I had an update on my system in a partially installed state. Our vulnerability scanner determined one file, MSO.dll, was still out of date. It recommended a patch to apply. Running it gave me an error message. Here’s what to do when Windows says the update is already installed on this system and refuses to let you do anything but click OK.
Because hey, from a security analyst’s point of view, this is anything but OK. I get questions about patches in a partially deployed state all the time, so I figured I’d write about it.
I had an odd question come up the other day: Who still uses Wordperfect? It’s a fair question. Wordperfect, as you may know, is still very much in production. Corel releases new versions every year or two. It’s the #2 word processor in the market, still. Someone is still using it, then.
It’s been a long time since I’ve seen someone explain the benefits of defragmenting your computer hard drive. I do see a lot of misconceptions out there. I explained defragmenting in my 1999 book, so I’ll explain it again.
Part of the misconception is that things have changed. The tools have changed, yes. But the need hasn’t.
It seems like about once a month an aspiring coworker asks me how to get enough CISSP work experience. I think this shows a misunderstanding of the requirement, so I’m going to try to clear it up.
You don’t have to get your five years of work experience in one big lump. And that’s a good thing, because that would be hard to do. Sometimes you can get a security job without a cert and work your way toward it, but a lot of employers want you to come in with the certification already.
But that’s OK. As long as you’re doing something more than selling computers at retail, odds are you have some security experience that can count toward the requirement.
I got e-mail the other day from Turbotax saying someone had filed my taxes for me. Obviously a cause for concern, right? Here’s how I determined the message was fake in about three minutes. You can spot phishing e-mails with Outlook the same way.
Some people will tell you not to even open a message like this, but if you’re a computer professional, at some point someone is going to want you to prove the message was fake. I think this is something every e-mail administrator, desktop support professional, security professional, and frankly, every helpdesk professional ought to be able to do.
So here’s how you can get the proof. And generally speaking, Outlook 2010’s default configuration is paranoid enough that this procedure will be safe to do. If you want an extra layer of protection, make sure you have EMET installed and protecting Outlook.
Bad things happen when security pros like me start asking our infrastructure brethren to patch Flash. We get better security, but the Flash upgrade fails enough of the time to cause extra workload, and it can be confusing. One of the problems is the question of Flash vs Shockwave.
Consequently, I see more Flash-related helpdesk tickets than I ever saw, even when I was doing desktop support long ago. Adobe doesn’t make it any easier by calling the plugin “Shockwave Flash.”
It was on August 24, 1995 that Windows 95 was released, amidst much anticipation. It was the most widely anticipated Windows release of all time, and the runner up really isn’t close. The idea of people lining up for blocks for a Microsoft product sounds like a bit of a joke today, but in 1995 it happened.
I received a free copy of it because I worked at Best Buy in the summer of 1995 and I aced Microsoft’s test that demonstrated sufficient aptitude to sell it. A few weeks later I landed my first desktop support gig, ending my career in a blue shirt, which means I probably never actually talked anyone into buying a copy of it.
I got plenty of Win95 experience over the next couple of years though.