McAfee on Thursday issued an apology for the faulty update that shut down users’ computers and prompted a continuous reboot cycle.

“McAfee team members have been working around the clock to fix the problem and work with impacted customers,” Barry McPherson, executive vice president of worldwide technical support and customer service for McAfee, wrote in a blog post. “We estimate that the majority of the affected systems are back up and running at this time and more systems are coming back online quickly.”

The faulty signature update DAT file, which went out on Wednesday, affected the svchost.exe file on “a subset of systems” using McAfee VirusScan Enterprise on Windows XP service pack 3. Users with VirusScan Enterprise 8.7 were hit a bit harder than those running version 8.5, McAfee said, “because of the different implementation of memory scanning within the products.”

Other versions of XP, Vista, and Windows 7 were not affected, the company said.

The problem resulted in blue screens, loss of network connectivity, inability to use USB, and continuous reboots, McAfee said.

What happened? McPherson said that McAfee recently changed its QA environment, which allowed a faulty DAT to get through the testing process.

“To prevent this from happening again, we are implementing additional QA protocols for any releases that directly impact critical system files,” McPherson wrote. “In addition, we plan to add capabilities to our cloud-based Artemis system that will provide an additional level of protection against false positives by leveraging an expansive whitelist of critical system files.”

To fix the problem, McAfee issued a remediation tool that “suppresses the driver causing the false positive by applying an Extra.dat file in folder,” he wrote “It then restores the ‘svchost.exe’ Windows file, the file quarantined as a result of the false detection.”

This tool has “been successful at remediating the problem,” McPherson wrote. More details for restoring a system are available in the McAfee KnowledgeBase in KB68780.

“I want to apologize on behalf of McAfee and say that we’re extremely sorry for any impact the faulty signature update file may have caused you and your organizations,” McPherson wrote.

Remove your Downadup infection!

BitDefender Labs has detected a new and more aggressive Downadup version on Saturday, 07.02.2009. It spreads using a Windows RPC Server Service vulnerability and is called Win32.Worm.Downadup.Gen.

The new version is more resilient to disinfection. Once the system is compromised, the worm disables Windows Update and blocks access to most of the anti-virus websites in order to hinder the user to disinfect his machine.

BitDefender is the first to offer a free tool which disinfects all versions of Downadup and is available for all infected users at: http://bdtools.net This domain is the first to serve a removal tool without being blocked by the e-threat.

The worm itself is not new, it made its first appearance late November 2008, known under the names Conficker or Kido as well exploiting the vulnerability described in the Microsoft security bulletin MS08-067. After successful exploitation it used to install rogue security software on the infected machine.

• Never download software from the Internet to your work PC.  Not even toolbars or utilities that sound useful.
• Never use file-sharing programs at work.  They are probably the wort offenders when it comes to packing spyware.
• Notify the helpdesk if pop-up windows start rapidly appearing or a new home page appears in your browser.  This is a sign of spyware infection.
• Call the helpdesk if your PC starts performing sluggishly or takes longer than usual to load applications or find files.  If you web browser seems to have a hard time finding sites, that’s a good sign your Web activities are being monitored.
• If an unwanted window pops up while browsing, immediately shut it down by clicking on the “X” in the upper right-hand corner of the window, not on any button that says “Close” or “Cancel.”  These buttons often initiate a spyware download.
• If using Internet Explorer, change the settings to block ActiveX objects.  Some spyware is in the form of ActiveX objects.
• Stay away from sites that have nothing to do with your job’s roles and responsibilities.  An remember that free software is seldom truly free.

wizTEQ Staff

From a domain controller or member server open up Server Manager (SRVMGR.EXE)

• Click on Computer then Add to domain…
• Type the Vista computer’s hostname and click Add
• Click Cancel and close Server Manager

From the Vista computer you need to open the Local Security Policy console

• Click Start and type “secpol.msc” in the search area and press Enter
• Expand Local Policies and click on Security Options on the left pane
• On the right pane look for “Domain Member: Digitally Encrypt or sign secure channel data (always)“
• Double click on it and change it from Enabled to Disabled
• Now look for “Network Security: LAN Manager authentication level“
• Change it to “Send LM and NTLM – use NTLMv2 session security if negotiated“
• File then Exit

Now you are ready to add the Vista computer to the domain.

• Click on Start
• Right click on Computer and select Properties
• Click on Advanced system settings on the left pane
• Click the Computer Name tab
• Click the Change button
• Change Member of to Domain: and enter your domain name and click OK

You should then be prompted for your Domain Admin credentials

wizTEQ Staff

What Is a Firewall?

A firewall is simply a gatekeeper between different zones of trust. Systems inside an organization have a high degree of trustworthiness. External partners, suppliers, and customers exist in different zones of lower trust. And, of course, the least trusted zone is the “untamed frontier” of the Internet. Connecting to any outside systems means risking exposure to viruses, hackers, and a multitude of other threats. The firewall is the first line of defense against these threats.

A company’s firewall enforces defined security policies regarding whether, how, and which computers and networks can communicate with their internal systems. When a firewall is installed on a network or computer, all data sent to and from it is monitored and compared with a set of user-defined security criteria. Any traffic that doesn’t meet those rules is blocked. The personal firewall software on a PC erects a similar barrier around that computer’s resources.

Filters

Administrators can configure firewalls to filter content based on:

• IP Address–Firewalls can block traffic based on a machine’s unique IP address. For instance, it can ignore requests from a computer that attempts several incorrect logins.

• Protocol–Policies can define whether and how different types of network communications are handled. They can, for example, block all telnet requests originating from the outside. 

• Domain Name–Filtering out requests for ESPN.com or eBay data could help discourage leisure and private Web surfing while on the job.

• Keywords–Similarly, some firewalls can filter out content that contains specific words and phrases.

• Ports–Rules tighten access to server ports.

Firewall Approaches

Most firewalls employ one or more of the following methods to enforce security policies:

• Packet Filtering – Examines packet attributes such as originating IP address or destination service to screen out all traffic that doesn’t conform to the rules.

• Application Layer Gateways – Also known as proxy servers, these act as middlemen between internal client machines and external systems. They pass authorized packets along while shielding clients from unauthorized traffic. Proxies are often specific to a network service (HTTP, FTP, telnet).

• Stateful Inspection – This approach examines packet contents and makes decisions based on its context. It uses a table of connection states and knowledge of how types of communication typically operate to differentiate authorized from unauthorized traffic. For example, it could block a mysterious application from opening an FTP connection, thus preventing a hidden keystroke logger program from “phoning home” with its purloined information. 

Limitations

A firewall, however, is only as strong as the security policies it enforces.

And like door locks, a firewall is a necessary first step in protecting your network, but it’s no cure-all. A determined attacker can find ways around it, and it does nothing to protect against attacks and mistakes that originate inside its perimeter.

For higher security, firewalls should be used in conjunction with anti-virus software, spyware scanning software, intrusion detection systems, and other safeguards. Most commercial firewall products are available as part of an integrated suite of security software.

How to add user accounts

To setup user accounts

1.  Log on to your computer as an administrator.  Click Start, and then Control Panel.

2.  Under Pick a category, click User Accounts.

3.  Under Pick a task, click Create a new account.

4.  In the User Accounts wizard, on the Name the new account page, type the name for the user. You can use the person’s full name, first name, or nickname.  Then click Next

5.  The User Accounts wizard displays the Pick an account type page.  Click Limited, and then click Create Account.

6.  To create another account, return to step 3.

Note: In these steps, you created a limited account. Limited accounts
offer better security than Computer administrator accounts. However, limited
accounts cannot make system-wide changes or install some applications. If you
need to make changes to your system, log on with the administrator account you
used to create the new accounts.

Now that you have added new user accounts, you can change the default display
pictures or create passwords for the accounts.

How to create passwords for user accounts

To create a password

1.   Log on to your computer as an administrator.  Click Start, and then click Control Panel.

2.   Under Pick a category, click User Accounts.

3.   Under or pick an account to change, click the account for which you want to create a password.

4.   Click Create a password.

5.   On the Create a password page, type the password twice.  Optionally, type a password hint.  Then click Create Password.

6.   To create passwords for other accounts, return to step 3.

When several people use a single computer, it’s convenient to set up a user
account for each person to keep everyone’s setup preferences and documents
separate. If someone wants to use your computer briefly he or she can use the
Guest user account. By default in Microsoft Window XP, this account is disabled,
which means that only specifically authorized users can access your computer.

If you have enabled your Guest account, you should disable the Guest account
(once your guest has finished using your computer) to improve your computer’s
security.

To disable the Guest account

1.  Click Start, and then click Control Panel.

2.  Under Pick a Category, click User Accounts.

3.  Under or pick an account to change, click Guest.

4.  On the What do you want to change about the guest account? page, click Turn off the guest account.

Now the Guest account is disabled.  As an added safety precaution, and to prevent users without user accounts from logging on, it’s a good idea to add passwords to every account on your computer.