Newsletter Archives

• Install Windows 7 updates

  Posted on March 9, 2009 at 04:58 CDT by woody • Comment in the Forums

  Reader CK wrote with an interesting question:

  I always check your website when I need to update my computer, but I recently installed Windows 7 and I’m not sure which updates to install. Should I always install all of them, because it is a beta and there might be problems? Or should I just wait and see? I’m not even sure if the updates you post are the same as the ones for Windows 7, so I really don’t know what I should do.

  Yes, absolutely, install all Windows 7 updates as they come down the pike. At the beginning of the beta there was one “critical” update (critical to me anyway) that prevented Windows Media Player 12 from lopping off part of your music files. Since then, Microsoft has issued a handful of test patches, just to make sure the wheels are greased.

  You can do Microsoft a favor – and yourself a favor – if you treat Windows 7 just like any other version of Windows, and have Auto Update “Check for updates but let me choose whether to download and install them.”

  We’re waaaaay beyond the point of having any influence on the behavior of Windows 7, but if there’s a show-stopper bug in “Check for updates,” the more people who have that setting enabled, the more likely it is that the Windows 7 dev team will notice.

  Windows Patches/Security Automatic Update, Windows 7

• MS-DEFCON 2: Lock ’em down

  Posted on March 7, 2009 at 16:34 CST by woody • Comment in the Forums

  Microsoft plans to release three Security Bulletins on Tuesday. Microsoft only rates one of them as “Critical.” They’re all for Windows.

  That means we won’t see a fix for the Excel 0day that’s currently making the rounds.

  Check all of your computers and make sure they’re set to “Notify but don’t download” (or at least “don’t install”).

  Windows Patches/Security March 2009 Black Tuesday

• Apply most patches – but avoid two

  Posted on March 5, 2009 at 22:20 CST by woody • Comment in the Forums

  To recap my recent recommendations…

  I recommend that you install all currently available Windows and Office security patches, except these two:

  The KB 960715 killbit patch, which seems to zap some programs, and
  The Autorun patch, KB article 953252 for Vista and KB article 967715 for WinXP, 2000, and Server 2003.

  Other than that, patch away.

  Windows Patches/Security February 2009 Black Tuesday, KB 953252, KB 960715, KB 967715

• Microsoft finally makes it possible to disable Autorun

  Posted on March 5, 2009 at 20:55 CST by woody • Comment in the Forums

  The latest Windows Secrets Newsletter just hit the stands, and Susan Bradley’s lead article, AutoRun patch a long time coming for XP users, finally nails the topic of turning off AutoRun.

  Managing AutoRun has become a #1 hot topic precisely because the Conficker worm can use AutoRun to propagate via USB drives.

  So Microsoft posts a $250,000 bounty for information leading to the arrest of the cretins who created Conficker. Two weeks later – after waiting 18 months – MS patches one of Conficker’s simplest infection vectors.

  Something does not compute.

  Microsoft has a patch out now that lets everybody running Windows XP or later truly disable AutoRun. It’s KB article 953252 for Vista and KB article 967715 for WinXP, 2000, and Server 2003. I’ve heard that there are some minor problems with the patch being offered multiple times on the same machine, but there don’t appear to be any significant hassles.

  I like Susan’s advice:

  For home users, I’m not yet ready to pull the fire alarm and tell everyone to disable AutoRun. But I do urge you to be very leery of plugging USB flash drives into your system if you’re unsure whether they’ve been used on other computers. Large organizations, however, should consider disabling AutoRun on their networked PCs, considering how hard it’s been to stomp out the Conficker worm and others.

  Follow Susan’s detailed explanation if you really want to make it impossible for renegade USB drives (or CDs or SD cards or…) to infect your computer as soon as they’re inserted.
  

  Good article. Check it out.

  Windows Patches/Security autorun, Conficker

• Windows Secrets Security Baseline

  Posted on February 26, 2009 at 13:21 CST by woody • Comment in the Forums

  This week’s edition of Windows Secrets Newsletter just hit the stands, and Ryan Russel’s Top Story discusses changes in the WSN Security Baseline. (Windows Secrets Newsletter appears in both a free version and a paid version – and you get to decide how much you want to pay for the paid version. The Top Story always appears in the free version and the paid version.)

  In summary:

  1. Use a hardware firewall. WSN has some good recommendations. In fact, any router you buy these days has a fully functional hardware firewall.

  2. Install a security suite. WSN recommends Norton Internet Security. I’m too cheap. I still use AVG Free, or Avira Antivir Free.

  3. Check for updates regularly. Watch this site for the latest, particularly on Microsoft patches. Make sure you download, install, update and religiously run Secunia PSI.

  4. Select a more-secure browser. WSN and I strongly recommend Firefox.

  The PC you save may be your own.

  Windows Patches/Security AVG Free, Avira, Firefox, Secunia PSI, Security Baseline, Windows Secrets Newsletter

• MS-DEFCON 3: Apply all outstanding patches except the 960715 killbit patch

  Posted on February 25, 2009 at 13:41 CST by woody • Comment in the Forums

  The February Security Bulletin patches seem to be holding up pretty well. I haven’t heard any loud screams of pain. There are also exploits starting to circulate in the wild that take advantage of the patches security holes.

  So I recommend that you install all outstanding Windows and Office patches, except for the KB 960715 Killbit patch. (What’s a killbit? Yuhong Bao has a great synopsis posted in response to my earlier blog.)

  I’m tremulously upgrading us to MS-DEFCON 3, with the warning that you should avoid KB 960715: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

  Windows Patches/Security February 2009 Black Tuesday, KB 960715, killbit, MS-DEFCON 3

• An Analysis of Conficker from SRI

  Posted on February 25, 2009 at 02:16 CST by woody • Comment in the Forums

  If you’ve been following the amazing feats of the Conficker worm, you should check out this new white paper from SRI International.

  In this paper, we crack open the Conficker A and B binaries, and analyze many aspects of their internal logic. Some important aspects of this logic include its mechanisms for computing a daily list of new domains, a function that in both Conficker variants, laid dormant during their early propagation stages until November 26 and January 1, respectively. Conficker drones use these daily computed domain names to seek out Internet rendezvous points that may be established by the malware authors whenever they wish to census their drones or upload new binary payloads to them.  This binary update service essentially replaces the classic command and control functions that allow botnets to operate as a collective. It also provides us with a unique means to measure the prevalence and impact of Conficker A and B.

  Windows Patches/Security Conficker

• MS-DEFCON 2: Problems with the patches – and an exploit

  Posted on February 18, 2009 at 08:49 CST by woody • Comment in the Forums

  Trend Micro notes that their researchers have found a very limited, targeted exploit for the Internet Explorer 7 hole patched last Tuesday by MS09-002.

  Details are sketchy, but this is what I’ve been able to figure out so far. The exploit arrives in the form of a Word document, attached to a piece of spam. The spam is highly targeted – which probably means Trend Micro has only seen it on mail addressed to one organization.

  The bad document is caught by Trend Micro and flagged as a virus. If you insist upon opening the doc, it includes ActiveX controls which are (surprise!) fed to Internet Explorer. If you have IE 7 installed on your computer, you’re vulnerable.

  I have no idea how the ActiveX controls kick in – if you have to click something, or if merely opening the doc is sufficient. I also have no idea what happens if Firefox is your default browser – Firefox doesn’t recognize ActiveX, of course. Lots of unanswered questions. But the bottom line is that Trend Micro has seen a bad .DOC file that takes advantage of the hole patched by MS09-002.

  Susan Bradley at Windows Secrets Newsletter has discovered that installing last Tuesday’s Killbit patch, KB 960715 can make some Visual Basic programs toast.

  I suggest that you continue to wait to install last Tuesday’s patches.

  Patience, grasshopper.

  Windows Patches/Security
• « Older Entries

  Newer Entries »