On the second Tuesday of each month Microsoft releases software patches & updates for their various products, so this is a very important day for all Windows users who care about their privacy and security [full summary here].

Why? Well..

Often a Microsoft patch or update will close a vulnerability that, if left unaddressed, could allow an attacker to take complete control of your computer.

And that’s something you REALLY don’t want!

Keeping your installation patched up-to-date is so important that, whether or not you have Automatic Updates enabled, at this time of each month it’s still wise to manually double-check that everything that matters has been installed. Don’t be put off by the word “manually” — it’s a quick and easy process.

HERE’S HOW:

• Point your web browser to: http://www.update.microsoft.com
• Click the Custom button.
• Install any high-priority updates that are reported.

But Don’t Stop There!

In the column on the left-hand side you will see links for:

• Software, Optional (n)
• Hardware, Optional (n)

The number in brackets indicates how many updates of that type are applicable to your computer. If the number is anything other than (0) then click that link and investigate, installing the update if necessary (or if in doubt). Similarly, you may find relevant updates in one of the links under “Select by Product”, so do the same with any of those.

WEBCAST:
Each month, in association with PatchTuesday, Microsoft presents an online Webcast to address customer questions on the bulletins for that month. Webcasts are usually initially presented on the Wednesday, the day after Patch Tuesday, at 11:00 AM Pacific Time (US & Canada). They are also recorded and available for later viewing. To register for a Webcast or to view Webcasts that have passed, click this link.

By the way… SymmTime is a great on-screen world time utility for anyone who needs to check or convert times around the world. It’s free and highly configurable.

Did you know…

Many of the malware threats that you are frequently warned about in the various news and information media, on and off-line, should never be the slightest threat to you.

How come? Well, because…

If you made a habit of applying the patches & updates that are issued by Microsoft every month, you would be IMMUNE from infection by many of the tens of thousands of threats currently circulating on the Internet, with more being churned out by the cyber-grubs on an almost daily basis.

The vast majority of these threats get into your computer by exploiting some known vulnerability in Windows. When one of these vulnerabilities is patched by Microsoft, the threat becomes benign — but only if you have applied the free patch to your version of Windows.

So remember…

You Ignore Patches & Updates at Your Peril!

PS: When you read some of the related articles below you will encounter numerous instances of “Microsoft recommends updating Internet Explorer to version 8″ and “Microsoft recommends avoiding blah blah blah” and etc. Listen up! You’ll be orders of magnitude safer if you take my advice instead — download the free Firefox browser and give Internet Explorer the flick. IE has been a real security problem for a long time and it’s going to continue to be so well into the future. Firefox is a far better browser in every respect.

Related articles:

• Microsoft warns of major Patch Tuesday update
• Microsoft, Adobe, Oracle offer fixes in big Patch Tuesday
• Microsoft patches “unhackable” Windows 7 bug

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

January 21 saw the release by Microsoft of a very important out-of-band security bulletin to address recently publicized flaws in Internet Explorer.

So-called “out-of-band” bulletins are those released at a time other than Microsoft’s traditional Patch Tuesday — the second Tuesday of each month. Out-of-band announcements are bulletins/patches/updates that Microsoft believes are too important to delay action on until the next Patch Tuesday.

If Microsoft admit the extra importance of a new “fix” then you should definitely sit up and take notice.

These most recent exploits have been well publicized worldwide (believed to have originated in China and possibly with government sponsorship) and can also cause problems via other applications such as the Adobe PDF Reader.

You must take action NOW!

I strongly suggest that you take immediate action as follows:

1. Visit the Microsoft update website and perform an update on your PC.
2. Visit the Secunia website, download the Secunia Personal Software Inspector (PSI), install it, run it and update any out-of-date applications it reports. Thousands of computer users are being compromised/robbed/impersonated every day because they continue to use out-of-date/unpatched applications.
3. If you’re still using Internet Explorer (sigh!) download and install Firefox and set it as your primary browser. Look, Internet Explorer doesn’t hold a candle to Firefox in ANY respect. Firefox is better, safer, faster and far superior in the usability and productivity stakes.
4. If the Adobe Reader is your PDF reader of choice, disable JavaScript in that application only. You’ll find numerous suggestions to disable JavaScript in your browser, but that’s a self-defeating move. So many websites rely on JavaScript for functionality that you will effectively cripple your browser by disabling JavaScript. However, disabling JavaScript in Adobe Reader is a different matter altogether. Very, very few PDF files utilise JavaScript, and if you should encounter one (very unlikely) you can enable JavaScript just for that document (if you’re absolutely sure it’s safe). To disable JavaScript in Adobe reader, open the reader and proceed as follows:

• Edit –> Preferences
• Select the JavaScript entry in the left column
• Uncheck Enable JavaScript in the right column

And remember this:

The vast majority of damaging exploits rely on you taking some action such as clicking a link or opening an attachment. In my e-book The Hacker’s Nightmare I discussed these ploys in some depth under the heading of “social engineering”.

DO NOT ALLOW YOURSELF TO BE SOCIALLY ENGINEERED!

Related articles

• Why France and Germany Got it Right: IE Must Go
• Critical out-of-band patch for Internet Explorer now available
• Microsoft patching “Google hack” flaw in IE tomorrow
• McAfee: China attackers exploited new IE hole
• McAfee: China attackers exploited unpatched IE hole
• Mozilla releases Firefox 3.6 with promise of more speed, stability
• Microsoft to release early patch
• Microsoft confirms 17-year-old Windows bug
• Microsoft fixes 8 IE holes, including one used in attacks
• How to improve Internet Explorer security

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

There’s a new attack targeting Internet Explorer, and it affects versions 6 through 8 inclusive.

But that’s not what I want to comment on — unhappily there’s nothing new about new exploits against IE.

No, I want to draw your attention to this gem of wisdom from Symantec. It’s their recommendation on how to handle this exploit:

“Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit Web sites they trust until fixes are available from Microsoft.”

You’d be hard pressed to find a more asinine statement from an actual ass (if asses spoke English, that is). But, considering it comes from the publishers of the most troublesome “security” software on the planet, I guess we shouldn’t be too surprised.

Look, if you really want to almost completely cripple your online experience, by all means disable JavaScript.

But if you’re not a masochist and you don’t want to be constantly bothered by the never-ending stream of Internet Explorer threats, then ignore that nonsense and…

1. Keep your Microsoft Updates & Patches right up-to-date;
2. Properly configure your anti-virus and keep it up-to-date:
3. USE MOZILLA FIREFOX AS YOUR DAY-TO-DAY BROWSER (or Google Chrome, though it currently offers a lot less functionality than Firefox).

Your choice of web browser is critical to your online safety and security. So much so that when members login to the new membership site, their browser version will be checked and they may receive a warning that their current choice of browser is not a good one.

Please share this article on any social networking sites you frequent (see buttons below).

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

It’s that time again folks — Microsoft has just released their Security Bulletin Summary for September 2009.

To have your system is scanned for relevant products & updates, and to receive update recommendations customized to your installation
Click Here Now

There are a number of updates to be considered, ranging up to the severity level “Critical”, across a wide range of products, so please don’t ignore. There’s also a new version of the Microsoft Windows Malicious Software Removal Tool.

Stay safe – patch now!

Did you know…

Many of the malware threats that you are frequently warned about in the various news and information media, on and off-line, should never be the slightest threat to you.

How come?

Well, because…If you made a habit of applying the patches & updates that are issued by Microsoft every month, you would be IMMUNE from infection by many of the tens of thousands of threats currently circulating on the Internet, with more being churned out by the cybergrubs on an almost daily basis.

The vast majority of these threats get into your computer by exploiting some known vulnerability in Windows. When one of these vulnerabilities is patched by Microsoft, the threat becomes benign — but only if you have applied the free patch to your version of Windows.

So remember…

You Ignore Patches & Updates at Your Peril!

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Mozilla has released an important new update to Firefox — v3.5.1.

If you’re a Firefox user then you should definitely implement this upgrade ASAP, as it addresses certain security flaws that you really don’t want to be exposed to any longer than necessary.

Upgrading is as simple as opening Firefox, clicking the Help menu, then selecting Check for Updates from the drop-down list.

If your operating system is Windows and you’re NOT a Firefox user, you should be.

Firefox is cleaner, faster and safer than Internet Explorer, is completely free and there are is no problem with having multiple browsers installed at the same time. I have Internet Explorer, Google Chrome and Firefox all installed on my personal PC, with Firefox as my main day-to-day Web browser.

To download Firefox from scratch just go to http://www.mozilla.com and follow the prompts.

And remember…

ALWAYS reboot your computer before and after any software installation, regardless of whether or not the install process tells you to do so. It’s not always absolutely necessary, but making it a habit will save you grief in the long run.

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

If you are a Firefox user, please do this immediately:

Click “Help” on the menu bar, then click “Check for Updates…”

The latest patch for Firefox is described as Critical, as it fixes a known vulnerability.

The patch will update your Firefox to version 3.0.8. To find out what version you are currently running, click “Help” on the menu bar, then click “About Mozilla Firefox”.

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.