Windows XP

Vuescan: A review from a non-photographer’s perspective

Dave Farquhar Software , , , , , ,

Vuescan is a third-party scanning tool for most versions of Windows, OS X, and Linux. It supports hundreds of scanners, including those abandoned by manufacturers. It’s probably better than what came with your scanner. The pro edition probably costs as much as your scanner too, but comes with lifetime free updates, so you know you’ll be able to use your scanner for as long as it continues to operate, rather than rolling the dice on manufacturer-provided drivers working with your next upgrade. And you can run it on up to four computers at a time, which is nice.

Full disclosure: I bought this software myself. I was not provided a copy for review, nor am I receiving anything in exchange for writing this review. Now that’s out of the way, and you don’t to have to guess about my motives. Read more

I don’t want my light bulbs on the Internet

Dave Farquhar security , ,

I heard this week that the first vulnerability in smart light bulbs has been discovered–they can leak your wifi password.

I suppose I can take comfort in the cost of the bulbs–they cost $129, which means not a lot of people will have them, in a world where people complain about paying $5 for an LED bulb. Then again, for $129, I think it’s reasonable to expect a little bit of security. This isn’t a $15 router with a $2 profit margin. To its credit, the manufacturer immediately issued a patch to fix the vulnerability.

The problem with devices like these with security vulnerabilities is that they will be around a very long time. Read more

XP may not be as bad as it sounds

Dave Farquhar security, Windows ,

Patrick Gray and Darren Pauli of The Register blasted the continued use of XP on Risky Business last week.

But I think their criticism is based on an assumption that may not be correct. Read more

Curious conspiracies… or maybe just progress all at once

Dave Farquhar security , , , , , , , , , , , , , , ,

In the wake of Truecrypt’s sudden implosion, someone sent me a link to this curious blog post. I can see why many people might find the timing interesting, but there are a number of details this particular blog post doesn’t get correct, and it actually spends most of its time talking about stuff that has little or nothing to do with Truecrypt.

What’s unclear to me is whether he’s trying to say the industry is deliberately sabotaging Truecrypt, or if he’s simply trying to make a list of things that are making life difficult for Truecrypt. His post bothers me a lot less if it’s just a laundry list of challenges, but either way, the inaccuracies remain. Read more

Windows XP rises from the dead… accidentally

Dave Farquhar security, Windows ,

I’ve been hearing predictions for a year that after Windows XP went out of support, it would only be a matter of time before people started backporting patches to it.

As it turns out, they don’t have to. Windows XP has a close relative, Windows Embedded, that doesn’t go out of support until 2019. The people who are fretting over XP-based ATMs and cash registers don’t realize many of those devices–those built in 2009 or later–are running Windows Embedded. It looks just like XP, works just like XP, and installs a lot like XP, but it’s still supported. The bigger question is whether the people running it are patching it, but that problem has existed ever since Microsoft released Windows Update.

Well, with a simple registry hack, it’s possible to make Windows XP look like Windows Embedded and keep getting updates. Microsoft quickly issued a statement, and some people are predicting Microsoft will quickly close that loophole.

I’m not so sure about that. Read more

Windows Technical Support calls me again

Dave Farquhar scams, security, Windows , , , , , ,

“Oh, so you think you’re Mr. Genius Man,” the crackly voice said, drowned out by static caused by his cheap VOIP connection. “Enjoy your broken computer, Mr. Genius Man. Goodbye, Mr. Genius Man.”

So ended 23 minutes of my life that I’ll never get back, but I figure it’s 23 minutes he wasn’t spending scamming someone else. I don’t do it often, but my kids were playing nicely and we were all in the same room, so I guess I don’t regret it too much. Read more

What I did for Mother’s Day

Dave Farquhar Hardware, security, Windows , , , , , , , ,

Last month, Rapid7’s Trey Ford appealed to security professionals:

You have an opportunity to be an ambassador. When you see XP out there, have an adult conversation, educate in terms that others will appreciate. Your actions and words reflect on the entire community.

As the family CIO/CSO – look for the smart investment. There are options that will make your life easier. A small investment is a lot easier to stomach than compromised shopping/banking/credit card credentials (or identity theft.)

Read more

Microsoft was wrong whether it patched XP this time or let it burn

Dave Farquhar security, Windows , , , , ,

Years ago I heard a joke that reminds me of the situation Microsoft found itself in last week with its latest IE vulnerability:

If a man is alone in a forest, and there’s no woman there to hear him, is he still wrong?

I was as shocked as anyone when Microsoft released just one last Internet Explorer patch for Windows XP on May 1. I can argue either side of the issue, but I don’t think I can argue either side convincingly enough to get a simple 50.1% majority of people to agree with me, because I’m not sure I can argue either side of the issue convincingly enough that Iwould agree with myself.

I think it’s important that 26% of all web traffic is still coming from Windows XP today, nearly three weeks after it went end of life. That likely played into the decision. Microsoft was in a no-win situation here, and they had to decide whether they wanted to lose 1-0 or 24-1. So I don’t think it matters all that much, but here are the pros and cons of each side, as I see them. Read more

IE gets patched and XP gets a reprieve

Dave Farquhar security, Windows

In case you haven’t heard, Microsoft released an emergency patch yesterday afternoon for the bad Internet Explorer bug that prompted the Department of Homeland Security to tell everyone not to use IE until further notice. That was no surprise, given the amount of publicity behind this bug.

What was a surprise was that they went ahead and released the patch for Windows XP as well. So, unless something really weird happens, the very last patch for Windows XP is MS14-021, issued 1 May 2014.

If you run Windows and your PC didn’t tell you this morning it applied updates automatically, go to Automatic Updates in Control Panel and download the fix.

Windows XP gets its first forever-day

Dave Farquhar security, Windows ,

This week Microsoft disclosed a critical 0-day flaw in Internet Explorer. Microsoft is considering an out-of-band patch, but regardless of when the patch gets released, no Windows XP patch will be coming, except for the companies and governments who are paying a large fee for end-of-life support.

This was about 20 days later than some people estimated, but now it’s happened. The mitigation is to run EMET. But in the long term, getting to a new version of Windows is the only viable option. You can do this on the cheap if you need to.

While we’re talking about browsers, Chrome has the most CVEs associated with it, making it numerically the least secure of the browsers, but they have the fastest time to patch, by far, so the numbers are very deceiving. So using Chrome isn’t a bad choice, especially on XP where Internet Explorer is out of date and forever EOL.