Welcome to my blog. Here you'll find information about things that interest me. That means that mostly it will be about Microsoft Windows development and administration. My biggest interests are in SQL Server and C# development but I don't promise to limit my writings to what I know; I may also write what I think - even if I am wrong.
To get back to my home page, go to http://www.DalePreston.com
About Me
- Name: Dale Preston
- Location: Park Hill, Oklahoma, United States
I am a consultant specializing in developing Microsoft SQL Server, .Net Windows and ASP.Net applications using C#.
Archives
To DRM or not to DRM?
Pass an Array to SQL Server
Vista Sidebar Gadget Security
More Album Art Tips
Trojan.WSUS
More Media Disappointments from MS
Windows Media Player and Album Art
Media Playe FAQ
What is COM Surrogate?
Metadata Backup
ID3 Embed Pictures
Online Music Databases
ID3 Raw Tag Viewer
Removing ID3 Tags
Learn to Program in .Net
Encapsulating Fields with Properties
C# User-Defined Conversions
PGP - It Works For Me... or...
Pretty Good Privacy, Update
Pretty Good Privacy, So-so Software
Identity Crisis Cured
Identity Crisis
Visually Add Client Scripts to Your ASP.Net Pages
Rootkits and Hooks
DLL Hell was a Walk in the Park in Comparison
You Only Run Once
I just want to encrypt this simple line of text...
Returning Custom Classes from a Web Service, Part 4
Returning Custom Classes from a Web Service, Part 3
Returning Custom Classes from a Web Service, Part 2
Returning Custom Classes from a Web Service, Part 1
Motivation by Insult
No Excuses for not Localizing.
Dale Preston's Web Log
Friday, June 20, 2008
More Trojan.WSUS
I have about a dozen and a half PCs (half physical, half virtual) on my home network including a WSUS server. That's Windows Server Update Service for non-technical readers. It allows all my PCs to get updated by downloading updates only once. It's all been working fine for at least a year now.A few weeks ago, I approved Windows XP SP3 for installation on one PC - my Media Center 2005 PC (It's the only PC in it's group in WSUS). I wanted to test SP3 on one PC before deploying it on the rest of my XP PCs. The Media Center PC is configured to notify before downloading and before installing. The service pack was downloaded successfully to my WSUS server and I accepted the notification on the Media Center PC to download updates. There were 4 or 5 other updates and then XP SP3.
A few minutes later - maybe half an hour - without thinking, I shut down the WSUS server to complete the installation of updates on the server even though the Media Center PC had not finished updating. I didn't expect this to be a problem; it should be pretty common for a PC to lose contact with its update server or the Microsoft update servers in the middle of downloading updates.
When I turned the WSUS server back on and then rebooted the Media Center, I was unable to get the update download to continue. I tried the usual wuauclt.exe /detect now but it didn't help. Something was wrong but I didn't have time to find out what. Well, tonight I finally got the time to spend on resolving the issue. After much Googling and trying fixes that didn't fix a thing, I finally tried the obvious: ping the WSUS server to make sure I was even communicating with it. The surprising results were:
C:\Documents and Settings\MyUser>ping mywsusbox
Pinging mywsusbox.mshome.net [65.74.135.110] with 32 bytes of data:
Now how in the world did my Media Center PC that has been successfully finding mywsusbox on my network for over a year suddenly begin looking for mywsusbox at 65.74.135.110? I searched hosts files, etc. trying to find out how the requests to mywsusbox were being redirected. I opened group policy editor to see if the specified intranet Microsoft update service location had been changed. It had not. It still said http://mywsusbox/.
Finally I recognized something strange in the results from the ping. having MSHOME in the computer name isn't unusual. As I build and rebuild PCs I have to sometimes set the DNS suffix and since MSHOME is the default workgroup name for XP networks, I didn't think much about it being in the name originally. Then I noticed that it was mywsusbox.mshome.net. The .net part bothered me. Could that have been a real Internet address?
I pinged it and got no response. I did a tracert and found that the IP address routed to a server run by Directapps, Inc. at a hosting company named heraklesdata in Roseville (near Sacramento), California . I'd been HACKED! My PC, without my knowing or without my permission, was looking to an unknown server in California for updates rather than looking at my own WSUS server!
Now I was getting pretty upset. I'm a very careful Internet user and keep my PCs up to date. How in the world had I been hacked? And what other information could they have gotten? We don't do any surfing from the Media Center PC. We try very hard to limit its access to the Internet completely (see http://dalepreston.com/Blog/2007/04/windows-media-player-and-album-art.html). But we do use the Media Center to backup most of the other PCs so its local drives contain a lot of personal data. Had it all been compromised? I was getting frantic.
I started tracking down who this heraklesdata was and to find out what, if anything, mshome.net was. At first, I couldn't find anything useful on either. MSHOME is such a common term in Windows XP networking that Google results appeared rather useless.
Had someone gotten smart and registered the seemingly benign MSHOME.net and created the world's biggest security hole? This question led me to the next obvious step: Whois at http://whois.domaintools.com/mshome.net.
I was relieved, surprised, a little stunned, and a lot disappointed when I found out who owned the domain mshome.net: Microsoft!
Microsoft had, it looks like to me, hijacked my Media Center PC's update process and redirected it to their own server. I suppose I only found this because I turned off my WSUS server mid-update so the nefarious settings could not be removed at the end of the update process without me having become any-the-wiser.
I removed the changed DNS suffix settings using the Network Connections control panel applet (TCPIP advanced settings) and finally my Media Center PC was using my own WSUS server instead of Microsoft's update server in Roseville.
The implications of all of this boggle my mind. Microsoft apparently changed my network settings in a way that could have made my Media Center PC unreachable by other PCs on my local network, could have broken my backup system, and who knows what else. They redirected my PC to their application server without regard to my configuration settings intended to get updates from my own local network instead of from Microsoft on the Internet.
I have limited Internet bandwidth and performance because I am stuck with satellite Internet access in the rural area where I live - that's the reason I have my own update server in the first place. Microsoft bypassed my own server and used my valuable and limited bandwidth for updates without my permission. My wife and I have both complained about the slowness of our home Internet access but blamed our ISP. Now it appears it may not have been the fault of our ISP at all. It is likely that the slowness we have seen may very well be related to one or more of our PCs being redirected to Microsoft's servers without our knowledge or permission.
Now the only unresolved questions are, what else has Microsoft used Trojan.WSUS in order to install on my PC? What software, if any, were they secretly installing on my PC when they redirected me to their server at DirectApps, Inc? What was so important to get onto my PC that they bypassed my own update server and that they would change my network settings without my knowledge - even worse, include my own WSUS server name in their redirected URL so as to obfuscate what they had done?
- posted by Dale Preston @ 6/20/2008 10:19:00 PM 0 comments
Sunday, December 23, 2007
To DRM or Not to DRM
I haven't been involved much in the Windows Media Player newsgroups as much as I had planned this year; work and family have just taken all my time. I have found myself there much more the last few weeks, though.
Not much has changed. The same questions are the most frequent questions today as were when Windows Media Player 11 was released. And one of the more frequent topics is DRM, or Digital Rights Management. There are frequent questions from users who have lost access to their protected media or are afraid they might lose access to their protected media.
I don't have much to say on the topic of how to use DRM - I don't use it. What I want to talk about is why not to use DRM and how not to use DRM.
Let me say that all of this discussion is about DRM as it relates to music files, not video DVDs. DVDs are encrypted and protected in the United States by the Digital Millennium Copyright Act or DMCA. There is no way to copy them without DRM in the United States that will not get you prison time - in spite of previous laws that provide for your right to protect your investment and guarantee your fair use of the product you purchased.
There are two primary sources for protected audio files in the Windows environment:
Buying DRM Online
Probably the most common way to get DRM is to buy it intentionally. Most downloaded music (from legitimate download sites) comes as either protected WMA files (Microsoft format) or protected AAC (Apple format) files.There are many problems with both of these formats, DRM and not-DRM:
- Both of these formats, when protection is applied, limit your ability to copy the tracks to other PCs or to burn to CD. They have the ability to limit how many or what type of copies you can make.
- When you use copy protected music, you aren't buying a copy of the music. You are renting it. The copy remains the property of the store where you buy the music. Since they do include limits on how many PCs you can authorize the music for, at some point you will have replaced your computer often enough to run out of authorizations. My wife reads eBooks because of failing eyesight - just normal farsightedness that comes with age - but we are already having to consider limits when thinking of replacing her PC. Since she started reading them, we've upgraded her PC 6 out of 9 possible authorizations.
- What happens when the store you bought the tracks from goes out of business? Or licensing models change? How long will you be able to play your protected track? Microsoft is one of the biggest companies in the software and media business but even they have closed down MSN Music after tens of thousands, if not millions, of tracks were purchased and downloaded.
So far, Microsoft is maintaining the MSN Music license servers and users should be able to access their media. I don't believe it will be that way for long. What happens 10 years from now after those servers have not generated a single cent in new revenue? Will Microsoft still pay for new hardware and upgrades to those servers? And for security patches and for modifying the current licensing software to work with new versions of Windows Server? I seriously doubt it.
And what about other companies other than Microsoft. There have been other companies that sold music online that are no longer in business. Some of those companies did not have the resources from other sectors to maintain the license servers after the online music sales went defunct. Their customers are just out of luck the next time they patch or upgrade Windows Media Player or Windows. Or buy a new PC. There music rental is terminated without recourse. - All online music stores that I know of only sell compressed music - even the ones that sell MP3s. The compression schemes used for most music downloads are lossy - as in a loss of quality over the original Red Book Audio formatted PCM of the CD. The only way to compress digital audio - or to make the file size smaller - is to strip out bits of data. Those missing bits of data generally represent missing sound detail.
(Note, there are lossless compression schemes that strip out data such that it can be rebuilt exactly like the original. For instance, when a specific pattern of data is repeated 12 times, the software can remove 11 repetitions and then include a few bits that tell the decoder to repeat the single remaining instance of that pattern 12 times. These schemes typically offer about 30% compression, not the near 90% compression that MP3 or WMA compression provides. These lossless compression chemes are not typically what you are buying when you buy music online.) - If you create a standard audio CD from your downloaded files the quality will not match the quality of a CD by a long shot. I am pretty tone deaf and I can definitely hear the difference in quality.
If you buy physical CDs, you can rip the CDs to your PC in an uncompressed or lossless compression format and then you can do anything you want with it. If you need a copy of the CD, you can get original quality. If you need MP3 or WMA for a device, you can convert to the best quality MP3 or WMA possible. None of this is possible with the poor quality music available from most online music stores or from peer-to-peer downloading services.
Creating Your own DRM
Once you have bought your own CDs, unfortunately, there is still a way to invite the devil that is DRM into your home. Windows Media Player gives users the option of protecting their own music when they rip their own CDs.The question is to protect whom? From what? Or from whom? And why in the world would you want to? What's in it for you?
Ok, I will admit that the first couple CDs I ripped I did copy protect them. I don't believe in sharing CDs, either getting copies from friends or giving copies to friends - or downloading from peer-to-peer file sharing services. So, the first CDs I ripped, I thought I would do the right thing and protect them so that if anyone ever stole my thousand plus dollar computer, they couldn't get that twenty dollars worth of music. Noble, huh?
No, not noble; ignorant. First off, who am I protecting when I choose to protect the music I rip? Not me. In fact, I am not really even protecting the music labels or the artists. Let's be realistic here. First off, what are the chances that whoever steals my PC likes the same 60's and 70's rock that I listen to? And if they do, and if my music is all protected, they would probably have stolen my CDs when they broke in to steal the PC.
I found out what a big mistake it was to protect those files when, a few weeks later, I reloaded Windows on my PC and found myself unable to listen to any of those tracks!
I started ripping the tracks again with protection before the light finally came on. I wasn't going to go through this again. I stopped what I was doing and started over with no protection. The only thing I found protecting my own files was good for was to protect them from me!
If you don't want to voluntarily surrender your fair-use rights, do two things. If you must rip your CDs as WMA files, make sure the box labeled "Copy protect music" is not checked:
The second thing to do, even better than the first, is to rip your CDs as MP3 or WAV format files. The advantage to either, as related to DRM, is that neither format is capable of supporting DRM so there are no accidents. I have heard anecdotal reports on the Microsoft Windows Media Player newsgroups that there have been occasions where Windows Media Player has failed to play WMA files that should not have had protection. Since MP3 or WAV files can't have protection, that reduces the number of Media Player bugs that are likely to decide unprotected files are protected.
At least use MP3 rather than WMA. Every MP3 player in the world plays MP3 format files - thus the name MP3 player. For the ultimate in compatibility, you just can't beat MP3.
For the ultimate in quality, you just can't beat WAV. Once ripped to WAV format, you can easily convert to any format you wish with no loss of quality, whether that is MP3, AAC, WMA, or some new format yet to be invented.
- posted by Dale Preston @ 12/23/2007 07:54:00 PM 1 comments
