Tuesday, November 26, 2013

Avoiding Malware and Viruses

Tips for avoiding malware infections (spyware, adware, and scareware):

  • Use Windows 7 or Windows 8.  Windows XP users are 6 times more likely than Windows 8 users and twice as likely that Windows 7 and Vista users to be infected with a virus.  (http://blogs.technet.com/b/mmpc/archive/2013/10/29/infection-rates-and-end-of-support-for-windows-xp.aspx).  For what it's worth, I haven't seen a virus-infected Mac.
  • Uninstall Java.  I know, computers without Java seem crippled.  If it's your work computer it may be required in order to get your job done - big business and governments have implemented any number of systems which require Java.  At home Java may be required to read your email or shop.  In the case that you're at home and need Java consider installing Java, completing the necessary task, then uninstalling it.  I know that's a bit of a headache but it sure beats dealing with a malware infection! (http://www.theguardian.com/technology/askjack/2013/feb/08/java-remove-ask-jack-technology)
  • Uninstall Adobe Reader.  Again, I know this is going to hurt, but it won't be as inconvenient as living without Java.  Shoot, you might even enjoy the alternative apps as they tend to be both faster and more feature rich!  I like Tracker-Software's PDF XChange Viewer.  (http://www.pcworld.com/article/2030153/)
  • Uninstall Adobe Flash Player.  This one is the least productive yet the most prevalent.  I wouldn't blame you for keeping it - some web sites are worthless without it.  That said, there are some who report that, though some web sites don't render as they should, they have been able to live a pretty full Internet life without it.  Uninstall it and see what the Internet is like, you might be pleasantly surprised!  (http://www.hou2600.org/software/six-months-without-adobe-flash-and-i-feel-fine/)
  • Update Windows.  This one should go without saying as it's been said all too many times.  Still, I see healthcare providers, aerospace companies, and grandmothers everywhere who are behind on their updates.  Even IT people are behind on their updates.  Please, for the love of all that is good, update your operating system.
  • Use the latest version of your browser.   The fact is that Chrome, Firefox, and IE all have vulnerabilities, and on any given day one is less vulnerable than the other two.  Keeping your browser up to date is the surest way to prevent infections, regardless of which one you prefer.  I've read that Crome is more secure than Firefox.  I've read that Firefox is more secure than Chrome.  I've read that Internet Explorer 11 is more secure than Firefox or Chrome.  It doesn't matter, use whatever you like or your work requires, just keep it up to date!
  • Block malware sites.  Ad blockers such as AdBlock Plus can go a long way towards preventing malicious code running on your computer as many advertising servers serve up malware as well.  Additionally you might consider using OpenDNS to block malware - OpenDNS takes a bit of work to get going, but once it's going it can not only block malware but pornography and other undesirable content as well.
  • Install antivirus software and keep it up to date.  Microsoft's latest statistics show that just over 50% of users don't have antivirus installed.  Wow.  That's like walking on the beach with no flip-flops - sooner or later you're going to step on something nasty.  Please install antivirus - Microsoft Security Essentials is free and works pretty well.  Safe Mode also offers AVG to our customers at a deep discount - call or email us to find out more!
So these are things you can do to your computer and network, but that's only half of the equation as your computer isn't the one surfing the Internet, reading emails, and clicking links.  The other half is between your ears - an educated computer user is a safe computer user!  These behaviors will help keep you safer when used in conjunction with the above (in many cases these tips work better).
  • Don't click "OK" or "Open" or "I Agree" or even the "X" on popup ads!  Don't even click the red "X" if a security warning or software installer pops up unexpectedly.  On your keyboard press and hold "alt" then press the "F4" key to quit your browser completely.  This will take you away from that awful place and you will have prevented a possible infection.
  • Don't open unexpected e-mail attachments.  Unless you know for certain that someone you know is sending an attachment don't open it.  If its from someone you know and it looks legit, think twice then call the sender and politely ask if they sent you something in your email.  If they didn't, inform them that they may have a virus and recommend professional assistance.
  • Don't open any attachments from Paypal, UPS, Fedex, Amazon, the IRS, or a bank.  It's likely not from them anyway, so it's probably a virus.  If one of those organizations needs to reach you they know other ways besides your e-mail.  Especially the IRS.
Safe Mode offers AVG Antivirus and OpenDNS  - call or email us today to learn more!  We can also manage and monitor your network to fix issues before they become problems.

Monday, October 28, 2013

VirtualBox Error VERR_SUPDRV_COMPONENT_NOT_FOUND on OSX after upgrading to Mavericks

Using VirtualBox 4.2.18 r88780 on OSX I encountered this error in a Win8 Guest after upgrading from my host OS from Lion to Mavericks.  Further testing revealed that it affects all guests, Windows and Linux.  Changing my adapter mode from Bridged to NAT fixed the issue but I could not run in Bridged mode.

Using the uninstall application and removing VirtualBox then reinstalling it fixed the issue.

Tuesday, October 15, 2013

Gateway Status Monitoring on a pfSense

pfSense is an excellent router/gateway/proxy/content filter.  It's not so hot at proactively alerting you if there is a problem.  Nobody has time to stand over their pfSense Webmin Interface and monitor gateway statuses, but it is important to know if a member is down.  An online uptime monitor can solve the problem.

The pfSense is capable of emailing you with notifications of a failed WAN connection, but that presents a chicken and egg problem - how is it supposed to notify you with email if the Internet connection has failed?  The solution that I am currently trying is using uptimerobot.com to ping the public IP of each WAN interface and send me an email if it is down and another once the service is reestablished.

Here are my settings if you want to try it:

  1. Create an account at http://www.uptimerobot.com and set up your notification options.
  2. Log into your pfSense and create a pass rule for each WAN (or Internet-facing Opt) interface for protocol ICMP, source any, destination "WAN IP Address" / "OPT1-IP-Adress" then apply those changes.  See the image that accompanies this post for more details.
  3. Using an Internet-connected remote host ping each of your public IP's and verify that they are visible to the outside world.
  4. Add your public IP's to uptimerobot.com using the +Add Monitor dialog
If anybody knows of a better way I'm all ears - this is a feature that has been requested repeatedly but hasn't ever been implemented.  The hot setup would be an audible alarm upon link failure as well as internal Growl notifications of gateway up/gateway down.

Friday, July 26, 2013

Essential Free Server and Network Tools for the Windows Admin

I don't like spending money but I like getting stuff.  What computer admin doesn't fit into this category?  When I take on a server I find that just a few tools (aside from the hardware vendors monitoring tools) end up living on its desktop.


Ever want to see what's hogging up all your valuable server hard disk space?  Ever want a quick way to see just what a drive contains?  Sequoiaview is useful for all kinds of auditing through the representation of the data on your hard drive using a "tree map."  The size of the box represents the relative size of the file and the colors are indicative of filetype.  Files are then bundled together in their respective folders.  Moving your mouse over the files and folders yields additional information and offers a way to fly over your hard disks data and visualize usage in a very intuitive and insightful manner.  Right clicking offers a way to open an Explorer window in that location so you may further interact with your files.

Roadkil's Unstoppable Copier

This classic tool is useful for both recovery scenarios and for everyday file copies and moves.  Unstoppable Copier is a fast and reliable way to shuffle data around on your hard drives and network.  It seems to move files faster than Explorer and it will attempt to read files with data residing in bad sectors.  Did I mention that it's fast?  If there is an error copying a file it notes the error and moves on - unlike Explorer which, partway through the copy, errors then quits.  Unstoppable Copier can also be batched or scripted, resulting in a flexible fast backup utility if you're not afraid to write a batch file.

Angry IP Scanner

The Angry IP Scanner is my goto for quickly finding out what's connected to the server's LAN. Certainly there are better network IP port scanners available (like NMap) but they can't match Angry's simplicity - often a quick and dirty ping scan is all you need.  It can do port scans as well as gather banners and report NetBIOS information such as the logged in user.  It's not as intrusive as NMap can be and it's very portable.  It doesn't do everything NMap and ZenMap can, but that's OK because it gets the job done.


I like the command line.  When dealing with *nix and Cisco services and devices you can't beat the Zen-like simplicity of a simple flashing curser and the world of possibilities behind it.  Putty brings some of this power to Windows, but the true power lies in the fact that does SSH Port Forwarding - a way to get secure access to your network without a VPN.  See my classic article here for details on the process of using SSH Tunneling to secure Windows Remote Desktop.

Wednesday, July 10, 2013

Outlook 2010 on Windows 7 Repeatedly Prompts for Credentials

This was on Windows 7 with Outlook 2010.  The user had migrated from Exchange on an SBS 2003 to Exchange on Office365.  My coworker Heather did all the dirty work and eventually came up with this solution:

In order to fix this issue, I deleted the Outlook profile and did the following:

Go to Start> Control Panel> User Accounts, click "Manage your credentials", scroll down to "Generic Credentials" and remove from the vault any that start with "MS.Outlook:"

Delete the auto-discover configuration file and restart the outlook.
C:\Users\\AppData\Local\Microsoft\Outlook\xxxxx - Autodiscover.xml

I tried all of these steps minus deleting the outlook profile and it didn’t work for me. However,  I recommend trying it before deleting the profile, to save time if by chance it does work.

Monday, June 10, 2013

Windows 7 - USB Devices Won't Install

I beat myself against this for six hours straight.

The reported symptom was that no new USB devices would install.  During troubleshooting SFC /scannow yielded "Windows Resource Protection could not start the repair service." I received the following error message when I tried to start the Windows Modules Installer service (TrustedInstaller): "System Error 126: The specific module could not be found".  The Installed Updates in Add/Remove Programs was blank.

I Googled this until my fingers bled.  http://support.microsoft.com/kb/959077 seemed like it should help, but it didn't.

Finally, desperate, I called Microsoft.  They said someone would call me back within 4 hours.  Oh well...  So I tried another desperate move:  I copied the "c:\windows\servicing\trustedinstaller.exe" and the four "c:\windows\winsxs\amd64_microsoft-windows-servicingstack…" folders from a known working system to a CD then replaced the files on the affected system with those copied files after taking ownership from trustedinstaller and giving the administrator full control of the required files and folders in the affected system.

It worked!

Monday, April 22, 2013

Reduce Spam Using Exchange 2008

OK, a little further into the 21st Century we were gifted with Exchange 2007 - unfortunately the Spammers don't care what we're running nor how much better we might like it than we did Exchange 2003, so, we start by visiting http://technet.microsoft.com/en-us/library/bb124696(v=exchg.80).aspx and get the info straight from Microsoft.

Well, that wasn't very helpful - first off I'm running Exchange 2008 without the Edge Transport role - don't ask me why, I didn't set it up, a subcontractor did, and he did a lot of things that might be questionable.  I'm not sure if this is even one of them, but I digress. . .

You can access the Antispam settings by installing them in your Hub Transport role by going into the Exchange Shell and entering (replace c:\ with whatever the appropriate drive is):

c:\program files\microsoft\exchange server\scripts\install-antispamagents.ps1

then restart your Exchange Transport with:

restart-service msexchangetransport

You may then open your Exchange Management Console, go under Organization Configuration, click Hub Transport, and find your Anti-Spam Tab.

For more details, see http://www.msexchange.org/articles-tutorials/exchange-server-2007/security-message-hygiene/exchange-server-2007-spam-filtering-features-without-using-exchange-server-2007-edge-server.html

Wednesday, March 27, 2013

Reduce Spam Using Exchange 2003

I understand that this may be six or seven years too late, but many old 2003 servers are still chugging along just fine.  The volume of junk mail, however, continues to increase, and that old server may be unhappy with the ever increasing volume of traffic.  I certainly know that your users aren't happy with it!

Microsoft has made an excellent toolset for reducing the spam (get your No Spam T-Shirt (Google Affiliate Ad) here!) sent through your Exchange 2003 server.  In a future article I will address similar measures for Exchange 2007 and 2010 - the Exchange 2003 just happens to be what I worked on today and noted the steps for tonights blog entry.

  1. If you haven't already ( I won't judge, I promise) download and install Exchange 2003 Service Pack 2.  I'll wait.  Don't know which one you're on?  On your server open the Exchange System Manager, go to Servers, then expand the fifth column, it will tell you there.
  2. Enable filtering based on free Real-Time Black Lists (free RBL?  Wow!) following the instructions at http://support.microsoft.com/kb/823866/en-us and using the following servers:

    Spamhaus        zen.spamhaus.org* (this one gives a return code, see http://www.spamhaus.org/zen/)
    SpamCop        bl.spamcop.net
    Surriel        psbt.surriel.com
    SORBS        dnsbl.sorbs.net
  3. Expand Global Settings then right click Message Delivery then select Properties.  Click the Recipient tab then make certain the "Filter Recipients who are not in the Directory" box is checked.  This prevents your server from bouncing non-deliverable  reports to senders and places the burden of saying "sorry, noone here by that name" on the senders e-mail server where it belongs.
  4. Click the Intelligent Message Filter then change the Block SCL to 8 and set the action to "Reject" - after a few weeks of testing you can set this to "Block".  The difference is that "Reject" sends a non-deliverable report back to the sender, allowing you to diagnose incorrect rejections.  "Block" silently drops the message.
    Set your store and Move to Junk Mail to 6.  Later on you may tweak these if too many messages are marked as spam or you are receiving too much junk.
  5. Now you need to enable your new filters.  In the Exchange System Manager expand Servers, , Protocols, SMTP, then right-click the Default SMTP Virtual Server and select Properties.  Click the Advanced button on the first page, click Edit . . . the select the boxes next to Apply Recipient Filter, Apply Connection Filter, and Apply Intelligent Message Filter.  Save these settings.
  6. Restart your Exchange Store Service (if you've come this far you probably know how. . .)
Now you should send some messages from the outside world to an internal user.  Use Gmail or Outlook.com or whatever you like.

Now that you're sending and receiving like you were before you may not be aware of whether this is really working.  To see some metrics that reveal what's going on behind the scenes you will use the Performance Monitor.

  1. Go to Start, Administrative Tools, and open Performance Monitor.
  2. Delete the default counters then add the following:
    SMTP Server -> Messages Delivered Total
    MS Exchange Transport Filter Sink -> Connections rejected by Block List Providers
    Intelligent Message Filter -> Total Messages Scanned for UCE
    Intelligent Message Filter -> Total Messages Assigned an SCL Rating of 0-9 (add all ten!)
  3. Click OK then change your report type to Histogram or Report.
After a few days you will notice a line at the higher end of the Total Messages Assigned an SCL Rating that is taller than the rest (normally 7 or 8).  This should be what you set your Block SCL to - everything which receives that rating is typically junk and the junk volume often exceeds the volume of legitimate messages.