The University of Massachusetts Amherst
Categories
Hotfix Security Virus/Malware

McAfee AntiVirus 8.7i Patch 4, Hotfix

Some potential issues have been identified with the current patched version of McAfee, which, among other things, can cause problems with sending mail via Thunderbird.

Here’s the Hotfix (Link at bottom)

Some discussion (McAfee Forum)

Categories
Mac OSX Operating System

Cool stuff on the OS X command line

Screen shots, software updates and more:

http://osxdaily.com/2006/11/22/ten-os-x-command-line-utilities-you-might-not-know-about/

Categories
Security Virus/Malware

Operation “Aurora”: Zero Day Exploit

Users of Microsoft Internet Explorer should be aware of a new zero-day exploit dubbed “Operation ‘Aurora'”. This exploit, which has been demonstrated effective in Internet Explorer 6, 7, and 8, allows a remote attacker to gain full control over a target computer.

Users who fall victim to this attack are usually the targets of “spear phishing” (a phishing attacked directed to a specific person or group of people.) They receive a link from someone (e.g. over IM, e-mail) and are directed to a website with specially crafted Javascript code. At this point, if the person being attacked is using Internet Explorer, the code causes a moment of confusion that allows the attacker to inject arbitrary code into the target system. In the worst case, this allows the attacker to take full control over the exploited computer. The entire process can be viewed below thanks to the crew at the security blog Praetorian Prefect. They have a great explanation of the exploit here and a video here.

OIT Software Support recommends that users of Internet Explorer switch to another web browser for the time being. A list of supported browsers can be found here on our website. Follow the link for your operating system.

As always, make sure to update your operating system often. Directions for that process can be found here.

Categories
Operating System Security Software Virus/Malware

Virus Prevention

As a general rule of thumb, there are some things that are good to do to keep your computer running its best.

  1. Keep everything up to date!
  2. Don’t click links you’re unsure about.
  3. Don’t visit questionable websites.
  4. Run an anti-virus program.
  5. Scan with an anti-virus program and an anti-spyware program at least once a month.

Keeping programs up to date is one of the easiest ways to prevent a Virus or Spyware infection. Windows XP, Vista, and Mac OS X will all prompt you to install updates if you have it configured to do so. It is configured as such by default.

As for updating all the other programs installed, we use a program called Secunia PSI. It scans your computer for all the programs installed that it has in its database. It then checks it against the current versions of those programs and provides you with links to where to download updates. You can download it here. It’s an amazing tool to know what to update.

As a general rule, you should keep your Operating System (XP, Vista, OSX) as well as Java and Adobe Flash Player up to date. Those are the most common ways viruses and spyware can gain access to your computer.

As a rule of thumb, don’t click on links to suspicious websites. In many programs, you can mouse over the link to see the HTTP address. Just remember to air on the side of caution.

Don’t go to suspicious sites.  If you’re not sure about the site, try searching Google for it.  If a lot of hits come up like “Spyware, removal of spyware, virus related” etc, don’t go to that site.  Also, if you had gotten a virus in the past from a questionable website, don’t go to that website again.

Run an anti-virus program.  This should be really easy for people affiliated with UMass.  UMass has a site license for McAfee Enterprise Virus Scan.  You can get it on the OIT website here.  If you have an older version of McAfee Enterprise Virus Scan installed, uninstall it first.  It might cause weird errors to occur if installing just over the older version.  Also, if you have any other anti-virus programs installed, you should only have one installed.  You shouldn’t have more that one anti-virus program installed, as they tend to fight each other and slow everything down.  Uninstall all but one anti-virus program.

The last way to protect yourself is to run full scans with your anti-virus and anti-spyware software once per month, whether you think you need it or not.  Think of it like an oil change for your car.  It cleans out all the sludge that may build up, whether you see it or not.  If you have the version of McAfee Enterprise Virus Scan distributed from the OIT site mentioned above, McAfee will update itself every day, and run a full scan in the background once a week.  You should also run a full scan once a month with your anti-spyware software of your choice.  We use Spybot Search and Destroy, which can be found here.

Categories
Security Windows

I Hate Change or: the Dangers of Getting Attached to Applications and Operating Systems

Change can be difficult. When you’ve invested time and energy in learning something new, especially something as complicated as an operating system (e.g. Windows 98, Windows XP, Mac OS 9), it can be quite frustrating to be told that you should upgrade to something new. Waiting a little while to perform upgrades is actually a good idea. As any early adopter of Windows Vista can tell you, making the switch from Windows XP was extremely painful because there were many kinks to work out of Vista. However, with a few years under its belt, Vista is, arguably, a more secure operating system.

Of course, many users still prefer Windows XP, which is okay, but users need to stay extra vigilant. Hanging on to an older application or operating is fine until the developer stops supporting it and providing updates. This is the case with operating systems such as Windows 98 and Mac OS 9. When, this happens it is important to upgrade! This means switching to any new version of an application or operating system. For example, an upgrade from Windows 2000 could be any version of Windows XP or any version of Windows Vista. An upgrade for Adobe Acrobat Reader would be from Version 8 to Version 9. Upgrades often add new features to software

Updates are different from upgrades in that they work to fix existing problems in software. They are important because they help keep your application or operating system secure. When you apply updates to Windows or Mac OS X, you are improving the security and stability of your computer. Here are some advantages of performing updates:

  1. Bug Fixes: No one is perfect. When a programmer develops an application and distributes it to users, there are often “bugs” waiting to be found. Bugs are simply unexpected situations that cause programs to crash or malfunction. Programs are not smart. They do what they are programmed to do and handle situations that they are programmed to handle. Programmers try to think about all the sorts of things that could go wrong when an application is running in the real world by giving users error messages or warnings. (e.g. If a program asks a user for a date in the format MM/DD/YYYY and the user types in YYYY/MM/DD, the program will ask the user to type the information in correctly.) However, sometimes there are problems which programmers don’t consider. When an application runs into these situations, it could crash, malfunction (i.e. appear to be working correctly, but really processing information incorrectly. This is especially dangerous because users don’t know that something has gone wrong!) Updates often fix these “bugs.”
  2. Security: Bugs can leave your operating system or application open to attack. A bug can be exploited by a virus or an attacker to do bad things to your files or even turn your computer into a zombie computer! Zombie computers can be used to attack other computers, send out spam messages, and even delete or ransom your files.
  3. Improvements: Many developers like getting user input. When they come out with a new version or update for a program, they often add new features which will make the program more useful or usable.

The main reasons to perform upgrades are:

  1. To take advantage of new features. Upgrades often change how existing features work or offer new features altogether.
  2. Your current application / operating system is no longer supported. When your program or operating system is no longer supported by the developer, they will no longer patch the program to ensure that it remains secure. When this happens, it’s important to take the step to upgrade to a supported version of the application or operating system.

The moral of the story is: keep yourself up-to-date to keep yourself sane and your computer secure. OIT Software Support suggests that you use a program called Secunia PSI if you run Windows. Secunia PSI will scan all the programs on your computer and will tell you which ones are out-of-date. It will then show you what to do to update them.

As always, if you have any questions, please call OIT Help Services at 413.545.9400.

Categories
Hotfix Security Software Virus/Malware

PDF Threat!

According to a recent Tech-news-media-blits, Adobe has pushed out a highly critical security update to its Adobe Reader and Acrobat software. The update fixes a highly critical flaw in which code imbedded into a PDF file will be automatically executed.

I have never been a huge fan of Adobe Reader’s excessively long load times and browser instabilities. I have been a longtime user of Foxit Software’s Foxit Reader. Foxit Reader is a much smaller and lighter PDF reader but it does not support all of the latest functionality that is implemented in the newest versions by Adobe. Furthermore, it was also vulnerable to the same recent threats, although Foxit Software was much faster to respond to the threat.

Disclaimer: Foxit Reader is 3rd party software and although it is recommended by this consultant, it is not supported by OIT.

However, this is not the first time that Adobe has needed to fix it’s code, which is another reason to use Foxit Reader.

We recommend to all our users to upgrade to the latest version of Adobe Reader and/or Foxit Reader immediately.

But as of now there is no evidence that any malicious code or trojan has been written to take advantage of the security hole.

Details about the vulnerability and proof-of-concept videos can be found here for the inquiring minds.

Categories
Security Virus/Malware

Arrrr! Piracy be Dangerous!

Its a trap!
Admiral Ackbar is wary of pirated copies of software.

I was reading my RSS feed for Slashdot and I came across this article. This is a great example for why piracy is dangerous. Mac users who get copies of iWork ’09 from the Internet can get a trojan virus. That’s right! While Mac OS X is generally safe against viruses, most programs require that you type in your username and password to install them. As soon as you do this, you are granting the program administrative access to your system! If the program contains a virus, you are giving it free reign.

It’s important to trust the place that you get your software. Make sure that you download software from the maker’s official website or an authorized mirror. That is to say, if you want to get a program like Firefox, you should go to http://www.mozilla.com or http://www.getfirefox.com — not some random website from Google.

Arrr! Be wary, mateys! Sometimes the booty be trapped! If you believe that you have a virus on your computer, contact OIT Help Services for assistance.

(Neither the Office of Information Technologies nor the University of Massachusetts Amherst condone the piracy of copyrighted material. For more information on copyright infringement, please visit this link.)

Instructions for removing the infected iWork package (from MacRumors):

Solution 1: This is the easiest and safest way for users to remove this Trojan. It is a small utility that has been created by the makers of MacScan AntiVirus software for Mac users. Please note that this is not officially supported by OIT Help Services and we cannot guarantee its effectiveness.

http://macscan.securemac.com/files/iWorkServicesTrojanRemovalTool.dmg

Solution 2:

Note: BE VERY, VERY CAREFUL. Typing in these commands incorrectly can delete large swaths of information from your hard drive. Use the following solution at your own risk. We recommend that you try Solution 1 first!

1) (open Terminal.app)
2) sudo -i (enter password)
3) rm -rf /System/Library/StartupItems/iWorkServices
4) rm -f /private/tmp/.iWorkServices
5) rm -f /usr/bin/iWorkServices
6) rm -rf /Library/Receipts/iWorkServices.pkg
7) killall -9 iWorkServices

Categories
Security

The Importance of Updates: A Parable

When I assist clients at our front desk, I try to explain the importance of updating operating systems (e.g. Microsoft Windows, Mac OS X, Linux.) Many clients don’t realize that updates are vital to the continued security of computers; you can’t just ignore them. So, to explain what they do, I came up with a fun analogy.

Your computer is like a medieval city with a great wall. The people who designed your city (programmers) want to protect it from from barbarian invasions (virus and malware attacks.)  When they built your city, they erected a giant wall around it for protection (a firewall.) When you started to rule it, you hired a bunch of guards ( you installed anti-virus software.) However, the architects weren’t perfect; there are many small holes in your wall and forgotten tunnels into the city (security holes.) As the architects inspect the city over time, they find these holes and tunnels. Engineers are dispatched around to patch up these holes (Windows Updates) so as to keep your city safe.

The moral of the story: lest the barbarians break in, kill all your guards, and then use your city to attack others, make sure that you install software updates!

Sometimes, you forget to patch the holes in your city or the barbarians find them first. When this happens, you can come to OIT Software Support. Like knights in shining armour, we will happily drive out the barbarians (remove viruses), restore order (fix the problems they created), and give you new and free guards (McAfee AntiVirus.) We’ll also give you advice on how to prevent future invasions; the barbarians are clever.

While all software should be updated, it can be difficult to keep track of it all. There is a program called Secunia PSI. This program will check just about every program on your computer to ensure that it is up-to-date.

If you don’t wish to install Secunia PSI, the most important things to keep updated are the following:

As always, feel free to contact OIT Help Services if you have any questions!

Categories
Hotfix Operating System Security Software Virus/Malware

“Conficker Worm Could Create World’s Biggest Botnet”

I saw this article on Slashdot today and wanted to warn everyone out there. Nine million infected computers running Microsoft systems is an incredible amount of machines compromised.

Make sure your McAfee Enterprise is up to date and your Windows machine has installed all the latest updates!

As the article states, the worm propagates through un-patched Windows systems and through USB thumb-drives. This means that having a secure system or up-to-date virus protection is NOT ENOUGH! You need a combination of both. This is good computer usage in practice anyway, but we see an incredible amount of un-patched XP and Vista systems come in with virus infections.

What you see when an infected USB-drive is plugged-in
What you see when an infected USB-drive is plugged-in
The above image shows what happens when you plug-in an infected USB-stick into a machine. Notice the “Publisher not Specified,” text in gray under the open option? That should be your first clue right there. Do NOT click on this, as this will launch the virus and infect your computer.

It’s just that little yellow icon in your system tray, that little place with icons by the time in the bottom left. Click – Express Install – Done. It’s really that simple.

For those that are interested, the Microsoft Security Bulletin can be read here.

Categories
Operating System Windows

The Blue Screen of Death ( BSOD ) in Windows

A Blue Screen of Death - From the Wikimedia Commons
A Blue Screen of Death - From the Wikimedia Commons

You will see a distinct look of fear in the eyes of anyone who has used Microsoft Windows when you mention a ‘BSOD’ or ‘Blue Screen of Death’. Sometimes they occur a single time and then go away, but other times they will recur every time that you restart the computer.

When this happens to you, there are a few things to try:

  • If your computer restarts in an endless loop and you can’t tell why, hit the F8 key repeatedly, about once a second, just as the computer starts to reboot.
  • You will get a menu that looks something like this:
The Safe Mode selection screen for Windows Vista
The Safe Mode selection screen for Windows Vista
  • Select the option entitled, “Disable automatic restart on system failure.”
  • Next time that you get the BSOD, it won’t restart automatically and you can then acquire useful information for troubleshooting the problem.
  • When you get the BSOD, copy down the complete STOP CODE which is formatted like so:
    • STOP: 0x00000000 (0x00000000, 0x00000000, 0x00000000, 0x00000000)
  • The first set of numbers (in blue) can be entered into Google or the Microsoft Knowledge Base.

You can then sometimes get useful information for fixing the problem. If nothing else, copy down the error numbers to bring to OIT Software Support. Other useful information includes the hardware (e.g. mouse, monitor, printers, scanners, USB devices) attached to the computer and the programs you remember running. The more contextual information we have, the easier it will be to solve a problem!

Categories
Operating System Virus/Malware Windows

How to delete the Windows Antivirus virus

If you have seen this screen then you know what virus I am referring to.

Here in Software Support, we use a program called ComboFix that you can download yourself by clicking here. This software will clean up most instances of this known type of virus called “Smitfraud,” and will generally leave your system much more operable than before. Recently, the number of outbreaks of this virus and ones like it have become staggering.

This software changes daily and must be downloaded every time it is run! The best way to do this is to download it on a computer that is clean and copy it over onto a USB pen drive.

Usually at Software Support there is a lull in the middle of the semester, but last fall the amount of traffic into SWS was something that I have never seen in my four years of working here.

If you feel that your computer is not running correctly, or if you think that the error messages that are popping up are not from your normally installed anti-virus or anti-spyware software, this should be your first step in alleviating the problem.

Of course, if you are having issues running the software or are not comfortable doing this, you can bring the computer in and we will run it for you.

Categories
Microsoft Software

Microsoft Word 2007 hangs when switching documents

People come into Software Support frequently with complaints about MS Word being slow or unresponsive.  I have noticed that MS Word add-ins are often to blame for these performance issues, especially by introducing a delay before starting Word or switching from one document to another.  Most of these users have multiple Word add-ins (whether they are aware of the fact or not) and so here is a very quick guide to check to see if add-ins are your issue.

The general idea is to disable add-ins and check to see if disabling a certain add-in made word significantly more responsive.  If it did, then either look into updating it or keeping it disabled if you don’t use it.  The steps for disabling an Add-in are follow:

1) Go to the Office menu, then select Word Options

2) Go to Add-Ins and take a look at the Active Application Add-ins.  Often an Adobe product will be in this list and it is often this entry that is the issue.  Select the Add-in you want to disable and press Go…

3) Deselect an Add-in (uncheck the box next to it) and hit OK.  Sometimes you’ll get the following error:

If you get this error and are running Windows Vista, close Word, navigate to C:/Program Files/Microsoft Office/Office12/ and right click on WINWORD.EXE.  Select Run as Administrator and follow the above steps again.

Categories
Virus/Malware

AIM Viruses

Many users are curious as to how their systems are infected with viruses. While there are many different ways that this can happen, one common method is via something called an AIM virus. Sent as messages over AIM or other instant messaging clients (e.g. MSN Messenger, AIM, GTalk), users receive an instant message saying something like, “Check out these pictures of you I found on Facebook (Myspace, Flickr, etc.)” When a user clicks on the link, their computer is infected with a virus which subsequently sends similar messages to all the buddies on their contact list. Currently, only Windows users are affected by AIM viruses, but all users should be wary of links that they receive.

It is important to double check with friends who send you links over AIM. You can always send a message back saying, “Hey! Did you just send me a link about pictures on Facebook? I know that viruses can look like links from people on my buddy list.” If you are unsure, it’s best to discard the link.

Getting an AIM virus can slow down your computer dramatically. Additionally, if OIT detects that your computer is trying to infect others, you may lose your Internet connection until the virus is removed. Depending on the virus that infects your computer, it is possible to get other infections.

To remove an AIM virus, you can try a fantastic little program called AIMFix, a tool developed by Jay Loden. However, in some cases, the infection may have advanced to such a point where AIMFix will not be able to remove all the viruses. Members of the UMass community can download and install McAfee Virusscan Enterprise for free from the OIT website. Just make sure that you uninstall any other antivirus programs that you have (e.g. Norton Internet Security, McAfee Security Center, AVG, Trend Micro); multiple antivirus programs can conflict and slow down your computer. If this doesn’t help or you have other questions, you can always call OIT for more assistance.