Mytech

A community of I.T experts

RSS

Roberto Suggi Liverani and Nick Freeman, security consultants with security-assessment.com have discovered that poorly-written Firefox extensions can be exploited to install malware on a victim’s computer. It seems Mozilla does not have any security requirements for extensions. That’s a problem, as their flagship Web browser Firefox implicitly trusts extension software.

Confusion about add-ons

Mozilla and extension developers tend to confuse terms by generically calling extensions, add-ons. They are add-ons, but it is important to know that plug-ins are add-ons as well. The main difference being, plug-ins are automatically installed. This article is about extensions, but you can learn about plug-ins and their problems in “Firefox Plug-ins: What are they?”

What are extensions

Developers at Mozilla work hard to keep code for the Firefox Web browser to a minimum. That is a good thing. It reduces complexity, bugs, and allows Firefox to load quickly. The flip side of a minimal foot print is leaving users wanting additional features to make surfing easier and more enjoyable. Enter extensions — they give Firefox increased extensibility or the ability for users to add features of their choosing.

What Mr. Suggi Liverani and Mr. Freeman found

The researcher’s presentation was exemplary, explaining in detail how weak extensions are exploited. The presentation also gave several examples of questionable extensions and how they are exploited. Two of the better-known extensions examined were CoolPreviews and FireFTP.

Some questions :

Question 1: How did you discover vulnerabilities in Firefox extensions?

We were auditing a large web application which included a tailored-Firefox extension. That was the first time and we suddenly realized we had to include the extension in the testing scope. Also, we were playing with other extensions (Skype and InfoRSS) and we felt there could be bugs in those extensions as well.

Question 2: Could you please explain how the exploit works?

There are many ways a vulnerable-Firefox extension can be exploited. This really depends on the nature of the vulnerability. An input-based vulnerability such as Cross Site Scripting has significant consequences in extensions, especially when malicious code can be executed from the chrome:// zone.

Question 3: You mention that Chrome plays a big role in this exploit. What is Chrome and what part does it play?

In our presentations, we refer to Chrome as the chrome:// zone where the extension’s code runs (chrome privileges are trusted by Firefox). Chrome privileges allow extensions to do basically anything with the OS by querying/interacting with Firefox core functionality provided by XPCOM libraries/interfaces.

Question 4: Could you explain the comment: “Any input rendered in Chrome is an XSS injection point”?

What we mean is that if you have in injection point in the chrome:// zone, then it is game over. The injection can include arbitrary browser-based content which has chrome privileges. This allows exploitation of Firefox extensions as shown in the following slide.

Question 5: Your presentation mentions that NoScript is rendered useless by this exploit, could you explain how?

NoScript is a security extension and protects the user when browsing untrusted content (e.g. Internet). The misconception is that NoScript can protect you from vulnerable extensions. The chrome:// URI scheme is whitelisted in NoScript, as most extension code needs to run with chrome privileges to provide functionality. For example, an extension that shows the content of your C:\ Folder needs chrome privileges to interact with the file system. NoScript cannot block chrome:// as that will break Firefox and extension functionality.

Question 6: You state that running Firefox in Safe-mode is the only sure-fire cure at this time. Why can’t extensions just be removed?

Extensions can be removed. That line is more a security policy in a corporate/company environment where Firefox is used. An administrator should set Firefox in Safe Mode so users cannot install extensions. This needs to be weighed on a per-case basis, as using Safe Mode means you can’t run NoScript, so normal browsing becomes less secure.

Recommendations

Mr. Suggi Liverani and Mr. Freeman have come up with the following recommendations for developers, security professionals, and end-users:

Developers

• Follow the Open Web Application Security Project (OWASP) developer’s guide.
• Read code of similar extensions for ideas on how to avoid this problem.

Security professionals

• Adhere to the OWASP testing guide.
• Watch publications for new ideas on just-released extensions.

End-users

• Don’t trust extensions.
• Check Bugzilla for new information about extension-security issues.
• Make sure extensions are up-to-date.
• Consider Safe Mode, as it disables all extensions.

Final thoughts

The fact that Firefox extensions are vulnerable, was not on my radar. Not until I read about the work being done by Mr. Suggi Liverani and Mr. Freeman. The researchers are in contact with Mozilla, and Mozilla has acknowledged this problem. If Mozilla’s past performance is any indication, there should some sort of solution sho

Install Windows 7 from a USB flash drive

10 things you can do to keep Exchange running smoothly

Dual-boot Windows XP and Windows 7

Windows Vista’s System Restore is a handy feature that allows you to undo actions, like system updates and driver installations, when they go astray or cause problems. Yet if not configured properly, System Restore can gobble up a large chunk of your computer’s free disk space. In this TR Dojo video, I’ll show you how Vista’s System Restore works and how to use the hidden VSSAdmin command-line tool to prevent it from filling up your hard drive.

Every day, too many PC users needlessly lose data and productivity from operating system failures. There’s a remedy that could alleviate most of them.

——————————————————————————————————————————————————

Somewhere right now as you’re reading this, there are computer users whose hearts are sinking as they look at their screens, waiting, hoping, some even praying, that their computers will safely reboot from a fatal error and everything that they have saved on the computer – letters, photos, emails, their latest presentations and project files – will magically reappear. For a lot of them, their hopes will be in vain.

In most cases, it’s not really their fault. The problem was likely caused by a poorly-written device driver, or a conflict between two incompatible pieces of software, or an operating system glitch that was always there but wasn’t triggered until recently. In a few cases, the problem might have been caused by a nasty bit of spyware or malware that the user got over the Internet.

Whatever the culprit may be, the consequences are all-too-often an unbootable system. That means that the operating system has to be reinstalled. And, if the OS was originally installed based on the default standards of Microsoft Windows or Mac OS X, then all of the user data on the system will be lost when the OS is reinstalled.

It doesn’t have to be that way. There’s a simple way to avoid losing user data during an OS failure, and it doesn’t involve virtualization, mandatory backups, or cloud computing. It would simply involve the world’s primary OS developers, Microsoft and Apple, adopting a little trick that IT professionals and some power users have been using for over a decade.

I learned the trick from a fellow IT pro in the late 1990s, and since then I have never installed an OS on a personal or business machine without doing it. The trick is a simple one: Hard disc partitioning.

You set up two partitions, one for the core OS and one for data. Although you only have one hard disc, partitioning make it looks like two separate hard discs to the OS. The primary partition is the one that has all of the system files on it. The secondary partition is the one where the user saves all of their files.

If the OS ever runs into major problems or becomes unbootable then you simply blow away the primary partition and reinstall the OS. Once the new OS is up and running on the primary partition, you can open the secondary partition and find that all of the user’s data is completely intact and untouched.

As I’ve already mentioned, IT departments have been doing this for years. In fact, many of them do even more sophisticated tricks like folder redirection and automatically shifting the “My Documents” folder to the secondary partition. But not every IT department is that slick and not everyone has an IT department. Even in the business world, there are lots of small businesses and sole proprietors who buy all of their PCs retail and have no formal IT.

Thus, what I’ve been verbally advocating for years is that Microsoft and Apple make this two-partition scenario part of the default installation of their respective operating systems. It should be automatic and it should be completely invisible to the user. If Microsoft and Apple did nothing but this, it would make the PC universe – and by “PC” I mean both Macs and Windows-based PCs – a much nicer place to live.

However, there is still one challenge with this scenario. If you blow away and reinstall the OS, you also have to reinstall all of your applications and reconfigure all of your settings. That can easily lead to several hours of lost productivity.

Therefore, I’d like to take this proposal one step further. I’d like to suggest that Microsoft and Apple divide the default installation of the operating system into a logical triumvirate of partitions: 1.) the Core OS, 2.) User applications and settings, and 3.) User data. Below is a diagram and a description of how this would work.

1. Core

This would be the primary partition and would include all of the system files, DLLs, and device drivers that make up the heart of the operating system. Isolating the core OS would help it to become much more self-healing in terms of dealing with device drivers and software conflicts. The OS should be able to do automatic updates of missing files, automatic driver rollbacks, and more granular system restores when it detects fatal errors.

If irreparable damage is done to the OS, it should also be easier to do a reinstall. Many PC manufacturers now put a small recovery partition on their Windows PCs. This partition (separate from the primary partition itself) has a compressed version of all the system files that can quickly be expanded and then used to reinstall the OS along with all the native device drivers for the system. Lenovo has even gone so far as to experiment on some PCs with a “reset” button that automatically launches a full reinstall from the recovery partition.

This type of recovery partition would be partition 1a in my scenario and would obviously be an excellent compliment to the default OS installation. In the Windows world, PC manufacturers would need access to this partition in order to integrate their native drivers.

2. User

The second partition would be the home for what Microsoft calls User State (the user’s OS settings), plus the user’s installed applications, and the user’s application settings. This would become the place where all third-party apps are saved and their settings are stored. That way, if the OS is blown away and reinstalled, all of the user’s applications don’t have to be reinstalled too.

The other fringe benefit of this is that it would enable users to seamlessly jump between different computers and take their apps and their settings with them as they go, if this user state partition were replicated to an internal network share, to the cloud, or even to a USB key or an external hard drive. It could also streamline the process of a user migrating to a new computer.

There are some obvious challenges with this approach. First, when the OS is reinstalled, it likely will not have the same version of the OS in terms of patches and service packs and any other dependencies like Java, Flash, or the .NET Framework. That could cause problems for apps. That’s where a self-healing OS would come in very handy. Also, the portability scenario would have major implications for software licensing that would have to be worked out.

3. Data

The third partition is the most important. This is where the user’s unique files and data would be stored. All user files should be saved here by default, and the OS should make it difficult to save data anywhere else by requiring administrator override and popping up a scary dialog box. And, again, this whole thing should be completely transparent to the user, who will simply be directed to save all files in their personal documents folder.

Beyond just protecting the data during an OS reinstallation, sectioning off all user data would also facilitate much easier backup and replication. In fact, both Microsoft and Apple could use this as an opportunity to pitch users on their own (escalated) Web services, Windows Live and MobileMe, as places to seamlessly backup and replicate the user’s files. It would also make it easy for users to know what to backup if they choose third party backup services like Mozy or Carbonite.

And for IT departments that still want to do folder redirection and save all user data on the network instead of local machines, the option would still be there for them. Microsoft and Apple could even beef up their backend server solutions to help facilitate that process for IT.

Linux is not forgotten

I am making this appeal directly to Microsoft and Apple because those two control the lion’s share of the PC operating system market. However, I have not forgotten about Linux. I also extend this appeal to all of the appropriate open source developers – Ubuntu, Novell, Debian, Fedora, and others. In fact, I would not be surprised at all if the open source community was the first to adopt some of the aspects of this proposal. Linux already does this to some degree, but in most cases there’s still the danger of inserting the installation disc and blowing away the whole thing, data and all, if there’s an OS failure.

You can customize Windows 7 by setting local group policies to control the way the OS looks and acts. Paul McFedries offers 10 handy tweaks.

---

In Windows 7, you can perform some pretty amazing things by using a tool that’s about as hidden as any Windows power tool can be: the Local Group Policy Editor. That Microsoft has buried this program in a mostly untraveled section of the Windows landscape isn’t the least bit surprising, because in the wrong hands, the Local Group Policy Editor can wreak all kinds of havoc on a system. It’s a kind of electronic Pandora’s box that, if opened by careless or inexperienced hands, can loose all kinds of evil upon the Windows world.

Of course, none of this doom-and-gloom applies to you, dear reader, because you’re a cautious and prudent wielder of all the Windows power tools. This means that you’ll use the Local Group Policy Editor in a safe, prudent manner, and that you’ll create a system restore point if you plan to make any major changes. I knew I could count on you.

Put simply, group policies are settings that control how Windows works. You can use them to customize the Windows 7 interface, restrict access to certain areas, specify security settings, and much more. You make changes to group policies using the Local Group Policy Editor, a Microsoft Management Console snap-in. (I’ll note here that the Local Group Policy Editor isn’t available with Windows 7 Home and Windows 7 Home Premium. I’ll show you how to perform the same tweak using the Registry if you’re using those versions.) To start the Local Group Policy Editor, follow these steps:

Click Start.

Type gpedit.msc.

Press Enter.

Figure A shows the Local Group Policy Editor window that appears. (The word Local refers to the fact that you’re editing group policies on your own computer, not on some remote computer.)

You use the Local Group Policy Editor to modify group policies on your PC.

Note: This article is available as a PDF download. You can also download the sample chapter “Tweaking the Windows 7 Registry” from the author’s recently published book Windows 7 Unleashed.

1: Locking in delete confirmations

When you delete a file or folder in Windows 7, the system asks you to confirm the deletion. If this extra step bugs you, you can turn it off by right-clicking the desktop’s Recycle Bin icon, clicking Properties, and then deactivating the Display Delete Confirmation Dialog check box.

ow let’s consider this from the opposite point of view. The reason Windows displays the delete confirmation dialog box by default is to prevent you from accidentally deleting a file. You and I are savvy, knowledgeable users, so we know when we want to delete something, but not everyone falls into this boat. If you have young kids or old parents who use Windows, you know that the delete confirmation dialog box is an excellent safeguard for these and other inexperienced users.

In that case, you might be wondering if there’s a way to ensure that a novice user can’t turn off the delete confirmation dialog box. Yes, there is. In fact, are two ways to prevent a user from turning off delete confirmations:

• Disable the Display Delete Confirmation Dialog check box that appears in the Recycle Bin’s property sheet.
• Disable the Recycle Bin’s Properties command so that the user can’t display the Recycle Bin’s property sheet.

Follow these steps to implement one of these policies:

1. In the Local Group Policy Editor, open the User Configuration branch.
2. Open the Administrative Templates branch.
3. Display the property sheet of the policy you want to use, as follows:

• If you want to disable the Display Delete Confirmation Dialog check box, open the Windows Components branch and then click Windows Explorer. Double-click the policy named Display Confirmation Dialog When Deleting Files. If you don’t have access to the Group Policy Editor, open the Registry Editor and create a DWORD setting named ConfirmFileDelete with the value 1 in the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

• If you want to disable the Recycle Bin’s Properties command, click Desktop and then double-click the Remove Properties From The Recycle Bin Context Menu policy. If you don’t have access to the Group Policy Editor, open the Registry Editor and create a DWORD setting named NoPropertiesRecycleBin with the value 1 in the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

1. Click the Enabled option.
2. Click OK to put the policy into effect.

2: Disabling the notification area

If you have zero use for the taskbar’s notification area, you can disable it entirely by following these steps:

1. In the Local Group Policy Editor, open the User Configuration branch.
2. Open the Administrative Templates branch.
3. Click the Start Menu And Taskbar branch.
4. Double-click the Hide The Notification Area policy, click Enabled, and then click OK.
5. Double-click the Remove Clock From The System Notification Area policy, click Enabled, and then click OK.
6. Log off and then log back on to put the policy into effect.

If you prefer (or need) to implement this policy via the Registry, first open the Registry Editor (click Start, type regedit, press Enter, and enter your UAC credentials). Then, navigate to the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

(If you don’t see the Explorer key, click the Policies key, select Edit | New | Key, type Explorer, and press Enter.)

Now follow these steps:

1. Select Edit | New | DWORD (32-bit) Value.
2. Type NoTrayItemsDisplay and press Enter.
3. Press Enter to open the NoTrayItemsDisplay setting, type 1, and then click OK.
4. Select Edit | New | DWORD (32-bit) Value.
5. Type HideClock and press Enter.
6. Press Enter to open the HideClock setting, type 1, and then click OK.
7. Log off and then log back on to put the policies into effect.

3: Removing an icon from Control Panel

You can gain a bit more control over the Control Panel by configuring it not to display icons that you don’t ever use or that aren’t applicable to your system.

1. In the Local Group Policy Editor, select the User Configuration | Administrative Templates | Control Panel branch.
2. Double-click the Hide Specified Control Panel Items policy.
3. Click the Enabled option.
4. Click the Show button to open the Show Contents dialog box.
5. For each Control Panel icon you want to hide, type the icon name and press Enter.
6. Click OK to return to the Hide Specified Control Panel Items dialog box.
7. Click OK. Windows 7 puts the policy into effect.

To perform the same tweak in the Registry, open the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Add a DWORD value named DisallowCpl and set it equal to 1. Also create a new key named DisallowCpl, and within that key create a new String value for each Control Panel icon you want to disable. Give the settings the names 1, 2, 3, and so on, and for each one set the value to the name of the Control Panel icon you want to disable.

4: Showing only specified Control Panel icons

Disabling a few Control Panel icons is useful because it reduces a bit of the clutter in the All Control Panel Items window. However, what if you want to set up a computer for a novice user and you’d like that person to have access to just a few relatively harmless icons, such as Personalization and Getting Started? In that case, it’s way too much work to disable most of the icons one at a time. A much easier approach is to specify just those few Control Panel icons you want the user to see. Here’s how:

1. In the Local Group Policy Editor, select the User Configuration | Administrative Templates | Control Panel branch.
2. Double-click the Show Only Specified Control Panel Items policy.
3. Click the Enabled Option.
4. Click the Show button to open the Show Contents dialog box.
5. For each Control Panel icon you want to show, type the icon name and press Enter.
6. Click OK to return to the Show Only Specified Control Panel Items dialog box.
7. Click OK. Windows 7 puts the policy into effect.

To perform the same tweak in the Registry, open the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Add a DWORD value named RestrictCpl and set it equal to 1. Also create a new key named RestrictCpl, and within that key create a new String value for each Control Panel icon you want to show. Give the settings the names 1, 2, 3, and so on, and for each one set the value to the name of the Control Panel icon you want to show.

5: Preventing other folks from messing with the Registry

Do you share your computer with other people? How brave! In that case, there’s a pretty good chance that you don’t want them to have access to the Registry Editor. In Windows 7, User Account Control automatically blocks Standard users unless they know an administrator’s password. For other administrators, you can prevent any user from using the Registry Editor by setting a group policy:

1. In the Local Group Policy Editor, open the User Configuration | Administrative Templates | System branch.
2. Double-click the Prevent Access To Registry Editing Tools policy.
3. Click Enabled.
4. In the Disable Regedit From Running Silently? list, click Yes.
5. Click OK.

Once you set this policy, you won’t be able to use the Registry Editor, either. However, you can overcome that by temporarily disabling the policy prior to running the Registry Editor.

Yes, you could perform this tweak in Windows 7 Home and Home Premium using the Registry Editor, but then you wouldn’t be able to reverse it because the Registry Editor would be disabled! In my book Windows 7 Unleashed, I provide a script that toggles the corresponding Registry setting on and off; see that book for more info.

6: Disabling Internet Explorer’s Security and Privacy tabs

If you want to prevent a novice user from mucking around in Security and Privacy tabs in the Internet Options dialog box, you can hide them:

1. In the Local Group Policy Editor, select the User Configuration | Administrative Templates | Windows Components | Internet Explorer | Internet Control Panel branch.
2. Double-click the Disable The Privacy Page policy.
3. Click Enabled and then click OK.
4. Double-click the Disable The Security Page policy.
5. Click Enabled and then click OK.

Note that the Security Page sub-branch also enables you to set policies for the settings in each zone.

To configure these policies via the Registry Editor, first display the following branch:

HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

Add a DWORD setting named PrivacyTab and set it to 1; add another DWORD setting named SecurityTab and set it to 1.

7: Customizing the Windows Security window

When you press Ctrl+Alt+Delete while logged on to Windows 7, you see the Windows Security window, which contains the following buttons: Lock This Computer, Switch User, Log Off, Change A Password, and Start Task Manager. Of these five commands, all but Switch User are customizable using group policies. So if you find that you never use one or more of those commands, or (more likely) if you want to prevent a user from accessing one or more of the commands, you can use group policies to remove them from the Windows Security window. Here are the steps to follow:

1. In the Local Group Policy Editor, open the User Configuration | Administrative Templates | System | Ctrl+Alt+Del Options branch.
2. Double-click one of the following policies:

• Remove Change Password — You can use this policy to disable the Change A Password button in the Windows Security window.
• Remove Lock This Computer — You can use this policy to disable the Lock Computer button in the Windows Security window.
• Remove Task Manager — You can use this policy to disable the Start Task Manager button in the Windows Security window.
• Remove Logoff — You can use this policy to disable the Log Off button in the Windows Security window.

1. In the policy dialog box that appears, click Enabled and then click OK.
2. Repeat steps 2 and 3 to disable all the buttons you don’t need.

Figure B shows the Windows Security window with only the Switch User button displayed.

Figure B

You can use group policies to customize the Windows Security window.

To perform the same tweak using the Registry , open the Registry Editor and open the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System

Change the value of one or more of the following settings to 1:

DisableChangePassword

DisableLockWorkstation

DisableTaskMgr

To remove the Log Off button via the Registry, open the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Change the value of the NoLogoff setting to 1.

8: Customizing the Places bar

The left side of the old-style Save As and Open dialog boxes in Windows 7 include icons for several common locations: Recent Places, Desktop, Libraries, Computer, and Network.

The area that contains these icons is called the Places bar. If you have two or more folders that you use regularly (for example, you might have several folders for various projects that you have on the go), switching between them can be a hassle. To make this chore easier, you can customize the Places bar to include icons for each of these folders. That way, no matter which location you have displayed in the Save As or Open dialog box, you can switch to one of these regular folders with a single click of the mouse.

The easiest way to do this is via the Local Group Policy Editor, as shown in the following steps:

1. In the Local Group Policy Editor, open the following branch: User Configuration | Administrative Templates | Windows Components | Windows Explorer | Common Open File Dialog.
2. Double-click the Items Displayed In Places Bar policy.
3. Click Enabled.
4. Use the Item 1 through Item 5 text boxes to type the paths for the folders you want to display. These can be local folders or network folders.
5. Click OK to put the policy into effect.

If you don’t have access to the Local Group Policy Editor, you can use the Registry Editor to perform the same tweak. Open the Registry Editor and navigate to the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\

Now follow these steps:

1. Select Edit | New | Key, type comdlg32, and press Enter.
2. Select Edit | New | Key, type Placesbar, and press Enter.
3. Select Edit | New | String Value, type Place0, and press Enter.
4. Press Enter to open the new setting, type the folder path, and then click OK.
5. Repeat steps 3 and 4 to add other places (named Place1 through Place4).

9: Increasing the size of the Recent Documents list

To customize the size of the Start menu’s Recent Items list, follow these steps:

1. In the Local Group Policy Editor, navigate to the User Configuration | Administrative Templates | Windows Components | Windows Explorer branch.
2. Double-click the Maximum Number Of Recent Documents policy.
3. Click Enabled.
4. Use the Maximum Number Of Recent Documents spin box to specify the number of documents you want Windows 7 to display.
5. Click OK.

For the Registry equivalent, open the Registry Editor and display the following key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Create a DWORD setting named MaxRecentDocs and set its value to the number of recent documents you want to display.

10: Enabling the Shutdown Event Tracker

When you select Start | Shut Down, Windows 7 proceeds to shut down without any more input from you (unless any running programs have documents with unsaved changes). That’s usually a good thing, but you might want to keep track of why you shut down or restart Windows 7, or why the system itself initiates a shutdown or restart. To do that, you can enable a feature called Shutdown Event Tracker. With this feature, you can document the shutdown event by specifying whether it is planned or unplanned, selecting a reason for the shutdown, and adding a comment that describes the shutdown.

To use a group policy to enable the Shutdown Event Tracker feature, follow these steps:

1. In the Local Group Policy Editor, navigate to the Computer Configuration | Administrative Templates | System branch.
2. Double-click the Display Shutdown Event Tracker policy.
3. Click Enabled.
4. In the Shutdown Event Tracker Should Be Displayed list, select Always.
5. Click OK.

Now when you select Start | Shut Down, you see the Shut Down Windows dialog box shown in Figure C.

figure C

The Shut Down Windows dialog box appears with the Shutdown Event Tracker feature enabled.

To enable the Shutdown Event Tracker on systems without the Local Group Policy Editor, open the Registry Editor and dig down to the following key:

HKLM\Software\Policies\Microsoft\Windows NT\Reliability

Change the value of the following two settings to 1:

ShutdownReasonOn

ShutdownReasonUI

See the short clip

http://blogs.techrepublic.com.com/itdojo/?p=1010&tag=nl.e101

One of the scariest unknown technology risks of this decade is the issue of radiation from cell phones. There’s still an open question about whether long term exposure to these mobile devices will cause damage or disease to human beings.

The Environmental Working Group has a comprehensive new study (download the full report as a PDF) that surveys the scientific research on cellphone heath risks and provides radiation data for most of the current cellphones in use. Here’s how the EWG explained the mission of its study:

We at Environmental Working Group are still using our cell phones, but we also believe that until scientists know much more about cell phone radiation, it’s smart for consumers to buy phones with the lowest emissions. The U.S. government ought to require cell phone companies to label their products’ radiation output so that consumers can do the numbers at the point of sale. It doesn’t, so EWG has created this user-friendly interactive online guide to cell phone emissions, covering over 1,000 phones currently on the market.

The EWG study looks at all mobile phones, but since smartphones are becoming a standard tool for businesses and IT professionals, I’ve drilled down and looked at the list from a smartphone perspective. I’ve broken out the 10 smartphones that produce the most radiation, the 10 that product the least amount of radiation, and a list of the radiation ratings of some of the most popular smartphones that did not make either of those two lists.

When you look at these lists, keep in mind that the EWG has also included some older models that are no longer being sold but are still used by many workers and consumers. Also note that “W/kg” stands for watts per kilogram, a measurement for power density.

The 10 smartphones with the highest radiation

1. T-Mobile MyTouch 3G (1.55 W/kg)
2. Blackberry Curve 8330 (1.54 W/kg)
3. Palm Treo 600 (1.53 W/kg)
4. T-Mobile Shadow (1.53 W/kg)
5. Palm Treo 650 (1.51 W/kg)
6. Blackberry Curve 8300 (1.51 W/kg)
7. Blackberry Bold 9000 (1.51 W/kg)
8. Sony Ericsson P910a (1.50 W/kg)
9. HTC SMT 5800 (1.49 W/kg)
10. BlackBerry Pearl 8120/8130 (1.48 W/kg)

The T-Mobile MyTouch 3G, an HTC smartphone powered by Google Android that debuted to lots of fanfare this summer, topped the list of the worst radiation offenders. However, other popular smartphones dominated the list as well, especially BlackBerries and Treos. The BlackBerry Curve, the best-selling smartphone on the market in 2009, was a close second on the list, and it was joined in the top 10 by its cousins, the BlackBerry Pearl and the BlackBerry Bold.

The 10 smartphones with lowest radiation

1. Nokia 9300i (0.21 W/kg)
2. Nokia 7710 (0.22 W/kg)
3. T-Mobile MDA Wiza200 (0.28 W/kg)
4. Samsung Impression SGH-a877 (0.35 W/kg)
5. Nokia 9300 (0.44 W/kg)
6. Samsung Propel Pro SGH-i627 (0.47 W/kg)
7. Samsung Gravity SGH-t459 (0.49 W/kg)
8. BlackBerry Storm 9530 (0.57 W/kg)
9. Nokia E90 (0.59 W/kg)
10. Nokia N96 (0.68 W/kg)

Nokia, with five models in this top 10, and Samsung with three, were clearly the winners in terms of smartphones that emit the least amount of radiation. It’s also interesting to note that although both of these companies produce dozens of different models, neither of them had a single model that made the list of the worst radiation offenders. The surprising member of the low-radiation club was the BlackBerry Storm (RIM’s first touchscreen device) since so many of the other popular BlackBerries were on the high-emitters list.

Other notables, from lowest to highest

• HTC Touch Pro (0.91 W/kg)
• Palm Pre (0.92 W/kg)
• iPhone (0.97 W/kg)
• Samsung JACK i637 (1.04 W/kg)
• T-Mobile’s Google G1 (1.11 W/kg)
• Blackberry Pearl Flip 8220 (1.14 W/kg)
• iPhone 3GS (1.19 W/kg)
• Samsung BlackJack II SGH-i617 (1.20 W/kg)
• Motorola MOTO Q 9m (1.30 W/kg)
• iPhone 3G (1.39 W/kg)
• BlackBerry Tour 9630 (unknown)

If there’s another phone you’d like to look up, here is the full list. Also, when seriously evaluating any smartphone on any of these lists, make sure you click through and look at the EWG page with the details of the phone’s radiation emissions using different connections and doing different activities. The number listed is the maximum radiation rating, but it can be deceiving in some cases until you look at the whole picture.

For example, the iPhone 3GS has a rating of 1.19 W/kg, which is a middle-of-the-pack rating. However, 1.19 is its maximum radiation level, which only happens when it is connected in UMTS 1900MHz mode. In its other four modes, it averages 0.63 W/kg, which is more consistent with the lower tier of radiation emitters.

Safety tips

As part of the report, the EWG also provided eight safety tips for cellphone users who are concerned about radiation. Here is a quick list of the tips. You can click through to the original list for more detail on each of the items.

1. Buy a low-radiation phone
2. Use a headset or speaker
3. Listen more, talk less
4. Hold phone away from your body
5. Choose texting over talking
6. Poor signal? Stay off the phone
7. Limit children’s phone use
8. Skip the “radiation shield”

The EWG also offers a one-page PDF that lists all eight of these tips along with a further explanation of each. IT professionals might consider distributing this PDF to employees who use company cellphones or posting it on the corporate intranet. Of course, you should consult senior management and your legal department before distributing something like this since it involves employee health.

See this short clip

http://blogs.techrepublic.com.com/hiner/?p=2791&tag=nl.e101