Hot Comments
- Kinda Sad (5 points, Interesting) by DeionXxX on Thursday September 09, @04:43PM attached to Mozilla Unleashes JaegerMonkey Enabled Firefox 4
- So like (5 points, Interesting) by adversus on Thursday September 09, @12:32AM attached to Film Industry Hires Cyber Hitmen To Take Down Pirates
- Re:The world just got a bit nicer. :) (5 points, Insightful) by Hatta on Thursday September 09, @04:47PM attached to Broadcom Releases Source Code For Drivers
- Re:Kinda Sad (5 points, Insightful) by hey! on Thursday September 09, @04:59PM attached to Mozilla Unleashes JaegerMonkey Enabled Firefox 4
- How is he going to pull it off? (5 points, Insightful) by Haedrian on Thursday September 09, @01:39AM attached to Film Industry Hires Cyber Hitmen To Take Down Pirates
10077636
story
Comments: 324 + - Technology: Microsoft Says, Don't Press the F1 Key In XP on Tuesday March 02 2010, @08:22PM
background: url(//a.fsdn.com/sd/topics/topicsecurity.gif); width:59px; height:78px;
security
background: url(//a.fsdn.com/sd/topics/topicwindows.gif); width:49px; height:65px;
windows
background: url(//a.fsdn.com/sd/topics/topictech2.gif); width:60px; height:80px;
technology
Ian Lamont writes "Microsoft has issued a security advisory warning users not to press the F1 key in Windows XP, owing to an unpatched bug in VBScript discovered by Polish researcher Maurycy Prodeus. The security advisory says that the vulnerability relates to the way VBScript interacts with Windows Help files when using Internet Explorer, and could be triggered by a user pressing the F1 key after visiting a malicious Web site using a specially crafted dialog box."
Related Stories
E.T. GO HOME!!! (And take your Smurfs with you.)
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.
Well, at least the important keys still work. (Score:5, Funny)
Re: (Score:3, Insightful)
Re:Well, at least the important keys still work. (Score:4, Informative)
http://www.randyrants.com/sharpkeys/
This will remap any(?) keys in windows at a registry level.. including media keys and the f > 12 keys.
Parent
Re:Well, at least the important keys still work. (Score:4, Funny)
Parent
Re:Well, at least the important keys still work. (Score:5, Funny)
Welp, a long time ago I disabled the very annoying Insert Key on my computer with a simple hardware fix.
1) Get a flathead screwdriver.
2) Place screwdriver underneath problem key.
3) Place left hand approximately 1 foot (~0.3 meters) above problem key.
4) Use leverage to pop key out of keyboard.
5) Your left hand will block the deadly flying plastic. Be careful not to stab yourself with the screwdriver! Better to have to search around for a plastic key than dig a flathead screwdriver out of your hand.
Parent
Re:Well, at least the important keys still work. (Score:5, Informative)
autohotkey.com
Open source programme that allows you do do anything with your keys. Careful though, once you start you won't stop.
Parent
Re:Well, at least the important keys still work. (Score:4, Informative)
Presumably autohotkey has to stay running in the background?
If you just remap your keys nothing extra has to stay loaded :
http://vlaurie.com/computers2/Articles/remap-keyboard.htm [vlaurie.com]
or Remapkey.exe from the MS server 2008 resource kit : http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en [microsoft.com]
Parent
Re:Yes, AutoHotkey. Change any key to anything els (Score:5, Funny)
Parent
AutoHotkey: Editor with syntax highlighting. (Score:4, Informative)
I just checked. My AutoHotkey script is 1,639 lines, 52,140 bytes. That doesn't include the special scripts.
The source code is available [autohotkey.com], as is a GUI creator.
The AutoHotkey programming language is quirky.
AutoIt [autoitscript.com] has a more standard language. AutoIt is better for complex automated installation scripts, for example. AutoHotkey is better for hotkeys. Both offer compilation of their scripts to
Parent
Re:Well, at least the important keys still work. (Score:5, Informative)
More importantly, is there a way to disable F1 in Windows? I can't tell you how many times I've accidentally hit it when trying to hit Esc.
Regedit: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HELPCTR.EXE
For the default key at the top usually named (Default)
Either delete the path to helpctr.exe so the value is blank (Value not set), or download the dummy.exe from the actual directions below and point it to that.
http://www.hydrous.net/weblog/2007/06/23/disable-f1-in-windows-exporer [hydrous.net]
Parent
Re:Well, at least the important keys still work. (Score:5, Funny)
Best to change it to:
Shutdown -s -f -t 00
Will make windows much more efficient :)
Parent
Re:Well, at least the important keys still work. (Score:5, Funny)
More importantly, is there a way to disable F1 in Windows?
Possibly. Press F1 and look it up in Windows Help.
Parent
Re:Well, at least the important keys still work. (Score:4, Funny)
Or you could use FF/Opera/Chrome. Really the title should be, Don't use IE in XP.
Parent
Re:Well, at least the important keys still work. (Score:5, Funny)
Parent
Re:Well, at least the important keys still work. (Score:5, Funny)
BEST DECISION I EVER MADE.
Everyone knows caps lock is cruise control for cool.
Parent
Re:Well, at least the important keys still work. (Score:5, Insightful)
Just now, for the first time in my life, I pressed F1 in Windows on purpose.
Lots of interesting information is in there, and I even learned a few things (I didn't know XP had a private character editor [wikipedia.org]). But I don't know anybody who uses the windows help system on purpose.
Google already provides good help for Windows.
Parent
Re: (Score:3, Informative)
I thought you were doing the typical "fixing Windows is easy, just install Linux!" joke... which appeared to fail based on the first hit, since it was how to install Windows ;)
As for FAT vs. NTFS, how many people know the difference between disc and drum brakes? I don't know if knowing about filesystems is a requirement for using a computer - or that it even should be. If you want people to switch to Linux (hey, I think it's a good idea too, most of the time :) ), requiring them to read about filesystems
Re: (Score:3, Insightful)
The actually funny part about this is that most users find that they hit F1 triggering help files on accident - Windows help has long such been little to no help at all, offering nothing you didn't already know. Most of the time you are meaning to press F2 to rename something.
Re:Well, at least the important keys still work. (Score:5, Funny)
User: So what'll happen?
Tech Support: That's just it. We don't know. Maybe something bad. Maybe something good. I guess we'll never know, 'cause you're going to guard it. You won't touch it, will you?
Parent
F1rst (Score:3, Funny)
F1rst
Yet another reason (Score:3, Insightful)
This is yet another reason why MS' idea of a tax to deal with malware tax is stupid.
Re:Yet another reason (Score:4, Interesting)
Don't press the F1 key? Jesus fucking christ. What next, don't power up the box?
Parent
Re:Yet another reason (Score:5, Funny)
(Coming from someone who just spent 10 hours removing the Internet Security 2010 trojan malware [bleepingcomputer.com] from his wife's computer.)
Parent
Re:Yet another reason (Score:5, Insightful)
This is yet another reason why MS' idea of a tax to deal with malware tax is stupid.
It's almost amusing that a Web browser is so tightly integrated with the operating system that scripts run by it can influence core system functions without actually rooting the machine. I guess this is what happens when you ignore decades of computer security history and discard the principle of least-privilege. Hopefully Windows 7 (and Vista) is not defective enough to allow a userspace application to screw around with a built-in OS function like help files.
Look, if we're honest, the only reason why IE is so tightly integrated with the OS in the first place is because Microsoft wanted to abuse its desktop OS monopoly by using it to dominate the browser market. If not for that, IE would be a standalone browser and would be separate from any built-in HTML rendering that's part of the core Windows system, like help files in this case. This is one reason why I use Linux: Microsoft obviously cares about its marketshare more than my security, and I cannot in good conscience use my money to support a company with such backwards priorities. I'm sure someone will chime in with talk about how useful Windows is, and I won't argue (much) with that.
This is really a moral issue. Anyone with decent principles wouldn't want to reward a company with such questionable business practices, not even if they made the finest software available. I'm sure the rest of you who don't have such principles will have a million excuses for why you continue to support Microsoft with your wallets, and that's fine. Every dishonest organization has its useful idiots without which it could not continue existing.
Parent
Re:Yet another reason (Score:4, Insightful)
You do realize that KDE, for example, also uses the same HTML component - KHTML - for both its standalone browser, and help system (and many other things)? I'd expect OS X to do the same with WebKit. Gnome is different, but mainly because of the mess they made with GtkHTML vs Gecko vs WebKit; the long-term plan, as I understand, is still to migrate to WebKit for everything.
It's also purely a matter of practicality - I mean, why would you have two distinct HTML renderers?
Parent
Re:Yet another reason (Score:5, Interesting)
The same HTML rendering component I can understand, but in this case it appears a script running in a web browser instance of the component can somehow affect the help rendering instance, and that is a quality WTF.
Parent
Re:Yet another reason (Score:5, Insightful)
You do realise that KDE and Gnome are not operating systems? "OS X" is also not an operating system in the typical sense of the word; it has Darwin [wikipedia.org] under the covers, responsible for managing all the hardware and important functions like permissions, ensuring that the core system can't be hosed when an rogue application is somehow allowed to be run as a user.
Guess what? Windows works in exact same way. There's the kernel there, then a set of userland APIs on top of then, then the UI layer, and finally the actual DE. Just because they are shipped in a single box, and aren't explicitly marked as separate, and given funny-sounding names, doesn't mean they aren't there.
Do you seriously think that NT kernel somehow uses IE under covers?
It is comforting to know that if something goes wrong on Linux or OS X (or similar), that the problem is almost always limited to only a single 'user' account
It depends on your definition of "something goes wrong". A privilege escalation exploit has the same problems on any OS, and without one you can't break the system on modern Windows versions (speaking of which, note how Vista/7 aren't vulnerable in this case), either - user account security is not fundamentally different in NT compared to Unix.
Oh, and this isn't what is usually understood by a privilege escalation vulnerability - it doesn't give you root or anything. It's rather a sandbox breakage - scripts which should be executing in a browser sandbox "leak out", and run with all privileges of the user interacting with the machine.
Parent
F1! (Score:5, Funny)
F1!
I need somebody!
F1!
Not just anybody!
F1!
You know I need someone!
F1!
Only MSIE users (Score:3, Insightful)
Any XP user still using Internet explorer probably hasn't a clue that F1 does anything at all.
MS was concerned about how this was exposed? (Score:5, Insightful)
I find the idea that Microsoft is angry at the people who found a problem in Microsoft software not telling Microsoft about it hilarious.
Re:MS was concerned about how this was exposed? (Score:5, Insightful)
Parent
Re:MS was concerned about how this was exposed? (Score:5, Insightful)
Angry or not angry, the point is that disclosing security bugs directly to the vendor first minimizes harm to end users - assuming, that is, the vendor feels sufficiently motivated to fix the bug. You can't argue that "security researchers" who sell 0-day vulnerabilities on the black market are helping anybody but themselves (not that Prodeus fits this description).
I frequently hear this type of reasoning. It should be listed as a known/cataloged talking point so we can all absorb it once and move on, instead of seeing it rehashed every time this sort of discussion comes up. Sorry but old and well-worn arguments aren't contributing much. They don't have much power to convince anyone who doesn't already subscribe to that viewpoint.
What I don't hear so much about is the incentive provided by full public disclosure. If you know that security vulnerabilities will be disclosed to the public, that this will result in security problems for your customers, that it will cause public humiliation for your company, is this not a strong incentive to secure your software in the first place? Confidential disclosure to the vendor only seems like it lets them off the hook a bit too easily. I'd normally be slow to view it that way, but Microsoft has a long history of such problems despite having tremendous resources it could dedicate to proactively eliminating them. They have the expertise, they have the money, they have the ability; what they lack is the will. There's simply no excuse for allowing a browser to influence bulilt-in OS functions. I view this more like negligence on Microsoft's part and less like an unforeseeable event that could have happened to any vendor.
As far as causing the least harm to the end users, should we be concerned about this in the long run? In the short term this can be quite unpleasant, and I don't enjoy the idea that someone who just wants to get their work done might have problems because of something beyond their immediate control. But it's not entirely beyond their control. Microsoft could not possibly exist were it not for the users who purchase its products.
When its products malfunction in preventable ways, they make the Internet a worse palce for everyone. I may run a relatively secure *nix machine, but I can still receive spam e-mail delivered by compromised Windows machines. So can everyone else. Since the situation could not possibly exist if not for Microsoft's users, is it really an injustice that they catch some flak when the entity they keep financially supporting fails to do its job? If they dislike this, should they not be a bit more careful about how they vote with their wallets and for whom they vote? I know the victim mentality is popular these days, but if you either know or could have known what you're dealing with, and continue to behave as though you do not and cannot know, should you cry fowl when there are negative consequences?
Microsoft has a long history of problems like this. Anyone who deals with them and doesn't know that has simply failed to do their homework. The real "accomplishment" of Microsoft is that they, through their widespread presence, have convinced the general public that exploits, malware, and other security problems are a normal part of operating a computer. I'm not claiming that Microsoft's products are without merit; if they were, even the non-technical masses would not use them. I am merely skeptical of any notion that their positive contributions to this industry have outweighed their business practices and their negative contributions to this industry.
Parent
Re:MS was concerned about how this was exposed? (Score:5, Insightful)
Sheesh, blah blah blah. What your parent said isn't a talking point. His point was much better than yours in less words. All a researcher has to do is notify MS. Give them a reasonable amount of time that you clearly specify(say a month) and then publicly disclose it. Your disdain of MS shouldn't erode your common sense.
You have failed to address the issue I raised.
If its users were more discriminating and more willing to expect quality, I would have no reason to disdain MS. You act like any disdain on my part is an opinion or a matter of taste, and not like MS has soundly earned it.
Microsoft is a business. That means they will tend to do whatever makes them the most profit. If selling garbage makes profit for them, then they will sell garbage. If no one is willing to buy garbage, then they will be forced to sell quality. Therefore, Microsoft does whatever its paying customers are willing to put up with.
The point I raise, to restate it for you, is that this multibillion-dollar company with many highly skilled employees has both the expertise and the resources to design their systems in such a way that they do not suffer such vulnerabilities. They don't do this because they can profit without doing this; therefore, why would they go to the trouble when more effort means more expense? They can profit without doing this because their paying customers will tolerate insecure products. They think malware and other system compromises are an inherent aspect of owning a computer. If people who hold this false belief and use their money to support a vendor which caters to this false belief suffer because of this false belief, why should that trouble the rest of us? Are they not reaping what they sow?
Those of you who believe in confidential, discreet disclosure are implying that the effects on the customers should trouble the rest of us. I'm willing to entertain the idea, but to do that I need someone to tell me why Microsoft's customers are not merely reaping what they have sown. You have not addressed this. If you would like to, I'm all ears, but attempting to tell me that Microsoft's security history is irrelevant, that it's unfair to consider its business practices and priorities, or that I should ignore the fact that they have both the knowledge and the resources to deliver more secure products will never work with me. Please save that and your "blah blah blah" handwaving for the pushovers who are impressed by your assertions. As for me, I deal in facts.
Again, if you would like to actually address any of the issues I have raised, I'm all ears. The fact that you dislike my opinions has been noted, but does not constitute a worthy response.
Parent
Re:MS was concerned about how this was exposed? (Score:4, Insightful)
It does sound "tired" and I appreciate that you are up-front enough to concede this, but in the same spirit I can admit that it's not unreasonable to wonder it. Still, I have a simple issue with this argument. While it has nowhere near the marketshare of Windows, there are still millions of Linux computers connected to the Internet. Compared to Windows, a disproportionately large number of Linux machines are beefy servers with large amounts of bandwidth. If they were as easy to take over as a home user's Windows machine, they would be more attractive targets. Yet there are no successful viruses or other self-replicating malware programs for Linux in the wild. There are proof-of-concept viruses, but they do not propagate on the Internet.
My disagreement here is that you don't need to prompt the user or enable any highly exotic verification to prevent the exploit that is the subject of this article. All you need is some decent sandboxing. Yet one of the most powerful, resourceful, and well-staffed software companies in the world failed to implement it for this version of Windows. Something there does not add up.
In my opinion, you are engaging in quite a bit of hyperbole there. On my Linux system, the "help" function (in my case, a part of KDE) is implemented by binary executables that are owned by the root user while readable and executable (but not writable) by the user who is running them. Firefox, which runs in a similar fashion and also has the privileges of my normal non-root user, cannot affect the KDE online help even if it wanted to. This is an example (and not the best one) of the principle of least privilege. Firefox doesn't need to have the power to modify other parts of the system, so it has no such power. Simple.
There's no need for me to enable any extra confirmation dialogs, or anything else in order to achieve this. I simply enjoy it as part of the fundamental design of this operating system. I have a very hard time believing that one of the most well-funded, well-staffed software companies the world has ever seen was not capable of either matching or surpassing this level of robustness. This was already a standard feature of Linux before XP was released. That isn't the sort of "innovation" they keep talking about. It's more like a bad job of playing catch-up now that more recent Windows versions have improved in this area.
Windows is not merely the low-hanging fruit. It's more like the pre-chewed fruit that is already partially digested. Perfect security is of course not possible. But if you want to eliminate all the large botnets and spam networks, that's easy: make Windows security strong enough that automated attacks will not compromise it. Make it
Parent
Re:MS was concerned about how this was exposed? (Score:4, Informative)
It does sound "tired" and I appreciate that you are up-front enough to concede this, but in the same spirit I can admit that it's not unreasonable to wonder it. Still, I have a simple issue with this argument. While it has nowhere near the marketshare of Windows, there are still millions of Linux computers connected to the Internet. Compared to Windows, a disproportionately large number of Linux machines are beefy servers with large amounts of bandwidth. If they were as easy to take over as a home user's Windows machine, they would be more attractive targets. Yet there are no successful viruses or other self-replicating malware programs for Linux in the wild. There are proof-of-concept viruses, but they do not propagate on the Internet.
It comes down to target market. The people running Linux servers are qualified administrators. Linux servers are generally role specific. They probably only have a few apps running on them. Unless a network is being run by someone without a clue, Windows servers aren't getting taken apart by driveby downloads. The exploits are happening in one of two cases. Either internal users are leave the secured network and hitting compromised sites, or social engineering-esque exploits are coming in through the mail system, IM, etc.
You brought up Linux servers and then jumped sidways to talk about home Windows boxes. What are we talking about here, apples or oranges? Servers or workstations? What percentage of the Linux boxes are all running a uniform kernel and distro? Where are the consistent apps on every platform? Think like a malware writer for a second. Think like someone trying to find where in RAM an offset is going to be living. Think of an infection vector. What are you aiming for on Linux? KDE? Gnome? X? What revision? Be a serious for a second. If you know enough to write exploit code, what pool are you aiming for? Where you are going to focus the limited time that you have?
Think about the real world. Movie-esque financial heists where you clear millions of dollars out of a compromised system don't happen (unless you work for Wall Street, and then it's legal). Real world fraud is done with compromised credit cards and bank accounts. That data is swapped across the web and kept in Quickbooks. It is locked up in bank websites that have easy to intercept (on a compromised system) authentication mechanisms. If you were going for money, where would you go? Windows, or Linux? Fraud is a numbers game. System cracking is mostly automated. You find an exploit, write a bot and start scanning for the vulnerability. Out of any given Class B block, what percentage of IPs are Windows boxes? What if you're targeting Charter, Time Warner or Cox?
It all comes down to the users, and the numbers of them. It takes time to write an exploit. If you were to roll out 450,000,000 Ubuntu 9.10 workstations with the same web browser and mail client and give them to the general public, you'd have exploits. You'd have exploits if the general public were storing data that thieves cared about. You'd have "Linux Antivirus 2010" the first time someone figures out how to trick a user into downloading a script that resizes their desktop, or randomly changes a .conf file. From there how long until a user "clicks here" on the identical to Canoncial's system message themed dialogue to fix it? How long do you really think it would be before someone finds where Thunderbird or whatever client you want to load with Ubuntu stores its address book? Does Ubuntu desktop even have ufw on by default? I know I had to enable it myself when I loaded 8.04 LTS server. What would stop someone from kicking off an smtpd process, or loading some code to piggy back on Thunderbird?
Arguing Linux versus Windows in the hands of John Q Public is sort of like trying to prove or disprove God at this point. We don't have a large enough sample size to make definitive statements on. IMO, human nature doesn't go away because people use different OSes. The
Parent
Re:MS was concerned about how this was exposed? (Score:4, Interesting)
Angry or not angry, the point is that disclosing security bugs directly to the vendor first minimizes harm to end users - assuming, that is, the vendor feels sufficiently motivated to fix the bug.
IN A TIMELY MANNER.
You forgot the bit that's at the core of the disclosure debate. Virtually everybody in the security industry agrees on the principles of disclosure. All the flames are over the timing.
In one corner, we have Microsoft. They appear to believe in full disclosure, once the disclosure will have no adverse effects on stock price or profitability.
In another corner, we have a tiny handful of scum sucking, mercenary security researchers who believe that disclosure will happen just as soon as they get paid. And the terms of that disclosure will be whatever the purchaser wants.
In the other corners, and carpeting the entire floor, are all the rest of the security community. They believe that full disclosure must happen in a time-frame that minimizes damage to the user community. They just can't agree on when that might be.
This lack of a concensus has made it easy for Microsoft to define the current terms of disclosure. The result has been suppression of disclosure for longer and longer periods. The inevitable consequence is more and more '0' day exploits.
In September 2009, SANS released an excellent State-of-the-Internet on the top cyber security threats: http://www.sans.org/top-cyber-security-risks/ [sans.org] One of their points was:
"World-wide there has been a significant increase over the past three years in the number of people discovering zero-day vulnerabilities, as measured by multiple independent teams discovering the same vulnerabilities at different times. Some vulnerabilities have remained unpatched for as long as two years."
To demonstrate this issue they enumerated the history of MS08-031:
For example, MS08-031 (Microsoft Internet Explorer DOM Object Heap Overflow Vulnerability) was discovered independently by three researchers. The first researcher submitted remote IE 6/7 critical vulnerability on Oct 22, 2007. A second independent researcher submitted the same vulnerability on April 23, 2008. A third independent researcher submitted the same vulnerability on May 19, 2008. All three submissions outlined different approaches of auditing and finding the same vulnerability.
What goes unstated is while 3 'responsible' researchers disclosed to Microsoft and waited and waited, unknown numbers of hackers also discovered the vulnerabilities and exploited them.
Just this week, a dozen well managed, fully patched, WinXP (with .NET installed) computers at my institution were compromised by clicking on a major news site (http://www.ksl.com/index.php?nid=148&sid=9814436).
Microsoft would have us believe that this is acceptable. But really, would immediate, full disclosure be any worse?
Miles
Parent
Windows Help F1 (Score:5, Informative)
Wishful thinking (Score:5, Insightful)
"Microsoft is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed."
Call me a cynic, but I've got to be honest: The net effect may be positive, but I don't believe that Microsoft's idea of 'responsible disclosure' results in high priority investigation and timely patching of MS products.
F1 key? (Score:3, Insightful)
What you really don't want to press is that cursed, evil POWER key. You know, when you're trying to find the Page Up ke
Not such a bad advice (Score:3, Funny)
Re:Not such a bad advice (Score:5, Insightful)
I have yet to stumble upon a helpful help page in Visual Studio 08. Usually a search with Google ends up faster on a relevant MSDN page than pressing F1 in VS.
Interesting enough, it is also more relevant than a search inside the MSDN or using Bing. You usually do NOT find the same MSDN content as quickly within MSDN or with Bing, but instead get offered pages that try to cram some MS-interface down your throat. Maybe nice if you're programming with that interface, but utterly useless if you're using C++ instead of whatever web-aware magical brewitup crap MS tries to push currently.
Parent
Does it affect Firefox on XP? (Score:3, Interesting)
I thought it said 'don't press the 'F' key'... (Score:5, Funny)
Re:I thought it said 'don't press the 'F' key'... (Score:4, Funny)
Parent
To read the rest of this article... (Score:5, Funny)
press F1 to continue.
Microsoft Interview (Score:4, Interesting)
Needless to say, I turned down the job offer. It doesn't surprise me how they keep making flub ups like this when the people at their company are so arrogant.
don't worry! (Score:4, Funny)
Disabling help svc is an early part of install (Score:4, Informative)
Advisory is not quite right (Score:4, Insightful)
You're welcome.
Best way to stay trouble free on Windows? Don't use IE. Or Outlook. Or IIS.
Better to just not press any keys in Windows XP (Score:4, Interesting)
If you are still using XP at this point, who cares? Go for it. Press F1 while running FlashPlayer and Acrobat and IE6 simultaneously. If you gave a shit or had any data worth protecting you'd already be using a Mac or other Unix.