Sunday, February 25, 2007

Do I Need a Registry Cleaner?

It's a well known reality that over 94% of PC’s that are over a month old are infected with malicious spyware and adware. Even if you have an antispyware tool your Windows Registry might be broken - developers of those tools are focused on removing spyware and adware only, not every trace of software itself. Such software is rarely accompanied by an uninstall utility and even when it is it almost always leaves broken Windows Registry errors behind it.

The registry is essentially the catalog or reference source for the computer. Only those with a meticulous knowledge of computers should attempt to change the registry. If you make a mistake while altering the registry and it isn't backed up, you may lose information critical to the proper performance of your computer.

After you run an antispyware application that deletes active spyware files, you are still left with references to those files in your computer registry. These traces will clog your registry over time, leaving your computer susceptible to failure.

Symptoms of Windows Registry Problems:

Problems with the Windows Registry are a common cause of Windows crashes and error messages. Your PC is likely infected with Windows registry errors if it has ever undergone any of the problems:

• PC runs much slower than when you first bought it
• PC keeps crashing at vital times
• PC doesn't startup correctly
• PC doesn't shutdown correctly
• PC needs frequent rebooting
• Unable to remove a software using add/remove dialog
• Getting the "Blue Screen of Death

The registry records the relationship between hardware, memory space, and addressing. It contains information and settings for all the software, hardware, users, and preferences of the computer. The registry is stored on your computer in several files and depending upon your version of Windows, there will be different files and different locations for these files. The registry keep growing when you use Windows and become corrupted as software and hardware is added and removed from your computer.

To keep your computer in top performance, it is recommended to periodically clean the Windows registry with a reliable and efficient Registry Cleaner. Registry Cleaner is an utility program that scans the Windows Registry and looks for outdated and invalid entries.

In short, the registry cleaner cleans the following:

  • Internet Explorer, Firefox, Opera:
    Temporary files, URL history, cookies, Auto complete form history, index.dat.
  • Windows Temporary files and Log files, recycle bin, recent documents.
  • Advanced features
    Removes unused and old entries, including File Extensions, ClassIDs, ProgIDs, Uninstallers, Help Files, Shared DLLs, Fonts ActiveX Controls, Icons, Invalid Shortcuts, Application Paths, and more...
  • Third-party applications
    Removes temporary files and recent file lists (MRUs) from many apps including Media Player, Kazaa eMule, WinRAR, Google Toolbar, Nero, Adobe Acrobat, WinAce, WinZip, , Netscape, MS Office and many more...

There are dozens of programs on the market that cleans registry, boosts PC's performance, get rid of unwanted material and prevent crashes. Some of the prominent ones are: Error Doctor, Reg Cure, PAL Registry Cleaner, JV16 PowerTools, EasyCleaner, Adv. System Optimizer, Fix-It Utilities, Ace Utilities, Registry Mechanic, Registry Repair, RegistryFix etc.

A good windows registry clean and repair product should have the following options:

  • Automatic Scan:
    It is the simplest way to clean up the registry. Automatic Scan is recommended for 'non-technical' users.

  • Custom Scan:
    One can customize the search and scan Windows registry for particular types of errors (shared DLLs, invalid start-up entries, missing fonts, etc.).

  • Manual Cleanup:
    After the scan is complete, the program should show a full list of errors with details, broken down by types and let you fix individual invalid entries or all invalid entries of a certain type.

  • Backup and Undo:
    Before removing an entry from the windows registry, an automatic creation of a backup file should be done, that can be used to undo the changes. This to avoid changes without backup.

  • Scheduler:
    Schedule the program to scan the registry whenever you start your PC.


Using the registry cleaner software is not a one time fix. One should run it on a regular basis to keep the registry clean and without errors. This will help the stability and speed of windows.

Thus every PC requires registry cleaner which optimizes windows registry allowing Windows to run faster and freeing up valuable hard disk space. Valuable registry repair software can help you get your computer back into shape, tuned–up and running problem free in no time.

Tuesday, February 20, 2007

Sony and Sky in content talks for PSP

Sony Computer Entertainment Europe (SCEE) is in talks with Sky to allow PSP owners to download Sky content such as Lost and 24 onto their handheld devices. An agency pitch has been launched for the creation of the service, understood to be a joint venture between Sony and Sky scheduled for a release later this year.

The deal would be significant for SCEE's handheld console, which has been going head to head with Nintendo's DS. Stay tuned to PSP World for more developments on this story.

For more info on psp visit psp downloads.

Unlimited PSP Downloads ... Is it a Myth ?

The PSP is a machine which is a great source of entertainment for you and your family. This is a machine where you can not only play games but also play music, movies; browse the internet and store vital digital data. It is not necessary that you always buy the music, games and movies you wish to run on the PSP. There are plenty options available on the internet where you can avail of your free PSP downloads.

The PSPs are usually handheld devices where you can transfer the movies, music, software, games, e-books, images and TV shows that you download from the Wi-Fi hot spots of the internet. This is where you can avail of your free PSP downloads for use on the PSP.

The main reason these downloads are called free is because there is no use for you to buy a physical disc to download the programs. They just have to be downloaded to a computer, and then transferred from the computer to the PSP.

The first thing you have to do to get free PSP downloads is to surf the internet for the respective sites. There are many sites on the internet that offer free PSP downloads to PSP owners. These sites are generally free where you just have to register wherein you can download all the games, music, movies, etc for use on your PSP.

These sites have two types of offers; some sites charge a monthly membership fees while others have a once off membership fees wherein there are no limitations on the number of free PSP downloads you make. In fact, you are also permitted to burn these downloads on a disc.

Collecting unlimited PSP downloads for movies was impossible in the past without burning deep holes in our pockets. Watching PSP movies on your PSP while on the move in the train, car or bus was such an enjoyable experience. But once the credit card statement arrives at your desk, suddenly reality jolts you back onto earth. Your credit limit has been busted and you instantly realize that you have spent all your money building your private collection of PSP movies and games.

Well, there is a way to avoid this scenario. Let’s look at what are the options available if you are tempted to grab your next PSP movie.

We used to be able to watch PSP movies only in the Universal Media Disc (UMD) format. Anyone who has bought a copy of these PSP UMD would know that it is not the cheapest form of entertainment. Many folks felt that they didn’t really have many choices if they wanted to watch a movie on their PSP.

The UMD movies are expensive and the selection is limited. The technology has made them rather unaffordable to teens, which form a significant percentage of their target market. Naturally, sales plummeted and many studios and distributors are unwilling to release more movies in the UMD format. It’s little wonder why the UMD movies couldn’t take off.

Forget about UMD movies. It’s amazing how PSP fans came up with creative solutions to this problem. People began to rip movies off DVDs onto their PC before transferring the file into the PSP. It is possible to do so since the movie format is compatible with the Sony memory sticks.

However, there are two shortcomings in this whole process of ripping and copying. Firstly, the memory sticks do not have enough capacity like our hard drives. The quality of the movies is compromised.

Secondly, some DVDs are copyrighted, meaning that they are hard coded and there is no way you can crack them and rip the content off. You can expect the new DVDs to be coded in such a manner. It seems that the manufacturers and studios have beaten PSP users at their game.

It’s rather ironical since these users are part of the movie watching group who has been fuelling the demand for more movies over the years. Then again, it’s an issue of profits and if you are not paying to rip the movie, they have every right to stop you from doing so.

It seems like PSP users are stuck in a grid lock. Fortunately, smart business people saw the opportunity and established membership sites that offer unlimited PSP downloads of movies, games, music, TV shows, etc.

You may wish to know that at these download sites, the movies come in ready to play format. No ripping is needed. Everything from searching to downloading and playing the movie are compressed into a few clicks of the mouse.

Sunday, February 18, 2007

Mac Malware: Slow but Steady Evolution

The number of OS X security vulnerabilities is on the rise, which may have something to do with Apple's growing personal computer market share. Still, the operating system remains an infrequent victim for malware hackers compared to Windows systems. Though incidents are increasing, most malware targeting OS X remains one-off, proof-of-concept code.

Although security Barracuda Spam Filter – Free Evaluation Unit vulnerabilities are discovered in Mac OS X on a monthly basis, the operating system Back up your business with HP's ProLiant ML150 Server - just $1,299. remains a backwater for malware hackers.

"We have seen an increase in bugs, but they haven't been critical," Amol Sarwate, vulnerability research manager for Qualys, a security auditing and vulnerability management company in Redwood Shores, Calif., told MacNewsWorld.

"There aren't enough Mac OS systems being used to be exploited publicly by viruses and worms," he added.

"When vulnerabilities are being found on a regular basis," he continued, "what makes the most impact is a virus or worm using that vulnerability to spread itself. We haven't seen a virus or worm use an OS X vulnerability to make a big impact."
'Month of Bugs'
Two unique events have boosted the OS X bug count in recent months, according to Sarwate. They were the "Month of Apple Bugs" campaign launched in January of this year and the move by Apple (Nasdaq: AAPL) Latest News about Apple from PowerPC to Intel (Nasdaq: INTC) Latest News about Intel processors.

The Month of Apple Bugs revealed each day in January an undocumented security hole in OS X or in applications Get the Facts on BlackBerry Business Solutions running on top of it. The bug-a-day concept was pioneered by researcher H. D. Moore last summer with his "Month of Browser Bugs" campaign.

"When the Mac operating system was ported from Motorola-based systems to Intel-based systems, there were some bugs introduced into OS X," Sarwate said. "There were bugs introduced that would not have been introduced if they hadn't changed processors."
Proof of Concept

Although hackers have shown an increased interest in OS X in the last six months, that interest hasn't been "out of the realm of the norm," Shane Coursen, a senior technical consultant at Moscow-based Kaspersky Lab, told MacNewsWorld.

Last year, Kaspersky found a slight increase in OS X security vulnerabilities during the first half of 2006 compared to the first half of 2005. During that period last year, 60 OS X vulnerabilities were reported, while during the previous year only 51 were revealed.

Another study released by McAfee Latest News about McAfee last year showed a 228 percent increase in OS X vulnerabilities, from 45 in 2003 to 143 in 2005.

Most of the malware targeting OS X is "proof of concept" code, asserted Coursen.

"They're things that show up once," he explained. "They serve no greater purpose other than to show that they could be done."
Learning From Experience

Operating systems are getting increasingly harder to attack, contended Rohit Dhamankar, security research manager at the TippingPoint division of 3Com (Nasdaq: COMS) Latest News about 3Com in Austin, Texas.

"These days people are actually trying to hack more into the applications than the core operating system," Dhamankar told MacNewsWorld.

That was apparent in the most recent security bulletin issued by US-CERT on Jan. 29. In it, 10 Apple vulnerabilities were documented, but only one was directly connected to OS X. The others were related to applications such as QuickTime Latest News about QuickTime, Apple installer, iPhoto, iChat and Safari.

"Over the years, people writing operating systems have learned from the past and hardened and made it more difficult for hackers to attack the core operating system," Dhamankar maintained.
Numbers Game

As secure as OS X may be, one of its greatest protections against hacker Latest News about hacker attack may be its small market share.

"Malware and spyware go behind the numbers," Qualys' Sarwate observed. "They go behind the most number of installations of an operating system.

"Mac is definitely gaining ground," he acknowledged. "That's the reason we've been seeing an increase in the number of vulnerabilities. But the impact that malware or spyware can make is greater if it goes after Windows boxes just because of the number of installations.

"If someone wants to write malware and affect the most number of users," he continued, "they'll target Windows boxes, but that's going to change as Mac gains market share."

There is one area, however, where Apple has an overwhelming market share. That's in the digital music business, where its iPod has become an almost ubiquitous device.

"The iPod has a huge market share, so that's a place where we should keep our eyes open for worms," Sarwate noted.

For AntiSpyware please do visit the site http://www.onlinedownloads.org

New pharming attack discovered

As many as half of all broadband users - including some small- and medium-size enterprises - are susceptible to a new pharming attack that can succeed without the hacker ever penetrating the computer, Symantec announced today.

Router access is enough for attackers to steal personal information from unsuspecting users, Zulfikar Ramzan, senior principal researcher at Symantec Security Response, told SCMagazine.com today. But there is a simple fix – change the password.

The attack – described in a new report from Symantec and Indiana University – begins by employing social engineering tactics to dupe users into visiting a malicious webpage containing a "simple piece" of JavaScript code, Ramzan said. The code, regardless if users’ machines are fully patched, will attempt to simulate a log-in screen so the attacker, assuming the user is running a default password, can access the broadband router.

Many routers are protected with default credentials, making it easy for the attacker to correctly enter the information and gain access to the router, Ramzan said. With control over the router, the attacker can then configure the server’s domain name service (DNS) settings to lead an unknowing user to a malicious website, such as one that mimics his or her real banking site.

"The main thing is that once an attacker controls a router, they control the conduit by which the user accesses the internet," Ramzan said. "They can take you anywhere on the internet without you knowing it."

The technique, dubbed "drive-by pharming," has been made public in a new paper written by Ramzan, Indiana University Associate Professor of Informatics Markus Jakobsson and his graduate student, Sid Stamm.

So far, the authors have seen no exploits in the wild. But today, Symantec issued a news release urging users to protect their broadband networks by customising their passwords. No new security solutions are needed, Ramzan said.

"We feel a lot of people are vulnerable to this attack," he said. "Most people don’t know they should change those (router) passwords. Most people don’t know how to change those passwords."

Experts estimate that as many as half of broadband users run a default password, Jakobsson told SCMagazine.com today.

"People can deal with it very easily," Ramzan said. "You don’t have to wait for a vendor to issue a patch. You can go in and change your password, and in two minutes, you’ll be protected."

Many small- and medium-size enterprises use broadband routers to connect to the internet and they, too, should be cognisant of the new threat, he said.

"When that router gets configured (by the hacker), every machine on the network will be using a wrong DNS server," he said. "Every machine on that network will now be susceptible to the bad things that can happen when your router is controlled by an attacker."

Organisations should be aware that remote workers using a router to access the internet at home may infect the company network if they are attacked.

Ramzan called on router manufacturers, such as LinkSys, a division of Cisco, to prompt password changes during the initial set-up of the product

"This is pretty bad because it strikes at unsecured software and hardware," Jakobsson said.

Saturday, February 17, 2007

Thwart the Three Biggest Internet Threats of 2007

Threat #3: Malware

Every day, virus, spyware, and adware creators come up with new, ingenious ways to gain access to your PC. These steps will help keep you safe:

Think before you click:
Attached files that end with .exe, .com, .bat, and .scr, as well as scriptable document files, including .doc and .xls, can infect your PC with a single click. Many e-mail programs block access to executable-file attachments.

Use a spam filter:
Though some malware makes its way onto your computer via drive-by browser hijacking (see "Threat #1"), e-mail is its other main source. Install a junk-mail filter to reduce your chances of activating malicious scripts embedded in messages.

Update your antivirus software:
Allowing your antivirus software to continue running after its subscription has expired is actually worse than using no antivirus software at all: Not only do you lack the crucial virus signature database updates, but you expose your system to malware that targets known flaws in antivirus software. My personal favorite antivirus is Kapersky's Antivirus application whereas the free antivirus app is Grisoft's AVG Anti-Virus Free.

Get a second opinion:
Install and use only one antivirus program at a time on your computer because multiple real-time scanners will conflict with one another. If you have doubts about your program's effectiveness, however, use a free online virus scanner, such as Panda Software's ActiveScan; see Figure 3) or Trend Micro's HouseCall.

Download with discretion:
Any program you download and run on your system could potentially result in a lethal infection or zombification. Download software only from reputable online sources that first scan all of their download files for any malware.

Use a bidirectional firewall:
Windows XP and Vista each come with a firewall that blocks incoming attacks; it's enabled by default in Windows XP Service Pack 2 and later. For the best protection, you'll also want to block unwanted outgoing connections made by malware on your PC that attempts to either connect to a remote server or send out spam. Vista's firewall can be set up to do that, but configuring it is not a job for the average Windows user. Instead, get one of several free bidirectional firewall programs, such as Zone Labs' ZoneAlarm Free, or Agnitum's Outpost Firewall Free. Most commercial internet security software suites also include a firewall program.

Use antispyware:
Spyware, adware, and some browser cookies slow down your system, cause crashes, and track your online activity. Antispyware utilities work much like antivirus software, detecting and removing the unwanted software from your PC. We picked Webroot's Spy Sweeper 5 antispyware as our favorite in our "Spyware Fighters" antispyware roundup. We do also suggest NoAdware AntiSpyware software.

Upgrade from XP:
Service Pack 2 makes Windows XP much safer, but the operating system still has security holes, and it remains a top target for malware authors. Windows Vista's new user access controls ask your permission before launching new programs, which reduces the chances that malware can leap from the Web to your PC automatically, though some Vista bugs have already been found. Both the Mac OS and Linux offer even stronger safeguards against program launching, and they are rarely the targets of malware attacks, which makes it very unlikely that Web-hosted attacks--or any other kind--will afflict computers running those operating systems.

For more information on antispyware download visit http://antispyware.onlinedownloads.org/

Thwart the Three Biggest Internet Threats of 2007

Threat #2: Phishing and Identity Theft

You've probably seen your share of phishing attacks, which look like communications from your bank, PayPal, eBay, or another online account. The message may ask you to click a link that leads to a bogus Web page, complete with realistic user-name and password log-in fields, or it might ask for a credit-card number.

The fake address often resembles the real institution's URL--'citibank.fakesite.com' in place of 'citibank.com', for example. The phisher's site and e-mail message may even load images from your bank, or have links to the institution's own Web site.
When you take the bait, the phisher harvests your data, and either sells it to someone else, or uses it to drain your account right away.

A variant called spear phishing identifies you by name in the lure message or Web site, making the sham even harder to spot. Typo-squatting is a related trick in which phishers set up a fake site at an address slightly different from the real one ('www.amazom.com' instead of 'www.amazon.com', for example) in hopes that fast-typing customers will land there and not notice their typo.

You may have read that your bank will never send you an e-mail asking you to log in to your account, and it shouldn't, though it does happen on occasion. The vast majority of messages that appear to come from financial institutions are phishing attacks, so assume that such messages are bogus and avoid opening them at all, let alone clicking any links they contain.

If you are concerned that the bank or other service is really trying to notify you of a problem with your account, open your browser manually and log in to the site directly, or better yet, pick up the phone and call a customer service agent (if you can find one via the bank's automated phone system).

The place you're most likely to notice that your credit card or bank account has been compromised by a phishing attack or identity theft is on the statement you receive from them via mail. Check it carefully for unauthorized charges, and report any to the institution immediately.

Both IE 7 and Firefox 2 include new antiphishing settings that can compare links to databases of known phishing sites before displaying the page. (As we went to press, Opera planned to include a similar feature in the Opera 9.1 browser.) IE 7 asks you a couple of times if you'd like to enable its phishing filter during installation; say yes. To enable this feature, choose Tools, Phishing Filter, Turn On Automatic Website Checking, and click OK.

Firefox 2's phishing filter is enabled by default, but it uses a static downloaded list of known phishing sites. To query Google's more up-to-date Phishing Protection service instead, choose Tools, Options, Security and select Check by asking Google about each site I visit (see Figure 2). Note that you'll have to accept the service's licensing agreement.

Many firewalls and other security programs include identity-protection features that scan the stream of data leaving your PC for sensitive information, such as passwords or social security and credit card numbers, and then block the unauthorized transfers. For more information on these products, see "All-in-One Security."

Resist the temptation to post personal information on your Web page, blog, or social site (Facebook/MySpace) account. Identity thieves, spammers, and online predators are always on the lookout for such data. Browse to "Safeguard Your Reputation While Socially Networking" for an explanation of the risks to both adults and children, and for tips on what you can do to avoid the dangers.

For more information on software downloads visit http://www.onlinedownloads.org/

Thwart the Three Biggest Internet Threats of 2007

Protect yourself against the three gravest Web dangers: IE, phishing attacks, and malware.

The same Internet connection that lets you reach out and touch millions of Web servers, e-mail addresses, and other digital entities across the globe also endangers your PC and the information it contains about you. Here's how to stymie the three gravest Internet risks.

Threat #1: IE

Internet Explorer heads the list of top Internet security attack targets in the most recent joint report of the FBI and security organization SANS Institute.

One reason: As the most widely used browser, IE provides the biggest payoff for malicious hackers who set out to exploit its flaws. The biggest problem with IE is its reliance on Microsoft's ActiveX technology, which allows Web sites to run executable programs on your PC via your browser.

Security patches and upgrades, including Windows XP's Service Pack 2 and the recently released IE 7, make ActiveX safer, but the inevitable flaws that allow malware to circumvent those security measures--combined with the reality that we computer users are often a credulous lot--make ActiveX a risk not worth taking. Happily, with very few exceptions (such as Microsoft's Windows Update site), you can browse the Internet effectively without ActiveX.

To disable ActiveX in IE 6 and 7, choose Tools, Internet Options, Security, Custom Level, scroll to 'Run ActiveX controls and plug-ins', and select Disable (see Figure 1). Click OK, Yes, and OK to close the dialog boxes. To enable ActiveX on a known and trusted site, click Tools, Internet Options, Security, choose Trusted Sites, click Sites, enter the site address in the text box, and click Add.

Uncheck Require server verification (https:) for all sites in this zone, and click Close and OK. If you leave ActiveX enabled, you may quickly encounter malware-harboring sites and e-mail attachments that ask you to let them install their ActiveX controls on your system. Unless you're 100 percent certain that the control is safe and legitimate, don't allow it.

Regardless of which browser is set as the default on your system, always keep Windows (and IE) updated to minimize your risk. To keep Windows XP up-to-date, visit update.microsoft.com (you'll have to use Internet Explorer) and install Service Pack 2, if you haven't already. Next, choose Start, Control Panel, System, and click the Automatic Updates tab.

Select Automatic (recommended) If you trust Microsoft implicitly, Download updates for me, but let me choose when to install them if you trust the company a little bit, or Notify me but don't automatically download or install them to play it safest. (Click "Don't Let a Windows Update Bring You Down " for more on Windows updates.)

Whichever option you choose, click OK to download and install the most recent security patches. If you stick with IE, upgrade to version 7, which improves ActiveX security. Still, the best way to reduce your PC's vulnerability to ActiveX exploits is to download and install another browser, and set it as your default browser.

Mozilla's Firefox is the most popular IE alternative. Unfortunately, Firefox's growing popularity has enticed malware authors to exploit its own flaws. While no software is perfectly secure, many experts (including me) think the Opera browser is safer than either IE or Firefox.

For more information on software downloads visit http://www.onlinedownloads.org/

Friday, February 16, 2007

Symantec warns of drive-by hackers

Home PC users have been warned to change the default password on their home router to avoid a new type of hack.

Researchers at Symantec and Indiana University have published the results of tests that show how attackers could take over your home router using malicious JavaScript code.

For the attack to work, hackers would need a couple of things to go their way. First, the victim would have to visit a malicious website that served up the JavaScript. Second, the victim's router would have to still use the default password that it's pre-configured with it out of the box.

In tests, the researchers were able to do things like change firmware and redirect a D-Link Systems DI-524 wireless router to look up websites from a DNS (Domain Name System) server of their choosing. They describe these attacks in a paper, authored by Sid Stamm and Markus Jakobsson of Indiana University, and Symantec's Zulfikar Ramzan.

"By visiting a malicious web page, a person can inadvertently open up his router for attack," the researchers write. "A website can attack home routers from the inside and mount sophisticated... attacks that may result in denial of service, malware infection, or identity theft."

Once the router has been compromised, victims can be redirected to fraudulent websites, the researchers say. So instead of downloading legitimate Microsoft software updates, for example, they could be tricked into downloading malware. Instead of online banking, they could be giving up sensitive information to phishers.

At the heart of the problem is the fact that consumer routers ship with simple, well-known default passwords, like ‘admin’, which could be exploited by attackers.

"Owners of home routers who set a moderately secure password - one that is non-default and non-trivial to guess - are immune to router manipulation via JavaScript," the paper states.

The researchers blame router makers for shipping products with “poorly secure default settings”.

Vendors like D-Link and Cisco are aware of the problem. "It's a concern to us," said Karen Sohl, a spokeswoman with Cisco's Linksys group. "We've shipped about 30 million routers and we want those 30 million customers to understand why it's so important to change [the default password]."

Both Cisco and D-Link said they've taken steps to avoid this type of security problem. Over the past few years they've introduced step-by-step "wizard" software to configure their routers, and these products always suggest that the user come up with a unique password.

The problem is that the routers still work if the password is left as default. And that's not likely to change anytime soon, according to Michael Scott, D-Link's technical media manager.

Users wouldn't buy routers that forced them to enter unique passwords, he said. "That would only result in returned products, and then they would buy one of our competitors products," he said.

To download symantec products visit: http://antispyware.onlinedownloads.org

Microsoft warns of new Word bug

Microsoft has acknowledged that a bug in Word is being used by hackers to commandeer computers.

On Tuesday, Microsoft released 12 security bulletins with patches for 20 vulnerabilities, including six for Word and one each for PowerPoint and Excel.

"All the zero-day [vulnerabilities] in Word and Office were patched on Tuesday," Mark Griesi, security program manager for the MSRC (Microsoft Security Response Center), said on Wednesday.

Griesi said the status of the bugs and their patches - most of which were being used by cybercriminals in targeted attacks - was confusing. "Some of that is because in the time since the vulnerabilities began appearing, there were other reports on new zero-days," said Griesi. "But those were not new zero-days."

Instead, Microsoft determined that in-the-wild exploits weren't working, or that the bugs being used had already been disclosed. The newest Word flaw fits the first scenario.

On 9 February McAfee researchers said they had found another unpatched bug in Microsoft Word 2000. That same day, Microsoft reported that its analysis indicated the flaw could only crash the word processor. Such DDoS (distributed denial of service) vulnerabilities are considered less threatening, since they may not let the attacker run his own code on the compromised machine.

As it turns out, however, Microsoft was wrong. "[Our] analysis shows that this vulnerability is likely not limited to denial of service and that remote code execution may in fact be possible," Craig Schmugar, virus research manager at McAfee's Avert Labs, wrote in a warning.

In a security advisory posted Wednesday, Microsoft admitted that the flaw in Word 2000 and Word 2002 could be exploited to "corrupt system memory in such a way that an attacker could execute arbitrary code."

Attacks leveraging Office bugs are typically delivered in malformed documents attached to e-mail messages. Hackers try to dupe recipients into opening the attachments. As it has before, Microsoft's recommendation was to not open Office documents unless they came from a trusted source and were expected.

A patch is planned, Microsoft said, but it did not set a time line. The next scheduled security updates from the Redmond, Wash. developer are not set to appear until 13 March.

According to third-party security organizations, Microsoft has numerous problems that still need to be addressed. The Sans Institute's Internet Storm Center, for instance, lists seven unpatched Microsoft bugs, including the just-acknowledged Word flaw as well as a December bug that affects several editions of Windows, Vista among them. eEye Digital Security's Zero-Day Tracker, meanwhile, lists five unpatched Microsoft vulnerabilities.

"All these are still being worked on," said Microsoft's Griesi.

Extension granted in iPhone trademark row

Apple given more time to respond to Cisco suit

Cisco has granted Apple a further extension on the deadline to respond to its iPhone lawsuit, the company announced late last night.

Apple was hit with a trademark infringement lawsuit from Cisco Systems the day after it unveiled a new mobile phone under the name iPhone at January's Macworld Expo in San Francisco. Cisco says its Linksys division owns the trademark on iPhone and filed a lawsuit in Federal District Court for Northern California seeking an injunction against Apple using the name.

Yesterday evening Cisco said it had agreed to a request from Apple for more time.

"Cisco has agreed to give Apple an extension until Wednesday 21 February," the company said in a brief statement. "Cisco is fully committed to using the extra time to reach a mutually beneficial resolution."

When Cisco sued Apple on 10 January it revealed that the two companies had been talking about the iPhone name for about two years and were close to a deal on 8 January, which was the day before Macworld Expo. When Apple CEO Steve Jobs went ahead on 9 Jauary and announced the phone, he did so before an agreement between the two companies had been reached and that pushed Cisco to file its lawsuit.

A previous extension was granted Apple by Cisco on 1 February, at which time Cisco said it wanted an agreement on "trademark use and interoperability". Those words lend credence to earlier media reports that Cisco might back down over the trademark issue if the iPhone were made compatible with its networking gear.

Just how serious Apple views the issue or how close the current talks are to a deal is unknown.

A few days after being hit with the lawsuit Natalie Kerris, Apple's director of music public relations, said the company thought the lawsuit was "silly".

Linksys launched its iPhone in late December, just as buzz was building about the possibility of a mobile phone and music player combo from Apple coming at Macworld. The Linksys iPhone is a cordless telephone with base station that attaches to the internet. It means calls can be made from the handset over Skype without the need for a personal computer.

Apple's iPhone is a GSM cell phone married with an iPod that runs on Apple's Mac OSX operating system. The phone is due to be released in the US in the middle of this year through a deal with Cingular Wireless. Models for international markets are due out sometime after the US launch.

Thursday, February 8, 2007

iPod....A new machine

iPod is a brand of portable media players that is designed and marketed by Apple and was launched on October 23, 2001. Since October 2004, iPod sales have dominated the market for digital music players in the United States.

Devices in the iPod range are primarily digital music players, designed around a central click wheel — although the iPod shuffle has buttons only.

The full-sized model stores media on an internal hard drive, while the smaller iPod nano and iPod shuffle use flash memory. Like many digital audio players, iPods can also serve as external data storage devices.

In addition to playing music, iPods with display screens can display calendars, contact information, and text files, and play a limited range of video games. Models introduced in 2004 include the ability to display photos and the fifth-generation iPod, introduced in 2005, can additionally play video files. In January 2007, Apple announced the iPhone, combining the features of a video-capable iPod with integrated mobile phone and mobile internet capabilities.

Apple's iTunes software is used for transferring music (as well as photos, videos, games, contacts and calendars, for models that support those features). As a free jukebox application, iTunes stores a comprehensive library of music on the user's computer and can play, burn, and rip music from a CD. It can also sync photos and videos.

For more information on ipod downloads visit http://ipod.onlinedownloads.org

Friday, February 2, 2007

PC Tools Firewall Plus

PC Tools new Firewall Plus offers latest technology to bar dangerous Internet threats. This user-friendly firewall can be downloaded free of charge.

PC Tools, creator of award-winning Spyware Doctor, has just released Firewall Plus™ - a powerful personal firewall for the Windows Operating System - that provides bullet-proof defense for computers.

This highly refined and flexible tool uses the latest technology to block dangerous Trojans, backdoors, keyloggers and other intrusive malware from damaging computers by stealing information.

PC Tools Firewall Plus protection is configured by default. For those who simply want to install it and forget it…that is all that is required. Advanced users can also easily create their own powerful rules to customize the network defenses.

This new product offers world-leading protection because it is backed by regular Smart Updates, OnGuard™ real-time protection, and comprehensive network shielding to ensure computers remain safe and hacker free.

PC Tools Firewall Plus feature highlights:

  • Protects your PC as you are working, surfing and playing.
  • Intelligent automatic protection without all the questions.
  • Easy to use. Designed for both, novice and expert users.
  • Advanced rules to protect your PC against common attacks.
  • Best of all it’s FREE. No catches, limitations or time-limits.


PC Tools Firewall Plus can be downloaded free of charge at: http://www.pctools.com/firewall/

For more information on firewalls visit internet security suite.