E-Musings Mon Immorata

It's Good! It's Bad! It's Evil? Rugrat's the first 64-bit virus, but free Windows antivirus software is a cure. The Yahoo toolbar lets adware be and Opera 7.51 is now phishing-proof OK, listen up because Rugrat, the first 64-bit virus, has been released as a proof-of-concept. If you thought high-end computing platforms were going to save you now think again. Even before a viable operating system has emerged bad guys have found a backdoor. Not a good omen for the future of computing. The W64.Rugrat.3344 (W64/Rugrat) virus is a direct-action infector written in IA64 assembly code. It uses Thread Local Storage structures to execute the viral code. And affects most 64-bit Windows programs excluding .DLLs. The virus exits Windows memory after execution but doesn't need a true 64-bit computer to run as it can also affect 32-bit systems! While the concept seems restricted to infecting files within the same folder (and sub-folders) this is a dangerous development since the virus could run from the Windows system folder! Harry Potter is also the latest celebrity associated with a virus. A revised Netsky.P variant has been renamed to encourage recipients to view file contents. You should be, as a rule, suspicious of all mail attachments. Corporate warriors who depend on file exchange should check the file name and extension and avoid opening any files ending with .EXE, .COM, .PIF and .SCR. If your email client supports a 'read mail as plain text' feature (most do), enable it immediately. And if you still haven't updated your Windows system against the LSASS vulnerability, please do so immediately. Or you might fall victim to the W32.Korgo.C and W32.Korgo.B worms! For users who want an antivirus but don't want to pay for the privilege there are free, feature-crippled, versions of commercial antivirus software like AVG, Avast! and BitDefender are available. Or you could tryout ClamWin, a free robust, open-source virus scanner better known for its Linux distro. ClamWin for Windows supports all version up to Windows 2003 Server. Features include scan scheduler, standalone scanner and auto-updates. Plus integration into Windows Explorer and Outlook. ClamWin is offered for download (4 MB) via Sourceforge. I previewed the software and found it adequate. Although it lacks a real time software scan it does protect your Outlook PST files and scans messages sent and received. I didn't face a problem, but Windows 9x/ME users may have OS-related issues the Cygwin and Python executables used to power this antivirus. Also besides the 4 MB setup file, ClamWin needs an active Internet connection to download additional program files as well as the latest antivirus signatures database. The Big Three search engines (er, sorry Web Community sites) -- Google, MSN and Yahoo -- all offer browser toolbars. The stakes are high for the most user eyeballs and each successive version attempts to raise the bar that much higher. All there add-in include pop-up blocking. But Yahoo's most recent Toolbar beta includes a spyware blocker that plays nice with spyware from Yahoo partners! Claria (formerly Gator) and WhenU.com trick users into accepting unwanted downloads then flood machines with pop-up ads. Claria is a Yahoo partner and the latter's Overture division, a leading paid search listing provider, contributed 31% of Claria's 2003 revenues courtesy a pre-buyout agreement where Overture pays Claria a percentage of ad revenue for every click-thru. What's good is an anti-spyware tool that only targets those not financially linked to the developer. This unhealthy trend needs to be stopped. So do your bit and don't use Yahoo's Toolbar. Instead use either Google's browser bar or MSN's offering if you must. Remember however that pop-up blocking in Google toolbar requires user to allow the software to transmit user browsing demographics. However this is an explicit permission and isn't classified as spyware that works without user knowledge. Instead use separate, dedicated anti-spyware tools like Spybot Search & Destroy and JavaCool's Spyware Blaster to rid yourself of spyware. My main Beta software info resource -- Betanews -- that remained updated for over a week was re-launched on the weekend with a new look. The new interface is more visually pleasing and software listings are more detailed with an option to add them to a watch list (registered members only). However, the site code doesn't appear to be wholly-standard compliant. And the design breaks in Opera but not in Mozilla Firefox or IE. And there's a new Windows Media Player 10 Technical Preview available for Windows XP only. Windows 98/ME/2000 users still have only Windows Media Player 9. But you can still view screen shots that your missing at View what it looks like here. I learnt about the new Opera 7.51 (Build #3798) at Warp2Search. Opera 7.51 resolves phishing issues reported in the GreyMagic GM#007-OP security advisory, improves stability, marks redirect links correctly, and also fixes some M2 mail & news client issues. You an download a copy here. In other browser news, Netscape lovers rejoice, AOL will shortly be releasing a new Netscape 7.2 version based on Mozilla 1.7. At press time Mozilla 1.8 was the latest stable release. I wonder if Netscape users will get the short end of the stick. Read what will and won't be done in an interview with one of the lead developers. Nor will Netscape lovers be happy to learn that Netscape 7.1 is based on a very early, and very buggy, Mozilla engine that the open-source community had rejected! Finally for Outlook users attempting to export HTML mail from PST files, you no longer need to contend with the mail headers being deleted. Via Sourceforge there's an open-source program, PMSEU (Personal Message Store Export Utility) that requires the VB 6 runtime, Microsoft Common Controls and CDO for the messaging API. These should These dependencies are probably preloaded on most systems.. Designed for work groups using (large) message stores, this utility extracts messages (with headers) then exports them to a (searchable) text format. Each message is separated by the ^L character used to trigger a new page. However message attachments are not exported. And if your messages, the message subject or folders use forbidden characters like & or /, these will be deleted from the exported file name. That's it for this week. Stay Safe! Click Here to Email Me