Disabling Snap Shots Website Preview
Snap Shots are the preview popups that appear when you when you mouse over a URL on some websites or blogs. They seem to be gaining in popularity on some blogs. They function like Intellitxt Ads but they aren’t advertising and they’re controlled by the site owner.
Even though they aren’t advertising some of us find it annoying to have something popup while we’re reading a web page.
The Snap FAQ includes a link and instructions for disabling them. Deactivation requires you to reload the page or clear your cache to take effect. In addition, a cookie is needed for the deactivation so cookies must be enabled.
Some websites may have the ability to opt-in so you can turn Snap Shots off or on for the site. I’ve also seen the option to disable right on some of the Snap popup windows.
The Snap Shots do seem to serve a potentially useful purpose. My own view is they pop up at the worst time and are more annoyance than benefit. Do you find them useful?
Spam Counts for Week Ending June 17, 2007
My GMail 30-day spam count was up 5 (less than 2%) to 303 spam messages in the last 3o days. The second GMail account has stopped receiving phishing emails.
The bad news is I’ve picked up a couple new spam sources. The email address for my ISP (DSL provider) account received four spam emails this past week. This address is one I’ve literally never used. I’ve always used aliases and forwarders rather than ever giving out the actual email address. Based on the other email addresses in the header for a couple of them it looks like they were just spamming a whole sequence of email addresses.
I addition, it looks like the hosting provider ip01-webhost.net spams Whois contact addresses. I use private registration and this past week I received 4 forwarded emails from them with promotional offers. McAfee site advisor has one complaint about them spamming Whois addresses. What’s interesting is that they include the notice:
iP01-webhost.net does not send or support unsolicited email, this email is sent to you because you have been exclusively selected and invited to receive iP01′s services.
They clearly send unsolicited email since I never contacted them. Listing in Whois is hardly “exclusive” and since that’s the only place that email address exists (other than my registrar) there’s little doubt about their selection method. So far it’s only been one email per domain so it’s not egregious, but I don’t think I’d want to do business with a company that starts off playing so loose with their own declared policies.
Website comment spam dropped drastically this week. There were only 671 attempts which is a drop of 73% from the previous weeks 2,458 attempts. Spam Karma caught them all. That’s still an average of 95 attempts a day. The lifetime total for The OS Quest has hit five figures and is now at 10,155.
Comment spam at the Spam Chronicles remains low. There were 6 attempts this week. down 1 from the previous week. The lifetime total for the Spam Chronicles is 210.
Thunderbird 2.0.0.4 Released
Mozilla has released Thunderbird 2.0.0.4 which is primarily a security update. One security vulnerability was fixed along with one crash bug that had the potential to be a security vulnerability. In addition, support for Korean was added. A list of 21 changes is available at The Rumbling Edge.
The update is available through Thunderbird’s auto update feature. Both the OS X and Windows versions required Thunderbird to be restarted after the update.
The full version for Windows, OS X or Linux for all supported languages (included the just added Korean version) can be downloaded from Mozilla.
Microsoft Patch Tuesday for June 2007
Microsoft released six security patches today. Four of them were rated critical, one important and one moderate. There are patches for all supported desktop OS platforms, Internet Explorer, a couple mail apps and for a couple versions of Visio. There aren’t any Office patches.
The four critical desktop patches are:
MS07-031 for Windows XP SP2, Windows XP x64 and Windows XP x64 SP2. It’s rated as “important” for Windows 2000 SP4. Earlier versions of Windows 2000 and XP may be affected but aren’t supported by Microsoft. On Windows XP this vulnerability can allow remote code execution. On other OS’s the vulnerability results in a denial of service attack (such as a system crash). The user must visit a malicious website to be exploited.
MS07-033 is the cumulative patch for all versions of Internet Explorer and is critical on all desktop OS’s that run it. Since this is a cumulative update it carries forward any baggage of earlier issues (like changes in ActiveX control handling). As usual, the most serious vulnerability impact is remote code execution. Six new vulnerabilities are identified in the bulletin some of which allow remote code execution.
MS07-034 is for Windows Mail on Vista (including Vista x64). It is rated “important” for Outlook Express 6 on all versions of Windows XP. There are five different vulnerabilities identified. On XP they may disclose information, on Vista they allow remote code execution.
MS07-035 is for all desktop OS’s except Vista. It’s not needed on Vista. This allows remote code execution.
The patches are released through Windows Update and are available for individual download.
Rootkit Revealer
Rootkit Revealer was created by the guys at SysInternals and since Microsoft bought SysInternals it calls Microsoft home. The current version is v1.71 and is available as a free download from Microsoft.
I ran the Rootkit Revealer on my Windows XP SP2 PC. It found two registry keys that were suspect but a quick search showed they were normal with the latest version of Rootkit Revealer. On a second run, immediately after a reboot, it found some additional files all dated post-reboot. The only old files it flagged were from Microsoft Defender and also appeared to be temporary files that were deleted during normal operations and are an indication of disk/file problems rather than spyware.
The scan also found several files in my Windows\temp directory. Rather than being spyware they all seemed to be temp files that were deleted. The timestamp on all of them was today and since the last boot. The discrepancy is probably due to a disk/file system problem rather than spyware. The message was “Visible in directory index, but not Windows API or MFT”.
I also scanned using Microsoft Defender and AVG Anti-Rootkit (both are available from my links page under Free Security Software). Neither found any spyware or rootkits.
Rootkit Revealer looks for rootkit type activity at a much lower level than the more user friendly scan tools which seem to look for specific rootkits. It’s then up to you to research it and see if it’s a rootkit. Rootkit Revealer also doesn’t include any rootkit removal tools. The SysInternal forums are still around and can be used to help decipher the scan results.