Monday, November 29, 2021
  • Home

Windows Live OneCare – desktop application, web safety and web scanner

October 9th, 2006 by Zack Whittaker

Here I am trying to explain what “OneCare” actually is. Google doesn’t have a definition for it, so I’m going to define it right here.

 OneCare™ – noun [whon-khare]: The service name for providing security and protection  facilities to Microsoft® Windows® operating systems.

The thing is, at the moment there are three different products under the “OneCare” title. These do different things and run in different ways and hopefully this quick guide will actually explain what each product does and you’ll realise that they’re all rather marvelous in each individual way.

Currently the 1.5 client version is in beta, but don’t let this fool you! Windows Live OneCare is a desktop application product of which provides you with real-time anti-virus protection, anti-spyware protection (with help from Windows Defender) as well as an advanced firewall to protect your incoming and outgoing Internet traffic. It also provides you with useful facilities such as in-built operating system protection (such as in Windows Vista, it’ll help implement and manage the advanced security features of the new platform), and tune-up services which allow you with one click to clean up unnecessary files, defrag the hard disk and scans for viruses as well.

Windows Live OneCare runs as a series of background system services, and stays in the bottom right of your screen in the notification area near your clock; it’ll either be shown as green for “good”, amber for “there’s something not quite right” and red for “oh my God something bad has happened”.

Download Windows Live OneCare (free trial, paid annual subscription)


Windows Live OneCare Family Safety Settings (the longest Windows Live service name, but sometimes just called “Family Safety”) is a web controlled, web controlling and system application. Confused? Don’t be! The parents can set up Windows Live ID’s to login with, and then their children can be added using their credentials, and then after that – the children’s Internet usage and the pages they visit can be customised by the parent in many different ways to stop them seeing what they shouldn’t see.

You can block out whole categories of websites ranging from bomb-making to pornography, to chat rooms and even web-based email services. You can block specific websites and all the subdirectories and pages from that domain – and although it’s mainly web based, only a small “client” application needs to be installed onto each computer you want your family to use. This enables you to easily turn off Family Safety for a set period of time or for good until you turn it back on using a parents password; you can also allow websites using a parents password. However the great thing about this – is that each time a child logs in then it picks up their settings and applies them immediately.

If the child doesn’t log in, they can’t use the Internet and they’ll just get an error page asking them to log in. So it’s either log in and use a limited and protected version of the Internet or don’t use it at all.

Signup for Windows Live OneCare Family Safety (beta)

The Safety Center (previously known as “Safety Scanner” has just come out of beta, and it’s a scaled down version of the Windows Live OneCare application to download, except this is free and very easy to use. Available from the website, it uses ActiveX controls to gain secure access to certain parts of your computer so that it can clean up unnecessary and temporary files, a virus scan of your selected drives, a defragment of your selected drives as well as a port scanner to ensure that your firewall is secure.

There is no strings attached – the only one is, is that once you download and install the ActiveX control which attaches itself to Internet Explorer, it means you don’t have to download and install on that computer again, enabling you to run the OneCare Safety Center immediately from the main page button.

Use the Windows Live OneCare Safety Center for free

Do hope that clears things up a little bit – if anyone wants to leave questions in form of a comment, I’d be happy to reply

Posted in Online Safety, Security, Windows Live | 5 Comments »

Web-View Folder Vulnerability

October 3rd, 2006 by Patrick S

Windows allows you to view folders in a “web view”, complete with thumbnails of files etc. Turns out this functionality has a vulnerability. This vulnerability can be exploited remotely via an ActiveX component in Internet Explorer. And now there’s public exploit code available for this vulnerability. Over the last day or so, several malicious websites have inserted such code via IFRAMEs on their site.

You can’t patch your systems, as no official patch is available. Microsoft has an advisory out, explaining how you can disable the vulnerable ActiveX component via a registry change.
They are typically hidden with Javascript obfuscators, which we detect as “Trojan-Downloader.JS.Agent.ab” or similar. In the end, most of the exploits end up downloading binaries with names like “loaderadv499_3.exe”

Microsoft has issued a statement claiming that there will be a fix on October the 10th (Patch Thursday 🙂 )

That update again? Located here
Credits to F-secure for source

Posted in Security, Windows XP | Comments Off on Web-View Folder Vulnerability

Vulnerability in Windows Shell Could Allow Remote Code Execution

September 29th, 2006 by Kristan M. Kenney

Microsoft is investigating new public reports of a vulnerability in supported versions of Microsoft Windows. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. We are also aware of proof of concept code published publicly. We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. We will continue to investigate these public reports.

The ActiveX control called out in the public reports and in the Proof of Concept code is the Microsoft WebViewFolderIcon ActiveX control (Web View). The vulnerability exists in Windows Shell and is exposed by Web View.

Microsoft is working on a security update currently scheduled for an October 10 release.

Customers are encouraged to keep their anti-virus software up to date.

Affected Software:

  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 x64 Edition

To work around this issue:

Temporarily prevent the Microsoft WebViewFolderIcon ActiveX control from running in Internet Explorer

You can disable attempts to instantiate this ActiveX control in Internet Explorer by setting the kill bit for the control in the registry.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

For detailed steps that you can use to prevent a control from running in Internet Explorer, see Microsoft Knowledge Base Article 240797. Follow these steps in this article to create a Compatibility Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.

To set the kill bit for a CLSID with a value of {e5df9d10-3b52-11d1-83e8-00a0c90dc849}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{e5df9d10-3b52-11d1-83e8-00a0c90dc849}]
“Compatibility Flags”=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{844F4806-E8A8-11d2-9652-00C04FC30871}]
“Compatibility Flags”=dword:00000400

Impact of Workaround: Web sites that use the WebViewFolderIcon ActiveX Control may no longer display or function correctly.

Source: Microsoft TechNet Security Advisory

Posted in Security | Comments Off on Vulnerability in Windows Shell Could Allow Remote Code Execution

The REAL VML patch is out

September 26th, 2006 by Patrick S

Microsoft has released a patch against the VML vulnerability outside of their normal update cycle.
Which is great-they obviously though that this was a VERY serious issue

The patch is available right now via

Go get it NOW if you run Windows IE 6.x

Now with Ajax

Posted in Internet Explorer, Security | 1 Comment »

IE VML Exploit

September 23rd, 2006 by Patrick S

Once again there is a browser vulnerability that allows for the remote execution of code. And the only action necessary to become infected is to view a malicious webpage using Internet Explorer or an HTML formatted e-mail.

It was discovered in the wild by Sunbelt. Microsoft published Microsoft Security Advisory (925568) yesterday regarding the issue. The update is currently scheduled for October 10th – the next regular patch Tuesday.

Like the WMF exploit it is advised to unregister the susceptible dll from the system as a workaround for the vulnerability.

To unregister the dll you should execute from Start, Run:
regsvr32 /u “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”

This differs slightly from Microsoft’s recommendation – so as to include localized versions of Windows.

The vgx.dll component solely handles Vector Markup Language (VML). VML is a description format for browsers to draw vector graphics. Not too many websites use this format today – but rather display plain images. Also – it’s only supported by Internet Explorer. Opera and Firefox implement Scalable Vector Graphics (SVG).

Use this link with IE to see an example of VML. If you have the dll registered, you’ll see a clock. Once unregistered, you shouldn’t see anything.

Microsoft’s Outlook e-mail client is also potentially vulnerable for this exploit. But fortunately e-mail is treated as if from Restricted Sites by default, where Binary and Scripting Behaviors is disabled. By using a web-mail client and Internet Explorer you might still be vulnerable.

There’s an unsupported third party patch for the VML vulnerability available at ZERT. (untested)

But it’s good to know something is available if this VML thingy really gets out of hand (which it hasn’t yet).

Updated to add: Your mileage may vary – this patch might not work with everyone. See discussion at PC Doctor Guides.

Update 2: Seems that this exploit does not apply to IE 7 🙂

Source: Fsecure

Posted in Internet Explorer, MS News, Security | 5 Comments »

Cisco/Microsoft Interoperability Beta This Year

September 7th, 2006 by Joseph Bittman MCSD .Net

Microsoft and Cisco have announced a joint architecture for Vista & Longhorn and Cisco networking. There will be a limited beta later this year for beta testers to try it out & give feedback!

The new architecture will better combine the new security aspects & improvements in Longhorn and Vista with Cisco’s well-known security standards.

Consumers will be able to deploy the new NAP-NAC architecture after Longhorn releases in 2007.

Microsoft Presspass:

Posted in Computing, Corporation, MS News, Security | 1 Comment »

Metasploit MS06-040 Demo

September 4th, 2006 by Patrick S

Recently the exploit of a Vulnerability (MS06-040) in Windows’s Server Service Could Allow a hacker to run malicious code on a remote system.
Well Its all well and good that Microsoft have identified this as a “possible” security threat and have made an update but what does it look like in action?
Didier Stevens has made a video clip showing the exploit in action (using Metasploit) on a Windows 2000 SP4 server to “convince someone that using windows update was necessary.” (I would have to agree with him there after seeing this in action)

He creates a remote shell on the attacked server, connects to it and change the administrators password to Hacked.

Posted in Security | 1 Comment »

Windows Live Messenger to help protect kiddly-winks

August 23rd, 2006 by Zack Whittaker

Sorry for the big image – I would have thumbnailed it but I think this is big news.

Basically, the Virtual Global Taskforce with help from SOCA (Serious and Organised Crime Agency in the UK, a bit like the FBI but not as crap) and Microsoft are coming together in harmony to create functionality to report abuse on Windows Live Messenger. This means that those cute little kiddlywinks out there who want to talk to their friends online, then a weirdo 50 year old bloke adds that kiddlywink and pretends to be a 12 year old girl, and the first kiddlywink gets a bit suspicious and feels a bit scared, they hit the button and report it.

However to be fair, the VGT (Virtual Global Taskforce) which has a website (here) has a Report Abuse tool which must be reitterated, is very similar as if you were calling 999, the Emergency Services. You can get into a whole load of trouble if you misuse the tool, because the reporting tool goes straight to the nearest policing authority. So use it if you need to, and don’t “prank call” them!

This will be rolled out into Windows Live Messenger at a later date, above as you can see is a concept design.

Edit: The BBC has nowreported on this subject – here’s the link if anyone wants to see it –

Posted in Daily Life, Security, Windows Live Messenger | 2 Comments »

TechNet Virtual Lab: Windows Vista

August 16th, 2006 by kenlin@HK [MVP]


The soon-to-be-released desktop OS, Windows Vista, has been developed from the ground up and includes advancements in security and reliability, along with increased cost and operational efficiencies. For the IT professional, Windows Vista is easier to deploy, and less expensive to maintain, than any earlier version of Windows. And for your end users, Windows Vista’s improved performance and reliability add value by allowing people to be more effective while performing their jobs. Get an early peek at improved security, management and productivity by experiencing Windows Vista Beta 2 virtual labs.

• Configuring Windows Firewall with Advanced Security
• Exploring New Group Policy Settings in Windows Vista
• Exploring User Account Control in Windows Vista
• Migrating User State from Windows XP to Windows Vista


Posted in Learning, MS News, Security, Windows Vista | 1 Comment »

Massive urge to install critical Windows patches

August 12th, 2006 by Zack Whittaker

 For those who haven’t seen Kristan’s previous entry, this is just to reitterate what he said, and another major urge for all Windows users to update their systems.

Microsoft released this statement and article (Microsoft Security Bulletin MS06-040) on the 8th August, urging all users of Microsoft Windows 2000 Professional, all versions of Windows XP (SP1 and SP2) and all versions of Windows Server 2003 (including SP1).

Very special attention however, those in the beta program of Windows Server 2003 Service Pack 2, you must go to the Connect pages, go to the Download sections and install all the updates given there.

The US Department of Homeland Security issued a statement as well which is unusual for them, because they saw this is as such a huge issue. The NISCC (National Infrastructure Security Coordination Center, which is the computing section of MI5, the British Security Service) also issued a statement saying how important these are.

It’s very rare for national security bodies to react to such things, but this is a critical update and must be patched. Microsoft have opened the downloads to all users, regardless of whether you’re running a genuine version or not, because it can spread and infect any Windows computer running Windows 2000 Professional and above.

 Download these updates now

Posted in Security, Windows XP | 1 Comment »

Homeland Security: Fix your Windows

August 10th, 2006 by Kristan M. Kenney

In a rare alert, the U.S. Department of Homeland Security has urged Windows users to plug a potential worm hole in the Microsoft operating system.

The agency, which also runs the United States Computer Emergency Readiness Team (US-CERT), sent out a news release on Wednesday recommending that people apply Microsoft’s MS06-040 patch as quickly as possible. The software maker released the “critical” fix Tuesday as part of its monthly patch cycle.

“Users are encouraged to avoid delay in applying this security patch,” the Department of Homeland Security said in the statement. The patch fixes a serious flaw that, if exploited, could enable an attacker to remotely take complete control of an affected system, the agency said.

Microsoft on Tuesday issued a dozen security bulletins, nine of which were tagged “critical,” the company’s highest severity rating. However, the flaw addressed in MS06-040 is the only one among the updates that could let an anonymous attacker remotely commandeer a Windows PC without any user interaction.

The flaw has some similarities to the Windows bug that enabled the notorious MSBlast worm to spread in 2003. Both security vulnerabilities are related to a Windows component called “remote procedure call,” which provides support for networking features such as file sharing and printer sharing.

View / Download: Microsoft Security Bulletin MS06-040
Source: CNET News

Posted in Security | 1 Comment »

PC-cillin Internet Security 14.55 for Windows Vista Beta

August 2nd, 2006 by Patrick S

Looking for another Beta that’s related to your shiny new Vista Operating System-On top of that an Anti-Virus. Look no further.

PC-Cillin is running a Beta Program Till October 31st, 2006 for their new Internet Security Anti-Virus for Vista. If you want to participate in the beta check it out here

Participants who complete the questionnaire automatically join the pool for a drawing of valuable Amazon Gift Certificates:

  • 1st Prize: USD $500
  • 2nd Prize: USD $300
  • 3rd Prize: USD $200

What have you got to loose…Check it out now
Patrick S

Posted in Beta News, Security, Windows Vista | Comments Off on PC-cillin Internet Security 14.55 for Windows Vista Beta

Don’t fall for a fake virus outbreak warning

August 2nd, 2006 by Patrick S

F-Secure have received several reports of a mass mailing that’s going around. The messages have been spoofed to look like they are from and arrive with title “Warning! New Virus On The Internet! Update Now!”.



The link in the mail goes to and downloads an IRC backdoor. Administrators might want to filter web traffic to this site.

Source F-secure

Posted in MS News, Security | 1 Comment »

Exploit Wednesday

July 18th, 2006 by Patrick S

Another Microsoft Office exploit, Bifrose.UZ, was discovered last week. It drops a backdoor using PowerPoint (PPT) files. The exploit was discovered after a limited number of people received e-mail with the PowerPoint file as an attachment.

So what’s the deal with Microsoft Office and why the exploits? There were Word fixes in June – Several Excel fixes were included in July’s patches – And now there is a PowerPoint exploit that will need to be patched in August. See a pattern?

There’s a growing trend here. F-secure been saying for some time that the lack of large virus outbreaks is evidence that the malware environment could be getting worse, not better. The bad guys want to make money – not make attention. So as a malware author, if you want to target a few prominent companies for the purpose of industrial espionage, you design your exploit to attack them within and then lay low. Spoofed e-mails are sent to company insiders and they, thinking it’s just another document that they need to review, open it up and the backdoor gets installed.

The bad guys are taking advantage of three things:

The first is the patch cycle itself. These new exploits are being released after the second Tuesday of each month to maximize its lifespan.

The second is the common day-to-day routine of receiving Office files. There haven’t been any new macro viruses to speak of for some time and so Office files (doc/xml/ppt) easily pass through corporate firewalls and people don’t think twice about clicking on them. This avenue of attack is currently under the radar and is not perceived as a danger by end users.

And the third advantage is that the companies exploited don’t want to talk about it. They dread the negative publicity as a victim of espionage. That’s why the public doesn’t know the name of last month’s Excel exploit victim. Such hush-hush may be keeping some of these exploits from being reported.

 Source straight from F-secure weblog

Posted in Office 2007, Security | 2 Comments »

Microsoft Private Folder to be AXED

July 15th, 2006 by Patrick S

Last week i posted about the ‘new’ Microsoft Private Folder 1.0. Being the first on the block with this new news we were lucky enough to get a lot of comments from System Admins explaining how this new tool could cause serious nightmares (users hiding & locking admins out of files etc)

This will be a real support problem. Imagine someone maliciously places important files in the folder and deletes the originals. Someone pointed out that this isn\’t a new feature. But this version is poorly thought out since previously if one used EFS it has a key management system so that if someone forgets their password or leaves the company it is possible to retrieve files. Since this one has no documentation it isn\’t possible to determine what to do for such a case. I think smaller businesses have the most jeopardy since typically they aren\’t locked down tightly. And people who are instructed not to install software won\’t think twice \ (Quote from George [MSBLOG comment]) 

Well Microsoft have heard these pleads for help and are to pull this new tool from the Genuine Microsoft Download site. This product was a good tool for home users etc but could possibly become a real problem to unsecured networks…

Whatever the reason Microsoft pulled it our very own Andre N has his own view on the pull of this software…
“The file comes in a .msi file – it has to be installed. Don’t companies forbid people from installing software on their machines? If they don’t, they worry about people creating a password protected folder, when they can go ahead and install any software they want – including software which includes spyware/etc?”

You can still downlaod this application for the meantime…Find it here 🙂

Posted in MS News, Products, Security, Windows XP | 7 Comments »

« Previous Entries Next Entries »