Crashed Pips - Computers, politics, emetic trash

Thursday, September 13, 2007

Why I Hate PC World

Filed under: Uncategorized — Tags: , , , , , , — Jonathan Rothwell @ 18:06

Regular readers of this blog will know that I’m not a fan of PC World. In fact, I strongly dislike PC World.

Why, you may ask? Well, here’s why.

  • Whenever you take a PC in to be repaired at PC World, they will invariably dump their purple and orange bloatware on your machine (along with a few adverts) under the pretence of being a ‘performance test application’.
  • As they connect your machine to a different monitor, it occasionally comes out of it thinking it’s got two screens and letting the cursor veer off into non-existence.
  • Contrary to what their advertisements would have you think, 80gB is not ‘massive’ by today’s standards. True, 80gB is a respectable amount, and massive in comparison to the 20gB disks you used to get a few years ago, but massive is more like 500gB (or two such disks in a RAID array, making 1tB). (Oh yes, and don’t forget the fake hard disk capacity counting system.)
  • Don’t be fooled by the Tech Guys service - you’d be much better off asking your technically-minded friend from down the road to do it, as he/she will probably provide a friendly, reliable and informal service, is less likely to patronise you, and will almost definitely do it for a fraction of the price PC World charge (if they ask for a fee at all).
  • They seem to have some kind of vendetta against Linux. They won’t sell any out-of-the-box Linux-compatible WLAN cards, and refuse to repair hardware if Linux is installed on it (presumably because they can’t put their bloatware on it).
  • They still list items on their website that have been discontinued.
  • Their staff feel undervalued - you can just see from their facial expressions when they serve you.
  • The only machines on which Windows isn’t installed are the Macs. But can we not have some kind of option? Can’t we opt out of the Microsoft tax?



Saturday, September 8, 2007

Honeypot Experiment #1 - screensavers.com

Filed under: Uncategorized — Tags: , , , , , , — Jonathan Rothwell @ 18:35

So, the Crashed Pips honeypot set up and ready, the first experiment took place. Using a certain search engine and a known supplier of malware.

Honeypot The honeypot takes forever to boot - virtual machines are generally very slow and resource-intensive on the rest of the system. Windows took around ten minutes to get to a usable desktop.

Honeypot #1 - usable desktop

The usable desktop, before the infectofest started. And now we bring you coverage of experiment #1 - how easy it is for an inexperienced computer user to infect their machine using only Microsoft’s own search engine.

Honeypot #1 - MSN

Alarm bells should immediately start to ring at this point - in this case, an outdated version of Internet Explorer is being used, there is no antivirus software (see the system tray’s Windows Security warning) and the fictional user is now going to look, using Windows Live Search, for a screensaver for his/her new setup.

Honeypot #1 - Search results

The first organic result here is for screensavers.com, which, according to a SiteAdvisor report, is a distributor of adware and spyware.

So, taking the position of the gullible computer user, here’s the download page for the Matrix screensaver.

Honeypot #1 - Download page

‘Virus checked’ and ‘Spyware checked’ are visible below the ‘download’ link. Lies. Lies. Lies. As indicated by the next page:

Honeypot #1 - Starware offer

Uh-oh! Starware is a known spyware distributor, and to an inexperienced computer user this would appear to be quite a good software package. Note that the installer (even without the toolbar) automatically dumps an ‘affiliate shortcut’ on your desktop (essentially an invitation for spam galore).

Honeypot #1 - Install complete

After the install is complete, you are offered these (seemingly good) options.

Not so. The search engine actually uses your searches to create an advertising profile that helps ads to be delivered (outside the browser) that you are more likely to respond to. It isn’t like Google or most other search engines, which use the search data to optimise the searches. These are used to make you easier to sell to.

And this was just the Starware toolbar that was actually installed.

Honeypot #1 - Install really complete

Aha! The screensaver has finally been installed, after a magnitude of bogus free offers and all sorts of other junk. And we’ve now effectively opened up the honeypot to other spyware/adware etc.



Wednesday, September 5, 2007

The Crashed Pips Honeypot Experiment

Filed under: Uncategorized — Tags: , , , , , , — Jonathan Rothwell @ 19:24

A honeypot is a computer (or virtual computer) designed to catch all those internet nasties that you’d normally want to avoid - so that people can be educated on what they do and how to avoid them, and to study them and find out which ports they use, what files they’re reading that they shouldn’t be etc.

So, with that settled, I can now announce the Crashed Pips Honeypot Experiment 2007. Over the next 30 days, I shall be making occasional posts updating you on the results of the experiment. I may even prepare a report/conclusion at the end.

What is the machine’s setup?

The machine’s a Virtual PC setup using 128mB of RAM and a 15gB hard disk (more than adequate for this purpose). It will be running an installation of Microsoft Windows XP Professional without any security software installed whatsoever apart from what is built directly into the operating system - in this case, nothing more than a firewall. Windows Update warnings will also be ignored.

How will you hose the machine?

I will visit certain websites, and leave ports open deliberately in an attempt to lure viruses, spyware etc into the honeypot. I also intend to follow spoof virus warnings that lead to spyware, and to install certain software that is known to contain advertising and spyware.

How realistic is this experiment? Could I cite it in a paper?

There is no way that this experiment could be called realistic, because a special effort is being made to infect the machine with as much malware as possible. This will therefore make the test wildly unrealistic and inaccurate. If you’re quoting this in a scientific paper or anything serious, you’re a Cornish sardine.



Saturday, August 4, 2007

Lessons in Replacing Your Hard Disk #1 - How big is your disk really?

Filed under: Uncategorized — Tags: , , , , — Jonathan Rothwell @ 12:26

My old 20gB hard disk was about to pack up, so I bought a 320gB disk from PC World for £64.99 (£1 is roughly equivalent to US$2 at the time of writing, so it’s roughly worth $130).

The disk was advertised as being 320gB. Which was around 23gB from the truth. And sadly, I can’t sue PC World or Hitachi under the Trade Descriptions Act.

So why are they able to get away with such a monstrosity? The short answer is that there’s a common (and widely exploited) misconception about the true values of a gigabyte, megabyte etc. Read on for the long answer.

(more…)



Wednesday, June 20, 2007

My password is not ‘password’

Filed under: Uncategorized — Tags: , , — Jonathan Rothwell @ 17:17

Some people are so stupid with passwords, it would seem, that they might as well erect a sign outside their door saying “LOOK! BANK ACCOUNTS, ONLINE PROFILES, PRIVATE INFORMATION, ALL FOR FREE!”

Malicious hackers know that a lot of computer users find it difficult to remember passwords, and will therefore choose something they won’t forget and will stick with for a long time. Easy passwords like ‘password’ or ‘open’ or ’security’ are a no-brainer, for both unsuspecting user and evil cracker.

Equally unpreferable are ‘dictionary’ passwords, as in single words like ‘cabbage’. When picking a password, if you absolutely must make it a single word, pick up a dictionary (yes, the big heavy one) and look for it. Ideally you might also want to search the full Oxford English Dictionary if your library has a copy, or check on Wiktionary. If a dictionary password is used, all the cracker has to do is try all the words in the dictionary and he’s in.

Obvious numbers are also a big no-no. Don’t use your date of birth, phone number or the box you won Deal or No Deal with. Neither should you use your username, and definitely don’t use a blank password. This allowed the British hacker Gary McKinnon to enter NASA’s systems and then make wild, ridiculous claims about UFOs and free energy.

The best policy for generating passwords is to put something in at random, a combination of letters, numbers, and preferably some symbols like # ~ @ etc. It should be at least eight characters long, and changed at least every year, preferably every three months.

And writing passwords down should be avoided whenever possible. If you need to write down your home password, then keep it under lock and key (eg in a safe). NEVER write down your business password.

You may think I’m being a bit over-the-top in this, but it is incredibly important in these days when identity theft is widespread and as easy as rummaging around in someone’s bins. And I can’t imagine your boss being very happy if he finds out that a rival company employed someone to crack your weak password and steal a document called StrategiesForAdvantageAgainstCompetition.docx. Both identity theft and corporate espionage are big business and on the Internet, there are people who will do anything to make a few quid.



Tuesday, May 8, 2007

The google/goggle.com video

Filed under: Uncategorized — Tags: , , , , — Jonathan Rothwell @ 19:15

This viral video, which has lately been doing the rounds on Youtube, is a classic “doomsday” video of how your computer will die if you visit a certain web site - in this case, goggle.com, a mis-spelling of google.com.

Now, I decided to see if “goggle.com” really existed, because I doubt the consequences would be too diabolical. This would be because

  1. I’m using Firefox
  2. I’ve got Javascript switched off by default, which is normally how these attacks are sprung.

At first sight, the web site should start to ring alarm bells as not being Google’s home page.

Fake Google homepage (goggle.com)

Other important points to note:

  1. McAfee SiteAdvisor lists the site as red, meaning “use extreme caution”.
  2. NoScript has blocked some kind of script. These days it’s not that unusual as practically every web page triggers some javascript, but combined with the fact it’s not Google and that SA has listed the site as red, it is suspicious.
  3. There is an asterisk after the words “free” and “click here to claim” - but no matching footnote.

The space in the top-right hand corner was obviously meant to be occupied by a countdown timer, and a quick inspection of the javascript reveals:

<SCRIPT LANGUAGE="JavaScript" SRC="http://www.fluxads.com/goggle/slider.js"></SCRIPT>
<script>

var popunder="http://ads.trekdata.com/flux/insane0220.html"

var winfeatures="width=800,height=1000,scrollbars=1,resizable=1,toolbar=1,location=1,menubar=1,status=1,directories=0"

var once_per_session=1

function get_cookie(Name) {
  var search = Name + "="
  var returnvalue = "";
  if (document.cookie.length > 0) {
    offset = document.cookie.indexOf(search)
    if (offset != -1) { // if cookie exists
      offset += search.length
      // set index of beginning of value
      end = document.cookie.indexOf(";", offset);
      // set index of end of cookie value
      if (end == -1)
         end = document.cookie.length;
      returnvalue=unescape(document.cookie.substring(offset, end))
      }
   }
  return returnvalue;
}

function loadornot(){
if (get_cookie('popunder')==''){
loadpopunder()
document.cookie="popunder=yes"
}
}

function loadpopunder(){
win2=window.open(popunder,"",winfeatures)
win2.blur()
window.focus()
}

if (once_per_session==1)
loadpopunder()
else
loadornot()

</script>
<script type="text/javascript">
var _countDowncontainer=0;
var _currentSeconds=0;
function ActivateCountDown(strContainerID, initialValue) {
    _countDowncontainer = document.getElementById(strContainerID);
    if (!_countDowncontainer) {
        alert("count down error: container does not exist: "+strContainerID+
            "nmake sure html element with this ID exists");
        return;
    }
    SetCountdownText(initialValue);
    window.setTimeout("CountDownTick()", 1000);
}

function CountDownTick() {
    if (_currentSeconds <= 0) {
        window.location = "index.html";
        return;
    }
    SetCountdownText(_currentSeconds-1);
    window.setTimeout("CountDownTick()", 1000);
}

function SetCountdownText(seconds) {
    //store:
    _currentSeconds = seconds;
    //get minutes:
    var minutes=parseInt(seconds/60);
    //shrink:
    seconds = (seconds%60);
    //get hours:
    var hours=parseInt(minutes/60);
    //shrink:
    minutes = (minutes%60);
    //build text:
    //var strText = AddZero(hours) + ":" + AddZero(minutes) + ":" + AddZero(seconds);
	var strText = AddZero(minutes) + ":" + AddZero(seconds);
    //apply:
    _countDowncontainer.innerHTML = strText;
}

function AddZero(num) {
    return ((num >= 0)&&(num < 10))?"0"+num:num+"";
}
</script>
<script type="text/javascript">
window.onload=WindowLoad;
function WindowLoad(event) {
ActivateCountDown("CountDownPanel", 300);
}
</script>

The bit I’m concentrating on is highlighted in bold, because that is the part that triggers a series of popup and pop-under windows after the countdown clock expires. These popups then have the ability (assuming Javascript or ActiveX in IE is on) to install festoons of spyware, adware, fake spyware removal tools, adverts, etc. So if you were a novice and had to stop for five minutes to phone your techy son/local computer geek, the machine would get you anyway.

Let’s now assume that our victim is so gullible that he/she follows one of the links in the hope of getting a free laptop/etc. As soon as he enters his Email address and personal details, they’re immediately open to spammers. So if you don’t want to sacrifice your inbox for life (remember spam filters are computers, therefore as stupid as their programmers and not as effective as they would have you think) don’t sign up for one of these “freebie” sites.

(more…)



Sunday, May 6, 2007

NEVER put a computer in charge of an election

Filed under: Uncategorized — Tags: , , , , — Jonathan Rothwell @ 14:44

Someone in Rushmoor had the bright idea of allowing voting over the Internet in last week’s local elections. Not exactly the brightest of ideas, because so far it’s turned out that computer-controlled elections can be rigged, and can have hundreds of ballot papers declared spoiled by clunky OCR software that doesn’t understand when voters make mistakes.

(I learned from a friend that when the computer rejects ballot papers, agents from each candidate argue over who the voter actually MEANT to vote for. Not sure if it’s true…)

Either way, whoever programmed the voting system in Rushmoor should be shot, because this is what the option for the Conservative candidate looked like:

Election mess-up



Tuesday, March 20, 2007

Fun with TFTs

Filed under: Uncategorized — Tags: , , , , — Jonathan Rothwell @ 18:23

I’ve been using a second-hand 15″ TFT monitor for just under two months now, and today came into a large, 17″ Medion SXGA screen. And my goodness, does it do the job well. I’m typing this now at a 1280*1024 pixels screen resolution, and the text is crystal clear, sharp and well-defined.

But it wasn’t at first. It was, when first plugged in, fuzzy, out of focus, cutting off around a tenth of the picture and had washed-out colours. And many people when buying a TFT for the first time probably don’t understand the reason for this.

There is a reason - it’s because the monitor is below its native resolution. The native resolution is the minimum screen resolution the screen can work with without the image appearing blocky or fuzzy. Normally it’s the highest resolution the monitor is capable of as well.

If your monitor appears mysteriously fuzzy, it’s because the screen resolution is set below the native resolution. You need to compensate for this by increasing the screen resolution.

In Windows, this is relatively simple (for something that Microsoft wrote not too long ago - my goodness…) - all you have to do is go to the Display Properties dialogue box (right click the desktop, select Properties), switch to the Settings tab, and drag the ’screen resolution’ slider as far to the right as it will go.

Resetting the Screen Resolution in Windows screenshot

Now click the ‘Apply’ button and wait. The screen may blank or flicker for a few seconds, but don’t scream and pull your hair out - this is only because the computer and monitor are adjusting themselves to the new settings.

Then, when your desktop reappears, if it does, click the “Yes” button within fifteen seconds - otherwise the machine will revert to the old resolution.

In Linux, if you’re not using a desktop environment that has an applet to control screen resolution, like the one in KDE and another in GNOME, you’ll probably need to edit the x.org configuration file - see your distribution’s documentation for information about how to do this.

Things to bear in mind

Note that you need to be careful when picking resolutions, in particular when it comes to the screen’s aspect ratio. Normal, non-widescreen monitors use the aspect ratio 4:3 (four pixels across to three pixels down). Widescreen monitors use roughly a 16:9 or 16:10 ratio. If you pick the wrong ratio for your screen, it’ll make the image appear squashed and probably break your screen as well.

There’s a simple way to work out the aspect ratio of a resolution - use a scientific calculator to simplify the fraction of the first number over the second number, eg 1280 over 1024. You could also simplify it by hand if you wanted.



Monday, March 19, 2007

See an advert for anti-spyware software? Think again.

Filed under: Uncategorized — Tags: , , , , — Jonathan Rothwell @ 20:45

Just because something is advertised on the Internet, it isn’t necessarily safe, as most people with any common sense would know all too well. And what really annoys me is the proliferation of fake ‘anti-spyware tools’ on the Internet.

New users tend to be lured in by dire warnings along the lines of “however you’re already protected, it won’t stop spyware unless you install this product”, followed by the user blindly rushing through the confusing EULA, which includes a passage deep in its depths that says something along the lines of “by clicking ‘next’, you consent that we can examine your usage data and install sponsor applications on your computer”. And so on.

Often these ‘cleaners’ will claim that antivirus software can’t remove spyware. Erm… yes they do, albeit not as successfully as real dedicated spyware removers.

Anyway, this suspicious site then proceeds to install itself, and the included malware, on the user’s computer. What they don’t realise is that more often than not, these ’spyware killers’ don’t actually get rid of spyware. They instead install spyware on the machine.

This kind of scam also occurs in programs that dub themselves “Whizzo PC Tuneup 2007″, “Brand X Registry Cleanser 8″, etc that generally attempt to lure users in with the promise of a faster computer etc.



Powered by WordPress 2.7 Comments are the responsibility of their respective author. The Rest © 2007-2009 Jonathan Rothwell, unless otherwise stated.