In the last number of years many businesses have started rolling out Full Disk Encryption software throughout their IT Environment’s enabling piece of mind and security to prevent Data Loss / Theft, but this introduced many different issues for IT Administrators in general. Later iterations of Encryption products allowed “Maintenance” windows to be implemented as apart of policies so pc’s could have software updates installed and rebooted to complete.
After uninstalling Google Chrome it seems outlook has decided to have a complex about it, when clicking a link in an email I get the following message:
It turns out, it’s a pretty common error after uninstalling chrome http://www.google.com/support/forum/p/Chrome/thread?tid=4c894d24ab6fac2d&hl=en
The fix is relatively easy:
1. Click Start, click Run, type Regedit in the Open box, and then click OK.
2. Locate the following subkey: HKEY_CURRENT_USER\Software\Classes\.html
3. On the File menu, click Export.
4. In the Export Registry File dialog box, enter HKCU_Classes_HTML_Backup.reg and click Save.
Note: This will create a backup of this registry key in the My Documents folder by default.
5. Right click the (Default) value for the .html key and select Modify…
6. Change the value from “ChromeHTML” to “htmlfile”
Its odd given the age of the problem that this isnt included in the chrome uninstall.
Pet hate of mine is creation of new computer accounts (ahhh) for machines that have been reimaged, rejoining the same account is actually really simple!
- Open up AD Users & Computers
- Find your computer account
- Right click an hit “Reset”
- Join the computer to the domain with the old account.
Bam, computers back on the domain with the same name and groups! Simple
As consultants we always have the challenge of migrating from one Desktop OS to a Newer Version and normally we stick to the same products: USMT, SCCM and Radia CAE; Its rare that we deviate from this because we know that USMT + SCCM or Radia is bullet proof, millions of desktops have been migrated this way with much success.
What does Hydraq do?
Hydraq is a targeted attack that installs itself on a user’s computer or an organization’s server. It then can be used to search an organization for private information. Hydra can capture and forward all information from an infected computer, including a live feed of windows on a screen and all information typed on the keyboard. Hydra can also be remotely updated to perform additional tasks, including attempting to compromise other machines.
How does Hydraq infect a computer?
- Through a vulnerability in the Internet Explorer web browser HTTP MSIE Memory Corruption Code Exec (BID 37815)
- As an attachment to an email using a pdf file read by Adobe Acrobat, Adobe Reader, and Adobe Flash Player Adobe APSB09-10
Typically an email is sent to an individual or small group of individuals, within an organization. All efforts are made to make the email look legitimate, that is, it will appear as though it was sent by somebody the recipient trusts . The subject matter will often be related to the recipient’s area of business. In order to install the malware, the user must be tricked into either clicking a malicious link or opening an attachment. Both methods then exploit a vulnerability to install the Trojan onto the machine.
What is the current state of Hydraq?
At this time, the command and control servers are no longer active so any of the Hydraq trojans still remaining in the field are effectively non-functional. Symantec has released definitions to detect and remove infections of the Hydraq trojan.
Customers are encouraged to follow best practices in general and specifically to update to the latest patches available for Adobe Acrobat, Adobe Reader, and Adobe Flash Player. See: Adobe APSB09-10. At this time a patch is not available for the Internet Explorer, but IPS signatures have been released by Symantec which block exploitation of both vulnerabilities.
Information on Hydraq
- Security Blog: The Trojan.Hydraq Incident
- Security Blog: Protect Yourself Against Exploit Targeting New IE Zero-Day Vulnerability
- Security Response Report: Trojan.Hydraq
Symantec customers are protected
Our product and services teams discuss how Symantec customers are effectively protected from this threat.
Symantec Protection Suite
The Hydraq attacks were targeted at the core security infrastructure of organizations. Multiple layers of defense bolster an organization’s ability to defend against such attacks. Symantec Protection Suite users have a robust defense at the gateway with Brightmail Gateway for SMTP email security, along with Web Gateway for Web traffic and usage, ensuring that an organization is able to monitor all incoming and outgoing mail and Web traffic – constantly monitoring for and stopping threats. The Protection Suite ensures endpoints are clean with its market-leading Endpoint Security product. Finally, by having access to Symantec’s Backup Exec for desktops and laptops, in the event an endpoint is infected, doing a complete re-image is quick and easy, ensuring up-time and employee productivity. Symantec’s security products are backed by our Global Intelligence Network, ensuring customers are protected and up-to-date on rules and signatures.
Symantec Security Information Manager
A number of these attacks were achieved using a combination of attack vectors, resulting in back door Trojans being installed. Security Information Manager can effectively collect and prioritize these events as they occur across the layered security solutions that need to be deployed to protect against a broad variety of these attack vectors. Security Information Manager can further contribute global intelligence to the correlation process to include malicious IP, Worm IP and Botnet IP lists that can be manually updated to automatically conclude incidents around this particular attack. Early detection of single exploited attack vectors may provide preemptive visibility to attacks before they can fully execute.
DeepSight Early Warning Services
Symantec DeepSight Early Warning Services provides actionable intelligence covering the complete threat lifecycle, from initial vulnerability to active attack. On January 15 we published a journal about a new unpatched Microsoft Internet Explorer vulnerability, which is leveraged by malware identified by Symantec as Trojan.Hydraq. DeepSight Analysts continue to provide updates to this evolving threat as new information becomes available. DeepSight subscribers benefit from personalized notifications and expert analysis (including patches, countermeasures and workarounds) to better protect critical information assets against a potential attack.
Symantec Managed Security Services
Symantec Managed Security Services monitors over 800 customers (including 92 of the Fortune 500). In response to this threat, Symantec MSS updated our detection capabilities for both the targeted Trojan.Hydraq as well as exploits against the recent IE vulnerability. This monitoring includes customers’ firewalls, intrusion detection sensors (IDS), web proxies and system logs. As this threat is primarily client side, any clients with our Managed Endpoint Security service also received updates to protect their endpoints from this attack. Our SOC Analysts are available to work with customers to take proactive steps to mitigate the IE vulnerability within their enterprise as needed.
Symantec Critical Systems Protection
The focus of these attacks was to steal intellectual property. Symantec Critical Systems Protection plays a significant role in defending this data by placing constraints around which users and applications have access to sensitive data. Any unauthorized users or applications would have been denied access to the data and an alert would have been generated by making the attempt. Additionally, Symantec Critical Systems Protection provides out-of-the-box protection against both known and unknown remote code execution attempts.
Altiris Total Management Suite
With this attack, Total Management Suite customers benefit from the ability to gain complete visibility into their IT environment. Users run accurate asset inventory reports to react quickly to threats and vulnerabilities and take the necessary steps to remediate. Total Management Suite will have quickly found the necessary software updates and/or patches then run automatic processes for all assets – like upgrading to IE 8 in this case. Total Management Suite also generates reports to ensure successful updates or migrations, and update asset inventory reports to prepare for ongoing management.
Symantec Hosted Services
Trojan.Hydraq spans multiple communication protocols and can evade signature-based detection. Symantec Hosted Services help protect against converged threats that span email, Web, and instant messaging. Our proprietary heuristic technology for malware and spam filtering, captures and shares threat intelligence across these protocols and provides identification of previously unseen threats. All managed via a single, integrated security management console that simplifies administration while increasing visibility and control.
My Colleague Alex Verboon has a great article on updating your Group Policy Central Store with your Windows 7 ADMX templates, a must for any GPO Administrator.
Thanks to one of my colleagues for showing me this, its really cool!
Daily Bing search engine images consist of awesome collection of photos from amazing nature photos to holiday sensitive events. If you really don’t have time to change desktop wallpaper then you can use this great feature in Windows 7 to grab images via RSS feed and set them as wallpapers.
How to Set Bing Images as Daily Desktop Wallpapers
- Download file Bing.theme (Right Click “Save as”)
- Double Click the downloaded Theme File.
- Select Download Attachments option so that Images are downloaded automatically when Bing RSS updates.
- Done! You can select from the available images to show and configure Picture Position.
With all the stuff in our modern operating systems its easy to take the small things for granted. Booting your Windows 7 install off your USB Key, watching videos on youtube, RSS’ing up your Favourite news / comic feeds, listening to your favourite music over Spotify or finishing your Engineering Diagrams for college on your tablet PC. It was certain key Operating systems from Microsoft that allowed you to get to this point.