Internet crime, Malware, Security, Spam and scams, Things that are bad

Ransomware update

1 Comment

Ransomware has been in the news a lot lately. The CryptXXX ransomware is no longer susceptible to easy decryption, and it’s been making a lot of money for its purveryors, in many cases using compromised, high profile business web sites as its delivery mechanism. On a more positive note, the people who created the TeslaCrypt ransomware stopped production and released global decryption keys. New ransomware delivery systems are able to bypass Microsoft’s EMET security software. The Cerber ransomware was recently delivered to a large proportion of Office 365 users via a Word document in an email attachment. And an even more hideous piece of malware surfaced in the last week: posing as ransomware, Ranscam actually just deletes all your files.

Ransomware is different from other kinds of attacks because of the potential damage. It can render all your data permanently inaccessible. Even paying the ransom is no guarantee that you will get all your data back intact. Other types of attacks typically try to fly more under the radar: trojans and rootkits want to control and use your computer’s resources; and viruses want to spread and open the door for other attacks. While other types of attacks can be fixed by removing the affected files, that doesn’t work for ransomware.

Like other types of attacks, ransomware first has to get onto your computer. These days, simply visiting the wrong web site can accomplish that. More common vectors are downloaded media and software, and email attachments. Preventing malware of any kind from getting onto your computer involves the kind of caution we’ve been advising for years; ransomware doesn’t change that advice.

What CAN make a big difference with a ransomware attack is limiting its reach. Once on a computer, ransomware will encrypt all data files it can access; specifically, files to which it has write access. Ransomware typically runs with the same permissions as the user who unwittingly installed it, but more insidious installs may use various techniques to increase its permissions. In any case, limiting access is the best safeguard. For example, set up your regular user so that it cannot install software or make changes to backup data.

Here’s a worst-case scenario: you run a small LAN with three computers. All your data is on those computers. Your backup data is on an external hard drive connected to one of those computers, and a copy exists on the Cloud. For convenience, you’ve configured the computers so that you can copy files between them without having to authenticate. Once ransomware gets onto one of the computers, it will encrypt all data files on that computer, but it will also encrypt data it finds on the other computers, and on the external backup drive. Worse still, some ransomware will also figure out how to get to your cloud backup and encrypt the data there as well.

How to limit your exposure? Require full authentication to access computers on your LAN. Use strong, unique passwords for all services. Store your passwords in a secure password database. Limit access to your backup resources to a special user that isn’t used for other things. In other words, exercise caution to avoid getting infected, but in case you get infected anyway, make sure that you have walls in place that limit the reach of the ransomware.

Most ransomware targets Windows systems, so most of the verbiage out there is about Windows as well. This article covers the basics fairly well.

Firefox, Patches and updates

Mozilla getting sneakier about updates to Firefox

Leave a comment

According to the release notes, Firefox 47.0.1 was released on June 28. I only found out about it yesterday (half a month later), when I happened to run the FileHippo Update Checker.

After seeing the new Firefox version reported by FileHippo, I looked at Firefox’s ‘About Firefox’ dialog, and it offered to upgrade to version 47.0.1. I went ahead, and I’m now running 47.0.1.

Why is Mozilla no longer announcing new versions of Firefox? If their goal is to make updates invisible to users, why didn’t my version of Firefox update to the new version automatically?

For what it’s worth, Firefox 47.0.1 appears to fix one obscure crashing problem.

Microsoft, Patches and updates, Windows 10

More Windows 10 Insider Preview Builds

Leave a comment

The rapid pace of Windows 10 Preview builds being delivered to my test PC continues. I guess that’s what Microsoft meant when it described this release channel as ‘Fast’.

In the last week or so, my test PC has been updated four times, to Windows 10 preview builds 14383, 14385, 14388, and 14390.

Given that each of these new builds is effectively a new install of Windows 10, they are surprisingly non-intrusive. The downloads are of course large, so there’s a bandwidth consideration. But the downloads happen in the background, and the installs and subsequent restarts happen during off hours (at night). Often I don’t notice the change until I start copying files and notice that Explorer’s copy dialog has once again reverted to its default, simple view.

Note: the Windows 10 version number is no longer visible on the desktop. Microsoft says “the desktop watermark is now gone. This is because we’re beginning to check in final code in preparation for releasing the Windows 10 Anniversary Update”. I’m not sure I follow the logic there, but at least it’s somewhat consistent. The watermark stops appearing when a release is imminent.

Build 14383

Bug fixes and performance improvements.

Build 14385

Bug fixes and performance improvements.

Build 14388

Bug fixes; reliability and performance improvements.

Build 14390

Bug fixes.

Adobe, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for July 2016

Leave a comment

It’s a relatively light month for Microsoft patches: only eleven this time. The updates address security issues in the usual suspects, namely Windows, Internet Explorer, Edge, Office, and the Flash code that’s embedded in IE 10, IE 11, and Edge. Six of the updates are flagged as Critical. A total of fifty vulnerabilities are addressed.

Adobe joins in the fun again this month, with updates for Flash and Reader/Acrobat. The Flash update fixes a whopping fifty-two vulnerabilities, while the Reader update fixes thirty vulnerabilities. Update: an announcement for the Flash update appeared on July 14th, despite being dated July 12th.

Update 2016Jul17: Ars Technica points out that one of the Microsoft updates addresses a critical security hole in a Windows printer driver installation mechanism that dates back to Windows 95. The vulnerability was not actually closed by the update; instead, a warning was added to the driver installation process.

Microsoft, Patches and updates, Windows 10

Windows 10 anniversary update coming August 2nd

Leave a comment

Microsoft is planning a big update for Windows 10 on its release anniversary. The update is planned for August 2, 2016, but that date may shift as we get closer.

The anniversary update will include the new Windows Ink, Edge browser extensions, and numerous performance and stability improvements. In other words, all the changes we’ve already seen as part of the Windows Insider program.

The update will be free to install on any computer already running Windows 10. After July 29, upgrading to Windows 10 from Windows 7 or 8.1 will no longer be free, and is expected to cost $119 USD.

Microsoft, Patches and updates, Windows 10

More Windows 10 Preview Builds

Leave a comment

Microsoft is pushing out new Windows 10 Preview Builds with somewhat alarming rapidity recently. Alarming, because it seems my test PC is always either downloading one of the massive updates, or installing one.

My test PC is now running Build 14379, and I haven’t noticed any changes of interest, good or bad. Let’s look at the release notes to see what’s different in the new builds.

Build 14371

A new Activation Troubleshooter helps to resolve problems encountered by users after changing hardware such as hard drives and motherboards.

This build also includes improvements to accessibility, and easier to understand Edge download displays. Some tweaks were made to a few display settings, and more display settings will now be maintained between builds.

Build 14372

According to the release notes, Build 14372 has “a handful of fixes to [improve] overall performance and reliability.”

Build 14376

Performance and reliability fixes for Windows Store, various display fixes, a fix for a specific Edge/Explorer crash, and a fix for an authentication error related to Terminal Services.

Build 14379

More display fixes and crash fixes.

Crapware, Hardware, Microsoft, Security, Things that are bad, Windows 10

Pre-installed crapware still a problem

Leave a comment

A recent report from Duo Security shows that pre-assembled, ready-to-run computers purchased from major vendors almost always include pre-installed software that often makes those computers much less secure. That’s in addition to being unnecessary, unstable, resource-hungry, and often serving primarily as advertising conduits.

If you purchase a pre-assembled computer, you should uninstall all unnecessary software as soon as possible after powering it up. Before even connecting it to a network. It can be difficult to identify exactly which software should be removed, but a good starting point is to remove anything that shows the manufacturer’s name as the Publisher. PC World has a helpful guide.

And now the good news, at least for some of us: Microsoft now provides a tool that allows a user with a valid license to reinstall Windows 10 from scratch at any time. Minus all the crapware that the manufacturer originally installed.

Microsoft, Windows 10, Windows 7, Windows 8.x

Microsoft now less sneaky about Windows 10 upgrades

Leave a comment

Now that their free Windows 10 upgrade offer is almost over, Microsoft thought this would be a good time to reduce some of the more devious tricks they’ve employed to fool users into upgrading from Windows 7 and 8.1 to Windows 10.

One incredibly annoying behaviour of at least one of the previous upgrade dialogs was that closing the dialog by clicking the ‘X’ button at the top right corner was actually interpreted by Microsoft as approval to proceed with the upgrade.

But it’s too little, too late for some users, many of whom encountered serious problems after their computers were upgraded to Windows 10 without their approval.

Techdirt has an amusing look at this issue.

Update 2016Jul04: Apparently Microsoft is making one final big push to get people to upgrade. The Verge reports on new, screen-filling upgrade prompts that are starting to appear on Windows 7 and 8.1 computers.

Patches and updates, Security, Things that are bad

Major vulnerabilities in Symantec security products

Leave a comment

Earlier this week, a Google researcher published a report on vulnerabilities affecting all Symantec security products, including Norton Security, Norton 360, legacy Norton products, Symantec Endpoint Protection, Symantec Email Security, Symantec Protection Engine, and Symantec Protection for SharePoint Servers. All platforms are affected.

From the original report:

These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.

Symantec quickly released security advisories and updates to address the vulnerabilities, including SYM16-010 and SYM16-011.

Anyone who uses Symantec or Norton security products should install the available updates as soon as possible.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.