Sunday morning (as with Benjamin Britten): fix still seems to hold.
Saturday, December 29, 2012
Microsoft W7 security fix appears to require more than one account on a personal computer
There is more to say about this most recent security fix to
Microsoft W7 in the logon logic (Dec. 21, 2012 posting).
Twice today, on cold boot of my Dell XPS laptop with Windows
7, after getting to the “Welcome” step with the spinning circle, the machine
just put up a blank light blue screen, no dump. If I pressed the power button, and then told
the boot BW screen to proceed normally, the boot finished normally. Checking
around online indicated that to get around this, put up another admin account
in Safe Mode.
I went ahead and did this, not bothering with Safe Mode (it
works in regular), creating another admin account and a regular user, with
passwords and hints. I found that
neither user got all the programs (like Chrome) unless you add them again. And I couldn’t get the regular user to give
update access to Word documents. If I’m
the “owner” of the machine, it’s still much easier to work that way.
I did find that I don’t get the hang on a cold start (at
least the first test). Well see
tomorrow. I think that the software is
counting logons and suddenly requiring another account or it goes into a loop
looking for one. One site said that when
this loop happens it stops after about 15 minutes and says “logon failed”. I didn’t wait that long.
Microsoft still seems a bit sloppy with these updates. They can interfere with getting work done
(even on Saturday night – why am I not clubbing?)
Sunday morning (as with Benjamin Britten): fix still seems to hold.
Sunday morning (as with Benjamin Britten): fix still seems to hold.
Friday, December 21, 2012
Can a Microsoft W7 security update require a cold restart?
I got a single Microsoft update for Windows 7 this morning
for KB2753874, regarding a vulnerability that would allow an attacker to gain
control of a personal computer and execute commands on it (like log on to your
bank accounts, or copy keystrokes), if you visited certain malicious websites
or opened a document with “True Type” or “Open Type” font files, with
explanation here.
This would be one of the scariest possible attacks.
The single update took longer than usual to install. Then, on restart, the computer would not
completely reboot, but stayed on a blue screen.
Upon prompting with the power button (on a Dell XPS from 2009, a
computer that originally had Vista), it went to the account locked screen. Upon one more prompt with the power button,
it turned off properly. On cold restart, it booted up normally. On a subsequent restart, it took slightly longer
than usual and executed the startup menu in a different sequence than
usual.
I haven’t before experienced a Microsoft update need a cold restart to work
properly. The machine comes up and tells
you it didn’t shut down normally the last time, but does restart as usual if
you just press Enter once.
I usually rarely get single updates like this (except for
the Malicious Software Removal Tool).
Anyone else had this experience?
(Yup, I've heard people say "Microslop".)
Thursday, December 20, 2012
Scammers go to the gutter after tragedies with fake domains; more on Windows 7 stops
A word to the wise.
The media (especially Anderson Cooper, and Piers Morgan, who just
tweeted an example) are reporting on a number of scams, domain names set up to
help victims of the Newtown tragedy.
Similar scams exist also for Hurricane Sandy, but didn’t get much
attention. (The Morgan tweet linked to a jewelry scam that, in Firefox, displays a "red circle" from MyWOT right on Twitter.)
Here’s a typical news story, on NewsVine.
There is a risk that scammers will create
trademark-infringing domain names, deliberate misspellings (or different tld’s)
to start fraudulent collection.
I really haven’t noticed that much phishing from either
incident in my own inbox.
On another matter, a few of the conservative sites get
really crazy with ads that hang Windows 7 for a minute or so, trying to load
something like, “realtime.services.discqu.com”.
Is “realtime” a Windows 7 service that needs to be in my Startup
menu? I actually allow pop-ups for “journalistic”
reasons. Webroot Secure Anywhere does
not consider this to be malware. The
Washington Times and the Washington Examiner do a lot of this. But then again, so does CNN and Major League
Baseball.
Saturday, December 15, 2012
PC Magazine now rates Webroot Secure Anywhere in the top three
PC Magazine has listed Webroot Secure Anywhere as one of the
three most effective anti-virus software products in detecting and blocking
malware threats. The other two products
scoring highest are Norton and BitDefender.
The story, by Neil J. Rubenking, is here.
Webroot switched to a cloud-based product about eighteen
months ago, and that means that users don’t have to let time-consuming data
signature updates run. The article also
points out that antivirus companies are now getting away from annual releases
of their products.
I have Kaspersky and Trend Micro on two other netbooks, and
the Kaspersky is always asking for a data file update.
It have Symantec Norton on my MacBook.
The most effective anti-virus software tends to move from company to company as years go by. What was best three years ago isn't necessarily so now.
At one time, Webroot (I believe it's based in Colorado) called its anti-virus engine "Spysweeper" (the label I still use on the blog for it), which is how it was known in the industry (like with Geek Squad) and used Sophos as its engine.
Wikipedia attribution link for second picture, Pikes Peak Summit. I drove it in a rental manual transmission care in 1994, and didn't use my brakes coming down (you use low gear). It was awesome. There is a restaurant on top and people work at 14000 feet.
Tuesday, December 11, 2012
New "drive-by" ransomware impersonates the FBI, seems to have affected thousands in US already
Various media sources have reported a piece of malware that
seems to take the form of a “drive-by” attack (upon visiting certain infected
websites), called “Reveton” or “Moneypak” (these may be similar but different
items). They interrupt the user’s
(Windows) experience with a warning purporting to be from the FBI (or IC3) that
your computer is locked, with a demand to pay ransom through a credit
card. Of course, paying the ransom doesn’t
free the computer. This is somewhat different from some previous malware in
that it doesn’t appear to offer “fake” anti-virus software. It may disable existing anti-virus software,
particularly if it is out-of-date.
The FBI (in Tennessee) has a warning about the idem here.
Of course, the FBI and other law enforcement agencies and police departments do not interrupt users with malware like this (although maybe the Stuxnet planted against Iran makes people wonder). Law enforcement normally contacts or apprehends suspects directly.
The IC3 version is described in SC Magazine here.
Station WJLA in Washington DC has a story today on the item.
Norton offers a removal tool for this item, which may not
work in all environments, here. It may work if you use a different anti-virus product, but it is better to contact your own anti-virus company.
Botcrawl has the most detailed discussion of “Monkeypak”
that I can find, with very detailed removal instructions (involving Windows commands and safe mode). The user may want to print this out. The link is here.
The virus seems to make use of the webcam on a PC or laptop.
The virus seems to make use of the webcam on a PC or laptop.
Many users would have to take an infected computer to a
service (like Geek Squad) to unlock the machine.
It’s a good idea to have a service contract (about $200 a year) if you have several computers and laptops.
It’s a good idea to have a service contract (about $200 a year) if you have several computers and laptops.
Friday, December 07, 2012
Kennedy Center spelling and other sites; more on W7 hangs
I just noted an oddity this morning with a popular symphony orchestra site. The correct spelling for the Kennedy Center in Washington DC is "kennedy-center.org". Take out the hyphen, and you get to another site that appears to offer ways to buy tickets. It gets a Green from McAfee Site Advisor, a 100 from Webutation (on Firefox), and "not enough data" from MYWOT. If the site were not legitimately part of the Kennedy Center, it could also present a trademark infringement issue.
I still get hangs from Windows 7 in emebdded ads on a few sites (lately, CNN and some television stations) that start "realtime services". The computer cursor wakes up when the service responds, which takes up to a minute, once since the last reboot. Webroot and Trend Micro do not consider this undesirable behavior. (Haven't seen this on an older netbook with W7 and Kaspersky).
Wednesday, December 05, 2012
Mac users warned about new trojans; McAfee marks some sites as yellow in search engines when it has no report
Webroot Community Forum is warning users about a Mac Trojan associated
falsely with the Dalai Lama, called “Gyalwarinpoche” and recommends not
visiting it, at least on a Mac. It
installs itself in the user’s home directory under the name “Dockset” and does
not show up in Finder. It uses java.
The Webroot link, tweeted today, is here.
The Webroot story gives reference to a Cnet story about Mac
Flashback Malware. It can pretend to be
an installed for Adobe flash. It grabs
passwords and acts like a keylogger.
That story is here.
In another matter, I encountered an anomaly with McAfee Site
Advisor in a Windows 7 environment this morning. A site for “Public
Participation Project”, called “anti-slapp.org” gave a yellow warning through
McAfee in search engines, but when I looked at the McAfee report it was gray
and said it hadn’t been tested yet. I
don’t get the inconsistency. There are more details on the “BillBoushka” blog
today.
Tuesday, December 04, 2012
Anderson Cooper presents some tips on protecting "private" photos on social media
On Monday, December 3, 2012, Anderson Cooper (and cohost
Caroline Manzo) presented the issue of
protecting photos that you post online when you intend them to remain within a
specific circle of friends. That’s not a
practice I particularly recommend, but here is a (website url) link that gives some tips from
Mashable.
Note that you can turn off the GPS tagging in your smart
phone, and can watermark your photos.
You can also add McAfee protection to the contents of your
Facebook account, here. You need to be logged on to Facebook to see
it.
I tuned in late, but I didn’t see any discussion of a
related problem (which has been presented before) , other people taking
pictures of you in possibly compromising places (maybe bars) and posting them
(I took this up on my main “BillBoushka” blog on Nov. 26, 2012, as an “online
reputation” problem). Anderson has taken
up that problem before, and I expect that he will again, maybe with attorney
Parry Aftab or Reputation.com’s Michael Fertik.
The speaker and photographer has more rights in a public place than you
might think. But you can set up Facebook
so photos can’t be tagged without your permission.
Caroline also talked about Internet threats, as here.
Monday, December 03, 2012
Washington DC sets up "bricking" to counter street cell phone thefts
Television station WJLA is reporting that Washington DC has
put in a “bricking” plan to disable stolen cell and smart phones.
The “bricking” means that once the phone is reported, the
SIM card or phone can never be reused.
However thieves are slow to realize that the stolen phones are quickly
becoming worthless.
There have been problems with theft in residential areas of
the city and on the Metro, especially near exit doors of cars.
The DC government and Metropolitan Police have set up a website for bricking, here.
The DC government and Metropolitan Police have set up a website for bricking, here.
Subscribe to:
Posts (Atom)