My Small Business Consultants

Here is a quick update on an Out of Band Security Update.  Most of you know that Microsoft does a monthly update on the Second Tuesday of the month.  This is great and we can plan on the updates and sometimes necessary reboots.  Yesterday, Microsoft issued an Out of Band Update, meaning this release was so important that it could not wait even one week for the regurlar updates.  Many woke up to rebooted computers today, or will experience an install and reboot today.  This update is very important.  It fixes a problem with how shortcuts are handled on your computer.  Shortcuts are those icons with the small arrow, programs listed in your startup menu or other quick access toolbar icons.  Windows uses shortcuts all over to make things easier for you to interact with your computer.  

Here is a quick summary of what is wrong.  There is a way to craft a shortcut to cause your computer to run a different program, even when the shortcut is displayed.  There is no interaction with the shortcut needed.  Here is an example of how this can be used.  A melicious programmer takes over a website that you visit.  When you open the website, it downloads a program and shortcut without your knowledge.  You close your browser and Windows refreshes your desktop icons.  You notice a new icon on your desktop.  At this point, it is too late.  The display of that icon has triggered a new program and has infected your computer.  This is just one example of how this vunerability can be used.

For more detailed information about this update you can visit the Microsoft Security  Bulletin at this web address: http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx

If you have any additional questions, please feel free to contact me.

Following are a few links to articles from Microsoft on how to protect your computer. 

What is a Popup?

http://www.microsoft.com/protect/terms/popup.aspx

How to choose a firewall:

http://www.microsoft.com/security/firewalls/choosing.aspx

Click Fraud – Do you really trust the button on that website?

http://blogs.msdn.com/b/securitytipstalk/archive/2010/07/08/click-fraud-cybercriminals-want-you-to-like-it.aspx

Can you tell if that email is a scam?

http://blogs.msdn.com/b/securitytipstalk/archive/2010/06/24/can-you-spot-the-6-signs-of-a-scam.aspx

I found these two articles from Microsoft about donating or recycling your old computers.  As some of you know, I am the director of a Computer Refurbishing Program and believe that we should all recycle as much as possible.

This first article is about what should be removed from your computer before donating/recycling it.

http://www.microsoft.com/protect/yourself/personal/oldpc.mspx

If you would like instructions on how to wipe your harddrive, check out my podcast on this subject: http://sohotechpodcast.com/2008/05/18/stps-monday-night-tech-service-packs-dban-recorded-5122008/

If you still have questions or would like assistance cleaning your computer, please contact me deanjensen@mysmbc.com.

The second article contains tips for donating a computer. 

http://www.microsoft.com/Education/TenTips.mspx

The best part of the article is the link to TechSoup.  They have a great recycler search engine.  You can get to it directly here: http://www.techsoup.org/recycle/donate.

As always, if you have questions or comments please leave them via the comment link below.

I love it when companies produce lists like this one.  http://blogs.msdn.com/securitytipstalk/archive/2008/12/05/5-tips-for-a-safe-and-happy-holiday-shopping-season.aspx

I have a few issues with this list.  For the most part, its a good idea, but it is so microsoft focused that it misses the mark.

“1.      Use an updated Web browser. Internet Explorer 7 contains many new features, such as the Phishing Filter, to help you avoid identity theft when you shop online.”

While having up to date software is always a good idea, I am not sure that ie7 is the best browser for your needs.  IE is the most attacked browser and using it, are you exposing your self to those attacts?

“2.      Make sure you’re on the Web site that you think you’re on. If you use Internet Explorer 7 or higher, you get an extra level of protection with Extended Validation (EV) SSL (Secure Socket Layer) certificates. If your address bar turns green you’ll know that you’re not on a spoofed Web site. “

It’s my understanding that a website would have to purchase this level of certificate.  If a site does not purchase the certificate, then the address bar will not turn green.  You could still be safe.

“3.      Visit trusted sites or use a third-party payment service. Many online shops and auction sites will let you pay with third-party payment services, like PayPal. That way you don’t have to turn over your credit card information to an unknown person.”

This one I agree with.  Many credit cards will issue “one time use” numbers for online purchases.  Check with your credit card company.

“4.      Use strong passwords for online shopping retailers and keep your passwords secret.”

Again, I agree.  But if all those passwords are driving you crazy, check out a password vault program like keypass to store them all.

“5.      Buy only Genuine Microsoft software. Counterfeit software can corrupt your system, make you lose data, and can lead to identity theft. If Microsoft software is on your holiday gift list this season, you can help make sure you’re buying the real thing by reading the Guide to Purchasing Genuine Microsoft software.”

While this is always a good idea, I think Microsoft just wanted to push thier Genuine Software program.  I’m not sure that this would make my list of top 5 ways to shop safe.

If you have any comments, please click the comment link below.