Adobe Reader X Quick Review

I originally wrote this article for HijinksInc.com
_________________________________________________
Background
Last week Adobe released a new version of Adobe Acrobat, version X.  This is a new version of the program that many of us use every day.  In the past people shied away from new versions of Acrobat reader because over the years the program had become bloated and slow.  However this new version offers important security benefits and speed improvements that make the upgrade worth it.

As many people know Adobe Reader has become one of the favorite attack vectors for hackers and malware over the past few years for a number of reasons including.

  1. The install base is huge! Most new PC’s come with it preinstalled, if not almost everyone needs a PDF viewer and Adobe’s is the most popular.
  2. Quarterly updates that Adobe releases are too slow and infrequent, Only if an exploit is really bad does Adobe decided to do an out of cycle update.  Even with these updates few people know that the program needs updated.  The automatic updates in version 9 have been better but still seem to fail most of the time.  Manual updating seems to be required.
  3. The ability to run things such as Javascript in a PDF exist and are on by default.  Just about everyone does not need this feature and it represents a large place to exploit.
The Good
Security
The biggest feature of version X is the introduction of a Sandbox.  A sandbox provides isolation  of the program from the operating system, to lessen the chance of security exploits.  Adobe does a great job in explaining all about the sandbox features in these two blog posts, Sandbox Post 1,  Sandbox Post 2, Sandbox Post 3, Sandbox Post 4.  This is such a big thing from a security angle that the SANS institute has recommended that everyone install Adobe Reader X to get this feature.  https://isc.sans.edu/diary.html?storyid=9976

Speed
Surprisingly this new version is faster than the old version 9.  It appears to be less bloated and quicker responding.

Other changes
I noticed the voice that will read text to you if you want seems to be more like a human.  The flow is greatly improved. The interface has been tweaked slightly to have more of a beveled edge, silver stainless steel look.  I like it.  Its nothing revolutionary but a nice, clean change.  The updater also now allows for you to set it to automatically download and install updates.  Hopefully this works well and allows the program to stay up to date without much user intervention.   I do hope Adobe changes their company policy and moves to a monthly update policy on the second Tuesday of the month, like Microsoft.  This will make the task of corporate administration much easier on the administrator.

The Bad
By default two security settings are on, when they should be disabled for increased security.  They pertain to features that a very, very small percentage of users actually use.  If for some reason you needed these someday you can easily turn them on, but for maximum security they should be off.  Adobe has even recommended doing this when the program has had problems in the past.
So to disable these settings go under EDIT—> Preferences —-> Then on the Left hand side choose JavaScript and then at the top of the page, uncheck the box that says “Enable Acrobat JavaScript

The second option that needs changed is under this same menu.  Choose Trust Manager on the left hand side of the page, then at the top of the page uncheck the box that says “Allow Opening of non-PDF file attachments with external applications”

The other bad thing is that despite these new security features the very people you are trying to keep out are trying to take advantage of this new release to push their spamware most of it dubbed “Adobe Acrobat 2010” THIS IS FAKE and Malware, DO NOT INSTALL.  The SANS institute has a nice post about this as well, even with photos! https://isc.sans.edu/diary.html?storyid=9982

In conclusion when combined with the new security features and increased performance this seems like a great thing to have if you like the official client.  Here is a direct download for Windows ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.0.0/en_US/AdbeRdr1000_en_US.exe

Security the Family PC

This story was Originally Posted at HijinksInc.com by me, the author.

The SANS center also known as the Internet Storm Center is a volunteer organization dedicated to computer and Internet security. They rely on volunteers to detect problems, analyze threats and provide technical and procedures to the general public and IT professionals to address these threats. I visit their website at https://isc.sans.edu/ daily to see the new threats that I need to be aware of as a general PC user and an IT professional at work. It is very well known in the security community of posting quality information in a very timely manner.

They have designated October as Cyber Security Awareness Month and have dedicated that efforts this year will be focused on “Securing the Person”, in other words they are talking about the human element of security. These things go beyond the everyday security practices of “Run a Firewall” but should be helpful for anyone who does any technology trouble shooting. I plan on highlighting some of each days topics that I think will be most helpful for readers adding comments and other thoughts along the way.

Today’s topic is “Securing the Physical Family PC”. Anyone who has a computer at home should consider implementing at least some of these tips. They are designed for families but most can apply to anyone. I will talk more about general computer security such as software updates, network security, etc in my next post.

  • Backup your computer.
    • In my opinion this is the most overlooked area in home computing today. We live in a digital world today, with most people owning a digital camera, purchasing digital content (music, movies, software, games, etc) but they fail to prepare for problems. Computers have problems from time to time, hard drives and other hardware fail, computers become infected with viruses and malware, acts of God (Flood, Fire, Tornado), and theft all happen. What would you do if your house burned down? Would all of your digital photos, turbotax records, music from the past 5 years burn with it? The answer should be no. Backing up for protection from a hardware failure is easy with a local copy on another hard drive but it is not perfect because it does not protect against theft and acts of God, a more perfect solution involves an offsite backup. Many online cloud solutions are good for this, each service is a bit different and has pro’s and con’s. My favorite of the moment is Backblaze but other good options are Mozy and Carbonite. Take a look at them and consider implementing something on your computer today. All of these services offer encryption and trial periods. With any cloud based backup solution the initial backup may take days but in the end it is worth it. On my list of To Blog about topics includes a couple of backup articles. More will follow.
  • Use an uninterruptable power supply (UPS) for PCs, laptops have their own built-in UPS – the battery.
    • Many people understand that a computer should be plugged into a surge protector, but a UPS is an even greater source of protection. UPS’s allow a PC to run on battery power should the power dip, or spike or go out and most initiate a safe shutdown procedure to protect your hardware from damage that would result. In the midwest they are very handy to help with extreme weather.
  • Document computer details in writing (serial number, software, receipts, BIOS password, etc.) and keep the documentation in a fireproof box or safe
    • This is very helpful information if you ever have computer problems or need to call your manufacture for support. It is also helpful for an insurance inventory. Consider storing a copy online in the cloud as well. Dropbox, Lastpass, and a Google Document (for non sensitive information) are both good ways to do this. Also keep the information up to date
  • Keep all of the hardware and software manuals, plus any software CDs/DVDs in one place that is easy to find
    • Common sens here, it makes it easy to find when you need it in a panic situation.
  • Use a cable lock to keep intruders from stealing the computer should there be a break-in
    • No device makes it impossible for a thief to steal if they really want it. A cable lock does slow someone down. This may seem overkill but works especially well in some environments (Think college dorms).
  • Throw a towel over the web cam (better: unplug the web cam)
    • The recent news story of school district that was found to be spying on students while at home by accident with the school issued laptops, integrated web cams (News stories here: Story 1, Story 2, Story 3) have brought this to the attention of the public. It is possible for a virus of malware program to do the same thing. As a result the easy solution is just to cover it up. On laptops with integrated web cams a piece of blue painters tape or sticky note works well too. Most people don’t use their web cams all the time so this is an easy way to improve general security.
  • Unless it needs to always be on, consider turning it off when not in use
    • Computers use a lot of energy and create a lot of heat. Consider shutting it off or enabling sleep or suspend mode on your operating system to control this.
  • Keep plenty of room around the PC so that air can flow through to cool it
    • Computers are hot and need lots of air moving through them for cooling. Under the desk in the corner on the dirty floor is not the best place for a PC. Out of sight, out of mind is not a good policy to follow here. At least once a year (preferably once a quarter) unplug the computer, take it outside, open up the side of the computer case, and then blow the dust out with a can of compressed air. This is easy to do and will keep the computer running much cooler. A cool computer is less likely to have stability problems and hardware failure.
  • Keep all computers in full view (no hidden machines, no illusion of privacy)
    • This one is really designed for families with children. A PC in the living room that the kids use really do allow for parents to keep an eye on what the kids are doing online. Also for younger kids who are using the computer for homework it can help to keep down the many distractions they face (IM’s Facebook, etc)

Here is a link to the original SANS article https://isc.sans.edu/diary.html?storyid=9649

HijinksInc – Secunia PSI The security tool every Windows user should be running.

Originially published at Hijinks Inc on September 1, 2010
____________________________________________________________
Lets be honest, Windows security is not the easiest thing to manage. On top of the Microsoft products, there exist the 3rd party programs that tend to be forgotten about. Microsoft has made great progress with the security of Windows in its most recent releases of Windows 7 and Office 2010, but that’s only part of the solution. The Microsoft update website and built in Microsoft update utility in Windows Vista and Windows 7 have helped a great deal with keeping Microsoft products up to date, but these are far from all of the programs that most people run. Persons crafting malicious code such as viruses, malware, etc know this and are targeting other programs too. These 3rd party programs do not have a common updater and each must be updated on its own, for example, programs like Adobe Flash Player, Adobe Acrobat, Java, and Firefox, just to name a few. It is a lot for the average user to do, especially considering there is no general update policy (IE, Patch Tuesday) with most vendors, and announcements about updates are quiet.

Enter Secunia PSI. This is a free (for personal use) program put out by the Secunia company. They specialize in finding exploits and providing monitoring software. PSI (Personal Security Inspector) is a tool that scans the programs on your hard drive and then does version checks against its vast list of known exploits. It then notifies you of older versions and tells you where you need to go to fix them. The program is great for finding those programs you rarely use and forget about when updating.

The program is smart. For Microsoft websites it knows to open them in Internet Explorer so the download tools will work. It also allows you to rescan specific programs after you update them instead of spending time to rescan your entire drive. It also offers the ability to ignore a specific program if for instance you need the older version for a custom tool to work. It will run in the background and notify you when new updates are available or new known exploits exist. It also offers an advanced mode which offers more features and details. In advanced mode PSI will tell you about products you have installed that are no longer supported by their vendors and any known exploits that exist in them.

Secunia also offers a product called OSI (Online Security Inspector) which is a great tool as well. It is similar to PSI but does not require you to install anything. However, it does require Java to run in the browser. While not as thorough as PSI, it’s similar in operation and usage.

In conclusion, this is a great tool that is very thorough and easy enough to use that every user should have this in their tool box and run it as part of a biweekly security audit. It really helps to inform users of out of date software that could leave their computer vulnerable. While PSI is targeted for personal use, they offer a corporate version that is a paid version. Its functionality is similar but it also offers many more features.

____________________________________________

Update #1

Since this article was originally posted Secunia has come out with a new version of its PSI security tool that is currently in beta. It is called Secunia PSI 2.0. You can grab a copy for free here. The big feature that this adds is the ability to install updates silently and automatically if you choose. I think this could be a great feature especially for people who don’t want to deal with always having to update their computers.

Hijinksinc – Nothing to See Here: Starcraft 2 is NOT killing graphics cards

I recently started to blog for Hijinks Inc a local technology & gadget blog. I am excited to start doing this and have several ideas of stuff to write on focusing on photograph & computer security. I hope this gives me a good reason to produce new content as well. I will be reposting articles with the permission of Hijinks Inc. Be sure to follow them on Twitter at @HijinksInc

Originially published on August 4, 2010 at Hijinks Inc

With the launch of Starcraft 2 on July 27th, 2010 people were excited to get their hands on this long awaited game. Development of the game started in 2003 and had been delayed or postponed several times due to other games Blizzard was producing at the time.
Since the launch minor issues have been growing, and today Blizzard Confirms an overheating issue. However, this story has been spun by the technology community even to the point where Slashdot picked up on it. It has been given menacing sounding titles such as “Is Starcraft II bad for your graphics card?” by ZDnet and “Is Starcraft II Killing Graphics Cards” by Slashdot. A much more appropriate title to the actual problem is one given by OverClockersClub “Starcraft 2 causing some GPU’s to Overheat”

The problem is that during some of the in-between mission screens, cut screens and menu screens are not frame capped like the actual game play is. This causes the GPU to render these screens as fast as possible. Since these screens are simple and, for the most part, static, the computer has an easy time and is able to render these very quickly causing the GPU to heat up. This increased heat and power consumption exposes flaws in Starcraft II players’ computers, causing crashes, reboots, and even some claimed GPU failures.

Now, is this Blizzard’s fault? No, it’s really not. Gamers should expect games to tax their computers; this means heat. Blizzard and other game/program publishers should expect their customers’ computers are free of dust and have adequate cooling. This supposed bug in Starcraft II only exposes existing issues with the hardware of gamers computers. The same overheating issues would be exposed with any other game or program that stresses the system, and especially the GPU. A GPU with proper cooling should be able to handle 100% load for extended periods of time with no problems. Blizzard’s fix (below) is a setting users add to a configuration file to limit the frame rate in the areas of the game where there currently isn’t one. Since Starcraft II development period was so long and the public beta was so large, I would have expected this issue to have been found and fixed in the beta. This setting should have been enabled as a global setting in the game by default. For this I hold Blizzard accountable. There is no good reason that a gamer would disable vsync unless they are running benchmarks.

Blizzard support team has issued instructions for a temporary fix and says a more permanent fix is in the works.

A temporary workaround is to go to your Documents\StarCraft II Beta\variables.txt file and add these lines:
frameratecapglue=30
frameratecap=60
You may replace these numbers if you want to.

Other good practices to fix this problem and to avoid this issue in the future are the following:

Update your graphics drivers. Graphics manufactures are constantly improving their drivers, fixing issues with new games and improving performance. ATI for example has issued a beta version of drivers 10.7 that fixes a few specific issues with StarCraft II.
Make sure your computer’s insides are clean and have adequate airflow. For a desktop PC I recommend opening up the side of the case and using compressed air to blow out all the dust. Do this at least twice a year, if not more often. Take the computer outside to do this because it creates a mess and it gets rid of the dust so the computer does not suck it up again. Doing this can easily make your computer run several degrees cooler.
If you are overclocking or are running a very high end graphics card make sure you have more than adequate cooling. During these hot summer months the ambient temperature of many homes is at its highest, causing more stress to be placed on your computer hardware. Run temperature monitoring software if you continue to have problems or want to monitor your hardware before damage occurs.
I have seen no mention of a fix on the mac platform so right now we can assume this is a PC related problem.

SC2