• XP End of Life in April has Attackers Rubbing their Palms

    Microsoft Security research paints bleak picture for XP users

    The latest Microsoft’s Security Intelligence Report has just been released and this month it focuses on the situation as it relates to Windows XP users. Citing third party data, it says that 21% of users are still running Windows XP, which will reach End of Life in April 2014, after which no security updates will be issued for it.

    Once the last Windows XP patch is issued, unpatched vulnerabilities will begin to emerge. Some will have been saved by attackers for the time when there will no longer be a chance for it to be patched.

    The report also states that Windows systems have gotten more resistant to malware attacks over time. At the extreme, Windows XP users are almost six times more likely to become infected with malware as Windows 8 users. This is because Microsoft has steadily incorporated defensive technologies into Windows with each new version. The only major technology XP had was Data Execution Prevention (DEP), and even the implementation of that has improved greatly in subsequent versions.

    All XP systems should be replaced or upgraded by the end of  March 2014.  If this is not practical for some reason, then at a minimum, customers will be required to add extra protection to their XP systems in order to continue support.  All XP systems will require a current version of AVG Business Security as well as a current version of Malware Bytes Pro.

     

     
  • Cryptolocker Virus Update!

    Over the past few weeks an untraceable band of hackers has flooded the internet with a particularly nasty virus known as CryptoLocker. The virus is contracted by users who open infected email attachments that appear to be from banks, credit card companies, PAYCHEX, ADP, FEDEX, UPS..etc. Please be aware that these companies NEVER send attachments to emails, so if you see one, you should treat it as suspicious and delete it. The same goes for any other emails with attachments that you are not specifically expecting.

    What makes this virus particularly worrisome is:

    1. Hackers are continuously developing new strains to outpace anti-virus programs ability to keep up with them. This means that despite the best protection, infected emails may still get through.

    2. The virus will immediately encrypt all files on your laptop, and then will go out to your mapped drives and encrypt everything you have access to on the network. In order to decrypt the files you will have to pay a ransom ranging from $300 to $2,000, and even paying does not guarantee success because these hackers move from server to server.
    Although our customer’s networks and computers are very well protected, there are still ways for these to get through, particularly if you mix business and personal use on your computer. Users who check their personal email using Gmail, Yahoo, Hotmail..etc. can easily download an infected attachment, thereby bypassing our perimeter security protection.   Also if you use your laptop on other networks (including your home network), much of the protection is defeated.

    If despite all our best efforts, you do get infected (or suspect you might be), you will see this warning:

    If you see this at any time, immediately shut down your computer – and by shut down I mean literally unplug it from the wall, or hold the power button in for 10 seconds until it shuts off. Then immediately call me or the Integrated IT Help Desk. In this case don’t be concerned about shutting down properly – your computer will need a complete reinstall anyway.

    Notwithstanding the above, this is to assure you that all appropriate protections are currently in place on your network.  These include:

    1.  Firewall protection through Sonicwall Comprehensive Gateway Protection Plan – As long as default settings are in place, the firewall will not allow transmission of these email attachments.

    2.  SpamSoap Email Gateway – again, SpamSoap protects against transmission of these files.

    3.  Group Policy Objects – we have implemented an additional Group Policy Object (GPO) on customer domains.  The GPO prevents the running of any executable from the users %appdata% directory.  Note that this may      prevent other programs from running (to date we have only identified Spotify as affected – and why is that on your computer anyway?).

    4.  MalwareBytes Pro – this anti-malware program is the only known client-based product that will block this infection.  If you have Malware Bytes free version on your computer, it will only identify the infection during a   scan, but will not block it from executing. MalwareBytes Pro (for $25) is very good protection against this and other threats particularly you use your laptop on other networks.

    An important note – removal of the infection does NOT remove the encryption from your files.  The only way to decrypt those files is by paying the ransom using anonymous web currency like BitCoins – and even then you are not assured of success as these hackers move from host to host and the server that originally delivered the payload may no longer be in use.  The only post-infection protection is a current backup which has been run before the time of infection.

     

     

     

     
  • How to make your laptop choose a wired connection instead of wireless

    Have you ever noticed that your laptop always wants to run at wireless speeds, even when it’s in your dock, or connected to your network by ethernet cable?  Well, for some odd reason, Windows tends to default to your wireless connection if it’s enabled.  It’s why we always recommend that users turn off their wireless radios when they have a wired connection available.

    Of course most users forget, or (rightfully so) feel they should not have to remember this.  So here is a little hack that will set your laptop to always use your wired connection when it is available.

    1.  Press the Win + R keyboard combination and type ncpa.cpl into the run box, then hit enter.

    2. When the Network Connections window opens you will need to hit the alt key to display the classic menu bar (File, Edit, View..etc)

    3. Once its available click on advanced, and then choose the Advanced Settings option.

    4.  Here you will see the preference of your network connections. In order to make your laptop use a wired connection, if available, even when connected to a wireless network, you will need to select Wi-Fi and then click on the green arrow pointing down. Or select Local Area Connection and move it to the top.

    5.  Click OK to finish and your are done.

     
  • Internet Explorer 10 Update Not Compatible with iNotes

    Users are reporting that after a Windows Update upgrade to Internet Explorer 10, iNotes and Webmail functionality is not working and presents a blank page. Users are still able to use iNotes in Chrome and Firefox and other browsers. It is likely that the IE10 update has disabled a number of Java settings due to recent security issues.
    In order to get iNotes working in IE10 you will need to run the website in Compatibility mode. Do this as follows:
    1. Open IE 10
    2. Press Alt + T
    3. Select Compatibility View Settings
    4. Add your internet/intranet web site url
    5. Check the first two options available
    6. Click Close

     
  • The Zen of Windows

     
  • Today’s Groupon Offer – 50% off Groupon Stock

    Since Groupon went public in a much ballyhooed IPO their stock has dropped 42% from the IPO price.   Why this should surprise anyone is beyond me.  This is a business model that relies on selling half price massages and yoga lessons to impulsive web surfers in the hope that they will never get around to using the services they purchased.  Sooner or later, even the most compulsive of shoppers has to realize that 50% off something you would never have bought in the first place is just a really, really bad deal.  Add to that some questionable accounting practices and throw in a bunch of employees chomping at the bit to cash out and you have a recipe for yet another dot-com debacle.  Sure, the marketplace has been waiting years for the next Goomazon.com, but the Groupon phenomenon is looking more and more like a pump and dump on the part of the big institutions that controlled the IPO shares.  One more reason to occupy Wall Street.

     
  • IBM Access Connections causes extremely long boot times in Windows 7

    This article applies only to Lenovo Thinkpad systems with Windows 7.

    A number of Lenovo/Windows 7 users have recently reported extremely long boot times along with other delays in Windows Explorer.    This appears to be a recent phenomenon likely caused by a driver conflict in the IBM Access Connections software and a recent update to either Windows and/or Skype.  ThinkVantage Access Connections is a built-in utility to help manage wireless and wired connections.  It is not needed since the Windows 7 connections management software does the same thing in a much simpler manner.

    In 3 of 3 reported cases, disabling or removing the IBM Access Connections program fixed the problem and boot times returned to normal.

    If you are experiencing this problem, follow the instructions below to disable or remove the software.  You might want to disable the software before removing it entirely so you can confirm that the Access Connections software is the problem.

    To Disable the ThinkVantage Access Connections program:

    1. The program must be disabled in the system startup.  To do this, go to the Start button and type in msconfig.
    2. You will see a tabbed dialogue box.  Click on the Startup Tab and find the IBM Access Connections program.
      msconfig
    3. Uncheck the checkbox to the left of the program.  Click Apply and then OK to save your changes.
    4. Restart your computer.  On startup you will receive a small dialogue box warning that startup parameters have changed. You can dismiss permanently by checking the “Do not remind me again” box at the bottom the window.

    To completely remove the program from your computer:

    Once you have determined that the Access Connections program is responsible for the long boot time, you can remove it permanently from your system as follows:

    1. Click the Start button and type in  Add or Remove Programs
    2. Find the IBM Access Connections program in the programs list.
    3. Right-click on it and select “Uninstall/Change”.
    4. Instruct the uninstaller to completely remove the program from your system including all user profiles and other associated data.

    Once the program is disabled or uninstalled, Windows 7 will take over the wireless management completely.

     

     
  • ERP Apps don’t work with Windows 7 Mapped Drives

    After you turn on User Account Control in Windows Vista or in Windows 7, programs may be unable to access some network locations. This problem may also occur when you use the command prompt to access a network location.  This primarily affects users of applications that require drive mappings to network locations on the LAN.  If the drive mapping is accomplished by way of a Logon script running on the server, Windows refuses to the let the application access the mapped drive.

    This has been observed in Made2Manage 6.0 and Visual CRM 6.2 and up, neither of which is officially supported on Windows 7.  (Upgrade to a newer version needed).

    Why does this happen?

    This problem occurs because User Account Control treats members of the Administrators group as standard users.

    When a member of the Administrators group logs on to a Windows Vista-based computer or to a Windows 7-based computer that has User Account Control enabled, the user runs as a standard user. Standard users are members of the Users group. If you are a member of the Administrators group and if you want to perform a task that requires a full administrator access token, User Account Control prompts you for approval. For example, you are prompted if you try to edit security policies on the computer. If you click Allow in the User Account Control dialog box, you can then complete the administrative task by using the full administrator access token.

    When an administrator logs on to Windows Vista or to Windows 7, the Local Security Authority (LSA) creates two access tokens. If LSA is notified that the user is a member of the Administrators group, LSA creates the second logon that has the administrator rights removed (filtered). This filtered access token is used to start the user’s desktop. Applications can use the full administrator access token if the administrator user clicks Allowin a User Account Control dialog box.

    If a user is logged on to Windows Vista or to Windows 7, and if User Account Control is enabled, a program that uses the user’s filtered access token and a program that uses the user’s full administrator access token can run at the same time. Because LSA created the access tokens during two separate logon sessions, the access tokens contain separate logon IDs.

    Got all that?  Didn’t think so.  Here’s how you fix it:

    Registry Fix

    To work around this problem, configure the EnableLinkedConnections registry value. This value enables Windows Vista or Windows 7 to share network connections between the filtered access token and the full administrator access token for a member of the Administrators group. After you configure this registry value, LSA checks whether there is another access token that is associated with the current user session if a network resource is mapped to an access token. If LSA determines that there is a linked access token, it adds the network share to the linked location.

    To configure the EnableLinkedConnections registry value, follow these steps:

    1. Click Start, type regedit in the Start Search box, and then press Enter.
    2. Locate and then right-click the following registry subkey:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
    3. Point to New, and then click DWORD Value.
    4. Type EnableLinkedConnections, and then press Enter.
    5. Right-click EnableLinkedConnections, and then click Modify.
    6. In the Value data box, type 1, and then click OK.
    7. Exit Registry Editor, and then restart the computer.

     

     
  • Excel 2003 opens workbooks slower across the network

    Some users of Office 2003 have reported extremely long times to open workbooks stored on a network. Where an unaffected user can open a large file within a few seconds, affected users report times as long as 3 – 10 minutes to open a file. This only happens with Excel files. Word, Access and PowerPoint files are not affected.

    Among our customers, 3 separate users have reported this issue. Initially, we suspected the virus scanners on the users computers (always a prime suspect). However Microsoft recently released tech note KB2570623 which explains the problem and provides some methods to fix it.

    Users report that of the various methods and work-arounds detailed in the Microsoft tech note, Method 4 appears to be the best fix.

    To review the entire KnowledgeBase article, click here. Then go to “Method Four” and click the “Fix It” Button.

    If you prefer to do it yourself, be aware that this involves modifying your system registry…as follows:

    Let me fix it myself

    You can use the EnableOnLoad registry entry to configure how you want Excel to handle opening workbooks for the OFV. By default, the EnableOnLoad entry is not present in the Windows registry. To add theEnableOnLoad entry to the Windows registry, follow these steps:

    1. Exit Excel.
    2. Click Start, click Run, type regedit, and then click OK.
    3. Locate and then click to select the following registry key:
      HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\
    4. After you select the key that is specified in step 3, point to New on the Edit menu, and then click Key.
    5. Type Excel, and then press ENTER.
    6. Select Excel, point to New on the Edit menu, and then click Key.
    7. Type Security, and then press ENTER.
    8. Select Security, point to New on the Edit menu, and then click Key.
    9. Type FileValidation, and then press ENTER.
    10. Select FileValidation, point to New on the Edit menu, and then click DWORD Value.
    11. Type EnableOnLoad, and then press ENTER.
      Note: The default value is 0 which disables the validation.
    12. On the File menu, click Exit to quit Registry Editor.

     

     
  • Yet Another Reason to Stop Using Internet Explorer

    The BBC reports that a recent study by the research group AptiQuant found that the average Internet Explorer user has a lower average IQ than users of Chrome and Firefox.  Users of Opera and Camino were found to have the highest average IQ’s.

    AptiQuant offered free online IQ tests to over a 100,000 people and then plotted the average IQ scores based on the browser on which the test was taken. And the results are really not that surprising. With just a look at the graphs in the report, it’s pretty clear that Internet Explorer users scored lower than average on the IQ tests. Chrome, Firefox and Safari users had slightly higher than average IQ scores. And users of Camino and Opera had exceptionally higher IQ levels.

    If you’ve never heard of Opera or Camino, then we have to assume that you’re not as smart as you think you are.

    AptiQuant stressed that using IE doesn’t mean you have low intelligence. “What it really says is that if you have a low IQ then there are high chances that you use Internet Explorer,” said AptiQuant CEO Leonard Howard.   Hmmm… “high chances”? – must be an Internet Explorer user.

    Loyal IE users have already threatened AptiQuant with legal action, which seems to further reinforce the results of the research.

    Although there has been no similar research correlating intelligence with smart-phone operating systems, it seems clear that users of Windows Mobile might want to join that class action suit.