Skip to Content

open source

Blind computer users struck by a very unusual Trojan attack

January 22, 2008 • Darrell Shandrow Hilliker

We have just received a disturbing report from Vanja Svajcer on the SophosLabs security blog indicating that a recently distributed “unofficial” build of Freedom Scientific’s JAWS 9.0 screen reader making the rounds on various blindness related mailing lists contains dangerous code that disables the use of JAWS and most other screen readers. In his article, Blind computer users struck by a very unusual Trojan attack, Vanja describes a scenario in which a blind user’s computer may essentially be reduced to something about as useful as a very large paperweight, at least until a sighted person can come along to help clean up the mess with appropriate anti-virus software. We should all keep two critical lessons in mind when considering whether or not to download and install software onto our computers:

  • Is the software being offered legal? “Cracked” or otherwise illegal copies of software may contain Trojan Horse code or other malware that may cause damage to your computer’s operating system, applications or data. Not only is the download and use of illegal software unethical, it may actually be detrimental to your digital life.
  • Is the software being delivered by a credible source? In addition to the advertising of a “cracked” copy of JAWS 9.0, it is also believed that the malware mentioned in Vanja’s article may have been distributed under the guys of an “unofficial” JAWS build provided to a customer by Freedom Scientific’s technical support team in order to solve specific issues. Those issues were never clearly specified. The software was being provided by a third party, not directly by Freedom Scientific. The lesson here is that we should check with the company developing the software before downloading and installing any updates. In the case of shareware, free software or open source software, we should take care to download from a reputable source, such as Download.com, FileForum or SourceForge.

Our computers and, even more so our data, are too important to place at unnecessary risk. Let us all take care to protect our valuable digital resources.

Categories: JAWS, open source, security

Nonvisual Desktop Access (NVDA) Version 0.5 Released

June 6, 2007 • Darrell Shandrow Hilliker

The NVDA developers have released version 0.5 of this open source screen reader. It is now available on the project’s download page. Check out the release notes for this new version.

Changes since r425:

  • Added Czech language files thanks to Tomas Valusek.
  • Added Swedish language files thanks to Daniel Innala.
  • NVDA now has a built-in synthesizer called eSpeak, developed by Jonathan Duddington. It is very responsive and lite-weight, and has support for many different languages. Sapi synthesizers can still be used, but eSpeak will be used by default. eSpeak does not depend on any special software to be installed, so it can be used with NVDA on any computer, on a USB thumb drive, or anywhere. For more info on eSpeak, or to find other versions, go to http://espeak.sourceforge.net/.
  • NVDA now uses the built-in eSpeak synthesizer by default.
  • The built-in eSpeak synthesizer will now start in the language NVDA is set to, unless another voice has previously been chosen.
  • Fix bug where the wrong character was being announced when pressing delete in Internet Explorer / Outlook Express editable panes.
  • Added support for more edit fields in Skype.
  • VirtualBuffers only get loaded when focus is on the window that needs to be loaded. This fixes some problems when the preview pane is turned on in Outlook Express.
  • Added commandline arguments to NVDA:

    • -m, –minimal: do not play startup/exit sounds and do not show the interface on startup if set to do so.
    • -q, –quit: quit any other already running instance of NVDA and then exit.
    • -s, –stderr-file fileName: specify where NVDA should place uncaught errors and exceptions.
    • -d, –debug-file fileName: specify where NVDA should place debug messages.
    • -c, –config-file: specify an alternative configuration file
    • -h, -help: show a help message listing commandline arguments.
  • Fixed bug where punctuation symbols would not be translated to the appropriate language, when using a language other than english, and when speak typed characters was turned on.
  • Added Slovak language files thanks to Peter Vagner.
  • Added a Virtual Buffer settings dialog and a Document Formatting settings dialog, from Peter Vagner.
  • Added French translation thanks to Michel Such.
  • Added a script to toggle beeping of progress bars on and off (insert+u). Contributed by Peter Vagner.
  • Made more messages in NVDA be translatable for other languages. This includes script descriptions when in keyboard help.
  • Added a find dialog to the virtualBuffers (internet Explorer and Firefox). Pressing control+f when on a page brings up a dialog in which you can type some text to find. Pressing enter will then search for this text and place the virtualBuffer cursor on this line. Pressing f3 will also search for the next occurance of the text.
  • When speak typed characters is turned on, more characters should be now spoken. Technically, now ascii characters from 32 to 255 can now be spoken.
  • Renamed some control types for better readability. Editable text is now edit, outline is now tree view and push button is now button.
  • When arrowing around list items in a list, or tree view items in a tree view, the control type (list item, tree view item) is no longer spoken, to speed up navigation.
  • Has Popup (to indicate that a menu has a submenu) is now spoken as submenu.
  • Where some languages use control and alt (or altGR) to enter a special character, NVDA now will speak these characters when speak typed characters is on.
  • Fixed some problems with reviewing static text controls.
  • Added Translation for Traditional Chinese, thanks to Coscell Kao.
  • Re-structured an important part of the NVDA code, which should now fix many issues with NVDA’s user interface (including settings dialogs).
  • Added Sapi4 support to NVDA. Currently there are two sapi4 drivers, one based on code contributed by Serotek Corporation, and one using the ActiveVoice.ActiveVoice com Interface. Both these drivers have issues, see which one works best for you.
  • Now when trying to run a new copy of NVDA while an older copy is still running will cause the new copy to just exit. This fixes a major problem where running multiple copies of NVDA makes your system very unusable.
  • Renamed the title of the NVDA user interface from NVDA Interface to NVDA.
  • Fixed a bug in Outlook Express where pressing backspace at the start of an editable message would cause an error.
  • Added patch from Rui Batista that adds a script to report the current battery status on laptops (insert+shift+b).
  • Added a synth driver called Silence. This is a synth driver that does not speak anything, allowing NVDA to stay completely silent at all times. Eventually this could be used along with Braille support, when we have it.
  • Added capitalPitchChange setting for synthesizers thanks to J.J. Meddaugh.
  • Added patch from J.J. Meddaugh that makes the toggle report objects under mouse script more like the other toggle scripts (saying on/off rather than changing the whole statement).
  • Added spanish translation (es) contributed by Juan C. buo.
  • Added Hungarian language file from Tamas Gczy.
  • Added Portuguese language file from Rui Batista.
  • Changing the voice in the voice settings dialog now sets the rate, pitch and volume sliders to the new values according to the synthesizer, rather than forcing the synthesizer to be set to the old values. This fixes issues where a synth like eloquence or viavoice seems to speek at a much faster rate than all other synths.
  • Fixed a bug where either speech would stop, or NVDA would entirely crash, when in a Dos console window.
  • If support for a particular language exists, NVDA now automatically can show its interface and speak its messages in the language Windows is set to. A particular language can still be chosen manualy from the user interface settings dialog as well.
  • Added script ‘toggleReportDynamicContentChanges’ (insert+5). This toggles whether new text, or other dynamic changes should be automatically announced. So far this only works in Dos Console Windows.
  • Added script ‘toggleCaretMovesReviewCursor’ (insert+6). This toggles whether the review cursor should be automatically repositioned when the system caret moves. This is useful in Dos console windows when trying to read information as the screen is updating.
  • Added script ‘toggleFocusMovesNavigatorObject’ (insert+7). This toggles whether the navigator object is repositioned on the object with focus as it changes.
  • Added some documentation translated in to various languages. So far there is French, Spannish and Finish.
  • Removed some developer documentation from the binary distribution of NVDA, it is only now in the source version.
  • Fixed a possible bug in Windows Live Messanger and MSN Messenger where arrowing up and down the contact list would cause errors.
  • New messages are now automatically spoken when in a conversation using Windows Live Messenger. (only works for English versions so far)
  • The history window in a Windows Live Messenger conversation can now be read by using the arrow keys. (Only works for English versions so far)
  • Added script ‘passNextKeyThrough’ (insert+f2). Press this key, and then the next key pressed will be passed straight through to Windows. This is useful if you have to press a certain key in an application but NVDA uses that key for something else.
  • NVDA no longer freezes up for more than a minute when opening very large documents in MS Word.
  • Fixed a bug where moving out of a table in MS Word, and then moving back in, caused the current row/column numbers not to be spoken if moving back in to exactly the same cell.
  • Increasing and decreasing rate scripts can no longer take the rate above 100 or below 0.
  • If there is an error with a language when choosing it in the User Interface Settings dialog, a message box will alert the user to the fact.*NVDA now asks if it should save configuration and restart if the user has just changed the language in the User Interface Settings Dialog. NVDA must be restarted for the language change to fully take effect.
  • If a synthesizer can not be loaded, when choosing it from the synthesizer dialog, a message box alerts the user to the fact.
  • When loading a synthesizer for the first time, NVDA lets the synthesizer choose the most suitable voice, rate and pitch parameters, rather than forcing it to defaults it thinks are ok. This fixes a problem where Eloquence and Viavoice sapi4 synths start speaking way too fast for the first time.