A Better Title

Dear Diary,

I‘m tired. Really.

The past few days have been frustrating. Really.

I’ve trusted this company so much, but in the end I felt so betrayed.

(Important: If you’re too lazy to read this whole entry written by the boring me, and you’re still using Internet Explorer and never updated it, read at least this article. It contains the most important part of this entry.)

If you had me on MSN, you would have noticed that my nickname was “Hendri Budi - Die, Microsoft, Die!”.

This is not without a reason.

I was pissed by not one, not two, but THREE Microsoft products in the past few days alone.

If you’ve been watching the technology news lately, you would have known that Microsoft Internet Explorer isn’t really safe anymore. According to this article, even the U.S. Computer Emergency Readiness Team (CERT) recommended other browsers in place of IE.

The reason to this is the security holes affecting IE. The fact that IE is tightly integrated with Windows (i.e. you can’t uninstall IE without destroying the whole operating system) means that using one of these security holes, a hacker can gain access to Windows. After this, the hacker can insert viruses, initiate an attack to some websites, etc.

These security holes can be patched using the automated Windows Update tool. Alas, users of pirated copies of Windows are not able to use this tool. This means that you’ll need to apply the patches manually. How can you do this? How can you find out what updates do you need? You can cheat your way and use Microsoft Baseline Security Analyzer to do so. Alas again, for some reasons, not all updates are mentioned. So you’re not actually fully protected until you use the actual Windows Update tool.

Well, to me this is OK, because I’ve been using Opera for quite some time anyway.

But then I remembered: Microsoft Outlook uses the IE engine to read all HTML messages. An HTML message is one using those fancy formatting and colourings. A non-HTML message is one with only plain text inside.

So I looked at other alternatives to a mail program. I came upon two very promising candidates: One was M2, Opera’s mail client, and the other was Mozilla Thunderbird. After trying out both programs, I was quite sure that Thunderbird was the one for me. It contains more security protections such as the ability to disable scripts and external images in the e-mails.

By the way, what has images to do with security? Some spammers use webbugs, an image scaled so small it’s not so obvious in the e-mail, to verify that your e-mail indeed does exist and someone actually opens the e-mail. So when your e-mail has been verified this way, the spammer can be sure that he can continue sending messages to your e-mail address.

So, back to the topic: I was sure that Thunderbird was the one for me. So I imported all my current e-mails in Outlook to Thunderbird. Everything was fine until I noticed a strange sight. An e-mail originally sized at hundreds of kilobytes (one of those forwarded e-mails) shrunk to a measly 1 KB. I opened the message and found that the whole message body had disappeared, leaving only the headers.

Another message showed even more peculiarity. There was a strange attachment called ‘winmail.dat’. I searched the Internet and found that it was because of Microsoft’s bloody proprietary format for storing e-mail messages. Most of other e-mail programs save the e-mail messages in a standard mailbox format. I searched again up and down the Internet for a total of at least five hours for solutions to this, but found none. That was when I gave up hope. I just had to accept that some of my e-mail messages are locked up by Microsoft, and nothing I can do can make them appear in Thunderbird–not even other programs because I couldn’t find any converter for Microsoft Outlook. The most I can do is saving each incompatible message as a file.

And another peculiar thing from Microsoft is that the messages will be corrupted even if you had exported the e-mail messages from Microsoft Outlook to Microsoft Outlook Express. This is a damn weird thing, because you’re practically preventing people from using another product from your own company. For competitive reasons, I can understand why Microsoft doesn’t want to allow the users to export messages to, say, Thunderbird, but to one from your own company?

OK, I’ve described my problems with two Microsoft products already. So what’s the third one?

Microsoft Windows XP itself.

I was doing a regular maintenance on my system. Barely half-an-hour after I re-installed the whole system, Windows reported that there was a bugcheck error (also known as the blue screen). However, I was pretty sure that no blue screen appeared before the report did. This is another peculiarity that I still can’t figure out until now.

So what I did then was surfing to Microsoft’s website to find out more help on the problem. I was using IE as I haven’t installed Opera yet. I didn’t have any intention to install anything else until I’ve solved the bugcheck errors. I didn’t install any patches prior to that, thinking that surfing to Microsoft’s own website won’t do any harm to my system.

By the third hour of the new system, the computer was already infected by a ‘wincfg.exe’ file, which according to Symantec is a trojan horse facilitating MSN Messenger. A trojan horse is a small program which an attacker puts into a victim’s computer so that he can access or somehow use the latter. I immediately installed Norton Internet Security (a firewall), and found out that indeed the program had tried to access some sites.

In case you still haven’t gotten the impact yet, I shall repeat this. I was only surfing Microsoft’s website using IE (without updates) and got infected. Imagine what you can get from other websites.

(By the way, this trojan horse won’t affect me as well because I’m using Trillian)

I managed to delete the trojan horse afterwards but the bugcheck errors didn’t disappear. So to make sure that the trojan horse really had been eradicated, I decided to re-install the whole system one more time. Then, as mysterious as the problem had appeared, the bugcheck errors (the original problem I intended to solve) disappeared.

Now my system is running almost normally. Almost, because I still have Microsoft’s Windows Media Player to play my CD. I’m currently using Opera for browsing, and Thunderbird for e-mails.

Let me end this rant by saying that I don’t totally despise Microsoft. They do have some really good programs that are really easy to use, like Windows itself. Some Microsoft games are quite good too, like the Microsoft Flight Simulator and Freelancer. Neither am I saying that it will be totally safe to use other alternatives; they do have their own security holes too. To quote from the CNET article, “because of that market dominance, however, Internet Explorer engineers have been lax about browser innovations and battening down its hatches”. While Microsoft usually releases an update every one month or so, the other alternatives release a new version almost as soon as a problem is found and fixed. Also, the fact that Internet Explorer is very tightly integrated with the operating system only made the security holes a bigger risk than necessary.

Now, I’m done with my rant.

[Edit: Entry split]

Ranter,

bcc

This entry was posted on Saturday, July 10th, 2004 at 10:30 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.