Tag Archive for XP

| July 7, 2014
Comments Off on Conficker Worm – Still Alive

Conficker Worm – Still Alive

Conficker Worm - Still AliveAfter 6 years Conficker remains one of the top 3 malware that affects enterprises and small and medium businesses according to Trend Micro’s (TMICY) TrendLab. They say 45% of malware-related spam emails they detected were related to Conficker. Trend Micro attributes this to the fact that a number of companies are still using Microsoft’s (MSFT) Windows XP, which is susceptible to this threat.

6 years old Conficker

For those that don’t remember our old friend Conficker (Trend calls it DOWNAD) it can infect an entire network via a malicious URL, spam email, and removable drives. Larry Seltzer at ZDNet’s Zero Day blog recalls that Conficker was a big deal back in late 2008 and early 2009. The base vulnerability caused Microsoft to release an out-of-band update (MS08-067 “Vulnerability in Server Service Could Allow Remote Code Execution”) in October 2008. In addition, Conficker has its own domain generation algorithm that allows it to create randomly generated URLs.  It then connects to these created URLs to download files on the system.

Technically, Windows Vista and the beta of Windows 7, were vulnerable, but their default firewall configuration mitigated the threat. It was Windows XP that was really in danger. Mr. Seltzer says that despite Microsoft’s patch, everyone knew that a major worm event was coming. When it came it was big enough that a special industry group (Conficker Working Group) was formed to coordinate a response.

45% of malware related spam mails are delivered by machines infected by the Conficker wormDespite the unprecedented industry effort, Trend Micro observed that six years later (2014 Q2), more than 45% of malware-related spam mails are delivered by machines infected by the Conficker worm. Analysis by the AV firm of spam campaigns delivering FAREIT, MYTOB, and LOVGATE  payload in email attachments are attributed to Conficker infected machines.

Over 1.1 million IPs related to Conficker.

On Thursday, July 3 the Conficker Working Group detected +/- 1,131,799 unique IPs related to Conficker. Whatever the number,  it’s still a big number, for a 6-year old malware with a patch. Trend explains that the IPs use various ports and are randomly generated via the DGA ability of the malware. A number of machines are still infected by this threat and leveraged to send the spammed messages to further increase the number of infected systems.

rb-

With Microsoft ending the support for Windows XP this year, we can expect that systems with this OS will be infected by threats like Conficker for a long time to come. It is going to take years to work XP out of the system.

End Of Support Changes Little About Windows XP's Popularity

Even with an ancient OS, there are ways to prevent Conficker

  1. Upgrade – Kudos to MSFT, Windows 7 has been resilient so far
  2. Patch your systems
  3. Keep Anti-Malware up to date
  4. Stay away from shady places on the web
  5. Be wary of email attachments – Don’t open what you don’t know
  6. The Conficker Working Group has an easy way to check if your machine is infected with Conficker here
Related articles
  • Mobile malware: Past and current rends, prevention strategies (cloudentr.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| May 29, 2014
Comments Off on 70s Glitch Could Hit Every Computer On Earth

70s Glitch Could Hit Every Computer On Earth

70s Glitch Could Hit Every Computer On The PlanetRebecca Borison at the BusinessInsider asks who remembers the 1999 panic about the Y2K crisis. In 1999, Y2K looked as if it might derail modern life when computers because the glitch would reset computers to Jan 1. 1900, rather than Jan. 1, 2000, because computers only used two digits to represent a year in their internal clocks.

déjà vu all over againNow it déjà vu all over again, BI reports there’s a new, even bigger global software coding fiasco looming.  A huge amount of computer software could fail around the year 2038 because of issues with the way the code that runs them measures time.

Once again, just like with Y2K every single piece of software and computer code on the planet must now be checked and updated again. That is not a trivial task according to the author. In 2000, we bypassed the Y2K problem by recoding the software explains Ms. Borison. All the software — a fantastically laborious retrospective global software patch.

Disruption to the tech industry

Y2K problemAlthough Y2K was not a disaster, it was a massive disruption to the tech industry at the time. Virtually every company on the planet running any type of software had to find their specific Y2K issue and hire someone to fix it. Ultimately, Y2K caused ordinary people very few problems — but that’s only because there was a huge expenditure of time and resources within the tech business.

The 2038 problem will affect software that uses what’s called a signed 32-bit integer for storing time. The problem arises because 32-bit software can only measure a maximum value of 2,147,483,647 seconds. This is the biggest number you can represent using a 32-bit system.

time is represented as a signed 32-bit integerWhen a bunch of engineers developed the first UNIX computer operating system in the 1970s, they arbitrarily decided that time would be represented as a signed 32-bit integer (or number), and be measured as the number of milliseconds since 12:00:00 a.m. on January 1, 1970.

Glitch says it’s 1970 again

On January 19, 2038 — 2,147,483,647 seconds after January 1, 1970 — these computer programs will exceed the maximum value of time expressible by a 32-bit system using a base 2 binary counting system, and any software that hasn’t been fixed will then wrap back around to zero, thinking that it’s 1970 again.

UNIX time coding has since been incorporated widely into any software or hardware system that needs to measure time.

BI spoke with Jonathan Smith, a Computer and Information Science professor at the University of Pennsylvania for confirmation. The professor confirmed the Year 2038 is a real problem that will affect a specific subset of software that counts on a clock progressing positively. He elaborated:

Most UNIX-based systems use a 32-bit clock that starts at the arbitrary date of 1/1/1970, so adding 68 years gives you a risk of overflow at 2038 … Timers could stop working, scheduled reminders might not occur (e.g., calendar appointments), scheduled updates or backups might not occur, billing intervals might not be calculated correctly

The article concludes that we all need just to switch to higher bit values like 64 bits, which will give a higher maximum. In the last few years, more personal computers have made this shift, especially companies that have already needed to project time past 2038, like banks that need to deal with 30-year mortgages.

64 bitsApple (AAPL) claims that the iPhone 5S is the first 64-bit smartphone. But the 2038 problem applies to both hardware and software, so even if the 5S uses 64 bits, an alarm clock app on the phone needs to be updated as well. (If it’s using a 32-bit system in 2038 it will wake you up in 1970, so to speak.) So the issue is more of a logistical problem than a technical one.

HowStuffWorks reports that some platforms have different dooms-days.

  • IBM (IBM) PC hardware suffers from the Year 2116 problem. For a PC the beginning of time starts at January 1, 1980, and increments by seconds in an unsigned 32-bit integer in a way like UNIX time. By 2116, the integer overflows.
  • Hardware and softwareMicrosoft (MSFT) Windows NT uses a 64-bit integer to track time. However, it uses 100 nanoseconds as its increment and the beginning of time is January 1, 1601, so NT suffers from the Year 2184 problem.
  • On this page, Apple states that the Mac is okay out to the year 29,940!

rb-

The tech industry’s response to Y2K suggests that they will mostly ignore the 2038 issue until the very last minute when it becomes to ignore.  Another example of the pace of global software updates is that a majority of ATM cash machines were still running Windows XP, and thus vulnerable to hackers even though Microsoft discontinued the product in 2007.

Dont worryFortunately, the 2038 problem is somewhat easier to fix than the Y2K problem. Well-written programs can simply be recompiled with a new version of the C-library that uses 8-byte values for the storage format. This is possible because the C-library encapsulates the whole time activity with its own time types and functions (unlike most mainframe programs, which did not standardize their date formats or calculations). So the Year 2038 problem should not be nearly as hard to fix as the Y2K problem was.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| April 1, 2014
Comments Off on Limit Admin Rights to Close Microsoft Holes

Limit Admin Rights to Close Microsoft Holes

Limit Admin Rights to Close MSFT HolesIt’s been best practice for a very long time: all users and processes should run with the fewest privileges necessary. That means no Admin rights for users. This limits the damage that can be done by an attacker if the user or process is compromised.

Avecto logoZDNet says that running users without admin rights on Microsoft (MSFT) Windows XP was generally impractical. It is a much more reasonable and manageable approach on Windows Vista, Windows 7, and Windows 8, but many organizations still run users as administrators because it makes things easier in the short term.

Impact of running with “least privilege”

ZDNet cites a new study from UK software company Avecto which demonstrates the real-world impact of running with “least privilege”. In 2013, Microsoft released 106 security bulletins and updates to address the 333 vulnerabilities identified in them. 200 of the 333 total vulnerabilities would be mitigated if the user were not running as administrator. 147 of the vulnerabilities were designated critical; 92 percent (135) of these would be mitigated.

Dark Reading says that the Avecto results also revealed that removing admin rights would also mitigate:

  • running with "least privilege"91% critical vulnerabilities affecting Microsoft Office,
  • 96% of critical vulnerabilities affecting Windows operating systems,
  • 100% of vulnerabilities in Internet Explorer and
  • 100% of critical remote code execution vulnerabilities.

Breakdown of Microsoft V\vulnerability Impact in 2013

Avecto told ZDNet that non-administrator users can still be compromised, but it’s much less likely that they would be and, if they were, the impact would likely be greatly limited. Least privilege is most effective as part of a more comprehensive security architecture including the prompt application of updates to patch vulnerabilities.

Paul Kenyon, co-founder, and EVP of Avecto told Dark Reading, “This analysis focuses purely on known vulnerabilities, and cybercriminals will be quick to take advantage of bugs that are unknown to vendors. Defending against these unknown threats is difficult, but removing admin rights is the most effective way to do so.”

rb-

Employees with admin rights can install, modify and delete software and files as well as change system settings making more work for the help desk folks. The report demonstrates that many companies are still not fully aware of how many admin users they have and consequently face an unknown and unquantified security threat. It is also conceivable that privilege management would have made high-profile attacks such as the recent one on Target if not impossible then much harder, by reducing the potential for the abuse of partner access, believed to have been at the heart of the breach.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| October 12, 2013
Comments Off on Bye Bye Ballmer

Bye Bye Ballmer

Bye Bye BallmerThe next stop on the Farewell Steve tour takes up to Windows XP. The Verge reports that Steve Ballmer, who attended Lawrence Technological University in Southfield, MI before he moved on, had an hour-long town hall in the Microsoft (MSFT) HQ in Redmond to bid the MSFT worker bees adieu. At one point The Verge says an emotional Ballmer paused to “enjoy this for a minute,” with tears visibly streaming down his face. He told the audience “You work for the greatest company in the world, soak it in.

Here is another chance to enjoy the moment in an ad with Steve Ballmer and Brian Valentine in a Crazy Eddie spoof hawking Windows XP. If you listen closely at about 1:40, it sounds like Valentine even says Windows XP is secure!

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| July 16, 2013
Comments Off on Windows 8 Passes Vista – Finally

Windows 8 Passes Vista – Finally

Windows 8 Passes Vista - FinallyThere must be some happiness in Redmond. Microsoft’s Windows 8 is finally more popular than the reviled Windows Vista. Windows 8 has been available since August 2012, which means it took Microsoft‘s (MSFT) latest operating system nearly 11 months to surpass the highly unpopular Windows Vista.

Windows 8 logoPCWorld cites data from Net Applications’ NetMarketshare tracker, which found that Windows 8 captured a whopping 5.10 percent of all desktop systems the firm tracks for the month of June. Vista’s market share now stands at 4.62 percent. Of course, both will need a few months (or years) before they pass Windows XP and Windows 7, both of which dipped about half a percentage point’s worth of share to finish the month with 44.37 percent and 37.17 percent, respectively.

Windows 8 takes the keadNetApplications

Both Windows 7 and Windows XP’s sales are on the wane, Net Applications says, but it will be several years before Windows 8 passes them by. The article reports new momentum for Windows 8, which has struggled to lift its head above both third-party operating systems, as well as its own rivals in the Microsoft nest.

Waiting a long timeMicrosoft’s Windows 8 passed Apple’s (AAPL) Mac OS X 10.8 in February 2013. PCWorld calculates that if Windows 8 continues to increase its share at its current pace of about 0.5 percentage points per month—and if Windows XP continues to decline at about the same rate—Microsoft would need roughly 32 months, or until about February 2016, for Windows 8 to pass Windows XP.

The author also reports that analytics firm StatCounter showed similar results in June 2013, from its worldwide measurements of browser data which confirms that Windows 8 has increased its market share over Windows Vista. StatCounter said that Windows 8 captured 6.44 percent of all PCs, versus 5.94 percent at the beginning of June. StatCounter said, however, that the versions of Mac OS X combined, at 8.52 percent, were still higher than Windows 8.

rb-

The good news for most in Redmond (except those who were recently re-org’d) is that Windows 8 has finally gained more ground than Vista on desktops. Back in 2006, Vista had the same problem Windows 8 now has, but for different reasons. Windows Vista just did not work and now Windows 8 is confusing to consumers who don’t know what to do with the “Modern” touchscreen interface on their mouse-based systems.

MSFT joins the "post-pc era"MSFT might be trying to kill the desktop to join the “post-pc era” with the Metro apps in favor of touch tablets, laptops, and phones it has not worked out really well so far. To a degree, MSFT has caved in the pressure for a more traditional desktop experience with the recent free update to Windows 8.1 which restores some of the Start Button functionality.

Does it matter to you that it took Windows 8 nearly a year to become more popular than Vista?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
« Older Entries   Recent Entries »