New Years Schedule
Alexander Muse , December 30, 2005
Comments (0)
Architel’s offices will be closed on Monday for New Years. Kevin will be on call for emergencies only.
The Zero-Day Bug Part II
Alexander Muse , December 29, 2005
The good news is that this virus, also known as Exploit-WMF is detected by most major antivirus software with the latest updates. McAfee’s 4661 update, released yesterday, detects and blocks the flaw. Symantec says that there software detects and reports the issue, but does not specifically say if it blocks it. Computer Associates does not yet appear to have a response for this. TrendMicro says that they will have one available soon.
There are a few other workarounds for this. One is to unregister the Windows Picture and Fax Viewer by doing the following:
1. Go to the Start menu and choose “Run”
2. Type the following in the run line:
regsvr32 -u %windir%\system32\shimgvw.dll
(In this case “%windir” refers to your Windows directory, usually C:\Windows. So you would want to type regsvr32 -u C:\Windows\system32\shimgvw.dll)
3. Hit the “Enter” key
This disables the Windows Picture and Fax Viewer, so if you use this method you should expect that it will not work until you re-register it.
The best option is to make sure you have antivirus software protecting all you computers and that they are always using the latest virus definition updates.
The Zero-Day Bug
Alexander Muse , December 29, 2005
As posted earlier, there is a very serious flaw in Windows now dubbed the “Zero-Day Bug.” I will desribe what it is in this post and then immediately follow it up with a post on how to protect yourself until Microsoft issues a hotfix that patches the hole.
Essentially, someone has written a virus that takes advantage of the fact that Windows has an error with the way it handles corrupted Windows MetaFiles. More specifically, a lack of input validation in one of these routines may allow a buffer overflow to occur. This can be exploited to execute arbitrary code by tricking a user into opening a malicious “.wmf” file in “Windows Picture and Fax Viewer” or previewing a malicious “.wmf” file in explorer (i.e. selecting the file).
This can be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer. It must be stated that although using another browser has been a suggested fix, any browser that uses the Windows Picture and Fax Viewer to open an image is vulnerable.
The code for this virus is currently in the wild, or publicly available, and there are currently over 50 known strains of it.
The following systems are vulnerable:
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Small Business Server 2003
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Microsoft Windows Small Business Server 2003
Microsoft Windows Storage Server 2003
Microsoft Windows XP Tablet PC
Microsoft Windows XP Media Center 2004/2005
Microsoft Windows XP Embedded??
Microsoft Windows Server 2003 R2 Enterprise Edition
Microsoft Windows Server 2003 R2 Standard Edition
Microsoft Engineers Needed!
Alexander Muse , December 28, 2005
Are you high-speed? Energetic? Looking for a challenge? Ready to jump in the game? Quit wasting your time, start getting ahead. Join a company that is going somewhere – FAST!!!
Architel provides IT support to small businesses in the Dallas Fort Worth area. Architel also sponsors an open source project called SimpleTicket as well as a set of pro-sumer blogging tools called Big in Japan. Architel is looking for engineers to join the team. Since Christmas they have added three new engineers and they are hoping to add two more before January 15th. Are you looking for a new job? Here is what they are looking for:
- Microsoft engineers (Level II and III)
- Four plus years of Microsoft server/desktop experience
- Four year college degree (BA or BS) or
- Former Military (USMC preferred)
- Clean background and drug/tobacco free
They need engineers to support their clients. You will get exposed to all of our businesses, but first and foremost you will be asked to provide engineering support to Architel’s small business clients. If you are interested in joining the team email your resume, salary requirements and availability to us immediately. If former military, in lue of degree, please indicate rank and type of discharge (be able to produce DD214).
New XP Exploit!
Alexander Muse , December 28, 2005
There is a new exploit that will infect a fully patched Windows XP system. Security Focus posted this bulletin:
Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability. The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file. The issue may be exploited remotely or by a local attacker. Any code execution that occurs will be with SYSTEM privileges due to the nature of the affected engine. Microsoft Windows XP is considered to be vulnerable at the moment. It is likely that other Windows operating systems are affected as well.
Basically any application that displays a WMF image will cause your machine to get infected (i.e. older versions of Firefox, current versions of Opera, Outlook and all versions of Internet Explorer). This one is BAD!
[via]
Rootkits Part II
Alexander Muse , December 28, 2005
If you read yesterday’s post about rootkits you may have noticed metion made of how Sony’s BMG music division had been accused of installing a rootkit onto user’s computers via some of the CD’s they sell. Once the CD was inserted into the drive, the rootkit was embedded onto the user’s system and cloaking its activity.
Mark Russinovich, one of the world’s leading Windows experts, discovered this by accident when running his RootkitRevealer program, not knowing what it would turn up. Sony actually knew about this issue before it was made public by Russinovich, but did nothing about it. In fact, they at first denied it, then when they were caught they promised a fix which has yet to show itself.
If this weren’t bad enough Trojans started showing up that specifically used the Sony rootkit technology to hide themselves from being detected by antivirus scanners.
Well, Sony finally made the wrong people angry. Microsoft stated that in one of the Decemeber updates for their Anti-Spyware application, currently in beta and available as a free download, the Sony rootkit can be identified and removed.
Thunderbird Newsreader
Alexander Muse , December 27, 2005
If you want to get RSS feeds now without downloading aggregator program just for that purpose and you don’t want to wait for the latest version of Microsoft Outlook, Mozilla’s Thunderbird may be just what you are looking for.
A full-featured email client that has been on the scene for the last year along with its companion product Firefox, the latest version of Thunderbird has a built-in RSS reader that is amazingly simple to use. Just copy the URL of the site that has rss content, start the RSS wizard in Thunderbird and paste the URL when it says to. You will now get that RSS feed in your mailbox!
Oh yeah…did I mention that Thunderbird is free?
Rootkits
Alexander Muse , December 27, 2005
You may have heard the term “rootkit” and that they are dangerous to your computer’s health…and what’s worse, that no antivirus or antispyware software can detect them! You may have even heard that Sony was putting rootkits onto their CD’s so that when you put them into your computer a rootkit is installed. So what is a rootkit?
The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.
Obviously, this is bad. However, just as quickly as a new threat is created, the companies whose bottom line depends on protecting your computers come up with a way to secure your machines.
The next generation of antivirus and antispyware software from all the major venders (i.e. McAfee, Symantec, Computer Associates, etc.) will have routines that catch and remove rootkits. For now, there are several freeware applications out there who’s sole function is detecting and removing rootkits, including perhaps the most popular one RootkitRevealer.
As with most malware-related news, it’s more hype than anything. Rootkits can be a serious problem, but as long as your computers have anitvirus and antispyware protection that is regularly updated you will prevent 99% of the problems that plague others.
Toothpaste & AntiVirus
Alexander Muse , December 26, 2005
Have you ever gone to the dentist and asked them which toothpaste is the best? Most dentists will tell you whichever one you like the most is the best one. Why? Because dentists know that regardless of all the other things that get thrown in them, the only ingredient that actually cleans your teeth is flouride. Regardless of what else it has, as long as it has flouride, it will clean your teeth.
AntiVirus software is the same way. Regardless of which one you use, the important thing is that you have it on your computer. Sure, some may boast a 97% detection rate or a 99% detection rate or this new feature or something else they are convinced you can’t live without. The reality is that as long as the anitvirus software you use has a background scanner to detect any incoming threat, a scanner that you can launch so that you can manually invoke a scan when you wish and the ability to download updates, you are fine. These are flouride for antivirus software, as it were.
Microsoft recommends several antivirus solutions on the Small Business section of their website. Any of these will do the trick and all are similarly priced. The point is, you wouldn’t go for days, weeks and months without brushing your teeth, so why leave your business unprotected by not having antivirus software installed on all your computers?
Outlook Newsreader
Alexander Muse , December 25, 2005
Don’t read RSS feeds? Microsoft is going to make it alot easier to subscribe and read feeds with their new release of Outlook. [via]
