Elephant
Boy
Computers Reports
We occasionally send out email
reports to our
clients and friends covering various Windows security issues, computing
tips and tricks, and other information we hope will be helpful.
You can view the reports either by date or
by subject.
Please note that some of the links to online articles in older EBC
Reports might not be live any more. However, there may still be useful
information in the Reports so they still have a home here.
Administrivia - Since the
mailing list is private, directions for members who receive EBC Reports
by email to unsubscribe, change the email address at which they receive
the Reports, and/or add members to the list are at the end of each EBC
Reports email.
EBC Reports
Chronologically: 2006, 2007, 2008
EBC Reports for 2002, 2003, 2004, and 2005 are archived here.
2006:
01-02-06 - Windows
MetaFile (WMF) vulnerability - severe
01-26-06 - New Thunderbird; End of Life for
Win98/ME; Stopbadware.org
01-30-06 - Winamp vulnerability; Kama
Sutra/Blackworm
02-01-06 - Online music sites; Safer surfing with
SiteAdvisor
03-27-06 - IE vulnerabilities; Smitfraud
variants; Starforce DRM issues; free stuff from Microsoft
04-28-06 - Update about the Windows Update
KB908531; Common computer mistakes made by small business owners
05-27-06 - Vulnerabilitiy in Symantec AV; vulnerability in MS Word;
privacy breach at Veterans Affairs; Java update; Yahoo IM worm
06-13-06 - Yahoo webmail vulnerability; Windows Vista beta; passwords and other important things
06-15-06 - Microsoft End of Life information; Patch Tuesday
07-12-06 - Patch Tuesday; Image Shack warning; Microsoft End of Support reminder; computers and heat
08-09-06 - Google antiphishing; Patch Tuesday; RIAA tactics
09-16-06 - Wireless networking; MS Office updates; September 19th
10-12-06 - Spam scam; Eudora; Patch Tuesday; IE7
11-01-06 - IE7; Firefox 2.0; Windows Defender
11-03-06 - Vista - should you upgrade; Linux offer; online music store
12-11-06 - Various program updates; MS Word vulnerabilities; Patch Tuesday; Seasonal warning; good Internet safety site
Back
to top
Home
2007:
01-02-07 - More on Vista; New Year's Resolutions; Happy New Year
01-03-07 - New F-Prot AV; Avast! AV; bug in QuickTime; 2006 Darwin Award; some websites I like
01-22-07 - Outlook and new Daylight Savings Time rules; more on Vista; buying a new computer
02-15-07 - Update on Daylight Savings Time
patches; Vista Grand Openings; Vista and antivirus programs; Vista
on new machines; Book review (learning Vista)
03-22-07 - Various program updates; more Vista links
04-03-07 - Patch for Windows Animated Cursor vulnerability
04-24-07 - Staying safe
online; Scammers exploit tragedy; Spring
cleaning; Thunderbird 2.0; Dell continues to offer XP as an
option
05-08-07 - Changes in Microsoft
email; Old-style worm spreading through usb thumbdrives; Save
your MS Office settings and other great tips from Lifehacker; Live
Earth News
05-29-07 - Warning about false Microsoft email;
Apple OS X security udpates; Apple-related security
issue; Parental Control software (Windows)
07-11-07 - Patch Tuesday; useful Microsoft websites; buying a laptop for school
07-21-07 - Various security warnings; Windows Home Server
09-13-07 - Firefox extensions; Picasa Web Albums; Best Buy is Evil; Talk Like A Pirate Day
10-12-07 - eBay Desktop; Storm worm; Zlob trojan and codecs
10-24-07 - Online safety and security; Adobe Reader and Acrobat malware exploit
11-03-07 - The Consumerist's Ultimate Guide; IRS
warns of email scam; more on malware from codecs; "Really
Achieving Your Childhood Dreams"
12-16-07 - Fun things for Christmas
Back
to top
Home
2008:
01-09-08 - Another year of malware; Xbox Live holiday problems; using legal software
01-17-08 - Rogue antispyware for the Mac; Valentine's Day Storm Worm; social engineering
01-30-08 - Income Tax-related scams; New MSN worm
02-22-08 - Upcoming Service Packs - Vista and XP
03-11-08 - Fake Government emails; Malware
disguised as 3D screensavers; "The Myth of the Transparent
Society"; Pi Day and Albert Einstein's birthday
04-08-08 - New phishing prevention
website; Email attack tied to Microsoft's April Security
Bulletin; End of the line for Windows XP and what to do about it
04-23-08 - Hotmail and Outlook Express; MSN Music Store is dead; Windows XP Service Pack 3 RTM
Back to top
Home
1-2-06
- Contents:
Windows
MetaFile (WMF) vulnerability
The old year ended and the new year began with one of the most
serious vulnerabilities in Windows operating systems ever. At
this writing, Microsoft has not issued a patch for the problem. If they
stick to their normal update schedule, we will not have an official
patch until January 9th at the earliest. This is not A Good Thing.
A temporary patch
has been created by Ilfak Guilfanov. Normally, I would never suggest
that you install a patch from anyone but Microsoft. Never, ever, ever.
But because of the seriousness of the vulnerability, I'm going to suggest
that you install Mr. Guilfanov's patch coupled with one other easy step.
The SANS
Internet Storm Center has the best explanation of the vulnerability
with instructions on what to do and a link to the download.
http://isc.sans.org/diary.php?storyid=994
I highly recommend you go to the SANS site and read the information
about the WMF vulnerability. To make things even easier for you, here
are paraphrased highlights and what you need to do:
WHAT THE
VULNERABILITY DOES AND HOW YOU GET HURT BY IT:
The WMF vulnerability uses images (WMF images) to execute code. This
means it can run programs like trojans, which can download more
trojans. It will execute just by viewing the image on a webpage. In
most cases, you don't have click anything.
Internet Explorer will view the image and trigger the exploit without
warning. New versions of Firefox will prompt you before opening the
image. However, this offers little protection since most people will
consider images to be safe and say "yes".
The Bad Guys are already sending spam email with attachments carrying a
new version of the WMF exploit resulting in the installation of a
various trojans. This spam email may look like this:
Subject: Happy New Year
Message Body: picture of 2006
Attachment: HappyNewYear.jpg (actually a WMF file with a .JPG extension)
SOURCES OF
ATTACK:
Email attachments, malicious web sites, and instant messaging are the
most likely sources as well as P2P (file-swapping) like with Kazaa,
Limewire, etc.
WHAT VERSIONS
OF WINDOWS OPERATING SYSTEMS ARE AFFECTED:
All. Windows 2000, Windows XP, (SP1 and SP2), Windows 2003. All are
affected to some extent. And to quote the good people at SANS:
"If you're still running on Win98/ME, this is a watershed moment: we
believe (untested) that your system is vulnerable and there will be no
patch from MS. Your mitigation options are very limited. You
really need to upgrade."
HOW TO PROTECT
YOURSELF:
1. Install the patch from
either the link on the SANS site above
or here is a direct download link (TinyURL'd):http://tinyurl.com/8stt5
Note that you will need to uninstall
the patch before you install an official Microsoft one. So you
need to pay attention during the next Windows Update. Set your
Automatic Updates (in Control Panel) to download updates automatically
but notify you before installing them. Then instead of taking the
"Express" install option for the updates, take the "Custom" install
option. Now you can see if there is a patch for the WMF vulnerability
and if there is, go to Add/Remove Programs and uninstall Mr.
Guilfanov's patch first.
2. Unregister the affected Windows
system file. Do this by:
Click Start, click Run, type "regsvr32 -u
%windir%\system32\shimgvw.dll" (without the quotation marks), and then
click OK. A dialog box appears to confirm that the un-registration
process has succeeded. Click OK to close the dialog box.
3. Make sure you have a current
version antivirus program installed with an active subscription and
that your virus definitions are up-to-the-minute. Most antivirus
companies have said their very latest definitions will catch trojans
coming from the WMF vulnerability, but new variants are being created
every day. Do not be complacent.
4. Don't open email attachments
unless you absolutely must and/or you are absolutely sure of the source
(not just "someone you know") and that the attachment is a crucial
piece of information you must have.
WHAT CAN YOU DO
IF YOU GET CAUGHT:
Per the SANS article:
"Not much :-(. It very much depends on the exact exploit you are hit
with. Most of them will download additional components. It can be very
hard, or even impossible, to find all the pieces. Microsoft offers free
support for issues like that at 866-727-2389 (866-PC-SAFETY)."
If you are a local client, you can call Elephant Boy Computers and we
will try to clean your machine. Make sure you have current backups of
all your important data because a format/clean-install of Windows may
be necessary.
Back to top
Home
1-26-06
- "On two occasions I have been asked [by members of Parliament!],
`Pray, Mr. Babbage, if you put into the machine wrong figures,
will the right answers come out?' I am not able rightly to
apprehend the kind of confusion of ideas that could provoke such a
question." -- Charles Babbage
Contents:
1. New version of Thunderbird
2. End of the line for Win98/ME
3. Stopbadware.org
1. For those
of you using Thunderbird as an email client, there is a new version
available now. Get it from http://www.mozilla.com/thunderbird/
For those of you not using Thunderbird as an email client, you may want
to give it a try. It has excellent Junk Mail filtering capabilities,
and like the Firefox
browser many people have written some extremely useful extensions for
it. Extensions are small code snippets that extend the functionality of
a program. To learn about and see some extensions for Firefox and
Thunderbird, visit:
https://addons.mozilla.org/?application=firefox
https://addons.mozilla.org/?application=thunderbird
2. It is
finally the end of the line for Win98/ME. From my TechNet mailing
this morning:
"Important Notice for Windows 98 and
Windows ME Users - On June 30, 2006, assisted support will end for
Windows 98, Windows 98 Second Edition, and Windows Millennium Edition
(Windows Me) operating systems and their related components.
"After this date, Microsoft will no longer provide any incident support
options or security updates. Online support will be available through
the Microsoft Support Product Solution Center Web sites.
"Find additional information on the support lifecycle of Windows 98,
Windows 98 Second Edition, and Windows Me on the Help and Support Web
site. And you can find more information about Windows XP and migrating
to this platform at the Windows Resource Center."
Here are the links referenced in the TechNet notice above:
Announcement - http://www.microsoft.com/presspass/features/2006/jan06/01-10Support.mspx
MS Support Product solution Center - http://support.microsoft.com/select/Default.aspx?target=hub
Win98/ME Support website - http://support.microsoft.com/gp/lifean1
Installation/Migration from Resource Center - http://tinyurl.com/at9kx
What does this
mean to you if you're still running these older operating systems?
It means that if your computer is connected to the Internet at all - or
is connected to a network where there are other computers with Internet
access and file sharing is enabled - it's time to think about upgrading
to Windows XP. If your computer has no Internet access, then by all
means stay with Win98/ME. Your computer will not magically stop working
because Microsoft no longer provides support.
In most cases, a computer happily running Win98/ME will not upgrade
well to XP. Windows XP requires much beefier hardware than the older
operating systems and it is rarely cost-effective to try and upgrade an
old machine. With new computer prices relatively inexpensive, it is
almost always a better solution to just buy a new machine. Naturally, Elephant
Boy Computers will be pleased to help you with your decision.
3. We have a
new resource for fighting malware with StopBadware.org. From
their "About Us" page:
"StopBadware.org is a "Neighborhood Watch" campaign aimed at fighting
badware. We will seek to provide reliable, objective information about
downloadable applications in order to help consumers to make better
choices about what they download on to their computers. We aim to
become a central clearinghouse for research on badware and the bad
actors who spread it, and to become a focal point for developing
collaborative, community-minded approaches to stopping badware.
"Harvard Law School's Berkman Center for Internet & Society and
Oxford University's Oxford Internet Institute are leading this
initiative with the support of several prominent tech companies,
including Google, Lenovo, and Sun Microsystems. Consumer Reports
WebWatch is serving as an unpaid special advisor.
"John Palfrey, Executive Director of the Berkman Center and Harvard
Clinical Professor of Law, and Jonathan Zittrain, Harvard Law Visiting
Professor and Professor of Internet Governance and Regulation at Oxford
University, are StopBadware.org co-directors. Supporting them are an
advisory board and working group made up of some of the top experts in
the field, including Internet pioneers Esther Dyson and Vint Cerf."
It will be interesting to see what they can do. http://www.stopbadware.org/
Back to top
Home
1-30-06
- "A black cat crossing your path signifies that the animal is going
somewhere." -- Groucho Marx
Contents:
1. Winamp vulnerability
2. Kama Sutra/Blackworm
1. If you use
Winamp, please note that there is a vulnerability that has
already been exploited. Some security experts have already rated this
vulnerability as "critical". Here is information about the
vulnerability and the exploit:
http://msmvps.com/blogs/harrywaldron/archive/2006/01/30/82080.aspx
It is expected that Nullsoft will issue a patch but in the meantime use
Winamp only at highly trusted sites or for offline media. Check with
Nullsoft for a patch and when available, download and install it - http://www.winamp.com/
2. Now, I
don't want to get all Chicken Little about this newish worm, but
I thought I'd mention it since the worm is quite destructive and the
payload is scheduled to be delivered in just a few days (February 3rd).
Naturally, all of you know that you need to have a current version (not
earlier than 2004) full-featured antivirus installed, with an active
subscription and updated virus definitions. If you don't - you know
what to do. Here are a few articles about the Kama Sutra worm.
http://isc.sans.org/diary.php?storyid=1067
http://www.theregister.co.uk/2006/01/27/blackworm_warning/
Back to top
Home
2-1-06
- "Writing about music is like dancing about architecture." -- Frank
Zappa
Contents:
1. Online music - legal and available
2. Safer web surfing with SiteAdvisor
1. In my work
cleaning up people's computers, I find that a large majority of
the machines have become infected because their owners (or their
owners' kids) have been pirating music (Kazaa, Limewire, etc.). My
clients then ask me what they should use instead. Since I'm not a big
music listener/buyer, I've said either iTunes or Rhapsody. While those services are
excellent, they also have DRM restrictions. Also, what if you can't
find what you want on those sites? I've done a little research and have
come up with a couple of online companies which may be of interest:
A. Magnatune
- http://www.magnatune.com/
Here's what the owner of Magnatune has to say:
"We're a record label. But we're not evil. We call it "try before you
buy." It's the shareware model applied to music. Listen to 427 complete
MP3 albums from musicians we work with (not 30 second snippets). We let
the music sell itself, because we think that's the best way to get you
excited by it. We pick the best submissions from independent musicians
so you don't have to. If you like what you hear, download an album for
as little as $5 (you pick the price), or buy a real CD, or license our
music for commercial use. And no copy protection (DRM), ever. Artists
keep half of every purchase. And unlike most record labels, they keep
all the rights to their music. No major label connections. We are not
evil."
They don't have a huge playlist, but what they do have looks
interesting. My only criticism of the site is that the instructions for
use and payment aren't completely clear immediately. Basically you
click on an artist you like, listen to the music, and if you want to
buy it click on the "Buy" button. You are then taken to a page where
you're given the choice to download the music or have a CD sent to you.
They take Visa, Mastercard, or Paypal.
B. Mindawn
- http://www.mindawn.com/index.php
Mindawn looks quite a bit bigger and slicker than Magnatune and has a
much larger catalog. Their Customer FAQ (Frequently Asked Questions)
covers who they are and how they do it very well - http://www.mindawn.com/customers.php
Mindawn seems to be aimed not only at those of us who hate DRM, but at
musically-savvy people who want to download great quality music.
Apparently you can browse and buy music from their main website, but to
hear the music you need to download a player. I can't imagine why
you would buy music unheard. From a quick perusal, I would say
that first downloading the Help file (in .pdf format so it will open
with Acrobat Reader) would be a good idea. You can right-click on the
Help file and Save As. I think that Mindawn is aimed at fairly
sophisticated users so I'm not sure your teens would do well
there.
C. If you don't want to download music but just want to listen to some
tunes on your computer while you're working, there's always Internet radio.
Here are a few links I find interesting:
Radio DavidByrne.com - from the amazing creator of Talking Heads - http://davidbyrne.com/radio/index.php
BBC Radio 1 - http://www.bbc.co.uk/radio1/listen/index.shtml?hp_lhn
KEXP - http://kexp.org/home.asp?noflash=false
Public Radio Fan - hundreds of links to public radio stations around
the world - http://publicradiofan.com/
You can listen to the new "Venue Songs" from the fabulous They Might Be
Giants - http://www.tmbg.com/
Soma FM - listener-supported, commercial-free, underground/alternative
radio broadcasting - http://www.somafm.com/
WFMU from Jersey City - http://www.wfmu.org/ssaudionet.shtml
2. Safer
surfing with SiteAdvisor - I just heard about this
website/application to help make your surfing experiences safer and it
looks very interesting. Here's their homepage - http://www.siteadvisor.com/preview/
Since Ben Edelman - a most
highly-respected spyware researcher - is one of their technical
advisors, I think this is definitely worth a try. I'm going to download
the browser plugins for Internet Explorer and Firefox and you might
want to check this out for yourselves, too. The SiteAdvisor blog is
also extremely interesting - http://blog.siteadvisor.com/
Back to top
Home
3-27-06
- "Any sufficiently advanced technology is indistinguishable from
magic." -- Arthur C. Clarke
Contents:
1. Warning - Internet Explorer, etc. vulnerabilities
2. Warning - new variants of Smitfraud (Spyaxe, Spyfalcon, SpywareQuake)
3. Beware the DRM, the jaws that bite, the claws that catch! (Starforce)
4. Free stuff from Microsoft
1. There are
always vulnerabilities in operating systems and programs and you
are supposed to be practicing Safe Hex and keeping your
systems/programs patched. But just in case you've forgotten this, I
thought I'd remind you. There are some particularly nasty
vulnerabilities in Internet Explorer right now and there are exploits
to take advantage of this. This doesn't mean that alternate browsers
are bullet-proof, but using one instead of Internet Explorer is a good
idea. Remember, if you use an alternate browser to make sure you have
the latest version of it.
http://www.theregister.co.uk/2006/03/27/another_ie_security_flaw/
http://isc.sans.org/
http://isc.sans.org/diary.php
http://isc.sans.org/diary.php?date=2006-03-26
Also make sure you have the latest version of Java. Uninstall older
versions before installing the newest one.
http://www.java.com/en/
And for your convenience, here are some links to help you stay safe:
http://www.wilderssecurity.com/showthread.php?t=27971
- So How Did I Get Infected Anyway?
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://www.claymania.com/safe-hex.html
http://www.aumha.org/a/parasite.htm
- The Parasite Fight
http://msmvps.com/blogs/harrywaldron/archive/2006/02/05/82584.aspx
- MVP Harry Waldron - The Family PC - How to stay safe on the Internet
http://www.microsoft.com/security/protect/default.asp
- Protect Your PC
http://www.cert.org/homeusers/HomeComputerSecurity/
- Home Computer Security
Another way to stay safe is to use an operating system other than
Windows. While Apple's OSX, Unix, and Linux have their own
vulnerabilities, they tend to give you safer surfing. If you'd like to
know more about using Linux, feel free to contact Elephant Boy
Computers.
2. It seems
like almost every day there is a new variant of the Smitfraud malware.
To add to SpyAxe and SpyFalcon, we now have SpywareQuake. For more
information see information here, which includes the link to the
BleepingComputer.com removal steps:
http://www.elephantboycomputers.com/page2.html#Smitfraud_Trojan
I've mentioned it before, but MVP and security expert Eric Howes' site
is an invaluable resource to help you determine if a program is "rogue"
or not. It is well worth visiting Eric's site regularly to see what new
programs have been added to the list.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
3. Beware the
DRM, the jaws that bite, the claws that catch! Late last year we
had the huge fiasco with some Sony music CD's installing copy
protection software on users' computers that caused all sorts of
problems. See:
http://www.elephantboycomputers.com/page3.html#11-30-05
http://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html
http://cp.sonybmg.com/xcp/
You should know that this is not the only instance of software being
installed on users' computers that can have extremely adverse effects.
If you are a gamer or have gamers in your household, you should know
about the Starforce copy protection malware - and I use the term
"malware" on purpose. The Starforce software can seriously damage your
Windows installation and possibly the hardware itself. Here is a link
to a site explaining the issues and listing games that currently
include the Starforce program if you would like to boycott them. At the
very least, be aware of the issue.
http://www.glop.org/starforce/
While Elephant Boy Computers would never suggest that you do anything
illegal, the April issue of MaximumPC has some very interesting articles
about copying movies and music. The content is not on their website yet
since the magazine is still in stores. If this is a subject in which
you are interested, it would be well worth picking up a copy of the
magazine.
http://www.maximumpc.com/
4. Free stuff
from Microsoft - After taking some calls last week from people
looking for training on Microsoft Office programs (no, I don't do
this), it occurred to me that you may not realize how much free content
and help is available from Microsoft for their products. For instance,
there are many training sessions for Office programs on the MS Office
website. I learned how to do a mail merge for my Christmas card labels
using Excel and Word by watching a training movie.
While many people already know about Office clipart, there are also a
lot of templates which you can download and use. For instance, why
spend hours creating a personal budget template for Excel when someone
else has already created one?
Microsoft wants you to use their products and to use them successfully.
If you use Microsoft products, it is very much worthwhile to spend some
time exploring the excellent and vast resources the company provides
you. Start at their homepage: http://www.microsoft.com/
and go from there.
Back to top
Home
4-28-06
- "You will remember, Watson, how the dreadful business of the
Abernetty family was first brought to my notice by the depth which the
parsley had sunk into the butter upon a hot day." -- Sherlock Holmes
Contents:
1. Update about the Windows Update KB908531
2. Common computer mistakes made by small business owners
1. Microsoft
issued a reworked patch for the vulnerabilities covered in
KB908531 last Tuesday, April 25th. Windows Update took care of this for
you if your computer needed it. Based on reports, it looks like the new
patch took care of the problems caused with the first update. If you
weren't one of the many people affected by the first patch's problems,
don't worry about this!
2. Common
mistakes made by small business owners - My client base consists
of home users and small business owners. Although my comments in this
section are aimed at small business owners, some of the information may
be useful for home users also. Here are some of the mistakes that small
business owners make that I see all the time, not in any particular
order.
A. Mistake
- Buying cheap equipment. Those $399 machines are aimed at the home
user who does light computing. They are not meant to be on 24/7 and act
as a "server". You might get lucky and get good use out of those
machines, but then again you might not. Most of the computers for the
home market are running Windows XP Home or Media Center Edition which
are not designed for business use.
Solution
- Buy quality business-class computers. It is preferable to have
workstations that are all the same make/model for ease of maintenance
and repair. If you want your workstations to run a Microsoft operating
system (as opposed to Linux), then it should be Windows XP Pro. Buy
business-class printers, preferably laser printers that are connected
to the network and not locally to a computer.
B. Mistake
- Using a workstation computer as a server - known as a
"pseudo-server". Companies with more than 7 computers using a
pseudo-server, all running Microsoft operating systems, will start to
run into the inbound concurrent connections limitation. The
limitation is on inbound concurrent connections, not
computers
or number of users. Each workstation can make more than one connection
to a machine acting as a server. Here is a link to Microsoft's
information about this: http://support.microsoft.com/?id=314882
Inbound concurrent connections limitations:
5 for XP Home
10 for XP Pro/Tablet/Media Center Edition
49 for SBS 2000
74 for SBS 2003
Unlimited for full Server operating systems
Solution
- Get a real server running a real server operating system. Server
computers also have hardware designed to handle the the job. Buy a
server that is powerful enough to meet your needs. If you must run
Windows programs on the server, you will need to buy a Microsoft server
operating system such as Small Business Server or Windows Server 2003.
If the server will only act as a file server, you can use Linux instead
- or even a Mac server.
With a server, you should set up a domain instead of keeping the
peer-to-peer Workgroup network structure. Among other advantages, a
domain permits centralized security, control, and maintenance.
C. Mistake
- Lack of proper security and maintenance. The type of security needed
depends on your particular business, but here are some things that all
computers need to have:
1. Current
version (not earlier than 2005) antivirus with an active
subscription and updated virus definitions.
2. A firewall - this can be a software firewall
running on each Workgroup or Domain member (and the server) and/or a
hardware firewall solution at the perimeter of your network.
3. Operating
system and major applications used kept patched and current with
Service Packs and updates.
4. Security
procedures and company policies regarding computer use. Workstations running XP Pro can be
locked down to restrict user behavior with Group Policy, either locally
on each computer in a Workgroup or domain-wide from the server.
Employees should not use company workstations for private web surfing
and should not be able to install programs. This limits the ingress of
viruses and malware. Computers used for accounting, financial, or
privacy-sensitive data such as medical records should not be on the
same network as other workstations and, if at all possible, should not
have Internet access. Email use should be regulated since one of the
prime causes of virus infection is opening attachments in email.
User access to
computers should be restricted. Servers or computers with
crucial and/or sensitive data should not be accessible to all
employees. In some cases, these computers should be in a room that can
be locked. Your brother-in-law or your child should not be able to come
into your office and surf for pr0n or install games. If your business
requires visitors to attach a laptop to your network, you need
specialized security measures.
If you only have
one computer and work from home, you should not use this computer for
the family. Computers are relatively affordable now; buy a
computer for your family and do not allow them to use your business
machine. If you use the same Internet connection, do not share files
with the family computer. This will help keep your business computer
free from viruses and malware and protect your data.
If you are not
able to set up proper security yourself, hire a professional to do it
for you. If you don't know what you're doing, don't do the work
yourself. Don't rely on a friend or relative who "knows about
computers" either unless they are a computer professional and skilled
in this area of the industry. A programmer cousin may have no idea how
to set Group Policies.
D. Mistake
- No formal backup system and disaster recovery strategy.
Solution
- Be aware of what data you have and where it is stored on your hard
drive. If it is not all in one location, use a backup program like
SecondCopy (www.centered.com) to
funnel backups of all data into one folder. Understand how and where
the programs you use store your data and how to restore it. I prefer
layered backups, with data being saved or copied to a second hard drive
(internal or external) every day and then being burned to CD/DVD
regularly and taken off-site or put in a fireproof cabinet or safe. Ask
yourself "If my computer died tomorrow, what would I need to get back
in business as soon as possible? What would I lose?". If you have a
server or a pseudo-server all data should be stored there; nothing
should be saved locally on the workstations. The backup procedure must
be quick and easy or you won't do it.
E. Mistake
- Lack of organization.
Solution
- Someone in your company needs to know and be responsible for:
1. What programs
and operating systems you have installed and where the installation
media for them are. If the programs and operating systems
require product keys and licenses, they should be in one place where
they can be easily found.
2. Updating your
operating systems, antivirus program, and other important software.
I addressed this and other disaster-planning strategies in the Elephant Boy Computers Report of 11/2/05.
3. Knowing the
structure of your computer setup, usernames and passwords - how you connect to the Internet;
some details about the network and your server if you have one;
usernames/accounts and passwords for the computer, the Internet, and
email. A computer technician coming into your business to fix things
for the first time is not going to know any of this and time is money.
Important
information necessary to get your business back up and running in a
minimum of time after a disaster should be written down and put
where you will remember it. Someone must be responsible for keeping the
information updated.
Obviously if you are a busy professional with employees, you will not
be doing all this work yourself; however, you should assign the tasks
to one of your employees and you should occasionally check to make sure
these tasks are being done. If you just roll your eyes and wave your
hands around because you don't want to take the time to learn these
things, I can assure you that someday you will be sorry and there will
be Tears Before Bedtime.
Back to top
Home
5-27-06
- Endless Loop: n., see Loop, Endless.
Loop, Endless: n., see Endless Loop.
Contents:
1. Vulnerability in Corporate Symantec Antivirus
2. Vulnerability in Microsoft Word
3. Veterans Affairs warns of massive privacy breach
4. Sun Java update
5. New Yahoo Instant Messenger Worm poses as "Safety Browser"
1. A critical
vulnerability has been found in Symantec Corporate Antivirus
that would allow an attacker to execute code without user action. Here
are some articles about it:
http://www.eweek.com/article2/0,1895,1967941,00.asp
http://www.securityfocus.com/brief/217
The home products - called "Norton Antivirus" or "Norton Internet
Security" as opposed to the "Symantec" name do not have this
vulnerability. If any of you are using the Symantec Corporate product
at your business or if your company gave you a license to use on your
home machines, you should follow up on this.
2. A
vulnerability has been reported in Microsoft Word, which can be
exploited by malicious people to compromise a user's system. See this
link for details: http://secunia.com/advisories/20153/
The solution is to not open untrusted Office documents, which you
shouldn't be doing anyway. A trusted document would be one that you are
expecting and that is coming from a known-clean source. Remember, just
because you know the sender doesn't mean you should open attachments.
3. The U.S.
government warned on Monday (5/22) that a database containing sensitive
information about veterans and their families had been stolen,
after an employee violated policy and brought the data home. Here's an
in-depth article about the breach:
http://www.securityfocus.com/news/11393
4. Sun has an
update for their Java program here: http://java.com/en/
Download it and before you install it, uninstall all older versions of
Java from Add/Remove Programs. You may have multiple entries for older
versions of Java; uninstall them all.
5. A new Yahoo
Instant Messenger Worm is making the rounds posing as a "Safety
Browser". Here's an article about it:
http://www.eweek.com/article2/0,1895,1965740,00.asp
The way to stay safe is - as I'm sure you all know - by not clicking on
links and/or downloading programs sent in instant messages, no matter
the source.
Back to top
Home
6-13-06 - Nature is by and large to be found out of doors, a location where, it cannot be argued, there are never enough comfortable chairs. -- Fran Leibowitz
Contents:
1. Yahoo webmail vulnerability
2. Windows Vista beta now available to the public
3. Passwords and other important things to remember
1. There is a rather serious vulnerability in Yahoo's webmail, opening Windows users to infection by the JS-Yamanner worm. As of this writing, the service has not been patched yet. Windows users should be extremely cautious when using Yahoo Mail and block any emails from av3@yahoo.com. Here is some information about the issue:
http://www.theregister.co.uk/2006/06/12/javscript_worm_targets_yahoo/
http://www.symantec.com/avcenter/venc/data/js.yamanner@m.html
2. The big news in Microsoft Land is that a beta of Vista, the upcoming Windows operating system, is now available to the public. For those of you who might be interested in trying it out, please be very sure you understand what "beta" means. A program goes through quite a few phases before it reaches you, starting with alpha releases - very rough beginnings. The next step is a beta release - the program is still unfinished and is in the bug-checking phase but is more usable than it was. After beta, the next step is RC1 - Release Candidate 1. If there are no bugs found in it, it will become the final version. There may be more than one alpha, beta, and Release Candidate version before the final "gold" version - the one that will be released to manufacturers for public consumption. And usually there are patches to the released program to fix the bugs that got away afterwards!
You should never run beta software on a production machine or on any machine which you are unwilling to wipe.
For more information about Vista, see http://www.microsoft.com/Windowsvista/
3. After speaking to the third person who forgot or didn't know their wireless router setup information, I thought it might be useful to remind you all about keeping a record of your passwords and other important computer-related information. Naturally, it would be smart to keep this record somewhere other than only on your computer! I created a simple spreadsheet for my own use and this method might work well for you. My spreadsheet has only four categories - Item, Identity, Password, Other Notes - but that is enough for my purposes. I keep a printout of it handy, making notes on it when I add or update passwords. Occasionally I update the actual file and print out the new version. Here are some things you will need to know when setting up a new
computer, reinstalling the operating system, adding a computer to your network, etc.:
a. Computer user accounts - account names and passwords
b. Product keys/license numbers for Windows operating systems and other software
c. Internet Service Provider - master account user name and password
d. Email - user name, password, and mail server settings
e. Website accounts (banks, shopping, forums, etc.) - user name, password, email you used when you set up the account with them
f. Router information (Linksys, D-Link, Netgear, etc.) - configuration login name and password
g. Wireless router - name of your wireless network (SSID) and the encryption key.
Back to top
Home
6-15-06 - "He's dead, Jim!" -- Dr. Leonard McCoy
Contents:
1. Microsoft End of Life information, Windows 98/ME and Service Pack 1
2. Patch Tuesday
1. There are two important End Of Life announcements from Microsoft.
A. The first is for the end of support for products with Service Pack 1 applied. For most of you, this means that if you have any version of Windows XP without Service Pack 2, you will need to upgrade to SP2 in order to get any more security updates. It is extremely important that you keep your operating system current with security patches.
Windows Service Pack 2 has been available since August, 2004. If you haven't applied it, you need to do so but not without proper preparation. See the end of this section of the EBC Report for links about preparing for SP2.
End of support for Microsoft's Service Pack 1 - http://support.microsoft.com/gp/lifesupsps
Windows XP SP1 and SP1a support ends on October 10, 2006 - http://support.microsoft.com/gp/lifean19
Microsoft Office XP transitions from Mainstream to Extended Support phase - http://support.microsoft.com/gp/lifean21
Windows and SP EOL Links:
http://www.microsoft.com/windows/lifecycle/default.mspx
http://www.microsoft.com/windows/lifecycle/servicepacks.mspx
Are you still using Internet Explorer 5.5? The support for that version has ended: http://support.microsoft.com/gp/lifean20
Some of the affected Microsoft products:
End of support (Oct 10, 2006 and July 10, 2006):
SP1 for Windows:
Windows Tablet PC Edition Service Pack 1
Windows XP Home Edition Service Pack 1
Windows XP Home Edition Service Pack 1a
Windows XP Media Center Edition 2002 Service Pack 1
Windows XP Media Center Edition 2004 Service Pack 1
Windows XP Professional Service Pack 1
Windows XP Professional Service Pack 1a
Windows XP Tablet PC Edition Service Pack 1
SP1 for Internet Explorer:
Internet Explorer 6 Service Pack 1 on Windows XP Home Edition
Internet Explorer 6 Service Pack 1 on Windows 98 (end of support for
this is on 11-Jul-2006)
Internet Explorer 6 Service Pack 1 on Windows 98 SE (end of support for
this is on 11-Jul-2006)
Internet Explorer 6 Service Pack 1 on Windows Millennium (end of support
for this is on 11-Jul-2006)
SP1 for Office:
Office Professional Edition 2003 Service Pack 1
Office Professional Enterprise Edition 2003 Service Pack 1
Office Small Business Edition 2003 Service Pack 1
Office Standard Edition 2003 Service Pack 1
Office Students and Teachers Edition 2003 Service Pack 1
Office Visio Professional 2003 Service Pack 1
Office Visio Standard 2003 Service Pack 1
Windows XP Service Pack 2 Preparation:
Are You Ready for WinXP SP2? - http://support.microsoft.com/default.aspx?pr=windowsxpsp2
Download full SP2 - http://tinyurl.com/5bobl
Order SP2 on CD from MS - http://tinyurl.com/6g675
Follow the Service Pack Installation Checklist - http://www3.telus.net/dandemar/spackins.htm
SP2 links to OEMs - http://www.microsoft.com/windowsxp/sp2/oemlinks.mspx
http://aumha.net - See SP2 forums
http://www.kellys-korner-xp.com/xp_s.htm#sp2 - Windows SP2 Information, Guidelines and Troubleshooting
http://www.michna.com/kb/WxSP2.htm#General
B. Support for Windows 98, 98SE and ME finally and irrevocably ends on July 11, 2006:
http://support.microsoft.com/gp/lifean18
If you still have Windows 98, 98SE, and/or ME machines there are a few ways you can handle this.
a. Upgrade to a current version operating system. For Microsoft, this would be Windows XP Service Pack 2. Since XP has far more demanding system requirements than the older operating systems did, in most cases a computer happily running Win98x/ME will not be a great candidate for upgrading to XP. With the cost of a basic computer relatively low, a better choice is to simply buy a new computer.
b. If your circumstances permit, consider changing to a different operating system such as Linux.
c. If you do not want to upgrade the operating system and you use the older machine on the Internet, be extremely careful and practice "Safe Hex" rigorously. Some suggestions for doing this are:
i. Do not use Internet Explorer to surf; use Firefox instead.
ii. Make sure you have a current version antivirus installed (not earlier than 2005) and that its virus definitions are always updated. There are still a few antivirus programs that will run on Win9x/ME; many will not.
iii. Make sure you have a firewall installed. Again, not all firewalls will run on Win9x/ME; you will need to look around.
iv. If you have a broadband connection to the Internet (cable or DSL), buy a consumer-level router (Linksys, Netgear, etc.) even if you only have one computer. This will add protection.v. Be circumspect in where and how you surf. Here are some links about practicing "Safe Hex":
http://www.wilderssecurity.com/showthread.php?t=27971 - So How Did I Get Infected Anyway?
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://www.claymania.com/safe-hex.html
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://msmvps.com/blogs/harrywaldron/archive/2006/02/05/82584.aspx - MVP Harry Waldron - The Family PC - How to stay safe on the Internet
http://www.spywarewarrior.com/rogue_anti-spyware.htm - MVP Eric Howes on Rogue Antispyware Programs
2. This past Tuesday was Microsoft's monthly Patch Tuesday. A lot of critical vulnerabilities are addressed, so you should most certainly update.
http://www.microsoft.com/technet/security/bulletin/ms06-jun.mspx
http://www.theregister.co.uk/2006/06/14/ms_june_patch_tuesday/
Back to top
Home
7-12-06 - "I've had a perfectly wonderful evening. But this wasn't it." -- Groucho Marx
Contents:
1. Microsoft Windows Update - Patch Tuesday reminder
2. Image Shack spyware warning
3. Microsoft End of Support reminder
4. Computers and Heat
1. Yesterday was Microsoft's monthly Patch Tuesday.
If you have Automatic Updates enabled, this will happen all by itself.
If you are doing this yourself, go to Windows Update. Users of Windows
98, ME, and XP with only Service Pack 1 are not covered (see Item #3 in
this Report).
2. Many people use Image Shack
(and I'm purposely not giving a link to their site) for free image
hosting for use on web forums. A lot of teens do this in particular.
Image Shack is a popular site and has apparently added scumware to its
advertisers. Various people on a security list of which I'm a member
commented on the fact that when they clicked on a thumbnail hosted on
Image Shack, malware tried to install on their computers. Here are a
few links about the problem:
http://tinyurl.com/lsnkt
http://forums.security-central.us/showthread.php?p=8152#post8152
If you don't use image hosting,
this isn't anything to worry about. If you do - or your kids do - this
is just a heads up and a suggestion to use a different service.
PhotoBucket and IMGMonkey are good ones.
http://photobucket.com/
http://www.imgmonkey.com/
3. "Effective
today [July 11, 2006], Microsoft no longer provides support for Windows
98, Windows Millennium Edition (Windows Me), and Windows XP Service
Pack 1. Customers can access existing support documents through
the Microsoft Support Product Solution Center, but telephone and e-mail
support and security updates are not available."
http://go.microsoft.com/?linkid=5159436
If you are questioning why this is
so important, take a moment to review this month's Windows Updates and
what is covered. Many of the vulnerabilities allow an attacker to take
control of your machine. This would not be A Good Thing. To clarify,
Windows XP is still Microsoft's current operating system but in order
to get updates you will need to have Service Pack 2 installed.
If you're still not sure why
keeping your operating system current is important, read the last
paragraph of this article (quoted for your convenience):
http://www.theregister.co.uk/2006/07/11/ms_ends_windows98_support/
"In related news, the BBC reports
on hi-tech crime gangs in Eastern Europe who specialise in making
viruses that target weaknesses in Windows 98. The concern is that these
gangs may up the ante and increase malware attacks now that security
updates for the software are discontinued."
4. Now that it is most definitely Summer, give some thought to your computer's staying cool, too.
Heat and dirt are great enemies of computers. If you've never cleaned
out your computer, it is probably time to do so. With the computer
unplugged, take off the case and and get rid of the dust bunnies. Use
compressed air to gently blow out the case. I usually do this outside
on the back porch. It can be very messy. Don't use a vacuum cleaner -
they can create static electricity which will kill computer components.
Try not to touch the components with your hands. Make sure all the fans
are clean and not covered in a blanket of dust. On very hot days, I
leave my desktop machines off and work from my laptop. It helps keep
the utility bill down since otherwise the air conditioning has to work
extra hard to deal with all the heat the computers put out in the
office.
Back to top
Home
8-9-06 - "...when you have eliminated the impossible, whatever remains,
however improbable, must be the truth." -- Sherlock Holmes
Contents:
1. Google Antiphishing
2. MS Patch Tuesday
3. RIAA tactics
1. Google is working with StopBadware.org to warn people who click on links to known Evil Websites. This is A Good Thing. You can read about it here: http://www.stopbadware.org/
2. Yesterday was Microsoft's monthly Patch Tuesday.
I never set my Windows Updates to download and install automatically
since I prefer to see what is being installed and because it is a good
idea to temporarily disable your antivirus while installing Windows
Updates. However you do it, you should always install security updates
and never install driver updates from WU. It is wise to make a System
Restore point before installing updates. If you've forgotten how:
Start>Programs>Accessories>System Tools>System Restore
"Create a new restore point"
Name the restore point something useful like "before Windows Updates".
If you have problems with your computer immediately after applying an
update, Microsoft offers free tech support for issues arising from
Windows Updates.
Customers in the U.S. and Canada can receive technical support from
Microsoft Product Support Services. There is no charge for support
calls that are associated with security updates at (866) 834-8317.
Contact MS - http://support.microsoft.com/gp/contactuswindows?sd=win
3. RIAA tactics
- I have told you many times before that peer-to-peer (P2P)
file-sharing is dangerous because 1) it is one of the top ways to
infect your computer with viruses/malware; and 2) it leaves you open to
being sued by the Recording Industry Association of America ("RIAA").
Grant Robertson has written a very useful explanation of RIAA tactics
in layperson's terms on his blog. If you or anyone in your household is
doing file-sharing, I highly recommend that you read the article.
Here's the link: http://tinyurl.com/emchs
Since this is a blog, there are comments and they are interesting to read also.
Back to top
Home
9-16-06
- I hate it when someone phones me up for help with some problem and I
ask them "what's on your screen?" and they say "blood." - Brian Briggs
(BBspot)
Contents:
1. Some wireless setup tips
2. Don't forget to check the Microsoft Office website for updates
3. International Talk Like A Pirate Day
1. Since almost everyone has broadband (cable/dsl) now and almost
everyone has more than one computer, wireless networking has become one
of the most popular technologies around. In general, it is very easy to
set up a wireless network by buying a consumer-level wireless router.
Some of the most recognizable brands are Linksys, Belkin, Netgear, and
Buffalo. I don't recommend D-Link products. You buy your router, bring
it home, pop the CD into your computer's drive and follow the wizard.
And here's where most people make their big mistake - they don't set up
wireless security. This is like leaving your front door open and
inviting people to come in and trash your house and steal your stuff.
Here are some simple things to do to increase security:
a. You need a user name and password to get into the router's
configuration screens. Change this from the default setting to
something else. Write it down!
b. The SSID is your wireless network's name. Do not leave it at the
default (like "Linksys"). Change it to something you will recognize
when you see it. Write it down! I suggest that people not use their
family name. Remember, wireless networks are visible to foreign
computers. That's the way wireless works - it's "in the air".
c. Use wireless encryption. This is like requiring a lock for your
front door. For most home users, WPA2-Personal is what you want to use.
All devices on your wireless network must support the encryption you
choose. If you have an older laptop with hardware that doesn't support
WPA, you must use the older and less secure WEP standard. It's better
than nothing. You will need to enter the encryption key into each
device that you want to connect to the wireless network. Write it down!
If you are in the Fresno area, Elephant Boy Computers is happy to come
and set up your wireless network and create a working file/printer
sharing network. But because I'm a generous and caring person, here are
some links if you want to DIY:
Wireless - Basic Configuration - http://www.ezlan.net/Wireless_Config.html
Wireless - Basic Security -