Sunday, November 28, 2010

Command Prompt Series, 7Tutorials

I must apologize to Security Garden readers who use Windows 7.  I have neglected to provide a link to a site that I have been following for a long time.



I was reminded of this omission recently after following the excellent series of tutorials at 7tutorials on using the Command Prompt in Windows 7.  If you are not familiar with how to use the Command Prompt or would like to learn additional features, I recommend the illustrated tutorials listed below.




The primary reason I like 7tutorials is the care site owner, Ciprian Rusen, and the editorial staff take in preparing the information for publication.  This is exemplified in the site Mission Statement:

"Just like yourself, we are tired of encountering sites which publish bad tutorials that ruin your computer instead of fixing it. We are also tired of editors who write tutorials in a rush and miss some important steps, site owners who shamelessly rip-off other sites, or those who don't thoroughly test their solutions and don't answer all your questions.

Our team has one simple mission: provide complete tutorials for Windows 7. We want to offer quality, not quantity. You might see our site updating less often than others but that's because we will do our best to offer quality articles."

There is a wealth of information available at 7tutorials.  I encourage you to check it out.  This site definitely deserves to be in the Spotlight!

Clubhouse Tags: Clubhouse, Microsoft, Windows, Tools, Information, Help,


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Saturday, November 27, 2010

Online Shopping Safety Tips

After dealing with the crowds in the stores shopping for great deals on Black Friday, many people have sworn off the brick and mortar stores in favor of online shopping.  Others will be searching for specials on "Cyber Monday" to complete their Holiday gift shopping.

Cyber Monday is the Monday after Thanksgiving when most Americans return to work after the long Thanksgiving Holiday weekend. It is the day when stores generally have their best online special deals.

We all know the precautions to take when shopping at the local malls -- carefully secure your credit card after making a purchase, put your wallet in an inside pocket, don't carry your purse loosely, be aware of your surroundings when walking to your car, have your car keys ready, don't leave your valuables unattended, etc.

Whether you have given up fighting the crowds and long lines in the brick and mortar stores or are just looking for online shopping bargains, safety precautions are also required when shopping online, whether it be Cyber Monday or any other day of the year.

Protect Your PC:

Before you start shopping, take care of basic security.  This includes having a software firewall and up-to-date antivirus and anti-malware software.
  • If your antivirus software license expired, either renew the license or uninstall it and download and install Microsoft Security Essentials.  (If the replaced antivirus was a "security suite", be sure to activate the Windows Firewall when uninstalling.)
  • Now run a full system scan with your updated antivirus software.
  • Next, scan with an anti-malware software.  If you do not have an anti-malware software, my favorite is Malwarebytes' Anti-Malware.  Another popular program is SUPER AntiSpyware.
  • Check for and install Security Updates.

Protect Your Credit:

Your computer is ready and so are you.  But, safety precautions do not end with your computer.  Now the onus is on you to protect your credit.
  • Shop at reputable websites.  If the offer sounds too good to be true, it is probably a scam. Customer evaluations are available at sites like Epinions.com or BizRate to help you determine the legitimacy of a company.
  • ONLY do your online shopping from home and never from an insecure public WiFi spot or public area like the local Starbucks.
  • To complete your purchases, checking out will require creating an account.  It is not advisable to store your credit card and other personal information on the website.
  • At checkout, the site web address should be https: and there should be a closed padlock there or in the lower right corner of your browser.  If not, forget about it.  You will be giving away your credit card information!
  • It is best to use a "true" credit card, rather than a debit card as it is better fraud protection.
  • At the completion of your order, print or make a screen copy, including the confirmation number, as a receipt for your purchase.
Tips:

Finally, a couple of money-saving tips that may result in additional savings when you shop online.
  • Be wary of most of the "coupon sites".  However, there is at least one that I am aware of that appears to have a good reputation and is "McAfee Secure":
"Hundreds of well-known online stores like Barnes and Noble, Staples, and Overstock.com have a place within their shopping cart for a "coupon code" that gives a percent or dollar amount off your purchase. If you don't know the code, you can't take advantage of the discount. You can find these secret discount codes and coupon codes listed on many sites across the internet but the problem with these sites is that they're usually personal homepages and they don't maintain their lists! Currentcodes.com has a full-time staff of trained individuals whose only job is to find new coupon codes and discount codes and verify the accuracy of the existing database. We don't flood you with ads and we don't throw deals in your face. No hype, just current codes."
  • Check CyberMonday.com which includes special offers, including free shipping, at hundreds of online merchants.  On the actual Cyber Monday, the site will provide hourly specials and exclusives from popular online retailers.  A portion of the proceeds from CyberMonday.com supports the Ray Greenly Scholarship Fund.


Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Family Safety, Information, Online Safety,



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, November 24, 2010

Happy Thanksgiving (and Happy Birthday!)


Wishing everyone a very 
Happy Thanksgiving! 


Whether your family is large or small, traveling from near or far, I hope you enjoy the celebration, company, traditional family favorite foods, football and, most importantly, take time to count your blessings.

This year, Thanksgiving falls on the birthday of two very special friends -- Dia and Aaron.  To both Dia and Aaron, special Happy Birthday Wishes and {{{HUGS}}}.









Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, November 16, 2010

How the TLD4 rootkit gets around driver signing policy on a 64-bit machine

"Microsoft’s Windows operating system, running on a 64-bit machine provides enhanced security with driver signing of system and low level drivers. This policy, called the kernel mode code signing policy, disallows any unauthorized or malicious driver to be loaded. [1.]

 The TDL4 rootkit bypasses driver signing policy on 64-bit machines by changing the boot options of Microsoft boot programs that will allow an unsigned driver to load."

See how its done at the SunbeltBlog: How the TLD4 rootkit gets around driver signing policy on a 64-bit machine.

Additional story at The Register: World's most advanced rootkit penetrates 64-bit Windows.


Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information,


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Accelerated Adobe Reader/Acrobat Security Update


Adobe released an out-of-cycle security update to address the critical security issues in Adobe Reader and Adobe Acrobat.  In addition to addressing CVE-2010-3654 noted in Security Advisory APSA10-05 and CVE-2010-4091 referenced in the Adobe PSIRT blog ("Potential issue in Adobe Reader"), these updates also incorporate the Adobe Flash Player update as noted in Security Bulletin APSB10-26.

Release date: November 16, 2010
Vulnerability identifier: APSB10-28
CVE numbers: CVE-2010-3654, CVE-2010-4091
Platform: All Platforms

Edit Note:  I have been advised by my friend Randy that the Adobe Reader update re-introduces "Reader_SL.exe".  It is located in \%Program Files%\Adobe\Reader\ and is not required.  See the SystemLookUp description.


Acrobat and Reader users can update to the latest version, v. 9.4.1 using the built-in updater, by clicking “Help” and then “Check for Updates.” The Adobe Reader update for Windows is available from here. As usual, the caution to UNCHECK the box shown below. Neither the scan nor any offered toolbar are needed for the update! 






The next quarterly security update for Adobe Reader and Acrobat is scheduled for February 8, 2011.


References:

Clubhouse Tags: Clubhouse, Windows, Security, Updates, Vulnerabilities, Information,



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Saturday, November 13, 2010

Security alert: Active Links in Messenger 2009 Temporarily Turned Off to Prevent Malicious Worm



There is a particularly malicious worm (a self-replicating computer virus) currently trying to spread itself through many of the world's largest instant messaging and social networks.  The worm spreads by inserting a link into an IM conversation with a person whose computer is already infected. When the link is clicked, it opens in a browser and downloads the worm.  Then the process is repeated.

Because Windows Live Messenger 2009 is affected, Microsoft has temporarily turned off active hyperlinks for web addresses sent in IM conversations using Windows Live Messenger 2009. Messenger 2011 is not impacted.

If you think your computer may have already been infected by a malicious worm, download the malicious software removal tool from the Security TechCenter on Microsoft TechNet.

Additional details are available in Security alert: Active links in Messenger 2009 temporarily turned off to prevent a malicious worm.




 


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Friday, November 12, 2010

Advance Notice: Adobe Reader/Acrobat Out of Cycle Update Scheduled



Adobe has announced an out of cycle security update for Adobe Reader and Acrobat.  The update is scheduled for Tuesday, November 16, 2010. As described in the PSIRT Blog:

"The updates will address critical security issues in the products, including CVE-2010-3654 noted in Security Advisory APSA10-05, CVE-2010-4091 referenced in the Adobe PSIRT blog (“Potential issue in Adobe Reader“), and the Adobe Flash Player update as noted in Security Bulletin APSB10-26."
 Following this out of cycle update, Adobe is scheduled to release the next quarterly security updates for Adobe Reader and Acrobat on February 8, 2011.

 References:

Clubhouse Tags: Clubhouse, Security, Updates, Vulnerabilities, Information,



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, November 11, 2010

Lest We Forget

At the the 11th hour of the 11th day of the 11th month, set aside politics and petty grievances and take time to pay tribute to all who died for their country.  

As in previous years, I am republishing my friend Canuk's last tribute. The comment he posted provides one example of why he was a special person:
"I too "will remember your friends who never had a full life", while thanking you and your comrades who have served with pride, honesty and honour.

Despite anyone's thoughts of the current conflict in Iraq - opposition or agreement, we must always remember that these brave young men and women are fighting for a cause they also may or may not agree with. The huge difference between them and us is that they are putting their lives on the line 24/7 while we sit in our homes in comfort, using the freedom of speech previous warriors won for us, and for that they deserve our love, respect, and support."
LEST WE FORGET





We Shall Keep the Faith by Moira Michael, November 1918

Oh! you who sleep in Flanders Fields, Sleep sweet - to rise anew! We caught the torch you threw And holding high, we keep the Faith With All who died. We cherish, too, the poppy red That grows on fields where valor led; It seems to signal to the skies That blood of heroes never dies, But lends a lustre to the red Of the flower that blooms above the dead In Flanders Fields. And now the Torch and Poppy Red We wear in honor of our dead. Fear not that ye have died for naught; We'll teach the lesson that ye wrought In Flanders Fields.
Flags courtesy of3DFlags.com



Clubhouse Tags: Clubhouse, Story






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Tuesday, November 09, 2010

Hotmail Now Includes Full-Session HTTPS Encryption

Hotmail now includes the option to enhance the security of your entire Hotmail session with HTTPS data encryption (via secure socket layers, or SSL).  Until now, only the Hotmail sign-in was fully encrypted.

If you regularly use public computers or insecure wireless connections, HTTPS will help keep your account secure from hackers.

In addition, SkyDrive, Photos, Docs, and Devices pages now all automatically use SSL encryption.  As a result all of your data is transferred over HTTPS.

Important Note:

If you HTTPS for Hotmail, the connections below will not be available:
  • Outlook Hotmail Connector
  • Windows Live Mail
  • The Windows Live application for Windows Mobile (version 6.5 and earlier) and Symbian

To enable HTTPS for your Hotmail inbox, calendar, and contacts, go to https://account.live.com/ManageSSL.

Tip:  If you only need a temporary HTTPS connection, enter "https" in front of the web address instead of "http".


Additional Topics on Managing Hotmail


Reference:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Security Bulletin Release for November, 2010


Microsoft released three (3) bulletins addressing 11 vulnerabilities in Microsoft Office and Unified Access Gateway (UAG). One of the bulletins is rated Critical with the other two as Important. 

Following is the description from the MSRC Blog:
  • MS10-087 This bulletin resolves five issues affecting all currently supported Microsoft Office products. The bulletin is rated Critical for Office 2007 and Office 2010 due to a preview pane vector in Outlook that could trigger the vulnerability when a customer views a specially crafted malicious RTF (Rich Text Format) file. The update also addresses an Office vector for the vulnerability described in Security Advisory 2269637, which has been referred to as "DLL Preloading" and "Binary planting." MS10-087 is Microsoft's top priority bulletin for deployment in November and has an Exploitability Index rating of 1.
  • MS10-088 This bulletin resolves two cooperatively disclosed vulnerabilities in Microsoft PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. The overall severity rating is Important due to the user interaction required to open the malicious file and we give the bulletin a rating of 2 in our deployment priority assessment.
  • MS10-089 This bulletin resolves four cooperatively disclosed vulnerabilities in Unified Access Gateway (UAG), which is a component of Microsoft Forefront. The most significant of these could allow elevation of privilege if a user clicks on a malicious link on a website. This update is offered through the Microsoft Download Center and is not available through Microsoft Update at this time. With an overall severity rating of Important and user interaction required to exploit, we also give this a deployment priority of 2.
Microsoft is not aware of any active attacks seeking to exploit the vulnerabilities addressed in this month's release.

For complete details, see the references listed below.


References:

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
v>

Saturday, November 06, 2010

WinPatrol 19.3 Issues and Solutions

Regular readers know that one of my all-time favorite programs is WinPatrol.  Scotty has been patrolling my computers for many, many years.  Scotty was very comfortable with 32-bit operating systems but has been snarling a bit with the increased migration to 64-bit systems.  As a result, providing updated support for 64-bit operating systems has spurred a couple of strange issues.  Until my friend and Scotty's "handler", Bill Pytlovany, gets to the bottom of the causes, they are easily overcome.

Phantom IE Helper

If, when starting WinPatrol, you receive a WinPatrol alert about a new IE Helper with no description, company name or other information, it is likely you have a faulty installation of WinPatrol.  Continue with the instructions below to solve this issue.





Check the version.

Start first by checking what version of WinPatrol is installed.  Launch WinPatrol and click the PLUS/Update tab.  It should show v 19.3.2010.0:19.3.2010.0:


If, like a number of WinPatrol users have discovered, you have WinPatrol 2010 v 19.1.2010.1:19.3.2010.0, you will likely discover that the upgrade to version 19.3 did not fully uninstall the earlier version.  As shown in Add/Remove Programs:


Uninstall Duplicate WinPatrol

As is my usual procedure, I right-clicked the WinPatrol icon in the System Tray and selected Exit Program and then proceeded to uninstall the 10/4/2010 version 19.0.2010.0.  Nonetheless, I received the following message:

After restart, although version 19.3.2010.0 still showed in Add/Remove Programs, it was not in the WinPatrol folder:




After repeating the uninstall process of the second WinPatrol, I reinstalled WinPatrol 19.3 and everything is working as expected now.

WinPatrol UAC Prompt at Restart

Although I have not received a WinPatrol UAC prompt at restart, others have.  The only time Windows Vista and Windows 7 should provide a UAC prompt for WinPatrol is when launching the GUI for WinPatrol Explorer (WinPatrolEx.exe).

If you are seeing the UAC prompt at start up, there are two copies of WinPatrol trying to start. Bill Pytlovany implemented a quick fix in the new versions of WinPatrol.
  •   Open up the main WinPatrol tabbed Interface.
  •   Click on the Options tab.
  •   You should see a check box that says, “Automatically run WinPatrol when computer starts”
  •   Just un-click the box in front of this message.
  •   Now click it again so the check box remains.
This action will remove the multiple copies of WinPatrol in the Start up List and initialize the correct start up setting.

As a bit of additional explanation provided by Bill:  
"WinPatrol is split into two components to provide the best possible performance.

WinPatrol.exe is the small component which monitors for changes on your system. This is the program which displays the little Scotty in the taskbar and remains running in the background at all times. This component doesn't require UAC access and should not bring up the UAC prompt.

When you double click on the little Scotty icon it launches our main tabbed interface or WinPatrol Explorer (WinPatrolEx.exe). The program provides the main interface and allows you to review all your various programs. This component will bring up the UAC prompt because it's the power house that is allowed to change your system configuration values. The tabbed interface is also launched if WinPatrol.exe is launched a 2nd time. When you click on "Close", this program is removed from memory so only the smallest required portion of WinPatrol is running."
WinPatrol Not Seeing Cookies

In earlier versions of WinPatrol, it was possible to manage cookies with the browser open.  Changes in the manner in which cookies are handled by Internet Explorer and Firefox now means that in order to manage cookies with WinPatrol, it is necessary to first close the browser.


Download WinPatrol 19.3.2010.0   (Free & PLUS)
WinPatrol Info 
(Window XP, Vista, Windows 7 including x64 support)
Release Date: November 4th, 2010  
Setup updated November 5th




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, November 04, 2010

Adobe Flash Player Critical Security Update


Although the Adobe Security Bulletin ha not been updated to indicate that the Flash Player update was released today, the update is available at the Download Center as well as the direct download links.
 
Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, the direct download links are as follows:
If you use the Adobe Flash Player Download Center, be careful to UNCHECK the box shown below. It is not needed for the Flash Player update. 


1 MB
McAfee Security Scan Plus
In addition, any toolbar offered with Adobe products can be unchecked if not wanted.


Verify Installation:
To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.

Do this for each browser installed on your computer.

You may also want to verify the version of Adobe AIR installed on your system in the Adobe AIR TechNote.


References:

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Security Bulletin Advance Notification for November, 2010


On Tuesday, November 9, 2010, Microsoft is planning to release three (3) bulletins addressing 11 vulnerabilities in Microsoft Office and Unified Access Gateway (UAG). As currently anticipated, one of the bulletins is rated Critical with the other two as Important. 

The bulletins affecting Microsoft Office include Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 3, Microsoft Office 2007 Service Pack 2, Microsoft Office 2010 (32-bit and 64-bit editions), and Microsoft Office for Mac 2011.  The bulletins for Microsoft Office 2007 and 2010 are Critical, the others all rated Important.

References:


Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information, Microsoft Office,




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Wednesday, November 03, 2010

Microsoft Security Advisory 2458511 Released


Microsoft released Security Advisory 2458511 which relates to a vulnerability in Internet Explorer that could allow remote code execution.  The vulnerability does not affect IE9 Beta but the other versions of IE are affected.

As indicated in the MSRC Blog, the impact of this vulnerability is extremely limited.  Microsoft is not aware of any affected customers. From the report it was indicated that the exploit code was discovered on a single website which is no longer hosting the malicious code.


It is important to note that all attack Microsoft has seen are all blocked by DEP which is enabled by default on IE8 and can also be enabled for earlier versions of IE. Additional mitigations are described in DEP, EMET protect against attacks on the latest Internet Explorer vulnerability  and the Security Advisory.

References:

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Advisory, Vulnerabilities, Information, Internet Explorer,



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Monday, November 01, 2010

The Office 2010 Beta Has Expired!


If you were using the Office 2010 Beta and discovered that it has suddenly stopped working, that is because the Beta officially expired yesterday, October 31, 2010.

It is necessary to uninstall the Beta software from your computer before you can use the released version of Office 2010. To do this, go to the Control Panel in Windows 7 (or Windows Vista) and click "Uninstall a Program". 

In the event you have not completed evaluating Office 2010, a fully functional 60-day trial version is available at Office.com. You can also purchase your licensed copy of Office 2010 from the same page or purchase the boxed version.

For anyone not familiar with the changes and new features in Office 2010, the "What's New" articles below will provide a helpful overview:
What's new in Access 2010
What's new in Excel 2010
What's new in Outlook 2010
What's new in OneNote 2010
What's new in Publisher 2010
What's new in Word 2010
Office 2010 migration guides
References:





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...