Monthly Archives: September 2008

Blogging pause

Well, sort of…ok, here”s the deal: I”ve been having problems on my leg for several months now. After spending some time siting, I have lots of problems getting up…It”s as if the muscle won”t stretch….Initially, fibrosis was the most viable option, but it seems like that is not the problem…

It seems like it may be caused by some sort of back problem, so I was advised to avoid being sited at all costs (at least, until I get my next appointment with a specialist, which should only happen in a month or so). What this means is that until I have a definitive answer on what”s wrong with my leg (or should I say back?), I”ll have to take the advice and that means that this blog will suffer a bit. I will still be writing, but with much less frequency. I do want to finish my MVC series, bu,,t I guess it”ll take a little more time than I had though. Sorry about that :(

Copenhagen talk on C# – what do you want to hear about?

I’ve created a Google moderator page for the C# talk I’ll be giving in Copenhagen. I don’t know whether there will be internet access at the event itself (for people to create and vote up/down questions during the talk) but at least as there’s a month before the event, people can ask questions now and I’ll do my best to make sure I answer them.

If you haven’t looked at Google moderator yet, it’s a very handy way of keeping track of questions during lectures etc. It’s almost a shame that people don’t tend to have laptops and internet access in church – it would be very handy to be able to add questions for the preacher during the sermon :)

PowerShell in Practice

Chapter 5 – user accounts (local and AD) is now available on MEAP –


Share this post :


Technorati Tags:


W2KSG: Service Pack

Continuing our look at Operating Systems – what about Service Pack information

Listing 8.8

Get-WmiObject -Class Win32_OperatingSystem | Format-List ServicePackMajorVersion, ServicePackMinorVersion

In this one I’m using Format-List to perform the selection as well as the display.  We could make it simpler if we used the -property parameter on get-wmiobject but that also displays the WMI info such as class, genus etc, etc


Share this post :


Technorati Tags: ,

Information about the other "scareware" lawsuits…

Here we go… the other lucky recipients of Microsoft’s attentions in the “John Doe” (which I earlier called “Jane Doe”) lawsuits are:
Case No. 08-2-33382-5 SEA
Judge Suzanne Barnett

Case No. 08-2-33380-9 SEA
Judge Joan DeBuque

Case No. 08-2-33377-9 SEA
Judge Michael J. Fox

Case No. 08-2-33375-2 SEA
Judge Douglas McBroom

Antivirus 2009
Case No. 08-2-33372-8 SEA
Judge Bruce Heller

Microsoft also amended two pre-existing complaints to name the parties behind SMP Soft LLC, a Delaware corporation that markets a scareware product called Scan & Repair Utilities.

According to my notes from the Press Conference, the potential end result of these lawsuits could be up to $2,000.00 per violation, plus attorney fees and restitution.
IP previously (ThePlanet)
Registrar: Directi Internet Solutions Pvt. Ltd (WHOIS notes the registration service was provided by VIVIDS MEDIA GMBH)
Created: 3 October 2007
Previously shared IP address with,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, and

WinSpywareProtect (
IP: (APS Telecom)
Registrar:, Inc
WHOIS hidden behind Domains By Proxy, Inc
Created 11 March 2008
Shares IP address with

WinDefender (
IP: (HostFresh)
Registrar: Tucows, Inc
WHOIS hidden behind Whois Anonymizer, Brazil
Created 9 January 2004
Shares IP address with,,,,,,,, and

MalwareCore (
IP previously (UkrTeleGroup)
Registrar: Estdomains, Inc
WHOIS – Registrant “Herman Pulser”, who apparently owned about 74 other domains!
Created 25 January 2008
Previously shared IP address with,,,,,,,,,,,, and (Quite a variety, yes?  The domain deserves closer attention)

Antivirus 2009 (, .net, .org and .info have all been registered – .org and .info are “on hold”, .net apparently does not have a web site – I don’t know yet which site the lawsuit is against) – Registrar Estdomains.
IP previously (Intercage) – Registrar Afilias Limited
IP previously and (GoDaddy and Leaseweb) – Registrar 1&1 Internet
IP – Registrar Estdomains
IP previously (Intercage)

Enable Password Changing through OWA in Exchange 2003

Enable Password Changing through OWA in Exchange 2003

W2KSG: Operating System

The other area we have to dig into when inventorying systems is the OS.  WMI has a class just for this

PS> Get-WmiObject -Class Win32_OperatingSystem

SystemDirectory : C:Windowssystem32
Organization    :
BuildNumber     : 6001
RegisteredUser  : admin
SerialNumber    : 55041-037-8508545-71489
Version         : 6.0.6001

This doesn’t give us everything we might wish for.  The default formatter is a play here in that it decides what should be displayed if you don’t choose.  To see what is available try

Get-WmiObject -Class Win32_OperatingSystem | Select *

which will display all properties.  If we want to be a bit more selective lets try

Listing 8.7

Get-WmiObject -Class Win32_OperatingSystem | Select BootDevice, BuildNumber,BuildType, Caption, Codeset, CountryCode, Debug, InstallDate, NumberofLicensedUsers, Organization, OSLanguage, OSProductSuite, OSType, Primary, RegisteredUser, SerialNumber, Version

These scripts illustrate one of the most difficult aspects of WMI – knowing what is available.


Share this post :


Technorati Tags: ,

W2KSG: Inventory Hardware

Most of the hardware connected to your system has a matching WMI class – cd, sound, keyboard, network adapter, printers and usb for example.  To find the appropriate WMI classes use

Get-WmiObject -List *networkadapter

Or similar

If you want to investigate the pointing devices try

Listing 8.4

Get-WmiObject -Class Win32_PointingDevice | Select HardwareType, NumberofButtons, Status, PNPDeviceId | Format-List

Oddly enough all the different devices report 0 butons!

It was pointed out on an earlier script that I could have effectively combined the select and format-list by changing the script to

Get-WmiObject -Class Win32_PointingDevice | Format-List HardwareType, NumberofButtons, Status, PNPDeviceId

The reason I don’t do this automatically is that I usually leave the formatting until the end when I see what the default formatter produces and I find is easier (lazier :-) ) to just add format-list on the end.  Also if I want to put the script into PowerGUI not having the format-list makes life easier.


Share this post :


Technorati Tags: ,

Unblock Attachments | HowTo-Outlook

Unblock Attachments | HowTo-Outlook

Announcement: Microsoft and the Washington Attorney General unveil several "scareware" lawsuits

Edited to update documentary links..

Washington Attorney General, Rob McKenna (whose work has been featured on this blog several times) and Richard Boscovich, Senior Attorney for Microsoft’s Internet Safety Enforcement Team, unveiled several lawsuits against malware (what they call “scareware”) pushers today.  The lawsuits are the first to be filed under the State’s recently amended Computer Spyware Act.   Note that there have been earlier lawsuits, but they were *before* the Computer Sypware Act was amended.

The news conference was attended by Attorney General Rob McKenna, Richard Boscovich and Paula Selis, Senior Counsel at the Attorney General’s Office, Consumer Protection Division.

I am listening to the Press Conference as I type, so I apologize if this entry is a bit disjointed.  The Press Release includes a visual demonstration of scareware, which will give me a chance to catch up on typing this article while the reporters watch a video demonstrating what we are so familiar with.

I do have one complaint though – is it really so hard for the apparently professional reporters to use the god-damned mute button on their telephones so that we don’t have to listen to their hands squelching on their phone handsets, papers rustling or their sighs/heavy breathing except for during question?????????  Yes, I used my mute button.

The official Press Release says:

SEATTLE – Attorney General Rob McKenna stood at the frontlines with Microsoft Corp. in the war against spyware in 2006. Now armed with tougher legislation, the state’s top law enforcement officer, with the world’s largest software company, is charging forward with new lawsuits targeting scareware purveyors.

The Attorney General’s Office along with Microsoft has yanked the fear factor dial out of the hands of businesses that use scareware as a marketing tool and have spun it toward them,” McKenna said.

We won’t tolerate the use of alarmist warnings or deceptive ‘free scans’ to trick consumers into buying software to fix a problem that doesn’t even exist,” McKenna continued. “We’ve repeatedly proven that Internet companies that prey on consumers’ anxieties are within our reach.”

The Attorney General’s Office along with Microsoft announced the filing of new cases under Washington’s recently improved Computer Spyware Act during a joint press conference today in Seattle.

Microsoft is honored to assist Washington Attorney General McKenna in helping to protect consumers from online threats,” said Richard Boscovich, Senior Attorney for Microsoft’s Internet Safety Enforcement Team. “Cybercrime continues to evolve, but with public/private collaboration such as this, we can work to champion tougher laws, greater public awareness and, ultimately, stronger protections for online consumers.

In 2005, Washington became one of the first states to adopt a law explicitly prohibiting spyware activities and imposing serious penalties on violators. The statute doesn’t stop at outlawing programs that collect personal information, but uses a broader definition of “spyware” and punishes those who mislead users into believing software is necessary for security. The law was updated last session to create additional liability for third-parties that permit the transmission of spyware and to address new types of deceptive behaviors, such as misrepresenting the need for computer repairs.

As of today, the Attorney General’s Office has filed seven suits under the statute.

The Attorney General’s Office filed its latest case today in King County Superior Court against the marketers of a program called Registry Cleaner XP. The civil suit brings five causes of action against James Reed McCreary IV, of The Woodlands, Texas, and two businesses: Branch Software, of The Woodlands, Texas, doing business as Registry Cleaner XP, and Alpha Red, Inc., of Houston, Texas. McCreary is the sole director of Branch Software and CEO of Alpha Red.

McKenna said Microsoft referred the case to the Attorney General’s Consumer Protection High-Tech Unit and has been helpful in assisting the office with enforcement issues.

According to the state’s complaint, the defendants sent incessant pop-ups resembling system warnings to consumers’ personal computers. The messages read “CRITICAL ERROR MESSAGE! – REGISTRY DAMAGED AND CORRUPTED,” and instructed users to visit a Web site to download Registry Cleaner XP.

Computers capable of receiving Windows Messenger Service pop-ups, also known as Net Send messages, were vulnerable to the attacks. Windows Messenger Service, not to be confused with the instant-messaging program Windows Live Messenger, is primarily designed for use on a network and allows administrators to send notices to users.

Consumers who visited the Web site were offered a free scan to check their computer – but the program found ‘critical’ errors every time,” said Senior Counsel Paula Selis, who leads the Attorney General’s Consumer Protection High-Tech Unit. “Users were then told to pay $39.95 to repair these dubious problems.”

The filings today bring the number of civil spyware actions brought by Microsoft since the Computer Spyware Act was first enacted in 2005 to 17.  In 2006, Microsoft and the Attorney General each brought lawsuits against the same group of defendants under the Washington Computer Spyware Act, obtaining permanent injunctions and settlements.   Additionally, Microsoft has routinely worked with the FTC and other state and federal law enforcement agencies in the battle against spyware.

Spyware has arguably become the biggest online threat to consumers and businesses since the advent of the Internet. Microsoft has said that 50 percent of its customer-support calls related to computer crashes can be blamed on spyware.


Registry Cleaner XP demo:

The Attorney General said that the thing that bothered him most was the “blatant rip-off” that is scareware.  It was also mentioned that 50% of support calls to Microsoft were related to scareware – yes, 50%.  So far, as I listen to the demonstration, I have heard no mention of the double-dipping on credit cards that scareware is so notorious for – regular readers will know that Bucksbill is notorious for charging $70 or so instead of $35 or so.

Hang on, Richard Boscovich of Microsoft is speaking now…

Ok, Richard says that of the 7 lawsuits mentioned, five are apparently “Jane Doe” type lawsuits, where some parties are not yet identified. 

The primary focus of the reporters, and Paula/Richard, was discussing *how* the scareware alerts get on to a user’s system – the primary, nay the only, cause mentioned was Net Send (aka Windows Messenger, which should not be confused with Windows Live Messenger (the online chat software).  Windows Messenger Service is, of course, disabled by default as of XP SP2 and only works if there is no firewall interfering.  Disappointingly, no mention was made of malvertizing!

Details of the other lawsuits are not available at time of writing.  I am sure that information will eventually appear on but for now, all we have is the PDF complaint mentioned in the Washington Attorney General’s Press Release.

Recent Comments