Why not donate to keep the pedals turning?
Adobe Acrobat Reader has spent some time in the limelight recently, owing to malware attacks that exploit security and format weaknesses. I've written a guide on how to secure your Acrobat Reader installation above and beyond changing a handful of settings.
The financial year is nearing its end and despite the recession, active customer base and profits are up for Proactive Services. This does mean paying more to the tax man but I still find it a pleasure (would it be called perverse?) to use my profits by paying some of them back to my country. Growth is unabated which is a good job as the number of working hours I stuff into the business is growing as well! I've been trading for five years now and I'm looking forward to the next five. Customers often ask me when I'm going to hire staff but at the moment my baby is, although five years old now and more a child, still my baby. I have plenty of work to spill off the end of my schedule but it never quite seems to which seems to be a good balance.
Proactive Services wouldn't have existed if it wasn't for my friends and family informing me, with infinite nonchalance, that I should start my own computer business as I'd be "better than anyone else". I'll leave such a judgement to my customers! Hanna finally pushed me off the edge of the precipice only to fall upwards, accelerating every year, and she knows how grateful I am for her help. Plum is sending over so many new customers I will have to start paying her soon - would a Ferrari suffice, Plum? A villa somewhere hot you say? Let me find my cheque book… My brother Dale has also signed up most of the staff from Waitrose Petersfield to my customer base. When are you going to start on Havant branch, boyo? Graham Allen my good friend from The Page Designer has always been on the end of a techi-phone and drags me along to help when he needs more hands (be it computers or fish tanks, but I seem to have escaped the latter recently!). My old friend James Carey from Barns Designs is a bit like the yin of my yang as he sometimes vehemently disagrees with something I say which always makes me step back and ask myself "Am I really right?" which is a precious part for the ever-changing field of technology. He's also an awesome zombie killer; don't go near him if you get bitten and turn. I'd also like to thank Sarah, Kate and Angie, my first trio of customers who threw me in at the deep end with tasks such as advanced document templates, encrypted email and digitally-delivered, encrypted report dictation. Nothing like a challenge!
Several of my suppliers have been a treasured resource to my business and I'd like to extend some thanks to the best of them. I've been reselling Eset's NOD32 anti-virus system for over three years now, as my first customer's renewal came up after the three year expiry. I'm still very happy with Eset's products and despite their growth they still have excellent support, which is paramount to a good working relationship. ICUK Hosting have been serving as web site and email hosts for myself and many customers since I started trading and they're also maturing their products but still answer an email with a personal and competent reply in good time so make another great supplier, with very good service reliability. Most of my customers know how zealously I recommend Andrews and Arnold as the only Internet Service provider I trust to supply Internet access to my business and customers. AAISP just get better every year and know their focus very well - top-notch services and support - which they do not waver from, so many thanks to them.
Several customers refer to my "magic wand" which is waved over computer problems, and I have been waving this in a more philanthropic manner by volunteering my expertise, or providing discounted services for local charities in the last few years including Home-Start Butser, Startup and the Beneficial Foundation. Volunteering is an incredibly rewarding experience and you quickly build up a network of really friendly, passionate people. Computer-y volunteering really does show up results and I am so glad to have made such a big difference to those I've helped out. At the risk of putting a pound sign near this paragraph I should also advise anyone reading this who runs a business needs to know that working for free is a very profitable!
Anyone I've worked or spent time with knows how much I love my work and cannot imagine doing anything else. My Dad told me on more than one occasion (which he did often!) that when you do a job you have to be paid twice: once in your wallet and once in your heart. All the while I'm still being paid twice I will still be providing Proactive Services.
Always up for a challenge and keen to help out charitable causes, I am going to be participating in The Mile (or three) for Comic Relief's Sport Relief...with a difference. See the Sport Relief 2008 page for further details.
I am planning to start some computer learning classes, after assessing demand, focusing on the basic elements of computer use. I have noticed how many computer classes offer photo editing, Internet and email and word processing tutorial but haven't seen any which offer to show people how to use their computers. I intend to cover a set of subjects depending on my own ideas and requests. See the tutorial page for further details.
I have made minor changes and/or re-wording to the terms of service regarding product purchasing and warranties.
A virus which exploits a security problem in Adobe Acrobat PDF Reader on Windows XP has now been reported as being actively sent to people via email. Please do not open any PDF files you receive by email unless you are absolutely sure you are expecting them and trust the sender. Microsoft are working on fixing their part of the security problem. Adobe has fixed the problem in Acrobat Reader version 8; to check for an update view the sample PDF file on my web site which should trigger Acrobat Reader to check for updates.
If you have Acrobat Reader version 7 or earlier you should update it from Adobe's web site. If you're unsure you can check by doing the following:
If it is version 7 or earlier you should update it from Adobe's web site.
As bonfire night approaches, we put away our holiday photos and start to draw up our Christmas card lists. But if you store these things on your computer, beware! Unless you have a backup, your precious files might not be as safe as you think.
An error in Adobe Acrobat PDF Reader has recently been exposed which allows a maliciously-created PDF to install a virus onto a victim's computer. Proactive Services always installs programs with security in mind, and with Acrobat my standard settings cause a warning prompt rather than silently allowing infection. I have not read any reports of this error being used to infect computer users at time of writing, but if you receive a prompt asking "This document contains JavaScripts. Do you want to enable JavaScripts from now on? The document may not behave correctly if they're disabled." then you should click "No". If your Adobe Reader has been installed by a party other than Proactive Services you should check that JavaScript is disabled using the following method:
If you come across any PDFs that cause the prompt or would like me to check your settings are secure, please get in touch. Please note this is not an issue with JavaScript on web sites or Internet Explorer.
I've always been very careful what information I store and how it is stored, and treat customer data responsibly. From the practises I have always followed I've drawn up a list of policies outlining the processes and methods I use.
There has been a spate of fake postcard junk email being sent recently, and these now seem to be turning towards bogus spyware or virus alert emails. They contain a link to a web site which will try to infect the computer with a virus. The Web Filtering Service has been blocking the web sites and virus code for several weeks, so customers using it will have an added layer of protection if they accidentally click a link.
Junk email with Adobe PDF attachments have also been appearing recently. The samples I have seen are not dangerous, but the perpetrators behind junk email and virus-creators often work together so please be aware of such emails. These particular junk emails sometimes have names such as "invoice.pdf" in an attempt to trick someone into opening them.
As with all junk mail, warning or alert messages or other unexpected email you should never click any web site links, follow any instructions or provide any passwords or credit card details, however dire the email seems. If you would like me to look at the message, please forward it to me and then delete it. If you have clicked on a web site link by mistake let me know as soon as possible.
I have added a temporary block on all custom cursor pictures to the Web Filtering Service until anti-virus products catch up, and Microsoft releases a fix for the underlying problem. This will prevent any custom cursor icons being used on websites, and will display a note on the web site stating "Cursor blocked".
Additional blocking rules have also been added to shore up the known web sites and patterns being used to exploit this. Unfortunately a lot of anti-virus vendors are still slow on the uptake, leaving their customers inadequately protected.
It looks like this virus is not a flash in the pan, more web sites hosting it are popping up; presumably the sites have been hacked into and this virus put in place. Eset's NOD32 anti-virus is now detecting it and despite being put onto different web sites, is still blocked by the Web Filtering Service.
A virus named "MSNMaker" has started to appear on my radar which is spreading through Microsoft's MSN Messenger and Live Messenger (Internet chat programs) which you, your staff or family members may use.
The infection begins with a message from a friend or colleague on MSN along the lines of "who put this picture of you online?", and then a web site address at hothotmodels.com (although this may change).
Do not click on this link as it will lead to infection. If you believe someone using the computer may have already done so, or if your computer has any of the following symptoms, switch off the computer immediately and contact me for further advice.
This virus is detected by Eset NOD32 Anti-virus, but it is changing quickly and additional care needs to be taken to help protect your computer. If you are using any other anti-virus you will be at additional risk, as few other anti-virus protect against this at time of writing including Symantec/Norton, McAfee and AVG. Proactive Services' Web Filtering Service completely blocks this virus and all of its variants, and has done so since the service went live 12 months ago.
I have seen reports of fake Internet Explorer 7 downloads being offered by email that look very authentic. If you receive any email purporting to be from Microsoft that asks you to download anything or to click on a web site link, forward it to me and of course, don't click!
Anti-virus detection of this virus is very sketchy; however, six months ago in anticipation of Internet Explorer 7's release by Microsoft, the Web Filtering Service was updated to protect against this type of virus.
A new exploit against a weakness in the way Windows handles cursor animations has been publicly released. This can give an attacker the chance to take over a computer if a victim was to browse a web site under their control (or that has been hacked into). Who'd have thought that little mouse pointer would cause so much trouble? Microsoft has announced they are aware of this and are working on a resolution. I do not yet have concrete information on how well it is detected by anti-virus products, but all .ani files are blocked by the Web Filtering Service and have been since the service went live.
As always, report any unusual computer behaviour and avoid clicking links in emails or opening attachments that you are not expecting.
Malware (viruses, spyware and adware) writers have never had such incentive for trying to infect computers - it's now all about making money from your computer - so they are quick to try and side-step anti-virus programs. The Web Filtering Service is protecting subscribed customers from around 550 known malware web sites and files and has blocked almost all new samples in the last year from being downloaded. Alongside Eset's NOD32 anti-virus which Proactive Services recommends, computers with these two protective layers have never been so secure.
On top of that, over 6700 known scam or "phishing" web sites have been blocked to date, with over 95% of new sites being blocked without any changes to the service needed.
Around 1000 different pattern rules help stop malware, however they change and try different methods of infection, along with a block list of 26,000 malicious web sites.
A recent mutation of a nasty piece of work dubbed "Virtumonde" left anti-virus software scratching their heads whilst the malware dug its teeth into infected computers. Although the better anti-virus companies are often quick to adapt, they weren't quick enough for this malware. 48 hours after it was detected by Proactive Services, the majority of anti-virus products weren't stopping the infection. However, Web Filtering Service rules put in place over two years ago stopped Virtumonde dead in its tracks.
If your computer…
…then using anti-virus is not sufficient to keep your computer safe, you should invest in a Web Filtering Service subscription. Even if you don't match the list, the service removes the risk of relying on a single layer of protection.
From my testing it seems that Windows 98 and ME are vulnerable to this exploit, but the code I have tested them against does not work very well, possibly because it was designed to affect users of the later Windows operating systems. It is likely trivial to alter the code to do so, in which case Windows 98 and ME users will be left vulnerable as Microsoft stopped providing updates on July 11, 2006. Unregistering the affected Internet Explorer component does seem to prevent the malicious code from starting, so I advise this is done by any customers using Windows 98 or ME.
Click on Start, click on Run. Delete any existing text and copy and paste the following:
regsvr32 /u "C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll"
Click OK and you should be informed "DllUnregisterServer in "C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll" succeeded." If not, please contact me for further assistance.
Internet Explorer has had another security problem exploited, a day after Microsoft released an out-of-schedule patch for the previous problem! An affected user can have their computer infected by a virus if they view a web site using Internet Explorer that contains malicious code. This only affects Windows 2000, Windows XP and Windows 2003 users. More information is available at the Open Source Vulnerability Database.
As the parties responsible for jumping on the VML bandwagon and infecting Internet users were quick off the mark on the previous occasion, this may be no different. Microsoft has not released any details about this "WebViewFolderIcon" exploit yet, but Proactive Services' Web Filtering Service has been updated and is protecting against this exploit.
To protect your computer from this threat:
As for the previously-mentioned VML exploit, Microsoft has released patches for Windows 2000, XP and 2003, but did not mention whether Windows 98 or Windows ME was affected, nor has a patch for them been issued. I am still testing to see if these operating systems are affected and what long-term work-arounds there may be. Windows 2000, XP and 2003 users will have this update delivered by Automatic Updates, so if you receive a notification that updates are ready to be downloaded, please follow the given instructions or visit Microsoft Windows Update.
Users of Internet Explorer, Outlook and Outlook Express and Web Mail are at risk from a security problem that is being exploited to install an eye-watering 40+ spyware programs, or worse a web site password stealer. An infection can occur after only reading an email or browsing a web site page that contains links to the malicious code. This code uses a bug in the "VML" part of the program to then download the rest of the virus.
This exploit seems to be taking a more sinister turn, as those responsible for infecting people are trying harder to get victims - a web site hosting company in the US was hacked in the last few days and their customer's web sites re-written to infect visitors, according to Netcraft.
Microsoft have published details about the problem and a method of protecting a computer whilst they work to fix the underlying issue. They have mentioned they may release a fix before their next scheduled updates on October 10th.
To protect your computer from this threat:
Many congratulations to my brother Dale and his wife Danielle at the birth of Frejya, a happy healthy baby born on the 23rd May at 7:17pm.
Here's to Frejya growing up to be as cheeky as daddy (can't think where he gets that from) and as beautiful as mummy.
Obligatory baby picture!
Exploits for two security problems have recently been publicly disclosed, affecting Microsoft Internet Explorer. One of these (referred to as the "CreateTextRange" exploit) has been proven to be able to cause Internet Explorer to start any given program or command and the other (referred to as the "On Repeat" exploit) is at least capable of crashing Internet Explorer and may be as serious as the former.
This means that a maliciously-created web site, when viewed with Internet Explorer, has the potential to infect a computer with a virus, steal information or files, gain control over the computer or damage Windows or other computer files and pretty much anything else one would consider extremely dangerous. My investigation into the Windows WMF security problem at the beginning of the year showed that advert and pop-up businesses were also used to increase exposure to such exploits so it is also possible that sites considered "safe" by a user could put them at risk.
At the risk of sounding over-dramatic, this really is the case. The code required to exploit this security problem is also very simple to create so has the potential to spread very rapidly. Current understanding of the exploits show that any program or command started via this method will have the privileges of the logged-on user; if you are using a restricted user account this somewhat limits the potential impact.
Microsoft are aware of both of these exploits and have only provided a work-around for the CreateTextRange problem, unfortunately this will either severely disable Internet Explorer's ability to display or interact with web sites or cause an inundation of prompts for any web site that uses JavaScript, which many do to function properly. There are no known work-arounds for the On Repeat problem.
Proactive Services Web Filtering Service has been updated to protect against exploitation of these problems, and all known forms of code written to do so are rendered inert. Customers using the Web Filtering Service are highly unlikely to be affected by these exploits as of version "24/03/2006 00:19". If you are not using the Web Filtering Service and use Internet Explorer as your web site browser you should consider following the "Suggested Actions" provided by Microsoft, using a different web site browser or subscribe to the Web Filtering Service.
Proactive Services has recently been receiving spam emails which contain malicious instructions (JavaScript) causing Microsoft's Outlook Express email program, when used with unsafe settings, to download a keystroke-logging virus when the email is viewed. The emails have so far been using a fake "From:" address of post@postcard.com. If you receive one of these emails delete them immediately.
This virus has been tested by Proactive Services in a controlled environment. When started it will monitor all of your keyboard presses and send them to the author and may provide the author with the ability to control the computer or steal files and other information.
Users of Proactive Services' web filtering service will be protected against this threat with actions dated 13th February and later.
If you read your email in "Plain Text" mode you will be protected against this threat - Proactive Services maintains that, irrespective of email program, customers should always use Plain Text mode to read email. Customers using Mozilla's Thunderbird email program are also unaffected; Thunderbird's default settings block these type of instructions. Tests with Thunderbird show that the malicious instructions do not run even if JavaScript is enabled.
For all customers using Outlook Express, advice is:
Start Outlook Express, go into the Tools menu and select "Options…"
Click on the "Read" tab and check the "Read all messages in plain text"
Follow the instructions in the next section to further ensure a safe set-up
Start Outlook Express, go into the Tools menu and select "Options…"
Click on the "Security" tab and ensure that the following options are checked:
Click "OK" to complete the changes.
Tests done with the samples I have received prove the virus is ineffective with Outlook Express in "Restricted Zone". If you are using a different email program you should contact your vendor, or myself, for instructions on protecting your computer.
Proactive Services' recommended anti-virus product, NOD32, protected against this virus infection when it was first received, once again proving its value. Initially many of the more popular anti-virus solutions did not protect against this and have only just started to recognise it.
Proactive Services now supplies a web filtering program, updated with web sites known to push spyware, viruses or banner- and pop-up advertisements, to help prevent spyware and viruses from stepping foot into your computer. For more information browse to the Web Filtering Service section of the web site.
A virus which has been recently spreading via email and shared computer folders is timed to destroy certain computer files on the 3rd of February.
According to a Microsoft write-up the virus does not exploit any security bugs in Windows - it requires a user to run a malicious attachment to infect a computer. Please take extra precautions with any suspicious emails, even if they are from a trusted source, and check that your staff/family members are aware of this. Emails with this virus will use two file extensions, for example ".exe.jpg" to disguise the fact it is a program and may also have many spaces between the two extensions for further disguise.
It is vitally important that you check that all of your computers have up-to-date anti-virus installed; in contrast to most prolific viruses over the past few years this will destroy any files with the below file extensions, as well as attempt to stop many anti-virus products from working properly, unless you are protected by Eset's NOD32 which resists cessation attempts. To ensure that your computers are safe from this virus please take a moment to check that your anti-virus is up-to-date; check the table below or ensure your product has been updated since 20th January at the earliest. You should also run a full manual virus scan, be particularly vigilant of emails with attachments and make sure that not only are you taking backup copies of your computer files, but that those backups have been tested.
| Extn. | Type of file |
|---|---|
| .doc | Microsoft Word document |
| .xls | Microsoft Excel spreadsheet |
| .mdb | Microsoft Access database |
| .mde | Microsoft Access database |
| .ppt | Microsoft PowerPoint document |
| .pps | Microsoft PowerPoint document |
| .zip | Compressed (zipped) file |
| .rar | Compressed file |
| Adobe Portable Document Format file | |
| .psd | Adobe Photoshop file |
| .dmp | Oracle database |
| Product | Detected as | Earliest definitions required |
|---|---|---|
| Eset NOD32 | VB.NEI | 18th January |
| McAfee VirusScan | MyWife | 25th January |
| Symantec Norton Antivirus | Blackmal | 17th January |
| Grisoft AVG Free | Generic FX!CME-24 | Unknown - ensure AVG is up-to-date |
Note: this list is not exclusive, if you use a different vendor you should check at their web site for further details.
