Stephen's Computing Blog

Jack Straw, Facebook and his Hotmail account...

2009-02-24T18:25:00.003Z

Yes Jack Straw (that Jack Straw) is on Facebook, liberal trendy that he is (what do you mean, he's just the oldest swinger in town?).

It's no surprise really since Jack Straw was so clued up on WMD in Iraq that he was similarly confident about combining his Facebook account with a Hotmail one. Jack should have remembered how Facebook trawled his address book as soon as he signed up, without so much as a by-your-leave. And now some Nigerian scammers have done the same.

I suspect that Jack has been relying on his beautiful colleague Harriet for computing security tips. Yes, that Harriet, the one who thought that username 'Harriet' and password 'Harman' would keep her blog safe from the unsolicited ministrations of her Parliamentary colleagues.

Sadly Hotmail is simply long past its best and hopelessly open to hackers; best to avoid.

Running Windows in 'Safe' mode

2009-02-20T10:58:00.008Z

Windows offers users the option of running in 'safe mode'. With this, only the barest of essential components of the OS start running on boot up. You would never want to use this for normal computing (the very basic graphics would deter you for starters) but safe mode does have its uses. For example, if you install software on your computer that causes your computer to crash every time you boot up, you can start in safe mode and then uninstall the software in question (or use your system restore function to achieve the same result). It also means that you can delete files that otherwise won't let you, a problem that often catches people out otherwise.

So here are some instructions on how you can start your computer in safe mode. Screenshots were not possible so I've taken photographs. Be warned! The quality of these is not good - I could only handhold my camera and I couldn't use flash because of reflection off the screen. The black & white screens needed a very long exposure and are quite blurred as a result. Nevertheless, I think that they'll be visible enough to be helpful.

To access Windows boot menu, you have to press the F8 key just before your computer reaches the Windows 'splash' screen (that's when the flag starts displaying). So firstly you need to determine how exactly you use the F8 key. That may sound stupid as it is entirely straightforward on a basic keyboard, but some are more sophisticated and offer dual function keys, where the F is not the default. Here is a photo of the keyboard I use:

On the left-hand side of the picture I have ringed the F8 key, which by default acts as a 'Fwd' key for email. To make the keys function as F keys, I have to have pressed the 'F Lock'key (ringed at the right of the picture). This works the same as the 'Caps Lock' key, and once again there is a light to show its status. So check your keyboard.

Now you boot your computer. As soon as the computer has started press your 'F Lock' key or equivalent if you need to, check that the light to show it as being in 'F' status, and now start pressing the F8 key repeatedly until the following screen appears:

Towards the bottom of that list, you will see 'Start Windows normally' highlighted. Use your up and down arrow keys (well, the up one) to navigate to 'Safe Mode' which is right at the top of the list.

Now press enter and you get taken to a second screen (sorry about the photo):

This simply asks you to confirm your operating system (Mine is Microsoft Windows XP Professional). Your Windows OS will be highlighted by default so you simply press enter again. Be aware that you may get taken to this screen ahead of the earlier one. If that happens, simply press F8 again to go back to the first screen.

Now your computer will start booting into Windows. This lacks nearly all graphics, and can take longer than a normal boot, but eventually you get to the login screen:

Note the unusually large graphics, and also that you can only log in to the (normally hidden) Administrator Account or your earliest user account that enjoys administrative priveleges (here it's the account 'Admin').

Now you're in; once again there are very large basic graphics - this picture shows the full screen width:

From this point you can use your computer normally to do whatever you had gone into safe mode for in the first place. Switching your computer off when you've finished is the same as normal, although the PC will not turn itself off after shutting down, you will have to do this manually.

Platte and privacy: user accounts and the winlogon.exe file

2009-01-29T12:02:00.024Z

Why does the pm_proc1 executable continually try to access the Winlogon.exe file while it is running? I can think of no legitimate reason why it should do so; perhaps you could enlighten me.

Our software does not attempt to access Winlogon.exe.

Why did I ask Platte that question? I hope you'll bear with me while I give a little background since that will help in following this discussion. Although my computer expertise is somewhat limited, I do enjoy playing with them, and my 10 year old PC has been tinkered with primarily so that I can run a choice of operating systems. As a result it contains a stack of hard drives most of which are also partioned. My original 13GB drive is still my 'C' Drive though, even if it distinctly temperamental these days. Having more than one hard drive offers other advantages beyond easily being able to install a new OS if the fancy takes me. I'm able to store my personal files on a different drive to the one used by the OS which means they don't go down if my OS gets corrupted. Most importantly, it means that I can back up files (or entire disks) from one drive to another. If a hard drive were to fail completely, I can entirely restore its content onto a replacement (that's saved my life on a couple of occasions). That's the reason I'm able to switch between running Windows with Platte installed and running it without. I run Windows XP Pro (my main OS) on my C drive, which also has most of the other software I run, but it does not have personal files for any of the User Accounts; my own 'Stephen's Documents' for example is two hard disks further down on my 'G' drive.

When I installed the Platte software, I created a new User Account specifically for the purpose. That account, including its personal files is entirely on the 'C' drive, as is the Platte software. Since Windows, the Platte files and all the necessary user account files are on the 'C' drive, it should not be necessary for the Platte software to access any of my other disks.

Among the diagnostic utilities I enjoy playing with are several from the wonderful Sysinternals website (linked on my sidebar); it's such a useful site I'll put up a separate post about it in due course. Their 'Process Monitor' utility is probably definitive in that it displays a list of every action taken by the processor in real time; it quickly becomes a staggeringly long list.

I was running Process Monitor one day for some other reason (but when Platte was on my PC) and I noticed that Platte's main executable file, the pm_proc1.exe, was referencing the winlogon.exe file found in the System32 folder at regular intervals (approximately 1 minute apart). So what is the winlogon.exe file? It's part of Windows, and it's an extremely important one; it is Windows own security system. It stores the user passwords and is the file that controls the permissions; that means that it determines which user is able to access which files or programs, and which programs are themselves able to access other files. Essentially, it's the file that is able to grant 'access all areas' passes or not as appropriate; 'Guest' users get 'upper balcony, rear' and no more .

Since I didn't really understand why the Platte software should wish to access the file, I asked Platte about this when I sent them a list of queries recently. As you will have seen at the top of this post, their answer was unequivocal; their software "does not attempt to access Winlogon.exe".

Well, here's a screenshot, taken from a process log generated by Process Monitor. Look at sequence number 354571:

I have to admit that the process logs tend to be pretty much at the limit of my computing knowledge and sometimes slightly beyond it. More often than not I can follow a process through easily but not always. But even with my limited ability in this area it does look as though pm_proc1 is indeed accessing in some way the winlogon.exe file. I don't know why it should do so but it may well have a link with the following -

At present I have set my PC to start Process Monitor running each time I log in. I have put a filter on the logs, so that they only shows activity by the Platte software (this is an awful lot easier than trawling through a list that may consist of upward of a million actions, believe me). The following screenshots were taken a couple of evenings ago, all the accounts had already displayed billing reminders earlier in the day.

First I opened the account that I had installed Platte in. There is minimal activity (there would be more if a bill were to be displaying, but even then that is easy enough to follow):

Only 6 actions, two clusters of 3, and nothing to be concerned about. I had allowed the log to cover a full 10 minutes since I logged in, and those 6 actions are drawn from a total of 702,099 processor actions (displayed in the bottom left-hand corner of the window).

Next I re-ran the Process Monitor software, and went across and opened my own account. Much more activity; when I returned this is what I saw:

pm_proc1.exe appears to be checking out all my disks, C, F, G, H, I and J (look at the top half of the log). A couple of seconds later (that's a long time in computing terms) it's carrying out another check:

Then it moves on with Registry activity before checking out each partition individually:

And again:

Now we find it looking at the winlogon.exe (starting with sequence number 283927):

Now though, we come to the bit that concerns me. The Platte software shows an interest in my personal Documents folder (sequence number 611057 at the top, then 611067):

Now that I certainly don't understand. Why on earth should the Platte software want to show any sort of interest whatever in my Documents folder? Is that why it's referencing the winlogon.exe file?

I have to admit that I don't entirely follow what Platte is attempting to do here. But I do know that the other software I run on my computer hasn't shown any similar unexplained search round my computer, nor interest in my Documents folder. So why should the Platte?

It seem to me that Platte have some serious explaining to do if those who choose to install their software are to feel entirely safe in doing so. Hopefully they will read this and come up with an explanation.

(31st January): I have now taken a different route into my accounts and got slightly different results. I started this time by going into the account I administer my computer from and got a third sequence (I've adjusted column widths to help with reading all the full paths):

This time the route to the documents folder is significantly quicker (sequence number 199600) and no referencing of the different drives precedes it - there's predominantly registry activity. The Admin Documents folder is three disks down from the C drive. When I subsequently went into the account where Platte had been installed, there was merely the six lines of processing that turned up four days ago. So why does the Platte account not attract the same level of activity from the Platte software?

For those with an interest in such matters, the Process Monitor software downloads here.

These remaining screenshots follow on from the original sequence and show the activity when my account displays that repeat bill reminder; I find this entirely straightforward and easy to follow:

Comment on this post (particularly technically informed comment) is welcome. Please make it via my email, indicating any linkback URL you would like included.

Platte and privacy: user accounts and repeating bills

2009-01-26T10:16:00.018Z

Following on from my previous post, I need to say some more about the frequency of Platte's bills, both adding somewhat to my earlier response to Platte's explanation that when you install the software it installs across all user accounts on the PC. This is because it is the PC owner that is responsible for the account and also returning to a point I made in my original post on Platte all those months ago, that the software throws up more than one bill a day.

I have taken a series of screenshots this morning to illustrate what actually happens.

At 08.55 I logged into the account where Platte was installed and got this bill:

At 08.58 I logged into the computer's 'Guest' account and this bill displayed:

At 09.01 I logged into my own account, and again I got a bill:

When I returned to the first account (the one I had used to install the Platte software) no further bill displayed. However, when I went back to the 'Guest' account at 09.16 a bill displayed once again:

Logging back into the same account 15 minutes later I got yet another bill:

So it is fairly clear what happens: if you install Platte's software into your account on a PC you will receive one bill a day. However other users of the computer receive bills every time they log in, regardless of how often a day they do so. Actually, it's slightly more complicated than that. The account I installed Platte into is an 'administrator' account, where my own account is a 'power user' account while the guest account is just that. There is another 'administrator' account on the computer and when I went into that I got no bill. So what actually happens seems to be this: The computer administrator receives one bill a day, but all other users receive bills every time they log in.

But there's more... there's actually a significant difference between the bill displayed on the account where Platte was installed and all those other multiple repeat bills to the other accounts. The bill sent to the user who installed Platte simply tells them:

Invoice
Thank you for subscribing to a Platte Media Entertainment website. Your Platte Media membership is due for payment

Account Information
Your account is due for payment. To make a payment please select one of the payment options or contact us on 0845 017 8386.

However, the bill sent to the other users of the computer is not so polite:

Important Overdue Notice
Your account is overdue.
Please contact credit control on 0845 017 8389

Account Information
Your computer was recently used to subscribe to a Platte Media website and your account now requires payment

YOUR ACCOUNT HAS BEEN SUSPENDED UNTIL PAYMENT IS MADE

IMPORTANT: Your account is now overdue, failure to settle your account may result in us or our appointed agents taking legal action against you.

Please call our credit control department on 0845 017 8389

So clearly not only is Platte's software able to distinguish between the account that installed the software and those that didn't, but it only serves up threats of legal action on the bills to those that didn't (and are therefore more likely to be frightened by the bills and intimidated into paying). Note also that the two telephone numbers are different. This means that Platte can tell when you phone in whether or not you might have installed their software or are another user. I wonder if you get different responses depending which of the numbers you call?

Platte's contract (or at least the one I agreed to) clearly stated that I would receive only one bill reminder in any 24 hour period. Far more importantly, they have given specific assurances to the OFT that this is the case, although as I have shown, it is patently untrue.

I am inviting Platte to comment on this and will post their response when I receive it.

Go to my next post on Platte Media

Platte and privacy: user accounts and bills

2008-12-19T16:10:00.008Z

Why did your software display your bill on my computer after I had terminated my membership, owing you nothing? And why did it do so across all the user accounts on a shared computer?

(a) Sometimes the software requires synchronizing after a cancellation to ensure that the license on the user machine has been updated. To do this the user should either call customer services or open the platte utility and select the "synchronize" option.
(b) When you install the software it installs across all user accounts on the pc. This is because it is the pc owner that is responsible for the account.

Once again, a response from Platte that requires some analysis. Sometimes the software requires synchronising...? I used Platte's downloaded utility to terminate my membership (I took the online option rather than dealing with it by phone). So why on earth didn't their cancellation tool synchronise the software? Actually there's a bigger question - why didn't it do the uninstall at the same time?

It's the (b) part of the answer that's of particular interest though. Firstly, I don't think it's clear whether the PC owner is responsible for the account, or whether it's the person who entered into the agreement. I'm inclined to think it's the latter and I'm not altogether sure that Platte are entirely certain. But it's singularly disingenious to claim that the software 'installs across all user accounts on the PC'. It doesn't. It installs to the user account of the person who installed it, where the 'Get Films Now' icon displays on the desktop and 'Platte Media' shows in the 'Start' menu. In the other accounts, there is no trace of Platte to be found whatever. So it doesn't install to all user accounts at all, but what it does do is bill to all user accounts (and display that wretched 'Platte' desktop icon as well) when the software thinks that money is owing.

All this has very serious implications for the privacy of those who sign up for Platte's service. Consider this scenario: A married couple share an account on their computer, and it's password protected. Their young children have separate accounts and are not able to access their parents'account. One weekend the parents decide, long after their offspring have retired for the night, to try the 'Get Films Now' service. They're quite cautious since they obviously don't want the children to be able to access that sort of material, so after installing the software they go into their childrens accounts to check that it is not accessible in any of them. It isn't, so they don't worry. They are not that impressed with what they find Platte has to offer so they cancel their membership online later that night. The next thing they know is when their children are the first ones to get the pop-up bills; even worse, the children have Googled 'Platte Media' and know that their parents signed up to an online porn service.

Platte are big on privacy. They make much of the privacy that comes with paying by Postal Order. They have a 'Privacy Policy'. Unfortunately that 'policy' has nothing whatever to say about privacy, or the total lack of it, between user accounts on the PC, although there is a catch-all that seems to fit. Platte International Limited (company no.1391058) is committed to preserving the privacy of all visitors to www.plattemedia.com. Committed? Not that committed by the look of things. It's not as if they even bother to warn you about this when you sign up.

Go to my next post on Platte Media

Using Platte's uninstaller

2008-12-18T17:20:00.006Z

I get quite a few emails complaining that people can't work out how to use Platte's uninstall software (Not able to access it? It downloads from this link). It's not my fault, I have no connection whatever with Platte, and I'm no apologist for their software! Nevertheless, here's a series of screengrabs to guide you through using it:

1. This first screen is what seems to catch most people out. The figures you enter in the four boxes are not any part of your uninstall code, nor are they the PIN you gave Platte when you signed up, they are just the four figures displayed directly above the boxes. Quite why Platte include this step is beyond me, it seems to serve no other purpose beyond confusing people.

2. Clicking 'Next' takes you to the second screen, where you click the link at the bottom of the
page saying that you have received an update letter. The number above serves no purpose whatever unless you are being talked through the uninstall.

3. Now you can enter the codes that Platte have sent you.

Click 'OK' on the pop-up which warns you to close down any open windows.

Clicking 'Next' finally starts the uninstall

And that's it!

Quite where you are supposed to request the confirmatory email I haven't worked out yet. If you know, please share the secret.

Go to my next post on Platte Media

Platte: not much of a choice.

2008-12-18T15:04:00.015Z

Why, in direct contradiction of the agreement we entered into, did you repeatedly decline to email me the uninstall instructions for your software after I terminated my membership? It appeared that you were deliberately stalling, and I can only speculate as to the reason. Is this a matter you have now addressed, and if you have, how have you done so?

Firstly, we would like to apologise for the delay. We have a dedicated freephone uninstall line which deals with uninstall enquiries and it is our policy to use this line to carry out uninstalls. Our customer service advisors were not 'deliberately stalling' but rather following company policy.

However we recognise that in line with our terms and conditions, you should have been provided with uninstall advice in the first email which you received. Your case brought a discrepancy between the automatic email about cancellation and the terms and conditions of sign-up to our attention. Having chosen option b of the terms and conditions, the email which you received confirmed that your account was cancelled. However, it should also have provided the following uninstall information: "If you would like to uninstall the software from your PC, please call our uninstall line FREE on 0800 051 6664 for instructions". We can only suggest that this discrepancy was due to human error and we have now amended the automatic email to include the above statement.

Again, we would like to apologise for the inconsistency between our terms and conditions and the email, and for any inconvenience this may have caused. Thank you for highlighting the issue.

Platte's response to my question deserves some examination, and I'd like to start by showing a screenshot of the relevant section of my agreement with them taken at the time of my signing up:

It is section 17.4 that is of interest:
To cancel your Subscription and uninstall the Software You must either:
(a) Call 0800 051 6664 quoting your Account number and request an uninstall.
(b) Click on the 'cancel Subscription' hyperlink and follow the uninstall instructions as provided in the cancel confirmation email which will be sent to you.
Once your subscription is paid and the software uninstalled we will send you an email to confirm this. Please note that where payment of your Subscription Fee is outstanding, the Software will only be installed once you provide us with evidence of your identity and a correspondence address in order that we forward your uninstall code. If you have not paid your bill by the conclusion of the reminder procedure detailed in clause 2.5 or, the elapsing of 6 weeks from the date the Subscription Fee became due for payment we will cancel your access to the Website. We can use your IP address to identify your residential address details and have the right to commence proceedings to recover the money owed to us in respect of an unpaid Bill.

As someone who planned to end my membership as soon as the software had installed on my PC (I had only originally intended to test the sign-up procedure) it was the first part of the above that was of interest. I particularly didn't want to have to phone for instructions, and I believed (quite reasonably) that I was being offered an email alternative providing I terminated my membership online and owed no money.

However, what Platte now say is that the choice should in reality have been this:
(a) Call 0800 051 6664 quoting your Account number and request an uninstall.
(b) ...call our uninstall line FREE on 0800 051 6664 for instructions.

So where's the choice? You tell me...

What's particularly interesting though is that I did phone, to find out what happened. Firstly, I was asked for my address, and then told that they wouldn't be able to send me my uninstall instructions without it. It took repeated refusal before the person I was speaking to offered to 'talk me through' the uninstall, an offer I declined since I had been offered emailed instructions in our contract. Finally they promised an email within an hour, but they never sent it.

If they can post out instructions to residential addresses, why on earth do they resist emailing the same instructions to people who don't owe them money? You tell me...

What struck me at the time was the way that Platte seemed to be maximising their chance of obtaining my phone number and residential address, although they had no contractual need for either. And I never received the promised email confirming that the software had been uninstalled either although that is not surprising given that their uninstaller didn't actually uninstall it.

Even when you get your uninstall instructions sent they are not as straightforward as they might be. Firstly they direct you to www.plattehelp.com to download their uninstall tool. However, you can no longer get it from that webpage. I first became aware some months ago when I started getting a stream of visitors to the blog who had put plattehelp.com into their search engine. On checking the page, I found that it had been taken down; instead you are taken to http://www.plattemedia.com/index.php?option=com_content&view=article&id=43&Itemid=10 - where there is no sign whatever of the download you need. The page they should be sending you to (but don't) is http://www.plattemedia.com/help.php. This change was as I said made some months ago but given the number of visitors who still arrive here as a result of searches for www.plattehelp.com (just check my 'Latest Visitors' in the sidebar) it would seem that Platte have not yet amended their instructions. It's hard to tell exactly why they changed the page in the first place; after all plattehelp.com is still registered to Platte Media International at an address in Soho. They certainly know about the problem since they're this blog's most regular visitor and I first highlighted it ages ago. Perhaps we should be kind and just put it down to 'human error' again, but it is certainly another element in delaying the removal of Platte's software.

Even then it's not as straightforward as it might be. From the number of emails I get, many people find Platte's uninstall utility less straightforward to use than it might be. That at least I can address here; my next post will go through the necessary steps for using it.

Deliberately stalling? Stalling certainly, whether it's deliberate or not I'll leave to others to decide.

Go to my next post on Platte Media

Exposing hidden files

2008-12-16T10:53:00.011Z

It is not difficult to display the hidden files on your PC, but unless you are reasonably experienced with computers it carries a very considerable risk, since you may unintentionally delete a file that is vital to the operating system. Sometimes it can be helpful though, since it makes it possible to delete files that unwanted software has installed which are not visible otherwise.

It is not difficult to change the settings on your computer to do this, but it is safest to do this in a separate user account that is not in regular use; instructions on how to set up such an account can be found in this post. Exposing the files in one account does not expose them in the others, hence my encouragement that you use an entirely separate one.

This is how you change your settings to expose those hidden files:

1. Via Start open My Computer.

2. Go to Tools on the Menu Bar (at the top of the window) and select Folder options.

3. Select the View tab in the applet (small window) that has now opened.

4. Scroll down slightly so you can see Do not show hidden files and folders, Hide extensions for known file types, and Hide protected operating system files (Recommended).

5. Now you need to change those three settings. Using the radio buttons, switch to Show hidden files and folders. Untick the boxes for Hide extensions for known file types, and Hide protected operating system files (Recommended). When you untick the last of these you will see a warning; read it before ticking Yes.

Her's what you end up with, just click on OK

To reverse these settings just go through the same procedure, restoring those ticks and buttons to how they started the first time round.

I must emphasise again that deleting files while you have the hidden files exposed is very risky; you should never do so unless you are certain of what you are doing.

Platte Media - a response

2008-12-15T11:13:00.008Z

Now that Platte had finally made contact with me (see my last post), I invited them to answer some questions that addressed this blog's concerns about both their contract and their billing software; here are their responses:

Why, in direct contradiction of the agreement we entered into, did you repeatedly decline to email me the uninstall instructions for your software after I terminated my membership? It appeared that you were deliberately stalling, and I can only speculate as to the reason. Is this a matter you have now addressed, and if you have, how have you done so?

Firstly, we would like to apologise for the delay. We have a dedicated freephone uninstall line which deals with uninstall enquiries and it is our policy to use this line to carry out uninstalls. Our customer service advisors were not 'deliberately stalling' but rather following company policy.

However we recognise that in line with our terms and conditions, you should have been provided with uninstall advice in the first email which you received. Your case brought a discrepancy between the automatic email about cancellation and the terms and conditions of sign-up to our attention. Having chosen option b of the terms and conditions, the email which you received confirmed that your account was cancelled. However, it should also have provided the following uninstall information: "If you would like to uninstall the software from your PC, please call our uninstall line FREE on 0800 051 6664 for instructions". We can only suggest that this discrepancy was due to human error and we have now amended the automatic email to include the above statement.

Again, we would like to apologise for the inconsistency between our terms and conditions and the email, and for any inconvenience this may have caused. Thank you for highlighting the issue.

Why did your software install further files on my computer even after I had used your utility to terminate my membership?

Cancellation of membership is not the same as un-installation. When a user cancels their membership their license will be updated by the cancellation utility to reflect the cancellation. This is not the same as un-installation. An un-install will remove the software completely from the users' machine and should ensure that the software cannot be re-installed further down the line.

Why did your software display your bill on my computer after I had terminated my membership, owing you nothing? And why did it do so across all the user accounts on a shared computer?

(a) Sometimes the software requires synchronizing after a cancellation to ensure that the license on the user machine has been updated. To do this the user should either call customer services or open the platte utility and select the "synchronize" option.

(b) When you install the software it installs across all user accounts on the pc. This is because it is the pc owner that is responsible for the account.

Why do you provide an uninstall utility that does not fully remove your software? The last time I tested it, it still failed to do so. This is despite repeated comments from yourself on other less technical blogs claiming that it achieved a full removal. Is this a matter that has now been fully resolved?

Sometimes anti-virus software interferes with the uninstall process and prevents a full uninstall. This is particularly the case with ESET and AVG software. We believe that our software removes all elements of the install, but if this is not the case on some machines then, given the correct information, we will update the uninstall. The latest uninstaller should remove all files including the inert html/images used to display the embedded bill and the two hidden files. There is however the possibility that some files could not be removed due to being locked as in use (e.g. if the customer had the file open while uninstalling).

In reference to the hidden files, although they carry the .sys extension they are not system files belonging to Windows - they are created by our software. As such they do not constitute alteration of Microsoft's software or violate any third-party software developer license.

Why does the pm_proc1 executable continually try to access the Winlogon.exe file while it is running? I can think of no legitimate reason why it should do so; perhaps you could enlighten me.

Our software does not attempt to access Winlogon.exe.

I shall be discussing these responses in separate posts, but (after further testing for confirmation) I did take up the question of the uninstaller with Platte:

Thanks for taking the time to answer my questions. I'm not going to respond to all your points right now, but I should say that when you first emailed me last week I downloaded what was at that point your latest uninstall tool (digitally signed to 23 July 2008).

I have now run this on a computer where all anti-virus and security software had been entirely removed (and what little protection Windows XP offers was disabled). Despite this, several files still got left behind, including the hidden 'system' file (the one located within the System32 folder; on my PC it's 1550355105.sys but the number is unique to the PC). I have examined a full process log for the removal; this shows that these files were left behind not because of any software conflict but because your uninstaller did not attempt to remove them.

It is not my intention to become an unpaid software tester for Platte but I would be grateful if you could let me know as and when you are offering a tool that achieves a complete removal.

That elicited a helpful response from Graham Foster, Platte MD:

In response to your recent email, I have spoken to the technical team and they have advised me that the files left behind flag the uninstall process and allow us to ensure the uninstall was successful and all active files are removed.

I shall be returning to this, as to the other matters raised, in due course. In the meantime, it is good to know that Platte do finally accept that their uninstaller does not offer a full removal of their installed files.

Go to my next post on Platte Media

Platte: the uninstaller

2008-12-02T12:14:00.005Z

Today I've had two emails from the helpful people at Platte International Customer Relations. The first told me that they are now downloading their installer from the link I provided for the uninstall utility in earlier posts; but no sooner had I put up this post to flag it up than they email again to say that they'd got it wrong. So it appears that at this point in time the uninstaller is still available via this link. If you use it and find it doesn't work, please post a comment here to that effect, and I'll look into it.

Go to my next post on Platte Media

Basic computer security

2008-07-20T15:22:00.012+01:00

Anyone who works in an office where there is a computing network will know that it is impossible to install software on the computers there, not just because it is against company policy but because the computers themselves won’t allow staff to. The same is true for those using a PC in such locations as a public library. This is because software installation rights are restricted to the computer administrator who accepts the responsibility for the system. Although many do not realise it, Windows XP and Vista both offer the same facility, and if computer owners want to keep unwanted and potentially dangerous software off their machines (such as the Platte software that is the current subject of so much debate) they should avail themselves of the facility. And each user of the PC should have their own account; if there is a problem it makes it far easier to determine who was responsible. I’m giving specific instructions on how to do this at the end of the post.

Nobody (not even the administrator) should be routinely browsing the internet through the administrator’s account, so owners will need to set up a second account for themselves (this is advice from Microsoft, not just me). It is very important that the administrator account is protected with a safe password that is never shared with other users of the PC under any circumstances. It takes two people to put Platte or similar software on a computer; the person who carries out the install and the owner who has been foolish enough to let them do it.You should not rely on any antivirus package to protect you either; they can do no more than flag up a warning against a deliberate installation of software by a determined user with administrator privileges.

Children often represent the biggest problem, not least because they often know far more about computers than their parents.But this is all the more reason to stop them having any access to an administrator account. Children's approach to the home computer is simple - they’ll download anything they like without any regard to the consequences of doing so, whether it’s screwing up the computer or seriously compromising the security of the information stored on it. The parents job is to pick up the bills and little more. Sound familiar? Nor should parents underestimate the likelihood that their children will seek a site such as getfilmsnow out, not because they want to watch a tired old Popeye cartoon but quite specifically because they want to watch material with a sexual content.Boys are genetically programmed to have an interest in such matters, and links to such sites will be circulating among them by email, creating peer pressure to view such material even when the child doesn’t particularly want to. In my youth it was ‘Health & Efficiency’, a publication which appears laughably innocent in this day and age. But of course even without downloaded software there is a lot of sexual content that can be viewed on the internet. While you can limit a young child’s exposure to such material by adjusting the settings for the browser, the most effective way to keep an eye on what the child is viewing without intruding too much is to keep the computer in the regular family room, not tucked away in an office.This can be inconvenient for the adults, but it does enable them to exercise reasonable control over the computer's use. I'm afraid that it is simply not possible to protect a child from the irresponsibility of their parents. You wouldn’t give them unrestricted use of your car, would you?

There are other sources of information on how to manage your computer, not least of which is Google. If you’ve got a problem, someone else will have had the same and there’ll always be plenty of helpful advice. If you’re asked to install software make sure that it’s you who does the download after googling the software you plan to install (since that will flag up any obvious concerns). If a few more people had googled ‘Platte Media’ before installing it there’d be a lot less grief right now. Do check any small print in licence agreements even when they’re written in difficult to follow legalese. If in any doubt, don’t put it on. Very little software is really needed on a computer beyond an office suite and an antivirus package other than the supplied software for your other hardware, printer, camera, scanner iPod and the like. The less software you load on a computer, the less likely it is to go wrong.

The children will moan of course, starting with ‘none of my friends parents...’ (you should just tell them to go and install their software on their friends computers in that case). Don’t give in, not even once. Because once you do you’re on a slippery slope and soon you’ll find yourself right back where you started. The ubiquity of the games console means that it is not even necessary to install games any more and it’s best not to. At least then you’ll no longer have to endure your child playing ‘Rape and Pillage III’ while you’re trying to get on to do your online banking.

Sooner or later you’ll no doubt feel your child is responsible enough to have administration rights. But he should be administrating his own computer, not yours, and accepting the full financial responsibility for doing so – repairs, upgrades, and all the bills that arise from injudiciously downloaded software. If he wants to let passing pornographers access his computer that’s up to him, at least they won’t be accessing yours. Nor do PCs require regular replacement. Mine has lasted 10 years and it is quite reasonable to expect the same of his. If he wants to replace it, let him shell out for the privilege.

So, how do you set up an administrator account? I’m going to give you detailed illustrated instructions here. Take your time, don’t allow any distractions, and read the instructions through carefully to make sure you understand them before you start. You will want to use your existing account as your day-to-day account since it has all your passwords and personal settings, so I am going to call the new account ‘PC Administrator’ – you can’t just call the account ‘Administrator’ since Windows already has a hidden account of that name. These instructions presume that your existing account is set as an administrator account already; if not you will need to log in to one that is. You should note that I will shortly be putting up full instructions for removing all the files left behind by Platte's uninstaller, and these will be written on the assumption that you have followed the advice in this post. So here we go...

1. Open the control panel (click start, 'Control Panel' is in the right-hand column):

Where it invites you to pick a category, select 'User Accounts':

Click on 'Create a new account':

And insert the name for your new account (I've called it 'PC Administrator':

Now you are asked to pick an account type, you should pick 'Computer administrator', before clicking 'Create account':

Now you can set the password. Click on the new account:

From the list of options, select 'Create a password':

Now you have to choose a password. It should not be one you use elsewhere, nor one that will be easily guessed. I've used the registration number of my parents' first car, and put up 'Austin 7' as a clue. Then click on 'Create Password':

If the other users do not already have separate accounts, you should create new ones for them now, repeating the sequence above, but setting the accounts as 'limited', not 'computer administrator'. Now you can log off, before logging in to your new account:

This will take some time to set itself up, but once it has, exactly as before, open the control panel. Now select your original account:

And select 'Change the account type' from the list:

Select 'Limited' and then click on 'Change account type'

Now you repeat that, changing all the original accounts on the computer bar the 'PC Administrator' account to 'Limited' accounts. If you take the time to do this, and keep your password secret, other users will not be able to install any software that poses any risk to the computer.

It's best to insist that all the accounts use passwords (these are set up in User Accounts via the control panel) but each user can set their own. By default, Windows leaves the Guest account turned off, and it is best to leave it that way, unless you want to run the risk of visitors having (limited) unauthorised access. You can set up a separate limited account called 'Visitor' that has its own password for people to whom you allow occasional access.

No computer is impregnable, but these precautions minimise the risk of uninvited software being installed. Owners who prefer not to take them should be prepared to shoulder some responsibility for the consequences of that decision.

Platte - I've been sent a bill

2008-07-19T18:52:00.015+01:00

I have received several emails about the Platte software, asking for my advice on whether people should pay the £29.99 that Platte are billing them for, particularly from those who say that their computer was not in use at the time. It would be helpful if I answer that here.

Firstly, anyone who enters into a contract with Platte should (as I said in an earlier post) honour that contract. As I've made clear, I'm not enthused of Platte's business model or the nature of their software but the claim that a computer was not in use at the time the software was downloaded simply cannot be true. Unless a computer is connected to the internet and being used for browsing at the time no unsolicited software can download, whether it is with the owners permission or not. Windows does not permit the installation of Active X controls (a component of the Platte software) without specific consent. Nor do I believe that the software is downloaded entirely unknowingly; there is no need for it to given that there are enough damn fools in this world prepared to agree to just about anything regardless of liability or consequence in order to access pornographic material, particularly with the offer of a free trial.

Here's the warning displayed by Windows at the commencement of installation of the software:

And here's a subsequent Active X warning:

If you are the owner of a computer and find that the Platte software was installed without your consent, you should examine the browser history logs that are on your PC since you will be able to determine what site the download came from and hopefully also identify the culprit - in that case you should present the person concerned with Platte's bill (unless of course they are a minor). Whether you are yourself liable for the bill in those circumstances appears (and I must emphasise that I am no lawyer) to be unclear; you should go to the MBS/Platte Media Victims' Forum if you want to take the advice of others who found themselves in the same position. It is unfortunate that there appears to be no legal judgement yet (at least not one that can be found online) that settles the question of liability definitively in cases like this.

I will put up a post giving basic instructions on how to recover your browser history logs; computer owners owe it not least to themselves to determine who has been using their computer and installing software of this nature. At the very least this establishes that the computer concerned was indeed used to enter into a contract involving a financial commitment to Platte, and the user account that was used to do it.

If I found that the Platte software had been installed without my permission on my own PC by an adult, my anger would be directed at the person concerned rather than at Platte, and I would certainly ensure that they met the costs they had committed to. Having signed up myself, primarily for the purpose of determining the clarity of the contract at the time of the download, I can only say I found the current terms to be entirely clear (although my subsequent experience was of course that Platte failed to honour their side of that contract following my cancellation). Unless I had consented to the download, I doubt whether I would feel in the slightest obligated to settle the bill myself, but that is a matter where individual computer owners have to make their own decision and might be best obtaining legal advice.

I find pornographic material singularly distasteful but it is legal, and those who wish to access it should settle any financial liability they commit to. If you signed up with Platte, you should accept the responsibility you foolishly took on in doing so. So please, no more requests for advice of this nature.

Go to my next post on Platte Media

Platte and that billing software VI: further file found

2008-07-18T10:41:00.004+01:00

I've found one further file that the Platte software installs. I've added it to the full list and am only posting it here for the benefit of those who have already copied out that earlier list. The latest uninstall tool appears to remove it. Sorry I didn't spot it before.

C:\WINDOWS\system32\pinf.sys

Go to my next post on Platte Media

Platte and that billing software V: a third uninstaller

2008-07-15T13:30:00.027+01:00

I am pleased to say that Platte are responding to this blog's exposure of their hidden files and there is now another new uninstall tool up for download. This removes all bar one of the hidden files (although the remaining visible files are untouched) and is therefore an improvement on earlier builds.

Many people are having difficulty accessing the uninstall utility; this link will take you directly to the download.

I 'll explain here exactly what still gets left behind; those who feel that they had an unwelcome intruder in their computer (or don't have their uninstall instructions any longer - you would need to use the supplied code again) will probably still want to seek professional assistance and achieve a full removal. It is to be hoped that Platte are still working on this and finally offer an uninstaller that actually does the job before too long (don't hold your breath though).

If you have not read my earlier posts on Platte, you may find it helpful to do so.

The new uninstaller downloads as before as a setup.exe file:

How do you know you've got the latest one? Right-click on the file and select 'Properties' from the drop-down menu. A small applet opens, and you should go to the 'Digital Signatures' tab. This will show the timestamp as 14 July 2008 09:01:07 :

You run this as before, entering your code. This time I found that the hidden folder on the C drive (and all the files within it) were removed, although the files elsewhere remain. In the C:\WINDOWS\System32 folder there are two icon files for 'Platte' and for 'Get Films Now', plus a third file which is the remaining hidden system file. Its name is a ten figure number followed by .sys, and since the number is different for each computer (and with it being a hidden system file) it can be difficult to find. As I said in my original post on Platte, system files are notoriously difficult for uninstall tools to remove anyway, and this one is likely to be doubly so because of that unique file name. In the photo below it is in the upper left-hand corner. What does it do? That's difficult to determine. I would have said that it was that unique and non-removable identifier they promised (and I still think it is) but since Platte said in one of their emails that the licence is in the registry I must be wrong I suppose. Since its purpose is uncertain it should definitely be removed, either by a professional or by a skilled acquaintance (not by one of your children, however skilled you like to think them):

In the C:\Program Files folder there is still the 'Platte Information Files' folder:

This contains two further files (one of which is executable) plus a shortcut:

Clicking on the first of these files throws up a display of your supposedly deleted Platte account details (this is from the executable file):

The second gives you the details of the contract that was agreed at the time of setting up your account:

So that's it. From having 6 of the 44 files removed we have now gone to having 39 removed and only 5 left behind. Maybe one day Platte will offer an uninstall tool that actually removes the lot. Even now, I do not think it in the slightest unreasonable to bill Platte for using a professional to achieve a complete removal and obviously there is also the question of compensation for Platte's clear breach of the original agreement. I would have thought that a sum of lets say £30 per customer would be pretty fair given all the circumstances.

My next post on this will cover general aspects of computer security, with particular emphasis on how to keep software of this nature off your computer in the first place. I conscious that I promised an analysis of registry changes in an earlier post and I will indeed post on that, but not until it becomes clear that Platte are not proposing any further immediate builds of their uninstaller since reading through registry files is very time consuming. But I'm going to go back on what I said in my original post; I'll put up full illustrated instructions for removing these files safely (since Platte can't manage it).

There remain of course other areas of concern over this software, but I will cover the main ones when I address the security issues. In the meantime, I hope these posts have been of help.

Go to my next post on Platte Media

Platte and that billing software IV: www.plattehelp.com

2008-07-11T13:54:00.017+01:00

A lot of people are visiting this blog via search engines because they are not able to connect to www.plattehelp.com to download their uninstall software. At the time of posting, this link will take you directly to the download. However, you are very strongly advised to read all my posts relating to this software, since you will need to take further measures to ensure its complete removal.

If you find the link no longer works, it would be very helpful if you leave a comment to that effect.

Go to my next post on Platte Media

Platte and that billing software III: the new uninstaller

2008-07-08T08:09:00.017+01:00

I said in my original post on this topic that when Gareth, a software developer at Platte, offered me an updated uninstaller, I found that it was exactly the same as the first. How could I tell? - I checked the digital signature for the software, and they both had the same date - 8th May 2008. In truth I was somewhat surprised by this since Gareth's email appeared to have taken my complaint about the software seriously, and it was self-evident that if I had found the jRegistryKey.dll once, I would be checking to see whether it had gone the second time around. Since I was online when he sent the email, I did wonder if he had simply sent the email prior to the new uninstaller being set up to the link, so I did download a second time, but it was again the same. Here's that first digital signature showing time and date of release:

Even after putting up my original post I remained slightly mystified, so yesterday evening I did a third download of that 'new' uninstaller to find that it is now at least definitely a new one. It is timed and dated to just before Gareth sending me the email, so I think that my failure to get the new uninstaller first time round counts as cock-up rather than conspiracy. Here's that second signature:

I've run the new uninstaller, and it does indeed remove the jRegistryKey file - the one that leaves your computer potentially open to further access by Platte. I have double-checked this morning, and it is up for general download. If you uninstalled their software via email, I would suggest that you follow those instructions again, as it will make your computer a lot safer. Those who were talked through the uninstall won't find things so easy, and are probably best seeking skilled help with the removal.

Nevertheless, this very much begs the question of why Platte didn't offer an uninstaller that removed the file in the first place, particularly given that Gareth says that "the uninstallers have undergone extensive testing and found to be working in all situations." But then again, it appears that I'm the only person who appears to have had this difficulty. "Indeed this is the first report we have received of problems on a XP based system." And it doesn't deal with the question of the 37 remaining files, since the jRegistryKey is the only one that the new installer removes beyond that of the old one; what sort of extensive testing could we be talking about here?

Here for instance is that hidden system folder on the C drive:

Here's what you find if you look inside it:

And here's what you get if you click on the .htm file (it's now clear that the name is a sequence of randomly generated letters):

There are still two files left in the system32 folder; one of these is the hidden system file (at the bottom of the picture (highlighted), the pm_icon.ico is just above and to the right of it):

The 'Platte Information Files' folder is also unchanged, and one of the files within it is an executable:

So, although the new uninstaller leaves your computer very considerably safer than the old one, it certainly comes nowhere near doing the job. So my advice is unchanged, you should get your computer checked by a professional, if only to confirm that all the Platte files have been removed.

(Ed. 15th July. There is now a third uninstaller available, considerably more effective, see this post for details)

Go to my next post on Platte Media

Platte and that billing software II: the files

2008-07-07T06:48:00.020+01:00

In my earlier post on Platte's software, I said that their uninstaller had proved very ineffectual indeed; of the 44 files their software had installed it removed only 6. So I thought that it would be useful if I listed the files that the Platte Media software installs for the benefit of those who take my earlier advice and have a professional check their PC over post 'uninstall'. It will assist them if you print this off beforehand (without it they will not be able to find them). Your own PC may have a few variant files, as some files might change depending on how long you have the software on board, but this list is as complete as I can make it. I'll be carrying this information over to a more substantial post in due course, explaining what the various files do, so this is just a temporary post to cover that gap.

I have produced this list from a computer that runs XP pro. I have no reason to suppose that it will be any different on Vista, but obviously it might.

Files that are starred were not removed on my PC by the Platte removal tool (released 8th May 2008). Files that are concealed (either as system files or through being placed within a system folder) will have a (c) appended, those you can see will have a (v). The ten digit unique identifier is shown here as 0000000000. One file name is a randomly generated sequence of letters; I have indicated which below.

Files installed at time of initial installation:
C:\WINDOWS\system32\0000000000.sys (c) *
C:\WINDOWS\system32\pinf.sys
C:\WINDOWS\system32\pm_ax.ocx (v)
C:\WINDOWS\system32\pm_proc1.exe (v)
C:\WINDOWS\system32\pm_proc2.exe (v)
C:\WINDOWS\system32\jRegistryKey.dll (v)*
C:\WINDOWS\system32\pm_setup_util.exe (v)
C:\WINDOWS\system32\pm_dll.dll (v)
C:\WINDOWS\system32\Get Films Now.ico (v)
C:\Program Files\Platte Information Files\Get Films Now.htm (v) *
C:\Program Files\Platte Information Files\Platte Utility (shortcut) (v) *
C:\Program Files\Platte Information Files\pm_viewer.exe (v) *

Folder created at time of initial installation:
C:\Program Files\Platte Information Files (v) *

Files installed after 72 hours:
C:\WINDOWS|system32\pm_icon.ico (v) *
C:\0000000000\BeXiAYjmmRMMIXpc.htm (c) * (a randomly generated sequence of letters, this is as it shows on my PC)
C:\0000000000\style.css (c) *
C:\0000000000\images\bar_l2.png (c) *
C:\0000000000\images\bar_l3.png (c) *
C:\0000000000\images\bar_l5.png (c) *
C:\0000000000\images\bar_m.png (c) *
C:\0000000000\images\bar_m2.png (c) *
C:\0000000000\images\bar_m3.png (c) *
C:\0000000000\images\bar_r2.png (c) *
C:\0000000000\images\bar_r3.png (c) *
C:\0000000000\images\bar_r5.png (c) *
C:\0000000000\images\box_bl.png (c) *
C:\0000000000\images\box_bl2.png (c) *
C:\0000000000\images\box_br.png (c) *
C:\0000000000\images\box_br2.png (c) *
C:\0000000000\images\box_ml.png (c) *
C:\0000000000\images\box_ml2.png (c) *
C:\0000000000\images\box_bl.png (c) *
C:\0000000000\images\box_mr.png (c) *
C:\0000000000\images\box_mr2.png (c) *
C:\0000000000\images\box_tl.png (c) *
C:\0000000000\images\box_tl2.png (c) *
C:\0000000000\images\box_tr.png (c) *
C:\0000000000\images\box_tr2.png (c) *
C:\0000000000\images\cheque.png (c) *
C:\0000000000\images\debitcard.png (c) *
C:\0000000000\images\logo.png (c) *
C:\0000000000\images\onlinebank.png (c) *
C:\0000000000\images\operator4.png (c) *
C:\0000000000\images\phonebank.png (c) *
C:\0000000000\images\postalorder.png (c) *
C:\0000000000\images\question.gif (c) *
C:\0000000000\images\tab_l.png (c) *
C:\0000000000\images\tab_r.png (c) *

Folder created after 72 hours:
C:\0000000000 (c) *

Go to my next post on Platte Media

Why I won't be using Firefox 3

2008-07-06T15:06:00.005+01:00

I have been a very satisfied user of Firefox over several years now. Recently I put Firefox 3 on a friend's computer and was very impressed. It was blindingly quick, and the new GUI was not so far different form the old one, which always makes life easier (unlike say the switch to IE7).

So I put 3 on my computer, which ground to a total halt. The cause was immediately apparent, it was increasing the percentage of CPU resources used for kernal mode running (60%+ against maybe 20% with Firefox 2 on my very elderly PC). I didn't manage to download a single page as a result, and it was soon off again. If I ever get a new computer, that's the time I'll give it another try.

Platte and that billing software

2008-07-06T08:59:00.054+01:00

Background:

A few weeks ago I had a phone call from a friend who said that she had a virus on her computer, and would I go round and see if I could do anything. When I got there she said that she had been plagued with pop-up bills from a company she knew nothing about, and though they had now stopped, she was still getting a small pop-up in the right-hand corner giving her a number to phone to remove the software. She had even phoned the number, but since she was not able to give an account number, the gentleman she spoke to simply told her that he couldn’t help. The software concerned came from a company called Platte Media (I had never heard of it up to then) and I took her comment that it was some sort of virus at face value. Sure enough as soon as I booted up and logged in the pop-up appeared, as did a Platte icon on the screen.

It didn’t appear difficult to remove once I had identified the source executable; I ran Sysinternals Process Explorer, and managed to identify the two files at the root of the problem. Sure enough, removing those, and the other files that had installed at the same time rid her computer of the pop-ups. “How does this sort of stuff get on my computer in the first place?” she asked. I asked her if anyone had been looking at porn or maybe gambling online, as I know that those sites are the sort where you are most likely to acquire a trojan. She said yes, that she’d had a visitor some time ago who she knew had taken the opportunity to look at some stuff (pretty distasteful too). So I gave her a stern lecture on computer security.

Well, that seemed to be that, but a few days later I thought I’d look up Platte Media on the web. Initially I started with their own site, which led to the new GetFilmsNow service. And I looked at the MBS site, MBS being the original developers of the billing software (and a company who have subsequently been absorbed into Platte) – MBS made the astonishing claim that their software includes a ‘unique and non-removable identifier’. When I looked wider though, I found that the software was causing quite a bit of concern, to the point that the OFT had received such a volume of complaints that they got the company to change various aspects of their online billing system before they released a statement saying that they regarded the contract offered by Platte Media as a fair one, there was a balance to be struck and they didn’t want to stifle innovation... Elsewhere on the web, many people were complaining that the software had appeared on their computer unbeknown to them, and that they were sure it was a trojan.

The plan of action:

Since people were also saying that the sign-up process didn’t make the terms and conditions clear enough, I thought that it might be useful to sign up myself and then terminate my membership taking screenshots all through the process. I was also intrigued by that promise of a unique non-removable identifier since it’s so patently absurd - if something can be put on a computer it can be taken off again.

Signing up:

I set up a new user account on my computer in order to keep clear of all my other software and personal files. I wanted the normal punter experience, so I got in touch with Michael Pollitt, a technology journalist who was taking a particular interest in Platte and the MBS software, and asked him if he could point me to a porn site where I could sign up. I’m embarrassed to admit it, but when I visited the site he gave me, I couldn’t find any links whatever to the site concerned (getfilmsnow.com) so I had to go straight to their homepage. I’m obviously not used to navigating round that sort of site!

The process of signing up was not difficult, and I would have to say that the terms and conditions in the contract appeared very clear, I had no concerns whatever at that point. Signing up involved downloading a file and using that to install their software at the same time as signing up. The terms and conditions were repeated in full and I had to agree to them a second time. Windows gave me a warning that the software I was installing could put my computer at risk, and asked if I still wanted to install it; obviously I did.

What I got for my money:

I had a quick look at the installed files (9 of the ten that that had been on my friend’s machine, the Platte Icon was missing), and since they included an Active-X control, I found it almost impossible to see how the software could come as a trojan. I ran a rootkit scan (since rootkits are the best way to make software invisible) and while that was running I had a quick checkout of the site. The pictures on the getfilmsnow home page suggested that there would be a broad range of popular films. Inside though it was a different story, with nothing to even tempt me (certainly none of the films whose stills were up on that homepage). I did have a brief look inside the ‘Late Night’ section, and once again there could be no complaint – it was made very clear that it contained adult material, and I had to state that I was 18 or over, and provide my date of birth. I didn’t peruse too far inside, certainly not the sort of thing I’d want to watch. The rootkit scan came up clean, so I moved on to terminating my membership and getting the software off my computer again.

The dangers of installing such software:

There were two files that stood out as carrying considerable risk when installed on a computer. One is the pm_ax.ocx Active-X control, and the other is the jRegistryKey.dll. Without decompiling them it isn’t possible to determine the limit of their functionality, but potentially they allow direct access to the entire content of your computer; it then becomes a question of how much you trust the site you’ve downloaded them from. This is not specific to Platte at all; it is an ever present danger with software, particularly software downloaded over the internet.

Cancelling my subscription:

The arrangements for concluding membership are made very clear in the Platte ‘contract’:
17.4 To cancel Your Subscription and uninstall the Software You must either:
(a) Call 0800 051 6664 quoting Your Account number and request an uninstall.
(b) Click on the 'cancel Subscription' hyperlink and follow the uninstall instructions as provided in the cancel confirmation email which will be sent to you.

I elected to go for option (b) so I clicked on the ‘Cancel Subscription’ link and a further piece of software downloaded which I then ran. I requested the confirmation email (which they said was optional) and that arrived immediately. It contained no uninstall instructions, but I had presumed anyway that the software I had just run was itself the uninstall tool. So that seemed to be that, I was quite happy that it was made perfectly clear what customers signed up for. Here's the online cancellation confirmation (the email text is at the end of the post):

What came next:

The next morning I logged in to the same user account, because I wanted to transfer the screengrabs across to my normal user account. No problems at that point, but when I logged into my own account it was definitely not the same story. I got a pop-up in the bottom right-hand corner of my screen, telling me that I would need to phone 0800 051664 for a free uninstaller. That certainly was not what had been promised in the agreement, so I was not best pleased, particularly when I found that the same pop-up appeared in every user account on the computer bar the one that had installed the software in the first place. Here's the pop-up:

Now if someone was into watching porno stuff, and had taken discrete advantage of the free trial on a shared computer when the opportunity arose, he would have been pretty hacked off when the other users were alerted to the fact that he had done so even when he’d already cancelled the membership. I didn’t have much time to spare at that point, so I did a temporary roll-back to an earlier ghost image, and decided that as soon as I had the time I’d give it all a closer look and get it sorted. Plus I’d get Platte’s uninstall instructions sent by email if only because that was what they’d promised in our agreement.

When I finally got round to it, I rolled the computer forward again and was even more surprised. This time I got a pop-up bill, and this on a membership that had been terminated well before the end of the free trial. And surprise surprise, this pop-up bill appeared on every user account on the PC – three in the space of 10 minutes; I don’t know where that leaves Platte Media’s privacy policy (I checked back and the policy had nothing whatever to say of any relevance), let alone their promised restriction on the number of pop-up bills that are displayed. I suppose they think that restriction doesn't apply once you've cancelled your membership. Here's a pop-up bill in one account:

And another one, different user, 40 minutes later:

And each of the accounts had the Platte icon appear, which would always return on login even if it had been deleted. If a user were to click it to find out what it was and why it had appeared on their desktop, they find themselves invited to download further software; I declined that offer I'm afraid, but it wouldn't surprise me if Platte then claimed that money was owed, simply on the basis that their site had been visited again.

Now consider this scenario – the chap I referred to earlier wanting to give GetFilmsNow a discreet brief trial. He signs up, watches whatever porn movie is his particular cup of tea, and then cancels his membership online. He presumes that the software has been removed by the cancellation tool. But when the owner of the computer returns, they soon start getting plagued with the bills. Many people find those bills quite intimidating, and pay up to be rid of the problem – they’re not to know that the membership has already been cancelled and that nothing is owed anyway...

Looking closer at how it all works:

At this point I’m getting irritated, so I decide to take a closer look at the software and what was going on inside my computer. Clearly some change had taken place at the point I terminated my membership since the ‘for a free installer…’ pop-ups had started not long after (around 12 hours after I’d signed up, let alone cancelled my membership). But none of the installed files had been modified at all. Initially I assumed that Platte must have used the jRegistryKey file to change the keys in my registry while I was signing off, since I could think of no other easy explanation. In fact it was almost certainly a change to NTUSER files, both in the C:\Documents and settings\Local Service system folder, and in the account the subscriber used. That must be how the software distinguished between the user who had cancelled and the others.

The bills were different though, and it was clear that they were embedded somewhere, as I never subsequently reconnected to the internet while the Platte software was running. The program itself runs from a pair of executable files, pm_proc1.exe and pm_proc2.exe. These would start running on login, and were interlinked in a way that appeared to be primarily a mechanism for preventing their deletion. They were the only two processes that showed up on Sysinternals Process Explorer so I thought I’d run Process Monitor for a while and see if I could spot anything. Pm_proc1 was certainly very active, and one thing that did concern me was that it kept trying to access the Winlogon.exe file (this is the one that provides access across all the user accounts on the computer).

I was wrong:

I’m not often wrong (not that I'd admit to, at least), but on this occasion I quite definitely was. As far as the billing pop-ups went, I’d focussed on the registry files, taken a quick look through and although nothing immediately stood out, I knew that a complete check on two (maybe three) registry files would require considerable concentration and time. I’d got the registry files saved as text, so at that point I decided to pause and decide what I should look for first. But I couldn’t get over my nagging feeling that there was more to it than the registry, and the next time the bill popped up (and with the help of a little bit of lateral thinking) I cracked the puzzle.

The 9 files originally installed on my PC had now grown to 10 (the Platte Icon file had appeared as well). The Platte icon file showed as having been created at the same time as the first pop-up bill, and that was obviously the source of that persistent pesky icon on the desktop. But where was the billing software hidden? There were no image files anywhere that would make up the substance of the bill, and they weren’t originating directly from the pm_proc1 executable.

The solution:

Although the Platte software may well only be used for legitimate billing and is not of itself a trojan (I firmly believe that someone knowingly downloads it), it certainly contains a trojan in that it silently installs further uninvited software, not at the time of the original installation but three days later - this is when the bills first start appearing. That software is to all intents and purposes a rootkit , in that it is all hidden within the system and is clearly designed not to be detected. Where does it install? Directly in the C Drive. It creates a hidden system folder whose name is probably the ‘unique identifier’, a ten digit number – mine was 1550355105. Inside that folder are a further folder and two files; one of those (on my PC it's BeXiAYjmmRMMIXpc.htm - at the time this installs it creates that randomly generated sequence of letters) is a system file and is itself hidden. This is the file that provides the pop-up bills, and if it is deleted they stop even when the software is still running. If you delete the entire folder it just re-installs, but the file itself can be removed without it returning.

Once I had found that, I looked further, and found that a hidden system file had been created in the Windows\System32 folder at the time of the original installation (1550355105.sys). This is the file that provides the original ‘unique identifier’ ahead of the trojan making itself known. And from that original apparent install of 9 files, I found that my computer actually had 44!

Getting Platte’s uninstall tool:

I’d certainly not forgotten about the uninstall tool, now I was doubly curious to see how much of the software it left behind; I had a suspicion that it would be quite a bit. So I fired off an email asking for the uninstall instructions, only to get a reply saying that I should phone their freephone number. I emailed back, pointing out that I had been promised email instructions in the contract, and that was how I wanted to uninstall their software. That generated a further reply, which said that they needed to uninstall the software via an operator.

Out of curiosity I went to the nearest phonebox and called the 0800 number, but only to see what happened. I gave an account number (not my own), and the gentleman I spoke to confirmed that no money was due on it. Then he asked my postcode. You can’t have that, I said. How are we going to send you your uninstaller? he asked. I reminded him of the terms of the contract. 'I could talk you through it now then'. No, I said, I want to be emailed my instructions. He persisted a bit, but then told me that the instructions would be emailed out to me and that if they didn’t arrive I should call back later in the day. Did they arrive? Of course they didn’t.

So now I emailed back, saying pretty bluntly that I regarded Platte as being in breach of our contract, and that if the matter wasn’t settled within the next 48 hours I would presume that they were waiving their rights to the software installed on my computer. That produced a quick reply, and I finally got the instructions, and the link for the download tool.

The uninstall:

Straightforward, insofar as I downloaded the tool and ran it, inserted the code they gave me and it quickly told me that it had finished removing the software. Had it heck! It had taken 6 files out of the System32 folder, but all the rest remained. The pm_proc1 and pm_proc2 executables had gone as had the pm_ax.ocx Active-X control, but most worryingly that jRegistryKey.dll file was still on, leaving the computer completely vulnerable to unauthorised access. But the average PC owner would just think that it had indeed gone, and not worry any further given that the pop-ups had finally stopped.

So I sent another email, saying that their uninstaller had not cleared their software; I mentioned the jRegistryKey file, but didn’t let on that I knew about the hidden system files. I reminded them of the 48 hour deadline I had given them the day before. Then I had a reply from someone within software development, promising a new build of the installer that would deal with the problem and that it would be available the next day. I smiled to myself at that thought; he’d need to be working pretty hard to rewrite the installer so that it removed all those files (and hidden system files are a lot harder to remove than they are to install). He promised to let me know as soon as it was available.

The next day the 48 hour deadline passed, and I was just in the process of writing a final email pointing that out and saying that they no longer had any rights to the software on my computer when their email appeared in my inbox. Sure enough, the uninstaller was now available, and he gave me the link. But when I ran it, no further files got removed at all. I downloaded it again and ran it one more time but no change. I was surprised that he hadn’t at least set it to remove the visible files, but rather less surprised when I compared it with the uninstaller from the day before as they appeared identical. (Ed. There is a new uninstaller, follow link to later post further down) It is plain that Platte don’t possess an uninstaller for this software, only one that takes off a very few files (6 removed, 38 left behind). That's 86% still present. So another email, saying little more than 'that’s it.'

Conclusions:

My verdict on the Platte software is that it is dangerous; even after it has been ‘uninstalled’ it leaves your computer absolutely vulnerable to attack. If you’ve had the Platte software on your computer and used their uninstall, you should have your PC checked to see what you’ve had left behind. It’s best to get a professional do this, since removal involves exposing the system files and that carries a certain degree of risk for the novice. The fact that your 5 year old child knows how to install software better than you do absolutely does not qualify him for the task, in fact quite the opposite. If you are uncertain about how the software got on your computer in the first place you should ask for the browser logs to be recovered at the same time, then you will at least be able to find the route taken to the site, and the user account that it was taken from. You may well wish to bill Platte for the removal costs while you’re about it, it’ll do them no harm to be on the receiving end for once.

The contract they offer is clearly unfair and they simply do not meet its terms. I had far more pop-ups than they promised, the bills took no account whatever of the cancellation of my membership, and they do not possess an uninstall tool. They fail to point out that your privacy will not be respected on a multi-user computer, nor that the software that they leave behind on your machine leaves you vulnerable to attack. They don’t provide the email route to uninstalling the software that they promise (not unless you persist anyway), and they try to get you to provide your address even where they have said that they won’t need it.

The other problem with their contract is self-evident. They have no means whatever of knowing whether the person signing up is the owner of the computer or not, nor their age. It might surprise them to learn that people sometimes lie, particularly where something as compulsive as access to porn is concerned.

I’ve been in touch with the OFT already about this; I hope that they will soon come to the conclusion that it is very much in the public’s best interest that they decide to ‘stifle innovation in the online marketplace’ in this particular instance. And I let Mark Russinovich know since the installation of hidden system files could fall outside the terms of Microsoft’s third-party software developer license. Maybe the lawyers from Microsoft will be knocking on Platte International Ltd’s door before too long.

I’m going to return to this subject in further posts. I’ll take a detailed look at all the installed files, (I've posted a complete list) and attempt to identify all the registry keys that get written or modified (I’m about half way through that one). This will assist those who wish to confirm that their computer is entirely free of ‘Platte’ following uninstall. I won’t though be decompiling the software since that would breach Platte's intellectual property rights, nor providing detailed instructions for its removal - this is not from any fear of a solicitor's letter, just the feeling that the job's better left to a professional. I also want to address the issue of computer security, particularly for parents who find that their children have downloaded this software unbeknown to them.

I should say again that I do not believe that this program is accidentally acquired; someone has to have used the computer concerned to make the download. This can easily be confirmed by accessing the browser history log. If a computer owner has agreed to Platte's terms and conditions, they should abide by them, at least until Platte fail to honour their side of the agreement.

I hope someone from Platte Media reads this post and comments. If they address the serious concerns I've expressed here I will copy it into a separate post, so that it is more prominent.

(Ed. Since putting up this post, it has become clear that there is a further uninstaller available; it removes one more file. I've covered it in a new post)

(Ed. 15th July. There is now a third uninstaller available, considerably more effective, see this post for details)

A man of letters:

That should probably I fear be a woman of letters, as I elected relative anonymity when I dealt with Platte (but anonymous now no longer), using the name Carol. So by way of an appendix, here are Carol’s email exchanges with Karen Lacaba (customer services), Samantha White (also customer services), Vicky McKenzie (role within Platte empire unknown), Gareth Bridger (software development), and the anonymous server that sent me the initial cancellation of membership confirmation.

Anonymous Server:
Thank you for your cancellation request for Get Films Now
Our records show that your account was registered at 18:32 on 15/06/2008 and we confirm that you have cancelled within your three day free trial period.
Further to your cancellation you will not be able to access the site following 01/01/1970 at 06:32.
Should you have any queries regarding this email or your subscription please call our customer services team on 0845 017 8386
Please retain this email for your records.

Carol:
Since ending my trial membership with you, my computer has been plagued with pop-ups telling me that I need to contact you in order to remove the software. Why is this? I thought it had already gone. Not only that, but every user on the computer gets these, and the Platte Media icon keeps appearing too. No-one can get rid of these.
I need you to tell me how to remove the software. Please can you tell me. My reference number when I ended my membership was 043-36-301-9
I'd also like an explanation as to why I've experienced these problems, as it's quite different from what was promised in your terms and conditions. And it's quite embarrassing, since all the other computer users know I signed up with you now. So what about my privacy?
Awaiting your explanation

Karen:
Thank you for you recent enquiry.
If you would like to uninstall the software from your computer, please call our uninstall line free on 0800 051 6664. Our office is open Monday to Friday 08:00 until 20:00 and Saturday to Sunday 11:00 until 17:00.

Carol:
This is no good. The agreement on the getfilmsnow website clearly says that if you terminate your membership online you should follow the instructions to remove your software in the email you are sent. Neither the original email you sent me (at the time I closed my account) nor the one you sent me yesterday contain those instructions.
I do not want to deal with this by phone. I wish to do so with written instructions. You have my reference number. Please send them to me by return, with an indication of when I may expect a more detailed response to my complaints.

Samantha:
We need to uninstall the software via an operator. If you would prefer for us to give you call to uninstall, please provide us with your contact number.

Carol:
This is not acceptable; since it is totally at odds with paragraph 17.4 of the terms and conditions that constituted our legal agreement. As you will be aware, that states:
To cancel Your Subscription and uninstall the Software You must either:
(a) Call 0800 051 6664 quoting Your Account number and request an uninstall.
(b) Click on the 'cancel Subscription' hyperlink and follow the uninstall instructions as provided in the cancel confirmation email which will be sent to you.
I chose option (b), using the hyperlink. From that hyperlink, I downloaded and ran software supplied by you which I presumed had already done the uninstall, since I requested and received a cancel confirmation email that did not contain any further uninstall instructions.
At this point you have not met your obligations under that agreement. I wish to be sent written instructions for the uninstall, as I am not prepared to do it via an operator. If I do not receive them within the next 48 hours, I shall presume that you are defaulting on the agreement, and that you are waiving any rights you possess as a consequence of that agreement.
You still have not even extended me the basic courtesy of an explanation for your failure to fulfil your responsibilities under that agreement, or indicated when you feel you might be able to offer one.

Vicky:
We apologise for the delay in your uninstall code and inconvenience caused.
Thank you for your recent request to uninstall your Platte software. An uninstall code has been created for you. Please follow the instructions below:
Go to www.plattehelp.com
Platte Utility download
Run the file
Enter the four digit code
Follow onscreen instructions
Click the link Click here if you have received an update letter
Enter the following codes into the boxes provided
KEY: LS126LT-01
CODE: 3D052820-F44958FE-64E597FE-788AEAFE
Please note that this uninstall code is specific to your PC and can not be used on any other computer.

Carol:
Thank you for this. Unfortunately there is a serious problem; the downloadable uninstaller does not remove the program. It removes some but not all of the files - one of those remaining is a dangerous one that enables rewriting of the registry using javascript. Nor does it restore the registry.
There are other aspects of your software that give serious cause for concern, but I won't address those now.
Please provide me with an uninstaller that fully removes the software. Until you do so, you remain in breach of our agreement. As I said yesterday, unless you are able to provide me with a fully functioning uninstaller by 12.35 tomorrow I will take it that you have waived all rights that you might possess as a result of our agreement.
An indication of when you intend to respond to my complaints would also be appreciated.

Gareth:
Thank you for taking the time to bring this problem to our attention. The uninstaller appears to have encountered an error while removing the software from your system. We apologise for any inconvenience this may have caused. This issue will be addressed in the new build of the uninstaller due to be released tomorrow.
Please rest assured that your system is not at risk from the incomplete removal of the software. The registry bridge is only usable by trusted Java applications and not Javascript which is something completely different. It will have only been used by our software to read the license allowing your computer access to the subscribed websites on alternative web browsers. Java would also have required your explicit permission in order to do this for the first time. This is a security feature enforced by the Java virtual machine and not our software.
We will provide you with the updated uninstaller as soon as it becomes available tomorrow. In the meantime please do not hesitate to contact us with any further concerns regarding our software.

Gareth:
We are pleased to inform you that the updated uninstaller is now available from: http://download.plattemedia.com/updates/setup.exe
This can be used with the previously supplied uninstall keys and will remove the Java registry bridge. For clean removal please ensure that the uninstaller is run from an account with Administrative privileges and that it is not being blocked by security software on your system.
Please note the license stored in your registry will prevent the software our being reinstalled. This does affect the running of your machine but can be removed at your own discretion. Please do not hesitate to contact us if we can be of further assistance

Carol:
I am sorry to have to tell you, since I suspect that you've been quite busy, that your new uninstaller is no more effective than the first.
I have downloaded the new uninstaller twice, and run it three times (and rebooted following each uninstall), but to no more effect. The previous files still remain, although I have not yet checked whether there are any further alterations to the registry.
In these circumstances, I consider that Platte Media have failed to keep to their side of our contract, and that in doing so they have now waived their rights to the software installed on my computer. I will therefore make my own arrangements regarding its removal.
I would still be interested to learn why your software generates pop-up bills across all user accounts on the computer even after membership has been terminated online using your downloadable tool. Aside from the annoyance (and considerably more than two pop-up bills a day), there is a very serious question of privacy that needs to be addressed.

Gareth::
We are sorry to hear you are still experiencing unusual problems uninstalling the software. The uninstallers have undergone extensive testing and found to be working in all situations. Indeed this is the first report we have received of problems on a XP based system.
Unfortunately without detailed knowledge of your system it is difficult for us to establish exactly what is happening. We can only conclude that 3rd party software (such as a security package) is preventing the uninstaller from working properly on your system.
We are unable to comment on the inner workings of our software except to confirm that popups are limited to 20 in total with a maximum of 1 pop-up per day. We do however take all complaints seriously and welcome any details you are able to provide us with that would allow us to investigate further.

Carol:
If you've not had previous complaints, it can only be because people don't realise (or don't know where to look). It doesn't surprise me that your uninstaller doesn't work; some of the components of your software are an awful lot easier to put on a PC than they are to get off again. Certainly you'd have been very hard-pressed indeed to re-write your uninstall software in 24 hours to enable a full uninstall, even if you'd stayed up all night.
I'm sure the files I found on my computer will be on the others that have used your uninstaller; no doubt people will start looking pretty soon, and I wouldn't imagine that they'll be too happy.
Two of the files that your software installs appear to be in breach of Microsoft's licence for software developers. I can't be sure though, so I have merely drawn the matter to their attention. No doubt if they have any concerns they will contact you directly in due course.

Go to my next post on Platte Media

AVG anti-virus

2008-05-05T23:08:00.003+01:00

If you've read earlier posts, you'll know that I've been using the AVG free anti-virus software (7.5) for some time now, and it has been excellent. The last couple of weeks though, I've been getting a message pop up each day when it updates, suggesting I upgrade to the new paid for 8.0 software. It's been getting slightly irritating, but (although it didn't say so) AVG's new software is available in a free version too. AVG 8.0 is a noticeable improvement on 7.5, not least because it has spyware detection built in as well. It also offers better updating options; you can set it to update when you turn the computer on, and to dial in before doing so. There's also a link scanner which works well, although it's not the most aesthetic addition to Google, who flag up their own warnings anyway.

If there's a downside, it's that processor use is up somewhat (noticeable on an elderly PC like my own) not least because it does far deeper scans of executable files before you even attempt to open them. This last may of course be a good thing but in the short term it's a pain; I tend to save my downloaded executables in case I need them again, and it's working it's way through them all.

But already I'm very impressed, to the point that I'm going to try the paid up version. Although they do a free trial I've decided to buy from the off, not least because you can still buy 7.5 and they upgrade free to 8.0. I've gone for a 3 machine 2 year licence Internet Security option off Amazon for £42; if I split that with a friend that won't seem so expensive. I feel slightly disloyal abandoning (at least for the next two years) the free version since its very good, I recommend it to friends, and I know that it's all I really need.

There's another advantage to me of getting it as 7.5. If I find my processor overstretched, I can always revert to 7.5. I'll let you know how it goes.

Dodgy Dealer

2008-04-04T11:04:00.003+01:00

U3 - the software loaded USB sticks that enable you to take your desktop (and all your files, even some of your programs) with you and run them on any PC is terrific as far as I'm concerned. I've got the Sandisk Titanium 4GB hardware, but even allowing for the heavy compression U3 uses, it is not possible to get everything on it. So I was delighted to see that there was an 8GB version coming out.

I found it showing as being in stock on a UK site called MyMemory, at a sensible price, so I went ahead and ordered, paying with my debit card. But nothing arrived, although thankfully my card wasn't charged. All very straightforward. But then I decided that I'd email them and cancel the order, as I didn't want it left hanging indefinitely. And the email bounced straight back to me, which started to ring alarm bells.

To underline my concerns, I also started receiving a lot of spam in what had always been a spam-free inbox, sent to me by name, inviting me to buy electrical goods on a couple of Asian websites. So there are only two possibilities: that the MyMemory site is not legitimate at all, or that their server is insecure and has been hacked.

I've cancelled my card; a pain but no more. And I've written to them to establish whether or not they're genuine. But I won't be using them again under any circumstances. So be warned; I'm posting this here to flag up a warning on this site.

Difficulty downloading a blog

2008-03-18T10:28:00.018Z

I have no internet connection at home at the moment (one of the perils of relying on a free wi-fi service) so I'm having to access the internet in the local library. And this is causing one or two problems. The first is the pressure to work within the constraints of an hour's computer access at any one time; I'm using that as an excuse for the mean-spirited nature of my first edit for this post, which I've now rewritten in it's entirety.

There’s a very enjoyable blog I like to visit regularly; however this is taking anything up to a quarter of an hour for the home page to download. The blog currently displays the last 50 posts which include a lot of photographs, so this is not surprising.

So I left a comment, asking if the number of posts displayed on the home page could be reduced. The blog owner very reasonably responded by saying that she had no problem on her computer, and liked to keep a large number of posts showing as she wanted to give first time visitors a full sense of the range of her blog. She then asked if anyone else was experiencing the same problem. Two of her regular visitors quickly responded, saying that they had very quick downloads with no problem whatever, and one suggested that I was unreasonably expecting downloads 'at the drop of a hat', which is not what I am expecting at all.

They fail, of course, to appreciate how browsers and html actually work. So let me explain. When anyone visits a webpage, their computer stores that webpage in it’s ‘internet cache’. This means that when they return to the page they only download the elements of the page that have changed since their last visit. First time visitors though have to download the entire page and on this particular blog that is very large at 6.2 MB. And because I work on a public terminal, the internet cache is cleared every time I log out. If I visit that same page more than once in any single session, I experience the same quick download (around 2 seconds) as the other regular visitors.

There is also the issue of html. Blog owners who upload pictures are placing them on file sharing sites where each individual image is given it’s own webpage. When you view a blog the images themselves do not download as part of the page; rather the html script that downloads provides links to each of the webpages where the images are stored and they each download separately. I would estimate that there are around 200 - 250 images displayed on the homepage of the blog in question (it’s too large to count) and this means that my browser is attempting to make a large number of simultaneous downloads, way beyond the processing abilities of all but the most powerful computers. This causes the computer to slow, and extends the download time far further. And I know that a surprising majority of internet users are still using quite elderly computers; the stats for my own blogs show that around 5% of my visitors are using IE5 as their browser, which means that their PCs are more than 12 years old.

There is a further complication in that blog owners tend to upload photos in considerably higher resolution than they are displayed on the blog. This means that the images require scaling down, and a further delay in downloading, when the page is being opened.

Unfortunately, a large homepage does not enhance the experience of the first time visitor. The download time is such that they are not even likely to complete it, let alone read the blog. And if they do actually sit it out they are entitled to feel aggrieved that the blog owner has presumed that they wish to make such a large download to view a blog that they may or may not enjoy. People on broadband contracts that restrict their monthly download can easily find themselves pushed into penalty charges if they visit too many pages of such size.

My advice to blog owners is simple – the more images you display on your posts, the more you need to limit the number of posts displayed at any one time. After all, that is the reason blogger set their default display at 10 posts.

Kerry's LimeWire Tunes

2008-01-16T23:27:00.001Z

I updated my iTunes a couple of days ago. Today I got something of a surprise, as it switched from the podcast that was downloading to a shared folder called Kerry's LimeWire Tunes. And scrolling down the list of tunes displayed, I found as soon as I got beyond the initial visible titles that there was a substantial collection of porno videos. Each to their own and all that, but I certainly hadn't invited this list to put in an appearance on my PC.

It wasn't difficult to work out how to stop it coming back (Edit / Preferences / Sharing - untick the box 'Look for Shared Libraries'). But what really gets my goat is that Apple resets my preferences when I install their update without so much as a by-your-leave. That Steve Jobs likes to think he's a clever bloke; overpriced mobiles that won't even work with G3, and now a laptop that's about the thickness of a cigarette paper, very handy if you never want to put a CD or DVD into it no doubt, but can't he get the iTunes updates to install without fiddling with my existing settings? You'd think he'd be up to it, wouldn't you? Fat chance....

I'm being a bit unfair actually. This latest iTunes finally lets individual users on PCs change their download formats regardless of whether they're Administrators or not. It's taken them five years or more but they've cracked it at last. Nice one, Steve...

HP Share-to-Web

2007-12-24T00:01:00.002Z

For a long time now I've had a Hewlett-Packard 4670 Scanjet scanner. The flat see-through one that can be separated into two halves, and works vertically on a stand. A really intelligent piece of design that you either love or loathe. And most of those who loathe it do so because of the software, rather than the scanner itself.

HP have something of a reputation for their software, and it's not a good one, unfortunately. A lot of the problems focus on an add-on to their software called Share-to-Web. If only HP had made the installation optional, but they don't (or certainly didn't); if you want the scanning software you have to have it at the same time. STW doesn't show up at all on the Add/Remove Programs list, so you can't take it off there either. And it has worsening compatibility issues with Windows XP post SP2; Microsoft have themselves confirmed the problems although HP seem to be in some sort of denial.

I rid myself of the irritant Share-to-Web icon as soon as I installed the software (by right-clicking the icon, properties, and selecting 'do not show') but when a friend asked me to do the same for her recently I couldn't. Right-clicking the icon (which isn't a shortcut incidentally, it's the actual folder that sits on the desktop) simply produced the endless hourglass and an all-but-locked-up computer. Googling the problem showed that there were lots of fellow sufferers, but not quite as many with solutions. So here's how I managed to be rid of it once and for all:

1. Logged in as an administrator, run 'msconfig' via the start menu. This opens the System Configuration Utility. On the Startup tab, untick the box for 'hpgs2wnd' and click OK. Now restart the PC, and when you get a warning come up saying that the system configuration has been altered, tick the box that stops it telling you again.

2. Open the Share-to-Web folder in C:\Program Files\Hewlett-Packard\. Delete a file called hpgs2wnd.exe. Now click on the STW icon; The HP software starts repeatedly unsuccessfully trying to install.

3. Restart your PC again. Now the STW icon has gone, and you can delete the whole Share-to-Web folder. STW has gone, and the scanning software still works perfectly.

4. One thing left to do. There's the Share-to-Web Upload folder which is in the owner's 'Send To' folder (find it through C:\Documents and Settings\Name of owner. Send to is a hidden file, so you'll need to make sure that viewing them is enabled. The STW Upload folder can just be deleted.

5. It's not essential, but if you've got a registry cleaner it's worth running that.

I'm pleased to have finally uprooted this particular piece of software, and when I get back to my own PC I'm going to go through the same procedure and take it off for good. Hewlett-Packard are by no means alone in forcing you to have unnecessary software when you install something that you do need and it's a real pain. As for the 4670, it's been out of production for some time now, and HP have no plans to provide full support with Vista. That doesn't bother me, I've no plans to get Vista either. Despite the software issues, I'd still recommend it for anyone who's staying with XP.

That video at last...

2007-11-05T13:31:00.000Z

Well, it's been installed, it works, and this far I'm very pleased with it. Those who've never really had the confidence to put one of these in will probably be interested to know how (relatively) easy it was to fit. In fact it would have been installed and running in less than 15 minutes if it were not for a couple of annoying problems (they sound far worse than they really were, so you absolutely shouldn't let them put you off going down this route). These top two pictures show it installed exactly as the printer would be when I'm printing.

I bought my system from City Ink Express. The R285 wasn't listed on their site when I ordered (although it is now) so I ordered the R265 version, which is presumably the same and cost £38.99 (+ £4.95 postage). They sent it very promptly, first class recorded delivery. It is packaged as the 'Colorfly' brand, although branding is often all but meaningless on these generic Chinese products. The first surprise was the instruction book, which was pretty comprehensive, straightforward, and well illustrated. And the English wasn't too bad either.

The only difficult part of the installation was removing the clip that secures the ink carriage cover, and I've managed to get it out twice without any damage now. It does require a reasonable amount of (careful) pressure, prising the clip towards the front of the printer before it can be lifted clear.Getting the cartridges and tubing installed was simplicity itself, with the amount of tubing that you need to leave looped for the carriage to have full travel pretty easy to judge (the tubing clips seemed to have been well positioned for sticking in from the off). The clips secure with sticky pads, one inside the printer, the other outside (these photos show exactly how it fitted). Check the carriage travel, then power the printer up and you're away. Hopefully.

Well, I wasn't, unfortunately; the printer refused to recognise one of the cartridges. So I removed the system, refitted the original Epsons which worked fine, and carefully cleaned the contacts on the chip of the problematic cartridge. But when I refitted the system, no improvement, so I rang Shane at Ink City who was really helpful. He said that the cartridge concerned must have a faulty chip, and that he would get another one out in the post for me straight away. But now the real problem; when I tried to remove the system again the ink carriage wouldn't position properly for me to get the cartridges out. With hindsight, I should have unscrewed the printer casing, but I thought I could manoeuvre them out. But by then the printer had had enough, the carriage wouldn't position correctly at all and it didn't want to recognise any of the Epson cartridges either. Presumably there was some sort of circuit failure in the printer, and my first thought was that it was connected with the CISS problem, although now I'm inclined to think that it was entirely co-incidental. So the printer had to go back and I had to wait, not only for the arrival of the new cartridge but the replacement printer. Shane did reassure me that if I had any problem over the warranty for the printer then Ink City would sort it for me.

Once the new printer arrived a couple of days later and I got the replacement cartridge, I had the system re-installed in a matter of minutes. And when I powered up, full recognition of the cartridges, so I was ready to go. After a couple of prints I knew it all worked well. And the print quality is really excellent (see my last post for more on that).

There are still one or two little bits to finalise. In particular the blue tubing clip which shows up on the top of the cartridges. The R285 has absolutely minimal headroom, and the clip tends to knock against the roof of the printer each time the carriage gets to the left side. This is inherent in the tube positioning used here which operates with the tubing twisted by 90 degrees between the carriage and the clip inside the front of the printer. But with space so tight, it is difficult to see any alternative. It doesn't effect the printing in any way, but the click-click-click gets annoying after a while. In the video I put a strip of tape over it, which solved the problem very effectively, but is not the greatest aesthetic solution. I've now put a small double-sided sticker under the clip, and hope that holds; we'll see. And I'm not entirely sure about the five remaining original cartridges and their chips; a couple of times now all five suddenly showed up as empty when the printer was turned on, although a cartridge change cycle restored them to action. My first thought was that the chips weren't latest spec, but I've had one out to check and it definitely is. So my instinct at this point is that whatever electrical event it was that caused the failure in my first printer has in some way affected them.

Chip compatibility is an issue with the latest generation Epson printers; Epson have taken to changing the cartridge chip coding from time to time in order to stay one step ahead of the suppliers of compatible products. This is tiresome in an extreme, and means it's best to play safe and keep away from software updates for the printer once everything is working.

I've just had Shane get back in touch, and he is confident that turning off the Epson Status Monitor on my PC will solve the problem with the chips, so I've done that and hopefully it'll all be sorted. I'll let you know how it goes.

The only other thing to mention is that the bag of small accessories inside the Colorfly box was split, and several minor bits and pieces were missing. Since all the six balance valves for the ink reservoirs were there it was no great problem, although in truth I could have done with the spare pads shown on the parts list because after removing my system twice the originals weren't as sticky as they had been first time round. And I was surprised that they only supply a single syringe; I know that quite a few manufacturers provide one per colour, and that seems to make more sense.

You'll probably think that it all sounds like too much bother, but in truth it just comes over as being far worse than it actually was. I'm sure that it was simply bad luck that I had the chip problems; there's just no way you can eliminate encountering that sort of occasional manufacturing fault. Nevertheless, despite that very minor aggro, I am very pleased, and very happy with the support from Ink City; I'll certainly be recommending them, since you only really find out how helpful a business is when things go wrong, and they've definitely been both helpful and patient. And I'll definitely encourage friends to think about switching to a CISS too; I know that most CISS installations are absolutely painless, so doubt very much that they'd have the hassle I've experienced, and even with all that it's been more than worthwhile.

If I was going to give one bit of advice on fitting a CISS, it would just be to get straight back to your supplier if it doesn't work right from the off. Too much tinkering in hope just increases the chance of something going wrong.

So finally, here's that video of the printer in action. Waiting for a sunny day to film it put the kiss of death on the sunshine, so I've gone with this on a temporary basis. It shows an A4 colour print from start of printing to end, so if you're interested you'll be able to see how fast it prints (remember though that I use the 'photo' rather than 'best photo' setting). I've not given any commentary but don't worry; as soon as there's brighter weather I'll replace this with something better, and talk you through it too (an edit here to say I've now shot that second video and added it at the end of the post instead). When you start watching this one I'm afraid that you will need a little patience; trust me, I do lift the lid of the printer up after 20 seconds!

As a footnote: the photo I'm printing here shows my best friend Lorna Bratton on Gwithian beach one evening; the two of us had just spent a fairly damp day in St. Ives. Lorna's photographing a really spectacular dark cloudy sky that had developed over St Ives. I'm looking north towards Godrevy Island, the home of Virginia Woolf's iconic literary lighthouse.

No sooner had I posted a video complaining about the dull weather than we have a brighter day; isn't that always the way? I've posted this as a second video as it was a rather nice picture of Lorna printing in the first one, and because this one has turned out very much on the dark side. My camera simply doesn't offer a fast enough ASA, and fitting a mirror over the printer to reflect light in feels rather excessive somehow. But here it is anyway. Sticking that blue clip down on the cartridges has worked well. Ignore my comment about the printer moving; I should have just said that it shakes a little when it's flat out. The photo here is a view looking down to St. Ives earlier that same day; the weather was merely overcast at that point.

Sorry but I'm no Martin Scorsese....

Inks and Cartridges

2007-10-31T08:16:00.000Z

It's grey and overcast here right now, so I'm unlikely to be videoing my CISS in full flight today. But I can comment on the ink quality as against that of the Epson Claria inks supplied with the printer.

It's always a bit of a gamble using 'compatible' products, particularly with ink, where it's simply impossible to assess the permanence of the results. I have however been using compatibles for the last 10 years now, almost exclusively for photographic work, and at this point my earliest prints have lasted quite as well as those printed with OEM ink. One of the other problems with compatibles is shifting ink formulations; it's difficult to be certain that the ink you buy one month is going to be the same as the one you'll get the next. Not least this is because UK distributors can start to source from a different supplier, or simply because branding on these generic Chinese products is always a little on the vague side. But again, I can say that I've not experienced any problems whatever so far.

When I am printing photos, I tend to normally print on the same media, and to use the same printer settings, which at least produces consistent results. And I think that the media is a far bigger factor in determining the final quality of the print than the ink. I use Epson Premium Glossy paper, and get excellent results with it. I prefer to have my printer set for 'standard' rather than the Epson 'vivid' default. And if the ink dictated it, I would tweak the colour balance for the best result. I print at 'Photo' rather than 'Best Photo' quality; it uses a hell of a lot less ink for an absolutely minimal drop in quality.

So how does the 'Colorfly' ink that came in my CISS compare with the Epson Claria? Remarkably well, actually. I have done several identical A4 prints with both inks, and the compatible ink colours are far more accurate than the Epson. The Claria has a pronounced magenta bias, which is clearly visible in flesh tones and light areas, and probably not quite enough yellow, as greens lean slightly towards the turquoise. This could of course though be dialled out. The Claria colours are also excessively saturated although most people tend to favour this; I actually prefer a more natural appearance. If I wanted stronger saturation with the compatible ink I would simply revert to the 'vivid' setting on the printer. So I'm happy, and I suspect most other users would be too.

Digressing slightly, I have been looking at various reviews and seeing repeated comments about ink consumption and the perception that there's a benefit of having individual ink cartridges. But is there any benefit? I certainly thought so when I decided to buy an R300, but now I rather suspect that it is actually the reverse. Firstly it seems to me that the Epson chips calculate ink consumption on the basis that you are producing prints with an average colour balance, that is to say that they don't actually measure your ink usage. There's only one way to definitively test this hypothosis; start with a full set of cartridges and repeatedly run off plain yellow prints. Either the yellow cartridge will empty while the others remain full, or they will all 'empty' at the normal relative rates (maybe I'll try one day). So your individual cartridges could be showing as empty when they are in fact completely full. And secondly, ink consumption is heaviest when a cartridge is replaced, as the ink supply to the head re-primes. And this priming draws off ink not only from the new cartridge, but from the partially-used cartridges that are in situ as well. So replacing a set of six cartridges on six different occasions draws off six times the amount of ink.

Priming the print head is done by pumping ink through the head, and out into a waste pad at the back of the computer. People who fit an external waste ink trap are always surprised by the amount of ink discarded in this process; something approaching 5mls. As a guestimate I would say around 10% of the content of the cartridge. And now that I've done the maths, I would say that a combined colour cartridge probably represents significantly better value than a set of individuals, as well as being far less hassle in terms of cartridge changing. These printer manufacturers; never miss a trick, do they?

I found a curious Epson Printer Support blog (I've linked to their R285 review). Despite its unquestioning enthusiasm for all things Epson (most posts sound as if they come straight from Epson's promotional literature) it surely can't be an official site. But I was interested to see that they identified the same magenta tinge in flesh tones with the Claria inks.

Bad Sector

2007-10-30T11:09:00.003Z

Several months ago, I found that Norton Ghost failed to do one of it's scheduled backups. It was certainly running, because another backup (for a different drive) had backed up perfectly later the same night. I tried running the backups again with the same result. Checking the log confirmed that there was an error on the drive I was unsuccessfully attempting to backup.

I ran 'CHKDSK', but it failed to repair the error. So I ran Acronis Disk Director, which showed a single bad sector on the drive concerned. Now that disk is the original 10-year old 13GB drive, which has clearly exceeded its anticipated lifespan. And Ghost does offer an 'ignore bad sectors during copying' option which would have worked round the problem. But I didn't really want to go down that route; I felt that if I didn't remedy the fault immediately it would soon become beyond satisfactory resolution.

The online doom-and-gloom merchants all seemed to say the same thing: once you get a bad sector you need to change your hard drive pronto, or you'll lose the lot. Not a great problem, I had a recent backup of the disk that was error-free, but I didn't want the hassle or the expense; I seem to have spent too much time over the years tinkering with the innards of my PC for one reason or another. So I wiped the disk (using Disk Director from the boot - it was my C drive that was giving the problem), and then reformatted. Disk Director now showed the disk as error-free, and a restore from the Ghost image had everything back as it had been the week before. I only keep software on my C drive, so nothing lost from the seven days since that backup was made either. (Ed. See update below; wiping the unused portion of the drive is all that is required).

Well, that was 6 months ago, and the old Fujitsu hard drive is running as well as ever with no more problems at all. But this did encourage me to rethink the demands I place on the disk in terms of sheer usage. I haven't run the disk defragmenter since, I don't do full scans for viruses so regularly (just once a week now), and I generally try to be more selective in controlling background applications. I no longer leave Skype logged on as routine.

Do people really need to defragment their drives as often as many do? I doubt it somehow. Hardened games players may benefit from the increased speed but I doubt if the normal user notices any difference. And most people who defrag are doing so in the hope that it will solve other problems, such as the one that Microsoft Updates inflicts.

Changing the subject, the CISS is in my printer and working well. As soon as there's enough natural light to video it in action, I'll post in detail about the installation.

UPDATE: Since posting the above I have had two further bad sectors show up, on two different partitions across two further hard-drives. In each case, I have found that wiping the 'unused' section of the partition concerned cured the problem without any file removal whatever; clearly the problem lies (in my case at least) with the way the disks are storing the fragments of deleted files. For those that lack a disk wiping utility, I recommend Eraser by Heidi (a free download). It's probably the benchmark for such software. I'm using the 5.8.6 Beta with no problems whatever; I had to try several mirrors before I was able to get one that would actually give me the proper download (most but not all of those listed are free sites, so you don't need to pay).

Chain Mail, Phishing....

2007-10-27T09:54:00.000+01:00

A brief note to explain why I don't like chain mail. People who send you chain mail share your email with an indeterminate number of people you don't know. And sooner or later your email passes into the public domain, and you find yourself bombarded with spam. And while most spam filters these days are pretty good at blocking it, you still have to check your 'junk' box to make sure nothing legitimate has got misdirected. In short, it's a pain.

So, for some time now, I've not passed it on, and sent polite 'No, thanks' notes to people who send it to me. But sooner or later someone else sends me one. So I'm putting a signature on my mail now telling people I don't welcome it. "I don't share my email with people I don't know. If you send me chain mail you're sharing it for me". I hope it doesn't sound rude....

As I've said before, everyone needs at least two email accounts. One should be used with friends and people you trust to respect your privacy; the other for everything else. My 'public' email gets loads of spam, but my private one hasn't had any this far (there, I've tempted fate, haven't I?).

The Velez-Diaz saga needs rounding off too. Their site reappeared, and this time a 'whois' actually gave the name, address, telephone, and email for Joanna Velez-Diaz, who was most surprised to hear from me. But it does seem that the site is legitimate, and the phishing pages were hacked into the site.

Finally, a mystery. Well a mystery to me that is; most computing bods will know exactly. I've seen phishes recently that have concealed code at the bottom (using white text on white background). It all looks rather like the stuff that comes up when you get the infamous BSOD, and no doubt has some malign intent, should you be foolish enough to open the email in say, Outlook, rather than using a web-based mail. But if you're passing by and know exactly what it does, please post a comment; I'd love to know. This, for example, was hidden at the end of a recent 'Royal Bank of Scotland' phish :
0x4228, 0x72761993, 0x40 start, tmp, update, NGL, XWBR 0x93889253, 0x26883050, 0x093, 0x4, 0x836, 0x267, 0x5, 0x79, 0x62 0x907, 0x0, 0x98175715, 0x96744278, 0x694, 0x7766 S5E: 0x059, 0x811, 0x42019273, 0x02119710, 0x6959, 0x4, 0x096, 0x86479479, 0x6544, 0x78, 0x75844392, 0x00, 0x447, 0x88, 0x921 0x342, 0x84, 0x00, 0x48622110, 0x70, 0x1208 source: 0x617, 0x33, 0x3560, 0x1, 0x211, 0x723, 0x2, 0x65, 0x49118100, 0x92, 0x84090947, 0x91769642, 0x12, 0x0100, 0x92263527 OBD: 0x536, 0x1214, 0x28 0x986, 0x9, 0x3

0x8396, 0x83, 0x36789709, 0x22, 0x3380, 0x4, 0x2, 0x74, 0x770, 0x087 DYX6: 0x3, 0x2, 0x11434130, 0x86353061, 0x0, 0x54717057 J5LB: 0x2, 0x78974884, 0x433, 0x91877241, 0x4, 0x81, 0x713, 0x836, 0x87301466, 0x6421, 0x34, 0x35, 0x8, 0x9569 dec stack TFRG Q8II serv cvs CWSM 04O HG1I. 0x7, 0x56, 0x1, 0x990, 0x6843, 0x14 OZ3: 0x4, 0x16, 0x71503439, 0x3589, 0x1310, 0x27862888, 0x967, 0x74, 0x5200, 0x4672, 0x9463 create, update, P2H. update: 0x319, 0x64587121, 0x9568, 0x67, 0x20503463, 0x1 0x262, 0x04, 0x024, 0x4, 0x4, 0x1009, 0x0, 0x5, 0x286, 0x51 0x3227, 0x36552697, 0x2, 0x2200, 0x580, 0x90240837, 0x96, 0x2097, 0x4077, 0x93474775, 0x069, 0x8, 0x7866

0x02, 0x7106, 0x39556455, 0x5, 0x07, 0x1509, 0x41, 0x7111, 0x651, 0x23524145, 0x467 dec: 0x466 0x37773781, 0x547 0x0, 0x3, 0x62, 0x7004, 0x72, 0x29844702, 0x27255691, 0x301, 0x2, 0x3, 0x1, 0x4604, 0x4077, 0x82034915 CSJ, stack, hex, Y46I, include0x40, 0x140, 0x56136335, 0x98, 0x483, 0x09, 0x72520667, 0x6806, 0x4169, 0x82858326, 0x55183934, 0x83269347 0x12, 0x14, 0x2, 0x71, 0x33, 0x99 0x75210624, 0x0, 0x36, 0x7, 0x1, 0x8, 0x9384, 0x37941281, 0x7, 0x9, 0x254, 0x426, 0x1 rev TLAS tmp interface J0GL UAV6 stack engine 0x814, 0x20668964, 0x000, 0x545, 0x5, 0x09, 0x34526887

Any ideas?

A New Printer

2007-10-23T09:05:00.000+01:00

My old inkjet printer (Epson R300) reached the end of the road recently, and I've had to do a bit of thinking about where I want to go with a replacement. It's used mainly for printing photos; I have an Apple Laserwriter and an old Canon BJC210 which cover very well for letters etc.

The choice is a straightforward one in that it's between Epson and Canon, both on grounds of print quality and running costs. Running costs? Yes, both horrendous if you stick with OEM ink cartridges, but very easy to find cheap alternatives that from my previous experience produce entirely acceptable results. But it's a difficult choice in that I really want to step up to a machine that prints larger than A4 (so probably A3+), but then economics come into play. If I'm going to spend considerably more on a printer, I want to know that it's of more substantial construction, and of greater life expectancy, than the cheap A4 machines.

I also want to fit a Continuous Ink Supply system. I do a lot of photographic printing, and constantly having to exchange the cartridges is a real pain, as well as wasting an absurd amount of ink. So in the end I decided to go with another cheapie, which will give me an opportunity to see how I get on with a CISS, and to stick with Epson for now simply on the basis of 'better the devil you know...'

So it's the Epson R285, a very reasonable £62, and it's just arrived. It's a relatively compact printer, far neater in appearance than the R300. It's a lot easier to get the top off too, if you're like me and like to have a good look at the innards. And the first real change I notice is that it no longer uses wiper pads at either end of the carriage track. The ones in the R300 (sponge at the left end, felt at the right) were a real pain; they didn't drain nearly quickly enough and would deposit ink on the lower side of the print head where it would drip on the paper if you did too large a print job at one go. Then there's the waste pad at the rear, far larger than the one in the R300 which implies a considerably longer service life. The tube for the waste ink is really easily accessible though a small clip-on hatch at the rear, which makes it very easy to connect your own ink trap. And the shorter CD/DVD printing tray looks like a definite improvement, as it no longer runs out through the rear of the printer.

I don't like the new-style front tray. It's fussily overcomplicated and invites damage by not closing with a single pivot. The refusal to print unless the lid is closed is pointless at best. And the manual on the CD is an absolute joke, with less info than the stuff on the (very clear) get-yourself-started sheet that you get.

Well, it's up and running, and the print quality is excellent. The CISS system has arrived, but I'm going to use the bulk of the supplied Epson cartridges first, before I connect that up. It'll give me an opportunity to realistically assess the quality of the ink that has come with the CISS; I can always top up with another brand if I don't like it.

Once I've fitted the CISS I'll post a few photos, so that the curious can see how exactly it goes in; I've avoided using one before because the early systems appeared very Heath Robinson, but the latest generation certainly seem very neat indeed.

Automatic Updates - End of the Story?

2007-10-20T11:57:00.000+01:00

Sorry, it's been some time since I posted last. In one sense that's because there didn't seem much left to say on the Automatic Update thing; I turned them off and my PC stopped freezing, period.

Acquaintances I've given the same advice to have all had the same 100% success. But the reason for all this remains difficult to understand. When I do a manual update, Microsoft search my computer for less than 10 minutes before offering me a full list of priority and other updates. And my PC doesn't freeze up while it's doing it. With Automatic Updates however the search takes far longer and the computer often freezes solid. So why? It doesn't happen with new computers, and it never used to happen to older ones either. Could Microsoft be subtly encouraging us to trade our old machines in?

I've also dealt with my antivirus software, which I had identified as a potential culprit but wasn't. I originally bought Norton Systemworks Premier 2005, and my subscription for the antivirus finally expired a couple of months ago. I briefly looked at renewing, but when I saw the fee they wanted, considerably more than I'd need to pay to buy their antivirus new from say Amazon, I baulked. And their UK fees are nearly twice those charged for US customers! So I've downloaded the free Antivirus software from Grisoft; it's had fantastic write-ups in the computing press and works well. No doubt everyone else has known about it for ages, but I didn't.

I suspect that Norton and McAfee make the bulk of their profits on the back of high subscription renewal fees, relying on subscriber inertia. And I also wonder if half those messages they pop up on your screen are primarily intended to encourage you to think how effective their product is. I must say though that a lot of the other software in my Systemworks 2005 package is really useful. I make regular use of Ghost, WinDoctor, CleanSweep, and WipeInfo. But they're all subscription-free, and the builds are old enough not to overstress an older PC like mine.

The Velez-Diaz family website

2007-06-13T22:52:00.000+01:00

Site Unavailable

This website is currently unavailable. If you are the administrator of this website, an e-mail has been sent to the address on file regarding this issue.

Well that's all that's left of their website right now.

Phishing again

2007-06-13T04:28:00.000+01:00

This is just to say that I've now found a further series of email addresses for Tucow Inc. Finally I've managed to send them a mail that hasn't bounced straight back!

It was hard to believe that their site was anything other than legitimate, given it's sheer size, willingness to give out address and 'phone details etc. so it will be interesting to see their response. We'll find out then how much corporate responsibility they accept for the websites they facilitate.

I've found another link to velezdiazfamily.com too; it has been offering DVD ripping software for videomach. It was (is?) in /gallery1/ again, and for the reasons I discussed yesterday I'm not able to access it.

I've had a phishing email!

2007-06-12T08:33:00.001+01:00

Since my last post, I've made considerable progress in dealing with the problems with Microsoft Updates. I'll fill you in on these in detail next time; for now I'll just say that I've decided that I am best keeping Automatic Updates turned off, and updating manually once a week.

I'm digressing because I had a phishing email last week; the first one I've received, and looking at how it worked was an interesting process.

I'm posting the email but beware; I would not recommend clicking on the 'Account Update' link unless you are confident that you have a sound firewall (better than the one built in to XP SP2), and I would also suggest disabling cookies and javascript while you follow the link as well. There's no great risk but it's simply better to be safe than sorry. Here is the email:

IMPORTANT - Customer Service Message‎

From: Halifax plc (online@halifax.co.uk)

Sent: 04 June 2007 05:09:19

To: steve@hisemailaccount.co.uk

Dear Customer,

We believe that Invention of security measures is the best way to beat online fraud. Halifax bank PLC have employed some industrial leading models to start performing an extra security check with Your Online Banking Activities to ensure a safe and secure Online Banking.

You are requested to follow the provided steps and Update Your Online Banking details, for the safety of Your Accounts by clicking Account Update. However, Failure to do so may result to temporary account suspension.

Thanks for your co-operation.

Yours sincerely

Mike Regnier
Head of Savings

If you already have savings with another bank or building society, why not switch now and earn a great rate. This offer is available for a limited period only and could be withdrawn at any time – so hurry, apply now before it’s too late!

" border="0" height="20" width="90">


	We protect our online service with the latest security measures available. In the unlikely event you fall victim to online fraud, we guarantee you won’t lose any money from your account and we will always reimburse you in full.

" border="0" height="20" width="90">


	Please do not respond to any emails that appear to be from Halifax asking you to confirm your personal sign in details or linking you to a website that asks you to do so. Halifax would never send emails that ask for confidential or personal security information.

" border="0" height="20" width="90">


	If you would prefer not to receive further messages from us, please click the above link. You will receive one further email confirming your removal from our database.

(Sorry, the right-hand side of the email is cut off by blogger; it's all genuine Halifax stuff)

Note the apparent origin of the email.

What marks this immediately as a phish is the poor language in the body of the letter, capitals in the wrong place etc. And I'm not a customer of the Halifax! But it is easy to see how some people are fooled.

The link in the email actually takes you not to the Halifax, but to http://velezdiazfamily.com/Gallery1/albums/bin/ PageNamehhpayusafuserhgadssecuressl7r2vbd 7d888PageNamehhpayusafuserhgadssecuressl7r 2vbd7d888PageNamehhpayusafuserhgadssecur essl7r2vbd7d888PageNamehhpayusafuserhgad ssecures/PageNamehhpayusafuserhgadssecure ssl7r2vbd7d888PageNamehhpayusafuserhgads securessl7r2vbd7d888PageNamehhpayusafuse rhgadssecuressl7r2vbd7d888PageNamehh payusafuserhgadssecures/
I've split it up so you can see it all; don't you just love the hhpayusafuserhgad bit. Now there is a website velezdiazfamily.com, although it is not possible to navigate in through that site to the page that the link takes you to. The site contains little more than some family photos but I rather suspect that it is also fraudulent; it's way too bland, it was only registered this year, it doesn't provide any indication of location nor of the names of the parents; it has no contact facilities and the registration of the site (on Tucows Inc server) withholds client details.

The page I found when I followed the link from the email was apparently the Halifax online banking site, but the URL was still velezdiazfamily.com. I continued in, entering false details and passwords as it invited me to give answers to all the questions banks normally use for security purposes. At the end of the process my javascript blocker (I use the NoScript plug-in with Firefox) intervened and I was taken back to the opening page.

I now navigated out from the opening page (by removing the final section of the URL), and in the /bin/ I found what appeared to be hacking software. I wish that I had saved the page but didn't think to do so at the time; presented with a lot of boxes to tick inside the hacking software I mischievously did so, and then clicked on the delete button. This appears to have removed the phishing pages (and Alexander's photo gallery!) from the main Velez-Diaz site. I hope that it did, but it could of course have put a block on my IP address instead. I'll try looking again when I can access another computer, just to be sure.

When I went into the phishing pages, I noticed that my browser briefly attempted to link to www.halifax.com. The UK bank is actually halifax.co.uk. So I did a whois on halifax.com, only to find that this was also hosted by Tucows Inc, and once again client details were withheld. And a whois on tucows.com withheld their details. So I googled Tucows Inc. Tucows have a substantial, and in appearance at least, genuine site. Their contact page provides address and phone details: Tucows Inc. 96 Mowat Avenue, Toronto, ON, Canada M6K 3M1; Phone: 1-416-535-0123 Fax: 1-416-531-5584, and there's a second contact page here, one is tucows.com, the other is tucowsinc.com; both pages provide the same contact details. I have attempted to email Tucows to get them to to take action on this, but the email I sent them to the address provided bounced back marked "Client host rejected: user info@tucows.com does not exist".

Then I tried the Send Us an Email facility directly from their site; once again this refused to deliver. I'm not going to waste my money by phoning them; if their email details are phoney the phone number is not terribly likely to elicit any helpful response.

Now I don't really know if Tucows is a legitimate site; but I do know that they offer a lot of free downloads, some of which ironically enough concern internet security. I wouldn't touch any of their downloads with a bargepole right now, but hope that maybe they'll see this post, get in touch, and explain what's going on.

I don't know how the sender of the original phish obtained my email; but thankfully I have two emails, one of which I use for 'public' and one for 'personal'. Thankfully this came into my public box. If I were going to give advice on reducing the risk of such scams, I would suggest the following: Have a second email account that you use for any doubtful contact. Make sure that it's entirely web-based, and don't download anything from that account down to your PC under any circumstances. Use any web browser other than Internet Explorer which is simply hopelessly compromised. If you're using Firefox, install NoScript; it enables you to have real control over who is able to install software on your computer although it does take a little while to master using it. If you allow friends to send you chain emails (and it's best not to), make sure that they use your public rather than private email, as sooner or later, most likely sooner, it will make it's way out into the general public domain. My public email ends in .co.uk rather than .com ; I presume that is why I was seen as a possible Halifax customer.

Before clicking on any link where you might doubt it's authenticity, place the cursor over the link without clicking; your browser will display the http that you will be directed to. You could try this on the links in this post. Not able to see the URL? Then right-click and select 'Properties'.

How do you get the details of site registrations? Google 'whois' and you'll find a long list of sites where you simply enter xxxxx.com and it will tell you.

You'd have thought that Halifax would want to be contacted about this, even if they already know; but they don't even provide a contact link on their website. Perhaps not so surprising, if you look here!

I hope that this has been of interest; if there are any developments I'll keep you posted.

Next Steps

2007-05-23T09:24:00.000+01:00

I should have said in my last post that using Windows Task Manager showed the CPU usage to originate in a service host (svchost.exe). As it happens, I've actually substituted Sysinternals Process Explorer, happily a free download, which provides more sophisticated information than WTM. This showed that the host in question was the one that covered, among other processes, Automatic Updates. Sure enough, when I turned AU back on, the freezing started again. So at the moment it's back off again, I've left my antivirus off, and I'm pondering my next move.

The Sysinternals site has loads of other really useful downloads that are worth a look, mainly diagnostic tools. They all come as zip files; these extract to executables that run directly, so no installation is required; this spares the potential for registry foul-ups. I run an iconless desktop, so pin shortcuts for the utilities I run regularly to my Start menu. If you have a pretty black sense of humour, you might also be tempted by their 'Blue Screen' screensaver, which simulates a Windows crash with astonishing accuracy. Best to get it on someone else's computer rather than your own, I think!

Getting Started

2007-05-22T18:02:00.000+01:00

I thought that I'd start writing about what's going on with my PC. I'm no expert, but I do have a reasonable amount of basic knowledge, and do like to find the solution when I get a problem. Right now my problem is one that is fairly common, once maybe twice a day my computer slows, often freezes for anything between 30 and 90 minutes. Windows Task Manager shows CPU usage at 100%.

My PC is quite old; 450MHz Pentium3, 512MB RAM. I'm running XP Pro SP2. I have four hard drives installed, with my OS and software having their own drive. I also use Linux, but that's another story.

My internet connection is by wi-fi. We have a free public system here; the only downside is that each session is limited to an hour, although I can usually get back in straight away again. But it makes the freeze ups very annoying, particularly when I'm attempting a large download, or want to use Skype.

The freezing is clearly caused by one of the background applications. Others who have the same problem (and there are an awful lot out there!) seem to feel that it is either the antivirus software (I use Symantec) or possibly Windows Automatic Updates. For the past few weeks, I have been running with both turned off, and haven't had any further problems. I do have a good backup system, so am pretty confident that I could survive a virus. But if only for my own satisfaction, I am going to turn one on at a time, try and identify the culprit, and then the reason why this problem has suddenly occurred; I ran for a long time with both on and no problems whatever.

I'll post more when I'm a little further on with this.