3D News Blog Poll: Should there be a separate 3D blog for security alerts?

Since it was created in September of last year, the content of the 3D News Blog has been a combination of company news, informational articles covering business network technology, security alerts, and much more. As we add more and more information to our blog, we’ve come to realize that some of our readers find our company news and informational articles on network technology more valuable than the numerous security alerts that we sporadically post, especially our clients that receive patching services through our Managed and Partner levels of 3DProActive™ service and therefore do not have to worry about security threats to their business’ network. However, we realize that readers who do not receive our 3DProActive™ service may still like to read about recently-discovered security threats; thus, in order to find out for sure, we have created a poll located in the right column of this blog by which you can vote on whether we should keep the blog the same with a mixture of security alerts and informational articles, or if we should create a separate blog just for security alerts so that readers have easier access the information that is most useful to them. Additionally, if you have any suggestions on how else we can improve our blog, topics you would like to read about, etc., please feel free to post a comment below with your ideas.

We appreciate your input, value you as a reader, and hope you continue to benefit from the information we provide on our blog.

If you would like to learn more about the network management solutions 3D Corporation can provide your business, please visit our website at http://www.3dcorp.us, email us at info@3dcorp.us, or call us at (360) 671-4906.

Avoid Pitfalls When Changing Your Business' ISP

When a business makes the decision to change its Internet Service Provider (ISP), some serious and potentially debilitating network issues can arise if the switch is not handled properly. These may include Internet outages, lost or delayed email, loss of remote services such as Remote Desktop Connection, Outlook Web Access, and/or Virtual Private Network; decreased quality of Internet service; vendors not being able to provide adequate, timely support; and loss of Line of Business application connections to outside vendors and/or websites.

In order to avoid these pitfalls and ensure a smooth transition to a new ISP, there are some minimum guidelines and specific steps that your business should follow. The following items give a glimpse of what needs to occur in order for your business to make a smooth ISP switch:

1. Your network management provider will need to gather the necessary information from your current Internet Service and DNS (Domain Name System)/webhosting provider, facilitate the coordination of the service changes, make adjustments to the firewall internally, and perform the follow-up after the change takes place.
2. A week prior to the change, your new ISP will typically provide you with new IP addresses, which you should give to your network management provider as soon as possible.
3. At least two days prior to the change-over, your network management provider will need to create some additional mail server identification records to make the change-over as smooth as possible for your email services.
4. Your network management provider will contact the new ISP to request that a reverse DNS be created for your new IP addresses (the unique Internet addresses for each computer on your network) to help ensure that email will not get rejected once the change is made.
5. On the day of the change-over, several steps will be performed by your network management provider. With proper planning and collaboration, these will go smoothly and the switch can occur without a glitch!

Proper planning for implementation can significantly reduce the chance of your business being negatively impacted when changing your ISP. As with all major changes that are made to a business network, enlisting the assistance of a qualified network management provider can help make the transition go more smoothly. For more information on how 3D can help your business change to a new ISP and provide your business with many other valuable network management services, please visit our website at http://www.3dcorp.us/, email us at info@3dcorp.us, or call us at (360) 671-4906.

Adobe Corrects 18 Shockwave Security Flaws

Our security solution provider WatchGuard recently issued a high severity alert regarding 18 security flaws that affect Adobe Shockwave Player 11.5.6.606 and earlier versions running on Windows and Macintosh. For the most part, the flaws consist of memory-related vulnerabilities and various other memory corruption flaws. An attacker can exploit these flaws by enticing a user into visiting a website containing a malicious Shockwave file. Ultimately, the attacker can execute code onto the user’s computer and potentially gain full control of it.

Due to Adobe’s acquisition of the multimedia program Flash Player from Macromedia, Adobe Shockwave Player is being used less often and is therefore infrequently patched, making the application less secure and more vulnerable to attacks. In order to mitigate the potential risks involved in using this application, as part our Spring 2010 Seasons of Service program, 3D offered the removal of Adobe Shockwave Player from the workstations of clients for whom the use of the application was no longer necessary. Seasons of Service offers our 3DProActive™ Managed and Partner clients unique opportunities to receive valuable network maintenance to sustain ongoing reliability and security. 3D’s proactive removal of Shockwave has proven beneficial in keeping networks secure from the threats posed by the program’s recently-discovered flaws.

For those still using Adobe Shockwave on their network, WatchGuard recommends that users download and install the updated player as soon as possible.

If you would like additional information on how 3D can protect and manage your business network, please visit our website at www.3dcorp.us, email us at info@3dcorp.us, or call us at (360) 671-4906.

References: WatchGuard’s LiveSecurity Update “Adobe Corrects 18 Shockwave Security Flaws”

3D Corp Congratulates Wilson Motors on winning the Toyota Presidents Award

One of 3D’s valued clients, Wilson Motors, was recently selected for the 2009 Toyota Presidents Award. The Presidents Award is the highest honor that Toyota gives to any dealer, and it is the third time that Wilson Motors has won it.

For additional information, please check out the Bellingham Herald’s article “Wilson Motors of Bellingham wins Toyota Presidents Award.”

Security Update: VBA Vulnerability Makes Office Documents Dangerous

Microsoft has released patches to fix a vulnerability in their Microsoft Visual Basic for Applications (VBA), which ships with all current versions of Microsoft Office. VBA is essentially a programming language that allows developers to make customized applications based on the Office applications. According to the Security Bulletin released by Microsoft regarding this vulnerability, VBA suffers from a memory corruption vulnerability having to do with the way it searches for ActiveX controls in a document that supports VBA. An attacker exploits this by luring a user into downloading a specially-crafted Office document that supports VBA (including Word, PowerPoint and Excel documents) and executing code on the user’s computer, possibly enabling them to take full control over the user’s machine.

3D Corporation will automatically test and deploy security patches on the networks of our 3DProActive™ Managed and Partner clients to eliminate the risks posed by this vulnerability. Other Windows users should download and install the appropriate patches immediately to avoid possible exploitation of their computer and/or computer networks. More information regarding this vulnerability and its impact can be found in Microsoft Security Bulletin MS10-031.

3D provides businesses with up-to-date security solutions that keep networks safe and secure. If you would like additional information on how we can make your network worry-free, please visit our website at http://www.3dcorp.us/, email us at info@3dcorp.us, or call our office at (360) 671-4906.

References: WatchGuard’s LiveSecurity Service Update “VBA Vulnerability Makes Office Documents Dangerous”, Microsoft Security Bulletin MS10-031.

Microsoft Unveils Code Execution Vulnerability in Outlook Express and Windows Mail

Microsoft recently issued a security bulletin reporting and releasing updates to fix a vulnerability that affects Outlook Express, Windows Mail, and Windows Live Mail. An attacker can exploit this vulnerability by enticing a user to connect to a malicious POP3 or IMAP email server (or by performing a man-in-the-middle attack). In doing so, the attacker can execute malicious code and potentially gain full control of the user’s computer.

3D Corporation will automatically test and deploy security patches on the networks of our 3DProActive™ Managed and Partner clients to eliminate the risks posed by this vulnerability. Other Windows users should download and install the appropriate patches immediately to avoid possible exploitation of their computer and/or computer networks. More information regarding this vulnerability and its impact can be found in Microsoft Security Bulletin MS10-030.

3D provides businesses with up-to-date security solutions that keep networks safe and secure. If you would like additional information on how we can make your network worry-free, please visit our website at http://www.3dcorp.us/, email us at info@3dcorp.us, or call our office at (360) 671-4906.

References: WatchGuard’s LiveSecurity Service Update “Code Execution Vulnerability in Outlook Express and Windows Mail”, Microsoft Security Bulletin MS10-030.

Fake and Bake: Don't Cook Your Data with Bogus Antivirus Software

Fake antivirus software, also known as “rogue security software” or “scareware,” is on the rise and likely to become the most costly security scam in 2010, according to McAfee, a security solutions software provider for home, home office and business networks. While this threat has been around for quite some time, even the savviest of computer users fall victim to it due to scammers’ increasingly sophisticated tactics.

Fake antivirus software designers create legitimate-looking pop-up windows that advertise security update software and may appear on the user’s screen while surfing the web. The scareware scam typically starts with a pop-up that claims the user’s PC is infected with malware and then prompts the user to purchase the fake ‘security software’ which is actually malware in disguise.

More recently, scammers have been utilizing SEO (Search Engine Optimization) techniques by pushing infected URLs to the top of search engine results about recent news events. People looking for articles on such events may encounter results that, upon clicking, are instead redirected to a fake antivirus software site and are encouraged to download the “trial” version.

While scammers’ tactics have grown more sophisticated, there are ways to distinguish fake antivirus software from the real deal. Here are 5 things to consider when determining the legitimacy of antivirus software, according to Scambusters.org:

1. Fake antivirus programs often generate more ‘alerts’ than the software made by reputable companies.
2. The user may be bombarded with pop-ups, even when not online.
3. High-pressure sales copy will try to convince you to buy RIGHT NOW!
4. If the computer is infected, it may slow down dramatically.
5. Additional signs of infection include: new desktop icons, new wallpaper, or having the default homepage redirected to another site.

Along with being aware of these distinguishing antivirus software features, there are several tips a user can follow to mitigate the risk of downloading scareware and infecting their computer.

1. Keep the computer updated with the latest antivirus and antispyware software.
2. Be sure to use a good firewall, one that has been properly installed by your IT provider.
3. Never open an email attachment unless the source is completely trustworthy.
4. Do NOT click on any pop-up that advertises antivirus or antispyware software.
5. If a virus alert appears on the screen, do NOT touch it. Don’t use your mouse to eliminate or scan for viruses, and DON’T use your mouse to close the window. Instead, hit control + alt + delete to view a list of programs currently running, delete the program from the list of running programs, and call your computer maker’s phone or online tech support service to learn if you can safely use your computer.
6. Do not download freeware or shareware unless it is from a reputable source.
7. Avoid questionable websites. Some sites may automatically download malicious software onto your computer.
8. Check out this partial list of rogue antivirus security software provided by Wikipedia: http://en.wikipedia.org/wiki/Rogue_security_software.

3D can provide your business network with security solutions that will help prevent fake antivirus software and additional malware programs from infecting your network. Please visit our website at http://www.3dcorp.us/, email us at info@3dcorp.us, or call us at (360) 671-4906 for additional information.

References: http://www.scambusters.org/fakeantivirus.html, Fake antivirus software is most costly security scam of 2010 – Techworld, http://en.wikipedia.org/wiki/Rogue_security_software