Your daily technology class with Professor Randy!!

Randy The Tech Professor

February 24, 2014 at 9:02 pm

Third Party Program Updates For The Month Of February 2014

update third party programsHello everyone,

In this March post I told you about three great programs that will show you all of your computers third party program vulnerabilities, and then download and install the latest vulnerability fixes. Great stuff!

Speaking of vulnerabilities, here is a chart of the non-MS patches that affected Windows platforms in the current month of February 2014. Get updated asap!

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / My Recommendation

APSB14-07

Adobe Flash Player

Windows/Mac 12.0.0.44 and earlier Linux 11.2.202.336 and earlier

2/20/2014

Arbitrary Code Execution

Critical: Priority 1/ Upgrade within 72 hours if possible

APSB14-07

Adobe Air

Windows/Mac/Android 3.9.0.1390 and earlier

2/20/2014

Arbitrary Code Execution

Critical: Priority 3/Upgrade at admin’s discretion

APSB14-06

Adobe Shockwave Player

Windows/Mac 12.0.7.148 and earlier

2/11/2014

Arbitrary Code Execution, Denial of Service

Critical: Priority 1/ Upgrade within 72 hours if possible

iOS 7.0.6/6.1.6

Apple

Before iOS 7.06 and before iOS 6.1.6

2/21/2014

Data Integrity, Information Disclosure

Recommended

33.0.1750.117

Chrome

Windows/Mac/Linux Before 33.0.1750.117

2/20/2014

Arbitrary Code Execution, Denial of Service, Security Bypass, Information Disclosure

Recommended: Upgrade after testing

27 ESR 24.3

Mozilla Firefox

Before Firefox 27 and ESR 24.3

2/4/2014

Arbitrary Code Execution, Denial of Service, Security Bypass, Information Disclosure

Recommended: Upgrade after testing

24.3

Mozilla Thunderbird

Before Thunderbird 24.3

2/4/2014

Arbitrary Code Execution, Information Disclosure

Recommended: Upgrade after testing

2.24

Mozilla SeaMonkey

Before 2.24

2/4/2014

Arbitrary Code Execution, Denial of Service, Security Bypass, Information Disclosure

Recommended: Upgrade after testing

Best wishes,
Randy The Tech Professor

Tags: , ,
comments Comments (0)    -
January 27, 2014 at 10:17 pm

Third Party Program Updates For The Month Of January 2014

risks-associated-with-third-party-software-2

Hello everyone,

In this March post I told you about three great programs that will show you all of your computers third party program vulnerabilities, and then download and install the latest vulnerability fixes. Great stuff!

Speaking of vulnerabilities, here is a chart of the non-MS patches that affected Windows platforms in the past month of January 2014. Get updated asap!

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / My Recommendation

APSB14-01

Adobe Reader / Adobe Acrobat

Windows/Mac XI 11.0.05 and earlier / X 10.1.8 and earlier

1/14/2014

Arbitrary Code Execution or Denial of Service

Critical: Priority 1/ Upgrade within 72 hours if possible

APSB14-02

Adobe Flash Player

Windows/Mac 11.9.900.170 and earlier / Linux 11.2.202.332 and earlier

1/14/2014

Arbitrary Code Execution

Critical: Priority 1/ Upgrade within 72 hours if possible

APSB14-02

Adobe Air

Windows/Mac 3.9.0.1380 and earlier

1/14/2014

Arbitrary Code Execution

Critical: Priority 3/ Upgrade at admin’s discretion

APSB14-03

Adobe Digital Editions

Windows/Mac 2.01

1/22/2014

Arbitrary Code Execution

Critical: Priority 3/ Upgrade at admin’s discretion

11.1.4

iTunes

Windows/Mac

Prior to 11.1.4

1/22/2014

Arbitrary Code Execution, Denial of Service

Recommended

5.1/2.1

Pages

OSX/iOS prior to Pages 5.1 or 2.1

1/23/2014

Arbitrary Code Execution, Denial of Service

Recommended

7u51

Oracle Java SE, Java FX, Java SE Embedded

SE 7u45 and earlier, SE 6u65 and earlier, SE 5.0u55 and earlier, SE Embedded 7u45 and earlier, JavaFX 2.2.45 and earlier

1/14/2014

36 security vulnerabilities fixed of which 34 may be remotely exploitable without authentication

Critical: Upgrade to latest release

32.0.1700.76and 32.0.1700.77

Chrome

Windows before 32.0.1700.76 Linux/Mac Before 32.0.1700.77

1/14/2014

Denial of service, improper sync, address bar spoofing

Recommended: Upgrade after testing

Best wishes,
Randy The Tech Professor

Tags: , ,
comments Comments (1)    -
January 20, 2014 at 11:41 am

When An SSD Will Not Increase Your Computers Speed

Samsung SSDHello everyone,

The SSD (Solid State Drive) is the greatest invention since “sliced bread”. Installing an SSD can cut boot times down to below ten seconds and open programs so fast that your head will swim! The greatest single speed upgrade for your computer is without doubt the installation of a Solid State Drive.

Yet many people install an SSD, and see little or no speed increase. What’s up?

Take a look at this beautiful Solid State Drive: A super fast SSD indeed, but will your computer  be able to utilize this speed? If your computer motherboard does not have the adequate bus speed, then you will never see the true benefits of your SSD.

It all depends upon what version of SATA ports are on your motherboard. If your motherboard does not have high speed SATA connections (SATA3 at 6Gb/s), then your I/O bus will bog down well before you can experience the speed of the SSD.

If you connect a 6Gb/s capable SSD to a SATA2 port then you will only get 3Gb/s. If you connect a 6Gb/s SSD to a SATA1 port, then your throughput will only be 1.5Gb/s.

If you have an older computer/motherboard and you want to enjoy the incredible speed of an SSD drive, you may be able to add a SATA 3 card. Even better would be to get a PCIe card and connect the SSD to the PCIe bus instead of the SATA bus. When installing an expansion card, please make sure that your motherboard is compatible.

Professor Randy says: An SSD will change your computing life! Just make sure that your motherboard has the correct ports in order to take full advantage of the drive.

 

Tags: , ,
comments Comments (0)    -
January 8, 2014 at 10:02 pm

How I Eradicate The Plague Of Toolbars, Browser Highjackers, Add-Ons, and Extensions (Part 2)

malicious browser add-on

Hello everyone,

In part 1 of this post I named sixteen malicious programs/items that are secretly installing themselves to the Google Chrome, Mozilla Firefox, and Microsoft Internet Explorer browsers. I talked about another well known one here.

These malicious items cause annoying pop-ups, pop-unders, banners, and coupons. They change Windows start-up settings and Internet browser settings. They change the homepage, redirect browser searches, and generally make  Internet browsing experience hell! Ultimately they will ruin the computers functionality!

In todays post I would like to show you how to get rid of these unwanted, unwelcome, and infectious browser plug-ins.

1) Some, but not all of these “crap entities” will show up on your computer as installed programs. Uninstall them completely using Revo Uninstaller (free version). Revo Uninstaller is a much faster and more powerful alternative to “Windows Programs and Features (Add or Remove Programs)” applet! It has very powerful features to uninstall and remove programs.

2) The rest of these “crap entities” will show up in your browers as plug-ins/extensions. You must remove them from each browser that you have on your machine. This is how you do it:

A) Firefox (make sure your Menu Bar is enabled)

Tools>Add-ons>Extensions>Remove

B) Internet Explorer (enable Menu Bar)

Tools>Manage add-ons>Toolbars and Extensions>Highlight the plug-in>Disable

C) Chrome (click on the three horizontal bars in top right corner)

Tools>Extensions>Remove from Chrome (click on the trash can)

Professor Randy says: Don’t allow these unscrupulous programs to usurp your computer user joy! You are in control of your machine, not them! If they do manage to attach themselves to your browser, eradicate them fully using the above method.

 

 

 

Tags: , , ,
comments Comments (0)    -
January 7, 2014 at 11:01 am

Third Party Program Updates For The Month Of December 2013

third party patchesHello everyone,

In this March post I told you about three great programs that will show you all of your computers third party program vulnerabilities, and then download and install the latest vulnerability fixes. Great stuff!

Speaking of vulnerabilities, here is a chart of the non-MS patches that affected Windows platforms in the past month of December 2013. Get updated asap!

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / My Recommendation

APSB13-28

Adobe Flash Player

Windows/Mac 11.9.900.152 and earlier Linux 11.2.202.327 and earlier

12/10/2013

Arbitrary Code Execution or Denial of Service

Critical: Priority 1/ Upgrade within 72 hours if possible

APSB13-28

Adobe Air

Windows/Mac/Android 3.9.0.1210 and earlier

12/10/2013

Remote Code Execution or Denial of Service

Critical: Priority 3 (upgrade at admin’s discretion)

APSB13-29

Adobe Shockwave Player

Windows/Mac 12.0.6.147 and earlier

12/10/2013

Arbitrary Code Execution or Denial of Service

Critical: Priority 1/ upgrade within 72 hours

6.1.1/7.0.1

Apple Safari

Safari 6.1.1 and 7.0.1

12/16/2013

Arbitrary Code Execution, Denial of Service, and credential disclosure

Critical: Upgrade to latest release

26/ESR 24.2

Firefox

Before Firefox 26 and ESR 24.2

12/10/2013

Denial of Service, Arbitrary Code Execution, Cross Site Scripting, Security Control Bypass

Critical: Upgrade to latest release

24.2

Thunderbird

Before 24.2

12/10/2013

Arbitrary Code Execution, Denial of Service

Critical: Upgrade to latest release

2.23

Seamonkey

Before 2.23

12/10/2013

Arbitrary Code Execution, Denial of Service, Security Control Bypass,

Critical: Upgrade to latest release

31.0.1650.63

Chrome

Before 31.0.1650.63

12/4/2013

Denial of Service, Web Session Hijack, AddressBar Spoofing

Recommended: Upgrade after testing

17.0.4.61

RealPlayer

Before 17.0.4.61

12/20/2013

Arbitrary Code Execution

Critical: Upgrade to latest release

Best wishes,

Randy The Tech Professor

Tags: , ,
comments Comments (0)    -
December 17, 2013 at 8:47 pm

How I Fixed The Conduit Background Container.dll Run Error

How-to-remove-adware-Conduit-search-toolbar-virus-from-Explorer-Firefox-ChromeHello everyone,

A while back in this post I wrote about the plague of malicious toolbars, browser hijackers, browser add-ons, and browser extensions. One of the most prominent of these insidious, unwanted programs is a little gem called Conduit.

Conduit is a browser hijacker, which is promoted via other free downloads, and once installed will add the Conduit Toolbar which will change your browser homepage and default search engine to search.conduit.com.

Conduit Search will display advertisements and sponsored links in your search results, and may collect search terms from your search queries. The Conduit infection is used to boost advertising revenue, as in the use of blackhat SEO, to inflate a site’s page ranking in search results.

Conduit it’s technically not a virus, but it does exhibit plenty of malicious traits, such as rootkit capabilities to hook deep into the operating system, browser hijacking, and in general just interfering with the user experience. The industry generally refers to it as a “PUP,” or potentially unwanted program.

Many times after I remove Conduit, I get the following RunDLL “Error loading…” message on boot up:

c:\users\ed\appData\local\conduit\backgroundcontainer\background container.dll

This is because a Conduit orphaned registry entry still remains (even after removal), and is telling Windows to load the file upon boot up.

Here is the fix:

1. Go to Start > Control Panel > Administrative Tools.
2. Open Task Scheduler and click on Task Scheduler Library.
3. Look through the list for an entry related to BackgroundContainer.
4. If found, right-click on it and select Delete.
5. Exit all programs and reboot the computer when done.

Professor Randy says: Be extra cautious when downloading third-party browser add-ons, extensions, plugins, toolbars, browser helper objects, and generally most software. Conduit may “come along for the ride”.

 

Tags: , ,
comments Comments (15)    -
November 26, 2013 at 8:23 pm

Third Party Program Updates For The Month Of November 2013

Hello everyone,

In this March post I told you about three great programs that will show you all of your computers third party program vulnerabilities, and then download and install the latest vulnerability fixes. Great stuff!

Speaking of vulnerabilities, here is a chart of the non-MS patches that affected Windows platforms in the present month of November 2013. Get updated asap!

 

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

APSB13-26

Adobe Flash Player

Windows 11.9.900.117 and earlier

11/12/2013

Remote Code Execution or Denial of Service

Critical: Priority 1/ Upgrade within 72 hours if possible

APSB13-26

Adobe Air

Windows 3.9.0.1030 and earlier

11/12/2013

Remote Code Execution or Denial of Service

Critical: Priority 3 (upgrade at admin’s discretion)

APSB13-27

Cold Fusion

All Platforms Versions 10, 9.0.2, 9.0.1 and 9.0

11/12/2013

Cross Site Scripting Vulnerability

Important: Priority 1/ upgrade within 72 hours

31.0.1650.57

Google Chrome

All Platforms before 31.0.1650.57

11/14/2013

Remote Code Execution or Denial of Service

Critical: Upgrade to latest release

MFSA 2013-103

Firefox

Before 25.0.1

11/15/2013

Remote Code Execution or Denial of Service

Critical: upgrade to latest release

MFSA 2013-103

Thunderbird

Before 24.1.1

11/15/2013

Remote Code Execution or Denial of Service

Critical: upgrade to latest release

MFSA 2013-103

Seamonkey

Before 2.22.1

11/15/2013

Remote Code Execution or Denial of Service

Critical: upgrade to latest release

 

Tags: ,
comments Comments (0)    -
November 2, 2013 at 1:54 pm

What You Should Know About The CryptoLocker Virus

cryptolockerHello everyone,

CryptoLocker is an awful virus that an alarming amount of people are falling victim to. It presents itself in the form of an email message that will look familiar and authentic (it will apper as from legitimate businesses and as fake FedEx, DHL, and UPS tracking notifications). This could also be something from a bank or paypal, prompting you to click a link. It may look like a .PDF file, but in reality it’s an executable file that launches the virus.

Once it’s opened, it encrypts all of the documents in your personal “Documents” folder, and can even reach out to files on thumb drives and networks. It uses strong encryption that truly no one can decrypt, and the only way you would be able to get the data back is by paying $300 for the key. If you don’t pay within 72 hours, the virus authors delete the key and the data is gone forever. To make matters worse, law enforcement has been shutting down servers that contain keys. So even if you were to pay within 72 hours, there’s still no guarantee you will be able to get to your data.

CryptoLocker has also managed to get past AntiVirus programs, although there is a free tool that will supposedly prevent its infection. The problem is, if it gets traction, the CryptoLocker virus authors can easily circumvent it making that tool ineffective. It’s very important to be careful when clicking links that are sent to you.

This means backup is more important than ever. However, you have to be careful how you’re backing up also. If you’re backing up to shared network attached storage for example, that may not be enough. If CryptoLocker can see the files, it will encrypt those also. Furthermore, if you don’t catch it right away, you may end up backing up the encrypted files over top of the unencrypted files. It’s important to have a backup system that supports versioning, or something that allows you to roll back to a prior version of your files.

Professor Randy says: The CryptoLocker virus is really nasty! Protect yourself by backing up all data, and by not clicking on e-mail links unless you’re absoleutely sure where they came from!

Tags:
comments Comments (0)    -
November 2, 2013 at 12:37 pm

Third Party Program Updates For October 2013

Hello everyone,

In this March post I told you about a great program that will show you all of your computers third party program vulnerabilities, and then download and install the latest vulnerability fixes. Great stuff!

Speaking of vulnerabilities, here is a chart of the non-MS patches that affected Windows platforms in the past month of October. Get updated asap!

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

APSB13-25

Adobe Reader and Acrobat XI

For Windows, version 11.0.04. Version 10.1.8 and earlier not affected

10/8/2013

Remote Code – allows remote attackers to execute arbitray code via PDF’s

Critical: Priority 2 / upgrade within 30 days

APSB13-24

Adobe Robohelp

10 for Windows

10/8/2013

Remote Code – allows attackers to execute arbitray code or cause DoS

Critical: Priority 3 (upgrade at admin’s discretion)

6.0

Apple Keynote

OS X Mavericks v10.9 or later

10/22/2013

Requires physical access to machine. Screen may be unlocked if put to sleep while Keynote is in presentation mode

Low: install as needed

11.1.2

Apple iTunes

Windows 7, Vista, and XP SP2 or later

10/23/2013

Possible arbitrary code execution

Recommended

30.0.1599.101

Google Chrome

Windows, Mac, Linux, and Chrome Frame

10/1/2013

50+ security vulnerabilities fixed

Critical: Includes fixes to High priority bugs. Google recommends letting the browser update automatically.

30.0.1599.114

Google Chrome

Linux Only

10/22/2013

1 bug fix, resolves issues installing x32 version

Low: install as needed

7u45

Oracle Java SE, Java FX, Java SE Embedded

SE 7u40 and earlier, SE 6u60 and earlier, SE 5.0u51 and earlier, SE Embedded 7u40 and earlier, JavaFX 2.2.40 and earlier

10/22/2013

50+ security vulnerabilities fixed of which 50 may be remotely exploitable without authentication

Critical: upgrade to latest release

Best wishes,
Randy The Tech Professor

Tags: , ,
comments Comments (0)    -
October 6, 2013 at 12:28 pm

How I Eradicate The Plague Of Toolbars, Browser Highjackers, Add-Ons, and Extensions (Part 1)

webbrowsersearch-homepage

Hello everyone,

Note: Part 2 of this post can be found here

In just the past month I have witnessed a veritable plague in my area of computer repair work. Unwanted items are almost secretly installing themselves to the Google Chrome, Mozilla Firefox, and Microsoft Internet Explorer browsers. Many of my great clients are seniors and they are being “suckered” into installing these unwanted programs.

These malicious items cause annoying pop-ups, pop-unders, banners, and coupons. They change Windows start-up settings and Internet browser settings. They change the homepage, redirect browser searches, and generally make  Internet browsing experience hell! Ultimately they will ruin the computers functionality!

These vicious little programs primarily bundle with third party software, most often freeware and shareware. Once in a while the user may be given the opportunity to decline the offer to install the “piggyback” item, but many times the offer is presented in a manner that attempts to trick the user. Often these malicious programs will install even if declined!

Here is a list of what I’ve eliminated from ten or so machines in the past month (no particular order):

1) Shop At Home Toolbar

2) Inbox Toolbar

3) Ask Toolbar

4) MapsGalaxy Toolbar

5) CouponBar

6) Babylon Toolbar

7) VAFMusic4 Toolbar

8) Snap.do

9) WebCake

10) Blekko Search Bar

11) Yontoo

12) WebSearch Toolbar

13) Default Tab

14) SaltarSmart

15) Win32/AddLyrics

16) Delta-homes.com (redirect)

In my next post I will explain how to rid your computer of these “plagues”.

Professor Randy says: Certain unfriendly entities want to enter your computer without your knowledge. First, be aware or who/what they are, and second, learn how to protect yourself from them!

 

 

 

Tags: , , , ,
comments Comments (0)    -