The latest version of Norton AntiVirus has been released. The latest version includes several tweaks of the 2003 version and for the first time requires Product Activation. Product Activation is a technology being used by more and more software vendors to help prevent software piracy. When Norton AV 2004 gets installed you have up to 15 days to run the activation process. If the product is not activated it will stop working. The process of activation combines a unique software key included with the program with certain hardware details of the computer it is installed on to create an activation code which is then embedded in the program. At that point the original program CD can not be used to install the program on another computer. If you change certain components of your hardware configuration or buy a new computer you must reactivate Norton. Currently, you can reactivate up to 5 times.
Product Activation is used by many vendors including Microsoft. I don't really have a problem with it as long as; 1. It is fast and easy to do, both initially and for reactivation. 2. No personal information is gathered from the workstation and transmitted during the process.
Intuit tried Product Activation on their TurboTax product last year and took a lot of heat for it. They have now announced they will remove it this year. It seems many customers said they would rather use another product rather than activate. McAfee has released their latest version of their AntiVirus product and for now it does not require activation.
Thursday, August 28, 2003
Thursday, August 21, 2003
Sobig.f Virus Causing Major Problems
This has not been a good couple of weeks for the Internet! First it was the Blaster virus, then a major power outage, then the Welchia (Good Guy) virus, and since Tuesday the sobig.f virus. These things have caused major e-mail issues for almost everyone that owns a computer. The sobig.f virus is now the most distributed virus ever. Previously the Klez virus held that title. Klez was detected 250,000 times in the first 24 hours. Sobig.f was detected over 1 million times in the first 24 hours. Currently, 1 in 17 emails is a product of sobig.f. It is expected that sobig.f will cause a 60% increase in Internet e-mails.
The real sad part about this is that this is your common every day attachment virus. Users that open the attachment trigger the virus immediately. Yes, the email can look like it came from someone they know, however the body of the message and the attachment names are pretty obviously fishy to say the least. Users should be able to smell the fish!
We are handling several calls a day with email related problems. Some people can't get there e-mail reliably while others can't stop the flood of infected emails hitting their mailboxes. Neither victim is happy!
There is a whole list of things that can be done to try and minimize the affects of these types of viruses. The most important being user education (I know I have said that 3,345 times before) and keeping your virus software up to date (3,128 times). For a more detailed list specific to your business contact us. I've thought about carrier pigeons but I think attachments would be a problem.
New Viruses Listed on Symantec's Website
8/18 = 8
8/19 = 3
8/20 = 5
8/21 = 3 (so far)
Educate Users (3,346) and Keep Virus Software Up To Date (3,129)
The real sad part about this is that this is your common every day attachment virus. Users that open the attachment trigger the virus immediately. Yes, the email can look like it came from someone they know, however the body of the message and the attachment names are pretty obviously fishy to say the least. Users should be able to smell the fish!
We are handling several calls a day with email related problems. Some people can't get there e-mail reliably while others can't stop the flood of infected emails hitting their mailboxes. Neither victim is happy!
There is a whole list of things that can be done to try and minimize the affects of these types of viruses. The most important being user education (I know I have said that 3,345 times before) and keeping your virus software up to date (3,128 times). For a more detailed list specific to your business contact us. I've thought about carrier pigeons but I think attachments would be a problem.
New Viruses Listed on Symantec's Website
8/18 = 8
8/19 = 3
8/20 = 5
8/21 = 3 (so far)
Educate Users (3,346) and Keep Virus Software Up To Date (3,129)
Friday, August 15, 2003
Blaster/Lovsan Virus Update
This virus and its variants seem to be under control. The last number I have seen is that at least 225,000 computers were affected by this virus. Both McAfee's and Norton's current virus definitions are dated 8/13/03. McAfee's is 4284. If you are using the FixBlast program to clean infected machines it is now at version 1.0.4 dated 8/14/03.
This will be the last update for this virus. We are all probably happy to see this one go. I was going to create a "What We Have Learned" summary yesterday however, I was finding it hard to type in the dark. At this point I am getting ready to go on a bike tour of Martha's Vineyard and prefer to leave all this behind for a day or two. I will post the summary on Monday.
This will be the last update for this virus. We are all probably happy to see this one go. I was going to create a "What We Have Learned" summary yesterday however, I was finding it hard to type in the dark. At this point I am getting ready to go on a bike tour of Martha's Vineyard and prefer to leave all this behind for a day or two. I will post the summary on Monday.
Hosting Update
It appears that most of the T1 lines our hosting company is using are back on-line. E-Mail and Websites have been operational since about 7:05am. I suspect we will see intermittent issues all day today and possibly throughout the weekend.
Realize that if you are having problems sending or receiving e-mail the problem could be at your side or the other person's side. Have patience and don't forget you have a phone and a fax.
Realize that if you are having problems sending or receiving e-mail the problem could be at your side or the other person's side. Have patience and don't forget you have a phone and a fax.
Power Outage Still Causing Problems
Oh! by the way there is a major power outage going on! Our area lost power for about 4 hours last night. Power is back on here and we seem to be OK. However, many parts of the Northeast are not as lucky. It appears several major areas will be without power for some time to come.
Our office has full power and Internet access. However, the Internet itself is limping along. Our e-mail and web hosting company is up and running but the T1 lines going to them are not. Therefore websites and e-mail postoffices are not working. As of 5:00am a telco crew was on-site and we are hopeful they will correct the problem(s) soon.
This is the same for many sites on the Internet. I would expect that Internet e-mail will be spotty at best today. You may see no problems or you might be totally down depending on where your particular connection gets routed through.
This will be the same for phone calls. If you are calling someone in New York City you may not get through!
All I can say is this has been a tough week. TGIF
Our office has full power and Internet access. However, the Internet itself is limping along. Our e-mail and web hosting company is up and running but the T1 lines going to them are not. Therefore websites and e-mail postoffices are not working. As of 5:00am a telco crew was on-site and we are hopeful they will correct the problem(s) soon.
This is the same for many sites on the Internet. I would expect that Internet e-mail will be spotty at best today. You may see no problems or you might be totally down depending on where your particular connection gets routed through.
This will be the same for phone calls. If you are calling someone in New York City you may not get through!
All I can say is this has been a tough week. TGIF
Thursday, August 14, 2003
Don't Forget Those Remote Computers!
I was just reviewing our support calls for installing this update for our Clients and found a very important note on one of them (thanks Kim) that I thought would be useful to remind everyone of. If you have remote laptops, workstations, locations connected by VPN, Frame Relay, etc., it is extremely important that these locations are updated with the patch and the latest virus definition files. We have several calls from remote salespeople that have actually caught the virus while connected to the Internet via a dial-up connection. In fact this is the number one method of infection for our Clients at this point. While the fix is simple, this remote device if connected to the home office through a VPN or other type of connection, could infect the home office devices if the patches are not installed on them. It is not unusual for home based offices to have a DSL or Cable Internet connection with either no firewall or an improperly connected firewall. When evaluating your security and disaster recovery issues always consider these remote devices. What can not be seen CAN hurt you.
How To Tell If The RPC Patch Is Installed
I thought it might be useful to know how to tell if the RPC patch (Microsoft Security Flaw Patch) has been installed.
Open Control Panel (Usually Start-Control Panel). Then select Add/Remove Programs. A list of installed programs will appear. If the proper file listed below is shown the patch has been installed on this machine.
Windows 2000 (Server or Workstation)
Windows 2000 Hotfix KB823980
Windows Server 2003
Windows Server 2003 Hotfix KB823980
Windows XP
Windows XP Hotfix KB823980
Windows NT 4.0 (Server or Workstation)
Windows NT 4.0 Hotfix (See KB823980 for more details)
If these items do not appear you MUST get the patch installed! Remember that there are no patches for Windows 95/98 and ME doesn't seem to exist.
Open Control Panel (Usually Start-Control Panel). Then select Add/Remove Programs. A list of installed programs will appear. If the proper file listed below is shown the patch has been installed on this machine.
Windows 2000 (Server or Workstation)
Windows 2000 Hotfix KB823980
Windows Server 2003
Windows Server 2003 Hotfix KB823980
Windows XP
Windows XP Hotfix KB823980
Windows NT 4.0 (Server or Workstation)
Windows NT 4.0 Hotfix (See KB823980 for more details)
If these items do not appear you MUST get the patch installed! Remember that there are no patches for Windows 95/98 and ME doesn't seem to exist.
Think The Fun Is Over?
As is usually the case with a virus that has some success, (Estimates are that MSBlast/Lovsan has infected over 100,000 computers) the copycats come out. There are two new variants of this virus and just to make things interesting 2 more viruses have appeared and are gaining some momementum.
The key to avoiding the MSBlast/Lovsan type of virus is to install the Microsoft RPC patch. In addition both Norton and McAfee have updated their virus definition files. Norton 8/13/03 McAfee 4285 8/13/03. Everyone should not only update to these versions but should also keep their eyes on the update sites as I expect there will be several updates over the next several days.
One of the new viruses is an email that claims to offer a free Microsoft Security patch (and I bet you thought hackers weren't opportunists). When the attachment is opened several things happen (one of which is critical system files are deleted from the workstation at some date in the future). Check our website for more details on this virus.
The key to avoiding the MSBlast/Lovsan type of virus is to install the Microsoft RPC patch. In addition both Norton and McAfee have updated their virus definition files. Norton 8/13/03 McAfee 4285 8/13/03. Everyone should not only update to these versions but should also keep their eyes on the update sites as I expect there will be several updates over the next several days.
One of the new viruses is an email that claims to offer a free Microsoft Security patch (and I bet you thought hackers weren't opportunists). When the attachment is opened several things happen (one of which is critical system files are deleted from the workstation at some date in the future). Check our website for more details on this virus.
Wednesday, August 13, 2003
MSBlast/Lovsan Virus Update 3
This virus is continuing to spread but is slowing down as measures are being taken. Another piece of the virus is that is is programmed to attack the Microsoft Updates Website on Aug 16th and then several days after that. The object of this piece is to attempt to cripple the update site. Machines that are infected and have not been cleaned will start sending streams of requests to the website. Because of the potential number of machines doing this at the same time the site might become slow or even crash. Microsoft is well aware of the issue and says they are ready.
If you have not applied the Windows patches yet do it now! This is only the first of possibly many attacks that will use this method of intrusion. The patch files can be found here. Remember that your home machines need the update as well.
Check back tomorrow for my "What we have learned" comments.
If you have not applied the Windows patches yet do it now! This is only the first of possibly many attacks that will use this method of intrusion. The patch files can be found here. Remember that your home machines need the update as well.
Check back tomorrow for my "What we have learned" comments.
Tuesday, August 12, 2003
MSBlast/Lovsan Virus Update 2
Nothing really new with this thing. However, some precautions that should be taken:
1. Make sure all machines have the latest anti-virus data files. These files should be dated 8/11/03 or newer. Physically make sure these files are installed. It would be prudent to do a full scan of each machine once you have verified the latest data files are installed. This does not fix the underlying problem, it only detects these versions of this exploit.
2. If a workstation shuts down by itself with or without an error message, disconnect the workstation from your network immediately. The machine needs to be determined to be clean before reinstalling on the network. This one machine if infected, will infect other workstations almost immediately if left running on the network.
3. Get the Windows Patches installed!
1. Make sure all machines have the latest anti-virus data files. These files should be dated 8/11/03 or newer. Physically make sure these files are installed. It would be prudent to do a full scan of each machine once you have verified the latest data files are installed. This does not fix the underlying problem, it only detects these versions of this exploit.
2. If a workstation shuts down by itself with or without an error message, disconnect the workstation from your network immediately. The machine needs to be determined to be clean before reinstalling on the network. This one machine if infected, will infect other workstations almost immediately if left running on the network.
3. Get the Windows Patches installed!
MSBLast/Lovsan Virus Update
As of this morning both McAfee and Norton are indicating that these viruses are probably the same with some slight variances. They are also suggesting that in addition to blocking TCP port 135 and 4444, that firewalls also block UDP port 69.
Once the virus infects one machine via the Internet that machine becomes a host and starts scanning machines on the inside of the firewall and infects those machines that have port 135 open and do not have the MS patch installed.
The virus also performs a DOS (Denial of Service) attack on the Microsoft Update website which is intended to prevent users from downloading the patch.
There are still components of the virus that they are trying to figure out the purpose of. Although this virus seems to be more of a pain in the neck than anything else, the possible variations of this type of attack are enormous. Get your machines patched!
Once the virus infects one machine via the Internet that machine becomes a host and starts scanning machines on the inside of the firewall and infects those machines that have port 135 open and do not have the MS patch installed.
The virus also performs a DOS (Denial of Service) attack on the Microsoft Update website which is intended to prevent users from downloading the patch.
There are still components of the virus that they are trying to figure out the purpose of. Although this virus seems to be more of a pain in the neck than anything else, the possible variations of this type of attack are enormous. Get your machines patched!
Monday, August 11, 2003
Windows Security Flaw Being Exploited
The anticipated exploit of a flaw in one of the Windows functions called RPC (Remote Procedure Call) has begun. This flaw basically allows a hacker to be able to gain full control of a workstation or server that has not had a patch that has been provided by Microsoft installed. This is a very serious threat! All workstations and servers should have the patch installed. In addition, ports 135 and 4444 should be closed on firewalls and the latest virus definition files should be installed. More information can be found on our website.
More information on the Windows RPC flaw can be found on the Microsoft Site.
More information on the Windows RPC flaw can be found on the Microsoft Site.
Microsoft Office 2003 Getting Ready To Ship
Microsoft is getting ready to ship Office 2003 within the next few weeks. Office 2003 includes a bunch of UI (User Interface) enhancements and some new functionality under the hood. Microsoft is continuing to add collaborative functionality to the Office products as well. Click Here for some detailed information on the differences between Office 2003 and previous versions.
I have been using Office 2003 for a few months now and really like the changes I have seen. Outlook has many enhancements including some pretty good built in spam filtering. There are several other features that enhance the security of your workstation. There is even a first pass at DRM (Digital Rights Management). This technology allows you to create documents that can't be forwarded, edited or copied by unauthorized users. This will be a very useful tool for most businesses. If you are currently using Team Services, Sharepoint Services, or Sharepoint Portal Server, Office 2003 adds more functionality and ease of use.
Overall I think Office 2003 is a good upgrade. If you are running Office 97 you should definitely consider the upgrade. If you are running Office 2000 I believe it is still worth a serious look. If you are running Office XP I don't think it's worth the upgrade unless there are some specific functions that you can't live without.
I have been using Office 2003 for a few months now and really like the changes I have seen. Outlook has many enhancements including some pretty good built in spam filtering. There are several other features that enhance the security of your workstation. There is even a first pass at DRM (Digital Rights Management). This technology allows you to create documents that can't be forwarded, edited or copied by unauthorized users. This will be a very useful tool for most businesses. If you are currently using Team Services, Sharepoint Services, or Sharepoint Portal Server, Office 2003 adds more functionality and ease of use.
Overall I think Office 2003 is a good upgrade. If you are running Office 97 you should definitely consider the upgrade. If you are running Office 2000 I believe it is still worth a serious look. If you are running Office XP I don't think it's worth the upgrade unless there are some specific functions that you can't live without.
Subscribe to:
Posts (Atom)