Bugs and Fixes: RealPrivacy in the New Millennium?

It's too early to tell how successful Microsoft Corp. has been at buffing away Internet Explorer 5's rough edges, but the new 5.01 release seems promising. A posting at http://support.microsoft.com/support/kb/articles/Q244/6/55.asp lists close to 40 reliability issues that the update addresses. Version 5.01 also includes all previously released IE 5 security patches, according to Microsoft. It also upgrades the 40-bit encryption of earlier releases to 56-bit (a 128-bit upgrade is available separately). The size of the download depends on installed components, but you can expect a haul of about 17M bytes. To get the update, point your browser to http://www.microsoft.com/windows/ie/download or to http://windowsupdate.microsoft.com. Version 5.01 is currently available only as a download.

The year 2000 will have dawned safely by the time you read this. And chances are the biggest Y2K challenge will be writing the correct year on personal checks. Still, in case your once-sensible PC insists on turning cartwheels on the lawn or demands drolly that you address it as Hal, we'd be remiss to yield to our "enough, already" impulses just yet.

If recent history is any indication, Internet privacy is likely to be a major concern in the next millennium. Early last year, independent security consultant Richard M. Smith (http://www.tiac.net/users/smiths) discovered the use of GUIDs -- numbers that uniquely identify a PC -- in some of Microsoft's software. More recently, Smith made news again when he spotted GUIDs at work in RealNetworks' RealJukebox audio CD and MP3 player.

Like some other players, RealJukebox can automatically download audio CD title and track information from the Web. This handy feature, Smith discovered, harbored a serious pitfall: When RealJukebox requested CD information, it transmitted a GUID to RealNetworks, which could use that data to build a list of the user's CDs. (Note: This "requesting" of information happens by default but can be disabled.)Smith also found that RealJukebox automatically reported other information to RealNetworks, such as the user's preference in music and the portable MP3 player in use. That data could be linked to the user's e-mail address, given during registration.

RealNetworks responded swiftly when Smith released his findings. For the 10 million users who had downloaded RealJukebox before November 8, 1999, the company released a 67K-byte patch that disables the GUID and prevents daily transmissions. RealJukebox users can download the fix from http://www.realnetworks.com/company/privacy/jukebox/privacyupdate.html or by choosing RealPlayer's Help*Check for Update menu option. RealNetworks also added privacy enhancements to RealJukebox's full versions; these updated versions are available at http://www.real.com. Finally, the company disabled the GUID in the default settings of its RealPlayer 7 streaming media player.

Download the new version from http://www.real.com, or by selecting Help*Check for Update.

Update: Toshiba's Floppy Fix

If you own a Toshiba laptop, chances are it uses a floppy disk controller that could cause data loss or corruption in files you save to the floppy. As reported in January's Top of the News (see http://www.pcworld.com/jan00/toshiba), the company posted patches that remedy the FDC condition as part of its settlement of a class-action lawsuit. However, the fix was available only for Windows 95/98 and Windows NT 4.0. To download the latest information and the fixes themselves, go to http://www.csd.toshiba.com/tais/csd/support/fdc/index.html. A Toshiba spokesperson told us at the time of this writing that separate patches for DOS/Win 3. x, Linux, and Free BSD will be available by the time you read this.

Windows NT Security Patch

Attention security-conscious Windows NT 4.0 users: You'll want to download a patch that prevents a "malformed spooler request" in all variants of NT 4.0. A malicious hacker could exploit this flaw to run amok on a Windows NT system.

The intruder could, for example, cause the printer operation to crash. A second weakness addressed by the same patch could allow attackers to install their own settings as print providers and wreak all kinds of havoc. According to Microsoft, this vulnerability cannot be exploited remotely. To download the fix, visit http://www.microsoft.com/security/bulletins/ms99-047.asp. Find answers to frequently asked questions at http://www.microsoft.com/security/bulletins/ms99-047faq.asp.

(You can find files mentioned in this article at http://www.fileworld.com/magazine. Mitt Jones is a contributing editor for PC World.)

Join the newsletter!

Or
Error: Please check your email address.

More about FileWorldMicrosoftNT SecurityRealNetworksToshiba

Show Comments