Weblog of a “Switcher”

Electronic Arts released Spore's Creature Creator yesterday so that the many folks that are waiting and waiting for Spore to be released is released. Spore is scheduled to be released September 7th.

I'm quite pleased with the performance of Spore's Creature Creator on my Mac Pro. I'm using the low end graphics card that came with the Mac Pro, the NVIDIA GeForce 7300 GT. The frame rates are more than adequate to use the creator. Mind you, this isn't the actual game, but it's really great looking and quite fun to play around with.

I spent about 30 minutes creating a creature for the first time. It was quite easy and pretty darn cool to mess with. According to the program, over 170,000 creatures have been created since the program was released a week ago (?) to a limited group of people and then the public release yesterday.

I really can't wait for this game to come out. It's going to be stealing months and months of my life and I'll love every second.

If you haven't downloaded it and played with it, I really suggest heading over to EA's Spore website and pick up a copy of the Trial Edition.

Download and enjoy!

written by Dave M. \\ tags: Apple, EA, Game, Mac, Os X, osx, Windows

I usually don't discuss Windows security issues here at Weblog of a "Switcher", but this issue is pretty serious:

Hundreds of Thousands of Microsoft
Web Servers Hacked:

Hundreds of thousands of Web sites - including several at the United Nations and in the U.K. government -- have been hacked recently and seeded with code that tries to exploit security flaws in Microsoft Windows to install malicious software on visitors' machines.

...

According to Finnish anti-virus maker F-Secure, the number of hacked Web pages serving up malicious software from this attack may be closer to half a million.

...

These types of attacks that infiltrate legitimate, trusted Web sites are precisely the reason I so often recommend Firefox over Internet Explorer. There is a great add-on for Firefox called "noscript," which blocks these kinds of Javascript exploits from running automatically if a user happens to visit a hacked site. Currently, there is no such protection for IE users, and disallowing Javascript entirely isn't really an option on today's World Wide Web. True, you can fiddle with multiple settings in IE to add certain sites to your "Trusted Zone," but that option has never struck me as very practical or scalable.

This kind of thing is one of the main reasons I switched to Macintosh. Mind you, I don't run a web server on my home computers, but I do surf the web. If I were doing so on a Windows based system with Internet Explorer, I could be in severe risk due to the fact that a "Trusted" web site could have been hacked by this new vulnerability and I wouldn't know it.

Actually I'm a little baffled by the author's clam that running Firefox with the extension "noscript" will protect you:

These types of attacks that infiltrate legitimate, trusted Web sites are precisely the reason I so often recommend Firefox over Internet Explorer. There is a great add-on for Firefox called "noscript," which blocks these kinds of Javascript exploits from running automatically if a user happens to visit a hacked site.

He clearly states that this attack hits sites that "are trusted". Since it can get into a trusted site, "noscript" won't help the user at all since the user has stated that they "trust" the site in the first place. Doing so allows javascript to run for that site and allows the attack to occur.

Update (4/26/08 - 5:05pm): Thanks to commenter Giorgio Maone, I have a much better understanding of what NoScript does and retract the above statement. (I'm leaving the text in since I don't want to make it look like I'm trying to cover up my ignorance.)

It's quite clear from NoScript's website that they will not run javascripts that are not hosted by the "trusted" domain. They also help protect against XSS and CSRF attacks. This is something that a lot of web developers are talking about on the web and are very concerned about.

I have to say that with this new info, running Firefox with NoScript is pretty much a no brainer.

I still feel that if you are running OS X or Linux, you will probably be safe from most exploits except for possibly the XSS/CSRF exploits. However, if you only have one browser open and one webpage open when doing on-line banking and other web based services that need to be secure, odds are you will be safe then too.

My understanding of XSS and CSRF exploits are that they need another webpage open with a javascript or Flash program running that will monitor your activity on a secure site like a banking site and send that data to someone other than yourself. (Giorgio Maone, is that an accurate description?) So if you just have the one web page open, you should be pretty safe.

The only real protection from this attack is to be surfing with either OS X or a Linux distribution since the malware that it will attempt to download will not run on either of those OS's.

The first part of this attack goes after all versions of IIS web servers. I've never understood why someone would want to run a Windows web server to operate their website. IIS has a huge history of attacks where Linux running Apache has a pretty clean history. It's possible that IIS offers greater flexibility in what the web developer can do, but is that really worth the risks taken?

So if you are a Windows user, please make sure you are not running any version of Internet Explorer. If you are, quickly head over and download Firefox, Opera or even Safari to browse the web with. They may not fully protect you, but at least you have a better chance of surviving a session of web surfing than you would with Internet Explorer.

written by Dave M. \\ tags: iis, javascript, Security, Windows

Daring Fireball Linked List: April 2008:
"Counterpoint ★

Darby Lines:

Apparently Apple needs to also not check the box to install Safari by default. Again, the take home message here is that Windows users are so fucking confused by a checkbox that they can’t be trusted with the horrible responsibility of installing a browser."

(Emphasis added by myself)

Update: I originally titled this: Great quote from John Gruber (Daring Fireball). I later found out that the quote was actually from a Mr. Darby C . Lines that runs the site The Angry Drunk. (Sorry Darby!)

(Via Daring Fireball Linked List: April 2008.)

written by Dave M. \\ tags: Apple, apple software update, darby, darby c lines, darby lines, Daring Fireball, Gruber, lines, Software, the angry drunk, update

I guess with all the blogosphere attention that Apple got over the Windows version of it's Apple Software Update program having Safari 3.1 in the list as an "Update", they felt that they had to make a change. I commented about this back when it happened here and here

I have been keeping an eye on Apple's software update program ever since this whole mess started up. I wanted to make sure that when the Safari 3.1.1 update hit, that it would still stay hidden based on my choice to use the menu option: "Ignore selected Updates".

Today I saw that along with Safari 3.1.1 and iTunes + QuickTime, there was an entry in the "Updates" list noting that the Apple Software Update program was in need of an update. (It's not showing up now since I updated it before I took the screenshot.

So it looks like Apple made a change to the update program to create two lists. One list contains all the "Updates" and the other list is titled: "New Software". This should help alleviate some confusion over wether an item is an "update" or an "install".

One problem that is still going to be complained about, mark my words, is that the entries in the "New Software" list are checked by default. This was one of the complaints about Safari being in the list. Some people didn't have a problem with Safari being in the list, they just objected to it being checked on by default.

I pretty much agree with the fact that "New Software" should be unchecked by default. This way, a user won't accidently install "New Software" without realizing it when all they really wanted to do was update QuickTime or iTunes.

It's going to be interesting to see what the blogosphere says about this attempt to appease the masses. Somehow I don't think it's really going to appease them at all. I guess time will tell.

Update: Did any Windows users notice as they updated their QuickTime version (if they did), that Microsoft updated their computer, yet again, without telling you what was updated or even giving you the option to not do the update?

This happened to me on my older Windows box (the one I used to take the screenshot with) after I updated QuickTime. When my machine was finished rebooting, it told me that Microsoft had updated my system with a critical update. No notice before the update, no prompt before updating that there is an update ready.

So where are all the people out there crying "dirty pool" for this act? At least these folks that are calling "foul" on Apple are Apple users. I just don't understand why there are not more people out there complaining about Microsoft basically taking over their machines with their updates. I will be the one deciding on wether an update is necessary for my machine or not. With Microsoft's track record of updates causing problems with their OS I don't want updates being installed on my Windows computers without my knowing what is being updated.

written by Dave M. \\ tags: Apple, apple software update, Software, update

While checking out my statistics at Site Meter this morning, I notices something rather disturbing. The majority of my readers are using Firefox 1.x.

It's not disturbing that those users are using Firefox. In fact, I would further suggest that all you Internet Explorer 6.x and 7.x users (22.2%) should consider looking at Firefox, Opera, Safari, or any other browser that doesn't use Internet Explorer as it's rendering engine (means of displaying web content). Your Windows computers will be much happier if you do.

No, actually I'm concerned that 37.4% of my readers, the majority, are using older versions of Firefox. Firefox 2.x has been out for quite some time now and is a faster, more reliable version than it's older 1.x version. In fact, version 2.x (and many later versions of version 1.x) support the ability to update themselves automatically. In fact, click the image below to go straight to Firefox's download page:

Download Firefox

Making sure that Firefox automatically update's itself is very important. The folks that develop Firefox stay on top of security issues that arise from security experts and hackers finding holes in Firefox. As soon as a fix is made and tested, it's released as an update that Firefox will prompt you for the minute it detects it.

To make sure that Firefox will update itself for the Mac, go to the "Firefox" Menu and select "Preferences..." (or Command-,) to bring up Firefox's Preferences dialog.

To make sure that Firefox will update itself for Windows, go to the "Tools" Menu and select "Options..." to bring up Firefox's Options dialog.

Once there, switch to the Advanced tab by clicking on the word Advanced tab (the icon that looks like a gear), and select the Update tab inside. Now, make sure that "Automatically check for updates to: Firefox is checked. The "When updates to Firefox are found: options will allow you to have Firefox automatically download and install any updates, or ask you to update when you are ready. Even the automatic update will ask you if you want to update now or later, so it's pretty safe to use either option.

Making this change will allow Firefox to keep itself up-to-date and safe from any malicious website bent on making your web browsing experience, and general computer experience, unpleasant.

written by Dave M. \\ tags: Explorer 6, Firefox Browser, Hackers, Internet Explorer, Older Versions, Opera, Options, Os X, Safari, Security Experts, Security Holes, Security Issues, Site Meter, Statistics, Tools Menu, Update Windows, Upgrade Browser, Web Content, Windows Computers, Windows Os, Windows Upgrade

I came off with the previous post as sounding like I thought that Apple including Safari in the "update" was a good thing. I do feel that they made a mistake in defaulting the item as checked and would be downloaded if the user just clicks the update button.

Yes, it's pretty sneaky marketing. Do you folks really think Apple is so pure and nice that they would never do such a thing? They are a business and to listen to some folks, a monopoly. At least as far as MP3 players goes, and this is the real problem here. People are saying that Apple is using it's "monopoly" in MP3 players and music as a means of gaining a market share in the browser world. Will they? Guess what. Probably not at all.

As some of my commenters have stated, people don't really have a clue that there are other browsers out there other than Internet Explorer. They wouldn't even notice that there was another browser to choose from when using their computer after running the update. For crying out loud, they don't even know that they have spyware and trojans running on their computer in the first place!

I'm just surprised that it's causing all this attention in the blogosphere. Everyone I read/hear is going on like this is the end of the world as we know it. The biggest complaint is: Now that Apple has done this, people are not going to want to run the Apple Software Update program and because of this, they are not going to run update software at all. So this will cause the internet to become less secure.

Oh please, give me a break! People have already been/being trained to make the internet less secure by Microsoft with Vista and User Access Control (UAC) not to mention Windows Update. People are turning off UAC all over the place because it's about the most annoying thing ever. Plus, just like crying "Wolf" over and over again, sooner or later, you are just going to assume that the next UAC prompt that shoes up is just another "cry wolf" prompt and tell it to go ahead when it really is a bad thing.

Windows Update is really bad to allow to run at all, much less tell it to let you know that there is an update to download. Windows Update has actually installed updates even when you tell it to not actually do anything other than warn you that updates are out. This hasn't happened very often, but it has happened a couple of times and Microsoft has been called out for them.

So I have to say, that maybe these computer journalists need to be making sure that Microsoft takes care of their issues before going after Apple.

Actually, this looks a lot like Greenpeace going after Apple for not being "Green" when compared to Dell and HP, Apple's messing up the environment is way less. After all, older Macintosh computers tend to get sold to new owners where older Windows boxes tend to just get thrown out. I really didn't understand that, but now Apple is even "greener" and the rest of the computer world is still as messy as before. Ah well.

Now, all that said, if you are a Windows user reading this far down the post, why not actually try Safari and see if you don't think that Safari is not faster than any browser that you are currently using minus Firefox 3 Beta. Firefox 3 being beta is still pretty unstable or I would have to say that they are pretty close to the same speed. Once Mozilla gets Firefox 3 out of beta, they are going to be a really good competitor.

written by Dave M. \\ tags: Annoying Thing, Apple 2, Apple Software, Browser World, Clue, Commenters, Cry Wolf, Crying Wolf, Hub Bub, Internet Explorer, Market Share, Mistake, Monopoly, Mp3 Players, Safari, Shoes, Software Update, User Access Control, Windows Update, Wolf

I've been seeing a lot of griping about Apple's Software Update for Windows and it having Safari in it's lists of updates even when Safari for Windows isn't installed on that computer. (Yep Neil, I saw your Twitter response)

Here is my take on this for what it is worth...

The "Apple Software Update" program is a program that is installed when installing either of the three programs on the list in the above screen shot. iTunes, QuickTime, and/or Safari. It's a convenience program to allow you to keep those programs up-to-date without having to go to Apple's website every so often to make sure you have the latest. It's written fairly similarly to Apple's Macintosh "Software Update" program.

There has been a lot of griping about how Apple is trying to "pull a fast one" and sneak a copy of Safari onto Windows based computers by making it look like the user needs to update the program when in fact it's not even installed on the system. (Ok, so most of the complaining has been by either the Mozilla group, or Twitter posts...)

• SlashDot:
  Mozilla CEO Objects To Safari Auto Install
• Twitter:
  Molly Wood
• Twitter:
  Response to Molly's tweet
• Daring Fireball:
  Apple Offering Safari 3.1 to Windows iTunes Users
• Waffle:
  Where By “Interesting”, I Mean “Annoying”
• Paul Thurrott's SuperSite for Windows:
  Mozilla responds to Apple's dubious use of Software Update to push Safari
• Daring Fireball:
  Paul Thurrott on the Safari for Windows Software Update Thing
• Waffle:
  The Sliding Scale of Right
• Alivad.com:
  Apple’s dirty Safari installer …
• Brandon Live!:
  Apple is the new Borg
• rare pattern:
  Apple's in the wrong, but Safari really is the better browser
• Cow's Blog:
  Apple Safari Backdoor Install 'Wrong'
• on and on and on...

The complaints seem to be focusing on the fact that if Microsoft did this, they would get their butt's in all kinds of hot water, yet Apple is getting a free ticket to do what they want.

Now, it's very possible that this is Apple's way of getting Safari onto Windows based systems with little effort. After all, if a Windows user has an iPod or iPhone, they will probably be running iTunes and will be running this software update program to make sure that iTunes is up-to-date. So basically, Apple is taking advantage of this fact to try to get Safari installed on as many Windows based systems as it can.

Is this evil? Eh, I can't really say. Personally, I use Safari now more and more since Firefox seems to be getting slower and buggier by the day. I have tried other Windows based browsers like Opera and Netscape, but none are really as speedy as Safari is. So giving Windows users another choice to me seems like a nice thing. Just my opinion here.

Now, getting back to the topic at hand. I can't speak for other platforms when it comes to their update software. I can speak to Microsoft and Windows Update. I still have a couple of Windows boxes laying around here running XP. There have been several times when Microsoft has decided to "update" my computer without my permission. I don't run Windows Update in such a way that it is supposed to update my computer no matter what. I like to make sure the updates I am installing are ones I really need. Yet, I know of at least 2 times when my Windows box has been rebooted by a software update that happened without my telling it to update.

With Apple's Software Update mechanism, I am given a list of programs that need to be updated, each with a checkbox in front so that I can tell the program that I don't want to update a specific piece of software at that time. Further more, I can tell the program that I don't ever want to see a specific update again, by using the Tools menu and selecting "Ignore Selected Updates".

Now, I don't see Safari in the list at all:

So, I really don't understand why all the complaining. It's easy enough to ignore software that you don't want to install. It's not hiding the fact that it's going to install/update the software if you click on the "Install n items" button at the bottom. Plus, installing Safari doesn't change your default browser, home page setting, browser search engine, etc... All perfectly benign.

I have seen install programs on Windows that sneak all kinds of junk on to your computer and don't give you even the slightest option to not install it or even tell you that it is going to install it except in that nasty piece of text called the EULA.

So, calm down folks, it's really not that bad and if you really don't want it, ignore it or even better, remove Apple Software Update from even running on your Windows system and you will never have to worry about it again.

Update: (8:18pm) I just cleaned up the links to other sites talking about this topic and moved them off to a list.

written by Dave M. \\ tags: Apple Macintosh, Apple Safari, Apple Software, Based Computers, Cow, Daring Fireball, Free Ticket, Hot Water, Hub Bub, Macintosh Software, Molly Wood, Paul Thurrott, Quicktime, Rare Pattern, Safari For Windows, Software Update, Supersite For Windows, Twitter, Waffle, Windows Software

So I was watching c|net's Buzz Out Loud when they talked about TrendMicro's website getting hit with a trojan...

Trend Micro exposed by widespread web hack News - PC Advisor: "The website for security software firm Trend Micro was among the hundreds of legitimate websites to fall victim to a widespread web attack that has spread malicious software around the web this week.

A spokesman yesterday confirmed that the company's site had been hacked, saying that the attack took place earlier in the week. 'A portion of our site - some pages were attacked,' said Mike Sweeny, a Trend Micro spokesman. 'We took the pages down overnight Tuesday night - and took corrective action.'

On Thursday security vendor McAfee reported that more than 20,000 web pages have been affected by the attack. The pages are infected with malicious code that tries to install password-stealing software on the PCs of people who visit the sites."

This is exactly the reason I will never use Anti-Virus software ever again. Not to mention Microsoft Windows. TrendMicro uses Windows and IIS for running it's website. Not exactly the best platform to run a website with. I suppose if they were trying to prove that they make websites and your computers safe... Except it didn't quite work, did it.

Mind you, they fixed the site pretty quickly. Still, the fact that they were hit at all.

All in all, I'll keep my distance from AV software completely since it's clear that they can't be trusted.

(Via PC Advisor.)

written by Dave M. \\ tags: Anti Virus Software, Buzz, Corrective Action, Hack News, Legitimate Websites, Malicious Code, Malicious Software, Microsoft Windows, Mike Sweeny, Security Software, Security Vendor, Software Firm, Spokesman, Trend Micro, Trendmicro, Trojan, Tuesday Night, Web Attack, Web Hack, Web Pages

Wow guys, I thought installing Windows XP in Parallels or Boot Camp was bad...

OK, so I did something kind of stupid this weekend, I attempted to "update" my Windows XP game machine to Windows XP Pro. I thought: "How bad could it be, I'm going from XP to XP Pro?" What a freaking mistake!

So I did the upgrade and when it rebooted to finish the upgrade, it started bringing up the Windows splash screen, then went black then instantly after that, the infamous Blue Screen of Death followed immediately after that with a reboot.

Why did this happen? Well, my guess is that I had a separate partition with Vista RC2 installed and so I probably had a "dual boot" boot sector that wasn't updated properly after the update. So, I might have been able to recover the update, but I really didn't feel like it, so I wiped out the partitions, and started from scratch.

I almost decided to screw Windows and install Ubuntu. However, I am wanting to play Spore when it comes out next year. So Windows it is...

This is where things when really south. Oh sure, the install of XP Pro went easily enough. What went south was the fact that my computer was running like an IBM AT from back in the day and had no sound. Why? No drivers. Really, Windows had no drivers for my system.

At first, I was pissed. I have an install disk with Windows XP Pro SP 2. Then I realized something. There are billions of hardware combinations that Windows runs under. How in the world could Microsoft have all the drivers for all the combinations that it has to run under? Then I remembered that my Dell came with a "ResourceCD" that has all the drivers for the hardware that it came with. So I pulled out the CD, after taking about an hour to find it, and ran the installer to install the drivers I needed to get my system up to something a little more modern.

What surprises me, in this day and age, is why isn't this stored "in the computer" as a ROM drive that can be activated so that the Windows install could find it and use it to get drivers installed? This way, after installing Windows, a user will have a system that "works". Instead, I had to do things that a normal home user would have no idea how to do. It wasn't easy at all to do. I had done it once before so I actually had a clue what I was doing. Otherwise I would have been a little iffy my self.

So compared to Leopard and the Mac, the process of installing the OS from a wiped HDD is like night and day. Leopard was extremely easy and Windows XP Pro was a nightmare.

Now after all the hell I went through to get Windows installed and my hardware drivers installed. I then had the fun I have had in the past with Parallels and Boot Camp. 87 lovely updates followed by several more updates for a total of over 110. So, about 10 reboots and 110+ updates and I finally have a Dell PC that is ready to use again. With Leopard and the Mac, it was install, maybe one reboot no more than two, and I was up and running with the Mac. Yet there are still people out there that think that Windows is way easier to use than the Mac...

It's really a shame that most game developers don't make Mac versions of their games. There are a few that do. Thanks Blizzard! It's funny really, since the Mac has a limited number of graphics cards that are supported and all the rest of the hardware is built into the Mac, developing games for the platform has to be as easy to do as any XBox/Playstation/Wii game would be. Oh sure, there are not as many Macs in the home as there are PC's or Game Consoles, but still...

So that was my fun this weekend. All because I wanted to be able to access my Dell with Remote Desktop Connection instead of VNC. Ah well...

written by Dave M. \\ tags: Billions, Blue Screen Of Death, Boot Camp, Boot Sector, Dell 8400, Dual Boot, Game Machine, Guess, Hardware Combinations, Installing Windows, Mistake, Parallels, Partition, Partitions, Reboot, Rom Drive, Scratch, Surprises, Windows Splash Screen, Windows Xp

No, I'm not talking about updates to OS X Tiger or Leopard. I'm talking about installing Windows XP Pro SP2! Yes that's right. After SP2 there are 86 updates that need to be downloaded and installed after installing Windows XP Pro SP 2. Not counting the update to the updater.

I really get the feeling that Windows XP needs an SP3 and soon!

Anyone who complains about Apple and the updates that they have to go through after installing Tiger, just point them to a Windows box and have them install XP Pro SP2.

I also know there will be more to go, since I haven't updated Internet Explorer and there are also other updates that are usually not critical but are still desired.

Man, I am soooo glad I switched to Macintosh!

Why am I installing Windows XP? Oh, yea, I forgot to mention that I am installing it to my Mac Pro in Boot Camp. I lost my secondary HD which had the previous Windows installation on it. Not sure why the drive bit the bullet, but when you hear clicking and spinning down and back up, you have to assume the drive is toast. I went out and purchased a 750GB SATA drive today and used Time Machine to restore the OS X side of the disk. (That process was so damn easy a cave man could do it.) Now, I'm reinstalling Windows and a few other programs so that I can use Parallels to access it. I rarely reboot into Windows on my Mac Pro. If I am going to play a game, I switch to my Windows box behind my monitor and play there. I just like the convienence of having a Windows partition on the Mac for doing non-game things.

Well, I'm about half way through installing the 86 updates, so I guess I'll wrap up this post and get ready for the hundreds of reboots I am going to have to do to finish getting windows ready to use again.

Update: I only had to install about 20 more updates after the 86 to start with. Also, only had 4 reboots during that process. So, it's really not that bad... really... (sarcasm sign being held up and waved furiously)

written by Dave M. \\ tags: Boot Camp, Cave Man, Convienence, Hd, Installing Windows, Internet Explorer, Os X, Os X Tiger, Parallels, Partition, Reinstalling Windows, Sarcasm, Sp 2, Sp3, Time Machine, Toast, Windows Box, Windows Installation, Windows Xp, Windows Xp Pro Sp2