MowGreen

Automatic Updates options are greyed out by Ramesh Srinivasan,
Microsoft MVP - Windows Shell/User

When you open the Automatic Updates tab in My Computer Property sheet, or from Control Panel, all of the Automatic Updates configuration options may be grayed out. This happens due to any of the following reasons:

1. You're not logged on as Administrator (or equivalent)
2. Automatic Updates Policy is enabled
3. Automatic Updates (and Windows Update) access is blocked via Group Policy

Resolution

To make the Automatic Updates options configurable by the user (only for stand-alone systems), remove the restrictions 2 & 3 above.

* Click Start, Run and type REGEDIT.EXE
* Navigate to this location:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ Windows \ WindowsUpdate \ AU

* In the right-pane, delete the two values AUOptions and NoAutoUpdate
* Navigate to this location:

HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ WindowsUpdate

* In the right-pane, delete the value DisableWindowsUpdateAccess

Using the Group Policy Editor - for Windows XP Professional

* Click Start, Run and type gpedit.msc Click OK or press Enter
* Navigate to the following location:

=> Computer Configuration
==> Administrative Templates
===> Windows Components
====> Windows Update

* In the right-pane, double-click Configure Automatic Updates and set it to Not Configured
* Then, navigate to this location:

=> User Configuration
==> Administrative Templates
===> Windows Components
====> Windows Update

* In the right-pane, set Remove access to all Windows Update features to Not Configured

Posted by MowGreen at 6:08 PM | Permalink | Comments (1) | TrackBacks (0)

From SF Gate - After Pat's Birthday

Copyright Kevin Tillman

Kevin Tillman joined the Army with his brother Pat in 2002, and they served together in Iraq and Afghanistan. Pat was killed in Afghanistan on April 22, 2004. Kevin, who was discharged in the summer of 2005, has written a powerful, must-read document.

It is Pat's birthday on November 6, and elections are the day after.

It gets me thinking about a conversation I had with Pat before we joined the military. He spoke about the risks with signing the papers. How once we committed, we were at the mercy of the American leadership and the American people. How we could be thrown in a direction not of our volition. How fighting as a soldier would leave us without a voice ... until we got out.

Much has happened since we handed over our voice:

Somehow we were sent to invade a nation because it was a direct threat to the American people, or to the world, or harbored terrorists, or was involved in the September 11 attacks, or received weapons-grade uranium from Niger, or had mobile weapons labs, or WMD, or had a need to be liberated, or we needed to establish a democracy, or stop an insurgency, or stop a civil war we created that can't be called a civil war even though it is. Something like that.

Somehow America has become a country that projects everything that it is not and condemns everything that it is.

Somehow our elected leaders were subverting international law and humanity by setting up secret prisons around the world, secretly kidnapping people, secretly holding them indefinitely, secretly not charging them with anything, secretly torturing them. Somehow that overt policy of torture became the fault of a few "bad apples" in the military.

Somehow back at home, support for the soldiers meant having a five-year-old kindergartener scribble a picture with crayons and send it overseas, or slapping stickers on cars, or lobbying Congress for an extra pad in a helmet. It's interesting that a soldier on his third or fourth tour should care about a drawing from a five-year-old; or a faded sticker on a car as his friends die around him; or an extra pad in a helmet, as if it will protect him when an IED throws his vehicle 50 feet into the air as his body comes apart and his skin melts to the seat.

Somehow the more soldiers that die, the more legitimate the illegal invasion becomes.

Somehow American leadership, whose only credit is lying to its people and illegally invading a nation, has been allowed to steal the courage, virtue and honor of its soldiers on the ground. Somehow those afraid to fight an illegal invasion decades ago are allowed to send soldiers to die for an illegal invasion they started.

Somehow faking character, virtue and strength is tolerated.

Somehow profiting from tragedy and horror is tolerated.

Somehow the death of tens, if not hundreds, of thousands of people is tolerated.

Somehow subversion of the Bill of Rights and The Constitution is tolerated.

Somehow suspension of Habeas Corpus is supposed to keep this country safe.

Somehow torture is tolerated.

Somehow lying is tolerated.

Somehow reason is being discarded for faith, dogma, and nonsense.

Somehow American leadership managed to create a more dangerous world.

Somehow a narrative is more important than reality.

Somehow America has become a country that projects everything that it is not and condemns everything that it is.

Somehow the most reasonable, trusted and respected country in the world has become one of the most irrational, belligerent, feared, and distrusted countries in the world.

Somehow being politically informed, diligent, and skeptical has been replaced by apathy through active ignorance.

Somehow the same incompetent, narcissistic, virtueless, vacuous, malicious criminals are still in charge of this country.

Somehow this is tolerated.

Somehow nobody is accountable for this.

In a democracy, the policy of the leaders is the policy of the people. So don't be shocked when our grandkids bury much of this generation as traitors to the nation, to the world and to humanity. Most likely, they will come to know that "somehow" was nurtured by fear, insecurity and indifference, leaving the country vulnerable to unchecked, unchallenged parasites.

Luckily this country is still a democracy. People still have a voice. People still can take action. It can start after Pat's birthday.

Brother and Friend of Pat Tillman,

Kevin Tillman

Editor's Note: Pat Tillman gained fame after he gave up a National Football League career with the Arizona Cardinals to join the Army with his brother following the Sept. 11, 2001, terror attacks, then was killed by friendly fire during combat in Afghanistan.

Thank you, Kevin. May the memory of your fearless, unselfish brother never be forgotten

Posted by MowGreen at 8:55 PM | Permalink | Comments (0) | TrackBacks (0)

From SpamThrough Trojan Analysis

Sometimes, when we shine a light on a particular piece of malware, we find some interesting things that would otherwise go unnoticed. One such piece of malware is the trojan sometimes called "Troj/SpamThru", among other names.
[snip]
Overall, detection by AV vendors is sparse, but that's to be expected given that SpamThru is a money-making operation, and the author takes great care to make sure that detection by the major vendors is avoided by frequently updating the code.
[snip]
Basically SpamThru is designed to send spam from an infected computer. This type of operation is now years old, however, SpamThru has some new twists.
[snip]
Anti-Virus Scanning
Like many viruses and trojans, SpamThru attempts to prevent installed anti-virus software from downloading updates by adding entries into the %sysdir%\drivers\etc\hosts file pointing the AV update sites to the localhost address. In the past, we've also seen malware which tries to uproot other competing malware on an infected system by killing its processes, removing its registry keys, or setting up mutexes which fool the other malware into thinking it is already running and then exiting at start.

SpamThru takes the game to a new level, actually using an antivirus engine against potential rivals. At startup, SpamThru requests and loads a DLL from the control server. This DLL in turn downloads a pirated copy of Kaspersky AntiVirus for WinGate from the control server into a concealed directory on the infected system. It patches the license signature check in-memory in the Kaspersky DLL in order to avoid having Kaspersky refuse to run due to an invalid or expired license. Ten minutes after the download of the DLL, it begins to scan the system for malware, skipping files which it detects are part of its own installation. Any other malware found on the system is then set up to be deleted by Windows at the next reboot.
[snip]
Although we've seen automated spam networks set up by malware before (Sober, Bobax, Bagle, etc) this is one of the more sophisticated efforts. The complexity and scope of the project rivals some commercial software. Clearly the spammers have made quite an investment in infrastructure in order to maintain their level of income.

Posted by MowGreen at 9:11 PM | Permalink | Comments (0) | TrackBacks (0)

McAfee reports

A recent spamming has been reported intended to download a variant of Backdoor-BAC. The spammed email message supposedly from Walmart is sent as follows:

From: info@walmart.com
Subject: Order Confirmation number: 37679041
Body:

Dear Customer,

Thank you for ordering from our internet shop. If you paid with a credit card, the charge on your statement will be from name of our shop.

This email is to confirm the receipt of your order. Please do not reply as this email was sent from our automated confirmation system.

Date : 08 Oct 2006 - 12:40
Order ID : 37679041

Payment by Credit card

Product : Quantity : Price
WJM-PSP - Sony VAIO SZ370 C2D T7200 : 1 : 2,449.99

Subtotal : 2,449.99
Shipping : 32.88
TOTAL : 2,482.87

Your Order Summary located in the attachment file ( self-extracting archive with "37679041.pdf" file ).

PDF (Portable Document Format) files are created by Adobe Acrobat software and can be viewed with Adobe Acrobat Reader.
If you do not already have this viewer configured on a local drive, you may download it for free from Adobe's Web site.

We will ship your order from the warehouse nearest to you that has your items in stock (NY, TN, UT & CA). We strive to ship all orders the same day, but please allow 24hrs for processing.

You will receive another email with tracking information soon.

We hope you enjoy your order! Thank you for shopping with us!

Malware Overview

This backdoor arrives on a system either downloaded from the Internet or dropped by other malware.

When executed, it drops several files in the Windows system folder. It creates certain registry keys and entries to enable this backdoor to execute even when the affected system is running in safe mode.

It uses rootkit technology to hide its files and processes, making detection more difficult.

This backdoor opens a random port and allows a remote malicious user to perform several commands on the affected system. This routine compromises system security and opens the affected machine to further attacks.

Posted by MowGreen at 7:54 PM | Permalink | Comments (0) | TrackBacks (0)

It's been reported in the Windows Update newsgroup that there are some systems experiencing issues with sound cards and installation failures associated with KB920872. Some Users report a continual prompt to reinstall it after a supposedly successful installation.
First, if there are continual prompts to reinstall it or there are sound issues, uninstall KB920872 from Add/Remove Programs in the Control Panel. ( If it is not listed there, then go to the end of this article for instructions on removing it )

This has been attributed to OEM manufacturers who have imaged the kmixer.sys, wdmaud.sys and splitter.sys drivers as unsigned.
Update.exe will treat these drivers as OEM drivers and not overwrite them.
This suggested workaround was posted by Eric Brodish, MS

1. Download the update from hereand save it to the C: \ drive (or whichever is the root drive)

2. Click on Start > Run

3. Type C:\WindowsXP-KB920872-x86-ENU.exe /o and click OK
(once again, C:\ being the root drive)

If the update had installed previously with loss of sound and it is not listed in Add/Remove Programs in the Control Panel, then show hidden files, folders, and system files.
Navigate to the WINDOWS directory (folder)
Locate the $NtUninstallKB920872$ folder and open it
Open the spuninst folder and run spuninst.exe
This will uninstall KB920872
Restart the system

Now install the update using the above method.

Posted by MowGreen at 7:00 PM | Permalink | Comments (0) | TrackBacks (0)

" It seems like Internet Explorer has been given a lot of heat lately with a rash of 0day vulnerabilities, and if you do use IE then do yourself a favor and visit ZERT, but has the time come for Firefox to shine as well? If you take a brief look at the list of publicly known vulnerabilities in Firefox it should come as no surprise that there will naturally be a sleuth of undisclosed vulnerabilities as well.

At the ToorCon 2006 conference, Mischa Spiegelmock and Andrew Wbeelsoi made a point out of demonstrating a live exploit running in Firefox 1.5.0.7. Their main motivation was appareantly to create bot networks for their personal use, or in their own words - “communication networks for black hats”.

Spiegelmock claims that the Javascript implementation in Firefox is a “complete mess”, stating further that “It is impossible to patch”. Personally, I disagree - though perhaps only on the finer points of those statements. Browsers are inherently insecure by design, not because of any one vendors particular implementation. Their objective is to retrieve arbitrary textual content from an untrusted network location, parse that text into a set of processing instructions and then render a visual representation of the document. Browsers are semi-compilers with a range of legacy deviations that all add up to enormously complex parsing environments, the perfect hunting ground for vulnerabilities caused by developer oversight. Adding Javascript on top of that only increases the complexity linearly instead of exponentially. "

Posted by MowGreen at 6:42 PM | Permalink | Comments (0) | TrackBacks (0)