Don’t Get Caught In The Crossfire

The Duqu virus is squarely aimed at Iran’s nuclear program. Unless you’re connected with Iran’s nuclear program, your chances of being directly targeted are extremely low. However, Microsoft was freaked out enough to issue a security bulletin for Windows users. So, better safe than sorry, protect yourself against the possibility of becoming collateral damage in an epic, upcoming attack.

Microsoft issues Duqu virus workaround for Windows

Microsoft has issued a temporary fix to the pernicious Duqu virus — also known as “Son of Stuxnet” — which could affect users of Windows XP, Vista, Windows 7 as well as Windows Server 2008.

The company promised the security update earlier this week as it races to deal with the virus, which targets victims via email with a Microsoft Word attachment. The virus is not in the email, but in the attachment itself. A Symantec researcher said if a user opens the Word document, the attacker could take control of the PC, and nose around in an organization’s network to look for data, and the virus could propagate itself.

See also:
Microsoft Security Advisory (2639658)
Microsoft software bug linked to ‘Duqu’ virus
Microsoft Provides Workaround Patch for Duqu Malware
Microsoft announces workaround for the Duqu exploit
Microsoft Issues Temporary Duqu Workaround, Plans 4 Patch Tuesday Fixes
Six Ways to Protect Yourself from Duqu
Microsoft Airs Temporary Fix to Defeat Duqu Worm
Microsoft Releases Temporary Plug For Duqu
Duqu exploits same Windows font engine patched last month, Microsoft confirms
5 Things To Do To Defend Against Duqu
Microsoft issues temporary ‘fix-it’ for Duqu zero-day
Patch Tuesday: Fix for ‘Duqu’ zero-day not likely this month

Is it just me or doesn’t it seem a bit more than odd that Microsoft, a company with close ties to and a past history of working with U.S. intelligence agencies, would publicly issue a workaround to defend against a specific piece of malware that, by many accounts, is being actively and currently used by U.S. intelligence agencies to set up and facilitate an upcoming attack, in cyberspace or otherwise, against Iran’s nuclear program? I mean, it’s not like the Iranians can’t read English, why help them defend against Duqu? Hmmm, something’s not quite right here.

/whatever’s going on, and something is going on, it’s way above my pay grade, but when the endgame comes, don’t forget to duck

Super Bot

This sure looks like a nasty piece of work.

Massive botnet ‘indestructible,’ say researchers

A new and improved botnet that has infected more than four million PCs is “practically indestructible,” security researchers say.

“TDL-4,” the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.

“[TDL-4] is practically indestructible,” Golovanov said.

. . .

TDL-4 infects the MBR, or master boot record, of the PC with a rootkit — malware that hides by subverting the operating system. The master boot record is the first sector — sector 0 — of the hard drive, where code is stored to bootstrap the operating system after the computer’s BIOS does its start-up checks.

Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code.

But that’s not TDL-4’s secret weapon.

What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.

See also:
TDL4 – Top Bot
Sophisticated TDL-4 Botnet Has 4.5 Million Infected Zombies
‘Indestructible’ rootkit enslaves 4.5m PCs in 3 months
TDL-4 creates 4.5 million PC ‘indestructible’ botnet
Security Researchers Discover the Mother of All Botnets
TDL-4: The ‘indestructible’ botnet?
There’s a Botnet Called TDL-4 That’s Virtually Indestructable
‘Indestructible’ Botnet Enslaves 4.5 Million PCs
‘Indestructible’ Zombie PC Botnet Borrows Exploit From Israeli, U.S. Cyberweapon
Have cybercriminals created the perfect botnet — undetectable and indestructible?

If you ever needed a reason and reminder to keep your operating system, anti-virus, and anti-spywware software patched and up to date, this would be a good one.

/remember, if you’re not part of the solution, you’re potentially part of the problem

Modern Warfare 2, Update Fail

Modern Warfare 2 Stimulus Package has rocky launch

Gamers who downloaded the $15 Call of Duty: Modern Warfare 2 Stimulus Package this morning were in for a nasty shock. According to numerous user reports, when the map pack to Activision’s billion-dollar game launched this morning on Xbox Live, the maps would not actually load, and matchmaking was largely nonfunctional.

The problem was then confirmed by none other than Xbox Live programming director Larry Hryb–better known as Major Nelson–on his Twitter feed. “Matchmaking is in a bad state on Xbox LIVE right now. We’re working on it and will resolve it as quickly as we can,” he said about 10:30 a.m. PDT. Microsoft sent out a patch intended to fix the issues shortly thereafter, when chief Infinity Ward spokesperson Robert Bowling claimed the map pack was functioning.

Much like a pool with no water, the Stimulus Package was of little use to many gamers during the day.

Bowling’s confidence was misguided, however, as matchmaking issues persisted throughout the day. About 12:40 p.m. PDT, Hryb twittered that, “Matchmaking across #XboxLIVE is fixed! You may still have trouble purchasing and we’ll let u know ASAP when fixed.” Bowling also reported that stability was increasing, posting a picture of the rising number of connections on a monitor.

The Call of Duty: Modern Warfare 2 Stimulus Package is set to launch on the PlayStation 3 and PC later this spring.

See also:
Modern Warfare 2 update disconnects Xbox users
Modern Warfare 2 Xbox 360 Stimulus Package incurs glitch
Modern Warfare 2’s Stimulus Package DLC misfires at launch
Modern Warfare 2 Stimulus Package Launches With Problems [Update]
Infinity Ward: Call of Duty Modern Warfare 2 Stimulus Package Release Bug Bugs Fix Fixes Problems
Modern Warfare 2 map update gives Xbox Live problems
Stimulate Your Modern Warfare 2 Map Selections
New maps arrive on Xbox Live for ‘Call of Duty: Modern Warfare 2’
Modern Warfare 2 Stimulus Package available today on Xbox Live

So, not only are they charging for new maps that used to be free, they don’t even bother to make sure they work before releasing them!

/not only have the greedy Activision/Infinity Ward bastards driven the once awesome Call of Duty franchise into the ditch, apparently they don’t even care who knows it anymore

If It’s Tuesday It Must Be Time To Patch Windows Again

Microsoft issues urgent Windows, Office security patches

Microsoft today released patches for 26 recently-discovered security holes affecting users of Windows and Office. It is urging companies, in particular, to prioritize patching certain vulnerabilities that are likely to precipitate active cyberattacks within the next 30 days.

The most worrisome security holes are easy for cybercriminals to exploit. Bad guys routinely reverse engineer Microsoft’s patches and quickly create and spread malicious programs designed to seek out and take of control of PCs that aren’t current on patching, security experts say.

Microsoft normally issues security updates on the second Tuesday of each month, known as Patch Tuesday. Most home PC users get security updates automatically, via Windows auto update. Home users just need to follow prompts to restart their PCs, once the patches are downloaded to their harddrives.

However, corporations typically take weeks to test security updates and install them company wide. “While everyone has been focused on the volume of updates today, it should be noted that there are 12 vulnerabilities with Microsoft’s highest exploitability rating,” says Sheldon Malm, senior director of security at vulnerability management firm Rapid 7. “This certainly raises the bar for customers to plan, test, and rollout these updates more quickly than usual.”

See also:
Microsoft Security Bulletin Summary for February 2010
Microsoft Plugs 26 Vulnerabilities With 13 Patches In Record Update
Microsoft delivers huge Windows security update
Microsoft Fixes 26 Vulnerabilities In Windows, Office
Slew of Critical Updates from Microsoft
Microsoft Fixes Windows Security Vulnerabilities in Patch Tuesday Update
Microsoft warns of TLS/SSL flaw in Windows

/lovely software, by now you should know the patching drill

Pardon Me While I Cringe

Just in case you ever wondered why Apple has always enjoyed that “cool kid” aura compared to Microsoft, well, here’s why.

Microsoft employees assault customers (with a dance)

Spontaneity doesn’t come naturally to everyone. Neither is it welcomed by everyone.

So please imagine how those who visited the new Microsoft store in Mission Viejo, Calif., a few days back must have felt when store employees suddenly decided to drop their trousers, wave their Zunes in the air, and sing a couple of Maria Callas’ greatest hits.

No, it really wasn’t quite like that. However, I feel sure that one or two people might have preferred the trouser-dropping and Zune-waving over the spectacle that actually occurred.

As the Black Eyed Peas were forced to propel some of their entirely commercial stimulation down the sound system, the employees performed their own version of the line dance for the one-legged. Because I am consumer-focused at every moment of my waking day, I found myself concentrating more on the reactions of the customers than on the techniques Spike Jonze might have used to make this an MTV VMA winner.

As the employees line up for this troubling, tourettesy Texas One-Step, one already feels a strange squeezing sensation on behalf of some of the customers.

Around the 1.15 mark, a little girl, her hair ponytailed with a yellow scrunchy, makes as if her vicinity has not been invaded by dancing, clapping, or stray employee sweat. She sits. She stares into her screen. The adults make fools of themselves.

Yes, this is the Microsoft store version of “The Ice Storm.”

Two minutes of constricting visual constipation are temporarily saved by three ladies who rush in from the mall to join in. These women, their purses held in place by a determined gravity, begin to show the employees just why Fergie’s tunes are precursors to a fiery personal life.

Look, I’m lying. But they are definitely better than the tall, blond string bean of a chap whose twisted movements are rather too similar those of certain people who bought Vista and couldn’t make it work.

I want to like this microcosmic flash mob of dance. I really do. However, once the balding chap holding the Brookstone bag joins the shifting knee-lifting, I find myself searching again for the little ponytailed girl staring into a very fine PC. She has not turned her neck one degree to observe these escapees from reality. She seems to have decided that this is not Miley Cyrus, this is not even Cyrus Vance, ergo this is not happening.

But it did happen, spontaneously, in Mission Viejo. That’s the place where the mission is old, right?

See also:
Hey, Microsoft: Please Stop Trying So Hard
Microsoft Dances Its Way Into Shoppers’ Hearts
Lines Of Code? No, Line Dancing, Microsoft Style
I never want to visit a Microsoft Store after seeing this
Microsoft Reduces Store Employees to Dancing Fools
Microsoft Store Employees Cruelly Forced To Dance For The Internet
Microsoft Retail Store Employees Break Out Into Dance And It’s Really Creepy

Of course, this latest Microsoft dancing debacle doesn’t hold a creepiness candle to the all time cringe classic.

/pass the knitting needles, my eyes and ears hurt

Did Activision/Infinity Ward Screw The PC Pooch?

I am a PC gamer. I am a huge fan of COD4, Call of Duty 4: Modern Warfare, I think it’s the best FPS PC game ever released and its sales figures back up that claim. As with all games of this genre, while the single player experience is fun, the multiplayer mode is why you buy the game and what gives the game its replay value. In this regard, COD4 is awesome, absolutely without peer, IMO.

So, as you might imagine, ever since they announced a release date for Call of Duty: Modern Warfare 2, I have been waiting in eager anticipation. Now, imagine my surprise when it turns out that Activision/Infinity Ward, in MW2, has stripped out all the multiplayer features that made COD4 such a success. Not only is this a major multiplayer experience downgrade (which they’re charging $10 more for), but it seems that this was done deliberately, as a slap in the face to the PC gaming community!

Modern Warfare 2: The Battleground for PC Gaming?

Every once in a while (every 10 minutes or so), the death knell of PC gaming is cried out by someone or other. And once in a while, it seems like they might be right. PC gaming is not, however, going anywhere. With such an open platform that allows anyone to get in without buying a dev kit, there will always be something to play. Nonetheless, the release of Modern Warfare 2, to me, signals one of the loudest shots fired from the bow of a major publisher against PC gaming.

Freelancer Mitch Dyer commented on his twitter feed earlier today that he was ranked one million something in Modern Warfare, meaning that in just 12 hours, the game has sold over a million copies on one platform. Any doubt that this game would be huge should be a distant memory by now.

The two console versions are pretty much feature-identical, as far as I know. It comes down to preferences for controllers and online service. Beside that, they’re the same game.

But then there’s the PC version.

The thing about PC gamers is, they expect certain things out of their games, things that have always been there as far back as Quake. First and foremost is the exclusion of support for dedicated servers. Back in the Quake II days, I remember logging into the same server (Nostromo) every night over the summer to play deathmatch over dial-up. On the 360 and PS3, matchmaking is an accepted part of the platform.

To not have that, as little an inconvenience as it may be in reality, seems like a major affront to PC gamers. Having the option to get familiar with a server and the group that shows up there has always been one of the benefits of the game, along with having the option to vote users off the server if they’re being disruptive without having to wait for an admin to get to it. Also, when the game isn’t hosted by a player, no one gets the home field advantage and no one affects the game when they pull the plug mid-match.

Of course on the publisher side, you get problems like servers with weird settings that encourage cheating and most importantly, servers that don’t verify that your copy of the game is legal. That’s the big thing. By having the entire online game run through a service, you force all your users to verify their copies of the game if they want to play online. Even if it means no clan home servers and worse, no local play.

Another missing aspect is the lack of console access. The best way to describe a PC gamer, to me, is to compare them to those car nuts that build hot rods from scratch. PC gamers build their systems, know the specs of every part in their computer, and have everything set-up just the way they like. Check out their World of Warcraft interfaces when they get to higher levels, and you’ll see something that barely looks like the same game. Similarly, some gamers like to have their shooters set-up just-so. Tweaking the field of view settings and sensitivity of the controls are things gamers expect to have the option to do as necessary. Instead, Infinity Ward has told gamers that they’d like them to play the game as they designed it, regardless of any user preferences that may not conform to what the publisher thinks is important.

Other limitations include restricting the maps to 9v9 (when the first Modern Warfare allowed games with 16v16) and the exclusion of the lean move, in the name of not having to recalibrate the maps. That lower team limit is a major thing for all the clans that formed on Modern Warfare servers trying to make the jump to the sequel. Split the team up? Have Alpha and Bravo teams? Not play the new one?

I won’t even mention that the PC version of the game is selling for the same price—$59.99—as the console equivalents. Oops, I just mentioned it.

All this together makes me think Infinity Ward/Activision is excluding expected features in hopes of discouraging PC users. Maybe not discouraging them, but taking away many of the advantages that have drawn PC users in the past while doing as much as possible to combat piracy. Of course, where there’s a will there’s a way, and there’s always a will in PC gaming, and I won’t be surprised if we see dedicated servers with 16v16 games within a few months.

Whether the mad geniuses of the mod world come up with a solution, Activision’s decision strikes me as a very clear message that PC games—or at least hardcore PC gamers—do not play a large role in their equation. While indie gaming and MMORPGs thrive, I have a feeling that some of the bigger publishers are going to give the PC less and less attention when they have a much more reliable option available.

chart-noscale

See also:
Modern Warfare PC compared to Modern Warfare 2 PC
Modern Warfare 2 PC User reviews low…
PC Gamers Fear Modern Warfare 2 Is A Console Port [Video]
Call of Duty Modern Warfare 2 PC Multiplayer Capped at 18 players
Modern Warfare 2 (PC) Capped at 9v9
PC Players Revolting Against Modern Warfare 2
PC Modern Warfare 2: it’s much worse than you thought
Call Of Duty: Modern Warfare 2 PC review
Call of Duty: Modern Warfare 2 PC Review
Activision Not Concerned With Modern Warfare 2 PC Negativity
Modern Warfare 2 Hacks Already Available on PC

Needless to say, I’m extremely dissapointed and conflicted by this fiasco. I was really looking forward to playing this game but, on the other hand, on principle, I don’t want to financially reward Activision/Infinity Ward for their blatantly arrogant and hostile treatment of loyal PC gamers. They expect us to pay more for an inferior product after we’ve already seen that they’re capable of putting out an excellent multiplayer game like COD4. It sucks.

/for now, I guess I’m going to sit back, think about it some more, and wait and see how this controversy plays itself out

You’re Going To Get IE8 Whether You Like It Or Not

Microsoft tired of waiting

Microsoft, disappointed by the low adoption rate for the company’s latest iteration of its Internet Explorer web browser, will from next week begin pushing the software to computer users through the Windows automatic update feature.

The target in the drive to expand use of Internet Explorer 8 (IE8) is the more than 90% of the IE user base still on versions six and seven. According to research firm Net Applications, IE8’s share of the IE market has reached 4.36% but overall IE share dropped to 60.90% this month.

See also:
Microsoft to start pushing IE 8 browser
Microsoft To Push Automatic Rollout For Internet Explorer 8
Internet Explorer 8 to hit Automatic Update
Microsoft rolls out automatic Internet Explorer 8 update
Why you should not install Internet Explorer 8
Internet Explorer 8 has good, bad sides

I tried installing IE8 a couple times a month or so ago, but it refused to open some of the websites on my Favorites list so I uninstalled it and went back to IE7.

/so, you’ve been warned, if you don’t want IE8, pay attention to which automatic updates you install next week