Updates 2009-10-13

Hey folks!

Patch Tuesday has come again, including anywhere from three to thirteen updates for Windows and Office. If you haven’t installed these updates already, do so now. These are security updates.
Please be sure to install all the necessary “optional” updates, which can only be included if you select “Custom” or “view available updates” when the page initially loads.

Yet another critical security vulnerability has been discovered in multiple Adobe products. Exploits are actively being published by malicious websites and are, unfortunately, being promoted through ads and into pages within the “top ten results” on most search engines. If you have ANY Adobe products installed (Adobe Acrobat, Reader, Flash, Shockwave, AIR, or others), you are hereby warned to be *very careful* online and scan your machine often. If it starts to misbehave, or if you are unable to use the updating functionality within any of the programs, you are advised to shut your computer off immediately and seek technical assistance. At least one of these vulnerabilities can be avoided by disabling the Javascript parsing within Adobe Reader (which should be done ANYWAY!), but that will not prevent infection from the other vectors.

Adobe says they “may” release updates to correct this issue today and that they “may” not be able to release patches until next month. In either case, check for updates early and often. Checking on a daily basis until these patches are released does not make you Chicken Little. 🙂

Apple has released quite a few updates this month, including “security, stability and bug fix” updates for:
  Mac OSX 10.6.1
  Patch 2009-005 for all other OSX versions
  iTunes 9.0.1
  QuickTIme 7.6.4
  Various Mac hardware drivers & firmware updates
  iWork 9.0.3
  Logic Express & Pro 9.0.1, and 9.0.2
  Main Stage 2.0.1
  Apple Remote Desktop 3.3
As usual, you can access these updates through the Apple Updater for those applications you have installed, and can access the website below to install additional features and applications:

Trillian released patches for the Yahoo plugin, as well as opening a new beta for the Astra series (4.1). This is a security update. If you are using Trillian you should use the Help, Check for Updates feature to install either the 4.0.118 or 3.1.14 version. Or get it here:

Skype corrects a security issue within the extras manager, and fixes a freezing bug within the video shortly after video starts to play. If you have Skype installed, install this update before you launch Skype again.

FileZilla 3.2.8 & FileZilla both came out over the weekend, resolving a couple crash bugs, cosmetic issues and introducing a new method of resuming uploads for certain types of servers. If FileZilla is your FTP client of choice, you can use the internal “Help, Check for Updates” feature, or download the installer here:

Notepad++ 5.5.1 fixes some memory leaks, and adds “.txt” to new text documents, among other minor changes. As “simple” text editors go, I’m more and more impressed with Notepad++ each time I explore the features. If you need use Notepad even remotely as often as I do, consider playing with this. It’s a perfectly capable HTML (and many other script) editor, with hundreds of additional features you’ll need – uh – someday. 🙂

Google’s browser, Chrome, had another milestone as it released yet another patch for a non-interactive vulnerability. Version, update now if you have Chrome installed, corrects this, while the 4.x branch remains in beta.

NVidia released the next minor build of their driver platform, Forceware 191.07, with WHQL certification. It’s a large update, but if you’re using any video-intensive games or applications, this could increase performance on your machine, if, of course, you have an NVidia video card.

Media updates:
Most people only require one or two of the following applications.

Picasa 3.5 was released last week, introducing better image tagging and tag management, as well as what Google describes as “better sync support.” While I wouldn’t rely on most software-based image synchronization tools, Picasa has proven itself within my own toolset, so I do intend to give it a chance. If you’re just now getting into digital photography, this would probably be the best way to go.

CDBurnerXP was released earlier this month, adding support for additional audio formats and CD-Text. This is not a security update.

Vista Codecs 5.4.6 was released, correcting issues with certain AVI subtypes, MKV and patching the Gabests and ffdshow filters. Since it includes the ffdshow patch, it should be considered a security update – but should ONLY be installed if you’re using a previous version of this codec package, or none at all.

ImgBurn is a free, powerful and quite extensive media burner. While CDBurnerXP supports many of the same features, some things are just simpler in ImgBurn:

DVDFab was released a couple weeks ago, primarily performance updates. This is not a security update.

If you don’t trust Apple anymore than I do, you’re probably using QuickTime Alternative – and they’ve released version 3.0.0 this last week. This is an update to the core processing, so it could correct issues you are having with newer quicktime-based files. However, it is not a security update, and since it’s the first release of the 3.x branch, I would be wary of installing it until the first patch is released.

Utility updates:
These are unlikely to be of interest to most people.

Filehippo has released UpdateChecker 1.035, again, touting “internal performance improvements.” Had I not seen and used this myself months ago – and experienced problems with the UpdateChecker program as a result, I’d have a little more faith. The bytes are different, so it could be that they simply mis-labeled something at some point. It seems to be stable enough, now:

Sun has released VirtualBox, correcting more than thirty issues, though most are things few people would experience. It does include security updates. If you’re using VirtualBox, you should install the update – especially if you’re one of the few that had it stop working on them completely when installing 3.0.6. Oops. 🙂

I released Syncaid two weeeks ago, introducing several new features and correcting a bug that affected the use of both the “child” and “extract” options simultaneously. New features include “last”, “limit”, “type” as an alias for “extensions”, “assume” is now treated as an array (as are several others). Read more here:

The SysInternals team has released several updates to their tools package including an important update to Autoruns, and a new feature “Disk2vhd” which enables you to create a virtual machine from the *running* operating system on your computer! This is something that will save me hours of porting machines through various P2V and VM applications. If you have been keeping an older machine around because the new one just doesn’t support one of the applications you “need” to run on it – consider using this tool as an alternative. It’ll save you electricity, space, and frustration.

MyDefrag 4.2.2, yet another defragmentation tool, was released last week. While I normally don’t pay any attention to defragmentation tools anymore (they’re rarely really necessary on newer computers – and can take quite a while to run if you’re using even a significant portion of your newer hard drive), this one really got my attention when I read that it can run as a screen saver. Quite an ingenious use of processing time, while making sure it’s as hands-off as you want it to be.

MemTest86+ released their first major version, 4.0, in years. This version reduces the time for the first pass, which is often all that is necessary if you suspect bad memory on a machine. It can reduce the detection time from an hour to only a few minutes if RAM is bad, and still provides the “let it run forever” mode to give you the peace of mind that can only be obtained from running memory diagnostics iteratively for several hours and numerous passes.

Web Package Updates
These are likely to be of interest only to web developers.

phpMyAdmin and were released yesterday. These are security releases for an attack that is active and in the wild. If you have phpMyAdmin installed, update NOW:

eCommerceTemplates 5.8.3 was released for both ASP and PHP, including over 20 updates, several of them directly related to correct processing of payments. You should update immediately to correct validation and potentially failed transaction issues…however, be aware that some users are complaining that this patch is preventing some of their customers from accessing their own profiles. That might be enough to make me wait for 5.8.4. 🙂

Whew. Isn’t that enough for now? Keep it clean out there. 😉


Shawn K. Hall

Updates 2009-09-08

Hey folks!

Welcome to all our new readers. I try to keep announcements short and sweet and cover only the most commonly used applications and operating systems – but if you think I’m missing something LET ME KNOW! I’m happy to review other applications that have not historically been included in these mailings as well – I just need to know what software you use, and where it’s being distributed from. Reply to this message to tell me.

Patch Tuesday is here again, including 3 to 5 updates for Windows XP, Windows Vista and Windows 7, an update to Silverlight and between 1 and 3 updates for various MS Office packages. One of these updates is a critical update to the scripting engine, which means that it would be possible to exploit the vulnerability through a web-browser. A reboot will be required. If you haven’t installed these updates already, do so now:
Please be sure to install all the necessary “optional” updates, which can only be included if you select “Custom” when the page initially loads.

Apple released numerous security updates (LOTS!) for OSX this last week, over 15 brands of driver updates for various hardware, a new security release for the OSX Java engine, and server software updates. Mac users should hit Apple Update immediately!

As expected, Sun Microsystems finally published the release for the 6u16 update for Java late last week. This is a security update and all users should install the update immediately. Make sure you close ALL browser windows before installing this update!
Don’t forget to UNCHECK the crapware options during installation.

CDBurnerXP was released last week. While not a security update, it does resolve several stability and performance bugs. If you use CDBurnerXP, you should upgrade at your convenience.

OpenOffice.org 3.1.1 was released over the weekend. The 150mb download package includes primarily bug-fixes to everything from PDF parsing to the update feature – and at least 4 security updates. If you have OpenOffice.org installed, you should update as soon as you have the available time and bandwidth to download it. 🙂

Trillian Astra is ***finally*** released! The official version number is, and it’s the same build that’s been “beta” for the last 3 weeks. After over a hundred builds and 6 years or so of beta testing, it is finally released. Really! If you use chat on Windows, Mac or iPhone, you will want this! Unfortunately, Mac and iPhone versions are still in beta, but they promised to have only a “short” wait before their release after the Windows build was officially released a couple weeks ago – and you *can* use the web-based Astra client to perform most of the same functionality directly with either your Mac or iPhone (and on Linux and other operating systems with Web2.0-capable browsers). Trillian supports the protocols for Windows Live, Yahoo, MySpaceIM, AIM, Google Talk, ICQ, Skype, IRC, Email, Facebook and Twitter – all from the same ingenious and stylish interface. I honestly don’t know how I would live without Trillian on my machine – it’s my chat and primary support system for clients, as well as my feed aggregator and email account monitor. It could very well be the best $25 I ever spent.

I released Syncaid this morning, which is a major update. The user interface now includes almost every setting as an editable value (so you don’t have to learn how to edit INI files directly) and a tray monitor, and several other new features have been added. Most notably, you can now ‘tag’ Microsoft and SourceForge downloads the same way you could tag Filehippo downloads before, so Syncing those packages can now be much simpler. Filehippo category parsing is now fully functional as well. Oh, and it’s sporting a stylish new icon, too! 🙂

DVDFab was released over the weekend as well. This version includes better handling for the preview window, a cleaner “mobile” conversion design, and more friendly defaults for some options. If you’re using DVDFab, get this update when you have the time. If you don’t have a DVD ripping solution yet, this is what you’ve been waiting for:

CCleaner 2.23.999 was released over the weekend, including two bug fixes that would cause problems for those with removable drives or using 64bit operating systems. This is a minor non-security update, but if you’ve experienced problems with it, you should upgrade:

Recuva 1.30.435 was released over the weekend as well, including better email handling and several minor bug fixes. If you’re using Recuva (or have lost files or data on your computer), download the new version here:

That’s all for now folks. Keep it clean out there. 😉


Shawn K. Hall

Updates 2009-08-26

Hey folks!

Since Windows 7 is finally being released (yay!), expect many hardware manufacturers to launch a huge series of driver updates over the next month or two. I’m already seeing updates for Logitech mice & keyboards, nVidia video cards, and Microsoft input devices (everything from webcams, headsets, mice and keyboards). While normally I encourage driver updates as soon as they’re released, unless you’re a hard-core gamer or are experiencing stability issues with your current hardware, you will probably want to hold off at least until mid-September, as most of those companies releasing updates today will release fixes for those updates again over the course of the next month.

Speaking of Windows 7…I’ve been using it for several months now and am very impressed. The performance issues Vista imposed are gone, and it is a far smoother experience than I would have expected. While there will be some issues that are hard to cope with (currently DQSD isn’t natively supported, nor are several other applications I *require*, like Spambayes and Trillian Astra, Annette “needs” her Zuma to work better than it does now, and the concept of “quick launch” is redesigned, causing a bit of a struggle for many) initially, I think it’s a huge improvement over both Windows XP and Vista, and on better video cards there are plenty of new user-interface improvements that will help task users work faster. This will be an operating system I’m happy to install across my computers again.

One last note: Over the last week I’ve seen another surge in “AVXP” malware infections from some of the “safe” top-ten search results pages in both Google and Bing. Be VERY careful out there right now! If you are browsing a WEB PAGE and a popup tells you that it has discovered “security risks” or other issues with your computer DO NOT install anything! Close the window (it’s safest to use ALT+F4) and perform manual scans with your anti-virus and anti-spyware applications immediately.

Now, onto the updates…

Microsoft released an out of cycle security patch for Windows today, a revision for the existing Autorun patch released several months ago. Microsoft has labeled this a critical update, but if nobody you do not trust has physical access to your computer it is not urgent. This patch minimizes the chances that a device (like a USB-stick, external drive or CD) could be used to execute arbitrary programs on your computer without your knowledge or consent.
For most users this update does not require a reboot, so if your computer was on all night long, it’s probalby already installed.

For Mac users, Apple has released reliability updates for Apple Remote Desktop client and server, an important firmware update for hard drives in MacBook Pro machines, a firmware update for Bluetooth for several Apple input devices, and a feature update for iPhoto. Most of these can be accessed through Apple Update, or through:

Sun Microsystems is currently testing a release for Java version 6u16. Among other things, this includes several security patches for the sandboxing feature intruduced earlier this year. While it is not currently being pushed, it will probably happen in the next few days, in your computer tray with the orange icon.
Don’t forget to UNCHECK the crapware options during installation!

Mozilla released Thunderbird this week, correcting a security issue that applied only to secure email. Oops. If you use Thunderbird, this is a very important update.

Google released Chrome today, which has several security updates, most importantly with the Javascript engine and SSL parser. The existing vulnerabilities could have been used to forge content as though it were coming from another domain through a secure connection or execute arbitrary javascript with the rights of the current logged in user, both of which are considered critical. If you are using Chrome already, it should update itself the next time you open it, or you can get the most current version here:

CDBurnerXP was released last week, providing automatic-updates, overburning, and stability improvements. If you’re using CDBXP, get this update!

I released Syncaid over the weekend. This version has several new features, including clipboard parsing, extended logging, filetype assertion, and an option (overwrite=0) to check for an existing download of the target name and bypass downloading a new version if it’s found. This feature is especially useful if you use FileHippo, since it can now be used to create a cached directory of installation packages.
Another new feature expected to be implemented before Patch Tuesday is FileHippo category parsing – which will be able to sync an entire category of packages from FileHippo (such as “browsers” or “developer tools”), and avoid duplicate downloads for existing versions, saving time and bandwidth. For a sample Synfig builder for this, check out:
Create the Synfig, copy it, then run Syncaid without an associated INI file – it’ll run the Synfig directly from the clipboard.

FileZilla FTP 3.2.7 and have been released this week, providing stability improvements, and better TLS support. If you’re using FileZilla, you’ll want to get the update:

Defraggler 1.13 was released Monday, as a reliability update which claims to increase performance as well. If you’re using Defraggler, or are looking for a fast and effective defragmentation application, look no further than  Defraggler:

For developers:

TortoiseSVN, a bugfix release that greatly improves stability, was released yesterday. So far it’s resolved several of the huge performance issues I had been having when navigating a local SVN repository – so I would definitely consider this an important update. If you’re using SVN, this is a must:

VMware released a security update to the VMware Player to version 2.5.3-185404, and also includes better support for Ubuntu as a guest and new support for Ubuntu as a host OS. Better stability on ATI graphics cards, better mouse event handling (preventing a security vulnerability related to drag & drop operations from host to guest). If you’re using the VMware Player, get the update:

That’s all for now folks. Keep it clean out there. 😉


Shawn K. Hall

Updates 2009-07-14

Hey folks!

Patch Tuesday is here again, including anywhere from three to eight updates for Windows XP, Vista, 2003, 2008 and Win7. If you haven’t installed these updates already, do so now. A reboot is required after installing updates, so save your stuff before you begin.
IE8 has had two important updates since it’s release, so it is likely safe for the masses to upgrade to now. Please be sure to install all the necessary “optional” updates, which can only be included if you select “Custom” when the page initially loads.

Not a download, but an interesting news piece I think most readers will be interested in: Microsoft is finally getting a clue about software distribution. The next release of Mirosoft Office (2010) will include a free version accessible from the web in all popular browsers. It’s about time!

CDBurnerXP was released yesterday, including two important stability and performance improvements. If you’re using CDBurnerXP you *want* this update. 🙂

Microsoft released Silverlight 3.0 this week, enabling broader media support and programmatic sources, including over 20 new powerful features. You may be prompted to upgrade from some websites you visit, but it’s safest to go to the source – so you should upgrade this web plugin directly here:

Apple released Safari 4.0.2 last week to little fanfare, patching several security and compatibility issues, including stability improvements to the javascript engine. If you have Safari installed, you need this update. Get it here:
Or use the “Apple Updater” to get the most recent version:
  Start, All Programs, Apple Software Update
Check everything at the TOP, but leave the bottom options unchecked.

On a related note, I’ve had repeated experience over the last couple weeks with Apple updates and have come to the conclusion that if it isn’t working for you – chances are very good that the system date & time is wrong. Before losing your patience or your hair, make sure your system clock is set correctly.

VirtualBox 3.0.2 was released shortly after the 3.0.0 release this month. In my opinion, it is finally stable enough to serve as a complete replacement for VirtualPC and VMware, and if you couple it with services like VBoxTool (from SourceForge), you can use it to test or run virtualized operating systems on a completely headless machine (like the WD MyBook World Edition). The performance of VirtualBox is much better than VirtualPC and VMWare that I’ve taken to leaving a Windows 7 environment open 24/7 now on my primary machine.

While not exactly a “timely” notification, I finally had needed a small and portable screen capture program again, and discovered that the 1.0 release for Lightscreen has finally arrived (two months ago)! It enables you to better configure screen capture key combinations, zooming and most importantly, it actually works for those of us with more than one monitor.
My biggest ongoing complaint about the program is that the “insert date” option still uses the format “dd-mm-yyyy hh-nn-ss”, which is a horrible pain to sort consistently when screen captures span days or even months. Still, it’s far more stable and a very useful portable application.

Syncaid was released in the wee hours last night, now featuring FileHippo support, additional anchor-feeding options, better filename/filetype discovery for redirected URLs, and fixes for two non-critical errors in local filenaming and URL parsing. Learn more, and get it here:

For web developers…

WordPress 2.8.1, WordPress MU 2.8.1 and bbPress 1.0.1 were all released this past week – including a fix for a critical security issue relating to accessing plugin control pages. If you have any of these scripts installed on your site, update them NOW!
There are already automated scripts in the wild that are creating users and attempting exploitation of popular plugins.

That’s all for now folks. Keep it clean out there. 😉


Shawn K. Hall

Updates 2009-07-07

Hey folks!

Microsoft has released an out of cycle security patch for the .NET Framework. This is a critical update, and corrects a remotely exploitable vulnerability that can be exploited through webpages visited in Internet Explorer **or** Firefox. It is very important that you install this update if you use Windows, even if Internet Explorer is not your default browser.
While you’re there, make sure you’re getting the other important “optional” updates and drivers, which will only be listed if you select “custom” or select the option to “view all available updates” within the Vista update dialog.

Speaking of Vista…every single computer running Vista that I’ve seen in the last month had yet to install the Vista SP2 package! Folks, this is a big deal, and should not be avoided or dismissed lightly. It’s been out just shy of two months now, and is the only method for obtaining some of the security fixes within the (300mb+ for 32bit or 550mb+ for 64bit) package. Either use the Windows Update tool or download the package for your processor type from here:

These last couple weeks Apple has released several security, stability and performance updates for Mac OSX, including firmware updates for a number of devices, Time Capsule, iPhoto, MacBook, Final Cut Pro, and other updates. Most importantly, Apple has finally taken it upon themselves to update the Mac Java environment to resolve a number of security issues that have been used for *over a year* to exploit OSX in the wild. Use the system updater, or visit:

Mozilla has released an update to Firefox, to version 3.5. This update includes security and stability fixes, including remote exploits. It is now also the first browser to include certain advanced new aspects of the HTML5 spec that, unfortunately, are almost non-existent in the real-world Internet. If you have Firefox installed, you are advised to update ASAP.
  Mozilla Firefox: Help > Check for Updates

Nullsoft has released another security patch for Winamp Media Player, to version 5.56. Notable among the fixes is better support for external devices including the iPod, and better support for accessing your iTunes library. If you use WinAMP, get the update here:

This last week must have been a full moon or something, because *three* very popular freeware applications released updates that *all* had serious flaws. Two of those have since been patched and re-released, and we’re in a holding pattern for the third.

FileZilla Client quickly followed the release of 3.2.6 a few days ago. This is a reliability
update, but adds a couple nifty security features as well. If you don’t know what FTP is, you don’t need it.

CD Burner XP was released and re-released this week, first breaking pretty much any ISO features, then correcting the issues with a timely patch. This version also includes several user interface enhancements, safer command parsing and a couple edge bugs that most people would probably not have noticed. While not a security update, the new ability to set a user-defined temp folder for caching can increase stability quite a bit, especially for older or slower computers.

Notepad++ 5.4.4 was released a few days ago, correcting a dozen outstanding issues, butt adding a couple significant bugs. Most importantly, keyboard shortcuts are broken, so I suspect a number of the core users have reverted back to the “safe” 5.4.3 version. While you could update to the 5.4.4 release, it’s probably safer to wait another week or so to resolve the new bugs.

Security- and maintenance-conscious individuals will find that Syncaid is written “just for them.” I released version 1.0.40 last week, which adds several features to the engine, including the ability (as options) to queue decompression or execute downloaded files automatically. I wrote this engine specifically to aid in troubleshooting and repair of systems that are either infected or woefully neglected in maintenance. Having used it privately to synchronize updates for things like AVG and Stinger for over a year, I finally decided to publish it online several months ago, and have posted a number of “Sync” files for use with it as well. Learn more, and get it here:

For servers & websites:

phpMyAdmin came out last week, fixing a bug that could be used to inject code from one user into anothers session. It requires MySQL 5+ and PHP 5.2+. Get it here:

One other note about scripts like this…you should read the README files. Quite often people hosting with us simply upload the entire package without checking to see what is actually required, and what is not. In the case of phpMyAdmin, several of the folders (“scripts”, “setup” and “contrib”) have no use for most users, or any user after the package is successfully configured. The same is true for services like LimeSurvey, phpBB and others, including anything that has a “samples” directory. This is especially significant this week, following the recent automated defacements targeting vulnerable “sample” scripts released with FCKeditor – one of the most popular WYSIWYG editors used on the web. Dump the samples, folks!

MySQL Server 5.1.36 was released late last month, correcting a large number of bugs, including some crash, corruption and security issues. Get it here:

In new web packages, bbPress has *finally* been officially released in a 1.0 series! Most significantly, this forum package integrates directly into the WordPress/WPMU authentication system, so it can easily be used in conjunction with WPMU to immediately extend the capabilities of your online community site.

That’s all for now folks. Keep it clean out there. 😉


Shawn K. Hall