bruceb news

I wonder sometimes if the relentless onslaughts by the bad guys will ever be beaten back so we can use our tools in peace. This group of news items caught my eye today in an email newsletter – yeah, it was a busy day, but this is the interesting updates for just one day. Who can keep track of this stuff?

Microsoft will release ten updates for Windows and Microsoft Office tonight, following its usual monthly schedule. Leave your computer on and expect it to restart overnight.

In addition, Adobe will release updates on Tuesday, the first quarterly security updates for Adobe Reader and Acrobat. Those won’t be automatically installed. If you’re not prompted to install them on Wednesday from an Acrobat icon in the lower right corner, then open Adobe Reader or Acrobat and click on Help / Check for Updates.

Most of my clients are up to date but if you’re not sure, then check on Wednesday to see if you’ve gotten the latest Windows updates and service packs. […] continued

Here’s an updated list of ways to be safe and secure with your computer.

Install updates from Microsoft promptly. Look in the lower right corner for the gold shield (WinXP) or update icon (Vista).

Install updates to Acrobat, Flash, Java, and Quicktime promptly. Each will alert you from the lower right corner.

• An easy and safe way to keep up with updates: visit Secunia Online Inspector once a month and follow its suggestions.

Do not install any updates if prompted by a random web page. Example: you’re on a dodgy web site and a window appears: “You must download a new version of Flash player to play this video file.” Close the window and check for an update separately.

[…] continued

Adobe Acrobat has been the target for some very nasty attacks by the bad guys this year. In March, all versions of Acrobat got a major update to close a hole that theoretically allowed a computer to be possessed just by hovering over a link to an evil PDF file.

It was one of the scariest bugs in recent memory but it didn’t stop there. New exploits emerged and new patches for Acrobat and Acrobat Reader were released a couple of weeks ago. (Here’s an article with more details.) If you are prompted to update your copy of Acrobat, you should get the update; if you’re not sure, you can manually check for updates by opening Acrobat and clicking on Help / Check for updates. […] continued

Many of you have now gotten Internet Explorer 8, the latest version of Microsoft’s web browser. The rest of you can expect to see it soon, as it is pushed out through the Automatic Update system. (You’ve got IE8 if you have some extra buttons next to the “Favorites” button for “Suggested Sites” and “Get More Add-Ons.”) Here’s what I wrote about IE8 and its new features last month.

It’s not widely known that IE8 has an feature called “InPrivate Filtering” that can be used as a very effective ad blocker.

When InPrivate Filtering is turned on (click on Safety / InPrivate Filtering, or hit Ctrl-Shift-F), it begins watching the web sites you visit for material that is repeated on more than one site. […] continued

If you’re running the free version of AVG antivirus, you may have seen a window appear unexpectedly in the middle of your screen.

That’s a legitimate message. But let’s take a step back, because it reflects poor judgment on AVG’s part. That’s not how I expect to be notified of a program upgrade. When a program runs an icon by the clock, I’m accustomed to a bubble in the lower right corner from that icon notifying me of an upgrade – just like AVG does when it’s getting virus definition updates. When you see an unexpected popup window onscreen, I want you to be skeptical and cautious. […] continued

Microsoft will release security updates on Tuesday night for Windows and Office, following its normal monthly schedule. Your computer will restart tonight.

You should be installing the updates for Windows and other Microsoft products when they’re released. Take a minute to check your settings!

(1) If you’re running Windows Live OneCare, the icon should be green. If it’s not, it may be waiting for you to install updates manually. Open OneCare and follow the instructions and keep the icon green!

(2) If you have a little gold shield (Windows XP) or update icon (Vista) by the clock, it’s waiting for you to download and/or install updates.

[…] continued

Internet Explorer 8 is the latest version of Microsoft’s web browser, released in final form a few weeks ago. Starting soon, it will be offered to you by the Automatic Update system. The rollout will begin in the third week of April but it will not hit everyone at the same time – you may not see it for several weeks after that. It will be presented as a “High Priority” update for Windows XP users, and an “Important” update for Vista users.

IE 8 will not be installed automatically. You have to click an “Install” button before it will go forward. […] continued

The press coverage of the Conficker malware has caused some fear and created the teensiest bit of an overreaction.

Here’s some common sense advice.

• You can use your computers on April 1. You can browse the Internet on April 1.
• If your computer has been automatically installing Microsoft’s security updates, you are protected against the Conficker malware. The specific patch that prevents the Conficker malware from being installed was released in October 2008. The first sighting of Conficker was in late November and the variant that is causing all the current excitement first appeared in early March. You don’t have it on your computer.

[…] continued

Here’s a tip in case you find yourself staring at a suspicious window.

Most malware is installed on a computer these days by luring you to a poisoned web site that brings up a window in front of your browser, suggesting that you agree to let something be installed. The bad guys are showing tremendous ingenuity in getting you to the malicious web sites, so you might be following a link in an email message, a link from a Google search, or perhaps even seeing something generated by a hijacked advertisement on a legitimate web site. I’ve seen reports of similar attacks from people who swear they never left Facebook or Hotmail. […] continued