Since registry editing is uncomfortable for some people, here’s a follow-on to last week’s trick that forces MSSE to update more frequently. Read more
Windows 7 SP1 is coming soon. Possibly as soon as this weekend.
Historically, service packs tend to get off to a bit of a rocky start, so I’m not going to be installing this right away. But since it’s so imminent, I’m not going to be installing Windows 7 on anything else yet either. I’ll probably give it a couple of weeks, then slipstream and install. Being the first on the block to install a service pack usually isn’t a good idea. Seems to me that in one Slashdot poll several years ago, given the choice between installing a service pack on the first day or watching the movie Master of Disguise, the really bad Dana Carvey movie won out. There’s a reason for that.
Microsoft Security Essentials, Take 43,291. And while we’re picking on Microsoft, my biggest beef with Microsoft Security Essentials is that it doesn’t update itself quickly enough. But you can make it check for updates as frequently as every hour. Directions are at http://lifehacker.com/5733597/change-microsoft-security-essentials-update-frequency
They cite this as a good thing to do on laptops. I completely agree. My laptop gets used just sporadically enough that it has trouble staying updated, and usually, when I use it on the road, it’s not up to date at first, and it’s when you’re using strange networks that you most want to be up to date.
Frankly I think it’s a good thing to do on your desktop too. When the signatures get updated, would you rather get the updates right away, or tomorrow? I’ll vote for right away.
When I was administering antivirus for a living, when I updated my AV server, my clients got the updates within an hour or so. Sometimes it was within a few minutes. That system wasn’t even directly connected to the Internet. So if that system needed its updates that fast, so do home PCs.
Passwords. It’s now possible to test 400,000 passwords per second using Amazon’s services, at a cost of 28 cents per minute. So, testing 24 million possible passwords costs 28 cents.
Strengthen your passwords. Going to 16 characters with two uppers, two lowers, two special characters and two umlauts is overkill, but you want to be using more than 8 characters, and use at least one number, one upper and one lowercase letter, and one special character like a punctuation mark. If your password is something like “popcorn,” well, let’s do the math. It takes one second to test 400,000 passwords, and there are arguably a million words in the English language, so cracking a simple one-word password should take a maximum of two and a half seconds and cost 3 cents.
This isn’t exactly news, as word has been going around for a couple of weeks, but if you haven’t heard about it elsewhere, there are some fake defragmenters going around.
I heard mention of it today, and it reminded me that I saw one last week when I was working on my mother in law’s computer. This was especially obnoxious, considering that at the time, I was running Firefox and I was visiting a mainstream site.
So there are a couple of things you need to keep in mind.
When Microsoft’s monthly security patches come down, if you’ve ever clicked on the button to see what it’s installing, you may have noticed the Malicious Software Removal Tool.
If you’re wondering, it’s a rudimentary antimalware tool that removes selected vermin from your system. It doesn’t remove all known malware. And I don’t know exactly how Microsoft decides what to remove and when. But given the number of people who don’t run any kind of antimalware software, it probably seemed like a good idea when they rolled it out in 2005. And in the first 15 months they pushed the tool out with the monthly patches, it removed 16 million instances of malicious software. Not bad.
The tool has some power that you can unlock that normally isn’t exercised when you do your monthly updates.
Note: In a corporate environment, you may not get the Malicious Software Tool automatically if you’re managing Windows updates yourself. Microsoft has instructions for deploying it to your enterprise.
In case you haven’t heard elsewhere, there’s a nifty unpatched vulnerability for Internet Explorer floating around. And it’s actively being exploited. Metasploit, an exploit toolkit used by penetration testers and script kiddies alike, is able to detect and utilize it.
Under these circumstances, Microsoft has been known to rush out a patch before the next scheduled Patch Tuesday, but the Christmas and New Year’s holidays will obviously slow things down.
In the meantime, installing Firefox and/or Chrome is prudent. I have and use both, since, to my knowledge, there hasn’t been a time yet when both of the two most popular alternative browsers had unpatched exploits in the wild.
What should you do when someone hands you a computer, tells you they think it has a virus, and asks you to clean it?
Proceed carefully, that’s what. You don’t want to infect your other computers with whatever it has.
To get it gone safely and effectively, you really need two things: an antivirus live CD, and a spare router.
My mom’s HP Mini 110 Atom-based netbook (with the factory 16GB SSD) was hesitating, a lot. Frankly it was really frustrating to use–it would freeze up for minutes on end, for no good reason. It was so slow, calling it “sluggish” was being kind. But it’s fixed now. I did six five things to it. Here’s how to speed up an HP Mini 110.
Sometimes your antivirus will tell you that you have host hijacks or host file hijacks, but not elaborate on how to fix them. Some people charge way too much to fix them. Here’s how to fix host hijacks or host file hijacks for free.
A former classmate’s computer suddenly stopped letting him get to search engines. Aside from that, his computer appeared to be normal.
Fortunately he had some antivirus and antispyware software installed, so he was able to run it and get a relatively clean bill of health, but he still couldn’t use Google or Bing or Yahoo.
One of the pieces of software he ran mentioned a host hijack or hosts file hijack, but didn’t offer to clean it up without ponying up some serious bucks.
That was enough to tell me how to clean it up though. You don’t have to buy anything. Read more
In recent months I’ve been recommending that everyone run Adblock Plus with the malware domains subscription, to get extra protection beyond what your antivirus/antispyware suite can give. Given a choice between detecting and blocking bad stuff, or not downloading it at all, it’s much better to not download it at all.
There are some downsides to this. Adblock Plus uses a fair bit of memory. It’s tolerable on my desktop PC with 2 GB of RAM, but less so on my netbook with 1 GB of RAM. And if you have to use a browser that doesn’t have a compatible version of Adblock Plus available, you’re unprotected.
The solution is to block at the operating system level, using the hosts file.
Here’s a script that does it, with instructions.
But I know of one malware site list that his script doesn’t use: http://www.malwaredomainlist.com/hostslist/hosts.txt. Luckily, it’s not hard at all to add that. Open the file in Notepad or another text editor, go to line 21 and add the following on a new line:
& ” http://www.malwaredomainlist.com/hostslist/hosts.txt” _
Follow the author’s instructions for turning off the DNS client service if you run Windows 2000 or newer, then run the script to generate a mega-hosts file that will keep your PC from acknowledging the existence of the known bad guys. I’ve said it before, but it’s worth repeating: Detecting and blocking malware is fine, but it’s much better–faster and safer is better, right?–to not even download the stuff in the first place.
The script explicitly works with Windows 98, NT, 2000, XP, and Vista. There’s no reason why it won’t work with Windows 7, and it might even work with Windows 95 (no guarantees though).
So maybe you’re like me and you’re administering a system that fell off its Windows domain, and the system was built by your predecessor’s predecessor, the local administrator account was renamed, and nobody has any clue what the account name or password is.
And you try ERD Commander because it worked in the past, but not this time…Usually the Locksmith works. But in this case, it didn’t, and of course everyone wanted the server back online an hour ago. We tried everything else we could think of for about three days, including downloading some things that I was sure would get me a visit from a security officer. Nothing worked. At least when I got the visit from the security officer, he just wanted to know why there were repeated attempts to log in with certain accounts.
“I was trying to hack into my own server and it seems I’m not a very good hacker,” I said. Duh.
So I found myself standing at the server with another sysadmin, having used my last idea. “I don’t suppose you have any ideas?” I asked. “I figured if you did, you would have said so by now, but…”
He shook his head.
Finally, I had one last idea. I asked him what he set the password to when he used ERD Commander.
“Password,” he said. “To make it easy to remember.”
Aha! A light went off. This system was hardened to require stronger passwords than just an 8-character alphabetic password. I had a hunch that was what was keeping us from being able to log in using our hacked account.
So we booted off the ERD Commander CD yet again, connected to the Windows installation, located what we were pretty sure was the renamed local adminstrator account, and I reset it to the standard mixed-case special character password we use for the local admin accounts.
We held our breath, rebooted, and tried to log in.
So if ERD Commander isn’t working for you, try using a stronger password to satisfy your local system policy.
And just in case you’re wondering why a computer falls off a domain, computers have usernames and passwords just like users do. Occasionally the passwords get reset. If for some reason the domain controller thinks a member computer’s password is one thing, and the member computer thinks it’s something else, you end up with a computer that says it’s on the domain, but can’t authenticate against it. The solution is to log in with a local administrator account, then either run NTDOM.EXE from the Windows Support Tools, or remove the computer from the domain and add it back in. You can just put the computer in a workgroup, ignore the dialog box that says you have to reboot, then add it to the domain, and then reboot.