Posted 02/04/10 at 10:00:00 PM by David Murphy

One of Mozilla Firefox's bigger advantages over Google Chrome has just been wiped away and, dare we say, Google Chrome has actually one-upped its rival in terms of overall usability and ease-of-installation. We're referring, of course, to Greasemonkey. You might have heard this name echoed across tech and tweak sites far and wide. As well you should have--the functionality you can achieve by this upgrade to your surfing experience is simply unsurpassed in its depth or scope by any conventional add-on or extension.

It's quite simple, really. You install Greasemonkey to gain access to a gallery of add-ons that benefit your browsing experience just as much as your favorite official "add-ons," if not more. By add-ons, we mean "scripts." In its conventional format, Greasemonkey is a browser add-on that grants you the ability to automatically integrate new Javascript-based modifications to a site whenever you load up the page. You don't have to design these modifications yourself--a huge gallery of scripts (more than 40,000!) have already been written for a wide swath of functions and locations. Consider Greasemonkey scripts to be analogous to extensions for Greasemonkey--itself an extension for your main browser.

Sound good? Because now, Google Chrome users have the ability to tap into Greasemonkey scripts as much as any other browser user. You don't even have to install a separate add-on, since scripts work natively in the browser! 

But here's the catch: not all Greasemonkey scripts work perfectly in Google Chrome. The running estimation is that roughly 20 percent of what's out there is currently broken for Google's browser. That's not great news for a person who's easily frustrated by failure. However, here's where Maximum PC comes into the picture. We've run through a large swath of awesome Google Greasemonkey scripts to achieve two key goals: to see what works and to see which scripts, of the 40,000+ available, are awesome tweaks for your browser. Click the jump for a look at some of the top Greasemonkey scripts you could (or should) be slapping into your Google Chrome browser right now.

Read More

Posted 02/06/09 at 04:57:43 PM by Mark Edward Soper

When Microsoft launched its Engineering Windows 7 blog last summer as part of its drive to be more transparent and more responsive to user concerns, a lot of people were skeptical about whether it would become anything more than a PR ploy. But, with the announcement yesterday that Microsoft will be fixing problems with Windows 7's UAC, even Redmond skeptics should be impressed.

In case you missed the earlier stories, MaximumPC readers and many others have been concerned about how easy it was for malware to change UAC levels and subvert the new and allegedly improved User Account Control in Windows 7.

To find out what's changing - and who deserves the credit - join us after the jump.

Read More

Posted 02/05/09 at 05:16:51 PM by Mark Edward Soper

Earlier this week, our own Josh Kamperschmidt told us how scripts could be used to disable Windows 7's UAC. Well, that's just the prelude to a potentially even bigger security issue: according to Long Zhen of the I Started Something blog, Windows 7's "improved" UAC can be disabled by malicious software that is coded for auto-elevation. Auto-elevation is a feature that enables software being run by Administrators to skip the annoying "do you want to run this program" prompt that has made Windows Vista's version of UAC one of its most controversial features, not to mention one of the "I'm a Mac" commercials' favorite targets. Unlike the proof-of-concept exploit reported earlier, this one doesn't prompt you to reboot the system: it works silently.

So, what is it about Windows 7's UAC that makes it vulnerable? As Zhen puts it:

Windows is a platform that welcomes third-party code with open arms. A handful of these Microsoft-signed applications can also execute third-party code for various legitimate purposes. Since there is an inherent trust on everything Microsoft-signed, by design, the chain of trust inadvertently flows onto other third-party code as well. A phenomenon I’ve started calling “piggybacking”.

To demonstrate, one of the many Microsoft-signed applications that can be taken advantage of is “RUNDLL32.exe”. With a simple “proxy” executable that does nothing more than launch an elevated instance of "RUNDLL32 pointing to a malicious payload DLL, the code inside that DLL now inherits the administrative privileges from its parent process "RUNDLL32" without ever prompting for UAC or turning it off.

It sounds serious, but before you jump to conclusions, join us after the jump for Microsoft's response and a workaround.

Read More

Posted 01/30/08 at 04:23:52 PM by MarkSoper

Find out why your favorite Firefox add-ons can leave your system crying "Don't Chrome Me, Bro!" - and how to protect yourself.

Read More