3D Corp Congratulates Mills Electric on Their Recent Move

One of 3D’s valued clients, Mills Electric, has recently moved to a new location! After 40 years of residing at 1017 Iowa Street, they have moved to 4430 Pacific Hwy to take advantage of a much larger warehouse and parking availability. We want to congratulate them and wish them continued success and growth in their new “home”.

For additional information on their move, please check out the Bellingham Herald’s article “Longtime Bellingham company moves into new facility”.

If you’re moving your business to a new facility, 3D can help move and reinstall your network quickly and carefully. For more information on how 3D can fulfill your technology needs, please visit us at www.3dcorp.us, email us at info@3dcorp.us, or call us at (360) 671-4906.

Windows 7's XP Mode

Microsoft’s hugely anticipated operating system, Windows 7, has been successful since its launch six months ago and has essentially lived up to most consumers’ expectations - holding more than 10% of the current market share. However, as with most operating systems past and present, Windows 7 is not without its own issues. One in particular that has garnered much attention surrounds the “XP Mode” feature.

Primarily designed for small to medium sized businesses, XP Mode is an optional add-on to the Professional, Enterprise and Ultimate versions of Windows 7. It is a separate application, Windows Virtual PC, running a special virtual machine provided by Microsoft that contains a pre-installed, licensed copy of Windows XP Professional SP3 as its guest operating system. The virtual machine enables multiple operating systems to run simultaneously in the same machine, thus providing a virtualized Windows XP environment for running older applications that are not currently compatible with Windows 7.

The main benefits of XP Mode include:

• It enables users to run Windows XP inside a modern operating system (Windows 7), which helps take advantage of some of the improvements that have been made to things such as hardware support and security.
• It offers seamless integration. Users have the ability to close the virtual machine and still have access to the Windows XP applications directly through the Windows 7 start menu and run them “seamlessly” alongside applications that are installed directly on Windows 7.
• It allows businesses to upgrade their operating systems while still being able to work with applications that are not yet compatible with Windows 7.

While XP Mode seems to provide a great, easy fix to application compatibility problems, it does not come without some serious concerns and security implications that should be considered.
XP Mode is an independent Windows instance that does not share processes, memory, security settings, security software, patches, etc. with Windows 7. Therefore, XP mode does not inherit any security from Windows 7 and requires the user to separately patch the copy of XP in addition to Windows 7.

• Even though Windows XP mode operates in a virtualized environment, it needs to be managed like a physical PC. This requires the user to manage settings separately, configure two firewalls and install/manage two copies of antivirus/anti-malware software. Essentially, XP Mode doubles the complexity of your business network (20 machines turn into 40, etc).
• XP Mode requires a machine with at least 2 Gigs of RAM.
• XP Mode may also impact the speed at which applications run and overall performance of the PC.

Ideally, application and program creators will update their software to become compatible with Windows 7 in the very near future. Until then, however, businesses that choose to upgrade to Windows 7 will need to install XP Mode if they have any application compatibility issues. There are several steps a business can take to make sure XP Mode is more secure after installation. These include:

1. Ensure that the appropriate anti-virus/anti-malware software is installed on XP in the virtual machine.
2. Ensure that the virtual machine gets all the XP security updates.
3. Ensure that any applications installed in the virtual machine get vendor updates when needed.
4. Disable unneeded services on the XP OS running in the virtual machine.

For more information on Windows 7’s “XP Mode” and on how 3D can help keep your business network secure, please visit our website at http://www.3dcorp.us/, email us at info@3dcorp.us, or call us at (360) 671-4906.

References: Sophos.com, WindowSecurity.com “Windows 7 ‘XP Mode’: What are the security implications, Windows 7 News & Tips

Apple's OS X Update Fixes Serious "Pwn2Own" Flaw

Our Internet security solution provider WatchGuard has recently issued a high severity alert regarding a serious “Pwn2Own” flaw that affects all current versions of OS X 10.5.x and OS X 10.6.x. This flaw resides in Apple Font Services (ATF), which is an OS X component used to handle and display embedded fonts. According to WatchGuard, an attacker can exploit this flaw by enticing a user to a malicious website. Ultimately, this could allow the attacker to execute code on the user’s computer with that user’s privileges.

WatchGuard recommends users apply the security update released by Apple to fix the issue. More information and instructions on how to apply this update can be found at OS X Security Update 2010-003.

To read more about security threats to Macs, please refer to our previous blog posts entitled Don't Be Lulled into a False Sense of Security, Apple Releases Security Updates to Fix Almost 100 Vulnerabilities in OS X, Apple Releases Security Update to Fix Critical Vulnerabilities in OS X, and Apple Releases Security Updates to Fix OS X Vulnerabilities.

If you would like additional information on WatchGuard and other security solutions provided by 3D, visit our website at www.3dcorp.us, email us at info@3dcorp.us, or call us at (360) 671-4906.

References: WatchGuard’s LiveSecurity Update “Apple’s OS X Update Fixes One Serious ‘Pwn2Own’ Flaw”, Apple’s OS X Security Update 2010-003.

Microsoft Releases Updates to Correct over 20 Windows Vulnerabilities

Microsoft has released eight security bulletins describing over 20 vulnerabilities that affect all current versions of Windows. There are multiple ways an attacker can exploit these vulnerabilities, some of which include sending specially crafted network packets or enticing the user to open malicious media. Once exploited, the worst-case scenario enables the attacker to gain complete control of the user’s computer.

3D Corporation will automatically test and deploy security patches on the networks of our 3DProActive™ Managed and Partner clients to eliminate the risks imposed by these vulnerabilities. Other Windows users should download and install the appropriate patches immediately to avoid possible exploitation of their computer and/or computer networks. More information regarding these vulnerabilities and their impact can be found at the Microsoft Security Response Center Website and Microsoft Security Bulletin Summary for April 2010.

3D provides businesses with up-to-date security solutions that keep networks safe and secure. If you would like additional information on how we can make your network worry-free, please visit our website at www.3dcorp.us, email us at info@3dcorp.us, or call our office at (360) 671-4906.

References: WatchGuard’s LiveSecurity Service Update “Eight Microsoft Windows Bulletins Close Over 20 Security Holes”; Microsoft Security Response Center Website; Microsoft Security Bulletin Summary for April 2010

3D Hires to Expand Client Services and Network Engineering

Network management firm 3D Corporation is pleased to announce the addition of Christina Brillowsky to its Client Services Team as Marketing Assistant and Dennis Ordanov to its Engineering Department as Network Administrator.

Brillowsky is responsible for assisting 3D’s Marketing Manager, Gail Gromaski, in expanding 3D’s marketing programs and enhancing the company’s methods of communication with current and prospective clients. She will also be performing numerous administrative support functions to further develop internal processes throughout the company.

Brillowsky brings a wide array of marketing experience to 3D, ranging from print advertising to marketing and administrative coordination for a local real estate team. She possesses a degree in business administration with an emphasis in marketing and has worked in sales and marketing departments throughout California, Oregon and Washington.

As Network Administrator, Ordanov’s responsibilities involve assisting clients in resolving network issues and will eventually evolve into providing project management and emergency network problem resolution services. Ordanov’s diverse experience in network troubleshooting, in-house network administration and on-site network consulting coupled with his CCNA, Microsoft Certified Professional, CompTIA A+ and WatchGuard Certified System Professional (UTM/XTM products) certifications make him a valuable addition to 3D’s engineering team.

The “Threatsaurus” - Sophos’ Guide to Computer Security Threats

Sophos, a world leader in IT security and data protection, has released an A-Z security guide on common computer threats. Appropriately titled “Threatsaurus”, this guide defines and explains the various data and security threats on the web today in a simple, easy-to-understand language.

The first section of the 120-page guide contains descriptions of different types of threats from “A to Z,” starting with “Adware” and ending with “Zombies,” with a multitude of different threats in-between, such as Cookies, Malware, Spam, Trojans, etc. The following section lists the various kinds of hardware and software currently used to secure computers, including anti-spam and encryption software, firewall protection, and more. The guide also contains safety tips on what computer users can do to avoid many of these threats and ends with a “Virus Timeline,” which summarizes the evolution of the computer virus and describes some of the most prevalent viruses that have emerged throughout the last 3 decades.

Informative, useful and a “fun read”: the “Threatsaurus” guides not only the IT professional, but any computer user as well through the jungle of computer security threats. If you would like a copy of this free guide, you can download it at http://www.sophos.com/microsite/data-protection/. In addition, we have a limited number of free “Threatsaurus” calendars available at our office. If you would like one, please drop on by while supplies last! We are located at 2103 Grant St., Bellingham.

For more information on Sophos products or additional network security solutions that 3D Corporation can provide for your business, please visit http://www.3dcorp.us/, email info@3dcorp.us, or call (360) 671-4906.

Skype: A Great Deal or a Great Risk for Businesses?

Skype, the pioneering peer-to-peer Voice over Internet Protocol (VoIP) phone service, provides users with Internet-based voice, video, IM (Instant Messaging) and file transferring services. Since its inception in 2003, the number of Skype users has grown to over 200 million worldwide. With its easy-to-install, user-friendly, and inexpensive (free) application, Skype is becoming a more and more popular means of communication for both consumers and businesses alike. In fact, according to Info-Tech Research Group, 17 million people utilize Skype for business purposes. While Skype does offer businesses a low-to-no cost communication alternative, it does pose some risks and security concerns that should be considered before choosing to implement this application on your business network.

1. Application features. Consider the habits of your employees. The key features of Skype – Internet telephone, video, IM, and file sharing – are some of the main types of “time and productivity wasters” that a lot of businesses restrict. If you don’t think your staff will be able to resist the temptation to use these functions, thereby hampering their productivity, Skype ultimately may not be as cost-effective as it seems.
2. Application functionality. Skype is a closed source, encrypted, proprietary application whose functions do not follow known standards of network communication. Essentially, this makes it extremely difficult to “get under the hood”, so to speak, in order to figure out how the application actually functions. As a result, there is no base to compare to when determining if the application has been, or will be, compromised.
3. Business network performance. Skype allows several of its features to be used all at once. Depending on what is in use and the number of users actively engaged in the application, Skype may considerably lower the performance of a business network by impeding communications and Internet connectivity.
4. Ease of use. Download, Install, Set Up and Sign In – that’s all it takes to get Skype up and running on a user’s computer. This ease of use may present problems as the application is designed to work around firewalls and security features normally implemented on a business network. The ability of Skype to circumvent security applications leaves open avenues of entry into your business network for attack.
5. Monitoring and logging. There are numerous communication channels, or “service ports”, on a network that are used by applications to identify the type of services running on a machine. Skype can utilize all of the service ports to communicate, which inhibits a business’ ability to properly monitor their employees’ online activities. For example, a user accessing Skype may be using the same “service port” as used for web browsing. Thus, if your business currently restricts the use of Skype on your network, it will be difficult to determine whether or not the application has been accessed.
6. Malware propagation. Like any Instant Messaging or email application, Skype provides the same avenue for malware, spyware, Trojans, etc. to infect your business network. Correspondingly, any person using Skype can open the same door for these attacks.
7. Illegal activities. Just like other IM platforms, Skype users are vulnerable to “phishing”. This is an illegal practice in which an individual may pretend to be your bank and attempt to get you to divulge your account information, social security number, credit card information, etc. Ultimately, this behavior can lead to identity/data theft for the individual and/or business and, often, the information obtained is used to perform fraud-based criminal acts.
8. Legal ramifications. Because Skype is not able to properly monitor and log voice calls, a business may find that by using this application, they are not in compliance with the Payment Card Industry Data Security Standards (PCI DSS). If a business is found non-compliant with these standards, they may be charged a hefty fine, or, in some cases, have their credit card processing privileges revoked.

Overall, Skype, like many other software applications, does not come without risks. If your company chooses to use it on your business network, please do so with caution and ensure policies are in place so employees are aware of the risks involved. As always, you will want to be sure that your antivirus and spyware protection applications are working properly and are up-to-date. 3D can assist your business in ensuring your network has the proper tools in place to keep it safer and more secure.

If you would like more information on the network security solutions that 3D can provide your business, please visit our website at http://www.3dcorp.us/, email us at info@3dcorp.us, or call us at (360) 671-4906.

References: http://www.tmcnet.com/news/2005/nov/1203541.htm, WatchGuard, BusinessWeek.com, http://kiwicommons.com/2009/12/how-to-use-skype-safely/