Updates 2010-12-14

Hey folks!

Microsoft released 14 updates today through Windows Update (30-40mb), covering issues in Office, Windows and Internet Explorer. This includes multiple security fixes. Use Windows Update to obtain these updates as soon as possible. A reboot is required.
  http://update.microsoft.com/

Apple MacBook and MacBook Pro EFI firmware updates correct reported display problems. This is not a security update. Use the Apple Updater to get these updates.

Apple Boot Camp 3.2 adds support for newer hardware and corrects multiple critical bugs. This is not a security update, but this should be treated as an urgent update. Use the Apple Updater to get these updates.

iOS 4.2.1 for the iPhone, iPad and iPod corrects more than a hundred security and stability issues with previous versions, including several that enable a remote attacker to exploit your device without action on your part (for example, by simply calling you). This is a security update. Use iTunes 10.1 to download and install this update (~400mb). Afraid you’ll lose something? Backup first:
  http://support.apple.com/kb/ht1414

QuickTime 7.6.9 is a security update. If you have iTunes or QuickTime installed, install this update with the Apple Updater, or by downloading the newest version from:
  http://apple.com/quicktime/download/

Adobe Reader 10.0 (branded as “Reader X”) and 9.4.1 are security updates, correcting multiple public security issues. This is a security update. Since 10.0 was just released, I recommend against being the Adobe Guinea Pig. Give it a couple weeks or a month for the first security and stability update to 10.0 to be released, then install it. Meanwhile, please install the 9.4.1 update immediately by using Help, Check for Updates in Adobe Reader. If upgrading to 10.0, get it from the link below:
  http://get.adobe.com/reader

Java 6u23 improves timezone support, stability and performance. This is not a security update, but if you have Java installed, you should always treat Java updates as critical.
  http://www.java.com/

Looking for an upgrade?

This is not your typical Christmas season. 99% of the sales I’ve seen have been little more than something to lure you in the door for hardware that isn’t actually available, or isn’t something you should purchase. That said, there’s still time to replace your aging hardware online if you’re looking for:

Laptops?
  https://12pd.com/click?amazonlaptops

Desktops?
  https://12pd.com/click?amazoncomputers

Monitors?
  https://12pd.com/click?amazonmonitors

My advice: Avoid Toshiba and Dell, make sure it’s at least a dual-core machine, and unless you’re a hardcore gamer or developer, you shouldn’t need to spend more than $600 for a machine that will last you 5+ years. Since Windows 7 has now been available for about a year, and has proven itself stable and reliable, if you were one of many putting off your upgrade due to fears of Vista, it’s all clear now. 🙂

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program — if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crap-ware that might come with a fresh installer. Use this option if it’s available to you.

Driver Updates

If you’re using this hardware – these updates are for you.

Logitech SetPoint 6.20.64 improves stability and numerous bugfixes. This is not a security update.
  http://www.logitech.com/en-us/support-downloads

GMail Drive FS 1.0.17 is a GMail version compatibility update. This update is required if you use GMail Drive. This is not a security update.
  http://www.viksoe.dk/code/gmail.htm

Browser Updates

One or more of these are likely to be of interest to everyone.

Firefox 3.6.13 corrects nearly a dozen security issues, as well as multiple stability issues. This is a security update.
  http://www.mozilla.com/en-US/firefox/

SeaMonkey 2.0.11 corrects nearly a dozen security issues, as well as multiple stability issues. This is a security update.
  http://www.seamonkey-project.org/releases/

Safari 5.0.3 includes more than 3 dozen security updates. This is a security update. If you use Safari, update immediately. Use the Apple Updater, or download the installer directly from the URL below.
  http://www.apple.com/safari/

Internet Updates

One or more of these are likely to be of interest to everyone.

FileZilla 3.3.5.1 corrects a certificate handling bug and issues with symbolic links. This is not a security update.
  http://filezilla-project.org/

Trillian 1.0.162 for Mac incorporates contact list and Twitter improvements, as well as integration of autologin and better control over the UI. This is not a security update.
  http://www.trillian.im/download/

Thunderbird 3.1.7 fixes several security issues, improves handling of large folder files stored locally, and corrects corruption issues in IMAP mailboxes. This is a security update.
  http://www.mozillamessaging.com/en-US/thunderbird/

Codec Updates

One or more of these are likely to be of interest to everyone.

Win7 Codec Package 2.6.9 updates included codecs and corrects a bug with ac3 audio. To install the update, you must uninstall and reinstall the application.
  http://shark007.net/win7codecs.html

Vista Codec Package 5.8.6 updates included codecs. To install the update, you must uninstall and reinstall the application. This version works for both Windows XP and Windows Vista.
  http://shark007.net/vistacodecpackage.html

Win x64 Codec Support 2.7.3 updates included codecs and corrects a bug with ac3 audio. This update applies only to 64-bit computers, and requires either the Win7 Codec Package or the Windows Vista Codec package.
  http://shark007.net/x64components.html

Media Updates

These are unlikely to be of interest to most people.

iTunes 10.1 adds AirPlay and iOS 4.2 support, as well as multiple security and stability updates. This is a security update. Use Apple Updater to update to the most recent version, a reboot is required.

Paint.net 3.5.6 improves performance and quality of some tools, corrects a data loss bug and issues with copy and paste. This is not a security update.
  http://www.getpaint.net/

Picasa 3.8 Build 117.24 corrects caption issues when playing Face Movies and translation issues. This is not a security update.
  http://google.com/picasa/

CDBurnerXP 4.3.8.2474 improves media type detection and support, multiple bug fixes and stability improvements. This is a security update.
  http://cdburnerxp.se/

Unreal Live Server 7.5 and Unreal Media Server 7.5 add AAC encoding and MMS protocol, additional resolution options, and better live source and broadcast stream source handling. This is not a security update.
  http://www.umediaserver.net/umediaserver/download.html

Winamp 5.601 corrects a number of security, stability and reliability bugs, including freezes in certain situations. This is a security update.
  http://www.winamp.com/media-player/en

ImgBurn 2.5.4.0 optimizes performance, multiple stability bugs, among many UI changes. This is not a security update.
  http://imgburn.com/

Office Updates

One or more of these are likely to be of interest to most people.

Notepad++ 5.8.5 corrects several bugs, including tab settings and session handling issues. This is not a security update.
  http://notepad-plus-plus.org/

Scribus 1.3.9 corrects more than 70 bugs, including import/export, color handling and stability updates, This is not a security update.
  http://www.scribus.net/downloads

Security Software Updates

One or more of these is likely to be of interest to most people.

MalwareBytes’ Anti-Malware 1.50 increases performance, stability and detection algorithms. Extends ignore list functionality, scheduling, and update options. This should be treated as a security update.
  http://www.malwarebytes.org/mbam.php

SuperAntiSpyware 4.46.1000 improves direct disk access and preparation for the next major release. This is not a security update.
  http://www.superantispyware.com/download.html

Capture Updates

These are unlikely to be of interest to most people.

Fraps 3.2.5 corrects a number of bugs, including stability, mouse, sticky keys, OpenGL and D3D issues. This is not a security update.
  http://www.fraps.com/

VideoCacheView 1.82 adds video handling option. This is not a security update.
  http://www.nirsoft.net/utils/video_cache_view.html

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 8.0.5.6 adds Blu-Ray 3D support, improved copy protection handling, stability fixes and many Blu-Ray specific updates. This is not a security update.
  http://www.dvdfab.com/en/download.htm

Any Video Converter 3.12 fixes a PSP encoding bug and a bug that causes a freeze when closing the burning dialog. This is not a security update.
  http://www.any-video-converter.com/

Education updates

One or more of these are likely to be of interest to most people.

TuxMath 1.9.0 adds a competitive play (head-to-head) mode, as well as improved display. This is not a security update.
  http://tux4kids.alioth.debian.org/tuxmath/download.php

Utility Updates

These are unlikely to be of interest to most people.

7-Zip 9.20! I’ll start this one with “Yay!” 7-Zip 9.20 is finally available, incorporating several bugfixes as well as more than a dozen new formats including direct filesystem streams, RPM, VHD, SWF, FLV, APM, huge TAR (8gb+), new SFX tool and the addition of diff tool integration. This is a major update, following nearly two years of testing, and you should not only upgrade to this version if you’re using a previous version of 7-Zip, but you should switch to 7-Zip if you’re not. Seriously. It’s that good.
  http://www.7-zip.org/download.html

LogMeIn 4.1.1578 is a stability update, but all remote access software should be treated as a security update. If you have LogMeIn installed, right-click on the LogMeIn icon in your tray and select “Open LogMeIn”, click “About”, then “Check for Updates”. After a few minutes of downloading, the updater will start. You’ll be prompted to click “Update”, approve installation and finally “close” the installer when done. Alternatively, you can download the full installer from:
  https://secure.logmein.com/logmein.msi

RoboForm and RoboForm2Go 7.1.0 is the first official release of RoboForm 7. I’ve been using it for months, and can say the improvements (particularly in the Sync, management, login icon, and capture) are well worth the efforts to upgrade. Get it here:
  http://www.roboform.com/dist/affs/AiRoboForm-s12pd.exe

Goodsync and Goodsync2Go 8.5.2.2 fixes filesystem icons, symlinks and auto-list servers under SAMBA. This is not a security update.
  https://12pd.com/click?goodsync

Autoruns 10.06 adds ActiveSync parsing and fixes several minor bugs, and also corrects a bug affecting modifications to certain registry keys. This should be treated as a security update.
  http://sysinternals.com/

Process Explorer 14.01 is a major update, adding a range of additional features including network and disk monitoring, multi-tab display, aggregate resource usage display, improved accuracy and performance. This is not a security update.
  http://sysinternals.com/

CCleaner 3.01.1327 adds more than a dozen performance and usability improvements, including better application support, troubleshooting options, processor detection, and various bugfixes. This is not a security update.
  http://www.piriform.com/ccleaner

Defraggler 2.00.230 is a major update, adding offline defragmentation, improved performance and compatibility and many minor bugfixes. This is not a security update.
  http://www.piriform.com/defraggler

Speccy 1.07.205 improves hardware detection and speed, particularly with removable drives and the dreaded SATA interference issues (typical of many laptops), as well as stability and bugfixes. This is not a security update.
  http://www.piriform.com/speccy

NirCmd 2.46 introduces native 64-bit support, max and min options and location by executeable command. This is not a security update.
  http://www.nirsoft.net/utils/nircmd.html

Cygwin 1.7.7 improves 64-bit support, and updates a number of included libraries. This should be treated as a security update. If you don’t know what Cygwin is, you don’t have it.
  http://cygwin.com/

GPU-Z 0.4.9 adds support for newer hardware, corrects BIOS handling of large blocks, and improves error handling. This is not a security update.
  http://www.techpowerup.com/downloads/SysInfo/GPU-Z/

Hamachi 2.0.3.89 is a stability update. Since this software controls VPN access, it should be treated as a security update.
  https://secure.logmein.com/US/products/hamachi2/

Developer Updates

These are unlikely to be of interest to most people.

MySQL 5.1.53 corrects several stability and reliability issues, especially with replication, slave implementations, temp tables and authentication replication. This should be treated as a security update.
  http://www.mysql.com/downloads/mysql/

TortoiseSVN 1.6.12 corrects an issue with hook scripts failing. This is not a security update.
  http://tortoisesvn.net/downloads

ActivePerl 5.12.2.1203 adds several package bundles to the default installation, updates several libraries, and corrects multiple non-security bugs. This is not a security update.
  http://www.activestate.com/activeperl/downloads

Virtual Machine Updates

These are unlikely to be of interest to most people.

VMware Player 3.1.3 corrects several stability and compatibility changes. This is not a security update.
  http://www.vmware.com/products/player/

VirtualBox 3.2.12.68302 fixes numerous crashes, stability and reliability issues, some which should be considered security fixes. This should be treated as a security update.
  http://www.virtualbox.org/wiki/Downloads

Web Package Updates

These are likely to be of interest only to web developers.

phpMyAdmin 3.3.8.1 is a security update. If your server has any version of phpMyAdmin installed prior to this, upgrade immediately. This is a security update.
  http://www.phpmyadmin.net/home_page/news.php

WordPress 3.0.2 and 3.0.3 are security updates. This update resolves a privilege escalation exploit in ALL previous versions, as well as other security issues and bugs. Install this update on your WP-powered site immediately. This is a security update. Use the WP updater to install the update. Be aware that additional updates and changes may be necessary if your site, theme or plugins are not prepared for WP3.
  http://wordpress.org/download/

BuddyStream 1.0.3.1 adds multiple stability and reliability improvements, including at least one security update. This is a security update.
  http://wordpress.org/extend/plugins/buddystream/
That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2010-08-02

Hey folks!

Microsoft released an out-of-cycle update for all current versions of Windows to correct the LNK vulnerability publicized two weeks ago. Hit Windows Update *now* to ensure you have this critical security fix installed. This is a security update. A reboot is required.
  http://update.microsoft.com/

Apple released a number of security updates over the last couple weeks, for all OSX and Windows versions of iTunes, Safari, as well as non-security updates to iOS 3 & iOS 4. Please check the Apple Updater as soon as possible to obtain the most recent updates.

iTunes 9.2.1 corrects several bugs, including a remotely exploitable security vulnerability, iPhone4 issues, plugin incompatibility and reliability fixes. This is a security update. Use the Apple Updater to update to the most recent version.
  http://www.apple.com/itunes/

iOS 4.0.1 for iPhone 3G, 3GS and 4 is released. This supposedly corrects the antenna software sensitivity issue, however, since this is not a security update, if you’re still using iOS 3 on your iPhone/iPod, I strongly recommend waiting for the whole “antennagate” scandal to settle before upgrading. If you opt to update now, you can get the update through iTunes 9.2.1 (see above).

iOS 3.2.1 for iPad corrects several bugs, including freeze bugs, search engine alternatives, wifi connectivity and display options.  This is not a security update. Get the update through iTunes.

Java 6u21 adds VM support, various bug fixes and corrects a security bug in drag & drop. This is a security update.
If you DO NOT already have Java installed, DO NOT install it now!
  http://www.java.com/en/download/installed.jsp?detect=jre&try=1
If you’re using a 64bit machine and use both 32bit and 64bit browsers, you should also install the 64bit version, available here:
  http://www.java.com/en/download/index.jsp

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Driver Updates

If you’re using this hardware – these updates are for you.

ATI Catalyst 10.7 adds newer hardware support and improves performance under certain applications. This is not a security update.
  http://game.amd.com/us-en/drivers_catalyst.aspx

Logitech SetPoint 6.15.25 provides several stability and reliability fixes. This is not a security update.
  http://www.logitech.com/en-us/support-downloads/downloads/mice

nVidia 258.96 adds support for newer hardware, updates control panel options and functionality, including size, position, gamma, and HDMI perception. This is not a security update.
  http://www.nvidia.com/Download/index5.aspx?lang=en-us

Browser Updates

One or more of these are likely to be of interest to everyone.

Firefox 3.6.8 corrects several security and stability bugs. This is a security update.
  http://www.mozilla.com/en-US/firefox/

SeaMonkey 2.0.6 corrects several security and stability bugs. This is a security update.
  http://www.seamonkey-project.org/releases/

Safari 5.0.1 (and 4.1.1 for OSX 10.4) corrects networking performance, reliability and security issues, and adds extension support. Use the Apple Updater, or download the installer directly from the URL below. A reboot is required. This is a security update.
  http://www.apple.com/safari/

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 3.1.1 provides several security and stability fixes, incorporating the PNG, SJOW and CSS security fixes from other Mozilla projects. This is a security update.
  http://www.mozillamessaging.com/en-US/thunderbird/

Codec Updates

One or more of these are likely to be of interest to everyone.

Vista Codec Package 5.8.0 updates included codecs and removes realmedia and corecodec components. To install the update, you must uninstall and reinstall the application. This version works for both Windows XP and Windows Vista. This is not a security update.
  http://shark007.net/vistacodecpackage.html

Win7 Codec Package 2.5.9 updates included codecs and removes realmedia and corecodec components. To install the update, you must uninstall and reinstall the application. This is not a security update.
  http://shark007.net/win7codecs.html

Win x64 Codec Support 2.6.3 updates included codecs, corrects decoding errors, and removes corecodec components. This update applies only to 64-bit computers, and requires either the Win7 Codec Package or the Windows Vista Codec package. This is not a security update.
  http://shark007.net/x64components.html

Media Updates

These are unlikely to be of interest to most people.

CDBurnerXP 4.3.7.2316 adds disc splitting functionality, extensive file filtering capabilities, improved performance for audio processing, as well as several other bugfixes. This is not a security update.
  http://cdburnerxp.se/

VLC Media Player 1.1.2 corrects several dozen bugs, including UI, output, decoder, crash and other issues. This is not a security update.
  http://www.videolan.org/vlc/download-windows.html

Security Software Updates

One or more of these is likely to be of interest to most people.

SuperAntiSpyware 4.41.1000 provides updated definitions and improvements in scanning performance. This is not a security update.
  http://www.superantispyware.com/download.html

AVG Anti-Virus Free 9.0.851 adds several modules for advanced detection. This is not a security update.
  https://12pd.com/click?avg

Office Updates

One or more of these are likely to be of interest to most people.

Adobe Reader 9.3.3 is now officially “available” from Adobe’s website as a full version, and NOT as an update package (saving at least 40mb in downloads for each computer). You can download the full version below, but you’re better off, if you have it installed already, using the “Help, Check for Updates” option in order to preserve any custom settings (most notably the security and javascript safety options). This is a security update.
  http://get.adobe.com/reader/

Converter Updates

These are unlikely to be of interest to most people.

Any Video Converter 3.07 updates the YouTube downloading engine. This is not a security update.
  http://www.any-video-converter.com/

DVDFab 7.0.9.0 corrects several bugs, primarily in the DVD ripping functionality, automatic bitrate calculation and performance. This is not a security update.
  http://www.dvdfab.com/en/download.htm

Education updates

One or more of these are likely to be of interest to most people.

Kodu 1.0.70.0 corrects a major stability bug on new projects. This is not a security update.
  http://community.research.microsoft.com/blogs/kodu/default.aspx

Utility Updates

These are unlikely to be of interest to most people.

CPU-Z 1.55 adds various hardware support. This is not a security update.
  http://www.cpuid.com/softwares/cpu-z.html

Goodsync & Goodsync2Go 8.3.0.5 add support for SkyDrive, logging options, reduction of temp folders, time-shift detection and NTLM fixes. This is not a security update.
  https://12pd.com/click?goodsync

WinSCP 4.2.8 adds a number of fixes, including IPv6, FTPS, SFTP, sorting, slow directory navigation and others. Now includes PuTTYgen and Pageant. This is not a security update.
  http://winscp.net/eng/index.php

CCleaner 2.34.1200 corrects several minor bugs and improves cleaning several application types. This is not a security update.
  http://www.piriform.com/ccleaner

Defraggler 1.21.209 consists primarily cosmetic updates, though does improve 64-bit performance. This is not a security update.
  http://www.piriform.com/defraggler

Recuva 1.38.504 adds clipboard handling, improves support for PDF, Win7, and stability of background processing. This is not a security update.
  http://www.piriform.com/recuva

Speccy 1.03.162 adds text-format to the output options, print output, XPMC and various minor stability and UI improvements. This is not a security update.
  http://www.piriform.com/speccy

SpeedFan 4.41 adds various additional hardware support, USB drive enclosures, and various other hardware. This is not a security update.
  http://www.almico.com/speedfan.php

Microsoft released the following updates to the SysInternals collection: TCPView, Autoruns, ProcDump, and Disk2vhd, correct minor bugs and adds new functionality to TCPView. These are not a security updates.
  http://sysinternals.com/

USBDeview 1.75 improves information display, and adds USB profile version to the UI. This is not a security update.
  http://www.nirsoft.net/utils/usb_devices_view.html

Developer Updates

These are unlikely to be of interest to most people.

MySQL 5.1.49 corrects several dozen bugs, in replication, optimization, order by and indexing. This is not a security update.
  http://www.mysql.com/downloads/mysql/

TortoiseSVN x32 1.6.10 corrects several bugs, mostly cosmetic in nature. This is not a security update.
  http://tortoisesvn.net/downloads

Web Package Updates

These are likely to be of interest only to web developers.

phpMyAdmin 3.3.5 corrects various PHP and import/export issues. This is not a security update.
  http://www.phpmyadmin.net/home_page/downloads.php

WordPress 3.0.1 corrects over 50 issues discovered since the 3.0 release, including import/export issues, as well as menu, multisite, theme, role and other issues. This is not a security update.
  http://wordpress.org/download/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2010-06-10

Hey folks!

Adobe is true to their word in releasing Flash Player 10.1 today, and also released AIR 2.0.2.

Adobe AIR 2.0.2 is a major upgrade release with security ramifications. This is a security update.
  http://get.adobe.com/air

Adobe Flash Player 10.1.53.64 corrects the currently exploited security hole that’s being used to install scareware across the ‘net. This is a security update.
  http://get.adobe.com/flashplayer
If you use more than one browser type (Internet Explorer and Firefox or Chrome or Safari…) then you should probably download the installers directly, and manually install the updates, instead of relying on the Adobe Download Manager. The Adobe Download Manager doesn’t behave well installing both ActiveX and Non-ActiveX versions of the Flash Player, which can leave you unprotected should only portions of it correctly install. You can download the current installers directly from:

Flash Player: ActiveX Version
http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe

Flash Player: Non-ActiveX Version
http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

As with all Adobe products, be sure to UNCHECK any toolbars, add-ons and other “offers” both during download and if prompted during installation.
Be aware, Adobe does not plan to release updates for the KNOWN security vulnerabilities in Adobe Acrobat or Adobe Reader until June 29th.

Uninstalling these programs will, of course, prevent you from being infected through these specific holes, but will prevent you from viewing PDF files for the duration. It’s probably a better solution to simply lock down your Adobe products so that they can not be used to infect your computer (at least, through this known exploit). This involves disabling scripting, browser toolbars/interactivity, and media functionality from with Adobe Reader and Adobe Acrobat. Also note, EVEN IF you have “secured” Adobe Reader or Acrobat in the past, you would be well advised to check again. Various updates do reset the security settings in various Adobe applications, so your changes may have been lost – and more importantly – some of the settings change over time, so the changes you made two months ago may not correct all issues in the most current settings.

In Adobe Reader, this is done by opening the program, then opening the Edit menu, and selecting Preferences from the bottom of the list. Now, on the left side you’ll see a list of different categories to which changes will need made. Use the following process as a guide. If an item is NOT described, the setting has no direct application to potential security issues and can be assigned however you prefer.

Category: “Internet”
  UNCHECK “display PDF in browser”
  UNCHECK “allow fast web view”

Category: “JavaScript”
  UNCHECK “Enable Acrobat JavaScript”

Category: “Multimedia Trust (legacy)”
  With “Trusted documents” selected, UNCHECK “allow multimedia operations”
  With “Other documents” selected, UNCHECK “allow multimedia operations”

Category: “Security”
  CHECK “Verify signatures when the document is opened”
  Click “Advanced Preferences”
    On the “Verification” tab:
      CHECK “Always use the default method”
      CHECK “Require certificate revocation checking to succeed”
      CHECK “The current time”
      CHECK “Show timestamp warnings in Document Message Bar”
    Click OK

Category: “Security (Enhanced)”
  CHECK “Enabled Enhanced Security”
  CHECK “Create log file”

Category: “Trust Manager”
  UNCHECK “Allow opening of non-PDF attachments with external applications”
  CHECK “Load trusted root certificates from an Adobe server”
  CHECK “Ask before installing”
  Click “Update Now” (if prompted, click “Yes”)

Category: “Updater”
  CHECK “Automatically install updates”

Click OK. If running Vista or Win7 you’ll be prompted to confirm the security changes – click Yes.

All computers running Windows XP or newer are vulnerable to a cross-protocol handling bug that can be used to escalate privileges, allowing a user to gain administrative rights, or potentially, for an evil website to automate changes to the control panel configuration. Learn more and see a temporary workaround here:
http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Driver Updates

If you’re using this hardware – these updates are for you.

Logitech SetPoint 6.10.65 corrects several bugs, and adds “stability enhancements”. This should be considered a security update.
  http://www.logitech.com/en-us/support_downloads/

Internet Updates

One or more of these are likely to be of interest to everyone.

Miranda 0.8.25 provides several bugfixes, including crash bugs and several related to secure certificate handling. This is a security update.
  http://www.miranda-im.org/download/

Evernote 3.5.4.2343 corrects several bugs, including performance and memory usage. This is not a security update.
  http://www.evernote.com/about/download/

Utility Updates

These are unlikely to be of interest to most people.

SysInternals updated Process Explorer, Autoruns, Sigcheck, & ProcDump. Autoruns now has the ability to scan an offline Windows registry hive for issues, and defaults to hiding native Windows entries. This is a huge improvement, says the guy that has to do this stuff a LOT.
  http://sysinternals.com/

Wireshark 1.2.9 is a bugfix release, incorporating over two dozen fixes, including increased protocol performance and crash bugs that might be exploitable. This is a security update.
  http://www.wireshark.org/download.html

Developer updates

These are unlikely to be of interest to most people.
VirtualBox 3.2.4.62467 fixes several bugs, including guest-to-guest communication, potential disk corruption and a couple reliability bugs. This is not a security update, but disk corruption is nothing to sneeze at – I would definitely recommend updating immediately.
  http://www.virtualbox.org/wiki/Downloads

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2010-03-06

Hey folks!

Apple released updates to Aperture, Digital Camera Raw Compatibility for Aperture and iPhoto, and ProKit. Use the “Apple Updater” to get the most recent versions of all the affected software.

Have a website? A reminder to everyone using Blogger through FTP. Google will stop supporting FTP through Blogger/Blogspot on the 15th – make sure you switch to something else before then! My personal preference is WordPress. It’s a mature application providing a broad range of capabilities, advanced plugins, themes and stylistic elements, and it can be managed even by someone that doesn’t have much experience with websites. And, as a bonus, it can actually import all of your archives from your Blogger site – including comments! Ready to make the move? Contact me!
  https://12pointdesign.com/


Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.


Internet Updates
One or more of these are likely to be of interest to everyone.

Thunderbird 3.0.2 corrects bugs in IMAP, v2 upgrader, stability and security. This is a security update.
  http://www.mozillamessaging.com/en-US/thunderbird/

Opera 10.50 corrects more than two dozen bugs, including multiple security vulnerabilities. This is a security update. If you have Opera installed, install this update immediately.
  http://www.opera.com/

Yahoo! Messenger 10.0.0.1241 is a security and reliability update. This is a security update. If you use the Yahoo Messenger client then you should install this update right away.
  http://messenger.yahoo.com/

Skype 4.2.0.152 corrects a number of bugs, adds better privacy defaults, and provides better security for stale connections. This is not a security update.
  http://www.skype.com/getconnected/


Driver Updates
If you’re using this hardware – these updates are for you.

NVIDIA Forceware 196.75 adds support for new hardware, and improves performance under several newer games. This is not a security update.
  http://www.nvidia.com/Download/index5.aspx?lang=en-us

Logitech SetPoint 6.0 (mouse and keyboard drivers) simplifies the codebase to provide more reliable and consistent performance, as well as a number of bugfixes.
  http://www.logitech.com/setpoint


Office Updates
One or more of these are likely to be of interest to most people.

Notepad++ 5.6.8 corrects several bugs related to find/replace. This is not a security update.
  http://sourceforge.net/projects/notepad-plus/files/


Media Updates
These are unlikely to be of interest to most people.

Vista Codec Package 5.6.2 updates several codecs and improves the layout of the configuration application. This is not a security update.
  http://shark007.net/vistacodecpackage.html

Paint.NET 3.5.4 corrects several bugs, including a couple that could cause crashes under certain conditions. This is not a security update.
  http://www.getpaint.net/


Utility Updates
These are unlikely to be of interest to most people.

GoodSync v 8.1.5.7 improves scripting support, and performance for FTP/SFTP and replaces Quick Backup Mode with the Fast Pre Analyze option. This is not a security update.
  http://www.goodsync.com/download/GoodSync-Setup-8.1.5.7.exe

CCleaner 2.29.1111 consists primarily of performance improvements. This is not a security update.
  http://www.ccleaner.com/

WinSCP 4.2.7 increases the canvas for SFTP, fixes crash bugs and lockups with dropped/failed connections and corrects an issue with saving certain settings. This is not a security update (but if you’ve had as many crashes as I have with 4.2.6 you will be excited about this new build).
  http://winscp.net/eng/download.php

Evernote 3.5.2.1663 includes more than a dozen bug fixes and improvements in features such as PDF edit, spell check and screen clipping. This is not a security update.
  http://www.evernote.com/about/download/

Microsoft has released updates to several SysInternals tools, including AdExplorer, VMMap, Disk2vhd, LiveKd, and Sigcheck. Primarily performance improvements and bug fixes, these tools are essential for geeks like myself. This is not a security update.
  http://www.sysinternals.com/


Web Package Updates
These are likely to be of interest only to web developers.

WordPress MU 2.9.2 is a security and bugfix release. This version also makes the blog signup process much faster and adds a new “Global Terms” Site Admin page. This is a security update. If you use WordPress MU, install this updates ASAP!
  http://mu.wordpress.org/download/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2009-08-26

Hey folks!

Since Windows 7 is finally being released (yay!), expect many hardware manufacturers to launch a huge series of driver updates over the next month or two. I’m already seeing updates for Logitech mice & keyboards, nVidia video cards, and Microsoft input devices (everything from webcams, headsets, mice and keyboards). While normally I encourage driver updates as soon as they’re released, unless you’re a hard-core gamer or are experiencing stability issues with your current hardware, you will probably want to hold off at least until mid-September, as most of those companies releasing updates today will release fixes for those updates again over the course of the next month.

Speaking of Windows 7…I’ve been using it for several months now and am very impressed. The performance issues Vista imposed are gone, and it is a far smoother experience than I would have expected. While there will be some issues that are hard to cope with (currently DQSD isn’t natively supported, nor are several other applications I *require*, like Spambayes and Trillian Astra, Annette “needs” her Zuma to work better than it does now, and the concept of “quick launch” is redesigned, causing a bit of a struggle for many) initially, I think it’s a huge improvement over both Windows XP and Vista, and on better video cards there are plenty of new user-interface improvements that will help task users work faster. This will be an operating system I’m happy to install across my computers again.

One last note: Over the last week I’ve seen another surge in “AVXP” malware infections from some of the “safe” top-ten search results pages in both Google and Bing. Be VERY careful out there right now! If you are browsing a WEB PAGE and a popup tells you that it has discovered “security risks” or other issues with your computer DO NOT install anything! Close the window (it’s safest to use ALT+F4) and perform manual scans with your anti-virus and anti-spyware applications immediately.

Now, onto the updates…

Microsoft released an out of cycle security patch for Windows today, a revision for the existing Autorun patch released several months ago. Microsoft has labeled this a critical update, but if nobody you do not trust has physical access to your computer it is not urgent. This patch minimizes the chances that a device (like a USB-stick, external drive or CD) could be used to execute arbitrary programs on your computer without your knowledge or consent.
  http://update.microsoft.com/
For most users this update does not require a reboot, so if your computer was on all night long, it’s probalby already installed.

For Mac users, Apple has released reliability updates for Apple Remote Desktop client and server, an important firmware update for hard drives in MacBook Pro machines, a firmware update for Bluetooth for several Apple input devices, and a feature update for iPhoto. Most of these can be accessed through Apple Update, or through:
  http://support.apple.com/downloads/

Sun Microsystems is currently testing a release for Java version 6u16. Among other things, this includes several security patches for the sandboxing feature intruduced earlier this year. While it is not currently being pushed, it will probably happen in the next few days, in your computer tray with the orange icon.
  http://www.java.com/en/download/installed.jsp?detect=jre&try=1
Don’t forget to UNCHECK the crapware options during installation!

Mozilla released Thunderbird 2.0.0.23 this week, correcting a security issue that applied only to secure email. Oops. If you use Thunderbird, this is a very important update.
  http://www.mozillamessaging.com/en-US/thunderbird/

Google released Chrome 2.0.172.43 today, which has several security updates, most importantly with the Javascript engine and SSL parser. The existing vulnerabilities could have been used to forge content as though it were coming from another domain through a secure connection or execute arbitrary javascript with the rights of the current logged in user, both of which are considered critical. If you are using Chrome already, it should update itself the next time you open it, or you can get the most current version here:
  http://chrome.google.com/

CDBurnerXP 4.2.5.1490 was released last week, providing automatic-updates, overburning, and stability improvements. If you’re using CDBXP, get this update!
  http://cdburnerxp.se/

I released Syncaid 1.0.0.48 over the weekend. This version has several new features, including clipboard parsing, extended logging, filetype assertion, and an option (overwrite=0) to check for an existing download of the target name and bypass downloading a new version if it’s found. This feature is especially useful if you use FileHippo, since it can now be used to create a cached directory of installation packages.
  https://saferpc.info/syncaid/
Another new feature expected to be implemented before Patch Tuesday is FileHippo category parsing – which will be able to sync an entire category of packages from FileHippo (such as “browsers” or “developer tools”), and avoid duplicate downloads for existing versions, saving time and bandwidth. For a sample Synfig builder for this, check out:
  https://saferpc.info/syncaid/filehippo.asp
Create the Synfig, copy it, then run Syncaid without an associated INI file – it’ll run the Synfig directly from the clipboard.

FileZilla FTP 3.2.7 and 3.2.7.1 have been released this week, providing stability improvements, and better TLS support. If you’re using FileZilla, you’ll want to get the update:
  http://filezilla-project.org/

Defraggler 1.13 was released Monday, as a reliability update which claims to increase performance as well. If you’re using Defraggler, or are looking for a fast and effective defragmentation application, look no further than  Defraggler:
  http://www.defraggler.com/

For developers:

TortoiseSVN 1.6.5.16974, a bugfix release that greatly improves stability, was released yesterday. So far it’s resolved several of the huge performance issues I had been having when navigating a local SVN repository – so I would definitely consider this an important update. If you’re using SVN, this is a must:
  http://tortoisesvn.tigris.org/

VMware released a security update to the VMware Player to version 2.5.3-185404, and also includes better support for Ubuntu as a guest and new support for Ubuntu as a host OS. Better stability on ATI graphics cards, better mouse event handling (preventing a security vulnerability related to drag & drop operations from host to guest). If you’re using the VMware Player, get the update:
  http://www.vmware.com/download/player/

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/