No Zytrons In Range

Another one of those things that I have a love-hate relationship with is World of Warcraft. The good news is that Blizzard actually makes an effort at Vista compatibility. (Unlike, for example, Valve who doesn’t even try.) The bad news is that Blizzard has no fucking clue how to actually make their product compatible with Vista.

WOW was built with the assumption that it would be able to read and write files from the Program Files folder at will. This assumption was wrong when it was built, and it’s especially wrong now that Vista is out. Windows 2000, BTW, has the exact same limitations for regular users as Vista does for administrative users, so it’s not as if this is new or anything. WOW has simply always been broken on Windows 2000, XP, and Vista.

The solution before was always just “well, run as administrator.” To this I reply: screw you. I’m sick of video games, which pretty much by definition never do any administrative tasks, relying on administrator permissions. WOW does nothing but shove tons of data through the Internet, both directions. With administrator permissions, that means WOW can, at the instruction of some random Internet server, completely fuck with any file on my system. The same applies to any other Internet-aware video game, and I’m sick of it.

Security aside, using the wrong folders also breaks the multi-user model of Windows. It’s impossible for WOW to have different settings for different computer users, because they only have one copy of the settings file. It’s also impossible for different users to run different sets of Add-Ins, because there’s only one folder that Add-Ins can be put in.

Game developers: Windows 98 was a long, long time ago. Please spend a few seconds to learn how NT permissions work before releasing a game to the unsuspecting public! You’re doing nothing but adding security holes to people’s computers and breaking OS built-in multi-user features. Stop it.

So back to WOW. WOW decides to store its configuration data in a “WTF” folder (no kidding, Blizzard!) inside its Program Files folder. This is wrong; that data should be stored in “Users//AppData”. Additionally, Blizzard puts interface add-ins in the Program Files folder. This is wrong; that data should be somewhere like “Users//WOW Add-Ins”. (For those reading closely, in this paragraph I’ve just outlined exactly what changes Blizzard needs to make for full Vista compatibility.)

Obviously Blizzard knew this was wrong, because they tried to fix it. How? In the most half-assed way possible, of course.

Blizzard moved their entire install to “Users/Public” (or presumably “Users/All Users” in XP.)

That user account is supposed to be used for files you want to share among all users on a computer, for instance, custom desktop backgrounds or maybe a music library. (You’ll note that’s where Vista puts all its sample media, so all users can access it.) It’s not intended for programs. In fact, nothing in the “Users” folder is intended for programs! Wrong, wrong, wrong!

And even worse, apparently Blizzard didn’t even bother to test if this would fix their issues. It doesn’t, it makes them worse! The problem they were trying to fix their auto-updater getting blocked by UAC prompts, what they ended up with is a situation where WOW is silently prevented from saving its own configuration files, and so it appears to be working just fine, except every time you log out, WOW forgets everything it ever knew. This includes making you agree to the EULAs over and over and over again.

Are you trying to tell me that nobody at World of Warcraft knows how NT permissions work? A 15-year-old system? At least Valve can use the excuse that they don’t even bother to try.

Blizzard, you’ve really earned this:

P.S. And whenever you see issues like this and look into the forums, people are always blaming Vista. As if Microsoft did something wrong by making their OS more secure. It’s almost enough to get me to break out that crazy pills image again.

Ok, so MS SQL Server has the worst installer in history. And Visual Studio 2008 has the second-worst installer in history. That’s a given. But when the two installers attempt to interact with each other, you’re left with an experience only slightly more pleasant than a lifetime of burning in hellish torment.

If you work with these two products, you’ll probably see the following dialog box when trying to install MS SQL Server 2008 SQL Server Management Studio (say that one three times fast!):

Rule “Previous releases of Microsoft Visual Studio 2008″ failed.

A previous release of Microsoft Visual Studio 2008 is installed on this computer. Upgrade Microsoft Visual Studio 2008 to the SP1 before installing SQL Server 2008.

(Yes, the grammatical error is in the original.)

It sounds simple enough, but true evil is always subtle in its workings. Once you receive this message, you do the only rational response, open up Visual Studio 2008 and select “Check for Updates” in its Help menu. This takes you to Windows Update which, lo and behold, actually has a download available for Visual Studio 2008 SP1! So you spend the next hour and a half (no kidding) installing the service pack from Windows Update.

So far this is the most easily-overcome obstacle I’ve ever encountered with one of these horrible installers! Or it would be if it worked, but of course it doesn’t. Despite the Windows update installer claiming to update Visual Studio 2008 to SP1, it doesn’t appear to actually do anything at all. Even after you reboot. At least, the version number for Visual Studio doesn’t change and SQL Server’s installer still barfs all over it.

Crap.

After a long Google search, I found a lengthy explanation of the problem, and if you spend the requisite 3 hours trying to understand the gibberish, you’ll realize where you went wrong. You can’t update Visual Studio using the update link that comes built-in to Visual Studio, you fool! You must instead use the one available at this website!

I write this in the hope, probably futile, that it’ll rise in the Google rankings and help the next pour soul who receives that poorly-written error message with no clue how to resolve it. And with the hopes that somebody who works on Microsoft’s SQL Server or Visual Studio teams will read this and fix their goddamned installers already! (but I’m not holding my breath on that one.)

Edit: I should have anticipated this!

Of course, after writing instructions on how to remove a common virus, I should have realized my content-sensitive Google ads on the left side of the page would all instantly turn into scam anti-virus tools.

Please, please don’t attempt to use any of those advertisers’ products to fix your computer if that’s what you came here to do. In fact, don’t click them at all. They won’t work, and you’ll just have more crap on your computer. Remember, despite anything Google might tell you, they don’t personally vet ads before letting them loose on their network and they don’t bother removing bad ads until somebody complains.

Sorry.

I managed to infect my work machine with this little bastard, and it took me several hours but I finally figured out how to get rid of it. Despite the name on the Wikipedia page, Vundo isn’t a trojan, it’s a plain ol’ virus, which managed to gain a foothold on my computer through Sun’s Java plug-in.

Lesson 1: Java is by far more trouble than it’s worth; uninstall it.

Anyway, I seem to have gotten a brand new variant of Vundo that slipped under Symantec’s radar, and the existing removal instructions and tools simply didn’t work for me at all. The most useful existing tutorial is on this seemingly nameless page, and the instructions on McAfee’s guide, which got me 75% of the way to the solution, and from there I found my own way to finishing the job.

To remove Vundo:

1. These instructions assume you are running Windows XP and have Administrator privileges. This shouldn’t be an issue, as if you didn’t run as Administrator, or were using Vista, you probably wouldn’t have been infected in the first place.
2. Follow the instructions on the seemingly nameless page linked above for identifying the DLL files used by the virus, up to the “Remove the Infection” header. (These instructions outline using ListDLLs.exe to get a list of all DLLs currently running on your computer. Vundo DLLs have a blank Version column, “C:\Windows\System32″ in the Path column, and have a string of 8 random characters as the filename.) Save the list somewhere handy, or print it out.
3. Locate the first DLL file on the list in your “C:\Windows\System32″ folder. Right-Click the icon and select Properties. Click to the Security tab. Make sure the “Everybody” group is selected, then click the Deny checkbox next to Full Control. This should automatically check all other permissions in the Deny column. (Note: you won’t be able to uncheck the “Allow” column, but the fix will work anyway.)
   

4. Repeat the last step for the other Vundo files identified using ListDLLs.exe. (In my case, there were 3 DLL files used by the virus.)
5. (This is the kind of nasty part.) Perform a hard reboot by holding the power button of your computer in for 15 seconds, or until it turns itself off. You cannot allow your computer to shut down normally, or Vundo will rename and reproduce itself during the shut down process.
6. After your computer finishes restarting, you can now delete the DLL files you changed permissions on. You should also empty the recycling bin, to ensure they are fully deleted.
7. Run a virus scanning program that’s normally capable of getting rid of Vundo to ensure nothing else remains. Spybot Search and Destroy seemed to do a good job of identifying it, or you could download and use Symantec’s removal tool.

How does this work? The variant I have keeps its DLL files constantly open and locked using both WinLogon.exe and Explorer.exe, so they are impossible to rename or remove.

The seemingly nameless page recommends queuing the files to be deleted on the next boot, but that didn’t work at all on my system. (Once WinLogon.exe is running, the DLL files are impossible to delete. I think the “delete on next boot” utility doesn’t run until WinLogon is already running.)

McAffe recommends using Process Explorer to Suspend Explorer.exe, WinLogon.exe and RunDLL32.exe as you do the removal, and then do a hard reboot. This in theory would prevent Vundo from re-establishing itself during the shut down process, but it didn’t work for me because the DLL files were impossible to rename or remove while Explorer.exe and WinLogon.exe were running, even when they were suspended. (Which makes sense– suspend is like pausing a program. If the program has locked files, why would you expect them to become unlocked while it was paused? I can only assume McAffe’s directions work on a different variant of Vundo, although I can’t see how.)

My solution relies on three handy bits of trivia I’ve learned:

• Windows XP boots using Administrator group permissions.
• Deny permissions always over-ride Allow permissions.
• The NTFS driver starts enforcing file permissions really, really early in the boot process

Basically, by setting Deny permissions for the Administrator group on the DLL files, we made it impossible for any program on the computer to run them, even programs that start before the user is logged in (like WinLogon.exe.) Once WinLogon.exe and Explorer.exe both fail to open the Vundo DLLs, they can simply be deleted from the system because they are no longer locked.

I hope this is helpful to somebody down the line.

Posted from a new iPhone. I’m so ashamed.

Ok, the iPhone is a really slick piece of technology. It also requires iTunes for all of its features to work. If you want an analogy, this is kind of like taking the precision steering of a formula one racer and installing it into a 5-ton garbage truck.

iTunes sucks.

iTunes sucks a lot.

I’ve spent the last 2 and a half hours on the phone with Apple, trying to fix this:

And this:

After a few long exercises in time-wasting* and lots of hold time, we finally managed to solve the first problem, hopefully permanently.

The second problem? Not so much… even re-installing iTunes didn’t help it. It’s just a giant steaming turd of iTunes suckage I have to click through now every goddamned time I plug in my iPhone.

And yes, I made Apple’s techs wait on the phone the whole time it took me to uninstall iTunes (4 uninstallers!), download a new copy from the web, and install it again (one installer with 2 UAC prompts!) If they’re going to release shoddy products, they’ll have to cough up the dough to keep those techs paid when I run into problems. Even trivial problems, in fact, even more so for trivial problems simply out of spite.

I bet if every iPhone user who had problems with iTunes called them up, they’d be rushing to make a new version of iTunes with the shittiness removed. Am I the only one who gets bothered by crappy software that hardly works?

Oh well. The iPhone works, finally, and it’s busy loading itself up with music from my media server.

* No, idiot Apple tech, my default Vista cookie settings are not the cause of the problem, otherwise you’d get 10,000 calls a week about this exact same issue from other Vista users! Engage your brain!

A recent “live chat” with an Earthlink customer service representative. Proving that if you ever see anything that looks like dry-loop DSL in Washington State, you’re dreaming and should go back to bed.

Chat Information: Thank you for choosing our secure EarthLink Sales chat. All agents are currently assisting other customers. Thank you for your patience. You are number ‘1′ of ‘1′ customers in line. Your estimated wait is ‘0′ minutes and ‘30′ seconds.
Chat Information: Hello and welcome to EarthLink’s secure live Sales chat. You are chatting with Kelly K..
Kelly K.: Thank you for using EarthLink’s live Sales chat. How can I help you today?
James Schend: Hi, I currently have Verizon and I want to drop my landline phone service and get dry-loop DSL, is that a service you offer?
Kelly K.: Great, I can help you with that.
Kelly K.: Let me see what is the best service available for you.
Kelly K.: To do a check for service I will need your full name, phone number and complete physical address at that location.
James Schend: My name is James Schend
James Schend: Phone is ___-___-____
James Schend: And address is __________
Kelly K.: Thank you.
Kelly K.: One moment while I get that information for you.
Kelly K.: Thank you for your patience.
Kelly K.: I see that you are serviceable for our High Speed DSL service.
Kelly K.: Our Freestanding (Dry Loop) DSL Internet is not available at that location yet.
James Schend: Ugh, that’s no better than Verizon. Is there any way to be notified when it’s available, or request it?
James Schend: I’d rather not give Comcast any money, but I’m sick of being ripped-off for a local phone I never use.
Kelly K.: I am afraid no. Well you can keep your phone service to the minimum so that our Highspeed DSL Internet can run.
James Schend: What would that cost per month?
Kelly K.: This is a best effort technology with speeds up to 1.5mb on the download and up to 128kb on the upload.
Kelly K.: Right now I can save you $99 by waiving the fee for equipment and activation. You then get the first 3 months of your contract for only $12.95/ mo. and the remaining 9 months are just $39.95 each.
Kelly K.: I can get this started for you right now, if you would like.
James Schend: I’d rather have 3 mbit, is that available?
James Schend: That’s what I currently have through Verizon.
Kelly K.: Sure.
Kelly K.: This is a best effort technology with speeds up to 3.0mb on the download and up to 384kb on the upload.
Kelly K.: Right now I can save you $99 by waiving the fee for equipment and activation. You then get the first 3 months of your contract for only $19.95/ mo. and the remaining 9 months are just $39.95 each.
Kelly K.: Would you like me to get this order started for you?
James Schend: What kind of phone service comes with that? You said the bare minimum, but I still ahve to pay all the phone taxes
Kelly K.: Well we do not provide phone service.
James Schend: You just said it would be minimum phone service to qualify for DSL
Kelly K.: I am just telling you that you can keep your existing phone service to the minimum cost so that you can use our Highspeed DSL Internet.
James Schend: That’s no different than what I have now, except I have to pay 2 bills every month
James Schend: Instead of one
Kelly K.: Well that’s right but EarthLink DSL service is rated the best service by PC Magazine as well as JD Power. With all of the additional features that we offer with our Internet service that is hard to get with other companies , along with our Award Winning Technical and Customer support
James Schend: I don’t care about any of that, I just want internet service at a decent price with NO local phone and NO cable TV.
James Schend: I don’t know why it’s so damned hard to get that.
James Schend: I’m knowledgeable enough on computers that I guarantee that I’ll never call your tech support or download your software.
James Schend: I just need service.
Kelly K.: I understand your concern but our Freestanding (Dry Loop) DSL Internet is not available at that location yet.
James Schend: It’s 2008. When will it be? When I’m long dead?
James Schend: Sorry, I’m just so frustrated that I’m chained to this goddamned useless phone.
Kelly K.: I understand your frustration.
James Schend: Well, thanks anyway for your help. But paying more and having two bills instead of one isn’t an improvement.

Yes, just because Washington State is home to Microsoft, Amazon and Nintendo of America doesn’t mean we get any reprieve from the lousy state of Internet provider monopolies in this country. God-forbid I go my life without a useless and annoying land-line telephone, Verizon’s doing me a favor by offering me shitty service!

(P.S. Yes, I realize I was pretty rude to the sales person there. Oh well.)