Windows en Security Outfit Uncovers New Technique for Stealing Login Info from Windows PCs <!--paging_filter--><h3><img src="/files/u69/windows_logo.jpg" alt="Windows Logo" title="Windows Logo" width="228" height="198" style="float: right;" />'Redirect to SMB' affects all versions of Windows, including Windows 10</h3> <p>While in the process of hunting for ways to abuse a chat client feature that provides image previews, <strong>security researchers at Cylance say they stumbled upon a new technique that hackers could use to pluck sensitive login credentials from any Windows PC, tablet, or server</strong>, even ones running previews of Windows 10. Even worse, software from over 30 companies like Adobe, Apple, Box, and others can be exploited with the vulnerability.</p> <p>Dubbed "<a href="" target="_blank">Redirect to SMB</a>," the vulnerability allows attackers to steal user credentials by hijacking communications with legitimate web servers by way of man-in-the-middle attacks. Users are then redirected to malicious SMB servers that extract the victim's username, domain, and hashed password.</p> <p>While the technique is somewhat new, it's taking advantage of an old flaw in Windows that was first discovered in 1997. Back then, Aaron Spangler found that supplying URLs beginning with the world "file" to Internet Explorer (like file:// cause the OS to try and authenticate with an SMB server at the IP address</p> <p>User credentials sent over SMB are typically encrypted, though Cylance claims it would only take about $3,000 worth of GPUs for an attacker to crack any eight-character password consisting of letters and numbers in less than half a day.</p> <p>Much ado about little? <a href="" target="_blank">Microsoft told <em>Reuters</em></a> in an emailed statement that "several factors would need to converge for a 'man-in-the-middle' cyberattack to occur." Furthermore, the company reminded that there are features baked into Windows like Extended Protection for Authentication that add protection against this sort of thing.</p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> Cylance redirect to SMB Security SPEAR vulnerability Windows News Mon, 13 Apr 2015 15:39:14 +0000 Paul Lilly 29727 at How to Remove Windows Malware for Free <!--paging_filter--><h3><img src="/files/u69/fix.jpg" alt="Fix" title="Fix" width="228" height="151" style="float: right;" />Return a bug-infested PC to pristine condition</h3> <p>Your smartphone begins to vibrate. Not the quick vibration that would indicate it's an incoming text message, but a longer one associated with a phone call. Yes, people still communicate via voice, and thanks to Caller ID, you know it's your parents on the other end. It's been a few weeks since you've heard from them and a funny feeling begins to fill the pit of your stomach. You know what's coming next.</p> <p>A plea for PC help. You listen intently as your folks describe hijacked web searches, a toolbar they don't recognize, and sluggish behavior. Oh, and there are pop-ups. Lots and lots of pop-ups. The list of ailments goes on like a kid reciting a Christmas list to Santa Clause. Only instead of toys and candy, it's rogue programs and malware. It's a good thing you installed TeamViewer because trying to fix the problem over the phone is a time-consuming process that always ends the same way—"I'll be over in the morning."</p> <p>Or maybe you didn't install TeamViewer and you really will be over in the morning. Either way, the task at hand is to rid a system of malware. Perhaps it's your own system, especially if you let little Billy and sweet little Suzy hop on for a spell. Whatever the case may be, don't panic. <strong>Removing malware, while seemingly daunting, isn't all that difficult. Like anything else, you just need the proper know-how and tools, both of which we'll provide here</strong>. Be sure to read the entire guide before embarking on your malware removal journey.</p> <h3>Scrub the Browser(s)</h3> <p>Toolbars, hijacked web searches, and pop-ups are often the result of malware, adware, and or other unwanted-ware that was either installed without permission, or sneaked in through a legitimate application through the fine print, usually when installing a free program. That Spongebob screensaver pack that little Billy installed from a site he can't remember? Yeah, we're guessing he mashed the "Okay" or "Next" button throughout the process, at one point agreeing to change your browser's settings. Cut him some slack, the kid still eats his boogers.</p> <p>Luckily, these are usually easy fixes. Here's what you need to do.</p> <p><span style="text-decoration: underline;"><strong>Internet Explorer</strong></span><br />Let's start with Internet Explorer. Click the <strong>Gear (Tools)</strong> icon in the upper-right corner and select <strong>Manage add-ons</strong>. On the left-hand side is a column of categories: Toolbars and Extensions, Search Providers, Accelerators, and Tracking Protection. It's the first three that are of interest, starting with Toolbars and Extensions.</p> <p>See anything you don't recognize? Maybe something like "DealBuddy" or some other descriptor that's a clear giveaway? Click it and select <strong>Remove</strong> or <strong>Disable</strong>. If it's an entry you don't recognize, look it up on Google or your search engine of choice. In most cases, however, unwanted entries will stick out like a pimple on prom night.</p> <p style="text-align: center;"><img src="/files/u69/ie_add-ons.jpg" alt="IE Manage Add Ons" title="IE Manage Add Ons" width="620" height="364" /></p> <p>The same goes for the Search Providers category. The only thing you should see is Bing unless you've added another search provider, like Google. We're making this up (we think), but let's say the default entry is "CouponPal." The option to remove is grayed out, but that's only because it's the default search option. Click on one of the other options—Bing, Google, Yahoo, etc.—and punch the <strong>Set as default button</strong>, then return to CouponPal and click <strong>Remove</strong>.</p> <p>Now let's rinse and repeate for the Accelerators category. Is there a rogue entry? Remove or disable it. When you're finished with all these, close out the Manage add-ons window. Return to the <strong>Gear (Tools)</strong> icon and select Internet <strong>Options</strong>. Navigate to the <strong>General</strong> tab if you're not already there and look at the Home page section. Oftentimes adware will replace the default homepage with its own entry, which will load each time you fire up IE. Highlight the hijacked entry and change it to whatever you want, like (c'mon, show us some love!) and click <strong>Apply</strong>. Now hit <strong>OK</strong>, close IE, and reload it. If you haven't missed anything, it should work as new again. And if not, you may have a deeper malware problem, which we'll get to in a moment.</p> <p><span style="text-decoration: underline;"><strong>Chrome</strong></span><br />The steps are similar in Chrome. To check if the default search engine's been changed, click the <strong>three horizontal lines (Chrome Menu)</strong> in the upper-right corner and select <strong>Settings</strong>. Under the Search heading, click <strong>Manage search engines</strong>. Hover your mouse over whichever one you want to be the default and click <strong>Make default</strong>. Next, hover over the rogue entry and click the X button on the right to remove it.</p> <p style="text-align: center;"><img src="/files/u69/chrome_extensions.jpg" alt="Chrome Extensions" title="Chrome Extensions" width="620" height="473" /></p> <p>Also in the Settings menu is an <strong>On startup</strong> heading with three options: Open the New Tab page, Continue where you left off, and Open a specific page or set of pages. If your homepage has been taken over, click the <strong>Set Pages</strong> hyperlink next to the Open a specific page or set of pages option. Go ahead and delete the rogue entry and/or enter whichever page you'd like to load at startup. Alternately, you can use one of the other options.</p> <p>Go back to the Chrome menu and select <strong>More Tools &gt; Extensions</strong>. Here is where you'll see a list of installed add-ons, like Adblock (which we hope you've disabled on Maximum PC—we've gotta eat!), Google Play Music, or whatever. See any entries that shouldn't be there? Click the trash icon to dispose of them.</p> <p>Remember to close Chrome and reload it.</p> <p><span style="text-decoration: underline;"><strong>Firefox</strong></span><br />In Firefox, click the <strong>three horizontal lines (Firefox Menu)</strong> and select <strong>Options</strong>. Under the <strong>Search</strong> tab, you'll see a pull-down menu with your default search option, and under that a list of search engines. Highlight any rogue entries and click <strong>Remove</strong>.</p> <p style="text-align: center;"><img src="/files/u69/firefox_options.jpg" alt="Firefox Options" title="Firefox Options" width="590" height="628" /></p> <p>Next, navigate to the <strong>General</strong> tab to make changes to your homepage. If it's been taken over, you'll most likely see the address here. Change it to whatever you want, or click the <strong>Restore to Default</strong> button.</p> <p>Firefox has long supported extensions and plugins. To access them, go back to the <strong>Firefox menu</strong> and select <strong>Add-ons</strong>. Remove any rogue extensions, or if you're unsure, click the disable button to see how it affects your browser. You can always come back and remove it.</p> <p>Following the above steps will help restore your browser(s) to the way it was operating before adware dug its claws in. However, it might not remove the root cause if there's a deeper malware infection. <a href=",1">Let's move on.</a></p> <hr /> <h3>Just Uninstall It</h3> <p>Not all malware is highly sophisticated. Many of them can be uninstalled just like any other program, so before you go any further, bring up the Control Panel and head over to Programs and Features. Scan the list for any signs of adware, toolbars, or anything else that's obviously unwanted software and simply uninstall it. Is your system back to normal? If so, then great, you got off easy! If not, blurt out a few curse words (you'll feel better) and then continue reading.</p> <h3>Fight Software with Software</h3> <p>One of our favorite and most reliable anti-malware programs is <a href="" target="_blank">Malwarebytes</a>. There's both a free and paid version, the latter of which adds proactive protection like real-time monitoring and conveniences like scheduled scanning. For removing existing malware, the free version is sufficient.</p> <p>What's neat about Malwarebytes is that it scans for a wide range of rogue software, like spyware, adware, some viruses, and even rootkits. Be advised that Malwarebytes isn't intended as a standalone antivirus program, but as a supplement. Or, in this case, as a cleanup tool.</p> <p style="text-align: center;"><img src="/files/u69/malwarebytes_0.jpg" alt="Malwarebytes" title="Malwarebytes" width="620" height="409" /></p> <p>The first thing you should do when running Malwarebytes is to update the database so that it can scan for the latest threats. Just click the <strong>Update Now</strong> now link and let it do its thing.</p> <p>See that big <strong>Scan Now</strong>&nbsp;button at the bottom? Don't click it just yet. First, click the <strong>Settings</strong> option and navigate to <strong>Detection and Protection</strong>. Even though Malwarebytes scans for rootkits, you first have to enable the option, and this is where you'll find it—check the <strong>Scan for rootkits</strong> box.</p> <p>Now, go to the Scan heading and select <strong>Threat Scan</strong>, which is the recommended option. This will run a comprehensive sweep of your system and could take a long time to finish. Find something else to do for a bit—ride a bike, catch up on some reading, make love, play a console game, grab some lunch, or anything else you can think of that's more fun than watching a system scan. When it's finished, audit the list of threats for any false positives and uncheck them, then click <strong>Remove Selected</strong>.</p> <h3>Solicit a Second (or Third) Opinion</h3> <p>As much as we like Malwarebytes, there's no single program out there capable of detecting and removing every piece of malicious software. For a machine that's in particularly bad shape, it pays to run multiple spyware sweeps. Which ones? There are several out there, and one that we still like is <a href="" target="_blank">Spybot Search and Destroy</a>.</p> <p style="text-align: center;"><img src="/files/u69/spybot.jpg" alt="Spybot" title="Spybot" width="620" height="451" /></p> <p>As with all of these programs, be sure to update the definitions database first—just click the <strong>Update</strong> icon. The first update can take a few minutes, even on a fast Internet connection, so be patient. Once it's finished, click <strong>System Scan</strong> and let it sweep your system for junk.</p> <p>As you can see, these programs are pretty self explanatory, so rather than walk you through each one, here's a list of software we recommend running on badly infected machines:</p> <ul> <li><a href="" target="_blank">Comodo Antimalware BOClean</a></li> <li><a href="" target="_blank">Hitman Pro</a></li> <li><a href="" target="_blank">AdwCleaner</a></li> <li><a href="" target="_blank">Kaspersky TDSSKiller</a> (rootkit removal tool)</li> </ul> <p>There are others out there, and if you have a favorite, feel free to add it to the list. Remember, it might not always be necessary to run several different programs, but for a machine that's in really rough shape, it doesn't hurt to blitz the opposition using multiple tools.</p> <h3>Better Safe Mode than Sorry</h3> <p>In some cases, you may not be able to run or even install the aforementioned malware removal software. Some of the more sophisticated malware will block them outright, and if that's the case, you should try booting into Safe Mode. The same is true if a piece of malware manages to reinstall itself after you've already removed it.</p> <p>To boot into Safe Mode, shut down your system, turn it back on, and start tapping the F8 key. Instead of booting into Windows, you should see an <strong>Advanced Boot Options</strong> menu. Select the <strong>Safe Mode with Networking</strong> option. This will load just the essential Windows drivers while also giving you Internet access so that you can download, install, and update anti-malware software.</p> <p style="text-align: center;"><img src="/files/u69/msconfig.jpg" alt="MSCONFIG" title="MSCONFIG" width="585" height="392" /></p> <p>If you're having trouble booting into Safe Mode, another way in there is to boot into Windows as you normally would. Click the <strong>Start menu</strong>, select <strong>Run</strong>, and type <strong>msconfig</strong>. Select the <strong>Boot tab</strong> and under the <strong>Boot options</strong> heading, check the <strong>Safe boot</strong> box. Mark the <strong>Network</strong> radio bubble and click Apply, then reboot your system.</p> <h3>Scan for Viruses</h3> <p>Microsoft's built-in Windows Defender in Windows 8.1 (separate download in prior versions) does a good job overall of detecting viruses, and if that's what you're rolling with, update the database and scan your system. Otherwise, do the same with whichever antivirus software you're using. If you're not using one, either enable Windows Defender or seek out a free AV such as <a href="" target="_blank">Avast</a>, <a href="" target="_blank">AVG</a>, <a href="" target="_blank">Avira</a>, <a href="" target="_blank">Bitdefender</a>, <a href="" target="_blank">Comodo</a>, or <a href="" target="_blank">Panda</a>, to name a few of the no-cost options. Be sure to install only one, as multiple AV programs can conflict with each other (though it's okay to run them with malware removal tools like Malwarebytes).</p> <h3>Bring Out the Big Guns</h3> <p>At this point, you've scanned for viruses, run multiple anti-malware programs, rooted out any rootkits, and cleaned up your browsers, yet your system is still acting up. That's bad news, but don't go throwing in the towel just yet. Instead, download <a href="" target="_blank">HijackThis</a>.</p> <p><span style="text-decoration: underline;"><strong>HijackThis</strong></span><br />HijackThis is a simple little utility that audits your registry, browser settings, and system services. It only takes a few seconds to run, however, it doesn't discern between good and malicious entries, so don't go deleting entries willy-nilly.</p> <p>There's no installation required here—just fire up HijackThis and select the top option so that it saves the results to a log file. In a few seconds, you'll see a long list of entries. Scroll through them and look for any obviously malicious entries. For example, if you know you've been infected by a particular piece of malware and you see references to it in the HijackThis results, check the box.</p> <p style="text-align: center;"><img src="/files/u69/hijackthis_0.jpg" alt="HiJackThis" title="HiJackThis" width="600" height="533" /></p> <p>Most of the entries will be safe, so be careful what you check. You could even break functionality of a legitimate program or cause other problems by checking certain entries. This is where the log comes in handy. When the scan finished, it should have populated a Notepad file with the results. Highlight the entire text and copy it to your clipboard.</p> <p>Now head to <a href="" target="_blank">I Am Not A Geek</a>, paste the contents in the box, and click Parse. Potentially malicious entries will be highlighted red, but before you click the check box in HijackThis, look up each one in Google so that you're sure of what you're removing.</p> <p>There are several other online analyzers, such as <a href="" target="_blank"> Security</a> and <a href="" target="_blank"></a>. Try using at least two, and if you still need help, solicit advice from a forum such as <a href="" target="_blank"><em>Bleeping Computer</em></a>.</p> <p><span style="text-decoration: underline;"><strong>ComboFix</strong></span><br />As a last resort before wiping your system clean and starting anew, there's <a href="" target="_blank">ComboFix</a>, an aggressive program that hunts for persistent infections and attempts to remove them. It was developed by the folks at <em>Bleeping Computer</em> and they recommend not running it unless specifically requested, so keep that in mind. It's also worth noting that ComboFix doesn't yet work in Windows 8.1 or Windows 2000, though it does run in Windows 8, 7, Vista, and XP.</p> <p style="text-align: center;"><img src="/files/u69/combofix.jpg" alt="ComboFix" title="ComboFix" width="600" height="263" /></p> <p style="text-align: left;">If it's finally come to this, follow the instructions in <a href="" target="_blank"><em>Bleeping Computer's</em> guide</a> and when it's finished running, see if your system is back to normal. Should problems remain, post a copy of the log ComboFix generated into the forum thread where it was recommended that you run it.</p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> delete features free guide how to remove malware Security Software Uninstall virus Windows Features Mon, 06 Apr 2015 20:25:46 +0000 Paul Lilly 29654 at Intel's PC-on-a-stick Device to be Available on April 24, 2015 <!--paging_filter--><h3><img src="" alt="Intel Compute Stick" title="Intel Compute Stick" width="228" height="175" style="float: right;" />E-tailers begin taking pre-orders for the Intel Compute Stick</h3> <p>ARM had the whole PC-on-a-stick market to itself not that long ago, but that changed in October when a Chinese company began selling what was an otherwise ordinary looking HDMI dongle, save for one glaring oddity: the iconic "Intel Inside" logo. Soon Intel itself joined in the fun, announcing the <strong>Bay Trail-powered Compute Stick</strong> at this year's Consumer Electronics Show in January. That device now has a release date.</p> <p>It is <a href="" target="_blank">up for pre-order from Newegg and Amazon</a> — and possibly a few other e-tailers — with the former listing the release date as April 24, 2015. However, the vendor selling it on Amazon won't have it in stock until May 5.</p> <p>The palm-sized device will be available in both Windows and Linux flavors, both of which will come with an Intel Atom Z3735F processor (Core M version in the cards), HDMI output, full-size USB 2.0 port, microSD card reader, microUSB port (for power), Wi-Fi 802.11b/g/n, and Bluetooth 4.0. </p> <p>Back in January we were told that the <a href="" target="_blank">$149 Windows 8.1 with Bing-running model would ship with 2GB of RAM and 32GB inbuilt storage</a>, while its Ubuntu-running brother would be limited to half that memory and storage. The <a href=";DEPA=0&amp;Order=BESTMATCH&amp;Description=intel+ultra-slim+PC+Compute+Stick+Intel+Atom+&amp;N=-1&amp;isNodeId=1">Newegg listings</a>, however, show the same amount of RAM and Flash storage for both variants. This is in all likelihood an error because the specs listed on other sites are in line with the original announcement.</p> <p><em>Follow Pulkit on <a href="" target="_blank">Google+</a></em></p> compute stick intel pc-on-a-stick ubuntu Windows News Mon, 06 Apr 2015 05:59:03 +0000 Pulkit Chandna 29690 at How To Set Up RAID 1 For Windows and Linux <!--paging_filter--><h3>Upgrade your data resiliency with RAID 1</h3> <p>The sound of a dying hard drive can be terrifying. It means a headache, downtime, and replacement costs in the best case. In the worst case, it means sending the drive to a data rescue lab. Using a redundant array of independent disks with mirroring (RAID 1), you can make a drive failure less of a nightmare.</p> <p style="text-align: center;"><img src="/files/u200840/raid1_hero0.png" alt="RAID 1 UEFI menu" title="RAID 1 UEFI menu" width="600" height="451" /></p> <p>RAID 1 is one of several RAID "levels," and is the polar opposite of <a href="" target="_blank">it’s speedier cousin, RAID 0</a>. Where RAID 0 stripes data across drives to attain higher read and write performance, RAID 1 writes the same data across all the drives in the array. Using RAID 1, the chances of losing data to a drive failure is one divided by the number of drives in the array. In comparison, those chances are multiplied in RAID 0.</p> <p>If you’re thinking that RAID 1 is a lazy man’s backup, think again. RAID 1 is not a backup, and is never, ever a replacement for a good backup. Always remember that RAID 1 is a hedge against hardware failures, not malware or corrupted data. If you get a virus on one drive in a RAID 1 array, every drive in the array will have the virus written to it. A proper backup keeps data safe from the system.&nbsp;</p> <p>With all that doom and gloom about RAID 1 not being a backup, you’re probably asking, "Why even bother with RAID 1?" The answer is pretty simple: If one drive in your RAID 1 array dies, the array will happily keep functioning, using one of the other drives for read and write operations. The failure will be nearly invisible to the user, as the RAID software should make the switch automatically. That's a big safety net for systems that simply cannot have downtime due to hardware failures.</p> <h3>Prepare your hardware</h3> <p>Just as with RAID 0, it’s ideal to use identical drives in a RAID 1 array. If one drive is a different make, model, or isn’t in mint condition, the array will only write as fast as the slowest drive. If a file is successfully written to a faster drive, the system will wait for the write to the slower drive to catch up.</p> <p>In addition to using identical drives, be sure to use the same interface for the drive. If two drives in your array are using SATA 6Gb/s and the third is using SATA 3Gb/s, the array will throttle back to 3Gb/s.</p> <p>It’s also a good idea to make sure all of the drives in your array are using the latest firmware. This can be especially important when using SSDs.</p> <p>If you’re going to use FakeRAID, make sure your motherboard supports it. Most recent motherboards do, but if you’re building a server out of an old machine, this is something you should check.</p> <p>Finally, if you're going to be using a disk that has data on it in a RAID array, back up that data before you begin.</p> <h3>Windows: Storage Spaces</h3> <p>Creating a RAID 1 array in Windows is pretty simple, the trick is finding out what the utility is called. Microsoft opted for the name "Storage Spaces" instead of RAID, but the function is essentially the same.</p> <p>To start, hit Win+S and search for "Storage spaces" and launch the utility. Next, click&nbsp;<strong>create a new pool and storage space</strong>. You’ll be prompted for administrator access. Click <strong>Yes</strong> to continue.</p> <p style="text-align: center;"><img src="/files/u200840/raid1_storage-spaces.png" alt="Windows 8 create new pool and storage space" title="Windows 8 create new pool and storage space" width="620" height="465" /></p> <p style="text-align: center;"><strong>Windows 8's built-in RAID utilities are referred to as "Storage Spaces."</strong></p> <p>You’ll be greeted by a windows showing all the unformatted disks that can be used. Select all the disks you want in the array and click <strong>Create pool</strong>.</p> <p style="text-align: center;"><img src="/files/u200840/raid1_storage-pool-drives.png" alt="Windows 8 storage spaces: select drives" title="Windows 8 storage spaces: select drives" width="620" height="465" /></p> <p style="text-align: center;"><strong>Storage Spaces will allow you to create a pool with any unformatted drives attached to the system.</strong></p> <p>Next, give the pool a name and drive letter. The name will appear as the drive label. Select NTFS as the filesystem. For Resiliency type, select <strong>Two-way mirror</strong>. This is the equivalent to RAID 1. When you’re ready, click <strong>Create storage space</strong>&nbsp;to create the array.</p> <p style="text-align: center;"><img src="/files/u200840/raid1_create-storage-space.png" alt="Windows 8 Storage Spaces create space" title="Windows 8 Storage Spaces create space" width="620" height="620" /></p> <p style="text-align: center;"><strong>For RAID 1 functionality in Storage Spaces, select "Two-way mirror."</strong></p> <p>If you want to remove a RAID array for any reason, simply click <strong>Delete</strong>&nbsp;next to the storage space you want to remove. To remove the pool, remove all of the storage spaces in it first.</p> <p>Next, we're going to cover <a href=",1">setting up RAID 1 in Linux, and using your motherboard's onboard FakeRAID</a>.</p> <p>&nbsp;</p> <h3> <hr /></h3> <h3>Linux: mdadm and Disks</h3> <p>Creating a software RAID 1 array in Linux takes all of two terminal commands. In Linux, the program <span style="font-family: arial, helvetica, sans-serif;"><em>mdadm </em></span>(we like to pronounce it "madam"), is what we’ll use to set up the array.</p> <p>First things first: You need to get the RAID software. You’ll need to download and install <span style="font-family: arial, helvetica, sans-serif;"><em>mdadm</em></span> from your software repository. It’s pretty common, and is included in most software repos. In Ubuntu, type the following command:</p> <p><span style="font-family: 'courier new', courier;">sudo apt-get install mdadm</span></p> <p style="text-align: center;"><img src="/files/u200840/raid1_install-mdadm.png" alt="Installing mdadm and Postfix in Ubuntu" title="Installing mdadm and Postfix in Ubuntu" width="620" height="397" /></p> <p style="text-align: center;"><strong>Unless you're planning on running an email server, don't worry about installing all of the extras for Postfix.</strong></p> <p>The command will install <span style="font-family: arial, helvetica, sans-serif;"><em>mdadm</em></span> for you, along with a dependency called Postfix. Postfix is a SMTP service that sends email. Postfix is included so that if a drive fails or something else happens to your array, the system can alert you with an email. That’s great for IT administrators, but Postfix can be a bit of a bear to set up, so you can just set the program to use no configuration if you like.</p> <p>Once <span style="font-family: arial, helvetica, sans-serif;"><em>mdadm</em></span> is all set up, all you need to do is use the following command:</p> <p><span style="font-family: 'courier new', courier;">sudo mdadm --create /dev/md<em>X</em> --level=1 --raid-devices=[<em>number of drives</em>] [<em>drive name</em>] [<em>drive name</em>] [<em>etc</em>]</span></p> <p>The above command will vary based on the size of your array, and how you’d like to name it. RAID devices are generally named <em>/dev/mdX</em> where <em>X</em> is the index of the array. If you only have one array, it's a good idea to use <span style="font-family: 'courier new', courier;"><em>0</em></span> or <em><span style="font-family: 'courier new', courier;">1</span></em>. Drive names can be any valid Linux device path. Common examples use <strong>/dev/sda</strong> or&nbsp;<strong>/dev/disk/by-uuid/[UUID]</strong>. Once you create your array, you’ll have to wait while the drives synchronize, which may take several minutes.</p> <p style="text-align: center;"><img src="/files/u200840/raid1_gnome-disk-utility.png" alt="GNOME Disk Utility with RAID" title="GNOME Disk Utility with RAID" width="620" height="468" /></p> <p style="text-align: center;"><strong>GNOME's Disks application (gnome-disk-utility) will display information about your RIAD array once it's created.</strong></p> <p>If you’re not sure how Linux has identified your drives, you can use <span style="font-family: arial, helvetica, sans-serif;"><em>lsblk</em></span> to identify them:</p> <p><span style="font-family: 'courier new', courier;">lsblk -o name,model,mountpoint,size</span></p> <p style="text-align: center;"><img src="/files/u200840/raid1_lsblk.png" alt="Ubuntu lsblk" title="Ubuntu lsblk" width="620" height="397" /></p> <p style="text-align: center;"><strong>The command <em>lsblk</em> will show you the drives and storage devices you have connected to your system, and what device names Linux has assigned to them. The drives we used for our RAID array are outlined in red.</strong></p> <p>You can also create RAID arrays in Linux using the GNOME disk utility. In Ubuntu, search for "Disks" and open the utility. On the left side of the window, click the checkbox above the list of drives. Then, select the drives you want to use to create an array and click <strong>Create RAID</strong>.</p> <p style="text-align: center;"><img src="/files/u200840/raid1_gnome-disk-utility-create-raid.png" alt="GNOME Disk Utility create RAID" title="GNOME Disk Utility create RAID" width="620" height="468" /></p> <p style="text-align: center;"><strong>While it's faster to create a RAID array from the terminal, you can create RAID arrays from GNOME's Disks application as well.</strong></p> <p>Software RAID 1 offers an advantage to Linux users who set up an array with <em>mdadm</em>: If you read more than one file at once, each drive can fetch a separate file, giving a net boost to read operations. The caveat is that this boost will only really show up in multi-threaded applications like web servers, and won’t apply to most desktop use cases. Still, it’s a nice perk for Linux users.</p> <h3>Using onboard FakeRAID</h3> <p>Onboard FakeRAID is harder to set up, but is your only real choice if you want your RAID array to be accessible to both Windows and Linux. You can also install an OS on top of a FakeRAID array. However, if you're only planning on using the RAID array from one OS, you're better off using the OS-based software solutions described above.</p> <p>Once your drives are physically installed, boot into your BIOS by tapping the key prompted on startup. The message will say "Press DEL to enter Setup…" or something similar.&nbsp;</p> <p>Once you’re in your BIOS, look for an option called "SATA mode." This option is in different places for each motherboard manufacturer, so refer to your user manual if you can’t find it. Once you’ve found the setting, change the setting from AHCI to RAID. This will let your onboard RAID software know that there are possible RAID devices to be started. When you’re done, save and reboot.</p> <p>If you're trying to enable FakeRAID with Windows already installed, Windows won't like that the SATA mode has changed. The OS will get grumpy and prompt you to reinstall Windows. You can, however, get around Windows' termpermental nature with a few steps. If you already changed the mode from AHCI to RAID and got the error, boot into the BIOS and change it back to AHCI. From inside Windows, open a command line using cmd and type in the following:</p> <p><span style="font-family: 'courier new', courier;">bcdedit /set {current} safeboot minimal</span></p> <p>Then, reboot back into the BIOS and make the change. Once you've booted back into Windows, open up a command line again and type the following:</p> <p><span style="font-family: 'courier new', courier;">bcdedit /deletevalue {current} safeboot</span></p> <p>Reboot once again, and Windows should be satiated.&nbsp;</p> <p style="text-align: center;"><img src="/files/u200840/raid1_uefi-bios-sata-mode.png" alt="UEFI BIOS SATA mode" title="UEFI BIOS SATA mode" width="620" height="465" /></p> <p style="text-align: center;"><strong>In your BIOS, change the SATA mode from AHCI to RAID. Every BIOS is different, so the option may not appear as it does here.</strong></p> <p>On the next boot, you have to get into the RAID software to set up your arrays. If you have an Intel RAID controller, you should be prompted to hit CTRL+I to start the Intel Rapid Storage Technology (RST) RAID software. The software varies by vendor, so consult your motherboard manual on entering the RAID utility.</p> <p>In Intel’s RST menu, you should see some options and a list of hard drives on your system. Select "Create RAID Volume."&nbsp;</p> <p style="text-align: center;"><img src="/files/u200840/raid0_intel-rst-noraid.jpg" alt="Intel RST without RAID drives" title="Intel RST without RAID drives" /></p> <p style="text-align: center;"><strong>When you first start Intel RST, you disks will all be Non-RAID Disks.</strong></p> <p>On the next screen, give the RAID array a name and hit Enter. In the next field, use the up and down arrow keys to select the RAID level labeled "RAID 1 (Mirror)"&nbsp;and hit Enter again.</p> <p style="text-align: center;"><img src="/files/u200840/raid0_intel-rst-create-raid1.jpg" alt="Intel RST set up RAID" title="Intel RST set up RAID" width="620" height="390" /></p> <p style="text-align: center;"><strong>When creating your array, select "RAID1 (Mirror)."</strong></p> <p>Hit Enter again to create the volume. Confirm that you’re OK with wiping everything off the disks in your array by typing <span style="font-family: 'courier new', courier;">Y</span>.</p> <p>Back on the home screen, you'll see a RAID volume, with the status of the disks used in the array changed from "Non-RAID disk" to "Member Disk." Use the down arrow to select Exit to save and exit the software.</p> <p style="text-align: center;"><img src="/files/u200840/raid0_intel-rst-withraid.jpg" alt="Intel RST with raid array" title="Intel RST with raid array" width="620" height="393" /></p> <p style="text-align: center;"><strong>After creating your array, you'll see the array name and the disks listed as "Member."</strong></p> <p>On the next boot, your FakeRAID array will appear as a single disk to the operating system. Additionally, RST will display the status of your RAID disks during the boot process, before the operating system loads.</p> <p>While RAID 1 isn’t a replacement for a backup, it is an excellent addition to any data resilience strategy.</p> HDD linux maximum pc RAID RAID 1 ssd Windows Features How-Tos Wed, 01 Apr 2015 22:14:32 +0000 Alex Campbell 29679 at Microsoft Will Upgrade Non-Genuine Windows PCs to Windows 10 for Free <!--paging_filter--><h3><img src="/files/u69/windows_10_2.jpg" alt="Windows 10" title="Windows 10" width="228" height="171" style="float: right;" />Yo ho, yo ho, a pirate's life for me!</h3> <p>Software piracy has been the bane of Microsoft's existence ever since the first copy of Windows was pirated. Since then, it's been a cat and mouse game between Microsoft and software pirates, but when it comes to Windows 10, it looks like Microsoft is willing to call a truce. More specifically, <strong>reports have emerged that Windows 10 will be offered as a free upgrade to all Windows users, even those running non-genuine copies</strong>.</p> <p>The initial report comes from <a href="" target="_blank"><em>Reuters</em></a>, which spoke with Terry Myerson, Microsoft's Executive Vice President of Operating Systems.</p> <p>"We are upgrading all qualified PCs, genuine and non-genuine, to Windows 10," Myerson said, adding that the plans is to "re-engage" with the hundreds of millions of Windows users in China.</p> <p>Windows piracy runs rampant in China, and to deal with the problem, Microsoft is extending an olive branch, so to speak. It will dole out Windows 10 through security outfit Qihoo 360 Technology and Tencent Holdings, China's most popular social networking company with more than 800 million users.</p> <p>The article doesn't mention whether the free upgrade for Windows pirates only applies to users in China or if it will also be valid for users in the U.S. and other parts of the world. Other reports make it sound like it's a global thing, including <a href="" target="_blank"><em>The Verge</em></a>, which was told by a Microsoft spokesperson that "anyone with a qualified device can upgrade to Windows 10, including those with pirated copies of Windows."</p> <p>I dropped a line to Microsoft asking for clarification and will post an update when I hear back.</p> <p><iframe src="" width="620" height="349" frameborder="0"></iframe></p> <h3>Update</h3> <p>A Microsoft spokesperson provided <em>Maximum PC</em> with the following the statement:</p> <p style="padding-left: 30px;">"We are excited to launch Windows 10 this summer. Anyone with a qualified device can upgrade to Window 10, including those with pirated copies of Windows. We believe customers over time will realize the value of properly licensing Windows and we will make it easy for them to move to legitimate copies."</p> <p>It's the same statement that's been floating around the web, however <strong>we were also able to confirm with Microsoft that aforementioned upgrade policy for non-genuine copies of Windows to Windows 10 at no cost is indeed worldwide, not just for China</strong>.</p> <p>This is an interesting turn of events, especially for anyone building a PC now. With Windows 10 right around the corner, and confirmed to be a free upgrade for both genuine and pirated copies of Windows, some may find it tough to pull the trigger on a paid version. I'm not condoning piracy by any means, just pointing out the obvious dilemma.</p> <p>In any event, this is a big deal and more than just an olive branch, it's the entire olive tree Microsoft is extending. If this doesn't buy the company some good will, I'm not sure what will.</p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> china microsoft operating system OS piracy Software Terry Myerson Windows windows 10 News Wed, 18 Mar 2015 16:35:02 +0000 Paul Lilly 29607 at Chrome 42 Beta Includes Push Notifications <!--paging_filter--><h3><img src="" alt="Push Notification on Chrome" title="Push Notification on Chrome" width="228" height="92" style="float: right;" />Also new is the the option to automatically pause plugin content</h3> <p>Each browser update usually contains no more than two or three noteworthy new features in this rapid-release-cycle era, and Chrome 42 is no exception. It <strong>entered beta a few days back with a couple of notable features</strong> — well, at least on the desktop front.</p> <p>The one feature that stands out from the rest of the changelog is the addition of <a href="" target="_blank">smartphone-style push notifications</a>, which provide web app developers with a way to apprise users of content updates and other changes in real time. But, of course, before they can do any of that they must secure the user’s permission to do so.&nbsp; And should the alerts turn out to be far too frequent and/or trivial, such permission can be revoked at a later time from within the “Site Settings” option that accompanies every alert.</p> <p>Another new feature is a <a href="" target="_blank">new setting that automatically pauses plugin content to save battery power</a> and precious CPU cycles. Under Chrome’s content settings, you can now opt for the browser to automatically “detect and run important plugin content.” This will ensure that the browser automatically runs “the main plug-in content on websites” while disabling all peripheral plug-in content.</p> <p><em>Follow Pulkit on <a href="" target="_blank">Google+</a></em></p> beta browser chrome 42 push notifications Windows News Mon, 16 Mar 2015 10:37:07 +0000 Pulkit Chandna 29586 at Microsoft: Windows Not Immune to FREAK Attack <!--paging_filter--><h3><img src="" alt="FREAK Attack" title="FREAK Attack" width="228" height="138" style="float: right;" />The encryption flaw was previously thought to only affect Google and Apple products</h3> <p>A few days back, <a href=";sa=D&amp;sntz=1&amp;usg=AFQjCNGrf02lX00jNfYcVT99uSKkQpobWw" target="_blank">Apple and Google products were found to be affected by a longstanding vulnerability</a>, which <strong>stems from a now-defunct U.S. government regulation enjoining tech companies to use encryption no stronger than 512 bits in “export-grade” software</strong> — so that it could maintain a cryptographic edge over its adversaries. Well, how could Microsoft be left behind? The Redmond-based company issued a security advisory Thursday to warn that all supported versions of Microsoft Windows are also affected by FREAK (Factoring attack on RSA-EXPORT Keys), as the SSL/TLS&nbsp; flaw is called.</p> <p>“Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows,” reads the advisory. “Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers.”</p> <p>The company says it’s currently working on a fix, which could come either as part of a future Patch Tuesday bundle or in the form of an out-of-band security update. In the meantime, the company recommends that those running Windows Vista or later “disable RSA key exchange ciphers using the Group Policy Object Editor” in order to mitigate the threat. The entire procedure can be found <a href=";sa=D&amp;sntz=1&amp;usg=AFQjCNET6-5KL5iZV1T8j-W__gzQ7AuXdA" target="_blank">here</a>. </p> <p>A list of vulnerable browsers and popular domains is available at&nbsp; <a href=";sa=D&amp;sntz=1&amp;usg=AFQjCNHaR3zGKq1VkFoP2ybbvqCbTfD-3A" target="_blank"></a>. The affected browsers are Internet Explorer, Chrome for Mac (patch available), Chrome for Android, Safari for Mac (patch likely in a week), Safari for iOS (patch likely in a week), stock Android browser, Blackberry browser, Opera for Mac and Opera for Linux. Maintained by computer scientists at the University of Michigan, the site also lets users check if their browser is vulnerable.</p> <p>“The FREAK attack,” the site warns, “is possible when a vulnerable browser connects to a susceptible web server—a server that accepts ‘export-grade” encryption.’” According to the researchers, an attacker could use the vulnerability to “intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data.”</p> <p><em>Follow Pulkit on <a href="" target="_blank">Google+</a></em></p> <p><em>Image Credit: Ghacks<br /></em></p> encryption Factoring attack on RSA-EXPORT Keys flaw freak attack Internet Explorer nsa patch SSL TLS Windows News Mon, 09 Mar 2015 04:12:21 +0000 Pulkit Chandna 29558 at Rumor: Google to Wrap up Development of 2-in-1 Chromebook in Q1 2015 <!--paging_filter--><h3><img src="" alt="Chromebook" title="Chromebook" width="228" height="141" style="float: right;" /></h3> <h3>Google-branded hybrid device is reportedly being developed by Quanta Computer</h3> <p>Google is getting ready to give Wintel-powered 2-in-1 devices a run for their money with a <strong>Chromebook-tablet hybrid</strong> of its own and the device is expected to be ready by the end of this quarter, notorious rumor monger <a href="" target="_blank">Digitimes</a> said Friday in a report citing unnamed sources in the “upstream supply chain.”</p> <p>Allegedly designed by Taiwan-based Quanta Computer, the rumored 2-in-1 Chromebook is said to feature a detachable screen that transforms into an Android tablet when detached. The device, Digitimes says, is a testament to the “dramatic advance” Google has made in integrating Android and Chrome OS — for long a stated goal of the company. The report adds that such integration could finally see Chromebooks gain a beachhead outside the United States, which accounts for over 85 percent of all Chromebook sales. Although the first 2-in-1 Chromebook will be a Google-branded device, the site says other vendors also plan to launch similar devices in 2015.</p> <p>If the report is to believed, Google and its chums are not the only ones working on 2-in-1 devices right not. Even Microsoft is said to be readying “an own-brand 10.6-inch Surface detachable 2-in-1 to promote Windows-based 2-in-1 devices” and fend off any future competition.</p> <p><em>Follow Pulkit on <a href="" target="_blank">Google+</a></em></p> <p>&nbsp;</p> 2-in-1 android chrome os chromebook Google Hybrid intel rumor Windows wintel News Mon, 16 Feb 2015 12:15:07 +0000 Pulkit Chandna 29427 at Google Relaxes Project Zero Bug Disclosure Policy <!--paging_filter--><h3><img src="" alt="Google Project Zero" title="Google " width="228" height="95" style="float: right;" />Companies working on a fix can now apply for a 14-day grace period after 90-day disclosure deadline</h3> <p>The whole <a href="" target="_blank">fracas over Google Project Zero team’s disclosure of three Windows zero-day bugs</a> before Microsoft could fix them may now be old news, but it seems to have done enough to get the former to revisit its bug disclosure policy. Google’s bug hunters took to the official Project Zero blog on Friday to announce a <strong>number of key changes to their disclosure policy</strong>.</p> <p>While a large part of the <a href="" target="_blank">blog post</a> is dedicated to the importance of bug hunting and reporting programs having disclosure deadlines and how the outfit’s own 90-day deadline is “reasonably calibrated for the current state of the industry”, it ultimately concedes that Project Zero’s disclosure policy, as effective it is (over 85% bugs fixed within 90 days), could do with a few improvements. The outfit says it has “taken on board some great debate and external feedback around some of the corner cases for disclosure deadlines” and come up with a few policy improvements.</p> <p>The most notable of these policy updates is the provision of a 14-day grace period after the original disclosure deadline has expired: “If a 90-day deadline will expire but a vendor lets us know before the deadline that a patch is scheduled for release on a specific day within 14 days following the deadline, the public disclosure will be delayed until the availability of the patch. Public disclosure of an unpatched issue now only occurs if a deadline will be significantly missed (2 weeks+),” reads the blog post.</p> <p>And don’t you worry about Google having double standards (a <a href="" target="_blank">concern we raised</a> late last month): “As always, we reserve the right to bring deadlines forwards or backwards based on extreme circumstances. We remain committed to treating all vendors strictly equally. Google expects to be held to the same standard; in fact, Project Zero has bugs in the pipeline for Google products (Chrome and Android) and these are subject to the same deadline policy.”</p> <p><em>Follow Pulkit on <a href="" target="_blank">Google+</a></em></p> apple disclosure Google microsoft OS X project zero team responsible disclosure Security Windows zero-day News Mon, 16 Feb 2015 09:31:28 +0000 Pulkit Chandna 29426 at Silicon Dust HDHomeRun Plus Review <!--paging_filter--><h3>A grand slam for some, a foul ball for others</h3> <p>We like free. We also like doing things ourselves, which is why building our own DVRs to capture OTA broadcasts has been a habit for years. And we’re fans of devices that give us wide flexibility and range in their use. Given all these preferences, Silicon Dust’s HDHomeRun Plus—a networkbased external TV tuner—fulfills all our wants, on paper. In practice, it very nearly does likewise.</p> <p style="text-align: center;"><img src="" width="620" height="350" /></p> <p>Initial setup for the HDHomeRun Plus is super easy: plug in the power connector, an Ethernet cable, and your antenna’s coaxial cable, then download Silicon Dust’s software from the company’s website and install it. Running the setup—to scan for channels and to set the default programs for watching live TV and recording TV—takes 10 minutes. You can then watch broadcasts immediately through the Silicon Dust’s HDHomeRun Live TV software or Windows Media Player. You can also use VLC, but setting it up is far trickier.</p> <p>The experience begins to diverge, however, when you move on to setting up PVR software. When we tried the HDHomeRun Plus with Windows Media Center as our recording program, getting our home brew DVR off the ground was as easy as opening WMC and tweaking its settings to scan channels and input the correct location info for the channel guide. Trying Next-PVR—the other officially supported piece of Windows PVR software—was far more frustrating. On our Windows 7 machine, running the installer caused our system to lock up and required either force-closing the installer or a soft reset; on our Windows 8 machine, we installed the program, but it couldn’t detect any channels through the tuners, despite repeated tries.</p> <p>Equally split is the quality of the device’s streaming functionality. When accessed from computers or DLNA devices, audio-video syncing is excellent and the feed has the same crispness as a direct connection from the OTA antenna to a TV. But on mobile devices, audio was consistently ahead of video—an annoying fail given the app to watch live TV costs an additional $2.</p> <p>Using the HDHomeRun Plus can go one of two ways, depending on which path you take. If you’re a Windows 7 user, comfortable with Windows Media Center, and plan to watch TV through your HTPC or a media extender (such as an Xbox 360), the Plus will work perfectly and offers good flexibility for viewing options. If you’re running Windows 8, want to use NextPVR because it’s free and also not WMC, or plan to do a lot of your live TV viewing through a mobile device, the HDHomeRun Plus becomes less of a surefire hit. But regardless of the scenario, you’ll have to contend with one inescapable fact: its fan is annoyingly loud when the device is transcoding. If you can handle the noise, or you’re able to stash it somewhere remote, this downside might be tolerable. For us, it was a bit of a dealbreaker when combined with the mobile device performance--and that’s despite how much we liked using it with a Windows 7/WMC configuration.</p> pvr Windows From the Magazine Sat, 14 Feb 2015 17:59:49 +0000 Alaina Yee 29602 at Microsoft's "Windows 365" Trademark Hints at Subscription Model <!--paging_filter--><h3><img src="/files/u69/windows_10_4.jpg" alt="Windows 10" title="Windows 10" width="228" height="128" style="float: right;" />Examining the different scenarios</h3> <p><strong>Microsoft has been granted a patent for "Windows 365"</strong> by the United States Patent and Trademark Office (USPTO), and of course, the immediate reaction is that Windows is headed toward a subscription model similar to Office 365. Indeed that may be the case, though from everything that we know, it probably won't apply to Windows 10, which will remain a free upgrade for Windows 7 and Windows 8.1 users for the first year.</p> <p>Some people took the free upgrade announcement to mean that after the first year, a subscription fee would kick in. That's not our understanding of things, though the Windows 365 trademark is certainly an interesting development. Here are three possible scenarios we see playing out.</p> <h3>1. Windows 10 Goes the Subscription Route</h3> <p>We'll say right off the bat that this is highly unlikely, at least as an all-or-nothing affair. As we understand the free upgrade path to Windows 10, Windows 7 and Windows 8.1 users will have a year to make the upgrade at no cost, and after that, it will cost a flat fee, just like Windows does now. This is similar to what Microsoft's done in the past, except instead of offering a free upgrade, it offered a reduced rate and discounted family packs.</p> <p>That said, we could see Microsoft rolling out a subscription pricing plan as an option, just as it does with its Office suite. So, just as you can purchase Office 2013 or subscribe to Office 365, perhaps you'll be able to choose between Windows 10 and Windows 365, the latter of which would be an ongoing subscription that ensures you'll receive all futures versions of Windows, so long as your subscription is current.</p> <h3>2. Going All-In with Microsoft</h3> <p>Similar to the above scenario, Microsoft could offer an all-inclusive package of Windows products on a subscription basis. This could include Windows OS releases, Office, Skype, OneDrive storage, and even Xbox Live, though the more it bundles in, the higher the subscription.</p> <p>Alternately, it could relate to an all-inclusive package of Windows products, save for Windows itself. Microsoft COO Kevin Turner said during the Windows 10 event that "We've got to monetize [Windows 10] differently, and there are services involved." We don't want to extract too much out of that comment, though it could mean charging a subscription fee for certain products and services that tie into Windows 10.</p> <h3>3. Post–Windows 10 Era</h3> <p>One other possible scenario is that Windows 365 will follow Windows 10. Microsoft is heavily invested in the cloud and sees it being an integral part of its future, so perhaps Windows 10 will be the last flat-fee version of Windows.</p> <p>Unfortunately there aren't a lot of hints in the trademark itself, which is <a href=";state=4809:8qhezo.2.1" target="_blank">posted at <em>Neowin</em></a>. It covers everything from computer software and operating systems to telecommunications services and providing education and training. Including all those things would seem to support scenario number two above, though it's more likely Microsoft is simply covering all of its bases.</p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> microsoft operating system OS Software trademark Windows Windows 365 News Mon, 09 Feb 2015 17:13:17 +0000 Paul Lilly 29402 at Remembering Microsoft Bob, the Precursor to Windows RT <!--paging_filter--><h3><img src="/files/u69/microsoft_bob_cd.jpg" alt="Microsoft Bob CD" title="Microsoft Bob CD" width="228" height="200" style="float: right;" />Treating users like idiots never works</h3> <p>I've written about the <a href="">demise of Windows RT</a> on <a href="">more than one occasion</a> over the course of the last couple of weeks, and in the comments section of both articles, there's mention of Microsoft Bob. Prior to those incidents, it had been a long time since I've seen anyone bring it up. References to Microsoft Bob usually only manifest when talking about forgettable Windows releases, like ME, Vista (pre-SP1), and RT. However, <strong>Microsoft Bob wasn't actually a Windows version, it was a patronizing GUI that foreshadowed Windows RT's demise. Never heard of it? Let's take a trip back in time</strong>.</p> <p>Microsoft Bob was released in early 1995 as a desktop replacement for Windows 3.1 and Windows 95. Think of it as a GUI overlay. It was intended to make Windows less intimidating to novice users by dumbing down the interface -- instead of the traditional desktop with folders and icons, Microsoft Bob put users inside a graphical home with different rooms.</p> <p>Rooms were either public or private, the latter of which could only be entered into by whichever user account it was attached to. You could decorate each of the rooms with various objects, as well as move things around, change the theme, and even create new rooms altogether.</p> <p>What about the applications? These were integrated into the rooms. If you wanted to access Calendar, you could click on the calendar hanging on the wall. Likewise, clicking on the pen and paper on your desk would open up a word processor. These were essentially shortcuts presented as decorations.</p> <p><img src="/files/u69/microsoft_bob.jpg" alt="Microsoft Bob" title="Microsoft Bob" width="620" height="465" /></p> <p>As you moved about the house, a pet dog named Rover (think: Clippy) would follow you around and offer tips and suggestions, provided you didn't turn him off.</p> <p>Microsoft Bob isn't a project that came out of nowhere, but was born out of research by a pair of Stanford University professors, Clifford Nass and Byron Reeves. It was overseen by Microsoft researcher Karen Fries, and for a short while, Melinda Gates served as one of the project's marketing managers.</p> <p>Only one major version of Microsoft Bob was ever made (not counting the Gateway Edition that came with Gateway 2000 PCs) and it was discontinued less than five months later. The biggest reason it flopped is because users had no interest in being treated like idiots, though it didn't help that it had relatively steep system requirements for the time (minimum 486SX CPU, 8MB RAM, 32MB disk space, and 256 color Super VGA) and initially sold for $100.</p> <p>These days Microsoft Bob is remembered as one of Microsoft's biggest product failures, which makes it even more interesting that Windows RT and the whole metro interface came about. Just as interesting is that as recently as 2013, Bill Gates spoke out in support of Microsoft Bob, saying it will make a comeback someday.</p> <p>"We were just ahead of our time, like most of our mistakes," Gates said.</p> <p>Here's a look at Microsoft Bob in action:</p> <p><iframe src="" width="620" height="465" frameborder="0"></iframe></p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> gui Microsoft Bob Software Windows windows rt News Fri, 06 Feb 2015 21:54:01 +0000 Paul Lilly 29388 at Alienware Alpha Review <!--paging_filter--><h3>A great console-sized PC stuck in the alpha stage</h3> <p>As great as PC gaming is, let’s face it, when it comes to gaming in the living room, consoles have the PC beat. Alienware and the Steam Machines were supposed to change that, but considering <a title="steam machine delayed" href="" target="_blank">Valve delayed its hardware initiative</a>, Alienware decided to releases its box early as a small Windows 8.1 PC, dubbed the <a href=""><strong>Alienware Alpha</strong></a>. While the PC does an admirable job of attacking the PC’s problem areas in the living room, as the name implies, it’s still (unfortunately) in a bit of an alpha stage.</p> <p>The chassis is black and small. Measuring 2.1x7.8x7.8 inches, the Alpha is closest in size to Nintendo’s Wii U console. At 4.5 pounds, Alienware’s little PC is also extremely portable. We had an easy time lugging it around to friends’ apartments with four controllers inside a backpack. Speaking of controllers, the unit comes with a black wireless Xbox 360 controller.</p> <p style="text-align: center;"><img src="/files/u154082/alienware-alpha-1920.jpg" alt="alienware alpha review" title="alienware alpha review" width="620" height="349" /></p> <p>Ports on the Alpha include two USB 3.0, three USB 2.0, one S/PDIF, and two HDMI (one for output and another for input). It is a little disappointing that there isn’t an analog headset port, but Alienware told us it was one concession it had to make to produce such a small form factor.</p> <p>The box’s aesthetics aren’t very flashy. It’s got some sharp angles, akin to Alienware’s gaming laptops, a glowing triangular LED, and a glowing Alienware power button. You can also customize the LEDs through Alienware’s UI. Overall, it will look nice sitting next to your TV.</p> <p>Inside the box, the Alpha is running a mobile GPU based on Nvidia’s GeForce GTX 860M, which was the same graphics card used in the <a title="hp omen" href="" target="_blank">HP Omen</a> gaming laptop we reviewed last month. Since this box has such a unique setup, the Omen seemed like the fairest candidate for a zero point to test against. Its GPU runs at 1,020MHz and has 2GB of GDDR5 VRAM clocked at 1,253MHz. Compared to our ZP, however, the Alpha’s performance was a disappointing 11 percent slower in our Metro: Last Light and 3DMark 11 benchmarks. It did perform 7 percent better in BioShock Infinite, however. Overall, the Alpha is nowhere near the most powerful gaming PC out there, but it should be able to run most AAA games on medium to high settings. It will, at the very least, be competitive with the next-gen consoles.&nbsp;</p> <p style="text-align: center;"><img src="/files/u154082/alpha_tv.jpg" alt="alpha tv" title="alpha tv" width="620" height="342" /></p> <p>One aspect of the Alpha that we feel isn’t up to snuff is system RAM; our unit only offered what we feel is a minimal 4GB. Sure, the majority of games should run fine on 4GB, but that’s beginning to change with newer titles. We think Alienware should up the Alpha’s base RAM to 8GB. Luckily, you can upgrade the RAM to 8GB, though you’ll need laptop RAM to do so.</p> <p>You can also upgrade the storage with any 2.5-inch drive. If you’re like us, you’ll really want to do this. Our unit came with a 500GB 5,400rpm hard drive, which was embarrassingly slow. It took the Alpha one minute and 35 seconds to boot up, and then another 35 seconds to boot up into Steam Big Picture Mode. If you’re loading a really big game, it’s only going to lengthen the wait.</p> <p>At the heart of the console is the Alpha’s i3-4310QT CPU. Despite the box’s size, it’s actually a quad-core desktop CPU running at 2.9GHz. You can upgrade this to a quad-core i7, too. And you may want to, considering this i3 gets beat up by 30–54 percent compared to the HP Omen’s mobile i7-4710HQ processor. While dual-core CPUs are fine for the majority of games, for a little more future-proofing, we would have preferred at least a quad-core i5 chip.</p> <p>Of course, the hardware means very little if the software isn’t properly optimized to take over the living room. While the Alpha is running Windows 8.1 underneath, Alienware has wrapped its own user interface around it, which you can navigate with a controller. The Alpha UI also allows you to launch directly into Steam Big Picture Mode, which comes pre-installed. Because some Steam games only offer partial controller support, Alienware has done some super-nifty software tweaks to allow you to use an Xbox controller like a mouse in a pinch. You can do this by pressing down on all four shoulder buttons and pressing down on the left stick. This will allow you to navigate past any pop-up window boxes.</p> <p>The Alpha isn’t perfect, however. One of the taglines Alienware is using for the Alpha is that it “combines the freedom of PC gaming with the ease of a console,” but the slogan doesn’t always ring true. We encountered some resolution issues. For instance, in Shadow of Mordor, it defaulted to 1280x1024 resolution on our 1080p TV and had no in-game option to adjust it to 1080p. Some games that allowed us to adjust the resolution ended up blacking out the screen when we cranked it up to 1080p. Meanwhile, some games would open up off-center in a windowed mode by default. When we tried to boot up Skyrim, it gave us an error message that read, “Failed to initialize renderer. Your display doesn’t support the selected resolution.”</p> <p>The consoles also allow you to watch Netflix, and the only real good way to do that on the Alpha at the moment is to boot it up to the desktop mode, but here you’ll need to have a keyboard/mouse plugged in. Because of that, we really recommend getting something like <a title="k400" href="" target="_blank">Logitech’s wireless K400 keyboard</a>, which pairs well with the Alpha.</p> <p style="text-align: center;"><img src="/files/u154082/alpha_010.png" alt="alpha review" title="alpha review" width="620" height="349" /></p> <p>Another area in which the consoles have at a little easier than PC gaming is that console gamers don’t have to tweak their settings. Nvidia has a solid workaround to this problem with its GeForce Experience, but unfortunately the Alpha does not support GeForce optimal playable settings, which is a shame considering many console noobs might not know which graphical knobs to twist.</p> <p>At $550, the Alpha certainly isn’t cheap, especially when you look at its specs and compare it to the consoles. And the Alpha has a bunch of little software hiccups to overcome. Despite these problems, however, when the Alpha works, it’s awesome. Steam has a surprising number of fun local co-op games like Broforce, SpeedRunners, and more. Alienware’s box does a great job of bringing PC games to the living room. Sure, you could build a cheaper, more powerful system, but Alienware has spent a decent amount of R&amp;D trying to solve the software/UI issues. Yes, the box is in a bit of an alpha stage right now and isn’t the console-killer it set out to be, but we hope that Alienware continues to make future iterations of the Alpha. As it stands, the Alpha is a good machine for the PC vet, but not a perfect solution for the console noob.</p> <p><strong>Alienware Alpha Specs</strong></p> <p><img src="/files/u154082/alienware_alpha_benchmarks.png" alt="alienware alpha benchmarks" title="alienware alpha benchmarks" width="620" height="373" /></p> <p><img src="/files/u154082/new_spec_chart.png" alt="alienware alpha specs" title="alienware alpha specs" width="615" height="249" /></p> alienware alpha review console Hardware small gaming pc steam machine Valve Windows Gaming News Reviews Mon, 26 Jan 2015 22:21:34 +0000 Jimmy Thang 29316 at After Windows, Google Discloses Three Zero Day Bugs in OS X <!--paging_filter--><h3><img src="" alt="Google Project Zero" title="Google Project Zero" width="228" height="95" style="float: right;" />Apple remains silent</h3> <p>Having recently <a href="" target="_blank">ruffled Microsoft’s feathers</a> by (responsibly) disclosing three unpatched vulnerabilities in Windows to the general public, Google’s Project Zero team has now turned its attention to the other side of the PC-Mac divide. The outfit recently spilled the beans on <strong>three zero-day vulnerabilities in Apple’s OS X operating system.<br /></strong></p> <p>It is not that Google’s bug hunters have trained their guns on OS X all of a sudden, as part of some sort of balancing act. The Project Zero team privately notified Apple about the three bugs in October and, as is its standard operating procedure, gave the latter 90 disclosure-free days in each case to come up with a fix. The 90-day responsible disclosure deadline in each of the three cases expired earlier this week and as a result the vulnerabilities are now out in the open. </p> <p>Unlike Microsoft, Apple hasn’t uttered a single word on the whole issue.&nbsp; This probably owes to the fact that the company has already fixed the bugs. According to <a href="" target="_blank">iMore</a>, all the vulnerabilities in question have already been fixed and the patches are part of OS X 10.10.2, which is currently in beta.</p> <p>Do you think Microsoft should take a leaf out of Apple’s book and <a href="" target="_blank">just concentrate on fixing bugs</a>, or do you agree with the former that Google’s refusal to extend the disclosure deadline “feels less like principles and more like a 'gotcha'”? Or are you one of those people who would like Google — a company that has chosen to <a href="" target="_blank">leave 60 percent of all Android users to twist in the wind</a> by refusing to fix a bug in the default Android browser — to focus on plugging holes in its own products with the same zeal with which it adheres to the disclosure deadlines?</p> <p><em>Follow Pulkit on <a href="" target="_blank">Google+</a></em></p> android apple bugs Google OS X project zero team responsible disclosure Software Windows zero day News Mon, 26 Jan 2015 01:28:34 +0000 Pulkit Chandna 29308 at Google Posts Another Windows Zero-Day Security Hole <!--paging_filter--><h3><img src="/files/u69/google_5.jpg" alt="Google" title="Google" width="228" height="171" style="float: right;" />Google and Microsoft have different opinions on public disclosure policies</h3> <p>For the third time in a month, <strong>Google has gone ahead and disclosed all the gory details of a zero day vulnerability affecting Windows</strong> before Microsoft could get around to releasing a patch. It affects both Windows 7 and Windows 8.1 and has to do with how applications handle memory encryption to allow for data flow back and forth between processes running in the same logon session.</p> <p>"The issue is the implementation in CNG.sys doesn't check the impersonation level of the token when capturing the logon session ID (using SeQueryAuthenticationIdToken) so a normal user can impersonate at Identification level and decrypt or encrypt data for that logon session," Google's Project Zero team <a href=";jsonp=vglnk_14214161295196&amp;key=2b0adaafa9ad8a29fede7758fada1730&amp;libId=4da012ec-6be5-4f97-aa6b-a13dd92402f2&amp;;v=1&amp;;;title=Google%20publishes%20third%20Windows%200-day%20vulnerability%20in%20a%20month%20%7C%20PCWorld&amp;txt=a%20description%20of%20the%20flaw" target="_blank">explains</a>. "This might be an issue if there's a service which is vulnerable to a named pipe planting attack or is storing encrypted data in a world readable shared memory section.</p> <p>"This behavior of course might be [by] design, however not having been party to the design it's hard to tell. The documentation states that the user must impersonate the client, which I read to mean it should be able to act on behalf of the client rather than identify as the client."</p> <p>Microsoft had originally planned to plug the security hole in January's Patch Tuesday rollout earlier this week, though had to be postponed due to compatibility issues -- it's now scheduled to be fixed with February's Patch Tuesday rollout, <a href="" target="_blank"><em>PCWorld</em> reports</a>. In the meantime, Windows 7 and Windows 8.1 users are left vulnerable to what's now a publicly disclosed security flaw.</p> <p>The issue of publicly disclosing software vulnerabilities has become a point of contention between Google and Microsoft. It's Google's policy to give vendors like Microsoft 90 days to fix any security issues its Project Zero team finds, and any that remain unpatched after that three-month window will be disclosed to the public, no exceptions.</p> <p>As far as Microsoft is concerned, companies should be working together to ensure that security holes are addressed prior to being made public, or at least have some flexibility. That wasn't the case when, earlier this month, <a href="" target="_blank">Google disclosed</a> a Windows 8.1 vulnerability that Microsoft was scheduled to fix on Patch Tuesday, two days after its 90-day deadline. Microsoft had asked Google to refrain from publishing the vulnerability, but its request went ignored.</p> <p>"Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a 'gotcha', with customers the ones who may suffer as a result. What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal," <a href="">Microsoft stated</a> in a blog post.</p> <p>Google's stance is that 90 days is plenty of time to plug up known security holes, and with three disclosures in a month's time, it doesn't look like the search giant has any intentions of budging on its policy.</p> <p><em>Follow Paul on <a href="" target="_blank">Google+</a>, <a href="!/paul_b_lilly" target="_blank">Twitter</a>, and <a href="" target="_blank">Facebook</a></em></p> Google project zero Security Windows zero day News Fri, 16 Jan 2015 13:53:02 +0000 Paul Lilly 29263 at