Updates Without Your Permission

Holy cow!  One of the two monsters of the Internet is at it again.  For all of our newer clients who have not followed my thought processes over the years as to the “Two Monsters” I so lovingly refer to, they are “Google” and “Microsoft”.

 

Microsoft has begun patching files on Windows XP and Vista without users’ knowledge, even when the users have turned off auto-updates!

 

In recent days, Windows Update (WU) started altering files on users’ systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC.

 

It’s surprising that these files can be changed without the user’s knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft’s latest stealth move, updates to the WU executables seem to be installed regardless of the settings — without notifying users.

 

When users launch Windows Update, Microsoft’s online service can check the version of its executables on the PC and update them if necessary. What’s unusual is that people are reporting changes in these files although WU wasn’t authorized to install anything.

 

For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it doesn’t need permission to patch Windows Updates files, even if you’ve set your preferences to require it.

 

To make matters even stranger, when I search on Microsoft’s Web site, there is no information at all on the stealth updates.  Let’s say you wished to voluntarily download and install the new WU executable files when you were, for example, reinstalling a system.  You’d be hard-pressed to find the updated files in order to download them.  As of this writing, you either get a stealth install or nothing.

 

Microsoft appears to have no malicious intent in patching them. However, writing files to a user’s PC without notice (when auto-updating has been turned off) is behavior that’s usually associated with hacker Web sites.  The question being raised in discussion forums is, “Why is Microsoft operating in this way?”

 

It’s important to note that there’s seems to be nothing harmful about the updated files themselves.  There are no reports of software conflicts and no reason to remove the files (which WU apparently needs in order to access the latest patches).  My biggest gripe is the mechanism Microsoft is using to perform its patching, and how this mechanism might be used by the software giant in the future.

 

On another note pertaining to Microsoft and their updates, Microsoft patched four vulnerabilities this month, but you’re still not entirely safe.

 

There’s a dangerous unpatched vulnerability, and the bad guys are actively exploiting it.  Until Microsoft releases a fix for the severe vulnerability involving Visual Basic, guard your systems against files that have a .vbp (Visual Basic Project) extension.

 

We considered putting a server-wide block on incoming email that contained a .vbp file attachment, but taking that step would keep you from running any legitimate VB projects.  So instead, I’m just sending you a MAJOR CAUTION FLAG to NOT open any attachments that may find their way to your in-box that has a .vbp extension unless you are absolutely, positively, without any shadow of a doubt, sure of who sent it to you, and that whomever sent it is free of any infections in their Visual Basic programming.

 

Finally… some readers last week expressed concerns about the recommended resource I referred you to (Secunia) to scan your system for outdated files, wondering about it’s safety.  Let me emphasize, the scan is safe, it is free, and can take you a couple of steps further along in the “Protect Your PC and Data at All Costs” goal.

 

Since their privacy policy seems to be hidden on their site, I did a little digging and found it (for those who even care)… and it can be found here:

https://psi.secunia.com/?page=privacy

 

If you had problems running the scan on your system for some reason (a few select users apparently encountered errors), it may be due to you either having major system files out of date, cookies disabled, or a couple of other things that I am not going to get in to in this post.  My only suggestion is, try it again, and also sign up for their software update reminder service.  It too is free, and they will not spam you or sell your address to any third parties.

 

I ran my system through their scanners again yesterday, (only a week after updating everything the first time) and found two more outdated applications that need to be updated to prevent vulnerabilities.  So again, I encourage you to bookmark their site, and make it a weekly part of your PC Maintenance to scan your system for outdated applications.

http://secunia.com/software_inspector/

 

That’s it for today!  Be safe, and have a great weekend.

 

Ed

Unpatched Software Could Be Hazordous to Your Wealth

Keeping your computer safe from security flaws is important, but many people haven’t patched their media players and other run-time software: Java, Flash, QuickTime, Adobe Reader, and RealPlayer.  This exposes you to infected media files.

 

Here is a service that scans PCs for applications that lack available security patches.  I highly recommend you run this test on all of your computers.

 

Secunia.com provides you with aggregate counts of the number of products installed and the percentage that are unpatched.
http://secunia.com/software_inspector/

 

I ran the full system scan on my computer and found 2 of 11 of my applications were not up to date.  You should run this on your machine to make sure you don’t have applications running that may be vulnerable to security or attack.

 

When you get to the main page, just click on Start Now.  You’ll be asked if you want to enable the Inspector to search for software installed in non-default locations.  Since it’s the first time running this… I’d recommend you check the little box and just let it scan your entire computer and external devices attached.  On my system with two external hard drives and a ton of files and software, it took about 15 minutes to complete the entire computer scan.  Just grab your favorite beverage and let Secunia do it’s thing.

 

Once finished, it will show you how many of your applications are NOT up to date…and a link to get them updated.  After doing any recommended updates, there will be an option to allow Secunia to notify you upon any releases or updates being available to you.  Go ahead and sign up for the automatic email notifications.  That way… you don’t forget to perform this system-wide scan (at least monthly) for any recommended updates.

 

If you have to update any applications, be sure to do a system re-start to enable those applications to fully install the updates and remove any vulnerable versions that may still be sitting on your hard drives.

 

 

CAUTION! Do Not Open These!

CAUTION:  DO NOT OPEN THESE!

 

If you get an email with the subject line:

 

Spyware Alert!,  Virus Alert!,  Worm Detected!, Trojan Alert!,  or some other warning notice of similar subject content, DELETE IT IMMEDIATELY and DO NOT Click the link in the email that recommends you to install a patch!

 

Here is what the email looks like:

===================================================

 

Dear Customer,

Our robot has detected an abnormal activity from your IP adress
on sending e-mails. Probably it is connected with the last epidemic
of a worm which does not have official patches at the moment.

We recommend you to install this patch to remove worm files
and stop email sending, otherwise your account will be blocked.

Customer Support Center Robot

 

======================================================

 

These emails could also be signed as “Support Team Robot”, “Postmaster”, “Abuse Team”, or any other signature that tries to make you think it was sent from someone in authority.

 

These are NOT coming from me.  Hopefully you already know this game well enough by now to know I would NEVER EVER send you an email notice like this.

 

So even if you THINK I sent you something of this nature…. think again.  I would never send you an update link embedded in an email… ESPECIALLY something like this.

 

Be diligent and cautious in opening ANY suspicious looking email right now.  There are a TON of bogus and spam/virus related email schemes circulating around the world right now.

 

Have a safe surfing day!!

 

ED
 

Greeting Cards

Hope everyone had a wonderful and safe 4th, and you’re going “Easy on the 5th”. 😉

 

I also hope that no one has been living in a closet to not know that the most prolific spam and virus monster to travel the Internet in quite some time is making it’s rounds disguised as a “Greeting Card from a Friend”…etc.

 

Here is a MODIFIED example of one of these email’s that LOOKS real… but careful analysis would tell you otherwise!  DO NOT click on the link in this example… just MOUSE OVER IT!
==========================================

 

Hi. School mate has sent you a postcard.

 

See your card as often as you wish during the next 15 days.

 

SEEING YOUR CARD
If your email software creates links to Web pages, click on your card’s direct www address below while you are connected to the Internet:

http://75.66.76.94/?c3a9ebeed435601e5ee71

Or copy and paste it into your browser’s “Location” box (where Internet addresses go).
  

PRIVACY
BlueMountain.Com honors your privacy. Our home page and Card Pick Up have links to our Privacy Policy.

 

TERMS OF USE
By accessing your card you agree we have no liability. If you don’t know the person sending the card or don’t wish to see the card, please disregard this Announcement.
We hope you enjoy your awesome card.

 

Wishing you the best,

 

Postmaster,

BlueMountain.Com

 

=============================================

Looks pretty legitimate, huh?  When you see only an IP address, this is a DEAD GIVEAWAY that a site is fake!  The legit BlueMountain.com website would NEVER do this.  NEVER!

 

This is exactly why I do NOT open even legitimate online Greeting Cards.  Those things are dangerous.. and now.. my long time preaching about why NOT to send electronic greeting cards to anyone is coming true!!

 

If you have opened even ONE online greeting card in the past month… I STRONGLY suggest you do a COMPLETE virus scan of your system and files.  One client called me this morning in complete distress over opening a greeting card he thought his daughter had sent him, only to find out it was a virus laden spoofed greeting card, and he just about lost his entire system!!

 

Folks…  be smart.  Stay the heck away from those things.. and DO NOT OPEN (or SEND anyone) an online greeting card, or a link from anyone saying they had sent you an online greeting card.

 

You have been warned!

 

Have a great Thursday!
Ed