What a 12 days …

No blog entry here for 12 days and sorry for that.  I faced an issue on 5 year old desktop and only today I figured what to do or shall I say… work-around.

First issue:  Vista and the 5 year old desktop is sick of BSOD on nvlddmkm.sys.  Problem Reports and Solutions in Vista is flooded with LiveKernel Event log.  Like many NVIDIA users who is experiencing the said TDR error (see their forum on Forceware driver), I have tried installing the latest stable and even their beta driver on Vista.

Result:  No joy.  The desktop is unusable most of the time because of BSODs.

Note that all important and related hotfix that Microsoft released as per NVIDIA page here are installed.  Strange that the Dell XPS M1210 laptop which also has NVIDIA graphics card and Vista as OS is not experiencing the BSOD on nvlddmkm.sys

I decided to fresh install XP in the old desktop but “ugh” there’s the BSOD on nvlddmkm.sys again. 

Since XP is also having the issue, I restore back to Vista using True Image v11 by Acronis.  The desktop continue to suffer BSOD on nvlddmkm.sys.  There are times.. I can use the system for 10 to 30 minutes but most of the time, it will crash as soon as I login into my Vista user account.

Last night, I decided to give another try. I removed the graphics driver by NVIDIA and just allow the Windows Display Driver Model (WDDM) by Microsoft for Windows Vista (more info on WDDM here and here).  To my surprise, there is no BSOD since last night! 

I’m keeping the WDDM and will stay away from NVIDIA forceware driver.

BTW, I learn that users of ATI graphics driver is seeing the said issue also. 

Second issue:  Vista on both Dell XPS M1210 laptop and the 5 year old desktop are experiencing “Symantec Service Framework” crashes.

The thread at DSLReports.com about the above has more information.  I posted too in the said thread on what I did as work-around and I’m glad it help a user.  It’s been 6 hours now and so far… all is good. No crash on BBIF.dll on both machine (laptop and desktop)

I’m crossing my fingers… hopefully this 2 issues will not happen again.  It’s just tiring to attend on this especially if the “fixes” provided by the vendor is not helping.  All I want is go on with the daily online activities with beta-testing, forums and here… blog.

Symantec to Acquire Vontu; Symantec to Extend Its Leadership in Information-Centric Security

Symantec Corp. today announced it has signed a definitive agreement to acquire Vontu, the leader in Data Loss Prevention (DLP) solutions, for $350 million, which will be paid in cash and assumed options. The acquisition is expected to close in the fourth calendar quarter of 2007, subject to receiving regulatory approvals and satisfaction of other customary closing conditions.

More at http://www.marketwire.com/mw/release.do?id=789022

Proposed Vontu Acquisition and Data Loss Prevention to Play a Central Role in Symantec’s Security 2.0 Vision and Strategy for Information Risk Management

Combining Symantec’s market-leading security and storage capabilities with Vontu’s market-leading DLP technologies will create the most comprehensive Information Risk Management solution on the market.

The acquisition is expected to close in the fourth calendar quarter of 2007, subject to receiving regulatory approvals and satisfaction of other customary closing conditions.

More at http://www.marketwire.com/mw/release.do?id=789023

Microsoft Security Advisory (944653)

Microsoft Security Advisory (944653)
Vulnerability in Macrovision SECDRV.SYS Driver on Windows Could Allow Elevation of Privilege
Published: November 5, 2007

Microsoft is working with Macrovision, investigating new public reports of a vulnerability in the Macrovision secdrv.sys driver on supported editions of Windows Server 2003 and Windows XP. This vulnerability does not affect Windows Vista. We are aware of limited attacks that try to use the reported vulnerability. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This will include providing a security update through our monthly release process.

Microsoft is concerned that this new report of a vulnerability in the Macrovision secdrv.sys driver on supported editions of Windows Server 2003 and Windows XP was publicly disclosed, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone’s best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.

Suggested action:

For supported editions of Windows Server 2003 and Windows XP, users can install the update offered by Macrovision. Microsoft recommends that customers review the Macrovision advisory before applying the update provided by Macrovision.
http://www.macrovision.com/promolanding/7352.htm

More at http://www.microsoft.com/technet/security/advisory/944653.mspx

1 in 6 PCs Could Be Infected With Malware

A recent study performed by U.K. security vendor Prevx of 300,000 PCs showed that 15.6 percent of those machines had at least one active spyware or malware program installed. These programs, which include keyboard loggers that record keystrokes, information stealers and fake antispyware, are emerging at rates of 5,000 to 10,000 per day, company officials say.

Of these 300,000 PCs, the ones with no security software installed at all had infections rate 60 percent higher than those running some sort of antivirus, antimalware, or other security program.

http://www.pcworld.com/article/id,139228-c,onlinesecurity/article.html

Upcoming Thunderbird 2.0.0.9 contains security fixes

Heads-up for Thunderbird users :)

Below are the fixes to expect when Mozilla officially release v2.0.0.9 of Thunderbird.  Todate, it’s not yet released and release notes is not available too:

Changes in 2.0.0.9 (so far): (39)

Security issue: (2)
Fixed: 307788 – if Kerberos tickets don’t exist when launching T-Bird, get Krb Ticket Manager to prompt for them
Fixed: 380744 – Thunderbird reports “unable to decrypt” on truncated decryptable messages

Topcrash: (1)
Fixed: 316543 – crash when opening message compose window

Crash: (3)
Fixed: 351783 – Thunderbird crash on sending a return receipt
Fixed: 374240 – Thunderbird crash on exit
Fixed: 382480 – TB Crash [@ nsBidiPresUtils::ProcessText]

Attachment-related: (1)
Fixed: 396377 – vCard sometimes cause heuristic scanners to generate a false positive

Build configuration: (5)
Fixed: 381247 – Speed up mkdepend on Windows + VMWare
Fixed: 385017 – Interoperability with beagle & kerry broken in tb 2.0
Fixed: 385095 – Account Wizard won’t offer to create new RSS accounts
Fixed: 387367 – mozilla-js.pc.in missing -DJS_THREADSAFE
Fixed: 399207 – Add Hebrew to Thunderbird 2.0.0.8 for Windows and Linux

Functionality: (2)
Fixed: 279018 – messages not automatically moved to Junk folder when manually marked as Junk
Fixed: 389920 – Segmentation fault sending mail

Installer: (3)
Fixed: 389244 – Uninstall information of old version not cleared from registry when updating via auto update
Fixed: 390214 – avoid the second UAC prompt for helper.exe on software update by launching it directly from the elevated updater.exe process
Fixed: 393149 – Some registry keys aren’t removed under HKEY_LOCAL_MACHINESOFTWAREMozilla

Networking: (1)
Fixed: 391556 – problems handling namespace that starts with hierarchy delimiter

Printing: (1)
Fixed: 275312 – Print engine allows JavaScript execution

UI improvements: (7)
Fixed: 219662 – “OK” button doesn’t activate in “Link Properties” dialog
Fixed: 277905 – IMAP Message UID Greater 2099999999 not displayed
Fixed: 320102 – File – Save As – Template menu item does nothing for an existing message in Local folders
Fixed: 320739 – plain text email containing link with numerical IP should not be marked as scam
Fixed: 351692 – Need to see Account Names in the Move To / Copy To Recent Folder menus
Fixed: 381364 – locationFolders menulist icon lacks horizontal margin
Fixed: 386855 – attachment file name stripped of consecutive spaces

XUL Toolkit: (1)
Fixed: 386874 – add a python emulation for nsinstall for –disable-compile-environment

Miscellaneous fixes: (4)
Fixed: 133016 – Freetext url recognition stops at “)” and “‘” (apostrophe)
Fixed: 256510 – Return receipts don’t use Multiple identities
Fixed: 388105 – RDFResource and RDFServiceImpl leak on startup test
Fixed: 393196 – apply_rfc2047_encoding() erroneously inserts whitespace for addr-spec-only addresses

Mac-specific: (2)
Fixed: 299368 – Hide ‘Print Preview’ menu item in Mac OS X
Fixed: 379705 – Build movemail on Mac, just don’t put it in the new account wizard in Thunderbird

BeOS-specific: (3)
Fixed: 389953 – BeOS should build components with -Bsymbolic
Fixed: 394946 – BeOS Thunderbird builds fail in migration code
Fixed: 397116 – Branch build fails due to missing BeOS libs

OpenBSD-specific: (1)
Fixed: 236599 – openbsd configuration fixes for alpha, amd64, arm, i386, macppc and sparc64

OS/2-specific: (2)
Fixed: 351167 – arrow does not change to finger over URL
Fixed: 390485 – Fix updater build break with GCC 3.3.5

More at http://weblogs.mozillazine.org/rumblingedge/archives/2007/11/tb_2-0-0-9.html

BTW, if you are a Firefox user, you should receive already an update to it via it’s own updater.  They released v2.0.0.9 of Firefox.  It’s stability update.

Symantec AntiVirus for Macintosh and Norton AntiVirus for Macintosh Local Elevation of Privilege

SYM07-028 – Symantec AntiVirus for Macintosh and Norton AntiVirus for Macintosh Local Elevation of Privilege

A feature of Symantec AntiVirus for Macintosh and Norton AntiVirus for Macintosh could be used by members of the group admin to execute code as the root user (uid 0) on the local system.

Affected Products
Norton AntiVirus for Macintosh    9.x-10.x
Norton Internet Security for Macintosh    3.x
Symantec AntiVirus for Macintosh    10.0
Symantec AntiVirus for Macintosh    10.1

Solution
Disable “Show Progress During Mount Scans” in the Mount Scan tab of Auto-Protect System preferences.

Note: This vulnerability exists only in products running on the Macintosh platform. It does not exist in products running on Linux or Microsoft Windows.

Symantec Response
Symantec engineers have verified that this issue exists in the products listed above. However, any potential attempt to exploit the issue will fail if Mount Scanning is disabled, or if Mount Scanning is configured to run without showing progress.

Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue.

http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html