We all know that countries like China, Singapore, North Korea, as well as organizations such as the U.S. military, the State of Kentucky, and various corporations, local school districts and public libraries censor their Internet users’ web surfing. Bennett Haselton of Peacefire has a solution he calls the Circumventor.

And to bring in more Circumventor users, Peacefire is paying $10 per IP address to anyone who installs the anti-censorship software and leaves it running for at least a week.

Circumventor is a simple piece of software based on James Marshall’s CGIProxy script running under ActiveState Perl and the OpenSA web server on Windows 2000 or XP. (No word on whether it runs on Windows Vista, but I suspect it would.)

Once installed, the Circumventor creates a small Web service for which Peacefire then shares its URL with “people who need them, such as people serving in the U.S. military overseas, and victims of totalitarian dictatorships such as China, North Korea, and high school,” Haselton wrote on the Peacefire Web site.

It usually takes three or four days before Web filtering companies and national governments add new URLs to their blocking lists, Haselton said.

To get paid, you simply install the Circumventor software:

1. Download ActivePerl and install it. It must be installed to C:\Perl (this should be the default). Accept all of the default options.
2. Download OpenSA 2.0.2 beta and install it. Accept all of the default options. (If you get to a screen titled “Server Information” and it doesn’t have values filled in for “Network Domain”, “Server Name” and “Administrator’s Email Address”, just fill in these boxes with made-up random values — the Circumventor doesn’t use them.)
3. Download the circumventor-setup.exe program and pick “Save” — then once you have saved it on your computer, run the circumventor-setup.exe file that you saved.

Note that even if you have more than one computer in your home, you can only install it on one computer per external IP address (the address assigned by your ISP), you need a broadband connection where the IP address will remain the same for at least a week, and you may need to forward port 443 from your cable or DSL modem’s firewall to your computer.

Once you’ve installed it, e-mail bennett@peacefire.org with the URLs of the Circumventor scripts, which the program gives you during setup. After they’ve been up a week, he’ll send you $10 via PayPal or mail you a check.

And you’ll be helping people in less free countries bypass their national censorship filters, as well as helping U.S. servicemembers bypass their censorship filters.

(Hat tip: Electronic Frontier Foundation)

The U.S. Department of Agriculture said Wednesday that a hacker broke into one of its databases during the first week of June and may have accessed personal records for up to 26,000 Washington, D.C.-based USDA employees, former employees and contractors, about one fourth of the department’s work force.

Yes, that’s right, another one.

IT workers discovered the breach on June 5, and notified Secretary of Agriculture Mike Johanns the next day.

An initial forensic review indicated that no personal information had been accessed, but after further investigation, staff were unable to be certain of this, prompting Wednesday’s notification.

The USDA will offer free credit-monitoring services for one year to each of the affected people, Johanns said, and will notify the people affected by e-mail and by postal mail.

Government auditors have given the USDA an “F” on its computer security for the past several years. This shouldn’t surprise anyone: The database containing the personal information is on the same system as another database wide open to the public.

Earlier this month the National Nuclear Security Agency revealed that personal data for 1,500 Albuquerque, N.M., employees was stolen, and in May, a laptop assigned to a Veterans Administration employee containing personal information for over 26 million active duty and discharged veterans was stolen from his home.

People who believe they may be affected by the data breach can go to http://www.firstgov.gov/ or call 1-800-FED-INFO (1-800-333-4636) for more information.

I really should just write up a template for this, so the next time a government agency gets hacked, I can just drop in the name of the agency, the name of the head honcho, and post it. After all, government computer security sucks. At this rate I could start a Hacked Government Agency of the Month Club and never lack for an incident.

The Digital Millennium Copyright Act, passed in 1998 at the behest of the music and movie industries, has done little to benefit anyone except a select group of companies who have used its provisions to establish, maintain and expand a virtual stranglehold on the entertainment industry. The cartel which has arisen after this act does not benefit consumers at all; rather, it gouges them for as much money as they can possibly suck out, corrupts modern technology, and sets back the state of the art.

The remainder of this message is encrypted using an algorithm which provides virtually no security, but which (if I were so inclined) would open you up to lawsuits if you decrypted it without my permission.

Va 2001, gur pnegry vagebqhprq UQPC, be Uvtu-onaqjvqgu Qvtvgny Pbagrag Cebgrpgvba, n frphevgl zrnfher vagraqrq gb cebgrpg qvtvgny pbagrag nf vg’f genafzvggrq orgjrra UQ-pncnoyr qvtvgny qrivprf, fhpu nf arjre UQGI naq UQ-QIQ be Oyh-Enl cynlref. Gur ceboyrz vf gung vg vfa’g irel frpher ng nyy, naq va snpg vf snveyl rnfl gb oernx. Va snpg, vg jnfa’g vagraqrq nf erny frphevgl va gur svefg cynpr; vg jnf qrfvtarq gb nyybj gur zhfvp naq zbivr vaqhfgevrf gb svyr zber ynjfhvgf.

Rq Srygra bs Serrqbz gb Gvaxre unf na rkpryyrag sbhe-cneg frevrf cbfgrq guvf jrrx nobhg UQPC. (1, 2, 3, 4)

Gur synjf va UQPC frphevgl jrer npghnyyl qrfvtarq va gb gur flfgrz sebz gur fgneg. Gung’f evtug, Ubyyljbbq jnagrq gur flfgrz gb or vafrpher. Gurl jrer arire vagrerfgrq va cebivqvat erny cebgrpgvba sbe qvtvgny pbagrag, ohg vafgrnq gb cebgrpg gurve pnegry.

Haqre gur flfgrz nf qrfvtarq, nalobql jub jnagf gb ohvyq n gryrivfvba frg, QIQ cynlre, be nalguvat ryfr gung qbrf cerggl zhpu nalguvat jvgu qvtvgny ivqrb unf gb trg n yvprafr sbe UQPC. Vs gurl ohvyq na hayvprafrq qrivpr, gurl pna or fhrq haqre gur QZPN.

Gur boivbhf vzcyvpngvba bs guvf vf gung pbafhzre pubvpr vf yvzvgrq. Grpuabybtl juvpu jbhyq bgurejvfr rkvfg vf arire qrirybcrq orpnhfr bs gur yvprafvat erdhverq. Srjre cebqhpgf pbzr gb znexrg, naq gubfr gung qb pbzr gb znexrg ner zber rkcrafvir. UQPC nqqf nf zhpu nf $100 gb gur pbfg bs rnpu UQGI frg, sbe vafgnapr. Yrff vaabingvba gnxrf cynpr. Rira Zvpebfbsg zhfg obj, xvff gur evat, naq cnl hc, vs gurl jnag gb pbagvahr gb vapyhqr QIQ cynlonpx pncnovyvgl va Jvaqbjf.

Va gur zrnagvzr, UQPC vf rkcrpgrq gb or oebxra jvguva gur arkg lrne be gjb. Nyy gung’f arrqrq ner 40 qrivprf jvgu UQPC ohvyg va gb gurz naq n yvggyr ovg bs gvzr. Bapr gung unccraf, rirel UQPC rdhvccrq qrivpr vf creznaragyl pbzcebzvfrq. Fbzr frphevgl.

Ivn Ryrpgebavp Sebagvre Sbhaqngvba.

P.S. If you’re successful in decrypting the message, post the plaintext below.

Last August, Customs and Border Protection computers responsible for processing international travelers entering the U.S. failed for several hours due to a Windows computer virus, resulting in long delays in processing visitors. Now it comes out that the Department of Homeland Security could have prevented it, but decided to let it happen.

The Zotob virus attacked computers worldwide last August, causing failures for many news organizations, corporations and government agencies. One of the affected networks was the US-VISIT network, responsible for screening visitors to the U.S., which uses Windows 2000 workstations. On the evening of August 18, 2005, the system failed, and was restored in about six hours. Many thousands of visitors were delayed at airports and land crossings.

And the reason it failed, according to heavily redacted CBP documents (PDF) released under the Freedom of Information Act, was that the Department of Homeland Security deliberately held back the Microsoft software patch which would have protected the computers from the Zotob virus.

The disturbing part is that somehow that network is connected to the Internet, and if it could be infected with a virus propagating on the Internet, it may be open to hackers as well.

“That machine was reachable from some network, that was connected to some other network, that was connected to the internet,” says Tim Mullen, a Windows security expert and CIO of security firm AnchorIS. “There was some series of connections that manifested itself in those machines getting compromised.”

A September report by the DHS inspector general found computer security at CBP wanting. In a scan of 368 devices on CBP networks, investigators identified 906 security vulnerabilities rated as medium or high risk. They criticized CBP for failing to implement a comprehensive security testing program, among other issues.

“Our vulnerability assessments identified security concerns resulting from inadequate password controls, missing critical patches, vulnerable network devices and weaknesses in configuration management,” the report concludes. “These security concerns provide increased potential for unauthorized access to CBP resources and data.” — Wired News

Network security for the Department of Homeland Security is currently handled by Immigration and Customs Enforcement, but the department plans to transfer control of network security to CBP.

Generally I try to ignore President George W. Bush when he makes proclamations. But when he came out today and urged everyone to “use and regularly update their anti-virus software and firewall,” I felt I had to say something.

On Friday, Bush proclaimed the week of Feb. 5 through 11 as National Consumer Protection Week, urging “Government officials, industry leaders, and consumer advocates to provide citizens with information about how they can be responsible consumers, and I encourage all citizens to take an active role in protecting their personal information.”

As indeed they should. But I just wonder if he even knows what anti-virus and firewall software are? Or when is the last time he touched a computer?

During National Consumer Protection Week, we highlight the importance of consumer education in the ongoing fight against fraud and encourage consumers to make wise decisions.

Each year, nearly 25 million adults are victims of consumer fraud. These crimes damage lives and shake consumer confidence. The Federal Trade Commission (FTC) and other organizations recommend several steps that Americans can take to help protect themselves against fraud. First, consumers should be cautious about giving out personal information such as Social Security and account numbers. Second, they should be aware of the credentials of an organization before making a transaction, especially through the mail, over the phone, or on the Internet. Third, before finalizing a purchase or agreement, the FTC suggests considering offers with care, avoiding immediate decisions, and requesting to have information in writing. In addition, when using the Internet, the FTC recommends that consumers exercise caution in responding to solicitations and that consumers use and regularly update their anti virus software and firewall.

My Administration is committed to vigorous enforcement of the consumer protection statutes, and the Department of Justice’s Office of Consumer Litigation and other Federal agencies are working diligently to that end. The FTC is working to fight unsolicited e-mail under the Controlling the Assault of Non Solicited Pornography and Marketing Act and is establishing new rules under the Fair and Accurate Credit Transactions Act to further protect against identity theft. We are protecting American consumers through the National Do Not Call Registry.

Millions of Americans have registered already, and individuals may call 1 888 382 1222 or visit the Do Not Call website at www.donotcall.gov to have their number added to the list. Citizens can learn more about ways to fight fraud from the National Consumer Protection Week website at www.consumer.gov/ncpw. By actively guarding against fraud, consumers can protect themselves and enhance the strength and integrity of our Nation’s economy.

NOW, THEREFORE, I, GEORGE W. BUSH, President of the United States of America, by virtue of the authority vested in me by the Constitution and laws of the United States, do hereby proclaim February 5 through February 11, 2006, as National Consumer Protection Week. I call upon Government officials, industry leaders, and consumer advocates to provide citizens with information about how they can be responsible consumers, and I encourage all citizens to take an active role in protecting their personal information.

IN WITNESS WHEREOF, I have hereunto set my hand this third day of February, in the year of our Lord two thousand six, and of the Independence of the United States of America the two hundred and thirtieth. — George W. Bush

I try not to recommend particular brands of Internet security software, as they are generally for Windows, and Windows tends to be the source of computer security problems; the security suites are like plugging holes in your boat if you run Windows. That said, here’s my list of things you need to do to increase your security and avoid fraud:

• Add your telephone numbers to the National Do Not Call registry.
• Get your free credit report (this is the real deal).
• Don’t use Internet Explorer to browse Web sites. Use Firefox (or another browser) instead. Once you’ve installed Firefox, disable access to Internet Explorer (Windows 2000 SP4 and Windows XP).
• Ensure that your operating system and other software is kept up-to-date by visiting Microsoft Update regularly.
• Install personal firewall, anti-virus and anti-spyware software.
• Beware of offers you receive via e-mail. Some spammers send fake e-mail messages which appear to be from a legitimate company; this is called phishing. If you click a link in the e-mail message, you will be taken to a fake Web site where the criminal intends to capture your personal information and use it to commit identity theft. To avoid this, always type in the real Web site address yourself.
• In addition, never respond to any offer in e-mail which is of poor quality, has large numbers of misspelled words, etc. This is spam, and you’re likely to be a victim of fraud if you respond to these messages.

I’ve covered this issue in more depth: Is your computer endangering homeland security?

Two separate lawsuits filed in California and Texas on Monday allege that Sony BMG Music Entertainment distributed spyware on 52 music CD titles, which compromised the security of buyers’ computer systems when the CDs were inserted into Windows PCs, and transmitted data on the computer users’ listening habits back to the company.

Texas Attorney General Greg Abbott filed a civil lawsuit on Monday against Sony BMG Music Entertainment for hiding “spyware” software on its compact discs in a bid to thwart music copying.

According to the lawsuit filed in Travis County, several of the company’s music compact discs require customers to download Sony’s media players if they want to listen to the CDs on a computer.

Software included with that media player “remains hidden and active” after installation, the Attorney General’s office said, and makes users vulnerable to security risks and possible identity theft.

Sony said on its Web site that it had recalled all CDs that were installed with its XCP technology designed to prevent illegal music copying, Abbott said, but Texas investigators were able to purchase several of the CDs at Austin retailers on Sunday.

Texas is seeking civil penalties of $100,000 per violation of the state’s Consumer Protection Against Computer Spyware Act, which was enacted earlier this year.

“Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers,” Abbott said.

Sony announced on Friday that customers could exchange CDs that contained XCP software for new copies without the spyware, and download software designed to fix the security vulnerabilities. — Reuters

Separately, the Electronic Frontier Foundation filed suit in California, not only over the XCP software, but over another piece of software Sony used, known as MediaMax, which is on many more CD titles and suffers from many of the same problems.

EFF is pleased that Sony BMG has taken steps in acknowledging the security risks caused by the XCP CDs, including a recall of the infected discs. However, these measures still fall short of what the company needs to do to fix the problems caused to customers by XCP, and Sony BMG has failed entirely to respond to concerns about MediaMax, which affects over 20 million CDs — ten times the number of CDs as the XCP software.

“Sony BMG is to be commended for its acknowledgment of the serious security problems caused by its XCP software, but it needs to go further to regain the public’s trust,” said Corynne McSherry, EFF Staff Attorney. “It is unconscionable for Sony BMG to refuse to respond to the privacy and other problems created by the over 20 million CDs containing the SunnComm software.”

The suit, to be filed in Los Angeles County Superior court, alleges that the XCP and SunnComm technologies have been installed on the computers of millions of unsuspecting music customers when they used their CDs on machines running the Windows operating system. Researchers have shown that the XCP technology was designed to have many of the qualities of a “rootkit.” It was written with the intent of concealing its presence and operation from the owner of the computer, and once installed, it degrades the performance of the machine, opens new security vulnerabilities, and installs updates through an Internet connection to Sony BMG’s servers. The nature of a rootkit makes it extremely difficult to remove, often leaving reformatting the computer’s hard drive as the only solution. When Sony BMG offered a program to uninstall the dangerous XCP software, researchers found that the installer itself opened even more security vulnerabilities in users’ machines. Sony BMG has still refused to use its marketing prowess to widely publicize its recall program to reach the over 2 million XCP-infected customers, has failed to compensate users whose computers were affected and has not eliminated the outrageous terms found in its End User Licensing Agreement (EULA).

The MediaMax software installed on over 20 million CDs has different, but similarly troubling problems. It installs files on the users’ computers even if they click “no” on the EULA, and it does not include a way to fully uninstall the program. The software transmits data about users to SunnComm through an Internet connection whenever purchasers listen to CDs, allowing the company to track listening habits — even though the EULA states that the software will not be used to collect personal information and SunnComm’s website says “no information is ever collected about you or your computer.” If users repeatedly requested an uninstaller for the MediaMax software, they were eventually provided one, but they first had to provide more personally identifying information. Worse, security researchers recently determined that SunnComm’s uninstaller creates significant security risks for users, as the XCP uninstaller did.

“Music fans shouldn’t have to install potentially dangerous, privacy intrusive software on their computers just to listen to the music they’ve legitimately purchased,” said EFF Legal Director Cindy Cohn. “Regular CDs have a proven track record — no one has been exposed to viruses or spyware by playing a regular audio CD on a computer. Why should legitimate customers be guinea pigs for Sony BMG’s experiments?”

“Consumers have a right to listen to the music they have purchased in private, without record companies spying on their listening habits with surreptitiously-installed programs,” added EFF Staff Attorney Kurt Opsahl, “Between the privacy invasions and computer security issues inherent in these technologies, companies should consider whether the damage done to consumer trust and their own public image is worth its scant protection.”

Both the XCP and MediaMax CDs include outrageous, anti-consumer terms in their “clickwrap” EULAs. For example, if purchasers declare personal bankruptcy, the EULA requires them to delete any digital copies on their computers or portable music players. The same is true if a customer’s house gets burglarized and his CDs stolen, since the EULA allows purchasers to keep copies only so long as they retain physical possession of the original CD. EFF is demanding that Sony BMG remove these unconscionable terms from its EULAs. — Electronic Frontier Foundation

People have gotten years in prison for doing far less damage to people’s computers. Sony should be prosecuted to the fullest extent of the law, and perhaps its executives should face criminal charges over this.

To protect yourself against copy protection on CDs, hold down the Shift key while inserting the disc, or better yet, disable the Windows “autorun” feature. This prevents the illegal software from running on your computer, but the downside is you have to start your CD player — and applications on other CDs that you might use — manually.

A while back I wrote about trusted computing and how Microsoft’s implementation, the Next Generation Secure Computing Base, was set to impose onerous restrictions on computer owners, such as preventing them from playing legally purchased media with a player not approved by Microsoft. The post got some scathing criticism from some trusted computing practitioners who missed the point. Trusted computing is not the problem; Microsoft is.

Recently the Trusted Computing Group released a best practices document, Design, Implementation and Usage Principles for TPM-Based Platforms. The document, which Bruce Schneier reviewed in detail, says, among other things, that implementations should give the owner ultimate control of their computers and not put up interoperability roadblocks.

Even if not perfect, it’s a good start. I would trust a trusted computing implementation that followed these guidelines. So what’s the problem? “Microsoft is doing its best to stall the document, and to ensure that it doesn’t apply to Vista (formerly known as Longhorn), Microsoft’s next-generation operating system,” said Schneier.

If the document applied to Windows Vista, Microsoft would not be able to implement several planned DRM features at the request of Hollywood, such as the Protected Media Path.

Microsoft appears to be abusing its monopoly position (again) to gain even greater control over users’ PCs. This time, they’ve got the Hollywood studios backing them.

Updated A U.S. Customs computer system used for processing passengers arriving on international flights shut down for several hours Thursday, resulting in lengthy delays for arriving travelers.

At one point Miami International Airport had over 2,000 passengers waiting to clear immigration. The airport, along with airports in the New York area, were clearing passengers by hand. Los Angeles International Airport was able to use a backup computer system to clear passengers.

“Unfortunately with technology you have periods where things happen,” said Zachary Mann, a U.S. Customs and Border Protection spokesman in southern Florida. The outage was caused by the failure of a central database in Virginia that lasted from about 6 p.m. to 11:30 p.m., according to Mann. He did not give any further details.

It wasn’t known at this time whether the computer system was hit by the Windows 2000 virus which has been making the rounds the last few days, but these incidents once again illustrate the importance of not using Windows for mission-critical tasks, as well as keeping systems up to date with security patches, when available.

To ensure that your Windows computer has received the latest security patches, turn on Automatic Updates, or visit Windows Update. And for everyone’s sake, including your own, start looking into alternatives such as Linux.

Update August 20: It appears that this disruption in service was caused by the Zotob virus, according to the Wall Street Journal.

The DRM (digital rights management) technology to be included in Microsoft’s Windows Vista is set to give Hollywood movie studios unprecedented level of control over consumers’ PCs, according to a Microsoft white paper.

According to the white paper, Hollywood movie studios will have veto power over certain parts of Windows Vista, including aspects of driver design and cryptography, in Windows’ Protected Media Path. Consider:

Other companies are free to invent their own [encryption for video output] … but security considerations mean that there is a high bar to meet before a new cipher can be approved for use….

The evidence must be presented to Hollywood and other content owners, and they must agree that it provides the required level of security. Written proof from at least three of the major Hollywood studios is required. — Microsoft (Microsoft Word)

The upshot of this is that not only will the movie studios have unprecedented control over your computer’s hardware and software, but other operating systems such as Mac OS and Linux could be locked out from playing legally purchased DVDs, for instance.

The details can be found over at Freedom to Tinker, and more background information is availble from the Electronic Frontier Foundation.

Hollywood has gone much too far. As copyright holders they certainly have the right to restrict distribution of their works, but they do not have the right to dictate how we, the people who purchase and enjoy those works, view them. Imagine a major book publisher requiring you to read their books using only approved light bulbs and approved light fixtures. This is exactly what’s going on, and it needs to be stopped.

Find out more about Microsoft’s Next-Generation Secure Computing Base, of which the Protected Media Path is a part.

Consumers rarely have a disaster recovery strategy for their computer systems, and the few who do find it a frustrating experience, according to Larry Seltzer. But why bother?

A disaster, says Seltzer, can be anything: “a fire, it could be a hard disk crash, the computer could fall off the table, or it could be a massive virus infection or some other software disaster.”

Then what happens to your files? Even if the computer manufacturer repairs or replaces your computer under warranty, you’re going to find it comes back with the hard drive reformatted and back to factory software. All of your files will be gone. Or a virus could take out all your files.

Seltzer argues that simply having security software is not enough. How important is your data to you? Read the complete article at eWEEK.

I would say preventing disaster is the first thing to do. Installing Linux or getting a Macintosh would be a great first step towards preventing the inevitable disasters that befall Windows PCs.

Thanks to Security Awareness for Ma, Pa and the Corporate Clueless.

Microsoft has announced that their next version of Windows, codenamed Longhorn, will be named Windows Vista. Thanks to a reader who allowed me to spend some quality time with their MSDN subscription copy, I now have screenshots and an initial review.

As usual, click on the thumbnail to see each screenshot full size.

640×480

I only have one screenshot from the installation process, and it’s the big blue one here. This is what happens if you try to install Windows Vista to a blank, unformatted, unpartitioned hard drive. The Windows Vista installer can’t yet properly partition and format hard drives. To work around this problem you will need to use something else, such as a Windows XP CD, to partition and format the drive. Once you have a hard drive with an NTFS-formatted partition already on it, Windows Vista installation will begin properly. Otherwise you will receive an error stating that “Setup could not locate a locally-attached hard drive suitable to hold the temporary Windows Setup files,” even though the hard drive partitioning looks fine.

The only things the installation asked me for were the product key, the desired computer name, and where to install Windows. This is quite streamlined from previous installations.

1024×768

On first boot you will go directly into Windows. You’ll also notice that anti-virus software might not be installed (gee, you think?) and you should click this balloon to fix the problem. I’ll get to that later. For now, why don’t you eject your DVD and then re-insert it, and watch what happens.

1024×768

When you insert the Windows Vista Beta 1 DVD, this screen will appear. You can choose to run the program on the DVD, or if the disc contains multimedia content, you’ll have options to view or work with the content. You can also browse the files directly. This is pretty similar to Windows XP, so no real surprises so far.

1024×768

Okay, we had better take a look at the Start menu. First off, notice I’m logged in as Administrator. (With no password, since I was never asked to set one. I told you, the install was really streamlined.) There was no special first-boot process asking to add users or set an administrator password. It’s presumed that MSDN subscribers are smart enough to do this, but you never know. We’ll fix that and add some users later.

Before going on, take a look at the Lock and Shut down buttons. Where’s “Log off”? To log off, or get other options, click the arrow next to the button. I’ll have more to say on this later as well.

1024×768

For now, I’m going to go to the Control Panel and do some initial setup and configuration of this fresh new machine. Notice that everything is broken into categories, with subcategories or more refined choices showing below each. Most of these don’t do anything special, just going straight to the main control panel in question, and I discovered a few that did not work at all, except in Classic View.

1024×768

Okay, time to deal with that anti-virus thing. I go into Security, and it looks much the same as in Windows XP. First, I turned on Automatic Updates, just in case. Then I turned off automatic anti-virus software monitoring. You probably don’t want to do this in real life. Go get an anti-virus program; you will need it. However, I don’t know if any existing anti-virus programs work with Windows Vista. I might be able to cover this in a later article.

1024×768

Next I’m going to see if I can get a printer set up. I clicked on Printers and Faxes, and then Add Printer. It was pretty convoluted to get Windows Vista to print to my HP printer connected to my Linux server. You have to select the printer manually, set it up as an Internet printer, and go into advanced options and change the printer to LPR, and enter in the queue name. Then you have to choose the driver. If I’d made screenshots of all this, this page would have been a lot larger. LPR, in case you were unaware, is the original Unix network printing standard. Microsoft has no support for CUPS, the new Unix network printing standard, though CUPS can be combined with Samba to make Unix printers look like Windows shared printers. Certain types of high-end network printers still use the old LPR standard, though.

1024×768

I was able to successfully print to the printer, and the Windows Test Page bears no branding. It neither says Longhorn nor Vista on it. It merely says Windows. No big deal, but I was hoping to show it off. Oh well, can’t win ‘em all.

1024×768

Take a moment to hit Start, then All Programs, then Turn UAP Settings On or Off. You’ll see this dialog. Off by default in this build, User Account Protection (formerly known as Least-privileged User Account) enables you to run with a limited account, and be prompted for the administrator password when you do anything that requires administrator privileges. Mac OS X introduced this years ago, and Linux has had it for some time as well. I’ll point this out later when it comes into play.

1024×768

Okay, now it’s time to start up this much-hyped Internet Explorer 7. First thing, it tries to connect to Windows Update, which doesn’t work at all, since Windows Update has no support yet for Windows Vista. At the present time all updates for Windows Vista will come down via Automatic Updates only.

1024×768

Quit and restart Internet Explorer, and it’ll act normally. Here’s the MSN homepage in Internet Explorer 7 on Windows Vista. Note well that the location of everything has changed drastically. I spent several minutes looking for the Refresh button, for instance. So let me give you the guided tour.

The top bar contains the Back and Forward buttons, then the Address bar where you type in Web addresses, a drop-down control, then the Refresh button. When Internet Explorer is loading a page, this changes to the Stop button. After that comes the Search bar, obviously copied from Firefox. This one does MSN search, though. I’m told it can be changed, but changes itself back to MSN search. I haven’t played with it much yet to confirm this. Perhaps later.

The next bar shows the title and icon of the site you’re visiting. It doesn’t seem to have much more use than this. Why did they bother moving it off the title bar?

Finally, the customary menu bar appears. Next to it are Home, Favorites, History, Feeds, and Print buttons. I’ll cover the Feeds button below.

1024×768

Let’s see what my own web site looks like in Internet Explorer 7. Hm, not too bad. Maybe I should get around to adding that P3P code to my site to get rid of that cookie warning.

By the way, the User-Agent string for Internet Explorer 7 on Windows Vista is:

Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0; .NET CLR 2.0.50215; SL Commerce Client v1.0; Tablet PC 2.0)

If you install Avalon and Indigo, you get this User-Agent string instead:

Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0; .NET CLR 2.0.50215; SL Commerce Client v1.0; Tablet PC 2.0; Avalon 6.0.4030; WinFX RunTime 1.0.50215)

Don’t ask me about the Tablet PC thing. I don’t know. I also don’t know about SL Commerce Client; if you do, leave a comment below.

1024×768

One of the big things talked about in Internet Explorer 7 is its support for RSS feeds. Indeed, I found a couple already in the Favorites menu. So I decided to check out the IE Blog, and this is what I got. Obviously the RSS feed support still needs a lot of work, or at least a stylesheet. Hopefully this will develop further before release, or it will be pretty useless.

The Feeds button does light up and become active when the site you’re visiting has feeds available. Not all sites support this properly yet, unfortunately, even though Firefox has been doing it for years now and webmasters have had quite some time to get their sites up to date.

1024×768

Okay, time to create those user accounts. I’m going to create one administrator account for myself, and one limited user account for normal daily use. I go through the process of creating the administrator account first. I name it “error.” Much like every other account I’ve got out there.

1024×768

After that, I create the limited user account. For this purpose I named it “review.”

1024×768

Once the accounts are created, I’ll be sure and set the passwords on each of them, including the default Administrator account, which will be hidden from view as soon as I log out of it. If you have a lot of different people using your computer, turning on the Guest account might be a good idea.

1024×768

Remember the missing “Log off” option? Click on that arrow, and there it is. After a few times Windows will eventually remember that you prefer “Log off” over “Lock” and will switch the icons so that Log off shows instead. I’m going to log off now, and log back in with my new “review” account.

1024×768

The Log off dialog looks pretty normal. You can log off, or switch to another user account without logging off. I’m going to log off now, though.

1024×768

The Windows Vista login screen looks like this. To login, click the account name you want to use. Then type your password and press Enter (or click the arrow).

1024×768

And if you ever want to get into that hidden Administrator account, click on “Switch user” at the bottom, and you’ll get this complete dialog, which prompts for both username and password. You can then log on as Administrator, or any other hidden account which is enabled.

1024×768

Anyhow, I logged in as “review,” the limited user account, so I can poke around the system some more. Now if you go in the Control Panel and click on Appearance and Themes, you’ll see this. You have a lot of options, it seems, for configuring the appearance of the system and user interface functionality. It’s all here. Even Scanners and Cameras, which is rather puzzling.

1024×768

I’m not so sure I’m happy with this background, so I think I’m going to see about changing it. I click Display, and the User Account Protection comes up. Huh? Just what about changing the background requires administrator privileges? Anyway, so I put in my administrator password and the Display control panel opens.

1024×768

Unfortunately, it opens under the other window! Can you see it back there? Depending on where your windows happen to be at any given moment, you might not even be aware that anything happened! I don’t know if this is a bug, or a design decision, but it’s quite annoying. At one point I wound up with five Windows Firewall control panels open because of this. Hopefully Microsoft will fix this one.

1024×768

And now for a little interlude. Press Ctrl+Alt+Del and the Windows Security screen comes up. You can lock the computer, change your password, log off, or open the Task Manager. Wow, this is pretty. Press Esc or click Cancel to return to Windows. Did I mention it’s really pretty?

1024×768

Now it’s time to take a closer look at that Start menu. Notice Internet Explorer at the top, of course. Then Outlook Express and Windows Media Player. On the right, the usual items you expected from Windows XP, except that there’s a new one called Games. In Windows Vista, all games are expected to end up in this special area. If I get time later, I’ll go into it in more depth, but if you were looking for Freecell or Minesweeper, that’s where they are.

1024×768

Now for a big change: click on All Programs. The programs appear right here in the menu itself. You can click a folder to expand or collapse it, and a scroll bar will appear if the list becomes too long.

1024×768

I’ve expanded all the top-level folders to give an idea what this looks like with the folders expanded and the scroll bar showing. Against the darker right column the scroll bar isn’t that easy to see, so be on the lookout for it. Hopefully the theme will be tweaked a bit to make the scroll bar more clearly visible.

1024×768

Now for the most important thing you can do to a Windows computer, install Firefox. This actually turns out to be quite hairy and a royal pain, but Microsoft likes it that way, so don’t expect it to change.

1024×768

When you click on “Free Download,” first they warn you that files from the Internet could be potentially harmful, and default to Cancel. You have to click Run in order to start the download.

1024×768

Depending on your available bandwidth, the download could take a little while. If you’re on dialup, go have lunch. If you’re on broadband, go refill your coffee mug. And for Pete’s sake click that check box so that silly window doesn’t hang around after it’s done.

1024×768

Okay, now Internet Explorer is going to warn us again that files from the Internet are potentially harmful. If you click the More options button, you have the option of “Always trust software from Mozilla Foundation.” Anyway, click Run again, and you’ll soon be free of Internet Explorer. Yeah, right.

1024×768

I’m logged in to a limited user account, so I have to provide a valid administrator account and password in order to install the software. No big deal. In goes the password, and onto the computer goes Firefox. Finally!

1024×768

So after installing Firefox I start it up, and Windows Firewall decides it’s dangerous and blocks it! And there’s no Unblock button, apparently because I’m on a limited user account. So I try the “When should I unblock a program?” link, which does nothing. Apparently the Help and Support Center doesn’t work very well – or at all – in this beta.

1024×768

Another brief interlude to see what’s become of Windows Explorer. Here I’m browsing the hard drive to find where Firefox is installed, mistakenly thinking I can just right-click it to unblock it. Of course not. That would be too easy. And what’s with all the green?

1024×768

To unblock it, I had to go to Control Panel, Security, Windows Firewall, and then on the Exceptions tab, I can unblock Firefox. Hm, what is that Teredo thing and why is it there twice? Teredo, it turns out, is Microsoft’s proprietary IPv6 tunnelling protocol. Okay, fine, whatever.

1024×768

Finally! Firefox! Yes, make it my default browser! Please! I hate Internet Explorer! I even have grown to hate Internet Explorer 7.

1024×768

Okay, Part 1 is over. Time to shut the computer down. You get 30 seconds to change your mind, or you can force the issue by hitting the big button.

1024×768

Windows logs you off, and then begins shutting down all of its services.

1024×768

Windows finally shuts down.

Amazing, I didn’t kill anyone while using Windows Vista. And I got so stuck on the user interface that I didn’t even get much time to get into the underlying technologies that have bloated this version of Windows to fill 2.4GB of a DVD. I remember beta testing Windows 95. It came on thirteen floppy disks. DVDs didn’t exist. Where did all this bloat come from?

Anyway, that’s it for Part 1. Time permitting I’ll post further on Windows Vista Beta 1 and hopefully give some more coverage to the actual technologies which are built into it and/or planned for it.

Microsoft has begun implementation of its Next-Generation Secure Computing Base with the introduction of Secure Startup – Full-Volume Encryption in Windows Vista, though other components of the plan are too late to be included.

At this year’s Windows Hardware Engineering Conference, Microsoft announced that the Next-Generation Secure Computing Base was late, and most of the technology would not make it into Windows Longhorn, now known as Windows Vista. However, support for Secure Startup – Full-Volume Encryption will be included. Secure Startup ostensibly allows a Windows Vista computer to determine if its hardware environment has been tampered with, and refuse to boot if so, and also to encrypt the entire hard drive transparently to the user.

It’s rather interesting how this is supposed to work.

The feature uses a Trusted Platform Module (TPM) 1.2 in order to protect the hardware itself and to store the encryption key for the hard drive. Seth Schoen explains the implications:

When a laptop protected with this technology is lost or stolen, its hard drive cannot usefully be decrypted if removed from the laptop; if the laptop is booted normally, however, its operating system will continue to enforce its security policy, denying access to anyone who does not present the appropriate passwords or credentials. This technique can also protect data on a machine in a colocation facility by denying access to anyone who steals or seizes the colocated machine. In a sense, TPM-based hard drive encryption means that obtaining physical access to a machine will no longer allow someone to obtain administrator-privileged access to the data stored on that machine. It does not, however, inherently impose any new restrictions on those with authorized access.

Still, Microsoft notes that a skilled person can attack the TPM from hardware. Thus, someone who steals a laptop might be able to use the PC equivalent of a video game console mod chip to bypass the TPM protections and recover data. The hardware necessary for this attack is inexpensive, but the skill and time required are fairly great. It may therefore be the case that TPM-based file or disk encryption will provide adequate protection for laptops against opportunistic or non-targeted attack. As even the Trusted Computing Group acknowledges, the TPM is not intended to protect against a skilled hardware attacker. If hardware attacks against the TPM become cheap and readily available, the kind of protection TPM-based trusted computing offers to a stolen laptop — or a colocated machine with sensitive data — may appear increasingly inadequate. In Microsoft’s view, it is still likely strong enough to deter casual thieves from getting at sensitive information, because they are not likely to try to make sophisticated attempts to break a stolen system’s security policy. On the other hand, law enforcement agents or corporate spies might well develop automated means of defeating this kind of security. — Electronic Frontier Foundation

The long and short of it is this: Secure Startup – Full Volume Encryption will only protect your personal or corporate data against a casual attacker. Anyone determined to get at the data, such as a large corporation or a government, is going to get it anyway. This is mainly useful only in the circumstance that an employee’s laptop gets stolen; it won’t protect you against corporate espionage.

In addition, for those of you playing at home, the TPM as specified and implemented will ultimately place control of your computer in the hands of Microsoft. As the development of the Next Generation Secure Computing Base progresses, look for Windows technologies such as the Protected Media Path — which will be in Windows Vista — to prevent you from using your computer in completely legal ways.

In the near future, when you try to install software to time-shift your favorite Real Audio webcast, your PC might disable all media player applications. Until you remove the software, your PC will remain crippled. Or perhaps you want to watch a downloaded movie on a wide-screen TV, but your PC might turn off its video card’s analog output.

Welcome to the world of Windows Longhorn (now known as Vista) and the Protected Media Path, where Microsoft, copyright holders, and DRM licensors may grant or revoke permission to use your own computer and digital media. — Electronic Frontier Foundation

And why is Microsoft doing this? Because they’re the platform provider. (Warning: Microsoft’s statement on content protection is surprisingly content-free.)

Next-generation DVDs will apparently use a new encryption scheme called AACS (Advanced Access Content System). Like its predecessor CSS (Content Scrambling System) it is completely useless at preventing copying. Instead, it prevents playback of your original DVD on unapproved players. In order to build a DVD player, one must pay quite large licensing fees for CSS to include it in the DVD player.

In case you missed that very important point there, here it is again. CSS does not prevent copying DVDs. Anyone can make an exact copy a DVD, without ever decrypting it, and throw the copy in their DVD player, and it will play perfectly. In fact, this strategy is typically used by large-scale pirates. What CSS really does is primarily to enforce the DVD region-coding scheme and force manufacturers to pay to build DVD players. There is no reason at present to believe AACS will be any different.

And if you think you can escape, and actually play your DVDs the way you want to by switching to Linux, think again. Intel is planning to close that loophole with its East Fork project.

So, Linux becomes a forbidden for those who want to watch a movie legally. Think this is by chance? Think it won’t catch on? There is a $300 million plus ad campaign cooking to make sure you equate digital media with [East Fork], and don’t question that you are giving up all your rights to pay for the privilege. People are stupid, and by the time they catch on that the EF machine they bought is the main method that they are being screwed by, it will be too late and you won’t be able to buy anything else. — The Inquirer

If you want to maintain control over your own computer, you would be well advised to follow the trusted computing and Microsoft Next Generation Secure Computing Base initiatives closely. They currently represent the largest threat to computing as we know it by eliminating the ability for you to trust your computer. Not to mention all the money the movie studios stand to make from it.

Microsoft’s Windows Genuine Advantage program, aimed at preventing pirate copies of Windows from receiving updates and other Windows downloads, went into effect Monday.

Microsoft had been running the program as a pilot for several months, with optional validation, but as of Monday validation is now required for most Windows downloads from Microsoft.

In order to receive updates and Windows downloads from the Microsoft Download Center, Windows Update or Automatic Updates, your computer must pass through screening to determine if your copy of Windows is genuine.

The WGA validation process is designed to be quick and simple. On their first visit to the Microsoft Download Center, Windows Update or Microsoft Update, customers will be asked to participate in WGA. They will be prompted to download an ActiveX® control that checks the authenticity of their Windows software and, if Windows is validated, stores a special download key on the PC for future verification. The validation process does not collect any information that can be used by Microsoft to identify or contact the user. — Microsoft

If your computer fails validation, you will be given the opportunity to purchase Windows XP at a discount. If you send in proof that you received a counterfeit copy, including the original CD you received, you may be eligible for a free legitimate replacement.

Security updates remain available to all copies of Windows through the Download Center and Automatic Updates, but will not be available through Windows Update.

Unfortunately, I don’t have access to a pirate copy of Windows, so I was unable to test what happens when you attempt to update, but I do know from experience that not all security updates come into Windows Update or Automatic Updates, and it takes a little more work to keep your Windows system secure. Microsoft should be encouraged to ensure that all security updates become available through Automatic Updates, or their well-meaning gesture is for naught.

The Microsoft Baseline Security Analyzer will get you whatever other security updates you need. Unfortunately it seems that you have to go through validation to get hold of it. Real smart, Microsoft.

Update 28 July: Boing Boing has an article on how to bypass Windows Genuine Advantage. It takes all of five seconds.

Update 6 August: Another article shows a better way to crack Windows Genuine Advantage.

Should it have been titled Windows Wasteland?

Microsoft recently announced the name of its next version of Windows, to be called Windows Vista. Previously codenamed Longhorn, it has been a huge disappointment to reviewers who obtained advance copies.

Longhorn build 5048 is hugely disappointing from an end user perspective because it shows how far behind Microsoft is in delivering the next client version of Windows. — Paul Thurrott

Focusing on user interface improvements, and not even managing to get those right, Microsoft has dropped several previously planned technologies from the release, such as WinFS.

It’s unclear just what exactly Windows Vista will provide as major improvements over previous versions of Windows. Supposedly you will be able to better organize and search your files, for one, but nobody seems to be too impressed with this feature. But isn’t it so pretty?

Microsoft says, “In today’s digital world, you want the PC to adapt to you, so you can cut through the clutter and focus on what’s important to you.” But Windows has been forever focused on removing users’ control over their own computer. Microsoft says, “[Windows Vista] enables a new level of confidence in your PC and in your ability to get the most out of it.” But Windows inspires much more fear and loathing than confidence.

If you really want control of your computer, and confidence in it, you have to dump Windows.

Update: XeroCool reports that Windows Vista may be facing legal trouble already. Vista, a Redmond, Wash., company, has stated they may sue Microsoft over the name Windows Vista. You’d think someone would have noticed that company just down the street.

It seems the Department of Homeland Stupidity can’t even keep its own web site up. Visitors to the site tonight receive a page which looks much like this. Other pages report either “No content found” or “Error 500.” And you want to trust these people with your computer security? They’re running Java Server Pages. Come on! It’s 2005. You can do better than that.

I’ve got your java.lang.NullPointerException right here, Mr. Chertoff.