Back to WWW

Heya all, I’m back online =) Arrived yesterday (6:30PM).  First, I will check for OS and security program updates (if any) to take advantage of all offered protection and program enhancements.  Next, will check my mail box then will proceed in reading newsgroup/forum postings (public & private newsgroups/forums).  Tomorrow, I will start feeding here again on whatever PC and security news flash that I may find interesting and important to mention.

The 2 weeks vacation was great.. really great! My tummy was really full. I ate a lot of good Thai and Malaysian food (yup, I had Malaysian food because we went to Penang, Malaysia for few days to visit my in-laws).  Body and mind was so relaxed especially after the thai massage.  I have nothing in mind but to relax last week.  I didn’t even read any news on/off line.  I just love that vacation – pampered myself.  Doing it only 2 times a year that is why I want to make the most each time I will take a time-out.

BTW, our experience with AirAsia was good.  Aircraft took-off/landed as scheduled.  It’s packed! Everyone seems excited with the new cheapest flight from Macau to Bangkok.  Will definitely use their service again.  We stayed in Asia Airport Hotel (Bangkok).  Love the hotel staffs’ hospitality and quick assistance on anything we asked. 

That’s all for now friends!..I hope all of you are well =)

Programs that may behave differently in Windows XP Service Pack 2

Microsoft Windows XP Service Pack 2 (SP2) introduces a number of new features that help increase the performance and the security of your system. These changes also affect the operations and functionality of some programs.

The following table lists programs that may behave differently after you install Windows XP SP2:

Program Version Vendor 
App  Version  ISV  
Star Trek StarFleet Command III  v1.0  Activision  
Medieval Total War  1  Activision  
Pagemaker  7  Adobe  
PageMaker (German)  6.5  Adobe  
Photoshop Elements  2  Adobe  
Ad-Shield  3  Ad-sheild  
ERDisk for AD Aelita  
Nero 6 Ultra  6  Ahead  
Nero Bruning ROM  5.5.6  Ahead  
Al Mawrad (Arabic)  2003  Al Ariss  
PhotoClick  —  Al Maalin  
AOL  9  AOL  
AOL Toolkit  1.13.2  AOL  
Uno  1  Aris Buenaventura  
Dead Man’s Hand  1  Atari  
MotoRacer  3  Atari  
Scrabble  v3.0  Atari  
Unreal II  1  Atari  
Unreal Tournament 2003  1  Atari  
Unreal Tournament Game of the Year Edition  1  Atari  
Extra Enterprise 2000 2000  —  Attachmate  
Extra Personal Client 6.5  —  Attachmate  
Extra! Bundle for TCP/IP 6.6  —  Attachmate  
KEA! 340 v5.1  —  Attachmate  
Command Antivirus  4.9  authentium  
AutoCAD 2004 2004  —  Autodesk  
bv-Admin Mobile 7  —  Bind View  
StarCraft  1.05  Blizzard  
BitDefender  7.2  Blizzard  
Starcraft  v1.11  Blizzard  
Warcraft III: Reign of Chaos Collector’s Edition  v 1.0  Blizzard  
Patrol for Windows 2000  —  BMC  
Word Perfect Family Pack 5 – Encyclopedia Britannica Ready Reference  2003  Britannica  
WISO Sparbuch  2004  Buhl  
InnoculateIT  —  CA  
MpegCraft DVD  x  Caropus  
Citrix ICA client  7.1  Citrix  
FileMaker Pro (German)  5  Claris  
ArcServe  6.61  Computer Associates  
ArcServe 7.0  —  Computer Associates  
BrightStor ArcServe Backup 9.0  —  Computer Associates  
eTrust  7  Computer Associates  
eTrust 6.0.100  —  Computer Associates  
Etrust EZArmor  AE Test  Computer Associates  
Corel Draw 9 – PhotoPaint (German)  9  Corel  
WordPerfect Office  11  Corel  
1st nd Grade Excelerator Curious George Studio 1  —  Countertop Software  
Serious Sam: The Second Encounter  1  Croteam  
Retrospect Client  x  Dantz  
Dave’s Quick Search Toolbar  3.16  Dave Bau  
Diet KaZaa  2.52  Diet KaZaa  
The Lion King Animated Storybook  1  Disney  
DivxPlayer  2.5.3  Divx  
Command & Conquer Generals  —  EA Games  
Command & Conquer Generals Zero Hour  —  EA Games  
Earth & Beyond  v.1  EA Games  
Need for Speed Hot Pursuit 2  1  EA Games  
SimCity 4  v1.0  EA Games  
Freedom Force  1  Electronic Arts  
NBA Live 2000  1  Electronic Arts  
CheckSoft Home and Business  2004  Eliibrium  
EDM File System Agent 3.1  —  EMC  
Chess Advantage III: Lego Chess  —  Encore  
High School Advantage 2003  —  Encore Software  
Encyclopedia Britannica 2000 Deluxe  1  Encyclopedia Britannica  
Smarterm Office 10  —  
Smarterm Office 11  —  
Diskeeper  8  Executive Software  
Der Brockhaus Multimedia (German)  2004  F.A. Brockhaus  
JAWS 5.0  5  Freedom Scientific  
F-Secure  5.52  F-Secure  
Drivers & Utilities CD  —  Fujitsu-Siemmens  
Cute FTP 5.0  —  GlobalScape  
Conflict: Desert Storm  —  Gothamgames  
Window-Eyes Professional  4.2  GW Micro  
HP Quick Launch Buttons  —  HP  
HP SJ 6350  —  HP  
HPSetup 42NAheBLU1 SW build  —  HP  
Exceed 8 —  Hummingbird  
Host Explorer 8  —  Hummingbird  
Rational’s Clearcase  2003  IBM  
ViaVoice for Windows Personal Edition 10  10  IBM  
SmartSuite Millennium Edition ScreenCam (German)  9.5  IBM Lotus  
ICQ Pro  3916  ICQ  
iMesh  3.1  iMesh  
TurboCAD Professional  9  IMSI  
Installshield  8  Installshield  
Quicken 2003 Premier Home and Business  2003  Intuit  
Quicken Deluxe 2001  2001  Intuit  
Kazaa  2.52  Kazaa  
Kerio Personal Firewall  4  Kerio  
WinRoute  4.25  Kerio  
Playzone Preschool – Kindergarten – Jump Start Spelling  1  Knowledge Adventure  
Live Journal Semagic  Live Journal  
SmartSuite Millennium Edition – Fast Site  —  Lotus  
Star Wars Knights of the Old Republic  —  Lucas Arts  
Merriam Webster’s Reference Library 2003 – Journey to the Planets  2003  M-2K  
ColdFusion MX for J2EE 6  —  Macromedia  
Freehand 8 (German)  8  Macromedia  
MapSend Direct Route  —  Magellan  
McAfee Internet Security Suite 2004  6  McAfee  
McAfee Parental Controls  1  McAfee  
McAfee VirusScan  4.51  McAfee  
Netshield 4.5  —  McAfee  
VisursScan  7  McAfee  
Encarta Enzyklopädie  2002  Microsoft  
Age of Empires II: Age of Kings  —  Microsoft  
Application Center 2000 SP2  —  Microsoft  
BizTalk 2004  —  Microsoft  
CMS  2001  Microsoft  
Comabt Flight Simulator 3  1  Microsoft  
Excel  2003  Microsoft  
Halo Combat Evolved (Arabic and Hebrew)  Trial  Microsoft  
MapPoint Europe  2004  Microsoft  
Microsoft Operations Manager  2000 SP1  Microsoft  
MS License  3.7  Microsoft  
MSBN  —  Microsoft  
MSN  7.02  Microsoft  
MSN 9 QFE1 and 9.1 beta  9  Microsoft  
Office  11  Microsoft  
Office – Power Point 2002 (German)  2002  Microsoft  
Office Access 2002  2002  Microsoft  
Office System – Power Point  2003  Microsoft  
Office XP Access  10  Microsoft  
Office XP Professional Excel 10.0 SP2  —  Microsoft  
Office XP SP2 – PowerPoint  11  Microsoft  
Office XP Standard  10  Microsoft  
Outlook 2000  9  Microsoft  
Outlook 2002  10  Microsoft  
Outlook 2003  11  Microsoft  
Outlook Web Access  x  Microsoft  
Revenge of Arcade  v1.0  Microsoft  
Server Administrator Tools  —  Microsoft  
SMS  2.0 SP5  Microsoft  
SMS  2.0 SP5  Microsoft  
SMS  2003 RC2  Microsoft  
SMS  2003 RTM  Microsoft  
SMS  —  Microsoft  
SNA Server 4.0 SP4  —  Microsoft  
SQL  —  Microsoft  
SQL  7  Microsoft  
SQL 2000a 2000a SP3  —  Microsoft  
TaxSaver  1999  Microsoft  
Virutal PC  2004  Microsoft  
Visual Basic  6  Microsoft  
Visual C++ (16-bit)  2  Microsoft  
Visual Studio  7  Microsoft  
Visual Studio  97  Microsoft  
Visual Studio .NET Enterprise 2003  —  Microsoft  
Visual Studio 98  6  Microsoft  
Windows Sharepoint Services  2  Microsoft  
Windows Sharepoint Services  —  Microsoft  
Word  XP  Microsoft  
Works Suite 2004  2004  Microsoft  
WSS  2  Microsoft  
Musicmatch Jukebox  8.20.0107  Musicmatch  
StyleSelector  x  NEC  
Veritas  —  NEC  
AppManager  5.01  NetIQ  
End2End 4.1  —  NetIQ  
File and Storage Administrator 2.1 (191067)  —  NetIQ  
VewNow 1.05  1.05  
View Now 1.0  1  
ViewNow 1.05  1.05  
McAfee Remote Desktop 32  —  Network Associates  
ESET NOD32 for windows  —  Nod32  
Norman Personal Firewall 1.40  AETEST  Norman  
Norman Personla Firewall  4  Norman  
Becky  12.09.01   
KaZaa Media Desktop  2.6.3   
PhotoImpact 7 (Traditional Chinese)  7   
Sony: PCV-W510G  510G   
Super Collapse (Demo Only)  2   
UX Theme MultiPatcher  1.5.1   
PhotoExplosion Deluxe  1  Nova Development  
NovaNet Web  3.6  NovaStor  
Pinnacle Studio  Beta  NX – Pinnacle Studio 9 cause data execution prevention errors  
Instant CD/DVD  7  Pinnacle  
Real Player (free version)  10  Real Networks  
Tom Clancy’s Rainbow Six 3: Raven Shield  1  Red Storm  
Action Request System  x  Redmedy  
Max Payne 2: The Fall of Max Payne  1  RockStar Games  
NASCAR Racing 2003 Season v2003  —  Sierra  
Tribes 2  1  Sierra  
Harvard Graphics  3  Software Publishing Corp  
SonicWALL Virus Scan  —  SonicWall  
Sony: PCV-V200G:  —  Sony  
VirusSecurity 2004  2004  Sourcenext  
BootSkin  x  Stardock  
Ghost Corporate Edition 7.5  —  Symantec  
Norton Antivirus 2003  2003  Symantec  
Norton Systemworks 2003 – GoBack Personal Edition  Other MS  Symantec  
Norton Systemworks 2003 Professional Edition  2003  Symantec  
Norton Systemworks 2004 – GoBack32  Beta  Symantec  
PCAnywhere 11  —  Symantec  
Smantec Antivirus Corporate Edition  8  Symantec  
Talkworks Pro  x  Symantec  
Winfax Pro  10  Symantec  
Roboword Pro (JAPANESE)  6  Technocraft  
Style XP  2  tgtsoft  
Eclipse  3  Unknown  
Midnight Outlaw: Illegal Street Drag  1  Valuesoft  
Roller Coaster Factory  v3.0  Valuesoft  
Elite Forces Vietnam: Special Assignment 2 ver 1  ver 1  Valusoft  
Midnight Outlaw Illegal Street Drug  v1.0  ValuSoft  
Backup Exec  9  Veritas  
Backup Exec  9.1.4691  Veritas  
Backup Exec 8.6.1  —  Veritas  
Backup Exec 9.1  —  Veritas  
BackupExec  9.1  Veritas  
BackupExec  8.6.1  Veritas  
Bakcup Exec 9.1  —  Veritas  
Volume Manager 3.1  3.1  Veritas  
Command & Conquer Red Alert 2  v1.0  Westwood  
Command and Conquer Red Alert 2  1  Westwood  
Windgate  5.2.3  WinGate  
Reflection  9  WRQ  
Reflection  9.03  WRQ  
Reflection  10  WRQ  
Reflection X  10  WRQ  
Reflection X  11  WRQ  
Reflection X 10  —  WRQ  
Xoreax Incredibuild  —  Xoreax  
Yahoo  x  Yahoo  
Yahoo instant Messenger  x  Yahoo  
Yahoo Messenger  Yahoo  
PC Magazine Business Winstone Benchmark  2004  Ziff Davis  
ZoneAlarm  5.0.590  ZoneLabs;en-us;884130

Trend Micro Solicits Feedback on Virus Encyclopedia Beta

Trend Micro wants to borrow the eyes of beta testers to evaluate its new Virus Encyclopedia. The beta version of the encyclopedia includes new search criteria as well as the option for a printer-friendly format. Users who take the time to fill out the survey will receive a free one-year license to PC-cillin 2005 when it is released.

Participants are asked to compare the usability of the new beta Web site with the existing Virus Encyclopedia. Each section of the survey is accompanied by screenshots to make comparing the strengths and weaknesses of the two sites more convenient.

Adobe Acrobat Buffer Overflow in ‘pdf.ocx’

SecurityTracker URL:
Impact:  Execution of arbitrary code via network, User access via network
Vendor Confirmed:  Yes  
Advisory:  iDEFENSE
Version(s): 6.0.2 and prior versions
Description:  iDEFENSE reported a buffer overflow vulnerability in an ActiveX component of Adobe Acrobat. A remote user can execute arbitrary code on the target user’s system.

It is reported that a remote user can create a PDF file with a specially crafted embedded HTTP link so that when the file is opened, the buffer overflow will be triggered.

If the request is made to a web server (e.g., IIS, Netscape Enterprise Server) that truncates the request at the null byte (%00), the ActiveX component will overflow a buffer within the RTLHeapFree() function. Arbitrary code can be executed with the privileges of the target user.

The vendor was reportedly notified on April 14, 2004.

Rafel Ivgi is credited with discovering this flaw.

The original advisory is available at:
Impact:  A remote user can execute arbitrary code on the target system with the privileges of the target user.
Solution:  iDEFENSE reported that you can modify the Adobe Acrobat settings to prevent PDF files from being automatically opened when accessed via a web browser (under Edit, Preferences, uncheck “Display PDF in browser”)

iDEFENSE also reported that Adobe may have attempted to silently fix this flaw in version 6.0.2, but was unsuccessful.
Vendor URL:
Cause:  Boundary error
Underlying OS:  Windows (Any)

Yahoo! Patches Security Flaw in Messenger

Yahoo! has patched a flaw in the open source Portable Network Graphics (PNG) image format that is utilized by its real-time communications product Yahoo! Messenger. Yahoo! spokesperson Terrell Karlsten told BetaNews, “Beginning today, we are notifying users who are currently running Windows versions 6.0 to install the security update. Upon logging into Yahoo! Messenger, users will be prompted with a message window that invites them to update their service.” Users may also download the new release separately.

eEye Upcoming Advisories on Microsoft products

Days Overdue 0
Vendor: Microsoft 
Severity: Medium (Local Code Execution) 
Date Reported: August 02, 2004 
Days Since Initial Report: 10

Operating Systems Affected:
Windows Me
Windows XP (SP0-SP2RC2)
Windows 2003

Days Overdue 0
Vendor: Microsoft 
Severity: Medium (Local Code Execution) 
Date Reported: August 02, 2004 
Days Since Initial Report:  10 

Operating Systems Affected:
Windows 2000
Windows XP

Days Overdue 0
Vendor: Microsoft 
Severity: Medium (Local Code Execution) 
Date Reported: August 02, 2004 
Days Since Initial Report: 10  

Operating Systems Affected:
Windows 2000

Days Overdue 0
Vendor: Microsoft 
Severity: Medium (Local Code Execution) 
Date Reported: August 02, 2004 
Days Since Initial Report:  10 

Operating Systems Affected:
Windows Me
Windows XP (XP0 – XPSP2 RC2)       

eEye: RealPlayer Unspecified Flaw

RealPlayer Unspecified Flaw

Vendor: RealNetworks

A vulnerability in default installations of the affected software that allows malicious code to be executed with little user interaction.

Severity: High (Remote Code Execution)

Operating Systems Affected: RealPlayer

Status: Initial report stage

Also in

Spyware as a service

Just as spam, worms, and viruses have polluted the signal to noise of the e-mail platform, now spyware threatens to cut the legs out from under customer confidence in doing financial transactions on the Web. But, does spyware threaten the economic underpinnings of the Web, or is it an opportunity to turn the problem on its head? What if we turn spyware from a threat into a service, where users accept monitoring of their activities in return for access to a secure, indemnified network of enhanced services? If this transformation were to take hold, the vehicle to carry it forward would be RSS.

Read the problem, RSS information router and  solution –>

IBM tells employees not to install Windows XP update

While developers at Microsoft Corp. may be celebrating that they finished work on Service Pack 2 (SP2) for Windows XP, IT departments around the world now face the question of whether they should update their systems, or not.
IBM Corp., for one, is holding off on installing the security focused update for Windows XP. In a note headlined “To patch — or not to patch” posted Friday on its corporate intranet, IBM tells its employees not to download SP2 when it becomes available because of compatibility issues. A copy of the note was obtained by IDG News Service.

“While this patch may be good news for other Microsoft Windows XP owners, IBM is directing XP users not to install SP2,” the note states. With close to 400,000 desktops, IBM is a very large Microsoft customer.

“IBM’s large number of Web applications will need to be tested and some modified to work correctly with SP2. Currently, some high profile, business-critical applications are also known to conflict with SP2,” IBM tells its employees in the note. “When the current issues and concerns have been addressed, IBM will deploy a customized version of SP2.”

An IBM spokeswoman declined to comment on the company’s internal IT issues.

IBM alerted its users on the same day Microsoft started the process of delivering SP2 to end users by announcing release to manufacturing (RTM) of the service pack. The Windows XP update will be available soon through downloads, retail distribution and free CDs, as well as on new PCs. A network installation package will be available for enterprise users.

Also in entitled IBM not compatible with SP2