Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Windows users: uninstall Quicktime now

QuickTime is Apple’s media player software. It was originally developed for Mac only, but eventually Apple produced a Windows version. It’s often installed on Windows systems as it’s almost the only way to play Apple’s proprietary Quicktime media.

The current version of Quicktime for Windows has at least two security vulnerabilities. Rather than fix those issues, Apple has decided to stop developing the Windows version. In other words, if Quicktime is installed on your computer, it is – and will always be – vulnerable.

This leaves Windows users little choice but to remove Quicktime completely, and that’s what we’re recommending.

Ars Technica has additional details.

Chrome 50 released

According to the full change log, 8748 changes were made to Chrome for version 50.0.2661.75. At least twenty of those changes are related to security, so this is an important update.

With this many changes, it seems reasonable to expect that one or two of them might be worth pointing out, but the release notes only say that there are a number of fixes and improvements, and to “Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 50.”

Rather than spend several days reading the details of all 8748 changes, I’ll wait for further announcements from Google. If I discover anything interesting, I’ll add it here.

Windows 10 Insider Preview Build 14316

Last week Microsoft pushed out another preview build for Windows 10: build 14316.

For me, the most interesting aspect of build 14316 is ability to use Linux commands from the Windows 10 command line. Getting this to actually work involves a few additional steps, including installation of Visual Studio, Microsoft’s main development platform. Sadly (for me, anyway), this essentially requires at least 4 GB of RAM, and my test PC has only 2 GB.

Build 14316 also sports improvements to Cortana, more new extensions for Edge, and better control of alerts in the Action Center. You can now switch between dark and light visual modes globally. Virtual Desktops have been enhanced with multi-desktop pinnable windows. Battery settings were improved. The Feedback Hub now allows user comments.

The BSOD (Blue Screen Of Death) screen that appears when Windows crashes has been improved with QR codes. This is a neat idea, because it means you no longer have to write down the error details. Just scan the code with your smartphone to find out what the error means.

A new setting in Windows Update allows you to specify a window of time during which the computer should not be restarted automatically. Unfortunately, the window can be ten hours long at the most.

With this build, Microsoft changed the status messages that appear on your screen during installation. These messages now look more like the ones you see when installing Windows updates. This change may be partly due to the unintentionally humourous nature of the original messages. My favourite was “All your files are exactly where you left them”, which was presumably meant to be reassuring, particularly as upgrades in previous Windows versions would sometimes blow away user data.

Patch Tuesday for April 2016

Microsoft offers up thirteen patches this month, addressing thirty security issues in the usual culprits: Windows, Internet Explorer, Edge, .NET, and Office. There are thirteen updates in all, six of them flagged as Critical.

The folks at SANS now provide useful summaries of Microsoft patch days, showing which vulnerabilities are addressed in each update, with multiple risk assessments.

Flash 21.0.0.213 fixes 24 security issues

Earlier this week Adobe issued a security alert about a Flash vulnerability that was (and still is) being actively exploited on the web. As expected, that vulnerability has been fixed in a new version of Flash. In all, twenty-four security vulnerabilities are addressed in Flash 21.0.0.213.

If you use a web browser with Flash enabled, you should install the new version as soon as possible. You can find out whether Flash is enabled in your browser by visiting Check-And-Secure.

As usual, Chrome will update itself with the new Flash, and Internet Explorer and Edge running on newer versions of Windows will get the new Flash via Windows Update.

New Flash vulnerability discovered

According to a security bulletin published yesterday by Adobe, all versions of Flash older than 21.0.0.182 running on Windows are vulnerable. The specific vulnerability involved — designated CVE-2016-1019 — is flagged as Critical, and could allow an attacker to crash or take over control of targeted Windows systems.

Adobe says that Flash 21.0.0.182 contains a mitigation that protects it from this vulnerability, so if you use Flash, and you’re not already running 21.0.0.182 or newer, you should install it ASAP.

Adobe is working on a more comprehensive fix for this vulnerability and plans to release another new version of Flash in the next day or so.

Malicious Firefox add-ons can co-opt other, vulnerable add-ons

Security researchers recently discovered that Firefox add-ons can use functions and data from other add-ons. This allows malicious persons to create seemingly-innocuous add-ons that look for and use vulnerable versions of popular add-ons like NoScript and Firebug.

For this type of exploit to work, a user would need to a) leave a vulnerable add-on unpatched; and b) install the malicious add-on. Which means that we have yet another reason to make sure that Firefox add-ons are kept up to date. Thankfully, the extremely useful NoScript add-on receives updates automatically, and frequently.

This also serves as a reminder to be careful when installing any add-on, no matter how innocuous it seems.

Mozilla is currently revamping the add-on framework in Firefox. The new system will improve security, preventing add-ons from accessing each others’ functions and data.