Hello all,

It's been a little quiet here on the Blog. We've been busy helping clients make their I/T work well for them, and haven't been doing much writing!

A couple of recent things prompt this Tech Note:

1. The Petya ransomware attack yesterday. About this, from the folks at Symantec:

A new strain of ransomware has appeared in multiple countries. On June 27, 2017, Petya ransomware emerged and began spreading itself to large organizations across Europe. This ransomware uses what is called the Eternal Blue exploit in Windows computers.

Norton is already protecting you against the Petya attacks that use the Eternal Blue exploit. This is why we have Norton Security on all computers.

Protecting against this type of attack is also why we're in the process of re-evaluating our position on and recommendations for network firewalls. Stay tuned for more on that!

2. Jungle Disk is updating again.

Many clients have contacted us about a recent prompt from Jungle Disk (the backup program on which we and most of our clients depend) to update to a new version.

Generally speaking, this update should be done as soon as possible. The servers on which our backups are stored are getting an important security update which will require the new version. While they haven't announced precisely when this will happen, getting the Jungle Disk program updated now will avoid any difficulties when that happens.

The update takes just a minute or two, depending on the speed of your machine. If you decide to try this update yourself, please pay close attention to the end of the process, and make sure that it says it completed succesfully. If you're not sure, don't want to this yourself, or if the update fails, you know where to reach us! 

With these, as with all other technology matters, please contact us if you have questions or need assistance!

Yesterday Dell announced a security vulnerability that it inadvertently introduced on its XPS, Precision and Inspiron computers. While they are releasing an automated patch today that is supposed to remove this exposure, they have documented instructions to remove it now.

This applies to machines purchased during or after August, 2015.

We've digested this down to a much simpler process than described elsewhere. Here's how you do this:

1. Go to http://www.interconnected.com/links.

2. Find the link to the Dell utility to remove this. It's called Dell eDellRoot Certificate Remover.

3. Click on that link. Allow the utility to be saved, and open the folder where the utility was downloaded. How you do this depends on which Internet browser you use (Internet Explorer, Google Chrome, Firefox). The program is currently called eDellRootCertFix.exe.

4. Right click on that utility and select Run as administrator. The utility will run and remove this issue, if it is present.

That's it! We have no reason to doubt that this was an inadvertent error on Dell's part, and that this utility will clear up the issue without further issues.

As always, please contact us if you have questions, need assistance, or want us to do this for you!

----------------------------

Addendum on 11/25/15:

Another certificate was uncovered and described as a security issue.

Laptop Magazine published steps for removal of both. We present an abridged text version of those instructions here:

1. Right-click on the Taskbar, and select Task Manager or Start Task Manager. -
2. Tap More Details in Windows 10.
3. Select Services from the row of tabs
4. Tap Open Services on the bottom of the window. (In Windows 7, the button is simply Services.)
5. Select Dell Foundation Services.
6. Select Stop the service on the left side of the window.
7. Open File Explorer.
8. Tap on the path field, type "c:\Program Files\Dell\Dell Foundation Services" and click Return.
9. Right-click "Dell.Foundation.Agent.Plugins.eDell.dll"
10. Select Delete.
11. Click the Start button Type "certmgr.msc" into search field. 
12. Tap on certmgr.msc from the top of the Start menu's search results.
13. Select Trusted Root Certificate Authorities from the menu on the left side of the window.
14. Tap on Certificates from the menu on the right side the window
15. Right-click on DSDTestProvider if you see it on the right side of the window
16. Select Delete.
17. Tap Yes to confirm.
18. Right-click on eDellRoot on the right side of the window.
19. Select Delete.
20. Tap Yes to confirm.
21. Tap on the Start button.
22. Select Power.
23. Tap on Restart.
24. Repeat steps 11–14 to view your Trusted Root Certificate files. The DSDTestProvider and eDellRoot certificates should now be gone. If they're not, repeat the steps above

(Laptop Magazine post - http://www.laptopmag.com/articles/remove-dells-sloppy-security-software)

We have discussed with our Mac clients the fact that in spite of Apple's positioning, Macs are just as vulnerable to attacks as Windws machines. There are many examples. Here's one description of two unique threats:

http://thenextweb.com/apple/2015/08/04/macs-are-no-longer-immune-to-attacks-as-a-new-self-replicating-firmware-worm-demonstrates/

Much has been said, and much will be said, about Windows 10. It will likely be a very positive thing in many ways.

We will say more, but for now we’ll say this:

1. It will be a free (in most cases) upgrade for most Windows machines.
2. It will offer itself to you for free (in most cases), right there on your computer.
3. We will be testing Windows 10 – how well it works; how well the upgrade process works, and so on.
4. Unlike previous operating system upgrades, we will most likely recommend upgrading all current machines to this version.
5. It would be best if you resisted the temptation to upgrade to Windows 10 yourself.
6. It would be best if you resisted the temptation to upgrade to Windows 10 yourself.
7. It would be best if you resisted the temptation to upgrade to Windows 10 yourself.

Those last three points are the most important ones. We’ll let you know more, including when we determine Windows 10 is ready.

Until then, remember us for all your small business I/T needs!

Word of Lenovo’s use of SuperFish is swirling around the internet and other media, so we thought we should address it. Superfish is an image-based search technology app. Turns out Lenovo pre-installed it on some of its lines of computers along with a security certificate to allow it to place advertisements on secure web pages. If this weren’t bad enough, they set it up so that once someone cracked the certificate’s private key (which, of course, someone already has), the setup could be used by third parties to do nefarious things on the computer.

Superfish is a real company (http://www.home.superfish.com/) and as most Interconnected Technologies clients know, Lenovo ThinkPads are one of our preferred brands of laptops (http://www.lenovo.com/thinkpad). The good news is that the ThinkPad line from Lenovo was not included in this ill-advised little venture, and while it is generally reported that the IdeaPad and a few other personal use lines from Lenovo were compromised by this, the consensus reporting is that only non-ThinkPads shipped in the 4th quarter of 2014 were affected.

If you have any product from Lenovo (or any computer, really) you might want to look a little further into this, or, better yet, have Interconnected Technologies do it for you! We have reviewed our client list and have been in touch with clients we think may be affected by this.

Lenovo released the following statement about this: http://support.lenovo.com/us/en/product_security/superfish

You can visit this site to determine whether or not you have an issue: https://filippo.io/Badfish/

or this one: https://lastpass.com/superfish/

Lenovo released instructions for removing the software and associated certificate here: http://support.lenovo.com/us/en/product_security/superfish_uninstall

Lest anyone think that only PCs and only Lenovo machines are vulnerable to this type of thing, be aware that there are reports of this going back several years across both PCs and Macs (https://discussions.apple.com/thread/3919644?tstart=0). From what we can tell, however, only Lenovo has been dumb enough to do this directly on their own machines right out of the box. Adware and malware are everywhere, and computer users of all types much remain vigilant.

Here are a couple of good references for the Superfish issue:

http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/

and

http://www.forbes.com/sites/thomasbrewster/2015/02/19/superfish-need-to-know/

As always, we stand ready to help Interconnected Technologies clients (current and future!) with issues such as this.