Microsoft Office Patent Infringement Issue

A while back, Microsoft was sued by a Canadian software company for a patent infringement on some code in the Office products that has to do with Custom XML, which most of us would never see or use.  Microsoft lost the suit and appealed.  This week they lost the appeal and must issue new versions of Word and Office or stop selling it by January 11, 2010.

This has caused some concern from a few of our Clients.  However, it is nothing to worry about.  Microsoft has already corrected the issue and will have the corrected versions of Word 2007 and Office 2007 available by the January 11th date.  Office 2010, scheduled for release in June of 2010 does not contain the affected code.  Existing installations of Word and Office are not affected by the ruling.

Serious Adobe PDF Exploit

A serious exploit of Adobe PDF files has been discovered and malicious PDF files are being detected on the Internet since December 11th or so.

There is no patch for this issue at this time and anti-virus applications are not yet able to detect the malware due to how it is packaged. 

The problem appears to be in a JavaScript function inside of Adobe.  If you know how, you can disable JavaScript in Adobe Reader.  (Edit – Preferences – JavaScript – uncheck Enable Acrobat JavaScript).  Note that this may mean some PDFs do not display or act correctly, but it will mitigate the current issue.  Once a patch has been released you can turn it back on if you want.

Of course you should be careful downloading any type of file from the Internet.  However, be extra careful with PDFs at the moment.  Once a patch is released, we will post another article here.

Beware False Virus Warnings

Over the last few weeks, we are seeing a bunch of malware infected workstations, more than normal. What is happening  is the user is seeing a pop up when they are browsing on the Internet.  The pop up indicates that the machine is infected and offers to run a cleanup function.  The problem is that the pop up itself is malware.  If the user clicks anywhere in the window that is popped up the machine is compromised.  Even if they click the X to close the window.

This is being caused by websites that have been compromised.  The user goes to what should be a valid website and gets infected because some malicious code has been injected into the web pages on the site without the site owners knowing.  There have been reports that over 100,000 websites have been infected.

If the user sees a pop up that indicates that there workstation is or may be infected and the message is not a NOD32 (or whatever antivirus they are using) message, they should not click anywhere in the pop up or click the X to close the pop up window.  Their best bet is simply to close any other open applications (not the pop up) and shut down or restart the computer.  Once the computer restarts they should be OK.

AllScripts v6.0 Available

AllScripts v6.0 has been released.  This is a required update that must be installed by 1/1/2010 to comply with new OASIS-C and Hospice requirements.

The update requires that all laptops do a sync before the update starts and then not be used until the servers and laptops have the update installed.

The update takes longer than normal to install.  It includes the OASIS-C Assessments but they will need to be imported and activated after the update.

Make sure you request the electronic update from AllScripts if your haven’t already.

Horizon 2009 Regulatory Update Re-Released

McKesson has re-released the 2009 Regulatory Update after having problems with the original update.  Updates for versions 10.2.2 an 11.1 are now available.

This is a major update that includes the OASIS-C v2.0 Assessments and Hospice changes that are required to be installed before Jan 1, 2010.  It also includes a few other minor updates.

This update will take longer than normal.  It requires that laptops do a transfer and remove all patients before being installed on the servers.  There are also scripts to be run after the update has been installed.

It is extremely important that agencies review the release documentation before installing this update.  I would also suggest that agencies notify McKesson when you have an anticipated installation date so they can be available should issues occur during the installation.

There is work to be done after the update has been installed so it should be scheduled as soon as possible.

Windows 7 For Small Businesses

The definition of “Small Business” is a tricky bear.  This Microsoft Windows 7 website breaks it down to companies with less than 50 PCs and those with more than 50 PCs.  It’s a pretty good site for learning the advantages of Windows 7 for your size company.  You can find the site here.

New Phone Dialing Rules

In December 2009 there will be 2 new area codes available in Connecticut, 959 and 475.  With the addition of these 2 new area codes we will now need to dial 10 digits for all local calls made in Connecticut.

10 digit dialing for local calls will become effective on 11/14/09 here in Connecticut.  Most other areas of the country already use 10 digit dialing so we are just catching up.  It actually makes things easier for automated systems.

This means that systems that automatically dial out (to local numbers) may need to be changed to have the area code added to the local number.  These devices include modems, fax machines, security alarms, cell phone address books, phone system call forwarding, etc.

Windows 7 Countdown Widget

Conficker Worm Update

April 1st came and went without the Conficker Worm seeming to do anything. Often, when the media gets a hold of these things they get a little out of hand. Don't take that to mean that the Conficker Worm is not serious. It is. The problem is that the writers of this worm are very clever. They have been able to get this worm installed on millions of computers and the worm is just waiting for more commands from them.

Here are 2 videos put together by F-Secure, a major Internet security provider. You'll be amazed at how clever and tough to catch these guys are. However, as you will see, the good guys can be clever as well.

Video 1
Video 2

Microsoft Changes Windows XP Deadline...Again

Jun 09 was the latest date that Microsoft pegged for the end of Windows XP sales. Through that date system builders such as ourselves could sell workstations with Windows Vista but then apply downgrade rights and actually install Windows XP. This week Microsoft moved the date out to April 2010.

While I understand that many companies are reluctant to start migrating to Vista for various reasons, I do not think this is the best move for Microsoft. My reasoning may not be what you you expect. By continually extending the end of life of Windows XP, Microsoft is allowing major software vendors to continue to drag their feet in making sure their applications will run properly in Windows Vista and now Windows 7 which is expected to ship later this year.

If the April 09 date was kept, many major software vendors will still not be ready. This is just ridiculous. Windows Vista was released in 2007 and available to software vendors as far back as 2006 in beta versions. And at this point Windows Vista will be replaced with Windows 7 later this year. This affects you. If the June 08 date was kept, you would be in a situation where you would not be able to run these applications on new computers. This is not a good thing. Software vendors need to move faster in migrating to new operating systems. I don't think 4 years fast enough.

At least Windows 7 is fairly close to Windows Vista as far as software development is concerned, so software vendors should be able to migrate to Windows 7 fairly easily as long as they are at least close to rolling out there Windows Vista versions of their applications. Let's hope that is doesn't take another 4 years.

Conficker Worm In The News

On Sunday night, 60 Minutes aired a story on the Conficker Worm (a virus).  I thought the story had some pretty good information, although it came across as an ad for Symantec as well.  Here is a link to the segment of the show.

Conficker attacks a known issue in Windows that Microsoft created a patch for back in October 2008.  I posted an article here back in October that discussed how to get the patch and how to tell if the patch has been installed on your computer.  You can view that article here.

This worm is getting a bit of air play right now because one of the variants is expected to cause various types of issues on April 1st. 

So what should you do regarding this virus.  First, make sure you have the latest virus definition files for your AntiVirus software.  If you hover over or click on your AV icon on right side of your taskbar, you should see the version and possibly date of the last update.  Make sure it is recent.  Note that one of the symptoms of this virus is that it disables the updating portion of your AV program.  If you are not getting updates you may be infected.  The next thing is to make sure you have the latest Windows updates installed on your computer.  If you are on our Monitoring Service that includes updates, you should be all set.

Make sure your staff are aware of this issue.  Computer users need to be constantly reminded of safe computing practices.  Your computer usage policies need to be constantly reviewed to insure that you are protecting your IT assets as well as you can.

Let me ask this question.  You know those users that are logging in to your network from home.  Do they have the latest AV updates on their computers? The latest Windows updates?  Are they already infected and connecting in? 

How about the person that comes in to your office for what ever reason, the accountant, consultant, auditor.  If they connect their laptop to your network either by wireless or wire, can you answer the above questions?  Just something to think about.

Internet Explorer 8 Released

Microsoft released Internet Explorer 8 on Thursday 3/19/09. IE8 is the latest version of Microsoft's browser. It brings more security and several more features to the Internet browsing experience. A new, smarter address bar allows searches to be done right from the address bar. At the same time, the address bar will present search suggestions that can enhance the Internet Search process.

A new function called Accelerators is included. This features allows you to highlight text in any website and perform web based functions using that information automatically. For instance, you could highlight a street address and instantly go to a mapping site which will present the directions to that address.

Another new feature is Web Slices. Web Slices are a way to stay up to date with a small piece of a website. For instance, if you wanted to keep an eye on the weather in your area, you can install the Web Slice from the weather site and it will install a little button in your IE Toolbar. Any time the weather info changes the little button will light up and you can take a look. You don't have to keep going to the website to check the weather. I think you're going to see a bunch of Web Slices get created.

Tabbed browsing has been available since IE7. IE8 adds a bunch of new features and refines the tabbed browsing experience quite a bit.

I have been using IE8 at home since the early betas. I like it a lot. However, there can be some compatibility issues so you need to be careful. Some websites may not display correctly. Fortunately, IE8 includes a "Compatibility Button" that has corrected any problems I have run in to.

As usual, I suggest our Clients hold of a little on installing IE8. At least install it on one or two machines to test your environment before rolling it out to everyone. At some point it will be offered as a critical update in Windows Updates, so it will get installed automatically if you are not careful. My experience with IE8 has been very good. Because of the new features and the increased security, I suggest Clients move to it as soon as they complete their in house testing. More info on IE8 and the download link can be found here.