Emmanuel Computer Consulting, L.L.C.

Microsoft has released the fix for the LNK issue. this coming Tuesday is going to be a monster patch day with a total of 37 issues fixed in 14 patches.

Windows has design issues…I have talked about it many many times.  However it IS possible to have a malware free system.  It’s really not that hard.  You do need to change your behavior on how you operate your windows systems.

1.  Have a security audit done if you’ve never had one done.

2.  Don’t use IE.  Unless you are technically savy just don’t.  It’s the number one attack vector(via Activex).

3.  Run Firefox or Google Chrome.

4.  Don’t goto porn, warez, gambling..etc etc type sites.  If it’s a red-light disctrict on land it’s the same in cyber-land.  If you go to these places in cyber-land none of the above or below matter..you’ll be infected either immediately or very quickly.  NO anti-anything will save you either.

5.  Don’t buy into the anti-whatever $$$ trap.  I haven’t run a/v on my systems in nearly a decade.  We’ve had ONE system infection and it was my wife’s fault(by her own admission).  If you are REQUIRED to run anti stuff get the  cheapest you can find.

6.  Never click a link in an e-mail until you check it.  This can be a tricky subject.  Hover your mouse(Don’t click any links) over the links and see if the address presented in the bottom bar matches the text of  the link.  If it doesn’t it’s a fake.  Contact ECC for full details.

7.  Remove admin rights from users.  Self-explanatory.

8.  Remove the ability for users to install ANYTHING.  This can easily be done via group policy. (This and #7 are the 2 things you can do on a network to stop at least 90% of all malware infections)

9.  Disable autorun.  This nukes most infections from usb keys(flash drives, thumb drives..etc etc etc.  Works great in conjunction with #8 and #7)

10.  Ensure all systems are up to date with all security updates.  Not just Windows and Office but every third party program on your systems.  (This includes Acrobat, Flash, Java).

e-Banking Bandits Stole $465,000 From Calif. Escrow Firm — Krebs on Security.

Marisco said that a few days before the theft, she opened an e-mail informing her that a UPS package she had been sent was lost, and urging her to open the attached invoice. Nothing happened when she opened the attached file, so she forwarded it on to her assistant who also tried to view it. The invoice was in fact a Trojan horse program that let the thieves break in and set up shop and plant a password-stealing virus on both Marisco’s computer and the PC belonging to her assistant, the second person needed to approve transfers.

Whoopsie.  It looks like somebody forgot the basic tenants of Windows security:

http://www.emmanuelcomputerconsulting.com/the-basics-on-not-getting-infected

Office 2010 Licensing changes… – Untangle Forums.

This is interesting.  Keep watching MS they want their fingers in everything.

Office 2010, SharePoint 2010 go RTM.

Office 2010 is the typical Microsoft release.  If you already have the previous edition of their office suite, upgrading is purely a choice of preference.  If you are running older generations of Office it’s really a good idea.  If you are looking to purchase Office now..wait for 2010.  What does Office 2010 bring over 2007?  I am NOT an advanced Office user at all.  I have yet to find a Microsoft Office suite that’s truly easy to use for the Office neophyte…such as myself.  Ii have been playing with the beta and one thing it brings is usability.  The ribbon interface(which i also find much easier to use) carries over form 2007 BUT unlike 2007 ALL Office products now have the ribbon interface.  In 2007 Publisher and outlook did NOT have the full ribbon interface.  Microsoft has a tiered suport system based on the age of the product:

Office 2007 will be in mainstream support until mid 2012.  After that the only updates available for Office are security updates…bugfixes, design issues, etc etc aren’t patched at all.  What are my recommendations for an Office purchase?  If you already have Office 2007 and it’s working fine for you stick with it.  By the time mainstream support ends for Office 2007 Office 15(whatever year that’s going to be) will either be released or close to being released.  If you don’t have any suite at all I would wait if at all possible for Office 2010 which has a tentative release date of June of this year.  If you have on older version of Office I would also wait for 2010.

The blame here is not online banking but the operating system(Windows) faulty design and the users lack of proper security education.  ANY business no matter how small needs to have a security audit done:

1. To make sure your machines aren’t infected

2. To get educated on how windows computers are vulnerable by design

3.  To learn how to protect yourself from online fraud and other threats

4.  To ensure proper recovery and mitigation procedures are in place BEFORE this kind of damage takes place

As the economy sputters along more and more single person, home-based businesses are going to have this happen.  It’s all too easy for a machine to get infected and with this new generation of malware once you are infected…it’s too late to recover.  Listen to my podcast for more information.

McCarthy said she never would have done online banking for her business if she had understood how precarious it was for her business.

via N.Y. Firm Faces Bankruptcy from $164,000 E-Banking Loss — Krebs on Security.

Judge: Microsoft can’t sell Word anymore.

I highly doubt this one will hold up on appeal but I’ll keep an eye on it to see what happens.

Pwnie Award Winners.

I like this.  It shows that nothing is sacred when it comes to security..:)

Researcher Shows Killbit is No Defense on MsVidCtl Flaw | threatpost.

When you have a technology(Activex) that allows access directly to the kernel there is only one way to secure it..remove it.  I have posted about this multiple times.  Microsoft it is time for you to realize your java killer called Activex is not killing java and the though of letting code on the internet run at the system user level is a horrendously bad idea.