshape on your PC

As I mentioned earlier, the Octoshape app isn't currently a threat. But I personally would rather put up with a slightly jerky video than run an application on my PC that's sending God-knows-what to who-knows-whom.

Fortunately, the Octoshape program isn't hard to find or remove:

Step 1. To find out whether the Octoshape app is running, you can use Windows' built-in Task Manager. (Right-click a blank space on the Task Bar, and then click Task Manager.)

As Susan Bradley shows in a blog post, when you're viewing a live stream from CNN.com, you'll see in Task Manager a service called octoshape.exe. (In the illustration on her blog, instances of the service are shown to be consuming 63MB of RAM, but a lot of this memory may be taken up by the Flash Player itself.)
Step 2. To remove Octoshape's app, you can use the Control Panel in either Windows XP or Vista. In XP, the applet is called Add or Remove Programs. In Vista, it's Programs and Features. The "Octoshape add-in for Adobe Flash Player" is the name of the program to uninstall.

Strangely, there isn't an uninstaller for the Mac version of the app. You have to manually delete the Octoshape folder.

These removal procedures are explained in detail at the bottom of the Octoshape Grid Delivery FAQ.

There's much more to write on this subject, but I'll stop here. If you have additional specifics on any of this, please send a tip via the Windows Secrets contact page. Thanks!

Brian Livingston is editorial director of WindowsSecrets.com and co-author of Windows Vista Secrets and 10 other books.

Table of contents

ADS

Windows backup software you can afford
Looking for Windows backup software that won't break the bank? Try this easy-to-use client/server solution that relies on disk media to eliminate tape-backup problems. Prices start at $99 per computer. Download the 30-day trial software today.
Backup for Workgroups

Are your computer's drivers up-to-date?
Driver Detective provides the most up-to-date drivers specific to your computer! With more than 1 million drivers, Driver Detective saves you endless hours of work and aggravation normally associated with updating drivers.
Drivers HeadQuarters

See your ad here

KNOWN ISSUES

If NoAutoRun.reg doesn't work, you may need space

By Dennis O'Reilly

The way word-wrapping alters line breaks in some browser windows thwarted a few of our readers' attempts to disable AutoRun.

If you manually typed a line break where the code requires a space, and you couldn't get the file to work, a simple change will do the trick.

Windows Secrets contributing editor Woody Leonhard authored a Jan. 22 Top Story on the Conficker/Downadup worm and included a link to a Nov. 8, 2007, article.

That article, by associate editor Scott Dunn, explained how to add a Registry key to block Windows' AutoRun function. After you do this, if you unknowingly insert a hacked CD, DVD, USB drive, or other external drive, it won't automatically infect your PC. The technique involves copying and pasting three lines of code into a NoAutoRun.reg file, then right-clicking the file, merging it into the Registry, and rebooting.

One of the lines of code is very long and looks as follows (it's all one line, but it word-wraps to two lines in small windows):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf

Reader Rob Oppenheim wasn't the only reader who found that merging into the Registry the file he created had no effect, because he'd entered a line break where his e-mail program had word-wrapped that line:

"In your [most recent] newsletter, you refer to a Web page that describes how to disable autoruns. The page describes a .reg file with a key that displays broken across two lines (at least on my machine it displays that way). Unfortunately, it's not obvious that there's a space in the key; that is, it should be 'Windows NT' and not 'WindowsNT.'

"The page does explain that the key should be all on one line but does not mention that the space is required."

If this key shows up in your e-mail program as a single line, all is fine. However, if it wraps to two lines between "Windows" and "NT," and you manually type in the key, you may not realize that there should be a space between the two words, not a carriage return.

Regardless how the Registry key appears in your browser, if you copy the lines from Scott's article and paste them into your text editor to create a NoAutoRun.reg file, the space between "Windows" and "NT" will be included.

Delete the key to restore your AutoRun

Several people tried life without AutoRun and decided they missed the feature. For example, after disabling AutoRun, you must manually open the autorun.inf file on any software disc you might want to auto-install. Marlin Brutlag puts it succinctly:

"Is there a safe way to remove it [the block on Windows' AutoRun feature] if no longer desired?"

To restore Windows' default AutoRun behavior, simply delete the key that was created when you merged the NoAutoRun.reg file. To do this, open the Registry Editor: in Vista, click Start, but in XP, click Start, Run. Then type regedit and press Enter. In the left pane, navigate to the IniFileMapping key in the Registry path shown above. Expand the key, right-click Autorun.inf below it, and choose Delete.

See Microsoft Knowledge Base article 310516 for details on adding, deleting, and modifying Registry keys.

Resuscitate a dead drive by giving it the gas

After reading reader Scotty Burrous's description of how he brought a hard drive in his mother's PC back from the dead, I started to think I'd been watching too many scary movies:

"My mom's laptop recently croaked. The two-year-old 60GB hard drive decided it had had enough and the platter quit spinning. I hooked it up to a 2.5-inch USB adapter after removing the cover, negating any and all out-of-date warranties, etc. When energized, the indicator LED — normally green — was red and the platter didn't move.

"There were a few files my mom hadn't backed up — sigh, she's 86 years old — but decided she desperately needed. With tweezers, I manually rotated the platter on the hub, not touching the disk. I noticed it was difficult to turn, so I figured, 'What the hell?'

"I purchased a container of butane — the stuff you refill a cigarette lighter with — and dispensed some of it (frequently) onto the bottom bearing. When energized, the platter spun up and I managed to get all the pertinent data from the drive! And with continued application of the butane, I ended up copying all the data from the (now) ex-drive."

I'm going to take Scotty's word that this tip actually worked — but kids, don't try the butane-on-the-bearing trick without adult supervision! (I can't help wondering what Scotty tried on the sick drive before he turned to lighter fluid.)

Readers Rob, Marlin, and Scotty will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.

The Known Issues column brings you readers' comments on our recent articles. Dennis O'Reilly is technical editor of WindowsSecrets.com.

Table of contents

WACKY WEB WEEK

Giving up on society? Get one of these!

By Katy Abby

Every few years, a product comes along that is inexplicably popular. Despite tedious advertising, a questionable concept, and mediocre value, consumers hand over their hard-earned dollars with reckless abandon to own the next hot-ticket item. One such phenomenon is the subject of this hilarious infomercial parody.

Before you start thinking about snuggling up on the couch with one of these plush pieces, listen carefully to what the narrator's saying. Your self-esteem — and social life — may depend on it! (Warning: the video contains strong language.) Play the video

Table of contents

Get your message seen by 400,000 readers
Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 400,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement.
Windows Secrets Newsletter

See your ad here

PERMALINKS

Use these permalinks to share info with friends

We love it when you include the links shown below in e-mails to your friends. This is better than forwarding your copy of our e-mail newsletter. (When our newsletter is forwarded, some recipients click "report as spam" and corporate filters start blocking our e-mails.)

The following link includes all articles this week: http://WindowsSecrets.com/comp/090205

Free content posted on Feb. 5, 2009:

TOP STORY
By Brian Livingston
Watch a live video, share your PC with CNN
What to do if you have Octoshape on your PC

KNOWN ISSUES
By Dennis O'Reilly
If NoAutoRun.reg doesn't work, you may need space
Delete the key to restore your AutoRun
Resuscitate a dead drive by giving it the gas

WACKY WEB WEEK
By Katy Abby
Giving up on society? Get one of these!

You get all of the following in our paid content:

	LANGALIST PLUS By Fred Langa Make sure your PC's BIOS supports USB New USB keyboard won't work without Windows Calling the final shot re: Vista vs. XP Allow or deny "act as a server" requests? Voicing an opinion on text-to-speech software
	WOODY'S WINDOWS By Woody Leonhard Microsoft claims Windows 7 UAC flaw is by design Attempts to enhance UAC render it useless Long's view: cracking Win7's UAC is too easy Microsoft is tap dancing as fast as it can Finding the best mix of security and convenience
	PATCH WATCH By Susan Bradley Conficker/Downadup woes may not be over Waiting for the Conficker botnets to strike Just say no to this .NET 3.5 update A cautionary tale of a .NET patching mess QuickTime needs this security patch pronto BitTorrent downloads can lead to back doors Internet Explorer 8 Release Candidate 1 debuts Watch for an important Home Server update

Get our paid content by making any contribution

There's no fixed fee! Contribute whatever it's worth to you
Readers who make a financial contribution of any amount by Feb. 11, 2009, will immediately receive the latest issue of our full, paid newsletter and 12 months of new paid content. Pay as much or as little as you like — we want as many people as possible to have this information.

A portion of your support helps children in developing countries
Each month, we send a full year of sponsorship to a different child. Your contributions in February are helping us to sponsor Archana, an 8-year-old girl from a village in Nepal. Save the Children channels development aid from donors to Archana and her community. We also sponsor kids through Plan USA and other respected agencies. More info

Use the link below to learn more about the benefits of becoming a paid subscriber!

More info on how to upgrade

Thanks in advance for your support!

Table of contents

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets resulted from the merger of several publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editorial Director: Brian Livingston. Senior Editor: Ian Richards. Editor-at-Large: Fred Langa. Technical Editor: Dennis O'Reilly. Program Director: Tony Johnston. Program Manager: Ryan Biesemeyer. Web Developer: Damian Wadley. Editorial Assistant: Katy Abby. Copyeditor: Roberta Scholz. Contributing Editors: Susan Bradley, Scott Dunn, Mark Joseph Edwards, Stuart J. Johnston, Woody Leonhard, Ryan Russell, Becky Waring.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.

HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period. Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,

Visit our Unsubscribe page.

Table of contents