CEBUG February 2014 Notes
I was going to combine some new information since the last CEBUG meeting with my notes from the last CEBUG meeting. However, I decided that the new information was significant enough that it probably should be presented in its own article. Hence, this document only covers what I discussed in the February 2014 CEBUG meeting.
Microsoft Security Essentials (MSE) for XP (a free download from Microsoft) was originally going to be killed as of April 8th of this year. Security definitions that are updated daily (at least) were also to stop on that day. However, Microsoft has backed off that policy and has extended offering the MSE software and definition updates until July 2015. MSE is a low-end security scanner that is admittedly not capable of catching all viruses and malware out in the wild. The best advice I can give to people is to go with a third party antivirus/antimalware vendor who will support XP after April 8th.
XP Mode which is found in Windows 7 will continue to work, but no patches will be released for it. XP Mode is a virtualized version of XP which was offered to Windows 7 users to run software that would not run under Windows 7. My experience with different software revealed that older accounting software and computer tools that ran in XP would not run in Windows 7. Hence XP Mode was a very good solution for problems of this kind. Frankly, XP Mode was a smart move by Microsoft, but unfortunately, they didn’t continue offering XP Mode with Windows 8. I suggest that anyone who is running Windows 8.x get a copy of Oracle Virtualbox and create virtual machines running XP for this purpose. Virtualbox can be found at https://virtualbox.org/wiki/Downloads
A question has come up about new XP installs and if they still have to be activated if done after April 8th. The answer is yes: XP can and must still be activated. However there will be no support offered by Microsoft if you run into problems.
Microsoft will still be able to silently reach into Windows XP PCs for more than a year after it stops patching the operating system to clean malware-infected machines, sources close to the company confirmed. The Malicious Software Removal Tool (MSRT) will continue to be updated and deployed via Windows Update through July 14, 2015, 15 months after Microsoft serves its final public security patches for XP on April 8th. By extending the life of the MSRT -- and more importantly, automatically running it each month -- Microsoft will be able to clean some PCs if massive malware outbreaks hit Windows XP after it's retired from support.
XP market share has jumped up a fraction despite looming update cutoff. Market share is determined by the numbers of computers running different operating systems onto certain sites on the Internet. While the numbers of XP machines has dropped in the past year, it appears that the drop bottomed out at 29% and remained there for several months. Recently, however, the number of XP machines has climbed back over 31%. My guess is that the increase is due to XP machines that were kept off networks such as we do in our company, and only put them back on for specific purposes such as updating machines, or running specific software.
Microsoft has renamed SkyDrive to OneDrive because of a lawsuit with the British firm sky Corp.
Microsoft has a new CEO with Satya Nadella replacing Steve Ballmer. Bill Gates has rejoined Microsoft as a technical advisor. Gates is no longer board chairman and Ballmer remains on the board. John Thompson formerly of IBM and Symantec takes over as board chairman. The sentiment is that there will be no major chances at Microsoft as a result of the management change.
The first wide-scale hack that involved television sets and at least one refrigerator has been observed. This is the first home appliance 'botnet' and the first cyber-attack from the Internet of Things, a buzz phrase which now includes all the devices that connect to the internet and talk to the manufacturers of different products. In this case, hackers broke into more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions, and at least one refrigerator. The devices were then used to send more than 750,000 malicious emails to enterprises and individuals worldwide
The Target breach over the holidays now includes Michaels stores in addition to Marcus-Neiman. There are at least five other retail firms across the United States and Canada which were affected by this breach. It appears that the breach involved at least a two pronged attack; one by installing scanners on exposed cash registers and the other by corporate passwords given to an HVAC vendor for remote control purposes. Hitting close to home, we were contacted by Target for credit monitoring purposes. It appeared that even though we did not purchase anything from Target during the holiday season, the breach was wide enough that personal information that Target keeps on file about its customers was also accessed.
Bit torrent throttling increases as does the throttling of Netflix and Google. A recent net neutrality case that was determined in favor of Verizon suggests that the major ISPs will throttle most Internet traffic in deference to their own traffic. In order to offer increased speeds to companies like Google and Netflix, the ISPs are putting pressure on high volume content providers and possibly even their customers for higher prices. The FTC which lost the case is working on other solutions to this issue. One thing to note is that I have been receiving comments from different friends and customers that their Internet speeds have been dropping lately. That might be the result of the rather cold weather we’ve been having being that people appear to have nothing else better to do than access the Internet, but it’s something to keep an eye on.
An Adobe flash update is now available and is rated as critical.
Radio Shack which ran a commercials during the Super Bowl about remodeling their stores, will also be closing close to 500 of them. When I last checked, there was no list of what stores would be closing. As part of the discussion during the meeting this month, it was mentioned that Radio Shack, which some of us use for particular parts like fans, diodes, etc., has been removing that kind of merchandise in favor of cell phones, electronic toys, etc. The website is still offering electronic parts, but I am not aware of how long that will continue.
HP will begin charging for BIOS and firmware updates as of Feb 19th. Enterprise hardware (the ProLiant server line in particular) not covered under warranty or an extended warranty will not get access to this updates which formerly were free. HP has said that security updates would remain free. No mention was made about the rest of the hardware they sell. One thing to keep in mind is that while most enterprise products are installed, they are usually only touched for updates and adding new software programs for use in networks. If the operating system is changed, in most cases with HP, the firmware has to also be upgraded. Most large companies already have paid extended warranties in place. However smaller companies and hobbyists will not, and as expected, has drawn an uproar from the IT community. HP has claimed that BIOS and firmware updates are intellectual property and are considered as being pad for around the IT industry. However a check of this kind of policy shows that right now, HP is alone in instituting a policy of this type. While I don’t think this will hurt sales of HP servers at larger companies, small businesses and hobbyists will probably move away from HP servers.
Cryptolocker strikes again; a small law firm in South Carolina had all its documents encrypted as the result of being infected by Cryptolocker. The firm has its IT staff find a solution to decrypt its files which is one of the triggers to encrypt the files permanently and then waited too long to purchase the needed BitCoin ransom to unencrypt files. After the ransom was paid and the key was received, the firm found out the key did not work. The only solution that remains is to do good backups off the system and restore if infected. I saw just last evening were PCPitStop is claiming that they can detect Cryptolocker and stop it from infecting your machine. While I can’t speak to the accuracy of this claim, I have some serious reservations that their software can stop this attack in its tracks. Take good backups and then restoring if infected remains the best security practice for this kind of attacker.