Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Watch a live video, share your PC with CNN

Windows Secrets Newsletter • Issue 183 • 2009-02-05 • Circulation: over 400,000

Table of contents 
  • Top Story: Watch a live video, share your PC with CNN
  • Known Issues: If NoAutoRun.reg doesn’t work, you may need space
  • Wacky Web Week: Giving up on society? Get one of these!
  • LangaList Plus: Make sure your PC’s BIOS supports USB
  • Woody's Windows: Microsoft claims Windows 7 UAC flaw is by design
  • Patch Watch: Conficker/Downadup woes may not be over
 
Top Story

Watch a live video, share your PC with CNN

Brian livingston By Brian Livingston

Many people who watched live streaming video of the inauguration of U.S. President Barack Obama on Jan. 20 may not realize that their PC was used to send the video to other PCs, too.

Clicking “yes” to a CNN.com dialog box installed a peer-to-peer (P2P) application that uses your Internet bandwidth rather than CNN’s to send live video to other viewers.

The P2P application is called Octoshape Grid Delivery and is managed by Octoshape ApS, a company based in Copenhagen, Denmark.

Web surfers who visit CNN.com and select a live video stream for the first time see in their browsers a dialog box, shown in Figure 1, saying, “This site requires the Octoshape Grid Delivery enhancement for Adobe Flash Player.” The dialog box doesn’t appear when playing an ordinary video file, only when starting a live feed. (Feeds labeled LIVE typically appear in the upper-right corner of CNN.com’s home page during business hours.)

CNN octoshape dialog box
Figure 1. Users who select a CNN.com live video feed see a dialog box to install the Octoshape Grid Delivery application.

According to Octoshape’s end-user license agreement (EULA), what’s installed is a peer-to-peer app that will “deliver parts of the video and audio stream to other end users of the Software.”

Why should you care? Windows Secrets contributing editor Ryan Russell, using a network sniffer, measured Octoshape using upstream bandwidth of 320 kilobits per second on a broadband connection. Dan Ferrell, in a comment on contributing editor Susan Bradley’s blog, reports seeing 600 Kbps of upstream traffic. At first glance, Ferrell adds, the multiple connections to his PC looked on his security alert system like some kind of SQL attack.

The Internet Storm Center, an Internet security organization, reported that traffic on Jan. 20 had jumped to a level thousands of times higher than usual on port 8247, which is used for UDP, the User Datagram Protocol. (See Figure 2.) The center quickly identified the source as legitimate — CNN — but security consultant Raul Siles warned in his report, “It would be easy for an attacker to hide his actions on this port if we simply ignore it.”

ISC octoshape udp traffic
Figure 2. The Internet Storm Center measured an enormous increase in UDP traffic on Jan. 20.

In a telephone interview, Octoshape’s P2P nature was confirmed by Mike Wise, group technical advisor for platform R&D at Turner Broadcasting System, the parent of CNN.

Wise emphasized that the news network had selected the most considerate software for the job: “The Octoshape technology uses a congestion control mechanism that’s less aggressive than TCP and most UDP implementations.” As one example of the way Octoshape gives priority to user tasks, he explained, “we chose an implementation that wouldn’t interfere with consumer’s VoIP [Voice over Internet Protocol] applications.”

As a European company, Octoshape’s technology was initially used on the continent to stream live feeds of such high-profile events as the Eurovision Song Contest and the UEFA Cup. “We’re their first big United States customer, as least that I know of,” says Wise.

“We did some limited trials leading up to the election” on Nov. 4, as Wise describes it. The big test came with the Jan. 20 inaugural address. More than 26 million live feeds (including restarts of crashed streams) were served that day by CNN.com, according to a Jan. 25 article and chart in the New York Times. CNN’s nearest rivals served “only” 9.1 million (MSNBC) and 8 million (AP).

To my surprise, I’ve seen only a few blogs comment on the implications of CNN using so much upstream bandwidth — and almost no headlines in the mainstream U.S. media.

Most Internet service providers support far less bandwidth in the upstream direction (from a PC to the Internet) than they do downstream (from the Internet to a PC). But that isn’t the only concern with CNN’s use of people’s Internet connections:
  • Deceptive marketing. Octoshape’s dialog box warns that playing a live video “requires” installing new software. Despite this, however, if you click “no” to Octoshape, you can play the feed using the streaming video capability built into Windows Media Player or Adobe’s Flash Player, although possibly with less fidelity. Small links to choose one of the two standard formats appear in the bottom-right corner of the playback window.

    The Octoshape EULA doesn’t become available until after the user is required to select “yes” or “no” to install the app. But even if the EULA appeared before the buttons, burying in legalese the commandeering of a person’s PC isn’t my idea of “informed consent.” Only a clear explanation of the repurposing of a PC’s bandwidth — in on-screen text, readable without scrolling — is an adequate way to inform users of such a technique.

  • Cost-shifting to ISPs. CNN’s use of Octoshape might make live feeds look somewhat smoother to end users, but the primary benefit is a reduction in cost to the cable news network.

    The TorrentFreak blog cites an unnamed insider as saying 30% of CNN’s live feed traffic was served from individual PCs and not the network’s own servers. That saves CNN big time on bandwidth. But the cost doesn’t just disappear — it’s shifted to ISPs.

    Brett Glass, the owner of Lariat.net, a small ISP in Laramie, Wyoming, testified before the FCC last year on cost-shifting. Bandwidth, he explains, can cost hundreds of dollars per Mbps per month to providers in rural areas like his. “CNN is setting up a server on the ISP’s network without permission or compensation,” he told me in an interview. “CNN’s not a charity, in fact it’s doing a lot better than some ISPs.”

  • Costs to end users. Many ISPs around the world restrict how much bandwidth users can consume. Those providers charge by the megabyte for any traffic above that level. Users who installed Octoshape’s app and served traffic upstream as well as down may get an unpleasant surprise in their next monthly bill. Octoshape anticipated this in the company’s EULA by saying, “You are responsible for any telecommunication or other connectivity charges incurred through the use of the Software.”

    In addition, ISP terms of service usually prohibit customers from using their Internet connection to host a server. The FCC ruled last year against Comcast, a major U.S. ISP, on peer-to-peer restrictions, as explained in an Ars Technica article. But other legal issues on home-grown servers remain unsettled.

    (In an interview, Comcast spokeswoman Jenny Moyer declined to address CNN’s use of Octoshape, saying, “I don’t think it’s anything we’re going to be able to comment on at this time.”)

  • Ludicrous license terms. Anyone who reads Octoshape’s EULA after clicking “yes” to install the app finds that they’ve agreed to some hilarious prohibitions:

    “You may not collect any information about communication in the network of computers that are operating the Software or about the other users of the Software by monitoring, interdicting or intercepting any process of the Software. Octoshape recognizes that firewalls and anti-virus applications can collect such information, in which case you not are allowed to use or distribute such information.”

  • Company policies on outbound traffic. No one has suggested that Octoshape is doing anything other than relaying live video streams to other PCs. In a blog comment, Johan Ryman, Octoshape manager of strategic partnership and sales, assures users that the app is well-behaved and stops consuming upstream bandwidth within five seconds of a live stream being closed.

    Many companies, however, have policies against sending data outside their LAN. How many CIOs will be comfortable with an app that sends unknown information to random PCs?

  • Use of Flash’s install mechanism. Octoshape is the only outside company that’s allowed to download software using the Adobe Flash Player’s so-called Express Install feature, according to a Flash Magazine technical analysis. Express Install is used by Adobe to push updates and other software, such as Acrobat Connect and the Adobe AIR runtime.

    IT admins who’d like to turn off the installation of Octoshape within their companies could disable Flash’s update mechanism, as explained in Adobe TechNote 16701594. But doing so would disable all auto-updates from Adobe, not just Octoshape.

  • Security vulnerabilities. The Octoshape app is supported by an established company and is not any kind of virus or worm. However, most programs have bugs, and Octoshape specifically communicates with its own servers and other PCs in ways that are not apparent to end users.

    Any Web site you visit that is “Octoshape aware” can invoke the application. If a security vulnerability is discovered in the Octoshape software, hackers could exploit the weakness.

    Media players expose PC users to serious security flaws more often than Windows itself does, as WS associate editor Scott Dunn reported on Aug. 16, 2007. For instance, several new vulnerabilities were discovered in Flash Player version 9 in 2008 alone, including one rated “highly critical,” according to advisories by the security firm Secunia.

    In a follow-up article on Sept. 6, 2007, Scott reported that Flash Player 9 was found to be unpatched in 62% of the Windows PCs that participated in a test. End users can correct these holes by patching the player or upgrading to version 10, but too few do so.

  • Corporate revolving doors. It’s remarkable to see how a small company in Denmark has managed to gain exclusive contracts with Adobe and CNN. I’m all for innovative software firms selling cutting-edge technology.

    At the same time, I wonder how these relationships came into being. Last month, Octoshape hired as its new U.S. CEO Scott Brown, previously a vice president of Turner Broadcasting, according to the Business of Video blog. Sounds like the connection between CNN and Octoshape is getting stronger all the time.
The question isn’t whether peer-to-peer technology is “good” or “bad.” P2P is here to stay.

But if all TV programs are going to be streamed live by media giants, as I’m sure will eventually happen, the question is what impact this will have on Internet bandwidth — and who will pay for it.

I’d like to see the computer industry start a well-publicized discussion in the major news media about this. If we’re going to stream TV across the Internet, shouldn’t we select an open standard (the TorrentFreak blog likes P2P-Next), rather than proprietary technology that’s restricted to a few parties with patents?

What to do if you have Octoshape on your PC

As I mentioned earlier, the Octoshape app isn’t currently a threat. But I personally would rather put up with a slightly jerky video than run an application on my PC that’s sending God-knows-what to who-knows-whom.

Fortunately, the Octoshape program isn’t hard to find or remove:
  • Step 1. To find out whether the Octoshape app is running, you can use Windows’ built-in Task Manager. (Right-click a blank space on the Task Bar, and then click Task Manager.)

    As Susan Bradley shows in a blog post, when you’re viewing a live stream from CNN.com, you’ll see in Task Manager a service called octoshape.exe. (In the illustration on her blog, instances of the service are shown to be consuming 63MB of RAM, but a lot of this memory may be taken up by the Flash Player itself.)

  • Step 2. To remove Octoshape’s app, you can use the Control Panel in either Windows XP or Vista. In XP, the applet is called Add or Remove Programs. In Vista, it’s Programs and Features. The “Octoshape add-in for Adobe Flash Player” is the name of the program to uninstall.

    Strangely, there isn’t an uninstaller for the Mac version of the app. You have to manually delete the Octoshape folder.

    These removal procedures are explained in detail at the bottom of the Octoshape Grid Delivery FAQ.
There’s much more to write on this subject, but I’ll stop here. If you have additional specifics on any of this, please send a tip via the Windows Secrets contact page. Thanks!

Brian Livingston is editorial director of WindowsSecrets.com and co-author of Windows Vista Secrets and 10 other books.
 
Known Issues

If NoAutoRun.reg doesn’t work, you may need space

Dennis o'reilly By Dennis O’Reilly

The way word-wrapping alters line breaks in some browser windows thwarted a few of our readers’ attempts to disable AutoRun.

If you manually typed a line break where the code requires a space, and you couldn’t get the file to work, a simple change will do the trick.

Windows Secrets contributing editor Woody Leonhard authored a Jan. 22 Top Story on the Conficker/Downadup worm and included a link to a Nov. 8, 2007, article.

That article, by associate editor Scott Dunn, explained how to add a Registry key to block Windows’ AutoRun function. After you do this, if you unknowingly insert a hacked CD, DVD, USB drive, or other external drive, it won’t automatically infect your PC. The technique involves copying and pasting three lines of code into a NoAutoRun.reg file, then right-clicking the file, merging it into the Registry, and rebooting.

One of the lines of code is very long and looks as follows (it’s all one line, but it word-wraps to two lines in small windows):

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingAutorun.inf

Reader Rob Oppenheim wasn’t the only reader who found that merging into the Registry the file he created had no effect, because he’d entered a line break where his e-mail program had word-wrapped that line:
  • “In your [most recent] newsletter, you refer to a Web page that describes how to disable autoruns. The page describes a .reg file with a key that displays broken across two lines (at least on my machine it displays that way). Unfortunately, it’s not obvious that there’s a space in the key; that is, it should be ‘Windows NT’ and not ‘WindowsNT.’

    “The page does explain that the key should be all on one line but does not mention that the space is required.”
If this key shows up in your e-mail program as a single line, all is fine. However, if it wraps to two lines between “Windows” and “NT,” and you manually type in the key, you may not realize that there should be a space between the two words, not a carriage return.

Regardless how the Registry key appears in your browser, if you copy the lines from Scott’s article and paste them into your text editor to create a NoAutoRun.reg file, the space between “Windows” and “NT” will be included.

Delete the key to restore your AutoRun

Several people tried life without AutoRun and decided they missed the feature. For example, after disabling AutoRun, you must manually open the autorun.inf file on any software disc you might want to auto-install. Marlin Brutlag puts it succinctly:
  • “Is there a safe way to remove it [the block on Windows' AutoRun feature] if no longer desired?”
To restore Windows’ default AutoRun behavior, simply delete the key that was created when you merged the NoAutoRun.reg file. To do this, open the Registry Editor: in Vista, click Start, but in XP, click Start, Run. Then type regedit and press Enter. In the left pane, navigate to the IniFileMapping key in the Registry path shown above. Expand the key, right-click Autorun.inf below it, and choose Delete.

See Microsoft Knowledge Base article 310516 for details on adding, deleting, and modifying Registry keys.

Resuscitate a dead drive by giving it the gas

After reading reader Scotty Burrous’s description of how he brought a hard drive in his mother’s PC back from the dead, I started to think I’d been watching too many scary movies:
  • “My mom’s laptop recently croaked. The two-year-old 60GB hard drive decided it had had enough and the platter quit spinning. I hooked it up to a 2.5-inch USB adapter after removing the cover, negating any and all out-of-date warranties, etc. When energized, the indicator LED — normally green — was red and the platter didn’t move.

    “There were a few files my mom hadn’t backed up — sigh, she’s 86 years old — but decided she desperately needed. With tweezers, I manually rotated the platter on the hub, not touching the disk. I noticed it was difficult to turn, so I figured, ‘What the hell?’

    “I purchased a container of butane — the stuff you refill a cigarette lighter with — and dispensed some of it (frequently) onto the bottom bearing. When energized, the platter spun up and I managed to get all the pertinent data from the drive! And with continued application of the butane, I ended up copying all the data from the (now) ex-drive.”
I’m going to take Scotty’s word that this tip actually worked — but kids, don’t try the butane-on-the-bearing trick without adult supervision! (I can’t help wondering what Scotty tried on the sick drive before he turned to lighter fluid.)

Readers Rob, Marlin, and Scotty will each receive a gift certificate for a book, CD, or DVD of their choice for sending tips we printed. Send us your tips via the Windows Secrets contact page.

The Known Issues column brings you readers’ comments on our recent articles. Dennis O’Reilly is technical editor of WindowsSecrets.com.
 
Wacky Web Week

Giving up on society? Get one of these!

woman on couch By Katy Abby

Every few years, a product comes along that is inexplicably popular. Despite tedious advertising, a questionable concept, and mediocre value, consumers hand over their hard-earned dollars with reckless abandon to own the next hot-ticket item. One such phenomenon is the subject of this hilarious infomercial parody.

Before you start thinking about snuggling up on the couch with one of these plush pieces, listen carefully to what the narrator’s saying. Your self-esteem — and social life — may depend on it! (Warning: the video contains strong language.) Play the video
 
LangaList Plus

Make sure your PC’s BIOS supports USB

Fred langa By Fred Langa

USB drives, mice, keyboards, and other peripherals are great — when they work.

Unfortunately, some PCs have problems recognizing and using USB devices at boot time.

New USB keyboard won’t work without Windows

Sam Stamport ran into trouble getting his PC to recognize a new USB keyboard at boot time, before Windows loads. His problem sounds specific, but the solution applies to a whole raft of low-level USB issues, such as the inability to boot from an external USB drive:
  • “Fred Langa’s recent discussion of backups reminded me that I haven’t made an image backup in a while, so I tried to make one today, only to find out that my new USB keyboard is not recognized. (I can’t type anything into the low-level imaging software, [which runs] outside of Windows.) I don’t have another keyboard, so I need a way to make this work.”
That’s a hardware problem, Sam. Although most newer hardware can recognize and work with USB devices right at boot time — before the operating system loads — some older machines have no USB support built into the system board’s firmware. On those systems, USB devices work only after the OS provides the necessary USB drivers.

A third group of machines — neither new nor ancient — may have varying levels of USB support built in. Getting USB devices to run at boot time on these systems can be hit-or-miss. Usually, you can check to see whether your system supports USB directly rather than depending on the OS by checking the PC’s BIOS settings.

BIOS stands for Basic Input/Output System; it controls some of the lowest-level operations in your computer and is also one of the first things activated when you turn on the PC’s power. When you start up, you’ll almost always see a BIOS message on your screen that includes the BIOS maker and instructions for entering the BIOS setup program.

In some BIOSes, you press F1 or F2 as the system starts; in others, you hit Esc, Del, or some other key combination. Whatever the specifics, pressing the appropriate key(s) at boot time stops the PC from loading the operating system, as it would in a normal boot, and opens the BIOS setup program instead.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Woody's Windows

Microsoft claims Windows 7 UAC flaw is by design

Woody leonhard By Woody Leonhard

Changes to User Account Control are designed to make Win7 less annoying, but they also make the OS vulnerable, according to a prominent researcher.

A very simple Visual Basic script — which in many cases runs without any prompts — can disable UAC completely, without warning.

Attempts to enhance UAC make it vulnerable

On Jan. 30, Windows über-geek Long Zheng posted a detailed explanation of a security flaw he had discovered in the Windows 7 beta, along with working proof-of-concept code. The next day, Microsoft responded with a lengthy riposte, declaring “[t]his is not a vulnerability” and refusing to fix the problem when Windows 7 ships later this year. And therein lies a story …

Anyone who has used Windows Vista for any time at all has encountered UAC, the vilified but effective security feature that dims the screen and forces you to click, click, and click again before you’re allowed to make changes to your PC.

Yeah — I hate UAC, too.

Windows 7, which is expected to ship as early as this summer, takes great strides to reduce the number of clicks required to perform many common tasks. If you use an administrator account, Win7′s Action Center lets you set a slider to choose among four levels of UAC intrusiveness, er, accountability (see Figure 1).

Windows 7 user account control settings
Figure 1: Windows 7 provides four levels of User Account Control.

• Level 1 always brings up the full UAC notification when a program tries to install software or make changes to the computer that require an administrator account. It also generates the UAC pop-up when you try to make changes to Windows settings that require an administrator account, even if you’re already using such an account.

• Level 2 brings up the UAC notification when a program attempts to change your computer in a way that requires an administrator account — just as with Level 1 — but not when you make changes to Windows settings. This is the default setting in Windows 7.

• Level 3 is the same as Level 2, except the UAC notification doesn’t take over the PC and dim the screen. Dimming is only part of the equation: when the screen isn’t dimmed, UAC isn’t in complete control of your computer and a running program can “send keys” or otherwise monkey with the UAC prompt.

• Level 4 disables UAC: programs can install other programs or make changes to Windows settings. This level lets you change anything you like without triggering any UAC prompts. Note that Level 4 doesn’t override other security settings: for example, if you’re using a Standard account, you still need to provide an administrator ID and password before you can install a program that runs for all users.

This description sounds pretty simple, but the details are quite complex. Win7′s help system says that if your computer is at Level 2 — the default setting — “[y]ou will be notified if a program outside of Windows tries to make changes to a Windows setting.”

How does Windows 7 tell when a program is “outside of Windows” and thus whether actions taken by the program are worthy of a UAC prompt at Levels 2 or 3? Tough question, as you’ll see shortly.

Long’s view: cracking Win7′s UAC is too easy

Long Zheng’s article, titled “Sacrificing security for usability: UAC security flaw in Windows 7 beta,” shook many of us who are testing Windows 7. Crediting a post on WindowsConnected.com and discussions with developer Rafael Rivera, Long explains that the UAC level rules are interpreted according to a special Windows 7 security certificate.

Programs signed with that certificate are deemed to be part of Windows. Programs that aren’t signed with that specific certificate are “outside of Windows” and thus trigger UAC prompts if your computer is set at UAC Levels 1, 2, or 3. Long notes that the act of changing the UAC level counts as “a change to Windows settings” — not surprising — and thus does not trigger a UAC response at Levels 2, 3, or 4.

Here’s the surprising part: Long and Rafael wrote a very simple VBScript that you can copy and run for yourself. The script changes the UAC level in Windows 7 from 2 to 4. The four lines of the cracker program that change the UAC level are these:

WshShell.SendKeys(“{TAB}”)
WshShell.SendKeys(“{DOWN}”)
WshShell.SendKeys(“{DOWN}”)
WshShell.SendKeys(“{DOWN}”)

This is the simplest security-busting program I’ve ever seen.

If you run that program with your UAC level at 2, UAC will check to see whether the program is “outside of Windows.” In this case, the VBScript is calling something named WScript.Shell, which is part of Windows and signed with a Windows 7 security certificate. Since the cracker program is perceived as being inside Windows, it runs without generating any UAC prompt.

If you run the script on your computer, you’ll see that Windows has to restart in order to turn off UAC entirely. As Long notes, it’s pretty easy to write a program that restarts Windows.

Bottom line: it’s almost trivially easy to write a program that disables User Account Control entirely when it’s run using a Windows 7 administrator account. Long recommends that Microsoft fix the problem before Windows 7 ships.

Microsoft is tap dancing as fast as it can

Microsoft’s response to Long includes the following statement:
  • “This is not a vulnerability … The intent of the default configuration of UAC is that users don’t get prompted when making changes to Windows settings. This includes changing the UAC prompting level … The only way [the UAC level] could be changed without the user’s knowledge is by malicious code already running on the box … In order for malicious code to have gotten onto the box, something else has already been breached (or the user has explicitly consented).”
In other words, Microsoft doesn’t see this as a security breach and won’t be fixing it.

The online community has exploded with a barrage of opinions on all sides. Clearly, if you intentionally run a program and that program does something bad to your computer — change the UAC level or reformat the C: drive, for example — you’re the one who tempted fate and reaped the consequences.

Just as clearly, a program that runs at a low level of security — causing no prompt at all for a typical administrator account in Windows 7 — and that turns off UAC with no warning whatsoever gives most people the willies.

Finding the best mix of security and convenience

So who’s right, Long or Microsoft? They both are. And they’re both wrong. Let me explain:

Looking at the behavior from the point of view of a typical Windows 7 user — someone who barely understands the difference between an administrator and a standard account — the problem certainly seems, well, shocking.

But it isn’t just the n00bs who should be concerned. Many of us who have dealt with Windows administrator accounts for years were quite surprised to learn that a silent program could zap UAC. I don’t know about you, but labeling a homegrown VBScript that calls Windows Shell an “inside Windows” program stretches my definition of “inside” beyond the breaking point.

That said, what Microsoft asserts is true as well. Changing the UAC level is certainly altering a Windows setting. If you leave your computer at UAC Level 2, you’re allowing “inside Windows” programs to change Windows settings without warning.

More importantly, if you’re running a program that zaps your UAC setting, that program can do all sorts of bad things. Any such program must’ve arrived via some security breach.

In the end, I agree with Long that Microsoft should make a small change to Windows 7′s current behavior:
  • “There is a simple fix to this problem [that] Microsoft can implement without sacrificing any of the benefits the new UAC model provides, and that is to force a UAC prompt in Secure Desktop mode whenever UAC is changed, regardless of its current state. This is not a fool-proof solution (users can still inadvertently click ‘yes’) but [rather] a simple one I would encourage Microsoft to implement.”
Don’t be fooled; we’re looking at a stopgap. Windows 7 won’t be secure until it can tell — reliably — which actions were initiated by the user and which were started by a program. The OS must also provide security prompts accordingly.

I wrote about this approach more than two years ago in a Woody’s Windows column that took Microsoft to task over implementation of UAC in Vista. Getting that level of security in some future version of Windows will require a major rewrite. I won’t hold my breath.

(As we were going to press, Long Zheng posted details about a second Windows 7 UAC security flaw. The problem Long describes has its roots in the “inside Windows”/”outside Windows” dilemma discussed above. It remains to be seen how Microsoft will respond. In the interim, Long recommends that Win7 users set their UAC prompt to Level 1. I’ve done exactly that on all my Windows 7 machines.)

Woody Leonhard‘s latest books — Windows Vista All-In-One Desk Reference For Dummies and Windows Vista Timesaving Techniques For Dummies — explore what you need to know about Vista in a way that won’t put you to sleep. He and Ed Bott also wrote the encyclopedic Special Edition Using Office 2007.
 
Patch Watch

Conficker/Downadup woes may not be over

Susan bradley By Susan Bradley

Though the Conficker worm’s infection rate appears to have peaked, the millions of now-compromised PCs constitute a potential botnet bonanza.

Most Conficker-infected PCs are in China, Russia, and Brazil, where pirating is prevalent and patching is rare; the U.S. infection rate is much lower.

MS08-067 (958644)
Waiting for the Conficker botnets to strike

The spread of the worm known as Conficker, Downadup, and Kido is slowing, according to a study by virus research firm F-Secure, but the malware’s damage may not be over. As reported by Windows Secrets contributing editor Woody Leonhard in his Jan. 22 Top Story, the defense against this worm is to install the patch described in MS08-067 (958644).

The F-Secure research indicates that more than 4 out of 10 of the PCs infected with this worm are in China (15.1%), Russia (13.9%), and Brazil (11.9%). Only slightly more than 1% of infected PCs are associated with IP addresses in the U.S.

Many of the PCs in countries where Conficker infection is rampant, including India and Ukraine, run pirated copies of Windows. These systems are much less likely to be patched on a regular basis, which makes them vulnerable to this and other malware.

If you’re unsure whether you’ve installed the patch that thwarts Conficker, click Start (Start, Run in XP), type appwiz.cpl, and press Enter. In Windows XP, make sure Show updates is checked at the top of the Add or Remove Programs window. In Vista, click View installed updates in the top-left pane. Look for Security Update for Microsoft Windows (KB958644).

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
  • Visit our Unsubscribe page.
Copyright © 2012 by WindowsSecrets.com. All rights reserved.

Table of contents

Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Easily edit Windows’ right-click context menus 4.09
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb