Windows Critical Updates, More improtant than your data?!?!

So there I am, asleep in bed, well sort of. I wasn't sleeping very well that night to begin with but to get to my story. Here comes 3am and what do I hear that breaks the silence of the early morning? Well, its my fancy little "Exiting Windows" wav file. "Hmm" I think. That's odd, because I'm not at my computer and surely nothing on this planet would just make my computer just shut down. So like a good nerd, I have to get up and see what the heck is going on. My system comes back up and to my amazement, I see a nice little balloon message pop up from Microsoft...."You computer was recently AUTOMATICALLY RESTARTED because of a critical update."

OK... I will let that soak in for a second.........

Ok, You got that? AUTOMATICALLY RESTARTED!!!!

Let's look at a simple equation. Microsoft or another technology firm, finds a flaw in windows that may lead to the ability to allow a person to compromise the weakness and damage your data. Sounds simple enough right? Now, the problem is so high on the list of windows problems that someone decides this needs to be applied IMMEDIATELY!!. Good enough, sounds like good ole' MS is looking out for us.

But, here is my point. MS comes out with a patch to fix a problem so that users WILL NOT lose their valuable data, by rebooting automatically and possibly leading to the loss of DATA!?!?!

AHHHHHHHHHHHHHHHHHHHH! Anyone else following me on this?

Here is what happens in Microsoft Speak. "As it turns out, the reboot is actually expected behavior. You have Automatic Updates on your system configured to Automatically download recommended updates for my computer and install them” on a schedule. When one or more of those updates requires a reboot, the system gets rebooted."

So it's my fault? Oh i feel better. Thanks. Enngg! Wrong.

If any of you remember a virus back about four or so years ago, (can't remember the exact name but I think it was "Sircam") This viruexploiteded a critical flaw in NT based OS's (XP is NT based) that caused the system to rebooinexplicablyly when thpersonne logged on to their internet service provider. This virus maker cause "millions" of dollars of damage. They were caught, sent to prison and so forth.
Microsoft has made the exact bi-product with this Auto update feature. NowI'm'm not likening MS to a criminal, although there are times I want to. BUT, this problem needs to be addressed at the highest level. This really is an inconvenience for the user and sometimes worse. Perhaps you were working on a term paper at night, went to bed without saving, it happens to everybody sometimes, we forget to save. But thats ok until BAM! MS restarts your computer!

Nope! that's not what I want.

So here are the options........

1) Turn off Automatic Updates.
- Well, some people have no problewithth doing this, but with the amount of time that it takes for someone to use MS bulletin and use it maliciously, I wouldn't recommendnd it. Yodon'tnt always remember to run the manual updates. So I would leave this on.

2)Wait for a fix?
- In speaking to MS employeeee at a recent MS event, I don't think there is one coming soon. Unless someone REALLY has a fit. It will come to a head, but MS is too busy with their regular biz.

3)Hacked registry fix.
EUREKAKA! There we go That's what we need. Let's just turn it off! It turns out there is a registry entry that gets rid of this annoyance and will allow you to save your data and reboot on your own. Don't you feel better now? I know I do! :)

Here is the link, save to your desktop, double click and say "yes" to add it to the registry.

"Turn off auto reboot" fix

Happy Computing! and Pass this info on!
Nick H

Eating Fatty McDonald's food may soon Pay off!

I think we now officially are in a true digital age, here is an interesting little story in the New York Times.

"If the Walt Disney Company has its way, McDonald's Happy Meal toys could be replaced with portable media players that hold Disney movies, music, games or photos, according to a pending patent application. Users could add files to the devices by earning points with food purchases.

The plan could work something like this: A customer enters a restaurant and buys a meal, receiving the portable media player and an electronic code that authorizes a partial download of a movie, video or other media file, which can be downloaded while in the restaurant, according to a United States Patent and Trademark Office application filed by Disney. Then, with each subsequent return, the customer earns more downloadable data, eventually getting an entire movie or game.

Earning a large file, like a movie, might require five trips - a compelling incentive for a customer to return to the restaurant."

Yeah I'll take a Number 3 supersized with a chunk of Star Wars Episode III please! Ahh CRAP! I already have 5 first half's of the movie! This sucks!

Once again corporate America pushes society towards digital obesiety.
Yum Yum

MS Excel Vulnerability

MS Excel Vulnerability? Yup another one. Although this time its a very humerous story how this came to light.

Eweek had this to say:
---------------------------
What's the retail value of a security vulnerability in Microsoft Corp.'s Excel spreadsheet program? At last check: $53 and counting.

An unknown security researcher chose a novel way to issue a warning for a code execution flaw in Excel—posting it for sale on eBay. But the auction was pulled late Thursday after discussions between Microsoft and eBay Inc.

When the auction was squashed, the bidding had reached $53 and had attracted 19 offers.

A spokeswoman for Microsoft confirmed that the eBay listing was indeed a legitimate security flaw in Excel. "[We] have not been made aware of any attacks attempting to use the reported vulnerability or customer impact at this time, but will continue to investigate the public reports to help provide additional guidance for customers," the spokeswoman said in a statement sent to Ziff Davis Internet News.

The spokeswoman said the company was investigating the report and working with eBay to determine the appropriate course of action to protect Excel users.

In the listing, posted by a seller named "fearwall," the issue is described as a zero-day vulnerability that was discovered on Dec. 6, 2005 and reported to Microsoft.

The seller openly taunts the software giant, poking fun at the company's delays in providing fixes for known security bugs. "It can be assumed that no patch addressing this vulnerability will be available within the next few months. So, since I was unable to find any use for this by-product of Microsoft developers, it is now available for you at the low starting price of $0.01 (a fair value estimation for any Microsoft product)," the listing read.

It said a percentage of the proceeds from the auction would be contributed to various open-source projects.

"Microsoft representatives get 10 percent off the final price. To qualify, you MUST provide @microsoft.com e-mail address and MUST mention discount code LINUXRULZ during checkout," it added.

The seller also provides brief details on the flaw, which occurs because Excel does not perform sufficient data validation when parsing document files.

"As a result, it is possible to pass a large counter value to "msvcrt.memmove()" function which causes critical memory regions to be overwritten, including the stack space. The vulnerability can be exploited to compromise a user's PC," according to the listing.

"It is feasible to manipulate the data in the document file to get a code of attacker's choice executed when [a] malicious file is opened by MS Excel. The exploit code is not included in the auction. You must have very advanced skills if you want to further research this vulnerability," it added.

The seller promised to provide the winning bidder with two .xls files—one file is the original Microsoft Excel document, the other one is a copy of the same document modified to demonstrate the vulnerability.

"The demonstration merely triggers the exception causing Excel to crash. It does not do anything malicious. A detailed description of the vulnerability will be provided in the message body."

---------------

So Keep your eye on e-bay becuase you never know when a security hole will come up!
Oh, and if you get a mysterious spreadsheet from anyone, it would probably be a good idea not to open it right now.

That is of course only a problem if you're using excel. :)

Well here it goes.

Hello All,
Well after much consideration (at least 5 minutes) I decided to launch this blog. Interesting term "Blog" sounds like a 1950's SiFi movie about brain-eating aliens. hmm....
Anyway, Here it goes. I will try to keep this updated as much as possible. You will find all things Technology related here and also the occasional rant usually about big business or something to that effect.


ENJOY!!