Comcast – Xfinity malware

Comcast says that it is re-engineering it’s software for new customers, for installation and to start new service with the ISP. The software is unfriendly to computer users in general as it changes the browser’s homepage to comcast.net, and blocks users from changing it to anything else. I have encountered “mandatory” software from ISPs before and have always skipped it to no ill effect. I have always hated these “internet installation disks.” Every time I have signed up for internet service, I throw the CD right into the trash. The CDs are worthless and anything but “necessary.” If you’re lucky, they simply connect to a web interface and register your router’s MAC address with the system. But nearly every one of these disks also throws in a bunch of crap that is annoying, unnecessary, and very frustrating. In my experience, the following things have been done by various “installation disks” handed out by ISPs:

• Changing your browser’s homepage
• Changing the suffix on Internet Explorer (i.e. every IE window title is “Internet Explorer — brought to you by Comcast”)
• Installing bloatware (such as “diagnostic tools” or various anti-virus and anti-spyware — not a problem unless you like to choose these products yourself and/or already have some installed and/or just don’t want them)

Those are just the things I remember seeing and it’s impossible to know what else they might be doing. They never ask permission for anything and always imply that using the disk is required to get your service working. I have never found an ISP that I couldn’t get my computer working on without their installation disk. In one case, I had to check the default gateway assigned to my router by DHCP and try connecting to it with a web browser in order to register my router. But that was many years ago. I haven’t had anything so complicated since. These days, you just need to plug in and you’re generally good to go (assuming you make use of an ISP provided modem, as I do — your mileage nay vary with your own modem, but it shouldn’t require the installation disk). In general, I consider these disks to be malware, as I do any application that makes changes to your computer under false pretense or without your express permission. I’ve helped a lot of Comcast customers — including myself — set up their new service or replace their cable modem. Activating a new modem with Comcast is still necessary to get out of the “walled garden,” from which any DNS query returns the address of the Comcast modem activation page. However, you have at least two available ways to get out of this:

• Choose the “installer” option, and provide your address and other account information. Comcast will activate the modem without a software installation, although you won’t generate a Comcast Email address (as if you care).
• Call Comcast. Tell them that you only have a work PC, and you cannot install software on it because you are not local Administrator. They will activate your modem and create an Email address for you.

My reaction would be “It’s a $25 fee to install software on my PC and $15 per month to rent the space. I take cash or credit cards, otherwise I’ll need your social security number to verify your credit.”

I heard from someone who’d just signed up for Comcast’s Xfinity high-speed Internet service and soon discovered some behavior on his Mac that is akin to Windows malware — something had hijacked his Internet settings. The technician who arrived to turn on the service said that a software package from Comcast was necessary to complete the installation. My friend later discovered that his homepage had been changed to comcast.net, and that Comcast software had modified his Firefox profile so that there was no way to change the homepage setting. Here is the result.

Comcast initially blamed the problem on a bug in Firefox. Mozilla denies this, and says it’s Comcast’s doing.

“This is NOT a Firefox bug or issue,” a Mozilla spokesperson wrote in an email. “It is a Comcast method that applies preference changes to Firefox.”

Comcast spokesman Charlie Douglas acknowledged that the Xfinity software hijacks Firefox’s settings. He said the problem is limited to Mac users, and that permanency of the change was unintentional. He added that the company is in the process of correcting the installation software.

“Customers absolutely should be able to change their preferred homepage anytime,” Douglas said. “We’re obviously apologizing for any inconvenience we’ve caused users.”

I just tell them I’m not going to put their software on my computer, and insist they do it manually. You just have to remind them who the boss is, in this little endeavor. Firefox appears to be the only browser severely affected. Interesting. Even more interesting is how quickly they deleted my comment from the Facebook fanpage. This is the homepage Comcast insists I enjoy. Luckily Ryan Parman of ryanparman.com figured out what Comcast was doing and how to reclaim your homepage in Firefox. Here is the fix which worked for me. Please note the following about different browsers and what I’ve witnessed with Comcasts little sneak attack. Opera – did not show any signs that Xfinity/Comcast installed any malware on my computer nor did their installer change the home page. Safari – easily fixed by setting the home page back to the URL of your choice. Chrome – easily fixed as well by going into your preferences and simply changing the home page URL.

Word to the wise – Do not install any Comcast offered software, most specifically Constant Guard, Nortons or Symantec as you do not need it.

Windows Patch Tuesday – August 2011

On Tuesday, August 9 at 10AM PDT Microsoft plans to patch 22 vulnerabilities for Internet Explorer, Windows, Visio and Visual Studio as part of the August Patch Tuesday release.

Microsoft will release 13 security bulletins, two of which are rated “critical,” the company said Aug. 4. Nine were rated as “important” and the final two were listed as “moderate” according to the preview announcement.

Even though there are more bulletins than the July update, the number of vulnerabilities remained the same, which is unusual, considering Microsoft recently has been alternating large updates with small ones. August was expected to be a heavy month.

Considering there were 16 bulletins fixing 34 vulnerabilities in June and 17 bulletins fixing 64 bugs in April, 22 vulnerabilities across 13 bulletins doesn’t sound so big, after all. Even so, IT administrators still have a lot of work ahead of them, as they may still be dealing with the 78 patches from Oracle’s July Critical Patch Update on July 19 and Apple’s update for Mac OS X Lion on July 20, said Paul Henry, security and forensic analyst for Lumension. “Microsoft is making IT admins earn their Labor Day holiday,” Henry said.

The bi-monthly update for Internet Explorer is rated as critical and is most likely the one administrators should deploy first, Storms said. The IE update is critical for all platforms and applies to all versions, from IE 6 through 9 on Windows 7, Vista, XP, 2003 and 2008, according to Microsoft. This would be the second update for IE9 in less than five months since its release.

Two of the 13 bulletins are rated “critical,” Microsoft’s highest severity rating. Microsoft Windows users will want to pay special attention to the Internet Explorer bulletin because the issues can expose users to drive-by download attacks via the browser. The update fixes flaws that introduce remote code execution risks on all versions of Internet Explorer, including the newest IE 9. ”If left unpatched, attackers could use this vulnerability to remotely take control of victims’ systems,” said Wolfgang Kandek, CTO for Qualys.

Since the preview announcement doesn’t provide any details on what the actual flaw is being patched, users should limit their use of Internet Explorer to only visit trusted sites and be careful about clicking on links, said Marcus Carey, a security researcher for Rapid7. Servers should never be used to browse the Internet, but many organizations do so anyway, and “compromise their crown jewels,” Carey said.

Concerned users should consider using an alternate browser, such as Firefox or Chrome, until the patches are live, according to Carey. I say quit using Internet Exploiter altogether.

“While multiple browsers can be an administrative headache at times, it comes in handy in situations like this,” said Carey.

The other critical bulletin addresses flaws in the two newest versions of Microsoft’s server operating system, Windows Server 2008 and Server 2008 R2. While Server 2003 has the same vulnerability, Microsoft said the update was only “important” for that version.

“Server administrators should apply patches immediately as this vulnerability also leads to remote code execution,” said Kandek.

Nine bulletins are specific to Windows vulnerabilities, but five of them won’t apply to Windows XP. One of the bulletins addresses issues in Windows 7 and Server 2008 R2, the latest versions of the desktop and server software. Considering Vista shares a lot of code with Windows 7, it was a little puzzling that the bulletin did not patch Vista, according to Storms.

Microsoft is expected to update .NET framework, Visual Studio 2005 development tool and all supported versions of Visio. Microsoft also patched a DLL vulnerability in Visio last month that could have been exploited with a remote code execution attack.

“We have seen other Visio vulnerabilities fairly recently and recommend including the software in your regular patching cycle and/or have users not using that software remove it from their systems,” Kandek said.

A good point is made, if you not using a particular piece of software then remove it.

Another point, JavaScript and Flash are known two ways to infect your computer. I block them by default and maintain a white-list of sites that I allow them to function.

• Disabling JavaScript and Flash for untrustworthy sites. This will help to reduce possible attack vectors for these Trojans, and hence reduce the possibility of you ever seeing ‘Your PC is infected with malicious software and browse couldn’t be launched’ on your browser. Most web browsers will allow you to disable these options by default.
• Keeping your web browser updated. Updates will often fix security loopholes that are exploited to force malicious security programs like Trojans onto your PC.
• Avoiding downloads of anti-virus or anti-spyware programs from non-reputable sources. Many rogue security programs are widely-distributed through generalistdownload storehouse websites, and most will even have their own professional-looking home websites. Verify the integrity of an anti-malware program through multiple sources, beforehand. I highly recommend ESET’s offering.

Google Chrome at 20%

Google Chrome’s rise in popularity has been remarkably fast and it has just hit a new milestone. More than 20% of all browser usage has hit 20 percent market share, according to StatCounter. Net Applications has Chrome cracking 13 percent. Either way, Chrome is growing fast versus IE and Firefox.

Chrome rose from only 2.8% in June 2009 to 20.7% worldwide in June 2011, while Microsoft’s Internet Explorer fell from 59% to 44% in the same time frame. Firefox dropped only slightly in the past two years, from 30% to 28%.

Most Internet researchers agree that Google’s Chrome Web browser is steadily gaining market share at the expense of established rivals, Microsoft Internet Explorer and Mozilla Firefox.

Two top browser researcher disagree on just how much market share Chrome has worldwide. StatCounter said Google claimed 20.7 percent browser share for June, up from 2.8 percent a year ago. Net Applications claimed Chrome actually corralled 13.1 percent, up from 12.5 percent through May.

More broadly, StatCounter said Firefox is next in line to be passed by Chrome at 28.3 percent, with IE at 43.6 percent. On the (much) lower end of the scale, Safari is at 5 percent, with Opera claiming 1.7 percent through the month. Net Applications meanwhile has IE at 53.7 percent, Firefox at 21.7 percent, Safari at 7.5 percent and Opera at the same 1.7 percent. While there is a wide differential between both firms’ figures, it’s clear Chrome is gaining share and momentum.

From Google Chrome officials own lips at Google I/O in May, Chrome had racked up more than 160 million users, up from 120 million in December. If that trend holds true, Chrome should crack the 200 million mark in October. Looking at some numbers based on StatCounter’s stats and guessed Chrome could pass Firefox this November and IE by June 2012. Assuming Chrome’s ascent continues at its average growth rate over the past six months (consider that it took Chrome only two years to hit 10 percent share) Chrome could even hit 50 percent share by November 2012.

Chrome first hit 10% in August 2010 and was still at 19% in May before surpassing 20% in June. If Chrome’s numbers seem a bit high that’s because StatCounter’s method of tracking highlights Google’s strength: attracting power users. Net Applications, another usage tracker, shows Chrome rising fast as well, up to more than 13% usage compared to Microsoft’s 54% and Firefox’s 22%.

“It is a superb achievement by Google to go from under 3% two years ago to over 20% today,” StatCounter CEO Aodhan Cullen said in a press release. “While Google has been highly effective in getting Chrome downloaded the real test is actual browser usage which our stats measure.”

But the groups count differently. While Net Applications tracks a browser’s total number of users, StatCounter measures the total number of website clicks. That means a Chrome user who surfs the Web more often than an Internet Explorer user has more weight in the StatCounter ranking. The discrepancy between the two groups’ findings suggests that users who spend the most time online have switched from Internet Explorer to Chrome or Firefox. There are many reasons for Chrome’s upswing and accelerated release cycles, which means Google is putting snazzy new features that other browsers lack in front of users faster. Case in point: the Chrome Speech capabilities to enable voice search on the desktop.

Chrome advertising and marketing for the browser and Chrome Operating System have also been playing their parts in the growth. Google last year began advertising Chrome on ESPN.com, the New York Times and other high-profile Websites for a year. In May, Google began pushing Chrome as the center of users life experiences, planting a marketing seed for Chrome OS notebooks.

The first Samsung Series 5 Chromebook launched June 15, while it’s unclear how many Series 5 Samsung sold through Amazon.com and Best Buy online. Google made Series 5 Chromebooks vailable for flights as well now. Virgin America is maintaining its reputation as the darling airline of the tech sector, and today it announced a new partnership with Google that will give travelers the option to test Google’s Chromebooks in their flight beginning tomorrow.

The promotion will last until September 30, and passengers will be able to check out a Chromebook at their departure gate and use it freely with Gogo in-flight Internet on their whole flight. In addition to the currently available Chrome apps, Virgin America has co-developed a special Chrome app with Google that includes discussion boards about Virgin America’s trip destinations, city guides based upon data from UrbanDaddy, and information about packing and travel planning. The app will be available in the Chrome Web Store later this month.

Chrome’s rise has been most pronounced in South America where it is the second-most used browser ahead of Firefox and behind Internet Explorer. In the United States, “Chrome has risen to 16% behind market leader IE on 46.5% and Firefox on 24.7%,” StatCounter said. StatCounter measures 15 billion page views per month, including 4 billion from the United States across a network of more than three million websites. Data from Net Applications, which tracks unique visitors to 40,000 websites, show that IE usage dropped from 60.5% in August 2010 to 53.7% in June 2011, while Chrome rose from 7.5% to 13.1% in the same period.

Net Applications also tracks usage of mobile devices, and has found that more than 5% of all Web browsing is now occurring from smart-phones and tablets. The trend toward mobile browsing is even more pronounced in the U.S., where 8.2% of all browsing takes place on mobile devices. Of that, 2.9% of U.S. Web browsing comes on the iPhone, 2.6% on Android devices, and 2.1% on the iPad with BlackBerry next at 0.57%.

That means Apple’s iOS accounts for 5% of U.S. Web browsing, making it the most popular mobile platform.

Java 6 Update 26 available

Oracle today released an update to its ubiquitous Java software that fixes at least 17 security vulnerabilities in the program.

The company is advising users to apply this update as soon as possible; it looks like most — if not all — of the vulnerabilities addressed by this new version may be exploited remotely without authentication.

The latest version is Java 6 Update 26 (v. 1.6.0.26), and is available either through the updater built in to Java (accessible from the Windows control panel) or by visiting java.com. If you’re not sure which version you have or whether you’ve got the program installed at all, click the “Do I have Java” link below the red download button on the Java homepage.

Java’s broad install base has made it a major target for computer crooks. It certainly does not help that so many users fail to keep this very powerful program updated. If you have no use for Java, my advice is to get rid of it.

If you can’t bring yourself to do that, consider disabling the Java plug-in(s) in your browser of choice unless and until you need  the program.

Windows security wanes, while Malware waxes on four million websites

For Windows users there is a another problem that has been circulating around the web of late. Yea what else is new. I find these reports rather comical, as being a Linux user they do not apply to me period. Out of the three big browsers out on the block, Google Chrome, Firefox and Internet Exploiter. Google Chrome should be the safest one to use these days on the web.

If you are however a strict user of Firefox already, then I highly recommend the use of Firefox and the NoScript addon and your problem will be fixed. You’ll never even see the attack page in the first place. It’ll just be blank. Note to first-time users of NoScript: It is a WHITELIST, not a blacklist. Some sites are programmed into it, but 90% of them are not. You will have to approve various sites yourself. Yes this may seem like a pain, but 5-seconds of pain beats a being infected.

You can also disable proxies in the connections tab of your browser under advanced settings. LizaMoon uses a proxy server to redirect your browser. Disabling the proxy eliminates the popups and allow you to download a scanning tool like ESET’s online scanner tool or HitManPro’s scanner.

A new bit of malware has been making headway across the Internet, but is it really that big of a deal? You’ve probably seen the news that “Lizamoon,” an SQL injection attack designed to point your browser to a piece of fake security malware, had infected hundreds of thousands of pages across the Internet. And this includes links found within Apple’s iTunes itself… to a degree.

But here’s the deal: In order for the script to have any noticeable effect on your computer, you have to agree to allow it to work its unhealthy magic on your system, according to WebSense (video below).

LizaMoon example video and explanation

Simply visiting a site with injected code only redirects your browser to another site, and the social engineering takes over from there.

The simple solution: Don’t install unknown files! The more complex solution: Know what antivirus programs already exist on your system, and know what they look like when they scan for and find files. If something says you have malware on your system, and this something looks nothing like applications you already have on your system, be suspicious!

In this case, a successful Lizamoon redirect takes you to a dummy pages that looks as if a large antivirus/anti-malware scan is taking place on your computer. Go figure, the scan finishes quite quickly, and a user is alerted that his or her machine might be compromised by various Trojan horse attacks and other cleverly titled malware. If a user is still playing ball, he or she can click on the simulated option to “remove” these malware apps, which then pulls up a simple download window for a “malware-removing” executable.

Still with us? Here’s the deal: If you push some common sense into the mix, you’ll notice that this entire process seems a bit fishy to begin with. Step one: A virus scan for Windows Explorer appears in your browser window. Step two: It finishes in lightning speed. Step three: You have to download a file–apparently via Windows Explorer, but using your browser’s standard download file prompt–to finish the deal.

In short, Lizamoon can’t do a thing to your system unless you let it. So if you see sort of popup like the one’s I am showing here, do not click on anything! Just turn off your computer and reboot. If your already running a ESET NOD32 and or OpenDNS then you shouldn’t be able to visit any site that is compromised.

The SQL injection attack on the initial site you were visiting, which itself prompts the redirect to the bogus scanning site, only works on this first web site. Lizamoon doesn’t hang out in your browser, or continually redirect you to fake sites, or install itself on your computer in a manner that doesn’t first require you to perform the action yourself.

So what has Lizamoon taught consumers? Don’t let your browser con you into thinking that some kind of action is magically happening on your system, don’t trust this magical action if it takes less than 30 seconds to do or looks otherwise unknown to you, and run an up-to-date virus-scanner in the background of your system. Ta-da: Lizamoon defeated.

When you get hit by the infected website and are referred two things happen, you get hit with a popup box, and you lose control of both your browser and ctrl+alt+del functions. As with all browser windows you have the option to hit the red X to close everything down, but not this baby, touch anything on this baby and you spark up what is now a computer hijackers website. For those few moments the only solution is a log off or reboot. Blocking the hijacker with your firewall is a waste of time. The infection is designed to refer you to several thousand backup addresses that refers you to thousands of ever changing country specific domains like .ms, or .uk. The worst part is the address in the browser address bar is not the address of the web page you are looking at, the web page isn’t in .uk or .us but in Russia. The penultimate hop to the hijacker is a secure firewall server in the USA. The only way of shutting these hijackers out of your computer is by blocking the CIDR address of 212.124.96.0/19 with your firewall.

Don’t know which bothers me the most; the problem or people trying to turn a profit from it. If you run Windows simply hit the power button; after shut down, restart in safe mode and run restore. The malware is gone.

Those who want a secure operating system are better off just leaving Microsoft altogether, not to mention cost savings and other commonly-stated advantages as you do NOT have to purchase additional software to make Windows function safely. Windows does not seem to impress people all that much.

Linux is becoming dominant not just in phones but on desktops too. One adoption curve drives the other and people who own an Apple or Google phone sooner or later rethink their desktop operating system (a personal observation).

Win $20,000.00 *IF* you can exploit Google Chrome

Google will pay $20,000 to the first researcher to exploit its Chrome browser. The award is the largest ever for the annual challenge, which will kick off for the fifth time at this year’s Pwn2Own hacking contest at CanSecWest in Vancouver, BC, on March 9.

This contest is a nice cheap way to find problems with your browser. You end up getting lots of very talented people to look at your code for you. They have the additional benefit of not being the original programmers. This helps them have a new perspective on the code.

Note: Two things that bother me is that they do not include any popular Linux distributions, nor do they offer the Opera browser as a contender. An inquiry to the organization provided a response that, “Linux and Opera, do not hold significant market share.” I am still scratching my head with that statement. Anyways, here are the details.

Target: Web Browsers

This year the web browser targets will be the latest release candidate (at the time of the contest) of the following products:

• Microsoft Internet Explorer
• Apple Safari
• Mozilla Firefox
• Google Chrome

Each browser will be installed on a 64-bit system running the latest version of either OS X or Windows 7.

At this year’s Pwn2Own, researchers will pit exploits against machines running Windows 7 or Mac OS X as they try to bring down Microsoft’s IE, Mozilla’s Firefox, Apple’s Safari and Chrome. The first researchers to hack IE, Firefox and Safari will receive $15,000 and the machine running the browser. The prizes are $5,000 more than those given for exploiting browsers at the last Pwn2Own contest, and three times more than the 2009 awards. ‘We’ve upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000,’ said Aaron Portnoy, the manager of the sponsor, HP TippingPoint’s security research team, which set the contest’s rules Wednesday in a blog post written by Portnoy.

New this year is Google’s participation. The company is the first browser vendor to put money into the prize kitty. “Kudos to the Google security team for taking the initiative to approach us on this,” Portnoy said.

The rules for Chrome are slightly different than for the other browsers because it’s the only one of the four that uses a “sandbox,” an anti-exploit defense. A sandbox isolates system processes, preventing or at least seriously hindering malware from escaping an application — in this case Chrome — to wreak havoc on the computer.

To exploit a sandboxed program like Chrome, researchers require not one but two vulnerabilities: The first to allow their attack code to escape the sandbox, and a second to exploit a Chrome bug.

Other software developers have followed in Chrome’s footsteps to try to make their applications more secure. Last year, for example, Adobe added a sandbox — derived in part from Google’s work — to its popular Reader program.

To walk off with Google’s $20,000 on Pwn2Own’s first day, a researcher must find and exploit two vulnerabilities in Google’s code. Only on the second and third days of the contest can researchers employ a non-Chrome bug, say one in Windows, to break out of the sandbox. A successful attack on the second and third days will still put $20,000 in the researcher’s pocket, but only $10,000 of that will come from Google; TippingPoint will pony up the other $10,000.

Google’s participation in this year’s Pwn2Own may be a mark of its confidence that Chrome can’t be hacked. Although Chrome has been one of the browser targets at Pwn2Own since 2009, no researcher has exploited the browser and grabbed the cash.

IE, Firefox and Safari have fallen to attackers each of the last two years, sometimes in an embarrassingly short amount of time. In 2009, one researcher — a German computer science major who gave only his first name, Nils – hit the trifecta by exploiting all three browsers and taking home $15,000 total, $5,000 for each hack.

Charlie Miller, the only researcher to have won Pwn2Own prizes three consecutive years, wouldn’t commit last week to trying again, but on Wednesday he noticed the $20,000 for Chrome.

“Pwn2own now offering 20k for attack on Chrome,” said Miller on Twitter. “Must be hard, glad Mac OS X doesn’t sandbox their browser.”

Miller is a Mac hacking authority — he co-authored The Mac Hacker’s Handbook with Dino Dai Zovi, a 2007 Pwn2Own winner — and has exploited Safari each of the last three years. As he pointed out, Safari is not sandboxed.

TippingPoint will also run a mobile hacking track at Pwn2Own next month that will let researchers try to exploit smartphones running Apple’s iOS, Google’s Android, Microsoft’s Windows 7 Phone and RIM’s BlackBerry OS.

Successful smartphone attacks will be awarded $15,000.

Migration from Windows and six ways to ensure it sticks

Summary: Moving a business from Windows to desktop Linux can be scary for some users. Here are some tricks for smoothing the transition.

With all the many compelling reasons for a company to switch to Linux on the desktop, it’s no wonder that businesses large and small are increasingly relying on the free and open source operating system. After all, it’s free, flexible, reliable, and highly secure–to name just a few of the most attractive features.

No matter how good your reasons for switching from Windows to Linux, however, the fact remains that most of us don’t like change. That–more than anything else–is why migrations of any kind can be painful.

One of the most common mistakes new desktop Linux users make is to give up too easily, often citing the frequently heard myth that “It’s too hard.” The truth, however, is that it’s just different. It may be difficult to remember at this point, but Windows took some getting used to, too.

How can you make the desktop Linux migration process as easy as possible in your business? Here are a few suggestions.

1. Get Buy-In at the Top

This probably goes without saying, but executive buy-in is essential to business migrations of just about any kind. Users need to know that the change has been mandated from the top or they won’t feel motivated to go along with it

2. Choose the Right Distribution

Before the migration even begins, it’s critical that you choose the right Linux distribution from among the many hundreds that are out there. As I’ve outlined before, this is primarily a question of the skills of your users, the focus of your business, your hardware and software needs, and the kind of support you hope to get.

Assuming your users haven’t been on desktop Linux before, I’d be inclined to steer you toward either Ubuntu or Linux Mint, unless you have compelling reasons to do otherwise. To help convert real Windows aficionados, there’s also Zorin OS, which is designed to mimic Microsoft’s graphical user interface. You should definitely avoid some of the more expert-oriented distros such as Arch Linux or Slackware.

If you want a little extra online help in making your decision, check out the zegenie Studios Linux Distribution Chooser or polishlinux.org’s distro chooser, both of which can be useful.

3. Choose a Familiar Desktop

One of the nicest things about Linux is that it’s so flexible and customizable, and that’s particularly useful when it comes to introducing new users to the operating system. In addition to choosing your distribution carefully, I’d also encourage you at least to check out a few different desktop environments.

I outlined a few of these not long ago within the context of Ubuntu–which has traditionally come with GNOME by default–and there are many more. Pick one that seems relatively similar to what your users are familiar with.

4. Begin with Key Apps

Because so many of the apps your employees will likely need are cross-platform, one good hurdle to jump ahead of time is getting them used to any new key applications. If they’re used to Internet Explorer, for example, you can start them on Firefox or Chrome while they’re still on Windows.

If they’ve been using Microsoft Office, you can get them used to OpenOffice.org or LibreOffice ahead of time, too. That way, when it comes time to make the switch in operating systems, they’ll have some familiar territory–it won’t all be new.

5. Remove the Pressure

Before you’re aiming to make the switch, set up a Linux box in your office using the distribution, desktop and apps you’ve chosen. Make sure there are some games on there too, and offer it as an option for break time. There’s nothing like no-pressure time with a new technology to make people open-minded and quick to learn.

6. Make a Cheat Sheet

Because the lion’s share of any difficulty in switching to Linux is simply getting used to something different, it can be a real help for users if you give them a quick, post-training “cheat sheet” to remind them how to get at the tools they need once the switch is made.

It could be worded like, “Instead of… (Internet Explorer, for example) Use… (Firefox, say).” It could also outline the first few clicks to get users where they need to go. They’ll probably be fine once they’re in the applications they need–more often than not, it will simply be the process of getting there that they need help remembering.

Here is an up to date wiki with information: http://wiki.linuxquestions.org/wiki/Linux_software_equivalent_to_Windows_software

Four Upcoming Ubuntu Unity UI’s

When you look back at the history of Ubuntu through the years, you will see that, Ubuntu Unity is *the* most significant change ever happened to Ubuntu. Ubuntu Unity is a really interesting idea with limitless possibilities. Now, here are some innovative user created Ubuntu Unity UI mockups/ideas you might find interesting.

Ubuntu 11.04 Natty Narwhal’s first alpha release happened almost a month ago and the final release date of this crucial Ubuntu release is fast approaching. And Ubuntu Unity UI is evolving quite fast enough. But the next Ubuntu release is not just about Unity alone, a number of other changes are also in the pipeline.

Here is quick list of things to look forward for in upcoming Ubuntu 11.04 Natty Narwhal.

• Unity Will Replace GNOME Shell in Ubuntu 11.04
• Compiz Will Find Its Way Into Ubuntu Unity
• Slow Shift to Wayland Display Server
• LibreOffice Will Replace Open Office in Ubuntu 11.04
• Firefox 4 and Banshee – New Default Applications for Ubuntu 11.04
• Power Packed Ubuntu Software Center

Mozilla to release Firefox 4 next month, maybe

Damon Sicore, Senior Director of Platform Engineering at Mozilla, has announced that the company is almost ready to ship Firefox 4. On its mailing list, Mozilla has revealed it has around 160 hard blockers to fix, before proceeding to Release Candidate stage. Both the RC and the final version would arrive in February, according to Sicore.

Mozilla was originally planning on having Firefox 4 out by the end of last year, but it had to delay the release till 2011. Last month, Firefox 4 Beta 8 was released for Windows, Mac OS X, and Linux 32-bit/64-bit, with support for 57 languages. Mozilla’s roadmap says it still wants to release a Beta 9, a Beta 10, and at least one Release Candidate build before the final version.

Mozilla’s Firefox recently overtook Microsoft’s Internet Explorer to become the most popular browser in Europe. Worldwide though, the browser’s market share has largely stagnated.

Here is the full message, posted on mozilla.dev.planning:

We’ve worked tremendously hard on Firefox 4, and it’s time to ship it. I’m seeing the same burst of excitement and activity that we’ve seen in the endgame of every release. Over the past several days, component leads have again reduced their blockers by identifying hard blockers and those we can live without. We’ve around 160 hard blockers remaining, and historically it has taken us six weeks to reach RC once we have 100 blockers left. We must press hard now.

To Finish:

1) We have to reach Release Candidate status as quickly as possible, ideally finishing the hard blockers by the beginning of February and shipping final before the end of February. We’ll need your help to balance these targets against the need to build a high quality product.

2) Bug counts demand another beta. We’ll drive the beta bugs to zero and ship another beta. If we can’t get them to zero in reasonable time, we’ll repeat, deliberately. It depends on how quickly we can drive down the list of hard blockers that need beta feedback. This is our top development priority, since it pushes the rest of our schedule.

3) We need *everyone* to help in testing. Specifically: Do not disable Flash, Silverlight, or other major plugins as we need as many people testing these as possible. Windows users: We need to know if you are affected by hardware acceleration causing crashes or other issues. Don’t just assume that someone else has filed a bug already. Make sure. Ask someone if you don’t know how. This is very important.

MOST IMPORTANT: We must ship the best possible product we can. If a blocker needs more time, tell release drivers and component leads immediately. If you disagree with a blocking call, say so loudly. Do not be timid. This is your product, we need you to own it.

I know you’re all tired and stressed. You all do incredible work every day, and you’ve built an amazing product. Stay focused. Be nice to each other. Firefox 4 is gonna kick ass, and you should be fiercely proud of it.

On a side note, I have been using Google Chromium, which a the open-source web browser for almost a year now, it’s faster then Firefox 3.6 and less prone to crashing, it can update itself and install plugins without restarting.  I also pulled the analytics report for this website during 2010 and looked at the percentages of people using what browser, interesting knowing how little Internet Exploiter is used these days.

Microsoft Helps Show That Windows is Less Secure Than Other Operating Systems

Summary: New Microsoft study indicates that Windows — not applications for Windows — contains what’s needed for malware to run

We’ve all heard about fake antivirus programs, also known as scareware. These programs falsely claim that your computer is infected with malware and prompt you to buy a product that will do nothing for you, except put your credit card number into the hands of criminals.Well now there are fake disk defraggers that masquerade as applications that fix disk errors on a computer. The programs are FakeAV-Defrag rogues and have the names like HDDDiagnostic, HDDRepair, HDDRescue, and HDDPlus.

Fake disk defraggers are one new form of threat to Windows users, who are of course forced to use a deficient file system such a long time after its inception. But the more noteworthy news is this piece from Glyn Moody where Microsoft gets ‘owned’ using its own ‘studies’:

This makes it clear that we are talking about code that is downloaded and then executed. According to the report, all the tests were carried out on a Windows 7 system. So in other words, we are talking about Windows malware. The undoubtedly thorough tests in the present report simply underline the huge scale of the Windows malware problem, and hints at the considerable costs it imposes on users, businesses and the economy as a result. What emerges from this test, then, is that Internet Explorer is better at solving problems of Microsoft’s own making than third parties without direct access to the Windows code and its flaws.

Frankly, I would expect no less: it is Microsoft’s responsibility to sort out these weaknesses in its own software, and if it produced a browser that exacerbated the problem it would be doubly culpable. But for a really fair test, what we would need to see would be Firefox running on a GNU/Linux system, Safari running on a Mac box and Chrome on ChromeOS, and then to compare those systems with Microsoft’s own combo of Internet Explorer and Windows. I’m pretty sure that Internet Explorer would not emerge as such a star in these circumstances.

But failing that kind of comparison, what the report’s test shows is quite simple: that irrespective of which browser you use, you really shouldn’t be running Windows at all if you want to minimise your exposure to malware.

Why use Vista – 7 then? No point to it if one wishes to use applications like Firefox. GNU/Linux on the desktop is really painless these days. For reasons of security (Windows slowed down due to malware) I’ve moved people to GNU/Linux and they never complain. Microsoft understands that and it’s probably why even operating systems like Chrome OS are a real threat to Windows. For the sake of security it also makes some design improvements or compromises (a double-edge sword).

Computer users should be suspicious of applications that are advertised via e-mail, pop up warnings about problems (especially immediately after you click on a Web page video), demand that you make a purchase before it will fix the problems, and prompt you to update your browser.

It would appear that the scammers are trying out the new programs to see which might best confuse potential victims and evade detection by legitimate antivirus software. The defragger clones emerged last month with names like UltraDefragger, ScanDisk and WinHDD and which pretended to find “HDD read/write errors. Earlier this month, there was PCoptimizer, PCprotection Center, and Privacy Corrector that were more generic security products rather than specifically antivirus, the post says.

These attacks are browser based. It doesn’t matter what version of Windows you run, it has absolutely no effect on whether you fall for this or not and when Windows 8 is released, Windows 7 is going to inherit all the security flaws and issues like XP. I suppose Microsoft realized their customers are naive enough to buy their products over and over again instead of cutting off the MS blood line and just switch to a alternative solution that actually works, Linux.

No Microsoft (cloud-based) thin client is going to fix and magically make their products reliable, even though it seems it’s the next big hype, because IT overhead to fixing MS products are out of hand for those stuck in the MS proprietary environment.

Whatever Windows operating system you’re using, if you click “OK” to some spammers install request, or open an email attachment from some Nigerian, or enter your password into some third-world knockoff of a major website, you’re infecting your own computer.

It doesn’t just happen, you make it happen….Three words: “Drive by download”.