Posted on April 5th, 2010 1 comment
In a keynote talk at the 2004 RSA Conference, Bill Gates predicted the demise of the familiar username-and-password logon. Yet here we are six years later, with RSA 2010 quickly receding in the rear-view mirror, and the vast majority of us are still using passwords to log in – both at home and at the office. Unfortunately, though our logins haven’t changed, the attacks against them have not failed to advance. Cracking tools continue to improve exponentially, key loggers are all too commonplace, and users always pick ridiculously poor passwords.
All of us ought to be using multi-factor authentication, but there are myriad reasons so few are. Most two-factor solutions are too expensive, with prices often skyrocketing over $100 per user, year after year. Or they’re too hard to deploy, and they don’t integrate with legacy or COTS software without special plug-ins or customizations. Unless your company has an unusually large IT budget, chances are your company has been priced out of two-factor authentication. Not anymore.
AuthLite from Collective Software is affordable two-factor authentication for Microsoft Windows Active Directory. AuthLite uses one-time passwords generated by the YubiKey, and features deep integration with Windows authentication and leverages your existing Active Directory infrastructure and investment. AuthLite is inexpensive, and can be ten times less expensive than the market leader. And AuthLite is designed from the ground up to be easy to deploy, administer, and integrate with existing systems.
I’ve spent a good deal of my time in the last year-and-a-half working on AuthLite, and I will detail some of its features and technical aspects over a series of blog posts in the upcoming several weeks. In the meantime, be sure to follow AuthLite on Twitter for up-to-the-minute information and updates.
Posted on February 16th, 2010 No comments
Recently, Adobe has pulled a hall-of-shame move and began trying to sneak in the installation of a craptacular background program called the “Adobe Download Manager” when updating Flash. That’s just great, you know, since there are security updates for Flash almost every month. So how do you get your required security update without Adobe’s bullshit download manager?
It’s a fairly simple process, and actually takes advantage of the generally-hated-by-most-people User Account Control (UAC) in Vista and 7 to block an unwanted action by a program. And people say it’s nothing but annoying.
(Note: These instructions are for Firefox on Windows 7 or Vista; anything else and you’re on your own.)
- Download the Flash updater directly from here.
- Close all browser windows (including any opened by Prism).
- Run the updater.
- Start your browser back up. Adobe will now sneakily try to install their awful download manager on your system. This will generate a UAC prompt asking for administrative permissions to install.
- Click “No” on the UAC prompt to stop the installation in its tracks.
Screw you, Adobe. You’re in the Hall of Shame for trying to install backdoor software with critical security updates to a ubiquitous web technology. And win one for UAC!
Posted on December 17th, 2009 No comments
Windows Explorer has had support for showing thumbnails instead of icons for many years now. Support is built-in for many common formats, like images or rich text, but it doesn’t know how to deal with more complicated formats like PDFs and ODTs. To compensate for this lack of support, there is an extension mechanism that third-party applications can use to teach Explorer how to render thumbnails. Then, whenever you create or modify a file, Explorer notices that it has changed, recreates the thumbnail, and saves it to a cache file. This behavior is very evident if you save files on your desktop, since it is one Explorer window that is always visible.
Unfortunately, in a 64-bit world, this approach often fails for the same reasons that Windows Search Filters often fail. In 64-bit Windows, Explorer is a 64-bit process, but most third-party application programmers only provide 32-bit extension DLLs. Since Explorer is unable to load the 32-bit DLLs, it cannot render the thumbnail – and you’re left with an ugly icon. If you’re living 64-bit, though, you’ve no-doubt noticed that many of the thumbnails do get generated, but seemingly at random. You might have a PDF sitting on your desktop for weeks, and suddenly one day it will switch from an ugly icon to a thumbnail. What gives?
The secret is that Explorer is not just a running process for viewing your files and folders. It is exists in a series of libraries and common controls that third-party applications use to provide common functionality with a familiar interface. For example, almost all “Save” and “Open” dialogs either use or extend the built-in Windows versions, and those Windows versions use the same libraries as Windows Explorer to hoist some of that familiar functionality into the applications. In a very real sense, Explorer is being embedded in these third-party applications.
But remember: These third-party applications are 32-bit. That means that there are 32-bit versions of the Explorer libraries hanging around Windows, in case these applications need to use them. So when a 32-bit application opens a “Save” dialog and you navigate to a folder, you’re essentially pointing a 32-bit version of Explorer at that folder. Like usual, Explorer notices there are thumbnails that have not been generated, but now it can properly load the 32-bit third-party thumbnail extensions. It renders the thumbnails and writes them out to the cache file.
Surprise! Thumbnails for a file you weren’t even working on have suddenly been updated. It’s not random at all, but because you were working on a different file, it just seems random.
Posted on November 19th, 2009 No comments
One of the greatest features in Windows Vista that carries forward to Windows 7 is the Windows Search-In-The-Start-Menu. Just hit the Windows key and start typing, and voila! you are instantly graced with search results. Suddenly desktop search is useful!
Unfortunately, the utility of the search is greatly limited by whether or not an appropriate filter exists for a particular file type. Windows ships with filters for various barebones formats, such as text files and web pages, as well as Microsoft Office documents (of course). Though filters for some formats can be found on the web, normally it is the job of the installer to properly configure filters to handle the application’s file types.
And herein lies the problem.
You see, when you’re running a 64-bit OS, most application programs you have are actually running in 32-bit mode. Why? Well, from an end-user’s perspective of the application, there is usually no difference between 32-bit mode and 64-bit mode. There are virtually no performance differences, no look-and-feel differences, and no functional differences.
But from an application vendor’s perspective, 64-bit support requires often drastic API changes, as well as compiling, testing, and releasing a 64-bit version. It’s a lot of work to support something that your customer probably won’t even notice, and that’s not to mention having to explain to a confused grandmother that she downloaded the 64-bit version for her 32-bit machine and could she please try again. So for most application vendors, 64-bit is something only done when absolutely necessary, and thus most applications get released in 32-bit versions only.
So back to search filters: One of the gotchas of 64-bit is that you cannot load 32-bit libraries into a 64-bit process, and on a 64-bit machine, the Windows Indexing Engine is a 64-bit process. Thus most 32-bit applications will be unable to properly install their search filters on 64-bit Windows unless they go out of their way to do so. OpenOffice currently suffers from this problem, as does Adobe’s PDF Reader.
Fortunately, it has been recognized as a problem, and applications are fixing it. OpenOffice is supposed to have it fixed in version 3.2, and Adobe offers a free 64-bit version of their PDF filter. And in the meantime, you can often find good filters for free on IFilter.org, or some for free and for sale on IFilterShop.com.
Posted on March 28th, 2006 1 comment
Chris and I were rummaging around his condo, and we discovered a huge box full of old 3.5″ floppy disks. This included a big-ass Microsoft Windows 3.1 box, distributed by Logitech, bundled with a mouse. Yes, it’s true. Microsoft has bundled their most advanced, powerful, feature-packed version of Windows ever with a lousy mouse.
To see just how advanced, powerful, and feature-packed it was, we decided to install it on a VMWare virtual machine. Amazingly enough, VMWare actually has an option for installing a Windows 3.1 machine. Usually it takes them a while to get up-to-date with the latest versions.
First, we had to install MS-DOS. The MS-DOS 6.0 disks were actually some sort of upgrade, so we had to start with the MS-DOS 5.0 boot disk. It booted up in literally the blink of an eye, and after muttering a few incantations using fdisk, format, and sys, we had a 1GB FAT partition ready for the MS-DOS 6.0 install.
Then I installed the MS-DOS 6.22. Holy crap! This upgrade comes with a lot of new features, and is the fastest, most stable MS-DOS yet! I just can’t wait to double my space with DoubleSpace. I bet they’re just being my modest, and it will actually TRIPLE my hard drive space. And since comes with the operating system, and the setup program told me about it, I’m sure it will be a safe place to store all my most important data. No corruption for me!
Then I got to install Windows. Microsoft has finally learned their lesson from all of the anti-trust proceedings against them and seperated their operating system into distinct parts. The part that manages your 640K of memory, as well as disk access, is installed separately from the graphical user interface (GUI).
Windows takes up five whole 1.44MB floppy disks, so this took a while. (And by “a while,” I mean, “two minutes.” And it only took that long because I had to constantly go back through the stupid VMWare hardware menus to change the image the floppy drive was reading. They definitely did not make this thing easy for people installing Windows 3.1 from a floppy image.) Can you belive it? A Micrsoft operating system that installs in less than four hours! How cool is that?
After a little bit, the new Everything’s-Flat ™ GUI started up, and I was asked for my registeration information. As you can see, I had to use my awesome technical acumen to fake out the advanced CD-key registration routines. I hope this isn’t one of those phone-home anit-piracy programs!
I also had to decide which of Windows exciting new features I would want to install. Now, for those of you who don’t know too much about these new computer thingys, you only have so much room on your disk drive to install neat features and programs. Since I have a big 1GB disk on this virtual machine, I installed everything. However, I have to be careful! It total of 2,198,505 bytes would be used up, leaving me a scant 056,001,856 bytes to install games and other cool programs.
Windows 3.1 is now up and running. How about that? However, now comes the important task of learning how to use the advanced new user interface. For starters, my copy of Windows came bundled with a new-fangled input device called a “mouse.” I’m not really sure why it’s called that, since it is neither furry, cute, nor squeeky. Fortunately, Windows comes with a tutorial for how to use the mouse. Unfortunately, before I had seen the tutorial, I had made repeated attempts to tempt it into motion with some cheese. This resulted only in an unsightly stain on my desk.
It should be noted that Windows 3.1 is the first Microsoft product that contains software features designed to drive business to certain business partners with whom they have signed marketing agreements. The mouse tutorial exhibits Microsoft’s partnering with the American Academy of Orthopaedic Surgeons to drive business to their member doctors by increasing the amount of Repetitive Strain Injury. The example drawings are clearly meant to train people to use a mouse in the most destructive way possible.
Finally, in a move clearly intended to compete with Apple‘s fancy new Aqua interface in Mac OS X, Microsoft has spiffed up their Everything’s-Flat interface with an exciting new feature shown off in the demo: Humpty-Dumpty Windows! The windows just sort of fall apart, and you get to have fun putting them all back together again.
Unfortunatey, none of these features appear to be functional beyond the demo. Let’s hope the boys in Redmond can hammer them out in time for the Windows 3.2 (codename Longhorn) upcoming in 2006! I just can’t wait to see them!
Microsoft has really turned up the heat on the competition by bundling a whole slew of new applications with Windows. The combination of File Manager and Program Manager of done away with Explorer, and it can be said that the stability and responsiveness has really been given a dramatic improvement.
Windows 3.1 also ships with Write and Notepad, as well as a few programs using the dramatic new Blue Boxes ™ themed interface, such as QBasic (a built-in programming language) and MS-DOS Edit. Of course, it also comes with Solitare.
A new feature in Windows 3.1 is single-tasking. Microsoft’s own usability studies have shown that people get confused by doing more than one thing at a time with a computer. To that end, this new version has a new feature that allows applications to interfere with each other. If you start keeping too busy, the system voices its disapproval by locking up, crashing, or flashing a helpful error message on the screen using the Blue Boxes theme. This also helps prevent workplace stress and keeps productivity from getting too high.
New Virus Features
Microsoft’s operating systems have always been famous as a target for malicious virus writers and hackers. The news is filled with reports of worms like Sasser, Blaster, or Michelangelo. The development group at Microsoft has included some features to help with this menace, the foremost being Microsoft Anti-Virus.
However, Microsoft’s market research arm has determined that the virus writers are a lucrative niche market just waiting to be tapped. So just as Microsoft provides advanced tools like QBasic for the commercial development industry, they are now offering tools targeted at the virus writers. The new PIF Editor takes the pain out of hand-coding the Program Information Files that many viruses use to propagate. The increase in virus writers’ productivity will no doubt increase the demand for security software, such as the aforementioned Microsoft Anti-Virus. Bill Gates sure knows how to play the market against itself!
My scan came back clean this time, but I’m sure those wiley viruses will give my anti-virus software something to do soon!
Windows 3.1 is the latest version of Microsoft’s famous operating system. There are a host of new features packed into its five floppies, from new backgrounds to better shutdown obfuscation solutions, and each of them make this a must-have upgrade.
Thanks for checking out my little review! If you haven’t realized this is a big joke, then go look at this or something.