-
Bad actors’ malicious use of an AV program’s update mechanism to remotely execute hacker code is a potential danger for every security company.
“Antivirus is the ultimate back door,” the Times quoted Blake Darché of Area 1 Security as saying. “It provides consistent, reliable and remote access that can be used for any purpose, from launching a destructive attack to conducting espionage on thousands or even millions of users.”
Couldn’t any software with an update mechanism (operating systems, web browsers, etc) be used in a similar way? For me, it’s a potential danger for any software company, not only for security ones.
César
1 user thanked author for this post.
-
After reading this I decided to change my Brother HL-L-2350DW on all 4 of my computers to use an IP address.
DellXPS8920 main driver (Win 11 Pro) no problem. FYI the printer is set to 192.168.1.9 and my DHCP starts assigning addresses at 100 so there won’t be any changes.
DellXPS8700 canary (Win 11 Pro) it switched but every time I tried to print a test page it started throwing out blank pages and wouldn’t stop until I cancelled the job on the printer.
I’ve checked all the settings and they are exactly the same on both machines.
Now who’s evil? I’m not really sure as it was working fine with WSD.
Have you checked if your firewall might be blocking this IP address? Other than that, I’d try removing the driver and installing it again.
César
-
I once had an issue with Windows clock and I managed to repair it with the following command line as Admin:
w32tm /register
(Plus a reboot)
After that, none of the default time servers seemed to work. Was there too much traffic to the servers? Was I physically too far away from them? I don’t know. It could have been anything. So I decided to add new time servers to my system and I found this list:
http://support.ntp.org/bin/view/Servers/StratumTwoTimeServers
(Choose a server, click on the country code on the left column and then search for the “Hostname”)
I followed the steps from this page (in Spanish) to add the servers to the registry: https://lecciones.batiburrillo.net/anadir-mas-servidores-horarios/
After some trial and error, I found the ones that seemed to work best for my location, so now I can sync my Windows clock manually or automatically very quickly.
The last step I took was to save a .REG file with the new servers, so if I now need to configure a new machine or a new system, I just double click the .REG file and it overwrites the default time servers’ list with my new selection. As an example, this is how my .REG file (“[AddToRegistry]DateTimeServers.reg”) looks like in Notepad:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers]
@=”8″
“1”=”time.windows.com”
“2”=”time.nist.gov”
“3”=”time-nw.nist.gov”
“4”=”time-a.nist.gov”
“5”=”time-b.nist.gov”
“6”=”ntp1.musurit.net”
“7”=”ntp.copayan.uy”
“8”=”ntp.cure.edu.uy”
“9”=”ntp2.cure.edu.uy”
“10”=”ntp.oalm.gub.uy”
“11”=”a.ntp.br”
“12”=”b.ntp.br”
“13”=”c.ntp.br”
“14”=”ntp.cais.rnp.br”
“15”=”ntp.pads.ufrj.br”
“16”=”ntp.pop-pr.rnp.br”
“17”=”ntp.spbrasil.com.br”And, luckily, we don’t change the time zone in Winter/Summer here in my country.
César
-
Try to reload the page using CTRL + F5. Maybe there’s some corrupted cache that needs a refresh.
César
-
Does it not make sense to read something before reporting it too?
You have to read the post to Report it, yes, that’s correct. But the reason to put Report on a separate group of links (or buttons) is, in my opinion, to avoid clicking on it by mistake when you just want to Thank or Reply.
César
1 user thanked author for this post.
-
especially for those with sight problems
(Count me in…)
Thanks for the clarification. Anyway, as I said before, it’s just a matter of getting used to the new layout. Thanks for all the effort, hard work… and money invested at AskWoody.com.
César
1 user thanked author for this post.
-
For me, it makes more sense to have all these “actions” under the message because you can only reply, thank, quote or report a post after you’ve finished reading it. Anyway, it’s just a matter of getting used to the new layout.
As a suggestion, could it be possible to make the separation between posts more noticeable? A darker horizontal line, for instance, could make it easier to realize at a glance if an action applies to the previous or the following message.
César
-
Thank you, Woody. Take care of your health and family and enjoy your retirement. Hope to see you back here from time to time.
And welcome to your new position, Susan. Keep up the good work.
César
1 user thanked author for this post.
-
Hi Woody,
I received the newsletter and it’s looking fine, but many of the links are not working. I’m using Windows Live Mail 2012 (POP3) on Windows 7 Ultimate x64. Is it only me or is it a general issue?
Thanks and keep up the good work!
César
1 user thanked author for this post.
-
This is part of a message I sent to Woody. He asked me to post it here, so here it goes:
Hello Woody:
Even if for you it’s MS-DEFCON 3, for me it’s been MS-DEFCON 1 since last December.
Last month, I tried to install Windows 7 x64 cumulative update, and when I was asked to reboot, I just couldn’t. When trying to boot from Windows 7 partition, I was “greeted” with the following screen:
Admin. de arranque de Windows
No se pudo iniciar Windows. Es posible que un cambio de hardware o de software reciente sea la causa. Para corregir el problema:
1. Inserte el disco de instalación de Windows y reinicie el equipo.
2. Elija la configuración de idioma y después haga clic en “Siguiente”.
3. Haga clic en “Reparar el equipo”.Si no tiene este disco, póngase en contacto con el administrador del sistema o el fabricante del equipo para obtener ayuda.
Estado: 0xc0000225
Información: Error al seleccionar el arranque; no se puede tener acceso a un dispositivo requerido
An approximate translation would be:
Windows start-up/boot-up administrator
Windows couldn’t start-up/boot-up. It’s possible for a recent software or hardware change to be the cause. To correct this problem:
1. Insert the Windows installation disk and restart the device.
2. Choose the language configuration and click on “Next”.
3. Click on “Repair this device”.If you don’t have this disk, contact the system administrator or the device manufacturer to get help.
State: 0xc0000225
Information: Error when selecting boot-up; required device not accessible
Here I have to point out that I have a very particular partitioning structure on my hard drives (2 x 1TB units). The motherboard BIOS is set to “Legacy” (not “UEFI”) and I’ve manually created all the partitions (MBR, not GPT) using Acronis Disk Director boot CD. The first HDD unit is mainly for different operating systems and the second one, for documents and data (…). On the first drive I’ve set four primary (bootable) partitions according to this logic:
1. Windows XP boot loader + MS-DOS (FAT32, Active)
2. Extended partition containing several logical partitions for different flavors of Windows XP and the like (I used to have some Linux distros here, too, but I finally deleted them)
3. Windows 7 x64 Ultimate Spanish (NTFS)
4. Partition for experimenting with other systems (I ended up storing my emails here)When I first installed Windows 7, I set the third partition as “Active” (bootable) with Acronis to install the system there without interfering with Windows XP boot loader on the first partition (I instructed the installer to use just the third primary partition and to put everything in there: boot files, system files, user accounts, etc.), and after having everything set up and running, I added Windows 7 to Windows XP boot loader (if you want to know how, just ask) and changed back the Active partition to the first one.
When I received the error message after installing December’s cumulative update, I had to set the third partition as Active to boot Windows 7 directly and with Windows 7 installation DVD I used a restore point I had manually created beforehand to undo all the changes.
Given the bad experience, I decided to hide the problematic update and wait for January’s latest (and greatest?
) cumulative update to see if the problem was fixed (spoiler alert: it wasn’t). I was ready to leave my system unpatched forever if I was just skipping the last two months of updates before Windows 7 end of support (for home users, at least), but this month I tried a different approach to the repair option from the DVD, and it worked! So, the sequence I used, similar to December’s procedure (except for the Acronis part, as I didn’t mess with the partitioning scheme last month), was the following:
1. Download of SSU (KB4536952) and CU (KB4534310) for Windows 7 x64 from Microsoft’s catalog
2. Turn off the internet modem
3. Set the third primary partition as Active with Acronis boot CD
4. Create a manual restore point and wait until the HDD red led turned off
5. Install SSU KB4536952 and wait until the HDD red led turned off
6. Restart and wait until the HDD red led turned off
7. Another restart and wait until the HDD red led turned off (just to be sure everything was fine)
8. Create another manual restore point and wait until the HDD red led turned off
9. Install CU KB4534310 and wait until the HDD red led turned off
10. Restart and… Error 0xc0000225 when booting up!
11. Boot up with Windows 7 SP1 x64 installation DVD (pre-SP1 disks don’t work)
12. Choose: Repair
13. Choose: Repair boot-up/start-up (this is what I changed from last month’s System Restore with a restore point I had manually created beforehand)
14. Wait (and pray! ) until all the changes were made
15. Restart (from the hard drive)
16. Success!!! Windows 7 booted up normally and finished installing the cumulative update.
17. Several reboots later, everything was still up and running.
18. Turn on the internet modem
19. Install .Net Framework pending (checked) update from Windows Update and wait until the HDD red led turned off (last month it was unchecked, so I just skipped it)
20. Restart and wait until the HDD red led turned off
21. Set the first primary partition as Active with Acronis boot CD
22. Start Windows 7 from Windows XP boot loader
23. Success! Everything is up and running again and my Windows 7 is up to date with all the patches.Well, that’s been my experience with December and January patches. So… MS-DEFCON 3? Allow me to disagree.
Anyway, I don’t understand why these patches have to mess with boot files, boot configuration or both of them. Maybe it was a “feature”?
And, besides, the only way of checking what’s going on with Windows 7 boot system is to run some commands on a text console (BCDEDIT on cmd.exe) or use a third party software to have a graphical interface, but first you need to boot Windows 7 to fix Windows 7 boot, so you are in a “catch 22” situation. (I never tried Windows 7 DVD command line, for that matter; it was easier to try an automatic repair)(…)
If I’m missing something or there’s something you don’t understand, just write back and ask.
(…)
I’m particularly interested in seeing if someone else can reproduce this abnormal behavior or if it’s just me who’s having this problem. Thank you.
Cheers,
César
Summary of hardware:
Motherboard: Gigabyte GA-Z87X-UD5H
Processor: QuadCore Intel Core i7-4770 (Haswell-DT)
Memory: 16 GB (2 x 8GB), 2 x Kingston HyperX KHX1866C10D3/8G
HDD: 2 TB (2 x 1TB), 2 x WDC WD1002FAEX-00Y9A
Optical drive: SONY DVD RW AD-7280SAntivirus:
Avast! FreeAs a side note, I use @abbodi86’s script to neutralize telemetry on a regular basis.
I also run it this time after installing the cumulative update and before going on-line again.
https://www.askwoody.com/forums/topic/2000012-neutralize-telemetry-sustain-win-7-8-1-monthly-rollup-model/
https://pastebin.com/zeJFe08GSo, I’m curious to know if someone else can reproduce this problem or if I’m the only one who doesn’t allow Windows 7 to create/manage partitions automatically.
Thanks in advance for any feedback.César
1 user thanked author for this post.
-
“Or even a better question, in my opinion, could be this one: why do some (presumably) sane Internet security experts choose to divulge to the four corners of the Earth information that can help, in any way, cyber criminals, including operational demo malware, on potentially very serious security threats such as this one?”
Well, as someone famous once said, “Follow The Money”. 99.5% of the time in our society, there’s your reason.In this case it’s keeping people scared to death so they throw tons of money at AV and Anti-Malware vendors so they can sleep at night.
Don’t forget new operating systems and hardware. (“Windows 10, the most secure Windows ever”, anyone?)
César
-
Just two thoughts:
-The real “death sentence” for Windows 7 will be the day antivirus/antimalware and browser developers stop updating their products for this operating system, not when Microsoft stops patching it.
-Who’s going to beta-test any new patch for the Windows 7 paying customers after 2020? Home users will no longer be able to.
César
6 users thanked author for this post.
-
What does it mean “to be in owned database”? Why does it matter? Never heard or read that expression before.
https://en.wikipedia.org/wiki/Pwn
César
-
Next if you want to see if your passwords have been compromised, there’s a Chrome add in to check if you are in owned database (note that this add in also works in the Edge browser based on Chrome).
I don’t trust Google. Have you checked Troy Hunt’s https://haveibeenpwned.com/ ?
César
-
you can download the free bcuninstaller.com and kill it
Thanks for the suggestion. I’ll have it in mind next time I need an uninstaller. I’m currently using Revo Uninstaller for that matter, which also has a free portable version, and it works quite well for me. I just mention it here just in case someone else could find it handy, too.
Official site: https://www.revouninstaller.com/
Revo Uninstaller Free: https://www.revouninstaller.com/products/revo-uninstaller-free/
(You can also download the free portable version from this page, which I prefer.)César
Author
