Skip to main content.
Sunday, July 23rd, 2006

My New Computer – Chock Full with Big-Brotherware

I’ve been trying to be real good with my new work computer – I got it on 07 June, and there’s all kinds of things that I haven’t installed on it that I used to consider basic necessities. Hell, I haven’t even installed Mozilla yet; but this restraint has given me the chance to try out Internet Explorer 7 Beta 2, which I don’t loathe nearly as much as I expected to.

All this because I wanted to start out on a new slate with corporate IT. My old computer probably had too many applications loaded up on it for their liking, but I enjoyed some benefit from grandfathering – I’m sure they considered it their predecessors’ mess. Of course, also, none of it was malware – I was scrupulous about keeping it clean. But this time I was determined to try and follow all the rules, and I’m sure a lot of my obstinacy was aimed at making a point about how stupid I thought some of the rules were – but I’ve come to realize that the rules are not going to be changed any time soon, because everyone is either totally ignoring them already, or no one is installing additional software on their work machines.

But I can’t get too much on a soap box about all this – I’ve actually started to develop some friendly relationships with several of the IT support people, and even if it isn’t them that are dropping in on my blog every now and again through company servers, I feel I have enough of a relationship with them now that if I have something critical to say, I should be saying it to their faces. There is also a delicate balance to be maintained just because our IT got outsourced – so the people I deal with actually have two masters, and I can’t get too ornery without sounding unappreciative of their support.

But I have come to realize that there are some profound philosophical differences between not only our current crew and me, but with my old IT friends. Apparently, it’s gospel to IT departments that users are somewhat akin to sixteen-year-olds that have just been entrusted with the keys to the family car – there is an obvious need to compel them to allow us to use this equipment, but they know we’re just so hopelessly inept that it’s a miracle any day we don’t break something. Which brings me face to face with that great indignity, big-brotherware.

I suppose a lot of users aren’t even aware of the AssetMetrix agents that are lurking on their computers, but they probably notice little things they can’t do because of Group Policy. I’ve studied both with some interest, but today I learned something new. I was working at home, trying to troubleshoot what has gotten to be very intricate VBA code, when every few minutes my computer would lock up for 30 seconds because something was trying to open up Outlook (which doesn’t work too well when it can’t contact the Exchange Server), presumably to send out an email. I wondered whether I has making coding errors that were somehow issuing OLE calls; I scanned for spyware, even though I doubted I could have picked any up with my habits; and I sat and watched the activity of the processes though Task Manager, but I couldn’t see what was happening. So I broke down and warmed up Sysinternal’s Process Explorer, and found the culprit – it was one of the agents of the Windows Management Interface, wmiprvse.exe.

Now I have no clue what the WMI thought I was doing that merited a call home on a Sunday afternoon – I deleted the wbem logs after they showed up in SpyBot. Hell, I had never heard of WMI, but its description – “a common interface and object model to access management information about operating system, devices, applications and services” – and it’s deployability – through scripted events, or by directly interrogating the client machine remotely – is just chilling to me. I mean, what do they need to know so bad? I see in my router logs that the computer contacted my local office server through ports 2967 and 38293, and then it LDAP’ed every server in the network. Was it squealing on me because I didn’t like the Group Policy and gave myself an extra ten seconds of reaction time after my screen saver kicks in to avoid having to retype in my password? No, I suspect it was just a pervasive climate of constant monitoring. I don’t know what they can do with all those reports – surely there isn’t someone sitting around scanning for the yahoo who thought that he really needed that emoticon toolbar that came packaged with VX2. But I’m supposed to write up a request to justify installing say, the Gimp, on my computer. Why, you ask? Because it’s free, and I can use it! And it’s open source and clean, and it isn’t going to connect to some media server whenever I open it it up, checking for “updates” (see my Update or Die semi-rant), but mostly to download advertising to my desktop.

I would have been using my home computer, but it was tied up a lot today as Partition Magic was shuffling things around to generally make space, and I was setting up a TrueCrypt strong encryption volume – not that I really have anything that private, but it would be fun to watch the forensics people sweat it out if they ever did want to get in.

Posted by Greg as Networking, Software at 23:51 PST

2 Comments »

Sunday, July 2nd, 2006

Update or Die

Unnecessary software updates are bad. If it’s not a security fix, leave it for the next major release. But aside from feature bloat, the Powers That Be have been steadily incorporating such nasties as DRM into “our” computers (see “Who Owns Your Computer“) through the update process, and have realized that such methods give the potential to exert an unprecedented level of control over all our personal information, which is steadily approaching greater significance than our physical selves.

I’ve brooded over whether I’ve sounded too strident as anti-Microsoft before, but no longer. Thanks to Bruce Schneier for pointing me to Ed Bott’s chillingly understated concern that MS is incorporating a “kill switch” – an antipiracy tool designed to stop Windows from running if you don’t install every update that they deem necessary – meaning, those petty security fixes aside, Microsoft’s more-powerful antipiracy tools. Ed quotes some MS reps averring that the antipiracy tool will become mandatory, and updates his post with MS’s later PR denial of their program as unable to “turn off your computer.”

Microsoft is Ed’s beat, and it was clear to me from reading the article that he’s become jaded to the horrors that must be going on there on a daily basis. A comment in and of itself.

Much earlier today, I replaced the processor and motherboard on my primary home XP Pro box, and with much trepidation. I wasn’t afraid of messing it up; I was afraid of Microsoft shutting down my operating system. Sure enough, when I rebooted with my OEM cd in the drive and repaired the install, I was bombarded with alarms that I needed to reauthorize. Pity that one of the problems with the repair that I was having was with my wireless card – my only link to the Internet. (The driver disk for that was in the other dvd drive.) After multiple installs/uninstalls and reboots, and getting continuously harassed, starting with two separate pop ups before even logging on, I finally called a halt to my attempts to get Windows to see the card, and called the phone line for reauthorization. That turned out to be an unnecessarily long delay – my whole “conversation” was with a computer generated voice, and I had to report a 60-some digit code number using voice recognition. Anyone ever heard of using the touch-tone pad?

Oh-oh. I can see myself getting into a full-blown rant here, so I’ll try to cut it short, at the risk of losing out on getting on the record about the doom I see coming.

This is really, really bad for Microsoft customers; meaning, potentially, the vast majority of the world. To try and recoup the billions of dollars they’re losing to piracy, they’re willing to enslave the source of the trillions they’re getting or going to be getting from the rest of us, and they’re in principle aligned with more than a few major corporations that want to make sure that they’re getting their billions and trillions from us, too, and could make a few more bucks selling the technology to them. And so far, everything’s going their way.

The only bright side to this, putting aside <sarcasm> my favorite IT professional’s retort to my concern about MS dependency – “their stuff just works!” </sarcasm> – is that it is so brazen that there might actually be a row in the technical press about it, and maybe enough to translate into some significance in the mainstream press. People might realize that they’re giving up all their choice (and therefore their freedom) to the people that make the software that runs their lives. They might start migrating towards, dare I say it? open source. And if the general populace really puts some thought into it, maybe they’ll start questioning the entire legal construct of licensing that gives software and entertainment companies this sort of power.

Could you imagine it? Scared politicians, shaken by the complaints of the the voting faithful that if they pay for something, they own it, passing laws that prohibit the retention of ownership by software companies, and stripping the whole licensing construct down to conditions on resale? Would you be willing to give up tech support for a product that works, all the time and every time, in the first place? (I’m sure I’m missing more than a few implications on the legal and economics side of this issue, and alternatives that make more sense under by the traditional understanding of property / means of production / ownership / compensation aspect. Let me just posit that licensing a commodity, or the means to produce other commodities, seems to distinguish the dividing line between the Industrial Age and the Technology Age. But what do I know – this stuff is only the roots of paltry concepts such as capitalism, socialism, and communism – and what affect do they have on our daily lives?)

Yeah, imagine it. Just like John Lennon dared to do. Fat lot of good it did him. So I’m left with my original assertion – DOOM! Hey, it wasn’t so bad for Dark Ages serfs, right?

P.S. I saw the Windows Genuine Advantage update, because I review my updates before installing them, and I declined to install it. Later, out of conditional obedience, I went back to the WindowsUpdate site and tried to find it again, listed with other suggested updates that I had asked not be installed, and couldn’t even find that list any more. My guess is that it got installed anyway using Automatic Updates.

P.P.S. I didn’t seem to do a very good job avoiding a rant, eh? You don’t know the half of it.

Posted by Greg as Politics, Society, Software at 00:16 PST

1 Comment »

Thursday, May 4th, 2006

Who Owns Your Computer?

For those who don’t get the point of why I’m concerned about computer privacy and security, and am so quick to look for non-Microsoft alternatives, especially open-source operating systems and software, Bruce Schneier has written a brief essay that beautifully summarizes the dangerous trends:

When technology serves its owners, it is liberating. When it is designed to serve others, over the owner’s objection, it is oppressive. There’s a battle raging on your computer right now — one that pits you against worms and viruses, Trojans, spyware, automatic update features and digital rights management technologies. It’s the battle to determine who owns your computer.

You own your computer, of course. You bought it. You paid for it. But how much control do you really have over what happens on your machine? Technically you might have bought the hardware and software, but you have less control over what it’s doing behind the scenes.

Using the hacker sense of the term, your computer is “owned” by other people.

It used to be that only malicious hackers were trying to own your computers. Whether through worms, viruses, Trojans or other means, they would try to install some kind of remote-control program onto your system. Then they’d use your computers to sniff passwords, make fraudulent bank transactions, send spam, initiate phishing attacks and so on. Estimates are that somewhere between hundreds of thousands and millions of computers are members of remotely controlled “bot” networks. Owned.

Now, things are not so simple. There are all sorts of interests vying for control of your computer. There are media companies that want to control what you can do with the music and videos they sell you. There are companies that use software as a conduit to collect marketing information, deliver advertising or do whatever it is their real owners require. And there are software companies that are trying to make money by pleasing not only their customers, but other companies they ally themselves with. All these companies want to own your computer.

In the essay, he lists several specific ways some big companies are trying to own your computer. He mentions Sony, Microsoft and Google, but there are are lot more out there that are just as interested. The teenage wunderkind hacker, while still a threat, is chump change compared to the forces that want to control what you do and how you do it on your computer. Bruce concludes:

Just because computers were a liberating force in the past doesn’t mean they will be in the future. There is enormous political and economic power behind the idea that you shouldn’t truly own your computer or your software, despite having paid for it.

And it’s not just the software on your computer – it’s the connection to it. Yesterday I called and emailed my congressman’s office to urge him to vote against the COPE Act, which moved out of committee last week. Telecommunications companies want to control your access to the Internet, and want to profit from selling preferential treatment to the highest bidder, effectively turning over control of Internet content over to corporations. I don’t know how that can’t scary the willies out of anyone who likes being able to hear all sides of an argument.

Posted by Greg as Politics, Society, Software at 18:39 PST

1 Comment »

Tuesday, May 2nd, 2006

Start Stumping for Firefox?

I saw an interesting item on Slashdot – someone is offering an IE-specific ad that only shows when your site visitor is using Internet Explorer, offers a link to download Firefox, and pays the site owner a bounty. Check out Explorer Destroyer. It comes in different levels, from gentle nag to barring IE users.

How much do I like Internet Explorer? Not very much, and I get really peeved when a site I want to go to demands it – like sending html email through my site’s webmail server. But I have gotten used to this occasional obstacle, whereas the general public, most of whom use IE simply because it comes with Windows, is not. Is it fair to penalize IE users? Probably. Is it nice to treat my site visitors that way? Probably not. Does exposing someone to the features of Firefox justify the treatment? That’s the tough one.

Now I don’t actually use Firefox – I use either the Mozilla Suite or it’s supposed successor, Seamonkey, but it’s all from the Mozilla Foundation. There are some differences between the versions in functionality and the availability of themes and extensions, but they are minor in comparison to the fact that they’re not IE.

In a quick, lunchtime post, I have neither the interest nor the time to get into a debate about the relative merits of Internet Explorer vs. Mozilla/Firefox, but the off-the-cuff reasons for switching or thus:

I am strongly considering adding this to my website. According to one visitor tracker I use, about 50% of the not-me, not-a-bot visitors used IE, but it’s a small sample size. My logs include me and all bots, so it’s hard to interpret the report of 26% of page views (not visitors) using IE 6. I doubt I would use anything other than the gentle nag, but the site suggests trying the lookout version for 24 hours. I just wish I could change the listed reason for recommending Firefox in the Level 2 version – “not compatible with this site” seems disingenuous. “I care about my visitors enough…” would also be disingenuous if I were taking a bounty.

Expect a self-debate posting soon about commercializing my site.

Posted by Greg as My Website, Software at 11:55 PST

No Comments »

Friday, April 21st, 2006

Forward Links

At first I hated the way WordPress sent pingbacks to itself – if I put a link on a new post that referenced back to something I wrote earlier, the pingback registers itself as a comment on the original post, and takes a stab at a relevant quote from the new post to include in the comment. But after browsing the WP Support Forums, trying to figure out a way to turn this function off, I saw it tauted as a feature – the pingback notified the reader that there was more information posted, and I could see the utility in that. So I learned to live with it, stopped deleting the pingback comments, and just checked the quote so that it was no larger than it needed to be and gave a good idea of what the new post was about.

But it’s still annoying, primarily because of the way my blog and most others are formatted. My main screen, the blog home, shows the last ten posts on the first page, most recent first. As you can see, each post is formatted something like this:

Date

Title (which links to a page that shows the post, all its comments, and space to enter yours)
/ – -
{Body of Post}
– - /

Posted by Greg as {List of Categories} at {time}

{#} Comments (the number of comments and the same link)

I don’t think that’s a good arrangement, primarily because, in my experience, it takes a lot to get the casual visitor to click any link once they arrive. They are more inclined to just read the post and determine whether it contains the information they came looking for, and if it doesn’t, they leave. They don’t know that the comments might contain a link to a more recent post that has more information – as far as they know, it’s just some drongo saying “so what is the solution to the problem?”, when in actuality it might be a link to the answer they also want.

I think it’s a better approach to distinguish between when the blog pings itself back and when someone else comments or sends their own pingback or trackback. I’d call these self-pingbacks “forward links”, and although I have no desire to get into the trackback/pingback standard debate to suggest making forward links identify themselves, I think we can do something with WordPress. I have in mind something that looks like this:

Date

Title
/ – -
{Body of Post}
– - /

Posted by Greg as {List of Categories} at {time}

Updates: (or “Forward Links” or something configurable)
{Date-time} {Forward Link, showing Title} {Excerpt/Summary?}
{Date-time} {Forward Link, showing Title}

{#} Comments (not including forward links)

or the Forward Link section could look like this, relying purely on the linked post’s title:

Updates: {Forward Link}, {Forward Link}

Off the top of my head, I don’t know whether this could be achieved at the plugin or the theme level (probably both), or if it would require a core files hack. Although I think I could figure out how to do it, I just don’t have to time to do so. But it sure would be nice. I wonder if someone else has already figured it out? If someone knows of a plugin that already does this, please let me know.

UPDATE: I posted virtually this entire post in the WP Support Forums. Let’s see if we get a response!

Posted by Greg as My Website, Software at 21:40 PST

No Comments »

OpenID for WordPress

Progress on the OpenID front in implementing an OID plugin, as reported by PhotoMatt. I found links to two additional projects in the comments, but the reviews aren’t encouraging. I’ve upgraded to WordPress 2.0, so I know some of this won’t work for me.

I have my own OpenID profile, but so far I’ve only really been able to use it for commenting on LiveJournal. I participated in the requests for integration into WP 2.0, but the developers ruled it not widespread enough for inclusion, and wanted to see whether it would take off. So far, that doesn’t appear to be happening, but how could it if other sites/blogs aren’t accepting it?

Posted by Greg as My Website, Software at 06:07 PST

No Comments »

Tuesday, April 18th, 2006

Mozilla Vulnerabilities Reported

To be fair, with all my MS Internet Explorer bashing, I have to pass on a report from US-CERT that Mozilla contains multiple vulnerabilities. All of them have been addressed, and the recommend solution is to upgrade.

I’ve often expressed my preference for Mozilla over Internet Explorer, although I’m trying out Seamonkey on my Linux box. I’ve never tried to say that it is completely free of problems, but I think that vulnerabilities are addressed much faster, and they’re much less likely to be exploited.

Posted by Greg as Software at 07:05 PST

No Comments »

Wednesday, March 15th, 2006

User Agent Hijackers?

By now, all kinds of people are familiar with browser hijackers – those malware applications that you can sometimes get just from visiting a site. I’ve seen browser hijackers that change your home page, add favorites, redirect your search results, and worse, but this morning I may have seen a twist that’s new to me – a hijacked user agent.

A user agent is a string that an application sends out onto a network to identify itself. When you fire up Internet Explorer and go to a website, IE doesn’t just go out into the web and asks for the contents; it sends info about itself, where it’s connecting from, and information about the computer it’s running on. The user agent string is a short summary of that information.

My visitor tracking methods include saving the user agents of my visitors, and this morning I took a look at my logs and saw this:

At htxtp://www.credoninc.com you will get an interest free line of credit of upto 100,000,000.00 just for signing up and you can pay back what you owe whenever you want. (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; At htxtp://www.credoninc

(I corrupted the link texts so they won’t be treated as links.)

The visitor in question appeared to be a person, not a bot or spider, so I’m suspecting his or her browser was hijacked. It seems an awfully esoteric hijack, though. It doesn’t actually do anything, and very few people will ever see it. I’m going to have to check this out.

Posted by Greg as My Website, Software at 06:37 PST

No Comments »

Sunday, February 26th, 2006

Malware/Virus Removal

It’s been a long time since I really went all out to clean up a Windows machine to remove malware and viruses. I forget my first virus (I’ve been downloading free software since 1983), but I remember my first spyware well – it was early 2001 when I noticed a new entry in my HKLM\​Software\​Microsoft\​Windows\​CurrentVersion\​Run, which turned out to be TimeSink. While researching how to get it cleaned out (which I finally did) I stumbled across the whole spyware problem. Shortly thereafter I encountered a similar problem with WebHancer, and fired off an email to my network administrator, who responded that he didn’t think it was a problem worth dealing with, because the outgoing traffic would be stopped at our firewalls. A little more than two years later, the same net admin wrote me to ask my opinion on spyware removal tools. In the interim I had discovered various applications on several machines in my office and had gotten some practice at removal, and would get more, until it got to the point that if I couldn’t clean up a machine in an hour I boxed it up and sent it back to corporate for an OS reinstall. My boss couldn’t condone the lost billable time I was spending – any IT functions I perform around the office are purely for our convenience – I’m supposed to be just an engineer.

But last week my wife complained that her favorite online game, Planet 8 Ball at Uproar.com, was running very slowly, and finally on Friday it quit running at all. Now, I haven’t been too pleased with my wife and her friends downloading and installing both offline games and online ones that require installing ActiveX objects – they are big potential sources of both spyware and viruses, but I figured that I had everything set up on my home machine pretty well to keep it clean. I just can’t train them to install stuff where I want it to go – there’s enough stuff in C:\Program Files and I would prefer to see games installed in their own directory – C:\Games. I’m lucky when these installers don’t place themselves in the root directory, which I like to keep very clean. However, I am pleased to see my wife doing stuff online – I figure it makes her more tolerant of the time I spend online myself. Every now and again I run Spybot and AdAware; I use AVG Free for antivirus with realtime protection and daily full scans (a little annoying in that the free version can not be set to ignore my archive of potentially useful trojans!); and I routinely check my HKLM\​Software\​Microsoft\​Windows\​CurrentVersion\​Run key either through MSConfig or RegEdit. This is all out of habit – when I sit down at the computer I usually reboot into Fedora Core 4, and I’m starting to regard the Windows partition as a necessary kludge that I only maintain for my family.

So Friday I was tasked with getting her game running again, and I’ve spent every free moment this weekend trying to achieve that goal. I’m almost ready to concede defeat. I’ve pulled out virtually every trick in my arsenal – multiple scans with the aforementioned tools, plus Hijack This and Startup List from Merijn, CWShredder, and even RootKitRevealer. My hosts file is clean, and I’ve checked my traffic flows with Ethereal and been shocked – I mean blown away – with the traffic I saw even after Internet Explorer had been closed – and that was after I had cleaned the system! I looked up the ip addresses my machine was talking to at DNSStuff and used registration records to identify which applications were to blame. I removed multiple toolbars, browser help objects and ActiveX objects. And through all this, somehow I got something new in my CurrentVersion\Run key!

Of course, it might not be malware that’s stopping the game from playing, and it’s possible that my anti-malware defenses are the cause, but I have to clean the system first. Besides, it ran fine before. I’ve tried reinstalling Shockwave and I’m considering doing the same with Java.

Now, one of the things I found, or at least found traces of, is VX2 – a notoriously difficult infection to remove. Considering that I keep finding stuff after cleaning, this might be my problem. Hmmm – just found a VX2 plugin for AdAware – I didn’t realize that there were addons that I needed. I’ve also noticed that I have five svchost processes running, which is suspicious to me. I’ll have to check those out as per the Microsoft guidance. I downloaded and installed the augmented IE Add-On Manager, which is actually very nice – I could use something this clear for Mozilla.

*Sigh* All this work, and I’m not even sure that it’s malware that’s keeping the game from running. It just seems to be the most likely cause, though.

Posted by Greg as Family & Friends, OS, Software at 22:52 PST

No Comments »

Sunday, February 5th, 2006

TaxAct User Review and Ethereal Report

Earlier I tauted the TaxAct Standard version as free (as in beer) software for computing and e-filing federal tax returns, even if you didn’t qualify for free filing with IRS e-file partners. I discussed my security concerns, the software EULA and website privacy policy, and my assessment was that the software was free because it was nagware, and it seemed to be secure and without spyware.

Now that I’ve completed and electronically filed my taxes, I can say that the TaxAct software was relatively easy to use. There are definitely some features missing that might be in the pay version, but none that I absolutely had to have. I was able to complete everything over several sessions – I was even able to transfer the incomplete datafile from one computer to another – and I not only have a printed copy of my return, I can reopen the software for review and editing. I guess that would be helpful if the IRS found an error in your return or if you had to file an amended return.

The nagware part was omnipresent but not a hindrance. I just clicked past all the prompts that offered the benefits of the pay version, and learned to ignore the tax adviser links; all tax help (not software help) required the pay version, but you were always able to summon the IRS instructions for form lines. The navigation was a little tricky. The whole thing is structured in a question and answer format, so when I wanted to look up what I had entered for a particular line on a particular form, I sometimes had to hunt around. The sitemap function was pretty helpful for this, but I often had to browse through several question pages to get to a point where I was able to view the form. There is no free state version – that’s their last hook to get you to cough up some money – but I used CalFile to file my California state tax return for free.

There are built in review functions that are supposed to spot potential errors – I wasn’t able to evaluate this, because I didn’t go through the review until my forms where complete, and from what I could tell, I didn’t make any mistakes. There aren’t any audit warnings, unless I was really good – which I somehow doubt. Maybe only the industry versions have those – I once watched the H & R Block software in action and saw a lot of tips and warnings, but that software was for use in their instant-expert training method, and was probably meant to make sure a low-level peon knew to call over a supervisor when he was supposed to.

I was running Ethereal when I clicked the submit button. All traffic went through one ip address through a secure protocol, which resolved to taxact.com by reverse dns, so I believe the site privacy policy applied to your actual tax forms as well, not just registration information. Still, I suspect that the filing information is more vulnerable to subpoena and strong-arm tactics by law enforcement under the Patriot Act than if it had been sent directly to the IRS, but the IRS doesn’t allow this.

To summarize – this software satisfied all my requirements – free to use, free to file, usable, and secure. I highly recommend it.

Posted by Greg as Society, Software at 22:28 PST

No Comments »

« Previous Entries  Next Page »