Homeland Security: Don’t use Internet Explorer due to bug

ieSAN FRANCISCO – The U.S. Department of Homeland security is advising Americans not to use the Internet Explorer Web browser until a fix is found for a serious security flaw that came to light over the weekend.

The bug was announced on Saturday by FireEye Research Labs, an Internet security software company based in Milpitas, Calif.

“We are currently unaware of a practical solution to this problem,” the Department of Homeland Security’s United States Computer Emergency Readiness Team said in a post Monday morning.

It recommended that users and administrators “consider employing an alternative Web browser until an official update is available.” We Recommend Chrome.

The security flaw allows malicious hackers to get around security protections in the Windows operating system. They then can be infected when visiting a compromised website.

Because the hack uses a corrupted Adobe Flash file to attack the victim’s computer, users can avoid it by turning off Adobe Flash.

“The attack will not work without Adobe Flash,” FireEye said. “Disabling the Flash plugin within IE will prevent the exploit from functioning.”

While the bug affects all versions of Internet Explorer six through 10 it is currently targeting IE9 and IE10, FireEye stated.

The attacks do not appear to be widespread at this time. Microsoft said it was “aware of limited, targeted attacks that attempt to exploit” the vulnerability.

These are called “watering hole attacks,” said Satnam Narang, a threat researcher with computer security company Symantec in Mountain View, Calif..

Rather than directly reach out to a victim, the hackers inject their code into a “normal, everyday website” that the victim visits, he said. Code hidden on the site then infects their computers.

“It’s called a watering hole attack because if you’re a lion, you go to the watering hole because you know that’s where the animals go to drink.”

FireEye said the hackers exploiting the bug are calling their campaign “Operation Clandestine Fox.”

Microsoft confirmed Saturday that it is working to fix the code that allows Internet Explorer versions six through 11 to be exploited by the vulnerability. As of Monday morning, no fix had been posted.

Microsoft typically releases security patches on the first Tuesday of each month, what’s known as Patch Tuesday. The next oneis Tuesday, May 6. Whether the company will release a patch for this vulnerability before that isn’t known.

About 55% of PC computers run one of those versions of Internet Explorer, according to the technology research firm NetMarketShare. About 25% run either IE9 or IE10.

Computer users who are running the Windows XP operating system are out of luck. Microsoft discontinued support of the system on April 8.

Symantec is offering XP users tools to protect themselves, which it has made available on its blog.

Exchange Server 2003 End of Life and Whats Next

exchangeExchange Server 2003 End of Life

Is e-mail functionality and security important for your business? I have no doubt that it is! Unfortunately, Microsoft ended support for Windows Exchange Server 2003 on April 13, 2014. So what does that mean for your business? Security issues, incompatibility issues, and performance issues – with no help. These aren’t necessarily issues that your i.t. staff can fix, as they are mainly at the code level.
What are the alternatives to Exchange Server 2003?

Exchange Server 2013 – The latest and greatest from Microsoft. Everything you need to have a true replacement to 2003. For most small organizations a full version of exchange 2013 onsite doesn’t make a lot of sense. There is a large upfront cost of software and licensing and much more ongoing server maintenance.

Look to the “Cloud” Exchange Online and/or Office 365 offer a good option for small and medium sized organizations to get the same enterprise class email, security and performance as an on premise installation for a monthly or annual subscription price per user. this is a great option as it allows businesses to scale for growth easily.

Linux Mail Server and Zimbra are also options as a mail server replacement.

Common Questions

Q: I’m still running Small Business Server 2003, what version of Exchange runs with that?  A: You have Exchange 2003!

Q: I heard there is no Small Business Server (SBS) version with Exchange 2013?  A: True, Microsoft’s last SBS bundle was SBS 2011 which included Exchange 2010.  Microsoft now offers Windows Server 2012 Essentials which has some integration features for Office 365 but they do not offer a bundled product any longer.

What is Windows XP end of support?

I’ve received lots of calls from panicked friends and family about the dreaded Windows XP end of support. i usually respond with you’re really still using an XP machine? Just kidding…i actually have one myself though it has been used only for testing for quite sometime. For those of you who don’t know what “End of Life” Means for you I’ll help clarify.
endoflifexpMicrosoft provided support for Windows XP for the past 12 years and has decided no longer to waste resources on an obsolete OS. As a result, technical assistance for Windows XP is no longer available, including automatic updates that help protect your PC from Viruses and hackers. Microsoft has also stopped providing Microsoft Security Essentials for download on Windows XP. (If you already have Microsoft Security Essentials installed, you will continue to receive antimalware signature updates for a limited time, but this does not mean that your PC is secure because Microsoft is no longer providing security updates to help protect your PC.)

If you continue to use Windows XP now that support has ended, your computer will still work but it might become more vulnerable to security risks and viruses. Internet Explorer 8 is also no longer supported, so if your Windows XP PC is connected to the Internet and you use Internet Explorer 8 to surf the web, you might be exposing your PC to additional threats. Also, as more software and hardware manufacturers continue to optimize for more recent versions of Windows, you can expect to encounter more apps and devices that do not work with Windows XP.

Other Notable Applications that haven’t been so predominantly announced on the media with support ending include Exchange Server 2003 (if you still use SBS 2003 this affects you!) and Office 2003.

In my opinion, with Microsoft’s recent announcement to bring back the start menu in windows 8.1 I think now is a great time for you to invest in a new PC.

Microsoft Announces the Return of the Start Menu in a Future Windows 8.1 Update

microsoft-windows-8-logoBig news was announced by Microsoft’s executive vice president of the Operating Systems group last week.

He announced and demonstrated a new Windows start menu, which behaves similarly to the Windows start menu that millions of desktop users are used to and enjoy. Myerson also said that the new start menu would be available as a (presumably free) update for all Windows 8.1 users, but won’t likely be part of the just-announced Windows 8.1 Update.

I’ve received dozens of emails from people since Windows 8 rolled out about what they don’t like about it and why they don’t want to deploy it for their users and by far the largest complaint was the lack of a traditional Windows start button and start menu.
I personally am excited by this news and hope this may be the push we all need to begin adapting the new 8.1 Operating System on desktop computers.  I’d love to hear what you think, email with your thoughts, or contact me on Twitter or Facebook.

Should I Upgrade or Replace my Computer?

old-ibm-300x219A lot of people ask me “Should I upgrade or replace my computer?”  Typically, they have hit a crossroad and are trying to take a older or slow computer and make it run faster or run a particular piece of newer software not compatible with their current system.  The problem is that most people simply don’t know when it’s worth it to upgrade and when it’s time to just replace their PC.   Hopefully this will help guide your decision or at least give you a few things to consider.

First, Lets discuss why computers are “slow” or inadequate. When you purchase a new computer, it typically only has the operating system and perhaps a few applications preinstalled. Over the course of a few years, you create, copy and delete thousands of files and likely install dozens of new applications and plugins that you require to operate. You will surf the web, play games, send countless emails and more. So what’s causing the slow down? The short answer is it’s probably a combination of a lot of these things.

Many applications have services which continually run and consume memory.  Turn all of those off unless you are sure that you run that application all of the time. For example, if you look at PDFs daily, you would want that feature enabled for Adobe Acrobat. Another culprit is caused by users who are simply trying to be very safe online. Users who have more than one anti-virus or anti-spyware product installed are making the computer crawl since those products usually read and process every single byte of every single file written-to and read-from the hard drive.  You only need 1 anti-virus product and should consider running anti-spyware scans weekly. Ensure that your anti-virus product keeps its definitions up-to-date and you should be good.

Common Items that cause poor PC performance If you have less than 2GB RAM and are trying to run the latest software and OS, I would say that you are probably going to suffer when it comes to user experience. Generally a $50-75 hardware upgrade will get you to another 2+GB and your computer will usually run much better especially when multitasking.

If things just take a long time to load (from click to on-screen), the problem may be a slow hard drive. Traditional Hard Disks (HDD) run at 5400RPM or 7200RPM.  There are some out there that run at 10,000RPM (10k) and even 15,000RPM but generally these will be located on servers. Newer PC’s are taking advantage of Solida State Drives (SSD)  For the ultimate in disk performance consider these as a possible upgrade.

Viruses and Malware are also huge culprits when it comes to Computer performance.  Ensure you are scanning regularly but ensure that you’re only running 1 version on antivurus!

When does it make sense just to replace? Sometimes it just doesn’t make sense to upgrade because no matter what you do, the system just can’t improve in performance enough to run modern applications. The other cutoff is when the amount of installation time + the amount of hardware cost outweigh the costs of a new PC.  You should also consider most new PC’s have a warranty so if your PC is older than 3-4 years or out of warranty you will want to factor that in as well.

Don’t bother upgrading your computer if:

  • You want great performance with the latest apps and your PC is more than 3yrs old.
  • You are planning on getting a new system within a year anyway.
  • You like to have current hardware warranties.

Consider Upgrading your Computer if all you require is:

  • More storage space for files such as videos, music or photos.
  • A better monitor, mouse or keyboard (Peripherals)
  • Wireless capabilities
  • Additional Memory (RAM) for multitasking

Generally you will spend several hours doing new system upgrade/installs if you want to upgrade so if you’re not doing the upgrades yourself you should evaluate the service time + software + hardware cost.  On any PC out of warranty and/or older than 3yrs I always urge my client to go for new equipment since a complete reinstall can cost several hundred dollars in consulting time alone.  Just remember the old adage, “You get what you pay for” when going new.  Those $300-$500 PC’s usually aren’t the way to go. I often see uninformed businesses purchase equipment best kept for home use. Don’t waste your money, call Us BEFORE you decide to upgrade or purchase new equipment.