Microsoft will soon install a new version of Windows Update on your computer, even if you've set your PC not to download and install any updates.

With such a potential for confusion, it's a good idea for you to know what's going to be done to your machine by this important but often misunderstood tool.

When turning updates off really doesn't

Windows Secrets first disclosed on Sept. 13, 2007, that Microsoft had been silently downloading Windows Update (WU) executable components on users' computers — even when the users' auto-update settings required advance permission. At the time, Microsoft admitted in its Update Product Team blog that it has carried out this practice for many years, as I wrote in a follow-up column.

This time, Microsoft is being more up-front about its forthcoming refresh of Windows Update. For example, product manager Michelle Haven described in a blog post on July 3 some new features that the upgrade will add.

The new version will reportedly reduce the time WU takes to scan for and send out new updates. In addition, if you use the online version of WU, and you click an update for more information, the new version will offer you more links with additional details.

But the Redmond company hasn't changed the wording of the Control Panel settings that appear to prevent Windows Update from performing silent downloads — but don't.

In light of these potentially misleading controls, a few tricks on managing Windows Update are just what the doctor ordered.

To view your Windows Update options in Windows XP, press the Windows key plus R to open the Run box. (In Vista, just press the Windows key.) In both versions of Windows, type control wuaucpl.cpl and press Enter. In Vista, select Change settings on the left.

According to the aforementioned blog post, the Microsoft Update Product Team considers Windows Update to be turned on when any setting is selected except the last one:

• Turn off Automatic Updates (in XP)
• Never check for updates (in Vista)

Consequently, Windows Update itself may be updated even if you select an option such as:

• Notify me but don't automatically download or install them (in XP)
• Check for updates but let me choose whether to download and install them (in Vista)

To get the whole story and learn what to do about it go here:

The Whole Story

This is great news for those who can't afford Photo Enhancing programs like Paint Shop Pro or PhotoShop. A free program that makes it possible to remove the dreaded "Red Eye" from photo's.

IRFANVIEW is a popular, free image-editing program that lets you make a number of useful edits to your digital photographs. Although it's nowhere near as powerful as Photoshop, it's still a handy tool for simple photo-editing tasks.

One of its great feature is red-eye reduction. If you have an image where your subject has glowing red eyes, here's how you can fix it:

1) Launch IrfanView
2) Under the File menu, choose Open and open the file you want to edit
3) Move the scroll bars on the right and bottom of the IrfanView window to find the red eyes you wish to correct
4) Draw a small box around the red eye with your cursor
5) Under the Image menu, choose "Red eye reduction" (or simply hit CONTROL-Y)
6) Repeat steps 3-5 to correct any other red eyes in the image
7) Under the File menu, choose "Save As...", give the file a new name, and then hit OK

WARNING: In step 7 do not hit "Save" -- be sure to hit "Save As..." -- that way you won't permanently change your original image file -- instead you'll create a new file. That way you can always go back to the original image if you decide later that you're dissatisfied with the modified image.

Original Post by Doug Vargas, CNET Editor

The just-released Firefox 3 and Opera 9.5, and the upcoming IE 8, respond to the growing threat with enhanced blocking features.

The latest browsers are fighting back against the never-ending assault from online crooks who want to sneak malware infections through your browser and onto your PC. Firefox 3, Opera 9.5, and, soon, Internet Explorer 8 add new security features that block known malware sites.

Today's dirty trick of choice for Net thugs is to slip nearly invisible code onto a vulnerable but benign Web site, forcing it to become an unwitting foot soldier in the malware war. A successful hijacking in July of a site for Sony PlayStation games demonstrates that sites both large and small can fall victim to this tactic, which crooks like because it can target even people who are careful about where they surf.

Read All About It Here

Original Story and post by By Rafe Needleman

Mozilla has released a 0.1 version of Snowl (official blog post), an experimental add-in for Firefox that reads news and nanoblog feeds. It's an attempt to marry together the incoming separate content streams that many of us have feeding on to our desktops full time: News and blog stories via RSS, and social and personal communications from services like Twitter.

Of course, under the skin they're all just RSS feeds. The key to mashing these feeds together is treating them somewhat differently depending on where they came from, and adding in capabilities to let you take action on an item.

Currently, Snowl just showcases two ways to blend news and nanoblog feeds into a browser. There's a three-pane view, like an e-mail client or a traditional offline RSS reader, and there's the newspaper or "river of news" view (which did not work correctly for me). The add-on searches for items you've received as you type in queries, which makes it a useful tool for quickly recalling items.

One favorite feature is the left-hand navigation window, which by default displays a list of people--not folders or feeds, as most three-pane views do. Click on a person and you see what they've sent into your feeds.

Missing, so far, are capabilities to reply to or share items that you've read. Also, the nanoblog and social feed options are limited. Mozilla plans to layer in support for Facebook and other social sources as the experiment progresses.

This is a good stab at addressing a common complaint, and I hope it continues to develop. It's not quite there yet. Personally, I have experimented with reading RSS feeds in my e-mail client, and that just didn't feel right: News feeds don't belong in e-mail. Likewise, I've used Twitter add-ins for Firefox (and Flock), and found the browsing mindset not quite compatible with personal communications.

In theory, I'd agree that it's better to not have to keep multiple applications open to handle the multiple data sources I have coming in. In practice, I think about browsing, e-mail, feed-reading, IM, and nanoblogs differently, and I'm beginning to think that the awkward switching between apps to read each feed actually does an important job of preparing my puny brain for the different context and attention required for each feed.

The Snowl experiment is important, though, and no doubt many people would want a more integrated experience.

Attach file:

---

  snowl-logo.jpg (5.03 KB)

Here's an interesting story from Microsoft. I guess we will have to see it to believe it. This was originally posted and written by Elizabeth Montalbano, IDG News Service.

With the Internet increasingly taking on the role of the PC operating system and the growing prevalence of virtualization technologies, there will be a day when the Microsoft Windows client OS as it's been developed for the past 20-odd years becomes obsolete.

Microsoft seems to be preparing for that day with an incubation project code-named Midori, which seeks to create a componentized, non-Windows OS that will take advantage of technologies not available when Windows first was conceived, according to published reports.

Although Microsoft won't comment publicly on what Midori is, the company has confirmed that it exists. Several reports -- the most comprehensive to date published on Tuesday by Software Development Times -- have gone much further than that.

That report paints Midori as an Internet-centric OS, based on the idea of connected systems, that largely eliminates the dependencies between local applications and the hardware they run on that exist with a typical OS today.

The report claims Midori is an offshoot of Microsoft Research's Singularity OS, which creates "software-isolated processes" to reduce the dependencies between individual applications, and between the applications and the OS itself.

With the ability today to run an OS, applications -- and even an entire PC desktop of applications -- in a virtual container using a hypervisor, the need to have the OS and applications installed natively on a PC is becoming less and less, said Brian Madden, an independent technology analyst.

"Why do you need it?" he said. "Now we have hypervisors everywhere."

Madden suggested that a future OS could actually be a hypervisor itself, with virtual containers of applications running on top of it that can be transferred easily to other devices because they don't have client-side dependencies to each other.

And while he has no information about Midori beyond the published reports, he said descriptions of it as an Internet-centric system that provides an overall "connectedness" between applications and devices makes sense for the future of cloud computing and on-demand services. Microsoft likely recognizes the need for this even if the actual technology is still five or more years out, Madden said.

"They're preparing for the day when people realize we don't need Windows anymore" and thinking about what they will do to remain relevant, he said.

Indeed, Microsoft has been emphasizing its virtualization strategy, based on its new Hyper-V hypervisor, beyond merely virtualizing the server OS. The company also is moving full steam ahead with plans to virtualize applications and the desktop OS as well.

Using virtualization in these scenarios would eliminate the problems with application compatibility that are still giving headaches to Vista users, and that have made the OS a liability rather than a boon for some Windows power users and enterprise customers.

If Midori is close to what people think it is, it will represent a "major paradigm shift" for Windows users and be no easy task for Microsoft to pull off, said Andrew Brust, chief of new technology for the consulting firm Twentysix New York.

He said challenges to an OS like Midori would be both technological complexities and the "sobering compromises" that must be made when a product moves from being a research project into commercialization. "I would expect those in abundance with something of this scope and import," Brust said.

Though he has not been briefed by Microsoft on Midori, Brust said the idea makes sense because Microsoft needs to drastically update Windows to stay current with new business models and computing paradigms that exist today -- particularly to help the company compete against Google on the Web.

"Breaking with the legacy of a product that first shipped 23 years ago seems wholly necessary in terms of keeping the product manageable and in sync with computing's state of the art," Brust said. "If Midori isn't real, then I imagine something of this nature still must be in the works. It's absolutely as necessary, if not more so, to Microsoft's survival as their initiatives around Internet advertising, search and cloud computing offerings."

Another one with minor bug fixes.

Update Here

I thought this was a very interesting story....

'Switzerland' helps you test your Internet connection for bandwidth monitoring by your ISP.
The Electronic Frontier Foundation (EFF) has released a new advanced tool to help users test their Internet connection for bandwidth interference from their ISP.

Called 'Switzerland,' the open source, command line tool was created in response to the FCC's landmark decision last week to fine Comcast for restricting P2P traffic on its broadband network.

Part of the EFF's Test Your ISP project, Switzerland can detect anti-P2P tools like Sandvine and Audible Magic, and is able to keep copies of any modified data that your ISP injects into your file transfer. This is significant as anti-P2P software typically modifies data being transferred which then tricks your computer into terminating the connection.

The EFF's Switzerland is a successor to pcapdiff and, according to the EFF, automates a lot of the procedures that pcapdiff required users to do manually. Switzerland is currently recommended for operation by advanced users, but the EFF anticipates that as an open source tool, Switzerland will develop into a consumer ready application in the future.

That doesn't mean you have can't find out what's going on with your network connection right now, though. PC World has looked at several tools that are much easier to use. Glasnost, for example, is a Web-based tool that can run an advanced seven-minute test or a shorter four -minute one. I ran Glasnost this morning and it required only the push of a button found at the bottom of the page, and according to the program my Comcast connection ran P2P traffic just fine.

Original Story and informative links

An update on some recent changes....
I now allow non members to download the work that has been submitted here. People will still have to join to upload their own.

Just because a "friend" sends you something on Facebook or MySpace doesn't mean you should trust it.

A new worm is spreading via Facebook and MySpace, turning victims' computers into zombies on a botnet, Kaspersky Lab said on Friday.

Basically, infected machines are propagating the worm by sending messages via the social networks to friends in the network.

The messages look like they contain links to video clips. When clicked on they prompt the recipient to download an executable file that purports to be the latest version of Flash Player. Instead, it is the worm itself, infecting yet another victim.

When infected machines log onto the social networks the next time their computers automatically send the malicious messages out to new victims grabbed from the friend list, said Ryan Naraine, security evangelist at Kaspersky.

"We've seen these types of worms before, typically around MySpace," he said. "People are more trusting of things they receive from a friend," and many people don't recognize that what they are downloading isn't a legitimate Flash Player file, but a malicious program.

Naraine repeated the refrain that security professionals have been spreading for years: be careful about downloading anything to your computer, even if it appears to come from a friend; and be diligent about applying security patches to your computer.

Original post by Elinor Mills

At the Black Hat computer security conference in Las Vegas next week, researchers will demonstrate software they've developed that could steal online credentials from users of popular Web sites such as Facebook, eBay and Google.

The attack relies on a new type of hybrid file that looks like different things to different programs. By placing these files on Web sites that allow users to upload their own images, the researchers can circumvent security systems and take over the accounts of Web surfers who use these sites.

"We've been able to come up with a Java applet that for all intents and purposes is an image," said John Heasman, vice president of research at NGS Software.

They call this type of file a GIFAR, a contraction of GIF (graphics interchange format) and JAR (Java Archive), the two file-types that are mixed. At Black Hat, the researchers will show attendees how to create the GIFAR while omitting a few key details to prevent it from being used immediately in any widespread attack.

To the Web server, the file looks exactly like a .gif file, however a browser's Java virtual machine will open it up as a Java Archive file and then run it as an applet. That gives the attacker an opportunity to run Java code in the victim's browser. For its part, the browser treats this malicious applet as though it were written by the Web site's developers.

Here's how an attack would work: The bad guys would create a profile on one of these popular Web sites -- Facebook for example -- and upload their GIFAR as an image on the site. Then they'd trick the victim into visiting a malicious Web site, which would tell the victim's browser to go open the GIFAR. At that point, the applet would run in the browser, giving the bad guys access to the victim's Facebook account.

The attack could work on any site that allows users to upload files, potentially even on Web sites that are used to upload banking card photos or even Amazon.com, they say.

Because GIFARs are opened by Java, they can be opened in many types of browsers.

There is one catch, however. The victim would have to be logged into the Web site that is hosting the image for the attack to work. "The attack is going to work best wherever you leave yourself logged in for long periods of time," Heasman said.

There are a couple of ways that the GIFAR attack could be thwarted. Web sites could beef up their filtering tools so that they could spot the hybrid files. Alternatively, Sun could tighten up the Java runtime environment to prevent this from happening. The researchers expect Sun to come up with a fix not long after its Black Hat talk.

But researchers say that while a Java fix may disable this one attack vector, the problem of malicious content being placed on legitimate Web applications is a much larger and thornier issue. "There will be other ways to do this, with other technologies," said GIFAR developer Nathan McFeters, a researcher with Ernst & Young's Advanced Security Center.

"In the long term, Web applications are going to have to take control of the content," McFeters said. "It's a Web application issue. The Java attack that we're currently using is just one vector."

He and his fellow Black Hat presenters have entitled their talk The Internet is Broken.

Ultimately, browser makers will have to make some fundamental changes to their software too, said Jeremiah Grossman, chief technology officer with White Hat Security. "It's not that the Internet is broken," he said. "It's that browser security is broken. Browser security is really an oxymoron."

Original Story