Archive for the ‘ESSAYS’ Category.

Look2Me is evil, and Windows is a bad platform

My home Windows 2000 machine is infested with Look2Me spyware.
Who knows which of our family of five attached this IE “shell extension” nuisance.
Now the question is: how I get rid of it? None of the published instructions has worked.
The vendor’s uninstaller doesn’t. (Of course it’s overly kind to call a producer of
unwanted intrusive privacy violation software a “vendor”.)
The manual uninstall directions haven’t worked either.
I know it’s still there because ZoneAlarm shows it trying to phone home.

Look2Me interacts really badly with ZoneAlarm, because while ZoneAlarm can and will prevent the frequent attempts by winlogon and rundll32 to contact port 80, it does cause some kind of resource exhaustion that prevents any new TCP session from being establshed 20 minutes or so after a reboot.

Anybody with fresh ideas for uninstall, let me know. I suspect that people will be asking me for help for years to come as they find this page while searching for winlogon, rundll32, ZoneAlarm, or

This all happened on a machine up-to-date with patches.
Patches and reactive measures such as virus patterns don’t change the fact that Windows is a bad platform, for even casual use.
The barriers against mischief are just too low – defense without depth.

Benchmark the anti-spam industry!

It would be very valuable to have an ongoing head-to-head benchmarking of all the current contenders in the anti-spam industry — not just the learning systems, but the online dynamic systems as well.
Form a consortium, operate a bunch of systems (be a customer of commercial systems).
Use the same simultaneous data stream as input, and capture real-time state from the online dynamic systems (return it to the providers so they can replay what went wrong [or right]).
Publish the performance results.

It would generate good data for more research, and really useful comparable performance metrics.
I’m not sure if that would be seen as a good thing or a bad thing by
the commercial services. Laggards in the horserace might prefer less measurement.
Actually, what I think it would show is that most systems are “almost good enough,”
that all systems will soon be “good enough,” that
there’s little excuse not to deploy something,
but there’s plenty of space for distinction based on features such as administration, tunability, interface, integration.
But one would hope that performance metrics would drive the industry forward.

A SPEC effort for real-time and offline anti-spam systems!
Is anyone else inspired by the idea of a non-biased testing/evaluation consortium?

My first receipt of a CAPTCHA-bearing virus

During the last round of virus innovation a couple of weeks ago (email viruses with encrypted payloads bearing passwords in the text, circa March 3), I predicted to a colleague that the next obvious step would be an embedded CAPTCHA image to make it harder for antivirus gateways to find the password for decoding encrypted attachments. It didn’t take long; I received my first CAPTCHA-bearing virus last Saturday (March 13).

Of course, this is only a novelty in email viruses. It’s old-hat for email spam; for example a significant proportion of the Russian-language spam I see is image-only, with an embedded phone number, and not even a single URI.

As for the virus,
Trend Micro OfficeScan identifies the extracted file as PE_BAGLE.N-O, here’s a snippet:

Delivery-Date: Sat Mar 13 20:00:06 2004
Received: from ( [])
        by (8.12.9/8.12.4) with SMTP id i2E0xxGf013039
        for <>; Sat, 13 Mar 2004 20:00:00 -0500 (EST)
Date: Sat, 13 Mar 2004 19:59:56 -0500
Subject: Re: Thank you!
Message-ID: <>
MIME-Version: 1.0
Content-Type: multipart/mixed;
Content-Length: 34491
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Your file is attached.<br><br>
<BR>Password - <img  src="cid:rjsdmyhbsf.bmp"><BR>
Content-Type: image/bmp; name="rjsdmyhbsf.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="rjsdmyhbsf.bmp"
Content-ID: <rjsdmyhbsf.bmp>
Content-Type: application/octet-stream; name=""
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=""

Orkut[1]: In with the in crowd

Now I have received my first Orkut invitation.
Interestingly, it came from an actual friend — probably a good sign for Orkut, as the quality of their system depends on the utility of actual relationships, not random diffuse connections.

It’s good timing for Orkut.
Our distance from the Six Degrees era, and the current spontaneous blossoming of intellectual/social relationships as seen among intertwined weblogs, make it seem fresh, and not just another

Yet-another fatigue is now a barrier to entry for Orkut competitors.

Will I go out and spam all my colleagues and friends with Orkut invitations?
No, it seems a little too close to a MLM pitch.
I think I’ll just pick on a few who I know are in the right frame of mind.

Previous: Orkut[0]: Out with the out crowd

Orkut[0]: Out with the out crowd

OK, while my left brain tells me that yet another social networking system is not much of an aid to real relationships (and it gets worse with every new yet-another), I’m still feeling curious and sorely left out.
Groucho Marx aside,
would anyone care to invite

Next: Orkut[1]: In with the in crowd

Stop violating RFC2822 address specifications

Many web sites that collect email addresses are unnecessarily restrictive regarding what characters are allowed in email addresses. The specification is RFC2822 section 3.4.1, and the “local part” allows:

  • non-whitespace controls
  • the rest of the US-ASCII characters not including [“, “]”, or “\”

In particular, “+” is a valid local-part of an email address, and is very commonly used by people to hand out distinguished addresses for purposes of tracking, sorting, and refiling.

Today’s violator is EarthLink SpamBlock, a challenge-response email spam blocker, which does not allow me to register a plus-containing address as an originator of mail.

What I did on my summer vacation

What a beautiful country. For my birthday, my wife gave me Giant Sequioas. For her birthday, I gave her the Grand Canyon.

I’ve posted about a third of my
from the Grand Canyon, Hoover Dam, La Plata Canyon, Mesa Verde, Arches. The digital camera get sand in the lens cover so we switched to film. To be continued…