Opera 32 released

A new version of the Opera web browser was released earlier today. Version 32.0.1948.25 improves synchronization and security, and adds animated backgrounds. The bookmark tab now has a tree view, which makes it much more useful, in my opinion.

When Opera first switched from their proprietary browser engine software to the generic WebKit engine, I was concerned that Opera would become just another Chrome clone. It’s taken a while, but Opera is now well ahead of Chrome, in that it has several options for displaying a list of bookmarks in a sidebar. The included bookmark tab doesn’t appear on every page, but even if that’s a deal breaker, you can always enable the extensions sidebar and install a bookmark extension like Bookmarks by the Side.

After using the new Opera for a while this morning, I’m impressed by its speed. I’ll try using it as my main browser, and if I like it, it’ll be goodbye to Firefox, which has become bloated and unstable recently.

Update: I apparently missed the release of Opera 31 on August 4.

Patch Tuesday for September 2015

There’s another big crop of updates from Microsoft this month, including some fixes for Windows 10. Twelve updates were made available earlier today, and of those, five are flagged as Critical. Fifty-six separate vulnerabilities are addressed, affecting all supported versions of Windows, Microsoft Office, and SharePoint.

Adobe announced a new version of Shockwave Player today as well. Version 12.2.0.162 addresses two security vulnerabilities.

Setting up a custom taskbar menu in Windows

Microsoft continues to miss the mark in its efforts to fix the Windows Start menu. Introduced in Windows 95, the Start menu became yet another Windows garbage can (like the registry), filled with items that you had to scroll through to find what you were looking for. Many users gave up on it and continued to use their desktop for commonly-used shortcuts.

I chose a different approach, which was to customize the root folder of the Start menu, so that while the ‘Programs’ subfolder was still filled with garbage, and I rarely even opened it, the top of the Start menu contained only the shortcuts I really used. This had the advantage of keeping my desktop clear while making the Start menu easy to navigate.

Microsoft tried to clean up the Start menu in subsequent Windows releases, adding highlights for newly-installed shortcuts, fading out rarely-used shortcuts, adding a quick keyboard search, and widening the menu to two columns. None of these changes really gave me what I wanted, though, and I continued to customize the Start menu as before.

Starting with Windows 7, it was no longer possible to customize the Start menu by simply adding and removing shortcuts and folders to its top level folder. At that point I started looking into alternatives, and settled on the method described below.

Later, with Windows 8, Microsoft gave up on the Start menu completely, pushing users to the even less usable Start screen. This was a very bad idea, and users (including myself) complained bitterly. Microsoft promised to bring the Start menu back in Windows 8.1, but then reneged on their promise, choosing to wait for Windows 10 instead.

Which brings us to Windows 10. But while the Start menu is back, you still can’t really customize it. There are ways of doing it, but they are nowhere near as convenient as in the past. Many users are buying third party software to bring a usable Start menu to Windows 10.

The procedure

I’ve been using this this method to create a custom menu on the taskbar since Windows 7. Before Windows 7, it was still possible to easily customize the Start menu, so this wasn’t really necessary.

My custom menu solution, which is just a specially-configured quicklaunch toolbar. The screen shot above is from my Windows 10 testing computer.
My custom menu solution, which is just a specially-configured quicklaunch toolbar. The screen shot above is from my Windows 10 testing computer.

  1. Right-click the taskbar and uncheck Lock the taskbar if it has a checkmark next to it.
  2. Right-click the taskbar again, select Toolbars, then New toolbar…
  3. In the New Toolbar – Choose a folder dialog, navigate to your documents folder.
  4. In the right hand panel, right-click in an open area and select New > Folder from the context menu.
  5. Enter a name for the new folder. I use ‘[Menu]’ because I have a weird affinity for square brackets. Press Enter to finish creating the folder.
  6. Make sure that the folder you just created is selected: its name should appear in the Folder box below.
  7. Click the Select Folder button.
  8. The new toolbar should appear somewhere on your taskbar. Exactly where it appears will vary.
  9. Drag the new toolbar to where you want it to appear. I like mine on the far left, just to the right of any pinned app icons. To do this, you have to click and hold the mouse on the name of the toolbar, then drag it. You can drag it past and over other toolbars. This might results in a bit of a mess, but we’ll fix that shortly.
  10. You probably want the new toolbar to take up as little space as possible on the taskbar, so make it shorter by clicking and holding on the two narrow, vertical lines at the extreme right end of the new toolbar, and dragging to the left.
  11. At this point it will be helpful to drag a shortcut to the new toolbar, to help give you an idea of what you’re dealing with. If you right-click and drag a shortcut, when you release the mouse button, you’ll get a context menu that will allow you to choose whether you want to move or copy that shortcut.
  12. If the toolbar is narrow enough, the shortcut will disappear and you’ll see a small double-arrow icon appear. Click this small icon to see what your new custom menu looks like.
  13. Right-click on the new toolbar’s name, and uncheck Show Text.
  14. Right-click on the new toolbar’s name, and uncheck Show Title.
  15. At this point you’ll notice that with the toolbar title gone, it’s more difficult to know where to right-click on the toolbar to see its context menu. I find that right-clicking on the two vertical lines on the far left of the toolbar does the trick.
  16. Right-click on the new toolbar, select the View menu, then choose Large Icons or Small Icons, according to your preference. I like small icons.
  17. Carry on adding more shortcuts to the new toolbar. You can add any kind of shortcut: applications, documents, and web addresses. You can also right-click on the toolbar and select Open Folder to make this task a bit easier.
  18. Make a final adjustment to the width of the toolbar by dragging the double lines at its right end. I like to make it wide enough to show the top couple of shortcuts right on the taskbar, which I use for my browser and email applications.
  19. Adjust the widths of any other toolbars that got messed up earlier.
  20. Right-click anywhere on the taskbar and select Lock the taskbar.
  21. The new menu may occasionally be a bit slow to respond, but you’ll find that with frequent use this behaviour improves.

Many new top-level domains used for malicious activity

Blue Coat, a company that develops network security software, recently published a report on the amount of shady activity associated with top-level domains (TLDs) on the Internet. Examples of TLDs are .com, .net, and country-specific domains like .ca and .us.

A few years ago, a new batch of TLDs was introduced, including .zip, .review and .country. At the time, ICANN said the changes would “unleash the global human imagination.” Well, as was widely predicted, many of those new TLDs are apparently being used almost exclusively in connection with all kinds of malicious activity. Apparently it was mostly the imagination of criminals that was unleashed.

Chrome 45.0.2454.85 fixes 29 security bugs

The newest version of Chrome is 45.0.2454.85. At least 29 security vulnerabilities were fixed in this release, and there are hints of bigger changes to come in later releases of version 45 in the associated announcement.

The change log for this version is enormous. The first reader who wants to risk a migraine to review the whole thing, and reports back to me everything that changed in this version, will win a six-pack of their favourite beer (offer expires with the next release of Chrome).

Update 2015Sep04: We now have at least a partial answer to the question. Yesterday Google published a post on the Chrome blog that explains some of the changes in Chrome 45. It’s all about performance. If you have Chrome configured to load open pages from its last session, it will now start more quickly. Chrome will now use idle time to free up memory it’s no longer using. And the expected change that prevents Flash content from auto-playing is now in effect.

Security roundup for August 2015

Last month in security and privacy news…

A weakness was discovered in the open BitTorrent protocol, rendering torrent software vulnerable to being used to initiate DDoS attacks. The BitTorrent protocol flaw was quickly updated, and patches for affected software were developed and distributed.

Malvertising continued to spread, most recently affecting popular sites like weather.com, drudgereport.com, wunderground.com, and eBay. Anyone visiting those sites with an unpatched browser may have inadvertently caused their computer to be compromised. Needless to say, the malicious ads were built with Flash.

It was a bad month for Android, as one of the updates released by Google that were intended to fix the Stagefright flaw turned out to be faulty, leaving some devices still vulnerable, and forcing Google back to the drawing board. Security researchers also discovered a flaw in Android’s Admin program that allows apps to break out of the security ‘sandbox’ and access data that should be inaccessible. Two flaws in fingerprint handling were also found in many Android devices, leaving both stored fingerprints and the fingerprint scanner itself vulnerable. And finally, new research exposed the predictability of Android lock patterns, making this particular form of security much less effective.

Lenovo’s hapless blundering continued, with the discovery that many of their PCs were using a little-known BIOS technology to ensure that their flawed, insecure crapware gets installed even when the operating system is reinstalled from scratch. Will these bozos ever learn?

Jeff Atwood reported on a new danger: compromised routers. If an attacker gains control of your router, there’s almost no limit to the damage they can inflict. Worse, there are no tools for detecting infected routers. If your router is compromised, no amount of malware scanning on your network’s computers will help. You’re vulnerable until you realize that the router is the problem and replace it or re-flash its firmware.

Mozilla offered more details on planned changes to Firefox that are expected to improve the browser’s security, stability, and performance. These changes are likely to benefit Firefox users, but will come at a cost: many existing browser add-ons will become obsolete. Add-on developers will be forced to make big changes or retire their software. Certain types of add-ons may not even be possible with the changes Mozilla plans.

In privacy news, the Electronic Freedom Foundation (EFF) released version 1.0 of Privacy Badger, a Chrome and Firefox add-on that blocks tracking mechanisms used on the web. The add-on initially doesn’t block anything, but learns as you browse, detecting cookies that are used on more than one site and blocking them.

And in other EFF news, a new malware campaign uses spearphishing techniques to get targets to visit what is supposed to be an EFF web site but is in fact a source of virulent malware.

Google announced upcoming changes to Chrome that will prevent extension developers from using deceptive practices to trick users into installing their software. Specifically, the ‘inline installation’ process will no longer work for extensions that are associated with these deceptive techniques. This is a good example of a software maker (Google) backing away from a feature that improved usability at the cost of security.

Google also firmed up plans to prevent most Flash media from being displayed by default in Chrome. Flash media won’t be blocked, but users will be required to click on each embedded video before it will play. Google’s official reason for doing this is to improve Chrome’s performance, but the change should reduce the spread of malvertising as well. Of course, Google’s own advertising network still allows Flash-based ads, and those ads will still auto-play. Google’s advice to advertisers is to switch from Flash-based ads to HTML5-based ads, or move to Google’s ad network.

And finally, Ars Technica posted a useful overview and instructions for encrypting your desktop, laptop and mobile devices. Be warned, total device encryption is not for the faint-hearted and comes with certain risks. For example, if you forget to tell your IT person that your hard drive is encrypted and they try to recover your computer from a failure, you may lose everything, even if your data is backed up.

Barely-documented updates for Windows 10

Anyone running the release version of Windows 10 (build 10240) may have noticed a few updates being installed in the last day or two. Clearly Microsoft is moving ahead with its plans to eschew the monthly Patch Tuesday update cycle for Windows 10. Unfortunately, there’s also not much information available about these updates.

Here’s what Microsoft is giving us:

  • KB3081449 – OOBE Update for Windows 10
  • KB3081452 – compatibility update for upgrading to Windows 10
  • KB3081448 – Cumulative Update for Windows 10

As you can see, these Knowledge Base articles are rather light on details. So that’s how it’s going to be, Microsoft?

WinBeta has a bit more information.

Security updates for QuickTime on Windows 7 and Vista

I don’t usually post about Apple software, but the QuickTime Player is installed on many Windows computers, so it falls into a kind of grey area.

Apple recently released an update for QuickTime to address at least nine vulnerabilities it exposes on Windows 7 and Vista computers. Anyone who uses QuickTime on Windows 7 or Vista should install the new version of QuickTime as soon as possible.

I no longer have QuickTime installed on my main computer. Downloaded QuickTime media files play in a combination of VLC and Windows Media Player. There’s no QuickTime player plugin in my my main web browser, either, but I don’t really mind not being able to see QuickTime media embedded in web pages. If I really need to see that content, I can always download it.

If you’re not sure whether you have QuickTime installed, or want to find out how QuickTime media is played on your computer, you can try playing these QuickTime sample media files.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.