According to the Microsft security advisory 926043, a flaw in the Windows shell could allow remote execution of code. This vulnerability was first published on 28th September and was updated yesterday 2nd October 2006 as the websites that exploit this flaw have been identified. The ActiveX control called Microsoft WebViewFolderIcon ActiveX control (Web View) has been seen to exploit this vulnerability that exists in the Windows Shell.

The effect of this vulnerability is limited in scope given that there is no automatic execution of code. You have to infact visit the malicious website to be affected. Since there is no way an attacker can force you to visit a particular website other than persuading or tricking you into clicking on a benign looking link that in fact redirects you to the attackers website, you should be pretty safe provided you follow the basic tenets of safe computing and browsing:

1. Keep you antivirus software updated
2. Do not click on links in emails from untrusted sources
3. Do not allow websites to install ActiveX controls on your computer without your consent
4. Do not login with an user with administrative credentials unless absolutely necessary

Microsoft suggests some workarounds to protect your computer before Microsoft releases a security update during its monthly patch cycle on 10 October 2006.

Workaround 1: Prevent Internet Explorer from running the Microsoft WebViewFolderIcon ActiveX control by setting the kill bit in the registry for the control. To set the kill bit in registry, paste the following lines in your favourite text editor and save the file with the extension .reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{e5df9d10-3b52-11d1-83e8-00a0c90dc849}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{844F4806-E8A8-11d2-9652-00C04FC30871}]
"Compatibility Flags"=dword:00000400

To apply this registry file to individual systems simply double click it to run it. If you are an administrator with many computers to patch in one or more Windows domains, you can use Group Policy to distribute the registry settings.

Workaround 2: Set the security settings for Internet explorer to prompt you before running any ActiveX Control. To set that in your Internet Explorer follow the steps listed below:

1. In Internet Explorer click on Tools --> Internet Options --> Security Tab
2. Click Internet and click on custom level
3. Scroll down to ActiveX control and plug-ins section and under Run ActiveX controls and plug-ins and click on either Disable or Prompt then click on OK.
4. Follow the same steps for Intranet zone and click OK to close the window.

The same settings again can be deployed to multiple PCs across Windows domains using Group Policies

What is Web view?

Web View is one of two different formats provided by Windows Explorer for viewing file and folder information. This feature allows users to preview documents in a thumbnail view before opening. In addition, information such as title and author is displayed.

Notice: By disabling the above ActiveX control, the websites that make use of ActiveX control will stop functioning correctly. In addition you will no longer be able to preview your pictures in thumbnails in Windows Explorer.

Warning: Only expert users should modify registry settings if at all. Incorrectly modifying the registry may create other problems or render your Windows installation useless. I don't guarantee that the incorrect settings will not harm your computer and accept no liability for your actions. The tip here provided is as is and should be used at your own discretion and caution. I have tested these out on my own computer and found to be working correctly.

I normally don't do this, but for this gadget I felt that I had to do it. I recently bought a Targus Chill Mat against my regular buying habits just because it was on sale and was available for $9.99. I have an old Dell C400 laptop which has of late started to heat up significantly making it very inconvenient to use. I used to balk at the claims of the product manufacturers which say that the heat may burn your lap or degrade performance until I experienced one with my laptop. The laptop running Linux and my website (this one) had slowed down considerably. I didn't know what to do and how to improve the performance of the system. It is a P-III with 256 MB of RAM which was quite sufficient for me so far.

I thought it would be a long shot, but worth it considering the price was just $9.99 and bought it. My wife was more skeptical than me. The best part is it does not have any power requirement and it draws power from the source computer and it requires just 1.05W of power. To learn more of the specification click here. So now for just about a month I am using it and I have hardly seen the laptop's fan kick in for cooling and the laptop remains pretty much cold. I think I have to disconnect it for sometime to get it warm a little.

I now feel that this product is worth it's full price of 29.99 just for the fact that it cools down and protects your laptop. I have not seen major performance improvements, but again I don't use the laptop very regularly so I can't say for sure. But there is some performance improvement for sure. For most of the people with laptop computers, I would recommend purchasing this (or other similar) product and save yourself some breakdowns in the future.

No matter how fast the processor becomes or how cheap the memory gets, software vendors always manage to build applications that consume all available processing power, memory and other computing resources and always demand for more. How can we as users keep on top of all this? Simple. Just run what is necessary on your computer and disable / uninstall everything else that you need. But how can normal Joe Users like us figure out what is necessary and what is not?

Here's where I try to help by providing some tips and suggestions to optimise the usage or computing resources and increasing performance of your computer. Windows installs and starts up many services that may not be needed in a normal home environment or even in enterprise environment. Windows OS out of the box, is a trade-off between usability and optimum performance and security. Every person should configure and lock the system down to improve performance and security. In addition the OEM manufacturers install a lot of software that automatically starts up and takes up a lot of resources. But that is a different story altogether. I will not venture there right now as it has to be tackled on a case by case basis.

To speed up the computers without a lot of effort some of services should be disabled. I will list and explain the services in a phased manner so as to ensure that your computer does not break down and keeps running properly after services are turned off. To disable the services, first we need to start the Services Management console. In Windows XP, to start the console click on Start --> Settings --> Control Panel. If you are using the newer Category interface, click on Perfomance and Maintenance and click on Administrative Tools. In that look for an icon that looks like two engaged gears and is named as Services. If you use the Windows Classic interface, then double click on Administrative Tools and double click on Services to start the console. A short cut to start the console is to Click on Start --> Run and type in services.msc in the dialog window that appears.

You can scroll through the services to find out which are automatic and I am sure you will be amazed to find out what all is running on your computer. To start with you can safely disable the following services.

To disable a service, open the service's properties page by double clicking it and click on Stop to stop the service and select Disabled from the drop down menu next to Startup Type as shown. To start the same service, open the service's properties page by double clicking it and change the startup type to Manual and click on Start to start the service.

That's all for this edition. I will list down more services with additional tips in the next edition.

In this edition of this article, I will list down more services that can safely be disabled. These services can be disabled by opening the services snap-in and changing the startup type and status of the services.

If I have to answer this question, my answer would be no. You cannot fight spam. Spam has been there from the time someone found out that it is cost effective to send hundreds / thousands of unsolicited letters if even 2-5% of the recipients buy from them as compared to other advertising media. Remember catalog mails, flyers, store advertisement?

We don't realise it, but it is a kind of spam that gets in our way of daily activities. We do have to spend time to sort through it and throw it away. You could have spent that time with your kid or wife instead. Why email spam is more frustrating is because there is almost no cost associated with it when compared with cost of production and number of emails sent out and secondly there is no charge to send it. As of today the spam emails amount to more than 85% of total email and the number is set to increase. Believe me.

I have heard options like electronic stamps for sending emails. It's just not practical. What can you and I do to fight spam in a more effective manner? Spam is not going to go away. The best we can do is to use tools to make it a little bit bearable. Compared to 3 years ago, the tools today are much more sophisticated and better. But the spammers are even more smarter than the tools. They work their ways around the tools and still send SPAM emails. Like they put a space between obvious words that SPAM filters catch or use variations of common words like for 500 they will write 5OO. Both look almost the same to human eye, but are totally different to the computer eye. You know what I mean.

There have also been services that declared war on Spam and promised a spam free environment by using spammers methods and tools against them. Remember Blue Security? The Israeli firm that tried that approach. They grossly underestimated the power of spammers. One russian spammer spam them so badly that it brought their entire email infrastructure on its knees and Blue Security conceded defeat and folded its operations.

The point I am trying to make though is you have to accept the fact that spam exists and will continue to exist no matter what we try. The only way to combat it is to make our tools better and most importantly IGNORE the spammers message and advertisement even if the product they are advertising is good and something you always wanted to buy. Someone somewhere clicks through their emails and they earn enough money to send another million emails. If we make it unprofitable for them to operate their spam rings, then only it will stop.

Waitaminute!!! I am talking about every person on this good earth who has a email address to ignore spam emails. Is it even possible? I don't think so. If you hate spam, then it is better to buy some good tools and organise your email so that all good emails that you want to receive go in places other than inbox and spam and unknown emails go to inbox. We cannot define what is bad, but we can certainly define what is good. Once we define what is good, then sort the good things so that you know what is bad and what is not so good.

Next I will talk about some tools that we can easily employ in the fight against spam.

Recently one of my co-workers came to me asking me whether it was possible to send automatic response to message directly from the server. There are situations where it is necessary to send automatic response directly from the server. The preconfigured Out of Office rule is a working example of that. Only, it sends a Out of Office: preamble to every message and it sends response only to the first email received from a particular sender. It may be necessary to send response to every message and with a customised subject and message.

Step 1: In your Outlook Client click on Tools --> Rules and Alerts. If you are using Office XP or older, then you will see Rules Wizard instead of Rules and Alerts.

Step 2: In the Rules Wizard select the Start from a blank rule - Check messages when they arrive option and click Next. In Office 2003 and previous versions, the Start from a blank rule option is available at the top of the dialog window. This will apply the rule to messages as they arrive in the inbox. In the next screen don't select anything and click on Next. It will pop-up a warning that the rule will be applied to all incoming messages. Click Yes to proceed.

Step 3: In the next window, select the action have server reply using a specific message. Click on the specific message link in the lower pane and it will open up a new mail message window. Type in the subject and the message you want to send to all leaving the To: and CC: fields blank. Once you are satisfied with the message, click on Save and close at the top left of the message window.

Step 4: In the next window, select the appropriate exclusion option if any and click Next. Give the rule an intuitive name. Make sure that you don't check the check box next to Apply this rule to messages in Inbox folder. Click OK after turning on the rule.

For any message that you receive after this point, the server will send an automatic reply to sender whether or not your Outlook Client is running or not.

Microsoft released a security advisory yesterday on 31st October 2006 to address public reports and POC code exploiting a vulnerability in an ActiveX control in Visual Studio 2005 on Windows that could allow Remote code Execution. This vulnerability affects all editions of Windows except those running Visual Studio 2005 on Microsoft Windows Server 2003 (with and without SP1) in their default configuration where Enhanced Security Protection is turned on by default. This vulnerability also does not affect users running IE7 until they choose to enable the control through the ActiveX Opt-in feature in IE7.

The ActiveX control is the WMI Object Broker control, which is included in WmiScriptUtils.dll.

Mitigating Factors

For the RCE to happen in a web based attach, the attacker has to trick the user to visit a malicious website. If the attacker succeeds in doing so and executes the vulnerability, the attacker will get the same privileges as the local logged on user. Whoever is running with minimum user privileges would be less affected than those who run with full system administrator privileges. In addition to this as mentioned earlier, this ActiveX control is disabled by default in IE7 and Windows Server 2003 in its default configuration runs in Enhanced Security mode. By default, Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zone. Additionally, Outlook 2000 opens HTML e-mail messages in the Restricted sites zone if the Outlook E-mail Security Update has been installed. Outlook Express 5.5 Service Pack 2 opens HTML e-mail messages in the Restricted sites zone if Microsoft Security Bulletin MS04-018 has been installed

Some Thoughts

1. Given the amount of websites running today, it is very difficult to distinguish between a benign and a malicious website. With so many website promoting tools (Digg, Furl, Rss, Del.ici.ous, RSS) available, it would be very easy to get someone to visit a malicious website by giving a catchy title to the link.
2. IE7 has been released very recently. It's unlikely that many of the home users would have upgraded it, let alone enterprise users. I suspect many of them are still on IE6.0 SP2. So saying that this is disabled in IE7 doesn't mean much.
3. Nobody users Windows Server 2003 for their day to day browsing needs as it is highly unbrowsable with every website is needed to be added in the allowed zone. Whoever uses it does so in a non-default configuration which may very well be vulnerable to this threat.
4. How many times have we enabled active content in email messages in Outlook or Outlook Express when it displays a notification that it has blocked some active content in the message?
5. How many users do you know who run a simple user on their home PCs? I have seen many enterprises who give their users full administrator access on their computers because its easy and less of a headache.
   

Precautions

We can try as much as we can to defeat such threats using technology. However using safe browsing habits and security minded approach would easily defeat such threats. Some precautions I take are:

1. Not click on any link from an email from untrusted sources
2. Identify some trusted sources for information and visit those for all my information needs.
3. Keep my computers up to date with all the patches.
4. Run Anti-spyware on my computers (it really does a good job of identifying suspected malicious websites)
   

In continuing with this series of posts aimed at helping you speed up your computer, I will list down five more services that you can disable to improve the speed and performance of your computer. Some of the services that get installed are just there for extra functionality that we never use and some of the services like Routing and Remote Access are there for some specific purpose that we may never need and will not be applicable for our operating environment.