Dr. Jerry Pournelle

Email Me


Why not subscribe now?

Chaos Manor Subscribe Now



Useful Link(s)...

JerryPournelle.com


Hosting by
  Bluehost


Powered by Apache

Computing At Chaos Manor:
The Mailbag

Jerry Pournelle jerryp@jerrypournelle.com
www.jerrypournelle.com
Copyright 2010 Jerry E. Pournelle, Ph.D.

February 22, 2010

Dr. Pournelle,

A warning to you and your readers, a pop-up trojan has spread to otherwise respectable websites. I went to dilbert dot com to view their daily comic, and IE8 immediately closed, replaced by two pop-up IE browser windows, one very small and one the size of a typical pop-up message. The larger one had a reasonable looking warning about a virus, and a button to click to "scan". Knowing that this was completely abnormal behavior, I closed both IE windows using task manager instead of clicking on the equally legit looking "X".

After that, I immediately started a full system scan using windows security essentials, and although the scan is not yet complete it has already given me a warning that it has found "malicious or potentially unwanted software" on my computer.

Note that I did NOT click anywhere except to close the processes from within task manager. I merely visited a legit website which immediately closed the main IE browser window, replacing it with two smaller pop-up windows identified as iexplore.exe windows in task manager. I did not click on either of those, and immediately closed them with task manager. I am unsure as of yet if what MS security essentials has found is simply in the browser cache or if my system is well and truly borked, but this one was really bad. No warning, and I didn't DO anything, yet I seem to have an infected system.

As I type this, when MS security essentials scanned iexplore.exe, my floppy drive started buzzing loudly as if it was being accessed. Not good, not good at all.

This whole thing, getting nailed by merely visiting a hacked website that was "legit" just a few hours ago, in effect makes windows 7 and IE8 completely unusable for me especially since I occasionally work from home. Any site on the internet could be the next to get compromised and there was no way to avoid this once the site was visited. My system was fully patched and uses all the default security settings except that secure browser windows are not cached and my IE cache is supposed to be flushed when IE is closed.

Sean

Infection of legitimate sites has been a major problem. The first line of defense would be to use Firefox with AdblockerPlus, granting exceptions depending on your state of paranoia (Sudoku for example uses popups to allow changes in difficulty level).

This manner of attack, by corrupting legitimate advertiser packages, is of sufficient concern that a lot of smart people are working on it, but so far I haven't seen satisfactory progress.


a note about worms we've been fighting Lately.......

turns out we've have a hole in adobe flash player, in how it talks to and accesses javascript, that allows a hacker to hack other people's advertisements. basically they can change where the advertisements points to......from the advertisers server to the hackers server. So we have had drive by installations on sites as ubiquitous as yahoo.com. Here's the site the broke the news (www.foregroundsecurity.com blog):

http://skeptikal.org/2009/11/flash-origin-attack-faq.html

Once on your computer these programs are going after key system files so that if you try to fix them they nuke your computer. here's a list:

atapi.sys ---cd rom driver
iastor.sys ---hard drive
nvata.sys
nvstor32.sys
nvgts.sys
nvatabus.sys
sisraid.sys
IdeChnDr.sys
iastorv.sys
userinit.exe

I have had dozens of machines that I have had to fix via the Ultimate boot cd for windows(a bart pe disk) so that I could go into the registry and fix the userinit entry in the registry so the customer could login to windows. I also had to find a entry called appint(hkey local machine/software/windowsnt/windows) that loads a dll every time you run an executable.........so that I could run the cleaning software. very nasty stuff. But I recommend the Ultimate boot cd for windows.....runs a xp session from the cd, but can remotely edit the registry and even run superantispyware remotely on the registry and hard drive.....very useful.

Also For cleaning I recommend a hard core program called combofix(www.combofix.org). It not only cleans, but tends to replace hacked files with clean versions. It appears to work on all versions of windows.

Any way.....keep writing........I still love your stuff....

Adam Kelm
Aberdeen, Washington 98520

Thank you for the information, and for the kind words.

I fear that the complexities of computer security has got beyond my expertise. It has also got past a lot of people who don't know just how fast things are moving.

In particular, I now hesitate to try to clean or recover a system that has been infected. When Emily got hit with whatever it was that infected her, I took out her hard drive, installed a new drive and a new copy of Windows 7, and now access her old disk with its data through another machine with the disk attached as an external through USB. This was a good bit of trouble, but I deemed it safer than trying to clean the disk; moreover, I thought I'd probably spend more time trying to restore the system than I would if I replaced it. The only thing I lost was some saved games, and I make no doubt I can recover them if I want - in actual fact I started over in new Barbarian Invasion campaigns, putting to use what I'd learned...


Infection on "Emily"...

Jerry, I was just reading your most recent column, and noticed that you were assuming some sort of "Rootkit" infection on your "Emily" machine. The line "...I wasn't able to get to any site but the one offering the anti-virus program." suggests a simpler explanation, though.

The reason that nothing can find the "infection" is that there isn't one. What has happened is that some transient malware has changed your DNS server settings to point to a machine that only has a DNS entry for that site. Malware scanners can't really check for this as they can't maintain a list of all known good DNS servers.

Check it out - there's a chance that resetting the DNS server to the defaults in your networking settings will restore everything.

Keep up the good work,

Peet McKimmie
Aberdeen, Scotland

That is a fascinating idea, and were that disk still in a machine where it can be booted, I'd try it. I may yet, in fact, but at the moment there's no time. It would certainly be worth a try.

Do "ipconfig /all" in a command window as a first cut.


Subject: the worm

Jerry,

these root kits were predictable by those of us that work at the system's level. It is high time the USA got it's ass in gear and started looking at compute space as another warfare front. If we don't, the Chinese will clean our clocks. It is the perfect front for them. Manpower intensive, and low cost. You don't need a 40 million dollar fighter to engage, just some cheap PC's and internet bandwidth.

Phil

Amen


Dos Apps Under Win 7

I just confirmed that DOS apps can run under Win 7 via Virtual PC running Windows XP. I have not confirmed direct hardware access.

Virtual OSs were the hot buzzword item a couple of years ago but from personal experiece this is truly the next Big Thing. Upgrading an OS from XP on for Windows tended to be hit or miss with miss being the most often result. Nowadays it isn't a material issue. Just make a virtual disk of the old OS and run it under the new OS. As you have mentioned processor cyles (but not disk access time, unfortunately) are almost free. The processor just sits there doing nothing most of the time, why not put it to use?

I had a conversation a week ago with a sysadmin for a Fortune 500 corporation over this issue. While the trade magazines were touting virtualization of servers this company was quietly using it where it came in very helpful - on the Desktop. Both app developers and the engineer users (this is an oil company) were having to deal with different applications that ran on different OS's. Virtualization on the desktop level has solved a multitude of problems. Add to that my personal experience in dealing with upgrades and I personally think that this is the product of the year.

Gene Horr

In 64-bit systems with a LOT of memory, cache in memory tends to mitigate the slowness of disk drives. I agree: getting Virtual XP going in your Windows 7 system can solve a lot of problems, including many security difficulties.


Re: Charnel House (From February column)

There is a strong cultural demand in the African-American community (at least in the South; can't speak for elsewhere) to have "unique" names for their children. Carried to an extreme, these leads to "Utah names" like these:

http://wesclark.com/ubn/article.html

Most local African-American mothers (fathers are mythical in this society) don't go as far as the Mormons, but as the Freakonomics guys noticed, you do get a lot of "Roshandas" and "Imanis."

http://www.slate.com/id/2116449/

The saddest one I saw was a waitress with a tag proudly proclaiming her name to be "Charnel."

I hope that, someday, she Googles it, and changes it to "Charnelle."

S.


eBook pricing.

I read your column on EBook pricing and I have some questions about. First is this statement: "Macmillan and the publishers, meanwhile, see Amazon as a major distributor, and they don't want the distributors setting the final price of the product. Neither do authors, who generally side with the publishers in this matter."

Amazon is the retailer not the distributor. Why shouldn't a retailer get to set its price? Would it be a good think if every manufacture set prices? No store could offer you a sale price. No store could compete with another on price. As long as the publisher and the authors get the price they want what is the difference? Yes Amazon could use selling at a too low of a price as a way to push competitors out of business but that would be a case of an abuse of a Monopoly and is illegal.

How ever have the manufacture setting the retail price is called price fixing and is also illegal. I do not want the wholesaler manufacture to set the retail price anymore than I want the retailer to set the wholesale price.

As to the difference in cost between an ebook and book it has to be significant. Books must cost at least a few dollars to print and ship and warehouse. Add in the cost of the stripped books and returns and it has got to be a good chunk of the cost of a book. Also publishers must accept that ebooks are less valuable to me.

I am reading a great book right now that I got for my birthday. It is called Leanings by Peter Egan. When I am done with I am going to lend it to my wife to read then at least one friend of mine. I am also planning on buying my brother a copy for his birthday. With an Ebook I can not "lend" it to a friend. I can not sell it at a used book store. So the book is worth less to me than a paper book. As such I should pay less for it.

The way it looks to me as a person that reads and buys a lot of books is this. The publishers see ebooks as a way to hit that magical 20% profit margin. So on this fight I think Amazon was in the right. eBooks need to be cheaper. I feel that even $10 is way too much for an ebook. If they dropped the price to under $5 I would buy A lot of books. I would risk picking up an author I never read.

Now what we really need is for Amazon to get more ebooks. I really want to read the Uplift books on the Kindle, Illusions by Richard Bach as well, and all of Larry Niven's works. I am sure I can find a lot of those on the internet but I really want to support authors. But if they don't make an ebook available I will probably just hunt them down in used book stores or keep waiting. The publishers need to understand that people like me really want to buy books. But in a lot of cases they are just not available or cost too much.

Well all the best to you and I hope your recovery goes well. Tell Mr. Niven that after seeing Avatar I am now waiting to see a whole series of Known Space movies to start showing up... Please.... or some more known space books... please....

Amazon is both retailer and distributor. That's the problem. The system is set up to sell large blocks of books to distributors who then place them with retailers.

Markets determine prices. Amazon thinks there is more profit in selling more books at a lower price. The real problem is that Amazon wants to sell at lower prices now, and publishers want to exploit early eagerness before lowering price.

Used books are good for readers, but neither creators nor publishers make any money from a used book sale. No one says there should not be used books, but authors are understandably less than enthusiastic about promoting them.


Subject: Windows Work-around

Jerry -

You may remember my rant last week about how I'd been organizing Windows My Way since version 2.0 and how gratuitously difficult the youngsters from Redmond have made that in recent years.

Your reference in today's column to Microsoft's penchant for burying my data deep in userland reminded me of my latest revenge - using one of their free toys - SyncToy 2.0.

I laboriously discover the real location of all of My Data that I care about that Win7 insists on putting in the system partition (which we all know has to be nuked and decontaminated every few months) and set up SyncToy relationships that copy them to a saner location on a data partition (and now that drives are penny-ante items, on a different spindle). It's a simple matter, then, to back them all up to a safer location with a single "all folder pairs" command.

I've gone further than that, and back-up my data drive to a similar drive on my Better Half's workstation downstairs. I also use SyncToy to synchronize my working text directories to a thumb drive to take to the office, and an SD card for my netbook.

As you say, "highly recommended."

David

I tend to do much the same, but I keep all my Outlook pst files in a root directory called "Outlook" rather than nine layers deep in a user file. I have no use for multiple users. Pournelle's law has always been 'One user, at least one CPU.'


Subject: Unicode dictionary

Dr. Pournelle:

You may already have seen this:

http://technet.microsoft.com/en-us/library/cc263242.aspx

It doesn't say much although much is written.

I have passing exposure to unicode, which I call "super ASCII." It allows other language characters aside from the Latin alphabet. Even back in the Word 97-2003 days, you could add a symbol (Insert >> Symbol) to your document. Most of these were Unicode.

Here's someone with a problem similar to yours, but no solution except "Save As".

http://www.msofficeforums.com/word/1320-custom-dictionary-unicode-encoding.html

Best regards,

Bill Kelly
Houston

I have managed to convert my old style dictionary files to Unicode, but I have to convert them back if I want to share a dictionary with Niven who still uses Word 2003. Save As works once you get it to open the file; it turns out that Word 2007 won't open some .dic files that Word 2003 has created. Fortunately Notepad will.


2003 to 2007 dictionary conversion...

Jerry - I found this on a forum some time ago and saved just the post - I have no idea what forum.

SteveB wrote at 2008-09-24 15:24:44

I had a similar problem going from Word 2000 to 2007 but still under XP Pro. What worked for me was making sure that the newly created CUSTOM.DIC had been saved using Unicode encoding. Steps are:

1. Copy the word 2000 version of CUSTOM.DIC to the new UProof folder as Custom2k.dic.

2. Open it in Word2007 as a regular file (specifying All files in the Open dialog to see it)

3. Use Save As type Plain txt and specifying "CUSTOM2000.DIC" WITH THE QUOTES to ensure that Word doesn't add the .txt extension. In the dialog that follows choose Unicode encoding for this save.

4. Close Word, navigate to UProof folder and rename the .DIC files so that the newly created CUSTOM2000.DIC becomes CUSTOM.DIC. You may already have added some useful stuff to the original Word2007 CUSTOM.DIC. If not just delete it.

5. Re-open Word 2007 and check if adding to dictionary is now available to you.

I know it's a while ago but I came across your post when looking for a solution so others might too.

SteveB, Bristol, UK

Good luck!

Art Roberts

That's how to do it all right. I remember now I had the problem before, and I had forgotten that. In the particular case I had some entries beginning with ' as in 'Uthin as an alien name, and Word 2007 under 64-bit Windows 2007 simply would not open that .dic file until I opened it with Notepad and deleted that opening entry. After that it was simple.

Very odd. But yes, I had solved it some years ago...


Yet more Win7 annoyances

I've just installed Win7 on my netbook and am once again reminded of the Font Insanity that it brings.

Being the typographical equivalent of tone deaf, I use only a handful of possible fonts (or are they typefaces - I can't keep the distinction straight, which drives my graphic designer cousin mad). You've no doubt noticed that there are an incredible number of fonts installed by default (which one has to scroll through to find the one that is wanted), and that the majority of them have names that suggest that they are not intended for use in my Native Tongue (the one that separates the United States from Great Britain).

In the Bad Old Days a half-hour deleting font files after each slash-and-burn installation would resolve this, but no more. Try that with Win7 and you quickly learn that "Batang and BatangChe & Gungsuh & GungsuhChe cannot be deleted because it is a protected system font", and that the same is true for most of the non-Latin fonts. While I think of myself as relatively cosmopolitan, in reality I only write in English and with the exception of a smattering of Koine Greek I can only parse, with some difficulty, a few Western European languages. Cyrillic and anything south or east are utterly lost on me.

I've been around this block a few times in the past 6 months as I've installed betas, RCs and RTM versions of Win7 and subsequently tried to make them useful, hoping that eventually the issue would be fixed before it went Retail. I just ran across a recent thread on social.answers.microsoft.com that both perfectly describes the immense frustration that this issue has caused with English-speaking users and the utterly unsatisfying explanation that Microsoft has provided.

{Microsoft Forums Link}

I give credit to the patience of the MS staff who responded on this thread, and am grateful that MS has now acknowledged that there is a problem both in design and quality control (this was a bone-headed designed decision compounded with buggy implementation). That said, IMHO it exposes some troubling decision-making trends at MS. Faced with the immense complexity that internationalization with Unicode introduces, they've chosen to make it easy on themselves at the expense of the end-user.

I've recently completed a multi-year, multi-million-dollar, internationalized application and have great respect for the effort that has gone into Windows 7. That said, I hope that someone is listening and will appreciate that whiz-bang like Aero is only exciting for a few days after the initial install, but something like the Font Insanity annoys day in and day out.

Your grumpy old friend,
David Smith

I don't find the existence of those unused fonts all that offensive, now that memory and disk space are cheap. There are a lot to scroll through sometimes, but that's a fairly minor annoyance to me.

A major annoyance of the "improved" Word is that it no longer has type-ahead nor will it offer to fill in the date after you type in a day of the week. I found both of those useful enough that I am contemplating installing Word 2003 under an XP virtual machine and writing with that.


problems with windows

Dear Mr Pournelle --

You've doubtlessly heard it before: switch to Linux. You can still use Word files and Excel files in open office, or in other open source programs.

My daughter completed her BA from University of Texas and MA in Military History from Norwich working exclusively on Linux machines and delivered her finished work in MS formatted files.

She did the work in native open source formats, and converted the finished product to conform to the college guidelines.

For a number of years now, it's actually been easier for an end-user to install a mainstream Linux distribution, than to install Windows. Ubuntu is pretty good, my daughter and exchange student use that; I have an aversion to the click-and-drool window managers and so have built my own. Sometime next month I'll figure out how to make it work with Ubuntu and upgrade my machine from whatever archaic version I'm currently using.

Cheers!

Tom Crispin

I fear that would cause more problems than I can deal with. Niven uses Word 2003, I'm used to Word 2007 but don't really find much about it preferable to 2003; but the thought of Niven having to deal with Linux is too much for me to bear.


Outlook and Windows 7

I wonder if software makers, or the makers of any other product come to that, realize how important familiarity is to the things we like to buy and use. It irked me when I had to get used to a new menu layout for the new Office programs. I'm still fastest and most effective on AutoCAD 13, although it doesn't have all the features of my AutoCAD 2010.

One trivial question you might be able to help me with: I like it when the mail doesn't download automatically when I open my mail program, and I can check things out before I hit "send and receive." There used to be a setting for this option. Is there one in Outlook 2007?

Tom Brosz

I don't know for sure, but I expect another reader or three will have the answer by this time next month. At first, I though you were talking about not automatically opening mail, and answered that question...

Outlook doesn't automatically open mail, or at least I have never had it do that. It does show a preview; in my case I have it set to make those previews Plaintext. If I then want to see the mail as html I can open it in plaintext and convert to html. I don't do that with suspicious mail, but I do it for my daily comic strip subscription - but even then I do that by hand. I am not much worried about what comes in displayed as plaintext.


Re: China Hackers

Jerry,

We noticed the conversation on your blog (posted Mon Jan 25) about the individuals in China that engage in hacking activity.

Just to clarify, customers of Chemical Abstracts Service (CAS), not CAS itself, were the recent victims of cyber attacks reported in The Columbus Dispatch article. The theft of CAS' SciFinder product described in the article occurred at the customer level, where access was being commandeered and used for searches. This theft was not a breach of the product itself. CAS data was never manipulated or compromised.

Thanks,

Tony Machosky
CAS

Thanks for clarifying that.


: Application Data / AppData

Hi Jerry

Believe it or not, this is a "feature", not a bug (i.e. on purpose).

See http://technet.microsoft.com/en-us/magazine/ee851567.aspx

Michael J Smith

Michael refers to the existence of both "Application Data" and AppData files. It remains odd in my judgment, but that apparently is the explanation. Thanks.