Brian Ladd’s Blog – Notes on Life

Just another WordPress.com weblog

Uninstalling the Clickonce Support for Firefox

http://blogs.msdn.com/brada/archive/2009/02/27/uninstalling-the-clickonce-support-for-firefox.aspx

Uninstalling the Clickonce Support for Firefox

A couple of years ago we heard clear feedback from folks that they wanted to enable a very clean experience with launching a ClickOnce app from FireFox.  James Dobson published FFClickOnce and got very good reviews, but we had many customers that wanted ClickOnce support for Firefox built into the framework… so in .NET Framework 3.5 SP1 we added ClickOnce support for Firefox!     This made ClickOnce apps much more accessible to a wide range of customers.

We added this support at the machine level in order to enable the feature for all users on the machine.  Seems reasonable right?  Well, turns out that enabling this functionality at the machine level, rather than at the user level means that the “Uninstall” button is grayed out in the Firefox Add-ons menu because standard users are not permitted to uninstall machine-level components.

Clearly this is a bit frustrating for some users that wanted an easy way to uninstall the Clickonce Support for Firefox.  But good news!  We have a fix in place (enabling each user to uninstall the feature for themselves) and our testing team is making sure that is rock-solid now.. I expect that to be out in the next few weeks.   I’ll be sure to post more information on that when I have it.

Update (5/2009):  We just release an update to .NET Framework 3.5 SP1 that makes the firefox plug in a per-user component.  This makes uninstall a LOT cleaner.. none of the steps below are required once this update is installed.

Update to .NET Framework 3.5 SP1 for the .NET Framework Assistant 1.0 for Firefox

In .NET Framework 3.5 SP1, the .NET Framework Assistant enables Firefox to use the ClickOnce technology that is included in the .NET Framework. The .NET Framework Assistant is added at the machine-level to enable its functionality for all users on the machine. As a result, the Uninstall button is shown as unavailable in the Firefox Add-ons list because standard users are not permitted to uninstall machine-level components. In this update for .NET Framework 3.5 SP1 and in Windows 7, the .NET Framework Assistant will be installed on a per-user basis. As a result, the Uninstall button will be functional in the Firefox Add-ons list. This update will also make this version of the .NET Framework Assistant for Firefox compatible with future versions of the Firefox browser. Updates to the .NET Framework Assistant may include updates to the Windows Presentation Foundation Plug-in for Firefox causing it to be enabled upon its initial update.

————————————————–

In the meantime, if you want to disable the Clickonce Support for Firefox here are the steps directly from the dev in charge..

Stop-gap Solution To uninstall the ClickOnce support for Firefox from your machine

1) Delete the registry key for the extension

i.                     From an account with Administrator permissions, go to the Start Menu, and choose ‘Run…’ or go to the Start Search box on Windows Vista

ii.                   Type in ‘regedit’ and hit Enter or click ‘OK’ to open Registry Editor

iii.                  For x86 machines, Go to the folder HKEY_LOCAL_MACHINE > SOFTWARE > Mozilla > Firefox > Extensions

For x64 machines, Go to the folder HKEY_LOCAL_MACHINE > SOFTWARE > Wow6432Node > Mozilla > Firefox > Extensions

iv.                 Delete key name ‘{20a82645-c095-46ed-80e3-08825760534b}’

OR alternatively

i.                     Open a command prompt window (must be ‘run as Administrator’ on Vista and later)

ii.                   Copy and paste the appropriate command below and hit ‘Enter’

For x86 machines:
reg DELETE “HKLM\SOFTWARE\Mozilla\Firefox\Extensions” /v “{20a82645-c095-46ed-80e3-08825760534b}” /f

For x64 machines:
reg DELETE “HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions” /v “{20a82645-c095-46ed-80e3-08825760534b}” /f

2) Reset the changes made to the Firefox user agent

i. Launch Firefox, go to the Firefox address bar and type in ‘about:config’

ii. Scroll down or use ‘Filter’ to find Preference name ‘general.useragent.extra.microsoftdotnet’

iii. Right-click on the item and select ‘reset’

iv. Restart Firefox

3) Remove the .NET Framework extension files

i. Go to the Start Menu, and choose ‘Run…’ or go to the Start Search box on Windows Vista

ii. Type in ‘explorer’ and hit Enter or click ‘OK’

ii. Go to ‘%SYSTEMDRIVE%\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\’

iii. Delete the ‘DotNetAssistantExtension’ folder and all its contents

Published 27 February 09 12:00 by BradA


# Silvr said on April 1, 2009 4:18 AM:
According to annoyances.org (http://www.annoyances.org/exec/show/article08-600)

“This update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for websites to easily and quietly install software on your PC.”

Question is :

Is the above statement true. Is Brad Adams or anyone from Microsoft able to disprove it.

I respect this site since it gave me a lot of help for a lot of stuff microsoft had long-since discontinued support for, and it has provided me great troubleshooting advice.

I agree with other comments that this  secret install borders on the level of malware.(Sony anyone?)

It was stupid on Microsofts part for the following reasons :

1. Risking flak from security community and firefox community(if this indeed creates vulnerabilities in firefox)

2. Add the fact this was install without any user notification or consent. All my other plugins and extensions were installed with permission from me.

3. Risk antitrust allegations for using microsoft update to promote microsoft products over other(java).

Advertisements

June 1, 2009 Posted by | General Computer Tech, Security, Windows / Microsoft | Leave a comment

Microsoft Update Quietly Installs Firefox Extension

http://voices.washingtonpost.com/securityfix/2009/05/microsoft_update_quietly_insta.html

Microsoft Update Quietly Installs Firefox Extension

A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla’s Firefox Web browser.

Earlier this year, Microsoft shipped a bundle of updates known as a “service pack” for a programming platform called the Microsoft .NET Framework, which Microsoft and plenty of third-party developers use to run a variety of interactive programs on Windows.

The service pack for the .NET Framework, like other updates, was pushed out to users through the Windows Update Web site. A number of readers had never heard of this platform before Windows Update started offering the service pack for it, and many of you wanted to know whether it was okay to go ahead and install this thing. Having earlier checked to see whether the service pack had caused any widespread problems or interfered with third-party programs — and not finding any that warranted waving readers away from this update — I told readers not to worry and to go ahead and install it.

dotnetext.JPG

I’m here to report a small side effect from installing this service pack that I was not aware of until just a few days ago: Apparently, the .NET update automatically installs its own Firefox add-on that is difficult — if not dangerous — to remove, once installed.

Annoyances.org, which lists various aspects of Windows that are, well, annoying, says “this update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC.” I’m not sure I’d put things in quite such dire terms, but I’m fairly confident that a decent number of Firefox for Windows users are rabidly anti-Internet Explorer, and would take umbrage at the very notion of Redmond monkeying with the browser in any way.

Big deal, you say? I can just uninstall the add-on via Firefox’s handy Add-ons interface, right? Not so fast. The trouble is, Microsoft has disabled the “uninstall” button on the extension. What’s more, Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that — if done imprecisely — can cause Windows systems to fail to boot up.

When I first learned of this, three thoughts immediately flashed through my mind:

1) How the %#@! did I miss this?

2) The right way would have been to just publish the add-on at Mozilla’s Add Ons page.

3) This kind of makes you wonder what else MS is installing without your knowledge.

Then I found that I wasn’t the only one who had these ideas. Microsoft has heard these criticisms from others who long ago commented on this unfortunate development (see the comments underneath this post).

Anyway, I’m sure it’s not the end of the world, but it’s probably infuriating to many readers nonetheless. Firstly — to my readers — I apologize for overlooking this…”feature” of the .NET Framework security update. Secondly — to Microsoft — this is a great example of how not to convince people to trust your security updates.

// By Brian Krebs  |  May 29, 2009; 7:40 AM ET

June 1, 2009 Posted by | General Computer Tech, Security, Windows / Microsoft | Leave a comment

Vista hits Microsoft where it hurts…

Ok, so now we are starting to see the full scope of the Windows Vista debacle.  When Windows Vista originally advertised and specs for it started coming out, I was all against it.  Most of Windows Vista is designed around MPAA/RIAA DRM and content control schemes.  Please keep in mind that I have very strong feelings against DRM.  I’ll post a rant about DRM some other time.  However, as a computer tech and geek worth his weight, I decided I would install and use Windows Vista for some time.  I’ve been running it on my Dell Vostro notebook for a few months now and the experience hasn’t been so bad.  It has had it’s ups and downs, but I get that with every operating system.  So Vista has been an OK experience for me so far.  Then I heard about the Microsoft class-action lawsuit based on the “Vista Ready” marketing scam.  The scam goes like this:  prior to the launch of Windows Vista, hardware was sold with a “Vista Ready” logo stuck on it.   Many times, the hardware was not up toe the minimum requirements for Vista or was just barely over the absolute baseline.  Then after Vista officially launched, a lot of people who bought the cheapest possible hardware that was “Vista Ready” found out that they couldn’t run Vista.  Shock and surprise!  Imagine that, when you buy crap computers, you can’t run an operating system like Vista on the bottom grade computer.  Now, Microsoft is facing a possible 8+ Billion dollar lawsuit.  But why worry.  Microsoft can afford it, can’t they.  Opps that’s right.  Microsoft is about to layoff 5,000 people. And let’s not forget that they just posted the first financial loss to Wall Street.   Starting to look a little grim….

http://www.crn.com/it-channel/212902345

Microsoft Bill For ‘Vista Capable’ Put At $8.52 Billion

By Damon Poeter, ChannelWeb
5:53 PM EST Fri. Jan. 23, 2009
Demand for PC components may have fallen off a cliff in recent weeks, but Microsoft could be forced to pony up for $8.52 billion-worth of memory and graphics cards, according to an expert witness for the plaintiffs in the ongoing “Vista Capable” class-action lawsuit.University of Washington economist Keith Leffler estimates that it would cost Microsoft between $3.92 billion and $8.52 billion to upgrade notebook and desktop PCs that the company labeled “Vista Capable” but which were not able to run the full version of the Windows Vista operating system, Computerworld’s Gregg Keizer reported Thursday.

The software giant disputes that figure as “absurdly” valued in a court filing that along with Leffler’s report was unsealed by U.S. District Court Judge Marsha Pechman Wednesday.

Microsoft launched Windows Vista in January, 2007 following a nine-month marketing campaign with components manufacturers, computer makers and retailers. During that period, Microsoft and its partners placed “Vista Capable” labels on notebooks and desktops that while able to run the entry-level Home Basic edition of Vista, in many cases could not run more advanced versions of the operating system.

Plaintiffs in the lawsuit, which is set for trial in April, say that because Vista Home Basic does not include features like the Aero Glass graphic user interface present on more advanced versions, the operating system shouldn’t have been called Vista in the first place. And because the “Vista Capable”-stickered computers they bought didn’t have the hardware necessary to move to versions which had those supposedly Vista-defining features, like Vista Home Premium or Vista Business, the plaintiffs say they were defrauded.

The “Vista Capable” labeling campaign began on April 1, 2006. Leffler estimates that 19.4 million PCs — 13.75 million notebooks and 5.65 million desktops — were labeled “Vista Capable,” according to the unsealed report.

Leffler came up with his total upgrade costs by calculating how much it would cost to upgrade each of the 19.4 million PCs with 1 GB of memory and graphics cards or onboard chipsets able to run Aero, according to Keizer. Leffler put the maximum cost of upgrading the desktops at $155, while positing that the notebooks’ integrated graphics would be more tricky to replace and would cost between $245 and $590 per unit. The total price tag for Microsoft would thus range from $3.92 billion to $8.52 billion and in some cases would include complete replacements of notebooks that could not be feasibly upgraded, Leffler testified.

Microsoft in its response argued that giving litigants “a free upgrade to Premium-ready PCs would provide a windfall to millions.”

January 25, 2009 Posted by | Copyright / P2P / Law, Windows / Microsoft | Leave a comment

Microsoft to hide Irish Tax Haven data of subsidiaries that have saved it billions of dollars in US taxes

I can’t help but wonder if our new President Barrack Obama would keep his promise of making US corporations keep jobs in this country after reading this article.  While the article is not really about job, it does speak volumes about Microsoft’s business practices when they use Ireland as a way to dodge US taxes and remove millions of dollars from the US economy.  Between the contemptible thieves of Wall Street and the horrendous leadership that allowed the Fannie Mae and Freddie Mac disasters to happen, I can’t be too surprised to discover this one.  And the next logical question that comes to mind is:  How can I pull this off?  Could I somehow hide my earnings from US tax interest by moving it off shore to some other location.  I’m sure there probably is, but I just don’t make enough money yet to get away with it.

http://www.finfacts.ie/irelandbusinessnews/publish/article_10005150.shtml

US software giant Microsoft has taken steps to shield from the public, the value of Tax Haven transactions of two Irish-registered subsidiaries that have enabled it to save billions of dollars in US taxes.

Ha’penny Bridge, Dublin – Microsoft’s Round Island One is Ireland’s biggest company. It operates from the offices of corporate lawyers and reported  €3.23 billion ($3.88 billion) in fiscal 2004 pretax profit and paid $308 million in Irish corporate tax.

The company applied to the Irish Companies Office on Monday to re-register its Round Island One and Flat Island Company subsidiaries as companies with unlimited liability. Unlimited companies have no obligation to file their accounts publicly. The two companies operate from the Dublin offices of corporate lawyers Matheson Ormsby Prentice.

The move to change the legal status of the subsidiaries follows a November 2005 report in The Wall Street Journal and weeks after the US Treasury Department said it was developing new rules to prevent US groups transferring intellectual property and patents abroad as a way of minimising their exposure to US tax.

Last November, The Wall Street Journal wrote that “a law firm’s office on a quiet downtown street [in Dublin, Ireland ] houses an obscure subsidiary of Microsoft Corp. that helps the computer giant shave at least $500 million from its annual tax bill. The four-year-old subsidiary, Round Island One Ltd., has a thin roster of employees but controls more than $16 billion in Microsoft assets. Virtually unknown in Ireland, on paper it has quickly become one of the country’s biggest companies, with gross profits of nearly $9 billion in 2004.”

Flat Island Company made a profit of $802.4 million in 2004 on sales of $2 billion, but paid no tax. It issues licences for software in Europe, the Middle East and Africa.

Ireland’s low corporate tax rate of 12.5% on trading profits has been a magnet for multinational companies who are responsible for 90% of Irish exports and a significant contributor to the success of the modern Irish economy, commonly known as the Celtic Tiger.

In addition, an Irish tax exemption on patent income, has promoted the parking of US multinational company overseas profits in Ireland, through transfer pricing and other accounting measures. Ireland is the most profitable location of US multinationals and in the period 1998-2002, the profits of US companies with Irish facilities doubled.

Ireland’s annual corporate tax revenue is about €5.3 billion ($6.3 billion). The Wall Street Journal said in its report that a Microsoft Dublin-based company that is used for routing patent a royalty income from overseas operations, paid the Irish Revenue $300 million in taxes last year.

Up to 50% of Irish corporate tax revenue may relate to taxes paid on income earned by US multinationals outside Ireland.

Microsoft’s effective global tax rate fell to 26 percent in its last fiscal year from 33 percent the year before. Nearly half of the drop was attributed to “foreign earnings taxed at lower rates,” Microsoft said in a Securities and Exchange Commission August filing. Microsoft leaves much of its profit in Ireland, including $4.1 billion in cash, avoiding U.S. corporate income taxes. But it still can count this profit in its earnings.

Microsoft did not explain why it chose to re-register the two subsidiaries when questioned about the move. “As part of our strategy to facilitate and support future business growth, Microsoft is re-organising some of its legal entities within the group,” it said in a statement to The Irish Times. “Microsoft Ireland Operations Limited (MIOL) is the primary operating legal entity in Ireland, employing over 1,200 people in four operations based in Sandyford. MIOL remains unaffected by any changes and will continue to publicly file its financial statements.”

IRELAND TOP LOCATION OF US MULTINATIONALS’ PROFITS

Ireland is the world’s most profitable country for US corporations, according to analysis by US tax journal Tax Notes. In a study by the journal’s Martin Sullivan that was published in 2004, it was found that profits made by US companies in Ireland doubled between 1999 and 2002 from $13.4 billion to $26.8 billion, while profits in most of the rest of Europe fell. In his analysis Sullivan termed Ireland a ‘semi-tax haven’ for US firms, because firms are involved in real productivity in contrast with locations such as Bermuda.

Between 1999 to 2002, US multinational corporations increased profits in countries with no taxes or low rates by 68% while sharply reducing profits recorded in countries where they engage in substantial business activity, the study published in the journal Tax Notes shows.

In 2002, US companies reported $149 billion of profits in 18 tax-haven countries, up 68% from $88 billion in 1999, according to Tax Notes, which analyzed the most recently available Commerce Department data. This compares with a 23% increase in total offshore profits earned by US multinationals during the same period-total profits of US multinationals’ foreign subsidiaries around the world stood at $255 billion in 2002.


January 1, 2009 Posted by | Copyright / P2P / Law, General Computer Tech, Windows / Microsoft, World News | Leave a comment

Massive hole in windows..(another one anyway)

http://it.slashdot.org/it/08/12/02/0133231.shtml

“The worm exploiting a critical Windows bug that Microsoft patched with an emergency fix in late October is now being used to build a fast-growing botnet, said Ivan Macalintal, a senior research engineer with Trend Micro. Dubbed ‘Downad.a’ by Trend (and ‘Conficker.a’ by Microsoft and ‘Downadup’ by Symantec), the worm is a key component in a massive new botnet that a new criminal element, not associated with McColo, is creating. ‘We think 500,000 is a ballpark figure,’ said Macalintal when asked the size of the new botnet. ‘That’s not as large as some, such as [the] Kraken [botnet], or Storm earlier, but it’s… starting to grow.'”

Some background on this hole and how it works:
http://tech.slashdot.org/tech/08/10/23/1713220.shtml?tid=201

http://web.nvd.nist.gov/view/vuln/detail;jsessionid=8cbbb6719c907342334ffd9256d8?execution=e1s1
http://www.us-cert.gov/cas/bulletins/SB08-294.html
http://www.intelliadmin.com/blog/2008/10/smb-vulnerablity-found-emergency-patch.html

Microsoft Response to the hole:
http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx
http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx
http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

I found proof-of-concept code available through google.  Took all of a minute.

December 2, 2008 Posted by | General Computer Tech, Security, Windows / Microsoft | Leave a comment

Vista and the Myth of Upgrading

OK.  So I ran into this today and really felt like this was something to share with people.  First, keep in mind that I try to read Slashdot almost every day.  Here’s the article that caugt my attention:

http://tech.slashdot.org/tech/08/12/01/0317244.shtml

Several readers pointed out a ComputerWorld UK blog piece on the expanding ripples of the Vista fiasco. Glyn Moody quotes an earlier Inquirer piece about Vista, which he notes “has been memorably described as DRM masquerading as an operating system”:

“Studies carried out by both Gartner and IDC have found that because older software is often incompatible with Vista, many consumers are opting for used computers with XP installed as a default, rather than buying an expensive new PC with Vista and downgrading. Big business, which typically thinks nothing about splashing out for newer, more up-to-date PCs, is also having trouble with Vista, with even firms like Intel noting XP would remain the dominant OS within the company for the foreseeable future.”

Moody continues: “What’s really important about this is not so much that Vista is manifestly such a dog, but that the myth of upgrade inevitability has been destroyed. Companies have realized that they do have a choice — that they can simply say ‘no.’ From there, it’s but a small step to realizing that they can also walk away from Windows completely, provided the alternatives offer sufficient data compatibility to make that move realistic.”

The Slashdot article links to 2 other articles:

Punters buying used PCs to avoid Vista

http://www.theinquirer.net/feeds/rss/generic/en/GB/inq/latest/gb/inquirer/gb/inquirer/news/2008/11/27/punters-buying-old-second-hand

Punters are apparently scrambling to get their hands on used, second hand PCs, not just because they offer a cheap fix in tough economic times, but mainly because they come loaded with Windows XP rather than Vista.

Studies carried out by both Gartner and IDC have found that because older software is often incompatible with Vista, many consumers are opting for used computers with XP installed as a default, rather than buying an expensive new PC with Vista and downgrading.

Big business, which typically thinks nothing about splashing out for newer, more up-to-date PCs, is also having trouble with Vista, with even firms like Intel noting XP would remain the dominant OS within the company for the foreseeable future.

Josh Kaplan, president of computer repair outfit, Rescuecom, told PC World people wanted to stick with XP to avoid standardisation problems. His company has resold XP-based PCs to companies that use software that is incompatible with Vista and which would require a substantial upgrade to become compatible. ” Having five PCs that are Vista and five XP can create training and compatibility issues,” he said.

Of course, buying a second-hand PC without having to shell out for a Vista license is also much cheaper and certain cheeky resellers are attempting to bump up their own profits even further by selling computers with illegitimate copies of XP bunged in, something which Gartner severly frowns upon, by the way.

Naughty, naughty, chipping away at Microsoft’s billions like that.

You should all be ashamed of yourselves. Tut, tut.

and

http://www.computerworlduk.com/community/blogs/index.cfm?entryid=1573&blogid=14

The Outlook for Vista Gets Even Worse

As someone who has been following Microsoft for over 25 years, I remain staggered by the completeness of the Vista fiasco. Microsoft’s constant backtracking on the phasing out of Windows XP is perhaps the most evident proof of the fact that people do not want to be forced to “upgrade” to something that has been memorably described as DRM masquerading as an operating system. But this story suggests an even greater aversion:

Studies carried out by both Gartner and IDC have found that because older software is often incompatible with Vista, many consumers are opting for used computers with XP installed as a default, rather than buying an expensive new PC with Vista and downgrading.

Big business, which typically thinks nothing about splashing out for newer, more up-to-date PCs, is also having trouble with Vista, with even firms like Intel noting XP would remain the dominant OS within the company for the foreseeable future.

What’s really important about this is not so much that Vista is manifestly such a dog, but that the myth of upgrade inevitability has been destroyed. Companies have realised that they do have a choice – that they can simply say “no”. From there, it’s but a small step to realising that they can also walk away from Windows completely, provided the alternatives offer sufficient data compatibility to make that move realistic.

That may not have been the case before, but the similar poor uptake of Microsoft’s OOXML, taken together with the generally good compatibility of OpenOffice.org with the original Microsoft Office file formats, implies that we may well be near the tipping point for migrations to free software on the desktop.

That doesn’t mean everyone is going to rip out Windows and replace it with GNU/Linux, simply that they will stop upgrading Microsoft Office too, and start using OpenOffice.org on new systems instead. More people will come into contact with OpenOffice.org, and start using it at home – not least because they are actually *allowed* to take copies from office systems. Throw in Firefox usage that is starting to creep up to significant levels, even in the UK, and you have the recipe for a subsequent migration to GNU/Linux systems running these same apps that is almost painless.

I’m obviously not the only one thinking along these lines. Last weekend, Dell was advertising its new Inspiron Mini 9 in at least one national newspaper. This would have been unthinkable even a year ago, when the company’s fear of upsetting the mighty Microsoft by mentioning the “L” word would have been too great, and is further evidence that GNU/Linux is indeed becoming a mainstream option.

I’ve included the original text of the articles linked to here in case they disappear from the Internet.

December 1, 2008 Posted by | General Computer Tech, Windows / Microsoft | Leave a comment

Vista Vulnerabilities

http://www.avertlabs.com/research/blog/index.php/2007/03/12/windows-vista-vulnerable-to-stickykeys-backdoor/

http://tech.slashdot.org/article.pl?sid=08/05/26/0257213

http://it.slashdot.org/article.pl?sid=08/01/08/0154227

MBR attack Vector

http://www2.gmer.net/mbr/

August 12, 2008 Posted by | Security, Windows / Microsoft | Leave a comment

Vista’s Security Rendered Completely Useless by New Exploit

Found this on Slashdot and i can already tell this is going to be big.   I’ll update this post as more information becomes available.

http://www.neowin.net/news/main/08/08/08/vista39s-security-rendered-completely-useless-by-new-exploit

This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees.

Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista. These new methods have been used to get around Vista’s Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through an active web browser. The researchers were able to load whatever content they wanted into any location they wished on a user’s machine using a variety of scripting languages, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System.

While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren’t based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista’s fundamental architecture. According to Dino Dai Zovi, a popular security researcher, “the genius of this is that it’s completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over.”

According to Microsoft, many of the defenses added to Windows Vista (and Windows Server 2008) were added to stop all host-based attacks. For example, ASLR is meant to stop attackers from predicting key memory addresses by randomly moving a process’ stack, heap and libraries. While this technique is very useful against memory corruption attacks, it would be rendered useless against Dowd and Sotirov’s new method. “This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista,” said Dai Zovi. “If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they’re safe because they’re .NET objects, you see that Microsoft didn’t think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force.”

While Microsoft hasn’t officially responded to the findings, Mike Reavey, group manager of the Microsoft Security Response Center, said the company has been aware of the research and is very interested to see it once it has been made public. It currently isn’t known whether these exploits can be used against older Microsoft Operating Systems, such as Windows XP and Windows Server 2003, but since these techniques do not rely on any one specific vulnerability, Zovi believes that we may suddenly see many similar techniques applied to other platforms or environments. “This is not insanely technical. These two guys are capable of the really low-level technical attacks, but this is simple and reusable,” Dai Zovi said. “I definitely think this will get reused soon.”

These techniques are being seen as an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks. Expect to be hearing more about this in the near future and possibly being faced with the prospect of your “secure” server being stripped completely naked of all its protection.

August 8, 2008 Posted by | Security, Windows / Microsoft | Leave a comment

Exchange: Full Mailbox Rights

How do I grant the administrator(s) (or any other user) full mailbox right on Exchange 2000/2003 mailboxes?
http://www.petri.co.il/grant_full_mailbox_rights_on_exchange_2000_2003.htm

In Microsoft Exchange Server 5.5, when you grant Service Account Admin privileges on the Site container to a Microsoft Windows account, you grant that account unrestricted access to all mailboxes. Because Exchange 2000 and Exchange Server 2003 do not use a service account, even accounts with Enterprise Administrators rights are denied rights to access all mailboxes, by default.

This means that Exchange Full Administrators do not have the right to open any mailbox found on any server within the Exchange organization.

In fact, if your logon account is the Administrator account or is a member of the Domain Admins or Enterprise Admins groups, then you are explicitly denied access to all mailboxes other than your own, even if you otherwise have full administrative rights over the Exchange system.

However, unlike Exchange Server 5.5, all Exchange 2000/2003 administrative tasks can be performed without having to grant an administrator sufficient rights to read other people’s mail.

This default restriction can be overridden in several ways, but doing so should be in accordance with your organization’s security and privacy policies. In most cases, using these methods is appropriate only in a recovery server environment.
Granting right to a specific mailbox

Use the following procedure to grant access to an Exchange 2000 or an Exchange 2003 mailbox:

Note: You must have the appropriate Exchange administrative permissions to do so.

1. Start Active Directory Users and Computers.
2. On the View menu, ensure that the Advanced Features check box is selected.

Note: This is not necessary on Exchange Server 2003 because of the fact that the Exchange Advanced tab is exposed by default.

3. Right-click the user whose mailbox you want to give permissions to and choose Properties.

4. On the Exchange Advanced tab, click Mailbox Rights.

5. Notice that the Domain Admins and Enterprise Admins have both been given Deny access to Full Mailbox access.
6. Click Add, click the user or group who you want to have access to this mailbox, and then click OK.
7. Be sure that the user or group is selected in the Name box.
8. In the Permissions list, click Allow next to Full Mailbox Access, and then click OK.

9. Click Ok all the way out.

Warning: If the Group or User name list is empty and you only see one line with the name of SELF – do NOT touch the permission settings before you read SELF Permission on Exchange Mailboxes.

Note: If the purpose of granting such access is to permit use of the EXMERGE utility (see Delete Messages from Mailboxes by using EXMERGE for an example of such a requirement), grant Receive As permissions. You can also grant Full Control permissions if you want complete access.
Granting right to a mailboxes located within a specific mailbox store

Use the following procedure to grant access to Exchange 2000 or an Exchange 2003 mailboxes found on a specific mailbox store:

Note: You must have the appropriate Exchange administrative permissions to do so.

1. Start Exchange System Manager.
2. Drill down to your server object within the appropriate Administrative Group. Expand the server object and find the required mailbox store within the appropriate Storage Group. Right-click it and choose Properties.

3. In the Properties window go to the Security tab.
4. Click Add, click the user or group who you want to have access to the mailboxes, and then click OK.
5. Be sure that the user or group is selected in the Name box.
6. In the Permissions list, click Allow next to Full Control, and then click OK.

Note: Make sure there is no Deny checkbox selected next to the Send As and Receive As permissions.

7. Click Ok all the way out.

Granting right to a mailboxes located on a specific server

Use the following procedure to grant access to Exchange 2000 or an Exchange 2003 mailboxes found on a specific server:

Note: You must have the appropriate Exchange administrative permissions to do so.

1. Start Exchange System Manager.
2. Drill down to your server object within the appropriate Administrative Group. Right-click it and choose Properties.

3. In the Properties window go to the Security tab.
4. Click Add, click the user or group who you want to have access to the mailboxes, and then click OK.
5. Be sure that the user or group is selected in the Name box.
6. In the Permissions list, click Allow next to Full Control, and then click OK.

Note: Make sure there is no Deny checkbox selected next to the Send As and Receive As permissions.

7. Click Ok all the way out.

Note: It might take some time before the changes you’ve made will take effect. The amount of time needed is influenced by the number of domain controllers, Global Catalogs and site replication schedules and intervals. On one domain with one site containing multiple domain controllers it might take up to 15 minutes before you can begin using these new permissions. On single servers that are also DCs you can speed up the process by restarting the Information Store service.
Related articles

You might also want to read the following related articles:

Delete Messages from Mailboxes by using EXMERGE
Download Exmerge for Exchange 2000/2003
EXMERGE and Hebrew Fonts
Recover a Deleted Mailbox
SELF Permission on Exchange Mailboxes

June 5, 2008 Posted by | Windows / Microsoft | Leave a comment

Microsoft device helps police pluck evidence from cyberscene of crime

http://www.microsoft.com/presspass/features/2008/apr08/04-28CrantonQA.mspx

http://www.news.com/8301-10784_3-9930664-7.html?tag=newsmap

http://seattletimes.nwsource.com/html/microsoft/2004379751_msftlaw29.html

Microsoft device helps police pluck evidence from cyberscene of crime

By Benjamin J. Romano – Seattle Times technology reporter

Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB “thumb drive” that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.

The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer’s Internet activity, as well as data stored in the computer.

It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.

More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States, are using the device, which Microsoft provides free.

“These are things that we invest substantial resources in, but not from the perspective of selling to make money,” Smith said in an interview. “We’re doing this to help ensure that the Internet stays safe.”

Law-enforcement officials from agencies in 35 countries are in Redmond this week to talk about how technology can help fight crime. Microsoft held a similar event in 2006. Discussions there led to the creation of COFEE.

Smith compared the Internet of today to London and other Industrial Revolution cities in the early 1800s. As people flocked from small communities where everyone knew each other, an anonymity emerged in the cities and a rise in crime followed.

The social aspects of Web 2.0 are like “new digital cities,” Smith said. Publishers, interested in creating huge audiences to sell advertising, let people participate anonymously.

That’s allowing “criminals to infiltrate the community, become part of the conversation and persuade people to part with personal information,” Smith said.

Children are particularly at risk to anonymous predators or those with false identities. “Criminals seek to win a child’s confidence in cyberspace and meet in real space,” Smith cautioned.

Expertise and technology like COFEE are needed to investigate cybercrime, and, increasingly, real-world crimes.

“So many of our crimes today, just as our lives, involve the Internet and other digital evidence,” said Lisa Johnson, who heads the Special Assault Unit in the King County Prosecuting Attorney’s Office.

A suspect’s online activities can corroborate a crime or dispel an alibi, she said.

The 35 individual law-enforcement agencies in King County, for example, don’t have the resources to investigate the explosion of digital evidence they seize, said Johnson, who attended the conference.

“They might even choose not to seize it because they don’t know what to do with it,” she said. “… We’ve kind of equated it to asking specific law-enforcement agencies to do their own DNA analysis. You can’t possibly do that.”

Johnson said the prosecutor’s office, the Washington Attorney General’s Office and Microsoft are working on a proposal to the Legislature to fund computer forensic crime labs.

Microsoft also got credit for other public-private partnerships around law enforcement.

Jean-Michel Louboutin, Interpol’s executive director of police services, said only 10 of 50 African countries have dedicated cybercrime investigative units.

“The digital divide is no exaggeration,” he told the conference. “Even in countries with dedicated cybercrime units, expertise is often too scarce.”

He credited Microsoft for helping Interpol develop training materials and international databases used to prevent child abuse.

Smith acknowledged Microsoft’s efforts are not purely altruistic. It benefits from selling collaboration software and other technology to law-enforcement agencies, just like everybody else, he said.

April 29, 2008 Posted by | Copyright / P2P / Law, Security, Windows / Microsoft | Leave a comment