Posts filed under 'Operating Systems'
Windows Vista is being equipped with a set of tools that will render it next to useless unless it is activated.
Users will have 30 days after installation to enter a valid activation code, after which the operating system will run in “reduced functionality mode”, also referred to as “ugly mode” by several sources. What that means is a little unclear, but one aspect has been spelled out. Internet Explorer will run for one more hour after which the user will be logged out. Use that hour wisely - message your friends, order your shopping from Tesco, but whatever you do, enter a valid key, or order a valid copy.
Even if a genuine code is entered, Microsoft will check the key again at every possible opportunity, including when other Windows software is installed.
If a newly-installed piece of software discovers an invalid code it will first block access to the Windows Defender anti-spyware tool, ReadyBoost memory expansion feature and Aero advanced graphics option. In addition a persistent text will display in the lower right hand of the screen: “This copy of Windows is not genuine.”
Microsoft is also cracking down on OEM suppliers who buy bulk licenses of Windows. In the past a single universal activation has been provided that they can use on unlimited copies. What often happened was that the key was stored unencrypted on a server and, of course, someone would steal it and publish it online. With Vista Microsoft will insist that a unique key is used for each copy of the OS.
October 4th, 2006
Regular readers of TechSmec.com may remember that back in August we brought you reports of the Apple notebook hacking demo that caused a stir at the Black Hat USA 2006 conference. Apple dismissed the demo as unproven at the time and the Mac community rallied against the two SecureWorks reseachers, David Maynor and Jon “Johnny Cache” Ellch. Hell hath no fury like a Mac-lover scorned.
The two were due to present at the ToorCon hacker event on Saturday, but only Ellch turned up. His accusation was thinly veiled, to say the least.
“I can not give this talk without Dave,” Ellch said. “Dave very much wanted to be here. The fact that SecureWorks and Apple managed to compel him not to, means that they must have had something very compelling to stop him.”
So, what is going on? TechSmec.com puts on its deer-stalker hat and looks at the evidence, Sherlock-style…
What started all of this?
Two respected, but hardly famous, hackers demonstrate on video their hacking of the WiFi connection on an Apple notebook.
Why on video? Isn’t that a bit suspicious?
Those security-conscious chaps realised that someone in their knowledgable audience might be able to intercept the packets over WiFi and reverse engineer the process.
Oh right. And did everyone believe them then?
Most people, those who could normally be categorised as ‘Windows users’. Mac users were somewhat more sceptical. In fact they were downright angry.
What got up their noses so much?
Didn’t you know? Macs are unhackable, never get viruses, and are the only way of ensuring world peace.
Really?
Of course not! But Apple would have you believe so and 5% of the computer owning world has fallen for it. In fact they probably aren’t much more secure than a PC running Windows XP, but until now no one could be bothered hacking them.
So Maynor and Ellch wanted to expose this lie.
Actually no. The researchers stressed that the exploit was not specific to Mac wireless cards, but to wireless cards in general. They used a Mac for the demo because OSX is considered a more secure operating system that Windows and wanted to show how powerful the hack was.
Storm in a teacup.
Not if you are Apple. They got a little upset as well and debunked the demonstration. They don’t like having their un-hackable image tarnished, even if it is a third party piece of hardware that’s causing the problem.
What did Maynor and Ellch do?
They announced a LIVE demonstration. The world waited with baited breath until…
Yes?
Apple released a patch for the ‘not really a hack, hack’. Maynor didn’t show up after his company, SecureWorks, pulled him from the event and Ellch went on the war path. “That’s funny,” he said. “I thought there was no bug, and I thought SecureWorks provided no useful information to Apple.”
So Mac notebook users can breathe again?
It appears so. The hack, that never actually existed according to Apple, has been patched….by Apple.
But if the fault was in third party hardware doesn’t that mean that lots of non-Mac notebooks are vulnerable?
Exactly…..
October 1st, 2006
It’s not often that a video-taped demonstration of a hacking technique causes a stir, but that’s exactly what happened when David Maynor, a SecureWorks researcher and Jon “Johnny Cache” Ellch showed how they could take control of an Apple notebook at the Black Hat USA 2006 conference.
In the demo, the two researchers used a Dell laptop running XP to take control of an Apple notebook running OSX. Nothing unusual there, but what made this technique jaw-dropping for the conference delegates was that the Apple wireless card wasn’t looking for a connnection and involved no authentication whatsoever. With a fuzzing attack (throwing wireless packets at a laptop with a Wi-Fi card), the Dell was able to take control of the Mac by installing a root-kit. Then Maynor easily created and deleted files from the Mac desktop in real time.
The demo wasn’t performed live at the conference to prevent malicious delegates intercepting the packets and revese-engineering the attack for their own evil deeds.
Maynor and Ellch were reportedly mobbed after the video was shown by delegates keen to understand how they had acheived the hack.
The researchers stressed that the exploit was not specific to Mac wireless cards, but to wireless cards in general. They used a Mac for the demo because OSX is considered a more secure operating system that Windows and wanted to show how powerful the hack was. Nevertheless, the fact that a Mac was used for the demo has attracted the wrath of Mac fanatics, keen to point out that the wireless hardware inside a MacBook is not made by Apple, as if that makes any difference.
You can watch the video at the Washington Post website.
August 4th, 2006
It seems that Microsoft is not relying on positive press alone to persuade users to download and install the new IE7 web browser when it is released. Instead the software giant will offer the browser as part of its Windows XP Autoupdate facility. However, somewhat surprisingly given past history, Microsoft will stop short of forcing users to upgrade, offering them the option to Install, Don’t Install or Ask me Later.
Microsoft promises that clicking the Don’t Install button will stop users from receiving any future prompts to upgrade to IE7. They will also provide a Blocker Toolkit for enterprise customers who may want to block automatic delivery of IE7; this blocker has no expiration date.
The planned release date falls in the fourth quarter of 2006, although an exact date has not yet been announced.
The new information about Microsoft’s plans for IE7 delivery was revealed in Tony Chor’s IEBlog on MSDN.
July 27th, 2006
In an embarassing turnaround, Microsoft has been forced to withdraw its Private Folder application in the wake of extensive criticism from corporate clients.
Private Folder, which was available free to anyone who had registered their copy of XP with the Windows Genuine Advantage scheme, allowed users to create a password protected folder in which all the contents were encrypted. “Protect your private data when friends, colleagues, kids or other people share your PC or account,” said the original Microsoft announcement.
Unfortunately, a posse (well, make that an army) of corporate clients and network administrators objected violently to the new software claiming that it allowed users to store sensitive data where it couldn’t be seen. There was no backdoor into the data so if an employee left a company, or simply forgot the password, that data was lost forever.
Within days of the backlash Microsoft had removed the tool. “We received feedback about concerns around manageability, data recovery and encryption, and based on that feedback, we are removing the application today. This change will take effect shortly.”, a Microsoft official said in statement for CNET.
Network admins are attempting to hold back the tide by complaining about Private Folder. There were, and still are, 99 ways that corporate data finds its way off the network and into a black hole where they can’t see it - CDs, USB keys are just two. They are going to be very busy if this spells the beginning of a clampdown on data security leaks.
July 17th, 2006
Envizions has announced that the Evo: Phase One media entertainment console will go on sale via the internet October 20, 2006 priced at $679.95The system will ship with the Akimbo video on demand application pre-installed, plus, customers can apply an additional discount on over 1,600 games from the Evo: Direct store upon purchase of their EVO unit.
Evo: Phase One combines computer, media center, and PC gaming into one unit. The system will also boast amazing graphics supported by the Sapphire RADEON HDMI X1600 Pro graphic card. The Sapphire RADEON X1600 Pro has 12 pixel pipelines that provides the highest graphics performance in its class even for shader intensive gaming; equipped with 128MB of DDR3 memory and this model features clock speeds of 500MHz (core) and 800MHz (memory). Other key features include customized liquid cooling system, built-in biometric fingerprint reader and digital video recording features. EVO is designed much like a PC, customers can purchase extended warranties and get next day onsite assistance or 24/7 IT phone service and remote access service packages. The system’s online and networkability will be more apparent in phase two and customized games will be available as the systems continue to expand. EVO will give customers the option to upgrade certain aspects of the system. The EVO: Phase One will offer one package option, with the suggested retail price of $679.99. The package will carry one wireless PC game controller and an EVO: Direct discount card. Other accessories will sell separately. In addition, customers can order customize EVO paint applications upon request.
Derrick Samuels CEO and Founder reported today. “Evo will be one of the first true gaming hybrid consoles that will be built -to-order with few restrictions, but at the same time offer a platform that will constantly evolve to suit the customer’s need. Evo is a computer but it will also provide the entire family the opportunity to access the different applications throughout the home via wireless network.” Samuels added, “The final hardware units should be done in late August and is greatly improved from the unit displayed at E3 this year in Los Angeles. Upon request units will be available for review. Envizions’ goal is to build on quality, service and reliability. To reward our customers we plan to ship all pre-orders first since the unit will have limited release qualities available at launch.
July 12th, 2006
If you can’t wait for the arrival of Windows Vista (or don’t want to risk the Beta version) then why not give reliable old XP a facelift with this set of tools?
Random Good Stuff has pulled together a set of utlities that mimic much of the functionality of Vista, certainly lots of the cool bits.
The Vista Customization Pack 3.6 simulates the Vista Aero style, while the Style XOP Demo will make your icons all Vista-esque.
Microsoft has made much of the search functionality in Vista, but much of it was done several years ago by WinFX. This powerful Desktop search tool from Copernic revives memories of WinFX.
Media Center functionality comes as standard with Vista (well, most versions) but Media Portal 0.2.0.0. RC4 does a good job of that kind of thing, and it’s open source.
You an add the Flip 3D effect to your windows with Top Desk 1.4 Demo and finally the Desktop Sidebar. Of course, you could also use the Google Desktop Search sidebar to achieve the same thing.
Remember, if you don’t know what you’re doing then installing tools like this may not do your PC much good, so proceed with caution!
July 6th, 2006
You would have thought that having support for PDF embedded into the world’s most popular office application would have cheered the bosses at Adobe. Instead they seem more concerned with protecting their Acrobat product and are demanding that Microsoft remove the ability to ’save as PDF’ from Word, Excel and Powerpoint.
Reports in the Wall Street Journal suggest that Adobe is even considering sueing Microsoft on antitrust grounds over the issue.
It seems that Adobe is, like many software companies, concerned about Microsoft including support for their technology for free. If Microsoft were to charge for the PDF creation utility then it would be satisfied.
There are several questions on TechSmec.com’s mind with this one…
1) Adobe is always claiming that PDF is an ‘open’ standard. If that is the case why should Microsoft not be able to do what it wants with the technology, especially seeing as the Office rival, OpenOffice.org isn’t coming under the same scrutiny.
2) Getting the ability to create PDFs onto as many hard drives as possible should be a good thing for Adobe. The Word functionality is only a fraction of what Acrobat can do and we know from experience that once you are wedded to PDF, only Acrobat gives you the flexibility to do what you want with the format.
Rob Helm, director of research at Directions on Microsoft, an independent analyst firm based in Kirkland, Washington, admitted he was surprised by Adobes move in a quote on Red Herring.
I thought Microsofts plan for Office would build the base for the PDF format, but Adobe has apparently come to the opposite conclusion, he said. They believe Office output to PDF will dig into their Acrobat business too much.
Microsoft are taking the threat very seriously and, for once, don’t seem to be up for the fight. “We offered to them that we would [ remove the save as PDF function from Office 2007 ], and now we’ve unilaterally made the decision to do it,” Microsoft spokesperson Jack Evans said on Friday.
June 5th, 2006
Larry Page, Google’s co-founder and president of products, is due to give a keynote address as CES 2006 in Las Vegas. The potential subject of that speech is currently exercising the minds of IT journalists around the world as many are predicting that Page will announce the entry of Google into the hardware market.
The rumour consensus is that we will see a low cost Google-branded PC. Putting aside the obvious problem of getting a decent specification of hardware for a price as low as $200, costs would be held down by avoiding Windows and instead pre-installing an OS based on Linux.
Sone retailers already sell such low-cost PCs. WalMart has previously sold Linux-based machines, but consumers are naturally wary of buying a device that won’t run the majority of the software with which they are familiar. The Google name could be just the incentive consumers need to get over that issue.
So is there any substance to these rumours? They are originating from some very well-connected sources, but the thought of Google risking a head-to-head battle with Microsoft in the OS arena is hard to believe at this stage of the search engine’s development. Our prediction? The Google Web Browser. It’s not a massive leap for the firm and is merely taking on Microsoft in an area where others are already making inroads.
We’ll bring you the real facts after Larry Page’s keynote on Friday.
January 4th, 2006
In a story of worrying irony, it has come to light that the libraries of anti-virus products from Symantec, such as Symantec AntiVirus, Symantec Norton AntiVirus and Symantec Norton Internet Security, could be used to gain control of an infected machine.
According to Symantec the bug, which affects a range of the company’s products, is a “high” risk, while the Danish security specialists Secunia have labelled it as “highly critical”. The vulnerability can be found in the mechanism used by Symantec’s AntiVirus Library to handle RAR compressed files. It could cause a heap overflow, which then may let an attacker execute additional code giving them control of the PC.
Symantec has not yet released an update for this vulnerability, and recommends that people disable automatic scanning of RAR files.
December 22nd, 2005
Previous Posts
