According to the Microsft security advisory 926043, a flaw in the Windows shell could allow remote execution of code. This vulnerability was first published on 28th September and was updated yesterday 2nd October 2006 as the websites that exploit this flaw have been identified. The ActiveX control called Microsoft WebViewFolderIcon ActiveX control (Web View) has been seen to exploit this vulnerability that exists in the Windows Shell.

The effect of this vulnerability is limited in scope given that there is no automatic execution of code. You have to infact visit the malicious website to be affected. Since there is no way an attacker can force you to visit a particular website other than persuading or tricking you into clicking on a benign looking link that in fact redirects you to the attackers website, you should be pretty safe provided you follow the basic tenets of safe computing and browsing:

1. Keep you antivirus software updated
2. Do not click on links in emails from untrusted sources
3. Do not allow websites to install ActiveX controls on your computer without your consent
4. Do not login with an user with administrative credentials unless absolutely necessary

Microsoft suggests some workarounds to protect your computer before Microsoft releases a security update during its monthly patch cycle on 10 October 2006.

Workaround 1: Prevent Internet Explorer from running the Microsoft WebViewFolderIcon ActiveX control by setting the kill bit in the registry for the control. To set the kill bit in registry, paste the following lines in your favourite text editor and save the file with the extension .reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{e5df9d10-3b52-11d1-83e8-00a0c90dc849}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{844F4806-E8A8-11d2-9652-00C04FC30871}]
"Compatibility Flags"=dword:00000400

To apply this registry file to individual systems simply double click it to run it. If you are an administrator with many computers to patch in one or more Windows domains, you can use Group Policy to distribute the registry settings.

Workaround 2: Set the security settings for Internet explorer to prompt you before running any ActiveX Control. To set that in your Internet Explorer follow the steps listed below:

1. In Internet Explorer click on Tools --> Internet Options --> Security Tab
2. Click Internet and click on custom level
3. Scroll down to ActiveX control and plug-ins section and under Run ActiveX controls and plug-ins and click on either Disable or Prompt then click on OK.
4. Follow the same steps for Intranet zone and click OK to close the window.

The same settings again can be deployed to multiple PCs across Windows domains using Group Policies

What is Web view?

Web View is one of two different formats provided by Windows Explorer for viewing file and folder information. This feature allows users to preview documents in a thumbnail view before opening. In addition, information such as title and author is displayed.

Notice: By disabling the above ActiveX control, the websites that make use of ActiveX control will stop functioning correctly. In addition you will no longer be able to preview your pictures in thumbnails in Windows Explorer.

Warning: Only expert users should modify registry settings if at all. Incorrectly modifying the registry may create other problems or render your Windows installation useless. I don't guarantee that the incorrect settings will not harm your computer and accept no liability for your actions. The tip here provided is as is and should be used at your own discretion and caution. I have tested these out on my own computer and found to be working correctly.

I normally don't do this, but for this gadget I felt that I had to do it. I recently bought a Targus Chill Mat against my regular buying habits just because it was on sale and was available for $9.99. I have an old Dell C400 laptop which has of late started to heat up significantly making it very inconvenient to use. I used to balk at the claims of the product manufacturers which say that the heat may burn your lap or degrade performance until I experienced one with my laptop. The laptop running Linux and my website (this one) had slowed down considerably. I didn't know what to do and how to improve the performance of the system. It is a P-III with 256 MB of RAM which was quite sufficient for me so far.

I thought it would be a long shot, but worth it considering the price was just $9.99 and bought it. My wife was more skeptical than me. The best part is it does not have any power requirement and it draws power from the source computer and it requires just 1.05W of power. To learn more of the specification click here. So now for just about a month I am using it and I have hardly seen the laptop's fan kick in for cooling and the laptop remains pretty much cold. I think I have to disconnect it for sometime to get it warm a little.

I now feel that this product is worth it's full price of 29.99 just for the fact that it cools down and protects your laptop. I have not seen major performance improvements, but again I don't use the laptop very regularly so I can't say for sure. But there is some performance improvement for sure. For most of the people with laptop computers, I would recommend purchasing this (or other similar) product and save yourself some breakdowns in the future.

No matter how fast the processor becomes or how cheap the memory gets, software vendors always manage to build applications that consume all available processing power, memory and other computing resources and always demand for more. How can we as users keep on top of all this? Simple. Just run what is necessary on your computer and disable / uninstall everything else that you need. But how can normal Joe Users like us figure out what is necessary and what is not?

Here's where I try to help by providing some tips and suggestions to optimise the usage or computing resources and increasing performance of your computer. Windows installs and starts up many services that may not be needed in a normal home environment or even in enterprise environment. Windows OS out of the box, is a trade-off between usability and optimum performance and security. Every person should configure and lock the system down to improve performance and security. In addition the OEM manufacturers install a lot of software that automatically starts up and takes up a lot of resources. But that is a different story altogether. I will not venture there right now as it has to be tackled on a case by case basis.

To speed up the computers without a lot of effort some of services should be disabled. I will list and explain the services in a phased manner so as to ensure that your computer does not break down and keeps running properly after services are turned off. To disable the services, first we need to start the Services Management console. In Windows XP, to start the console click on Start --> Settings --> Control Panel. If you are using the newer Category interface, click on Perfomance and Maintenance and click on Administrative Tools. In that look for an icon that looks like two engaged gears and is named as Services. If you use the Windows Classic interface, then double click on Administrative Tools and double click on Services to start the console. A short cut to start the console is to Click on Start --> Run and type in services.msc in the dialog window that appears.

You can scroll through the services to find out which are automatic and I am sure you will be amazed to find out what all is running on your computer. To start with you can safely disable the following services.

To disable a service, open the service's properties page by double clicking it and click on Stop to stop the service and select Disabled from the drop down menu next to Startup Type as shown. To start the same service, open the service's properties page by double clicking it and change the startup type to Manual and click on Start to start the service.

That's all for this edition. I will list down more services with additional tips in the next edition.

In this edition of this article, I will list down more services that can safely be disabled. These services can be disabled by opening the services snap-in and changing the startup type and status of the services.

If I have to answer this question, my answer would be no. You cannot fight spam. Spam has been there from the time someone found out that it is cost effective to send hundreds / thousands of unsolicited letters if even 2-5% of the recipients buy from them as compared to other advertising media. Remember catalog mails, flyers, store advertisement?

We don't realise it, but it is a kind of spam that gets in our way of daily activities. We do have to spend time to sort through it and throw it away. You could have spent that time with your kid or wife instead. Why email spam is more frustrating is because there is almost no cost associated with it when compared with cost of production and number of emails sent out and secondly there is no charge to send it. As of today the spam emails amount to more than 85% of total email and the number is set to increase. Believe me.

I have heard options like electronic stamps for sending emails. It's just not practical. What can you and I do to fight spam in a more effective manner? Spam is not going to go away. The best we can do is to use tools to make it a little bit bearable. Compared to 3 years ago, the tools today are much more sophisticated and better. But the spammers are even more smarter than the tools. They work their ways around the tools and still send SPAM emails. Like they put a space between obvious words that SPAM filters catch or use variations of common words like for 500 they will write 5OO. Both look almost the same to human eye, but are totally different to the computer eye. You know what I mean.

There have also been services that declared war on Spam and promised a spam free environment by using spammers methods and tools against them. Remember Blue Security? The Israeli firm that tried that approach. They grossly underestimated the power of spammers. One russian spammer spam them so badly that it brought their entire email infrastructure on its knees and Blue Security conceded defeat and folded its operations.

The point I am trying to make though is you have to accept the fact that spam exists and will continue to exist no matter what we try. The only way to combat it is to make our tools better and most importantly IGNORE the spammers message and advertisement even if the product they are advertising is good and something you always wanted to buy. Someone somewhere clicks through their emails and they earn enough money to send another million emails. If we make it unprofitable for them to operate their spam rings, then only it will stop.

Waitaminute!!! I am talking about every person on this good earth who has a email address to ignore spam emails. Is it even possible? I don't think so. If you hate spam, then it is better to buy some good tools and organise your email so that all good emails that you want to receive go in places other than inbox and spam and unknown emails go to inbox. We cannot define what is bad, but we can certainly define what is good. Once we define what is good, then sort the good things so that you know what is bad and what is not so good.

Next I will talk about some tools that we can easily employ in the fight against spam.

Recently one of my co-workers came to me asking me whether it was possible to send automatic response to message directly from the server. There are situations where it is necessary to send automatic response directly from the server. The preconfigured Out of Office rule is a working example of that. Only, it sends a Out of Office: preamble to every message and it sends response only to the first email received from a particular sender. It may be necessary to send response to every message and with a customised subject and message.

Step 1: In your Outlook Client click on Tools --> Rules and Alerts. If you are using Office XP or older, then you will see Rules Wizard instead of Rules and Alerts.

Step 2: In the Rules Wizard select the Start from a blank rule - Check messages when they arrive option and click Next. In Office 2003 and previous versions, the Start from a blank rule option is available at the top of the dialog window. This will apply the rule to messages as they arrive in the inbox. In the next screen don't select anything and click on Next. It will pop-up a warning that the rule will be applied to all incoming messages. Click Yes to proceed.

Step 3: In the next window, select the action have server reply using a specific message. Click on the specific message link in the lower pane and it will open up a new mail message window. Type in the subject and the message you want to send to all leaving the To: and CC: fields blank. Once you are satisfied with the message, click on Save and close at the top left of the message window.

Step 4: In the next window, select the appropriate exclusion option if any and click Next. Give the rule an intuitive name. Make sure that you don't check the check box next to Apply this rule to messages in Inbox folder. Click OK after turning on the rule.

For any message that you receive after this point, the server will send an automatic reply to sender whether or not your Outlook Client is running or not.

The Fedora project released their newest offering of the linux operating system last week. Roughly 7 months after their last release of Fedora Core 5 which is phenomenal as compared to "You Know Who". The cumulative upgrade is also good apart from the eye-candy changes with respect to the content  and applications included in the OS package. The newer kernel is XEN enabled by default. I understand that XEN was included in Fedora from its Core 3 release, but I never really paid attention to it.

This time it caught my attention during installation with the application support & inclusion to XEN virtualisation. It caught more than my eye when the computer refused to boot up. FC6 uses a PAE (Physical Address Extension) enabled kernel (version 2.6.18-1.2798) and somehow it fails to identify the limitation of the CPU that it is being installed on if the CPU does not have PAE. On booting, the kernel went in to panic with the following message

KERNEL PANIC: Cannot execute a PAE-enabled kernel on a PAE-less CPU!

I tried really hard to recover from this. Even reinstallting the OS and going into GRuB command line to try and load another kernel. But it failed. I could install FC5 and then upgrade to FC6 from there without any issues. The FC5 and earlier versions do not enable PAE. I am yet to check out how FC5 would behave if I put in the same PAE enabled kernel on it. Probably it would faile too.

Anyway, I did not like the idea of giving up on solving this and upgrading from FC5 to FC6. Because, if this is a kernel issue, then I would definitely face this issue sooner of later when I upgraded my kernel so I got books from the library and search on the internet for whatever I could for the kernel and the bug (?) that was troubling me. On searching exhaustively with no results, I finally found something which I felt would work. I knew that I had to set a kernel option. But which one and what?

I found one list on XEN which talked about the same issue that I was facing and it noted that a workaround to the problem I was facing was to use

swiotlb=force

as a kernel parameter when booting. Although it talks about DomU, I was ready to try it on my computer. So I started the installation in rescue mode and at the kernel prompt, I gave this as a kernel parameter and the kernel did not panic. The FC6 went through first boot steps and got me to configure everything and then promptly hung.

It took a reboot to get the computer back on track and start working smoothly. After that it has been working quite nicely and I have done some testing on it that I will post here.

I will also post a detailed installation write-up here in the Technology section.

Microsoft released a security advisory yesterday on 31st October 2006 to address public reports and POC code exploiting a vulnerability in an ActiveX control in Visual Studio 2005 on Windows that could allow Remote code Execution. This vulnerability affects all editions of Windows except those running Visual Studio 2005 on Microsoft Windows Server 2003 (with and without SP1) in their default configuration where Enhanced Security Protection is turned on by default. This vulnerability also does not affect users running IE7 until they choose to enable the control through the ActiveX Opt-in feature in IE7.

The ActiveX control is the WMI Object Broker control, which is included in WmiScriptUtils.dll.

Mitigating Factors

For the RCE to happen in a web based attach, the attacker has to trick the user to visit a malicious website. If the attacker succeeds in doing so and executes the vulnerability, the attacker will get the same privileges as the local logged on user. Whoever is running with minimum user privileges would be less affected than those who run with full system administrator privileges. In addition to this as mentioned earlier, this ActiveX control is disabled by default in IE7 and Windows Server 2003 in its default configuration runs in Enhanced Security mode. By default, Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zone. Additionally, Outlook 2000 opens HTML e-mail messages in the Restricted sites zone if the Outlook E-mail Security Update has been installed. Outlook Express 5.5 Service Pack 2 opens HTML e-mail messages in the Restricted sites zone if Microsoft Security Bulletin MS04-018 has been installed

Some Thoughts

1. Given the amount of websites running today, it is very difficult to distinguish between a benign and a malicious website. With so many website promoting tools (Digg, Furl, Rss, Del.ici.ous, RSS) available, it would be very easy to get someone to visit a malicious website by giving a catchy title to the link.
2. IE7 has been released very recently. It's unlikely that many of the home users would have upgraded it, let alone enterprise users. I suspect many of them are still on IE6.0 SP2. So saying that this is disabled in IE7 doesn't mean much.
3. Nobody users Windows Server 2003 for their day to day browsing needs as it is highly unbrowsable with every website is needed to be added in the allowed zone. Whoever uses it does so in a non-default configuration which may very well be vulnerable to this threat.
4. How many times have we enabled active content in email messages in Outlook or Outlook Express when it displays a notification that it has blocked some active content in the message?
5. How many users do you know who run a simple user on their home PCs? I have seen many enterprises who give their users full administrator access on their computers because its easy and less of a headache.
   

Precautions

We can try as much as we can to defeat such threats using technology. However using safe browsing habits and security minded approach would easily defeat such threats. Some precautions I take are:

1. Not click on any link from an email from untrusted sources
2. Identify some trusted sources for information and visit those for all my information needs.
3. Keep my computers up to date with all the patches.
4. Run Anti-spyware on my computers (it really does a good job of identifying suspected malicious websites)