The Null Device
Posts matching tags 'windows'
A couple in New York are charged with defrauding a wealthy musician of somewhere between $6m and $20m after he asked them to remove a virus from his laptop. Vickram Bedi and Helga Invarsdottir, who operated a computer shop, allegedly discovered, upon learning of their client, pianist and PC user Roger Davidson's wealth (and possibly other things; perhaps his browsing history revealed a propensity for fantastic stories and/or conspiracy theories?), that the virus on his laptop was merely the tip of a vast, sinister conspiracy against him by intelligence agencies, foreign nationals and the shadowy Catholic sect Opus Dei (best known as the villains in a Dan Brown novel), and then offered him "24-hour protection" against the threats for the low, low price of $160,000 (a bargain for protection against the arrayed forces of evil itself, I'm sure you'll agree). Anyway, Bedi an Invarsdottir apparently managed to convince Davidson so well that he paid up, and kept paying for some six years.
If you use a WiFi-enabled device in any public location frequently, sooner or later you'll find an open network labelled "Free Public WiFi". These appear in the most unlikely places, from secured corporate offices to the giant Faraday cage that is the London Underground, but wherever it is, if you attempt to connect to it, you will face only frustration.
It turns out that "Free Public WiFi" is not a scam or some sort of malware, but the result of a Windows XP bug. Some versions of XP, upon not being able to find any network, will attempt to create their own network, with the same name as the last one they connected to. (Why that made sense to someone, I have no idea.) Which means that, at any time, there'd be a lot of zombie WiFi networks floating around, hosted on Windows XP laptops and named after whatever they connected to last; in other words, a broad sample of network names, which don't do anything, other than inviting passersby to connect to them, like a giant petri dish to test wireless network name attractiveness.
Of course, when someone connects to one of these networks, they don't actually get an internet connection (or anything else, for that matter). If, however, they're running an older version of Windows XP, their machine is now "it", and will next create its own network with the same name as the last network it attempted to connect to. And so, the most attractive names spread like a mostly benign contagion though the wireless spectrum, with the most attractive name being, it seems, "Free Public WiFi". (One might argue that "Free Beer" or something similar would be even more enticing, but for the plausibility gap.) Other common zombie network names you may have seen around are the default names of hardware devices' networks, such as "hpsetup" and "linksys".
Bruce Schneier has a writeup of the facts we know about the Stuxnet worm, the sophisticated and unusual-looking Windows worm that has been speculated to have been designed by the intelligence agencies of the USA/Israel/Germany (delete as appropriate) to attack Iran's nuclear facilities. Or possibly not:
Stuxnet doesn't act like a criminal worm. It doesn't spread indiscriminately. It doesn't steal credit card information or account login credentials. It doesn't herd infected computers into a botnet. It uses multiple zero-day vulnerabilities. A criminal group would be smarter to create different worm variants and use one in each. Stuxnet performs sabotage. It doesn't threaten sabotage, like a criminal organization intent on extortion might.
Stuxnet was expensive to create. Estimates are that it took 8 to 10 people six months to write. There's also the lab setup--surely any organization that goes to all this trouble would test the thing before releasing it--and the intelligence gathering to know exactly how to target it. Additionally, zero-day exploits are valuable. They're hard to find, and they can only be used once. Whoever wrote Stuxnet was willing to spend a lot of money to ensure that whatever job it was intended to do would be done.
None of this points to the Bushehr nuclear power plant in Iran, though. Best I can tell, this rumor was started by Ralph Lagner, a security researcher from Germany. He labeled his theory "highly speculative," and based it primarily on the facts that Iran had an usually high number of infections (the rumor that it had the most infections of any country seems not to be true), that the Bushehr nuclear plant is a juicy target, and that some of the other countries with high infection rates--India, Indonesia, and Pakistan--are countries where the same Russian contractor involved in Bushehr is also involved. This rumor moved into the computer press and then into the mainstream press, where it became the accepted story, without any of the original caveats.Schneier also looks at strings found in the Stuxnet worm's code, some of which suggest, somewhat tenuously, either that it's of Israeli origin or that the authors wish to give the impression that it is.
Basically, all that's definitely known is that Stuxnet was elaborately expensive to create (containing not only zero-day vulnerabilities but stolen driver certificates) and was designed to attack Siemens plant control computers. It also has been around for a while, possibly having gone undetected for a year, and has updated itself remotely during that time.
Two years ago, a Spanish airliner crashed shortly after takeoff from Madrid, killing 154 passengers. Now, a Spanish news article (machine-translated here) claims that the crash may have been due to an aircraft maintenance computer having been infected with malware and failing to flag two faults which, had they been noticed, would have resulted in the plane having been taken out of service. If this is true, would it be the highest body count of any computer virus so far?
Accordion Guy on how operating system fanboys see operating systems.
The New South Wales Police's Computer Crime Investigation Unit has some advice for people who do their banking online: don't use Windows.
The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows.
"If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. Puppylinux is a nice small distribution that boots up fairly quickly.
"It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing internet banking," van der Graaf said.Meanwhile, one of the people chosen to have a Windows 7 launch party, is putting the party kit Microsoft sent him on eBay. He's keeping the copy of Windows 7, but in its place, adding a list of the excuses that all the people whom he invited gave for not being able to show up:
Chris: Found out Windows 7 not available on 5.25" floppy.
Kevin: I'll be over as soon as I shut down my laptop. XP still has 72 updates to go.
Mike: I was going to come to your launch party but then a girl called.
Ira: Sorry, my guild has a raid.
Let it not be said that Microsoft and Windows don't have sincere supporters: Charlie Brooker is one, albeit in a backhanded sort of way:
I know Windows is awful. Everyone knows Windows is awful. Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it. OK, OK: I know other operating systems are available. But their advocates seem even creepier, snootier and more insistent than Mac owners. The harder they try to convince me, the more I'm repelled. To them, I'm a sheep. And they're right. I'm a helpless, stupid, lazy sheep. I'm also a masochist. And that's why I continue to use Windows – horrible Windows – even though I hate every second of it. It's grim, it's slow, everything's badly designed and nothing really works properly: using Windows is like living in a communist bloc nation circa 1981. And I wouldn't change it for the world, because I'm an abject bloody idiot and I hate myself, and this is what I deserve: to be sentenced to Windows for life.
That's why Windows works for me. But I'd never recommend it to anybody else, ever. This puts me in line with roughly everybody else in the world. No one has ever earnestly turned to a fellow human being and said, "Hey, have you considered Windows?" Not in the real world at any rate.Of course, the reason he prefers Windows is because it doesn't have evangelists.
An interesting interview with a former Windows adware author, by all accounts a very smart guy (albeit of, shall we say, above-average ethical flexibility), exposing both the security exploits used by Windows malware, the arms races in the malware underground and the dodgy business models of the industry:
The good distributors would say, ‘This is ad-supported software.” Not-so-good distributors actually did distribute through Windows exploits. Also, some adware distributors would sell access. In their licensing terms, the EULA people agree to, they would say “in addition, we get to install any other software we feel like putting on.” Of course, nobody reads EULAs, so a lot of people agreed to that. If they had, say, 4 million machines, which was a pretty good sized adware network, they would just go up to every other adware distributor and say “Hey! I’ve got 4 million machines. Do you want to pay 20 cents a machine? I’ll put you on all of them.” At the time there was basically no law around this. EULAs were recognized as contracts and all, so that’s pretty much how distribution happened.
So we’ve progressed now from having just a Registry key entry, to having an executable, to having a randomly-named executable, to having an executable which is shuffled around a little bit on each machine, to one that’s encrypted– really more just obfuscated– to an executable that doesn’t even run as an executable. It runs merely as a series of threads. Now, those threads can communicate with one another, they would check to make sure that the BHO was there and up, and that the whatever other software we had was also up.
There was one further step that we were going to take but didn’t end up doing, and that is we were going to get rid of threads entirely, and just use interrupt handlers. It turns out that in Windows, you can get access to the interrupt handler pretty easily. In fact, you can register with the OS a chunk of code to handle a given interrupt. Then all you have to do is arrange for an interrupt to happen, and every time that interrupt happens, you wake up, do your stuff and go away. We never got to actually do that, but it was something we were thinking we’d do.He also talks about making his registry entries unremovable by using obscure Unicode APIs to add them and putting in characters illegal to the ASCII-based APIs most of Windows uses (oops!), writing device drivers to further pwn the hapless users' machines, and also deploying more Scheme runtime than probably anyone else:
There was also of course Scheme. Eventually, we got sick of writing a new C program every time we wanted to go kick somebody off of a machine. Everybody said, “What we need is something configurable.” I said, “Let’s install a Turing-complete language,” and for that I used tinyScheme, which is a BSD licensed, very small, very fast implementation of Scheme that can be compiled down into about a 20K executable if you know what you’re doing.
Eventually, instead of writing individual executables every time a worm came out, I would just write some Scheme code, put that up on the server, and then immediately all sorts of things would go dark. It amounted to a distributed code war on a 4-10 million-node network.So not only is a botnet of pwned Windows PCs likely to be the world's most powerful supercomputer (in purely numerical terms, at least), but a network of dodgy adware could well have been the peak of Scheme's deployment in the real world.
The author's advice to anyone wanting to avoid adware is "um, run UNIX".
Holy shit, Microsoft have made an offer to buy Yahoo, for a generous US$44.6bn. I hope that this doesn't happen; given how Microsoft are fond of leveraging their power to lock people into using their products, a Microsoft-owned Yahoo would be bad news. We could probably expect things like YUI going the way of the Dimension X Java VRML libraries (remember those?) and Flickr being rewritten as a Silverlight application and/or requiring Windows Vista/7 to upload photos.
The Guardian reports that users of Windows Vista are experiencing severe audio performance problems, with choppy, glitchy audio from applications, which is annoying home users and driving professional musicians to old copies of XP or else the Apple store. The Graun article gives the reasons a cursory examination, essentially writing them off as growing pains of a shift to a new, improved driver model, though somehow managing to miss the elephant in the room, i.e., that at any time when there is the possibility that a Windows Vista machine might come into contact with copyrighted audio or video content, a draconian DRM regime kicks in, diverting a large proportion of the machine's resources into ensuring that you, the user, cannot do anything with the content that you're not explicitly permitted to.
Security expert Peter Gutmann claims that a botnet run by organised criminals is now the most powerful supercomputer in the world. The Storm botnet is estimated to have between 1 and 10 million computers, all Windows machines infected by trojans, viruses or worms, and (assuming a typical machine to have a 2.3 - 3.3 GHz CPU and 1Gb of RAM), it easily outclasses machines such as BlueGene/L.
As Alec Muffett points out, Microsoft could now claim that the world's most powerful supercomputer is built on their technology.
Computer criminals have found a new way of distributing bank-account-stealing trojans: by scattering USB flash drives in car parks. Some percentage of the population (perhaps the same that opens email attachments) would pick up these shiny flash disks, take them home and insert them into their Windows PCs, not having disabled autorunning beforehand.
Sooner or later, the default Windows configuration will refuse to autorun content on a strange flash drive, and this won't work. Unless, of course, the criminals have special USB units manufactured containing an active processor which uses DMA to probe and interfere with the host PC's memory. They could possibly use the same facilities they use to make fake ATM front panels to manufacture them. The units could even contain an empty, perfectly innocent flash drive to deflect suspicion; after all, there's no limit to how many devices something on the end of a USB connector can appear to be.
When Windows Vista comes out, it won't just have a Mac-killingly cool user interface; it will also include the most total intellectual-property protection regime ever developed, designed to keep your thieving fingers off Hollywood's precious content. Peter Gutmann has an analysis of the costs of this regime, and it's alarming: it looks like we're all going to be footing the bill (in terms of increased costs, decreased performance, and reduced reliability and interoperability) of Hollywood and the RIAA's demands (and Microsoft's ambitions for control of the content-delivery system).
Beyond the obvious playback-quality implications of deliberately degraded output, this measure can have serious repercussions in applications where high-quality reproduction of content is vital. For example the field of medical imaging either bans outright or strongly frowns on any form of lossy compression because artifacts introduced by the compression process can cause mis-diagnoses and in extreme cases even become life-threatening. Consider a medical IT worker who's using a medical imaging PC while listening to audio/video played back by the computer (the CDROM drives installed in workplace PCs inevitably spend most of their working lives playing music or MP3 CDs to drown out workplace noise). If there's any premium content present in there, the image will be subtly altered by Vista's content protection, potentially creating exactly the life-threatening situation that the medical industry has worked so hard to avoid. The scary thing is that there's no easy way around this - Vista will silently modify displayed content under certain (almost impossible-to-predict in advance) situations discernable only to Vista's built-in content-protection subsystem [Note E].
Once a weakness is found in a particular driver or device, that driver will have its signature revoked by Microsoft, which means that it will cease to function (details on this are a bit vague here, presumably some minimum functionality like generic 640x480 VGA support will still be available in order for the system to boot). This means that a report of a compromise of a particular driver or device will cause all support for that device worldwide to be turned off until a fix can be found. Again, details are sketchy, but if it's a device problem then presumably the device turns into a paperweight once it's revoked. If it's an older device for which the vendor isn't interested in rewriting their drivers (and in the fast-moving hardware market most devices enter "legacy" status within a year of two of their replacement models becoming available), all devices of that type worldwide become permanently unusable.
Vista's content protection requires that devices (hardware and software drivers) set so-called "tilt bits" if they detect anything unusual. For example if there are unusual voltage fluctuations, maybe some jitter on bus signals, a slightly funny return code from a function call, a device register that doesn't contain quite the value that was expected, or anything similar, a tilt bit gets set. Such occurrences aren't too uncommon in a typical computer (for example starting up or plugging in a bus-powered device may cause a small glitch in power supply voltages, or drivers may not quite manage device state as precisely as they think). Previously this was no problem - the system was designed with a bit of resilience, and things will function as normal... With the introduction of tilt bits, all of this designed-in resilience is gone. Every little (normally unnoticeable) glitch is suddenly surfaced because it could be a sign of a hack attack. The effect that this will have on system reliability should require no further explanation.
In order to prevent active attacks, device drivers are required to poll the underlying hardware every 30ms to ensure that everything appears kosher. This means that even with nothing else happening in the system, a mass of assorted drivers has to wake up thirty times a second just to ensure that... nothing continues to happen. In addition to this polling, further device-specific polling is also done, for example Vista polls video devices on each video frame displayed in order to check that all of the grenade pins (tilt bits) are still as they should be [Note H].
As part of the bus-protection scheme, devices are required to implement AES-128 encryption in order to receive content from Vista. This has to be done via a hardware decryption engine on the graphics chip, which would typically be implemented by throwing away a rendering pipeline or two to make room for the AES engine.
I see some impressive class-action suits to follow if this revocation mechanism is ever applied. Perhaps Microsoft or the content providers will buy everyone who owns a device that inadvertently leaks content and is then disabled by the revocation process replacement hardware for their system. Some contributors have commented that they can't see the revocation system ever being used because the consumer backlash would be too enormous, but then the legal backlash from not going ahead could be equally extreme. For anyone who's read "Guns of August", the situation seems a bit like pre-WWI Europe with people sitting on step 1 of enormously complex battle plans that can't be backed out of once triggered, no matter how obvious it is that going ahead with them is a bad idea. Driver revocation is a lose/lose situation for Microsoft, they're in for some serious pain whether they do or they don't. Their lawyers must have been asleep when they let themselves get painted into this particular corner - the first time a revocation takes out a hospital, foreign government department, air traffic control system, or whatever, they've guaranteed themselves first-person involvement in court proceedings for the rest of their natural lives.
It looks like the next version of Microsoft's Windows OS will require all device drivers and kernel-level code to be digitally signed. This is ostensibly to prevent kernel-level rootkits from installing themselves, though has the bonus feature of adding a ring of steel to the black iron prison the RIAA/MPAA want to build around everything handling their precious intellectual property. Oh, and it will also restrict device-driver development on Windows to those with the resources to pony up for the Verizon digital signature.
(via bOING bOING)
Screenshots of the latest Windows Longhorn beta. It looks like Microsoft have one interesting eye-candy feature that Apple currently don't: the ability to do translucent elements, i.e., ones in which the pixel value can be a function of not only the background pixel but its neighbours (which allows Gaussian blurring and such). I wonder how computationally expensive this is compared to Apple's straightforward transparency; it certainly looks pretty, though.
The latest malware won't merely spew ads at you or use your Windows PC as a zombie to send spam: it will encrypt your files and demand a ransom for the key:
Stewart managed to unlock the infected computer files without paying the extortion, but he worries that improved versions might be more difficult to overcome. Internet attacks commonly become more effective as they evolve over time as hackers learn to avoid the mistakes of earlier infections.
"The problem is getting away with it -- you've got to send the money somewhere," Stewart said. "If it involves some sort of monetary transaction, it's far easier to trace than an e-mail account."Perhaps future versions will demand that the users donate CPU cycles/network bandwidth instead of money? Then again, those are easy enough to steal without extortion.
Music Thing has a feature on how various tiny, ubiquitous sounds and pieces of music were created. The Mac startup sound, for example, was a C Major chord played on a Korg Wavestation, whereas Brian Eno created the Microsoft sound during a creative dry spell.
Thanks to the technological miracle of Microsoft DRM, Windows Media files can contain adware, viruses and spyware, and it appears that an anti-P2P company named Overpeer have been launching such trojan WMAs into the KaZaA network. More details here:
But since the license dialog box acts just like an Internet Explorer window, it can display whatever is on the page it points to--whether a legitimate call for license information or a series of pop-up ads.
Not only did we get bombarded with unwanted ads, but one of the ad windows in a video file tried to install adware onto our test PC surreptitiously, while another added items to our browser's Favorites list and attempted to change our home page. And a window from the original music file asked to download a file called lyrics.zip, which contained the installer for 180search Assistant, commonly categorized as an adware program.
And if the asphead agencies can do it, so can the Bulgarian Mafia and their ilk. Expect to see spam-zombie-trojan-infected WMAs appearing on a file-sharing network near you. The moral of this story, kids, is
use MP3 don't pirate music.
(via bOING bOING)
Mac lust knows no bounds. Now those who can't afford actual Macs can do their Windows XP PCs to look like Macs, with a set of 10 cosmetic programs, from a menu bar for the top of the screen (I wonder whether it strips the menu bars off application windows, or whether it just takes up extra space) and a dock to Aqua-style window frames and icons, giving you something that looks just like a Mac, only with the usual Windows viruses, worms and spyware. Or perhaps that looks just Maclike enough to remind you of what you're missing out on. (via bOING bOING)
From a Slashdot interview with Jeremy White of the WINE Windows API emulator project and/or Crossover:
We also go to all kinds of interesting lengths to avoid problems with viruses and worms. For example, we have a hack in our flavor of Wine, in the CreateProcess call (the code to start an executable) that basically checks to see if the parent process is outlook.exe, and if it is, we crash and burn, preventing many of the worms and such from running.
Meanwhile, someone's porting WINE to MacOS X. It doesn't actually emulate an Intel CPU, so it won't run your Windows binaries, but you can recompile Windows programs from source code and get them to run, and look authentically Windowslike, on your Mac. Though you'll need to use X11 as well, as it doesn't speak directly to Quartz/Cocoa/Carbon (and there don't appear to be any plans to make it do so).
Another reason to avoid Microsoft operating systems: if your Windows PC gets infected with malware and you're unlucky, you may lose your job, your relationships, or even be convicted as a paedophile, on the strength of pornographic images downloaded into your cache, as happened to one man in the US (or so he claims).
Fact 1: If you write a CD-RW in packet mode (i.e., if you set it up so that you can write files to it one at a time, rather than burn disc images to it), it is formatted as one long track, and data is somehow written into the middle of this track. Which means that if you put it into a CD player or other device, it sees a disc with one data track of 74 or so minutes' length.
Fact 2: computer-based CD playing/ripping software recognises track titles by matching a profile of track lengths against a large database of titles, artists and track listings. This occasionally comes up with collisions, especially for singles or 1-track CDs. Which can be briefly amusing when it mistakes your favourite band's latest single for a European boy band or a rap-metal action-movie tie-in from 5 years ago or something odd like that.
Conclusion: When it looks at FreeDB, Grip recognises a formatted Verbatim CDRW as "Mi maletn", by the well-known artist "Windows XP".
Oddly enough, one can imagine that in a decade or two's time, there may well be a European retro-pop band named Windows XP. Whether their albums clock in at one 74-minute track is another question altogether.
I just found the following in my mailbox:
Subject: Email account utilization warning.
Dear user of Null.org,
Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service.
For more information see the attached file.
Have a good day,
The Null.org team http://www.null.org
Given that I own null.org (and that no address such as "firstname.lastname@example.org" actually exists), I must say I was a touch suspicious. And then I looked at the attachment portion of the email:
Content-Type: application/octet-stream; name="Information.pif" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Information.pif"
Which looks to be a Windows executable of some sort. That's undoubtedly the "free auto-forwarding service" they mentioned. I'm sure it would have done exactly as that, only with the proviso of forwarding penis-pill spam to millions of mailboxes worldwide through my machine.
That is, if I (a) used a Windows machine, and (b) was sufficiently clueless to open an attachment from somebody claiming to be in charge of the "main mailing server" on my domain.
The rather eye-opening dissection of an online greeting-card spam; an email telling the user to go to a web site to see an electronic greeting card, and the website in question, which uses Internet Explorer security holes to overwrite your Windows Media Player and install a keylogger apparently programmed to look for online banking sites (and undetectable by current spyware detectors). Nasty; and another reason to not use IE (or, preferably, Windows). (via Slashdot)
Kuro5hin finds the stolen Windows 2000 source code, greps it for obscenities and other things. Assuming that this is authentic, the Windows code is not as shoddy as some would think, save for it being riddled with layers of kludges and bugs kept for backward compatibility, and there's no obvious evidence of them stealing code from open-source projects either. At least, not as of 25 July, 2000.
The PCs at a certain hostel in Byron Bay appear to be fuzzy with adware; every few minutes, a program named "Save!" throws up a pop-under ad for some product. Not sure whether they installed it themselves or whether it snuck in with a "funny screensaver" or porn downloader or something.
"Save!", which claims to be associated with some outfit named "WhenU", strenuously disclaims acting as spyware, logging websites, passwords or anything like that. Though, of course, any piece of conspicuous spyware would say that as well. Just in case, I've taken to entering passwords by cutting and pasting words from other pages, deleting bits of them and adding the odd keystroke or two. It is probably theoretically possible to write a piece of spyware that keeps track of pastes, cursor positions, &c. into a password entry box, but in practice it may be quite difficult.
I wonder whether the alleged yuppification of Byron Bay has extended to there being wireless internet anywhere.
Windows worm infects teller machines, in the first documented incidence of the sort. The Windows XP-based ATMs were made by Diebold (of dodgy voting-machine fame), connected to standard TCP/IP-based networks, and have been replacing legacy OS/2-based machines on proprietary networks.
Another resourceful criminal use of the countless thousands of virussed Windows machines on the internet: online protection rackets, where the "businessmen" (predominantly from Eastern Europe) target a high-profile website and threaten to knock them offline with a massive DDOS attack unless they pay up. Online casinos (which make a lot of money and are in poorly-policed areas) are a popular target.
Most of the computers used are broadband-connected home Windows PCs owned by clueless people, of whom there is, sadly, no shortage; and it doesn't look like the problem is going to go away, at least not until a totalitarian "trusted computing" regime is imposed on the internet at the IP level, or something equally drastic happens. Which makes me wonder whether or not Microsoft are deliberately allowing viruses to flourish on their OS as to drive people into the highly profitable embrace of Big Brother.
Another part of the Windows web browsing experience us Linux users miss out on: Malignant toolbar installs itself into Internet Exploiter, redirects home page/web searches to xupiter.com (owned by a shadowy Hungarian company, apparently) or the sites of businesses who paid them for placement (and who are, I would guess, unlikely to be highly ethical), and downloads pop-up gambling games behind your back. The toolbar resists attempts at uninstallation, and the programmers keep changing its code to keep one step ahead of anti-spyware tools.
Healan said some installations probably occurred when people clicked "OK" in a pop-up box without really knowing what they had agreed to, or when they meant to close the pop-up window.
First there was spyware, and now there's diversionware; hidden add-ons to free Windows utilities/toys, which intercept the user's web requests to shopping web sites and substitute in the software maker's affiliate ID, even if someone else's ID was used. And this is completely legal, because users agree to it in the click-through licence agreements.
I suppose that's a key cultural distinction between UNIX and Windows. In the UNIX world, "free software" implies Richard Stallman's ideology. In the Windows world, "free software" implies layers of parasitic spyware and diversionware working behind the user's back. (via Techdirt)
Research reveals that the MS Windows API is intrinsically insecure; any application can spoof window messages to any other application, regardless of permissions, bypass the feeble "security" present and pull off all sorts of exploits. In other words, typical Microsoft security. And furthermore, the flaw is fundamental to the API and is irreparable, short of changing the fundamental design of the Windows message queue mechanism and breaking every existing Win32 application. (via the Reg)
Somebody has written a plug-in for the Linux xmms media player to allow it to use Winamp visualisation plugins, using the Wine Windows emulation library. Which is fairly nifty. Now if only someone wrote a Linux library for accessing Windows VST audio processing/synthesis plugins, perhaps in the aRts or LADSPA framework...
Extreme marketing in the new millennium: Here come the banner ads which install spyware, disable firewall software; the rogue pop-up ad in question uses a Shockwave applet and an Internet Explorer bug to surreptitiously download and install the software onto the user's PC. Needless to say, it only affects the 99.999% of users who use Windows; Maccies and Penguinheads can look smug.
CodeWeavers, who wrote the CrossOver web browser plug-in for Linux (which allows Windows plug-ins to run under Linux) have now released a system for running MS Office on Linux. Which is technically a fairly impressive feat; equally impressively, all the code has been contributed back to WINE, the LGPLed Windows emulation system for Linux; which means that, after all these years, WINE may be becoming more than a technical curiosity. (It's certainly better than things like Lindows, as (a) it isn't based on a customised, dumbed-down Linux distribution, and (b) the code is going back to the community.) (via Slashdot)
The Beast of Redmond: Microsoft buys SGI's graphics patents; penguinheads concerned they may be used to crush OpenGL, or cripple 3D graphics capabilities on non-Windows platforms. Meanwhile, if you use Windows Media Player to download content from sites, the sites can keep track of you, using a convenient global ID number. Apparently this is not a bug but a feature. (via Slashdot)
And while I'm stealing links from Slashdot, the CrossOver plug-in for Linux is out now. This is a plug-in allowing you to use Windows web browser plug-ins (QuickTime, Shockwave, &c) in Linux browsers (i.e., Mozilla, Konqueror and so on). There's a downloadable demo version too. (Currently, if I need to look at Shockwave content, I use IE under Win98 under VMWare, though this looks interesting.)
Rabid Penguinheads post a Windows email virus which prints a pro-Linux message. Or is it an anti-Linux black-op by Darth Bill's forces? (via Slashdot, of course)
Good news on the emulation front; Plex86, which aims to become a free VMWare-like virtual-PC program for Linux, now boots Linux normally. Granted, Linux on Linux is not particularly impressive from a practical point of view, but it's a step to running Windows on Linux, not sacrificing having a real OS on the machine. Meanwhile, Windows emulator WINE allegedly runs Word/Excel 2000 on Linux. No Internet Exploiter though.
Some enthusiastic teenagers have decided to create an open-source Windows-compatible OS from the ground up. So far they have a web page and a request for startup/shutdown graphics. No word on actual code yet, but this looks set to follow kick-ass vaporware Freedows into the realm of penguinhead legend.
Viral marketing: Windows email worm links to porn sites, sends itself to victim's contacts. (CNN)