Consumer Alert: Massive Virus Outbreak…

… at least, that’s the headline.

I’m seeing all sorts of press reports about a new variant of an old worm, the Storm Worm. Looks like the “news” has even hit USA Today. One report reads, “Initially, the messages contained subject lines including the word “love,” urging the users to click on a file attachment, which would install the virus. But soon, the e-mails mutated, as is becoming common in e-mail
virus attacks. The subject lines began to give users the impression that an e-mail was being sent by a tech support worker helping them to fix or avoid a virus. The size and names of the virus file also changed as e-mails were passed from person to person. ”

Ah, c’mon. Yes, I know that an email monitoring company called Postini has declared this new Storm Worm to be the baddest creature since Darth Vader, but gimme a break.

To begin with, the new Storm Worm (just like the old Storm Worm) isn’t a worm at all. It’s a Trojan. It arrives in your inbox as an attachment to a suspicious-looking email message. You not only need to double-click on the attachment, you have to type a password to let the genie out of the bottle.

Sorry. By now, everybody and his brother should know that you don’t open attachments to email messages. And type in a password? When the password appears in the message as text inside an image? Oy.

Office 2007 menus – useful (if retro)

I’ve only played with it for a bit, but at first blush it’s very impressive.

Classic Menu for Office 2007 sticks old-fashioned Office 2003-style menus in the %$#@! confusing Office 2007 ribbon. More accurately, this Office add-in puts a tab on the Word 2007, Excel 2007, and PowerPoint 2007 ribbons. That tab includes the old-fashioned menus, with updates for several new Office 2007 features. If you want to click File | Open, just click the Menus tab, then click File | Open, the way the Windows Gods intended.

The product comes from a company I’ve never heard of, called Addintools. According to PC World, Addintools is located in Hai Nan, China. (Hai Nan is an island province not far from Hong Kong and Macau.)

If you’re struggling with the new-fangled ribbons and your fingers still want to click on real menus, check out the Addintools web site. It’ll bring tears to your eyes.

Download the 15-day trial. If you like it, pony up US $29.95 for a license.

Now, would somebody puh-lease tell me why Microsoft didn’t include something similar in Office 2007? What – they ran out of money? Or time? It only took ’em five years…

Woe upon the leaker named Richard

Elizabeth Montalbano at IDG News reports that Kevin Beares, the Windows Home Server testing honcho at Microsoft, has blocked all Microsoft MVPs whose names contain “Richard” from the official download site.

Seems that one of the MVPs named “Richard” downloaded the latest beta version of Windows Home Server from the (closed) MVP download site, then turned around and posted it on TheHotfix.net. Apparently this version is a candidate for the next Community Technology Preview release – but the reports aren’t real clear about that.

“For right now, you have no access to the beta until I can find the Richard who posted the WHS (Windows Home Server) CTP on this site,” the e-mail said. “I will work with the Connect Admin team to determine which one of you is the real culprit of this leak.”

I, for one, am very interested in seeing the latest beta build – whether they call it a Community Technology Preview or a Beta 2 Refresh or Beta 3 or whatever. Beta 2 was available to anybody with a pulse. I have it running right here – and I like it! I like it!

Looks like TheHotfix has pulled the file. But I see that there’s a new copy of “Windows Home Server Beta 2” on the newsgroups. Time to fire up Newsleecher and see whuzzup….

How do I patch thee? Let me count the ways…

Microsoft has posted a fascinating Knowledge Base article, KB 935824, that gives “Detection and Deployment guidance for the April 10, 2007, security release.”

Basically it tells you which versions of Windows and Office were patched in the last round of Black Tuesday patches, and a summary of Microsoft’s automatic detection and repair programs, showing you what detectors and updaters provide reliable information about which systems that need patching. It’s a scorecard that tells you if you can rely on specific Microsoft patching programs to correctly identify and patch specific systems.

Here’s the interesting part. That KB article lists ten different detection and patching systems currently supported by Microsoft: Office Update, Windows Update, Microsoft Update, MBSA 1.2 and the Office Detection Tool, MBSA 2.0.1, SUS, WSUS, Enterprise Scan Tool, SMS Security Update Inventory Tool, and SMS Inventory Tool for Microsoft Updates.

Patch Tuesday this month included a bevy of patches for these patching tools. No doubt we’ll see more patches for these patches of the patchers.

Don’t know about you, but my mind boggles.

Outlook 2007 performance patch

Over the weekend, Microsoft posted a patch for Outlook 2007, known by its Knowledge Base article number KB 933493. Although the patch covers some minor problems, the big fix is directed at extremely sluggish behavior with large PST files, as detailed in KB 932086.

Microsoft has known about the problem since around the time Outlook 2007 shipped. One post on the newsgroups describes it thusly: “I upgraded from Outlook 2003 to Outlook 2007 and now every time I
receive an email, even with Outlook and third-party antispam disabled,
my HD runs desperately for 20-30 seconds blocking the usability of
Outlook and almost blocking the usability of the whole Windows. ”

I’ve seen Outlook 2007 slow down considerably from time to time, but I’ve always assumed it was the indexer kicking in at an inopportune time.

At any rate, I suggest you hold off on applying this patch until we have time to hear the screams from vox populi. Let the pioneers take the arrows. Check back again in a week or two. In the interim, put up with Outlook 2007 – or go back to Outlook 2003.

Google Gets DoubleClick

I have to admit it took me by surprise.

Paul LaMonica at CNNMoney reports that Google beat out both Microsoft and Yahoo in the bidding war for online advertising company (and reformed Web pest) DoubleClick. The price? $3.1 billion – or 50% more than I thought DoubleClick was worth. Shows you what I know, eh?

Google’s deal for DoubleClick is both a blow to Yahoo and Microsoft, which also was said to be interested in buying DoubleClick. Microsoft owns MSN, the third largest search firm, and has struggled to catch up with Google and Yahoo in the online advertising business.

The world is changing quickly.

UPDATE: Or maybe not so quickly. Microsoft’s top lawyer Brad Smith just issued this very pithy statement: “This proposed acquisition raises serious competition and privacy concerns in that it gives the Google DoubleClick combination unprecedented control in the delivery of online advertising, and access to a huge amount of consumer information by tracking what customers do online. We think this merger deserves close scrutiny from regulatory authorities to ensure a competitive online advertising market.”

Interesting. Wonder what Brad really thinks about Internet Explorer 7’s Phishing Filter or Media Player’s urge to, uh, URGE? Sounds like sour grapes to me.

Windows Server DNS RPC 0day

Microsoft has just released Security Advisory 935964.

The 0day hole affects the Domain Name System Server Service (say that ten times real fast). If you’re running Windows XP or Vista, no need to worry. But if your system admin hasn’t seen the note yet, better hit them upside the head. Gently. Windows 2000 Server and Windows Server 2003 are in the crosshairs.

UPDATE: SANS Internet Storm Center has a few new details. It looks like the first attack occurred on April 4, at Carnegie Mellon University. The attack still isn’t widespread.

Windows XP patches causing svchost to red-line

I’m seeing lots and lots of anguish over the April Black Tuesday patches. If Windows Update reports that it is Searching for Available Updates” and then it goes out to lunch for a long, long, long time, well, you’ve been bitten by the latest round of botched patches.

I’m still not sure of the cause – much less the solution – but many people are reporting that installing the April patches makes the Windows Update installer hit the 100% red-line mark. “The rogue svchost.exe process used 14 minutes of CPU time just to show me what updates I had ready to install.” “Even when the so-called patch(es) is installed it takes the updater much longer than it used to, to scan for needed updates.”

At this point, the best advice comes from frequent Windows newsgroup poster (and all-around headache guru) PA Bear.

First, if you’re using Microsoft Update, switch from Microsoft Update to Windows Update. To do so (in WinXP), click Start, All Programs, Microsoft Update. On the left, click the link to Change Settings. Scroll all the way to the bottom of the page, and check the box maarked Disable Microsoft Update Software and Let Me Use Windows Update Only. Click the box marked Apply Changes Now.

If that doesn’t work, delete the folder C:\WINDOWS\SoftwareDistribution\DataStore and re-boot.

And if that doesn’t work, delete the folder C:\WINDOWS\SoftwareDistribution and re-boot.

Then (this is my advice, not PA Bear’s) turn off Automatic Updates. You folks who are getting burned are only exposing yourselves to more misery. Sorry if I sound like a broken record here.

There’s a detailed set of instructions for grabbing Windows Update by the throat and forcing it to start all over again, posted by Pati on the Windows Live NoCare site. You might try that approach as a last resort.

Microsoft’s official explanation is in KB 916089, if you can convince the ‘Softies to send you the hotfix. Personally, I’d delete the folder, per PA Bear’s instructions, and only install the hotfix if you absolutely have to.

As I said earlier this week: DON’T install the April patches. They aren’t even half-baked yet. There’s nothing incredibly pressing in the bunch. Use your common sense, and wait for Microsoft to clean up its mess.

POSTDATE: Lest we forget… svchost problems have dogged Windows Update for a long time. KB 916089 first came to my attention in January, when Microsoft flogged it as a cure for yet another Windows Update problem. At this point the KB article is up to version 6.2 – a fact that speaks volumes.

Vista’s leisurely startups

Ed Bott hit the nail on the head again.

A couple of days ago, Gregg Keizer posted a Computerworld story titled “Vista slower than XP at start-up, shutdown, gripe users”. I looked at the headline twice, scanned the article, shook my head, and moved on. It never would’ve occurred to me to post anything here about the article, simply because it had no meat – and it flies in the face of my experiences. (In my experience, both WinXP and Vista are equally slow for startup and shutdown. Vista was supposed to be faster, but it isn’t.)

Leave it to Ed to take Gregg’s story seriously and do a little experimenting. “… after I was done with more than two dozen startup/shutdown cycles for each machine, I confirmed that Vista is indeed slower than XP at startup. But I needed that stopwatch to tell the difference.”

Performance used to be something that everyone had to worry about. Now, it really doesn’t matter much if you own 1 GB or 2 GB of memory, or a hard drive that runs at 10,000 rpm, or an Intel Core 2 Quad Extreme.

Okay, I’ll backpedal a little bit. Some gamers will notice a difference, and if you use Photoshop all day, more memory helps, but for the vast majority of PC users in the vast majority of cases, spending a lot of extra money on hardware doesn’t make much sense. And in the vast majority of cases Vista won’t help you get home earlier at night than WinXP. Sorry.

Gratuitous tip: if you have extra money in the computer budget, spend it on a faster Internet connection, or a great monitor or keyboard – or buy that fancy chair you’ve always wanted. Those make a difference. But a 10,000 rpm drive? Gimme a break. Or hand me the stopwatch.

New Word 2007 security holes?

Ryan Naraine over at ZDNet has just posted a few tantalizing details about newly-discovered security holes in Word 2007.

Details on the actual vulnerabilities are scarce. Most appear to be simple denial-of-service issues that cause Word 2007 to crash when the file is opened. A third bug points to an overflow in wwlib.dll (a core Office library) that could theoretically lead to arbitrary code execution. The fourth bug released is a heap overflow in in the Microsoft Help subsystem. Again, code execution may be possible.

Will keep you posted.

UPDATE: Microsoft says none of the reported holes “demonstrate any vulnerability in Word 2007 or any Office 2007 products.” Looks like the ball is back in the crackers’ courts.

The fourth reported hole involves .HLP (Windows Help system) files. That’s nothing new: HLP files are easily compromised in many ways. That’s one of the reasons why Microsoft completely abandoned HLP (and CHM) files in Windows Vista.

April Black Tuesday

As anticipated, Microsoft just released four Windows Security Bulletins, as well as a Security Bulletin for Microsoft Content Management Server.

If you’ve never heard of Content Management Server, don’t worry about it. Microsoft actually discontinued CMS some time ago, rolling the features into Sharepoint 2007.

The only one of the bunch that appears to be pressing is MS07-021, the Security Bulletin that affects Windows Client/Server Run-time Subsystem in Windows XP and Vista. There have been publicly available exploits for that hole since mid-December. Since it’s taken Microsoft almost four months to fix the hole, and the Internet hasn’t fallen apart in the interim, I’m not going to rush into applying the patch, and I suggest you refrain as well. Let’s see what happens.

One oddity in this crop of patches. Windows Update (or Microsoft Update) looks to see if you installed the botched MS07-017 ANI cursor patch from last week. If you have MS07-017 installed, and you also have one of four programs that got zapped by the patch (Realtek HD Audio Control Panel, ElsterFormular 2006/2007, TUGZip, and/or CD-Tag), then Windows Update (or Microsoft Update) automatically installs the KB 925902 Realtek HD Audio Control Panel hotfix. Far as I know, that’s a first – Windows Update automatically installing a hotfix.

At any rate, stay cool and wait to see how many people get burned by the latest crop of patches and patched patches.

Google plagiarizing Sohu for Pinyin editor

This one really burns me up.

It now appears likely that Google stole a big dictionary from a company called Sohu. The “Google Pinyin Input Method Editor” allows Chinese-speaking Internet users to type characters using the roman alphabet, and have them translated into Mandarin Chinese (see the Wikipedia entry for Pinyin). It’s just that, golly, the Google engine works just like the Sohu engine.

Looks like Google stole the Sohu Pinyin library – all 300,000 entries – with nary a thank you or fare-thee-well.

Argh.

A note from the “ooops” department. The original version of this posting incorrectly said that Microsoft swiped the dictionary from Sohu. WRONG. The culprit is Google. A thousand humble apologies to those I maligned – and thanks to ado for catching the gaffe.