Cleaning Up Windows Spyware

As much as we’d like to bash Microsoft, or whatever software vendor is affected by exploits, the truth is that user behavior also contributes to the poor security on some machines.  Jeff Atwood details his own experience with a PC that was infected because he surfed 1 website with an old version of IE6.

I recently upgraded my dedicated racing simulation PC, so I was forced to re-install Windows XP SP2, along with all the games. As I was downloading the no-cd patches for the various racing sims I own, I was suddenly and inexplicably deluged with popups, icons, and unwanted software installations. I got that sinking feeling: I had become the unfortunate victim of a spyware infestation.

The simplest thing you can do to protect your machine is run your operating system’s automatics updates service.  Windows has the Update app that sits in the icon tray, Mac’s have the Software Update option in the apple menu, and Ubuntu provides update notification in the notification tray via an orange icon.  You should be in the habit of running updates frequently, no matter which system you run.  I was dismayed a while back by a colleague who felt they didn’t have to run updates in Ubuntu because essentially "Linux is secure enough". 

Another good practice is to always run the latest version of your browser of choice.  If you use Windows Update, you’ll keep Internet Explorer’s patches up -to-date, although there are still unpatched vulnerabilities in the wild.  A better option, and my recommendation especially for Windows Users, is to run Firefox 2, which automatically updates itself.


Windows Vista, annoying even hard core windows users

Sandy passed along Clinton Forbe’s amusing preview of Windows Vista.  The more of these I read, the more I come to the conclusion that Vista is a huge horsepower hog that misses doing the little things right and focuses on making stuff look pointlessly pretty.

If you have a few applications open then expect to wait a few seconds before the eye-candy appears. And when it does appear you will wonder why you bothered.


Windows Vista security is a joke

You might think that apple is poking fun at windows in this latest Mac advertisement, but you’d be fooling yourself.  But judging by the comments in Very Severe Hole" in Vista UAC Design, its really a documentary, not an ad.  What’s the giant security hole – oh yeah – any installer automatically runs with administrator privileges, any installer.  Did it really take Microsoft 6 years to figure this out when both Mac and Linux already work their way?  Or is this how they innovate?


IE7 more prevalent, overall IE share of browsers is down.

News to make any Firefox fan sleep a little easier at night.  While Internet Explorer 7 (IE7)  is being installed more widely, its replacing installations of IE6.  That in and of itself shouldn’t be that surprising.  However, the forced upgrade to IE7 hasn’t eaten into the Firefox share at all.  In the US, that share is estimated at 14% by WebSideStory.

Johnston wasn’t confident that Microsoft would ever be able to make inroads on Firefox’s growing share. "Once someone gets used to Firefox, especially its extensions, and unless they think IE 7 or IE 8 or whatever comes in the future is so much better, they’re going to stay with Firefox," says Johnston.


Browser upgrades – Firefox 2 or IE7

Of course, you know I’m going to tell you to install Firefox 2.0 once its released, and I don’t have a windows XP machine so no trying out the newly released IE7.  By the way, did you see that security vulnerabilities were already found for IE7, less than 24 hours after its release?  I’m using a release candidate of Firefox2, thanks to an ubuntu upgrade. While the Safari-like close button tabs are taking a little more time to get used to, there are some noticeable, if not drastic, usability enhancements.  The search field, in the top right of the UI, is larger giving you more room too see search terms.  I also like the automatic spell-checking in text areas, it already caught one typo as I wrote this post.

Over at the Wall Street Journal, Walt Mossberg has a more thorough comparison of the two browsers.  If you’ve been sitting on the sidelines, you’ll get the IE7 upgrade automatically via windows update in the coming weeks.  If you can’t wait, download Firefox now.

I have been testing IE 7, and I agree with Microsoft that it’s much
improved. If you are a confirmed IE user, upgrading to this new version
makes perfect sense, because it is likely to be more secure and its new
features make Web browsing better. But if you are already using
Firefox, IE’s main competitor, I see nothing in IE 7 that should make
you switch. It’s mostly a catch-up release, adding to IE some features
long present in Firefox and other browsers. The one big feature in IE 7
that wasn’t already in Firefox, a built-in detector that warns against
fraudulent Web sites, is being added to Firefox in version 2.0.


Windows Vista is Microsoft’s Iraq?

Scott Rosenberg draws an interesting parallel between Microsoft’s attempt to rewrite Windows, and the Bush administration’s foray into Iraq.  Of course, the two aren’t morally equivalent, but its a good intellectual excercise with more than a shred of validity.

Then he says, “It wasn’t executed.” Note the passive voice, correct for it: “We didn’t execute it.” Which means, “We didn’t do it.” That’s, you know, obvious, I’d think.

So its been five years since they started!  In that time Apple has delivered, what, 4 versions of OS X?  On the linux front, there’s been one major kernel revision and a ton of improvements in both the KDE and Gnome camps.  And Firefox came out of the ashes of the Netscape browser to provide a compelling browser alternative.  And Microsoft has given us, the X-Box.


Unpatched IE Flaw exploits in the wild

If you’re using Internet Explorer, or are forced to use it at work, you should seriously consider switching browsers until Microsoft deems it time to release a patch to the latest Internet Explorer security hole. This one is pretty serious as it does not require any action on the user’s part beyond visiting a compromised website. Once you visit such a site, spyware and keyloggers can be installed on your machine to steal personal information. From the washington post article linked above:

Rather than download a “beta” (read: potentially unstable) version of
IE or wait around for Microsoft to issue a fix, a far better idea would
be to ditch IE altogether (or only use it only when absolutely
necessary). I use Mozilla’s Firefox for everyday browsing, but your mileage may vary. There are other options, of course, such as Opera and Netscape, to name a couple.

More details and interesting links on Asa Dotzler’s post titled Just think of it as an executable.


IE developer switches to Firefox

Scott Berkun, who designed and worked on the development of Microsoft’s Internet Explorer versions 1 to 5, explains why he switched to Firefox.

He has great praise for the design team, particularly those who have kept the browser focused on appealing to the mainstream user.

“Firefox feels to me like what IE 6.0 should have been (or what i
expected it to be after I left the team in ‘99). It picked a few spots
to build new features (tabs), focused on quality and refinement, and
paid attention to making the things used most, work best.”

He also has some helpful critiques for improving the browser, to which Asa Dotzler responds.  The comments to Asa’s post are very informative too, Scott has even replied there.


Microsoft worm headlines

I report, you decide.  Now, in my book, bringing down the US Custom’s office isn’t a sign that your security strategy is “working”.  According to Forrester, the fact that this wasn’t as bad as the last windows worm shows “Shows That Microsoft’s Security Strategy Is Working“.  But Windows remains the battleground for worm writers, and if their Worm war cripples computers at US firms, at least they’re not crippling more of them.  That’s some progress.


IE7: Don’t belive the Hype and FUD

It seems Microsoft is trying to stem the tide of users ditching the security hazard that is Internet Explorer for Mozilla Firefox. They just announced that Microsoft Internet Explorer 7.0 Beta Due This Summer. Why wait until this summer for a preview version of their next browser when you can get Firefox today? Not to mention that If You are Not Running XP It Will Only Cost You $100 and may only be available for the latest Windows version – sorry win2k users!.

Firefox 1.0 is better right now than IE 7 will be when it comes out. Don’t wait. Get Firefox now. 25 Million Downloads can’t be wrong.