It’s That Time of the Month Again!!!!

Yup, it is that time of the month again…..where does the time go?  But tomorrow 10/13/09 is Patch Tuesday once again.  The only thing different is that this update is purportedly going to be the largest security update ever from Microsoft.  Make sure that you have your Automatic Update turned on or go to www.update.microsoft.com (using Internet Explorer as it will not work with other browsers) to get the updates which will be available at some point tomorrow.  Make sure that this gets done as there are some critical updates in this patch that, unless fixed, could allow remote access of your computer. Hackers know this and will be launching malicious code as soon as they can see what these updates are, so that they can create malicious sites in order to attack computers that have not been updated.

Now as always, make sure that you create a new restore point before installing the updates as well as making sure that your back-ups are current.  For more information on Back-ups, check out my post HERE

And as always, this update will include definition updates for Microsoft’s Malicious Software Removal Tool.  Even though, it does a quick scan after installing, it is my recommendation that you do a Full Scan just to be sure that anything malicious on your computer is removed.  To do a Full Scan, Vista users, click on Start, then in the Search Dialog Field, type in “MRT.exe” and press Enter.  Then do a Full Scan. If you are using XP, click on Start, then Run, in the dialog field that opens type in “MRT.exe” and press enter.  Again, do a Full Scan.  Keep in mind that this scan takes a long time, and could take 3 hours or more depending on your computer and it will slow your computer while scanning.  I recommend you do the scan overnight.

These updates are listed as critical so take the time and keep your computer secure.

Happy Computing to all!!!!

Fan Check Virus….Fact or Fiction

Within the past week, my Facebook account has been seeing a lot of posts warning people of the dreaded Fan Check virus.  But is this really a true virus?  Well after a bit of investigation, it turns out that according to security experts at Sophos, the dreaded Fan Check virus is, in fact, not a virus at all.  It will not download any malicious software to your computer or turn your computer into a Zombie and become part of a Botnet.  However, that does not mean that this bit of software is completely benign and can be used without fear.  Although it is not a virus, it is an incredibly poorly written application that can cause chaos on your Facebook page.  Your Wall could become all jumbled and be unusable as well as other problems to your account.  But again, this is not a malicious software, aka virus. But don’t fear as, as of the date of this post, Facebook has taken Fan Check down and is investigating.

The fact that it could cause unwanted things to occur on your Facebook page is not the real ominous evil behind this application.  Because of the increased chat regarding this subject on the internet, it has opened the eyes of scammers and as a result, malicious sites are popping up all over the place.  By doing a Google, Yahoo, or Bing search for “Facebook Fan Check”, you will receive a large number of hits regarding this subject. But do NOT click on these returns. Why? Because a large number of these pages that are returned from the search, point you to malicious websites.  Scareware is the primary concern and danger.  Clicking on one of these sites will cause a pop-up to occur, which states that your computer is infested with viruses and that you should download their software to clean your computer. THIS IS A SCAM!!!  You are not downloading a virus scanning software, but instead, you are downloading malware, specifically, a Trojan Horse.  This will now open your computer for all kinds of annoying pop-ups, or even worse, other Trojan Horses, spyware, and worms to get into your system.  So stay away from the temptation of searching for “Facebook Fan Check”, as it could spell the beginning of the end of your computer happiness.

HERE is what Snopes.com has to say about it……

AutoRun Function – Security Risk

This piece may, quite frankly, be of absolutely no interest to many of you as most do not even know what this is.  I believe that the AutoRun feature in Windows is a huge security risk, especially since the Conficker hub-a-bah-loo.  But now, don’t let me get a head of myself.  First things first….

What is AutoRun?

AutoRun is a feature in Windows in which you can dictate what action your computer will take when a drive is mounted.  Meaning, when you insert or plug in a cd/dvd, thumb drive,  or any other external data source, you can tell the computer what you want it to automatically do with it.  You can specify anything from automatically downloading data off of the source, to doing absolutely nothing.  The latter is my preference, when I plug a thumb drive into a USB port, I do not want the computer to do anything.  Unfortunately, Microsoft thought otherwise when it released XP and Vista.  Now in their (Microsoft’s) defense, when XP was released it really was not such a big deal to have iTunes or Media player open and start playing a CD as soon as it was loaded into the computer.  However, it has now become a real big security risk.  Conficker was originally spread using infected thumb drives.  Once an infected thumb drive is inserted into an AutoRun enabled computer, it would automatically download the worm, without the user doing anything.  I want to see what is on the disk before anything is started.

This has been a venue for spreading malware for a long time.  In the early days, all malware was spread through infected floppy disks as the internet was not a viable venue.  Now, however, let’s say that you visit the library or any other public location where a computer is available.  You do a search for some information and decide to download the info and put it on your thumb drive. Well, if that computer that you are using is infected, now your thumb drive is also infected, so as soon as you plug that into your own AutoRun enabled computer, your own computer is now infected.  From there you can spread the malware via email, IM’s, etc, without you even knowing.  You get the gist.

So how do you disable this function?  Well, it is not for the faint of heart as it requires making a registry change.  Now before we get started, let me tell you that changing registries can be dangerous, changing the wrong registry entry could cause your computer to crash and worse yet, not even boot. So, if you are not adventurous, DO NOT ATTEMPT THIS!!!! Also, you have to make sure your version of Windows is completely updated.  If you are not sure whether you have all the updates, using Internet Explorer, go HERE to check. (THIS IS IMPORTANT)

But for the courageous, like me, let’s start at the beginning.  Just in case, make sure all of your personal data (ie. Music, Photos, Documents, etc.) are backed up on an external drive.  If you are not sure, check out my post on backing up HERE.  The next thing that you need to do is back up all of your registry entries.  This is pretty simple.

Using XP, click on the Start menu and select Run.  In the dialog box, type “regedit.exe” without the quotes of course.  In Vista, click the Start Menu and in the search dialog type “regedit.exe”, again without the quotes. In both instances click Return (Enter).  From here the two operating systems have the same procedure.  In the left hand pane of the window that opens, make sure that the My Computer (Computer, in Vista) option is selected.  It will be all the way at the top.  DO NOT CLICK ON ANYTHING ELSE!! Then in the title bar, select File>Export, then select the location where you want to save this backup and the name of the backup. I recommend just saving it to your desktop, you can move it later if you so choose.  Select Save, and the backup will be created.  Close out the Registry Editor and restart your computer.  Once it restarts, make sure that the registry backup that you just made is on your desktop. You may need this should something go horribly wrong with the next step.

Now it is time to get your hands dirty.  Do not attempt the following if you have not backed up your data and your registry.

I was going to explain how to navigate through the file system in the Registry Editor, and I do not mean this in a demeaning manner, but I decided against it, as if you do not know how this is done, then you probably should not be attempting this.

OK, here we go.  In XP, click on Start>Run….in the dialog box type “regedit.exe” (you already know not to use the quotes). In Vista, click on Start, then in the search dialog type “regedit.exe”.  Now comes the fun.  From here you need to navigate to the following:

HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>

Policies>Explorer

Once there, double click on the “NoDriveTypeAutoRun” option, which will be in the right hand pane.

Now in the “Base” field, make sure that “Hexadecimal” is selected and it should be by default.  Then in the “Value Data” dialog box, change the value to “FF” (no quotes). Then select OK and you are done.  Restart your computer. Now when you plug in any external data device, like a CD/DVD, thumb drive, etc. your computer will do nothing.  You will need to navigate to it using MyComputer (XP) or Computer(Vista) and open the files manually.  This will give you time to inspect the volume’s content and scan it for malware, before actually mounting the drive.  Security wise, this is much safer than allowing the drive to mount itself and just do it’s thing, which may be to download malware.  You just never know.

Wow, that got pretty geeky.

WHAT FUN!!!!

Again!!!!!

Here we go again!!!!  Adobe has announced yet another “Zero Day” exploit that effects it’s current versions of Flash, Reader, and Acrobat.  Adobe has released a statement saying that they believe that this exploit is already being utilized and that caution should be used when visiting sites that are not trusted.  The exploit could cause the application to crash or worse yet could allow hackers to take control of unprotected computers via a “Drive By” attack. I don’t want to bash Adobe but this seems to be something that is happening at an alarming rate.  These type of exploits were also reported, by Adobe,  back in December ’08 and again in May ’09.  Now to Adobe’s credit, patches were released to fix these holes, but once again, here we are.  We all use Flash in our internet searches, although many of us don’t even know it.  Flash is what allows those little videos and animated ads to play in your browser.  Reader, allows you to open .pdf documents.  Now most of us just use Adobe products by default and don’t even realize that there are alternatives. Now I am not going to start recommending these products as I think Adobe’s are still the best.  That being said, I think that they (Adobe) needs to start upping their security procedures.  Their code has obviously been weak.  Now again to Adobe’s defense, they have made a statement saying that they are implementing security initiatives which would include “code hardening” which means that they would pay more attention to their code in order to make sure it is more stable and less exploitable, “Incident Response Improvements” meaning they will respond to known exploits in a timely manner, and “Regular Security Updates” which is self explanatory. Although it is a good start, it kinda reminds of Microsoft’s approach, to the same issues, over a decade ago, and we all know where that got them.

Adobe has stated that they will have patches for these exploits by late next week (week of 7/27/09), so keep an eye out for updates to Flash, Reader, and Acrobat.

I am going to stick with Adobe on my Windows computers, but I will not for long if this continues.  They are on the right track, but still have a ways to go.  I am rooting for you Adobe!!!!

By the way, these exploits effect Windows, Mac, and Linux computers……

I will let you know when the patches are issued and where you can get them as soon as they are available so stay tuned……

Comments???

Stealth Fighters

Air, Sea, and Land Superiority….This is the key to winning any modern day battle, right?  Well, we’ve got it….Stealth capabilities, Mach Speeds, Laser Guided Missiles, Heat Seeking Missiles, Drones, and a myriad of other tools that were created to give the U.S. superior capabilities in the event of a crisis.  But something new has crept into the fray here that could jeopardize our National Security and those of our allies.  What is this new weapon?  What could possibly cripple a country with the capabilities as the U.S. and other countries like Russia, Great Britain, France, and China.  Nuclear weapons, well maybe, but their is a new weapon out there that could be much more devastating, as we would all still be here.  So again, what could this possibly be?  Well I will tell you…….Technology!!!!  Now you would think that a country as technologically sophisticated as the U.S. could not possibly be effected by an attack on our technology infrastructure.  Well, the truth of it all, is that it has already happened.  Earlier this year, our electrical grid was found to have been penetrated.  Just recently, over the 4th of July, a cyber attack was completed, via a botnet, in which many websites, including the U.S. Treasury’s, Secret Service’s, the FTC’s, the White House’s, and the Stock Exchange’s websites were hit with a DOS (Denial Of Service) attack which slowed them to a crawl or completely shut them down.  The fact is, the U.S. is a top target. According to a former CIA Official, there were more than 37,000 breaches reported against governmental agencies and private systems in 2007, and stated in a recent military recruitment commercial, more than 6 million attempts per day.  Estimated costs on our economy has been found to be more than $200 billion annually. The truth is, this is a serious problem and one that needs to be addressed.  Can you imagine if our communication, electrical, and/or financial grids were brought down in an attack……How would we (the world) survive.  Ours, and other country’s economies would come crumbling down, or at least be seriously compromised.  GPS would become unusable.  Satellite communications could be halted. Cyber attacks are the way of future espionage…no more James Bond’s.  Hackers could feasibly learn more about our infrastructure via a successful attack against…..say…..the Pentagon.  Now I know, there are safeguards against this, but cyber attacks are becoming more and more sophisticated and all that needs to occur is, for us, to drop our gloves, just once.  This is something that should become top priority within our Military and Homeland Security  Departments.

This is what I think……

What are your thoughts????