Windows XP Professional

Microsoft originally said that new owners of Windows 7 who wanted to downgrade to XP would only have until 2011 to do so, but now the company has changed its mind and extended support for the old operating system until 2020.

That’s right. Windows XP, an operating system that is already almost 10 years old, will apparently still be relevant for another 10 years.

“We have decided to extend downgrade rights to Windows XP Professional beyond the previously planned end date at Windows 7 SP1,” wrote Microsoft in an official blog post. “Going forward, businesses can continue to purchase new PCs and utilize end user downgrade rights to Windows XP or Windows Vista until they are ready to use Windows 7.”

Because users did not seem to be overly outraged about Windows 7 the way everyone was about Vista, it seemed perfectly fine to cut off the remaining life of Windows XP without too much haste. And for the majority of individual computer owners, that probably wouldn’t have been a problem.

However, what is a problem is that 74% of businesses still use Windows XP, and for a lot of them, the cost of upgrading all of their machines to Windows 7 is not financially tenable. Thus, companies risk having old computers with Windows XP and new computers with Windows 7 which would fragment their network and make it impossible to streamline systems.

It is as a result of that statistic that Microsoft will now continue to allow downgrades to Windows XP for people who purchase Windows 7 Professional through 2015, and through 2020 for people who purchase Windows 7 Ultimate, according to a report from Computerworld.

However, as of yesterday, Microsoft ended all support for Windows XP SP2, so anyone who still wants to be covered by Microsoft support will at least have to move to XP’s Service Pack 3.

Previously only bookmarks could be synced across various machines, but with this latest release, users will now be able to port their preferences – including zoom defaults, themes and homepage settings – to the various computers they browse from. By associating browser settings with a Google account, users can quickly sync the settings on their various installations of Chrome.

Additionally, this newest version of Chrome now supports some fancy new HTML5 features, including geolocation APIs, and drag-and-drop functionality. Beta release testers of Chrome may have already spotted the ability to use Google Maps’ location functions, as well as drag-and-drop of attachments from within Gmail.

Chrome Benchmark Results

According to Google, today’s release of Chrome is the fastest ever, improving “by 213 percent and 305 percent in Javascript performance by the V8 and SunSpider benchmarks” since its initial beta release. Google is also working with Adobe to fully integrate Flash into the browser with new plug-in APIs, but this will not be available until the next full release of Flash Player in the near future.

In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped.

“The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer,” read the advisory. “If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.”

Last week, Prodeus called the bug a “logic flaw,” and said attackers could exploit it by feeding users malicious code disguised as a Windows help file — such files have a “.hlp” extension — then convincing them to press the F1 key when a pop-up appeared. He rated the vulnerability as “medium” because of the required user interaction.

Windows 2000, Windows XP and Windows Server 2003 are impacted by the bug, said Microsoft, and any supported versions of Internet Explorer (IE) on those operating systems — including IE6 on Windows XP — could be leveraged by attackers. Previously, Prodeus had said that users running IE7 and IE8 were at risk, but had not called out IE6.

Until a patch is ready, users can protect themselves by not pressing the F1 key if a Web site tells them to, said Microsoft. ”As an interim workaround, users are advised to avoid pressing F1 on dialogs presented from Web pages or other Internet content,” said David Ross with the Microsoft Security Response Center (MSRC) engineering staff in a blog entry on Monday.

“The prompt can appear repeatedly when dismissed, nagging the user to press the F1 key,” Ross added.

The security advisory made the same recommendation: “Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited.” Users can also stymie attacks by disabling Windows Help. The advisory explained how to entering a one-line command at a Windows command-line prompt to lock down the Help system.

The company took Prodeus to task for taking the bug public, something it regularly does when researchers disclose a vulnerability or post sample attack code before a patch is available.

“Microsoft is concerned that this vulnerability was not responsibly disclosed, potentially putting customers at risk,” said Jerry Bryant, a senior manager with the MSRC, in an e-mail. By Prodeus’ account, he notified Microsoft of the flaw Feb. 1, about four weeks before publishing his findings.

Microsoft has not set a timeline for a fix, saying only that, “Microsoft will take the appropriate action to help protect our customers.” The next scheduled security patch date for the company is March 9.

Although it does not rate the severity of vulnerabilities in its advisories, Microsoft noted that hackers exploiting the VBScript flaw using Windows Help and Internet Explorer could grab complete control of a Windows system. Customers running Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2 are safe from such attacks, Microsoft said.

Post-Patch Tuesday reports of XP SP2 and SP3 users being unable to restart their systems after applying the new MS10-015 patch led Microsoft to suspend its automatic distribution of that patch while it investigated whether the patch itself was causing the problem. The director of Microsoft’s Security Response Center, Mike Reavey, said in a blog post today that the issue occurs when a system is infected with the so-called Alureon rootkit.

“The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state. In every investigated incident, we have not found quality issues with security update MS10-015,” Reavey said. “Our guidance remains the same: customers should continue to deploy this month’s security updates and make sure their systems are up-to-date with the latest anti-virus software.”

The finding syncs with what some security researchers concluded earlier in the week, after initial concerns that the patch itself was flawed.

Meanwhile, distribution of the MS10-015 patch is still on hold for some systems via Automatic Update until Microsoft comes up with a fix for the issue, which it says only affects 32-bit machines. Automatic Updates for 64-bit systems are now again pushing the MS10-015 patch, which fixes a bug in the Windows kernel.

“A malware compromise of this type is serious, and if customers cannot confirm removal of the Alureon rootkit using their chosen anti-virus/anti-malware software, the most secure recommendation is for the owner of the system to back up important files and completely restore the system from a cleanly formatted disk,” Reavey said.

Microsoft is working on a “simpler solution” to detect and eradicate the rootkit from infected systems, which it plans to release in a few weeks, according to Reavey.

Setting a machine to “standard” rather than “administrator” account mode typically prevents kernel malware from infecting systems, he said, and keeps antivirus signatures up-to-date is also helpful.

Good news for users of Google’s Chrome browser on the Apple platform. Extensions and bookmarking are now fully supported (thank goodness!).

The new version means users can take advantage of more than 2,200 extensions that add features and bolster the usability of Chrome within Mac OS. Extensions can be selected and managed through the options menu.

As for bookmarks, Google explains that bookmarks can be synced between multiple computers, even between Macs, Windows and Linux machines. It also adds bookmark and cookie managers “in a way that feels completely at home on the Mac.” A new Task Manager will help power users keep better track of tabs.

For the impatient, the new version can be downloaded right away. The version number is 5.0.307. The link is here. Haven’t tried it yet? Well it seems to be catching on fast and is super fast, so you might want to give it a shot because it could just replace your current browser… it sure did for me!

Here are a couple of videos that Google through together to explain how it all works.

The major features in this release (officially labeled 4.0.249.78—uh, we’ll just call it 4.0):

• Extensions
• Bookmark sync
• Enhanced developer tools
• HTML5: Notifications, Web Database, Local Storage, WebSockets, Ruby support
• v8 performance improvements
• Skia performance improvements
• Full ACID3 pass, due to re-enabled remote font support (with added defense against bugs in operating system font libraries)
• HTTP byte range support
• New security feature: “Strict Transport Security” support
• Experimental new anti-reflected-XSS feature called “XSS Auditor”

They’ve also pushed out a handful of security fixes, listed on the Chrome Releases blog post. Google’s spinning this release as adding “over 1,500 new features” to Chrome by virtue of the number of extensions already available to the Chrome community. This update isn’t the final blow to Firefox or anything along those lines, but we can’t help but think the folks at Mozilla would be a little worried.

Extensions are a large part of what’s set Firefox apart from Chrome, while Chrome has often out-paced Firefox in arenas like performance. As Chrome extensions hit the mainstream stable release, we could see a lot of people considering the switch.

Chrome 4.0.etc. is a free, stable release for Windows only but you can only expect the other OS’s versions to be caught up fairly quickly.

“We continue to see infection rates at a very high level, especially for the A and B variants [of Conficker],” says Andre DiMino, director of the Shadowserver Foundation, which tracks Conficker infections for the Conficker Working Group. “We’ve done a good job at getting a grasp on Conficker itself and its architecture, and have also had great response from groups within the Conficker Working Group. Now we just need to be a little more aggressive in remediation and with more awareness to really make a concerted effort to get this thing cleaned up.”

What concerns security researchers is that despite all of the resources and attention being poured into eradicating Conficker — Microsoft even offers a $250,000 bounty to catch the people behind the worm — infections just keep coming worldwide. “It continues to be a giant engine idling, and we wait and see what they’re going to do with it,” DiMino says.

DiMino worries that all of the hype surrounding the April Fool’s Day Conficker event that never was lulled users into a false sense of security that they are immune to Conficker, and that it’s considered old hat now compared with other threats.

But no current threats exist with the volume of infections Conficker has amassed, according to Shadowserver’s calculations. Even as it experienced a typical slight weekend dip, Conficker was still at 5.5 million infected IP addresses as of yesterday for A and B variants, down from 6 million on Friday. Shadowserver’s data shows most of the infected machines in Brazil and China, with Vietnam not far behind.

Microsoft, meanwhile, says of all of the attacks exploiting the MS08-067 vulnerability, Conficker accounts for more than 3 million threat reports versus about a half million for all other vulnerabilities exploiting the bug, which can allow remote code execution via a rogue RPC request handled by Microsoft Windows Server Service. Microsoft researchers presented that and other data at the Virus Bulletin conference in Geneva last week.

Security experts say Conficker’s sheer size has a lot to do with how difficult it is to fully remove it from an infected machine. Mikko Hypponen, chief research officer F-Secure, says many of the infected machines are ones that were reinfected with Conficker.

“It sets very tricky ACL rights to files and registry keys it creates,” Hypponen says. “Removing it manually is almost impossible. And making [Conficker removal] tools available took much longer than with any other worm, as this one was so complicated.” Marcus Sachs, director of the SANS Internet Storm Center, says Conficker is able to snap up so many victims because such a large attack surface of machines on the Internet aren’t properly patched. “It is highly likely that many machines that were previously infected, then cleaned, got reinfected due to users either not finishing the cleaning by applying the patches [closing the hole that allowed the infection in the first place], which then leads to a subsequent reinfection, or by accidentally uninstalling the patch or update that closed the hole,” Sachs says. “But there are hundreds of millions of computers on the Internet. That is a large attack surface, and it’s possible that Conficker can still claim millions more victims just due to user carelessness.”

F-Secure and Microsoft are among the security vendors that offer Conficker removal tools. Hypponen says most of the infected machines are from Brazil, China, Vietnam, Russia, Indonesia, India, the Philippines, Thailand, South Korea, and Ukraine. “The USA is at the bottom of the list. Conficker is not a major problem in the U.S. or Europe anymore,” he says.

Although the numbers aren’t broken down by consumers versus businesses, most security experts say Conficker is mainly a consumer and small to midsize business problem, especially among SMBs in developing nations. According to recent data from Damballa, Conficker is no longer one of the top 10 botnets infecting enterprises.

The C variant of Conficker is decreasing, while infection rates of the A and B version are on the rise, according to F-Secure’s Hypponen.

“[Conficker] will never stop spreading. There are tons of computers out there that can still get infected. Users just don’t get it. And there’s just so much a single working group can do,” he says. “Still, I do think the Conficker Working Group is the best example of cross-industry cooperation I’ve seen in my 19-year career in this field.”

No one knows for sure what Conficker’s operators plan to do with the botnet. And researchers won’t comment on any clues or information they have gathered on the bad guys behind it. “The malware writers were obviously professionals. Conficker’s main goal is to spread to as many machines as possible and eventually build a network of computers, which they can use to install other malware through an update mechanism,” Microsoft researcher wrote in their paper for the Virus Bulletin conference.

Shadowserver’s DiMino says it’s hard to tell whether the same gang behind Conficker is still pulling the strings, or whether it has “co-opted” with another group. “Are we at a high-noon standoff with the Conficker guys right now? It’s hard to say. But potential for harm is great, and that’s why we have to try to stay in lock-step with them,” he says.

So far, Conficker hasn’t been used for large DDoS botnets as was once feared, SANS ISC’s Sachs says. “It might be an out-of-control experiment, it might be a test to see how well the responders respond, or it might be the seeds of a future attack that we have not thought of yet,” Sachs says. “Only time will tell.”

AV-Test.org reports that MSE found and killed all 25 rootkits tossed its way during a test it conducted on the new software, which Microsoft rolled out on Tuesday. MSE basically replaces Microsoft’s subscription-based OneCare product, but focuses solely on anti-malware — detecting and removing viruses, spyware, rootkits, and Trojans. It doesn’t come with security “suite” functions, like a firewall, computer maintenance tasks, or backup.

AV-Test.org tested the new version 1.0.1611.0 with virus and spyware definitions 1.67.178.0 on Windows XP SP3, Vista SP2, and Windows 7. Rootkits traditionally have been the nemesis of many AV products. But Andreas Marx, CEO of AV-Test.org, says MSE’s 100 percent rootkit detection rate was “very impressive.”

MSE also detected all 3,700 samples of static malware, but the software was unable to detect new, unknown malware using dynamic, behavior-based detection. “None of the samples were detected based on their suspicious behavior,” Marx says. But, he says, other AV-only packages don’t include this dynamic detection feature, either. It’s usually only available in Internet security “suite” versions of the products, he says.

On XP, MSE found 98.44 percent of current samples of viruses, worms, Trojans, and bots, and 90.95 percent of adware and spyware. AV-Test.org found that MSE was able to remove all active malware components during the repair and cleanup phase, but in some cases residual pieces from the infections remained, such as inactive executable files and a disabled Windows firewall.

“The scan speed is quite OK when compared with other AV products. The scanner is not the fastest one, but also not the slowest available,” Marx says. He notes the test was a quick summary of some of the product’s features, and that the lab plans to conduct more in-depth testing and reviews of MSE. So this is early good news for Microsoft’s brand new product that is being put to the test. Only time will tell if it is able to keep up with the new threats that will target it and try to break through its defenses.

One popular way of protecting removable drives is by creating a folder or file and renaming it as AUTORUN.INF. It could enable the malware to automatically run on the system even without the users executing it. By creating this file beforehand, ideally, worms would not be able to run in this way.

However, this method is not perfect. Worms can delete the existing AUTORUN.INF file or folder, and then replace it with a malicious version. This would negate any protection placed by the user on the said file. However, by using file permissions to restrict changes, the AUTORUN.INF file can be protected more effectively.

Note: Make sure that your external drive is formatted using NTFS, as this procedure uses a specific feature of NTFS. If your removable drive is formatted using either FAT or FAT32, back up any data on the said drive first and reformat using NTFS. This may require Windows Vista or Windows 7.

• Create a new folder in the root directory of the removable disk and rename it as “AUTORUN.INF.”
• Create four more folders in the same location and named it as “recycle,” “recycler,” “recycled,” and “setup” respectively.
• Open a command prompt (cmd.exe) and go to the root directory of your removable drive.
• Set the folder attributes using the following DOS command: attrib autorun.inf /s /d –a +s +r

• Set the privilege level of the folder using the following DOS command: cacls autorun.inf /c /d administrators

• Select ‘Y’ and press enter when the message, “Are you sure (Y/N)?” is prompted.
  
• To test it, try to delete, modify, rename, copy, or open the created folder. If you cannot perform any of these functions, then the procedure is successful.

In addition to the above procedure, users may also choose to use hardware means of protection. Certain removable drives have an external switch that prevents the device from being written to. This would prevent malware from making any modifications to the drive, including the AUTORUN.INF file. However, as this may prove to be somewhat inconvenient, it is still a good idea to use the procedure shown above.

April 1 came and went, and… nothing happened. Several days later, another variant appeared, but without the Internet ending (as some of the worst reporting would have led readers believe) most people believed that DOWNAD, as a major threat, was gone.

While it may no longer be as in the news at it was at its height, DOWNAD didn’t suddenly go away. Recent estimates from the Conficker Working Group place the number of unique IP addresses affected by the top 3 DOWNAD variants at well over 5 million. Even considering the group’s disclaimer of putting the number of actually infected systems at only 25-75% of that number, a minimum of 1.25 million infected systems is nothing to laugh at.

The Trend Micro World Virus Tracking Center (WTC) numbers bear this out as well. Almost 790,000 systems were found to be infected with DOWNAD variants in the first three months of the year. In the three succeeding months, that number was almost 1.9 million. Clearly, DOWNAD did not decide to quietly go away.

In addition, out of the public eye, DOWNAD went off and did something with all those infected systems: it went off and formed its own botnet. This was documentedin mid-April by Advanced Threat Researchers Paul Ferguson and Ivan Macalintal. The short version, however, is simpler: DOWNAD was used to create a botnet. These can be used for the usual range of threats: spam, Denial of Service attacks, spreading FAKEAV malware, and so on.

Like it or not, malware threats are part of what users have to deal with day in, day out. Like anything people deal with regularly, people become used to malware threats. What was once noteworthy and unusual becomes dull and ordinary. However, this in fact doesnotmake the threat any less dangerous. If anything, it can be argued that it makes the threat more dangerous, as users are more likely to be caught unaware of a threat that may not be something they’re looking out for.

In a very real way, threats like DOWNAD become part of the background noise that is a part of life on the Internet. While it may be unrealistic to expect individual users to keep in mind all threats, but good computing practices will help immensely. The most important one may be: keep your software up to date. This is particularly true for your operating system–a properly patched system would have been proof against most DOWNAD variants. Trend Micro users would have been protected via the Smart Protection Network, of course, but closing the underlying vulnerability would still have been essential.

The price of using your computer freely in today’s Internet may well be constant and unceasing vigilance.

On Sunday Damballa researchers grabbed control of the C&C domain, but they say this is likely just one of many versions of the rogue Windows 7 OS: “In this case, we neutralized one release version of the Trojan’ed OS,” Cox says. “So if users have an older version and install it, we’ve neutralized it from downloading additional malware.”

Cox says the main goal of the Trojan tucked into the pirated OS is to add additional malware packages to the victims’ machines in a “pay-per-install” scheme, where the software piracy ring makes money from cybercrime groups who pay them to successfully install the malware. “The pirated software is the social enticement initially, and the second state is downloading additional packages of malware installed and distributed [via] the Trojan on a pay-per-install [arrangement],” Cox says.

Windows 7 has, indeed, become the newest lure: Trend Micro researchers have reported a Trojan downloader posing as a copy of the Windows 7 Release Candidate on popular torrent sites. The Trojan appears as a file called “setup.exe” when users download what they think is the Windows 7 RC. The Trojan, dubbed “TROJ DROPPER.SPX” by Trend Micro, downloads TROJ AGENT.NICE, both of which can be detected by Trend Micro’s Smart Protection Network.

Meanwhile, software piracy is on the rise, especially in the U.S., according to a report released yesterday by the Business Software Alliance and IDC. One-fifth of all PC software in the U.S. is pirated, which is the lowest rate in the world, according to the report. But the U.S. also boasts the biggest losses from piracy, at about $9.1 billion, according to the report. And most of the bots in the pirated Windows 7 OS scheme are in the U.S., according to Damballa, with about 10 percent of the bots, followed by 7 percent in both the Netherlands and Italy.

Damballa’s Cox says most traditional antivirus software is unable to detect the pirated Windows 7 Trojan because the OS itself is infected, and because most antivirus solutions don’t yet support Windows 7. “We continue to see new installs happening at a rate of about 1,600 per day with broad geographic distribution,” Cox says. “Since our takedown, any new installs of this pirated distribution of Windows 7 RC are inaccessible by the botmaster. The old installs are accessible.”

The actual Windows 7 Release Candidate can be downloaded from Microsoft here.

While some of these methods are quite simple and will do most of the job, there are also some more in-depth things that can also be done for users who swim in increasingly dangerous waters and need the extra security. So without me talking for pages about what can be done, I am going to jump right into the list and let you know what can be done to help secure your system from the dangerous waters known as the internet!

1. Turn off File Sharing
2. Install a Firewall
3. Scan for Spyware
4. Use Antivirus Software
5. OS Updates
6. Security Scanner
7. Secure Instant Messengers
8. Secure Email
9. Secure your Files
10.  Safe Passwords
- Taken from source. 

While some of these steps are more complicated than others, they are all worth looking into. Most of them are pretty easy to setup and use, and even the ones that do take a bit more knowledge to use have plenty of good websites that do a great job of explaining how to use them in amazing detail! 

So check this stuff out, and if you have any questions or suggestions please feel free to leave a comment about this and I will respond as soon as I get a chance. Also the orginial article / source for this list is listed right under the steps, which also does a good job in explaining so check it out and stay safe!

The belated updates were spotted by researchers for Trend Micro following the arrival of a new file in one of the directories in so-called “honeypot” machines deliberately seeded with Conficker C. Analysis showed that the file had arrived via the peer-to-peer file transfer system that infected machines use to communicate. In a bid to avoid alerting people to its activity, the update is slowly being trickled across the population of machines harbouring the C variant. Exact figures for the number of Conficker-infected machines are hard to determine, but the minimum is widely believed to be three million.

“The Conficker/Downad P2P communications is now running in full swing,” wrote Ivan Macalintal from Trend Research on the company’s security blog. Once it arrives on a machine, the package of data randomly checks one of five different websites – MySpace, MSN, eBay, CNN and AOL – to ensure its host still has net access and to confirm the current time and date. Following this check the data package removes all traces of its installation.

The strong encryption on the payload has, so far, prevented detailed analysis of what it actually does. However, security experts speculate that it is a “rootkit” that will bury itself deep in Windows in order to steal saleable data such as bank website login details. Security researchers are continuing to analyse the payload to get a better idea of what it is intended to do.

Symantec said it too had noticed the increased activity of Conficker and its analysis suggested a link with another well-known virus called Waledac. This malicious program steals sensitive data, turns PCs into spam relays and opens up a backdoor so the machine can be controlled remotely. The security firm noticed that the update also included an instruction to the worm to remove itself on 3 May, 2009. However, the Waledac imposed backdoor on the machine will remain open, so its creators can still control compromised PCs.

As for the Linux version, Google initially thought that a Windows clone would be acceptable, since Chrome itself is already such a fast application. However, the people working on the Linux version of Chrome made a case for using Gtk+ instead, and Google went with that option. Since Chrome is open source, it could still be possible that a Qt version will be developed independently of Google, of course.

When it comes to the Mac version, Goodger explains that the plan there has been to develop a native version all along. ”A Windows-clone would most definitely not be acceptable on MacOS X,” Goodger says, ”where the APIs for UI development are highly evolved and have many outstanding features. So that’s always been the plan there.” The Mac version is coming along nicely, and Google hopes to deliver both the Linux and Mac versions somewhere in June. Hopefully, they will also implement something like Firefox’s NoScript extension because according to some users, the security model is still lacking.

The next major update to Microsoft’s Windows Vista operating system could arrive as late as May or June 2009, months later than originally expected. News site TechArp is reporting an unnamed but reliable source has revealed the final release candidate of Windows Vista Service Pack 2 is scheduled for release in March, 2009. The finalized code will then be made available to hardware manufacturers and OEMs sometime during Q2 2009.

Users will be able to get their hands on the software update shortly thereafter, the website estimates, putting the service pack on track for a May or June release. Vista has proved something of a disaster for Microsoft, but the company is slowly fixing many of the issues that users have reported. The first beta of SP2 was made available in December of last year. Right now, Microsoft is undoubtedly rushing to get Vista SP2 out well ahead of the release of Windows 7, its next major operating system.

Owners of the Barracuda 7200.11 drive can contact Seagate through its support Web site. Seagate also offers support by telephone at 800-SEAGATE (732-4283). The company is offering data recovery services through its i365 data recovery subsidiary. On Friday, Seagate issued a statement saying that a firmware bug has been causing drive failures or freezes affecting not only the Barracuda 7200.11, but also several other models manufactured through December 2008. Those include the DiamondMax 22, the Barracuda ES.2 SATA and the SV35.

The Barracuda 7200.11 is the eleventh generation of Seagate’s flagship drive for desktop PCs and comes in capacities of 160GB to 1.5TB. Seagate manufactures hard disk drives in China, Thailand, Singapore and Malaysia. Hall said he didn’t know what percentage of the 7200.11 drives are failing. “The best information we have right now is that it’s a pretty small population of our drives,” he said. “I’d say this is certainly one of the more highly publicized cases.”

Duncan Clarke, managing director atU.K. data recovery firm Retrodata, said he and his colleagues in the data recovery industry believe that failure rates on Seagate’s Barracuda 7200.11 drive are upwards of 30%. “We’ve been aware of this problem since November. I was getting 30 times the number of those drives than any other drive,” he said. Hall said Seagate isn’t seeing anywhere near a 30% failure rate and hasn’t decided whether to issue a recall on the Barracuda 7200.11 drive.” At the moment, we’re really still looking into it,” he said. “It’s an issue that’s ongoing for us at the moment.”

“This is something that crops up now and then,” Hall said. “Obviously, when you release a drive the firmware is refined over time. There are times when the firmware is at a point where there may be some issues that cause these problems that are undetected when the drive ships.” Clarke said he is disturbed that Seagate has not done enough to address the issue.

“First, they’re shipping rubbish products. Second, they’re not taking responsibility for the problem. They actually own a data recovery company that people go to to recover data from these drives, and they charge a lot of money for that,” Clarke said, referring to the period before Seagate began offering free recovery services. “I hope Seagate is taken to the cleaners over this.” Jeff Pederson, manager of operations at data recovery firm, Kroll Ontrack Inc., said his company has received 100 Barracuda 7200.11 drives, 50 in the last two weeks alone. He said that is a 90% increase over what the company would normally see with a Seagate Barracuda-model drive. ”People are getting perturbed with having to deal with the drive,” he said.

As far as Pederson can tell, the firmware issue is coming from Seagate’s Thailand manufacturing facility. “The firmware is corrupted. It doesn’t interface correctly with the drive and causes it to fail. But, it’s failing at the electronics level and not the platter level, so it’s not destroying data,” he said. Kroll Ontrack is offering a free diagnosis and close to a 50% discount for recovery services to owners of the Barracuda drive, which amounts to $850.

Hall said Seagate is still considering whether it will reimburse customers who took failed drives to i365 or other data recovery services before the larger issue came to light. He acknowledged that this isn’t the first time in recent months that a Seagate product has had firmware problems. In November, Seagate’s 2.5-in. SATA drives with firmware Version 7.01 were failing. The drives, which included model numbers ST96812AS and ST98823AS, are commonly used in laptops such as the MacBook or MacBook Pro. Complaints about the drives have not been limited to Seagate’s online support site. Users have also weighed in on other forums. The complaints involve drives running Linux, Mac OS X and Windows Vista

Russian-based ElcomSoft has just released ElcomSoft Wireless Security Auditor 1.0, which can take advantage of both Nvidia and ATI GPUs. ElcomSoft claims that the software uses a “proprietary GPU acceleration technology,” which implies that neither CUDA, Stream, nor OpenCL are being utilized in this instance. At its heart, what ElcomSoft Wireless Security Auditor does is perform brute-force dictionary attacks of WPA and WPA2 passwords. If an access point is set up using a fairly insecure password that is based on dictionary words, there is a higher likelihood that a password can be guessed. Brute force attacks that send random dictionary words to an access point can eventually successfully guess the password, if given enough time–the more computational power behind it, the faster the software can send passwords attempts and possibly guess the password. *

“Advanced dictionary attacks with deep mutations attempt multiple variants and combinations of each dictionary word. The mutations can be fine-tuned to employ all or some of the settings such as different letter cases, number substitutions, changing the order of characters, using abbreviations and vowel mutations; 12 configurable mutation settings altogether.”

ElcomSoft positions the software as a way to “audit” wireless network security. However, we’re fairly certain that at least some users will use the software for more nefarious means, such as trying to break into someone else’s wireless network. If you manage a wireless network, you should use passwords that use a combination of upper and lower-case letters, numbers, and symbols (if it supported), use relatively long passwords, and avoid dictionary words–in fact, this is good advice for nearly any type of password–not just for wiresless access points. ElcomSoft Wireless Security Auditor runs on Windows NT SP4, Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. The software ordinarily sells for $1,199, but is currently selling at half price ($599.5) until March 1, 2009.

“[And] we still consider this to be a conservative estimate,” said Sean Sullivan, a researcher at F-Secure, in an entry to the company’s Security Lab blog. Yesterday, F-Secure said the worm had infected an estimated 2.4 million machines.

The worm, which several security companies have described as surging dramatically during the past few days, exploits a bug in the Windows Server service used by all supported versions of Microsoft Corp.’s operating system, including Windows 2000, XP, Vista, Server 2003 and Server 2008. Microsoft issued an emergency patch in late October, fixing the flaw with one of its rare “out of cycle” updates.

The soaring number of infections by Downadup — also called “Conficker” by some security companies — prompted Microsoft to add detection for the worm to its Malicious Software Removal Tool (MSRT), the anti-malware utility that the company updates and redistributes each month to Windows machines on Patch Tuesday. The MSRT scans for known malware, then scrubs the system of any it finds.

Like researchers at firms such as Symantec Corp. and Panda Security, Microsoft blamed lackadaisical patching for the infections. “A number of our customers have contacted our support team for assistance with containment in environments that were, largely, not patched when the worm was released,” said Cristian Craioveanu and Ziv Mador, two researchers at Microsoft’s Malware Protection Center, in a Tuesday blog entry. “Either Security Update MS08-067 was not installed at all or was not installed on all the computers.”

Craioveanu and Mador said that the highest number of infection reports had come from the U.S., Canada, Mexico, Korea and several European countries, including the U.K., France and Germany. Yesterday, F-Secure also reported that it was spying on Downadup’s command-and-control process by registering domains it thought the worm would try to use to download additional malware to infected PCs. The worm generates hundreds of possible domain names daily using a complex algorithm, said Mikko Hypponen, F-Secure’s chief research officer.

“This makes it impossible and/or impractical for us good guys to shut them all down,” acknowledged Hypponen in a blog entry. “The bad guys only need to predetermine one possible domain for tomorrow, register it and set up a Web site, and they then gain access to all of the infected machines. Pretty clever.” Even so, F-Secure has registered some of the possible hosting domains so that it can eavesdrop on the attackers and get an idea of the number of infected PCs.

Other security firms have tried to preempt hackers by registering domains that they may use, but with mixed results. Last November, FireEye Inc. tried to stay ahead of criminals operating the “Srizbi” botnet by registering several hundred domains being used to resurrect the infected PC army, but had to give up the game when it got too costly.

“We have registered a couple hundred domains,” said Fengmin Gong, chief security content officer at FireEye, at the time. “But we made the decision that we cannot afford to spend so much money to keep registering so many [domain] names.”

As soon as FireEye conceded, the hackers were able to re-establish communication with their bots. Microsoft recommended that Windows users install the October update, then run the January edition of the MSRT to clean up compromised computers.

It’s not clear whether the hackers behind Downadup are building a botnet of their own, said Joe Stewart, a senior security researcher at SecureWorks Inc., in an interview today. For the moment, they seem satisfied with feeding victims fake security software, which pesters users with pop-ups until they pay for the worthless program. However, F-Secure’s Hypponen sounded worried about the possibility that machines infected with Downadup would be converted into bots. “It would make for one big badass botnet,” he said.

So, if anything is to be learned by news such as this… I would say to always try and keep your Windows machine up to date with the latest updates from Microsoft. Its as easy as going to http://windowsupdate.microsoft.com/ and just following the directions. Well that is as long as you make sure you visit that link with Internet Explorer 7!

It’s an interesting change by Microsoft, which, in the past, has doggedly clung to the hope that Windows Media Video will end up as the prevailing video format for the internet. It appears to have finally conceded that the vast majority of people are watching downloaded stuff in DivX or Xvid — possibly a realisation driven by the enormous amount of telemetry data it has collected from users of Vista that it never had access to through XP. It has stopped short of bundling Adobe Flash support into Windows, though, as it develops its own Silverlight technology.

Windows 7 will also support H.264 video and AAC audio. The support for AAC will be welcome news for people with music and video that has been encoded in Apple iTunes, as Windows 7 will be able to play all iTunes media through Windows Media Player.Unfortunately, this won’t apply to media that has been purchased from Apple’s iTunes store, because Windows 7 can’t decode the Apple FairPlay DRM, which Apple refuses to license to anyone else. 

The ability to play back these additional formats has implications for new Windows 7 services like libraries and networked media player support, as Windows 7 users can index and search across their iTunes media without needing to use iTunes as the default player, and can send a wider variety of media content to a centralized location.

A more subtle user benefit is that by not having to download third-party codec bundles (which is convenient in itself), users can minimise the inevitable build-up of unverified software running on their systems. Most major codecs are freely available, but you often need to install multiple disparate packages to get the widest possible support for digital media — or run an ‘all in one’ CODEC installer which may also come bundled with hidden malware inside. Additionally, these CODEC packages can interfere with other, and the codecs are not necessarily optimised to run efficiently.

By bundling a wide variety of media formats into Windows 7, Microsoft has created an operating environment which negates the need for third-party codecs and should therefore run more stably and reliably. It also brings blanket support for the most popular online media formats, providing an environment in which users can start playing their favourite content immediately.

So this is some good news… as it has me and a lot of others actually looking forward to Windows 7 since it hopes to bring back some of the people who disliked Vista so much!

The end of January remains the cut-off date for PC vendors to purchase licenses, but they can take delivery of those licenses through May 30, 2009. So customers may purchase Windows XP machines right up through June. That would coincide with the rumored release date of Windows 7, the successor to Windows Vista. While Microsoft has publicly said Windows 7 will ship in early 2010, other indicators have pointed to Windows 7 shipping in early June of 2009.

For its part, Microsoft insists this is not an extension. “Microsoft is making accommodation through a flexible inventory program that will allow distributors to place their final orders by January 31, 2009; and take delivery against those orders through May 30, 2009. This is not an extension of sales,” the company said in a statement e-mailed to InternetNews.com.

Windows XP seems to die and come back more often than rumors about Steve Jobs. Microsoft has changed the final release date for XP no less than four times since Vista shipped. All told, Windows XP will have been on the market 90 months by the time Microsoft halts shipments in May. Its predecessors have averaged around 60 months.

The problem isn’t that customers love creaky old Windows XP, introduced in 2001. It’s just that Windows Vista has been so poorly received. Despite numerous updates and a service pack, not to mention the Project Mojave campaign to build awareness and use of Vista, it’s not all that welcome. A recent survey found 46 percent of IT shops will simply tough it out and wait for Windows 7.

Which is a shame, said analyst Mike Cherry of Directions on Microsoft, who thinks Vista today is not the one that shipped two years ago. “I don’t think people understand how good Vista SP1 is,” he told InternetNews.com. “A lot of problems went away with Vista SP1, as long as you pay attention to their hardware limits.”

However, whether Vista deserves its reputation or not, the fact is, people are really negative toward it and Microsoft can’t seem to change it, he noted. “I don’t think Microsoft wants to create a situation where they force people to take something they don’t want. I’m not sure a company can ever do that,” he said. So this is good news for all those XP users out there as we now have a bit longer that we can expect updates and patches to help keep the OS we love around a bit longer!