Archive for November, 2005

ITsafe Bulletin 2005/005A (Update No. 1)

Wednesday, November 30th, 2005

Title
=====
ITsafe Bulletin 2005/005A (Update No. 1)

What is it?
===========
As reported in the press, new variants of the "W32/[tag]Sober[/tag]" a mass-mailing worm continue to be discovered. ITsafe already warned of this issue in 2005-BUL-004 and 2005-BUL-005 some months ago.

What does it affect?
====================
Most computers that use Microsoft Windows

What does it do?
================
The worms arrives by email, and most versions will have a spoofed "From" email address to look like they come from reputable sources, such as ITsafe's colleagues at the UK National HiTech Crime Unit (NHTCU), the FBI, or the CIA. Many versions spread themselves to others in your address book, and some worms exploit infections from previous versions of "W32/Sober", as described in ITsafe's 2005-BUL-004. Most of these worms will attempt to persuade recipients to open attachments or follow links to websites containing malicious code.

How do I protect myself?
========================
As always, exercise care when opening attachments to email messages.

How do I fix it?
================
Keep your Anti Virus Software Anti Virus Software updated with the latest signatures from your supplier. If you suspect that you have been infected, your supplier's website should contain instructions as to how you can disinfect your computer.

Notes
=====
ITsafe Bulletins are issued by e-mail when significant risks have been identified that are likely to affect the majority of ITsafe users.

ITsafe Team
Making IT safe for You
http://www.itsafe.gov.uk
The UK Alerting and Advisory Service for Information and Communications Technologies (ICT) Security

Why I’ll never buy another commercial desktop PC

Wednesday, November 30th, 2005

Regular readers know that we have a new book coming out shortly - "Build The Ultimate [tag]Custom PC[/tag]" hits the shops December 12th! - that deals with building your very own [tag]PC[/tag].  However, a few people haves asked me whether it's worth bothering to build a PC when you can buy them so cheaply nowadays. 

Now I'm not here to tell you what you should do with your hard-earned cash but what I will tell you is this - I will never buy another commercial desktop PC.  Period.  OK, I know I'm locked in to brand names with laptops and PDAs (I have a Toshiba [tag]laptop[/tag] and an HP iPAQ and I might be in the market for a [tag]Tablet PC[/tag] next year) but as far as desktop s are concerned, I will happily build my own from now on.

Why?  Because I think that the majority of commercial desktop PCs are crap, and those that aren't crap are over priced.  Harsh words you say.  Permit me to tell you why I think this way

Let's say that you find the PC that exactly suits your needs (in other words it's what you want rather than what the company wants to sell you) and that PC is in the price range that is acceptable to you.  Now imagine that the PC gets delivered when the company says it will (being someone who has spend a lot of time waiting on deliveries, I can tell you now that this doesn't happen all that often).  Let's also assume that the PC you get isn't smashed in the transport process.  Let's also assume that when you get it out of the box and plug it in that it works.  Let's also assume for the heck of it that the PC carries on working for the rest of the day.

OK, I've made a lot of assumptions but let's assume that they are all true.  What do you end up with?  A product that's the result of cost-cutting (no Windows CD for example), corner-cutting (shoddy build, poor, out-sourced tech-support) and poor customer services (take any of the top 5 PC makers and try making a complaint and you'll know what I mean).  There are good PC makers out there but because of the cut-throat competition from bigger names who rely on price as a selling point, the only way the quality manufacturers can live it by charging a premium.  Basically, most people buy a PC based on price and that's killed all hopes of the words "quality" and "mass production" ever sitting comfortably.

The price trap is a clever one.  People don't realize what a mistake they've made until things go wrong and they've parted with their cash and have little or no hope of getting it back.  The company has them in their grip and can make them jump through hoops of fire in order to be able to get help. 

With a DIY custom-built PC you don't have any of these problems.  You know what all the parts you've put in are (in other words since you know what's important to you you've spent your money wisely and only cut corners where is won't matter to you).  You're free to upgrade, tweak and fiddle with your PC to your heart's content without having to worry about invalidating your warranty.  If you run into problems you aren't dealing with some big monolithic company for support (a company that doesn't real care whether you are happy or not) - in most cases you fall back on the the store you bought the item from or the warranty for the individual item, all which is a lot easier and a lot less hassle.  And if your PC dies because of some small component you can get it back working again by buying a replacement part, fitting it and then dealing with any warranty that the dead item has separately.

No, I've had enough, and seen enough, of desktop PC makers and how they treat customers to last me a lifetime.  Enough of poor-quality.  Enough of their broken promises. Enough of out-sourced customer services and tech support.  Enough of having to fight tooth and nail for my consumer rights.  Enough of feeling a mug for being a customer. 

From now on, I build my own PC!  That way I know that it truly is MY PC!

Symantec pcAnywhere DoS

Wednesday, November 30th, 2005

Donna's Security Flash is reporting of a flaw in [tag]Symantec[/tag] [tag]pcAnywhere[/tag] version 11.0.1 and 11.5.1 that allows for a buffer overflow to cause a [tag]Denial of Service[/tag].

Good news is that if you are affected, there is a patch:

  • Consumer versions of Symantec pcAnywhere:
    Link
  • Enterprise versions of Symantec pcAnywhere:
    Link

The Windows Registry – Tip 3 – Creating and Restoring a .REG file

Wednesday, November 30th, 2005

Creating and Restoring a .REG file

There are times when you might want to make a change to a subkey in the registry and not want to back up the whole thing before you do it (one of the main problems with backing up the whole [tag]registry[/tag] is that it takes a long time and it's a pain to restore changed settings.

There's a quick and easy way that you can back up small parts of the registry.

Here's how!

Backing Up

  1. Find the key that you want to backup.
    Registry tips
  2. Right-clink on the key and choose Export.
    Registry tips
  3. Choose a spot to save the file, give it a name and click Save.
    Registry tips
  4. Backup done!

With that done you can now made the edit to the subkey in the registry that you wanted to do safe in the knowledge that you have a backup in case things go wrong!

Restoring

If you need to restore the subkey there are two ways to do it (well, there are more but these are the simplest):

  1. The easiest method if to navigate to the file, right click on it and choose Merge
    Registry tips
    To confirm the merging click Yes.
    Registry tips
  2. Alternatively, in Registry Editor click on File and Import ....  Find and select the appropriate backup file and click Open.
    Registry tips

Related entries plug-in

Wednesday, November 30th, 2005

To make it easier for visitors to this site to find blog entries that are related to the one they are currently looking at I have installed the [tag]WordPress[/tag] [tag]Related Entries[/tag] plug-in.

Want to see the related posts ... look at the bottom of the post, in the yellow box. Not all the posts are going to be 100% relevant (it's automatic after all) but hopefully it will give you some idea of other posts to look at.

Enjoy!