Slashdot Mirror

Well maybe they've decided to actually test the patch before releasing it? :)

I discovered today that a patch for a vulnerability in the IIS SMTP service causes the settings for the service to be reset if you're running it on Server 2008 (2003 doesn't seem to be affected, AFAIK).

Unfortunately we applied that patch (and others) last Wednesday and don't have regular automated testing of our website's ability to deliver mail to localhost, so took a while for us to notice... a quick Google lead me to this discussion where I discovered the cause.

Well maybe they've decided to actually test the patch before releasing it? :)

I discovered today that a patch for a vulnerability in the IIS SMTP service causes the settings for the service to be reset if you're running it on Server 2008 (2003 doesn't seem to be affected, AFAIK).

Unfortunately we applied that patch (and others) last Wednesday and don't have regular automated testing of our website's ability to deliver mail to localhost, so took a while for us to notice... a quick Google lead me to this discussion where I discovered the cause.

See here for a domain specific language for financial contracts embedded in Haskell. A DSL is certainly the way to go over a "black box" or arbitrary Python code.

They could make it object Oriented, and call it PowerShell!
http://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx

In all seriousness, at work i have to use windows, and I'm starting to move some old VB Scripts others have developed to Powershell for fun, and its nice. Kind of reminds me of Bash and Perl Getting married, and their kid grows up and rebels by moving in with Windows.

Its not bad.

I don't know about Java, but I thought C# was: http://research.microsoft.com/en-us/projects/singularity/

Granted, this is by Microsoft...

This little bundle of technology has been shown to radically improve recall in Alzheimers patients. Here's the study: http://research.microsoft.com/en-us/um/cambridge/projects/sensecam/memory.htm

I've taken something like 200,000 photos over the past 13 years... and I've noticed I can remember almost everything about days that I have pictures from... and not very much of the rest.

I want one of these far more than I fear someone else having access to it.

You should really integrate all of the drivers into your Windows installation. Windows will install the drivers the same as the drivers that come with the OS. It's not too hard and it's probably better than using VM's.

Basically you can create a directory tree in your existing installation and add the path to the "DevicePath" string value under "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion". Windows will expand it's search for matching hardware INF files to include the extra directories. There are two good articles on doing it: MSDN Article,MSKB Article.

Another method I have used (if you know how to edit INF files) is to manually edit the INF's to use a specific cab file as the copy source (under the SourceDiskNames section). You can also combine and streamline them also. Then just copy the edited INF files into "%WinDir%\INF", and the driver files into the CAB and Windows will use them.

Once you are done just make sure you have Windows update it's INF indexes, which will speed up the driver installation for your driver packages. Open Add Hardware from the control panel, tell it to install manually from a list, and then select "Show All Devices". It will take a while to build the indexes, and then you can just cancel the wizard.

You should really integrate all of the drivers into your Windows installation. Windows will install the drivers the same as the drivers that come with the OS. It's not too hard and it's probably better than using VM's.

Basically you can create a directory tree in your existing installation and add the path to the "DevicePath" string value under "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion". Windows will expand it's search for matching hardware INF files to include the extra directories. There are two good articles on doing it: MSDN Article,MSKB Article.

Another method I have used (if you know how to edit INF files) is to manually edit the INF's to use a specific cab file as the copy source (under the SourceDiskNames section). You can also combine and streamline them also. Then just copy the edited INF files into "%WinDir%\INF", and the driver files into the CAB and Windows will use them.

Once you are done just make sure you have Windows update it's INF indexes, which will speed up the driver installation for your driver packages. Open Add Hardware from the control panel, tell it to install manually from a list, and then select "Show All Devices". It will take a while to build the indexes, and then you can just cancel the wizard.

You should really integrate all of the drivers into your Windows installation. Windows will install the drivers the same as the drivers that come with the OS. It's not too hard and it's probably better than using VM's.

Basically you can create a directory tree in your existing installation and add the path to the "DevicePath" string value under "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion". Windows will expand it's search for matching hardware INF files to include the extra directories. There are two good articles on doing it: MSDN Article,MSKB Article.

Another method I have used (if you know how to edit INF files) is to manually edit the INF's to use a specific cab file as the copy source (under the SourceDiskNames section). You can also combine and streamline them also. Then just copy the edited INF files into "%WinDir%\INF", and the driver files into the CAB and Windows will use them.

Once you are done just make sure you have Windows update it's INF indexes, which will speed up the driver installation for your driver packages. Open Add Hardware from the control panel, tell it to install manually from a list, and then select "Show All Devices". It will take a while to build the indexes, and then you can just cancel the wizard.

You should really integrate all of the drivers into your Windows installation. Windows will install the drivers the same as the drivers that come with the OS. It's not too hard and it's probably better than using VM's.

Basically you can create a directory tree in your existing installation and add the path to the "DevicePath" string value under "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion". Windows will expand it's search for matching hardware INF files to include the extra directories. There are two good articles on doing it: MSDN Article,MSKB Article.

Another method I have used (if you know how to edit INF files) is to manually edit the INF's to use a specific cab file as the copy source (under the SourceDiskNames section). You can also combine and streamline them also. Then just copy the edited INF files into "%WinDir%\INF", and the driver files into the CAB and Windows will use them.

Once you are done just make sure you have Windows update it's INF indexes, which will speed up the driver installation for your driver packages. Open Add Hardware from the control panel, tell it to install manually from a list, and then select "Show All Devices". It will take a while to build the indexes, and then you can just cancel the wizard.

What you're looking for is ImageX. You can get it from the Windows AIK. (It says "Windows 7 AIK", but it will work on XP.)

Recipe for win:

1. Create a Windows PE flash drive. This pretty much gets you a bootable Vista/7 kernel.
2. Copy ImageX.exe from the WAIK onto the flash drive.
3. Boot your computer from the flash drive. Use imagex /capture /compress fast c: z:\file_on_external.wim "description in quotes" to create a .WIM image file.

You can take that WIM image and re-apply it to your computer at a later date. Windows activation and all of your programs will be preserved. You can also mount WIM files like directories using imagex /mount.

However, you will not be able to take an XP install and move it to a system with different hardware. XP's drivers and HAL will throw a fit if you move it to a computer that's too different, although similar-enough hardware will "mostly work."

You can download and run Sysprep from Microsoft before you capture an image. It strips out some of the hardware and user-specific settings and returns the computer to XP's "mini setup" mode, where it will ask you for username/password/CD key/whatever. But even then, XP images are still very hardware bound; more often than not an image won't work until booting from an XP CD and doing a repair install.

Not SSH, but from a remote windows machine authenticated with admin rights on the target machine run

shutdown -s -f -m \\KidsComputer -t 60 -c "Time for bed kids"

That will shut the computer down in 60 seconds with the message of "Time for bed kids" with the forced shutdown of unresponsive programs. See: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/shutdown.mspx?mfr=true for documentation. Aaron Z

Yes, because my house totally has an Active Directory server.

I like linux but I run Windows everywhere, and I'm only vaguely aware of this tool. I un-check it every time I do a Windows update, usually with a "Ha, like I'd let you run on my machine" type snark. I wouldn't think it's reasonable to expect a Windows user to be aware of whether it detects rootkits, especially the typical user since auto-updates happen without even registering (or auto-updates are turned off, either way most windows users never even see it). It started out just removing worms and trojans, and I never even expected it to detect rootkits. If I never did Windows Updates manually to filter out genuine advantage and other garbage I'd not even think about it.

I would trust Rootkit Revealer from Sysinternals before I'd trust something Microsoft sends (yes I know they are the same company). I'm not saying there's a problem with it, in fact Windows Defender seems to be very highly recommended and lightweight compared to free antivirus solutions, so I'm sure MSRT does a fine job on a specific set of known maliciousfiles.

I have a religious disinterest in this case, since I'm aware of it and refuse to learn about it. The linux poster who knows nothing about it is simply ignorant (not an insult, simply lacking facts). I would classify "minor academic interest" as picking up new information if it comes along and happens to be meaningful to stick, not actively seeking information. The fine line is whether someone actively avoids learning, or simply allows opportunities to slip by. I actively avoid it, and I both know and admit it, but looks like this poster simply lets it slide.

In fact, most of the Anti-virus vendors are complaining about the unfair monopoly MS has, destroying their business prospects by including Antivirus out of the box. But most of the reporting is on Windows Defender, completely ignoring (or mentioning without much description) the Malicious Software Removal Tool. It's more likely that someone following news for nerds knows about Defender than the MSRT.

You could have simply said RTFA or included this quote:

the company has urged users to download its Malicious Software Removal Tool to clean up their machines and run the patch as soon as possible.

That would have been a much better, and as I illustrated above more accurate, reply than "religious disinterest", unless you meant of the article rather than Microsoft-related stuff.

So now we have the question of whether a linux user would reasonably be aware of Windows Defender, which constitute the other 20 or so redundant replies to this question. I admit that when I come across a linux antivirus article, I've learned that it does not apply to Windows and so I ignore it. I'd expect the same from a linux user on Windows A/V articles. Surely the A/V industry complaints about Microsoft's monopoly abuse have managed to get through? No, the brain at some point cannot stand any more "Microsoft accused of abusing its monopoly" stories and just skips on.

The only reason I'm aware of Windows Defender as a Microsoft user and programmer (.NET, T-SQL, Win32, VBS, broken CSS, and some others and semi-active in the ReactOS community so I'm fully entrenched) is because a recent "Ask Slashdot" asked about free antivirus, and almost across the board Defender was the recommendation. I got tired of AVG's continued bloat and silly issues like only using the C drive for updates (which can cause out of diskspace errors, which is made worse because it doesn't clean up after itself), so I read the article - otherwise I would have ignored it.

Put yourself in someone else's shoes before making a reply, it makes the discussion flow better. I've violated that a few times myself and I cringe when I scroll past those comments in my post history, but I try to do better.

MSRT history of which files are detected in each release so that someone can correct me if one of the originals was a rootkit (Hackdef was added in April, maybe there was one before that):
http://support.microsoft.com/?kbid=890830

Have you ever tried to code up a message box in Visual C++? It's worse than pulling teeth

You must have it really easy when it comes to pulling teeth, given that "coding up a message box" in Visual C++ is exactly one function call.

For the record, it also doesn't matter if your application is interactive or not, so long as it's not a background service - this call will set up its own message pump, so it is completely self-sufficient. It can be a single line by itself inside int main(), and it will still work.

Support for XP SP2 only ends July 13, 2010

Extended support for XP (mode it's in now, essentially just security fixes) for SP3 ends April 8 2014.

Windows 2000 Extended support ends July 13 2010. Christ Almighty they still patch IE 5.01 for Windows2000

Support for XP SP2 only ends July 13, 2010

Extended support for XP (mode it's in now, essentially just security fixes) for SP3 ends April 8 2014.

Windows 2000 Extended support ends July 13 2010. Christ Almighty they still patch IE 5.01 for Windows2000

Support for XP SP2 only ends July 13, 2010

Extended support for XP (mode it's in now, essentially just security fixes) for SP3 ends April 8 2014.

Windows 2000 Extended support ends July 13 2010. Christ Almighty they still patch IE 5.01 for Windows2000

Your 16 bit apps will still run in XP-mode. If you don't have Pro or ultimate, you can get free IE compatability VHDs You can also use trusty old DOS "ed" in Win7 x64

If Microsoft has a way of detecting the rootkit, they should make it available separately so that people can test their machines before they try to update them. Of course, this is Microsoft we're talking about, so you know they're not interested in what's right unless it's also profitable.

http://www.microsoft.com/security/malwareremove/default.aspx

XP Will keep getting security updates until at least 2014. It was rendered obsolete in early 2007. Try getting OSX Tiger updates. It was dropped like a rock seconds after Leopard came out

Can you imagine if the auto industry adopted the same strategies used by Microsoft:

A: Sell new 2010 automobile

B: Release new 2011 version of same automobile (with LED widgets!)

C: Inform everyone who purchased the 2010 model that parts for their model will no longer be available after 2012.

D: Inform car dealers that they will not be allowed to sell used 2010 models.

E: Inform gas stations that they must use new nozzles at their pumps that only fit the 2011 models.

F: Sit back an wonder why people take cheap shots at your company and begin purchasing motorcycles.

G: File lawsuits against the motorcycle companies for restraint of trade and IP infringement.

I don't rag on Microsoft because they make a substandard product. I rag on Microsoft because they *force* their new products on their customers, and then treat those customers like thieves until proven otherwise. If I don't want to upgrade from Ubuntu 6, I can still download it and use it if I so choose, and I won't be accused of software piracy if I blow a system board and swap the drive into a new system.

Wow, just wow. I'm not sure where to begin with whats wrong with this post. Lets see, model 2010, 1 year later releases a newer model? Considering WIndows XP was released in August of 2001 and they are only officially stopping support for it on July 13, 2010 completely invalidate that comparison since 2001-2010 isn't 1 year. Vista wasn't even released until 2006, 5 years later... For C. you wrore that the 2010 model that they won't be able to use parts after 2012 again files in the face of everything since Office 2007 (the newest one) runs on Windows XP and was released 6 years later. This doesn't even consider that the new Office 2010 is also going to run on Windows XP... 'Inform dealers not to sell 2010 models'. You were able to buy Windows XP for years after Vista, and for quite some time without paying extra license... ' Inform gas stations they must use new nozzles, ect, again is wrong since Vista and Windows 7 allows backwards compatibilities and newly made software is still made to run on Windows XP (note the Office 2010 again)... If your going to try to make a comparison at least put a pinch of effort into it.

Can you imagine if the auto industry adopted the same strategies used by Microsoft:

A: Sell new 2010 automobile

B: Release new 2011 version of same automobile (with LED widgets!)

C: Inform everyone who purchased the 2010 model that parts for their model will no longer be available after 2012.

D: Inform car dealers that they will not be allowed to sell used 2010 models.

E: Inform gas stations that they must use new nozzles at their pumps that only fit the 2011 models.

F: Sit back an wonder why people take cheap shots at your company and begin purchasing motorcycles.

G: File lawsuits against the motorcycle companies for restraint of trade and IP infringement.

I don't rag on Microsoft because they make a substandard product. I rag on Microsoft because they *force* their new products on their customers, and then treat those customers like thieves until proven otherwise. If I don't want to upgrade from Ubuntu 6, I can still download it and use it if I so choose, and I won't be accused of software piracy if I blow a system board and swap the drive into a new system.

Wow, just wow. I'm not sure where to begin with whats wrong with this post. Lets see, model 2010, 1 year later releases a newer model? Considering WIndows XP was released in August of 2001 and they are only officially stopping support for it on July 13, 2010 completely invalidate that comparison since 2001-2010 isn't 1 year. Vista wasn't even released until 2006, 5 years later... For C. you wrore that the 2010 model that they won't be able to use parts after 2012 again files in the face of everything since Office 2007 (the newest one) runs on Windows XP and was released 6 years later. This doesn't even consider that the new Office 2010 is also going to run on Windows XP... 'Inform dealers not to sell 2010 models'. You were able to buy Windows XP for years after Vista, and for quite some time without paying extra license... ' Inform gas stations they must use new nozzles, ect, again is wrong since Vista and Windows 7 allows backwards compatibilities and newly made software is still made to run on Windows XP (note the Office 2010 again)... If your going to try to make a comparison at least put a pinch of effort into it.

Both MSRT and Microsoft Security Essentials will detect and remove Alureon A and its kin.

Definition first published October 23. Revised March 10.

That doesn't mean full a repair/recovery of every corrupted file:

The top ten most commonly-targeted driver files are the following:

atapi.sys
iastor.sys
iastorv.sys
idechndr.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvstor.sys
nvstor32.sys
sisraid.sys

Users are advised to boot into a recovery environment and manually replace the file with a clean copy.

Win32/Alureon may modify DNS settings on the host computer, thus the following steps may be required after the Win32/Alureon removal is complete:

If the computer has a network interface that does not receive a configuration using DHCP, reset the DNS configuration if necessary.

If a dial-up connection is sometimes used from the computer, reconfigure the dial-up settings in the rasphone.pbk file as necessary, as Win32/Alureon may set the fields "IpDnsAddress" and "IpDns2Address" in the rasphone.pbk file to the attacker's address. The Microsoft scanner code that automatically removes Win32/Alureon backs up the infected dial-up configuration file to:

%allusersprofile%\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk.bak

Win32/Alureon

http://technet.microsoft.com/en-us/library/cc512587.aspx

>You can't clean a compromised system by patching it.

>You can't clean a compromised system by removing the back doors.

>You can't clean a compromised system by using some "vulnerability remover."

>You can't clean a compromised system by using a virus scanner.

>You can't clean a compromised system by reinstalling the operating system over the existing installation.

>You can't trust any data copied from a compromised system.

>You can't trust the event logs on a compromised system.

>You may not be able to trust your latest backup.

>>>>>The only way to clean a compromised system is to flatten and rebuild.

Jesper M. Johansson, Ph.D. [YES, HE'S A DOCTOR], CISSP, MCSE, MCP+I

Security Program Manager
Microsoft Corporation

Chances are, if it's a rootkit, it's already overwritten the "known good" versions of those files Windows keeps around.

Plus, they can't guarantee that other files won't be modified by different versions of the same rootkit.

Other than that, Microsoft already pushes a new version of the Malicious Software Removal Tool through Windows Update every month.

See:

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus:Win32/Alureon.A

I've have reasonably good experiences with MSE so far with my Windows users. Anybody else want to weigh in here?

Microsoft isn't really in the business of providing a virus scanner as one of their free updates. Oh wait...

*continues running Ubuntu*

Apple has moved from 68k to PPC to OS X to Intel to ARM to (proposed) POWER) for both 32/64 bit and all it took in those last steps was flag in the compiler.

The trick is to be able to do it once. After going through all the pain, software developers for your platform know how to deal with it (and also know better than to rely on architecture specifics).

For Windows, the first major move was x86->x64 (the 16-bit to 32-bit move before that wasn't as big, because DOS apps had to be substantially rewritten to become Win32 GUI apps anyway, and there weren't many Win16 apps). Due to overreliance of system APIs and established coding conventions on things such as sizeof(int)==sizeof(void*), and abundance of third-party software for the platform, this is extremely painful ("is" because it's still going on).

But, on the other hand, it lead to many Windows developers suddenly finding out that, no, they can't stash a pointer away in an int. So now many don't. From MS side, it meant that many system APIs were reworked - e.g. typedefs such as INT_PTR (an integral type that can fit a pointer) were added, and some functions were replaced by newer, portable varieties. As well, the compiler learned a few tricks to automatically detect non-portable patterns in the code.

So, should there be another transition, next time it will likely go much smoother.

68k emulation in PPC was decent. Classic mode worked for most applications and Rosetta was as seamless as it gets. I understand that Microsoft has a ton of backwards compatibility they need to maintain, but if a company the fraction of your size can do it, why can't you?

It's funny because I've heard a lot of complaints about Rosetta, most notably about its performance. I'm not sure that it was a solution that enterprises would have seriously bought in (and keep in mind that most Windows sales - even for desktop use - are to businesses, not to individuals) back in the day when Apple introduced it.

That said, it looks like they were still right in that this is the way to go long-term, which is probably why Win7 (including 64-bit varieties) comes with a VM running 32-bit WinXP, with seamless integration a la Parallels (when guest windows appear on host desktop).

Apple has moved from 68k to PPC to OS X to Intel to ARM to (proposed) POWER) for both 32/64 bit and all it took in those last steps was flag in the compiler.

The trick is to be able to do it once. After going through all the pain, software developers for your platform know how to deal with it (and also know better than to rely on architecture specifics).

For Windows, the first major move was x86->x64 (the 16-bit to 32-bit move before that wasn't as big, because DOS apps had to be substantially rewritten to become Win32 GUI apps anyway, and there weren't many Win16 apps). Due to overreliance of system APIs and established coding conventions on things such as sizeof(int)==sizeof(void*), and abundance of third-party software for the platform, this is extremely painful ("is" because it's still going on).

But, on the other hand, it lead to many Windows developers suddenly finding out that, no, they can't stash a pointer away in an int. So now many don't. From MS side, it meant that many system APIs were reworked - e.g. typedefs such as INT_PTR (an integral type that can fit a pointer) were added, and some functions were replaced by newer, portable varieties. As well, the compiler learned a few tricks to automatically detect non-portable patterns in the code.

So, should there be another transition, next time it will likely go much smoother.

68k emulation in PPC was decent. Classic mode worked for most applications and Rosetta was as seamless as it gets. I understand that Microsoft has a ton of backwards compatibility they need to maintain, but if a company the fraction of your size can do it, why can't you?

It's funny because I've heard a lot of complaints about Rosetta, most notably about its performance. I'm not sure that it was a solution that enterprises would have seriously bought in (and keep in mind that most Windows sales - even for desktop use - are to businesses, not to individuals) back in the day when Apple introduced it.

That said, it looks like they were still right in that this is the way to go long-term, which is probably why Win7 (including 64-bit varieties) comes with a VM running 32-bit WinXP, with seamless integration a la Parallels (when guest windows appear on host desktop).

Apple has moved from 68k to PPC to OS X to Intel to ARM to (proposed) POWER) for both 32/64 bit and all it took in those last steps was flag in the compiler.

The trick is to be able to do it once. After going through all the pain, software developers for your platform know how to deal with it (and also know better than to rely on architecture specifics).

For Windows, the first major move was x86->x64 (the 16-bit to 32-bit move before that wasn't as big, because DOS apps had to be substantially rewritten to become Win32 GUI apps anyway, and there weren't many Win16 apps). Due to overreliance of system APIs and established coding conventions on things such as sizeof(int)==sizeof(void*), and abundance of third-party software for the platform, this is extremely painful ("is" because it's still going on).

But, on the other hand, it lead to many Windows developers suddenly finding out that, no, they can't stash a pointer away in an int. So now many don't. From MS side, it meant that many system APIs were reworked - e.g. typedefs such as INT_PTR (an integral type that can fit a pointer) were added, and some functions were replaced by newer, portable varieties. As well, the compiler learned a few tricks to automatically detect non-portable patterns in the code.

So, should there be another transition, next time it will likely go much smoother.

68k emulation in PPC was decent. Classic mode worked for most applications and Rosetta was as seamless as it gets. I understand that Microsoft has a ton of backwards compatibility they need to maintain, but if a company the fraction of your size can do it, why can't you?

It's funny because I've heard a lot of complaints about Rosetta, most notably about its performance. I'm not sure that it was a solution that enterprises would have seriously bought in (and keep in mind that most Windows sales - even for desktop use - are to businesses, not to individuals) back in the day when Apple introduced it.

That said, it looks like they were still right in that this is the way to go long-term, which is probably why Win7 (including 64-bit varieties) comes with a VM running 32-bit WinXP, with seamless integration a la Parallels (when guest windows appear on host desktop).

The concept of a null pointer kernel vulnerability works in Windows too.

Like Linux, the NT kernel exists in the same address space as applications, so the same concepts apply. To map the null 64k of address space as valid memory, call either VirtualAlloc or MapViewOfFileEx (*). Passing NULL as your desired mapping address to these functions normally means that you want Windows to find an available virtual address for you. To get around that, pass (void*)1. This works because NT will round down to the nearest allocation boundary (64k for new allocations).

* The real system calls are actually NtAllocateVirtualMemory and NtMapViewOfSection, respectively.

The concept of a null pointer kernel vulnerability works in Windows too.

Like Linux, the NT kernel exists in the same address space as applications, so the same concepts apply. To map the null 64k of address space as valid memory, call either VirtualAlloc or MapViewOfFileEx (*). Passing NULL as your desired mapping address to these functions normally means that you want Windows to find an available virtual address for you. To get around that, pass (void*)1. This works because NT will round down to the nearest allocation boundary (64k for new allocations).

* The real system calls are actually NtAllocateVirtualMemory and NtMapViewOfSection, respectively.

The concept of a null pointer kernel vulnerability works in Windows too.

Like Linux, the NT kernel exists in the same address space as applications, so the same concepts apply. To map the null 64k of address space as valid memory, call either VirtualAlloc or MapViewOfFileEx (*). Passing NULL as your desired mapping address to these functions normally means that you want Windows to find an available virtual address for you. To get around that, pass (void*)1. This works because NT will round down to the nearest allocation boundary (64k for new allocations).

* The real system calls are actually NtAllocateVirtualMemory and NtMapViewOfSection, respectively.

The concept of a null pointer kernel vulnerability works in Windows too.

Like Linux, the NT kernel exists in the same address space as applications, so the same concepts apply. To map the null 64k of address space as valid memory, call either VirtualAlloc or MapViewOfFileEx (*). Passing NULL as your desired mapping address to these functions normally means that you want Windows to find an available virtual address for you. To get around that, pass (void*)1. This works because NT will round down to the nearest allocation boundary (64k for new allocations).

* The real system calls are actually NtAllocateVirtualMemory and NtMapViewOfSection, respectively.

The concept of a null pointer kernel vulnerability works in Windows too.

Like Linux, the NT kernel exists in the same address space as applications, so the same concepts apply. To map the null 64k of address space as valid memory, call either VirtualAlloc or MapViewOfFileEx (*). Passing NULL as your desired mapping address to these functions normally means that you want Windows to find an available virtual address for you. To get around that, pass (void*)1. This works because NT will round down to the nearest allocation boundary (64k for new allocations).

* The real system calls are actually NtAllocateVirtualMemory and NtMapViewOfSection, respectively.

Visual Studio 2010 still hasn't fixed one of the major bugs that has been around since .NET 1.0.
When you run a forms based program in debug mode on an x64 system, and the form's load event throws an exception, the program will happily continue running without reporting the exception. Execution skips directly to the end of the load sub without running any lines of code after the exception, yet the program continues to run as if nothing went wrong. Everything works as expected if you are working on an x86 box though. You will rip your hair out trying to figure out what's going on if you don't know about this.

Details can be found here http://social.msdn.microsoft.com/Forums/en-SG/vsdebug/thread/69a0b831-7782-4bd9-b910-25c85f18bceb

Back to the warm embrace of an extended MS product range.
http://www.microsoft.com/Presspass/press/2009/oct09/10-15sidekick.mspx
Better keep your data backed up or the Sidekick techs will extinguish it.

There are plenty of royalty-free things from Microsoft, just take a look here. VC-1 a.k.a WMV9 at that time was supposed to be the same too, but alas it wasn't meant to be. The SMPTE standardization was done later after that.

Google can do the same, and the same companies that hit Microsoft will highly likely hit Google too.

So this guy is writing a book about Windows 7 and in his blog at least makes no mention of the Windows 7 Upgrade Advisor? http://www.microsoft.com/downloads/details.aspx?FamilyID=1b544e90-7659-4bd9-9e51-2497c146af15&displaylang=en Granted he is installing a different version (x86 vs. x64) and edition (ultimate vs. pro) of the same OS, it is definitely not a given that driver support is the same with different versions of Windows.

I also found it bizarre that at no point did he seem to think of checking the setup logs. Admittedly, it probably wouldn't have helped him in this case, as logs often don't reveal anything in the case of intermittent hardware failure, but really, if I have a problem with setup, the first thing I'd think to check would be the log files in case they turn up something interesting. That's, you know, kind of why they're there...

Why you aren't getting modded up, I have no idea, except maybe it's Windows ...

But seriously, you're almost spot on. Why push this OP, admittedly computer handicapped, to a more complex solution? Windows Vista and 7 alone provide:

• Parental Controls on/off per user
• Allowed usage times, including forced log-off
• Block/allow specific programs

Add Microsoft's Windows Live Family Safety (free) to get:

• Web content filtering at the IP level (works with any browser), per user
• Activity Reports for both website visits and application use, per user

and Microsoft Security Essentials (also free) for virus and malware scanning.

There's probably an easy and free solution for most of the other items on the list as well, but they seem more "wish-list" than essential.

Why you aren't getting modded up, I have no idea, except maybe it's Windows ...

But seriously, you're almost spot on. Why push this OP, admittedly computer handicapped, to a more complex solution? Windows Vista and 7 alone provide:

• Parental Controls on/off per user
• Allowed usage times, including forced log-off
• Block/allow specific programs

Add Microsoft's Windows Live Family Safety (free) to get:

• Web content filtering at the IP level (works with any browser), per user
• Activity Reports for both website visits and application use, per user

and Microsoft Security Essentials (also free) for virus and malware scanning.

There's probably an easy and free solution for most of the other items on the list as well, but they seem more "wish-list" than essential.

That was my thought too.

Windows 7 Home Premium: $99.99 (or Professional for $140) Microsoft Security Essentials: $0.00 Knowing your wireless card and webcam will work: Priceless

Hm, that's a lot less than $200.

Microsoft Windows 7 Home Premium 32-bit 1-Pack for System Builders - OEM

That's an OEM version. OEM licensing terms apply.
Also, $99 for OEM Windows? That's a ripoff.

From the original post:

James Kelly shows how easy it is to build a computer and install a complete software suite for US$200 excluding monitor, keyboard, and mouse. You can't even buy the operating system and anti-malware protection for Microsoft Windows for that, let alone have any money left over for hardware and productivity software!

I can buy a retail copy of Windows 7 Home Premium for $179.99 at Newegg, with shipping for another $1.99[0], and Microsoft Security Essentials is free for download[1], and a very reasonable product for many users.[2]

Also, I can get an Acer Aspire REVO at Bestbuy for a nickle under $200, with a copy of Windows XP SP3 included.[3]

I can't wait to see the specs on the $200 computer build outlined in this "outdated before it was published" book... Also, didn't this book come out a while ago? At least 4-6 months ago - are the parts listed even still commonly available?

[0] http://www.newegg.com/Product/Product.aspx?Item=N82E16832116716&cm_re=windows_7_home_retail-_-32-116-716-_-Product

[1] http://www.microsoft.com/security_essentials/?mkt=en-us

[2] http://www.winsupersite.com/win7/mse.asp

[3] http://www.bestbuy.com/site/Acer+-+AspireRevo+Nettop+with+Intel%26%23174%3B+Atom%26%23153%3B+Processor/9535434.p?id=1218120545008&skuId=9535434

That was my thought too.

Windows 7 Home Premium: $99.99 (or Professional for $140)
Microsoft Security Essentials: $0.00
Knowing your wireless card and webcam will work: Priceless

Hm, that's a lot less than $200.

As a parent and as also an admin who has to worry that co-workers will act like kids, I have both some experience and some tips in this area. The most important tip is to know your kids and care about them. Train them to be safe and teach them morals. With my kids, I use the motto: Trust but verify.

1. Basic Security: The kids shouldn't have Administrator access, the bios needs a password you don't type in front of them and the boot sequence should be set to boot from hard drive first. They might still get around that security by moving drives around, so you may want tamper evident tape.
2. Command line tools: go ahead and install an ssh server on the windows clients, but do it the easy way with something like sshwindows*. You don't really need it if you enable RPC, but it does come in handy, particularly in combination with unixutils* and Sysinternals*.
3. Remote commands: I use winexe* and enable remote access services on the client machines. You can then run the shutdown command or pretty much any other command remotely. If you have set the boot password as required for startup, shutting the PC down is the same as locking it. I don't really recommend requiring a password for boot if you can avoid it since it is a pain, but if the situation calls for it, it is useful to know that you can. In most cases the bios will let you set a password for modification without requiring one for booting and this is usually much easier to work with, particularly when it comes to automatic updates that reboot.
4. IP tables with static IPs: Since you have admin and they don't, you can set static IPs on the workstations pretty reliably which also allows you to use IP tables effectively to limit or control access.
5. Logs and web control: If you use OpenDNS* and intercept DNS*, then you have pretty decent logs. If you use a transparent squid proxy in combination with strict IP tables rules, you can get really good logs. Beware of SSL proxies and VPNs.

All this comes with a cost of your time and effort. The tools built into the typical router can do a lot of the work for you, but you give up some control. Also, consider your target audience, if your kids are bright teenagers, then they will look at ways around the system. They will almost certainly try to browse by IP or through proxies. If this is a potential issue, then you should also look at setting up a transparent squid proxy and blocking 443 and other ports for addresses not explicitly allowed.

VNC: I didn't list VNC because I don't personally use it at the moment, but I have in the past and it can be a very useful tool. If you use it, I recommend you don't set it to run automatically, but rather start the service when you want to use it with remote commands. In a few cases I've done this so that I could monitor activity without any obvious indication.

• sshwindows*: http://sshwindows.sourceforge.net/ - relatively easy ssh server for windows
• unixutils*: http://unxutils.sourceforge.net/ common linux/unix tools for windows, things like grep and wget
• Sysinternals*: http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx handy things like pslist and pskill
• winexe*: from http://eol.ovh.org/winexe/
• OpenDNS* and intercept DNS*: see http://www.opendns.com/ and consider something like:
  /sbin/iptables -t nat -I PREROUTING -i ${LAN} -p udp --dport 53 -j DNAT --to ${ROUTERinternal}
  /sbin/iptables -t nat -I PREROUTING -i ${LAN} -p tcp --dport 53 -j DNAT --to ${ROUTERinternal}

shutdown -s -f -m \\KidsComputer -t 60 -c "Time for bed kids"

That will shut the computer down in 60 seconds with the message of "Time for bed kids" with the forced shutdown of unresponsive programs.
See: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/shutdown.mspx?mfr=true for documentation.
Aaron Z

In addition windows live has a Family Safety addon where you can see and limit the websites kids visit (among other things):
http://download.live.com/FamilySafety

While it can be done much better in linux, if you are a linux noob I suggest getting something like Windows Home Server, this way when shit hits the fan (as it inevitably will) everything is already automatically backed up:
http://www.microsoft.com/windows/products/winfamily/windowshomeserver/default.mspx

Both Windows 7 and OSX have parental controls that enforce usage times in a per-account basis, which apps can be run from these accounts, which sites can be accessed, etc. I have been using these with OSX (a good write up at http://theappleblog.com/2009/01/13/kid-proofing-a-mac-with-parental-controls/) with my 11-year old autistic boy and they couldn't be any simpler. He can only log into the machine at certain times, and I have the option to set a maximum session time per day. He can only run apps that I approve, and can go to sites only if I explicitly allow them. The bad news is that, at least in OSX, Firefox doesn't respect the parental control settings (Safari does it fine).

I checked with Windows 7 and the parental controls seem to be pretty similar. More at http://www.microsoft.com/windows/windows-vista/features/parental-controls.aspx

My only real annoyance is that Youtube doesn't have real content rating, which makes it a pain to filter properly. My son loves to make balloon sculptures and is always checking for new video tutorials, the problems is that while looking for these, he runs into the videos of the balloon popping fetishists. One second I am hearing a video explaining how to twist balloons into a roadrunner, next I hear a 300-pound woman in a bathing suit giggling and sitting on balloons to pop them. Gross.

Sorry to promote MS here, but I happen to like method names like OnInit and OnLoad.

What, no PrestoChangoSelector? :-)

How did this get modded up? I know that it... sounds like it makes sense, but it's the exact opposite of what actually goes on.

They're proving both quotes that 'real men build hardware" and that "real software lovers build hardware" from IBM and Apple.

Both IBM and Apple design Software and Hardware to complement each other. Compare an iSeries or iPad to the typical Oracle setup where they are at the mercy of Intel, AMD, Microsoft, IBM, etc to get their Database to work. Defining a basic Schema is full of so many tips and tricks compared to any other database

WTF? It's hard to define an Oracle schema because of a client's choice of instruction level compatible CPUs? Are you kidding me? I've never heard of anyone actually altering their database schema design to target it for either "Intel" or "AMD". That's insane.

. Sure, it's nice to choose the "optimum" setting for every single block of data... but wouldn't it be BETTER to simply format the hard drive the way you want it in the first place and to build the most critical functions directly into firmware?

First of all, it's quite possible to "format the disk" natively with Oracle's database files, bypassing the OS filesystem. Even Microsoft SQL Server can do that, it's just not advertised as a big feature. Yes, there are performance gains (I've heard up to 20% in some corner cases), but it's almost never worth it, because the downsides are enormous. Managing a LUN is much harder than managing a file. Either way, this can be done now. There's no reason for some sort of magic hardware support.

Second, somehow 'burning' Oracle in the firmware is neither going to make it faster, nor improve anything else. It'll just make it harder to patch and manage, and it'll mean that a future service pack may not fit into the limited flash space. I can't imagine too many deployments where the speed of the program storage is the limit. Even if it is, it's not like you can't boot-from-SAN or just buy an SSD for any old server now!

IBM stuff can do really neat things like split database writes in the disk controller and keep track of multiple copies at once on redundant systems.

Err.. you mean scatter-gather IO and synchronous mirroring? Ooo... fancy stuff, I bet nobody's ever managed to do that in software!

You just can't do that level of stuff with the tools Oracle or Microsoft has now.

Yes, you can. The differences between the major vendors at the "low level" have been tiny for years and years now. The real differences are at the high-level, pure-software layer. Features like RAC differentiate DB2, Oracle, and SQL Server from each other, not the RAID controllers.

Microsoft's sole existence is based on separation of hardware and software... so everybody squabbles between Intel/AMD, ATI/Nvidia, Oracle/MySQL, etc... and Microsoft gets rich playing "middleman" being the only party the others can legally talk to.

Are you kidding me? Since when is Intel some poor pauper holding out a begging bowl to Microsoft? Last time I looked, both Intel and Oracle had market capitalisations over USD 100 billion, and were 'legally allowed' to talk to each other.

There is already a company that makes a Sparc based blade for IBM BladeCenter chassis, drop it in an IBM Blade and share your SAN and have backplane-level network between the other hardware and OSes....this is what Oracle is after. Rather than keep playing games with other vendors, simply sell "Oracle" like IBM sells System i (iSeries). You would by an Oracle blade and simply connect that to your network. There's no point in loading multiple apps on hardware...
it's so cheap now versu