Slashdot Mirror

It looks to me that when creating Vista, Microsoft must have spent most of their time and energy on the new Windows Vista Content Protection. It is such an amazingly complicated system, that I can easily see why see why it would have taken Microsoft 5 years to create Vista. Most other new features that Microsoft had originally announced would be part of Vista were dropped, along the way, most likely because creating the protected environment for DRM was a difficult enough task by itself.

In Vista, many of the core operating system elements have been extensively reworked in order to provide DRM content protection. Vista goes to great extremes to block the owner of the computer from gaining access to unprotected content in any possible way either in the software or the hardware itself. One example is the extreme measures taken to make sure that computer owners can not access unencrypted content on a user accessible bus. To prevent that, they plan to use 128-bit encryption on the fly at high bandwidth. I don't understand most of the details, but apparently it partly involves keeping the content encrypted as it goes from one hardware component to another. Vista is so insanely paranoid that that it also goes out about 30 times per second polling hardware to try and catch anyone playing games with any component. The system is so incredibly complicated that I don't plan to ever try to understand how it all works.

I also wonder what effect all the extra overhead required for various components will have on hardware requirements. It sounds to me like Windows Vista itself largely was designed to be a secure DRM delivery system that Hollywood and the music industry can trust. Apparently for some reason, Microsoft did not show the same level of effort and paranoia in making Vista computers secure? Apparently protecting user's privacy is not as important. Below are three articles that are critical of the effect that the various new Windows Vista DRM features might have on hardware requirements. At the top of the first two articles there are also links to mp3 versions that are also available. The last article has already been discussed on Slashdot recently.

• Digital Rights Management (DRM) Part I
• Digital Rights Management (DRM) Part II
• A Cost Analysis of Windows Vista Content Protection

It looks to me that when creating Vista, Microsoft must have spent most of their time and energy on the new Windows Vista Content Protection. It is such an amazingly complicated system, that I can easily see why see why it would have taken Microsoft 5 years to create Vista. Most other new features that Microsoft had originally announced would be part of Vista were dropped, along the way, most likely because creating the protected environment for DRM was a difficult enough task by itself.

In Vista, many of the core operating system elements have been extensively reworked in order to provide DRM content protection. Vista goes to great extremes to block the owner of the computer from gaining access to unprotected content in any possible way either in the software or the hardware itself. One example is the extreme measures taken to make sure that computer owners can not access unencrypted content on a user accessible bus. To prevent that, they plan to use 128-bit encryption on the fly at high bandwidth. I don't understand most of the details, but apparently it partly involves keeping the content encrypted as it goes from one hardware component to another. Vista is so insanely paranoid that that it also goes out about 30 times per second polling hardware to try and catch anyone playing games with any component. The system is so incredibly complicated that I don't plan to ever try to understand how it all works.

I also wonder what effect all the extra overhead required for various components will have on hardware requirements. It sounds to me like Windows Vista itself largely was designed to be a secure DRM delivery system that Hollywood and the music industry can trust. Apparently for some reason, Microsoft did not show the same level of effort and paranoia in making Vista computers secure? Apparently protecting user's privacy is not as important. Below are three articles that are critical of the effect that the various new Windows Vista DRM features might have on hardware requirements. At the top of the first two articles there are also links to mp3 versions that are also available. The last article has already been discussed on Slashdot recently.

• Digital Rights Management (DRM) Part I
• Digital Rights Management (DRM) Part II
• A Cost Analysis of Windows Vista Content Protection

...on this sort of thing, Security Now. They had a good explanation last year of all the things the Sony "rootkit" did, like hiding files with the prefix "$sys$". The podcasts are pretty short (20 mins), definitely worth a listen to ease your morning commute.

Also, getindi!

If you've got fuzzy red shadows, it's possible that cleartype is assuming your LCD monitor is RGB when it's actually BGR, which would make cleartype completely fall apart, and give serious colour banding. Download this demo and see which rendering mode eliminates the colour banding.

Regarding the menu font (Segoe UI), if there's really no place in Office 2007 to change it, you could always edit the registry to return, say, Tahoma when the system calls Segoe.

Try putting this in a text file, renaming it to something.reg, and merging it:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes]
"Segoe UI"="Tahoma"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Segoe UI (TrueType)"="tahoma.ttf"

DISCLAIMER: I haven't tried this, I've no idea whether it will work, not work, or cause your system to spontaneously implode. Make a system restore point and back up your registry before doing this!

Have you considered exposing him to Security Now? Not to get him to convert to Mac, but simply to help him get informed about how bad computer security is these days.

I'd suggest PaulDotCom but he'd probably have a heart attack if he found out the kind of stuff IT guys get up to when looking for security problems in their networks.

Why does my Xbox360 still require bizarre router settings to connect wirelessly to my router? Oh yeah I forgot, Microsoft does not care.

"Bizarre router settings"? Like what, turning on UPnP? Oh noes, GRC says the interweb will hax0r my b0x0r if I use UPnP! Never mind that routers enable it only on the internal interface ...

What would you prefer Microsoft to do? Tell all of the NAT users out there that they're SOL for playing games if they don't want to forward ports manually? They had a problem, namely allowing NATed users to directly connect to peers, and they solved it with the correct solution, namely using UPnP to dynamically request port forwarding on an as-needed basis. I'm sorry that the routers you bought (which, BTW, probably weren't from the list of routers supported directly by Microsoft, and if they were then why didn't you try calling 1-800-4-MY-XBOX?) suck so much. Next time, do your research. Hell, it's easy enough to get UPnP working flawlessly on a linux server acting as a router. I've been doing it for over two years now (obviously with my original Xbox, since the 360's only been out for just over a year). While I'm running wired now, when I wrote that entry I was using wireless. In fact, I've never had a problem with my Xbox or Xbox 360 recognizing my wireless AP. The only problem I've ever had was with NAT, and that was completely solved with the UPnP daemon.

Until the whole world moves to IPv6, you're going to run into issues like this more and more often. You can take the Nintendo approach and force users to forward ports by hand (seriously, that's what you have to do with the Wii -- it's a good thing there are no multiplayer online games yet), or you can use technology that was designed to solve this problem (among others, of course) -- UPnP.

In addition to using a Linux firewall, learning how to use commands such as netstat or nmap could provide addition information about what is going on. There are probably some GUI front-ends to those tools too, but I don't know what they are called. There is an mp3 of Episode #49 of the "Security Now" show available which talks about using the Netstat command to monitor active connections and listening ports, but it is mostly about the Windows and Mac versions of the command. In one of the Matrix movies there is a brief screenshot of Vanity using nmap to find a security flaw that she could exploit.

I have not yet gotten around to learning how to read security related log files on my Linux computer at home. A serious network administrator would probably do that. I don't have any ports open to the outside world, I install security updates regularly and have only one user so I probably don't have as much to be worried about. All I have is a home network of three computers.

On Steve Gibson's and Leo Laporte's Security Now ep. 42, this technique was discussed. If you want to hear more about it, this is a good podcast episode to check out.

GRC | Security Now! Transcript of Episode #51 "Vista's Virgin Stack" http://www.grc.com/sn/SN-051.htm

Actually, Apple WAS using colored pixels to do this back in the day when monitors had only two color phosphors -- green and purple. Sub-pixel rendering requires the existence of sub-pixel elements which are utterly unnecessary in a monochrome display. Read more about it here.

The article even has reference to MS's own Apple BASIC manuals discussing the technique.

Whether the ClearType team was aware of work that had been done 20 years ago or not, they did not innovate the idea. They either knowingly stole credit for the idea or they reinvented the wheel and took credit for it. (Or they honestly though that applying it to text instead of just shapes and lines makes it sincerely a new innovation.)

I love how he cites ClearType as an example of a Microsoft innovation because it really is a perfect example. Unfortunately for him, it's an example of Microsoft dressing up other people's work as their own and selling it as innovation. The technology actually dates back over 20 years to patents held by Apple on sub-pixel rendering and was used back in the Apple ][ days to give old displays artificially better resolution.

In my opinion, the fact that MS holds patents on this idea is yet another example of how broken our patent system's treatment of prior art and obviousness is.

Well, duh. First of all, there is obviously no single yes or no answer. MS innovates some, so yeah, obviously you can't literally say they never innovate, but good God, look at the examples Scoble gives--freaking "friendly" error messages (which suck ass) and ClearType are the best he can come up with as counter-examples? Everybody borrows from everyone else and builds on the work of others, but anybody who has been paying attention to the industry for the last couple decades knows that MS has not been doing much innovating, no matter how you define it.

I could spend all morning picking apart his arguments but I don't have the time. A couple highlights:

As to security problems in Windows, yes, Microsoft deserves blame there. But it has made huge strides.

He then goes on to say how fucking wonderful MS is that they were able to fix problems that other vendors had solved decades ago. (OMG! Don't automatically run scripts from web pages and emails! We're fucking GENIUSES!!!!11) That's innovation--cleaning up your own mess?

As to security problems in Windows, yes, Microsoft deserves blame there. But it has made huge strides... Very few [interns and college graduates] had more than a single class on security in college or universities. Our industry just hasn't cared about security either.

So, because computer security isn't taught in school, that equals innovating?* And which fucking "industry" does he think "doesn't care" about security? Obviously he's never been within a thousand miles of an IT department. Or IBM. Or Cisco. Or Sun.

And, although I love Apple (I have three Macs and three PCs in my house right now) I can't display full HDTV images through mine onto my HDTV screen (I have a slightly older Sony screen than Dave does). But with Xbox 360 and Media Center I can.

So, MS is innovating because you have an old TV? Uh-huh. Wow--backwards compatability, component outputs. Yeah, REAL fucking innovative. Unlike that non-innovator Apple, who's leaving analog outputs in the past where they belong and moving forward with pure digital goodness.** Besides, who brought A/V to the desktop in the first place?

I love the smell of flamebait in the morning. God, reading Scoble's lame-ass arguments makes me want to gouge out my eyes with a titanium spork.

* hint: maybe... just MAYBE... "innovation" = thinking up shit that's NOT taught in schools!!! Eh? Eh? My fucking God, this guy is as dumb as a bag of hammers.
** watch me change my tune in 2 months when Apple releases the iTV with component outputs. :-)

1) Spinrite Disk Recovery http://grc.com/ (hard drive recovery - used more often than all the others combined)
2) Rescue-CD (sometimes LVM2 has problems)
3) NT Password Overwrite, DOD-level Disk Wiper, other boot options (about 7 different useful tools)
4) USB flash drive with all the other utilities but mostly setup as a TruCrypt file
5) Perhaps a TruCrypt encrypted DVD with all my personal data (web passwords, scanned docs: Last Will, Birth Certificates, Marriage license, etc...)

Most days, just the flash drive comes with my current project backups. Visio, Word, Excel, boring. Not a Live CD tho.

I haven't been a sysadmin in over 10 years, but when I go to Mom's house, I revert for some reason. I don't "do" PC support for family other than Mom.

If you fidget a little I'm pretty sure you can unearth some others. For a good reference list where else but here?

My understanding is that WPA is very secure a good quality password is used, the longer and more random the better. The security oriented Gibson Research Corporation webpage has a "Perfect Password Generator" that generates a new totally random maximum-length 63 or 64 character password every time someone visits their webpage or clicks refresh. Of course the connection to their "Perfect Password Generator" is encrypted. On their weekly show about computer security episode 11 was about "Bad WiFi Security" and episode 13 was about "Unbreakable WiFi Security". I download the MP3 versions of the two episodes a few months ago. They also said that security measures such as disabling the broadcast off SSIDs and using MAC address filtering are really not as effective as most people think. They also mentioned that WEP is a hopelessly flawed standard that is easily broken using free software tools that can be downloaded from the Internet.

My new DSL modem/router that I got from the telephone company has a built in wireless router. By default it had WEP encryption enabled. I changed it to use WPA pre-shared key instead. I wasn't able to get cable where I live, but when talking to the local cable company, they told me that their wireless routers are open to everyone by default. Of course that can be changed. Up until a couple of weeks ago there were no high-speed Internet connections available where I live. I got a new 1.5 Mbps DSL connection from the telephone company as soon as it became available. It is a nice change from the 26.4K dial-up.

Another nice security tool on the Gibson Research Corporation website is found by clicking on the "ShieldsUp" link and then selecting to option to have "All Service Ports" scanned. It will then probe a person's firewall for open ports.

My understanding is that WPA is very secure a good quality password is used, the longer and more random the better. The security oriented Gibson Research Corporation webpage has a "Perfect Password Generator" that generates a new totally random maximum-length 63 or 64 character password every time someone visits their webpage or clicks refresh. Of course the connection to their "Perfect Password Generator" is encrypted. On their weekly show about computer security episode 11 was about "Bad WiFi Security" and episode 13 was about "Unbreakable WiFi Security". I download the MP3 versions of the two episodes a few months ago. They also said that security measures such as disabling the broadcast off SSIDs and using MAC address filtering are really not as effective as most people think. They also mentioned that WEP is a hopelessly flawed standard that is easily broken using free software tools that can be downloaded from the Internet.

My new DSL modem/router that I got from the telephone company has a built in wireless router. By default it had WEP encryption enabled. I changed it to use WPA pre-shared key instead. I wasn't able to get cable where I live, but when talking to the local cable company, they told me that their wireless routers are open to everyone by default. Of course that can be changed. Up until a couple of weeks ago there were no high-speed Internet connections available where I live. I got a new 1.5 Mbps DSL connection from the telephone company as soon as it became available. It is a nice change from the 26.4K dial-up.

Another nice security tool on the Gibson Research Corporation website is found by clicking on the "ShieldsUp" link and then selecting to option to have "All Service Ports" scanned. It will then probe a person's firewall for open ports.

My understanding is that WPA is very secure a good quality password is used, the longer and more random the better. The security oriented Gibson Research Corporation webpage has a "Perfect Password Generator" that generates a new totally random maximum-length 63 or 64 character password every time someone visits their webpage or clicks refresh. Of course the connection to their "Perfect Password Generator" is encrypted. On their weekly show about computer security episode 11 was about "Bad WiFi Security" and episode 13 was about "Unbreakable WiFi Security". I download the MP3 versions of the two episodes a few months ago. They also said that security measures such as disabling the broadcast off SSIDs and using MAC address filtering are really not as effective as most people think. They also mentioned that WEP is a hopelessly flawed standard that is easily broken using free software tools that can be downloaded from the Internet.

My new DSL modem/router that I got from the telephone company has a built in wireless router. By default it had WEP encryption enabled. I changed it to use WPA pre-shared key instead. I wasn't able to get cable where I live, but when talking to the local cable company, they told me that their wireless routers are open to everyone by default. Of course that can be changed. Up until a couple of weeks ago there were no high-speed Internet connections available where I live. I got a new 1.5 Mbps DSL connection from the telephone company as soon as it became available. It is a nice change from the 26.4K dial-up.

Another nice security tool on the Gibson Research Corporation website is found by clicking on the "ShieldsUp" link and then selecting to option to have "All Service Ports" scanned. It will then probe a person's firewall for open ports.

This raw socket access thing has been an ongoing battle for years, with MS initially laughing the idea away and then changing their mind about it http://www.grc.com/dos/intro.htm, but this was done in XP SP2 if I understand well.

Software patents are proved that they are needless and very anticompetitive. They must go. Period.

What are software patents, anyway?

Don't be mistaken, I am a software developer, and I don't like patents. However, I cannot see enough reasons why there must be a clear boundary around software. To take a no-so-good example, ClearType (I know that it was Woz who invented a similar technology more than twenty years ago). It is about sub-pixel font rendering. Is it a software patent? I suppose people will say yes. However, it is related with the physical display device. With the fast development of the ‘software industry’, everything might be related to software soon.

My point? Advocate ‘No patent at all’—that is the logical end. If this does not look like possible, think more about how to improve the process.

(By the way, I think ClearType is an innovation, though maybe not necessarily an invention. Just think about the fact that no one before Microsoft thought about using sub-pixel font rendering on modern display devices.)

Objectively, ZoneAlarm has done very well in Gibson Research Corp's tests. The Shield's Up online test available from that page has come back with all "cloaked" responses on all ports, meaning your computer doesn't even identify that it is there, in contrast to other firewalls that return a "blocked" message. GRC's latest test appears to be LeakTest, and ZoneAlarm has passed that test since its creation. Others have caught up, but ZoneAlarm is definitely, objectively, among the best personal firewalls.

Objectively, ZoneAlarm has done very well in Gibson Research Corp's tests. The Shield's Up online test available from that page has come back with all "cloaked" responses on all ports, meaning your computer doesn't even identify that it is there, in contrast to other firewalls that return a "blocked" message. GRC's latest test appears to be LeakTest, and ZoneAlarm has passed that test since its creation. Others have caught up, but ZoneAlarm is definitely, objectively, among the best personal firewalls.

Typical programmer response - blame the network or the hardware when it is your code that is the problem.
Don't use javascript until it is an intranet app. Personally, I browse with javascript disabled. Much of the interacdtivity that lazy programmer think they can only get with javascript are available in CSS.
Here's a link: http://www.grc.com/menu2/invitro.htm with more info.

Don't get me wrong, sometimes it is the hardware or network, but that's about 5% of the time. That leaves 95% that is the fault of the programmer.

Yeah, that's ClearType - a very nice Microsoft innovation that uses subpixels of LCD displays to make smoother text

Minor correction, your sentence should say assimilation not innovation .
Microsoft did not invent ClearType.

http://www.grc.com/ctwho.htm

Enjoy,

Public websurfing is an inherently dangerous thing to do. If you don't believe me, check out the "security now" article on ARP cache poisoning.
http://www.grc.com/nat/arp.htm
It's the scariest thing I've seen since the last time I was tricked into clicking a link to Goatse.

http://www.grc.com/nat/arp.htm

It's the scariest thing I've seen since the last time I was tricked into clicking a link to Goatse.

1) non-local-software firewall, i.e. hardware firewall or firewall system.

2) Norton? VERY unfortunately, actually detecting and removing viruses/software is not simple enough. You usually have to run multiple pieces of software to even come close to detecting what's going on. When I clean up systems, I usually end up running 6-8 different detectors, and then something like process explorer and rootkit revealer... it shouldn't be that complicated, but it is. If you do run Norton, back it up with one or two freeware scanners, ewido, so on. I wouldn't run Norton because it Behaves Badly, Does Not Play Well With Others, and Doesn't Know When To Leave. You also have to do research, check symptoms, use software like HijackThis, and so on.

3) You don't just have to be careful on the internet, you have to be cynical - accept nothing, click on nothing you aren't sure is safe, close popups with alt+F4, have your AV and firewall software (yes, in addition to hardware firewall) set to "paranoid," etc. Have you installed things like socketlock and dcombobulator? The internet is kind of like Compton, except with even less law enforcement presence and the gangs don't fight each other, they just pick on you.

4) Is she set up with admin priveledges so she can install software easily? Or does she have a separate admin account she can log into when she needs to install software?

5) There is no #5.

6) Even with all those tools at my disposal, I have run across systems so badly munged I've had to backup, fdisk, format and reinstall. There are truly some ingenious vicious bastards out there. It's too bad there isn't really a serious effort to kick their asses.

7) I hate to question someone I don't know in this manner, but are you 100% sure she isn't installing toolbars, other "helpful utilities," clicking on things she shouldn't?

Firewalls are useful for monitoring traffic. The best way to detect a zombie computer is to look at the traffic coming in and out, checking for anomalies (such as excessive traffic to places nobody would be going to). Security Now is a great podcast that deals with security issues and locking down your systems. Episodes 3, 8, and 4 are particularly relevant. It can get technical at times but all-in-all it's a great explanation of how things work and what can be done to secure them.

Better support for flat panel displays. (ClearType)

WHAT?!? Maybe you need ClearType if you have some cheap LCD display that is not running in it's native resolution and has horrible image scaling (most cheap LCDs have this problem). But it's kind of pointless to run an LCD panel in anything but it's native resolution, and with good LCD displays this is a non-issue. ClearType is over rated.

To summerize, since an LCD panel is made into subpixels next to each other (as opposed to CRT style triangular groups) and an LCD panel can directly address each (red, green, or blue)subpixel, greater horizontal resolutions can be achieved for black and white text.

If you are a small company, listen to Security Now! early episodes http://grc.com/securitynow that cover VPNs. They spent about 6 episodes on VPNs.

If you don't need free and have a few thousand users to support, combining RSA/SecurID, ACE, and Nortel products like Shastas or Contivity Extranet Switches are excellent. If you don't need the flexibility of a Shasta, the CES line is under $20k to support 2k users. http://www.nortel.com/solutions/smb/business_solut ions/comparisons/contivity_1000.html
http://products.nortel.com/go/product_assoc.jsp?se gId=0&parId=0&prod_id=19940&locale=en-US&rend_id=F B You can use SecurID tokens from a different vendor that don't expire after 3 years and are fully compatible with SecurID one-time passwords. Highly recommended.

If you are really looking for free and a small scale solution - OpenVPN - highly recommended.

Be certain to explain to company management that VPNs don't make you secure. Security needs to be layered from mandatory stong passwords, to active antivirus scanners, to software firewalls, to NAT routing and proxies. Lots of other things - turn off javascript unless needed (be selective).

Good luck!

regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

regsvr32 "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

Hey! Steve Gibson is still around and very busy!

Check his website Gibson Research Corporation

And there was one guy who said the introduction of Windows XP and its raw sockets API would allow programs to "generate the most damaging forms of Internet attacks." And we all know that the Internet fell apart because of that, right?

FUD.

https://www.grc.com/passwords.htm

I guess you missed the round of stories on how to hack wep in 10 minutes.

Listen to Steve's podcasts on wireless security. Basically, WEP is horrible. And WPA2 is best.

I couldn't find active links for one or two of them myself, but here's an updated list -- in some cases these aren't the original sites, which have disappeared, so obviously it's worth being extra careful with antivirus software... apologies for the mess of links; the filter doesn't like short lines...

1by1 (play MP3s), AriskKey (recover passwords), AutoRuns (enumerate startup tasks), BurnCDCC (burn ISO images), CD (basic CD player), CDex (rip CDs + convert MP3/WAV), Copier [0X Copy Machine] (scan + print), CWShredder (clean spyware), DComBob (tame DCOM), DirLister (make quick file lists), Discover (force windows onscreen), DupeLocater (find and clean), FileRecovery [PC Inspector] (undelete), Folder2ISO (use with BurnCDCC), FoxitReader (read PDFs), GUIPDFTK (split/join PDFs), HijackThis (find spyware), HJSplit (split/join files), Identify_Boards (identify hardware), KatMouse installer (due to MS drivers), LCISOCreator (make ISO image from CD), Leaktest (test firewall), Microsoft keygen (people lose things), MultiRes (change res + force refresh), Multi Timer (stopwatch), NoteTab Light (text editor), NTest (test monitor setup), OnTop (pin windows to foreground), Process Explorer (task manager), ProduKey (recover passwords), Registry Commander (virus cleanup), ResHacker (examine executables), Rootkit Revealer (just in case) ShootTheMessenger (turn service off), Shred by AnalogX (simple filer shredder), TedNPad (unicode text editor), TFT (dead pixel locator), UNPnP (tame SSDP), UPX (compress executables), UnitConverter (what it says), utorrent (basic torrent app), VCdControlTool (mount ISO images),

I couldn't find active links for one or two of them myself, but here's an updated list -- in some cases these aren't the original sites, which have disappeared, so obviously it's worth being extra careful with antivirus software... apologies for the mess of links; the filter doesn't like short lines...

1by1 (play MP3s), AriskKey (recover passwords), AutoRuns (enumerate startup tasks), BurnCDCC (burn ISO images), CD (basic CD player), CDex (rip CDs + convert MP3/WAV), Copier [0X Copy Machine] (scan + print), CWShredder (clean spyware), DComBob (tame DCOM), DirLister (make quick file lists), Discover (force windows onscreen), DupeLocater (find and clean), FileRecovery [PC Inspector] (undelete), Folder2ISO (use with BurnCDCC), FoxitReader (read PDFs), GUIPDFTK (split/join PDFs), HijackThis (find spyware), HJSplit (split/join files), Identify_Boards (identify hardware), KatMouse installer (due to MS drivers), LCISOCreator (make ISO image from CD), Leaktest (test firewall), Microsoft keygen (people lose things), MultiRes (change res + force refresh), Multi Timer (stopwatch), NoteTab Light (text editor), NTest (test monitor setup), OnTop (pin windows to foreground), Process Explorer (task manager), ProduKey (recover passwords), Registry Commander (virus cleanup), ResHacker (examine executables), Rootkit Revealer (just in case) ShootTheMessenger (turn service off), Shred by AnalogX (simple filer shredder), TedNPad (unicode text editor), TFT (dead pixel locator), UNPnP (tame SSDP), UPX (compress executables), UnitConverter (what it says), utorrent (basic torrent app), VCdControlTool (mount ISO images),

I couldn't find active links for one or two of them myself, but here's an updated list -- in some cases these aren't the original sites, which have disappeared, so obviously it's worth being extra careful with antivirus software... apologies for the mess of links; the filter doesn't like short lines...

1by1 (play MP3s), AriskKey (recover passwords), AutoRuns (enumerate startup tasks), BurnCDCC (burn ISO images), CD (basic CD player), CDex (rip CDs + convert MP3/WAV), Copier [0X Copy Machine] (scan + print), CWShredder (clean spyware), DComBob (tame DCOM), DirLister (make quick file lists), Discover (force windows onscreen), DupeLocater (find and clean), FileRecovery [PC Inspector] (undelete), Folder2ISO (use with BurnCDCC), FoxitReader (read PDFs), GUIPDFTK (split/join PDFs), HijackThis (find spyware), HJSplit (split/join files), Identify_Boards (identify hardware), KatMouse installer (due to MS drivers), LCISOCreator (make ISO image from CD), Leaktest (test firewall), Microsoft keygen (people lose things), MultiRes (change res + force refresh), Multi Timer (stopwatch), NoteTab Light (text editor), NTest (test monitor setup), OnTop (pin windows to foreground), Process Explorer (task manager), ProduKey (recover passwords), Registry Commander (virus cleanup), ResHacker (examine executables), Rootkit Revealer (just in case) ShootTheMessenger (turn service off), Shred by AnalogX (simple filer shredder), TedNPad (unicode text editor), TFT (dead pixel locator), UNPnP (tame SSDP), UPX (compress executables), UnitConverter (what it says), utorrent (basic torrent app), VCdControlTool (mount ISO images),

I couldn't find active links for one or two of them myself, but here's an updated list -- in some cases these aren't the original sites, which have disappeared, so obviously it's worth being extra careful with antivirus software... apologies for the mess of links; the filter doesn't like short lines...

1by1 (play MP3s), AriskKey (recover passwords), AutoRuns (enumerate startup tasks), BurnCDCC (burn ISO images), CD (basic CD player), CDex (rip CDs + convert MP3/WAV), Copier [0X Copy Machine] (scan + print), CWShredder (clean spyware), DComBob (tame DCOM), DirLister (make quick file lists), Discover (force windows onscreen), DupeLocater (find and clean), FileRecovery [PC Inspector] (undelete), Folder2ISO (use with BurnCDCC), FoxitReader (read PDFs), GUIPDFTK (split/join PDFs), HijackThis (find spyware), HJSplit (split/join files), Identify_Boards (identify hardware), KatMouse installer (due to MS drivers), LCISOCreator (make ISO image from CD), Leaktest (test firewall), Microsoft keygen (people lose things), MultiRes (change res + force refresh), Multi Timer (stopwatch), NoteTab Light (text editor), NTest (test monitor setup), OnTop (pin windows to foreground), Process Explorer (task manager), ProduKey (recover passwords), Registry Commander (virus cleanup), ResHacker (examine executables), Rootkit Revealer (just in case) ShootTheMessenger (turn service off), Shred by AnalogX (simple filer shredder), TedNPad (unicode text editor), TFT (dead pixel locator), UNPnP (tame SSDP), UPX (compress executables), UnitConverter (what it says), utorrent (basic torrent app), VCdControlTool (mount ISO images),

But don't take my word for it, read what Steve and Leo say:

http://www.grc.com/sn/SN-051.htm

Here's the short version:

1. Network code takes years to secure. There is no shortcut.
2. Vista supposedly ships early next year.
3. ???
4. Security firms (oh i forgot, Microsoft too) and blackhats profit.

Now back to your Mac vs XP playground squabble....

I know he may not be the most favourite of people around here, but Steve Gibson was able to spy on the IRC command & control channel of a botnet a few years ago. It was precipitated by a DDoS on his site, which he investigated rather thoroughly.

Link to the article (...long article warning)

Some of the article is quite interesting, some is obvious, some is ego-boosting self-congratulatory statements, and some of it is his "teh XP can create complete 'UNIX sockets' OH NOES!" propaganda. Still worth a read, even if it is a few years old.

The answer, as has been pointed out here on slashdot & by our good friend Steve Gibson on his Security Now podcast, is to get a second router. It doesn't even have to be wireless, though that seems to be the more expensive option these days.

See "Isolating an open or low-security wireless access point."
http://www.grc.com/nat/nat.htm

http://www.grc.com/port_445.htm
http://www.grc.com/port_137.htm
http://www.grc.com/su-bondage.htm
Describes ports 137-139 and 445.
Also has instructions on how to disable file and print sharing, or remove the bindings from tcp/ip so your file shares aren't going out on the internets.

http://www.grc.com/port_445.htm
http://www.grc.com/port_137.htm
http://www.grc.com/su-bondage.htm
Describes ports 137-139 and 445.
Also has instructions on how to disable file and print sharing, or remove the bindings from tcp/ip so your file shares aren't going out on the internets.

http://www.grc.com/port_445.htm
http://www.grc.com/port_137.htm
http://www.grc.com/su-bondage.htm
Describes ports 137-139 and 445.
Also has instructions on how to disable file and print sharing, or remove the bindings from tcp/ip so your file shares aren't going out on the internets.

Any of you who listen to Security Now will have heard M$ have re-written the networking stack (as discovered by Symantec et.al).

Needless to say, even after this testing and patching, there is a high probablity the networking interface will still have a few 'zero day' flaws...

And you are an idiot if you do that. At least have a few different "security levels" with different passwords. Read/listen more about this technique at http://grc.com/securitynow

Trivial - who cares they get the default uid and passwd.

Shopping - they have my CC; each gets their own username, and the password is a mix of the username + the same symbols and numbers in key locations.

Bank, Broker - different uid, different strong password, changed monthly.

Highly secure accounts - one-time password protected via a hardware device. I wish I could pay my broker for this.

None of these are stored in a browser. My master uid/passwd list is maintained in an encrypted file (TrueCrypt) and stored on USB and disk drives at home and work and on a remote friends computer. Without the key file and password, it is completely secure. Heck, do you want a copy?

TrueCrypt info -> http://www.grc.com/SecurityNow.htm#41

Maybe Steve Gibson was right.

http://www.truecrypt.org/

an informative podcast about TrueCrypt : here ... (Episode #41)

Check out Steve's SecurityNow! podcast 41
  to hear why & more about it:

        http://media.grc.com/sn/SN-041.mp3

  For slow modem users, here's the transcript:

        http://www.grc.com/sn/SN-041.pdf

  A list of his other podcasts:

        http://securitynow.info/