Just when you might have thought it was safe to start using USB flash drives at work again, the third, and by all accounts, most fiendish version of the Conficker worm that's infected millions of PCs already is set to attack on April 1st, Ars Technicareports. Conficker.C's designed to hide itself even more thoroughly than its older siblings, using tricks such as:
Inserting itself into as many as five Windows-related folders such as System, Movie Maker, Internet Explorer, and others (under a random name, of course)
Creating access control entries and locking the file(s)
Registers dummy services using a "one (name) from column A, one from column B, and two from column C" method
To find out what happens when Conficker.C strikes, join us after the jump.
Today, Microsoft released a trio of security bulletins covering all currently-supported Windows versions. Users of Windows 2000 SP4 through Windows Vista SP1 (as well as Windows Server 2003 and 2008) need to install the update for the critical Windows kernel vulnerability noted in Security Bulletin MS-09-006. The other two bulletins (MS09-007 and MS09-008) solve important vulnerabilities in SChannel (007) and DNS/WINS Server (008); these bulletins apply to Windows 2000 SP4 through Windows XP and Server 2003 only.
Other updates to look for include the usual updates to the Malicious Software Removal Tool and the Windows Mail junk email filter. If you're on Automatic Updates, follow instructions to reboot if needed after installation. If you prefer to be in charge, don't forget to download and install these as soon as possible.
Ouch! It's been a bad week for Adobe Acrobat and Reader users, DailyTech's Jason Mick reports. Some visitors to eweek.com viewed PDF-based ads that attempted to redirect readers to malicious websites and then tried to download Bloodhound.Exploit.213. This vulnerability affects only Acrobat and Reader 8.12 and earlier and was patched back in November with version 8.13, but not everyone's gotten around to updating their Adobe products yet. eWeek's pulled the offending ads, and Adobe was already offering a fix - and that's the good news.
The bad news? There's an even more serious flaw on the loose that targets all versions of Acrobat and Reader, including version 9.0. There are no updates yet (the update for version 9 is expected by March 11, but version 7 and 8 users must wait a bit longer). So, what can you do in the meantime? Lots of MaximumPC readers recommend the free Foxit Reader, but if you must use Adobe, join us after the jump for workarounds that can protect you in the meantime.
When two diametrically opposed sides (Blue? More like Bluh-ewwwww) are forever submerged in the flames of war, an arms race is only natural. Miniguns, automated sentry rockets, curative edible devices – war is hell, but when the robots rise up and squash our silly conflict with a cold, metallic fist, they’ll have some damn fine gear with which to do it. However, one man doesn’t need any of that conflabbed technology; put him on the bus with a baseball bat and a crisp, refreshing beverage and he’ll come back with straight-A’s – in ass-kicking.
He’s the Scout, and with his brand new update, he’s more ready than ever to back up his big talk. Or he will be, anyway, after a bit of unlocking.
First up, after a mere ten achievements, you’ll nab the Force-A-Nature, which is a shotgun that – along with walloping your foes something fierce – forcefully coaxes enemies right out of your personal bubble and, if you’re lucky, into all kinds of fun environmental hazards.
Five achievements later, the Sandman will show up on your doorstep. It’s a bat. It hits things. Mostly baseballs. Go stand on the wrong end of a batting cage to find out what it does.
And finally, after a lifetime (read: 20) of achievement, you’ll be able to kick back with a crisp, refreshing beverage. Well, until you drink said beverage. Then, with “several hundred times the daily recommended allowance of sugar” screaming through your veins, you’ll be ready to “dodge bullets like they ain’t even there!” (Note: Post-digestion hangovers are perfectly normal. Really, it happens to everyone. If you don’t get them, you’re probably not cool.)
So yeah, there’s the update. Go download it. Tell ‘em Maximum PC sent you. You won’t get anything, but any publicity is good publicity, we think.
As it turns out, those of us responsible enough to have a computer generally aren’t responsible enough to keep ourselves safe online. Sure, we might get Norton or McAfee at checkout, but that’s generally the easiest step to take. When it comes to surfing the net, if the browser doesn’t update automatically, we probably won’t take the time to update it on our own.
At least, that’s what a study by a pair of Swiss academics and a Google employee revealed. The study, which ran Google results from January 2007 to April 2008, revealed that as a general whole PC users are reluctant to swap software. The swap from IE6 to 7 came gradually, with a primary boost from sales of new PCs with Windows Vista (and IE7) preinstalled. Mac users “seemed more willing to live on the cutting edge, as the Safari 3 beta release was accompanied by a major jump.”
To security conscious users Mozilla’s Firefox came out on top. Its self-updating nature made it a favorite, opposed to others like Opera, which have an update that basically functions as a manual download followed by a new install.
The analysis suggests that most users of web browsers aren’t filled with thoughts of Internet security, but rather with thoughts of convenience. If you’re interested in checking out the study for yourself, you can be sure to check it out in its entirety, here.
As it turns out, both Seagate and Maxtor-brand SATA drives can be affected by firmware problems. So, how can you find out exactly which models may be on the naughty list and when Seagate has a firmware fix that's ready for prime time? Join us after the jump for details.
Google’s Chrome has made an impressive showing on the web browser market, and has even been named the “Speed King.” And it wouldn’t be like Google to leave it alone, either. With the announcement of their beta for Chrome 2, they’re looking to add some simple things that they hope will make a big difference.
First up, is form autocomplete. Something that Google considers “one of the most obvious missing features from the initial release,” will finally make a debut. Also added will be a full-page zoom, autoscroll, and profiles. Profiles will be “a great way to separate Chrome’s settings in different categories: you could create a work profile with its own homepage, boomarks and browsing history and a profile for your personal projects.”
While the first few features will be nice, the profiles sound like a great addition. Being able to manage a few different sets of information easily will be mighty substantial.
If you have a shiny new PC running Windows Home Server (or an old PC you've refurbished for Windows Home Server) that includes Power Pack 1 (get it here), it's time to grab a new version of the Windows Home Server Technical Brief for Media Sharing from the Microsoft Download Center.
Terry Childs, who locked down San Francisco's FiberWan system last summer, will get his day in court on January 13, exactly six months since he went into the slammer for allegedly hijacking the network he designed and maintained. $5 million bail stands between Childs and a 'get out of jail' card until trial.
After an eight-day preliminary hearing, Superior Court Judge Paul Alvarado ruled Wednesday that prosecutors had produced enough evidence of Terry Childs' probable guilt to hold him for trial on four felony charges of tampering with a computer network, denying other authorized users access to the network and causing more than $200,000 in losses.
How much more than $200,000? According to prosecutors, the city claims it spent almost $1.5 million in "attempts to regain control of the network and assess its vulnerability to intrusions."
Childs' attorney claims her client was trying to protect the network from other employees:
Mr. Childs had good reason to be protective of the password. His co-workers and supervisors had in the past maliciously damaged the system themselves, hindered his ability to maintain it...and shown complete indifference to maintaining it themselves...He was the only person in that department capable of running that system.
The case made our 250 Most Important Tech Products, Events, and People of 2008list at number 232. Stay tuned to MaximumPC.com for further updates.
Thanks to a borked update, some PC users running AVG's free antivirus were in for a long and frustrating weekend. The virus definition update, which was released on Saturday, erroneously detected the "user32.dll" file for the Trojan Horse PSW.Banker4.APSA instead of recognizing it as a critical Windows component. Once the scanner went active, users found their AVG software recommending that they delete the quarantined file. Doing so caused systems to either stop booting or enter into a continuous reboot loop. Whoops!
The misinformed update affected both AVG 7.5 and AVG 8.0 installations on Windows XP. Vista users appear to be in the clear, though a spattering of user comments around the web have indicated otherwise. In any event, another update has corrected the error. For those who already deleted the critical system file, AVG is providing step-by-step instructions on how to restore your system back to a working state. Whether or not it restores your faith back in the program is another question altogether.
Hit the jump and let us know what security software you're using.