Harry Waldron - IT Security

Kim Komando - Windows 7 and Security

Harry Waldron — Wed, 04 Nov 2009 13:00:00 GMT

I've been a fan of Kim's talk radio show for years. On Saturday, I can listen on my walkman while working outdoors and catch on some of the latest developments. Computers are complex and she shares developments and best practices in an easy-to-understand approach for the public. Below is a great write-up on how security is improved in Windows 7.

Kim Komando - Windows 7 and Security
http://www.komando.com/tips/index.aspx?id=7584

QUOTE: QUESTION -- I’ve read a lot about the new features in Windows 7. But, I haven’t heard much about Windows 7 and security. What new security features are in Windows 7? Is it safer than Vista? — Mike in Boston, listening on WBZ 1030 AM (Higlights noted below)

First, Microsoft has taken steps to protect the Windows 7 kernel. Windows 7 does not allow unauthorized access to the kernel.

They include a firewall and anti-spyware. You can also download Windows Security Essentials, a free antivirus program.

Windows 7’s firewall has been improved. As with the firewall in earlier versions of Windows, it isn’t perfect. But, advanced firewall options can be accessed through the Action Center. That makes it easier to control what programs are allowed to communicate through the firewall.

In Windows 7, UAC has been tweaked and is much more user-friendly. You can select the UAC settings you prefer. If a page tries to install software or change settings, you’ll see the alerts. Obviously, UAC isn’t a new feature. But, it has finally become useful for most users.

You probably saw Vista machines with fingerprint scanners. These relied on third-party software. With, Windows 7, biometric security is baked in. You can use it to allow access to the machine. The Biometric Devices applet is available in Control Panel. This lets you configure your fingerprint reader.

You may have noticed that the Security Center is missing from Windows 7. In its place, you get the Action Center. This is where the computer’s security is configured. You’ll can also specify your Windows Update preferences.

There are also a bevy of new security features in Internet Explorer 8. This is the browser included with Windows 7. First, there’s domain highlighting. This helps you see the relevant part of the URL. ActiveX security has also been improved. IE 8 also features the XSS Filter. This is designed to protect you from cross-site scripting attacks.

Anti-phishing tools have also been beefed up. The SmartScreen Filter has a new look and improved performance. It can also add anti-malware support. It will block you from downloading known malware.

Milestone dates ahead - Affecting future computers

Harry Waldron — Sun, 01 Nov 2009 18:13:00 GMT

SANS has highlighted future dates that may impact computing. New standards would most likely address these design issues:

Milestone dates ahead - Affecting future computers
http://blogs.sans.org/appsecstreetfighter/2009/10/29/the-day-the-world-will-end/

QUOTE: With a new movie coming out about how the world will end with the (supposed) end of the Mayan calender, I figured it would be nice to get a list of software related “end of calender” issues:

Dec. 31st 1999, 23:59:59 GMT -- The famous Y2k issue. We made it… (so far)

Dec. 21, 2012 -- end of Mayan calendar. Just listed here because everybody is talking about it. Should not affect software (other then the fact that the world will end that day).

Jan. 19th 2038, 03:14:07 GMT -- The end of the Unix epoch. Unix uses a 32 it signed number to express time. The last date that can be expressed using unix time is Jan 19th 2038. After that… who knows? This can already be a problem. Imagine you are a bank and handing out 30 year mortgages?

Dec. 31st 9999, 23:59:59 GMT -- The end of 4 digit years. Well, we got a while until that will happen.

Threats to avoid during Halloween

Harry Waldron — Sat, 31 Oct 2009 12:56:00 GMT

Trend labs shares key concerns to avoid while online:

This Halloween, Enjoy the Treats but Be Wary of Online Tricks
http://blog.trendmicro.com/this-halloween-enjoy-the-treats-but-be-wary-of-online-tricks/

QUOTE: We often associate Halloween with pumpkins and costumes but for cybercriminals it’s merely another avenue to exploit, steal, and trick users into giving away their personal identities. Treats are fun but we all need to be on the lookout for the sneaky and tricky ways cybercriminals slither into our computers.

Below are the TrendLabs, top 7 scariest threats that might be knocking on your door:

1. Tailor-made ZBOT spam makes its way to employees’ mailboxes
2. Vulnerabilities hit critical mass: Patch me if you can
3. FAKEAV: Surrender hard-earned money for fake security
4. Expand your circle of friends but beware of KOOBFACE malware
5. More sophisticated attacks = More victims
6. No system is immune from security attacks
7. Baited Search Engine attacks climb the charts

Dangerous Malware - 2009 Analysis by Trend Mirco

Harry Waldron — Sat, 31 Oct 2009 12:35:00 GMT

Numerous malicious websites, rogue AV products, botnets, and phishing attacks continue to circulate. Users should stay up-to-date on technical protection and use safe practices.

Dangerous Malware - 2009 Analysis by Trend Mirco
http://blog.trendmicro.com/trick-or-threat/

QUOTE: 2009 saw the emergence or resurfacing of three of the most notorious botnets in relation to information, financial, and identity theft—Koobface, ZeuS, and Ilomo. Trend Micro estimates that more than 100,000 users receive messages saying they have been infected by malware while visiting malicious sites and that there are more than 48,000 FAKEAV offerings per month.

WHY IT'S IMPORTANT TO STAY PATCHED UP -- Unpatched vulnerabilities can allow cybercriminals to exploit users’ systems. For instance, unpatched vulnerabilities in a system’s browser can allow cybercriminals to run arbitrary code if the user happens to browse through a malicious website, leaving him/her at the mercy of online predators.

Halloween Malicious Spam Circulating

Harry Waldron — Sat, 31 Oct 2009 01:22:00 GMT

When holidays or major news events occur, always be careful when presented with these topics in email

Halloween Malicious Spam Circulating
http://www.avertlabs.com/research/blog/index.php/2009/10/29/trick-or-treat-with-spam-and-malicious-screensavers/

QUOTE: some of the most common techniques scammers and cybercriminals use are news events and holidays. Balloon Boy and the Windows 7 Launch are good examples. My colleague Sam Masiello’s blog on President Barack Obama’s Nobel Prize is another excellent example. With Halloween approaching rapidly, the tricks are already knocking on your inbox and at your browser’s window.

2010 Census - Better Business Bureau Safety Tips

Harry Waldron — Thu, 29 Oct 2009 20:30:00 GMT

This warning was shared with me recently and shares some excellent tips on avoiding any related scams that may materialize. It is important to know your rights and what to expect in this process. During March 2010, questionaires will be mailed to every household in the USA. If these are completed and returned promptly, census takers will not need to visit your residence to collect this information.

2010 Census - Better Business Bureau Safety Tips
http://vawest.bbb.org/article/bbb-offers-advice-on-how-to-identify-legitimate-census-workers-12923

US Census Home Page
http://www.census.gov/

US Census - How it works and what to expect
http://2010.census.gov/2010census/how/index.php

QUOTE: Over the next 18 months, 1.4 million U.S. Census workers will be surveying the population of the country to gather demographic information about everyone living here. As the 2010 census process begins, the Better Business Bureau (BBB) advises citizens to cooperate carefully in order to avoid becoming a victim of census-related scams. Citizens are required by law to respond to the U.S. Census Bureau’s requests for information. Census data will be used in allocation of more than $300 billion in federal funds as well as in determining the number of Congressional representatives that each state is allowed.

The BBB offers the following advice to help distinguish between bona fide Census workers and con artists:

•U.S. Census workers will have identification, a handheld device and a confidentiality notice. Caution: never invite strangers into your home.
•U.S. Census workers will not ask for your Social Security number or any information about bank or credit card accounts.
•U.S. Census workers will not ask you for money or say that you owe money.
•U.S. Census workers will not harass or intimidate you.
•U.S. Census workers will not contact you by email – only by phone, by mail or in person.

Major arrests made for Nigerian 419 email scams

Harry Waldron — Fri, 23 Oct 2009 18:46:00 GMT

While over 99% of users ignored these scams, perhaps 1 in a thousand would believe the email letter and start participating. Often the victim would be robbed online of hundreds if not thousands of dollars. Major arrests have been made to shut down most of these operations, which should result in fewer emails.

Nigeria - Major arrests made for 419 scams
http://news.bbc.co.uk/2/hi/africa/8322316.stm
http://en.wikipedia.org/wiki/Nigerian_419_scammer

Nigeria's anti-corruption agency says it has shut down some 800 fraudster e-mailers and arrested those behind 18 high-profile "cyber crime syndicates". The Economic and Financial Crimes Commission said it has been working with the computer giant Microsoft to crack down on the scammers. The con tricks - known as "419 scams" after the penal code that outlaws them in Nigeria - are often run by well-organised gangs.

Windows 7 Security Features

Harry Waldron — Fri, 23 Oct 2009 18:20:00 GMT

This TechNet article offers a great overview of the key security improvements found in Windows 7

TECH NET - An Introduction to Security in Windows 7
http://technet.microsoft.com/en-us/magazine/2009.05.win7.aspx

Table of Contents
* Windows Biometric Framework
* Extending Authentication Protocols
* BitLocker Core Enhancements
* BitLocker To Go
* UAC Improvements
* AppLocker
* Global SACLs and Granular Auditing
* Wrapping Up

Windows 7 - offers improved security for corporate users

Harry Waldron — Fri, 23 Oct 2009 15:25:00 GMT

Like Vista, Windows 7 continues to improve on security controls. In a corporate setting, Windows 7 offers much improved security over Windows XP especially for mobile users with laptops (who may be outside the umbrella of corporate protective controls as they travel).

Windows 7 - offers improved security for corporate users
http://www.eweek.com/c/a/Security/Windows-7-Security-Story-May-Appeal-to-Enterprises-549002/

QUOTE: Microsoft Windows 7 has a number of new security features designed to appeal to enterprises. But will they do the trick? The Windows 7 security story has three main chapters that have received a fair amount of attention: DirectAccess, BitLocker To Go and AppLocker. With these, as well as features such as BranchCache and enhancements to UAC (user account control), officials at Microsoft have said they feel they are pushing out their most secure operating system yet.

Windows 7 is built upon the security foundations in Windows Vista and retains all of the core technologies, such as Firewall, Windows Defender and User Account Control," Paul Cooke, director of Windows Client Enterprise Security, told eWEEK. "In addition to enhancing those security features, we listened to customer feedback and [wove] it closely into the development process of Windows 7 to deliver innovative new security features.

Enterprises looking to upgrade or switch to Windows 7 can also count AppLocker as a key security feature. AppLocker allows administrators to use Group Policy to specify what applications, installation programs and scripts users can execute. With the Audit Only Enforcement Mode setting, administrators can determine what applications are used in an organization and test rules before deploying them, Cooke said.

Rounding all this out is BitLocker To Go, which encrypts removable storage devices such as USB drives. With BitLocker To Go, users can restrict access to the data with a pass code, as well as set a policy that requires users to apply BitLocker protection to removable drives before being able to write to them. The feature also provides configurable read-only support for removable devices on older versions of Windows so BitLocker-protected files can be shared.

Microsoft Security Essentials – Status after First Week

Harry Waldron — Fri, 23 Oct 2009 12:08:00 GMT

Microsoft's Malware Protection Center (MMPC) has provided an informative update related to the 1st week for MSE going live. As an original beta tester and current user on our family PC, MSE continues to offer good basic performance and has had a couple of good reviews on it's capability to detect malware using a signature based approach.

Microsoft Security Essentials – Week One
http://blogs.technet.com/mmpc/archive/2009/10/15/microsoft-security-essentials-week-one.aspx

QUOTE: Now that Microsoft Security Essentials is generally available to consumers in 19 countries, we've had a chance to go over the data, and there are some very interesting results. Just in the first week we saw well over 1.5 million downloads of Microsoft Security Essentials, but the price (free to Windows users) is hard to beat!

Computers reporting detections up to October 6: almost four million detections on 535,752 distinct machines. The detections are eight times the machine count because many computers are infected with multiple threats.

Microsoft Security Essentials is available in 8 languages and 19 markets at RTM, which covers a lot of the PC using world. The geographic distribution of detections so far still closely follows the Microsoft Security Essentials Beta countries, and is ramping up in other countries that use the 8 languages.

Numerous links can be found here:

http://msmvps.com/blogs/harrywaldron/archive/2009/09/30/microsoft-security-essentials-new-free-av-product-for-home-users.aspx

http://msmvps.com/blogs/harrywaldron/archive/2009/10/01/mse-rated-as-very-good-in-finding-malware-by-av-test-org.aspx

Windows 7 based spam with malicious links circulating

Harry Waldron — Wed, 21 Oct 2009 21:06:00 GMT

Please be careful with Windows 7 email messages you may receive. AVERT Labs has noted extensive spamming to deceive folks. Usually with email, if it appears too good to be true, it's too good to be true ...

Windows 7 Spam and Malicious links circulating
http://www.avertlabs.com/research/blog/index.php/2009/10/21/windows-7-beaten-to-the-punch-by-spam/

QUOTE: The release of Microsoft’s next major operating system, Windows 7, is at hand. It’s timely to remind everyone that we have seen Windows 7 spam for a few months. Anything on this scale from Microsoft is too big a lure for spammers and cybercriminals to ignore. (I would be stunned if they didn’t take advantage.) We’ve seen subjects that include:

Microsoft Windows 7 special offers
Windows 7 SP 2
Windows 7 FAQ on release
Today’s Special Gateway Laptop + NEW Windows 7 & More Electronics Deals
Windows7 ultimate 86% off
Windows7 ultimate 57% off

We at McAfee Labs have noticed these throughout both September and October–with spikes as high as 1.88 percent of total spam. That might sound like a small number, but when you consider that daily spam volumes can reach 160 billion messages, it is not insignificant.

TechFlash Survey - 50% of businesses implement Windows 7 in one year

Harry Waldron — Wed, 21 Oct 2009 00:06:00 GMT

I like the security and reliabilty found in Vista and I'm now looking forward to the release of Windows 7 on Thursday. It will offer further improvements and efficiencies, plus an XP compatibility mode where needed.

TechFlash Survey - 50% of businesses implement Windows 7 in one year
http://sunbeltblog.blogspot.com/2009/10/half-of-businesses-surveyed-will-go.html
http://www.techflash.com/seattle/2009/10/survey_50_of_businesses_to_deploy_windows_7_in_first_year.html

QUOTE: Nearly half of 1,200 companies surveyed by a veteran technology analyst plan to deploy Windows 7 in its first year of availability, and another 11 percent say they will make the shift as soon as Microsoft releases the first service pack update for the new operating system.

Microsoft Security Essentials - How to manually update

Harry Waldron — Tue, 20 Oct 2009 23:47:00 GMT

This link is handy for manually updating PCs with MSE installed, esp. if there is no Internet connectivity. After updating MSE signatures, it's beneficial to perform a QUICK or FULL SCAN with these latest definitions to ensure your system is malware free. It's a very easy process in downloading the applicable file, clicking on it, and it installs in about one minute.

http://support.microsoft.com/default.aspx/kb/971606

University email quota scam

Harry Waldron — Tue, 20 Oct 2009 23:44:00 GMT

College students should avoid this new phishing attack which is currently circulating in spam attacks

Internet Storm Center - University email quota scam
http://isc.sans.org/diary.html?storyid=7402

QUOTE: New week, new scams. One seems directed at universities, and is informing students that their email quota is exhausted and asks them to connect to a malicious web site to re-enable their account. The site includes an iframe and doesn't even TRY to look like the web site of an university. It still asks for your userid and password, though ...

IT Professionals - How to make yourself layoff-proof

Harry Waldron — Mon, 19 Oct 2009 14:21:00 GMT

This Network World article provides excellent advice for IT professionals during the difficult economic times we are experiencing. However, this is applicable to any job, as it's important to pursue continuing education, exhibit a positive attitude, and provide greater-than-expected contributions for your employer. Throughout my career, I've strived for these principles and they are even more valuable in today's difficult job market.

IT Professionals - How to make yourself layoff-proof
http://www.networkworld.com/news/2009/090409-layoff-proof.html

QUOTE: Despite talk of an economic recovery on the horizon, countless lost jobs won't be replaced and IT organizations are still weighing layoffs as a way to cut operations budgets.

1. Dig in - IT workers in precarious employment positions need to take on extra work, log more hours and essentially show their employers they want to be there, experts say.

2. Follow the money - IT workers should know what systems and projects ultimately will drive revenue for the business. And they should work to get assigned those projects.

3. Feed your brain - Resources may be scarce, but experts recommend IT pros find low-cost training or other self-study options to expand their technical knowledge in ways that would benefit the company – and ultimately themselves.

4. Become a business technology expert - It's not just something people say; IT staffers need to become business-savvy to advance their careers and essentially keep their jobs.

5. Think cheap - Headcount reductions are often an effort to cut costs, but IT pros who prove to managers they can find inexpensive technology and reduce costs in-house could save their jobs.

6. Stay away from the drama - Most companies have a bit of in-office drama, but it's best to stay far away from the water cooler gossip during tough economic times.

7. Sell yourself - While many in IT aren't accustomed to the spotlight, experts recommend high-tech workers learn how to sell their skills to the company.

8. Mentor others - Share your knowledge, career experts say. "IT people need to get out of the knowledge-hoarding mentality. They need to let people know what they know and share the knowledge and information willingly,"

9. Make yourself available - During the downturn, some groups in IT may not be as busy as others. IT pros in the groups that seem slow should be offering themselves up for projects in other departments.

10. Smile, be happy - Never underestimate the power of a positive attitude. Presenting a positive attitude, despite the challenges, will help managers – who are also taxed beyond their resources -- understand which employees are happy to be on the job.

Huge October Security Release - Automatic Microsoft Update can resolve manual update abends

Harry Waldron — Sun, 18 Oct 2009 13:15:00 GMT

While manual Microsoft Updates (MU) worked with on issues on my work PCs, issues were encountered with our more marginal XP family PC at home in trying to apply 14 items. After experiencing "x08" type abends, I then let MU run unattended in dial up mode and have almost completed the process. While automatic MU updates are a little slower they work well and the BITS transfer saves the prior position when you shutdown your system. On any abend, it's good to write down the exact message and search the Internet for solutions.

Microsoft PCI/DSS Compliance Planning Guide

Harry Waldron — Sun, 18 Oct 2009 13:13:00 GMT

Below are a list of requirements to download this new guide to assist in planning for these rigorous e-commerce standards:

1. Requires Windows Live ID authentication
2. Microsoft Registration (already recorded from past downloads)
3. The 195KB document is in Word 2007 format (downloaded File Formatter Compatibility pack for Office 2003 - automatically prompted for this when attempting to open document)

Microsoft PCI/DSS Compliance Planning Guide
http://www.microsoft.com/downloads/details.aspx?FamilyID=d8320df1-d0d0-469f-a6fc-b53987bd74c2&displaylang=en

Microsoft Security Updates - October 2009

Harry Waldron — Tue, 13 Oct 2009 21:36:00 GMT

This may be the largest Patch Tuesday release ever according to ZDNET article below.

NO ISSUES SO FAR -- On my work PC, I had 16 total patches for Windows and Office (38mb). I have many additional Office products like Project, Visio, Front Page, etc. It took a while to install (maybe 45 min) and everything seems to work normally so far. Please wait patiently for this large release to download and install -- then reboot immediately as prompted so that changes will be properly applied to Windows registry.

Microsoft Security Updates - October 2009
http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx

ISC Patch Tuesday overview
http://isc.sans.org/diary.html?storyid=7345

Huge Patch Tuesday Update - October 2009
http://blogs.zdnet.com/security/?p=4585

QUOTE: Microsoft today released its largest ever batch of Patch Tuesday updates to fix a whopping 34 security holes in a wide range of widely deployed software products.

The latest patch batch covers critical vulnerabilities in software products that are bundled with Microsoft’s dominant Windows operating system (Internet Explorer and Windows Media Player) — and several known security problems (SMB v2 and FTP in IIS) for which functioning exploit code has already been publicly released.

The SMB v2 issue, which has been in the news over the last month, has been addressed with MS09-050, a critical bulletin that actually address three separate documented vulnerabilities.

MS09-050 protects against SMB exploit for Windows Vista
http://blogs.zdnet.com/security/?p=4350

Linux Rescue CD

Harry Waldron — Mon, 12 Oct 2009 23:01:00 GMT

The System Rescue CD site provides an extensive set of tools to aid Linux users or corporate Linux administrators in recovery efforts if the O/S environment becomes damaged. It includes an excellent set of documentation and user forums to submit questions.

Linux Rescue CD
http://www.sysresccd.org/Main_Page

QUOTE: SystemRescueCd is a Linux system rescue disk available as a bootable CD-ROM or USB stick for administrating or repairing your system and data after a crash. It aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the partitions of the hard disk. It comes with a lot of linux software such as system tools (parted, partimage, fstools, ...) and basic tools (editors, midnight commander, network tools). It requires no installation since you just have to boot on the CD-ROM.

EXTENSIVE DOCUMENTATION
http://www.sysresccd.org/Online-Manual-EN

USER SUPPORT FORUMS
http://www.sysresccd.org/forums/

Xpaj Botnet - Thousands of systems infected in 1st two weeks

Harry Waldron — Wed, 07 Oct 2009 00:00:00 GMT

AVERT Labs is warning of a sophisticated botnet, discovered 2 weeks ago. Like Conficker, the internal command-and-control design is digitally encrypted to avoid discovery of the primary servers. Please keep all AV and software patches updated for the best levels of protection.

W32/Xpaj Botnet Growing Rapidly
http://www.avertlabs.com/research/blog/index.php/2009/10/06/w32xpaj-botnet-growing-rapidly/

QUOTE: Further analysis has revealed some interesting details about the malicious behavior of W32/Xpaj. The Virus is building a widespread “zombie” network, by taking control thousands of Internet-connected computers. The new botnet is in its infancy, although thousands of machines have been infected during last two weeks.

To prevent botnet hijacking, W32/Xpaj accepts only digitally signed payloads and commands. Malware authors use a cryptographic hash (MD5 algorithm) to validate the authenticity of any payload received from the control server). It employs the same techniques used by Srizbi and Conficker; that is, it uses randomly generated DNS names for backup control servers.

Botnets grow and evolve quickly. We measure them by the number of compromised computers under their control. However, proactive virus detection and following these simple recommendations will help prevent your computer from becoming a part of a botnet:

• Keep your anti-virus software up to date

• Apply all the latest security patches and keep your operating system up to date

• Set up a firewall to block unauthorized access while you are connected to the Internet

ADDITIONAL INFORMATION
http://www.avertlabs.com/research/blog/index.php/2009/09/21/w32xpaj-know-your-polymorphic-enemy/