I was able to contact a spokesperson at Microsoft and get a couple of answers. While they weren't exactly open... they at least gave an answer...
Why, considering how long AutoPatcher has been around, is Microsoft only following up on this now?
We try to contact companies that are in violation of our policy when we become aware of the activity, recognizing that we also need to prioritize issues and resources. In this instance, we were alerted to AutoPatcher’s activity and contacted them through our normal process.
Why, given that AutoPatcher is beneficial to the user, provided free of charge and promotes proper updates, is Microsoft choosing to pursue this at all?
It is Microsoft policy that the distribution of supplemental code such as hotfixes, security updates, and service packs is discouraged. This policy is in place due to concern for the safety and security of our customers, as we can only guarantee the download’s contents when it comes from a Microsoft Web site. Distribution of these materials without permission is also an infringement of our copyright
I do disagree with what they are doing... and feel they should have granted permission to AutoPatcher to make use of "their materials". They could have even authorized the AutoPatcher project.
I saw a blog post the other day claiming that Sony had released another root-kit... well "sort-of". At least they said in their initial (and follow-up) posts that the software had a legit use and was being used as intended. The interesting post came from McAfee who, of course, raised a bit stink about nothing and, in turn, caused the story to be picked up by the media. Apparently they even drove Sony to pull the product. Let me say this as clearly as I possibly can:
THIS ISN'T A ROOTKIT!
There we go... Did everyone get that? This is software which is being sold for the intended purpose of hiding files. It sort of reminds me of software that I used 10 years ago called Magic Folders. Does that make MF a rootkit that's lasted 10 years? Nope. It's software with an intended purpose. This is where we run into problems, and company's like Zango have ammunition for attacking vendors that label them as Spyware, Malware, Rootkits, etc... Every last thing is the end of the world when you're an AV vendor... that or the news is so slow they have to pick on legit software.
So if we want to call this software a rootkit... then I'm going to call Windows a rootkit... After all Alternate Data Streams allow me to hide files... So by McAfee/F-Secure's logic, Windows is a rootkit. So that opens up an interesting question... Can the primary operating system be a rootkit? Oh yeah... it doesn't matter because legit software can be labeled as a rootkit just because we feel like it.
I've commented before on AV vendors doing things that things that are "fishy", and of course only the AV vendors jumped up to defend themselves... I'm sure this will happen again here... but let's face it people... This was legit software that could be used for a malicious purpose. Wireshark, ettercap, nmap, metasploit are all legit software but could be used for malicious purposes... Shall we go around raising a fuss about them? We don't... so why do it about this?
I have to admit that sometimes I really don't get the AV companies... I've also been thinking about it as I write this post and I'd like to be the first one to point to the AV vendors and say that the software they sell is nothing more than malware. After all they process my email when I retrieve it via Outlook, they go through the email, no different than malware would.. So why not... Let's label everything that acts like, or could be used like, malware as malware... So, step one... Label AV as malware. What's next?
Now, I'm often accused of being a Microsoft Zealot (I really don't think that's true, but oh well)... So here's my "obligatory" post taking a shot at Microsoft...
I was astounded today to read that the AutoPatcher project had received a notice from Microsoft requesting they immediately remove their download page. Why?!? Nobody really has a clear answer. I think Microsoft has made a big mistake here... A lot of users (especially those in Tech Support) keep an AutoPatcher CD handy and it makes life so much easier... I know that when I was doing student support, AutoPatcher was a Godsend.
For those of you that don't know what AutoPatcher was... allow me to explain. It was a series of ISO downloads, XP and 2K3 were the ones I used, I can't remember if there was a 2K or not. The CD contained a nice setup utility and allowed you to select your patches and install them (all archived on the CD). In addition it includes tools and utilities available for download that in many cases I didn't know existed, for example portqry.
The only reason I can see for Microsoft sending this notice, is that it's some sort of WGA violation. I think that it's a huge mistake and can't believe that Microsoft has done this. AutoPatcher was a free product, doing a lot of good by promoting active updating and the discovery of new Microsoft provided tools and was obviously promoting good security practice. It's sad to see a worthwhile project like this die, especially without justification.
Do you ever log into web based email and feel like it's 1995? I do every time I log into OWA on Exchange 2000 with Firefox or 1&1's web based email. And even when I log into GMail. Other than that, it's come a long way... Even Hotmail was pure crap until not too long ago... these days I find myself torn between which account to log into. I think that Gmail had everything to do with that... Until Gmail and the 2GB account, I used Outlook w/ POP3... these days Outlook is seldom open because I don't have to worry about that annoying 100MB threshold being crossed. Everyone followed Gmail... Yahoo! and Hotmail are both offering larger email accounts but they are now taking steps beyond Gmail... Will Gmail catch
up?
I'm very interested to see if Gmail will attempt to play catch-up on the interface. It is the one "sore point" I have right now... it's very basic and clumsy... some may enjoy the minimal feel and I do use it as my primary email but after playing with the new Live Hotmail and the new Yahoo!, I feel like I'm missing something with Gmail. Now perhaps I'd grow irritated of all the fanciness and the flash and I'd desire the minimalistic feel of Gmail. Gmail is definitely usable and fast, however I would like to see it become a bit cleaner... With the "Web Two Point Oh-ee-ness" of Yahoo! and Live Hotmail, you can actually right click to delete files and mark as read, which, even if Gmail kept it's look and feel, I'd like to see added...
Will I use my Yahoo! or Live Hotmail accounts over my Gmail account? Not yet... Why? My Live Hotmail account is old, so unfortunately it's plagued with random crap from high school and Yahoo! is even worse. While a relatively new account (3 years or so), the Yahoo! spam filters suck... Yahoo! provides the WORST spam filtering of any email provider I've seen. On top of that, I watched an HTML Injection vulnerability that I reported to them go over two years without being fixed. I just can't trust them as an email provider. The other reason? Google Apps for Domains... I love it... I think it was one of the best things that Google provided and unlike the Live companion... I don't need to provide a credit card just to sign up for an account.
Why did I write this? Since I didn't seem to say anything... basically to get to this point. I was really impressed with this video, Gmail: A Behind the Scenes Video. I'm impressed that Gmail users would put in such great effort... it shows product backing (like there was ever any doubt)... Also to express my desires for changes to Gmail... little changes that are needed at this point to I) keep it in the game and II) bring it to the top again.
The List:
- The ability to right-click to delete, move, and label emails.
- A third-pane to the left of messages with RSS feeds.
- Real folders instead of Labels and the ability for Sub-Folders
- Gmail to finally leave Beta.
- The ability to read gpg encrypted emails within Gmail and to sign / encrypt outgoing emails.
- The ability to open an address book while composing an email
That's about it... I'm not greedy... I just have a few things I want to say... and since I just lifted my head of the keyboard to type this last line, I'll say g'nite and hope this made sense 
For anyone that might be interested... ComputerDefense.org is now available over SSL.
A couple of months back I bought a new computer.. (Althon64 X2 3800+ w/ 1GB RAM running Vista). This was a big deal for me... my first computer with 1GB RAM (well the first one that wasn't work provided). I've been hearing good and bad things about Vista resource utilization, and my past experience with it had been that it was fairly good. On this computer though, from time to time, things started to slow down. I've been poking around and I've realized the cause of most of my problems... Firefox. My 1GB RAM loses some because my 128MB Dedicated Video Card uses another 128MB of Shared Memory to make it a "256MB Video card"... so of the remaining 896MB RAM is all I have... With ~200-300MB to DWM, Explorer and various Windows services, that only leaves ~600MB RAM for me to play with. I'm using Pidgin for instant messaging, probably a bad choice but it's commit memory is 160MB (16MB in it's working set though)... That drops me down to ~450 that can be commited. Outlook 2007 uses ~100MB which leaves me with ~350MB... Here's where something interesting happens. Firefox's commited memory is ~365MB... It's working set is ~250MB... that's a LOT of RAM... Let's compare that with Internet Explorer:
FF 2.0
Commit Size: 365,864K
Working Set: 259,904K
Private Working Set: 243,976K
IE 7.0
Commit Size: 89,284K
Working Set: 84,460K
Private Working Set: 53,000K
Needless to say, Firefox has been shutdown and IE7 has been opened... My memory usage is looking quite a bit better and my page file has gone from 1.9GB / 2GB down to 1.5GB / 2.0GB... All by closing Firefox.
For those of you wondering about pages open. Each browser had GMail, Bloglines, My webhosting control panel and a personal website.
While I know I need another GB or 3 of RAM for this computer... I also know that Firefox won't find itself open again on this computer for quite some time.
Many of you are aware of the Skype problems last week, there was a major service disruption (Read more here) that left skype users with no access to the service (Cartoon via UserFriendly.org). Initial blame for the problem fell on a 'deficient networking algo' but now blame has been shifted to Microsoft and the reoccurring Windows Update. Others have a more interesting theory that it was indeed a DDoS, using the exploit code available from securitylab.ru. I'd be more inclined to accept that it was a DDoS and that Skype feels it would be bad press to acknowledge the fact so instead they are blaming Microsoft.
You have to ask a number of questions if you want to accept Skype's scapegoat:
- Why didn't it fail last month, or the month before that, or the month before that, etc?
- Why don't any of the other chat programs experience such failures... MSN, AIM, ICQ, Yahoo!, GoogleTalk, etc.
- Why don't any of the P2P file sharing programs experience these problems...
- Why didn't it happen immediately following the installation of the updates?
- Automatic Updates has a 'default time' set... Assuming the same time is used world-wide, updates would be downloaded following a common shift with the next time zone downloading and rebooting one hour after the previous time zone. Wouldn't this mitigate the problem?
There are plenty of unanswered questions and I think that Skype has really let down it's users in this case. I stopped using the software awhile ago. I find that even GoogleTalk provides higher quality voice chats, and my home VoIP provides lower rates. Perhaps this additional bad press would really harm the company and they're doing everything they can to down play the problem...
I seem to have a number of links open across the top of my browser that I had wanted to blog about. Since I didn't have time (I did manage to see 6 movies this weekend though) here's brief mentions with links to each.
First up is a tool from Nirsoft, called HeapMemView (via Grand Stream Dreams) which is a 'process heap memory viewer'. You fire up the tool, select the process and it dumps the memory. There's one version for 2K, XP, 2K3 and Vista and a second for Vista x64. It's not a bad little tool, it allows for a data preview (Hex or ASCII) and will dump the results to an nicely formatted HTML chart.
Up next is an interesting post from BillP over at Bits From Bill. He mentions a number of cases where DUI defendants have managed to win their court cases by requesting the source code for the breathalyzer. It's an interesting concept and I'd be interested to see if it's been attempted in countries outside the US that use the same tools.
The next is possibly the most interesting (via Vital Security). It seems that a number of websites are now blocking access to Firefox because the Ad Block Plus plugin is supported by Mozilla. It just goes to show you that some people are more concerned with making a buck than providing content. I've had the discussion before on people that plaster their websites and RSS feeds with ads, well this is taking it to a whole new level.
Lastly, Nmap 4.22 SOC 5 has been released. After some issues with Umit for Windows missing, a new package was put out. As this latest version isn't on the Nmap download page just yet, here are the links to grab it.
http://download.insecure.org/nmap/dist/nmap-4.22SOC5.tar.bz2
http://download.insecure.org/nmap/dist/nmap-4.22SOC5-setup.exe
http://download.insecure.org/nmap/dist/nmap-4.22SOC5-win32.zip
http://download.insecure.org/nmap/dist/nmap-4.22SOC5-1.src.rpm
http://download.insecure.org/nmap/dist/nmap-4.22SOC5-1.i386.rpm
http://download.insecure.org/nmap/dist/nmap-frontend-4.22SOC5-1.i386.rpm
http://download.insecure.org/nmap/dist/nmap-4.22SOC5-1.x86_64.rpm
http://download.insecure.org/nmap/dist/nmap-frontend-4.22SOC5-1.x86_64.rpm
http://download.insecure.org/nmap/dist/nmap-4.22SOC5.tgz
That's all... just some tidbits I wanted to share.
I was on a WebEx conference last month, and it's no secret that I've got a few computers sitting around... Yet for all my computers, I couldn't use WebEx. Why? Well, WebEx wasn't supporting Vista and doesn't support Linux and it also doesn't play overly well with OS X. I suppose I could have fought to get it working on OS X but the webinar was minutes away from starting.
This month I decided to get an early start and a couple hours before the conference I tried out Vista. It worked slightly better, instead of getting nothing, I had errors copying files when WebEx Event Manager tried to start. I fiddled for a little bit and solved my problem... If you want to use WebEx in Vista, it seems that you have to right click on IE and "Run as Administrator". I'd recommend that you don't surf other sites from this instance of IE and you pray that no WebEx vulns pop-up but that was the only way I could get the Event Manager to properly load. Just thought I'd share that tidbit.
I have to say kudos to Microsoft on the great work on this new tool. The Microsoft Update Catalog is a search engine for Microsoft updates. Unfortunately it's late, so no pretty screen shots... and I wasn't too happy about the fact that IE is required but it does use ActiveX. It's designed to work like a shopping cart application. You can add the updates to your basket and download them in one lump sum.
Example Searches:
"internet explorer" +"security updates" +"windows xp" [Returns all Security Updates for IE on Windows XP]
The + seems to be irrelevant however, as there is no negative logic... which would be a nice addition. Because of the lack of negative logic, the search:
"internet explorer" +"security updates" +"windows xp" -"x64" will return only x64 updates.
You can also search by KB Number, MS Advisory and Hardware
All in all it's a pretty cool concept... I'd just like to see the search engine improved slightly.