Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Press delete: the risk of outsourcing your data

Windows Secrets Newsletter • Issue 218 • 2009-10-15 • Circulation: over 400,000

Table of contents 
  • Introduction: Public deprived of WS site for two boring days
  • Top Story: Press delete: the risk of outsourcing your data
  • Known Issues: Tips for avoiding bogus ads in search results
  • Wacky Web Week: Finally! An effective way to reduce traffic
  • LangaList Plus: Remove a persistent Trojan once and for all
  • Best Software: How to find out whether a file is infected
  • Patch Watch: Windows GDI+ update prevents Web-image attacks
 
Introduction

Public deprived of WS site for two boring days

Brian livingston By Brian Livingston

Power users of Microsoft Windows found themselves with nothing to read but blogs when a disk crash took down the WindowsSecrets.com site Oct. 13–14, subjecting Web surfers to 48 hours of utter boredom.

Fortunately, all the site’s information was soon back online, to the chagrin of some of our columnists, who’d hoped that a few poorly chosen sentences here and there would disappear forever.

Being the geeks that we are, the Windows Secrets server is crammed with hardware designed to keep things running 24/7. The box is packed with four separate hard disks, which we imaginatively call Drives 0, 1, 2, and 3.

Because hard disks can crash, our server uses RAID technology. RAID, as described by PCGuide.com, instantly switches from a failed hard drive to a second, identical drive. This is supposed to eliminate down time.

A built-in RAID controller on our server’s motherboard mirrors Drives 0 and 1, which contain our operating system and thousands of lines of code. An independent RAID add-in card synchronizes Drives 2 and 3, which contain our database.

At 12:10 a.m. Pacific Time on Oct. 13, Drive 3 experienced a head crash. Our RAID setup should have recovered smoothly from this. What we didn’t know, however, was that Drive 2 had failed a few weeks earlier. The RAID controller for some reason neglected to notify us back then, when we could have installed a fresh drive. (Or perhaps the e-mail was routed to Microsoft, which outsourced the message and then lost all copies of it, as WS contributing editor Rob Vamosi reports in today’s Top Story.)

Lacking the expected responses from Drives 2 and 3, the on-board RAID controller went bonkers, gradually corrupting data sectors on Drives 0 and 1. We learned later that this particular controller behaves poorly in this specific situation. Now they tell me!

At this point, all four drives in our vaunted RAID array were rendered useless. The good news is that all of our information is fine and our server is fully restored.

Thankfully, we’re a bit fanatical about backups here. Not only does our server make a nightly backup, which is stored deep beneath a mountain somewhere. It also communicates in real-time with a replication server that we keep far away from the Web server.

As it was programmed to do, our replication server had preserved every single transaction that had been committed to our database. That included a subscription by some lucky person just seconds before the 12:10 a.m. disk crash.

To get our server back to normal, all we had to do was swap in three spare drives (yes, we had them on hand), reinstall our operating system and code, and repopulate our database from the replication machine.

Believe me, all this takes more than 60 minutes. Several WS staffers worked day and night Oct. 13 and 14 to restore our server and bring you today’s articles. We’re ba-a-a-ck!

Being down for 48 hours was a living hell, but our disaster plan was never designed to guarantee 99.999% uptime. That’s always been way too expensive. Instead, we’re obsessed with never losing one byte of reader data.

If you’re a subscriber, you remain a subscriber. If your paid sub expires on Dec. 31, you’re darn tootin’ it still does. If you purchased a lifetime subscription … well, we can’t tell you the end of your lifetime, but we didn’t know that before the crash, anyway.

I was seriously tempted to fire the individual responsible for the outage — me — but I decided to extend mercy to me. After all, if I don’t forgive me for my lack of psychic abilities, who will?

This week’s disk crash was unrelated to the electrical blaze on July 3–4 that knocked offline the hardened colocation facility we use in Seattle (which I reported on July 9). But outages such as these have made us more interested in moving to virtual servers (as described by ShareVM.com).

Virtual-server complexes, like Rackspace’s Mosso and Amazon’s Elastic Compute Cloud (EC2), are located in special data centers. If one machine goes down, or an entire data center loses power, identical servers in another location can instantly take over. The cost of such services has plummeted in recent years.

Well, if virtual servers are so great, why is Windows Secrets still hosted on a single server that can go down at any time?

The answer is that virtual servers present unique reliability and security issues, as Rob outlines today. It’s true that all Web servers are “in the cloud,” in the sense that they are “on the Internet.” But cloud computing is a different animal, and it deserves to be done right.

I can assure you that, if Windows Secrets moves to virtual servers, they’ll be fast and they’ll be secure. Stay tuned in the months to come, and I’ll keep you informed about our efforts to achieve true 100% uptime.

Brian Livingston is editorial director of WindowsSecrets.com and co-author of Windows Vista Secrets and 10 other books.
 
Top Story

Press delete: the risk of outsourcing your data

Robert vamosi By Robert Vamosi

A recent failure affecting T-Mobile’s Sidekick service caused thousands of customers to lose their personal contact information.

There’s nothing new about servers crashing, and something like this is sure to happen again, so you need to protect yourself against such losses in the future.

On Oct. 2, the servers used by the Sidekick service to store customers’ contacts, calendars, to-do lists, photos, and other personal information failed, as described in a New York Times story. During the process of restoring the servers, which are managed by Microsoft’s Danger subsidiary, the data files on the primary and backup servers were corrupted.

T-Mobile apologized to customers and offered subscribers a $100 credit on future products and services, as well as a free month of data service.

As you might expect, the reaction of Sidekick customers to this half-hearted measure has been overwhelmingly negative. Several hundred Sidekick users affected by the outage expressed their displeasure on the Sidekick Help site.

Late on Oct. 14, Microsoft notified Sidekick customers that “most, if not all” of the lost data had been recovered. The company said it would begin restoring the data “as soon as possible.”

This hasn’t prevented several Sidekick users from filing lawsuits related to the outage, as reported by Nick Eaton of SeattlePI.com.

Taking a closer look at on-the-go security

As people rely increasingly on their mobile devices — and Microsoft and other vendors put productivity apps online — the dangers increase for consumers and enterprises alike.

Researchers at several recent computer-security conferences have highlighted the risks of cloud computing, primarily in the area of security and accessibility. “Cloud-busting” and “BlackBerry poisoning” were two of the hottest topics at the Hack in the Box conference in Malaysia in early October.

In his talk, “Clobbering the Cloud,” Haroon Meer — the technical director of South African security vendor Sensepost — pointed out that cloud computing means many things. For some, it describes a platform, such as Microsoft’s Azure or Google’s App Engine. For others, it’s a service, such as Google Maps or Amazon’s Elastic Compute Cloud (EC2) service. Still others see it as a home for such hosted applications as SalesForce.com and the Mint personal-finance service.

Meer says reverse engineering kept Microsoft and other software vendors honest in the past. If the software of the future is hosted in the cloud, how will we verify the security of that software? Without access to the servers that host the code, independent security checks are impossible.

Meer’s presentation emphasized that the marketing folks involved with cloud-based initiatives are using “crypto-pixiedust magic words” in their security assurances. His talk examined where security might break down for SalesForce.com, Amazon, and MobileMe, among other cloud services.

Audio and video recordings of Meer’s presentation are available as a zip file from a conference download page. (The file is labeled D1T1 – Haroon Meer at the top of the file list.)

Bitbucket users become lost in the cloud

People who lose access to their Web-based data have few options. For example, the popular Bitbucket code-hosting and version-control service was offline for about 24 hours last week, as reported by the Register.

Bitbucket uses the EC2 service to host its files and Amazon’s Elastic Block Store (EBS) as the platform for its database, log files, and user data. The idea is that EBS exists to provide persistent storage for EC2 server instances. As it turns out, EBS is public-facing on the Internet and can thus become a target for intruders.

Suspecting that it might have become a target, Bitbucket worked through Amazon to find evidence of a distributed denial of service (DDoS) attack. Apparently, a flood of User Datagram Protocol (UDP) packets was being sent to the servers. The sending computers didn’t wait for an acknowledgment before launching even more packets — a classic DDoS scenario.

It took engineers at Amazon EC2 and Bitbucket several hours to realize they were being attacked. Meanwhile, users of Bitbucket were left scratching their heads for 16 hours. If a cloud-based service is used for mission-critical apps — particularly for health-care and financial services — a few hours of downtime could be disastrous.

A security advisory for BlackBerry users

In another talk at the Hack in the Box conference, Sheran Gunasekera, head of research and development at ZenConsult, stated that there’s no technical way to hack a BlackBerry mobile device, but there are ways to seriously discomfit users. Since Research in Motion (RIM), the BlackBerry’s maker, encrypts everything, a man-in-the-middle attack is unlikely. Because there are few vulnerabilities, criminals have few potential points of entry. But not everything’s perfect.

Gunasekera described various means of attacking a BlackBerry — remote use of its camera, alteration of the contact information it stores, the ability to run up international phone charges, and use of the phone to pump out phishing SMS messages. Gunasekera pointed out that, unlike the Apple iPhone store where every app is tested, BlackBerry apps are not regulated.

Gunasekera’s talk is available via the Hack in the Box download page. (The file is labeled D1T2 – Sheran Gunase and is the 10th item in the file list. Bandwidth-challenged, beware: it’s a 16MB download).

Gunasekera’s advice for BlackBerry users can be summed up in the following four points:
  • Don’t install random, free software on your device.
  • Don’t let others use your phone. If they do, keep a careful eye on their activities.
  • Learn and set default application permissions.
  • Always enable a device password.
WS contributing editor Robert Vamosi was senior editor of CNET.com from 1999 to 2008, writing pieces such as Security Watch, the winner of the 2005 MAGGIE Award for best regularly featured Web column for consumers.
 
Known Issues

Tips for avoiding bogus ads in search results

Dennis o'reilly By Dennis O’Reilly

Our Oct. 8 Top Story by contributing editor Susan Bradley reported that Google, Bing, and other indexes need to do a better job of policing the ads that appear alongside the search results.

Immediately after Susan’s story was published, describing malware ads that appeared alongside queries on security terms like malwarebytes, such ads temporarily disappeared.

Reader Bill Tone monitored the search-engine results after Susan’s article came out:
  • “Apparently, Google and Bing managers have read Susan’s article also. As of now — 10/8/2009 5:32 a.m. EDT — neither Google nor Bing shows any sponsored search results when I search for the Malwarebytes Anti-Malware utility (see attached pics). Isn’t that interesting!”
Google results minus malware ads
Figure 1. Soon after last week’s Top Story appeared, Google removed the malware ads that previously had accompanied results of Malwarebytes searches.

As Figure 1 shows, the sponsored links were indeed missing from Google’s results for a search of Malwarebytes Anti-Malware utility. Unfortunately, this policy may have lasted for only a brief time.

When I repeated the search earlier this week, a sponsored link to AntiMalware-Software.com appeared on the right. (See Figure 2.) That program is listed by the Precise Security Threat Center and other security sites as malware that attempts to hijack your system and hold it for ransom.

Google's malware ads soon returned
Figure 2. Unfortunately, the malware ads made a comeback in the Google search results very soon thereafter.

Whether the disappearance and reappearance of the malware ads in Google search results is a policy decision or a coincidence is uncertain. But what I know is that, as of Monday afternoon, similar ads didn’t show up when I conducted the same search using Bing.

Ad-blocking browser add-ons are one solution

Several readers suggested using ad blockers to eliminate altogether the threat posed by malware ads. Clive R. Taylor takes ad-blocking one step further:
  • “I don’t see any of the sponsored links when I do the same searches in Firefox and IE 8. I run Adblock Plus in FF, so that might explain that absence, but I run no extras nor add-ons in IE. However, I do use OpenDNS. Is that what is preventing them from showing up on my screen? If so, I think it might be worth mentioning again in next week’s newsletter the virtues of using OpenDNS.”
The free OpenDNS service may very well be preventing sponsored links from appearing in IE 8. For information on how to set up and use OpenDNS, see contributing editor Becky Waring’s July 9 Top Story, “Use OpenDNS to surf safely with these tricks.”

You’ll find a description and download link for the free Adblock Plus at Mozilla.org’s add-ons site.

Several other readers recommended such free browser add-ons as LinkExtend and Web of Trust (WOT), which alert you to dangerous links before you click them. WS senior editor Ian “Gizmo” Richards wrote about LinkExtend in his March 5 Best Software column (paid content). You’ll find more information about WOT on its home page.

Others recommended alternative search engines, such as Scroogle, that aggregate search results from many different services and strip away the ads.

Taking the malware fight to the big guys

When a small — tiny, really — publication does battle with tech titans such as Google and Microsoft, it’s easy to feel like David facing Goliath without his sling. That’s why it’s doubly encouraging to receive notes such as the one sent to us by Jonathan English:
  • “I applaud Susan Bradley’s Top Story of 2009-10-08, ‘Sponsored search results lead to malware.’ With each passing month, Windows Secrets is becoming a more and more effective watchdog to keep the giant corporations on their toes. I wish these companies had the moral discipline to do this themselves, but when that is not the case, media organizations like WS play a critical role on behalf of the consumer. I will try to contribute more $ for my Windows Secrets subscription in the future. Thank you so much.”
On behalf of everyone who works hard to bring you this information, you’re welcome — and thank you for reading!

Readers Bill, Clive, and Jonathan will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.

The Known Issues column brings you readers’ comments on our recent articles. Dennis O’Reilly is technical editor of WindowsSecrets.com.
 
Wacky Web Week

Finally! An effective way to reduce traffic

Honk to reduce traffic By Stephanie Small

Traffic is something every driver despises. Whether in the morning or evening rush hours or any other time, it’s frustrating and headache-inducing — and oh, so slow.

According to the Onion, however, there’s a simple fix for traffic nightmares: honking! Simply honk your car horn and watch your frustrations give way to smiles as you zip along to your destination. The results will truly surprise you! Play the video
 
LangaList Plus

Remove a persistent Trojan once and for all

Fred langa By Fred Langa

Clever malware can block your access to Windows’ Task Manager and Registry Editor, making it difficult to disable and delete the infection.

Several free tools, however, can help you root out these pesky Trojans and viruses — and prevent them from returning.

Battling the ‘Advanced Virus Remover’ Trojan

Peter Klugherz encountered sophisticated malware that just wouldn’t let go of his son’s PC:
  • “My son called me for help last night because his computer has become infected with the Trojan Advanced Virus Remover (pavrm.exe). Among other things, pavrm.exe blocks access to Task Manager. Norton Internet Security detects it but apparently cannot remove it.

    “Similarly, I can’t find any reliable information on the Web on how to remove it. When I search the Web, many sites recommend the purchase of their own anti-malware software. Do you know of any way to get rid of this software?”

The “Advanced Virus Remover” is some bad, bad malware. In an effort to get you to pay for a service you don’t need, the program pops up bogus warnings about malware it’s supposedly found on your system. What’s more, the warnings are styled to resemble Windows’ own security alerts.

As Peter discovered, if you try to remove the Advanced Virus Remover, you find that your access to Task Manager and the Registry Editor (Regedit) are blocked, making removal of this malware harder than normal. But there are several approaches to rid your system of this and similar kinds of malware. Even if you don’t encounter this specific Trojan, the same techniques can work whenever a similar problem occurs.

The first and perhaps most-obvious step is to use one or more of the many free malware-removal tools that find and delete this Trojan. From user reviews online, two that do the job are Malwarebytes’ Anti-Malware (which is available from the Malwarebytes’ site) and SuperAntiSpyware (from the vendor’s site).

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Best Software

How to find out whether a file is infected

Ian richards By Ian “Gizmo” Richards

Even when you obtain a new program from a trusted source, there’s always a nagging doubt whether the file is really clean.

You can use the following techniques to check files for any possible malware infection before you start opening them.

Antivirus software is just the beginning

Most people rely on their antivirus scanner to protect them from infected software. If a program they download scans clean, they feel reasonably confident that it can be installed safely.

I’m afraid it’s not quite so simple. It’s very possible that a file can scan clean and still be infected. Allow me to explain why.

First, AV scanners can detect only the malware contained in their signature databases. If the file is infected with a new malware program yet to be listed in the database, the file won’t be detected by simple scanning.

Second, merely scanning a file for malware isn’t particularly effective. That’s because many modern malware programs are deliberately constructed to avoid detection by antivirus scanners. There are many different techniques used by malware to avoid detection. One of the most common, polymorphism, packages the malware so that no two copies are alike. This makes detection of characteristic signatures very difficult.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Patch Watch

Windows GDI+ update prevents Web-image attacks

Susan bradley By Susan Bradley

All versions of Windows XP and Vista have been found to be susceptible to infected image files in software and on Web sites, Microsoft announced on Patch Tuesday.

The fix Microsoft released this week for XP and Vista is also needed by the .NET Framework, MS Office versions from XP to 2007, Works 8.5, and Forefront Client Security.

MS09-062 (957488)
GDI+ glitch is a plus-sized headache

Microsoft released on Patch Tuesday more patches than ever before in a single week. I’ll let you decide whether that’s the good news or the bad news.

This week’s 13 separate security updates address 34 different vulnerabilities. Many of the security flaws affect all versions of Windows XP and Vista — and, in a couple of instances, Windows 7 as well. Topping the list of critical patches is MS09-062 (957488), which plugs a hole in Windows’ GDI+ graphics-rendering engine.

Without the patch, your system could become infected simply by opening an infected image in a software program or on a Web site. Microsoft Knowledge Base article 957488 lists the many products affected by this vulnerability:

  • The update for Windows XP, Vista, and Server 2003 and 2008 is described in KB article 958869.

  • .NET is covered in KB 971108, 971110, and 971111.

    This article is part of our paid content. Subscribe.

    Already a paid subscriber? Click here to login.

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
  • Visit our Unsubscribe page.
Copyright © 2012 by WindowsSecrets.com. All rights reserved.

Table of contents

Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Easily edit Windows’ right-click context menus 4.09
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb