Thursday, December 31, 2009

Happy New Year!

New Year's Eve brings many thoughts to mind. This year it is filled with prayer's for my friend Tara's Mom. It is also a day when I think of my dear friend Pat and wish he were still with us to celebrate his birthday.

To my family and
friends, both real and virtual from places around the world, I wish you a happy, healthy and prosperous 2010.

The
Irish Blessing below holds a special meaning to me so again I share it with each of you,
May your days be filled with wine and roses.



May love and laughter light your days, and warm your heart and home.

May good and faithful friends be yours, wherever you may roam.

May peace and plenty bless your world with joy that long endures.

May all life's passing seasons bring the best to you and yours!


Happy New Year!









Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Saturday, December 26, 2009

So, You Have a New Computer . . .

Congratulations! I am sure you are really excited about the new computer. Unless it is laptop_Win7a netbook, the computer will have Windows 7 installed. Although Windows 7 has many security features, there are still steps needed in order to protect your new computer.

I recommend the following steps before you go online,

1) Configure Windows 7 for a Limited User Account. This is a simple step and will help protect your account should your computer become infected. Step-by-step instructions are available in Steve Friedl's article “Configuring Windows 7 for a Limited User Account”.

2) Create a Password Reset Disk.

If you forget your computer password, you can use a password reset disk to create a new one. To create a password reset disk, click the Start button and type User Accounts in the search box. The link is located in the left pane.

3) Software Firewall.

Even if your computer is behind a router or you plan on using a different software firewall, you don’t want your initial online experience to be unprotected. Open Windows Firewall by clicking the Start button and typing firewall in the search box. Select Turn the Windows Firewall on or off from the left pane.

4) Windows Update.

Confirm that Windows Update is turned on so that any updates since your computer was built can be downloaded when you go online. Again, the fastest way to get there is to click the Start button and start typing update. Select Windows Update.

The minimum steps have now been completed so you can finally connect to the Internet. Not that you finally made it, the first step is to download and install an antivirus software.

5) Antivirus Software.

There are several antivirus software programs that are free for personal use. However, in testing the free versions do not score as well as their paid counterparts or Microsoft Security Essentials (MSE) which is also free for personal use and can be downloaded directly from the dedicated Microsoft web site at http://www.microsoft.com/security essentials. (Instructions for installing MSE are available here.)

Two of the free antivirus software programs that I recommend to people with budget constraints are avast! 4 Home Edition and Avira AntiVir PersonalEdition Classic. My favorite subscription antivirus is ESET. Another excellent program is Kaspersky.

6) Anti-Malware and Monitoring Software.

It is strongly recommended that you maintain at least one and, depending on your surfing habits, perhaps two updated anti-malware software programs on your computer. Microsoft provides Windows Defender, although if you install MSE, Windows Defender is replaced by the anti-malware portion of MSE.

An excellent choice for a supplementary program is Malwarebytes' Anti-Malware (MBAM), which is free for personal use. MBAM also has a licensed version available which includes the “Realtime Protection Module” which uses an advanced heuristic scanning technology which monitors your system to keep it safe and secure.

SUPERAntiSpyware is another popular anti-malware program.

There is one more program that is actually the first thing I install on my computers -- WinPatrol. WinPatrol is free for personal use and also has a one-time payment licensed Plus version. The features listed below are the primary reason I use WinPatrol, described more fully at the Win Patrol Features page:

  • Delay Startup Programs
  • Warn if AutoUpdate Status Changes
  • Track Date/Time Programs are First Detected
  • Prevents Changes to File Type Associations
  • Keylogger Detection
  • Kill Multiple Tasks in One Step
  • Twenty Thousand Program Descriptions
  • Disable Vulnerable Active X Controls
  • Create Hijack Style Log Files

7. Adding Hardware and Software.

If you have Microsoft Hardware that you want to use on your new computer, the correct software for Windows 7 is available at the Microsoft Hardware Support for Windows 7 website. Check the vendor site for other brands.

Check the Windows 7 Compatibility Center to find out what software and hardware are compatible with Windows 7. You can also download drivers and updates from the Windows 7 Compatibility center.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Now that you have the basics covered, there is a wealth of information provided by Microsoft at the Windows 7 Help & How-to website. From there you can find help for installing new hardware, backing up your files, how to personalize your PC or transfer files and settings from another computer as well as a security checklist and much more.

For more in-dept information, Talking About Windows provides a behind-the-scenes look windows 7. It is a video blog with contributions provided by Microsoft engineers who helped build Windows 7.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, December 24, 2009

Merry Christmas, Ukrainian Style

Merry Christmas to all my family, friends and Security Garden readers. Whatever traditions you celebrate, I extend warmest wishes to each of you and your family. May you enjoy the spirit of Christmas every day of the coming year.

We celebrate Christmas Eve following Ukrainian tradition. In that spirit, I would like to share with you my favorite Ukrainian Carol, Shchedryk, commonly referred to as the Carol of the Bells. This rendition was performed by the Irkutsk University Choir.





 
Remember - "A day without laughter is a day wasted." 
May the wind sing to you and the sun rise in your heart...

Wednesday, December 16, 2009

A Childhood for Every Child

childhood_med

What are your favorite childhood memories? Mine include spring and summer gatherings of the children from the around the neighborhood in our large side yard playing baseball. The autumn meant jumping in piles of leaves and winter brought snow angels and ice skating in the frozen pond in back. It did not matter age or gender. Everyone had fun.

Not all children have the luxury of happy memories. Sadly, there are thousands of children subjected to sexual abuse and exploitation. These children are victimized over and over as recordings of the abuse are shared online among pedophiles as child pornography,

As explained by Ernie Allen, President & CEO, National Center for Missing and Exploited Children, in A Childhood for Every Child:

“Child pornography worldwide, and particularly in the United States, has exploded with the advent of the Internet. Here at NCMEC, since 2003, we have reviewed and analyzed almost 30 million photos and videos of child pornography, and we project that nine million child pornography photos and videos will be reviewed and analyzed in the coming year. As much as the Internet has improved our daily lives, it has also allowed people to access child pornography with limited risk of discovery, and encouraged pedophiles to build networks that validate and facilitate their depraved desires.”

In an effort to assist in the effort to fight this abuse, Microsoft is donating a new technology, PhotoDNA to the National Center for Missing & Exploited Children (NCMEC). PhotoDNA, was initially created by Microsoft Research and was further developed by Hany Farid, a leading digital-imaging expert and professor of computer science at Dartmouth College. The goal is to help NCMEC in its efforts to find hidden copies of the worst images of child sexual exploitation.

The following short video explains how PhotoDNA works (Silverlight required).

Help fight the problem of child sexual abuse and exploitation. If you see it, if you know about it, if you suspect it, report it to NCMEC by e-mail or call 1-800-THE-LOST.

Related Information:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox Security Update 3.5.6

Mozilla released Firefox version 3.5.6 which includes the security updates referenced below as well as several stability issues. Updates MFSA 2009-65, -66 and -67 are identified as Critical.

To get the update now, click Help -> Check for Updates.

Fixed in Firefox 3.5.6
  • MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects
  • MFSA 2009-70 Privilege escalation via chrome window.opener
  • MFSA 2009-69 Location bar spoofing vulnerabilities
  • MFSA 2009-68 NTLM reflection vulnerability
  • MFSA 2009-67 Integer overflow, crash in libtheora video library
  • MFSA 2009-66 Memory safety fixes in liboggplay media library
  • MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ 1.9.0.16)


References:


Clubhouse Tags: Clubhouse, Security, Vulnerabilities, Updates, Information

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, December 15, 2009

Critical Adobe PDF Vulnerability: Disable JavaScript!

AdobeIcon No relief appears to be in sight as far as Adobe product vulnerabilities this year. Here is hope that 2010 proves better for Adobe security.

In the meantime, however, there is yet another vulnerability in Adobe Reader and Adobe Acrobat 9.2, including all earlier versions, being actively exploited in the wild. although the exploit is actively being used by attackers, at this time the number of attacks are limited. This is expected to change within the next few weeks.

All users of Adobe Reader and Adobe Acrobat 9.2 are strongly encouraged to incorporate the suggested workaround by disabling JavaScript in Adobe PDF Reader/Acrobat:

Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript

For home use, you may wish to replace Adobe Reader with an alternate PDF reader. Other options are available at http://pdfreaders.org/.

Update: Adobe PSIRT announced plans to issue an update to Adobe Reader and Acrobat by January 12, 2010. In addition, the official Security Advisory was posted at Adobe - Security Advisories: APSA09-07


References:



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, December 10, 2009

Facebook Privacy

As announced last summer, the Facebook privacy policy has been updated. Unfortunately, when Facebook members are presented with the update, the default entry is “Everyone”. As those of us who spend time in the security arena are well aware, people tend to miss or click past pre-checked settings. I suspect Facebook advertisers are hoping that will be the case with the recent changes.
Following are screen copies of what is presented to Facebook members.
1) Privacy Announcement

FB_Privacy1

2) Update Privacy Settings

FB_Privacy2

3) Confirmation
FB_Privacy3
There are other issues relating to your privacy that most Facebook members are unaware of as well. It has to do with applications accessing your settings -- you know, the Mafia, Farmville, What animal is your spirit guide, What is your ruling plane, Quizes, and all the rest that show up as invitations.

As Bill Pytlovany explains, it is not only the games. When you take a quiz, or even donate to “Causes” you are providing access your personal information. When your friend allows an application, they give away all your information too. See Facebook Simplifies Sharing your Personal Info and Who Gets Your Personal Information on Facebook? and then lock down your Facebook profile settings by clicking on “Settings” (located at the top, right corner of the page). Select“Privacy Settings” in the drop-down menu and consider changing the settings from Everyone to a more modest approach such as Friends of Friends.

You can also change the access that specific Applications have to your information. Click Applications in the bottom left corner of the Facebook page and select "Edit Applications". Review the various permissions provided to applications in the drop-down menu identified as "Show".




Facebook Information:
References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, December 09, 2009

Introducing WinPatrol PLUS Family Pack


Just in time for the Holidays, BillP Studios introduced the WinPatrol PLUS family Pack! The PLUS Family Pack license is valid for immediate family. As a result, for only $49.95 you can upgrade to WinPatrol PLUS and use the same PLUS code on your desktop, laptop, your spouse's computer, as well as your children(s) computer.

Stuck on gift ideas for your sister, brother or best friend? A WinPatrol PLUS Family Pack license is the gift that keeps on giving. It isn't a subscription, it is good for life.

As Bill Pytlovany explained,
"This is a limited offer but I hope it will make the holidays brighter especially for those of you with large families."
Click here to Order

WinPatrol works on all Microsoft Windows Operating systems.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, December 08, 2009

Microsoft Security Bulletin: December 2009


Microsoft released six security bulletins addressing a total of 12 vulnerabilities. The updates affect Windows, Internet Explorer and Microsoft Office.

Affected products include Windows, Internet Explorer (IE) and Microsoft Office products. Additional information regarding the severity and exploitability are available in the MSRC blog, linked below.


Critical

Important
References:


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, December 03, 2009

December 2009 Bulletin Release Advance Notification

On Tuesday, December 8, 2009, Microsoft is planning to release six new security bulletins addressing 12 vulnerabilities in Windows, Internet Explorer (IE) and Microsoft Office products. Three of the bulletins have a maximum severity rating of Critical and three have a maximum severity rating of Important.

As indicated by Jerry Bryant in the MSRC Blog, the updates touch all supported versions of Windows and IE. Expect that a restart will be required. In addition, Jerry reported:

"We want to make customers aware that we will be addressing the vulnerability discussed in Security Advisory 977981 in the IE bulletin on Tuesday. We know that customers are concerned about this issue and we are also aware that Proof of Concept (PoC) code is available publicly."



References:



Clubhouse Tags: Clubhouse, Security, Updates, Microsoft, Information


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Security Advisory for Adobe Flash Player

AdobeIcon Adobe released Security Advisory APSB09-19 affecting Adobe Flash Player 10.0.32.18 and earlier versions and Adobe AIR 1.5.2 and earlier versions. Adobe has announced a security update to resolve critical security issues for these products on Tuesday, December 8, 2009.

As defined by Adobe, a critical security issue is a vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.


References:



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...