Monthly Archives: January 2009

Conficker Worm Infects Millions Of Computers

A new digital plague has hit the Internet, infecting millions of personal and business computers in what seems to be the first step of a multistage attack. Leading computer security experts do not yet know who programmed the infection, or what the next stage will be.

In recent weeks a worm, a malicious software program, has swept through corporate, educational and public computer networks around the world. Known as Conficker or Downadup, it is spread by a recently discovered Microsoft Windows vulnerability, by guessing network passwords and by hand-carried consumer gadgets like USB keys.

Experts say it is the worst infection since the Slammer worm sped through the Internet in January 2003, and it’s estimated to have infected as many as ten million personal computers around the world and it’s still growing.

Worms like Conficker not only ricochet around the Internet at lightning speed, they harness infected computers into unified systems called botnets, which can then accept programming instructions from their clandestine masters. “If you’re looking for a digital Pearl Harbor, we now have the Japanese ships steaming toward us on the horizon,” said Rick Wesson, chief executive of Support Intelligence, a computer security consulting firm based in San Francisco.

Many computer users may not notice that their machines have been infected, and computer security researchers said they were waiting for the instructions to materialize, to determine what impact the botnet will have on PC users. It might operate in the background, using the infected computer to send spam or infect other computers, or it might steal the PC user’s personal information.

“I don’t know why people aren’t more afraid of these programs. This is like having a mole in your organization that can do things like send out any information it finds on machines it infects.”

Microsoft rushed an emergency patch to defend the Windows operating systems against this vulnerability back on October 23rd, 2008, yet the worm has continued to spread even as the level of warnings has grown in recent weeks.

Earlier this week, security researchers at Qualys, a Silicon Valley security firm, estimated that about 30 percent of Windows-based computers attached to the Internet remain vulnerable to infection because they have not been updated with the patch, despite the fact that it was made available in October.

Security researchers said the success of Conficker was due in part to lax security practices by both companies and individuals, who frequently do not immediately install updates.

And as usual, Microsoft executives defended the company’s security update service, saying there is no single solution to the malware problem.

Alfred Huger, vice president of development at Symantec’s security response division, said, “This is a really well-written worm.” He said security companies were still racing to try to unlock all of its secrets.

Unraveling this particular program has been particularly challenging because it comes with encryption mechanisms that hide its internal workings from those seeking to disable it.

Most security firms have updated their programs to detect and eradicate the software, and a variety of companies offer specialized software programs for detecting and removing it.

The program uses an elaborate shell-game-style technique to permit someone to command it remotely. Each day it generates a new list of 250 domain names. Instructions from any one of these domain names would be obeyed. To control the botnet, an attacker would need only to register a single domain to send instructions to the botnet globally, greatly complicating the task of law enforcement and security companies trying to intervene and block the activation of the botnet.

Computer security researchers expect that within days or weeks the bot-herder who controls the programs will send out commands to force the botnet to perform some as yet unknown illegal activity.

Based on information found on the web, several computer security firms said that although Conficker appeared to have been written from scratch, it had parallels to the work of a suspected Eastern European criminal gang that has profited by sending programs known as “scareware” to personal computers that seem to warn users of an infection and ask for credit card numbers to pay for bogus antivirus software that actually further infects their computer.

One intriguing clue left by the malware authors is that the first version of the program checked to see if the computer had a Ukrainian keyboard layout. If it found it had such a keyboard, it would not infect the machine. This fact could point to the origin of the worm and help investigators round up those responsible.

What to do? Computer users are advised to ensure their antivirus software, operating system and firewall are up to date, and install a Microsoft patch to combat the problem, MS08-067, which is available from its website.
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Microsoft's Silverlight To Stream Obama's Inauguration

silverlight-logo
Microsoft’s Silverlight technology has been chosen to stream U.S. President-elect Barack Obama’s swearing-in ceremony live on the Presidential Inaugural Committee’s Web site , Microsoft said last Friday.

Obama and Vice President-elect Joe Biden are due to be sworn in and deliver inauguration speeches Tuesday January 20 th in Washington, D.C. Both events will be streamed live on the PIC site using Silverlight, a cross-browser technology for delivering live and on-demand video over the Web.

The PIC will also stream video of an event with Obama and Biden in Baltimore on Saturday as part of their “Whistle Stop Tour,” which will take them from Philadelphia to Washington for the inaugural ceremony and celebrations.

The inaugural event is the latest high-profile use of Silverlight, which was first released in April 2007 as a rival to Adobe Flash. The technology comprises a tool for developing and designing Internet applications and a media player for delivering content.

It wasn’t until the release of Silverlight 2 in October, however, that the technology became a viable alternative to Flash for building rich Internet applications.

While Silverlight 2 was in beta in August, the 2008 Democratic National Convention Committee used it to stream proceedings from the convention, including Obama’s acceptance speech to more than 80,000 people at an outdoor stadium in Denver.

Microsoft also teamed up with U.S. television network NBC that month to deliver thousands of hours of both live and on-demand coverage from the Beijing 2008 Olympic Games.

This is the 3 rd high profile win for Silverlight. If you don’t already have Silverlight installed just click the following link and you’ll be able to watch all the festivities.

http://www.microsoft.com/silverlight/resources/install.aspx

http://silverlight.net/GetStarted/

Bad news for Mac, Linux or FreeBSD users – there’s no compatible application available for these systems so I guess you’ll just have to watch this history making event the old fashioned way – on TV

Part 2: Microsoft Blocks XP-to-Windows 7 Beta Upgrades

The version of Windows 7 Beta 1 that Microsoft made available for download on its Technet site last Thursday does not support upgrades from systems running its Windows XP operating system. It does, however, permit upgrades from Vista SP1 to Windows 7.

A Microsoft spokesman said that no final decisions have yet been made about what will be included or not included in the generally available version of Windows 7, but that the company as a practice advises only clean installations of operating systems during the beta phase anyway.

“We’ve just been telling people like we always do, conduct a clean install. That’s the safest bet anyway,” the spokesman said. “It shouldn’t be too much of a surprise.”

For now, the beta version of Windows 7 only permits upgrades from Vista SP1 — meaning there is at the moment no way to test or evaluate a straight XP-to-Windows 7 migration.

Microsoft announced late Wednesday night in Las Vegas that it was making its first beta version of its next generation desktop OS available via Technet and MSDN, and CEO Steve Ballmer said the general public would have access to the beta — for free– as of Friday. The beta will work through August of this year, giving virtually the entire market an opportunity to play around with it and evaluate Windows 7 before they have to pay for it.

Let me “make one thing perfectly clear” I DO NOT advise anyone download and install Windows 7 on a production machine. If you insist on testing this operating system do so on a machine you are willing to loose all the data on. BETA software is famous for being unstable – that’s because the BETA versions are released to the public so we – the people – can test it, crash and report the problems to Microsoft.

A note of caution: The initial upgrade to Windows 7 takes about 1 and 1/2 hours. If you attempt to upgrade a Vista PC and you haven’t yet installed SP 1 and all essential updates from Microsoft, the process could take an additional two hours or more.

More testing on Windows 7 will be needed to evaluate its security, network management and support for more applications and drivers. It remains to be seen, however, how the market will respond if Microsoft continues to deny an upgrade path from XP to Windows 7

For all of you daring, devil-may-care individuals – here’s the download link to Windows 7 BETA
http://www.microsoft.com/windows/windows-7/beta-download.aspx
……Don’t say I didn’t warn you……. 🙂

For the rest of you, here a link to everything you wanted to know about Windows 7 but were afraid to ask:
http://www.microsoft.com/windows/windows-7/default.aspx

Windows 7 for $0.00

That might just make up for Vista – NOT!

So, you bought a PC with Vista, and maybe you don’t like it so much, and you’re thinking that you spent a bunch of money for not much in return. Well, you’d be wrong — because you didn’t just buy Vista. You also bought Windows 7. Maybe.

Apparently, Microsoft might be preparing to give free upgrades from Vista to Windows 7. At the time of writing this, we’re still not sure whether that’s true. But according to a Web site that actually manages to get things right occasionally, Microsoft is going to (with restrictions, of course) give Vista buyers a free pass to the next level.

Now, for those of us who are mainly concerned with the enterprise, Redmond’s little gesture, should it actually come to pass, is pretty irrelevant, in large part because not many enterprises bothered to buy into Vista in the first place. Beyond that, this is, or would be, clearly a consumer-focused effort aimed at burying the mostly lousy legacy of Vista. We have no idea at this point how or whether the free upgrades would work with volume licensing — but, again, unless we’re talking upgrades from XP here, a lot of companies won’t care.

What interests us here is Microsoft’s attitude toward Vista in particular and Windows in general. As recently as July, Steve Ballmer was banging on at the Worldwide Partner Conference about how Microsoft wasn’t giving up on Vista and how partners should continue to push the operating system. There were even pro-Vista sessions with partners and IT folks at the conference.

And now this upgrade program comes along — Microsoft won’t — can’t — admit that Vista, despite all its hype, was pretty much a dog in many users’ eyes. So instead of just saying that it was a bust, Redmond is trying to move us all along…nothing to see here…to Windows 7.

Of course, with 90-plus percent market share, the Windows franchise isn’t exactly crumbling. And it probably won’t for a while, until Software-as-a-Service becomes the norm and the operating system becomes mostly irrelevant, anyway.

How excited are you about Windows 7? What do you want from it? Will you ever give up XP? Let us know – send your thoughts to me David@GoAmerican.com. I can’t promise you a free upgrade but I can promise you’ll feel better getting it (what ever it is) off your chest.

ActSmartDentalThe Most Dental IT Experience
on the South Shore!

David’s Blog Archives
Our Clients Say:
Everybody @ ActSmart is WONDERFUL! We are very relieved to have you on our team & know that we are in great hands. ~Leslie, Glivinski & Associates
Proud To Be:
Attention Dental Practices:

We Offer:
Follow Us: