Wednesday, October 16, 2013

419 Scam Gets Past Spam Filter?

419 Scam is Fraud, but is it Spam?

Nigerian 419 spam/scam gets past the spam filter? Well not so often, but.. Take a look at this one!
From: Mr.Paul Fletch. [mailto:lgatica@municallao.gob.pe]
Sent: Wednesday, October 16, 2013 7:33 AM
Subject: صديقي العزيز ، صديقي العزيز ، هو في الواقع دواعي سروري أن أكتب لك هذه الرسالة ، والذي أعتقد أنه سيكون مفاجأة لكم ونحن لم يلتقيا ابدا من قبل، و أشعر بأسف بالغ إذا كان لدي بأي طريقة بالانزعاج خصوصيتك . أنا السيد بول فليتشر من Harlsden ، شمال غرب لندن ، هنا في إنجلترا . أنا أعمل مع سانتاندر بنك بي إل سي لندن . مع الاحترام والاعتبار الواجبين ، وأنا أكتب لكم من مكتبي من شأنها أن تكون ذات فائدة كبيرة لكلا منا . في إدارتي ، كونها خاصة مدير المصرفية (المكتب الإقليمي لندن الكبرى ) . أنا محاسب الشخصية إلى التأخر في Mr.Ron BRAMLAGE رجل أعمال ، وهو مواطن أمريكي الذي خسر حياته للأسف ، قتل زوجته و أطفالهما الأربعة عندما تحطمت طائرتهم الصغيرة في منطقة مستنقعات في وسط فلوريدا يوم 7 يونيو 2012 . السيد رون BRAMLAGE ، وهو رجل أعمال بارز الذين يملكون المشاريع على الطريق LLC و أيضا وسيط عقاري ، كانت تخطط ل تأتي استثمار في العقارات وغيرها من المشاريع التجارية المربحة هنا في إنجلترا الذي لديه يودع مبلغ مجموعه 13700000 £ GBP ( ثلاثة عشر مليون سبعة £ 100،000 ) في حساب في بنك هنا لدينا والتي أعتقد لا أحد يعرف عن ذلك .
Not really obvious what this is. Why would anyone send us an Arabic message? Of course the spam filter doesn't find any likely spammy phrases in Arabic... Fortunately Google translate will auto-detect the language (don't tell my Spanish teacher please!)

Interesting... I'll bet that opening phrase gets a few hits in Google:

Dear friend, Is indeed a pleasure to write you this letter , which I think it will surprise you and we have never met before, and I am deeply sorry if I have in any way disturbed your privacy
I see hits going back to 2006... The rest of the story changes. There must be a 'fraud template' out there!

Saturday, October 12, 2013

Earth to Chrome...

dangerous marketing?

Chrome is now everywhere. Why?
Because Chrome is lightweight, and seems agnostic to the user's choice of brand.

...Oops...

Chrome prompts me to log in?

Is it time to dump Chrome?

Friday, October 11, 2013

Read Only Friday - debugging Volume Shadow Copy without rebooting a server

One of the most difficult challenges for us is to debug Backup Exec 2010 R3 failures. It seems like they are very frequent and it could be a full time job just keeping backups running! And you know it's Friday - we can't break anything before the weekend, so we have to be ultra careful with the 'god switch'. But, Backups are important to fix, even if they're hard - right?

Microsoft VSS is a technology that powers the 'previous versions' option on Windows file servers. It's pretty much a snapshot service like what you might have seen in another product (NetApp Filers for example), but its baked into Windows. So it doesn't take a lot of work to set a server up to create a backup copy occasionally. By default these snapshots happen at 7am and 12:00pm every day. But you can add or change the schedule to fit your needs.

VSS copies files even if they are currently open. So it also is used when making backups. Because that way the file does not need to be locked, released, or entirely skipped during a backup. Backup Exec has the ability to use the Microsoft VSS driver, but there is also an optional Symantec one available.

When backing up a system it is very helpful to have the Backup Exec Remote agent installed. Otherwise the backup just accesses the file through the usual file sharing methods. Backups with the agent can use VSS, and run much faster.

Troubleshooting backups that fail is very time consuming. Troubleshooting those that fail due to VSS has been pretty challenging! Here is a great blog post on the /misc/tech/musings blog that is really sweet!

http://misctechmusings.com/windows/troubleshooting-volume-shadow-copy-service-vss-errors/

Using this information allowed me to get VSS working on a profile server without restarting the machine. Good news on a Friday before a long weekend! (With thanks to Will for pointing me to VSS yesterday!)

Thursday, October 10, 2013

Revelations about Microsoft Security Essentials, What do they Mean for Windows In-Tune?

The Echo Chamber Speaks

Microsoft Security Essentials - It's bad! No, wait, no it's good enough!
For a few years now, security professionals such as myself have recommended to home users to run Microsoft Security Essentials as a good, basic, free anti-virus program. 

The internet echo chamber has made much of a recent interview with Holly Stewart, senior program manager of the Microsoft Malware Protection Center. She indicated that the company is no longer focusing on making MSE the 'best' testing anti-virus program but rather they are focusing on providing information to the community of anti-virus and anti-malware software makers. (A rising tide lifts all boats...)

Thus putting out a nuanced message completely misunderstood in the wild. It seems like every tech journalist is jumping on the "dump MSE" craze. But I have to say that is just a bit too quick. 


For the home user that needs something basic that doesn't break when the subscription needs to be renewed, MSE is still a good solution. (With windows firewall, Secunia PSI and Malwarebytes...)

What others should learn from MSE

One thing that some other providers should learn from Microsoft is that you CAN make an antivirus product that doesn't get in your face all the time and demand attention. For example Avast's free antivirus is just bloody needy, and AVG free which I used to recommend hides the download link behind a ton of advertising (for the fee based version) - and it has a habit of forcing you to upgrade (and find that hidden link) every so often.

The time-limited trials that come on OEM equipment are also a bad idea. I would like to know what percentage of these free trials are never updated after the trial period expires? I have seen a lot of home machines that have expired 'trial' antivirus. And worse, sometimes it is a poorly rated product to begin with! 


Both of these issues lead to computers that have out of date or not functional antivirus... MSE is better than that, as a baseline.

And then in today's news...

Hear Ye! Hear Ye! "It's Good Enough"

We are proud of the protection capabilities we provide for well over 150 million computers worldwide with our real-time antimalware products. We believe in Microsoft antimalware products and strongly recommend them to our customers, to our friends, and to our families.

Here are the competing messages as reported on neowin.net:
No No No
Maybe Maybe Maybe

To quote my old friend Robert W. Warden, "Feh!"

Greater Concern - Windows InTune

I don't have a concern about home users running MSE - if Windows Firewall is running - and patches are updated. In fact I set up systems with MSE and Secunia's wonderful PSI which helps me to keep everything patched and up to date. MalwareBytes free can tighten up the anti-malware side. Geeks out there can take a look at Microsoft's EMET for other options.

But for businesses that use Windows In-Tune the question is how does the lack of sharpness around MSE's detection and mitigation capability affect the anti-virus offering in Windows In-Tune?
We already know that we can't use another provider's anti-malware product with Windows In-Tune.

Is MSE the same as EndPoint Protection?
It seems that Endpoint Protection includes additional tools for deployment and management. That's not helping improve detection....

And this from the big brother product "System Center Endpoint Protection."
Industry-leading Malware Detection
System Center 2012 Endpoint Protection uses the same industry-leading antimalware engine as Microsoft Security Essentials to protect your employees against the latest malware and rootkits. The engine protects against both known and unknown threats with a combination of highly accurate signatures and behavioral detection techniques. It has been highly ranked in independent third-party tests, such as those by AV-Comparatives and VirusBulletin, with special distinction for its low false positive rate.
Industry leading, until we tell you it isn't... Ooops.

So, until we hear otherwise we have to assume that Windows In-Tune only provides basic protection.
Oh - and forget beefing it up with an after-market product.

On a strategy note - I think that Windows In-Tune would benefit from integration of different anti-malware products with something like an App Store strategy. Windows In-Tune is a great idea (one that could put me into retirement!) that needs a little more secure underpinnings...