PreparedPC
Your PC. Prepared for Anything.
August 11, 2009 – Next Microsoft Patch Tuesday, including 5 Critical Updates
Aug 8th
This “Microsoft Patch Tuesday” (incidentally, the latest a “Patch Tuesday” can occur because August, 2009 started on a Saturday) includes 9 updates, including 5 critical updates for Windows operating systems.
Most of the critical updates are related to the ATL (ATL or Active Template Library, which allows developers to write ActiveX controls). Windows users will want to be sure to install these updates to address this serious flaw.
Phony “Blue Screen of Death” Attempts to Scare You into Spending $39
Aug 4th
The same mean folks who brought us the rogue anti-spyware product “Winweb Security 2008” have developed another bogus “product” called SystemSecurity.
Their latest attempt trick is to you is by simulating a “blue screen of death” using a browser window. They place a DOS-like red alert box over the blue screen, giving you the option to “fix” your computer’s “security issues.”
Don’t fall for it! Check the screenshot from Sunbelt Software’s blog entry below. Clearly, this fake BSOD is displayed in a browser. It could be a little harder to detect if the browser was in kiosk (full-screen) mode, but pressing Ctrl+Alt+Delete should show you whether you’re truly experiencing an operating system crash, or a cleverly-designed scam attempt.
ht: Sunbelt Blog
Adobe Flash Player, AIR, Acrobat and Reader – Update Now
Aug 3rd
From Adobe’s recent security advisory, last updated on 31 July 2009:
A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.
Adobe is considering this a critical update, considering that an unpatched computer could be taken over.
To Patch
Check the “Solution” section of Adobe’s Security Bulletin for specific download links for updated versions Flash Player, AIR, Acrobat and Reader software.
NOTE 1: If you are using Internet Explorer AND another, plug-in based browser (such as Firefox or Opera), run the “About Flash” check for each browser.
NOTE 2: Internet Explorer users, if you upgrade the Flash Player, by default, you will be prompted to install the Google toolbar, bu you may uncheck this option.
jkDefrag is now MyDefrag — and now, even faster!
Jul 24th
MyDefrag version 4.1 is a hard disk defragmenter and optimizer. If it looks familiar, that’s because it was previously called jkDefrag, which we covered last year. Because it uses the same API (application programmer interface) built into Windows that Microsoft’s own Disk Defragmenter uses it is safe to use. Unlike Microsoft’s utility, MyDefrag works much more quickly.
One reason for MyDefrag’s effectiveness is that it moves files to the physical “start” of a hard drive. Accessing files from this area of a hard drive is up to 200% faster than from other areas.
Using MyDefrag
To get the most of out MyDefrag: More >
Vanish: Create Self-destructing Email and Posts
Jul 22nd
There is a lot of “space junk” (parts of old spacecraft, tools, etc.) currently orbiting the earth. Since it could be dangerous if any of these were to fall to earth, NASA handles this issue by actually keeping track of each piece floating out in space.
Similarly, there are a lot of things on the internet that have been “floating around” for years: email messages, Facebook wall posts, etc. Wouldn’t it be nice if there was some way to send or post these things, but have them disappear after a limited time?
University of Washington computer scientists have created a research prototype (read “use at your own risk”) called “Vanish” that is designed to give any data posted on the web a limited lifetime (at this point, 8 to 9 hours) before it becomes inacessible to anyone (including the person who posts the data).
To use Vanish, you’ll need to install both the Vanish system and the Firefox plugin, which requires Firefox 3 or better. Follow the steps here.
Once everything is installed, in Firefox, select the text you’d like to post for a limited time, right-click and choose the “Vanish” context-menu option. The Vanish software will create a PGP-like block of text which you can then send or post. Anyone who has access to this data (for example, an email recipient) who has the Vanish Firefox plug-in installed will be able to read the Vanish-encoded data during the 8- to 9-hour lifetime of the data. After that time, no one will be able to read the data.
Again, though Vanish is a research prototype, it is an interesting concept that data that normally would “live forever” in cyberspace would, in the words of the researchers themselves, “approximate the ephemeral nature of a phone call.” Keep an eye on Vanish. If it becomes a mature application, it could change the way we handle a certain part of our communications.
Bypass Windows and Linux Passwords with Kon-Boot
Jul 19th
There are as many utilities for bypassing Windows (and Linux) login passwords as there are legitimate reasons for doing so (you ARE only using your powers for good, right?).
Kon-Boot can help you to bypass a login password. It can be run from a boot CD, floppy, and (thanks to Irongeek), from a USB flash drive.
Need to help a friend (or yourself) to overcome a password-protected Windows or Linux computer? Check out Kon-Boot.
Time-saving Keyboard Shortcuts You Should Know
Mar 16th
One of the fastest ways to become more efficient with applications you use everyday is to learn keyboard shortcuts. Most people know Ctrl-C (copy text) and Ctrl-V (paste text), but there are dozens of other keyboard combinations that will help you to work faster.
Knowing keyboard shortcuts can get you out of difficult situations, as when the input device (i.e. the mouse) isn’t working. Or if you’re working on someone else’s computer, using keyboard shortcuts can allow you to quickly get things done.
MakeUseOf.com has put together 10 Essential Cheat Sheets to Download, which cover Firefox, Internet Explorer, Gmail, Google, Linus, Mac Os X and Thunderbird.
These cheat sheets can be downloaded after a free registration at MakeUseOf.com.
SpinRite 6.0 Might Make You a Hero
Jan 31st
SpinRite 6.0 from Gibson Research Corporation (GRC) is not new (released in 2004) nor is it free (USD$89), but it can fix hard disks (or even floppy disks!) that appear to be beyond recovery. Depending on the condition of the drive, SpinRite could recover files that could otherwise cost thousands of dollars if you were to hire a professional data recovery firm to do the job.
It works by interacting directly with the magnetic media, fixing problems that occur as a result of normal use. You boot your computer from a SpinRite CD or floppy disk, then follow the menu prompts to perform maintenance or data recovery.
Why Would I Use It for Myself?
SpinRite is a good preventive maintenance tool for your hard drives, basically any drive except the newer solid-state drives. GRC recommends running SpinRite every 2 to 3 months. If it detects any bad sectors on a drive, it marks those sectors so that the operating system will not use those areas of the hard drive. This can keep your drive healthy, and for Windows XP users, can minimize the possibility of a “Blue Screen of Death” (or for Vista users, the blacK Screen of Death).
How Can I Use It To Help Others?
We know you back up your own data regularly (you do, right?) but when you get a call from your not-so-computer-savvy friend telling you their computer won’t boot, the data-recovery SpinRite could save the day. If a hard drive suffers serious trauma (such as being dropped), the possibility of recovering the drive is low. But, if the computer does not boot because of one or more bad sectors, SpinRite could have your friend’s computer back up and running in hours.
A Personal Note
A dear friend of ours had a Toshiba laptop that worked fine–until it refused to boot. The local computer technicians gave her the bad news: the hard drive was dead. Our friend was sad that she had lost hundreds of digital photos of fond memories of her travels, and her engagement party. She bought a desktop computer, but kept the laptop drive in a drawer for more than a year. When she told us what had happened, we asked to borrow her hard drive. First, we plugged the drive into an external USB case and tried to access it by plugging it in to another computer. The drive made some really bad noises, and we couldn’t access it at all. This drive had some serious problems!
Next, we put the drive in a laptop, booted into SpinRite, and within 3 hours, SpinRite had repaired 8 bad sectors. We rebooted the laptop (without SpinRite), and it booted into Windows! It was still making bad noises, so we quickly copied off the “Documents and Settings” folders (which included all of the digital photos). The copying process went well at first, but when it reached 97%, the “time left” climbed from 5 minutes to more than 3 hours. Eventually, we saw a message telling us the drive could not be read. Maybe the drive has officially died, but it survived long enough to copy off the important files.
We burned the files that we copied to DVDs and look forward to surprising our friend with some long-lost memories.
Takeaway: SpinRite 6.0 is a utility that anyone can use to maintain their hard drives, and has proven itself many times as a data recovery tool.
It’s rare that we recommend software that actually costs money, but if it can recover business-critical data (or priceless memories, as in our friend’s case), $89 dollars can be well worth it. Consider adding SpinRite 6.0 to your computer rescue kit.
In-Session Phishing – Keep Your Guard Up!
Jan 15th
By now, most people know about phishing emails. You know, those messages made to look like they are from banks and other financial institutions, sent out in the hope that someone will click on the phony link and enter their username and password?
A recent threat to watch out for is called “in session phishing.” The research firm Trusteer recently published an advisory which warns against an exploit that could be used to trick you into giving away the user name and password for your web-based financial site.
How In Session Phishing Works
First, the financial website must be compromised. A hacker needs to upload their malicious code to the site’s server. Unfortunately, with the number of unpatched web servers, there is a real possibility that a website can be hacked.
The second part of the attack takes place as a customer accesses their financial institution’s site, logging on normally to a secure session. So far, so good. The problem happens when the computer user, still logged into that website, opens another tab, perhaps to visit another website. At that point, a JavaScript function, used by the most popular browsers to determine if the user is logged in, is called from the hacked website. If the browser responds “yes,” the browser displays a phony, but convincing “Your session for ABC Bank has timed out. Please enter your user name and password to continue” message. If the user enters their information, their user name and password can be stolen–bad news, indeed!
How Can I Protect Myself?
Besides the basics of keeping your computer patched with the latest updates, and keeping your antivirus software up-to-date, protect yourself by simply knowing whether you are still logged in to your financial website (or finish your business, then log out). This is the electronic equivalent of knowing whether someone is standing behind you at an ATM machine, watching you enter your PIN.
Stay vigilant so that you can stay ahead of the bad folks who hope to trick you out of your identity. Your online financial accounts may depend on it.
Photo: Vince Alongi
How to Recover from the Vista blacK Screen of Death (KSOD)
Jan 1st
Some users have been experiencing the Vista “blacK Screen of Death” (as opposed to the pre-Vista “Blue Screen of Death” where
after a reboot the Windows Vista PC boots up to a black screen with a white mouse cursor and nothing else ever loads (no logon screen, etc).
Turns out the problem is due to the Remote Procedure Call service running under the LocalSystem account rather than the NT AUTHORITY\Network Service account. (If that’s confusing, just know that the steps below can fix the problem in just a few minutes, instead of having to totally reinstall Windows Vista).
Logic IT Consulting lays out the step-by-step instructions here. If you get a distress call from someone describing the KSOD, grab your Vista install disc and these instructions–it just may save hours of recovery work.