Eat Spam, Just Don’t Look at It

Spam—not the greasy, compressed meat derivative that you may remember fondly (or not so fondly) from camping trips as a kid, but the type of spam we ALL hate that insidiously enters your computer, tempting you to open it and do its bidding. At best, it steals our time and resources. At worst, it can lead to infection of computer networks, identity theft and potential prosecution if your computer has been compromised and used for illegal purposes. Per the spamlaws.com website, there are 14.5 billion spam messages that are emailed globally each day. Nucleus Research estimates the average cost per employee each year due to spam is over $1,900 in lost productivity. Nobody with a computer is completely immune to the effects of spam.

To combat spam, there are some tips that end users can use to lessen the impact (these steps are not all-inclusive). There are many ways you can help protect yourself:

1. Despite how tempting it may be to blow off steam and respond to a spammer—don’t. Responding confirms that your email address is valid, and you will most likely end up on the radar of more spammers.

2. Don’t hit the unsubscribe button, as this can have the same effect, unless you are sure the sender is legitimate.

3. Delete emails that you know to be spam without opening them. Some messages can contain code that, when opened, sends a response to the spammer that you are there.

4. Have separate email addresses for your work, personal and ‘junk’ accounts. Use the junk account when you sign up for sites that require an email address. This will help in keeping your work and personal accounts clean.

5. Jokes and other personal type of emails tend to get forwarded a lot of times. If you feel like you must forward a message to everyone on your address list, use the BCC: (blind carbon copy) field for their addresses. This will help keep their email address from being harvested by spammers. Also remove the previous email addresses in the email.

While these are steps end users can use to help protect their email accounts, 3D Corporation can assist in the spam battle on your business networks through the use of corporate level products. With the correct hardware and software deployed and tuned for your network, the impact of spam can be greatly decreased. A good firewall such as a WatchGuard with UTM (Unified Threat Management) will assist in spam control, viral and intrusion prevention by dropping the connections before these security risks can enter your network. This translates to lower risk for your network and less overhead on your servers. For spam that has made it past the firewall, the use of Sophos Endpoint Security solutions can effectively block most spam before it arrives to the end user. It also adds another level of anti-viral, adware and spyware protection to your network.

While spam continues to be a problem, there are ways to limit your exposure and protect yourself and your network. By proactively working on these issues and implementing a good plan for protection, you will decrease the risk that comes with use of the internet.

For more information on how 3D Corporation can provide security solutions to protect your business from spam and other threats to your network, visit our website at http://www.3dcorp.us/.

References:www.spamlaws.com/spam-stats.html, www.spamlaws.com/prevent-spam.html, nucleusresearch.com

Power Outages: A Pain in the Network

As we endure regular power outages this winter as a result of bad weather, taking steps to proactively protect our business data becomes more and more critical. In a previous post entitled “Winterize Your Network,” we emphasized the importance of verifying that all battery backup units (UPS) are charged and functioning in the event of a power outage at your business. A UPS is an essential piece of equipment in protecting your server; however, the purpose of a UPS is to ensure graceful server shutdown (thereby preventing potential data loss and hardware damage), not to keep the server running so business can continue. Some battery backup units can run longer than others depending on the size of battery and electrical load; regardless, most batteries for these units are not designed to be drained and recharged many times, and will consequently require replacing after so many cycles. Also, if a power outage occurs in the summer and your air conditioners are no longer able to run, heat can also shorten the life of your batteries among other network hardware, making battery failure significantly more likely.

If a power outage lasts for more than an hour or two, a generator is the best method to use for averting downtime for your business and should eventually prove to be a worthwhile investment. A properly spec’d generator will also keep your A/C running, thereby preventing any heat-related damage as well. In purchasing a generator, your business will not only save money in avoiding lost revenue due to downtime, but will also avert the costs of repairing or replacing damaged hardware due to heat fatigue.

Although UPS and generators are essential in providing adequate backup power in the event of a power outage, no equipment is fail-proof, and there are simple things the members of your staff can do to prevent data loss as well. When preparing documents, we recommend employees save their data every 5-10 minutes and not to wait until the document is ready to be closed or completed. Power outages usually happen with no warning, so frequent saves can prove very beneficial in preventing the loss of work and time. Remember that unless the workstations are on battery backup units, there will be no time to save the work being done on them once the power drops.

Additionally, programs in the Microsoft Office Suite have what’s called an “Auto-Recover” feature that will automatically save documents every few minutes and should recover the document in the event of a shutdown (instructions for adjusting the settings for this feature can be found in Microsoft Office Help by conducting a search using the keywords “auto save.”) Even though this feature can be extremely useful, we recommend that users still save their own work frequently in case the feature is not functioning properly or the settings are unexpectedly changed for whatever reason. We have seen more failures of this feature than successes, so we council against relying on it.

Work documents are also safer when they are saved on a server and not on the workstation’s local hard drive. Servers are much better equipped than workstations to endure power failure, so data is much safer when stored there.

Investing money in UPS and generators is quite important in protecting your network; however, instructing your staff to invest time in saving their work frequently and in the appropriate place is incredibly valuable in protecting the data of your business. To learn about how 3D can work with you to proactively protect your business data, visit our website at http://www.3dcorp.us/.

Microsoft Releases Security Updates to Fix Critical Windows Vulnerabilities

Microsoft has issued four security bulletins concerning critical vulnerabilities in all current versions of Windows. Attackers can exploit these vulnerabilities in multiple ways including sending a maliciously-crafted data packet when a Windows user opens a webpage or by running a malicious program. These methods of attack could produce a variety of results, the worst being the attacker gaining full control over the user’s computer.

For 3D clients who receive 3D patching, these patches will be handled automatically. Other Windows users should immediately install the security patches released by Microsoft to fix these vulnerabilities or allow Microsoft’s Update utility to install the patches automatically. Further information and instructions for patch installation can be found in the following security bulletins on Microsoft’s Website: MS09-063, MS09-064, MS09-065, and MS09-066.

Security solutions provided by 3D can block many attacks like these automatically. To learn more about how 3D can protect your network, visit our website at http://www.3dcorp.us/.

References: WatchGuard's LiveSecurity Service Update "Four Windows Security Updates Fix Three Critical Vulnerabilities," Microsoft Security Bulletin MS09-063; Microsoft Security Bulletin MS09-064; Microsoft Security Bulletin MS09-065; Microsoft Security Bulletin MS09-066.

Vulnerabilities Discovered in Microsoft Word and Excel

Microsoft issued two security bulletins yesterday concerning vulnerabilities in Microsoft Office’s Word and Excel programs for Windows and Mac. Attackers exploit these vulnerabilities by enticing a user to open a maliciously-crafted Word or Excel document. Once opened, the document enables the attacker to inherit the user’s permissions and ultimately gain full control over the user’s machine.

Microsoft Office users should beware of all unexpected Word (.doc) and Excel (.xls) documents and immediately install the appropriate Office patches created by Microsoft to fix the vulnerabilities. Further information and instructions for patch installation can be found in the following security bulletins on Microsoft’s Website: Microsoft Security Bulletin MS09-067 (Excel); Microsoft Security Bulletin MS09-068 (Word).

Office users can also let Microsoft’s Update utility install the appropriate patches automatically.

To learn how 3D’s network management solutions protect businesses from threats like these, visit our website at www.3dcorp.us.

References: WatchGuard's LiveSecurity Service Update "Microsoft's Office Patches Fix Word and Excel," Microsoft Security Bulletin MS09-067, Microsoft Security Bulletin MS09-068

QuickTime Vulnerabilities to Malicious Movies and Images

Our Internet security solution provider WatchGuard has recently issued a medium severity alert concerning vulnerabilities in QuickTime, a media player for both Windows and Macintosh OS X. These vulnerabilities can be exploited by attackers by enticing users to click a malicious link or view a malicious movie or image, allowing the attacker to execute code on the user’s computer and potentially gain control over it.

WatchGuard advises both Windows and OS X users to download and install QuickTime 7.6.4 to fix these vulnerabilities as soon as possible. Apple’s Software Update tool can also be used to download and install this version of QuickTime.

To find out more about WatchGuard and other network security solutions provided by 3D to protect businesses from threats like these, visit our website at www.3dcorp.us.

Apple Releases Security Updates to Fix OS X Vulnerabilities

Our Internet security solution provider WatchGuard has recently issued a high severity alert regarding vulnerable flaws in all current versions of OS X, Apple’s line of operating systems for Macs. According to WatchGuard, the vulnerable flaws in OS X could enable attackers to entice users into downloading and viewing harmful images. Downloading these images could produce a variety of results, the worst case being an attacker executing code on the user’s computer, potentially gaining full control of it.

WatchGuard strongly encourages users to apply the two security updates released by Apple that fix vulnerabilities in all current versions of OS X. OS X users should download, test and deploy the corresponding updates as soon as possible. The updates can be downloaded on Apple’s website according to the instructions provided in the following security update notices: OS X Security Update 2009-005 and OS X 10.6.1 Security Update. If users have trouble figuring out which updates correspond to their version of OS X, WatchGuard recommends letting OS X’s Software Update utility pick the correct updates automatically.

To find out more about WatchGuard and other security solutions provided by 3D to protect businesses from threats like these, visit our website at www.3dcorp.us.