Archive

Archive for November, 2009

Microsoft Releases “Drive-By Download” fix

November 11th, 2009 DJ Comments off
{This text was sent to all of our TechAlert subscribers.  To get these messages from us automatically, subscribe to the list here}

Good Morning,

We thought we would let you know that Microsoft has released updates marked as critical:

According to Computerworld – ” Microsoft today patched 15 vulnerabilities in Windows, Windows Server, Excel and Word, including one that will probably be exploited quickly by hackers. None affect Windows 7, the company’s newest operating system.”

Of primary importance is MS Security Bulletin MS09-065 which addresses a vulnerability in the core when using Internet Explorer.

This update is very important because it has the potential to bypass some anti-virus scanning mechanisms, and because it is a ‘drive-by’ download.  A ‘drive-by’ download is when a web server is compromised, typically without the website’s knowledge.  When you access a website a component can be downloaded automatically without your knowledge or consent, which can then be used thru this security hole to install other programs.  Typically we’ve seen this in our shop as ’spyware defender’ or ‘anti-virus’ products that will ask you to ‘update your subscription’ or guide you to a phony page to attempt to get you to buy a product that doesn’t really exist.

Defending against these attacks:

  1. Always run Microsoft updates, if possible automatically.  You can run updates manually right now by going to your Start Menu and finding “Microsoft Update” or “Windows Update” under Programs.
  2. Always run an up-to date anti-malware program.  We recommend and use AVG (free for home use) or the more complete and powerful Norton from Symantec.  Other programs such as McAfee, TrendMicro and Kapersky work as well, but be very careful about antivirus products that look too good to be true, or are very pushy about sales.  If you are in doubt- give us a call at 970-498-0808
  3. Consider using an alternate web browser if possible such as Mozilla Firefox or Google’s Chrome browser.  DJ has been using Firefox for 7 years without issues.
  4. Stay away from websites with higher incidents of malware- this includes Porn, Cracker sites, ‘free’ music download sites and just about any site that asks you to install a ‘codec’ or other viewer.  Steer clear of Facebook applications and sites like Plaxo that will trick you into sharing your personal information.  Also, we do not recommend toolbars for Internet Explorer or Google other than MSN, Google or Yahoo.  Others have been known to be a portal for spyware and other things that can slow down your PC and leave it more vulnerable to attack.

As always, if you have any questions- please feel free to call or email us for help.

-TechSmart Solutions Group

Categories: Advice, Alerts Tags: