If an attacker knows a vulnerability and you don’t, your may not be able to effectively defend against the new vulnerability. This is especially true of applications which are accessible from the Internet.

Many sources of security news document vulnerabilities only in general terms. This often does not give the security administrator enough information to effectively defend their systems from attack.

As a result, most security professionals keep up-to-date by attempting to monitor the hacking community. The hacking community, however, consists of tens of thousands of different individual and groups working in a decentralized and unorganized manner.

As such, it is difficult or impossible for any single security professional to keep up with new vulnerabilities discovered by the entire hacking community.

Milw0rm.com is an excellent resource to help with that problem. Milw0rm.com lists vulnerabilities, along with exploits and shellcode.  These are organized by platform and by type of access required.

Milw0rm.com is an excellent addition to resources such as Open Source Vulnerability Database, The National Vulnerability Database, and Exploit Tree.

I’m an ex-ZoneAlarm user who was forced to move back to Windows Firewall when I adopted Windows Vista Beta 2 as my main Operating system(yes I know I’m crazy) and then when in late september I adopted the Vista-compatible Free firewall, I ran across some serious issues and decided it’s best to not keep it. ZA Pro for Vista was not released to this day, and I was stuck with Windows Firewall for over a year. That was, until Comodo Firewall Pro 3…

I came across CFP 3 on ieXwiki’s Vista software compatibility list, which saved me countless times, but was very reluctant to adopt a beta after the ZA debacle. However, a product whose previous version had scored EXCELLENT among the top 4 firewalls on Matousec’s page definately got my attention. So I decided to give 3.0.9 a go. And I fell in love with it. So what exactly was it about CFP that made me like it so much? To put it simply it’s the sheer richness of features and customizability that it offers and I could say the same for its resource demands - of all firewalls with such advanced features that I’ve tested this one is the lightest.

As with many firewalls out there, CFP has taken a step beyond traffic control of network only, and into the realm of application behaveior control. The component responsible for this is called Defense+. When an application exhibits questionable criteria of behaveior, it is frozen and a D+ pop-up alert is issued. I took an active role in the beta testing and feedback on the official forums.

Install package

Installation was pretty straightforward and easy. I encountered no difficulties and found it to be quite easy. It didn’t hog the computer nor did it cause high disk activity. All it really did was spend much time installing the drivers, but it falls well into the category of quick installs. Once that has been done, the firewall asks for configuration. It was simple and went smooth.

Hefty package I must say. 31MB, should look more promissing to the masses than those 2MB firewall installs I’ve seen… I believe the install space estimation isn’t correct however, and there’s two reasons for that. The firewall may require 50MB of HDD space, but mine actually uses some 53. I would set the threshold at 60 or even 70. Second, firewall folders such as C:\ProgramData\Comodo\Common\DB\DDB\CPL contain some 700 files. Due to cluster-fill avalanche effect(example: a 1-byte file will take up 4KB on the disk, more such files amplify the effect) this makes the folder, which contains 110KB of actual data, occupy 3.1MB on disk. Now let’s take that to larger scale and check the entire C:\ProgramData\Comodo\Common\DB\DDB folder. Size: 32MB, size on disk: 52MB. And there’s still the install in Program Files which is 20MB. I would recommend some 80-90MB, it’s a hefty firewall. I’ve seen many people pick their security apps by how much space they take, and condemn anything that stretches to 100MB or more, but is that really such a problem with today’s storage?

The install itself is straightforward and fast. You are asked 2 or 3 questions about how you’d like the firewall to behave and how advanced its alerts should be. The uninstall is just as simple and clean — all it ever leaves behind are a few hidden empty folders and a registry key saying when the last check for a new version was performed.

Firewall

Pros:

Now about the firewall itself. Once properly configured the firewall will behave like any high-end firewall out there. It will pass any and all leak tests with flying colors. I’ve ran both web-based tests and portscans from other machines and I could not find my computer. Excellent job. Pop-ups for every application trying to access the internet, possibility to create advanced custom rules or even predefined profiles, all you would expect from a powerful corporate product, and is a rebutable rival to any top-notch firewall out there.

Cons:

I actually failed Shields Up and a few others at first because the firewall allowed ICMP traffic even though I had selected to configure it for perfect stealth yet I still had to delete the one Allow global rule that it creates AND add an ICMP block rule on top of the default Block rule before it passed. The most important thing to know for every security-paranoid out there: a firewall will never completly hide you from hackers as long as you’re running applications which open up ports. Yahoo Messenger for instance, opens port 5101 which can be manually blocked without any loss in functionality. However, programs such as P2P clients like torrents NEED to keep an open port in order to communicate. If any of those cause you to fail a firewall test, the firewall is NOT to blame. Said programs need to be closed if you want 100% stealth from portscans. But most portscans give up if they don’t at first recieve a ping anyway.
Defense+

Pros:

I have not yet come across a firewall which can create custom rules to protect other programs against process termination or memory access. The fact that you can configure and create custom rules about what apps, registry keys or even files and folders a program has the right to access just turns it into the ultimate security policy tool. Imagine I can restrict IE or FireFox to only access its cache and a few isolated registry keys, I’m sandboxing them without the need of an annoying UAC or other methods of user access restriction. There are too few firewalls that I’ve seen out there who accept wildcards. To my experience, the firewall had a major impact on my PC Security Test 2007 results, having raised my score from 100%-80%-50% to 100%-100%-75%(I use antivirus too, mind you), the only thing that I failed being Internet Explorer malware installation. I’m sure I can block that by configuring the firewall to protect said points of entry if I have the mood for it, but I don’t use Internet Explorer.

Cons:

Just like the Firewall, default config is where it loses, and where it’s lost before. By default, the firewall does not protect itself against process terminations. In the editor’s review on Softpedia, CFP revieved 4.5 star voting by 500+ users, was awarderd the Softpedia Pick, and a 5 star rating from the editor himself. I don’t think it gets any better than that. Wanna know what his only con was against CFP? That it could be terminated easily via task manager. CFP’s process termination protection is misleading. You may think that just because you configured an app to be protected against termination it that will. But no, you have to have the function enabled FROM the general Defense+ settings. The per-app protections are only carried out then. Another thing I found annoying was keyboard and monitor protection vs. keyloggers or spyware. Sure it’s a sure stopper for them nasty little bugs, but stuff like games, media players or even Firefox triggers them! They’re too primitive.

Performance

Pros:

The firewall feels as if it was spawned by AVG or NOD32 in terms of performance. Its two processes will use, at the very most, a total of 10MB RAM, and I have yet to see CPU usage go over 0%.

Cons:

The only thing I found wrong with CFP performance was disk usage during log writing. Let’s say I fire up uTorrent and I’m downloading something. With all the new connections being made and unmade the firewall’s DoS protection starts blocking about 10 connections a second. Ten times a second my harddrive makes short sounds for each logged block attempt. It’s a killer. I had to disable logging. Other firewalls however, don’t have these issues. I suggest implementing a more effective algorythm for log writing.

Interface

Pros:

The firewall has a security level slider which allows for easy changing of behaveior aswell as an installation mode, which can be activated to avoid annoying pop-ups during software installations. This only applies to D+, and if installers need to access the internet, you will still get pop-ups.

Cons:

I really don’t like the colors, though the design is somewhat user-friendly. I’m not really that bothered by its complexity and the fact that it’s harder to config as long as it does the job nicely. And thank heavens, that’s what CFP does best, though I must admit a few skins containing less white and more blue, orange, or green would be nice. I’m not one to give importance to the aspect of programs(just look at NOD32), I only look at the technical side, and at that it pleases me very much. However, your average Joe will mind, and the most computer users are average Joes. Version 2’s interface was pure genius, they should have kept that I believe.

Stability/Security

No complaints so far(aside from the beforementioned logging). Everything running smooth as it always has. 10MB RAM usage, 0% CPU. With a product this complex, it’s a miracle. As for security, well it passes all tests it has passed as beta so far and there’s really not much to say there. Wether default configs for ICMP and self-protection against termination are now on by default, I cannot say.

Bugs?

There is some debate on the forums about ironing out bugs. Version 3.0.12.266 final was released on November 20th and version 3.0.13.268 was released two days later. The developers say that there were two small bugs they could have easily fixed and that that’s why they decided to release a second version so quickly. I’ve personally hardly had any issues with CFP3, and the most users have not, however, I’ve had my gripes about the final stages in its development. Back when CFP was RC1, a thread was made asking if it should be released on Nov 20. I voted NO, and this was because I saw that many bug reports were still coming in. Like any point oh version, expect that there will be some system configurations, be they hardware or software, which may not work as originally designed. I’m not trying to scare anyone, I only think they may have released it a tad too soon. There are known issues with some systems which run Avast!, Spyware Doctor, or other spyware-blocking programs which control app behaveior at a driver level. Also, some of you with more “exotic” connections, such as shared connection, wireless, VPN etc. may experience problems. The forums are teeming with activity in the bug report section. Forum moderator ~cat~ has posted a short list of temporary fixes for the most common problems in a thread on the Comodo Forum. Hopefully they will be of help to those of you who run into problems.

The developers are not going to be releasing “nightlies” or any builds as quickly as they did with 3.0.12 - 3.0.13, it will probably be a month until the next version. However, the administrators of the forum have said that the team has already started fixing the bugs, so if you’re going to be a bit cautious about deploying it, you may aswell wait another month until the next version is out.

Bottom Line

CFP is quite simply the best freeware firewall ever created. It aims high and lives up to its expectations. Version 3 brings both x32 and x64 compatibility for everyone’s needs. If you’re just a regular user who just wants to know he’s not going to get hacked, then really Windows Firewall will keep the ports for you without any hassle. More companies like Comodo should exist out there. If you’re someone concerned of not having malware phone home or unwanted connections, you should install it with D+ deactivated. If you’re a poweruser looking for a very tight firewall no doubt this may very well be the firewall of your dreams.

Ever had the need to turn a dynamic disk into a basic disk, perhaps to install an OS on it, and did not want to have the entire data on it erased? It’s actually kind of dumb that you can convert basic drives to dynamic drives without data alteration, but not the other way around. Sadly, as of currently there are still no programs capable of converting a dynamic disk back to basic without it implying destruction of all data. However, there is one rather unorthodox way to do it, albeit it is a bit dodgey…

It was way back on XP almost two years ago that I had converted one of my harddrives to dynamic because it was the only way to disable file caching, which I needed to do because of Delayed Write Failed errors resulting from a Norton GoBack driver issue. And sadly, as I fiddled with my computer many times, I found it would have been very easy on me if I could have used that drive as a system drive a couple of times. Well what happened was that a few months ago during a few dataloss debacles ironically, but not surprisingly related to data recovery software Acronis TrueImage 10 I ended up screwing up TWO of my three drives’ partitions at the same time. What I did next I’ll let it up to you to decide wether it was good, bad, or just plain stupid.

I had a boot floppy with Partition Table Doctor on it, and I used that to restore one of the drives. I couldn’t restore the other because Vista had very “smartly” created a new partition on it on a previous boot, but I decided to give it a go anyway. Guess what I did? I ran a scan on the drive to see if it can find any traces of a lost partition and try to restore it. THE WRONG DRIVE THAT IS. I knew since back then that depending on how partitions are activated and where the OS is that drive letters can change. Sadly, at the moment of my decision, and throughout the process, my brain was vacant. So at the end I selected “fix” and let it do whatever it knew best. And just like that, I messed up the partition on my dynamic drive. Horray!

When I discovered my blunder I was already reinstalling Vista on one of my drives. Then, as soon as I got into the OS, I used Active@ Partition Recovery on my crippled drive. Sure enough, it found the partition and restored it. I was prompted for a restart. Only a bit later on did I look at the Disk Management utility and what did I see? Drive D’s partition was showing up as blue instead of brownish-green?! Whoa, when did that happen? Well, here’s what happened: when I ran that scan, I was asked if the existing partition on the drive should be erased to restore the “recovered” one. In selecting yes I accidentally deleted the working, dynamic partition on the drive. Note that the partition was DELETED, not FORMATTED. The most visible difference between the two is that partition deletion only takes half a second while formatting takes much longer. What is done is that the partition table is deleted. All the data remains on the drive, but the system no longer sees it because no partitions are filed in the drive metadata. This is similar to deleting a file: the file’s data remains on the drive, but is no longer registered in the file table. This is why recovery software works, and it will work until or unless you overwrite that data with something else. In the case of my drive it wasn’t re-partitioned, so all the information was still there. When I used Active@ Partition Recovery, the drive was scanned, and, quite quickly, the program found that there had been a deleted partition on the disk. Because no data was ever written onto the disk afterwards, the program quickly and successfully did a 100% recovery of my data. We’re talking over 50,000 files here, all integrally restored, without one byte of data loss. But there was something more that happened during the recovery. When the partition was recovered by Active@ it was rebuilt as a BASIC partition! Please note that I only had ONE partition on the drive, so I cannot say what would have happened in a situation involving multiple partitions.

Summary:

Doing this is not recommended, but should you for any reason want to, or become compelled to convert a dynamic partition back to basic without migrating the data on it and yet still keeping it, here are the two simple, and quick steps which you have to perform:

-delete the dynamic partition on the drive

-recover said erased partition with a recovery program

This will make the partition be “reborn” while still containing all of its data, but lose its dynamic property in the process, and be converted back to basic.

Warning:

-Deleting and formatting are NOT the same thing; while deleting will only raise a superficial flag that the partition no longer exists a format will completly overwrite the data on the drive, resulting in a difficult and incomplete recovery of data and nigh-impossible odds of partition recovery. A delete is something that you can do from Disk Management or the Vista/XP boot media(the option is called “erase partition” on the Vista DVD).

-Your recovery success rate depends almost entirely on what software you use; Partition Table Doctor 3.0 is freeware, 3.5+ is shareware. PTD also allows you to “preview” what the recovered drive’s partition will look like before saving any changes to the drive, and it is very recommended to use software which can perform the recovery virtually and show you the results before actually modifying anything to the drive. Remember, unless you know what you’re doing any writes to the drive could overwrite your data. If you are seeing the old label of your partition after its virtual recovery attempt, I believe you may confidently save changes made to the disk.

-Make sure there is nothing to make the system attempt to re-partition the drive in case a restart is required after deletion. This will severely affect your chances of data retrieval, and you may end up being able to recover a nearly 100% of the data but not the whole of it and be unable to rebuild the partition.

-This method has been used with success by me, on my system configuration. I offer no warranty whatsoever that it will work in other environments, partition configurations, or any other circumstances and therefor take no responsibility for any negative outcomes including, but not limited to, irreversible data loss. You have been warned.

That having been said, I wish you good luck and hope that my experience will prove useful to all you who have encountered this nuissance.

Action: Allow

Protocol: TCP or UDP

Direction: In/Out

Source Address: Any

Destination Address: Any

Source port: Any

Destination Port: <port number to be opened>

If you are trying to troubleshoot something, I suggest checking the “Log as firewall event if rule is fired” box for further debugging.

Note:

-Make sure your rule is on top of other rules which would imply blocking the port you’re trying to open or it will be ignored.

-If the program you are trying to allow uses only one protocol, you should select either TCP or UDP under Protocol accordingly for enhanced security.

-You don’t necessarily have to open up a port if only one program allows it. If you’re trying to use a P2P client that needs to open a port for incoming connections, just select it from the Network Security Policy tab and select add it a rule. You will have the same port config window as in Global Rules only that the rule will only apply to that specific application. This is a much better alternative as it switches your port back to stealth when the application is closed.

Mozilla Firefox 2.0.0.10 was released just a few days ago. The updated version of the popular browser addresses several highly-critical vulnerabilities, not all of them new. Looking down on the history of the past 10 2.0.0.x releases one can see just how many holes were patched out of a browser whose name was, and still is, synonymous with surfing security. These security releases have been getting more and more frequent, proportional to Firefox’s growth in market share.

Internet Explorer, the most popular web browser to date, and the most infamous when it comes to security, has been kept under a very watchful eye, and strongly criticized when it was discovered to still contain a number of exploitable vulnerabilities, and everytime a new vulnerability surfaced, be it serious or low, everyone would assault it with drama. Since its first release, Mozilla Firefox has only gained roughly 15% of the world’s browser market share, and already we are seeing security fixes released as often as vulnrabilities are being found in IE. This is making people wonder just how much of Firefox’s legendary security has been related to faulty IE programming, and how much due its lack of appeal towards hackers because she wasn’t as widespread…

Internet Explorer’s criticism

Released on October 18, 2006, Internet Explorer 7 was made available on both Vista, and distributed via Windows Update to Windows XP machines. On the official IE7 page before the release, Microsoft was addressing visitors: “We heard you! You wanted it faster and more secure.” to a world where IE was largely considered a sluggish and far-outdated piece of junk with more security holes than a no. 9 sponge by all who knew even a bit about surfing the Internet. IE7 was expected to change that view, but it managed to shine only for a little while, until the first vulnerabilities were discovered. Quickly, the media went screaming and IE7 fell into… well not disgrace, but it was quickly tagged mediocre and placed on a seat not far from where its predecessor was standing. However, nobody was truly concerned when its main competitor, now invading the market share and still growing, began to exhibit similar symptoms as its popularity grew…

It’s true. Microsoft discloses their vulnerability findings publicly. Every patch they release is followed by a Knowledge Base article describing in detail what has been addressed. This lead to the infamous Exploit Wednesday, as hackers are quick to exploit these zero-day vulnerabilities on yet-unpatched machines. Mozilla keeps their track of faults under more secrecy. Their browser is also far less widespread. Creating a program to surf through billions of man-crafted web pages safely is a huge responsibility, and even a mammoth like Microsoft, with more years of experience than the vast majority of software producers, cannot be demanded of to anticipate and address all of these problems, especially with ever-more clever deception-based threats such as phishing.

The truth about secure software

Microsoft does not address their vulnerabilities as rapidly as other software vendors. However, take into consideration how many things Microsoft has to cope with and do at the same time. As many would say that Microsoft’s programmers were probably high on something when they wrote the code, they have been listening to the demands of people. IE6 was insecure because back when the code for XP was written, security wasn’t seen as such an important issue. However, with the initiation of Trustworthy Computing, a new approach has been taken towards building software. And it shows. Their browser is more secure, faster, and supports many of today’s content standards. For a program that is being targeted by millions of brilliant hacking minds worldwide I’d say they did a pretty good job. Mozilla on the other hand, I think is only beginning to glimpse at what it means to have such a responsibility.

So what is the truth behind IT security? Are the programs adored by so many just the result of under-exploitation and lack of hacker targetting? I don’t think that’s entirely true, but with security legends such as Mac OS and Opera I believe it is the case. Hacking is complicated and tedious work. Why would a hacker begin to study a closed-source structure of programming complexity and dedicate so much time to understanding and seeking weakness if they know the end result will affect so few? No program can ever be 100% safe except maybe “Hello world!”, and while code being put to the test by tens of millions of people everyday does its best to try and keep up, security AND STABILITY myths are being weaved around the less popular applications.

Conclusion

Firefox began as a dream to make the Internet a safer place. Today its ever-increasing role on the world-wide web has made her get the attention she so craved for. Now begins the second stage in her life, and a more realistic image about program security is beginning to take shape. Firefox is and will remain my favorite browser. The interface, ease of use, and the richness in plug-ins have made Firefox prefered to me over IE, Opera, or Maxthon. As the black hats begin to turn their attention to the only browser on the market that has a chance of dethroning the world’s long-standing king of browsers, I believe that Firefox will live up to the dream that gave her life in the first place, if we ourselves wake up from our security dreamworld…

Windows Vista was approaching the market with a promise to improve security more than anything. Wether it did or didn’t succeed in that, it sure made a lot of users angry. Many complained about performance issues, hardware requirements, and overall slower response than that of XP. Now users are caught in a tug-o-war between XP and Vista between an older but faster and less plagued by problems XP and a Vista which paves the way for the future but comes with little to no new functionality that can’t be achieved by its predecessor.

Microsoft is pushing the deadline on us, trying to demonstrate XP’s age with this last Service Pack, SP3 being a milestone which marks the end updates for XP and therefor its age. But instead it’s achieving the exact opposite as tests so far show that XP SP3 might gain a 10% speed boost to its already Vista-outperforming speed while the latter will get less than 2%. Vista has largely overcome its compatibility issues and fixed most of the young operating system’s bugs. However, its infamy for being 4 times the size of XP and twice as slow as XP is making users steer clear of the shining Windows orb for the most part. Scales tipping more and more in favor of Windows XP even though Vista has been out for an year, XP is competing with its successor as if itself was the actual new version, not Vista. And all in all it looks as if everyone just wants to turn back time. Whoo boy, where did Microsoft go wrong this time…?

What we’re seeing is nothing new!
A new Windows operating system with higher hardware requirements, slower starup time, and more disk space usage is neither new nor different from any of the previous releases of Windows. If you’ll remember when Windows 98 came out and most computers didn’t have more than 8 or 16 MB of RAM, or when XP demanded 128MB and Windows 98/ME ran fine on 64. Well now Vista is demanding at least 1GB of memory just to work to a world which still runs XP and all their apps happily at 512MB of memory. My first Win95 machine had Windows take up only some 40MB of drive space, ME is taking up some 500MB with all features installed on my virtual machine, and XP was using 2.2GB before I switched to Vista. All their startup times have grown in a similar manner too. So then why did Vista have a completly different adoption story than that of any of its predecessors?

What brought XP to where it is…
Well looking back at the Windows OSs prior to XP what do we remember the most? Isn’t it the BSODs, hangups, and all those abhorrent DLL errors that we’re so glad to have gotten away from? In short each OS was adopted because its predecessor more or less disappointed our expectations. They each were better than their parents, but in the end the same core problems persisted throughout the Windows DOS-based family as they inherited platform’s limitations and weaknesses. Windows releases were successful because users back then all knew it deep inside: something must be made better, something must change. And ME was the point where everyone had clearly had enough of it.

And so it happened - Windows XP, or should I say 2000. Home users weren’t there to witness it first, but the Windows Messiah was already running in production environments. And sure enough, XP was their biggest hit. Back when random hands or blue screens crashed everyone’s systems, sometimes even on startup, a well handled XP could go for years without even one crash. But it wasn’t perfect. Where stability had been addressed security was being left behind in an ever-more dangerous world. In a very late end Microsoft realized that this needs serious attention and decided to delay SP2 for it. And the fire was finally put out. Over the years we got used to it and came to love it. We no longer thought of XP as something that needs too much improving except maybe a few bugfixes here and there. All our OS needs had been addressed. We didn’t NEED another OS.

…and what’s keeping it there.
So what did Vista really bring new? The most changes are under the hood, where home users will never look. Vista’s step forward in security was an enforced permissions system and a more secure-by-design structure, but which will never be a substitute for security software. Malware is not more acceptable nor is lack of system protection thanks to the new OS. As for stability, well improvements were made, but if Vista is truly more stable than XP SP2, then I think we all know just how stable XP SP2 is, which is well within acceptable values. The true improvements made with Vista, more up-to-date code and readiness for the hardware of the future is far from user’s interests. For them XP does the same job much more lightly. So with stability and security improvements deemed unnecessary(or at least not urgent) by the market, why bother?

What Vista and SP1 are to you
Vista didn’t fail because it’s incompatible, bloated, or because it’s got naggy allow/deny pop-ups that can easily be disabled from the control panel. It’s also not a reason to upgrade to just because of eye candy which 3rd party XP software can easily replicate. With Vista SP1 Microsoft did all they could do best - they addressed customer complaints and helped patch problems of a still-young and immature OS. It’s all they should do too. If you’re looking for compatibility and bug fixes you’ve got them. But in terms of performance Vista is just the way every new Windows has been. Both today and tomorrow’s hardware(especially SSDs) are greatly mitigating that.

Furthermore, Microsoft will be releasing a Vista SP1 RC to the public in mid-December, just like they did with Vista itself. Users such as yourself, who develop and plan the Windows OS more than any occult meetings and marketing discussions within the company ever will, will now get another chance to shape Vista the way you want it to be. Microsoft os ditching the cruel WGA penalty from pirating Vista to your requests and has made critical security updates available to pirated Vista copies, so I doubt there’s more proof than that that they’re not putting their own profits over Windows experience. Nevertheless, beware pirates, as the new Service Pack may(momentarily) kill your cracks! But whoever benefits or suffers from it, Vista SP1 is being expected with more or less enthusiasm by a world who just wanna know: “Is it safe to try Vista yet?”

Vista isn’t a failiure because it’s a bad OS. It’s being overlooked because its predecessor WASN’T a failiure. Vista is the future, but our present satisfaction with what we have is what’s making it fight with the past…

Everyone’s buzzing around snooping for any bit of information on the upcoming Vista SP1 and SP3, well on a more immediate basis, Microsoft released their monthly patch bulletin today for Windows OSs. Aside from the usual Malicious Software Removal Tool, this December’s Patch Tuesday, last of the year, most notably brings security fixes for both Internet Explorer and Windows Vista, particularly dealing with video format vulnerabilities so that users this Christmas can do their online shopping and relax with a few videos with less security worries on their minds. However, if you’ve upgraded to Microsoft Update and installed Microsoft Office 2007, you’re in for a hefty surprise…

Microsoft released two updates for Office. One is the usual E-mail Junk Filter that they issue as regularly as the MSRT. The second however, is what makes the whole Windows Update of the month weigh no less than 200MB. Can you guess what could be so big? A service pack. Yep. Office 2007 SP1 released just for you. You’re probably wondering when this happened, well to be honest I really don’t know. Everyone has been watching Vista SP1 and XP SP3 so much that they probably didn’t see Office’s Service Pack creep up, much sooner than the others.

The whole update will take some time to install, on my computer it took longer to install than any of the other updates put together. Also given that the update is continued during the upcoming shutdown and restart, expect a longer-than-usual startup preparation, longer than the usual reboots that WU requires.

To a Microsoft Update system, there will be a total of 10 patches, with all but one aimed for security. The one patch that isn’t security-related yet still important is KB942763. And so far it is also the only update that has failed me. Way to go Microsoft. Patches have failed me before but I always managed to troubleshoot them. I was hoping to do a full year without any WU failed patches but oh dear, that will not be possible. The update addresses a few obscure law-imposed DST changes in several countries that has no importance to me space or time-wise, since I am not in any of those locations nor is it time for daylight savings changes. Furthermore when I googled the error code 80070643 all I came up with were Office 2003 update issues. So I’ll be letting this fallen one rot in my Hidden Updates list, I really have no interest on figuring out its cause.

The Christmas presents don’t stop here however. Microsoft is prepping up the Vista SP1 RC for public release some time real soon. I remember the blunder I made with installing Vista while it was still beta, but I am still thinking on wether or not to to install the RC on my system.

On a side note Comodo Firewall popped up asking me wether it’s safe to allow TrustedInstaller to update. It’s supposed to have 1 million+ safe applications on its whitelist and it would be common sense for Vista’s components to be on it. Interesting…

Windows Vista SP1 was released to the public yesterday. Microsoft is offering the most discussed Service Pack of the year in near-final stage to the public. Anyone who wants to give it a go can visit this page and follow the instructions on there. The download is a small batch file which adds keys to the registry, similar to how SP1 enthusiasts were able to download it in the past with or without Microsoft’s disclosure. This is because the Service Pack is not available to download on a web page, but via Windows Update by anyone whose registry contains said keys. Before the Service Pack itself a 4MB update, called KB938371, needs to be installed. The update itself was very slow to download, making me wonder how the update servers’ bandwidth was coping with the huge number eager testers. Slowly but surely, it downloaded and installed. A restart was required. That’s when the trouble started…

SP1 prerequisite update
Microsoft had at long last released the update which they hope will encourage everyone to adopt an operating system which recieved more complaints than praise during its first year of run. Under the watchful eyes and nimble fingers of the brave who took up the task of testing the Service Pack, millions of copies were being downloaded and installed. And yet there I was, having freshly installed a 4-megabyte prerequisite for SP1, watching and waiting on the shutdown screen for “Windows to finish configuring updates”. The little circle was still spinning, but it had been minutes after the harddrive and noisy CPU fan had stopped buzzing with any kind of activity. And I waited. Another half an hour passed. Nothing.

Windows errors, here we come!
I hit the RESET button on my case. With a beep the screen went black, and tens of lines of POST checks and initializations filled the screen, clearing once. Windows started booting again, and I wasn’t sure what impact my forced reboot had had on the update. Windows “prepared my desktop”. Slowly. It did not bother configuring any updates. And that’s when I knew something went wrong. As I entered my desktop, a tray balloon pop-up announced that “Windows could not connect to the Event Service”, and that limited users may be unable to log on to the machine. Irrelevant to my one user account machine but an error nonetheless. Windows took considerably longer to load everything. The Windows Update window that I hastily opened was stuck until the very end of the startup. Before I could check anything, the floppy spun and the window, icons, taskbar, and start button began disappearing one by one. Windows had just gone into another restart.

Round two?
Windows booted again. This time as fast as usual. But the error in the system tray was still there. I opened Windows Update and checked the update history. KB938371: failed with error code 80004005(which stands for “unspecified error”). Unspecified Error! Way to go Microsoft! I checked the update list and saw it wasn’t installed. Well at least that went fine. I didn’t end up with a half-installed update afterall. Guess at least Microsoft’s brag about Windows Update’s atomicity when they released it was right, although I really wished I hadn’t witnessed this free demonstration. The update had failed but left my OS with an error. I did a System Restore and rebooted again.

Knockout!
Error. That’s the first thing Windows said the moment the BIOS was done and passed control over to it. “Winload.exe is missing or corrupt, please insert your Vista DVD and repair blah blah blah.” Now what…? Said and done. I popped in the Vista DVD and did a repair of startup. It worked. Windows loaded. This time there were no more tray errors and everything was running fine. I did however get a popup saying SR did not run because a problem had interrupted the restore process. No really? And now the restore points from before my debacle were all gone so there was no turning back. Just in case I rebooted, to make sure I get no more Winload.exe errors at boot time. Windows seemed fine. But now I didn’t have SP1 installed did I?

I just never learn…
I tried the update again. Surprisingly enough, this time it shut down without incident. Then, on the next startup, wham! The same System Event Service errors again. I checked task manager , and saw drvinst.exe running several times with long command lines, before Windows rebooted again. And after another reboot, yes, winload.exe errors. One Vista DVD and restart later everything was back to normal. I had spent two hours and wasn’t even able to begin installing SP1.

Sooooooo, where are we now?
I am currently investigating into this matter. I have used up my free tech support time, but then again they don’t offer support for Vista SP1 anyway, so I’m on my own. A Google search of Windows Update and the error code reveals only problems with Office 2003. There are no KB articles, no Experts Exchange questions, no forum posts, nothing. I am considering of reinstalling Windows Vista from scratch, which shouldn’t take too long. I have, for now, unsubscribed from the SP1 Release Candidate. To do so, one has to delete the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\VistaSP1 key. Either that or find and download SP1 manually, hoping it won’t ask for that troublesome update or that itcan install it without incident. I will return to it, be it on this Vista install or a fresh one. Curiosity and app-mania can’t keep my mind off the most interesting beta RC of the year, but really Santa, have I been that naughty???

The button color interface bug which I reported STILL hasn’t been fixed.

One year ago…

It was back when Vista was still RC1 that it first happened to me. AIM was working fine on the pre-release OS, but as application compatibility had turned me into an update freak it wasn’t hard to come across the fact that AIM 5 was being updated for Vista compatibility. AIM6 didn’t please me. It didn’t have file sharing. So I went ahead and installed the program. I can’t recall when, but the first issue I noticed was in Winamp, when my music stopped playing. Then I noticed a red X over the network icon with a “Server execution failed” message. From there on lots of other things went wrong. My system rating in the properties sheet was not showing, Network Center froze, and my ATI catalyst stopped running on startup. Far worse than any virus infection had ever got me…

Until I found the cause….

Took me a full reinstall and redoing the same blunder, and unnecessary Windows tech support to realize AIM was being the culprit. System Restore fixed it. I downgraded it to version 5.5 and it stopped doing it to me. It was February back then, and nobody had a clue what was going on. I posted a thread in the TechNet forum and forgot about it. and I also announced tech support as my issue was resolved. I thought I’d seen the last of it, well I was wrong.

And to the present.

January 2008. I have four separate accounts for AIM, running it alongside AIM+ so all 4 screen names are active. I’m using each to share one harddrive because sadly you cannot set it to share the whole computer from just one. But my real, fifth account which I use for IMs is separate. You may wonder why I’m not using a FTP client. Well AIM’s ability to allow direct connection and sharing of files through any firewall, if connected via HTTP, and to bypass filesize restrictions by my college firewall makes it a lot more flexible than any FTP client. Furthermore, failed downloads can be resumed from where they were interrupted. But AIM5 is getting ooooooooooold nonetheless. That annoying taskbar window whenever I set an away message and the overall feel are just… blegh. I decided to install AIM 6 for my SN. Guess what? The same havoc all over again.

It’s hip and happening.

Running a quick search through Google I was shocked to find the number of threads and places this issue was being discussed in, and that my old TechNet thread was still going?! I can’t believe the irresponsability of AOL not having fixed the issue thus far! Back then it was AIM 5.9 which did it to me, but as I found out any version over 6.5.3.12 beta will do the same. Unbelievable. Such a wide-spread program putting so many machines at its mercy, and AOL not moving a finger after one year… Apparently the issue has become quite documented now. People have found out about System Restore being able to revert the damage, but they had also uncovered some things I didn’t know. I never knew the issue is only caused when UAC is off, since I always keep it that way. Sp another way is to simply leave UAC on while installing and running AIM. Yeah, I know, that thing is actually good for something for once… And there appears to be a second fix which involves adding the Local Service to the Administrators group. Not recommended as this leaves behind a massive security hole.

Workaround?

The AIM 6.5.3.12 beta will run fine. However, it has the massive downside of nagging you every few hours with upgrade toasts. And there is no way to disable them. These popups are launched by the aolsoftware.exe process, which launches another instance of itself solely for the upgrade. Aolsoftware.exe may be safely deleted in later versions of AIM. However, in this beta it will leave you with a connecting window and never show you your buddy list, so eliminating it is out of the question. Blocking its internet access via firewall is useless, but if you have a good firewall with program control capabilities such as ZoneAlarm or Comodo you should be able to deny it the right to launch other programs, therefor stopping it from running that nagging 2nd instance of itself. You will then be able to finally use AIM 6 on your machine without worrying about anything going wrong.

Help if you can!

If you are interested in why this issue is happening and would like to help, there is a 2nd thread on the TechNet forums investigating on the problem. The very best indicator as to when Vista is actually damaged is not the network icon, nor the media players, as they can break down much later. The most immediate indication is opening the System Properties window and seeing if your Experience Index is showing. If it’s not, consider a System Restore. Combing the problem would be possible with a program control mechanism such as the ones said earlier. It would involve setting the firewall to “paranoid mode” to ask everytime a change is made to the system by the installer, and then check the System Properties sheet again. Perhaps once the problem has been precisely pointed out and enough pressure has been put on America Online they will consider fixing their flaw. Shame on you AOL. Again.