Windows Steady State Bulletproofs Your System

Posted Jun 30th 2008 11:00AM by Lee Mathews
Filed under: Security, Windows, Microsoft, Freeware

So you're thinking, "Hey, I want to be totally irresponsible with my computer and load it up with crapware!" Really, isn't everyone getting tired of having to be so stinking responsible on the Internet all the time? We certainly are. We're ready for system protection that isn't afraid of our reckless browsing, indiscriminate downloading, and general apathy towards good computer usage habits.

...Which is why we love Windows Steady State. It creates a cache file in which your operating system operates, meaning any harmful changes can be undone by simply emptying the cache. After downloading it's a snap to install - just a few obligatory clicks and the usual EULA mumbo-jubmo and you're set.

Our first test was pretty a pretty low-intensity workout. We surfed, bookmarked, set up a POP account and downloaded a few messages, and cluttered up the desktop with a dozen or so hilariously named folders. After issuing the old Windows - U - R we waited anxiously for the system to reboot.

There it was, just as it had been before - no trace of any of our activity. The desktop was still tidy, no favorites or emails were anywhere to be seen. So far so good, but let's try some real abuse!

Continue reading Windows Steady State Bulletproofs Your System

Firefox 3 vulnerability, 8 million people affected!

Posted Jun 20th 2008 1:00PM by Joey Celis
Filed under: Internet, Security, Mozilla, Browsers

If you were one of those 8 million people that downloaded Firefox 3 the other day be aware that Tipping Point DVLabs has announced a vulnerability in Mozilla's latest browser.

Details are unknown but in order for this exploit to work, you'll have to visit a site with the malicious code and click the infected link. Zero Day rates the severity as "High" and it effects both version 2 and 3 of the popular internet browser. Mozilla has acknowledged the security issue and should have a patch issued in its 3.0.1 release shortly.

With the amount of beta testing that's been done on Firefox 3 it makes you wonder why something like this slipped by?

In the mean time, be careful of where you click and make sure Firefox is set to auto update.

Fix the latest OS X "vulnerability"

Posted Jun 19th 2008 3:30PM by Christina Warren
Filed under: Security, Macintosh, Apple

Update: Looks like we posted too soon. As commenters at TUAW pointed out, the workaround is not 100% foolproof. If someone is logged in via SSH under the same user name as the logged in user, it is possible that they can kill the ARDAgent process and run the script before ARDAgent reloads. While this requires additional finagling and timing and is an unlikely scenario for most users, please be aware that the issue is still unresolved. If you don't plan on using remote desktop at all with your Mac, you can archive and remove ARDAgent.app, which will rid your system of the program that can open up the vulnerability.

Yesterday, an anonymous Slashdotter posted about a security vulnerability in Mac OS X 10.4 and 10.5 that could allow a maicious party root access to your system. The vulnerability, which works by running an AppleScript on behalf of Apple Remote Desktop Agent, which because of the way ARDAgent works, sets the user ID to root. From there, any subprocesses are running with root privileges, without requiring a user password, and in the wrong hands, the results could be very, very messy.

Taking into consideration that several additional factors would have to be involved in order for any damage to unfold -- either physical access to the machine or a remote login under the same account that is currently in use or the end user would have to willingly run a malicious application -- this is still disconcerting enough for us to want a quick and effective resolution.

Luckily, there is a very easy way to protect your system from being affected. It turns out, if remote access is enabled under the Sharing pane in System Preferences -- even if no other users are permitted to administer or access your machine -- you're in the clear.

TUAW has a visual walkthrough on how to apply this workaround for both Tiger and Leopard users, but the fix is pretty simple. In Leopard, simple enable Remote Management feature in the Sharing panel, don't select any of the options and then select "apply to only these users" without defining any users. Now, if the potentially damaging script is run, your system will report an error instead of setting itself as root. Plus, if you do have a system that is managed remotely, that person can still acess your computer (just make sure they are listed in the "allowed users" panel).

If only all security threats were that easy to fix!

Thanks Mike, Robert and Scott!

Turn your webcam into a security camera with Periscope

Posted Jun 10th 2008 12:00PM by Jay Hathaway
Filed under: Security, Utilities, Video, Macintosh

Have you ever wondered how you could set your webcam up as a security camera and have the images sent to you somewhere else? Maybe you wanted motion detection or noise detection to turn it on automatically? Or maybe that's just us, and we're a little paranoid. Regardless, Periscope is a tool that lets you do all of those things with your webcam, and more.

You can trigger it to start recording in several ways: motion detection, noise detection, via Apple Remote, or with a timer. Once it's on, it'll capture images and save them to disc or send them to a few other places for review. It works with Flickr, e-mail, FTP, iPhoto, and the now-obsolete .mac (presumably an upcoming version will support MobileMe). You can also time-stamp or add your own logo automatically to your pictures.

Even if you're not interested in the security applications of Periscope, you might find it useful for making time-lapse videos. With its ability to capture images at intervals, you could theoretically capture your entire day at your desk if you had the disk space. Although we tested it with a built-in iSight, Periscope should work with other webcams.

Securely delete files and directories with Wipe File

Posted Jun 8th 2008 12:00PM by Brad Linder
Filed under: Security, Windows, Freeware

Want to delete some files on your hard disk and make sure that no one will ever be able to recover them? Wipe File is a free Windows utility that lets you wipe files or directories using one of 14 different methods. Instead of simply moving files to the recycle bin, Wipe File will overwrite the section of your hard drive that contained the file making it difficult, if not impossible for anyone to discover what the original file contained.

When you first run the program, all of the menus will be in German, but Wipe File supports 9 languages including English. Just hit the Extras menu to find a list of languages.

If you're looking for a program that can wipe entire discs or partitions, you might wan to check out Wipe Disc, another utility from the developer of Wipe File.

[via LUX.ET.UMBRA]

Flexcrypt Folder: Free file or folder encryption for Windows

Posted Jun 5th 2008 2:00PM by Brad Linder
Filed under: Security, Utilities, Windows, Freeware

Have some files on your PC that you'd rather not have your roommate looking at? Want to send some top secret government documents over email without the risk of someone intercepting your email and reading your files? Flexcrypt Folder is a free encryption utility for Windows that can password protect any group of files for you.

Once you've installed Flexcrypt Folder, all you have to do is highlight a file, folder, or group of files that you want to encrypt and right click on them to bring up the context menu. Select Encrypt using FlexCrypt Folder, enter a password, and you're all set. The program will create a self extracting archive that can only be opened with the correct password.

In other words, you can send the file to anybody you want, and they don't need to install anything on their computer to extract the contents. They just need the correct password.

[via Shell Extension City]

Adobe responds to recent Flash flaw with a fix

Posted May 29th 2008 4:00PM by Drew Olanoff
Filed under: Security, Windows, Macintosh, Web services, Adobe, web 2.0

The Flash security flaw that we recently wrote about has been addressed by Adobe and a new version is being offered.

This security flaw was affecting PC and Mac users and allowed hackers to redirect you to nasty .SWF files which could then potentially execute malicious code on your machine.

You can feel secure (as well as warm and fuzzy) by downloading a Flash update with the fix here.

It's a pretty fast response to a pretty serious issue, so Adobe gets the pass this time.

Special thanks to commenter daniel free for the heads up!

[via cnet]

The right way to erase your iPhone

Posted May 21st 2008 9:00AM by Jay Hathaway
Filed under: Security, Troubleshooting

With rumors flying about a summer release for the next-generation iPhone, a lot of people are going to selling off their current iPhones on eBay or Craigslist. Of course, you'll probably wipe the data from your phone before you let it go, but how can you be sure it's completely erased? Files have been recovered from refurbished iPhones already, so it doesn't hurt to take precautions.

First, do a restore of the phone from iTunes, with all syncing options turned off. That means clicking through each tab in the iPhone menu to make sure photos, videos, contacts and calendars aren't syncing to the phone anymore. Next, make 3 new playlists that are each big enough to use all of your iPhone's storage. Set one of them to sync, and fill up your phone with it. Then switch to the next one, sync it, and do the same with the third. These playlists should write over any remaining personal data, and leave your device lemony-fresh and ready to change hands.

[Via Hack a Day]

Is your ISP using Phorm on you? Get AntiPhorm!

Posted May 16th 2008 9:00AM by Jay Hathaway
Filed under: Security, Windows

This is primarily for our readers in the UK, but it's part of a growing trend that should concern Internet users everywhere. Phorm is a notorious advertising system that tracks the browsing activities of customers of huge companies like BT (a major British ISP) and Virgin Media. The data is collected and used to sell targeted advertising, which has a lot of people up in arms over privacy concerns.

Information rights activists aren't known for sitting idle when their privacy is threatened by spyware, and that's where AntiPhormLite comes in. The program, available for Windows XP and Vista, runs as a standalone up or within a second browser of your choice. It calls web pages on its own, generating a fake trail of browsing activity that should make Phorm's data completely useless. AntiPhormLite won't hit your bandwidth, because it only grabs the HTML from each page it hits, leaving out the heavy stuff like Flash, and avoiding any dangerous executables.

You can run AntiPhormLite as a standalone app or within a second browser of your choice. The AntiPhormLite has a thorough, and entertaining, FAQ that should address any concerns you might have about running the app. Our favorite bit? "Just run it and go and watch TV if you want. Someone somewhere will assume you like to shop for red shoes and caravans and be rubbing their hands with glee."

[via BoingBoing]

The Internet Archive, busy protecting us from ourselves

Posted May 8th 2008 8:30AM by Kristin Shoemaker
Filed under: Internet, Security, News

We don't like to make political statements too often here at DLS. It just seems a lot less complicated to fight over software, or whether or not something is Web 2.0, or pirates and ninjas. Every once in a while, though, something comes up that's just a little too out of line not to mention.

Wired reports that back in November, the FBI paid a visit to The Internet Archive and served founder Brewster Kahle with a National Security Letter. The NSL (.pdf link, be warned) is a funny sort of document. It is a subpoena that can be issued without a judge's watchful eye. It usually comes with an order to not tell anyone that the person in question has received it, excepting, of course, their lawyer. So Kahle couldn't tell board members, or his staff, or his teddy bear without legal repercussions.

NSLs aren't really new, but they've blossomed since the USA Patriot Act was enacted. According to Wired, though the FBI guidelines don't encourage frequent use, Congressional audits and the FBI itself reveal that it is likely that hundreds of thousands have been issued in the past seven years. It's likely, because, you know, the FBI doesn't actually seem to track how many they've used. Oh, whoops.

The other dimension to this drama is that the Internet Archive is more of a library than an ISP/communications provider. It seems, in light of that, that the NSL used was actually not the proper document to request the sort of things it was requesting from that institution. Whoops again.

This week, the government and The Internet Archive reached a settlement in regards to the NSL issue. The issued NSL is officially off the table. The Internet Archive can't say anything about what the information was that got the FBI so riled up in the first place.

Seeing that the Internet Archive archives public information, that anonymous browsing is allowed, and all that's required to sign up for an account is an email address, username and password (Kahle says IP addresses aren't logged) it doesn't seem as though the FBI will really find much helpful information. They will find a whole lot of Grateful Dead recordings, if that's any consolation.

[via LISNews via Wired]

Yahoo! adds malware warnings to search results

Posted May 6th 2008 8:00AM by Brad Linder
Filed under: Internet, Security, Yahoo!, Search

Jotti's Malware Scan: Online virus scanner

Posted Apr 29th 2008 11:00AM by Brad Linder
Filed under: Security, Web services, web 2.0

Nothing really beats a good firewall or anti-malware program that offers real-time protection. But if something was going to come close, we'd say a tool that lets you check files against 20 different antivirus might come close. Jotti's Malware Scan is an online tool that lets you upload a file and scan it with 20 different antivirus tools including Avast, ClamAV, and Kaspersky.

Note that there's a big ole warning on the site letting users know that just because Jotti's Malware Scan says a file is clean doesn't mean it's safe to run that executable file you found on BitTorrent that promises to show nude pictures of Billy Ray Cyrus -- wait, no, that's not the person people are looking for naked photos of, is it? Anyway, this warning message was probably placed on the site to point out that the developers take no responsibility for any problems you may have with files scanned. But in general, we'd say that if you feel the need to scan a file with 20 different antivirus applications, you probably already know that you shouldn't be opening it.

[via MakeUseOf]

AVG 8.0 Free released, now with protection from spyware

Posted Apr 24th 2008 9:00AM by Brad Linder
Filed under: Security, Windows, Freeware

A few months ago, Grisoft updated its AVG anti-virus suite to version 8 and bundled linkscanning, anti-spyware, and anti-rootkit software to boot. Now Grisoft's popular freeware anti-virus application is getting some of the same features. AVG Free 8 is out, and not only does it protect your system from viruses, but you get spyware detection as well.

AVG Free 8 doesn't have all of the features you get in the commercial version of the application. There's no rootkit protection or linkscanner. And there's no email or instant messaging integration. For those features you'll have to shell out $35 or $55 for the standard or "internet security" versions. But as freeware antivirus applications go, AVG is packed with features like real-time protection, daily updates, and complete system scans at regularly scheduled intervals.

Update: As several readers have pointed out in the comments, when you install AVG Free 8, you will likely find a bunch of advanced features like linkscanning and email protection. The AVG web site has a comparison chart showing that these features are included in the commercial version but not the free version. It's not clear if Grisoft is including free trials of these functions or if the chart is wrong.

Researchers develop new robot-proof CAPTCHA

Posted Apr 23rd 2008 4:00PM by Brad Linder
Filed under: Internet, Security, web 2.0

CAPTCHAs are becoming both ubiquitous and useless. When you visit many web sites, you have to decipher some tough-to-read text and enter it in a box before you can leave a comment or send an email. But hackers are getting better and better at developing automated systems to crack CAPTCHAs, which means that you have to squint at the screen for nothing.

But some researchers at Penn State University have developed a next generation CAPTCHA system that asks users to actually use their noggin a bit. There are two tests. The first requires you to click the center of a composite image, while the second presents you with a list of ten words and asks you to pick the right one to describe a randomly generated image.

The test is difficult for computers to solve because the images have a bunch of random colors, textures, and other features designed to confuse an automated program. But human being should have no problem deciphering the visual information in the images.

The test page is partially down today thanks to a Slashdot mention, but you can still see screenshots of the tests.

Microsoft: Vista UAC was supposed to piss you off

Posted Apr 11th 2008 5:30PM by Brad Linder
Filed under: OS Updates, Security, Windows, Microsoft

One of the first things Windows XP users will notice if and when they switch to Vista is the User Account Control, affectionately referred to as UAC or "Why the hell does this window keep popping up!" The UAC prompt is a security feature that will alert you if you are about to make changes to your computer that could technically expose it to some threats.

Some users get around this by disabling or modifying the UAC using programs like TweakUAC. Others insist that Microsoft put it there for a reason, and disabling will result in your computer bursting into a ball of flames. But if you're tired of looking at UAC prompt after UAC prompt, here's something that should give you a little comfort: Microsoft knew all along that the UAC prompt was annoying and designed it to be that way.

Microsoft product manager David Cross says the goal was to make users think twice about making changes to their system willy nilly. It's also designed so that software developers will think of ways to write programs that don't burrow too deeply into your operating system. The less system configuration changes a program makes, the less often you're going to see a UAC prompt.

Cross says that 88% of Vista users have not disabled UAC, and 66% of Windows sessions do not lead to a UAC prompt showing up. And that makes sense if you're someone who just runs the software that came with your computer and a handful of other applications. But if you're constantly looking for cool new programs to add features to your computer -- in other words, a typical Download Squad reader -- we're guessing you see the UAC prompt a lot more often than most users.

View Posts By

Categories

Audio (830)

Beta (325)

Blogging (685)

Browsers (18)

Business (1361)

Design (803)

Developer (925)

E-mail (511)

Finance (127)

Fun (1734)

Games (544)

Internet (4752)

Kids (129)

Office (491)

OS Updates (574)

P2P (175)

Photo (457)

Podcasting (167)

Productivity (1298)

Search (245)

Security (532)

Social Software (1083)

Text (436)

Troubleshooting (51)

Utilities (1899)

Video (1009)

VoIP (138)

web 2.0 (728)

Web services (3310)

Companies

Adobe (182)

AOL (48)

Apache Foundation (1)

Apple (466)

Canonical (35)

Google (1296)

IBM (28)

Microsoft (1304)

Mozilla (455)

Novell (19)

OpenOffice.org (43)

PalmSource (11)

Red Hat (17)

Symantec (14)

Yahoo! (350)

License

Commercial (667)

Shareware (194)

Freeware (1944)

Open Source (895)

Misc

Podcasts (13)

Features (380)

Hardware (167)

News (1107)

Holiday Gift Guide (15)

Platforms

Windows (3572)

Windows Mobile (421)

BlackBerry (44)

Macintosh (2047)

iPhone (82)

Linux (1569)

Unix (78)

Palm (176)

Symbian (121)

Columns

Ask DLS (10)

Analysis (24)

Browser Tips (293)

DLS Podcast (5)

Googleholic (195)

How-Tos (97)

DLS Interviews (19)

Design Tips (14)

Mobile Minute (125)

Mods (68)

Time-Wasters (374)

Weekend Review (38)

Imaging Tips (32)

RESOURCES

• Send us news tips
• Contact Us
• Advertise
• Corrections?
• Problems?

RSS NEWSFEEDS

• 
• Feeds by category

Sponsored Links

Advertise with Download Squad

Most Commented On (60 days)

• Mozilla Firefox breaks non-existent world record - nobody cares (50)
• Windows XP goes bye bye (23)
• Trillian turns 8, no Astra beta birthday gift quite yet (15)
• FormatFactory Kicks Media Conversion Ass and Takes Names (15)
• Change your Windows open/save dialogs with PlacesBar Editor (14)
• We heart movies and so do you, let's heart them together (13)
• Ubuntu 8.10 alpha 1 packs a new theme (finally) (11)
• Expect more and better Last.FM apps, thanks to a new API (10)
• Windows Steady State Bulletproofs Your System (9)
• The ancient art of paper folding with a modern twist (8)

Recent Comments

• Jason on FormatFactory Kicks Media Conversion Ass and Takes Names
• Law on FormatFactory Kicks Media Conversion Ass and Takes Names
• Kristin Shoemaker on We call shenanigans: WiFi "allergies" do not exist, kiddies
• Ian on Backup your flash drives with USB Image Tool
• Dave Forster on FormatFactory Kicks Media Conversion Ass and Takes Names
• archpope on Backup your flash drives with USB Image Tool
• archpope on Backup your flash drives with USB Image Tool
• Larry on DVD43 will decrypt your DVD discs
• D. Allen on Ubuntu 8.10 alpha 1 packs a new theme (finally)
• archpope on FormatFactory Kicks Media Conversion Ass and Takes Names

Urlesque Headlines

• Wide Wurld of Urlesque: Blow Things Up!
• God Bless the Cyber-USA
• Beat the Heat, Watch Free Patriotic Movies Online
• Did You Mean Digg?
• Celebrity Websites 1.0

BloggingStocks Tech Coverage

• AAPL Apple Inc
• ADBE Adobe Systems
• AKAM Akamai Technologies
• AMZN Amazon
• CSCO Cisco Systems
• DELL Dell
• EBAY eBay
• GOOG Google
• INTC Intel
• INTU Intuit Inc
• JAVA Sun Microsystems
• MOT Motorola
• MSFT Microsoft
• NOK Nokia Corp
• ORCL Oracle Corp
• PALM Palm Inc
• RHT Red Hat Inc
• RIMM Research in Motion
• SYMC Symantec Corp
• TWX AOL Time Warner
• YHOO Yahoo!

More from AOL Money and Finance

• Auto Loans
• Banking
• Checking Account
• Credit Cards
• Credit Reports
• Debt Management
• Identity Theft
• Insurance
• Loans
• Money
• Mortgages
• Online Tax Filing
• Personal Loans
• Refinancing
• Retirement
• Savings Account
• Small Business
• Stock Charts
• Stock Quotes
• Stock Screener

More Tech Coverage

• Control Shift It's all about the experience
• Somewhat Frank Perspectives on tech as it fuses in everyday life
• Switched Gadgets, web news and commentary
• Urlesque Exposing bits of the web

Weblogs, Inc. Network

• Autos
  • Autoblog
  • AutoblogGreen
  • Autoblog Spanish
  • Autoblog Chinese
  • Autoblog Simplified Chinese
• Technology
  • Download Squad
  • Engadget
  • Engadget HD
  • Engadget Mobile
  • Engadget Chinese
  • Engadget Simplified Chinese
  • Engadget Japanese
  • Engadget Spanish
  • Engadget Polska
  • Switched
  • TUAW (Apple)
• Lifestyle
  • AisleDash
  • DIY Life
  • Gadling
  • Green Daily
  • Luxist
  • ParentDish
  • Slashfood
  • Styledash
  • That's Fit
• Gaming
  • Joystiq
  • DS Fanboy
  • Massively
  • Nintendo Wii Fanboy
  • PS3 Fanboy
  • PSP Fanboy
  • WoW Insider
  • Xbox 360 Fanboy
  • Big Download
• Entertainment
  • Cinematical
  • TV Squad
• Finance
  • BloggingBuyouts
  • BloggingStocks
  • WalletPop
• Sports
  • FanHouse Main
  • NFL
  • NBA
  • MLB
  • NCAA Football
  • NCAA Basketball
  • NASCAR
  • NHL
  • Golf
  • Fantasy Football
• Also on AOL
  • African-American Culture
  • Cars
  • Games
  • Maps
  • Money
  • Movies
  • Music
  • News
  • Radio
  • Sports
  • Television
  Travel

All contents copyright © 2003-2008, Weblogs, Inc. All rights reserved

Download Squad is a member of the Weblogs, Inc. Network. Privacy Policy, Terms of Service, Notify AOL