From the BlogSubscribe Now

Symantec Threatcon at Level 2

Good morning folks and welcome to my Technology Blog

I love to blog about technology because I love technology and people.  I have to say that sometimes I love technology more because it seems to be more manageable than some folks.  In other words it is easier for me to fix a technology problem than a person problem.  One of my challenges as a professional technologist is to be able to explain technology to a non technical person in a way that they can relate to it , understand it and use it in their jobs.  There are several classes of folks that I work with.  Some are geeks in their own right, some are power users and then there are the folks that should never be allowed near a keyboard and mouse.  These are the type of people that always announce to me that they have no clue what they are doing with a computer and therefore the issue at hand is beyond their comprehension to deal with.  The first two classes of people are a joy to work with and the later class of people remind me that there is a reason why I have the job I do.

I apologize for chasing rabbits when I write, I must get better at this.  As the title of this blog post says Symantec Threatcon is at level 2 and has been for almost a week now.  If you are familiar with the movie that has the super computer that was created back in the 80’s that could simulate a global thermonuclear war through a game then you are familiar with the different threat levels such as Defcon 1, Defcon 2 and so on and so forth.  Those are levels of defensive readiness so to speak.  Symantec has a “Threat Condition” level that they keep posted as they are monitoring the many different threats by spyware, malware, crippleware, viruses and trojans that are being reported in the wild.

One of my jobs as a Network Administrator is to safeguard company data and make sure it is safe and free of virus infections.  That is no small task considering that I have to manage 6 servers and 65 workstations by myself.  We have Symantec Endpoint Protection that monitors for viruses and trojans and most spyware and we also have Counterspy that monitors for spyware and malware.  We have scans that are scheduled every morning between 1 am and 6 am on a daily basis.  Despite this system wide monitoring I still have computers that get infected with some sort of garbage that slips through the cracks and gums up the computer workstations.  To this date I have not had a server get infected and for that I am very thankful.

When one workstation gets infected it interrupts that persons productivity but if  a server were to get infected it would affect the entire company while I take it down and have to clean it.  In years gone by the easiest way for someone to catch a bug on their computer was to download an attachment in their e-mail inbox and then through social engineering be tricked into opening that attachment and release the payload of said virus or trojan.  Thanks to the Internet and a lot of knowledge being shared about this people have gotten a little bit more intelligent and wary about email attachments and therefore the hackers and virus programmers have had to get much more tricky with their methods of delivery.

One of the ways that you can get infected is by visiting a website that is designed to deliver viruses, trojans and maleware to your computer via active X and java scripts.  I am not a web developer or programmer so I am not as familiar with HOW the bugs are actually transferred but I know from experience that it happens with increased frequency.  One of the problems with this method of delivery is that it is almost impossible to know what website is dangerous and what is not.

The important thing is that you take the following precautions.

  • install decent Anti Virus software
  • keep the Anti Virus definition files updated regularly
  • schedule daily scans during your computer idle time
  • install decent spyware detection software
  • keep the spyware detection software definition files updated weekly
  • run regular spyware scans on a daily or weekly basis
  • stay AWAY from FREE File sharing websites and systems such as bit torrent
  • If you must use a program like Bit Torrent download all the files to a removable Hard disk or separate partition of your hard disk and make sure you scan those files for infection
  • partition your hard disk into two separate partitions and have your OS system files separate from your Data files.
  • Do a Daily or Weekly backup of your data
  • If you receive an e-mail with an HTML Link or attachment you are not expecting do NOT open the attachment and do NOT click on the link.  Assuming that the content is safe just because you know the sender can be dangerous and cost you hours of downtime and lost data.
  • educate yourself about viruses, trojans, maleware, spyware etc  The more you know about these productivity and data killers the better you will be able to protect yourselves.

Over the last five years the major Anti Virus vendors have realized that some folks do not use Anti Virus or Counter Spy software because they can not afford to purchase it or they would illegally pirate the software because they refused to buy it.  Microsoft has come out with a product that is free called Microsoft Security Essentials and you can download it for free and install it on your computer and use it.  Avast, AVG and several other companies also have free Anti Virus and Spyware detection.  Spybot Search and Destroy is a good product as well that you can download for free.  The bottom line is this.  You MUST take proactive steps to protect your data and programs from infection.  You also are responsible for being a good netcitizen and by protecting yourself you are also protecting the rest of the folks like me who are on the Internet with you.

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter

Good bye Synergy and HELLO Input Director

How many computers is enough when you are managing multiple systems?  At work I have two computers and three monitors.  Both systems have their own monitor(s) keyboard and mouse.  I love my office at work because I have plenty of room to do what I need however my desk space is limited.  I have an L shaped desk but the desk space where I can put things is very narrow.  I do not have the space for two keyboards and mice so that forced me to adopt a free utility called Synergy.  I used this free utility when I was down at the College of Charleston thanks to my friend Michael Acree who is still a programmer there.  Synergy was and is a great free utility that allows you to share the keyboard and mouse from one computer to use on the slave computer.  That makes things so much easier to manage when you have multiple computers.

One of the things that I have grown irritated with is that Synergy seems to have been locking up on the master computer on a daily basis and I have to go into the task manager and kill the process and start everything all over again which takes me about 4 minutes to accomplish.  I am on one of the Windows 7 Google Wave  “Waves” and someone was talking about a new program called Input Director.  Synergy does not work with Windows 7 and Input Director does.  Since I have Windows 7 Professional on my laptop and will be using it on my main desktop computer in April I need something that will work with Windows 7.  Yesterday afternoon when Synergy locked up on me again I took that opportunity to rip out Synergy and install Input Director.  I am going to link to a story Stefan Didak that will give you a very nice overview of Input Director.

Synergy is a great program and it is awesome that this fellow named Chris created it back in the early 2004 era but it is no piece of cake to install.  I had Input Director up and running within about 5 minutes.  There are step by step instructions on how to set it up and use it as well that makes things very easy as well.  I have only been using this for one day but as I learn more about its functionality I will see about posting about it here on my technology blog.

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter

Google Wave Invitations to give away

I have 13 Google Wave invitations to give away.  Most of my geek friends are already on Google Wave but if you have not then send me an e-mail to jcmoffitt@gmail.com and I will sign you up.  If you do not know what Google wave is just go to Google and GOOGLE it and there will be a million helpful posts to acclimate you to it.  Google Wave is still in beta but they are adding new features almost every month.

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter

New article by Gregg Keizer on new IE bug

Microsoft: Don’t press F1 key in Windows XP

Ignore sites that nag to press the Help key, says zero-day bug advisory

By Gregg Keizer

March 1, 2010 (Computerworld) Microsoft told Windows XP users today not to  press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).

In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped. “The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer,” read the advisory. “If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.”

Last week, Prodeus called the bug a “logic flaw,” and said attackers could exploit it by feeding users malicious code disguised as a Windows help file– such files have a “.hlp” extension — then convincing them to press the F1 key when a pop-up appeared. He rated the vulnerability as “medium” because of the required user interaction. Windows 2000, Windows XP and Windows Server 2003 are impacted by the bug, said Microsoft, and any supported versions of Internet Explorer (IE) on those operating systems — including IE6 on Windows XP — could be leveraged by attackers. Previously, Prodeus had said that users running IE7 and IE8 were at risk, but had not called out IE6.

Until a patch is ready, users can protect themselves by not pressing the F1 key if a Web site tells them to, said Microsoft. “As an interim workaround, users are advised to avoid pressing F1 on dialogs presented from Web pages or other Internet content,” said David Ross with the Microsoft Security Response Center (MSRC) engineering staff in a blog entry on Monday.

“The prompt can appear repeatedly when dismissed, nagging the user to press the F1 key,” Ross added. The security advisory made the same recommendation: “Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited.”

Users can also stymie attacks by disabling Windows Help. The advisory explained how to entering a one-line command at a Windows command-line prompt to lock down the Help System.

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter

WordPress day 3

Like the true technologist that I am I grabbed a wrench and screw driver and dove under the hood last night. I tried this and that and tweaked this and that and wound up breaking our linked stories on the front page. This is a widget apparently and when I deleted the linked stories it mangled some things. I also managed to break my Technology Corner page but Carolinadreamz helped me put it back. Now I am going to be more careful where I put the pliars and screw driver.

Share this:
Share this page via Email Share this page via Stumble Upon Share this page via Digg this Share this page via Facebook Share this page via Twitter