Friday, July 30, 2010

Microsoft Security Advisory 2286198


Microsoft Security Advisory (2286198)  is about to get a patch!

It's about time. We've all (at least those of us who pay attention to these things) been waiting for 2 weeks for this very important fix. MS says they will have it ready to roll on Monday.

For those not watching MS's every move, this bug allows a malicious user to create a special .lnk file (shortcut) on a USB drive, or hard drive, or shared drive on a network... etc. and when you just browse to the folder containing it, it exectues! No double-click, you just have to look at the folder it's in. Thanks to the folks at MS who fixed it so quickly. This was a scary bug.

Note, if you don't want to wait till Monday, you can fix it now. Just disable the "WebClient" service under Control Panel>Administrative Tools>Services
If you don't know what WebDAV is, you don't need that service running.


Oh, and one more thing:
Recognize and avoid fraudulent e-mail to Microsoft customers:
=============================================================
If you receive an e-mail message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious Web sites. Microsoft does
not distribute security updates via e-mail.

The Microsoft Security Response Center (MSRC) uses PGP to digitally
sign all security notifications. However, PGP is not required for
reading security notifications, reading security bulletins, or
installing security updates. You can obtain the MSRC public PGP key
at
https://www.microsoft.com/technet/security/bulletin/pgp.mspx.

To receive automatic notifications whenever
Microsoft Security Bulletins are issued, subscribe to Microsoft
Technical Security Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.

(quoted directly from a Microsoft Security Bulletin)

Monday, July 26, 2010

What To Do With Old Hard Disks?

In the past, I have mentioned in just about every forum where the issue has come up, that the most important thing to do when disposing of an old computer is to keep the hard drive.

Sure, if you are trying to sell the old PC it will sell better with the hard disk, but in that case you should first wipe the data off it with a secure wipe program (like DBAN) not just format it.  

Back to my suggestion that you keep it.... If you keep your old hard disk you will always have access to it as a point in time backup of what your old system had installed and what files you had at the time of your upgrade. This is handy if you forgot to copy something over to the new system, or you lose a file. Just stick that disk in your handy fire safe (you have one for valuable paper documents right?)

What do you do with it when you want to copy something from it? Get one of these handy dandy USB 2.0 to IDE/SATA adapters. (this link is just an example, search your favorite tech site or computer store and I'm sure you will find one similar to this). You plug one end into the hard disk and plug the included power supply into the hard disk (it should be pretty evident how that works, the connectors only fit one way.) and then plug the USB end of the cable into a USB port on your new PC. It will appear, after a moment, as a new removable drive. ...just like a USB memory stick.

You then can copy and paste files from it, or to it, and use it as your backup hard drive. Maybe make a folder called "OLD PC" and drag and drop all of the current contents into it, then create a folder with today's date "Backup-ddmmmyyyy" and copy your new files that you want backed up from your new computer's C: drive there.

Saturday, July 17, 2010

Can You Run It?

Here's the problem:  You have an older Windows PC (or maybe a brand new one with some limitations, like a netbook) and you want to know if it can run game X, but you don't want to search out the system requirements for game X and try to figure out if your system matches that.  "Minimum Nvidia GeForce 2 or equivalent? How does that compare to my built in Intel 500 ?" you might say.

Here is a solution: http://cyri.systemrequirementslab.com/CYRI/

Just go to that website, choose the game you are trying to find from the list (or search for it) then click the "Can You Run It?" button.

The first time you run this you will have to install an active X control (click the yellow bar that appears at the top of the browser.)

It will analyze your hardware and give you a report of whether the game will run, or what part needs to be upgraded to play.

Wednesday, July 07, 2010

Beware Of Photo Printing Kiosks, There Be Dragons

Morgan Storey, a security researcher in Australia, recently blogged about something that hadn't occurred to me before, but should have.... You know those photo printing kiosks in the mall, Walmart, Costco, etc. Have you ever noticed that they run Windows? Sometimes they are built on outdated hardware, so probably they are running old, unpatched, out of date Windows?

How many USB sticks and memory cards get plugged into them every day? More importantly, how many virus infected USB sticks and memory cards? ...and how many previously un-infected cards and sticks come home from them with brand new infections?

This is a serious issue. Protect your own systems by doing one or all of these things:

1. turn off Windows' ability to run autorun.inf files. Autorun.inf files are used to automatically start install programs when you insert a CD-ROM or USB stick with software you want. Windows Vista/7 will still pop up the auto PLAY pop up asking what you want to do with your newly inserted USB drive, but it won't execute the instructions in the Autorun.inf file on it.

Copy these lines into notepad and save as disableautorun.reg

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"


Then simply double click the disableautorun.reg file.


2. use only USB/SD devices with a read-only switch on them. Switch it to read-only mode before sticking it in the mall's computer.

3. Format the card (if you are using the camera's card) in your camera right after you get home. So far there are no cross-platform viruses that infect both computers and cameras. That doesn't mean there will never be, but for now that's a safe assumption that a virus you got from the kiosk won't infect your camera.

4. ask your favorite photo printing place if you can upload the photos to their website from home instead of bringing them in on a card/USB stick.