Wednesday, June 29, 2011

Link Windows Live IDs in Hotmail


Multi-faceted Windows Live Hotmail not only includes the ability to add up to four POP3 accounts to your Windows Live Hotmail account, you can also link multiple Windows Live IDs. With multiple Hotmail accounts, this enables you to easily switching between accounts without the necessity of signing in again.

Follow the simple steps below to link multiple Windows Live IDs.

Link Windows Live IDs

Sign in to your Windows Live Hotmail account.  In the left pane, next to Inbox, click the Tools icon Picture of the Tools icon, and then click Get email from another account.


In the window that opens, click Windows Live:



Next, click the link for "Linked IDs". 
  • Linked IDs
    Link your Windows Live IDs so you can quickly switch between accounts.
For security reasons, it will be necessary to provide your password again in order to access Account options.  Then simply enter the Windows Live ID you want to link to the account that you signed in to and provide the password for that account.  Lastly, click the button to Link the accounts. 




To access the linked Windows Live ID, merely click the down arrow in the upper right next to your account name and select the account.  Windows Live will be redirected to that linked account.

Additional Topics on Managing Hotmail




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Use Hotmail to Manage All Your E-Mail Accounts


The value of a Windows Live Hotmail account is increased exponentially by including the ability to access multiple e-mail accounts all from your Hotmail inbox. 

Not only can you can link multiple Windows Live IDs, you can also add up to four POP3 accounts to your Windows Live Hotmail account.  By following the steps below, you can send and receive e-mail from your Gmail, AOL Mail, and Yahoo! Mail Plus.

Note that POP access needs to be turned on in the other account for Hotmail to access the email. Some email services have POP turned off by default, so be sure to check those settings.  Using Gmail as an example, the option is located in Settings, Forwarding and POP/IMAP.

Add an email account

After logging on to your Windows Live Hotmail account, in the left pane, next to Inbox, click the Tools icon Picture of the Tools icon, and then click Get email from another account.



Enter your account information

In the window that opens, click Add an email account.


 Type the e-mail address and the password for the desired account to be added to your Hotmail account:

Set folders and icons

Select the folder where you'd like email from this account to go. You can also choose a colored icon to indicate mail from that account. When you're done, click Save.


Verify that you own this email address

An e-mail will be sent to the account to be forwarded to your Windows Live Hotmail.  It is necessary to approve forwarding by clicking the link in the e-mail.  
You have set up your Windows Live Hotmail account to send messages from this email address.
By adding this address, you'll be able to write messages and send them from this Windows Live Hotmail account: 

1. To verify that you own this account and want to send messages from it, click the link below:

{LINK}

2. The link will take you to the sign-in page for Windows Live Hotmail. Just sign in to the account that you want to send mail from. Once you've done that, your mail from that account will start being sent from this address.

Additional Topics on Managing Hotmail





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, June 21, 2011

Mozilla Firefox 5 Includes Critical Security Updates


While many are celebrating the Summer Solstice, Mozilla developers are celebrating the rapid release of Firefox 5.

Although the latest version reportedly includes more than 1,000 improvements and performance enhancements, the update from version 4 to version 5 feels more like a security update than a new version.

As indicated at Security Advisories for Firefox, the vulnerabilities listed below were Fixed in Firefox 5.  This includes the WebGL graphics memory stealing issue addressed in at Mozilla Security Blog.

Fixed in Firefox 5

MFSA 2011-28 Non-whitelisted site can trigger xpinstall
MFSA 2011-27 XSS encoding hazard with inline SVG
MFSA 2011-26 Multiple WebGL crashes
MFSA 2011-25 Stealing of cross-domain images using WebGL textures
MFSA 2011-22 Integer overflow and arbitrary code execution in Array.reduceRight()
MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images
MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script disabled
MFSA 2011-19 Miscellaneous memory safety hazards (rv:3.0/1.9.2.18) 

The upgrade to Firefox 5 will be offered to users with Firefox 4 through the browser update mechanism.  However, as the upgrade includes critical security updates, it is recommended that the update be applied as soon as possible.  To get the update now, select Help > About Firefox > Check for Updates.

References





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Friday, June 17, 2011

New WinPatrol Help & Information Forum

 

Scotty, the Windows Watchdog

As long-time supporters of WinPatrol, LandzDown Forum is excited and proud to announce the opening of the new WinPatrol forum.

Although created with the approval of Bill Pytlovany, developer of WinPatrol, the forum is not an "official" WinPatrol-sponsored help site. Official support for WinPatrol continues to be provided by BillP Studios.

The purpose of the forum at LandzDown is to provide an additional place to obtain answers to questions about WinPatrol. If you have questions about WinPatrol, a problem or would just like more information about the program, create a new topic in the forum and we will do our best to assist.

You can find the forum here:  WinPatrol Help & Information.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, June 14, 2011

Critical Updates for Adobe Products

Adobe released critical updates today Adobe Reader and Acrobat, Flash Player and Shockwave Player.  Important Severity updates were released for Adobe ColdFusion, Live Cycle Data Services, Live Cycle ES and Blaze DS.

Details on all of the updates are available in the references section below.  The most common products used by home computer users are Adobe Reader, Flash Player and Shockwave Player.

Please see the following special items of note regarding the updates for Adobe Reader, Flash Player and Shockwave Player.

Adobe Reader and Acrobat

As always, beware of third party toolbar offerings. In the event you use Adobe Acrobat, you may be interested in Inside Adobe Acrobat Protected View.

Download Links:

Adobe Flash Player

Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, the direct download links are as follows:
If you use the Adobe Flash Player Download Center, be careful to UNCHECK the box shown below. It is not needed for the Flash Player update.  In addition, any toolbar offered with Adobe products can be unchecked if not wanted.





Verify Flash Player Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.

Do this for each browser installed on your computer.

Adobe Shockwave Player

Shockwave Player download for Windows:  http://www.adobe.com/shockwave/download/


Note: 
Please remember to uncheck any unwanted 3rd party toolbars/programs during installation. Also please do not confuse this with Adobe Flash Player which is a different program.

How to disable the auto-update setting in Shockwave:  http://kb2.adobe.com/cps/166/tn_16683.html.  If you do not want auto-updating, this must be set every time Shockwave Player is updated.



References



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Microsoft June 2011 Security Bulletin Release


Microsoft released sixteen (16) bulletins addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studios, Silverlight and ISA. Nine of the bulletins are identified as Critical in severity and seven as Important.

Below is a quotation of the description of the priority bulletins, from the MSRC Blog:

  • "MS11-042 (DFS). This bulletin resolves two privately reported issues affecting all versions of Windows.
  • MS11-043 (SMB Client). This bulletin resolves one privately reported issue affecting all versions of SMB Client on Windows.
  • MS11-050 (Internet Explorer). This security bulletin resolves 11 privately reported issues in Internet Explorer.
  • MS11-052 (Windows). This bulletin resolves one privately reported issue in Windows and is also Critical. "
In reviewing the Executive Summaries from the Microsoft Security Bulletin Summary for June 2011, note that most of the updates will require a restart.  Regardless of the recommendation, it is always best to restart your computer after applying updates. 

Support

The following additional information is provided in the Security Bulletin:
  • The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
  • Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
  • International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

References





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Monday, June 13, 2011

Avira AntiVir Adds Ask Toolbar and Scareware PopUp

Avira AntiVir has long been a favorite provider of free antivirus protection.  The product has also received acclaims for the quality of protection.  Unfortunately, Avira has made several changes, resulting in removing the product from the "recommended list".  

  1. Avira AntiVir had replaced the Avira Personal Free edition notifier.  It is no longer suggesting upgrading to Avira premium or the security suite.  Instead, the notifier is advertising Uniblue "Registry Booster". 
  2.  Licensed users of Avira Premium are receiving e-mails advertising the same Uniblue "Registry Booster" product. 
  3.  The addition of a toolbar with the pre-checked option to include the Ask Toolbar (AntiVir WebGuard) and change the default search provider to Ask. 
Although some people have referred to Uniblue's "Registry Booster" product as a rogue, based on descriptions of how it works, the product is better described as scareware.  Scareware products are those that provide scan results that imply there are serious issues with the computer.  However, the only way to fix the issues is purchase the product.

To add to the computer owner's confusion is that Uniblue proudly displays the Microsoft Partner logo.  This gives the impression that the company has any close relationship with Microsoft.  It is important to understand that there is no vetting to become a registered Microsoft partner. All it means to be a Microsoft Partner is that the company employs the requisite number of certified professionals and has completed the registration process, nothing more. 

In my opinion, as well as that of many members of the security community, it is deplorable when a security vendor adds a pre-checked option to include an unnecessary add-on and change the user's preferences.  A responsible security vendor should provide a clean installer, focusing on improving the product, fixing any bugs and continuing to improve the product. 

If you are using Avira AntiVir antivirus software, I encourage you to read the articles listed in the references section below and decide for yourself if this is a product you wish to continue using. 

There are still two recommended antivirus software programs that are free for personal use, avast! 6 Home Edition and Microsoft Security Essentials. My favorite licensed antivirus choice is ESET.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Thursday, June 09, 2011

Ten Immutable Laws Of Security (Version 2.0)

Having a secure computer is not only about the operating system.  As the Microsoft Security Response Center (MSRC) has seen, there are some things that neither Microsoft nor another software vendor can fix.  This is because, although they are real security problems, the problems are not from product flaws.





Dilbert by Scot Adams

Being aware of phishing attempts is only part of having good judgement.  The MSRC delves into the details of the 10 Immutable Laws of Security identified in the following summary.

The 10 Immutable Laws Summary

  • Law #1: If a bad guy can persuade you to run his program on your computer, it's not solely your computer anymore.
  • Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore.
  • Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.
  • Law #4: If you allow a bad guy to run active content in your website, it's not your website any more.
  • Law #5: Weak passwords trump strong security.
  • Law #6: A computer is only as secure as the administrator is trustworthy.
  • Law #7: Encrypted data is only as secure as its decryption key.
  • Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all.
  • Law #9: Absolute anonymity isn't practically achievable, online or offline.
  • Law #10: Technology is not a panacea.

Learn how using sound judgement will help to improve the security of your computer in the Ten Immutable Laws Of Security.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Security Bulletin Advance Notification for June, 2011


On Tuesday, June 14, 2011, Microsoft is planning to release sixteen (16) bulletins addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studios, Silverlight and ISA. Nine of the bulletins are identified as Critical in severity and seven as Important.

Although it is advised to restart your computer after installing updates, whether required or not, a number of the scheduled bulletins will require a restart in order to install the updates.  I recommend installing the update to .NET Framework separately as well as other updates requiring a restart.

The Internet Explorer bulletin will address one of the known vectors to the cookie folder related to "“cookiejacking.”  Cookiejacking allows an attacker to steal cookies from a user’s computer and access websites the user has logged into.  Note, however, that the Microsoft Malware Protection Center (MMPC) has not detected attempts to use this technique.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, June 07, 2011

Critical Java Security Update

java

Oracle Java released an  update to Java Runtime Environment (JRK).  The full internal version number for this update release is 1.6.0_26-b03 (where "b" means "build"). The external version number is 6u26.

The Critical Patch Update contains seventeen (17) new security vulnerability fixes for Java SE.  As explained in the Executive Summary, all of the vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

Although Java is not required (See Do You Need Java?), if you do have Java installed on your computer, it is advisable to install the latest update.

Download Information

Download Link: Java SE Runtime Environment 6u26.  Accept the License agreement and select the correct version for your operating system.

Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Please check add/remove programs to ensure that you have uninstalled all prior (and vulnerable) versions of SunJava.

After installation, verify that Java has been installed correctly:  Verify Java Installation.

References

Release Notes:  Java SE 6, Update 26
Update Schedule: Critical Patch Updates


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Monday, June 06, 2011

Another Adobe Flash Player Security Update


An unexpected Adobe Flash Player was released addressing.  The update addresses a universal cross-site scripting vulnerability (CVE-2011-2107) which could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website.

Adobe indicated that there are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.

Release date: June 5, 2011
Vulnerability identifier: APSB11-13
CVE number: CVE-2011-2107
Platform: All Platforms

Standing Instructions

Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, the direct download links are as follows:
If you use the Adobe Flash Player Download Center, be careful to UNCHECK the box shown below. It is not needed for the Flash Player update.  In addition, any toolbar offered with Adobe products can be unchecked if not wanted.





Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.

Do this for each browser installed on your computer.

References





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Friday, June 03, 2011

Advance Notice of Critical Java Update

java
Oracle provided advance notification regarding the Oracle Java SE Critical Patch Update for June 2011.  The update is scheduled to be released on Tuesday, June 7, 2011. 

The Critical Patch Update contains seventeen (17) new security vulnerability fixes for Java SE.  As explained in the Executive Summary, all of the vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

Affected Products and Components

Security vulnerabilities addressed by this Critical Patch Update affect the following products:
  • JDK and JRE 6 Update 25 and earlier for Windows, Solaris, and Linux
  • JDK and JRE 5.0 Update 29 and earlier for Windows, Solaris and Linux
  • SDK and JRE 1.4.2_31 and earlier for Windows, Solaris and Linux

Reference:  Oracle Java Critical Patch Update - June 2011




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Thursday, June 02, 2011

Setting Up the Microsoft Standalone System Sweeper Beta, Now Windows Defender Offline

Edit Note: The Microsoft Standalone System Sweeper Beta has been renamed to "Windows Defender Offline".  The instructions below have been edited accordingly.

Windows Defender Offline

Windows Defender Offline is a recovery tool currently available from Microsoft.  The tool is not a general, all-purpose scanner and is not a replacement for an updated antivirus program.  Rather, it is to help start an infected PC and perform an offline scan to identify and remove rootkits and other advanced malware.

Windows Defender Offline can also be used in situations where an antivirus software fails to install or the program that is installed is unable to detect or remove malware from the computer.

The original "Microsoft Standalone System Sweeper" tool had long been a part of the Microsoft Diagnostics and Recovery Toolset (DaRT) for Microsoft Enterprise customers.

~   ~   ~   ~   ~   ~   ~   ~   ~   ~   ~

With USB sticks so readily available, the instructions that follow are for that media.  However, a blank CD or DVD can also be used.


Requirements When Creating Windows Defender Offline Media

When creating the bootable media, it is important to consider the following information and requirements:
  • A minimum of at least 250 MB of free space on the selected media (CD, DVD or USB drive) is required.
  • If you elect to prepare an ISO for future use, keep in mind that the definitions will not be up-to-date.
  • Installing Windows Defender Offline on a USB drive will reformat the USB drive, resulting in the loss of all data stored on the USB drive.  (See Note below*)
  • Regardless of the operating system used to create the file, it is essential to select the correct version of the tool, either 32- or 64-bit, for the infected operating system where the tool will be used.
  • An Internet connection is required for installation and download of the latest virus and spyware definitions for Windows Defender Offline.
  • Internet Browser: Windows Internet Explorer 6.0 or higher or Mozilla Firefox 2.0 or higher.


Installing on USB Drive

The download file is located at Microsoft Help and Support.  Again, it does not matter what the operating system is that you use to download and create the bootable media.  However, it is critical to select the correct version for the computer where the tool will be used.

After downloading the file, select the correct version.  If you need assistance determining whether the infected computer is 32- or 64-bit, see the Microsoft Help and Support article for instructions.


Launching the installer, will take you to the "Welcome" screen:



Clicking Next is when you select the media where the tool will be created:



The files for the selected version (32- or 64-bit) will download and install on the media:



After the process has been completed, the bootable USB drive is ready for use.



When you click "Computer" to eject the USB drive, note that the name includes the version of the tool that was created.


Updating the Definitions

After starting the infected computer with Windows Defender Offline, do the following to insure that the most recent definitions are installed:
  1. Click on the Help drop down arrow menu.
  2. Click on Check for updates.
  3. Click on Download.

In the event the infected computer does not have an Internet connection, the updates can be manually transported to the infected machine.  The definitions are the same for Windows Defender Offline as used with Microsoft Security Essentials.
  1. Download the latest definitions from the Malware Protection Center Portal, selecting the correct version for the infected computer: 
    -- mpam-fe.exe is for the 32-bit version   
    -- mpam-fex64.exe is for the 64-bit version
  2. Transport the saved definitions to the infected computer, selecting the Browse button to navigate to the location of the saved definitions.  (See Note below*)


*Note regarding reformatting the USB Drive 

If the following conditions are met, when running the tool again, the USB drive will not be reformatted.  In addition, after creating the tool on your USB, you can copy other tools, "rescue data" as well as the latest definitions. 
  1. The files on the USB drive are not damaged or missing (the tool will verify that the files are not damaged).
  2. The same USB drive is used.
  3. The version of the Windows Defender Offline used to create the bootable USB drive is the same as the version of the tool being re-run or updated.  The tool will detect the already installed product and will only update the definitions without reformatting or altering your data.

System Requirements for Infected Computer

Important Note:  BitLocker must be disabled on the infected computer to use Windows Defender Offline.
  • Operating system:  Windows XP Service Pack 3; Windows Vista (RTM, Service Pack 1, or Service Pack 2, or higher); Windows 7 (RTM, Service Pack 1, or higher).
  • Required processor: 
    Windows XP: 500 MHz or higher1.0 GHz or higher
    Windows Vista and Windows 7: 1.0 GHz or higher
  • Required memory:
    Windows XP: 768 MB RAM or higher
    Windows Vista and Windows 7: 1 GB RAM or higher
  • Required video card: 800 × 600 or higher
  • Available hard disk space: 500 MB 

Download and Additional Information



Related Articles




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...