It’s hard to believe, but it’s update time again already. This is the monthly update and news letter with the details of what’s going on and I’m going to try something a little different this month. After talking with a lot of the folks that get this monthly newsletter though, I’m going to try making a few changes to make it more user friendly and readable and I’d love to get your feedback on how we can make it easier to read and / or more usable for you.
Cyber Tech Cafe – As many of you already know, we are in the proces of suspending our hosting operation. Website and email hosting was one of the first services that we offered when we started the company so the decision to discontinue was a difficult one but one that will be a win win for everyone. I noted in my post earlier this week that we would be announcing our hosting partner later this week and I’m excited to announce that we have partnered with Domain.com for website and email hosting. We looked at several options and believe that, based on customer service, stability and value, Domain.com was the *clear* winner. In addition to Website and Email hosting, Domain.com also offers very competitive pricing for domain registration and SSL certificates and their hosting control panel could not be easier to use. Add to that the super fast access to tech support 24×7 (something that we simply aren’t staffed for) and it was clear that this was a better option for our customers. We will be working directly with all of our hosting customers to assist them in migrating their services to Domain.com and will always be available as your liaison or advocate anytime that we can help. The original announcement is still available on our website here with a list of some of the common questions and answers.
Tech News – If I had to look back at the past month and point out one thing that really stands out it would have to be the explosion of the so called ‘FBI Virus’. The details seem to change slightly from computer to computer but the long and the short of it is that your screen turns to a solid color with a warning, reportedly from the FBI, that you have done something bad and that you have to give money to someone through your computer or horrible things will happen to you. The reality is though that it is NOT the FBI and the horrible thing has already happened (you have a virus). I’ve even heard of people calling 911 when this pops up on their screen. If this happens to you, take it to your friendly neighborhood general purpose rent-a-geek and we’ll be happy to take care of it for you.
It’s also worth noting that the majority of the FBI / MoneyPak viruses that we have seen recently can be traced back to an unpatched Java vulnerability so, if you’ve not been hit yet, checking now to see if you have the latest version of Java would be a very good idea.
Microsoft – There are a total of 7 bulletins this month with 4 listed as critical and the remaining 3 listed as important. The affected products include all supported version of Windows, Office and Internet Explorer. If you have a Windows computer or a Mac with MS Office or MS Silverlight installed, it is important that you install these updates in a timely manner (Yes, Macs do get viruses too). All of the bulletins listed as critical can allow a remote attacker to access and use your computer without your knowledge.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories is available here. The updates can include any *supported* Microsoft product from Windows (Windows XP, Windows 7, Windows Vista, Windows 8, Windows Server, etc.) to Office (Word, Excel, PowerPoint, Outlook, Publisher, OneNote, and even MS Office for Mac) to Internet Explorer to server products like Exchange, SQL Server and more. If you have one of these products installed, especially if the update is listed as Important or Critical, it’s important that the update be installed.
Adobe – There have been multiple critical updates to Adobe Acrobat Reader and Adobe Flash in the last month. There have also been updates to Adobe Shockwave player but our
recommendation is to remove Adobe Shockwave Player unless you absolutely have to have it. The updates to Adobe Acrobat and Adobe Flash Player address vulnerabilities that can allow a remote attacker to access and use your computer without your knowledge and can be triggered / exploited simply by viewing an infected PDF document, Flash movie or even a Flash ad at the top of an infected website.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos like YouTube and in interactive web content like games) and Adobe Shockwave.
Java – Oracle, the owner / parent of Java has been in reactive mode almost constantly for the past several months (since well into 2012). If you have Java installed, you need to make
sure that you’re using Java 7 update 17 (as of the time of this writing that’s the latest). If you have an earlier version, you need to update immediately. If you do not absolutely need Java, it’s recommended that you simply remove it until further notice (this opinion is supported by the Department of Homeland Security).
Java is a tool that’s widely used by Banks, online service providers and even security companies for VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ for the past several months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s worth removing it altogether (this can be done from Add / Remove programs).
Monthly Update Clients
* If you are not currently taking advantage of our monthly update service and would like more information or to sign up, additional information is available here
For our Monthly Update clients, if a date and time hasn’t already been scheduled to install your updates, we will be contacting you shortly to schedule. If you aren’t already taking advantage of our monthly update service, there’s no time like the present to get started. We offer a monthly update service to keep all of your computers up-to-date for a low monthly fixed price with no long-term committment. Additional information is available on our website.