Slashdot Mirror

briant97 asks: "Microsoft is sitting back making all this money by charging for desktop and server operating systems. If you go for a server, they also add additional charges through client access licenses. Well, now that they've charged you all this money they leave their software open to viruses and exploits beyond belief, which will cost your company even more money. When will it stop? When will Microsoft become liable for their actions? I mean they are making billions while costing other companies billions. Ford, Chevy, and all other car manufactures get held liable if they make a defective product, why not Microsoft?" One can argue that you sign away your right to seek damages from Microsoft, by agreeing to the EULA, however there is still this issue as to the strength of a EULA since they've never been tested in court. How do you feel about this subject? Should software owners be allowed to "sign" away their basic rights via click-thru licensing, or should software manufacturers be liable for the critical defects that show up in their software?

Tuxedo Jack writes "It had to happen. The first worm designed specifically for cellular phones has been developed, and Cabir appears to be a way of effectively killing Nokia Series-60 cellular phones via shortening the battery life due to scanning for nearby Bluetooth devices and propagating itself. This still relies on a user to open it, so hopefully that won't be many, and those that do must use a file manager to find and kill the worm. At least it isn't a dialer!"

NinjaPablo writes "W64.RugRat.3344 has been released as a proof of concept virus. It is the first virus which will only run on Windows on the IA64 platform, and uses APIs from 3 native DLLs to avoid crashing applications. It infects files that are in the same folder as the virus and in all subfolders. The author of the virus has also written other concept virii in the past."

NinjaPablo writes "W64.RugRat.3344 has been released as a proof of concept virus. It is the first virus which will only run on Windows on the IA64 platform, and uses APIs from 3 native DLLs to avoid crashing applications. It infects files that are in the same folder as the virus and in all subfolders. The author of the virus has also written other concept virii in the past."

thebra writes "Yet another virus is causing problems with Internet Explorer. "Sasser, unlike a virus which travels through e-mails and attachments, spreads directly from the internet."A removal tool can be found here."

Dynamoo writes "The Internet Storm Center has issued a Yellow Alert due to the spread of the Sasser worm exploiting Windows 2000 and XP machines through a documented flaw in the Local Security Authority Subsystem Service (LSASS) as described in Microsoft Bulletin MS04-011. Initial analysis seems to indicate classic Blaster-style worm behaviour. Right now I'm just getting a probe every 10 minutes or so on my firewall, but this is bound to escalate sharply as the pool of infected machines grows. Of course all good Windows-using Slashdotters visit Windows Update regularly and have a firewall, don't you? More information at Computer Associates, F-Secure, Symantec and McAfee."

arpy writes "The Washington Times is carrying a report on a 5% increase in publicly available virus code in 2003 (based on a Symantec report). There are now about seven versions of MyDoom, and at least 14 each of Netsky and Beagle. Explains why my email account is overloaded with these little bastards. PC World is reporting changes in the countries that virus are originating from: Australia shot from 14th place to 5th over the last six months of 2003! The source of these stories seems to be the March 2004 Symantec Internet Security Threat Report." (This last requires registration to download.)

Frustrated Son asks: "I assume that many Slashdot readers must serve as the IT staff for their parents. My folks get my old machines and just enough software to be productive. I try to protect my parents from the forces of evil by installing automatic OS updates, virus checkers, spyware blockers, pop-up blockers... But still I find that my parents end up with unwanted applications and dangerous software. What software or strategies do you use to protect your parents' PCs? Is it possible for inexperienced users to surf the net in safety?"

cuzality writes "The media is now beginning to suggest that this recent onslaught of new viruses (with new versions of major-impact viruses being found daily) the result of a virus gang turf war, kinda like the India/Pakistan virus conflict, in which official Pakistani sites were savaged by such infamous groups as Indian Snakes and Indian Hackers Club. The gangs are shooting fast and loose: variations of the big ones are being discovered daily (as of March 4, we are up to MyDoom.H, Netsky.F, and Beagle.K), and in the space of three hours on Wednesday morning, five variants of these three were first discovered. Typically these viruses (or more correctly, worms) do little damage to the infected computer, intent mostly on spreading far and wide, and sometimes inflicting DoS on some poor evil empire."

cuzality writes "The media is now beginning to suggest that this recent onslaught of new viruses (with new versions of major-impact viruses being found daily) the result of a virus gang turf war, kinda like the India/Pakistan virus conflict, in which official Pakistani sites were savaged by such infamous groups as Indian Snakes and Indian Hackers Club. The gangs are shooting fast and loose: variations of the big ones are being discovered daily (as of March 4, we are up to MyDoom.H, Netsky.F, and Beagle.K), and in the space of three hours on Wednesday morning, five variants of these three were first discovered. Typically these viruses (or more correctly, worms) do little damage to the infected computer, intent mostly on spreading far and wide, and sometimes inflicting DoS on some poor evil empire."

cuzality writes "The media is now beginning to suggest that this recent onslaught of new viruses (with new versions of major-impact viruses being found daily) the result of a virus gang turf war, kinda like the India/Pakistan virus conflict, in which official Pakistani sites were savaged by such infamous groups as Indian Snakes and Indian Hackers Club. The gangs are shooting fast and loose: variations of the big ones are being discovered daily (as of March 4, we are up to MyDoom.H, Netsky.F, and Beagle.K), and in the space of three hours on Wednesday morning, five variants of these three were first discovered. Typically these viruses (or more correctly, worms) do little damage to the infected computer, intent mostly on spreading far and wide, and sometimes inflicting DoS on some poor evil empire."

JJP writes "ZDNet Australia is reporting that two new worms, Doomjuice and Deadhat, are taking over computers previously infected by the MyDoom virus. Apparently they try to uninstall the MyDoom virus and then take over the PC to start their own malignant work. Whilst the threat these two worms pose shouldn't be too big, both needing a MyDoom backdoor, it is still a novel way to spread a virus. In the Netherlands there is a newspaper reporting this proves MyDoom was initialy spread by organised crime in a dark plot to wage cyber-war and steal confidential data from our computers."

JJP writes "ZDNet Australia is reporting that two new worms, Doomjuice and Deadhat, are taking over computers previously infected by the MyDoom virus. Apparently they try to uninstall the MyDoom virus and then take over the PC to start their own malignant work. Whilst the threat these two worms pose shouldn't be too big, both needing a MyDoom backdoor, it is still a novel way to spread a virus. In the Netherlands there is a newspaper reporting this proves MyDoom was initialy spread by organised crime in a dark plot to wage cyber-war and steal confidential data from our computers."

Oddster writes "There is a new virus out by the name of Novarg which can infect all Windows versions from 95 to XP. It has two interesting features - first, in addition to mass mailing, it also distributes itself via the P2P network Kazaa. Second, it can perform a denial-of-service against www.sco.com. Details at Symantec and F-Secure, although neither seems to have finished their analysis." Other readers have sent in links to coverage at CNET and Security Response, and Russ Nelson provides a sample message.

Futurepower(R) asks: "Microsoft Windows 2000 and Windows XP have crippled file systems. The file system cannot copy some of the files that are necessary to the operating system. If you don't have experience with Microsoft operating systems, you may find this amazing, but it is true; Microsoft supplies no method of backing up and restoring fully operational copies of Windows 2000 and Windows XP. Microsoft's advice is to reinstall the operating system and all programs every time you want to move to a new or backup computer. For confirmation of this, see the 'Microsoft Policy Statement' in the article, The Microsoft Policy Concerning Disk Duplication of Windows XP Installations. Many industries use numerous programs; installing them all may take a week or even more. All of the disk image duplication programs I've used have problems, in my experience. What program do you use? What has been your experience with it? Can you recommend a program, or recommend staying away from one?"

"This policy of providing no way to backup and restore a fully installed system is impossible for corporations, of course. So Microsoft technical support representatives recommend sector-by-sector disk image duplication, even though it is against Microsoft policy. Copying each sector of a hard drive bypasses Microsoft's copy protection by which Microsoft punishes all users, even if they are honest.

Sometimes Microsoft technical support recommends using 'third-party' disk image programs. For example, sometimes support representatives recommend using Symantec Ghost.

All of the disk image duplication programs I've used have problems, in my experience. So, here's a question: What program do you use? What has been your experience with it? Can you recommend a program, or recommend staying away from one?

Here are my experiences:

Symantec Ghost sometimes fails with non-specific error messages. Uninstalling Ghost does not uninstall all the Ghost software. Symantec is one of the companies using copy protection, so using Symantec products may be a case of jumping from the Microsoft frying pan to the Symantec copy protection fire; also, you have no assurance that the copy protection will not become worse in the future.

PowerQuest DriveImage and DeployCenter have an uncertain future. PowerQuest was bought by Symantec. This was after PowerQuest released DriveImage 7 with problems. The sale cannot be a happy event for those who spent hundreds of dollars on DeployCenter.

I've tried Acronis True Image. I've had better luck with it than with Symantec or PowerQuest products. However, like the others, it sometime gives non-specific error messages that say something like, 'I've failed, and I'm not going to tell you how to troubleshoot the problem.'

Fred Langa, publisher of LangaList, recommends BootIt. I have no experience with it.

I haven't tried g4u, free, open source software provided under the BSD license g4u has the drawback that it writes only through FTP. There is no way to write to a network drive or a CD-R.

It's disgusting; people just want to make functional backups, but to do it they are dragged over the coals."

cluge writes "A recent American Rifleman contained small column that said that Symantec's new Internet Security 2004 would block pro gun rights sites (i.e. NRA sites), while not blocking similar anti-gun rights web sites. Being the eternal skeptic, this claim was tested by downloading the trial version and running some tests against it. To my surprise I found the every NRA site was blocked and was in the category 'weapons.' This even included the NRA's Institute for Legislative Action. Some sites that were not blocked were notable anti-gun rights sites such as The Brady Campaign, and Good Bye Guns. The only anti-gun rights site that was blocked that I could find was Hand Gun Control's web site." Read on for more.

cluge continues: "My rather informal test still raises the spectre that a large corporate entity may be clandestinely trying to sway you or your child's political views by censoring content from one side of a political debate. This is indeed chilling, especially considering that such software is required to be used in libraries to protect children. Is this political slant common in censorware? Have slashdotters found similar glitches in other 'parental control' software?"

Slashdot has certainly covered censorware before, but reports like this are still valuable as the world evolves.

GillBates0 writes "According to this story and many others, the State Department's electronic system for checking every visa applicant for terrorist or criminal history failed worldwide late Tuesday because of a computer virus, leaving the U.S. government unable to issue visas. The virus crippled the department's Consular Lookout and Support System, known as CLASS, which contains, among others, names of at least 78,000 suspected terrorists. It was unclear which computer virus might have affected the system. But a separate message sent to embassies and consular offices late Tuesday warned that the Welchia virus had been detected in one facility. Welchia is an aggressive infection unleashed last month that exploits a software flaw in recent versions of Microsoft Windows."

EvilNight writes "You know you've got it when a 60 second shutdown timer pops up on your screen. The virus uses the RPC vulnerability. It looks like it's reaching critical mass today. Luckily, it's an easy one to stop: Download this security update. Once you've installed that patch, go here and download the removal tool." Update: 08/12 19:19 GMT by M : Security bulletin URL corrected.

mabu writes "Apparently there is another worm spreading online. Symantec has upgraded its severity to 'category 3.' This worm appears to primarily affect Microsoft systems, has an expiration date of July 14th, and searches users' machines for select files containing e-mail addresses that it uses to propagate itself."

peeweejd writes "Wired has an article stating that four out of five children receive inappropriate spam e-mail touting get-rich-quick schemes, and almost half receive spam linking to pornographic materials. Should spammers be held responsible for the spams they send out? Can someone sue a spammer for offering to sell 'adult only' items/services to children?" There are more details from survey originator Symantec's press release - and yes, Symantec does sell mail filtering software.

scubacuda writes "Robert Clyde, CTO of Symantec, recently warned an audience at the United Nations that there's an increasing gap between the speed at which attacks are being launched and the industry's ability to respond. Most attacks on Web sites are classified as Class III threats because they tend to take several hours/days to execute. Recently, however, Class II "Warhol attacks"--such as the SQL Slammer worm that make themselves famous in 15 minutes--have emerged. Before long, Clyde predicts that groups of well-funded hackers working in concert will be able to launch Class I "Flash attacks." To combat this, Clyde says that patches would need to be developed more quickly and deployed continuously in an automated mode. Admins would need better ways of locking down networks so an attack on one router is automatically recognized by all routers on the network; throttling back the throughput of suspicious packets on the network in order to limit damage; automating tools for ensuring that all network clients are compliant with security policies; and creating Web services technologies that do not interfere with application performance."

scubacuda writes "Robert Clyde, CTO of Symantec, recently warned an audience at the United Nations that there's an increasing gap between the speed at which attacks are being launched and the industry's ability to respond. Most attacks on Web sites are classified as Class III threats because they tend to take several hours/days to execute. Recently, however, Class II "Warhol attacks"--such as the SQL Slammer worm that make themselves famous in 15 minutes--have emerged. Before long, Clyde predicts that groups of well-funded hackers working in concert will be able to launch Class I "Flash attacks." To combat this, Clyde says that patches would need to be developed more quickly and deployed continuously in an automated mode. Admins would need better ways of locking down networks so an attack on one router is automatically recognized by all routers on the network; throttling back the throughput of suspicious packets on the network in order to limit damage; automating tools for ensuring that all network clients are compliant with security policies; and creating Web services technologies that do not interfere with application performance."

scubacuda writes "Robert Clyde, CTO of Symantec, recently warned an audience at the United Nations that there's an increasing gap between the speed at which attacks are being launched and the industry's ability to respond. Most attacks on Web sites are classified as Class III threats because they tend to take several hours/days to execute. Recently, however, Class II "Warhol attacks"--such as the SQL Slammer worm that make themselves famous in 15 minutes--have emerged. Before long, Clyde predicts that groups of well-funded hackers working in concert will be able to launch Class I "Flash attacks." To combat this, Clyde says that patches would need to be developed more quickly and deployed continuously in an automated mode. Admins would need better ways of locking down networks so an attack on one router is automatically recognized by all routers on the network; throttling back the throughput of suspicious packets on the network in order to limit damage; automating tools for ensuring that all network clients are compliant with security policies; and creating Web services technologies that do not interfere with application performance."

Dave writes "Over the past few days, IRC Networks across the internet have felt the brunt of the Fizzer worm. In an unusual display of geek solidarity, representatives from dozens of IRC Networks, including EFNet, IRCNet and DALnet, have gathered to create a Fizzer Task Force. Interesting, and mostly productive results have occurred so far from such a meeting of the IRC minds."

michaelr asks: "I run several email-based discussion lists. While only members of the lists are allowed to post, I've lately had problems with viruses as they often impersonate the members (or the members themselves are infected). I've identified two solutions: either build a Linux box running SMTP-based antivirus software, or purchase something like the Symantec Gateway Security which includes AV among lots of other things. The street price makes it a little more expensive that a Linux box + AV software, but it seems to be zero maintenance. The problem: the Symantec device is new, and before I place my trust in it, I'd like to know: has anyone had any experience with it, or should I just build the equivalent myself?"

truthsearch writes "Wired is reporting 'Symantec claims to have identified the Slammer worm that ravaged the Internet during the last weekend of January hours before anyone else did. Symantec then shared the information only with select customers, leaving the rest of the global community to get slapped around by Slammer.' I'm not bothered I didn't know Slammer was coming, but Symantec has a moral responsibility to inform the public if it thinks millions will be affected." It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release. Update: 02/14 16:54 GMT by M : Wired has their math wrong; Symantec apparently had at most 20-30 minutes of early warning. Symantec claims in this press release that they discovered the worm "hours before it began rapidly propagating".

mbenzi writes "This article from GovExec describes how the feds worked to prevent a worm that could have been orders of magnitude worse than Code Red. Short on details, but an interesting timeline."

lysurgon writes "CNN.com is reporting that the "BugBear" virus (Windows/Outlook only) is spreading quickly. Unlike ILovYou-type viri, instead of deleting files or just propagating itself, this animal disables firewall software and opens a port to receive remote commands. The article doesn't draw this conclusion, but this effectively sets up slave machines for DDoS uses. Also worth noting is the puzzlement of anti-virus guys as to why they haven't been able to make the virus spread in the lab. "One of the theories is that this requires an Internet connection in order to spread." Gee, you don't say?"

sverrehu writes "A GNU/Linux worm exploiting a bug in OpenSSL spreads through vulnerable Apache web servers, according to Symantec. The worm, which was first reported in Europe, targets several popular Linux distributions. See also the SecurityFocus vulnerability listing for the OpenSSL bug." sionide also writes: "Netcraft recently published a report which explains that a large portion of Apache systems are still unpatched (halfway down). To protect yourself please upgrade to OpenSSL 0.9.6g."

An anonymous reader writes "Computerworld is covering in more detail the new Federal 'Cybersecurity Center.' The article explains that unlike some earlier rumors indicated, the center will not try to build a super-carnivore, but instead use voluntary reports. It will be similar to the SANS Institute's Internet Storm Center, which summarizes contributions submitted to DShield.org. This system of voluntary contributors has been shown to be effective in the past by issuing early warning for a number of major Internet worms, like Code Red, Ramen and SQLSnake. Unlike Symantec's 'for pay ' Deep Sight service, which publishes alerts only to paying members, Incidents.org is a free service."

cbv writes "Symantec Corp. today announced the acquisition of SecurityFocus for approximately US$75 million in cash. The press release reads, 'With this acquisition, Symantec will offer customers the most comprehensive, proactive early warning system across the broadest range of threats.' The transaction is expected to close by early to mid-August 2002."

cbv writes "Symantec Corp. today announced the acquisition of SecurityFocus for approximately US$75 million in cash. The press release reads, 'With this acquisition, Symantec will offer customers the most comprehensive, proactive early warning system across the broadest range of threats.' The transaction is expected to close by early to mid-August 2002."

pstreck writes "News Forge is running a humor filled satire on the the recent Smile.D cross platform virus. It's a good read and just another reminder of why that other operating system needs to figure out a new security policy."

An Anonymous Coward writes "Symantec reports on the first virus to infect both ELF and PE binaries on Linux and Win32. "The first Win32/Linux cross-infector, {Win32,Linux}/Peelf, uses two separate routines to carry out the infection on PE and ELF files. This variant of Simile shares a substantial amount of code between the two infection functions, such as the polymorphic/metamorphic engines, the only platform-specific parts being the directory traversal code and the API usage.""

kylus writes "Wired is running a story about the continued escapades of the Klez virus, and the damage--both to finances and reputations--that it is leaving behind. Between emails from a dead friend and porno spam appearing to be sent from a priest, I think "Don't Believe the 'From' Line" is the correct lesson." God bless microsoft email viruses. I'm on a modem for a few weeks and downloading countless megs of mail viruses is extremely frusterating. Course I'm still getting sircams.

mike asks: "I'm mulling the logic of my company building its own desktop computers. As the IT Manager (plus sysadmin, janitor...) of a struggling-yet-thankfully-still-alive dotcom, money is really tight. We have around sixty ~400MHz desktops which are increasingly showing their age. Acceptable P4 systems from the big guys run at least $1000. By recycling the OS (Win2k), case, cdrom, floppy, and K/V/M, I figure I can assemble a good AMD system for about $600. That's a 40% savings. Is it worth it? The cost difference could very well determine whether this project proceeds or gets put on the back-burner again."

"Some negatives about rolling my own:

• Management: I won't get the special business features offered by some manufacturers. Dell's OpenImage, for example, looks awfully nice. But how much does that really buy me in a company of 60 machines? I don't use such stuff now; am I missing out on nirvana?
• Time to build: Even though we'd leverage Ghost wherever possible, handmade systems nevertheless take time to build, load, & configure.
• Supporting different platforms: Because money is so tight, I can at best afford a capital replacement rate of 25%-33% (15-20 units) per year. That means I'm committing to the support of 3 or 4 different platforms. Having just one platform is great, but how many companies, even ones that actively strive for it, truly enjoy that luxury? I inherited two platforms (Micron & Gateway); support isn't that bad. With proper planning, I don't see why we can't support four.
• Hardware quality: How much can I trust a popular Athlon chipset in a business environment? I feel silly bringing this up because I have a few Athlon systems at home, each with a different chipset, and they've been nothing but rock solid. But I know the lack of a really good chipset has been a large contributor to why AMD's aren't more prevalent in the business world. (well, that and long term bullying by Intel).
• I don't get a proven, prepackaged system that works right out of the box.

Positives of rolling my own:

• Cost savings. Plain & simple.
• Increased horsepower per dollar spent.
• By choosing my own equipment (mobo especially), I suffer fewer OEM shortcuts.
• I have to admit that I'd enjoy the pure geek satisfaction of rolling out 'my' creation to the company.

So is it worth it, or am I setting myself up for disaster?"

For those that are curious, Ask Slashdot did an article on the AMD issue, here.

Slashback arrives tonight with updates on the lukewarm path to cold fusion, one more update on what Microsoft claims is "the way out" (really, this time), a hopeful look at Mandrake's Club, and more -- read on below for the details.

"Congratulations! You may already own goats.cx!" King Mongo writes: "Well, well. First Verisign sent mail to trick domain owners into switching registrars ( as described earlier on Slashdot ); today I received a similar letter from Verisign asking me to renew cruel-intention.com with them. The problem is, I never bought cruel-intention.com and I've never used Verisign as a registrar. But what's this? Whois says I've owned it since September 2001? And the Technical Contact is Verisign? And it's registered for 10 years? You can bet I'll be contacting my state AG, as well as the USPS Inspectors' office; what if the domain name was offensive, or actionable (it may even be a DMCA violation)? Verisign has taken it upon themselves to hijack my identity and expose me to litigation! At least they let me know!"

Port softly, and carry a big Club. joestar writes: "Just seen in Mandrake Linux news... It seems that the recent call for Mandrake Club subscriptions had a double effect: it was a financial success for MandrakeSoft ($390,000 since the Club was first created on November 28th, 2001), and at the same time it generated lots of questions about this new approach of doing business with Free-Software. In a really interesting message, MandrakeSoft's CEO Jacques Le Marois gives all details about the Club results and why and how they are currently inventing a new business model dedicated to Free-Software oriented companies, since the traditional business models fail for these companies. Actually I'm impressed."

OK, perhaps we only have the way sideways. gh0ul writes "news.com is featuring an article regarding Microsoft and Unisys' joint venture to steer companies/individuals away from Unix and branch in to the corporate servers based on Windows2000. With all the negative impact towards 'wehavethewayout.com', im supprised they kept it going.. guess that $28 million matters.."

We've patented that way to think, sorry. An Anonymous Coward writes: "The Symantec marketing droids are on the rampage again. After patenting their definition update technology, this time they patented heuristic virus scanning. When will this insanity end? :P"

I'll believe it when it's powering my air-car. abburdlen writes: "A month ago an article in the Journal Science appeared hyping the possibility of tabletop fusion. Quick summary: Sonoluminescence in heavy acetone ... temperature of collapsing bubbles reaching temperature hotter than the Sun ... evidence of fusion. There was some excitement. There were also many initial skeptics. Looks like the doubtful win again. From the APS, 'The possibility of a major discovery has been obscured by substandard experimental techniques.' Ouch."

One day we'll all have decent bandwidth, right? Pathway writes "I know this has been looked at by slashdot before, but here's a good update comparing the Zipp Fiber to the Terabyte Triangle in Spokane at thelocalplanet.com. In the article, they compare how one prodject is so successful, while the other is foundering. It's a good read."

sirsnork writes: "There is a story about John Gilmore running an open relay that is being used by a virus to propagate running over at Newsbytes. His defence? He wants his friends to be able to send email through his server from whereever they are. You'd think he'd know better." Gilmore has been skirmishing with Verio for some time over his open mail relay. Is it a good thing because it promotes the free flow of information? Is it bad for promoting the free flow of spam? Do the ethics change because someone writes a virus that uses the server to propagate? Interesting questions.

Juergen Kreileder writes "Symantec says they've received W32.Donut, the first .NET virus: 'This virus targets EXE files that were created for the Microsoft .NET framework. W32.Donut is a concept virus. It does not have any significant chance to become wide spread. However it shows that virus writers are paying close attention to the new .NET architecture and attempting to learn how to exploit it before the Framework will be available on most systems.'"

An anonymous reader contributes: "In this article on Declan McCullagh's Politech, Symantec chief researcher Eric Chien stated that provided a hypothetical keystroke logging tool was used only by the FBI, Symantec would avoid updating its antivirus tools to detect such a Trojan, echoing a similar stance Network Associates allegedly took with its McAfee anti-virus software earlier this week. 'If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it -- we wouldn't detect it,' said Chien. 'However we would detect modified versions that might be used by hackers.'"

The first slashback of normal time (not Daylight Savings) in a while, tonight with news of 3Dwm's continuing progress, ways brave OS X pioneers can bravely reclaim their lost MP3 files, and a word of caution on HP's upcoming digital-audio playbox.

Vivid Video, take note: NickElm writes: "The 3Dwm project, already featured twice before on Slashdot (the last time little more than a year ago), is still alive and kicking and making steady progress. This summer, we added CSG support, full VNC interaction, and our first real application (a 3Dwm clock). To top it off, Xybernaut recently donated two wearable computers to the project, perfect platforms for this kind of thing. 3Dwm packages have existed for Debian for quite some time, and we were just now adopted by Mandrake as well. What are you waiting for, download it and try it out for yourself! Still far from a complete user environment, but we're getting there..."

Do you want your iTunes iBack, little iBoy? pinqkandi writes "Apple has released some tips on getting back your data lost by the iTunes Installer for Mac OS X. If you haven't written to the partition where the loss occured, you should be able to get it back with Tech Tool Pro or Norton Utilities. Apple's tips warn to NOT use a Volume Recover feature in these utilities, but instead use their tools to recover lost data. Also, boot from a CD before recovering data, and also follow your utility's maker's directions. Unfortunately, no free utilities are listed for the recovery."

The sort of details you'll find on page 17 in small print. ARP writes "A while ago RatedPC brought us some scoop of HP's upcoming Digital Entertainment Center de100c. At first this unit seems to be a perfect addition to home theatre systems right? Well, you better forget about it if you think you are going to use it to share music or make your own CDs from your MP3 collection. What HP hasn't told us is they have been seriously whipped by DRM (Digital Rights Management). An internal FAQ has revealed that users will be unable to use CD-RWs to burn off their own CDs. You will need to buy "Digital Audio Discs" and royalties from these discs are distributed to artists via the RIAA. And you can't transfer your songs to your PC either. Without a doubt RIAA's foothold has extended much above just this. Don't be surprised if it won't play your MP3 collection because they are not digitally signed. The problem is that RIAA will be riding high on HP success with this product and their grip will be firmer when it comes to controlling what you will do with your music."

A similar problem affects the otherwise very cool-looking Terapin video recorder, which I would pick up in a heartbeat if it worked with regular CD-Rs. The HP website talks about burning tracks to CD, but makes no mention of such restrictions; I hope this is simply bad information, but it seems quite likely that "burning to CD" in this case will mean burning to industry-sanctioned CDs with their accompanying surcharge. Can anyone provide further information?

I don't understand why Symantec classifies a "remote root" exploit as only "medium" damage. Code Red ^[?] is hitting cable modem networks especially hard, as the new variants scan "nearby" IP's in preference to random ones, which has apparently caused enough damage and network congestion that AT&T's residential broadband division (MediaOne) has cut off port 80 across their network to try and halt the spread of the worm, or so several submitters reported. Newsforge has a story about various reactions to the worm, and reader nettdata sent in an interesting story about the worm becoming the main course at a dinner of security specialists.

buggedByViruses asks: "I work for a University IT department, which I would prefer to keep anonymous. We are in the process of making a major decision in dealing with the onset of a large amount of viruses which may or may not have the possibility of causing a lot of damage to student's and university machines. The only solution we came up with is to get the students to download and install the university site licensed copy of Norton Anti-Virus managed by a Norton server which allows us to automatically keep the students machines updated properly with the latest virus definitions and be able to perform a mass scanning for viruses if we felt the need." I am all for sane policies in keeping viruses off of campus networks, but scanning directories for infected files is no longer sufficient in catching virses, especially solutions that are known for their lack of cross platform support, and certain privacy issues as well. Norton Anti-Virus is all fine and good in a business environment where homogeny is expected, but is this expectation true of many college networks?

"[It should be noted that] the Norton server allows you to view the entire directory structure of someone's machine and allows you to see the files it is scanning as if it were your own machine. We realize this was designed more for companies and businesses, but we have found that viruses have become a major problem and give us a huge headache when we try to support all the students connected to the university network.

My question is what do other university IT departments do in response to the increase in viruses over the past 2 years. I know there are a lot of university IT employees in the Slashdot community and I look forward to getting some feedback as to how they go about doing this without causing too many privacy problems. The way we are looking at it, and we are very privacy concerned and wouldn't do anything malicious with it, is that the students are using our network under our regulations and as long as we don't use the software to 'check up on' the contents of someone's hard drive (except obviously for viruses), then what we are doing is completely legit.

Any feedback would be greatly appreciated."

Webmoth asks: "As a networking consultant providing services to small businesses, I find myself installing an increasing number of Linux/Samba servers. Many of these clients are now getting always-on Internet connections with static IP addresses so that they can have an in-house mail server on that Linux box. I am concerned about the increased possibility of viruses infecting their network because of this. I'm not worried about the Linux box contracting a virus (that typically requires user intervention), but would like some solution, a software package running on Linux, that monitors for Windows viruses as files are accessed on the Samba server. It would be nice if there was a module that interacted with Sendmail to block e-mail viruses, too." Remember, many solutions that work for Linux will work for other Unixen as well. Unix machines typically act as mail servers for most enterprises so it would help prevent e-mail virus outbreaks if scanning can be done at the server level as well as the client level.

"Ideally, this Linux antivirus product would act as a server to provide virus definitions and scan control to Windows clients (much like Symantec's Norton Antivirus Enterprise Solution, formerly Intel's LanDesk, which is a great product but Windows-exclusive), as you can't trust users to maintain their virus software. Symantec had a press release back in April which seemed to indicate Linux support, but a knowledge base article posted the following day reveals that support is provided by scanning a shared Linux filesystem that can be mounted by a Windows box running Norton Antivirus. I'd like to see real Linux support. Anybody know of a practical solution?"

Webmoth asks: "As a networking consultant providing services to small businesses, I find myself installing an increasing number of Linux/Samba servers. Many of these clients are now getting always-on Internet connections with static IP addresses so that they can have an in-house mail server on that Linux box. I am concerned about the increased possibility of viruses infecting their network because of this. I'm not worried about the Linux box contracting a virus (that typically requires user intervention), but would like some solution, a software package running on Linux, that monitors for Windows viruses as files are accessed on the Samba server. It would be nice if there was a module that interacted with Sendmail to block e-mail viruses, too." Remember, many solutions that work for Linux will work for other Unixen as well. Unix machines typically act as mail servers for most enterprises so it would help prevent e-mail virus outbreaks if scanning can be done at the server level as well as the client level.

"Ideally, this Linux antivirus product would act as a server to provide virus definitions and scan control to Windows clients (much like Symantec's Norton Antivirus Enterprise Solution, formerly Intel's LanDesk, which is a great product but Windows-exclusive), as you can't trust users to maintain their virus software. Symantec had a press release back in April which seemed to indicate Linux support, but a knowledge base article posted the following day reveals that support is provided by scanning a shared Linux filesystem that can be mounted by a Windows box running Norton Antivirus. I'd like to see real Linux support. Anybody know of a practical solution?"

Webmoth asks: "As a networking consultant providing services to small businesses, I find myself installing an increasing number of Linux/Samba servers. Many of these clients are now getting always-on Internet connections with static IP addresses so that they can have an in-house mail server on that Linux box. I am concerned about the increased possibility of viruses infecting their network because of this. I'm not worried about the Linux box contracting a virus (that typically requires user intervention), but would like some solution, a software package running on Linux, that monitors for Windows viruses as files are accessed on the Samba server. It would be nice if there was a module that interacted with Sendmail to block e-mail viruses, too." Remember, many solutions that work for Linux will work for other Unixen as well. Unix machines typically act as mail servers for most enterprises so it would help prevent e-mail virus outbreaks if scanning can be done at the server level as well as the client level.

"Ideally, this Linux antivirus product would act as a server to provide virus definitions and scan control to Windows clients (much like Symantec's Norton Antivirus Enterprise Solution, formerly Intel's LanDesk, which is a great product but Windows-exclusive), as you can't trust users to maintain their virus software. Symantec had a press release back in April which seemed to indicate Linux support, but a knowledge base article posted the following day reveals that support is provided by scanning a shared Linux filesystem that can be mounted by a Windows box running Norton Antivirus. I'd like to see real Linux support. Anybody know of a practical solution?"

Everyone and their brother wrote in to say that a new and more destructive version of the ILOVEYOU virus has hit the net. Instead of deleting on a few files, this one deletes every file not in use. And even more amusing, rather then using a hardcoded subject line, it uses the host's email archive to cause the subject to change while it propogates. Intelligent mail client users continue to be unaffected (although the ILOVEYOU sympathy virus has been annoying the heck out of us for days now... it works on the honor system: Please delete some files and mail to all your friends).

KnobDicker writes "Wired News reports Symantec is pressuring the ISP that hosts the Peacefire anti-censorware organization." Peacefire's founder, Bennett Haselton, wrote a decryptor for Symantec's software's blacklist and posted just that. His tests found that 76% of its .edu blocks were incorrect and that the software violates its privacy policy. Symantec's response? Threaten a lawsuit. But Peacefire isn't backing down. More below...

Let's first get the facts straight. Peacefire has not posted copyrighted material. It has posted code to decrypt I-Gear's encrypted blacklist. This is exactly like the DeCSS case, except the goal is criticizing a product instead of space-shifting movies.

The criticism here is that 76% of the .edu-domain blocks are wrong. This is a huge number. This suggests that, for every time the product blocks you from offensive material at an .edu Web site, there are three other times it blocked you from perfectly ordinary material.

While there are some people (like Bruce Taylor of the National Law Center for Children and Families) who would like to deny it, nobody's making this stuff up. Censorware really does suck. In fact, Peacefire did the same thing to X-Stop, another blocking package, two weeks earlier, and found a 68% .edu error rate. (But its maker hasn't threatened to sue. Yet.)

So what did Peacefire learn about I-Gear? A description of a milking machine system written in Spanish - blocked. Tricks for a flight sim game - blocked. A page entirely in Latin - blocked. Volumes 4 and 6 of "Decline and Fall of the Roman Empire" - blocked (but you can still read Volumes 1, 2, 3, and 5, go figure).

Furthermore, Peacefire revealed that Symantec is apparently violating its privacy policy by sending information to its servers without telling the user. Your Windows-registered "real name" and "company name" secretly get sent back to Symantec.

You may recall Haselton's Slashdot story "Keep it Legal to Embarrass Big Companies," from two weeks ago. He wondered if these kinds of pressure tactics would be the response to his efforts. It's already started.

The legal issue appears to be whether Symantec's End-User License Agreement (EULA) can contain a clause prohibiting reverse-engineering - and whether that clause can be enforced. UCITA will be the thousand-pound gorilla here, providing real legal muscle behind onerous EULAs. Fortunately, the current legal situation is more iffy, and cnet's story talks about that a little.

Symantec wants to distribute I-Gear only on the condition that nobody looks under the hood or says anything bad about it. And UCITA would back that up - by sending people like Haselton to jail for revealing products' flaws.

And then there's the question of why Symantec is using lousy crypto in the first place. As KnobDicker concludes: "Rather than being thankful that Haselton has conducted testing and work that they should have done themselves in the first place (for *free*), Symantec is crying in their beer and threatening to break out the lawyers to quash the bad press. Chalk up another one for the Open Source model's system of thorough peer review instead of development in a proprietary vacuum."

KnobDicker writes "Wired News reports Symantec is pressuring the ISP that hosts the Peacefire anti-censorware organization." Peacefire's founder, Bennett Haselton, wrote a decryptor for Symantec's software's blacklist and posted just that. His tests found that 76% of its .edu blocks were incorrect and that the software violates its privacy policy. Symantec's response? Threaten a lawsuit. But Peacefire isn't backing down. More below...

Let's first get the facts straight. Peacefire has not posted copyrighted material. It has posted code to decrypt I-Gear's encrypted blacklist. This is exactly like the DeCSS case, except the goal is criticizing a product instead of space-shifting movies.

The criticism here is that 76% of the .edu-domain blocks are wrong. This is a huge number. This suggests that, for every time the product blocks you from offensive material at an .edu Web site, there are three other times it blocked you from perfectly ordinary material.

While there are some people (like Bruce Taylor of the National Law Center for Children and Families) who would like to deny it, nobody's making this stuff up. Censorware really does suck. In fact, Peacefire did the same thing to X-Stop, another blocking package, two weeks earlier, and found a 68% .edu error rate. (But its maker hasn't threatened to sue. Yet.)

So what did Peacefire learn about I-Gear? A description of a milking machine system written in Spanish - blocked. Tricks for a flight sim game - blocked. A page entirely in Latin - blocked. Volumes 4 and 6 of "Decline and Fall of the Roman Empire" - blocked (but you can still read Volumes 1, 2, 3, and 5, go figure).

Furthermore, Peacefire revealed that Symantec is apparently violating its privacy policy by sending information to its servers without telling the user. Your Windows-registered "real name" and "company name" secretly get sent back to Symantec.

You may recall Haselton's Slashdot story "Keep it Legal to Embarrass Big Companies," from two weeks ago. He wondered if these kinds of pressure tactics would be the response to his efforts. It's already started.

The legal issue appears to be whether Symantec's End-User License Agreement (EULA) can contain a clause prohibiting reverse-engineering - and whether that clause can be enforced. UCITA will be the thousand-pound gorilla here, providing real legal muscle behind onerous EULAs. Fortunately, the current legal situation is more iffy, and cnet's story talks about that a little.

Symantec wants to distribute I-Gear only on the condition that nobody looks under the hood or says anything bad about it. And UCITA would back that up - by sending people like Haselton to jail for revealing products' flaws.

And then there's the question of why Symantec is using lousy crypto in the first place. As KnobDicker concludes: "Rather than being thankful that Haselton has conducted testing and work that they should have done themselves in the first place (for *free*), Symantec is crying in their beer and threatening to break out the lawyers to quash the bad press. Chalk up another one for the Open Source model's system of thorough peer review instead of development in a proprietary vacuum."

mbruns wrote in to send us a CNN Story and a Symantic Bit about a new Melissa-esque virus that alters users win.ini and deletes files. Of course, only people who use that "Other" OS are at risk.