Another Microsoft horror story, the Huntington Indiana public library

I’ve been meaning to mention this for a while but just never did until now.

If you want a prime example of how reliance on Microsoft software damages the community and betrays the public interest, look no further than the Huntington, Indiana public library.

To say nothing about the potentially tens of thousands dollars their reliance on Microsoft software has cost taxpayers in Huntington County directly, their reliance on it also conflicts with the budgeting they’re allocated to the point where they paradoxically  almost never upgrade anything because it will cost money.

Case in point: Their website. If you look at the source, you’ll see meta name=”GENERATOR” content=”Microsoft FrontPage 4.0″.

When was Microsoft Frontpage 4.0 out?

2000. Now I’m no mathematician, but 2009 minus 2000 means that their web page generator is 9 years old and still targeting Microsoft Internet Explorer 4 (which was still in wide use back then).

Why bother having real bona fide web standards if public institutions entrusted with public money squander and abuse their budget?

Now, judging from the image on the top right of the page which is a 1.3 Megabyte JPEG at a resolution of 2204 x 1364 pixels which someone tried laughably to turn into a thumbnail, when any semi-competent Windows user would know that even paint.exe can resize an image, I am kind of left to deduce that some fucking idiot without even the slightest skillset produced these pages.

With their caveman wit, they chose 10 year old standards-violating Microsoft products and couldn’t even figure out how to resize an image with some bundled freeware.

People like this are a disease.

The IT department

Moving on… Someone thought audio books in DRM’d WMA would be a good idea:

This means that if you’re not using Windows XP or Windows Vista, you can’t check out an audio book, so suddenly the library isn’t just abusing your tax money, they’re practically ripping money straight out of your wallet. I’d liken the Huntington Library using DRM’d WMA to a daylight theft by a pick pocket that the police wouldn’t do anything about.

That means that since I have Kubuntu Linux on my main system right now, that I can’t just load the audio file into my media player and hit play because it won’t work. It also won’t play for Mac users.

The library could use Speex, which is a codec in the public domain with no royalties and broad cross platform support, but the Imaginary Property pushers at the book publishing companies wouldn’t go for that. Who made the law that says that knowledge has to be bottled up to protect the profits of a few corporations, at the expense of the entire public?

Federal lawmakers who have been bought by lobbyists and other special interest groups of course. This one isn’t to be squarely blamed on the incompetence of the Huntington Public Library, but also on state and federal lawmakers betraying their duty to the American people.

And lastly, the internet computers at the Huntington Public Library all run Windows XP:

This falls back under the categories of incompetence of staff and the misappropriation of public tax money.

Not only that, but Windows is so susceptible to viruses and worms and spyware that would never affect any operating system where security was one of the design concepts from day one, that the Huntington Public Library has locked all of them down in the mistaken belief that this will protect them.

They’ve locked the systems down so tightly that you can’t even use sites that have been designed with Flash or use thumb drives you brought from home. Whoever did the locking down also missed one giant problem, they all use Internet Explorer 6. The least secure web browser ever.

What is the alternative?

The library in Marion, Indiana, just 15 miles or so south of me, uses Linux. Not only do they use Linux, they use a distribution based on the free Fedora Linux called Userful Discoverstation which uses terminal multiplexing. This allows one tower to power 10 workstations with their own monitors, keyboards, and mice. This is not only much better for the environment than having 10 boxes running their own copy of the OS, it saves on the electric bill, and they don’t have to buy licenses from Microsoft. (You could set up a free Linux distro to get the same effect, Userful just makes it easier).

Userful creates an account that is deleted when the user logs out, and times the session to last however long the library allows. So instead of the librarian having to get up and tell someone who is hogging the computer that their time was up 30 minutes ago and others are waiting, the system gives them a warning 10 minutes before they’re logged out to get their shit together and get lost. (In more diplomatic terms obviously).

The systems are secure with the normal permissions of a Linux user account plus the standard SELinux targeted policy inherited by Fedora which helps keep malicious remote attackers out. Since there are very few security concerns on Linux and because the user is literally incapable of any lasting damage to the system, you can do anything on one of these boxes that you could do as a user on your PC at home. (except for clearly Administrative tasks). Where the Huntington library Windows XP systems are useless, I was using the Linux system at the Marion library to log into Pidgin instant messenger, browse with Firefox, plug in a thumbdrive with documents saved on it from home, and EVERYONE is allowed to do this because the system is in no danger.

So I guess the thing to take from this if you’re the Huntington Library or are in a position of trust to use taxpayer money in a non-frivolous manner and to not discriminate against users with disabilities or with non-Windows systems (or browsers other than IE), is that you should never use Microsoft products in this setting.

They are wholly inappropriate with no merit whatsoever in this use case.

I emailed the Huntington library with my concerns about six months ago and they never bothered to reply.

Mozilla Firefox attacked by a spyware extension

According to Trend Micro, there is now a spyware extension in the wild for Firefox.

We have seen a lot of malware target Internet Explorer in the past. This is probably one of the reasons why a huge number of users are opting to use alternative browsers…Though this used to be considered a safe computing practice before, it seems it no longer is with the proliferation of malware ]targeting] the most popular alternative Internet browser—Firefox.

Infected Firefox users will see this:

Pretty convincing huh? The spyware extension tries to sucker in unsuspecting users by posing as an Adobe Flash update.

I’ve made the case for quite some time that this could happen because there is no real security model for Firefox extensions and that they have the same rights as the logged in user.

This is also a good example of cross platform malicious software. Since Firefox extensions can work on any platform Firefox supports, this spyware also affects Linux, Mac OS X, the BSDs, and every other OS where the user is running Firefox.

Remember, if you use Firefox, that there is only one place to get extensions. https://addons.mozilla.org DO NOT INSTALL EXTENSIONS FROM ANYWHERE ELSE!

Anyhow, this is exploiting the user through a social engineering attempt rather than a browser exploit. Remember when the only warning Internet Explorer 6 gave about an ActiveX control may very well have been “Click here to install ‘install this plugin to watch all the porn on this website!!!’”, Firefox is not even that safe, because the malware vendors had to spend $200 to get Verisign to sign their ActiveX control, it doesn’t cost them anything to make or distribute a Firefox extension. And Internet Explorer now makes you click through the information bar warning, then the installer prompt, THEN it sandboxes the plugin (if you’re on Vista or Windows 7) so that it has no access to anything outside of the browser.

Firefox doesn’t even have this minimal protection from malicious extensions, any extension you install has write access you your User folder (Vista, 7, Linux. OS X, FreeBSD) or your entire system (Windows XP), and possibly your entire system on systems other than XP if it can figure out how to elevate itself.

Weak sudo password that can easily be brute forced, piggybacking onto a Microsoft system component in Windows 7 that’s allowed to silently elevate, relying on user ignorance when clicking on the UAC prompt to “Accept”, etc. I wouldn’t even be surprised if the malicious extension site asked the user to click the UAC Accept button.

So far, even with the myriad of remotely exploitable Firefox vulnerabilities, none have really been a runaway success due to the rapid patch turnaround time of Mozilla and the automatic update function. The problem is that there is no patch for an ignorant/stupid user.

So even though *you* know to look out for malicious Firefox extensions, you might be on a shared computer where your kids will be able to install malware through Firefox, so what do you do?

First, consider switching to a more secure browser:

I can almost hear you sarcastically quip “Now where have I heard THIS before?”, but the truth is that there are browsers that are reasonably safe because the vendor did not foolishly allow extensions running as full programs. Nothing as complex as a web browser will ever be bulletproof, nothing that has to run advanced scripting languages and support file transfer operations that were designed years ago can be. Indeed nothing with hundreds of thousands of lines of source code (or tens of millions in an operating system) can ever be fully debugged. I never say “Program X is fully secure” I can only say, truthfully, that “Program X is probably more secure than Program Y”.

I recommend Opera 10, I wrote about just why yesterday. It will be released tomorrow, September 1st. The RC is still available at www.opera.com/next if you want to install it today and use the built in updater tomorrow. Opera Widgets are limited as to what they can do for exactly this reason. Mozilla has rolled out a red carpet with their extension system and it looks like now that Firefox has users, the spyware writers have decided to come to the party. Firefox extensions are almost exactly like the bad old days where Microsoft just threw ActiveX into Internet Explorer with the stated purpose of extending the browser, without a reasonable security model. Just like these ActiveX plugins in IE 4/5/6, Firefox plugins and extensions are full programs that can do anything they want, not only manipulating the browser, but limited only by what the Firefox process is allowed to do to the system.

Second, consider a disposable user account:

Ubuntu as of 9.04 has a Guest User account, consider making other users of the computer who may install malicious software use this account. All the changes they make to that account, including the Firefox profile, are deleted every time they log out. If this is too frustrating, then give them their own account but do not give them access to sudo. No sudo means that the damage and malicious software in their account cannot affect other users of the computer or any system files.

Windows has various options for accomplishing the same thing, Windows XP and Vista users can use SteadyState, Windows 7 users can set up an account and configure it to use Guest Mode when the desired state is set up. (Not to be confused with a Guest Account) While in SteadyState or Guest Mode, an account cannot harm the system or other user accounts and all files and settings are deleted when the user logs out. An account can be turned back into a normal account by turning SteadyState or Guest Mode off. Again, if this is too much hassle, at least make them an account that is a “User Account” *NOT* “Administrator”, and damage and malicious software in their account shouldn’t affect other users or the system. It also stops them from installing software globally. (That is, they can only install software that resides in their User folder and doesn’t require access to the system.)

Perhaps the troubles with Apple software and “Free Software” are an “inconvenient truth” that some people will stop at nothing to cover up, but this false sense of security that these deniers provide you with is just as dangerous as Apple proclaiming that Macs are immune from viruses while they silently added a malicious software scanner into Snow Leopard.

Perhaps they could call the scanner “SnowJob”, or is that SnowJobs? *smirk*

What is Microsoft talking about when they mention “security”?

In the news today…

One man in Florida was arrested by federal authorities (the other two are presumably in Russia) after exploiting Microsoft Windows vulnerabilities in credit card processing terminals in places including 7/11 gas station/convenience stores. The men got away with stealing over 130 million credit and debit card numbers as well as detailed information of millions of people from their bank records that could be used to commit identity fraud.

If you have lousy credit and a bunch of crap you never authorized ends up on your credit report, you could have a doppelganger running around, using your name, social security number, bank accounts, credit cards, etc.  You may have Microsoft to thank for that.

Sure these three men who used Microsoft vulnerabilities to help commit their crimes will probably be sent to prison (assuming the US has jurisdiction to arrest or try them), 7/11 Corporation or some banks may be sued, but as long as there are no serious ramifications in this for Microsoft, they’ll continue churning out software where “quantity is job #1″.

We’ve all heard the Microsoft marketing department say that every new version of Windows is more secure than the last one, and while this may be technically true, more secure does not mean it *is* secure. If Microsoft Windows were secure or reliable, than Windows XP would not be getting patched 10-20 times a month 8 years later when it already has more than 4,000 patches behind it already. If XP is enough of a mess to still be getting dozens of patches a month after 4,000+ in total, it kind of makes you think of XP RTM back in 2001, before patch #1 even landed, when Microsoft was touting security and reliability even as malware  was pwning Windows users just for browsing a website while using IE 6  (which by the way, is still in use on about 1 in 10 PCs).

You may ask “Why the hell is he talking about XP?”.

I’m talking XP because it’s not only still the most used operating system in the world with 67.1% of personal computers still using it according to most statistics on Wikipedia as of July of 2009, in addition to 4.73% for Mac and 1.15% for Linux. (Windows 2000 is 0.92% and Windows 9x/Me is 0.44%) With ~74.5% of PCs using “Not Vista” even after 3 years on the market, Vista can’t be classified as anything but a failure.

Even if Vista fixed anything, which is debatable, almost nobody is using the damned thing, especially not in an embedded credit card terminal.

Vista is too fat and resource demanding to run on anything less than the best computers available at an acceptable speed. It’s totally unfit for laptops, and users and organizations looking to upgrade XP-era equipment can forget it. My bank just finally upgraded their client terminals from Windows 2000 and ended up on XP. Even though it’s out of mainstream support, and Vista licenses would have cost them the same amount of money.

Vista Business also had over five times as much program code in the default install as XP Professional, and about six times as much as XP Embedded, complexity always introduces bugs, and some of those bugs will most likely have security implications.

XP-powered kiosks with credit card sliders are insecure, they are leaking your personal information like a sieve, and there’s really no avoiding them.

A list of some of the things I’ve seen relying on XP, which do credit card processing:

Wells Fargo Bank

Salin Bank

Flagstar Bank

The automated checkouts at Owens Supermarket, Kroger Supermarket, and Wal-Mart (Wal-Mart uses XP extensively)

Redbox DVD vending machines. (Running XP Embedded, I saw the logo as the kiosk crashed before I could select my DVD)

A number of gas stations.

From what I could dig up:

The attacks involved SQL vulnerabilities (probably Microsoft SQL Server, but I can’t prove that), were definitely targeted to Microsoft Windows, used techniques to evade anti-virus scanners (rendering those worthless), and affected customers of 7/11, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21, and DSW.

As you can see, a massive and disturbing number of organizations rely on insecure and indefensible Microsoft software to handle critical and sensitive information about you and millions of other customers. This essentially becomes an “all-you-can-eat” buffet for attackers, many of whom are based in countries rife with fraud where the government doesn’t care what happens to Americans (like Russia) and where the US government has no jurisdiction and cannot protect you.

So many organizations depend on Microsoft software that nobody who uses a credit card (or has a line of credit for that matter) is really safe.

The same American credit agencies who set up this total mess turn around and offer to “monitor your credit” for a monthly fee, essentially charging you to mind the corrupt system they’ve set in place. One such company you may keep seeing on television commercials, called LifeLock, stars the company CEO who flashed his real social security number to prove the viability of the company’s service, only to end up having his identity stolen.

Part of the problem springs from the US government allowing social security numbers to be used for identification purposes.

This was never meant to happen, and in fact, older social security cards had “NOT FOR IDENTIFICATION PURPOSES” stamped on them.

Another part of the problem exists because of the way the “Fair-Isaac” credit reporting system works.  The credit agencies will put black marks on your credit report without taking even the slightest effort to confirm that the debt is valid, or that it’s even really you who agreed to the debt reported to them.

The third, and final reason identity theft can happen, is because the vendors of insecure computer software like Microsoft, have not been sued for the damages that their software has allowed to occur. Microsoft has not taken reasonable steps to secure its Windows operating system software (or their other products) from malicious hackers.Microsoft doesn’t care if you get your identity stolen, and has routinely left publicly documented security problems in Windows and other products (such as Internet Explorer and Microsoft Office) unpatched for years, including this week where a two year old Microsoft Office hole was finally closed after being widely exploited.

When Microsoft talks about security initiatives, they’re talking about the kind of  “security” that makes them money. They aren’t talking about securing your data from remote attacks, because they are not being held to account for this. They’re talking about “securing” the RIAA’s music from “attack” by you, they’re “securing” their Windows revenue stream from “attackers” who crack the product activator and costing them money, and they’re “securing” the MPAA’s movies from you, the “attacker”, who is trying to record them on his computer through Windows Media Center to watch later when you get home from work. If Microsoft put half as much work into securing your private and confidential information as they do circle jerking their pals over at the RIAA/MPAA, then maybe there wouldn’t be so much identity theft.

Just something to chew on the next time you hear the words “Microsoft”, “Security”, and “Initiative” in the same sentence.

How do you know when Paul Thurrott is lying?

His lips are moving.

Seriously, if Microsoft was the Republican Party, Paul Thurrott would be Fox News Channel.

Some people are constitutionally incapable of shutting the fuck up no matter how many times and how thoroughly they’re proven wrong, some people incessantly insist that they were taken out of context when they’re called out, and some people are just pathological liars that deliberately construct every sentence to be as misleading as possible. Paul Thurrott, in my opinion, is three for three.

On top of that, he has this odd mix of gung ho patsy and outright stupid that sometimes makes it difficult to tell when he’s lying and when he really has no idea what he’s saying.

This guy has bothered me for years with his total and utter disregard for journalistic quality, instead often opting to resort to hearsay, weasel words, the statistics that most favor his opinion, and anything that makes Apple and Linux look tiny or irrelevant.

Just a few of the lies and contradictions he’s been unable to escape (in order of how they amuse me):

(Windows Me in Thurrottland) “It is, quite possibly, the most under-hyped version of Windows ever created…It’s easy to ridicule Microsoft for milking the Windows 9x cash cow yet again. But the reality is that this release is exceptional.”

(2007 in Thurrottland) Tries bashing Firefox 2 and gets called out by Asa Dotzler

(2008 in reality) Gives up and writes a positive review of Firefox 3 but insists his abortive attack from the year before was “misconstrued”, goes on to list a few trivial gimmicky features IE 8 has that Firefox doesn’t. (Thurrott, you don’t want to go into feature comparisons between IE and Firefox, it can’t end well for IE)

(2004 in Thurrotland) Like zOMG!!!!1111 MSN Music is gonna be HUGE!

(2006 in reality) MSN Music is shutting down and your licensed files are toast if anything happens to Windows. (Such as upgrading XP to Vista or a slightly less devastating catastrophe like a hard disk crash.)

(2002 in Thurrottland) Like zOMG!!!!1111 Windows Media Audio is the second coming!

(2007 in reality) Finally forced to eat crow and admit that WMA is dead, and everybody uses MP3.

BONUS:

“AAC doesn’t play nice with products made by Microsoft and its partners. AAC isn’t compatible with Windows Media Player or Media Center” -Thurrott, October 2007

“Put simply, I am a fan of the Zune…The online marketplace is good, but not as good as iTunes Store, though that matters less with music because MP3/AAC is universally compatible.” -Thurrott, July 2009 (Note that Zune supported AAC in 2007 when he made the first post)

And just for an added face palm:

“..there are audiophiles and technology trolls out there who might recommend [lossless formats]…Don’t be confused by the term “lossless,” however: These formats are still compressed…This is a foolhardy idea, unless you will never use a portable media device or enjoy the thought of storing and managing two copies of your music collection, one in lossless and one in another format that’s been transcoded from the lossless masters.” – Thurrott, October 2007

I don’t suppose he bothered to mention that you can decompress lossless files back into WAV or onto another CD and the CRC checksums will even match the original disc! Or perhaps that both Windows Media Player and iTunes can transcode from your lossless library on the fly and put the resulting lossy files on your device? This isn’t new folks, they’ve both been able to do this since at least 2003-2004.

(2009) Admits the Zune is going nowhere but tries to play it off by comparing it to a Macintosh computer’s supposedly miniscule market share.

In a survey conducted last fall, IDC’s Kevorkian said only 4.8% of those with a portable media player reported having a Zune, while 61% had some sort of iPod.

So, in late 2008, the Zune actually had 50 percent more usage share in the MP3 player market than the Mac did in the worldwide PC market. (Hey, math can be fun.)

Of course it is, especially when it’s wrong/fake/conjured up with the rest of his delusions.

While we’re comparing apples and bowling balls, Mac rounded out the fourth quarter of 2008 with 8.87% of the desktop computer market (nearly double the market share of the Zune in the MP3 player market), and the Mac has gone on to 9.81% as of May of 2009. *source*

Mac and Linux have driven Windows down to an 87.75% market share, which is still a commanding lead, but in 2004 they had 96.34% *source*. While Windows isn’t dying off as fast as Microsoft’s other products (Read: Dropping like a brick), it *is* shrinking, and it should worry any investor when a company cannot at least break even year-over-year.

Mr. Thurrott, since IDG has Kevorkian on hand, can they possibly put the Zune under? It can be so quick and painless… No reason to punish the people that unwittingly put Microsoft in their 401(k) for another 2 years.

This of course brings me to today’s Paul Thurrott crap.

Thurrott slanders anything that competes with Microsoft, but seems to go out of his way to bash Apple. Now Opera is on his vendetta list since they won freedom of choice for European consumers to decide what browser they want with Windows 7.

The fact that he is bashing the browser with the most strict adherence to World Wide Web Consortium markup standards should not be overlooked, because Thurrott has a history of bashing industry standards like AAC while promoting Microsoft’s dead end (WMA).

His tirade is, essentially   “Well, uhhhm, Internet Explorer has 66% of the browser market, so it should call all the shots”. (It had 92% at the end of 2004 *source* )

Now, Mr. Thurrott has been gay for Internet Explorer for a long long time, and has stood faithfully by it despite several hundred security flaws, the fact that its rendering engine is prehistoric and buggy, and that you can’t extend it with anything but toolbars (oh do we know about IE toolbars…). (Although I have my doubts about whether or not even Thurrott could stomach any version of IE for longer than it takes to glaze over some Microsoft PR notes and grab a few screen shots)

To be dramatic, Paul Thurrott kind of reminds me of that episode of South Park “AhhhH!!! My baby is killing again! Don’t worry, mommy will protect you! I have such a good boy, such a nice boy…”, but there’s only so many bodies you can hide in the backyard and IE is a fuck up that people witness first hand from day one, so there’s really no point in even trying to defend it.

Apparently Thurrott has his panties in a twist this time because he can’t stand that the European Union, unlike the United States, actually has and enforces consumer protection laws. (And it will be interesting to see how the eradication of IE bundling in the Euro Zone affects the spread of spyware over there…)

Thurrott argues, plainly, that users should not be presented with a choice of what browser to use, that IE should remain welded onto Windows, inseparable and popping up even when you thought you hid the fucking thing, and that naive users should continue using what’s there and getting their system deluged with porn dialers, trojans, search page hijackings, and every kind of web annoyance and active content abuse that Adblock Plus for Firefox (or an ad blocking file loaded into Opera’s content blocker) can silence once and for all.

Paul Thurrott remains as pro-Microsoft and anti-user as ever. One could only assume that his yellow journalism is the kind that only Microsoft Monopoly Money could afford.

Microsoft releases emergency patch for Internet Explorer ActiveX control

Just say no

Apparently Microsoft Security Advisory 972890 is too urgent for them to dick around until next Tuesday.

It seems that yet another security flaw has been found in an Internet Explorer ActiveX control (Microsoft Video) which allows arbitrary remote code execution, and live attack code is already in circulation on various websites.

According to Microsoft, Windows XP and 2003 are vulnerable, and Vista and Windows 7 users are theoretically safe due to IE Protected Mode (which most users inadvertently turn off once UAC has pissed them off too much), and Windows 2003 users should be safe because of Internet Explorer Enhanced Security Pack (that most users turn off because it cripples pretty much every website).

In short, I’d like to know why exactly a video player plug in can become a security hazard. The answer is because things like Windows Media Player can store cookie-like data to profile the user, and supports complex scripting and DRM schemes which allow program code to be embedded in a streaming media file (Microsoft ASF wrapper allows this).

This is a prime example of why HTML 5’s audio and video tags (as well as a simple Theora/Vorbis playback codec) are so desperately needed in modern web browsers (Firefox and Safari support this, Opera should by the time version 10 is finalized).

Microsoft has repeatedly made security the least of their concerns in their ongoing attempt to appease the RIAA and MPAA, and this flagrant apathy for their users has come back to bite…..their users…. in the ass once more, ho hum.

Theoretically any active content that you allow to interact with a web page (including Flash and Java and Silverlight) is a security hazard, but IE is so difficult to actually secure that it’s worth saying again, that nobody should use it, and it should either be uninstalled (Windows 7) or disabled with the Security Policy Editor on Vista or XP.

Dress up Firefox and integrate it into Windows

It’s been a little while since I wrote about computer software, but I’ve noticed a few good add-ons for Firefox that make it blend into Windows a lot better.

As you may or may not know, Windows 7 lets you “remove” Internet Explorer, it leaves the rendering core so it doesn’t break any apps that need that, but it removes the browser front end so that nothing can start IE even if it tries.

This is sure to be a welcome relief to disgruntled Vista users that tried every way to make IE go away, and yet it kept cropping back up, started by asinine programs that were hardwired to invoke only it, and attempting to take over your system again.

In Vista, no matter how hard you tried to make IE disappear, the scourge of the Windows platform uninvited guest kept coming back, but now it’s as simple as going to Uninstall Programs, Turn off Windows Features, unchecking Internet Explorer 8, and rebooting twice. (Make sure you have another browser first), and if you ever want it back, Windows can re-install it for you just as easily.

Now if you’re like me, you generally like Firefox, but you think the Strata theme is butt ugly and wonder why it can’t just look like a normal Windows application. You also like a few things that IE 8 does, like color coded tab grouping and domain highlighting. Firefox just feels wrong and unnatural.

To make Firefox work and look like a normal Windows program, you need two add-ons:

Glasser: https://addons.mozilla.org/en-US/firefox/addon/7336

Vista Aero: https://addons.mozilla.org/en-US/firefox/addon/4988

You’ll also need to disable the extension compatibility checker in the browser and create an account on the Mozilla add on site so you can disable the Firefox version check there too. (Glasser complains otherwise and won’t install into Firefox 3.5, but works fine if you ignore the compatibility check.)

If you prefer Bing Search instead of Google, the Microsoft people have a Bing add on for Firefox.

(Of course I also use Adblock Plus, worth mentioning.)

When you’re done, Firefox’s interface will be much like Internet Explorer 8, complete with a lot of its features, minus the slowness, security problems, and other crap that plagues Internet Explorer.

Click for Screenshot

There is no Internet Explorer. There Is Only XUL ;)

Microsoft releases Get The Fud page about IE’s standard’s compliance, web still broken for everyone that doesn’t use IE

Right, so Microsoft has released another Get the Facts page:

The same kind of study as their Linux report where they cited themselves or “research” that they paid for (which immediately invalidates the results, even if some of them may have been true).

They now claim that Idiot Exploiter is the fastest, safest, most extensible web browser ever.

I really haven’t managed to slap myself in the head and shout “Oh Jesus not this fucking shit again” since George W. Bush left office, but if you told me that Microsoft had hired Karl Rove to do their marketing for them, I’d probably lean towards believing you.

It’s obvious why Internet Explorer is the most deficient browser, and why Microsoft’s latest attempt to market it as “standards compliant” is laughable, but suffice it to say that when you just let everyone opt-in to IE 7 or IE 6 style rendering, a lot of pages will keep using IE 6 or 7 style rendering because there are (and there’s no delicate way to put this) a lot of fucking idiots out there still using IE 6 or 7.

Some are on Windows 98, 2000, or XP even, either because they don’t know any better or because it’s expensive and hard to justify updating to the latest Windows if what you have in place works. (Windows 2000 still runs the vast majority of Windows programs  that Microsoft and Friends haven’t sabotaged, and most of the rest if you dig up a hex editor and hack on the EXE).

So that bring me to “Why am I rambling about IE again? Haven’t I already established that every Microsoft programmer having anything to do with it should be racked in the balls?”

Good point. But one day after Microsoft released that Get the FUD article, I tried to go pay my Comcast bill using Opera, and it won’t let me log in unless I have Opera lie to it and tell it I’m using Internet Explorer.

So my question is, to Microsoft, “If your browser is apparently so standards compliant, then why won’t the REAL most standards compliant browser get served the same page as Internet Explorer?”

Opera *can* render it in quirks mode but the server won’t send the IE version unless it thinks you use IE, so I have to set a site preference saying that Comcast.com is  fucked up and Opera should lie and say it’s Microsoft Internet Explorer.

“But wait, why don’t I have to tell Firefox to spoof as MSIE?”

Because the type of scum like the folk at Comcast know that Firefox is too big to ignore, so they give it the same fucked up page meant for IE’s non-standards (Because Firefox has quirks mode too)

Microsoft has a long history of unfair treatment of the Opera browser, going as far back as 2001 when MSN was caught handing Opera a deliberately sabotaged CSS style sheet, and again in 2003, so we know that Microsoft and partners clearly don’t like Opera, and with good reason as it is far more useful and disruptive than Firefox or Internet Explorer, so if I had to guess I’d say that one of a few things happened here.

1. Money traded hands and Comcast breaks pages sent to Opera because they’re being paid to do it.

2.  Comcast’s web developers are numbskull Microsoft flunkies that broke Opera and don’t care.

3. Comcast’s web developers are acting alone, love Microsoft, and broke Opera because doing it gets them off.

But one thing is for sure out of this, it is that there are still sites out there that only work right in MSIE (and browsers like Firefox that mimic IE enough by default), major sites, and plenty of them, and this proves that Internet Explorer is not, has never been, and likely never will be complying with bona fide web standards per the W3C.

Perhaps by standards compliant they meant that Internet Explorer 8  “Still complies with OUR standards as we make them up from thin air”.

Edit: It also seems Microsoft has rigged Windows Live login to fail for Opera users, but if you log in the second time it’ll work.

You can set Opera Mail to use POP3 to check you Live Hotmail if this annoys you, or you can just have Wand remember your log in and hit the key button twice. :)

Introducing Bing Search!

(Parody of http://www.discoverbing.com/welcome/ my edits in BOLD)

You probably didn’t wake up today wanting to have your search page hijacked, but if you still use IE after the last ten years, you’re probably used to having a new home page every time you open it expecting an entirely new search experience.

But – Bing! – here it is anyway.

So, why a new search engine? Why the new name? Why now? Who the hell cares?

Well, because even though search is a pretty amazing thing, it makes Google a metric assload of money, but they can’t hijack you through Windows Updates, and we can!

So far in 2009, there are four and a half websites created EVERY SECOND as the web continues to expand. While more searchable information is cool, nearly half of all searches don’t result in the answer that people are seeking, the 3 and a half of those sites that were set up by Conficker infections.

At the same time, the way the world searches is changing. You want more than just information. You want useless trivia regarding Brangelina, porn, and sponsored links that lead to malicious software posing as Limewire  knowledge that leads to action.

The truth is you’ve evolved, unless you’re a Christian, Jew, Muslim, or Pastafarian (please don’t boycott us!). It’s time search caught up.

So we had an idea. Start over. Copy Success. And we did. It  always  works.

We took a new approach to go beyond search to build what we call a decision engine. With a powerful set of intuitive tools on top of a world class search service, Bing will help you make smarter, faster decisions. We included features that deliver the best results, presented in a more organized way to simplify key tasks and help find that copy of XP AntiVirus 2009 faster than ever.

And features like cashback, where merchants list fake entries that are always on back order to bait idiot customers, and Price Predictor, which actually tells you when to buy an airline ticket in order to help get you the best price – help you make smarter decisions, and put money back in your pocket.

We sincerely hope that the next time you need to make an important decision, you’ll Bing and decide.

Thank you,
Bing Team, Microsoft

Why I refuse to use real time antivirus software.

If you tell most Windows users that you don’t like antivirus software, they’ll look at you like you told them you drink the blood of puppies, but antivirus software can be more of a disease than the disease it’s there to cure.

There’s free antivirus, sure, but it’s a crock, and it’s constantly advertising about why you need to buy more protection.

Should be noted that viruses and spyware haven’t typically been a problem on Linux or the Mac, but that hasn’t stopped these idiots from huckstering their wares there. (sigh)

Human sacrifice, dogs and cats living together... mass hysteria!

Then there’s the little issue of “What does malware do to a PC anyway?”

Malware:

Takes lots of RAM

Denies you access to certain files and websites

Causes system crashes

Sends personal information back to its creator

Causes additional CPU load

Hurts your battery life

Oh wait, I was talking about the antivirus suites wasn’t I? How clumsy!

Anyhow, with the Windows system I have I’ve decided to just use ClamWin (Free/Open source antivirus that uses the same pattern files as ClamAV) to manually scan files I download before running them (no realtime scanner yet). It may not be fancy, but it doesn’t slow the computer down scanning uninfected files I open 20 times a day.

How bad is the performance hit of running an antivirus scammer, errr, scanner?

Let’s find out

The funniest thing we observe is that Norton slows disk access down by almost 2369%, while the best one looks to be Avast Home Edition which “only” slows file access by 115%, and no matter what you choose, Windows Defender will slow you down by another 54%.

Then we get to booting, where Norton slows Vista’s boot by 46%, while Avast Home “only” by 4%.

Then we get to RAM use which I don’t think he listed, but Windows Defender will eat about 45-50 megs on Vista, and Avast will eat about another 40, not really enough to have a noticeable impact on a system with 2-4 gigs of RAM, but older systems would suffer greatly.

The file I/O penalty is the most troubling though, as hard drives are already the slowest part of a PC.

The call is yours:

If you don’t think you can trust manual scans and your own wit to keep you safe, then don’t do it, but for performance alone, I really can’t stomach dealing with antivirus software that eats away at Windows like the cancer it is supposedly trying to fend off.

Overall, this anti-malware software makes using your PC about as fun as sex with 27 condoms on.

My configuration:

Clamwin with Windows shell extensions for manual scan.

Windows Defender off.

UAC to Prompt for Credentials. (Makes it so I don’t have a knee jerk reaction to a prompt.

Adblock Plus and NoScript add-ons for SeaMonkey (they work in Firefox too)

Speaking of ads and spyware and junk:

You probably (1) Don’t want to open Internet Explorer anyway, but especially with no real time antivirus scanning, so you may want to delete its icons.

and (2) If you use Windows Live Messenger or Yahoo, you probably want to block their ad servers with the Windows hosts file to make sure a repeat of the MS ad servers spreading spyware through Windows Live Messenger incident doesn’t happen again.

The bottom line is that there’s a lot of stuff you can do to toss out some roadblocks without cutting your PC’s performance in half, be creative!

Did Microsoft hire maker of nLite and vLite?

I just stumbled onto a post that was several months old:

End of road for nLite/vLite? Microsoft hires Dino Nuhagic

Update: That link is dead

Mirror: http://brokencontrollers.com/end-of-road-for-nlite-vlite-microsoft-hires-dino-nuhagic-t313944.php

If this is true, it would explain why the man has gone quiet and no new work has been done on vLite for quite some time.

For those that don’t know, nLite and vLite remove so-called “integrated” Windows components from the Windows XP and Windows Vista installers, respectively.

Logically, I could see why Microsoft would want to hire the man to get him to stop undermining their claims that this crap is a “non-removable component of Windows” rather than foistware pushed on the end user in order to illegally stifle the competition.

Earlier in vLite development, the Redmond bully forbade him from distributing the 44 kilobyte WIM image filter necessary to customize Windows ISO images, forcing the user to download a 1.1 GIGABYTE ISO image of the Windows Automated Installation Kit to get the offending driver.

With the EU after Microsoft for illegally bundling Idiot Exploiter and other software unrelated to an operating system, it can’t look good that there are utilities out there that can in fact surgically remove it.

Unfortunately with Windows 7 approaching, users could never have needed a utility to strip down Windows more, as the installer will copy all files for the Ultimate Edition to the users hard disk regardless of the version they bought, and will leave them there, functionless, until the user pays Microsoft more money to “activate” them.

Nobody can seem to get Nuhagic to comment on what in fact is going on, leading to more speculation, but I for one hope that Microsoft has not hired him to simply put him out of business like they did with SysInternals…