The Definitive BIOS Optimization Guide

I can’t vouch for the accuracy of this resource, but it sure does look comprehensive. Definitely a good starting point if you’re stumped by what one of those obscure BIOS options really means.

Consider this and similar sites as reference tools, not as a bible. For what it’s worth, I don’t recommend spending a lot of time and energy tweaking BIOS settings for better performance. The odds that you’ll screw something up and hose your system are much greater than any minuscule performance gain you’re likely to see. But sometimes you can fix a conflict or provide a better configuration for a specific piece of hardware than the default settings.

Boycott Sony

Tim Jarrett says: “We are at war, and Sony fired first. Boycott Sony.”

To that end, he’s set up The Sony Boycott Blog. Tim picks up on my four (now five) things Sony should do right away and adds this perceptive observation:

I think that’s a start. But to do that, Sony has to understand why what it did was wrong. And to do that, it has to stop the spin and the press releases and start talking—and listening—to customers, and understand why they want to put music that they purchased on their iPods, and why Sony shouldn’t view that as a threat but instead as an opportunity.

Both of us are too optimistic, I fear.

My hope is that this is the act of overreaching that will finally push the public and lawmakers to rein in the out-of-control media industry. Suing 14-year-olds is bad, but in those cases an observer could say, “Well, the kids were illegally downloading music files…” Here, the people who are actually buying the product and following the rules that the music industry insists on are the ones being punished. That’s insane.

Sony’s hired guns: incompetent, dishonest, or both?

This morning, Mark Russinovich offers the latest installment in the Sony “rootkit” saga. I’ll cut straight to the bottom line:

Instead of admitting fault for installing a rootkit and installing it without proper disclosure, both Sony and First 4 Internet claim innocence. By not coming clean they are making clear to any potential customers that they are a not only technically incompetent, but also dishonest.

First 4 Internet is the company that actually wrote the code that gets installed on your computer unwittingly if you play a “protected” Sony CD and click OK on the innocuous-sounding license box. A First 4 Internet spokesperson responded to Mark’s last post with comments that betray how dangerously clueless the company is.

In this post, Mark rips F4I’s self-serving responses to shreds. Mark proves, conclusively, that the Sony software can cause a Blue Screen of Death crash. (Check out the screen shot for yourself.) He also establishes that the company is either deliberately lying or technically incompetent. (Maybe both.) Do you want a clueless, dishonest programmer writing secret code that hooks directly into your computer’s kernel-level functions?

It’s almost time for Congressional hearings.

Background:

Sony wants to hijack your PC

Sony’s even sleazier than I thought

Sony tries to stop the bleeding

Sony’s phony patch

Is Sony violating the law?

Sony: screwing up Windows PCs since 2002

Dear Microsoft: Please clean up the Sony mess

Windows Defender and a dissertation on search algorithms

Dwight Silverman has a pair of interesting observations on the news that Microsoft Antispyware is about to become Windows Defender:

I mentioned above that there’s already an application dubbed Windows Defender. I found that by doing a Google search, which turned up many links to the existing package as the top results.

But if you do the same search at MSN Search, the top results are front-loaded with references to the Windows Defender renaming announcement by Jason Garms. In fact, the first reference to the existing Windows Defender product doesn’t show up until the seventh page of results at MSN.

Maybe Microsoft forced the results for its own entry higher on its search engine. Or maybe Google’s just slow to index blog postings. Or a little bit of both . . .

That first observation is interesting, indeed. Microsoft has an army of lawyers, and one would have to assume that no product naming decision gets publicly announced until there’s been a thorough trademark search. (At least the windowsdefender.com domain is owned by a guy in Seattle who is a contractor for Microsoft.) If someone made a public announcement like this without acquiring the trademark rights from the existing product, they were incredibly sloppy.

What about the search results? Is Microsoft really favoring itself?

When I looked at the MSN Search results, I found that a download link for the existing Windows Defender product was fourth on the list. (Hey, I’m even on that first page!) So it’s not like every reference to the existing product has been scrubbed.

I think there’s a (somewhat) more innocent explanation for the different search results for MSN Search versus Google. In my admittedly limited testing, I’ve seen clear evidence that the MSN algorithm emphasizes freshness much more than Google does. By contrast, Google’s algorithm emphasizes the number and quality of links to a given page (PageRank) and thus is inherently biased toward pages that are older and have had more time to acquire lots of links from high-traffic sites. So at least in this case it stands to reason that pages talking about the latest news on this phrase would rank higher at MSN Search than at Google.

For an example that isn’t Microsoft-related (and thus doesn’t have the possibility that Microsoft is unfairly favoring its own sites), try searching for Sony copy protection, a topic that has been much in the news lately.

Here’s the MSN Search results. Note that everything on the first page is about the current rootkit controversy.

Now try Googling the same words. Although there are lots of results about rootkits, I noted that the third item on the first page was a USA Today article from 2002. The sixth item is an undated article from KAOS2000 Magazine that talks about using marker pens to defeat Sony copy protection schemes used on a “new Celine Dion album” released in 2002. And the ninth link on the page is to a discussion at cdfreaks.com, also from 2002.

Those are interesting approaches. Knowing how those two search engines work can help me decide which one to use, but I don’t think either one is biased.

Scoble wrote a flurry of interesting posts on this some time ago. In this post, which I chose more or less at random, he says something I can wholeheartedly agree with: “Anyway, my point wasn’t to get into a rathole discussion on any one search term. It was to point out that at almost ANY search term you can find ways to improve the engine. But, I’ll keep hammering this one in until people get it and see that search is FAR from being done.”

RSS isn’t just for news anymore

Steve Rubel pointed me to this impressive list of things you can do with RSS.

Some very imaginative stuff here, including a few I will definitely try. It’s a wiki, so if you’ve got something cool to add to the list, go for it.

Sony: screwing up Windows PCs since 2002

Most of the coverage I’ve seen so far of the Sony rootkit disaster mentions that this software has been used for about six months. That must refer to the latest batch of copy-protected CDs, which use the First 4 Internet XPC code. But Sony’s been wreaking havoc with Windows for much longer than that. In fact, I’ve found evidence of problems dating back at least three years.

I started with this Google search, which turned up 29,000 links at Amazon.com that contained the words content AND enhanced AND protected. That doesn’t translate to 29,000 CDs, because the search results turns up multiple links to each CD. But it’s a starting point.

And then I started clicking and reading reviews. Early on, I found a comment from an Amazon customer who bought the soundtrack to Brown Sugar. The CD was released in September 2002, and this comment was posted in May 2003:

I knew I wouldn’t be able to copy selected songs to my PDA for my own private use when I purchased this CD so I have no complaints about that aspect of the copy-protection. I didn’t expect to have a hard time playing it on a computer, however. The ‘player’ that’s supposed to launch when you insert the CD into your drive is adequate *when* it plays. It took awhile to get the player and CD to do their thing the first time but it did eventually play. I had to restart my computer in order to use my standard player for other CDs and no CD is worth that much trouble. When I tried a second time the CD just plain wasn’t recognized so I tried it on another computer and that CD drive completely disappeared from ‘My Computer’, the CD never loaded and now I’m wondering what kind of re-configuring I have to do there. And, guess what – it also proves occasionally problematic on my new CD player which supports mp3s. I’m not a computer newbie and it’s not a matter of my not understanding. This is way beyond a minor inconvenience.

Sound familiar?

A comment attached to Healthy In Paranoid Times (Sony, August 2005) described similar problems and pointed me back to this dire warning at Sony’s Web site:

Sony Global – Urgent Message Regarding Problems Caused by Microsoft Windows Security Update Program MS04-032 (KB840987):

It has been confirmed that some of Sony’s application software(*) for managing music files on the PC may not work as originally intended, if a user installs Microsoft Windows Security Update Program MS04-032 (KB840987) on his/her PC. Sony has been investigating the cause of this problem as well as working on countermeasures in collaboration with Microsoft Corporation. A countermeasure program (KB887811) to remedy this situation is now available at Microsoft’s website as shown below.

Sure enough, Microsoft issued Critical Update for Windows XP (KB887811) in October 2004, more than one year ago, to fix the problem identified here.

After you install the MS04-032 (KB840987) Security Update for Windows on a computer running either Windows XP or Windows XP with Service Pack 1 and then try to run an OpenMG compliant music software, the OpenMG compliant music software may not run as expected or respond. Install this update to help resolve this issue. After you install this item, you may have to restart your computer.

OpenMG? What the hell is that? The KB article for that Critical Update has a long list of “OpenMG-compliant music software that includes the OpenMG Secure Module.” And not surprisingly, almost all of it is from Sony.

In response to an earlier post of mine, a commenter wrote:

Ed, Sony’s response is ignorant –but that’s because they don’t understand what a rootkit is and how damaging they can be. In fact, when NPR introduced the concept on the radio this morning, I was hardly surpised to hear a very garbled and oversimplified description of rootkit technology.

If Sony’s to blame, it’s because they tried to play with the computer equivilant of a sharp stick and accidentally hurt themselves. Now they’re bleeding and they don’t know what to do.

They’ll learn. Most of us are still learning about this. Only people like Russinovich really have a handle on this situation. I’m not trying to whitewash what Sony BMG is doing, but you have to allow time for the managers in suits to wrap their minds around this topic.

I place the blame squarely on First4Internet. These idiots should have known better. Their programming effort can only be described as a hack of the first order. It was sloppy to the point of carelessness.

The bottom line is that if DRM technology is going to include rootkits, then we need reasonable assurances that such rootkits are narrowly targeted, stable, and well written.

Sorry, no. Sony’s DRM has been causing major consumer headaches for years, and they don’t seem to care. In fact, they have graduated from sharp sticks to Ginsu knives to chainsaws.

And the notion that any software developer should be allowed to cloak its technology using rootkits is wrong, wrong, wrong.

I have a feeling that Windows Vista will block this sort of crude hack. Has anyone tried using one of these Sony CDs on a current beta of Windows Vista yet?

My favorite Firefox extensions

I thought it might be interesting to share the list of my favorite Firefox extensions. These are the ones that are currently installed in my Firefox profile. I’ve tried others, but these are the ones that I use regularly. If you have recommendations for additional extensions, add a note in the comments. Be sure to include a link (in HTML format, if you know how) and a description of what the extension does.

Copernic Desktop Search Toolbar – After trying X1 again for a while, I’ve returned to Copernic. It’s free, fast, and seems to work better than just about any other desktop search tool.

AI Roboform Toolbar for Firefox – I can’t imagine using the Web without Roboform.

Tabbrowser Preferences – Adds a few nice options to the Tabbed Browsing Options dialog box, such as the ability to choose whether new searches open in their own tab in the background.

Tab Clicking Options – Allows you to redefine mouse actions for working with tabs. Fully compatible with TabBrowser Preferences.

IE View – Indispensable. For sites that require IE, you can right-click on a link or on the page itself and open the URL in an IE window.

FirefoxView – Adds a right-click menu option to IE so you can open the current page in Firefox.

PDF Download – Gives you the option to open a PDF link in a new tab, save the file, or view it as HTML. The best part is that you can see the file size before it opens – no more waiting while your browser tries to download a 50MB PDF file.

SessionSaver .2 – Another indispensable extension, this one saves all the tabs in your session so you can reload them on demand (it provides excellent crash protection, too). The SnapBack menu allows you to reopen a tab you closed accidentally.

All-In-One Sidebar – Lets you view bookmarks, downloads, extensions, and more in a sidebar tab similar to IE’s Explorer bars. The more I use this, this more I like it.

Download Manager Tweak – Fixes some annoyances in the default behavior for file downloads.

Google Toolbar for Firefox – The only reason I use this is for its on-the-fly spell-checker, which works brilliantly with Web forms.

ScrapBook – Save URLs and snippets from Web pages for reuse later. Handy.

PubSub Sidebar – Quick access to PubSub searches. I’m not using this one very much these days.

Copy URL + – Awesome. Adds the option to save formatted links, snippets of text, graphics, and other bits from the current Web page to the Clipboard. If you blog, this is a must. Be sure to read the documentation on how to extend it.

ChromEdit – A nice front end for editing the Firefox user profile. I don’t use it often but appreciate it on the rare occasions when I do need it.

1-ClickWeather – Puts current weather forecasts from Weather.com in the toolbar, status bar, or sidebar. A different extension called ForecastFox uses Accuweather. I’ll try it out this week.

BugMeNot – You visit a Web page that wants you to provide a bunch of personal information just so you can view a news clip. Annoying, isn’t it? Instead, with this extension installed you right-click, choose BugMeNot, and fill in a user name and password from the public store at bugmenot.com. If the first one doesn’t work, try again. Amazingly useful.

eMusic Toolbar – Very handy if you’re an eMusic.com subscriber.

Dear Microsoft: Please clean up the Sony mess

Update: Microsoft will indeed add the Sony rootkit software to the list of software detected by its Malicious Software Removal Tool. This capability will appear in the December 2005 update to the utility. Signatures for the XCP component will also be added to Windows AntiSpyware, Windows Defender, and the Windows Live Safety Center. Details here.

Mark Russinovich has analyzed Sony’s “patch” for its rootkit-based software and discovers that the patch is crap and Sony is still lying.

Microsoft’s John Howard just found out about the Sony rootkit debacle and says, “Be worried – very worried”:

Normally, I wouldn’t comment on news like this except on anything except my personal blog, but I’m am so outraged and stunned by what I’ve discovered having spent the past hour or so researching and reading about the techniques and implications of the “RootKit” approach and the legalities, the fact that a half-baked patch has been issued, and the follow up entry from yesterday on Marks blog about the way that the software “calls” home.

Yes, there is a huge amount of publicity out there about this, but what worries me most now is that even with that publicity, how many home users are really going to take action on it? There is a probable chain reaction:

Home users generally won’t read or hear about this, are highly unlikely to run a root kit revealer to discover the “rootkit”, blame XP for potentially crashing or certainly being slower due to the “rootkit” performance overhead.

By not knowing about it means the majority of infected users will not visit the appropriate site to patch/remove the DRM software (which it appears is not flawless either).

Many people will purchased CDs with this DRM “rootkit” software.

Given a significant percentage of purchasers will play those CDs on home machines, there will be many home machines installed with an unpatched rootkit

Joe Hacker now has it on a plate with an easy way to cloak their worms/viruses on “infected” machines through the sys$ file prefix.

My proposed solution?

Each month, Microsoft updates its Malicious Software Removal Tool and pushes it down to all Windows XP clients via Automatic Updates. The next release of this software should target the First 4 Internet software and automatically remove it. It should also inoculate the system so that the software cannot be reinstalled.

Yes, I know this is unlikely to happen because the software doesn’t technically qualify as “malicious.” But it could happen if Sony gave its permission to Microsoft.

So, add one more item to my list of things Sony should do immediately:

Fire First 4 Internet immediately and publicly.
Remaster the CDs with DRM-free versions.
Offer free replacement CDs to anyone who purchased one of the rootkit-infected CDs.
Provide toll-free tech support for anyone who experiences a problem with their Windows computer that they think is related to this software.
Assist Microsoft in updating the Malicious Software Removal Tool to remove the rootkit-based software from any infected systems and prevent it from being reinstalled.

Background:

Sony wants to hijack your PC

Sony’s even sleazier than I thought

Sony tries to stop the bleeding

Sony’s phony patch

Is Sony violating the law?

Windows AntiSpyware gets a name change and then some

In case you’ve been wondering why Windows AntiSpyware has been in beta for what seems like two years (it’s actually been only 10 months), Microsoft’s Steve Dodson spills the beans. Three pieces of news:

The new name is Windows Defender.

It will be integrated into Windows Vista. Steve explains:

You will be able to run another spyware product instead of Windows Defender if you would like. Although I may shed a small tear, you will be able to disable or turn off Windows Defender and install whichever 3rd party anti-spyware application you would like. The really cool thing is that the Windows Security Center in Vista will be redesigned to detect if an Anti-Spyware application such as Windows Defender is running and operating normally.

And it will soon receive signature updates via Automatic Updates rather than through a separate update engine.

More details in a somewhat breathless post at the Anti-Malware Engineering Team blog:

Windows Defender is about what Windows will do for customers, defending them from spyware and other unwanted software. Our solution has really been about more than just the standard definition of “spyware”. We’ve always said we will provide visibility and control, as well as protection, detection and removal from other potentially unwanted software, including rootkits, keystroke loggers and more.

Making the engineering change from “Windows AntiSpyware” to “Windows Defender” took a lot of careful coordination across our team to ensure that the strings in the UI got changed, the help files all got updated, registry keys, file names and properties, as well as a couple of images all got changed. All this work was completed and tested last Thursday, and is currently making its way through our build systems in Windows to make it into the main build environment, where official builds come from. We’re pretty excited by the name, and by the sleek new UI and other improvements we’ve been making in it to help make Windows Vista the best operating system around! But Windows Defender is about a lot more than just a name change. The engine is now moved to a system service, and signatures are delivered over Windows Update. The detection mechanisms have also been radically improved by applying to spyware threats all the great detection technology we use in our antivirus engine.

~~Unanswered question: What happens to anyone using Windows XP or Windows 2000?~~

Update: The new software will be available for Windows XP, according to the AMET Blog post. But no word on Windows 2000.

Also see this follow-up story.

If WW2 had been an online real-time strategy game

This had me laughing uncontrollably for about an hour.

Warning: Contains some hilariously misspelled bad words.