Thursday, September 23, 2010

PC Repair: Slow PC & Testing Memory with Memtest86+ v4.00

For those having computer issues call (616) 828-1353 or email: for a free quote or to schedule a free computer / IT assessment in the greater Grand Rapids, MI area today. There is no obligation with our quotes and we guarantee our service along with standard 10 or extended 30 day warranty! Same and next day service available!

I recently performed a free computer assessment for a new home customer. They were struggling for the past year with their desktop performing extremely slow. They told me that they have taken it to several places about the slowness issue including BestBuy's GeekSquad and a local computer guy in their area. Every time they got their PC back from servicing it would be slow again.

But what was slow? I wanted to dig deeper into their issue. They told me it was everything - Internet browsing, general computer functionality, the whole bit. 

Their PC was an old Compaq Presario from 2004 with a 2.8GHz Intel Celeron processor and only 512MB of memory. Right then I knew that 512MB RAM was too little to do anything with a resource hungry operating system such as Windows and all of their newer applications they were running that are mostly meant for newer computers. A bloated McAfee Antivirus was utilizing 14-16% of the CPU every time you want to touch a single file (making that loud hard drive "thinking noise" most people describe. There were a few other bloated applications that probably were also not playing well with the small amount of resources the system could provide it. Going further their ISP was giving them 1.19MB/s download and 0.59MB/s upload bandwidth - but that was because of their remote area. However, all of these factors contributed to the PC's slowness.

First thing I wanted to do was get the computer filled with more memory. When I'm talking about memory I'm talking about Random-Access Memory (RAM) which is the main memory in personal computers, workstations, and all the way up to servers.
First thoughts was this was obviously a 32-bit system and could only utilize a max of 3.3-ish GB of RAM. Looking inside the box I saw only the ability for two RAM modules with one slot already having a 512MB module. I researched the motherboard specs MS-6577 v4.1 which told me that the BIOS could support a maximum of 2GB with PC2700/2100 (333MHz/266MHz) compatible RAM. However, looking into the actual specs for the computer listed by Compaq (HP) said that the BIOS only supported up to 1GB. Getting mixed results I ended up ordering (2) 512MB and (2) 1GB memory sticks from my vendor.

While waiting a couple days for shipping I was thinking more outside the box. The customer told me that they use their computer only for Web surfing, email, and occasional world processing. I asked them if they use or see themselves using that specific PC for anything else (Microsoft only applications). So over the phone I began talking about the benefits of none other than the Linux distribution of Ubuntu!
In a brief summary I told the customer that Ubuntu uses system resources much more efficiently than Windows, it will be more secure and stable than Windows XP without much of any learning curve aside from getting use to use a different user-friendly operating system. They can browse the Internet and check their web mail with Mozilla Firefox along with using's word processor. I kept the conversation basic as I could imagine it would be hard to grasp something like that over the phone and not visually see it. Non the less I was not about to get to technical about Ubuntu such as that Ubuntu 10.04.1 (the version I would install) uses EXT4 file system and unlike Windows with NTFS file system, EXT4 doesn't need to be defragmented!

Today UPS arrived with the memory. First thing I did was take out the old 512MB stick and put in two of the 1GB sticks. I then went into the BIOS and changed the boot order of the machine to allow booting from CD-ROM first. I put in a copy of which turned out to be Ubuntu 10.04.1 Server. One of the options in the first menu of the disc was to "Test Memory" which uses Memtest86+ v4.00. This is a great way to test out the stability of the memory. Any errors at all even just one means you have faulty RAM. You could get by with installing an OS with the RAM and using the machine for a while but in time those couple or that single memory error could come back to haunt you. 

So I ran Memtest86+ on (2) 1GB sticks of PNY PC2700 (333MHz) RAM. Within only 4 minutes of running the test it showed back with errors. In order to better get an idea of which memory module was giving the errors I restarted to test with individual sticks to isolate the issue. The first stick showed errors again within 4 minutes time and the second one is still on the test with over 4hrs in its 5th pass. With this amount of time the module integrity is most likely completely fine. However, there are those out there who run the test overnight. In the past for me if I don't get any errors within the first 2-3 passes then I have always been fine.
So now I have to RMA the (1) 1GB PNY stick and exchange it for another. This has been disappointing but stuff like this does happen. I'm glad that I have a good vendor that allows me to have my own account manager to help me with any issue such as this.

Memtest86+ can be individually downloaded here. Otherwise I like to just use the "Test Memory" option in Ubuntu Live CDs.

For now I could start or wait for the other stick for installing Ubuntu with the good 1GB stick or I'm thinking about making it a dual boot system with Windows XP and Ubuntu 10.04.1 in case they ever would need windows in the future. All the customer really cares about is that they can get online. They realize that the computer is old but I promised them a good price to get their system up and running efficiently without have to spend more money in the near future to get a entirely new system. I hope to get a new working module of RAM through the weekend and have the system all setup by beginning of the week. I offered the customer a temportary replacement laptop to make up for the extra couple days with their PC while I'm wainting on my vendor for the replacement memory. I figured that was the best thing to do right now since many Auto dealerships will give you a loner while they give your vehicle. Just one of the ways Digital Designs LLC cares about our customers and if we take just longer than expected then we make the situation right.

What are your thoughts or experiences with slow computers (besides pure frustration)? What have you done personally to speed them up? Do you upgrade hardware or buy a new computer all together? If you buy a new computer what is your average upgrade cycle - 2, 4, or 5+years?

Tuesday, September 14, 2010

Microsoft Patch Tuesday: September 2010 - Including Adobe, Apple, Mozilla, Cisco, & Linux Updates

By: Stephen Geldersma, IT Consultant; Digital Designs LLC.
Updated: September 23, 2010 14:00EST

After labor day it would of been nice to have a lighter Patch Tuesday this month; however, this is not the case. Microsoft Security bulletin Summary for September 2010 shows 9 bulletin addressing a total of 13 security vulnerabilities. Adobe, Mozilla, Cisco, Apple all releasing security patches in the last 7 days - putting a major stress on security teams and others dealing with patch management.

13 security vulnerabilities are addressed affecting Windows XP, Windows Server 2003, Windows vista, Windows Server 2008, Windows 7,Windows Server 2008 R2, Microsoft Office XP, Office 2003, and Office 2007.

Older Windows Platforms Essentially Less Secure
It is recommended to move away from Windows XP and Server 2003. Older versions of Windows are essentially more insecure than newer versions.

Windows XP / 2003          -3 critical, 5 important
Windows Vista / 2008       -2 critical, 3 important
Windows 7 / 2008 R2       -0 critical, 3 important

As shown, those running Windows 7 and Server 2008R2 have a much less patching demand for their system environment contrasted to those running older versions of Windows. Those on XP and Server 2003 need to way the cost and risk factors with staying on these older platforms. Tangable benefits of those running Windows 7 and Windows Server 2008R2 are very apparent after looking at this month’s Patch Tuesday. These teams will be able to allocate more time and resources into focusing on securing their network from current active exploits and deploying patches from other vendors and virus signatures are protecting against the latest malicious email campaign and other threats.

Newest is Not Always the Best
This outlook of older Windows platforms being essentially less secure is true. However, this is not to be confused with keeping up with the newest and greatest platform. New operating systems can introduce new fresh vulnerabilities along with compatibility issues with older or former hardware or break former functionality of a certain feature. These new operating systems should have their time to mature into the industry. Many larger organizations do not adapt a new platform until there has been successful deployment of at least one service pack for the operating system.

Vulnerability Summary and Exploitability Index
The Following is the vulnerability summary for September 2010 along with the exploitability index rating from *1*/1-3.

*1* - Extreme Attention - Exploit Code Publicly Disclosed and/or Exploited in the Wild
1 - Consistent Exploit Code Likely
2 - Inconsistent Exploit Code Likely
3 - Functioning Exploit Code Unlikely

Microsoft Security Bullitin Summary September 2010:
-MS10-061 - [Printer Spooler Service - (2347290) - Remote Code Execution]
Remote code execution if an attacker sends a specially crafted print request to a vulnerable system that has a print spooler interface exposed over RPC such as a Shared network printer.

    -Printer Spooler Service Impersonation Vulnerability - 1 - CVE-2010-2729: Exploited in the wild

-MS10-062 - [MPEG-4 - (975558) - Remote Code Execution]
Vulnerability in MPEG-4 codec that can allow remote code execution if a user opens a specially crafted media file or MPEG-4 spreaming content from a website or other application delivering web content. A successful exploit allows an attacker to gain the same user rights as the current local user. Regardless of this exploit, users should use a user account with restrictive or non-administrator rights and using an administrator account sparingly for administrative tasks only such as installing software, etc. Users utilizing this security procaution have less of an impact with this and many other exploits than those who operate with administrative user rights.
    -MPEG-4 Codec Vulnerability - 1 - CVE-2010-0818:
    Less impact on Windows Vista and Windows 7 due to additional heap mitigations

-MS10-063 - [Unicode Scripts Processor - (2320113) - Remote Code Execution]
A vulnerability in the Unicode Scripts Processor can allow remote code execution if a user viewed a specially crafted document or Web page with an application supporting embedded OpenType fonts. A successful exploit allows an attacker to gain the same user rights as the local user. Again, remember that those who do not operate with administrative user rights will be less impacted.
    -Uniscribe Font Parsing Engine Memory Corruption Vulnerability -2 - CVE-2010-2738

-MS10-064 - [Outlook - (2315011) - Remote Code Execution]
This vulnerability allows for remote code execution if a user opens or previews a specially crafted e-mail message using an affected version of Microsoft Outlook which connects to an Exchange Server with online mode. The same outcome of an attacker obtaining the same user rights as the current user logged on during the exploit is present.

    -Heap Based Buffer Overflow in Outlook Vulnerability - 2 - CVE-2010-2738

-MS101065 - [IIS - (2267960) - Remote Code Execution]
Vulnerability in Microsoft Internet Information services (IIS) could allow for remote code execution if a client sends a specially crafted HTTP request to the server which would allow an attacker to gain complete control of the affected system. For newer platforms this vulnerability is only marked as important due to the low exploitability level.

    -Directory Authentiation Bypass Vulnerability - *1* - CVE-2010-2731: Publicly disclosed vulnerability
IIS repeated Parameter Request Denial of Service Vulnerability - 3 - CVE-2010-1899:
    DoS vulnerablity only

-MS10-066 - [RPC - (982802) - Remote Code Execution]
Vulnerability in Windows Remote Procedure Call could allow for remote code execution. This vulnerability is marked important for Windows XP/2003 only. Windows Server 2008, Windows 7, and Server 2008R2 are not affected by the vulnerability. An attacker sending a specially crafted RPC response packet to a client initiated RPC request can take complete control of an affected system. However, an attack must convince the user to initiate an RPC connection to a malicious server under the attacker’s control. So without user interaction an attacker cannot exploit this vulnerability.
    -RPC Memory Corruption Vulnerability - 1 - CVE-2010-2567

-MS10-067 - [WordPad - (2259922) - Remote Code Execution]
Vulnerability in WordPad Text Converters could allow for remote code execution. This vulnerability is marked important for Windows XP/2003 only. Windows Vista, Windows Server 2008, Windows 7, and Server 2008R2 are not affected by the vulnerability. A users machine is exploited if a user opens a specially crafted file using WordPad. Those not operating with administrative user rights will be less impacted.

    -WordPad Word 97 Text Converter Memory Corruption Vulnerability - 1 - CVE-2010-2563

-MS10-068 - [Local Security Authority Subsystem - (983539) - Privilege Escalation ]
Vulnerability exists in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). Privilege excalation if an authenticated attacker sends specially crafted Lightweight Directory Access Protocol (LDAP) messages to a listening LSASS server. An attacker must have a member account within the target Windows domain but does not need a workstation joined to the domain.
    -LSASS Heap Overflow Vulnerability - 1 - CVE-2010-1891

-MS10-069 - [Windows Client/Serve Runtime Subsystem (2121546) - Privilege Escalation]
Vulnerability rated as important for Windows XP and Windows Server 2003. Newer platforms including Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by this vulnerability. For older platforms privilege escalation can be performed by an attacker logs on to an affected system configured with a Chinese, Japanese, or Korean system locale. A successful exploit would allow for full complete control of the system.
    -CSRSS Local Elevation of Privilege Vulnerability - 1 - CVE-2010-1891

Obtaining Patches
Security updates are available as usual from Microsoft Download Center or via Internet Explorer brower (IE) available from Microsoft Update. Patches for September 2010 Security Release can also be downloaded as an .ISO Image here Windows-KB913086-201009.iso which you can burn onto a CD/DVD.

3rd-Party Patches
In the last week the following sizable IT security to-do list has materialized.

Yet again, Adobe is having a hard time with security with their more/less bloated software. Again Adobe has 0day exploits being replicated in the wild  from critical vulnerabilities existing in:

-Adobe Flash Player and earlier versions for Windows, Mac, Linux and Solaris. Critical vulnerability also exists in Adobe Flash Player for Android. Active exploits have been performed on Windows platform and a fix will not be available until the week of October 4, 2010. Because there is not yet a fix for the vulnerability users should be aware that they are at risk from this critical vulnerability and should treat all Flash files especially those from unsolicited email with caution. As exploited in the wild, an attacker only needs to send a maliciously crafted flash file via email or trick the user into visiting a web page hosting this malicious flash content. Users can experience a system crash and allow an attacker to take control over the affected system. Currently known exploits: Troj/SWFLdr-T - CVE-2010-2884 since September 13, 2010.

Find out what version of Adobe Flash Player you are using here.
-Reader 9.3.4 and earlier versions for Windows, Mac, and Linux. Actively exploited in the wild. Again, this fix will also not be available until the week of October 4, 2010. CVE-2010-2883

IT teams can get help from Microsoft’s Enhanced Mitigation Experience Toolkit  2.0. A vulnerability work around has provided that blocks this exploit.

Cisco’s Wireless LAN controller that address various vulnerabilities. These vulnerabilities if left unattended can facilitate remote access to controller and configuration information can be changed and access controls can effectively be bypassed allowing the attacker into the network. More information is provided by the Cisco Security Advisory on September 08, 2010.

Affected Products:
-Cisco 2000, 2100, 5100, 4400, 5500 Series WLCs
-Cisco Wireless Services Modules (WiSMs)
-Cisco WLC Modules for Integrated Service Routers (ISRs)
-Cisco Catalyst 3750G Integrated VLCs

-Two  denial of service (DoS) vulnerabilities
-Three privilege escalation vulnerabilities
-two access control list (ACL) bypass vulnerabilities

Mozilla 3.6.9 - Addressed multiple vulnerabilities including remote execution of arbitrary code, access to sensitive information and cross-site scripting (XSS) issues.

MFSA 2010-63 Information leak via XMLHttpRequest statusText
MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS
MFSA 2010-61 UTF-7 XSS by overriding document charset using <object> type attribute
MFSA 2010-60 XSS using SJOW scripted function
MFSA 2010-59 SJOW creates scope chains ending in outer object
MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
MFSA 2010-57 Crash and remote code execution in normalizeDocument
MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView

Apple Safari 5.0.2 and 4.1.2 is now available and addresses the following vulnerabilities in prior versions in 4.x and 5.x. The updated versions both address the same set of security issues. “Safari 5.0.2 is provided for Mac OS X v10.5, Mac OS X v10.6, and Windows systems. Safari 4.1.2 is provided for Mac OS X v10.4 systems.”

CVE-2010-1805 [Safari] addresses a search path issue that when “displaying the location of a downloaded file, Safari launches Windows Explorer without specifying a full path to the executable. Launching Safari by opening a file in a specific directory will include that directory in the search path. Attempting to reveal the location of a downloaded file may execute an application contained in the directory, which may leave to arbitrary code execution.’” This fix is available for XP SP2/SP3, Windows Vista, and Windows 7. Users opening a file in a directory that is writable by other users could lead to arbitrary code execution.

CVE-2010-1807 [WebKit] describes the impact of a user “visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. An input validation issue exists in WebKit's handling of floating point data types. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of floating point values.” Fix is available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8,
Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later.

CVE-2010-1806 [WebKit] “Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution from A use after free issue exists in WebKit's handling of elements with run-in styling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of object pointers.” The patch is available for Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later.

Apple iTunes 10
iTunes 10  is available for download for Max OS X, Windows 7, Vista, XP SP2 or later and can be obtained from: iTunes 10 addresses multiple vulnerabilities in WebKit.

QuickTime 7.6.8 was released and is now available for download.

Mac OS X v10.6.4 was released on September 20, 2010. Information for the single security update can be found here.

CVE-2010-1820 for Mac OS X 10.6, Mac OS X Server 10.6 addresses a vulnerability in the ability for “A remote attacker may access AFP shared folders without a valid password. An error handling issue exists in AFP Server. A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders. By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6. Credit to Pike School in Massachusetts for reporting this issue.”

iOS 4.1 for iPhone and iPod Touch - Released Security update on September 8, 2010. More information here.

Since I began posting about Mircosoft's Patch Tuesday, later began to list 3rd-party updates, and also included Apple products - I felt that it was appropriate to add a summary of this month's security updates for some of the major Linux distrobutions. I personally run Ubuntu Hardy 8.04 and 10.04.1 Luxid Lynx making most of my linux blog posts geared more towards Ubuntu. I'm still tied down to Windows with a Windows 7 box that I only utilize because of the Adobe CS suite... 

Ubuntu: September 2010 Security Updates

Ubuntu:990-2: Apache Vulnerability -             September 21, 2010
Ubuntu:990-1: OpenSSL Vulnerability -         September 21, 2010
Ubuntu:986-3: dpkg Vulnerability -            September 20, 2010
Ubuntu:986-2: ClamAV Vulnerability -             September 20, 2010
Ubuntu:986-1: bzip2 Vulnerability -             September 20, 2010
Ubuntu:978-2: Thunderbird Regression -         September 16, 2010
Ubuntu:975-2: Firefox and Xulrunner Regression -    September 16, 2010
Ubuntu:978-1: Thunderbird Vulnerabilities -         September 08, 2010
Ubuntu:975-1: firefox and Xulrunner vulnerabilities -     September 08, 2010
Ubuntu:985-1: Mountall Vulnerability -             September 08, 2010
Ubuntu:984-1: LFTP Vulnerability -             September 07, 2010
Ubuntu:983-1: Sudo vulnerability -             September 07, 2010
Ubuntu:982-1: Wget vulnerability -             September 02, 2010

Other Linux distribution security update highlights include:

Debian: 2109-1: samba: buffer overflow     September 16, 2010
Debian: 2108-1: cvsnt: programming error September 14, 2010
Debian: 2097-2: phpmyadmin: insufficient input sanitisi Sep 11, 2010
Debian: 2107-1: couchdb: untrusted search path September 09, 2010
Debian: 2102-1: barnowl: unchecked return value September 03, 2010
Gentoo: 201009-01: wxGTK: User-assisted execution of arbitrary code September 02, 2010

SuSE: 2010-040: Linux kernel September 13, 2010
SuSE: 2010-038: kernel September 03, 2010
SuSE: 2010-036: kernel September 01, 2010

Slackware: 2010-258-03: sudo redo: Security Update September 15, 2010
Slackware: 2010-257-01: samba: Security Update September 15, 2010
Slackware: 2010-257-02: sudo: Security Update September 15, 2010
Slackware: 2010-253-01: mozilla-firefox: Security Update September 10, 2010
Slackware: 2010-253-02: mozilla-thunderbird: Security Update September 10, 2010
Slackware: 2010-253-03: seamonkey: Security Update September 10, 2010

Mandriva: 2010:184: samba September 16, 2010
Mandriva: 2010:183: socat September 15, 2010
Mandriva: 2010:182: kdegraphics September 14, 2010
Mandriva: 2010:181: ntop September 14, 2010
Mandriva: 2010:180: rpm September 13, 2010
Mandriva: 2010:179: libglpng September 12, 2010
Mandriva: 2010:178: ocsinventory September 12, 2010
Mandriva: 2010:177: tomcat5 September 12, 2010
Mandriva: 2010:176: tomcat5 September 12, 2010
Mandriva: 2010:175: sudo September 12, 2010
Mandriva: 2010:174: quagga September 11, 2010
Mandriva: 2010:173: firefox September 11, 2010
Mandriva: 2010:172: kernel September 09, 2010
Mandriva: 2010:170: wget September 02, 2010
Mandriva: 2010:169: mozilla-thunderbird September 02, 2010
Mandriva: 2010:168: openssl September 01, 2010

Red Hat:
Red Hat: 2010:0698-01: samba3x: Critical Advisory September 14, 2010
Red Hat: 2010:0697-01: samba: Critical Advisory September 14, 2010
Red Hat: 2010:0670-01: kernel: Important Advisory September 02, 2010

Malicious Email Campaigns
Malicious email campaigns seemingly continue and it is important to keep virus signatures up to date on all machines again the latest threats. However, it is uniquely important to not create a false sense of security on only rely on updated virus signatures to protect your machines. The human factor plays a huge role in providing additional security safe guards that IT and non IT personnel need to remember. A brief description of this human factor would included examples such as only open email attachments from known and trusted senders, do NOT surf or use/open email on mission-critical machines and servers - such important machines should not even have Adobe Flash Player or Adobe Reader installed on the platform.