Nefaria.com

First, watch the following video:

http://www.dailykostv.com/w/002008/

Just a point of order before I get too far into this; throughout this post, I’ll use the terms “warning banner”, “warning message”, “logon banner”, “network banner” and “privacy statement” interchangeably… they all refer to just about the same thing and serve the same purpose.

Now if you are to take Beck at his word, this is scary shit right? Wrong. First of all, don’t take beck at his word [ever], he’ll give you brain herpes. Here’s the deal, that disclaimer that he’s taking such a big issue with? Yeah, it’s a pretty standard warning message actually. Take the U.S. Army’s website for example (warning, you’ll have to confirm a security certificate exception); one of the “scary issues” that Beck has with the warning on the cars.gov website is that it’s too broad (never mind the fact that it has to be… we’ll get to that in a second). If you read the security warning on the Army’s site, it too is broad and so is their terms of service. Moreover, all this bullshit about “America, do not try this at home.” is just silly fucking nonsense, meant only to scare people who do not know any better. This security message that Beck is all up in arms about is what is known as a “warning banner”. Warning banners are common on just about all corporate and government computers that are accessible from the Internet (…and have been common for a looooong time). Even some private computers, such as someone who runs a web, e-mail, ftp, etc. server from their home for personal use will have warning banners. In addition to those, it’s also common to see similar, broadly worded messages at the bottom of some e-mails (pursuant to the “e-mail” policy of some organizations). Their purpose is to cast a wide legal net so that in the event that someone abuses the system in question, legal action can be taken. The basic purpose of any warning banner should be to make the following point: If you attempt to circumvent the security measures employed by this system, succeed in doing so, and/or abuse this system in any way, legal action will be taken against you. Not to belabor the point, but here’s what the DOJ has to say about warning banners:

Network banners are electronic messages that provide notice of legal rights to users of computer networks. From a legal standpoint, banners have four primary functions. First, banners may be used to generate consent to real-time monitoring under Title III. Second, banners may be used to generate consent to the retrieval of stored files and records pursuant to ECPA. Third, in the case of government networks, banners may eliminate any Fourth Amendment “reasonable expectation of privacy” that government employees or other users might otherwise retain in their use of the government’s network under O’Connor v. Ortega, 480 U.S. 709 (1987). Fourth, in the case of a non-government network, banners may establish a system administrator’s “common authority” to consent to a law enforcement search pursuant to United States v. Matlock, 415 U.S. 164 (1974).

If my name were Glenn Beck, I’d be throwing a tantrum upon reading eliminate any Fourth Amendment “reasonable expectation of privacy” … and I wouldn’t read the rest before running to the camera with a story about how the Communist-terrorist Obama administration wants to eliminate our Fourth Amendment rights (never mind the fact that the referenced DOJ website was in existence well before Obama took office)… but I digress.

Warning banners, such as the one Beck is holding up as an example of “scary shit that the Obama administration is doing” shouldn’t frighten anyone except for those who plan on doing exactly what the warning message tells them not to do. Warning banners are passive security measures; they need to be broad in order to apply to any/all possible cases of abuse. They don’t actually make the computer/network/website/etc. more secure (with the exception of causing would-be “crackers” to think twice before trying anything). Their real power comes from the fact that they can be used in court to show that the defendant had been warned in advance and knew full and well they were doing something that they shouldn’t have been doing.

In regard to this particular warning banner, I went to the cars.gov website to see what I could find out about it… it turns out, that the only way you’ll ever see the message that Beck is ranting about is if you are a car dealer participating in the CARS program. Given the potential for fraud on behalf of unscrupulous car dealers, I’d say that the strong wording of the warning banner/privacy message (whichever you choose to call it) is entirely appropriate. Meanwhile, ordinary citizens looking for information about the CARS program only consent to have their IP address tracked (which is something that all webservers do by default anyway).

This is just another example of fearmongering on behalf of a fanatic who cannot reconcile his world-view with reality.

### Update! Here’s some more information about this from Daily Kos, enjoy.

Quite an odd thing happened today… I encountered the same very specific error twice on two completely unrelated computers (two different clients). In _both_ cases, clamwin had unnecessarily quarantined the following file:

On both machines, this occurred during a scheduled scan. The symptoms of this problem are that windows will allow the user to login, but it immediately logs out after a second or two. Here’s how I fixed it in both cases:

1. Boot into the recovery console using a Windows XP install disk
2. Select the windows installation experiencing the problem and type the Administrator password when asked
3. Run the following command (assuming that your CD-ROM is D:\ and your hard drive is C:\):
   expand D:\I386\USERINIT.EX_ C:\WINDOWS\system32
4. Remove the CD from the drive then type ‘exit’ and hit ‘enter’ to reboot.

Once the computer boots properly (and allows you to stay logged in), use Malwarebytes, Spybot, HijackThis, etc. to scan your computer for viruses and/or spyware.

Update, 5 August 2009:

Just an additional note; you’ll want to be sure that the version of the file you copy from the installation disk is compatible with the service pack installed (it’s likely not). Symptoms of this incompatibility include things like explorer freezing when you try to shutdown or restart the computer. Uninstalling then Reinstalling the service pack should fix this issue. Alternatively, (and if ClamWin was the culprit) you could restore the old userinit.exe file from ClamWin’s quarantine directory… be sure to scan the file before doing this or else you could end up restoring an infected copy. So far, on every computer I’ve had to fix because of this (five and counting), ClamWin had falsely identified the userinit.exe file as a virus.

Error:

When clicking on the ‘File’ menu in Microsoft Document Imaging.

This problem has been around since at least office 2003. Lately I’ve been encountering it in recently updated versions of 2007, and by far the most straightforward way to fix it seems to be the following:

1. Run regedit (‘Start’ -> ‘Run’, type ‘regedit’ and click ‘Ok’)
2. Browse to the following registry key**:
   HKEY_CURRENT_USER\Software\Microsoft\MSPaper 12.0\Recent File List
3. Delete every value in the key (to clarify, delete all the values that appear in the right window).

From what I understand (from having to fix it in previous versions), there is a character limit on the file path of items that appear in the “Recently Opened/Used Files” portion of the ‘File’ menu. If a file whose path exceeds this limit (in previous versions it was 55 characters) appears in this menu, MODI will crash with the above error.

**Replace ‘MSPaper 12.0′ with whatever version you’re using; for example, office 2003 will be ‘MSPaper 11.0′

The following vbs code will disable Advanced Text Services:

Option Explicit
Dim objShell
Set objShell = CreateObject("WScript.Shell")
objShell.RegWrite _
"HKCU\Software\Microsoft\CTF\Disable Thread Input Manager", "1", "REG_DWORD"
objShell.RegWrite _
"HKCU\Software\Microsoft\CTF\Langbar\ExtraIconsOnMinimized", "0", "REG_DWORD"
objShell.RegWrite _
"HKCU\Software\Microsoft\CTF\Langbar\ShowStatus", "2", "REG_DWORD"
objShell.RegWrite _
"HKCU\Software\Microsoft\CTF\MSUTB\ShowDeskBand", "1", "REG_DWORD"

If you would like to uninstall this service completely (and prevent ctfmon.exe from running) then see the following Microsoft Knowledge Base article:

http://support.microsoft.com/kb/282599

I still have a few users who use Outlook 2002. For the most part, they don’t have any reason to upgrade as it still meets their needs and I can’t justify telling them to spend ~$300 per user just to do what they’re already doing (sending/receiving e-mail… If I had my way, they’d all be using Thunderbird.) Today however, I encountered the following bug:

(1) User composes an e-mail (using word as their mail editor). The user also attaches either a word, excel, or powerpoint attachment to the message (tested with all three file types).

(2) User saves the message to drafts.

(3) A little while later, the user decides to finish writing this e-mail. They casually double click the attachment (in this case, a word document) link below the subject line and get the following message:

No big deal right? We’ve all seen this before. But there’s a problem! When they try to click on the ‘Open it’ option, Outlook is unresponsive. The only thing they can do at this point is kill OUTLOOK.EXE via the task manager. What makes this even weirder is that if the user re-opens Outlook, navigates to the ‘Drafts’ folder, opens the message and instead right-clicks the attachment, then selects ‘Open’ from the context menu, the problem does not manifest itself when the user tries to click the ‘Open it’ option on the subsequent warning message.

In this case, the user is accessing Outlook via a Terminal Services session, so upon being notified by the user that “my Outlook is frozen”, I login and take over their session. I do not notice a problem; I was able to click on the ‘Open it’ option just fine and Outlook was responsive. The user was happy that I fixed their problem and all was well… until it happened again. And again. So now I’m in WTF mode. I was able to recreate the error—it occurs whenever you (1) are composing a message with an attachment, and then double click on the attachment or (2) do the same thing from a message saved in ‘Drafts’. Right-clicking and selecting ‘Open’ _always_ works however. After googling for a few minutes, I came to the conclusion that this had something to do with “Advanced Text Services” so I disabled it, closed Outlook, logged out, logged in, opened Outlook, tried to recreate the error again and everything worked just fine!

To disable Advanced Text Services (in Windows XP/2003 … probably others):

1. Click Start, then Control Panel.
2. If Control Panel is in Category view, click the Date, Time, Language, and Regional Options link, and then click the Regional and Language Options icon.
   If Control Panel is in Classic view, double-click the Regional and Language Options control panel.
3. Click the Languages tab. Click Details.
4. Click the Advanced tab. Check Turn off advanced text services.
5. Click OK. Click OK.
6. Close the control panel

Or, if you’d like to disable this feature automatically (via domain login script), click here.