I added the W3C “Valid XHTML” logo to the site. I’m aware that this whole front page of invisibill.net doesn’t validate, but that’s due to the content of some of my old posts. If you view only the recent ones, like http://www.invisibill.net/2004_08_01_blogarchive.html, it does validate. Go there, click the image, and clap for me. Or something.

Windows XP Service Pack 2 is available now. You can download the full 266MB file here. FileMirrors and SP2torrent.com offer alternatives if you’re not happy with the download from MS.

If you download it from a third party, you should verify that it’s the true file. The MD5 for the file is 59a98f181fe383907e520a391d75b5a7 and the filesize is 278,927,592 bytes.

SP2 is making its way into Windows Update and the Automatic Updates feature. If you want them to ignore SP2 temporarily (to verify compatibility, etc.), there is more info here.

The executable creates the registry key and sets the associated value on the machine upon which it is run, to block or unblock (depending on the command-line option used) the delivery of Windows XP SP2 to that system, through Automatic Updates or Windows Update. The key used is HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate.
Whe n the /B command line option is used, the key value name ‘DoNotAllowXPSP2’ is created and its value sets to ‘1’. This value blocks delivery of Windows XP SP2 to the machine through AU or WU.

When the /U command line option is used, the previously created registry value that temporarily blocked the delivery Windows XP SP2 to the system via Automatic Updates (AU) or Windows Update (WU) is removed. If the value does not exist on the system from which it is run, no action is taken.

It’s just a registry key that causes WU and AU to temporarily ignore SP2. This is an easy way to put off installing SP2 without having to change a bunch of stuff on your system. However, if you have no major compatibility issues, you really should upgrade. There are many security enhancements that will help stop problems in the future.

I got an email from the SpywareNuker people regarding my comments. I expect you to view anything you read with a critical eye, including what I myself write. I posted a quote from the Spybot S&D page to give you some information, but I don’t expect you to take that as hard fact. If you hadn’t picked up on it from the rest of my site, I expect people to think for themselves.

The email claimed that they have never received a single complaint that the program downloaded an ad or third-party software. I find it hard to believe that Spybot, a rather respected anti-spyware program, and Symantec would both just create lies to discredit them. But we all know how rumors spread on the internet…

Anyway, I just downloaded their program to check it out myself. Here’s what their license agreement says.

4. ACKNOWLEDGEMENT OF UPDATES

SPYWARENUKER IS NOT ADWARE AND WILL NEVER DOWNLOAD ADWARE OR SPYWARE APPLICATIONS ONTO YOUR PC. However, you acknowledge that the “Trek Blue” Program(s) include technology which allows “Trek Blue” to provide updates to the software directly to your computer. By installing, downloading, copying, updating or otherwise using the “Trek Blue” Program(s), you specifically agree to include and/or accept the noted software and technology through which “Trek Blue” keeps “SpywareNuker” or other “Trek Blue” programs current as a condition to using the “Trek Blue” Program(s). Note that SpywareNuker allows the user to select from three (3) methods of updating the definition database:

1 download updates automatically and notify me when the update is available to install.

2 notify me when an update is available and only download and install when I click “Yes.”

3 disable auto-update. I’ll check for all update manually.

Upon installation, the second option ( 2 – notify me when an update is available and only download and install when I click “Yes.”) is the default and will be used unles the user specifies otherwise.

It basically just says that it does have “updater” mechanisms in it. It doesn’t say anything about third-party content, so I would expect that not to be relevant. Then again, it doesn’t specifically say anything against it, and we know how lawyers can be sometimes. As the license states, it tried to check for updates when I first started the program. However, after choosing option three, it did not make any connections. The web-installer and the update check both made connections only to crossroad.spywarenuker.net, which is a sign that it’s not just downloading random trojans and ads onto your system.

In short, you could consider this spyware if you really wanted to, based on the default setting to check in with its website. I didn’t analyze the traffic itself, so I honestly don’t know what data they do and don’t send. Note that Spybot, Ad-Aware, and just about every other modern program come with auto-update as an option, sometimes on by default. It doesn’t appear to do anything harmful right now, but there’s nothing in the license specifically preventing that from being added either. I’m not sure how other programs’ agreements are in regard to this. From what Spybot says, it’s not that great at removing spyware. I can only take their word on that, as I don’t have spyware problems, and don’t intend to install some just to test it out. It doesn’t seem to be the evil program some people would have you believe, but I can’t vouch for older versions, which could be where all these bad claims come from. And the multiple/changing names thing doesn’t exactly inspire confidence either.

http://www.mozilla.org/

Mozilla 1.7.2, Firefox 0.9.3, and Thunderbird 0.7.2 have all been released. They fix some recent security issues. Update your stuff if you need to.

http://techrepublic.com.com/5100-22_11-5294654.html?tag=e019

Symantec labelled Spyware Nuker as a potentially damaging pieces of adware, which TrekEight/Trek8/TrekData/TrekBlue claims isn’t true and has cost them distributors and advertising.

Here’s what Spybot S&D has to say:
http://www.safer-networking.org/en/threats/258.html

Heavily advertisement by spam (unsolisicited email advertisement); phoning home on program start; silently installing updates and content (meaning advertisement) into your system. Those applications may even come from third parties. No limitation is made about this ‘value-added’ content, meaning the license allows them to install any spyware into your system without your knowledge. In addition, using the program isn’t safe – LSP hijackers get removed, but the Winsock not fixed so you would loose your internet connections.

It looks like the program may not actually be spyware (depending on your exact definition), but it contains the mechanisms and licensing to do so. But regardless of that, it seems to do a poor job of being an anti-spyware program, so you shouldn’t be using it anyway. Stick with Spybot or Ad-Aware.

I went through and converted my old Blogger template to use CSS instead of tables a while back. I basically just changed each individual item from the old method to the new, standard method. I had some minor issues with it, and it was still pretty cluttered.

So the other day I went through and rewrote the template from scratch. Excluding the Blogger-specific include tags, my template file validates as XHTML 1.0 Strict. It looks almost exactly like the original (some changes I actually prefer, but could do like the original). I’m rather proud of that, considering how it started out, and the fact that I never learned CSS proper.

The template itself is much simpler now. Rather than having odd things nested all over the place, the document is structured more clearly with less stuff mixed in. The external stylesheet means I can change the layout much more easily, and add alternate options. The whole page should be much easier to maintain now.

I’m having some issues with PHP includes, and some of my posts aren’t valid individually, so invisibill.net itself doesn’t validate, but I know exactly where the problems are, and they’re very minor. But the base template for the page is valid!

A new major security issue has been found in Firefox. In short, websites have access to the UI elements. With some fancy coding, they can use the actual UI components to create a spoofed browser window. They have access to all the UI parts, so they can add anything they want (like the secure padlock icon, the security certificate page, etc.). They can spoof a UI that looks however they want. Rather than having to actually have a fake SSL site that looks like a valid site, someone could just use the UI objects to make it look like that.

http://www.nd.edu/~jsmith30/xul/test/spoof.html has details. The biggest limit on this spoof is that the site has no way of knowing what your current preferences are. The attacker could make it look like the default (which most people probably don’t change), but he has no way to copy your exact config. If you have some of the Javascript functions disabled, it will interfere with the spoofing, and look not-quite-right.

Until this is fixed, it’s best to prevent Javascript from changing the statusbar. [Tools | Options | Web Features | Advanced | Hide the status bar] is where you’ll find the option. If you disable that, you will see the real status bar in his window, with his spoofed statusbar above that. Unfortunately, that’s about the only way to be 100% sure of this. I suggest disabling that anyway. It will mean you always have the status info on the current window.

http://secunia.com/advisories/12188/ is the Secunia bulletin. http://bugzilla.mozilla.org/show_bug.cgi?id=244965 and http://bugzilla.mozilla.org/show_bug.cgi?id=252198 are applicable bug listings.

Tomorrow is the fifth annual System Administrator Appreciation Day. Check out http://www.sysadminday.com/ to make sure you haven’t missed any sysadmins, then thank them for doing techie stuff so you don’t have to.

I’m back to my old tricks again. I modified my old Bagle removal scripts to handle the new ones (.af, .ag, and .ai).

http://files.invisibill.net/unbagle.af.ag.ai.inf will remove the registry entries that run the program on startup and the file called by that registry entry. The descriptions I’ve read say that they create other files which contain some of the code. This script will not remove those files, or any of the copies spread via network shares. However, it will delete the startup calls, and the direct targets of those calls (if not in use). After running this script, immediately rebooting should give you a system without Bagle running. You will still need to clean the other files with a virus scanner, but this script should at least keep the viruses from running constantly, which is helpful because they try to shut down firewall and AV programs that are running.

Just save the file somewhere convenient, then right-click and choose Install. If you don’t trust me for whatever reason, you can open the script with any text editor and see that it just tries to delete three registry entries and three files. Once you’ve “installed” it, reboot. Your machine will still have virus-related files on it, but they shouldn’t autorun after you reboot, allowing you to more easily clean your system.

I found http://espn.go.com/browserupgrade_long.html#longanswer today. It does a pretty good job of explaining the concepts behind web standards.

We’d like to make perfectly clear that we are not trying to get you to use Microsoft browsers, Netscape browsers, Apple browsers, or Opera browsers. This is not about telling you what brand of browser to use. It is only about alerting you to the fact that each of the companies above, plus a few more, makes a modern, standards-compliant browser which you can easily (and freely) switch to using the links on the upper left side of this page.

I’m in that same boat as far as coding and stuff. I don’t care what you use, so long as it’s something that supports modern standards. I personally like Firefox, as I’m sure you’ve noticed by now. I could also call them on the standards support in Microsoft’s browser, but the main stuff is mostly right, enough that a modern version of IE should make the page look presentable at least. As sites start to use the newer standard code (just like the link says), I think people will see for themselves the shortcomings in IE and other browsers. Either they’ll complain enough to get the browser fixed, or they’ll switch to another browser that doesn’t have that problem.

Anyway, just thought this was a good explanation for non-techies…