Monday, January 20, 2014

And now…back to regular GSD posting…

ForSec News

Most of these seem to be timely links in light of the recent malware-induced data breaches of late…

Patch Time Again!

Yesterday when flipping channels between a re-broadcast of Downton Abbey and the AFC playoff game (yeah--real contrast right?) Dad called in a panic as his dear wife had been browsing the InterTubes on their Vista system and they got an apparent Microsoft Security Essentials virus detection alert.

Only it didn’t quite look like what they were used to. So I popped on remotely and took a look.

Long story short, it was actually a fake AV alert image embedded in an IE tab page. Clever. Not.

Using ProcessExplorer I was able to confirm it was a “click here to clean” IE browser session only and not an actual malware fake AV binary causing the display. So a few targeted process kills later all was gone.

We did a trial to show again how the real MSSE client they have running on their system presents a legitimate detection alert.

This is a pretty common event now for them and their system. The vector seems to be that she opens up IE (the latest IE version offered for MS Vista is 9 which they have). Her home page is So then she just types in what she is looking for in the “handy” Yahoo search bar on that page and flows down the Internet River.  Often getting amazing numbers of multi-page ad/scam loads in new browser tab sessions. Yahoo seems to be the wild-west of this time of ad/page hijacking. Anyway…

We set up Google Chrome for her to use and depreciated IE as much as we could from the desktop/quick-launch in hopes that Chrome might provide a bit more protection. I ran out of time before having to head to the church-house for service support and didn’t get a chance to load it up with some additional ad-block protections but that is on the to-do list.

Anyway, before I bailed I also brought up their Java (needed unfortunately), Flash, Shockwave, Air versions to current status.

Fingers cross this will hold the dam back a bit more until little brother and I can convince Dad it is time for an OS upgrade to Win7/8 from Vista.

So with that background in mind…go get your patches!

XP support under Microsoft Security Essentials Extended (kinda)

Microsoft has come out with clarification that their Microsoft Security Essentials product will no longer be offered for download to XP OS system users after April 2014. However MS will continue to offer DAT file downloads/updates for already installed MSSE clients on XP though April 2015.

Small consolation, but really, other than looking for AV support of XP from other security software vendors, it really is time to upgrade to Windows 7 (or Win 8 I suppose).

Sysadmin Links

Defrag Tools over at Channel 9 has posted “Part 3” of their Message Analyzer video set:

TRAINING: “Windows Performance Jump Start” – Jan 23rd, Online - Kurt Shintaku's Blog

Bitrot and atomic COWs: Inside “next-gen” filesystems - Ars Technica

How to nuke your encrypted Kali install - Kali Linux

New Utilities of Note

PCI-Z - freeware - Detect unknown PCI devices. Spotted via this Identify unknown PC hardware with PCI-Z post over at BetaNews.

Recuva - freeware - version update to 1.50. - This file recovery software has some major feature updates added.

Piriform News - Recuva v1.50

Change log:

  • Added ISO 9660 file system support
  • Added recovery from unmounted drives
  • Improved duplicated file name recovery
  • Added Junction Point recovery support
  • Improved optical drive detection and recovery
  • Improved scan statistics accuracy

Bit more detail on what some of those features mean over at this Betanews post: Recuva now recovers data from unmounted drives, ISO-formatted optical discs


Claus V.

No comments: