Technical Cyber Security Alert TA05-165A
Microsoft Windows and Internet Explorer Vulnerabilities
Original release date: June 14, 2005
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security Bulletin Summary for June, 2005.
Overview
Microsoft has released updates that address critical vulnerabilities in Windows and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service.
I. Description
Microsoft Security Bulletins for June, 2005 address a number of vulnerabilities in Windows, Internet Explorer, Outlook Express, Outlook Web Access, ISA Server, the Step-by-Step Interactive Training engine, and telnet. Further information about the more serious vulnerabilities is available in the following Vulnerability Notes:
VU#189754 - Microsoft Internet Explorer buffer overflow in PNG image rendering component
A buffer overflow in the PNG image rendering component of Microsoft Internet Explorer may allow a remote attacker to execute code on a vulnerable system. (CAN-2005-1211)
VU#489397 - Microsoft Server Message Block vulnerable to buffer overflow
Microsoft Server Message Block (SMB) is vulnerable to a buffer handling flaw when processing incoming SMB packets that may lead to remote code execution. (CAN-2005-1206)
VU#851869 - Microsoft HTML Help input validation error
Microsoft HTML Help fails to properly validate input data, allowing a remote attacker to execute arbitrary code. (CAN-2005-1208)
II. Impact
Exploitation of the most serious of these vulnerabilities could allow
a remote, unauthenticated attacker to execute arbitrary code with
SYSTEM privileges. This would allow an attacker to take complete
control of a vulnerable system. An attacker could also execute
arbitrary code with user privileges, or cause a denial of service.
III. Solution
Apply updates
Microsoft has provided the patches for these vulnerabilities in the
Security Bulletins and on Windows Update.
Workarounds
Please see the individual vulnerability notes for workarounds.
Original release date: July 08, 2005
Last revised: --
Source: US-CERT
Overview
The United States Computer Emergency Readiness Team (US-CERT) has
received reports of an email based technique for spreading trojan
horse programs. A trojan horse is an attack method by which malicious
or harmful code is contained inside apparently harmless files. Once
opened, the malicious code can collect unauthorized information that
can be exploited for various purposes, or permit computers to be used
surreptitiously for other malicious activity. The emails are sent to
specific individuals rather than the random distributions associated
with a phishing attack or other trojan activity. (Phishing is the act
of sending an email to a user falsely claiming to be an established
legitimate enterprise in an attempt to scam the user into surrendering
private information that can be used for identity theft.) These
attacks appear to target US information for exfiltration. This alert
seeks to raise awareness of this kind of attack, highlight the
important need for government and critical infrastructure systems
owners and operators to take appropriate measures to protect their
data, and provide guidance on proper protective measures.
Description
There are two distinct elements that make this attack technique
significant. First, the trojans can elude conventional protective
measures such as anti-virus software and firewalls, both key measures
in protecting the US Critical Infrastructure networks. A number of
open source and tailored trojans, altered to avoid anti-virus
detection, have been used. Trojan capabilities suggest that
exfiltration of data is a fundamental goal. Second, the emails are
sent to specific or targeted recipients. Unlike "phishing" attacks,
the emails use social engineering to appear credible, with subject
lines often referring to work or other subjects that the recipient
would find relevant. The emails containing the trojanized attachments,
or links to websites hosting trojanized files are spoofed, making it
appear to come from a colleague or reliable party. The email
attachments exploit known vulnerabilities to install a trojan on the
user's computer. When opened, the file or link installs the trojan.
Trojans can be configured to transmit information to a remote attacker
using ports assigned to a common service (e.g., TCP port 80, which is
assigned to Web traffic) and thereby defeat firewalls. Once the
trojanized attachment is opened, a remote attacker can then perform
the following functions:
* Collection of usernames and passwords for email accounts
* Collection of critical system information and scanning of network
drives
* Use of infected machine to compromise other machines and networks
* Downloading of further programs (e.g., worms, more advanced
trojans)
* Uploading of documents and data to a remote computer
US-CERT is working with other computer emergency response teams
worldwide to address these types of attacks.
Suggested Actions
Due to the targeted distribution of trojans spread in this way and the
possibility of communication with remote attackers using ports
assigned to common services, detection of this activity is
problematic. US-CERT advises that system administrators take the
following actions:
* Educate users to use an anti-virus scanner on all email
attachments.
* Maintain and update anti-virus software and signatures to detect
malware that may be associated with this attack.
* Block executable and/or suspect attachment types at email gateway
or block the download of executable content via HTTP.
* Investigate anomalous slow-running machines, looking for unknown
processes or unexpected Internet connections, as this may be an
indication of malicious programs operating in the background.
Encourage reporting and full investigation of such behavior.
* Update operating system and application software to patch
vulnerabilities exploited in the past by these Trojans.
* Implement spam filtering to guard against infrastructures (e.g.,
dial-ups, open proxies and open relays) commonly used by the
attackers.
* As Microsoft Office vulnerabilities have been targeted and
exploited, ensure that Microsoft security bulletins are followed.
* Turn off 'Preview Pane' functionality in email clients and set the
default options to view opened emails as plain text
* Examine firewall logs of critical systems, or networks used for
processing sensitive information, for connections to or from
anomalous IP addresses.
* Consider traffic analysis to identify any compromised computers
that are exfiltrating files. Data on the size and times of HTTP
transactions or TCP port 80 flows may help detect exfiltration by
highlighting connections where the data volume sent is far greater
than that received from the remote server or when data is being
sent at times outside of normal working hours.
* Analyze log files to determine whether the attackers are spoofing
your domain.
* Consider implementing IP address lists of outbound Internet
connections, denying access except from address ranges relevant to
your business activities, such as a "default deny" policy. This
provides some protection against computers in third countries
being used by attackers to control trojans.
Incidents or suspected malicious activity of this nature, as well as
all cyber security incidents affecting the US Critical Infrastructure
should be reported to the United States Computer Emergency Readiness
Team (US-CERT) via email to soc@us-cert.gov or by telephone (703)
235-5110.
Vendor Product Names
The following anti-virus product names are associated with known
trojans used in the attacks since January 2005.
Microsoft Windows, Internet Explorer, and Word Vulnerabilities
Original release date: July 12, 2005
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Office
* Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security
Bulletin Summary for July, 2005.
Overview
Microsoft has released updates that address critical vulnerabilities in Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.
I. Description
Microsoft Security Bulletins for July, 2005 address vulnerabilities in Windows, Office, and Internet Explorer. Further information is available in the following Vulnerability Notes:
VU#218621 - Microsoft Word buffer overflow in font processing routine
A buffer overflow in the font processing routine of Microsoft Word may allow a remote attacker to execute code on a vulnerable system. (CAN-2005-0564)
VU#720742 - Microsoft Color Management Module buffer overflow during profile tag validation
Microsoft Color Management Module fails to properly validate input data, allowing a remote attacker to execute arbitrary code. (CAN-2005-1219)
VU#939605 - JVIEW Profiler (javaprxy.dll) COM object contains an unspecified vulnerability
The JVIEW Profiler COM object contains an unspecified vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system. (CAN-2005-2087)
II. Impact
Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user. If the user is logged on with administrative privileges, the attacker could take control of an affected system.
III. Solution
Apply Updates
Microsoft has provided the updates for these vulnerabilities in the Security Bulletins and on the Microsoft Update site.
Workarounds
Please see the individual Vulnerability Notes for workarounds.
Appendix A. References
* Microsoft Security Bulletin Summary for July, 2005
<http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx>
Mozilla, Firefox 1.0.5 released.
Patches 10 bugs in the Web browser, some of them "high risk." High-
risk problems typically allow an intruder to commandeer a PC or expose
the user's data.
Microsoft officials say Beta 2 of Windows AntiSpyware is still due before the end of this year. And there's still no official date for the final gold release.
Microsoft released for download on Monday evening another Beta 1 release of its Windows AntiSpyware product.
Microsoft officially announced its plans to field a Microsoft-branded anti-spyware product (code-named "Atlanta") in January, following its purchase of Giant Software in December, 2004. The anti-spyware beta supports Windows 2000, Windows XP and Windows Server 2003.
Microsoft released the first beta (Build number 1.0.501) of Windows AntiSpyware on January 6. Since then, the company has made available regular beta refreshes of the product. In June, Microsoft released an interim beta refresh at the same time as it extended the Windows AntiSpyware beta expiration date to December 31, 2005.
On Monday, Microsoft issued the latest public beta build (No. 1.0.615) to testers.
The latest Beta 1 update provides new signature updates to customers; provides more information on the programs and processes running on users' PCs; and eliminates the need for rebooting following the downloading of new anti-spyware signatures for some customers, according to Microsoft.
Beta 2 of Windows AntiSpyware is still slated to hit some time before the end of calendar 2005, Microsoft officials confirmed on Tuesday. But Microsoft has yet to commit to a final delivery date for the product. Microsoft will decide on that date once testers send in Beta 2 feedback, officials have said.
Currently, Windows AntiSpyware is mostly a consumer and small/mid-size business-focused offering. But Microsoft also has said it is planning an enterprise version of Windows AntiSpyware. The company has yet to release timing or other details on that product.
Spyware researchers picking apart one of the more notorious spyware programs have stumbled upon what appears to be a massive identity theft ring hijacking confidential data from millions of infected computers.
Sunbelt Software Inc., makers of the enterprise-grade CounterSpy spyware protection product, made the discovery during an audit of "CoolWebSearch," a program that routinely hijacks Web searchers, browser home pages and other Internet Explorer settings.
During the research, Sunbelt researcher Patrick Jordan deliberately installed the "CoolWebSearch application on a machine and immediately noticed that the infected system became a spam zombie that was placing callbacks to a remote server.
When Jordan visited the remote server, he was shocked to find that it was being used to distribute sensitive personal information from millions of PC users infected by the spyware application.
"We found the keylogger transcript files that are being uploaded to the servers. We're talking real spyware stuff…chat sessions, usernames, passwords, bank account information, full names, addresses," said Sunbelt president Alex Eckelberry.
In an interview with Ziff Davis Internet News, Eckelberry said the sophistication of the operation suggests it's the work of a "massive identity theft ring" that used keystroke loggers to grab confidential information that could be used to create fake online identities.
"I'm not being dramatic. This is the most repulsive thing I've ever seen. It's very painful to see what's in these log files that are being uploaded in real time. We're seeing a lot of bank information and usernames and passwords to get in," Eckelberry said.
He said the log files included logins to one business bank account with more than $350,000 and another small company in California with over $11,000, readily accessible.
"There are lots of eBay account information and names and addresses of the people owning those accounts. Names, passwords, all matched up," Eckelberry added.
He said the server, which is hosted out of a data center in Texas, was effectively a "massive repository of stolen data" that was being replenished in real time.
"As the [log] file gets to a certain size, it gets taken down and a new file starts generating. This goes on nonstop. We've been watching it for a few days while trying to get to the FBI, and it just keeps growing and growing."
While the site is being hosted in the United States, Eckelberry said the domain name is registered to an offshore company.
Eckelberry said the huge size of the log files is a clear indication that thousands of machines are pinging back daily.
In some cases, where users appeared to be at immediate risk of losing a considerable amount of money, Sunbelt has contacted the affected individuals.
Eckelberry said the "CoolWebSearch" payload included a typical adware download that immediately scanned the infected machine for e-mails to use for spam runs. It then sets up a "very intelligent keylogger" that looks for very specific information.
"This won't get caught by a typical anti-spyware application," he said, noting that the keystroke logger was able to pick up identity-related data for delivery to the remote server.
Anti-virus vendor Trend Micro Inc. provides a free online scanning tool that detects and deletes the "CoolWebSearch" application.
The tool is available for the Microsoft Windows XP, Windows 2000, Windows Millenium Edition and Windows 98 operating systems.
Technical Cyber Security Alert TA05-221A
Microsoft Windows and Internet Explorer Vulnerabilities
Original release date: August 09, 2005
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security Bulletin Summary for August, 2005.
Overview
Microsoft has released updates that address critical vulnerabilities in Windows and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on an affected system.
I. Description
Microsoft Security Bulletins for August, 2005 address vulnerabilities in Windows and Internet Explorer. Further information is available in the following Vulnerability Notes:
VU#965206 - Microsoft Internet Explorer JPEG rendering library vulnerable to buffer overflow
Microsoft Internet Explorer contains a flaw related to JPEG image rendering that may allow an attacker to remotely execute arbitrary code. (CAN-2005-1988)
VU#959049 - Several COM objects cause memory corruption in Internet Explorer
Microsoft Internet Explorer allows instantiation of non-ActiveX COM objects, which may allow an attacker to execute arbitrary code or crash Internet Explorer. (CAN-2005-1990)
VU#998653 - Microsoft Plug and Play contains a buffer overflow vulnerability
Microsoft Plug and Play contains a flaw in the handling of message buffers that may result in a local or remote denial-of-service condition and arbitrary code execution. (CAN-2005-1983)
VU#490628 - Microsoft Remote Desktop Protocol service contains an unspecified vulnerability
An input validation error in the Microsoft Remote Desktop Protocol (RDP) service may allow a remote attacker to cause a denial-of-service condition. (CAN-2005-1218)
VU#220821 - Microsoft Print Spooler service contains a buffer overflow
A buffer overflow in the Microsoft Print Spooler service may allow a remote attacker to execute arbitrary code on a vulnerable system. (CAN-2005-1984)
II. Impact
Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code with SYSTEM privileges or with the privileges of the user. If the user is logged on with administrative privileges, the attacker could take complete control of an affected system. An attacker may also be able to cause a denial of service.
III. Solution
Apply Updates
Microsoft has provided the updates for these vulnerabilities in the Security Bulletins and on the Microsoft Update site.
Workarounds
Please see the individual Vulnerability Notes for workarounds.
Appendix A. References
* Microsoft Security Bulletin Summary for August, 2005 - <http://www.microsoft.com/technet/security/bulletin/ms05-aug.mspx>
Less than a week after Microsoft patched a critical hole in a common Windows service, a new worm is circulating that exploits the hole in unpatched Windows 2000 systems and uses it to proliferate.
Two new variants of the worm, "Zotob.A," and "Zotob.B" appeared on Saturday and use code released on the Internet last week for attacking a hole Microsoft patched on Aug. 9 in the Windows Plug and Play service.
However, the new Zotob worm is not as virulent as close relatives such as Sasser and Blaster. The bigger threat may come from stealthier programs, known as "bots," which are using the newly disclosed Windows hole to gain access to unpatched systems, according to Mikko Hyppænen, manager of antivirus research at F-Secure Corp. of Helsinki, Finland.
F-Secure rated the Zotob worm variants a "level 2" threat, the company's second highest designation for viruses. However, Symantec Corp. and McAfee Inc. both rated the worm a "low" threat Monday.
The security hole affects the Windows Plug and Play (PnP) service, a common component that allows the operating system to detect new hardware on a Windows system. For example, when Windows users plug in a new keyboard or mouse, PnP detects it and allows Windows to load the software, or "drivers," that are needed to use the hardware on Windows.
A buffer overflow in PnP could allow a remote attacker to take complete control of Windows 2000 systems, installing their own programs and viewing, changing or copying data from the computer's hard drive.
Microsoft issued a fix for the PnP hole, MS05-039, which the company rated "critical" with the monthly patches for August on Tuesday.
Code to exploit the hole, attributed to a group named "houseofdabus," appeared on a well-known security Web site on Wednesday. By late Saturday, somebody had cobbled that exploit code to freely available worm replication code and created Zotob.A, said Hyppænen. "There's not a lot of new code here," he said.
The houseofdabus exploit code used by the worm can only be used to remotely attack unpatched Windows 2000 systems. An attacker would need to be able to log in to a vulnerable system using a user or administrator account to remotely exploit Windows XP or Windows Server 2003 systems, which lessens the impact of the exploit, Hyppænen said.
The worm looks for systems that have communications port 445 open then sends the attack code to the computer using that port. Once the worm has compromised a system, it installs a shell program that downloads and installs the full worm code, named haha.exe, using FTP (File Transfer Protocol.)
The exploit code for Zotob was written by the same individual or group that crafted the exploit code used in the Sasser worm. As with that worm, the exploit causes infected machines to reboot unexpectedly, which could tip off victims, Hyppænen said.
F-Secure collected some Zotob samples from the Internet on Sunday, but the new worm is not spreading quickly. However, organizations with a lot of Windows 2000 systems could be vulnerable, especially if an infected Windows 2000 system connects to such a network behind the corporate firewall, Hyppænen said.
Bots and other low-profile attack programs may be a bigger threat to enterprises than the Zotob worm is. F-Secure researchers have already detected traffic from variants of a large family of remote control "bot" programs called "Sdbot" that indicate the PnP exploit has been added to the pre-packaged exploits those programs use to gain access to victim machines, he said.
On Sunday, iDefense Inc., a security research company, said that it had discovered a new tool to automate exploitation of the PnP vulnerability, which it named 'Copa.A.' The tool, which uses Visual Basic script, allows malicious hackers to automate exploitation of vulnerable Windows systems, given a list of valid IP addresses and the PnP exploit code, according to an iDefense e-mail statement.
The PnP vulnerability was discovered by a researcher at Internet Security Systems Inc. and reported to Microsoft. It is just the latest evidence of security holes in the code Windows uses to load third-party hardware and peripheral devices.
In July, SPI Dynamics Inc. reported buffer overflow vulnerabilities to Microsoft that could enable an attacker to circumvent Windows security and gain administrative access to the machine.
Wolf Blitzer is beside himself about this new warning. He's spent the past half hour trying to convince people to shut their computers down to be safe.
He's acting like this is doomsday but the tech people reporting aren't as concerned.
What the hell's wrong with him, besides the obvious?
I'm sure he was. CNN & ABC were two of the high profile places actually hit by the worm. According to NPR this morning, ABC got it's nightly news together last night by having people type it out on electric typewriters.
I guess he missed the part that it was primarily targetting Win2k. Not something the average user has at home. Of course, doesn't say much for their IT dept that they got hit. All they had to do is be up to date on their patches.
Apple Mac Products are Affected by Multiple Vulnerabilities
National Cyber Alert System
Technical Cyber Security Alert TA05-229A
Apple Mac Products are Affected by Multiple Vulnerabilities
Original release date: August 17, 2005
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X version 10.3.9 (Panther) and version 10.4.2 (Tiger)
* Apple Mac OS X Server version 10.3.9 and version 10.4.2
* Apple Safari web browser
Please see Apple Security Update 2005-007 for further information.
Overview
Apple has released Security Update 2005-007 to address multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser, and other products. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities include bypassing security restrictions and denial of service.
I. Description
Apple Security Update 2005-007 resolves a number of vulnerabilities affecting Mac OS X, OS X Server, Safari web browser, and other products. Further details are available in the following Vulnerability Notes:
VU#913820 - Apple Mac OS X Directory Services contains a buffer overflow
A buffer overflow in Apple Mac OS X Directory Service's authentication process may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. (CAN-2005-2507)
VU#461412 - Apple Mac OS X Server servermgrd authentication vulnerable to buffer overflow
Apple Mac OS X Server servermgrd contains an unspecified buffer overflow vulnerability in its authentication handling routines. This vulnerability may lead to remote execution of arbitrary code. (CAN-2005-2518)
VU#435188 - Apple Mac OS X AppKit vulnerable to buffer overflow via the handling of maliciously crafted rich text files
A buffer overflow vulnerability exists in a component of Apple's Mac OS X operating system that handles rich text files. (CAN-2005-2501)
VU#172948 - Apple Mac OS X AppKit vulnerable to buffer overflow via maliciously crafted Microsoft Word files
A buffer overflow vulnerability exists in a component of Apple's Mac OS X operating system that handles Microsoft Word files. (CAN-2005-2502)
VU#420316 - Apple Mac OS X Safari vulnerable to arbitrary command execution via URLs in PDF files
Apple Mac OS X WebKit and Safari security controls may be bypassed, possibly allowing remote command execution. (CAN-2005-2522)
VU#709220 - Apple Safari fails to perform security checks on links in rich text content
Apple Safari fails to perform security checks on hyperlinks in rich text content, which may allow an attacker to execute arbitrary commands on a vulnerable system. (CAN-2005-2516)
Please note that Apple Security Update 2005-007 addresses additional vulnerabilities not described above. As further information becomes available, we will publish individual Vulnerability Notes.
II. Impact
The impacts of these vulnerabilities vary. For information about specific impacts please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service.
III. Solution
Install an update
Install the update as described in Apple Security Update 2005-007. In addition, this update is available via Apple Update.
In computing's early days, programmers would share their work between one another in the spirit of creativity and innovation, passing source codes among colleagues for new perspectives on tough programming challenges.
Then technology became big business, and the practice was pushed into the underground, as companies looking to protect their products replaced the ideals of the age with secrecy, non-disclosure agreements, and intellectual property lawyers.
Never fear, counterculture types. You can still liberate the code, and experience many other perks, by becoming part of the open-source movement.
With the steadily increasing number of open-source applications on the Web, there are more projects than ever to check out, covering nearly every imaginable application: from word processors and e-mail applications to media players and video games.
And although the yeoman's work on these developments does come from computer programmers, everyday users will still find that they can contribute to open-source software while taking advantage of these inexpensive alternatives to traditional, commercial software packages.
What is open source?
Programs that are open source generally have three things in common. Most notably, they're free. But so are many other kinds of software out there – like shareware, freeware and adware.
What further sets open-source programs aside from their budget-priced brothers is that their underlying source code is also free and open for others to examine, modify and update. Instead of hoarding the secrets of the programming innards, like commercial software, open-source programs encourage others to tweak the programs, fix bugs, and add features – essentially, they are invited to become part of the development team.
Open-source software can also be distributed freely: Copy it, give it to friends, even package and sell it if you like, as long as you continue to provide others the ability to do the same in accordance with the terms set by the Open Source Initiative, a nonprofit group that maintains the open-source standard.
Who's using open source?
Users of open source are constantly growing in number, as it becomes a more popular option for budget-minded operators, including nonprofit organizations like Greenpeace as well as many international governments. In Brazil, for example, cities like Recife and Amparo have encouraged the use of open source and limited proprietary programs like MS Office.
Berlin, Germany and Florence, Italy both encourage city groups to use open-source software as often as possible, and in France, the Federal Agency for Technologies of Information and Communication in Administration promotes free and open-source standards around the nation.
At one time, open source held the reputation of "developers only" software, as only those with engineering degrees could learn to use the programs without in-depth documentation and help. But as the programs have continued to develop in further iterations, they have become considerably friendlier to use, even for the inexperienced but adventurous end user.
Why try open source?
The more people with access to the source code, the better it will work; or, according to what Eric S. Raymond (The Cathedral & the Bazaar ) called Linus' Law after Linux creator Linus Torvalds, "With enough eyes, all bugs are shallow."
Because finding bugs is a key part of the development process, proponents argue that open source results in a superior product, because more people are looking for errors and new software tweaks can be released as needed.
Proponents also contend that open source is more secure than proprietary programs because having source code accessible makes for transparent programs: Users can look into the software's innards and know exactly how their personal information is protected.
There are warm and fuzzy benefits as well. Open source brings users into a development community working together for a common goal: the best product possible. Submitting bug reports and suggesting improvements are things that the average user can do to better the software product.
What kinds of software are available?
There are many categories of open-source software, from back-end networking tools to personal productivity, games and file-sharing applications. What's more, a great many have expanded to embrace commercial operating systems like Windows and Mac OS as well as community-developed ones like Linux, making it even easier for newbies to tread open waters.
Among the most popular open source programs are those that can stand in for the kingpins of commercial applications and run on multiple operating systems.
Because of the pervasiveness of Microsoft Office at home and work, and the fact that the professional version can fetch over $300, its open-source competitor, OpenOffice, is an understandably popular alternative. OpenOffice comes with a word processor, spreadsheet, presentation program, Web page editor and drawing tool for inserting graphs and graphics into documents. Since last reviewed by PCMag.com, the program has gone through several more iterations; the latest stable release is version 1.1.4.
The GIMP editor is a robust image manipulation program that can replace proprietary programs like Photoshop as well as any associations with Pulp Fiction. GIMP stands for GNU Image Manipulation Program; you can think of it as the open-source Photoshop. The program lets users paint, touch up photos, create animations and much more, with advanced tools and an ever-increasing number of plug-ins that add new filters and special effects to your image work.
Although Mozilla's Firefox may get the lion's share of attention, the group's e-mail offering, Thunderbird, has met with an equal amount of acclaim, and the slick package comes equipped with many features, like HTML and POP account support, spam filters and e-mail encryption and other security tools. With an add-on calendar program and easy importing of contacts from Outlook, Thunderbird makes a respectable substitute for the Microsoft product.
For a quick and easy way to get a sample pack of such free and open-source software, try the free OpenCD. Version 3.0, released in July, bundles 16 programs in a single download, including the above programs, along with games, multimedia applications and other tools. All work with Microsoft Windows, allowing users to experiment with the programs without making it necessary to first convert their computers to an open-source operating system like Linux. And if downloading the package proves too difficult, OpenCD sells the suite on a disk for $5.
Where can I find more programs?
One good place to look for software is SourceForge, which claims to be the largest development and download repository for open-source programs. The site lists more than 100,000 registered projects and boasts 1.1 million users, making it a great place to start searching for programs or looking for support. Other sites, like Freshmeat.net, also host program downloads, updates and information dedicated to the open-source community.
Where will it end?
Open-source concepts are beginning to extend beyond the bounds of software and into to other arenas as well. Wikis, for instance, permit open, community-based editing of information on the Web, while Creative Commons licenses offers a wide range of copyright options to authors and artists that often mirror the free, collaborative ethic of open-source software.
Such licenses have even gone on to inspire projects like OpenCola and OpenBeer, which share their secret formulas with the world as long as other makers share their recipes and credit the original work.
Should it end up on your computer, too? Open source software is great in concept, and there are a few notable programs that closely rival their commercial counterparts. The great majority, however, are works in progress.
For those who want simplicity and reliability, commercial packages may be your best bet – at least for day-to-day work. But if you're willing to experiment a little, and put up with some technical challenges, there is a wealth of programming - for free - in the open source community
Open-source software is booming; SourceForge.net lists more than 104,000 active projects on its Web site alone. With all the selection, why bother with commercial software at all? You might miss out on the latest popular titles, but there are plenty of open-source applications that can handle most computing essentials.
Don't worry if you're not ready to switch to an open-source operating system before dabbling in the software; though the process may be easier than you think, the programs on our open-source PC list all offer versions for Windows or Macintosh systems as well as for Linux and other open source-based systems.
Productivity suite: OpenOffice, likely the most successful open-source productivity pack and an attractive choice next to the costly Microsoft Office, comes with a word processor, spreadsheet, drawing program and Web page editor.
Anti-virus: ClamWin is among the most developed of the relatively slim options for open-source security programs. While the project has received some criticism over its scanning ability and the difficulty it has had drawing qualified developers, it does provide a measure of defense against many malware programs.
Web browser: Open source took a leap into the mainstream in 1998, when Netscape decided to release source code for its browser. The Mozilla Firefox browser, which rose from Netscape's ashes, enjoys success and a PCMag.com Editors' Choice Award thanks to its simple installation, many extensions and superior security.
E-mail client: What Firefox has done for Web browsing, Mozilla Thunderbird promises to do for e-mail, earning very good marks for its ability to custom-handle messages and filter junk mail, though online help may be lacking.
Educational programs: Celestia, a real-time, 3-D space simulation, is a free planetarium for the PC. Though Celestia is a complete program in itself, the many extensions available allow you to add further detail to the universe, by inserting additional elements like galaxies, asteroids and fictional spacecraft from your favorite sci-fi flicks.
Multimedia: Audacity, an open-source audio editor, gets the job done as a simple tool for recording streaming audio.
Fake charity sites, e-mail solicitations try to cash in on public sympathy
Web sites claiming to collect donations for Hurricane Katrina victims. Phony e-mails pretending to solicit money from well-known charities. Online auctions of Internet domain names with Katrina-related addresses, such as "katrinaourtsunami.com."
Less than two days after the hurricane, Internet opportunists are already trying to cash in on public sympathy for Katrina's victims.
Within the past 24 hours, several Web sites have emerged, promising to forward money to relief workers. Bearing such names as Katrinahelp.com, katrinadonations.com and katrinarelief.com, the sites ask for money to be sent through Paypal, but there is no way to verify who is getting the money.
EBay late yesterday halted an online auction of several Katrina-related Web site names, such as "ourtsunami2005.com." Bidding was to start at $15,000, and the seller promised to deliver half of the final winning bid amount to the American Red Cross. EBay allows sellers to dedicate a portion of their profit to charities but requires the seller to either sign up for eBay's own giving program or obtain permission from the charity first. Red Cross officials said no permission had been granted, and eBay said it terminated the auction because the seller did not observe rules on charitable giving.
After last year's tsunami in South Asia, a survey by MasterCard International and security firm NameProtect Inc. found more than 170 tsunami-related scam sites being used to siphon donations to relief efforts. Using a technique known as "phishing," sites or e-mails pretend to represent a legitimate company, such as a credit card firm, to get consumers to post personal information such as a credit card number or bank account.
Yesterday, FBI spokesman Paul Bresson said the agency was investigating reports of fraudsters using e-mail and Web sites to impersonate legitimate fundraising and relief organizations.
"People who want to make a donation or contribute to a cause should actively seek out reputable organizations and then contact them by telephone or by typing their Web address into a Web browser," Bresson said. "The important point is that they initiate this contact on their own."
Federal Trade Commission spokeswoman Claudia Bourne-Farrell said people should never click on any link in an e-mail solicitation because they may end up at a site that looks real but is set up by identity thieves to get confidential information. "If you get an e-mail from the Red Cross, close the e-mail and go to the Red Cross Web site as you otherwise would," through a search engine, phone or regular mail, she said.
It's not just solicitations consumers should worry about. Security experts also caution computer users to remain vigilant against e-mails claiming to contain attached photos of the disaster because clicking on such files could launch viruses or worms.
Fraud watchers said Americans who want to make contributions should stick to Web sites of established national charities. The Web site for the Federal Emergency Management Agency (http://www.fema.gov/news/newsrelease.fema?id=18473 ) also lists a number of Web sites where people can securely send donations to legitimate charities, as does http://www.give.org, part of the charity-monitoring service of the Better Business Bureau.
Art Taylor, president of the Better Business Bureau's Wise Giving Alliance, said consumers shouldn't be in a hurry to contribute.
"Be careful about new charities that spring up overnight. They may have good intentions, but they don't have the means or experience to deliver aid. And there's no need to feel you need to do something immediate. What charities can possibly be on the ground right now providing services? We can barely get soldiers and other relief people into the area to help. You have time to be deliberative and think through how you want to help. Check out the organization first."
Trojan exploiting unpatched Office flaw found in the wild
October 03, 2005, 08:55 BST
Code exploiting the flaw in Microsoft Office was first published in April; the software behemoth has promised 'appropriate action'
A new Trojan horse exploits an unpatched flaw in Microsoft Office and could let an attacker commandeer vulnerable computers, security experts have warned.
The malicious code takes advantage of a flaw in Microsoft's Jet Database Engine, a lightweight database used in the company's Office productivity software. The security hole was reported to Microsoft in April, but the company has yet to provide a fix for the problem.
"Microsoft is aware that a Trojan recently released into the wild may be exploiting a publicly reported vulnerability in Microsoft Office," a company representative said in a statement sent via email on Friday. The software maker is investigating the issue and will take "appropriate action", the representative said.
The Trojan horse arrives in the guise of a Microsoft Access file, security software maker Symantec said in an advisory. When run on a vulnerable system, it would give a remote attacker full access to a compromised computer, Symantec said. The company calls the pest "Backdoor.Hesive" and notes that it is not widespread.
Although exploits had already been released in April when HexView publicly reported the flaw, the Trojan is believed to be the first actual threat to take advantage of the security hole. Security monitoring firm Secunia rates the issue "highly critical", one notch below its most serious rating.
"The vulnerability is caused due to a memory handling error when... parsing database files," Secunia said in its April advisory. "This can be exploited to execute arbitrary code by tricking a user into opening a specially crafted '.mdb' file in Microsoft Access."
Symantec advises users to be cautious when opening unknown files. The security software maker lists all recent Windows releases as vulnerable to the Trojan attack.
Hewlett Packard is recalling about 135,000 battery packs for some HP and Compaq laptop computers because of reports they overheated and melted, the Palo Alto, Calif., company announced Friday.
The lithium ion rechargeable battery packs are used with HP Pavilion, Compaq Presario, HP Compaq and Compaq Evo laptop computers.
The company has received 16 reports of the batteries' overheating; four cases occurred in the United States.
The recalled packs bear a barcode label starting with GC, IA, L0 or L1.
The battery packs were sold internationally from March 2004 through May 20005 by national and regional electronics stores and on Internet sites such as http://www.hp.com and http://www.hpshopping.com
Consumers should stop using the products and contact the company for a free replacement. For more information, call Hewlett-Packard at 888-404-7398 or visit http://www.hp.com/support/ or http://www.cpsc.gov.
May have my own opinions later. Installing it a giving it a try on a spare machine. But I found it fairly friendly before. Now it has the added benefit of being completely free for the workstation.