STOP USING NORTON!

In fact sop using all AV, it’s best to just stick with Windows built in free security. You are just as secure, it doesn’t hog resources, and at least you are not paying for the privilege of software that makes you totally vulnerable to comically easy to perform attacks that can take over your computer. This is just the latest and worst example of incredibly sever security holes found in security software.

http://arstechnica.com/security/2016/06/25-symantec-products-open-to-wormable-attack-by-unopened-e-mail-or-links

Much of the product line from security firm Symantec contains a raft of vulnerabilities that expose millions of consumers, small businesses, and large organizations to self-replicating attacks that take complete control of their computers, a researcher warned Tuesday.

“These vulnerabilities are as bad as it gets,” Tavis Ormandy, a researcher with Google’s Project Zero,wrote in a blog post. “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”

The post was published shortly after Symantec issued its own advisory, which listed 17 Symantec enterprise products and eight Norton consumer and small business products being affected. Ormandy warned that the vulnerability is unusually easy to exploit, allowing the exploits to spread virally from machine to machine over a targeted network, or potentially over the Internet at large. Ormandy continued:

Because Symantec uses a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link to an exploit is enough to trigger it – the victim does not need to open the file or interact with it in anyway. Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences to Norton and Symantec customers.

An attacker could easily compromise an entire enterprise fleet using a vulnerability like this. Network administrators should keep scenarios like this in mind when deciding to deploy Antivirus, it’s a significant tradeoff in terms of increasing attack surface.

The flaws reside in the engine the products use to reverse the compression tools malware developers use to conceal their malicious payloads. The unpackers work by parsing code contained in files before they’re allowed to be downloaded or executed. Because Symantec runs the unpackers directly in the operating system kernel, errors can allow attackers to gain complete control over the vulnerable machine. Ormandy said a better design would be for unpackers to run in a security “sandbox,” which isolates untrusted code from sensitive parts of an operating system.

The researcher said one of the proof-of-concept exploits he devised works by exposing the unpacker to odd-sized records that cause inputs to be incorrectly rounded-up, resulting in a buffer overflow. A separate “decomposer library” included in the vulnerable software contained open-source code that in some cases hadn’t been updated in at least seven years. The lack of updates came even though vulnerabilities had been found in some of the aging code and in some cases the disclosures were accompanied by publicly available exploits. A list of additional vulnerabilities is here.

Tuesday’s advisory is only the latest to underscore game-over vulnerabilities found in widely available antivirus packages. Although the software is often considered a mandatory part of a good security regimen—on Windows systems, at least—their installation often has the paradoxical consequence of opening a computer to attacks that otherwise wouldn’t be possible. Over the past five years, Ormandy in particular has exposed a disturbingly high number of such flaws in security software from companies including Comodo, Eset, Kaspersky, FireEye, McAfee, Trend Micro, andothers.

In most cases, the updates disclosed Tuesday will be automatically installed, in much the way virus definitions are received. In other cases, end users or administrators will have to manually install the fixes. People running Symantec software should check the advisory to make sure they’re covered.


Yet Another Reason To Not Buy That Cheap Computer From A Box Store

Ever notice those annoying update centers that come preinstalled on every name brand PC.  They just sit there I’ve never actually seen them update anything, sometimes they give you annoying pop ups for no reason.  Just sitting there in the tray for no reason.

Well one thing they are doing is opening all sorts of security holes.

http://arstechnica.com/security/2016/06/how-pc-makers-make-you-vulnerable-to-man-in-the-middle-attacks-out-of-the-box/

The next time you’re in the market for a new Windows computer, consider this: if it comes from one of the top five manufacturers, it’s vulnerable to man-in-the-middle attacks that allow hackers to install malware.

That’s the take-away from a report published Tuesday by researchers from two-factor authentication service Duo Security. It found third-party updating tools installed by default threatened customers of Dell, HP, Lenovo, Acer, and Asus. The updaters frequently expose their programming interfaces, making them easy to reverse engineer. Even worse, the updaters frequently fail to usetransport layer security encryption properly, if at all. As a result, PCs from all five makers are vulnerable to exploits that allow attackers to install malware.

“Hacking in practice means taking the path of least resistance, and OEM software is often a weak link in the chain,” the Duo Security report stated. “All of the sexy exploit mitigations, desktop firewalls, and safe browsing enhancements can’t protect you when an OEM vendor cripples them with pre-installed software.”

In short, every single manufacturer was found to use pre-installed updaters that allowed someone with the ability to monitor a PC’s network traffic—say someone on the same unsecured Wi-Fi network or a rogue employee at an ISP or VPN provider—to execute code of their choice that runs with System-level privileges. The updaters are mostly used to deliver new versions of software and bloatware that come pre-installed on new PCs and are separate from Microsoft’s Windows Update, which is widely believed to be secure. The report provides a strong reason why it’s a good idea to wipe newly purchased machines and reinstall Windows minus all the custom crapware. At a minimum, third-party software should be uninstalled or blocked using a firewall.

Update: Lenovo has issued an advisory recommending customers uninstall the Lenovo Accelerator Application, which comes preinstalled on many notebooks and desktop systems running Windows 10. As the image at the top of this post illustrates, the Duo Security report uncovered several major shortcomings in the app’s update mechanism, including its failure to use any sort of encryption when checking for or downloading updates and the failure to validate digital signatures before installing them.


Dear Yelp, Please STOP CALLING ME!

Dear Yelp;

I get that you have no way of knowing this but we have a very good relationship as it stands.  I write reviews, find awesome places to eat from you, list my business on your site.  I’m even pretty serious about defending your site and pointing out how silly people are when they claim you are some sort of extortion racket.

I like you, really I do, just not in a give you money sort way  I’m flattered you have assigned me a personal contact person but  really I don’t want her, I’m not interested in you in that way.  You’re cool and all just not for me.

Since April 20th this lovely young woman has called and left voice mails telling me how excited she is to be my contact person at Yelp.  She’s so excited she won’t stop calling even though it’s obvious I’m intentionally ignoring her.  She’s so eager that she will even call me multiple times in a row.  Like just now at 5:17pm and again at 5:23pm.  I’ve been running in circles all day doing you know my actual business of repairing computers and talking endlessly with clients on the phone.  Nothing makes me happier than having Yelp call twice in under 10 minutes 17 minutes after the end of my business day.  It’s says it right there 5pm in the voicemail greeting she has listened to 7 times in the past few weeks.

So sadly I have been forced to block your number, I will also be adding caller ID filters to my call screening software the blocks the word Yelp.  I’ll still use the site love it.  Though I do now understand why plenty of business owners think you are an extortion racket, it’s your unwanted and overly aggressive sales force.

Love the site, hate your idiotic sales force.

Love Always,

John.

 

By the way I will paying to promote this post on Facebook, sorry they are just better than you.


The Myth of the $200 Computer

 

It happens a few times a year.  A customer is faced with either a computer that cannot be repaired or a one that is so old that it’s not worth repairing.

They will ask what their options are and I will explain to them for $350-$500 they can get a custom built PC from me that will be the best computer they have ever owned and last them a decade.

They scoff at this idea and proudly proclaim that they can just head on over to Staples and get one for $200.

I will not deny that yes there are times of the year where you can get some great deals; Back to School, and Christmas being good examples. Times of year when stores will stock up on somewhat outdated inventory and sell it as loss leaders to get parents into the stores.   However these deals are actually rare and becoming more hard to find.

Anyway let’s set that aside and look at what you get when you buy a bottom of the line PC at big box retailer.

Just this weekend I was faced with a client who did the “I don’t need anything fancy I can’t get something for $200” eye roll. He ended up at Walmart where to his surprise there are no $200, in fact you can’t even find a computer that does not include a monitor, his only option was a $250 Acer AXC-704G-UW61.

The bare minimum to manufacture a PC is over $200.  So how can they sell you a PC for such a low price.  Either you are getting very old outdated and barely usable parts.  This computer had really cheap slow parts in it. So cheap, slow, and built to a price point that they were designed to be cheap, and as we discovered the hard way not even fully functional.

The other way they bring the price down which is the case more and more you are getting a computer that has been subsidized by installing tons of Spyware.  This PC was riddled with Spyware, in fact the first program they installed on it before they even installed the drivers was Spyware.

XYO6ZbP - Imgur

This miracle of modern technology was then dropped off here so I could begin the process of transferring and installing all the software and files he needs for his business onto the this wonderful new PC.  Set it up on the desk and problem #1, this computer has no VGA or DVI ports only HDMI.  So now we either need a HDMI monitor, a video card, or a some sort of converter.   So now it’s a $270 PC, and we wasted a days labor. Nowhere on the box was it mentioned that this computer had only HDMI ports. It has two USB 3.0 ports but since it’s only two those will be taken up by your keyboard and mouse.  So if you want to actually use those ports you need a hub now it’s a $290 computer.

 

Okay we get it hooked up to a monitor.  I know have to spend half a day removing all the SpyWare that is preinstalled onto the PC.

Finish that, install al the business software we need, and star transferring his files onto the new PC.  The transfer is going to take 6 hours so I leave and come back.  In that time the PC has put the monitor to sleep and the only way to get the monitor back on is to unplug the power from it.  So now we have to leave the monitor on displaying a screen saver 24 hours a day otherwise the PC turns the monitor off and then will not turn it back on.

Finish everything, leave the computer alone over night come back  and now it for some reason has shut down and will not restart.  Pull the power and it will turn back on.  At this point it is finally decided this $200 PC is going back.

Now we have wasted 3 days,  the client owes me well over $100 in labor and we have accomplished nothing.

You get what you pay for.