27. April 2010 by admin.

4/27/10

Last week McAfee released a buggy update that deleted a critical system file which caused computers to shut down.

McAfee recently sent out a press release saying that they will cover the repair bills for the machines effected:
For customers who have incurred costs to repair PCs as a result of the security update, McAfee will reimburse them for reasonable expenses, such as a visit by a tech support specialist (such as Networking Delaware).

Details of this program, including instructions on how to submit a reimbursement request, will be posted on McAfee’s Web site within a few days. Check back often.

The press release went on to say; “Additionally, because we value our loyal customers, home or home office users whose PCs were rendered inoperable or severely impaired as a result of the security update will receive a free two-year extension of their current McAfee subscription product at no charge” .

If you were effected by this, here are the steps you can take to get the machine back up and running:

Step 1 - Locate a local toll free support number for your country. A qualified technician will diagnose your computer’s current status and determine the fastest way to get you up and running again.

Step 2 - If the technician can’t get your system up and running over the phone, we’ll get you the software to get your system up and running again. We can get you the software in one of two methods. You can either download the software fix from a working PC, or we will express deliver a CD to you.

Posted in patch testing, Patches, Uncategorized | 1 Comment »

18. April 2010 by admin.

A serious vulnerability exists in Java and Sun has known about this vulnerability since around April 9th. This exploit can occur because the Java Browser Plugin  is running “javaws.exe” without validating command-line parameters.  Last week, when confronted about the problem, Oracle said they did not consider this vulnerability to be of high enough priority to break their quarterly patch cycle.

A U.S.-based Web site, Songlyrices.com was compromised by attackers, and was redirecting visitors to a Russian server feeding the Java attack as well as other exploits.

Now that users have started reporting that they are being infected by the drive-by Java attacks, Oracle has changed its mind and issued a patch.  If you haven’t already patched this vulnerability you can download Java software at http://www.java.com/en/download/index.jsp

Posted in security, Drive-by Infection, Patches, Malware, Computers | No Comments »

10. April 2010 by admin.

The coming “Patch Tuesday on April 13th, 2010 features 11 important security and functional patches.

Here are the patches Microsoft says will be released:

Bulletin 1: Critical (Remote Code Execution) – Affects Windows
Bulletin 2: Critical (Remote Code Execution) – Affects Windows
Bulletin 3: Critical (Remote Code Execution) – Affects Windows
Bulletin 4: Critical (Remote Code Execution) – Affects Windows
Bulletin 5: Critical (Remote Code Execution) – Affects Windows
Bulletin 6: Important (Elevation of Privilege) – Affects Windows
Bulletin 7: Important (Remote Code Execution) – Affects Windows
Bulletin 8: Important (Remote Code Execution) – Affects Office
Bulletin 9: Important (Denial of Service) – Affects Windows & Exchange
Bulletin 10: Important (Remote Code Execution) – Affects Office
Bulletin 11: Moderate (Spoofing) – Affects Windows

To learn more about these patches, visit the Microsoft Security Bulletin page.

Posted in security, patch testing, Patch Tuesday, Patches, Uncategorized | No Comments »

24. March 2010 by admin.

Malware that exploits holes in popular applications is being delivered by big ad delivery platforms including those run by Yahoo, Fox, and Google, according to Prague-based antivirus firm Avast.

Malware has previously been found in ads running on normally trustworthy sites like The New York Times, the Drudge Report.com, TechCrunch and WhitePages.com. The practice has been dubbed “malvertising.”

Researchers at Avast say some large ad delivery systems including Yahoo’s Yield Manager and Fox Audience Network’s Fimserve.com (together they cover more than 50 percent of online ads), and to a much smaller degree Google’s DoubleClick, are delivering much of the Malvertising. In addition, some of the malicious ads ended up on Yahoo and Google sites, Avast claims.

“It’s not just the small players but the ad servers connected with Google and Yahoo have been infected and served up bad ads,” said Lyle Frink, public relations manager for Avast.

The most compromised ad delivery systems were Yield Manager and Fimserve, but a number of smaller ad systems, including Myspace, were also found to be delivering malware on a lesser scale, Avast Virus Labs said.

In these cases, JavaScript code that Avast dubbed “JS:Prontexi,” was found in ads delivered from those networks. Avast researcher Jiri Sejtko said this is a Trojan in script form that targets the Windows operating system.

It trys to find vulnerabilities in Adobe Reader and Acrobat, Java, QuickTime, and Flash and launches fake antivirus warnings when it does find them, Sejtko said. “The Google portion of JS:Prontexi is quite small and has gotten visibly even smaller as Google has taken steps to improve the situation,” Sejtko said. “That is not the case with Yahoo and Fox.”

Users don’t need to click on anything to get infected; a computer becomes infected immediately after the ad is loaded by the browser, Avast said.

Since the malware started spreading in late December, Avast has registered more than 2.6 million instances of it on customers’ computers.

This same post is available on my local blog at http://www.networkingdelaware.com/blogpage.html

Posted in Drive-by Infection, Malvertising, Malware | No Comments »

24. March 2010 by admin.

The Antivirus vendor, BitDefender, recently released a damaged update that marks legitimate Windows and BitDefender files as malicious. BitDefender will then quarantine these files identifying them as “Trojan.FakeAlert.5” resulting in Windows becoming un-bootable.

This faulty update only effects the 64-bit versions of Windows and furthermore the update had to occur between 8am and 11:30am on the March 20th

The company has released a press release containing fixes for the various versions located here.

The company released this message:

“On behalf of BitDefender, we are very sorry for the problems that our update may have caused. We have also released a solution to this issue, for all affected users, we invite you to access it here:

http://www.bitdefender.com/site/KnowledgeBase/consumer/#638- home users

http://www.bitdefender.com/site/KnowledgeBase/consumer/#643- BitDefender Business Client users

http://www.bitdefender.com/site/KnowledgeBase/consumer/#642- Bitdefender Security for File Server users

Posted in patch testing, Patches, Virus, Trojan, Malware | 1 Comment »

10. July 2008 by admin.

I feel kinda lucky I am able to write this blog entry… or at least to upload it to this site… This morning I woke up, fired up the old laptop, clicked on IE7 … and …. nothing.  Everything just kept timing out.
Huh… what to do…what to do… I tried different browsers…Firefox, Opera, Safari, Polstergeist… same ole … same ole…

The first troubleshooting step I tried was ipconfig… Yep… I did indeed have a valid IP address all right, and in the right range too…huh… Let’s try…  ipconfig /release;  ipconfig /flushdns;  ipconfig /renew… I got the same IP address I originally had and the same problem too… No web browsing happening here.

Then I tried pinging one of the web sites for my Delaware network support company;  good old www.adminassociates.com …. Huh… weirder and weirder… no lost packets… ping works, so apparently the DNS server is servin’ too but still, browsers don’t work.

Then I tried disabling my Zonealarm Pro Firewall (but turned on the Windows firewall, just in case).  Wow… the browser now works fine… so what’s up with Zonealarm?  I looked at everything and nothing seemed out of  spec. I felt it was odd since this particular firewall has never a problem for me… very reliable; very easy to configure…very trustworthy.  I re-enabled  Zonealarm, disabled the Windows firewall, moved the “Internet Zone” slider down from high to medium and the browser started working again. Move the slider back up and the browser stopped working again.

Like I said… weirder and weirder…so it’s definitely a Zonealarm problem, but why…What could have happened?   Aha… yes… two days ago was patch Tuesday. I’ll have to Google this, but first, what else I need to find out what else is happening in my world.

I went back to my working combo of Windows Firewall on and Zonealarm off and started my email client.  About the third message I received was from Microsoft talking about a major bulletin revision … not a patch revision mind you, just the bulletin:

Bulletin Information:
=====================

* MS08-037 - Important

- http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
- Reason for Revision: V2.0 (July 10, 2008): Bulletin revised to
inform users of ZoneAlarm and Check Point Endpoint Security
of an Internet connectivity issue detailed in the section

So, in the final analysis, downloading a newer version of Zonealarm (that apparently wasn’t available before today) solved my problem, but can you imagine if this happened at a corporate office with a couple hundred workstations?

I know not too many offices use Zonealarm, but what if they did?  What a pain to update 200 workstations, in emergency mode (read pressure), and probably with the expectation that it would (could) be completed in one morning.

This is just another example of why all patches should be thoroughly tested on a lab unit before being put into a production environment.

Now, I became a victim by not following my own advice, but that was on my personal laptop.  I create an image of the drive at least every couple of days and sync important files to my basement server so I am never in danger of losing too much, but it’s a real balancing act when you are responsible for for than your own machine.

On one hand, you want to wait for version 2 of all the patches… let someone else report the pain…and at the same time you know “Day Zero” is a real threat and today might just be that day.

I always make sure I get a really good full backup, especially on Monday nights… just in case.

Good luck and good networking !

From way down in the trenches…. I’m Tom

Custom Search

Posted in Patch Tuesday, patch testing, drive imaging, Patches, Worm, Malware, Trojan, Virus, Networking | No Comments »

2. July 2008 by admin.

I just read a story where is was stated that one in three technology professionals admitted to snooping on their fellow colleagues. Here is the story.

I know I am opening myself up for criticism from the geek community, but I find that absolutely reprehensible. The epitaph “Holier then thou” comes to mind, but I really mean it… using your administrative privileges to snoop on others is not only immoral but usually illegal.

All that is required is a little self-discipline with a smidgen of empathy thrown in, and those urges can be shoved aside.  Believe me… I’ve been tempted, but realizing the potential for abuse I have set my mind on operating at a higher plane.   Integrity costs you nothing…dishonesty can cost you everything.

This is not to say that users should not be monitored.  If the company has a valid Acceptable Use Policy in effect, then it may become your job to monitor their actions.

It simply has to be done fairly and across the board…everyone or no one, and with no personal interest.

I have found Spectorsoft (Spector CNE) to be a great monitoring system.  It meets the criteria for automated monitoring of all employees’ actions. Here at my Wilmington Delaware network support company, Admin Associates, we have been using and recommending it for several years.  You can see exactly what a specific user is doing in near-realtime and you have a history of past actions as well. The monitoring is done on a user by user basis and is not machine specific.

You don’t need to read an employee’s mail to see they are receiving more non-business mail then legitimate correspondence. Usually the subject line can give it way.  If you MUST read the mail to ascertain it relevance, a brief scan will almost always clue you in to what the message is all about.

If company policy says IM’s are too much of a security risk, then you don’t need to read the individual IM’s to know the user is violating the rules.

You can see who is browsing to eBay more then to the company Intranet…it’s not necessary to see what they were bidding on, or if they won!

When it becomes your unpleasant duty to drop a dime on the offending user, you can usually pass along the decision to carry out further “snooping” activities to a higher pay grade.  They often have err…less stringent standards then we admins do.

Good Luck and Good Networking

From way down in the trenches … I’m Tom

Custom Search

Posted in honesty, integrity, Acceptable Use, Monitoring, Networking, Administration, Computers | No Comments »

27. June 2008 by admin.

I just read an article about another 51,000 credit card numbers going into the wind… See the article here…

These stories scare the bejeebies out of me… I guess it’s a “there, but for the grace of  God, go I” kind of thing.  How would I know if someone has my credit card information?  Apparently the company that bought the rights to the Montgomery Ward name didn’t feel it was important enough to let their unlucky customers know.

I wonder if someone has any of my financial information.  I am pretty sure there is no key-logger installed on any of my own computers…make that 99.999% sure, but not 100% sure.

Since I constantly work with other people’s data, I am especially sensitive to the possibilities and careful to stay as infection-free as humanly possible.  But since I am human, I can’t be 100% certain… No one can. Firewalls, anti-virus, anti-spyware, and Trojan remover software…all of these things stand guard between me and thee, but is it enough?  Who knows?

As we move out from my semi-controlled environment and into the technological wilderness of my client’s accounts, I become more and more concerned.

At my Wilmington Delaware network support company, we always spend extra time stressing to our clients just how important safe surfing and safe-email practices can be.  We spin a lot of  “what if” tales to illustrate just what can happen if you let your guard down for even a minute.

We’ll take a computer with a new, unpatched installation of XP and set it in the client’s DMZ, then check it a couple of hours later. Almost every time you’ll find that the available free drive space has shrunk by 2 to 3 gigs. This is  a great argument for when a client thinks they are too small to be of interest to a hacker. There just “ain’t no such animal” as an installation that is of no interest to a hacker.

We monitor our clients’ anti-malware installations and make sure the signature files get updated daily. We check the status of the firmware of the hardware firewalls daily. We make sure that all available patches are up-to-date (after checking them for unexpected results).  We run Snort intrusion detection on our larger clients.  We train.  We explain. We do pen testing.  And still, I worry if some client is giving away the keys to the kingdom… right now.. this very minute.

Posted in Virus, Worm, Trojan, Malware, Networking, Troubleshooting, Computers | No Comments »

7. June 2008 by admin.

For quite some time now, hackers have been infecting web sites with malicious code by using SQL injection and iframe injection attacks. This operation is usually performed at, or right before the times when traffic is historically at a high for the day, thereby infecting the greatest number of visitors.

Unfortunately, you do not have to do anything particularly dumb to become infected.  If you navigate to one of these infected sites you will get an infection from embedded malware scripts.  This is commonly referred to as a “drive-by” infection.

I say you don’t have to do anything dumb because the sites I am discussing here aren’t porn sites, or ‘warz and serialz” sites…going to those sites would definitely qualify as dumb. No, they are often  some of the most popular and well known sites on the net… even news, weather, and public information sites

I provide Delaware Network Support all over the state and the surrounding areas. When you have this kind of business, you run into all kinds of infections.  Sometimes the users know they are infected, but most times I only find the infection when looking for reasons for poor performance or odd happenings.

This is where a really good anti-malware program comes in,   AVG 8, for instance, installs a component called “link Scanner” that blocks infected websites and checks links on search engines for these threats.

I suggest you check it our, and sooner than later.  Who knows… your favorite site may be next to fall to the black hats.

Good Luck and Good Networking

From way down in the trenches… Tom

Custom Search

Posted in Worm, Software, Virus, Trojan, Networking, Malware, Computers | No Comments »

3. June 2008 by admin.

There are a lot of things you can do, or not do, to almost guarantee computer problems.  I sometimes have a hard time understanding why people do the things they do… I mean, what are they thinking?

Here’s a perfect example:

I just got a call from a lady who was nearly hysterical. She works for one of my corporate clients and about three months ago she called me to ask what brand of computer she should get for her personal use at home.  I gave her my opinion (free of charge of course, as she expected, even though I do provide support for Delaware computer networks for a living) and never heard from her again until yesterday.

It seems there was a thunderstorm here last night (I must have slept through it) that messed up everyone’s power.  Clock Radios and VCR’s were blinking, TV’s had to be reconfigured… all the little annoyances that accompany a power outage. Come to think of it, I’m surprised my UPS didn’t wake me up with its little beeping alarm.

This lady was nearly in tears.  Apparently she had left her computer on overnight during the storm.  This morning she sat down at her desk and realized the computer was off.  She pressed the on button and …. Nothing.

The first thing I suggested when she called was to check her surge protector to see if it was on…. A long silence… followed by a weak meek voice that said “What’s a surge protector?”   “What’s your computer plugged into?” I asked, suddenly pretty sure I already knew the answer.  “The wall plug” she answered.

So, although I ALWAYS tell people to use a surge protector, or better yet a UPS, apparently that advice goes in one ear and out the other.  They call me for advice on how to get the best equipment for the lowest cost, but ignore the advice on how to protect the equipment I recommend.

Anyway, as we talked I suggested that she unplug the power cord from the back of her PC.  I then went on with my mini-tirade about the perils of power surges and about two minutes later, told her to re-plug her computer and try it again.  (drum roll please)… Ta Dah… it worked.

Many power supplies work in this way when they experience a slight surge… IF YOU ARE LUCKY!  Apparently, unplugging the power cord allows some capacitors to discharge. Whatever the cause, simply turning the on-off switch to off doesn’t do the same thing.

I strongly advise having at least a good name brand surge protector, but if you truly value your computer and the data you have stored there, go for a UPS.  A surge protector just protects against… well… surges.  A UPS, on the other hand, actually conditions the power coming into your system, preventing not only surges, but power drops, sometimes called “brown-downs”, slight changes in input frequency, and since it’s a battery backup, even short power failures.

Good Luck and Good Computing.

From way down in the trenches… Tom

UPS Unit

Surge Protectors

Posted in UPS, Power Surge, Power Supply, Uninterruptible Power Supply, Surge Protectors, Networking, Troubleshooting, Power Failures, Computers | No Comments »