Wiz's Computer and Website Security Blog

Beginning on April 10, 2012, Microsoft has posted a notice on various knowledge base articles for Windows XP and on their lifecycle fact sheet, that all support for Windows XP will terminate on April 8, 2014. Effective that day there will be no further updates, upgrades, or patches issued for any computer running Windows XP. Right now, one must have XP with Service Pack 3 in order to receive any patches from Windows Updates.

On the same date, all support and patches for Microsoft Office 2003 will also come to an end.

Windows XP has enjoyed a long life since its official release to retail date of October 25, 2001. It has been the most popular version of Windows since Windows 95 was released with parties and huge fanfare on August 24, 1995. XP has received three service pack upgrades since 2002, ending with SP 3, which was issued on April 21, 2008. Windows XP market share peaked at 76.1% in January 2007. But, with the introduction of Windows 7, there has been a steady decline in the number of XP users online. As of today, the market share for XP is only about 29%.

If you are reading this from an XP computer you need to begin planning to upgrade before all support for your aged operating system ends on April 8, 2014. Since there won't be anymore patches, you will be left unprotected by Microsoft against any vulnerabilities that may be discovered running in the wild after that date. History teaches us that as soon as support is dropped for one of the versions of Windows, cyber criminals ramp up their attacks to try to draft as many of the unpatched machines as possible into spam and DDoS attack botnets.

Another fact we have seen play out is that security software vendors begin to drop support for any version of Windows that has been end-of-lifed by Microsoft. So, people hanging onto XP after April 2014 will not only be left out in the cold by MS, but will soon see an end of support from anti-malware companies as well. Without virus and malware protection or Windows Updates, those computers will become cannon fodder for exploit kit writers.

I have already upgraded to Windows 7 and love it! My XP desktop computer is only turned on once a month, on Patch Tuesdays, to download any available Windows Updates. That machine is only here as a backup unit in case my main Win 7 computer hard drive crashes. It would only be used until I could restore a saved Acronis image of the operating system to the new hard drive. I save a complete image of the hard drive once a week, but backup my documents and libraries every night.

If you have programs that are only written for Windows XP, without newer versions that work under Windows 7, even in Compatibility Mode, you should consider buying a copy of Windows 7 Professional. It allows you to download a free, fully licensed copy of XP Pro, with SP 3, which you install into a virtual machine that runs inside Windows 7, as an application. You can run any Windows XP based program inside that Window, as though you had booted into XP. Of course, it takes away a gig of your RAM to run XP in the virtual machine, but, be happy if it runs at all.

Note: Your computer must have a CPU that supports running Virtual Technology (VT) in order to use the XP Mode in Windows 7 Professional. Learn more about the hardware requirements for running XP as a Virtual Machine in this article.

Posted by Wiz at 12:18 AM | Permalink

back to top ^

According to a Microsoft Technet Blog article published on June 14, 2011, Malware infections resulting from exploits involving Autorun (like when you plug in a USB memory device and it runs a program or setup automatically) have dropped by 82% from the numbers recorded during the same period in 2010.

The percentage of decline varied with the operating system and service pack installed. Windows XP users who have Service Pack 3 installed saw a 62% drop in Autorun installed malware, after accepting the optional patch issued on Feb 8, 2011, or the forced installation of the reissued patch, pushed out on February 24, 2011.

If you are operating a Windows XP computer with any service pack older that SP 3, your version of Windows is now out of support and you are no longer receiving any critical patches. Thus, your computer is not protected against this, or any other recently patched vulnerabilities. If it is connected to the Internet, or if you plug in an infected USB device, unless you have manually edited your computer's Registry to disable Autorun, or it is running industrial strength anti-malware protection, it will eventually become infected and probably botted.

Computers running on Windows Vista with SP1 saw a 68% decline, while those with SP2 installed had a whopping 82% drop in malware installations.

Note! Microsoft will stop supporting Windows Vista Service Pack 1 on July 12, 2011. From that date onward, Microsoft will no longer provide support or free security updates for Windows Vista Service Pack 1 (SP1). You folks need to upgrade to Vista SP 2 by July 12, 2011, or you will not receive any more updates or patches.

Why have Autorun infection rates dropped so dramatically?

The drop in malware infections from Autorun exploits is attributable to patch KB971029 that Microsoft released optionally, with the Windows Updates of February 8, 2011, which turned OFF Autorun for "non-shiny" media (e.g. CDs, DVDs) and two weeks later, as a non-optional update. Before then, if you plugged a USB stick (a.k.a. thumbdrive, flash drive) into your Windows XP or Vista computer and there was a setup file on that memory device, it would run automatically. With the update installed, flash drives inserted into a PC running XP (SP3), or Vista no longer offer the option to run programs. However, the demise of AutoRun does not affect CDs or DVDs (just USB devices or shared network drives).

Some notorious infections went so far as spoofing the wording of options on the dialog box that usually opens when you plug in a USB device. The wording was crafted to induce unwary users into choosing the spoofed option, which was rewritten to appear that if clicked upon, it would open the drive as a folder, for them to look at. In fact, that option was still there, as the next option down! The first one executed a hidden file on the device, named "autorun.inf" - which triggered a hidden executable file on the drive, which was a malware/spyware setup file. Because of its being the first choice and the craftiness of the wording, many thousands of intelligent people were fooled into clicking it and installing the malware contained on those devices.

It was by means of infected thumb-drives that allowed the Conficker Worm to spread so widely and quickly in late 2009 and early 2010.

Continue reading "Windows malware infections from Autorun exploits down by 82% from 2010" »

Posted by Wiz at 12:00 PM | Permalink

back to top ^

According to this support article: http://support.microsoft.com/gp/lifean31, all patches, updates and support for Windows XP Service Pack 2 (SP2) will end on July 13, 2010. This date was established when Windows XP Service Pack 3 (SP3) was released on April 21, 2008.

This announcement is in line with the Microsoft Support Lifecycle policy for Windows service packs. This policy states that when a new service pack is released, Microsoft will provide 24 months of support for the previous service pack for products that belong to the Windows product family.

Note The release of a service pack has no impact on Mainstream Support and Extended Support end dates. Therefore, there will be no change to the previously announced end of Mainstream and Extended Support dates for Windows XP. Windows XP will transition from the Mainstream Support phase to the Extended Support phase on April 14, 2009, as scheduled. During the Extended Support phase for Windows XP, Microsoft will continue to provide paid support and security updates at no additional charge. Extended Support for Windows XP will retire on April 8, 2014. At that time, even computers running Service Pack 3 will cease receiving any more updates.

Malware authors are ramping up their efforts to be ready to compromise as many unpatched Windows XP computers as possible, after the July 13 end of support passes. Normally, XP computers are set to download updates automatically, so their owners tend to forget about this important system. After July 13 your computer will no longer receive automatic updates, unless you upgrade to SP3. It will be a sitting duck for hackers, fake anti virus programs, rootkits, password stealers and Botnet installers.

Details about upgrading to XP SP3 are in my extended comments...

Continue reading "Support for Windows XP Service Pack 2 ends on July 13, 2010" »

Posted by Wiz at 11:54 AM | Permalink

back to top ^

I have a couple of new items to alert my readers about today. First, Sun Corporation has just updated their Java Virtual Machine (JVM) to version 6, Update15 (build 1.6.0_15-b03), fixing vulnerabilities announced by Microsoft in ATL components of Visual Studio. Apparently, Java itself used some of the vulnerable ATL modules and had to re-code the JVM to prevent it from being exploited in drive-by attacks against these components. Go to www.java.com to download and install the current version of Java from your browser. You can also manually choose an online or offline setup version for various operating systems, from this page.

As of today, updating the Java VM does not automatically uninstall older versions of Java. This is by an executive decision made by Sun Corp. They are afraid of breaking existing programs that depend on certain versions of Java. However, cyber-criminals are known to write codes pointing to the default installation paths of vulnerable versions of Java. If you leave an exploitable Java executable on your computer, then accidentally surf to, or get redirected to a hostile website, that version of Java can be used against you! If at all possible, if you aren't running a critical application that depends on an older version of Java, uninstall older versions after you update to a new version. You must close all browsers for the updates to take effect. If an application stops working properly after you update the Java VM, go to the manufacturer's website or look for a built-in check for updates link, to see if they have released a patched version to work with the new JVM.

The second matter affects Windows PC users who download Hotmail messages to their desktops, via Microsoft's Outlook, Outlook Express or Entourage programs. Microsoft has decided to make code changes to the way the Hotmail email servers work and these changes will cause Outlook and Outlook Express to stop sending and receiving Hotmail messages on September 1, 2009. Hotmail is now called "Windows Live Hotmail."

To continue to receive e-mail from your Hotmail account, you will have to select one of the alternative solutions below before September 1, 2009. After that day, new Hotmail e-mail can only be delivered to, or sent from your mail programs through the following alternative solutions. However you can continue to view and send your Hotmail messages via your web browsers.

If you use Microsoft Office Outlook to view Hotmail, you can download the free Office Outlook Connector to continue accessing your Windows Live Hotmail within Outlook 2003 or 2007. If you run an older version, read this information.

If you use Outlook Express (OE) to view Hotmail, you can choose to download the free Windows Live Mail (WLM), which resembles Outlook Express, but is much more powerful, less prone to crashes and contains a junk filter. You can import all of your saved .eml messages and accounts from OE into WLM (via Export/Import, or drag and drop between email clients). You can also import your personal folders from OE. The view is a little different, but you'll get used to it. You can find help on this page with exporting messages from Outlook Express into WLM.

If you are using Entourage to send and receive Hotmail, read these instructions to continue connecting to the new servers.

Why did this change happen? Because Microsoft Outlook, Outlook Express, and Entourage use a legacy communications method, known as the DAV protocol, to access Hotmail. Because the DAV protocol is not optimally suited for programs to access large inboxes such as Hotmail which now provides users ever-growing storage*, new alternatives have been built. Microsoft postponed their initial plans to retire the DAV protocol until more options were available. Now that these options (including the POP3 protocol) are available, they are ready to retire the DAV protocol, on September 1, 2009.

Posted by Wiz at 4:04 AM | Permalink

back to top ^

Back in mid-April, 2008, while I was downloading email from my Hotmail account, using Outlook Express, I received a message from Microsoft announcing the impending end of Hotmail support for Outlook Express users. This same notice went out to untold numbers of other Hotmail users who use the POP3 email protocol and Outlook Express, to send and receive messages through the Hotmail servers. The gist of the message was that Outlook Express used the soon to be deprecated Web DAV protocol to poll the Hotmail servers for new messages. Hotmail intends to do away with support of this protocol, for technical reasons related to the sizes of the mail boxes now offered to Hotmail users. Changing Outlook Express would require too much of an overhaul, so they came up with a plan to replace that program entirely, with another POP3 capable email client named "Windows Live Mail." The cutoff date for Outlook Express users to still connect to their Hotmail accounts was set at June 30, 2008. After that only Windows Live Mail, or certain other email clients would be able to access Hotmail, via POP3 protocol.

Well, sometimes good things don't have to end, after all. Today, May 22, 2008, I got this email message from Microsoft, in my Hotmail account:

The Windows Live Hotmail team did e-mail some users, letting them know that Microsoft was planning to disable the DAV protocol that Outlook Express uses to access your Hotmail inbox. Many of you e-mailed us, expressing strong feelings on this matter, and we heard you loud and clear! The DAV protocol will NOT be discontinued at this time, and you can continue to use Outlook Express beyond the June 30 transition deadline previously announced. The Hotmail team will provide an update in the coming months. We apologize for any inconvenience this may have caused.

YEA for the little guys! We can continue to use Outlook Express to access our Hotmail accounts, if we want to. Some, like me, have already upgraded to Windows Live Mail, as was recommended by Microsoft. What are we gonna do? I'll give you my take on Windows Live Mail, compare it to Outlook Express and tell you whether I will go back to Outlook Express having switched to Windows Live mail already.

Outlook Express (OE) is a POP3 email client that was first introduced with the release of Windows 98. It has been patched and improved slightly over the years, but is truly a dated program, with a very limited future. The last version of Outlook Express is the one that shipped with Windows XP; version 6.0.0.2900. XP service packs add four more digits to the version number. I have upgraded to Service Pack 3 and my full version of Outlook Express is 6.0.0.2900.5512. Microsoft has no further plans to distribute this email client, in any newer version of Windows. It is not included in Windows Vista. It is soon to become part of Internet antiquity. That said, it works fine, as is! It displays a list of folders on the left side bar, to which you can add as many custom folders as you wish. You can create sub-folders of folders, so you might add a Sent Items folder to a folder for incoming messages for your website, keeping all related incoming and outgoing messages in one section. You are able to create manual filter rules to deal with spam, or to sort legitimate messages into your preferred folders.

Windows Live Mail is the newest POP3 email client from Microsoft and is meant to replace Outlook Express (OE). It is an improvement on the Windows Mail client that shipped with Windows Vista. Windows Live Mail (WLM) offers improvements over Outlook Express in appearance and function. It offers to import your email accounts, folders and rules from your Outlook Express installation, which is very useful. It comes with a built-in junk mail filter that uses intelligence, live updates and analysis to flag spam messages. It does flag a lot of false positives though, so it's not that smart. You can still create your own filter rules or import rules from Outlook Express, if you had any. WLM provides a new folders pane on he left that shows all of your email accounts, from the top down, then all of your personal folders, following the accounts. This is a bit confusing for OE users, you are only used to seeing folders on the left side. I have about 24 POP3 accounts and the list is quite long, on the left side, pushing my folders way down. The accounts can be expanded to show separate sub-folders for Inbox, Drafts, Sent, Junk, and Deleted messages, for each account. This gets noisy when you have lots of accounts. In this case it's best to collapse the accounts to only show each account name, not the contents. The same can be done for the folders; they can be expanded or collapsed. Unfortunately, I have not found any way to hide the accounts and just display the folders, in the Folders Bar. This is the major thorn in my side.

Continue reading "Microsoft reverses decision to end Outlook Express use for Hotmail" »

Posted by Wiz at 3:55 PM | Permalink

back to top ^

If you operate a Windows 98, ME, or NT computer online, with AVG Anti-Virus Free Edition protection, this statement on the AVG Free Supported Platforms page will be of utmost importance to you.

"* Some older operating systems such as Microsoft Windows ME, Microsoft Windows NT and Microsoft Windows 98 will only be supported until August 2008 as a minimum."

While this policy statement does not specify an actual date in August 2008, for the end of support and the last three words are vague, the intent is quite obvious. At some date in, or shortly after August, 2008, they will probably issue a new version of AVG Free, which will not install on Windows 98, ME, or NT computers.

People with these affected operating systems may think that by simply not upgrading, they will be able to continue to use the existing version. It is true that their version of AVG will still function, but when Grisoft stops releasing automatic updates for the previous versions, these folks are going to be unprotected against new and altered threats. In today's world that is tantamount to no protection at all.

AVG Anti-Virus Free Edition is currently updated automatically, once a day, but users are free to check for updates manually, as often as they wish. Thoise who do will usually find that definition files are updated several times every day. I have even created a means of checking automatically, every hour, on the hour, using Windows Task Scheduler. The details for the current version are shown below. Note, that you should check the path and destination directory names for your installation and alter them accordingly, before using this task.

Start in: "C:\Program Files\Grisoft\AVG7"
Run: "C:\Program Files\Grisoft\AVG7\avginet.exe" /SCHED=
Schedule Task: Daily
Start time: (when you want to start checking for updates)
Schedule Task daily: Every 1 day(s)
ADVANCED settings
Check: Repeat task
Every: 1 Hour(s)
Until: 24 hours
Click OK, then click Apply, then OK again, to save and exit the task scheduler.

These parameters will run the automatic online updater every hour, on the hour. If updates are not available it will appear and disappear in a second or two. If there are updates available at that time they will be downloaded automatically and installed, after which a little box will pop-up, telling you the update was successfully applied. You can click OK to dismiss this notice, or wait 30 seconds for it to go away on its own.

If you are one of those people who are in the soon to be abandoned group, of Windows 98, ME, or NT users, you may want to start searching for an alternative anti-virus product. Avast Home Edition is a free anti virus product that still supports Windows 98, although some new features will not work on that OS. Future versions will have even less functionality under Windows 98 and ME. If you are still running a Windows 98 or ME computer on the Internet, you really should think hard about updating to a newer operating system.

Posted by Wiz at 12:07 PM | Permalink

back to top ^

What will happen to sales of Windows XP, on June 30, 2008?

On June 30, 2008, all retail outlets, computer manufacturers and custom OEM computer builders will be unable to obtain any more boxed or shrink-wrapped OEM copies of Windows XP CDs. However, they may sell their remaining stock, as long as the disks already have valid product keys on a fresh hologram sticker. All other OEM XP disks will be unlicensable after the cutoff date, because Microsoft will not issue any more product keys. Those disks can only be used to reinstall already licensed XP operating systems.

If you are thinking about building or buying a new computer with Windows XP, you should do it soon. Microsoft will end OEM and shrink-wrapped sales of Windows XP on June 30, 2008, forcing users to shift to Vista. This will not only affect individuals and small local computer shops, but big companies like Dell, who currently offer business computers with XP Professional, instead of Vista Business. Come June 30 they will no longer have this option.

If you want to avoid being forced to move up to Vista, order your XP Pro licensed computers now. Set up terms if you have to, but don't wait for the licenses to expire and hope to find a copy after June 30, 2008.

Also until the end of business on June 30, 2008 (at 23:59 PST), individuals can buy XP licenses online, directly from Microsoft. Those sales pertain to people who already have a valid XP installation CD and need extra licenses for it, to load the software onto a second or third home or office PC. Once purchased from Microsoft, these additional computers can have XP loaded onto them and be legally validated.

Note, that some Microsoft Licensed System Builders may still be able to obtain Windows XP Professional licenses, for orders of 25 or more PCs, but only if those PCs come with a Windows Vista Business, or Vista Ultimate license as well. Essentially, the customer will be allowed to "downgrade" by using the Vista license for the XP installation. As for enterprise volume licenses, those will also include "downgrade rights," so while Microsoft will stop selling XP licenses, a Vista Business or Ultimate volume license can still be used to activate XP installs, provided you supply your own XP installation CDs.

Hardware and driver considerations

As more manufacturers join the Vista only bandwagon, support and drivers for XP will dry up, just like has already happened for Windows 98 devices. In fact, Vista motherboards are now shipping that do not support most of the plug-in cards that worked perfectly under Windows XP. New audio and video cards, or chipsets, that ship with Vista computers may not even have XP drivers available from the manufacturers. However, as of March 2008, Tiger Direct still has a good inventory of XP compatible motherboards, plug-in cards and peripherals, as well as plenty of XP Home, Media Center and Professional OEM CDs, with legitimate hologram product keys. Use the search box below to find computer cases, power supplies, components, motherboards, CPUs, RAM and most available Windows Operating Systems, at Tiger Direct.

If you are using XP Professional, in a business environment and are willing to allow Vista computers into your network, purchase Vista Business Edition, not a consumer version (or you're asking for trouble). However, if you need DVD multi-media support, you will have to add that on with a third party (commercial or freeware) application, as DVD multi-media support doesn't come with Vista Business or Enterprise (M-M does come with Vista Ultimate).

Continue reading "Windows XP Licensed sales to end on June 30, 2008" »

Posted by Wiz at 10:55 PM | Permalink

back to top ^