Secure IT Foundation

Posts Tagged ‘Windows 7

Be prepared for a busy Patch Wednesday as there are 64 security updates being released by Microsoft for all versions of Windows and Office products.

We recommend that you run Windows update on Wednesday to ensure you keep your computer update to date.

SecurityBrad

 

If you have been reading tech news stories about the ‘Zero Day’ Windows shortcut vulnerability becoming a serious mainstream risk, unusually they are correct. There is an unpatched vulnerability in all recent versions of Windows (XP, Vista and 7) which uses Windows to misread  a shortcut ‘.lnk’ file to take over your computer.  Now there is also an email based virus that uses this vulnerability to infect your computer. So is there reason to panic?

Normally Level 4 secured computers would be unaffected by most vulnerabilities as they are discovered due to configuration or mitigation security strategies. In this case the only current active protection is based on Anti Virus software, and it may not be enough to prevent an attack on its own. An English Anti Virus company has released a stand alone program that offers additional protection for Level 4 users and we are recommending its use until an official patch is released by Microsoft.

You can find out more about the tool made by Sophos here or download it directly here

Security Brad

From experience we can safely say the biggest cause of hard drive failure is… YOU, the computer user!

Do you shut your computer off completely before you move it? Do you turn it off by using your operating system shutdown option? If  you answered no to either question and your hard drive fails then you now know why! Just held in the power button as you were fed up waiting for it to shutdown? Well a hard drive is a mechanical device and can be compared to an old fashioned record player. A needle moves over disks of metal reather than vinyl and is air cushioned these days but the principle is similar. Unless you shutdown the computer using the shutdown option then you are scratching the needle over your record by moving it. Same goes for holding in the power button to turn it off, this is like having a fancy automated record player which auto returns if you let it. Instead of waiting for the device to do its job, you are grabbing the needle and forcing it back into its housing violently.

The future for computers is to use Solid State Devices called SSDs which have no moving parts. Too expensive for most they are slowly becoming available. All laptops should have SSD storage over mechanical devices in our opinion. Both types suffer electronic failure but the user has to do some bad things to damage a SSD compared to hard drive!

SecurityBrad

‘Defence in depth’. That is what the commercial security world calls having multiple layers of security to protect you in case one fails.

Simply put, your home computer needs to have multiple layers of defences including an up to date browser like Firefox, have Anti Virus software that works, run Windows Update every month and update all your applications at least weekly, as a minimum. Sounds like hard work, no one interested in your computer? Don’t be a muppet!

If your computer is hacked then you could be storing child porn, terrorist training material, or your computer could be used to send spam. Assuming that you never entered any personal or financial information, else that would have been stolen as well, the worst case scenario is that your home gets raided as part of the war on terror and computers seized…

No one can guarantee perfect Internet computer security unless you unplug the Internet.

A recent hacking contest showed that ALL major browsers on the Internet can have security issues including Safari on Macs, iPhones, Windows 7,  and both Internet Explorer 8 and Firefox on any computer. So next time you click on a link sent to you, visit dubious websites, or download a file from the Internet, be sure of your defences and make sure they are deep!

SecurityBrad

Unlike the default settings in Windows, Linux users have to enter the administrative password before they can install new software. Recently a popular variant of Linux called Fedora introduced a change to alter the security model of Fedora to no longer require the administrative password before installing new software.

On paper it seems sensible, Fedora users could only install applications using the equivalent of ‘Add and Remove Programs / Software’ in Windows, from a list of approved titles. To ensure only approved software is installed, these approved items have a digital signature to prove they have not been altered before they are installed.

Seems reasonable so far, so why is it a problem for the Linux security model? It is a matter of trust. If you have administrative password to an operating system then it is assumed that you will only install software you trust. If you don’t have administrative password or equivalent permissions granted to you by someone who does, then it is assumed you won’t have the administrator’s trust to install new software.

What Fedora did was to move the trust from administrators only, to allowing any user to trust third party software implicitly. Suddenly the only security control to protect an unprivileged user, was the process of getting software added to the Fedora software collection, to get a digital signature.

Windows users may be lost at this point because you are mostly used to a world where you have full control of your operating system. The outcome was that Fedora reverted back to the typical Linux security model due to public pressure. What this shows is that the correct security model for operating systems is not to allow the user to install software without entering the admin password to grant your trust to the software provider. It works for OSX, UNIX, LINUX etc and it can work in Windows XP / Vista / 7.

So why doesn’t Windows come with this security feature as a default, you may ask? One to ask Microsoft…

SecurityBrad

Not much of a surprise this one, given the similarity to XP / Vista under the hood, but Windows 7 is just as vulnerable to viruses and this has now confirmed by Sophos. Then again if they said otherwise who would use their product. Next week they will tell us the sky is blue and you need an umbrella in the rain to stay dry.

SecurityBrad

Now the dust is beginning to settle, Windows 7 testing has begun in earnest. IT professionals who have been using the Windows 7 release candidate for several months were a little surprised to see the final version is virtually the same. Our verdict from testing, is that it gives a good initial experience over Vista. Longer term use though gives a different impression.

Despite defragmenting the hard drive, tuning the OS and keeping the registry cleaned, Windows 7 just gets slower and slower in use. From a ‘wow that’s quick’ to ‘I want XP back’ in a few months. It is better than Vista, but that is no benchmark and in every day use XP still gives a better user experience, quicker to start, does less in the background and easier to keep well tuned.

There will be little OS choice soon, with XP being phased out (and Vista binned quicker than an ecoli sausage), so there is going to be a lot of people wondering why their super fast PC with Windows 7 starts running like a three legged dog. We will keep testing and eventually the slow down cause will be found. Once we do we will let you know as well, as security is marginally improved with Windows 7, and it is much better to run as non-admin user in 7 than XP. Even User Access Control (UAC) is tolerable in 7 compared to Vista, so the time when all Windows users login as non-admin users is getting closer.

SecurityBrad



  • None
  • Coldwind: Couldn't agree more. I downloaded a piece of software just now, disabled the 'toolbar' 'offer' (which fortunately for me has become a reflex); but co
  • ModemJunki: I only discovered this today - I had updated the firmware to the latest out of habit, and I could STILL access my TrendNet cams on the local network w
  • PrentOS – a Simple Secure Computer « Secure IT Foundation: [...] September 2010 we said it was time for a brand new start to computing, well it is starting to take shape… [...]

Categories