For awhile now malware has been getting installed on client workstations due to java running in the Web browser. When java being out of date is fingered as the problem, the question is always the same, what is java and do I need it?
" What is Java technology and why do I need it?
Java is a programming language and computing platform first released by Sun Microsystems in 1995. It is the underlying technology that powers state-of-the-art programs including utilities, games, and business applications. Java runs on more than 850 million personal computers worldwide, and on billions of devices worldwide, including mobile and TV devices.
Why do I need Java?
There are lots of applications and websites that won't work unless you have Java installed, and more are created every day. Java is fast, secure, and reliable. From laptops to datacenters, game consoles to scientific supercomputers, cell phones to the Internet, Java is everywhere!
Is Java free to download?
Yes, Java is free to download. Get the latest version at http://java.com.If you are building an embedded or consumer device and would like to include Java, please contact Oracle for more information on including Java in your device.
Why should I upgrade to the latest Java version?
The latest Java version contains important enhancements to improve performance, stability and security of the Java applications that run on your machine. Installing this free update will ensure that your Java applications continue to run safely and efficiently."
*Taken from: http://www.java.com/en/download/faq/whatis_java.xml?printFriendly=true
Clear as mud right? The gist is, it's a technology that enables programs to run, generally in an OS (Operating System) independent fashion. So that covers what Java is, so how about why you need it? If you play Minecraft, you need Java, but just not in the browser, as the game was made relying on Java. The problem is, that by installing Java onto your computer, it ties itself with your Web browser(s). To be secure and to play Minecraft, you need to unbundle it from your web browser(s) you use.
You should be off of version 6 of Java by now, Oracle has it as end of life. Ensure you are on 7 Update 40 as of 9-23-2013 and under the Control Panel in Windows ->Java -> Security tab and then uncheck the box for "Enable Java content in the browser" -> OK -> OK.
Wednesday, October 2, 2013
Thursday, January 31, 2013
2013 Anti-Virus
AV is like a immunization shot, after you get one you wouldn't hopefully think that rolling in medical waste is a good idea.
I heard something to that effect in one of the many podcasts I listen too, and I have to agree. During the course of a normal week, I see Windows PCs infected with all manner of crap. Windows PCs that are "protected" by several different vendors AV products. McAfee, Norton, Trend Micro, AVG, Avast, Avira, Kaspersky, Microsoft, and yes, even my much preferred, ESET.
The most common thing I hear from clients, besides their favorite, "How did I get infected?" is "But I have Anti-Virus and a Firewall, so I can't be infected!". This makes me believe that the amount of garbage that the bad actors are putting out more than outpaces what the good guys can do to keep up. At most, current AV is 60% effective across the board, unless we talking a targeted attack, then I'm sure AV covers next to nothing.
In the end, only your own wetware can save you!
Friday, August 3, 2012
MI and the elections
A take on the IT side for the August 7th primary...
The state of Michigan appears to actually place value on voter information, as for it too be used in Electronic Polling Books or EPB, requirea the data to be encrypted with a password of letters and numbers, both cases, and at least 8 characters long. This data is then to be stored on an encrypted portion of a USB flash drive.
Except of course, they apparently don't mandate that those passwords not be written down on a post-it and adhered to the palm rest of the laptop(s) used.
My only gripe is that there is no whole drive encryption on the laptop used for EPB. That, and the State's tech support is terrible. I've worked out of contract with a local gov't entity from 9pm to past 130am to ensure everything is all setup. The instructions, are based on USB drive encryption by Verbatim, VSafe, which doesn't appear to be transferable to new drives, which use EZ-Lock. It would be better to not use a vendor solution, but switch to something open source, ala Truecrypt. That way, it could also be used to secure the laptop all this info is entered into as well as the USB drives.
Sure it would be too much work for the State though to get that done and adjust their documentation on it.
The state of Michigan appears to actually place value on voter information, as for it too be used in Electronic Polling Books or EPB, requirea the data to be encrypted with a password of letters and numbers, both cases, and at least 8 characters long. This data is then to be stored on an encrypted portion of a USB flash drive.
Except of course, they apparently don't mandate that those passwords not be written down on a post-it and adhered to the palm rest of the laptop(s) used.
My only gripe is that there is no whole drive encryption on the laptop used for EPB. That, and the State's tech support is terrible. I've worked out of contract with a local gov't entity from 9pm to past 130am to ensure everything is all setup. The instructions, are based on USB drive encryption by Verbatim, VSafe, which doesn't appear to be transferable to new drives, which use EZ-Lock. It would be better to not use a vendor solution, but switch to something open source, ala Truecrypt. That way, it could also be used to secure the laptop all this info is entered into as well as the USB drives.
Sure it would be too much work for the State though to get that done and adjust their documentation on it.
Sunday, July 15, 2012
FBI
The FBI has been busy, turning off the Internet for unfortunate souls infected with the DNS Changer malware. Or at least, that's what the main stream media was reporting would happen after the pulled the plug on the DNS server they took over after busting up the Estonia gang responsible for it on Monday.
Of course, of the 2 clients that were sure they had the DNS Changer malware, no one else called or stopped in to chat about it, unlike when Conficker was in the news. Both clients had different infections and no screwball DNS enteries, but they were sure they had it... after they seen the news story.
Then the FBI singled out another client of mine, locking up his computer and displaying their logo telling him he's been caught doing bad things on the internet. In order to restore his computer access he should go get a cash card and enter the info in to pay his $100 USD fine. On top of that, they activated his webcam and streamed some video of him off someplace, probably to the NSA. A few malware scans, some updating, and he was back in business and FBI free.
*The first part, the FBI killed the DNS server for those still infected and that should NOT affect anyone not infected. Although no one should really still be infected anymore, almost if not all, AV has definitions for this... but since when has that stopped anyone/anything?*
*Yes, I am fully aware the last part did NOT actually involve the Federal Bureau of Investigations and that it was in fact an attempt to scare and scam money out of the client.*
Of course, of the 2 clients that were sure they had the DNS Changer malware, no one else called or stopped in to chat about it, unlike when Conficker was in the news. Both clients had different infections and no screwball DNS enteries, but they were sure they had it... after they seen the news story.
Then the FBI singled out another client of mine, locking up his computer and displaying their logo telling him he's been caught doing bad things on the internet. In order to restore his computer access he should go get a cash card and enter the info in to pay his $100 USD fine. On top of that, they activated his webcam and streamed some video of him off someplace, probably to the NSA. A few malware scans, some updating, and he was back in business and FBI free.
*The first part, the FBI killed the DNS server for those still infected and that should NOT affect anyone not infected. Although no one should really still be infected anymore, almost if not all, AV has definitions for this... but since when has that stopped anyone/anything?*
*Yes, I am fully aware the last part did NOT actually involve the Federal Bureau of Investigations and that it was in fact an attempt to scare and scam money out of the client.*
Tuesday, May 31, 2011
Windows * Recovery
We've been seeing an influx of Windows based PCs with the Windows Recovery Rogue Utility Apps. Windows XP systems get Windows XP Recovery, Windows Vista systems get Windows Vista Recovery, & Windows 7 systems get the Windows 7 Recovery malware.
After infection, it hides all the contents (files & folders) of the C drive, no idea on if it also checks for D, E, etc, etc, drives. A Kaspersky or NOD32 bootable AV CD will usually kill off the main infection.
The usual way to combat this is to boot into Windows Safe Mode Command Prompt. Get to the command line, and enter the command:
attrib -h c:\*.* /s /d
Then use your trusty copy of AutoRuns to disable any autostarting items. Boot back into Windows and use what ever AV or AntiMalware (AM)(Superantispyware and/or MalwareBytes) to remove the remainder.
After infection, it hides all the contents (files & folders) of the C drive, no idea on if it also checks for D, E, etc, etc, drives. A Kaspersky or NOD32 bootable AV CD will usually kill off the main infection.
The usual way to combat this is to boot into Windows Safe Mode Command Prompt. Get to the command line, and enter the command:
attrib -h c:\*.* /s /d
Then use your trusty copy of AutoRuns to disable any autostarting items. Boot back into Windows and use what ever AV or AntiMalware (AM)(Superantispyware and/or MalwareBytes) to remove the remainder.
Wednesday, April 1, 2009
Conficker
After several phones calls and in person chats, nothing happens. The media whips all these people into a fury and frenzy over this 'April 1st Virus' and nothing happens. Well, a few things happened, but nothing like the massive digital destruction foretold by the media.
The worm, dubbed Conficker (a German melding of "configure" and an obscene phrase), has security experts looking confused and useless. It's really a series of worms, all variants of the same code base, which have been released over time. Estimates place the number of PCs and servers compromised so far at about 10 million machines in over 150 different countries (with 3 million in China alone). The worm is scheduled to do ... something ... on April 1, hence forth as the media branding and general naming of the 'April 1st Virus'.
A church decided the risk was too great, so they kept all of their computers turned off. Sure, if they were infected or vulnerable, that would have saved them. After all, it is hard to damage a computer if it's powered down. They forget though, the threat just doesn't show up for one day and one day only. As soon as they power up, they'd be owned, but of course, since the media made a big deal about April 1st and ONLY April 1st, thats the only day to be worried. There is always a threat, always waiting, always probing...
The only other causality, was an older woman, who's husband was in such a panic over the worm, again, thanks to the media coverage. The husband was demanding that since the woman knew more about computers she NEEDED to get on-line and get extra protection on their just recently rebuilt Windows XP PC. Her reaction was just like the church's, keep the computer turned off. So she calls and we tell her, nothing is happening, no fire and brimstone, no digital death, and no Zero Hour. So she gets on-line, starts searching, and manages to download a copy of Spyware Doctor. The installation ends up hosing her PC and spitting out a BSOD, STOP 0x35.
So now she needs to bring the PC into the shop, again, so we can remove the Spyware Doctor and rollback the changes. Mind you, we'd just recently rebuilt her PC. So she was current with both her Windows and Office patches and on top of that, was protected with AVG Free 8.5! The PC would have also had the latest drivers, Java runtime environment, Adobe PDF Reader, Flash player, and Shockwave player! Had the husband just cooled it or the wife stood her ground, the situation would have been averted.
Why of all things, does it take so long to resolve the major infection avenue, the Windows Server service vulnerability discovered (and patched) in October 2008? According to security experts, up to 30 percent of all Windows machines worldwide are still not protected against this vulnerability. (It was around 50 percent at the end of 2008.)
I've informed both that the media should be sued for making such a big deal about nothing to help cover the costs with everyone over reacting and damaging the computers.
The worm, dubbed Conficker (a German melding of "configure" and an obscene phrase), has security experts looking confused and useless. It's really a series of worms, all variants of the same code base, which have been released over time. Estimates place the number of PCs and servers compromised so far at about 10 million machines in over 150 different countries (with 3 million in China alone). The worm is scheduled to do ... something ... on April 1, hence forth as the media branding and general naming of the 'April 1st Virus'.
A church decided the risk was too great, so they kept all of their computers turned off. Sure, if they were infected or vulnerable, that would have saved them. After all, it is hard to damage a computer if it's powered down. They forget though, the threat just doesn't show up for one day and one day only. As soon as they power up, they'd be owned, but of course, since the media made a big deal about April 1st and ONLY April 1st, thats the only day to be worried. There is always a threat, always waiting, always probing...
The only other causality, was an older woman, who's husband was in such a panic over the worm, again, thanks to the media coverage. The husband was demanding that since the woman knew more about computers she NEEDED to get on-line and get extra protection on their just recently rebuilt Windows XP PC. Her reaction was just like the church's, keep the computer turned off. So she calls and we tell her, nothing is happening, no fire and brimstone, no digital death, and no Zero Hour. So she gets on-line, starts searching, and manages to download a copy of Spyware Doctor. The installation ends up hosing her PC and spitting out a BSOD, STOP 0x35.
So now she needs to bring the PC into the shop, again, so we can remove the Spyware Doctor and rollback the changes. Mind you, we'd just recently rebuilt her PC. So she was current with both her Windows and Office patches and on top of that, was protected with AVG Free 8.5! The PC would have also had the latest drivers, Java runtime environment, Adobe PDF Reader, Flash player, and Shockwave player! Had the husband just cooled it or the wife stood her ground, the situation would have been averted.
Why of all things, does it take so long to resolve the major infection avenue, the Windows Server service vulnerability discovered (and patched) in October 2008? According to security experts, up to 30 percent of all Windows machines worldwide are still not protected against this vulnerability. (It was around 50 percent at the end of 2008.)
I've informed both that the media should be sued for making such a big deal about nothing to help cover the costs with everyone over reacting and damaging the computers.
Monday, March 9, 2009
Trust
In my 9-5 job, we get a call about someone with a virus looking to have it removed. He didn’t wish to pay for the hourly onsite service to try and remove the malware. When told it would take roughly 2 business days, he decided he didn’t like that option either. It wasn’t the fact that he would take about 2 business days to perform the service, it was that he wasn’t sure if he could trust us. We handle a Township, several doctor's offices, and a couple of law firms... I think we got this.
But it does make me wonder, how often we put trust in our fellow human beings.
But it does make me wonder, how often we put trust in our fellow human beings.
Subscribe to:
Posts (Atom)