GuruNews, Volume 9 Number 10, 3-12-09

Kevin-PC Gurus microdome at seidata.com
Thu Mar 12 20:33:43 EDT 2009 

Welcome to GuruNews



Brought to you each week by the PC Gurus, a loose collection of volunteers from around the Kentuckiana region.

 

You can interact with the PC Guru team via our Web site, located at http://www.thepcgurus.com.  On our site you can post your computer questions, comments and rants on the forums, e-mail the PC Guru

team members and chat one on one in our nightly IRC chat beginning around 8:00 PM EDT.  You can also subscribe to our RSS feeds so you can get the latest news and forum updates from the PC Guru Web site directly on your computer.

 

If you're new to the Newsletter you can read back issues at Team member JP Durbin's website at http://www.jpdurbin.net.  There are links to all the old 84 Online issues as well as the new GuruNews missives.

 

The WHAS Crusade for Children provides year round support for needy children throughout the Kentuckiana region.  Visit http://www.whascrusade.org to make donations online.

 

USS Rover's list of streaming computer shows is now available for download in Excel, Open Office and Linux ready formats from http://sheet.zoho.com/public/ussrover/shows. 

 

To subscribe to this newsletter just drop by www.thepcgurus.com and sign up!

 

Vol. 9, No. 10                           

3-12-09

 

1 Another scandal on the horizon         

2 Your computer?

3 MS beating Apple, instant charges, Facebook facelift, MS "benchmarking"

4 Green printing     

5 Acrobat danger³

6 Old hoax

 

Long time readers will remember when Intuit introduced activation into their TurboTax software while secretly inserting spyware that had adverse effects on CD-RW activities.

 

We reported on it and one of our members researched it extensively.  Through this reporting many local employees of stores selling the software quietly steered customers to different titles and the national backlash caused Intuit to back off the practices.

 

Then a couple of years later Sony tried something worse, secretly installing a rootkit package (a practice commonly used by malware writers that imbeds the malicious programs deep into Windows and hides them from view) that prevented making legal copies of audio CDs or platform shifting legitimately purchased music.

 

This rootkit caused actual physical damage to Mac computers and Sony paid a heavy price after all the lawsuits.

 

Yesterday Symantec may have started down the same road.  Starting over night Monday into Tuesday morning users running firewall software reported something odd coming from Norton security products.

 

An unknown file called pifts.exe fired up from a nonexistent folder under Symantec LiveUpdate and attempted to connect to the Internet.  Software firewalls, including Norton's own, warned of this attempt and prompted users for permission for this access.

 

Researchers at ThreatExpert determined that the file was attempting to connect to a server in Africa belonging to Symantec.

 

Norton customers started posting questions about the activity on the Symantec Community forums but these missives were oddly deleted without response.  As the evening wore on the deletions continued, until word started to spread to other sites like Slashdot and Digg.

 

Naturally at that point things became a three-ring circus and postings were deleted due to violations of the terms of service including profanity, sexual innuendo and spamming.

 

The Washington Post ran a story on the problem (http://tinyurl.com/apg4ah) and quoted a senior product management director who stated the file was a "diagnostic patch" designed to determine how many users were switching to Windows 7 and need to be upgraded to newer version of Norton security products.

 

Symantec's official statement is here:

 

http://tinyurl.com/ao58jg

 

In the official release it was stated that the "patch" was pushed out between 4:30 and 7:40 PM on March 9th and that abuse was detected on the Norton forums at 10:30 PM Monday and the posts were deleted.  The firewall detection was caused by the failure to digitally "sign" the file.

 

It makes no statement about what the patch does, what data it collects or why its own firewall shows the path for the file includes a nonexistent (or invisible?) folder.

 

Nor does it address why early posts about the warning were removed without comment before the onslaught of abuse began almost three hours after the patch was stopped and users would have noticed the problem and asked about it.

 

It's still early in this flap and information is sketchy but it sounds rather suspicious.  Hidden folders suggest some sort of rootkit activity and the deletion of early legitimate questions posted to Norton's forums smacks of cover-up.

 

If all is above-board and it's just a survey of OS usage, why the subterfuge?  Why sneak the information out without warning instead of just asking?  I'm sure the EULA allows them to take your first born if they so choose so changing the rules in the middle of the game may be perfectly legal but it's certainly worth questioning.

 

This whole fiasco has had unforeseen consequences as well.  Malware writers, getting wind of the lack of information, posted websites keyed to pifts.exe and manipulated the sites to the top of Google's searches.  Of course the sites lacked any real information but they did pose a real threat by employing trickery in an attempt to get users to install their malware.

 

I'm sure this will play out over the next few days and we'll find out what's actually going on, most likely from security researchers studying the purpose of this file and what it is actually doing.

 

Even if it's just an innocent "oopsie" by Symantec it's still a black eye.  Security firms aren't supposed to say "Oops".

 

I'll keep you posted.

 

Kevin Mefford, Editor

pcguru at microdome.net

 

 



 

Terry Wise

www.ratland.com

 

 

Tech News of the Week
 

Windows Mobile pushes iPhone OS back to fourth place for sales of
smartphone operating systems:

http://tinyurl.com/dhfuof

A new battery technology developed by the Massachusetts Institute of
Technology could lead to small, lightweight batteries for cell phones
and other mobile devices that recharge in seconds instead of hours:

http://www.crn.com/mobile/215801990

If you're as addicted to Facebook as I am you're probably looking
forward to the homepage re-vamp.  Here's a hands-on look:

http://news.cnet.com/8301-17939_109-10194281-2.html

Microsoft's own tests show IE8 outperforming Firefox 3.05 and Chrome
1.0, something that no other test on the Internet has ever shown
before.  I thought of this as I pulled ahead of a Ferrari 430 in my
Ford Focus:

http://tinyurl.com/b7gfmb

Copy us on the good stuff!

Matthew Dattilo
thepcgurus at gmail.com 
www.mattstodayinhistory.com  

 

 

Download of the Week
 

GreenPrint World scans print jobs and removes pages that it determines are waste, like Web pages with just one line of text. It also removes most ads from Web pages automatically; lets you preview print jobs and remove images, text, or full pages; creates PDFs; and tracks the paper, money, and greenhouse gases you're saving. This free version is ad supported, with pitches for eco-conscious companies that appear in the Preview window.

 

Get it here: 

 

http://www.printgreener.com/download.html 

 

Carlita Lupino

Cards57 at gmail.com

 

 

Threat of the Week
 

Adobe has finally released the patch to fix the security vulnerability in Acrobat Reader but now announces a vulnerability in Flash Player that could do as much or more damage.

 

Both patches are rolled into the latest versions of the programs and are available for free from www.adobe.com.  Update to the newest iterations and hope this is the last we hear from Adobe for a while ;)

 

Kevin Mefford

pcguru at microdome.net

 

 

Email Question of the Week
 

Q:  90# on your telephone and cell phone, don't press it for anyone..... I dialed '0', to check this out, asked the operator, who confirmed that this was correct so please pass it on . . . (l also checked it out Snopes.com<about:blank>.  This is true, and also applies to cell phones!)  PASS ON TO EVERYONE YOU KNOW  I received a telephone call last evening from an individual identifying himself as an AT& T Service Technician (could also  be Telus) who was conducting a test on the telephone lines. He stated that to complete the test I should touch nine (9), zero (0), the pound sign (#), and then hang up.   Luckily, I was suspicious and refused. Upon contacting the telephone company, I was informed that by pushing 90#, you give the requesting individual full access to your telephone line, which enables them to place long distance calls billed to your home phone number.  I was further informed that this scam has been originating from many local jails/prisons DO NOT press 90# for ANYONE.  The GTE Security Department requested that I share this information with EVERYONE I KNOW.  After checking with Verizon they also said it was true, so do not dial 90# for anyone !!!!!   PLEASE PASS THIS ON TO EVERYONE YOU KNOW!!! 

Editors note:  The original email contained several examples of similar warnings.  Only one example was included.

 

A:  That's a very old urban legend email that's been floating around forever.  It only applies to old-style business phone systems that are poorly configured and will not do anything if you do it on a home or cell phone.

 

The email goes so far as to credit Snopes.com but a search on that site will debunk it pretty quickly.

 

Don't worry about it, it's bogus.  And please don't "PASS ON TO EVERYONE YOU KNOW".  That prompt right there is enough to identify it as a hoax or scam since legitimate sources wouldn't tell you to spam possibly hundreds of people.

 

Any time you get one of these emails just go to www.snopes.com and search for a short quote from or the subject of the email.  You'll find 99% of them are either fake or greatly exaggerated...

 

Kevin Mefford

pcguru at microdome.net

 

 

Contact info and legal stuff
 

If you have tech support questions or ideas and/or submissions for our newsletter please submit them by visiting www.thepcgurus.com and click on the "Email the Team" icon. 

  

Copyright 2001-2009 The PC Gurus, all rights reserved.  Publication, rebroadcast or storage is prohibited without prior consent, however you may freely forward this publication to friends as long as A) it is forwarded in its entirety and B) no fee is charged.

 

Information provided in this publication is provided "as is" without warranty of any kind, either expressed or implied.  Although the information provided is known to work on most systems, it may not work on ALL systems.  Make use of any information supplied at your own risk.

 

The PC Gurus are a group of volunteers who provide support for the PC, Mac and Linux users in the Kentuckiana region.

 

To unsubscribe from this newsletter visit http://thepcgurus.com/mailman/listinfo/newsletter_thepcgurus.com or send an email to microdome at seidata.com with the words "unsubscribe newsletter" (without the quotes) at the top of the body of the message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://thepcgurus.com/pipermail/newsletter_thepcgurus.com/attachments/20090312/736bbc11/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 36404 bytes
Desc: not available
URL: <http://thepcgurus.com/pipermail/newsletter_thepcgurus.com/attachments/20090312/736bbc11/attachment.jpe>

More information about the newsletter mailing list