20 July 1969 – Moon Landing 40th Anniversary

[Originally posted 7/18/2009] Assuming you are over 40 where were you on that day? I had the outline and major points in mind but could not come up with all the details until I did some research into my files.

I was in the Air Force at the time and had recently graduated from a Master’s program in Electrical Engineering at the Air Force Institute of Technology in residence at Wright Patterson AFB, Ohio. On graduation I was sent to Brooks AFB, Texas to do some research related to the Air Force space program’s Manned Orbiting Lab so I was interested in the space program and had been following it closely.

I had been sent to attend the 8th International Conference on Medical and Biological Engineering in Chicago, Illinois. My travel there just happened to be on that day in July 1969 and I was rather beside myself wondering how I was going to see any part of the landing. According to my travel voucher (yes, I kept that 40-year-old carbon-paper-created record!) I left San Antonio at 11:15am and arrived in Chicago at 5pm and then the hotel at 5:45pm (OK, the record says 1745 but I translated :-)). The LEM set down at 4:17pm EDT (3:17pm in my time zone) so I was in the air when the landing actually happened. The pilot announced it however and the plane broke out in cheers. That left the first step however. It was scheduled for four hours into the mission timeline.

Since I was traveling with a group of other officers I had to keep with them — to a party one of the group was invited to.

Fortunately, the house where the party was held was large and they had a large B&W television in a den away from the main party group. So, after having some munchies and a drink I and a few others asked permission to use the TV and we retired to the den to watch that first step for (a) man that was history in the making.

It was only later that we all learned how perilous that trip really was. The hull of the LEM was only as thick as about three sheets of the aluminum foil you have in your kitchen. The airlock with the command module had a bit of air still in it on release and that was enough added thrust to put the LEM several miles off course. The long landing time; using more and more fuel which later turned out to be a blessing as Mission Control had calculated a small probability of blowback from the surface igniting the fuel tanks and causing an explosion. The soft landing which turned out badly as it did not compress the shock absorbers and left a 3.5-foot gap between the bottom of the ladder and the surface. The flag staff which they had trouble putting into the surface rock (instead of the softer surface expected). After putting it up they avoided the area so it would not fall over. [Added 2013: As a point of trivia, the flag was blown over when the LEM took off so later missions placed the flag further away and they are still standing.] And, all using computers less powerful than the average cellphone today. Finally, Buzz had to be certain to leave the door to the LEM open as it had no outside handle and would have locked them out if closed!

Amazing at the time and still amazing now.

That’s my tale of the time. Watched the first step in a far-away-from-home den with an unrelated party going on in the background.

Microsoft Automated Troubleshooting Services

This may not be new to some but I suspect many avoid the Microsoft site when having problems with Windows in fear of being charged or not being able to easily find an answer.

In so doing, you may be ignoring some valuable resources for problem solving. The Microsoft Automated Troubleshooting ServicesWeb Link provides automated tools for scanning your system and suggesting fixes for a number of categories of “popular” problems for Windows.

At this time, these include (among other things)…

  • Common system maintenance tasks
  • Problems with overall system speed and performance
  • Problems with power usage and battery life
  • Windows Search is not working or searches are slower
  • Windows Vista Aero Glass visual effects are not working
  • Printing problems and printing errors
  • Your CD or DVD drive cannot read or write media
  • Hardware devices not detected or not working
  • Problems with sound and audio or no sound
  • Windows Vista Aero Glass visual effects are not working
  • Problems with sound and audio or no sound
  • Hardware devices not detected or not working
  • Your CD or DVD drive cannot read or write media
  • Printing problems and printing errors
  • Common system maintenance tasks
  • Problems with overall system speed and performance
  • Problems with power usage and battery life
  • Windows Search is not working or searches are slower

When you select a topic you are taken to a page where you can get help with testing and diagnosis.

MS Fix It

Create Glassy Buttons

Many sites use glassy buttons. Many tutorials try to explain how to build them. It’s detailed work using layers and the like but you don’t have to go through all that because…

One website builds them for you. Take this example (which just changes color on mouseover)…

Button Example

It took all of about 10 seconds to build and the files necessary for display of the button in three formats (gif, jpg, and png) were zipped into a package along with the options selected in a readme file. Just click on a link and download the package, then use the button.

Best of all: it’s free.

Where is this generator? Here: http://www.netdenizen.com/buttonmill/glassy.phpWeb Link


[Comments from original 8/2/2009 post.]

Said this on 2009-10-28 At 10:38 am
Yes, this site is very helpful in producing fancy buttons quickly.

Yet, I am rather a beginner at this. Could you explain to me, once I have downloaded this file with two jpg files. What HTML code do I use when putting this into my website?

Said this on 2009-10-28 At 10:45 am
I found the answer on: technojuice.blogspot.com:

The only drawback is that there is not embed code with the image zip file which would have made this super easy to install, TechnoJuice to the rescue !

Just use this line of code to install and get the mouseover / rollover effect

Said this on 2009-10-28 At 10:48 pm
In reply to #2
Sorry for the delay – was out of town. Yes, you found the answer but you could have also found the same answer by asking your browser to show you the source for this page and then found the reference to the button above and copied that. 🙂 [Just a hint for future explorations.]

Said this on 2009-10-29 At 01:49 am
In reply to #3
That’s a great idea!

(anyhow I was having some trouble with the html I found. So now, if I compare the html that I found, with your html — I think I am beginning to understand how to use it)

Said this on 2009-11-08 At 05:09 pm
I am confused. Now, after a couple of weeks, I have come back to Netdenizen.com site to make some more buttons.

I remember how to fill in the boxes. But I can’t find a button to click on to produce my newly designed button! Where am I supposed to click?

Said this on 2009-11-08 At 06:39 pm
In reply to #5
You can press the Enter key but the “Reload” button at the top is apparently the proper choice. Make your changes in the various fields, hit the Reload button and observe the results, and then, if you like it, click on the download link.

Said this on 2009-11-08 At 05:14 pm
I guess I just figured it out. He wants us to push our ‘enter’ key on our keyboard!

Gosh, why not put a button on the button website titled “Make the button”?

Said this on 2009-11-09 At 11:39 pm
Mr. Boss,

This is getting rather lengthy — but I had one more problem which I guess i solved.

(first of all, yes, “Reload” does produce the requested button. I guess I find ‘reload’ as a little confusing. I would prefer something like ‘Make my button’
My new problem was: the text of the button produced was not when shown on my website:


I was using the JPEG format of the buttons. Next I tried the GIF version — also not clear.

Finally with the Gif version — vwalla! — the text was clear. Did you find this too?

Said this on 2009-11-10 At 12:01 am
In reply to #8
JPEG images will always be less clear than GIF images as JPEG compresses with losses. GIF compresses without information loss but has a limited color palette so may or may not be clear. PNG also generally uses loss-less compression and a larger palette and so usually produces the best images but some earlier browsers don’t render PNG transparency well. So, there are various trade-offs when using graphics.

What’s WOT?

Web of TrustWeb Link is a community-based surfing tool that uses a peer-based rating system. The rating system is implemented as a browser add-on and the add-on is available in a number of languages for both Internet Explorer and Firefox. When you browse to a website rated poorly, WOT will put up a warning page where you can then decide if you wish to proceed or not.

WOT Warning

When registered WOT users browse to various websites they have the ability of rating that website based on trust, reliability, privacy and child safety. The rating is a sliding color scale from red (bad) to green (good) with various colors between.

WOT Rating

Ideally, ratings reflect the true nature of the website being rated. Practically, however, they sometimes do not and this can lead to some mis-information. Note: Overall WOT is a good thing with mostly good ratings. The ratings can, however, be influenced in a negative direction undeservedly. Various factors enter into play here. Among them can be…

  1. Users will often not bother to rate a website if they think it is good. They visit a site and get busy doing what they are doing at the site and just ignore the WOT rating. This would tend to bias the ratings toward the negative for a site with few ratings. The more ratings there are, the more likely the rating is closer to accurate for any given site but even that is not necessarily sufficient.
  2. Vendors like to get any advantage they can. This means that one vendor can go to a competitor’s site and give a less than good rating to that site. If that vendor can get enough people to do likewise then this skews the ratings. Of course, the reverse is also true, a vendor can skew ratings to the positive for themselves using similar methods.

WOT says: “WOT tracks each user’s rating behavior before deciding how much it trusts the user….You must prove yourself before we take you seriously. The system will ignore all ratings created by a user attempting to manipulate the reputation data.” This would be an attempt to guard against the problems above. No matter how sophisticated the algorithm for deciding how much to trust a rater, problems can still arise so the ratings should be taken as a guide and not absolute. Comments are allowed so if there is doubt go to the WOT rating page and read some of them. Note that WOT even provides a method for raters to disagree with the comments so also pay attention to the number at the end of each comment to see how many have disagreed with the rating.

As one example, I’d like to take the site liutilities.com. Please note that in the interest of full disclosure this site provides software advertised on CKnow.com. I’ve used this software for some time and find it useful. The Windows registry does collect a bunch of junk that should be cleaned out now and again. Registry Booster does this well. Why mention this? Because sales pages on their website are fairly aggressive. They offer a free scan and since the Windows registry collects junk almost daily the scan is going to show various errors. Any registry scanner will give this result. The problem is that people will read “free scan” as meaning “free scan and fix” and that’s where the problem comes in. Words mean things and a scan is just that, a scan with NO promise to fix anything. For this reason, WOT users will often give sites like this a bad rating for mis-advertising when, in fact, the problem is not the site but the user not reading the site correctly. If you want to read more about this, please see the CKnow page How Do I Read an Internet Product Page. For now, let’s just look at how two rating services look at the liutilities.com site.

Liutilities.com at WOT

Here is the rating at WOT on the day of posting this entry [9/4/2009]…

WOT Rating Example

Note that it’s red for just the reasons above. People mis-read the product page for the most part. As I said, I’ve personally used the software for some time now and find it both accurate and useful.

Liutilities.com at McAfee Site Advisor

The McAfee Site AdvisorWeb Link site is a professionally-run site with ratings based on actual examination of websites by trained staff members. User ratings are taken into account but each rated site is examined in detail, even to the point of downloading and testing any software offered by the site. Look at the difference in their rating…

McAfee Rating

Note that it’s green and that all software on the site tests malware-free. While they are below the capture point, all the links on the site also point to green sites. In short, a completely opposite result from the WOT rating.

Bottom Line

Rating sites like WOT can be helpful but they can be misleading if followed blindly. Sometimes it’s good to get a second opinion.

[Comments from original 9/4/2009 post]

Said this on 2010-02-02 At 12:50 pm
WOT is a very good complement for firefox, I recommend.

Said this on 2010-07-27 At 03:56 am
Web of Trust (WOT), is amazing tools for fir fox.

Said this on 2010-11-11 At 02:52 am
WOT is a scam. Competitors as well as the WOT users blackmail the webmasters by giving negative comments. It’s so easy to manipulate the rankings….this crappy service must be banned.

[It would be nice if they had better means of detecting gaming of the system. Not sure about banning but some changes would help their credibility a lot. –DaBoss]

Said this on 2011-09-18 At 06:22 pm
I find WOT helpful and I believe it has stopped me from visiting a few really awful locations. But it must be taken with a grain of salt. Think why people might rate a site badly if they are angry with that company. Also if a person has enemies they can give bad and unfounded ratings. It’s like reading ratings on anything else. Then there are those with more nefarious intent. When in doubt I read the ratings to see if there is any foundation.

Anthony Sassienie
Said this on 2011-11-07 At 04:54 pm
After spending weeks completing my new website, suddenly the WOT rating turned to orange.

I have become a victim by using a sub domain.

The reputation of each subdomain contributes to the parent domain’s reputation. If a domain has lots of untrustworthy subdomains, its reputation will suffer, and, therefore, the reputation of any new subdomains will suffer as well.

I believe WOT should be discontinued. It`s unfair and has the ability to destroy a website`s reputation for no good reason. It`s like being accused of a crime with no trial.

Said this on 2011-11-09 At 02:02 am
In reply to #6
I don’t think that is the real reason, they (WOT) use this scheme to force you the site owner to pay for a trust shield that costs 500 dollars a year. Facebook is the most dangerous site and it is blacklisted yet has excellent score by WOT , reason ? Facebook paid them to give it a good score. How much money ? probably millions .

The small site owners who go get rated at WOT should expect this to happen.
You have all green excellent
They offer a trust shield for one free month.
They rate your site bad and the shield changes to reflect the poor ratings
They write to let you know that until your ratings go up your site can’t be trusted, but offer to sell you a shield for 500 dollars a year.
This scam is capable of hurting many good sites and business that is why they have a class action suit against them .

This is a huge scam, stay away from this add on it is spyware. They are collecting user info to later sell as an asset when the jig is up.

[Sure would be nice if people who ranted like this would actually provide some PROOF before putting finger to keyboard. I probably won’t approve any more no-proof junk like this in the future; just leaving this one as an example of what not to post. Disliking WOT is certainly OK; just make certain that the dislike is not laced with junk that you can’t prove. –DaBoss]

What Did You Do to FILExt?

Back when Microsoft was testing Windows XP Computer Knowledge had a single page of file extension listings. Many others had such lists as well but the CKnow list had some links to software vendors in it. Microsoft found that page and set things up so that when XP tried to open a file it did not know how to open it gave the user the option of choosing a local program or go to the Internet to find the answer. That Internet link took one to the Microsoft Windows Shell site where they were shown a link to the CKnow page (with a few options in smaller type below).

As usual, Microsoft gave no notice they were going to do this so one day I suddenly found my CKnow.com bandwidth heading rapidly toward the host maximums. I did not know why until one user was kind enough to use the contact form on the site to ask a question and that led to my realizing the XP beta was the cause of the bandwidth spike.

In a “make lemonade from lemons” moment, I spun that page off into a site of its own and FILExt.com was born. I went through several web hosts and a conversion from static HTML pages to a database format as XP grew in popularity. My biggest mistake was using a flat file database rather than a relational database as the flat file database structure made it difficult to make mass changes. The whole was kept in a Microsoft Access database on my system with ODBC connections to the MySQL server on the web host for updates.

Microsoft kept sending people to the site and in 2006 it reached a crest of pushing out almost three terabytes of data each month. With so many people coming to the site the submissions came in at a rapid rate so during this period the site grew and grew and grew with data both useful and obscure. 🙂

Eventually, the Access/ODBC data route became a PITA and using PHPMaker I was able to construct a Web-based interface to the MySQL database and drop the Access database entirely. That actually made it easier to maintain the site as I could do that from any computer, anywhere.

On the Ides of March (literally) in 2007 Microsoft dropped the hammer. Not wanting to sacrifice the number of eyeballs going to FILExt they broke the direct link to the site and redirected them to their store and search engine. But, by then, enough people knew of FILExt so that while traffic dropped drastically there were still enough people coming to the site to warrant keeping it up to date and adding even more data to the listings (e.g., Marco’s TrID data, Tony’s MIME data, and other things).

But, doing all this and keeping the submissions and data up to date was starting to take its toll on me. I’ll admit to being at an age where I could take full Social Security if I wanted and am helping my Mother (who will celebrate a centennial in a year) as well. I did not want to be tied to the computer all day and night which FILExt in its then-current form demanded. About that time, one of my major advertisers (Uniblue) had an executive touring the U.S. and he stopped by to say “hello” on his tour. After a very nice visit, as he was leaving, he mentioned that if I ever wanted to divest FILExt to let him know.

Given the situation, it was a short time after that I contacted him and we negotiated a transfer of FILExt from me to Uniblue. Only recently have they redesigned the site and put their name on it so I am now released from my non-disclosure agreement and can say that Uniblue is the new owner of FILExt and is fully responsible for it.

Their recent redesign has emphasized their products (as one would expect) but all the information in the FILExt database is still displayed in response to queries. Loyal users may have to look around a bit to find it but the data is there and Uniblue has assured me that they will keep up with data collection and maintenance — indeed, they have several people on the task instead of just me so the data should be better over time.

As for me, I’ll be working on CKnow.com and my personal site TomsDomain.comWeb Link and MissionTour.orgWeb Link (a tour of the California mission system I’ve been making) with the occasional post to what is really a test site: e-olio.comWeb Link. But, I will not be trying to build any of these sites into a blockbuster that’s going to consume all of my time and energy. There’s just too many more things I want to do with my days.

Thank you to the loyal users who have written to ask. Don’t give up on FILExt, the information is still there even if you have to look a bit harder. And, don’t fault Uniblue for changing the site design. After all, they have to sell their products which IMHO are very good.

[Comments from original 11/1/2009 post]

Some dude
Said this on 2009-11-17 At 09:14 pm
Wow. I would have never thought that filext.com would be the work of few people. It was such a great site. I do realize I am speaking in the past. Gotta love vintage. Thanks.

rupert pupkin
Said this on 2009-12-04 At 06:18 pm
a pretty interesting history/explanation about an indispensable resource i’ve used for almost a decade. thanks for all the good work and congrats on the sale … although if you broke it down i bet your hourly recompense was a joke. the silent thanks of millions will have to fill the gap.

since you’ve still got some parental tie to FILExt i wonder if you’d answer a question: for a little over a month one of my anti-virus programs has been going absolutely bonkers over the app that i presume you built way back when, “default-to-filext.exe.” i know it’s just a registry entry, but as soon as i begin downloading or installing it (it’s part of my standard installation so i install it a lot) Avira Antivir Desktop Personal edition lights up warning of the following trojan:
a network scan w/AVG Free doesn’t set off any alarms, but Avira has detected things AVG has missed before so i’m a little concerned. and this warning is very persistent – adding the EXE to the exclusions has no effect. i coudn’t find anything about it anywhere including the FILExt/Uniblue forums. just wondered what your thoughs are.

again, gracias for FILExt.

Said this on 2009-12-04 At 06:34 pm
In reply to #2
Thank you for the kind words (and a nod to the silent millions too :-)).

That’s the first report I’ve seen about that app causing a false alarm (and it is a false alarm if you got it from the FILExt site!) with any AV software. And, Uniblue has not mentioned they’ve gotten any to me either. I can only speculate as I no longer have the code for the app having sold everything to them. The program writes out some text files which include BAT (batch) files and REG (registry) files and then runs the main batch file. Kind of a kludge actually but I lay no claim to being a programmer and letting Windows do the job seemed like the best way to handle things. I’d do two things…

1) Contact the AV company and let them know you have encountered a false alarm. Send them a copy of the file and have them confirm it. I suspect that a signature in the EXE file is triggering the alert. Actually, this false alarm situation is fairly common among developers; the public often never hears about it as the AV people try to be responsive to such complaints.

2) Go to the directory where the application is writing the BAT and REG files and copy them. When installing you can then run the batch file directly instead of the EXE file. That should satisfy the AV programs (although if you have a registry monitor it might tell you something is trying to change the registry and ask you to approve it). Or, for that matter, just get the REG files and run them directly. Under Vista (and likely Win7) that directory should be: users\[username]\appdata\local\temp\htmlapp\.

Hope that helps.

rupert pupkin
Said this on 2009-12-04 At 09:42 pm
In reply to #3
it does help.

i figured next time i’d extract it w/7-zip & run the BAT, so we’re on the same page. i reported the false positive to Avira a while back but since i’m using the freebie i figured maybe such feedback goes to the back of the bus, so to speak. regardless, nothing has changed w/Avira and that was at least 6 weeks ago. and i (cautiously) reiterate – i think highly of the free version of Avira Antivir. but i agree it’s looking very false positive-y.

but sine i came across your blog post i though i’d ask if maybe the original file you authored had been altered. thanks for responding.

Said this on 2010-03-03 At 01:32 am
I go away for a few months and come back to a totally redesigned and completely useless site. When I first found filext.com I thought it was the best site out there for finding out the definition of file extensions and getting links to software that would help me open the file. Now it seems that Uniblue has drastically changed the purpose of the original website.

Sure it gives me a tiny amount of information about the file extension but it doesn’t seem to tell me what kind of software I need to open the file. All it seems to care about is getting me to download this registry checker. For example:

I was recently looking for the definition of .CBR, which I know know stands for Comic Book Reader, but the first thing that Filext tells me is this – “Errors in your registry are one of the common causes for incorrect file associations on your windows system. It is highly recommended that you check your registry for file association errors (will also check for any other registry errors).”

This is a direct quote off the CBR page. The phrase “check your registry” is highlighted, underlined and linked to secondary website.The information I need about what type of programs that I need to open CBR files is summed up in one line and there are no links to the software.

I really wish Uniblue would go back to the old site format that was being used. It was user friendly and great for people just starting to expand their knowledge base. I’ve moved on from using Filext to using Fileinfo.com. It’s not as expansive as the original filext site was but it provides useful information and links for finding usable software.

Said this on 2010-03-03 At 11:04 am
In reply to #5
Thanks for the kind words about FILExt under my control. While it’s true that Uniblue has changed the format to favor their products, the original information is all there; you just have to look a bit harder for the links that open the page up a bit to show it.

My main comment would not be about the format but about how the updating has seemed to slow to a crawl at best. But, it’s not my site any longer so…

registry checker
Said this on 2010-05-25 At 04:58 am
This is some good information on FILExt control. I think the format will begin to crawl correctly in time.

Said this on 2010-07-01 At 11:14 pm
Didn’t know about FILExt’s history, interesting story, many many thanks for building up such a useful resource and all the best for your future endeavors, take care.

Malware and Child Porn

Do you use non-secure file sharing? Do you look for sites where you can find ways of playing games without paying for them? Download and use software cracks? Any other such activities?

Beware if you do. Some computers used in such ways but not used to browse for or view child porn end up with child porn on them never-the-less. And, users in that situation sometimes don’t find out until the local law comes knocking at the door.

Fighting such cases requires much technical help from a computer forensics expert and the legal bills can come to tens to hundreds of thousands of dollars because the presumption of guilt is strong in such cases. After all, the files were actually found on your computer and the excuse “a virus made me do it” just doesn’t fly with most district attorneys — everybody trys to use it after all. In a newspaper article, a federal prosecutor in Wyoming is quoted as saying this is the “SODDI defense” (Some Other Dude Did It). But, like paranoia, just because you feel people are out to get you doesn’t mean there are not people out to get you.

So, how does it happen? Mostly by encountering malware that opens file sharing on the computer. This allows the malware and even other users to use your computer to store their files. This makes it harder for the law to find them but easier for the law to find you as the source of the material.

A good forensics expert might be able to figure out if storage of the material was your doing or the doing of some malware. For example, in one case, the expert found that material was being downloaded from up to 40 sites within such a small time window it would have been impossible for a human to have done so. In other cases proof existed that the user was either not using the computer at the time of download or was busy with other tasks and could not have done the downloads. But, such proof is not always available and lacking such even if you did not download the material makes it look like you did.

Such activity is a minor part of the malware scene right now as there is no present way to monetize it (the ultimate goal of malware these days it seems). But, give it time.

Keep your defenses up and stop trying to skirt the law with downloads and the like.

[Comments from the original 11/14/2009 posting]

Comment: YES, I found out the hard way,as I got a virus that wiped my hard drive once, luckily I had everything backed up, and now I use Utorrent( and only for legal file sharing) which has a built in virus scan, and I use AVAST to scan everything a second time, but I doubt virus scans would find this stuff, so is there some other way to detect those files and get rid of them?
Answer: Probably the best way would be to make a catalog of the files on the disk and then periodically make new catalogs and compare to see what’s new. See “Cathy” as one such alternative…
The main problem is that the files could have any name in any location and the name may say nothing about the contents. So, basically, you are looking for things that change in a non-temporary directory. When those are found they can be examined with file viewer software to see what the contents might be if they look anything suspicious.

Comment: I’m currently trying to get my 23 year old son out of jail because of this. 10 images were found on his computer that he didn’t know about. To top things off the officials in Florida are trying to justify paying for a new Federal Court House and they’ve charged him with federal crimes. His attorney wants to just “cut” a deal because federal prosecutors have 90% conviction rates. But he’s innocent and we are fighting hard to find someone in the legal system in Florida that is computer savvy enough to help. It was all because of p2p usage. Some experts theorize that the music industry is behind some of the trojan horses responsible for the child porn as payback for the music sharing.
Answers: Which game was your son trying to download? We also live in Florida, and agree with you wholeheartedly that the Law Enforcement Agencies are not as tech savvy as they need to be. Good luck to you and your son. If you are in Broward or a nearby county, try calling this atty. [Link removed – 404]

Helpful? Hardly!

[Originally published 11/18/2009] The AARP has published an interesting article about a new scam. It’s yet another social engineering scheme designed to get you to give personal information to another person and/or allow them access to your computer from which they can then get any personal information stored there.

In short, the scheme usually has someone from a “support” department or company call you and tell you your security software has detected a virus and that you need to either go to a website or give them information that will allow them to access your computer to fix the problem. Either course of action will put your data at risk as the website would have a program that allows access to your computer and the information you may give can also allow this access.

Don’t fall for it. Any anti-virus or anti-malware software will put up a notice on the screen instead of initiating a call from the company. There is no way a company can have as many support people as would be needed to respond personally to every malware infection attempt.

So, watch out if…

  • A warning comes via phone.
  • A caller attempts to sell you a support contract via a cold call (a call to you that you did not solicit).

And, in a variation, if you hear a ringing tone when you answer a call hang up immediately as this can be a sign of a call-back system in operation and you just might find yourself with an international long distance call on your phone bill if you let someone answer that ring. In this variation they hit you twice: once for the call and once to scam you into giving them access to your system to further rip you off.

Beware Spambots

Hi spambots! By visiting this page and harvesting the links on it you will next be visiting a honeypot page where you will havest an E-mail address that when you send spam to will uniquely identify your IP address and track you down. So, be warned.

OK, what’s that all about? Project Honey PotWeb Link is a community-based distributed system for identifying spammers and the spambots they use to scrape addresses from websites. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. So, when a spambot (or even a person for that matter) visits the honeypot page on your website and harvests the E-mail address posted there and then sends spam to that address, that bot or person doing the harvesting can be uniquely identified by IP address linked to that E-mail address.

And, this address changes each time the page is viewed by a person or bot.

If you have a website you might want to consider joining the fight. You need to be able to post a script page to your site (e.g., have a server running PHP or other scripting language and be able to post an active script page to the site) in order to set up a honeypot. But, even if you don’t you can help by posting a specific link they will give you to your page(s). There are other ways you can help but one of these two is a great way to start.

When you sign up (free) you will be asked to provide some basic information (e.g., name, E-mail address, website domain, script language) and are then presented with a download that contains further instructions in a readme text file along with the actual script page you need to put on your site. When done uploading that to where you want it you go to that specific address in your browser and the script will then direct you further to activate your honeypot. After that, they give you sample links to put on your site’s page(s). These links are of a form not generally seen by users visiting your site but easily found by spambots.

If you really want to see an example use your browser to view the source code of the page you are viewing. At the bottom of the page, just before the Google Analytics script, you will see a link to the page “palatialcoach.php.” If you then put that URL into your browser (it’s OK, it’s safe!) you will see the actual page the spambots are directed to to harvest addresses from. You may or may not see a link on the page but if you view the source of that page you will find one that can be easily harvested. When mail is sent to that address the IP address of the scraper can be identified and, if appropriate, legal action taken against that address for aiding spamming.

So, do your part and install a honeypot on your website. Join the community to fight spam.

[Originally posted 12/16/2009. In comments back then Steve wrote: “I like the honeypot idea, but if people are going to put their email addresses on their website, they still need to protect them from the spambots! I learned the hard way long ago what happens when spambots harvest your email address (you finally close that email address because you get too much spam, and if you filter it, important messages get discarded)…

“Anyway, I wrote an article back in 2004 about the problem and also put a free unicode-encoder program on my website. You can use it to ‘encode’ your email address to protect it from ‘most’ spambots… You can check it out here:


Thanks for a very important article! Death to the spambots! Steve]

Haiti Relief – Good and Bad

[Originally posted 1/14/2010]

The earthquake in Haiti is a tragedy. Sadly, tragedies tend to result in an upturn in malware and social engineering directed toward the tragedy.

The Bad

The social engineering schemes that have arisen in just a couple of days are many. The worst are those that use SEO techniques to rise to the top of Google and other searches and then, when you visit the site, install malware on your system and use that to try to get money from you that has nothing to do with Haiti.

F-Secure has a blog entryWeb Link that describes this in detail.

You can bet that this will only increase as the tragedy stays at the top of the news.

The Good

OK, so who can you donate to? There are many organizations so pick the organization you trust and then navigate directly to their website. If a link takes you anywhere that asks for a scan or other such thing immediately leave that site. None of the national charities will do that.

Don’t know who to pick? I can suggest one that I trust and personally know about: Direct Relief InternationalWeb Link. What makes them so special? Several things:

  • 100% of all donations go to charitable work. A bequest for the purpose of setting up a fund to pay all of their administrative expenses was given to them so everything you give is used for medical supplies going directly to people who need them.
  • Unlike some charities that distribute through governments, DRI has known agents in places of need and the supplies go directly to those agents for specific use in clinics and for the people. Nothing is skimmed off the top by a bureaucracy.
  • They leverage the money. For every dollar given, DRI, through their contacts at FedEx and other companies can provide up to $37 of supplies directly to those in need.
  • And, not that this is particularly important to anyone but me, I’ve been to their headquarters, seen what they do and how they do it, and can personally confirm they do what they say they do.

But, make up your own mind. Just do something. You’ll feel better for it.


Suspicious.Insight Symantec Rating Hurting Small Software Vendors

Symantec has implemented what they are calling “reputation-based securityWeb Link and it is causing smaller software vendors some trouble. The basis of this new twist in security is to trust programs that many people use and, by default, not trust any programs not widely used.

To quote Symantec:

This reputation-based technology leverages the anonymous software usage patterns of millions of Symantec users to automatically identify new threats.

When scanning a program that does not meet the Symantec criteria for “widely used” their software will flag the program as suspicious with the agent being “Suspicious.Insight.” Their own write-upWeb Link calls this so-called threat “Risk Level 1: Very Low” but, of course, just the fact that there is an alert at all will work to scare many people away from the software. Few will attempt to figure out why an alert is given at all.

So, how does this hurt vendors? Simple. If you are one of the thousands of smaller programmers selling your program via the sharewareWeb Link (or other similar) marketing methods then you can find yourself at odds with users of Symantec’s security programs when they flash this alert. You know your software is perfectly good and malware-free but because of the alert the users will now be suspicious. Basically, Symantec seems to be using an “assumed guilty until proven innocent” approach which as we all know from law is an approach that will cause the innocent to suffer greatly (think Salem witch trialsWeb Link).

Plus, by assuming new programs from the likes of any large vendor are good, Symantec may perhaps be fooled into not alerting on real problems. There are many instances in history of reputable vendors distributing malware on their distribution media. Large vendors are not immune from this. Indeed, it’s more likely that a larger vendor will distribute malware than a reputable smaller vendor as they have more steps to go through to release their software and the more hoops something has to jump through the better the chance of an error creeping into the process. Smaller vendors have their reputation to protect and so will take great pains to make certain that their software is free of malware or any other thing that can be flagged as nasty.

In short, just because someone sells software that is not as popular as Microsoft Word or one of the other larger programs does not mean they should have to suffer sales because of some arbitrary rating system imposed by a security vendor.

There are better ways to do security (think whitelistWeb Link and/or sandboxWeb Link as examples).

Also, see one small author’s thoughts on the subjectWeb Link.