Domain: winmag.com
Stories and comments across the archive that link to winmag.com.
Comments · 18
-
Re:Absurd..
Yup, and it's exactly why I added SHS file protection to a freeware program I wrote that helps protect against viruses spread by Windows Scripting Host and ShellScrap Files. (I'm finishing up the next version that adds REG, HTA, Word Doc, Excel, and SHB support as well.) In case anyone's interested, you can download it from http://www.winmag.com/fixes/watchdog/.
-
Not quite....
I don't think those examples either didn't harm the users sufficiently enough to warrent a breakup or weren't MS's fault entirely.
The ILOVEYOU virus and it's clones were made possible by Microsoft adding the scripting capabilities of Windows Scripting Host to their OS. This is similar to what many flavors of UNIX have. Unfortunately, because of the sheer number of people that use Windows (and Outlook which was needed to spread the virus), the virus caused more damage than a similar Unix or Linux-based virus would. (This is similar to the opt-stated argument that Windows is more vunerable to viruses because there are more viruses written for it. If you were a virus author and you wanted your virus to have the biggest impact, of course you're going to target the biggest OS!) As a side note, there are tools available that will protect users against these viruses. (Including one I wrote called WatchDog which you can download from http://www.winmag.com/fixes/watchdog/.)
The incompatible file formats were indeed a nuisance, but how will breaking up Microsoft fix that? By making an apps company whose biggest source of revenue is from Office upgrades?
Maybe I'm in the minority here, but my home and office systems are shut down every night, not because I'm afraid they'll crash, but because I want to save some $$$ on my electric bill. I have no desire to leave my home computer on when I'm sleeping at night. Realize that servers are another issue, I'm talking about your average home and business user. Most of the crashes I've come across are due to poorly written apps (*cough**cough*Lotus Notes*cough**cough*) or bad hardware drivers. I can't remember the last time I had a purely Windows-related crash. So we should break up Microsoft because some 3rd party company was lazy in their error trapping?
As for people hating Windows, I know some people do, but not everyone. Certainly not me. So the government should step in and break up a company because some customers don't like the product (yet still insist on using it)? Are you punishing Microsoft for marketing so well that people think that they have to use Windows? Maybe while we're at it, we should require all ads to list some competitors?
I agree that some of Microsoft's practices were questionable, but I don't think the consumer harm warrents a breakup. -
Other antivirus vendors?
Along with this and other offenses, I've decided to avoid doing any further business with Symantec. For starters, I've begun to look at other antivirus utilities (primarily for Win2k — stop snickering!). And, so far, Command Antivirus looks to be quite promising, especially since it's available for so many OSs. Any recommendations?
Alex Bischoff
--- -
Article about it in WIndows Magazine...Found this article at windows magazine http://www.winmag.com/columns/powerw2k/2001/01.ht
m - subsolar
-
My review of the Stowaway....
A few months ago, I was given the opportunity to review the Stowaway keyboard for the website I work for. Feel free to check out my review.
-
I'd like to see that too....
But instead of waiting for MS to build it in to the OS, I made a program that does just that.
<plug mode on>
WatchDog intercepts Windows Scripting Host files by making itself be the default program that should run them. When a script tries to get run (say by tricking you to click on that e-mailed "Love Letter"), WatchDog will run and will examine the contents of the script to determine what security risks it poses. It then prompts you and lets you decide whether or not you should run it.
I'm currently working on a new version that lets you mark a script as safe. (WatchDog will, however, keep a record of the size and last modified date of the script and prompt you if those change.)
It won't replace your normal anti-virus program, but there's no way a WSH virus could get by it. (Which means it can catch new WSH virus' without needing update patches.) For those of you who'd like to try it out (it's freeware) go to http://www.winmag.com/fixes/watchdog/.
<end plug mode>
-
Re:is this only for laptops?
...unless you had one of these.
-
The Security Flaw...
...is actually not in Windows, but in a separate program (albeit installed with Windows) that allows people to write scripts to run in windows (appropriately named Windows Scripting Host). It gives access to the file system and mailing capabilities amoung other things. It's been awhile since I've used a Unix system, but I believe they have similar capabilities (albiet with better permissions cabalilities than Win9x I'm guessing).
[shameless plug]
Of course, you could use my free Watchdog program to trap the WSH scripts before they do any damage.
[/shameless plug]
MS would be smart to make this type of protection standard in Windows Scripting Host. -
suggested method for implementation
i sent this earlier this week in response to Mike Elgan's WinLetter . i'm sure that the slashdot communtity can come up with better ways to implement specific portions, but.....
----
specifically regarding online voting:
since the DMV is already a large part of the voter
registration, use them to your benefit. use the
individual's license number in combination with a secret previously agreed upon (say, when you renew your license) to authenticate the individual. this will also provide authentication that the individual is over 18, where they live, etc.
along with the authentication from the dmv database, a token is generated and encrypted via a one-way hash and sent to the actual voting server. the voting server uses this token to determine what "issues" the individual gets to vote upon
based on voting district, conveniently encoded into the token. this allows the individual to physically be anywhere in the US (or not ) and still be able to vote on the issues that are local to where they are registered.
once the individual has completed his/her vote, the voting server passes the token back to the authentication server, indicating a successful vote. this allows record of who voted, preventing multiple votes as well as providing an indicator of individuals who tried to vote, but (presumably)
couldn't. since only the token is returned to the
authentication server, the there is no way for the vote to actually be tied back to the user.
if the authentication server does not receive an
acknowledgement that the vote had taken place within a time period, a notice could be issued (via mail, web, other) to let the user know that the vote was not recorded. it also should use a different token for successive attempts. using
a secure webserver for all transactions should prevent all eavesdropping and man-in-the-middle -type attacks.
what do you think? -
Re:What's the point?
-
Re:VBScript isn't evil
I've used VBScript to automate a lot of tasks that would have been very repetitive to do otherwise. What MS needs to do, however, is beef up the security on the Windows Scripting Host (which VBS files run through) so virus-like behavior gets flagged and the user is warned. (Of course, not one to wait for MS to act, I wrote a prog that'll do this... http://www.winmag.com/fixes/watchdog/ if anyone's interested.) Once a buffer is in place, the rate at which VBS-type virus' can spread will diminish a lot. For example, many users might open a PAMELA ANDERSON.MOV.vbs file, ignoring the vbs extension and getting infected. But how many will proceed if opening the "movie" file returns a warning that this will change your registry, overwrite files, etc.
-
Anyone remember BisMark 97?
It was an MS Word 97 macro virus that did just that - it made your paper clip say things like "You Should Have Left Me Alone, I Was Not Hurting Anything. Now IAm Mad!" This old Windows Magazine article mentions it near the bottom of the page as making the "Office Assistant less than friendly".
-
Re:Follow the money...
Argh. Or did they settle out of court because Rio promised to implement SDMI? I can't find a clear history of the suit and any counter-suits anywhere...
-- -
Winmag gave NS a favorable review
All this discussion on whether Winmag would be biased against NS 6 is ridiculous because they gave it a glowing review. The article discussed the preview release at length, calling it a "revolution" and lauding both its features and Netscape's desicion to use an open-source design model. In particular, they frame it as being a real competitor for IE. In fact, it's one of the most positive review of NS6 that I've read. Anyone saying the Winmag is biased against NS should read this before sounding like an idiot.
The bus came by and I got on
That's when it all began
There was cowboy Neal
At the wheel
Of a bus to never-ever land -
Old NewsWhen searching Google for a cached copy of the professor's comments on the reviews (currently removed from the review site at his request), I found many references to this lawsuit.
One example was on Winmag last October.
Another example is marked November but my employer's smartfilter won't let me go there.
-
Problems describedThere's a great column at winmag about the writer's woes with AOL 5. His basic opinion about AOL 5 after using it was that, with AOL, you're SOL. (Not only does it take over your connection, it tends to crash the system!)
-
"Opposed to Microsoft" IS the business plan.
I've been reading The Microsoft File : The Secret Case Against Bill Gates (don't buy it here!). There's some interesting tidbits about MSDOS vs DRDOS, MS vs Novell, and Bill Gates vs Ray Noorda in there (Also lots of boring bits; I give the book two stars out of five - I didn't hurl it from me, but I have to force myself to read it). Noorda was the CEO of Novell in the early 90s. He retired from Novell and founded Caldera. This article summarizes the history of Noorda and Caldera. The current CEO of Caldera is also from Novell. I'd guess that Noorda brought him over, and that he has a fair amount of personal loyalty to Noorda, his values, and his goals.
Noorda has it in for MS, and I would say deservedly so. MS proposed a merger with Novell and basically pillaged all kinds of inside business and technical information before saying "Nevermind." Novell bought DRDOS, only to have MS...well, you can read that history yourself. A couple of passages in the book indicate that Noorda felt that Bill Gates had lied to him personally.
Noorda doesn't think that MS is good for the software industry. A benign dictator can be acceptable, but an blood-crazed psychopathic tyrant is a Bad Thing (tm). De facto industry standards are fine as long as they don't come from the end of a gun.
I think that your opinion (about business plans)is tactically sound but strategically wrong. If Microsoft is taken apart - or at least taken down a few notches - there will be more opportunities for everyone in the software industry. If EVERYONE said "Our plan is to take something away from Microsoft," MS would find itself assaulted from all sides and unable to compete effectively without choosing some battles and losing some battles. Noorda is doing his part, and if everyone else would do the same, the software industry would be a different place. Better or worse, I honestly can't say, but definitely different. -
And how easy would it be to fake the GUID?
It's not hard at all. The GUID is stored as cleartext (!) in the Office documents. Open one of yours (if you don't have one, you can download a template from Office Update). For instance, the person who put together the PowerPoint "Project Overview" template has this GUID: {DB2F2831-22EE-11D0-BC57-00805F883DE4}. For those who are interested in conspiracies, you should rewrite the last part as 00:80:5F:88:3D:E4. That's right: The GUID contains the MAC.
Websites access this by an ActiveX control in your %WINDIR%. Microsoft accesses it so that they can put it in your microsoft.com cookie. You can read about this, and how to disable the control, at Winmag.
Mike
--