Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • WinDeals
  • E-Books
  • Lounge
  • Polls
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Flash ads bearing malware plague popular sites

Windows Secrets Newsletter • Issue 149 • 2008-04-17 • Circulation: over 400,000

Table of contents 
  • Introduction: Two search engines help you find Windows info
  • Top Story: Flash ads bearing malware plague popular sites
  • Wacky Web Week: The U.S. election process, in a nutshell
  • LangaList Plus: Three fast, thorough, easy-to-use disk cleaners
  • PC Tune-Up: The best — and worst — personal firewalls
  • Patch Watch: .NET Service Pack 1 creates a tax-season .MESS
 
Introduction

Two search engines help you find Windows info

Brian Livingston 1 Two search engines help you find Windows info By Brian Livingston

How many times have you said to yourself, “I know I saw an article three or four months ago, but now I’m danged if I can find it”?

Our site now makes it easier for you to locate the exact trick you’re looking for in more than 6,000 articles that our contributors have written in the past few years — or on the entire Web.

Query our content or all Windows sites

1. Search within Windows Secrets, LangaList, and Brian’s Buzz

We’ve added the ability for you to search every individual article that’s ever appeared in the Windows Secrets Newsletter, the LangaList Newsletter (published by Fred Langa from 1998 to 2006), and Brian’s Buzz on Windows (a newsletter I wrote in 2003 and 2004).

The Windows Secrets Newsletter was formed in 2004 by merging Brian’s Buzz with Woody’s Windows Watch, a newsletter published by our contributing editor Woody Leonhard from 1998 to 2004. LangaList merged with Windows Secrets in 2006. (We’ve managed so far to catalog Fred’s articles going back to 2001. We plan to add Woody’s back issues to our search index in the weeks to come.)

Free subscribers: You can now see a summary of all our articles, even the paid ones, on every page of our search results. The summary might be all you need to jog your memory! If you’d like to read the full text of any paid article, however, there’s no big fee. We accept any financial contribution of any amount — and you get a full 12 months of paid content to boot! How to upgrade

W080417 Windows Secrets Search Two search engines help you find Windows info
Figure 1. The “Windows Secrets” tab searches our own content, whereas the “All Windows-related sites” tab queries Google’s index of tech sites.

To search within all Windows secrets articles, click the Search tab in our top-level menu, or surf to our search page. To add LangaList and Brian’s Buzz articles to your query, simply turn on the check boxes for these titles in Advanced Options (as shown in Figure 1).

2. Search within ALL sites related to Windows

What if you can’t find the specific Windows tip you need, even after you’ve gone back through several years of Windows Secrets content?

We’ve developed a second, specialized search engine that queries all of the top Windows-related sites. This feature uses code we’ve created based on the API (application programming interface) of Google.com.

Why wouldn’t you just use Google.com itself to search the Web? Our front-end makes Google crawl through only those Web sites that focus exclusively on Microsoft Windows. Instead of seeing row after row of sites that sell Windows, you’ll get results from sites that have great information about Windows.

Google itself decides which Web sites are “Windows-related.” That means it ain’t just our friends who appear in the search results — thousands of sites are searched. If your favorite geek site doesn’t show up, we aren’t the ones who excluded it. You’ll have to complain to the billionaires at the Googleplex.

I think you’ll find, though, that Google does a very good job of determining which sites have worthwhile info. Using our “Windows-related sites” search, you’ll never again get information about stained-glass windows when you’re looking for technical help.

To query all Windows-related Web sites, visit our site search page.

Golly, gee — it’s trickier than it looks

It might seem easy to craft a search engine, but it turns out to be one of the hardest development jobs to get right. Imagine a program that accepts one or two words of input and gives you back only the results you wanted.

My old WinFind 1.0 service was launched back in 2003. Major enhancements were released as WinFind 2.0 in 2004. This week’s new search engines represent WinFind 3.0, although that’s like saying a Porsche is just an upgraded Model T. (I announced WinFind in InfoWorld magazine on Feb. 6, 2003. WinFind 2.0 was unveiled in the Windows Secrets Newsletter on July 8, 2004.)

Prior to today, our search page was powered by technology from Atomz.com. (Atomz was acquired by Web Side Story in 2005, which changed its name to Visual Sciences and was recently acquired in turn by Omniture.) By contrast, our two new search engines are entirely based on our own code, plus the Google API.

Credit for the development effort should go to Windows Secrets research director Vickie Stevens and program director Brent Scheffler. An earlier launch of theirs brought you our new Library feature — an improved way to browse our articles, as I described in a Mar. 20 article.

Like any .0 version, our two new search engines may still have some quirks. Please run a few queries. If you find any results that look odd, let me know using our contact page, and we’ll soon bring out a .01 version.

Brian Livingston is editorial director of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books.
 
Top Story

Flash ads bearing malware plague popular sites

Scott Dunn 2 Flash ads bearing malware plague popular sites By Scott Dunn

A Flash-based advertisement that appeared last week on the USA Today site downloaded malicious code to users’ computers, generating erroneous warnings of a malware infestation and offering a phony solution.

The Flash vulnerability is so widespread that such “malvertisements” may be present on thousands of sites, but there are measures you can take to reduce your exposure.

Just opening the page puts you at risk

Visitors to USAToday.com last Thursday got more than they bargained for. A hacked Flash advertisement meant that merely viewing a page in your browser was capable of triggering a malware attack on your PC. According to an alert on the security site Websense, the ad can take control of the browser without any user interaction at all.

Two days after the ad appeared on the USA Today site, two prominent Utah-based news sites, DeseretNews.com and SLTrib.com, were found to have similarly dire banner ads. These ads directed users to various unexpected locations, including the site for AntiSpywareMaster. This destination has been called a “corrupt anti-spyware parasite” and a “fake program” by the RDV Group, a safe-computing organization.

News sites aren’t the only victims of what Sandi Hardmeier, who authors the blog Spyware Sucks, calls “malvertisements.” The ads themselves may appear perfectly harmless, notes Hardmeier, who’s been recognized as an MVP (Most Valued Professional) by Microsoft. “The criminals behind such malvertisements . . . have no shame,” she writes, “impersonating everything from WeightWatchers to Oxfam.”

Advertisements are not the only source of the problem. The principal conveyors of this malicious code are Flash animations (or .swf files), which are commonly used to create intro screens, online video, and other Internet content in addition to Web ads.

Of particular concern are Flash files that are vulnerable to insertion of malicious code using a technique called cross-site scripting, or XSS.

This vulnerability was widely publicized earlier this year by Google researcher Rich Cannings and his co-authors in their book Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions. According to a report in the U.K.–based tech-news site The Register, a Web search revealed more than 500,000 vulnerable files on major Web sites.

UPDATE 2009-10-08: In her Oct. 8, 2009, Top Story, Susan Bradley reports on the appearance of malicious ads in the sponsored links accompanying search results in Google, Bing, and Yahoo.


A permanent fix is a long way off

Makers of Flash-building tools, including Adobe, Autodemo, TechSmith, and InfoSoft, quickly updated their development environments to patch the holes, according to a March story in The Register. But because many of the vulnerable files have to be regenerated from scratch, a titanic number of high-risk Flash files remain online.

Speaking at last month’s CanSecWest security conference in Vancouver, B.C., Cannings estimated that over 10,000 sites host the risky files, The Register reported.

But that estimate may be low. In his security blog, Jeremiah Grossman, founder and chief technology officer of WhiteHat Security, writes that “potentially hundreds of thousands” of Web sites could be at risk. “Reasonably workable fixes are going to be a long time coming,” he adds.

Even diagnosing the problem can be a challenge, notes Spyware Sucks’s Hardmeier. She points out that advertising commonly appears on Web sites in one of two ways: either the Web site’s staff handles its own advertising and posts the ads directly, or the site is served ads from an advertising network, which typically manages the content.

Unfortunately, it isn’t always easy for sites or advertising networks to detect problem ads. “Malvertisements are coded to exclude particular IP addresses, cities, states, and even entire countries,” Hardmeier explains. “It is standard operating procedure for a malvertisement to be coded so that it will not trigger a redirect if displayed on a computer within the IP range of the victim Web site or victim advertising network.”

What you can do to protect yourself

Even though the long-term solution is for the providers of Flash-based content to create more-secure versions of their files, there are some measures users can take to protect themselves. These protections are not foolproof, but they at least reduce the risk of exposure to malware via compromised Flash files.

Some of these tips come from Andre Gironda, Secure SDLC Consultant and author of the ts/sci security blog, who posted his pointers in a comment to Grossman’s blog posting.

The no-Flash option

The most effective – albeit drastic – way to protect yourself from malware-bearing Flash files is to uninstall Flash entirely. Adobe provides a special tool for doing this; you can find instructions and a link for downloading this file in a Technote published on the Adobe site.

The part-time-Flash option

If going without Flash entirely is too extreme, you can limit the sites that use this and other risky plug-ins by installing free browser add-ons that let you manage active Web content more granularly:

For Internet Explorer, TurnFlash lets you toggle between blocking Flash files and allowing them to run. A tray icon lets you turn Flash on or off, but the setting takes effect only in any new IE windows that you launch, not in the existing browser window.

A similar utility called No! Flash also switches Flash on and off, but it also gives you the ability to turn off several other elements, such as Java applets and other scripts. As with TurnFlash, the changes take effect in the next IE window you open.

For Mozilla Firefox, a plug-in called Flashblock disables all Flash content on Web sites and replaces it with a round Flash logo. You can selectively enable Flash files by clicking their icons.

For more comprehensive security, the plug-in NoScript not only disables Flash but also turns off Java, Silverlight, and other active Web elements. A NoScript icon in the Firefox status bar provides a pop-up menu for adding a site you trust to the add-on’s “whitelist,” which enables all scripts and animations on the site (but not necessarily those on the site’s pages that are served up by ad networks). You can also right-click a link in Firefox to set its NoScript options via the context menu.

The minimal option

At the very least, update the Flash Player software on your system to the latest version (9.0.124.0 or higher). In the last three months, Adobe has patched a number of security holes in this product. The update won’t protect you from all buggy Flash files on the Web, but it will make your browsing much safer.

You can download the latest Adobe Flash Player from the Adobe Web site.

After you install the update, run the free Secunia Software Inspector online malware scanner to find old versions of the Flash Player that may have been left behind on your system. Secunia’s on-screen report will show the path and filename of the old files you need to delete. You may have to run the inspector more than once to make sure all the old files are deleted. If you delete a needed file by mistake, simply run the newest Flash Player installer again to correct the problem.

One danger posed by Flash bugs is the ability of hackers to get your login credentials for a given site. Andre Gironda recommends creating multiple Firefox profiles, each with its own NoScript (or, if you prefer, Flashblock) settings. He uses his Flash-enabled profile to browse sites such as YouTube, but he exits that browser and launches his Flash- and script-blocked copy of Firefox when he conducts online banking and visits other sites that require logins.

To set up a Firefox profile, do the following:

Step 1. Choose Start, Run. Type cmd.exe and press Enter.

Step 2. At the command prompt, type:

“C:Program FilesMozilla Firefoxfirefox.exe” -profilemanager

Then press Enter. (Note that the quotation marks are required and that your path may differ.)

Step 3. If you want Firefox to prompt you for a profile each time you launch it, uncheck the option Don’t ask at startup in the Firefox — Choose User Profile dialog box.

Step 4. Click Create Profile and follow the steps in the wizard to name your new profile. Repeat the steps to create a second profile. For example, you might name one profile Flash-Yes and another Flash-No. When you’re done, click Exit.

Step 5. Rather than being prompted for a profile each time you open Firefox, create separate shortcuts to launch each profile. For example, if you have a shortcut to Firefox in your QuickLaunch toolbar or on the desktop, drag the shortcut with the right mouse button pressed, drop it, and choose Create Shortcuts Here.

Step 6. Right-click one of your Firefox shortcuts and choose Properties. Click the Shortcut tab and edit the command line so it ends in with -p followed by a space and the name of one profile. For example, the entire command line might read:

“C:Program FilesMozilla Firefoxfirefox.exe” -p Flash-Yes.

Repeat these steps for a second shortcut to launch your other Firefox profile.

Step 7. You may need to download and install one of the plug-ins described above for these profiles and configure each profile’s browser differently. However, any changes you make should be saved with that profile, so they will be in effect the next time you launch it.

A complete solution to high-risk Flash files may not come any time soon. Until the creators and managers of these files can ensure a high degree of safety, users have to be extra cautious to avoid the risks of Flash-borne malware.

For more on Flash security vulnerabilities, see Windows Secrets contributing editor Mark Edwards’s Apr. 10 PC Tune-Up column.

Readers receive a gift certificate for a book, CD, or DVD of their choice for sending tips we print. Send us your tips via the Windows Secrets contact page.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He has been a contributing editor of PC World since 1992 and currently writes for the Here’s How section of that magazine.
 
Wacky Web Week

The U.S. election process, in a nutshell

W080417 Elections The U.S. election process, in a nutshell  It’s a campaign for the record books. First, a neck-and-neck race for the Democratic nomination will be won by either the first African-American nominee or the first female nominee of a major party. That winner will go up against the oldest person ever to vie for an initial term in the White House.

For the first time in decades, voters of all stripes are actually paying attention. But just how does the whole U.S. political system work, anyway?

Luckily, Newstopia, an Australian comedy news show, has taken the liberty to sum up the process for us in this brief — albeit hilarious — clip. Get ready to take notes; this will be on the final! Play the video
 
LangaList Plus

Three fast, thorough, easy-to-use disk cleaners

Fred Langa 1 Three fast, thorough, easy to use disk cleaners By Fred Langa

CCleaner, Cleanup Assistant, and DTweak Pro are powerful, ready-to-run tools that target junk files and more.

Along with these best-of-breed, GUI-based disk-cleanup tools, I’ll tell you about the most popular choices sent in by your fellow readers — and maybe by you!

De-junkify your drive for little or no money

It’s one of your busiest days. You’re in the middle of a major project, juggling several apps at once. Suddenly, your system bogs down. The problem: your hard drive is maxed out, its “busy” light glowing brightly. As your drive plays catch-up, you wait several precious seconds each time it slogs through the queue of pending operations.

A hard drive that’s cluttered with useless junk is a system choke point. These orphan files cause the drive to perform unnecessary seeks and reads. In addition to preventing optimal disk defragmentation, the excess junk slows the OS by forcing needless cataloging and indexing operations.

My columns of Mar. 13, Mar. 27, and Apr. 10 described ways to pare Windows’ common junk files manually and by using a command-line tool. I also warned you away from some disk-cleaning programs that are a waste of time and money.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
PC Tune-Up

The best — and worst — personal firewalls

Mark Edwards 1 The best — and worst — personal firewalls By Mark Joseph Edwards

If you chose the firewall on your PC based on reputation, you may be in for an unpleasant surprise.

The Matousec Firewall Challenge answers the million-dollar question: “Is my firewall really protecting me?”

Firewalls that pass the leak test

Defending against data leaks is an important aspect of any firewall. Leak-testing sites such as the popular PC Flank help you determine whether a given firewall can stand up to the various tricks that the bad guys pull in their efforts to steal your data.

I recently came across a leak-testing project that I consider to be above and beyond the others: the Firewall Challenge is run by Matousec, a security consulting and research group named after its founder, David Matousek. The security researchers and consultants of Matousec bring far more knowledge to firewall leak testing than most competing sites, which gives me more confidence in their results.

Over the past several weeks, the Matousec team has been putting personal firewalls through the wringer. Their tests are based on four categories: data leaks; terminations; bypasses; and stability, reliability, and other factors. Matousec tests using Windows XP with SP2 and Internet Explorer 6.

So far, the results are staggering: of the 19 firewalls tested, 10 failed miserably (including Windows Live OneCare) and as such should not be relied upon to protect your system. Only five of the firewalls tested received a rating of “excellent” or “very good.” Three others were rated “good,” and one was rated “poor.”

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Patch Watch

.NET Service Pack 1 creates a tax-season .MESS

Susan Bradley 1 .NET Service Pack 1 creates a tax season .MESS By Susan Bradley

An unannounced auto-deployment of Microsoft’s .NET Service Pack 1 rocked the accounting industry by affecting key applications right before the U.S. tax deadline.

This week, I’ll help you control the damage by providing you with a primer on .NET patching.

.NET 2.0 SP1 wreaks havoc on tax deadlines

Every taxpayer in the U.S. knows that the 15th of April is a magical day — magical for Uncle Sam, anyway. It’s the deadline for filing your personal income tax returns and paying any tax you owe. The last thing accounting firms want to deal with this time of year is a faulty software update.

.NET 2.0 Service Pack 1 was deployed via automatic updates suddenly and unexpectedly last Thursday, just one week before the tax deadline. A glitch related to the update affected some installs of Intuit’s popular QuickBooks accounting software and TurboTax tax-preparation software, as well as tax software from CCH (Commerce Clearing House).

Ironically, the service pack was initially released months earlier and has been in the high-priority and critical sections of Microsoft’s Windows Update service. I’m still scratching my head trying to figure out why the company decided to schedule the automatic update so late in the current tax season.

While not all individuals who received this unexpected service pack experienced problems, the glitches were widespread enough to require the immediate attention of the software vendors. Their response provides a template for all of us to use when dealing with failed .NET 2.0 patches.

Un-botching a botched .NET update

As Intuit documents, even uninstalling QuickBooks and reinstalling it will not fix the .NET service-pack problem. The only solution is to uninstall and reinstall .NET itself. If .NET doesn’t uninstall, the best course of action is to use Aaron Stebner’s .NET Framework cleanup tool to remove .NET and start over.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
  • Visit our Unsubscribe page.
Copyright © 2012 by WindowsSecrets.com. All rights reserved.

Table of contents

Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.57
  • LizaMoon infection: a blow-by-blow account 4.46
  • RPV: Win7′s least-known data-protection system 4.35
  • Recovery: the last step in total data security 4.31
  • The sorry tale of the (un)Secure Sockets Layer 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Get wired performance from your Wi-Fi network 4.24
  • Caution: Bumps in the road to IPv6 4.23
  • Patch Watch adds problem-patch update chart 4.23
  • ZeuS Trojan reinvents itself as bots rock on 4.22
  • Pros and cons of a ‘keyfile’ password 4.21
  • April brings showers of browser patches 4.20
  • Readers comment on the LizaMoon infection story 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • The advanced system-recover toolkit 4.18
  • One year and 99 security bulletins later 4.18
  • Don’t pay for software you don’t need — Part 3 4.17
  • What to do when Windows refuses to boot 4.17
  • Make the most of Windows 7′s Libraries 4.16
  • Keeping you up to date: say no to .NET — again 4.16
  • Internet Explorer gets another round of patches 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Big-time Wi-Fi security for the small office 4.14
  • Office File Validation patch leads to problems 4.14
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb