HOWEVER I followed these instructions and found that there is a gateway to let the virus in through the MSN interface when you right click and try to get to your inbox, it takes you to a webpage (that the web browser tells you is bad – but some people may ignore this warning!) and then re-installs the software.

To combat this uninstall MSN messenger and then reinstall it – and you should be good to go. Please leave a comment if you have found any other solutions / gateways left by this annoyance!

BitDefender AV
Fujitsu Shock Sensor
Jiangmin KV Antivirus 10
Jiangmin KV Antivirus 2008
Trend Micro Internet Security
Zone Alarm Security Suite
Iron Speed Designer
Xheo Licensing
Free Allegiance
NYT Reader
Rising Personal Firewall
Novell ZCM Agent

Also some drivers could affect and hinder the installation of this update, specially some older Realtek AC and Intel drivers. Detailed information can be found on Vista’s official blog on how to bypass/fix these problems.

The automatic update wont be available until mid April but it can be downloaded from Microsoft and installed manually. The update is only available for download in 5 languages with 31 others to follow by the time the automatic update starts in April.

Technorati Tags: vista update, sp1, microsoft

The firm said that the fault, which affected software packaged with memory sticks, was developed by a third-party.

Sony said it was conducting an internal investigation into the problem and would offer a fix “by mid-September”.

The vulnerability, found by security firm F-secure, was similar to one found on CDs sold by Sony BMG in 2005.

That led to the discs being recalled and several lawsuits against the record label.

A Sony spokesperson said of the latest vulnerability: “While relatively small numbers of these models were sold, we are taking the matter seriously and conducting an internal investigation. No customers have reported problems related to situation to date.”

Surprise flaw

The flaw affects three models of Sony’s MicroVault USB sticks with fingerprint readers.

CD being put into computer
Security flaws were also discovered on Sony BMG CDs in 2005

Although the spokesperson said that the models have now been discontinued, they are still available to purchase through several websites.

The flaw was in software that came bundled with the USB devices. The program used virus-like techniques to create a hidden directory on a computer’s hard drive.

Researchers at F-secure said that a hacker could then infect a computer as any files stored on the hidden directory would be invisible to the user and also from some virus scanners and security software.

“The apparent intent was to cloak sensitive files related to the fingerprint verification feature included on the USB drives,” said researchers at security firm McAfee, who also investigated the flaw.

“However, in this case the authors apparently did not keep the security implications in mind.”

Researchers at both F-secure and MacAfee expressed surprise at the flaw, as Sony has faced similar problems in the past.

In 2005, Sony BMG sold CDs bundled with XCP digital-rights management (DRM) software, installed as an anti-piracy measure. It also left machines open to exploit by malicious programmers and computer virus writers.

In addition, researchers found vulnerabilities in another program, known as MediaMax, used by the firm on other CDs. In all, millions of discs sold in North America were thought to have been sold that used the controversial programs.

Quick fix

However, security researchers said that latest flaw was not as serious.

“In a nutshell, the USB case is not as bad as the XCP DRM case,” said a blog entry on the F-secure website.

As well as differences in how the software was installed and operated, the researchers said there was a legitimate case for having the software on the USB sticks

“Sony is attempting to protect the user’s own data. In the DRM case, Sony was attempting to restrict you – the user – from accessing the music on the CD you bought.

“So their intent was more beneficial to the consumer in this case.”

F-secure is assisting Sony with their investigation.

The Sony spokesperson said: “While the software at the issue was developed by a third-party vendor in conjunction with our outsourced device manufacturer, as a precaution and to alleviate any potential concerns, we will be issuing a downloadable software to address the situation by mid-September.”

Extracted from: http://news.bbc.co.uk/2/hi/technology/6975838.stm

In contrast, 50 percent of respondents said that their company did not block access to Facebook, with eight percent specifying that the reason was fear of employee backlash.

A second poll showed that 66 percent of workers were concerned that their colleagues were sharing too much information on Facebook, which could lead to identity theft and targeted phishing attacks against the company.

Survey results

Sophos online survey, 600 respondents, 31 July – 13 August 2007.

Sophos online survey, 287 respondents, 13 August – 21 August 2007.

According to Sophos, a large number of Facebook profile pages contain users’ current employment details, which could be used together with other stolen information by cybercriminals bent on committing corporate fraud, or to infiltrate company networks. Last week, Sophos published research showing that 41 percent of Facebook users were prepared to divulge personal information to a complete stranger (a small plastic frog called Freddi Staur), highlighting the extent of the problem facing businesses.

“Companies are split on the question of Facebook. Some believe it to be a procrastinator’s paradise which can lead to identity theft if users are careless. Others either view it as a valuable networking tool for workers or are too nervous of employees backlash if the site is suddenly blocked,” said Graham Cluley, senior technology consultant at Sophos. “Companies need to make their own mind up as to whether they want to allow their users to access websites like Facebook and MySpace during office hours. If workers are allowed to be given access to these sites then it’s imperative that they are taught best practices to ensure that they are not putting their personal and corporate data at risk. Five minutes spent learning the ins-and-outs of Facebook’s privacy settings, for instance, could save a lot of heartache later.”

Sophos has reported a rise in the number of customers using its Web Security and Control appliance to block social networking websites like MySpace, Bebo and Facebook.

LloydsTSB, Credit Suisse, and Goldman Sachs are amongst the companies reported to have blocked employees from visiting Facebook.

“More businesses are restricting access to these kinds of sites. Employees may not like it, but these websites can represent a security risk if used carelessly. Unless there’s a work purpose, many firms do not see any reason why staff should need to access them during work time,” continued Cluley. “Companies are increasingly looking to secure and control their workers’ web activity because of the impact it can have on the company in terms of productivity, bandwidth and security.”

Extracted from: Sophos e-newsletter 21st August 2007 

With our new Microsoft Exchange 2003 SP2 set-up we knew that there were anti-Spam features built in, but we were not sure why they were working. For some reason that I’m sure Microsoft knows, but as a small non-profit we don’t really understand, the anti-spam feature was disabled in the default installation. After reading up a bit more, and doing some searching on-line I came across an article that explained how to set up the Intelligent Message Filter in Exchange SP2.

Only time will tell, but I hope that this will cut down on the Spam that our staff need to filter through on a daily basis.

Technorati Tags: microsoft exchange, spam, anti-spam

I have never had any problems with it and it has saved me from a few viruses. It will automatically update if you tell it to.

Our favorite product for our free firewall is IPCop, which is an open-source product currently up to version 1.4.11. The free firewall will run even on low powered equipment that would otherwise probably be retired in most settings.

Here is a list of some of the features that are built into the base level installation of IPCop:

• Secure https web administration GUI
• DHCP Server
• Proxying (Squid)
• DNS Proxying
• Dynamic DNS
• Time Server
• Traffic Shaping
• Traffic/Systems/Firewall/IDS graphing
• Intrusion Detection (Snort)
• ISDN/ADSL device support
• VPN (IPSec/PPTP) functionality

One of the great things about IPCop is that you can quite easily expand the firewall with quite a few add-ons that are readily available on the Web.

The IPCop web-site has very good documentation for how to set-up the firewall, if you are looking for a more robust package though you can find instructions on installing IPCop + Copfilter over at HowtoForge: The Perfect Linux Firewall Part I — IPCop.

This is the process that we went through when we last built an IPCop firewall and it produces a very robust and easily managed free firewall solution.