Internet Explorer Remote Code Execution Vulnerability

A zero day bug in Internet Explorer was found by FireEye research labs and released to the public on Saturday, 4/26/14.  This virus does not have a super fancy name but is being actively exploited on the web:  Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2014-1776).

The Department of Homeland Security recommends you DO NOT USE Internet Explorer at this time.  It is recommended to use Firefox or Chrome until a security patch is released by Microsoft.  Because Microsoft has discontinued support of XP, this vulnerability will never be fixed for Windows XP.
Microsoft’s security advisory detailing the bug can be found here.
If you must use Internet Explorer, only use it for those specific sites that it is required.  Also be aware that many other applications such as Outlook and Word use Internet Explorer as the engine to render HTML objects.  There are a few steps you can take to mitigate your exposure to the security flaw.  Continue reading “Internet Explorer Remote Code Execution Vulnerability”

Heartbleed Aftermath

A security exploit was discovered on Monday, April 7th, 2014, that affects the entire Internet.  This vulnerability, called Heartbleed, is a flaw in the security protocol used by websites called OpenSSL.  This flaw is not specific to Mac or PC or iPhone or Android as it affects traffic between your device and the web.  It is important to note that changing all of your passwords at this point is not wise.  Changing a password on an affected site that has not been updated to a patched version of OpenSSL could potentially lead to both the old and new passwords being exploited.
 
Mashable has put together a list of some top websites that were known to be affected AND have patched their site.  These are the sites that you should change your password RIGHT NOW.  The highlights of this list include: Continue reading “Heartbleed Aftermath”

Malware and Virus Removal

::UPDATED:: 4/17/14
The best post-infection removal success rate can be had by using a Rescue CD / USB.  Here are three that are free:
Bitdefender RescueCD
Kaspersky Rescue Disc 10
Avast! 2014
note: Avast! requires a full installation on an unaffected machine to download and create the ISO file.  Bitdefender and Kaspersky will let you download ISO files directly to burn to disc or create a bootable USB drive.  In addition, Bitdefender comes with Team Viewer for Linux pre-installed to allow easy remote desktop sharing for support.

Business Protection

The best real time protection for your business is the one that gives you a complete overview of your company network health.  I have found these two products to be the best in terms of features and confidently recommend Webroot Secure Anywhere for their great support.  Bitdefender does get the highest marks in online A/V tests.  However, I have found their tech support completely underwhelming, often taking days to respond to phone calls.
Webroot Secure Anywhere Endpoint Protection for Business
Bitdefender Cloud

The following is a round-up of many available free antivirus programs and malware removal tools.

Continue reading “Malware and Virus Removal”