Government Signs Deal to Extend Microsoft Windows XP Support

In a move that sends shivers down the spines of security and IT professionals across the country, the government has signed a deal with Microsoft to provide Windows XP support and security updates across the whole UK public sector for 12 months after regular support for the operating system ends on 8 April. The agreement is worth £5.548m, and covers critical and important security updates for Windows XP, Office 2003 and Exchange 2003, all of which have reached end of life in Microsoft’s normal product cycles.

While it is difficult to get any accurate figures for the numbers of Windows XP desktops which are still in use in government circles, approximately 800,000 PCs in the NHS still ran XP as of September 2013, and 27% of all desktops worldwide still run XP (Netmarketshare.com).

Perhaps some bold MP would like to ask Parliament why government users are still using using this outdated operating system. You could buy an awful lot of Linux support for £5.548m.

For more information on the Extended Microsoft Windows XP Support see:

Maximum Size of a FAT-32 Partition

Have you ever wondered what the maximum size of a FAT-32 partition could be?

Do you have an external drive which needs to be accessed on different operating systems such as Windows and Mac OSX? Have you moved from Windows to Mac or Linux and find that you can no longer access the Windows (NTFS) drive you used for your media files? How about plugging your media library into the DVD or other player, but find that it can not read NTFS or one of the Linux formats? That means that you probably need to format your disk using FAT32.

FAT32 provides the maximum level of compatibility between OS X and Windows machines. OS X has the capability of reading and writing to FAT32 drives built into the OS, and naturally Windows can see these drives too. But what is the Maximum Size of a FAT-32 Partition?

According to Microsoft, when you use the FAT32 file system with Windows XP:

  • Clusters cannot be 64 kilobytes (KB) or larger. If clusters are 64 KB or larger, some programs (such as Setup programs) may incorrectly calculate disk space.
  • A FAT32 volume must contain a minimum of 65,527 clusters. You cannot increase the cluster size on a volume that uses the FAT32 file system so that it contains fewer than 65,527 clusters.
  • The maximum disk size is approximately 8 terabytes when you take into account the following variables: The maximum possible number of clusters on a FAT32 volume is 268,435,445, and there is a maximum of 32 KB per cluster, along with the space required for the file allocation table (FAT).
  • You cannot decrease the cluster size on a FAT32 volume so that the size of the FAT is larger than 16 megabytes (MB) minus 64 KB.
  • You cannot format a volume larger than 32 gigabytes (GB) in size using the FAT32 file system during the Windows XP installation process. Windows XP can mount and support FAT32 volumes larger than 32 GB (subject to the other limits), but you cannot create a FAT32 volume larger than 32 GB by using the Format tool during Setup.
  • You cannot create a file larger than (2^32)-1 bytes (this is one byte less than 4 GB) on a FAT32 partition.

Remember, the maximum file size on a FAT32 drive is 4GB. So if you have a file that’s larger than 4GB, you can not use FAT32. It is not uncommon for raw HD video files to be much larger than 4GB, particularly when recording live events. If you are planning to access such video files on both Windows and Mac OSX machines, do not have access to network connectivity and want to avoid third party add-ons, then download the files onto a Windows NTFS drive which a Mac will subsequently be able to access (read-only).

So according to Microsoft’s calculations above, the Maximum Size of a FAT-32 Partition is approximately 8 terabytes.

For additional information about the FAT32 file system, see the links below:

Windows 8 Launches

Microsoft has now announced the global availability of its popular Windows operating system, Windows 8.

For people planning the move to Windows 8, you should be aware that there are three consumer versions: Windows 8, Windows 8 Pro, and Windows RT. Windows RT is a tablet and mobile focused OS which will only run on ARM-powered devices, while Windows 8 is a full-featured PC operating system aimed at x86 devices, powered by Intel or AMD chips.

For those who have not yet seen Windows 8 or read the reviews, the benefits are as follows:

  • It is sleek, fast and fun (on the right hardware)
  • Huge security improvements
  • Much faster boot up
  • Improved battery life for mobile users
  • It is Great for touch

Some people may take a little convincing of the benefits of the change to Windows 8, so on the down side:

  • Some users will miss the Start menu
  • It will not boot to the desktop
  • It needs a touchscreen/trackpad gestures/Touch Mouse to get the best out of it
  • The new style Modern UI will not please everyone
  • Some older CPUs won’t run it

The flashy new interface is in line with other tablet styles, so will require little training for novice users to get at the obvious features. For people who really can not live without the Start Menu, there is a basic alternative which you can display by pressing Win + X, which gives you quick access to:

  • Programs and Features
  • Power Options
  • Event Viewer
  • System
  • Device Manager
  • Disk Management
  • Computer management
  • Command Prompt (both standard and Admin)
  • Task Manager
  • Control Panel
  • Windows Explorer
  • Search
  • Run
  • Desktop

Windows 8 will run all software from the Windows Store and any third-party programs that you may have used in earlier versions of Windows. On the other hand, Windows RT only supports apps from the Windows Store and its built-in version of Office 2013.

Windows RT is aimed at the consumer tablet market, so is not so business orientated. As a full-featured operating operating, Windows 8 Pro offers Remote Desktop server, Active Directory domain support, Encrypting File System, Hyper-V, BitLocker and more.

Useful Windows 8 Resources

Other Windows 8 Reviews

Spear Phishing Attack Warning

A warning which is currently circulating in security circles concerns a Spear Phishing attack masquerading as a company virus warning. The object is to trick users into installing malware on their computers which would compromise their security.

Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Named after Fishing, (baiting a hook) the message could claim to be from a bank, online payment processor or a social media site.

Spear Phishing (sometimes written as Spearphishing) is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. This is usually by impersonating a company employee via e-mail to steal usernames and passwords from colleagues and gain access to the company systems. Spear phishing is commonly used to refer to any targeted email attack, not just limited to phishing.

The particular attack which is currently circulating attempts to trick users into believing they are downloading an approved anti-virus update from the company’s IT department, to combat a new kind of virus. However, if they do succumb to temptation, they will install a Trojan horse. According to the Sophos Naked Security blog post, Sophos anti-virus products detect the malware as Mal/Generic-L and Troj/Inject-QL.

If you ever receive an odd email recommending that you click on a link to install something, check with your IT department to see if the instruction is genuine. They would much rather you checked than put the network at risk from malware infection.

For more details of the Spear Phishing Attack Warning, including a sample email message, click here to view the Sophos Sneaky fake company virus warning

ACH Spam With Malware Attachment

The spam filters have been busy over the last couple of days, with a number of Emails with the title of ACH NOTIFICATION and ACH Payment [Number] Rejected. In each case the email contains an attachment purporting to be a self extracting PDF file.

Of course, on closer examination the supposed self extracting PDF file is a malware down-loader, no doubt ready and waiting to connect you to one or more bot nets. This is a common scenario with a spammed-out trojan down-loader triggering the execution of multiple pieces of malware on the unwitting user’s computer. In this case, Sophos anti virus detects the file and identifies it as Mal/BredoZp-B. For a detailed analysis of the activities of the spam payload, see the article on the ACH spam campaign by M86 security labs via the link below.

Automated Clearing House (ACH) is an electronic network for financial transactions in the United States. As usual with this type of spam and associated malware, ACH have no connection with the email, so there is little point in blocking the sender’s address, in our case ach.01 at nacha.org.

Once again our advice is that you should not open any unexpected emails, or unsolicited attachments, as in this case it will attempt to infect your Windows computer. Just press delete and double check that your anti-virus software is up to date.

Resources relating to ACH Spam With Malware Attachment:

Why We Should All Stop Using IE 6

It has been just about six months since we mentioned the dreaded IE6 in a blog post, so it is again time to let rip on the subject.

In this instance however, instead of just ranting about the state of senior management and decision makers who chose to ignore the problems caused by continual use of IE6, it is time to adopt a different tack! The way to change the way people think is to give them the facts and allow them to reach the conclusion themselves. Rather than berate, let’s educate!

To that end we are collecting sound reasons why any business, organization or government body tied to IE6 might like to consider moving away from the obsolete browser. If you like, we are quietly going to collect the facts for the business case for updating from IE6 to a better browser.

Just for starters, the three most common responses to the question “Why Should We All Stop Using IE 6?”we get from web developers are:

  • Security vulnerabilities which make it a target for crackers worldwide
  • CSS support is problematic (doesn’t support newer CSS and HTML features)
  • JavaScript support is Microsoft proprietary nonsense.

OK, we had to clean up the comments a bit to make them publishable!

Then from the user’s point of view, what about tabbed browsing? Tabbed browsing facilities makes users more productive as they can work more efficiently. But what other advantages to the users are there?

If you want to contribute to the business case for ditching IE6, is there anything you can you do? Well, you can start by sending us the list of your pet IE6 hates. If you are a developer, tell us the features that are missing in IE6 which hold back sites you are developing for your customers. If you are a user, forced by company policy to stay on IE6, what way are you disadvantaged? If you are a business with an Internet presence (and what business doesn’t?) how much extra does it cost you to maintain backward compatibility with IE6?

Are you still clinging to the mistaken belief that there is plenty of life in the old IE6 dog yet, then consider that IE10 is not that far away; The IE10 Platform Preview Guide for Developers provides an early look at the developer features coming to the next version of IE! Check it out and see the Internet Explorer Platform Preview Guide for Developers (opens in a new window).

Other anti IE6 sites and additional resources (all open in a new window):

To do your bit for humanity, post your constructive comments below and we will collate them and make sure that they are taken to the authorities responsible for holding on to IE6. Please don’t bother spamming, as spam comments will never be published.

Microsoft Offers Reward for Information on Rustock Botnet

In a further move against international cyber criminals, Microsoft has offered a reward of $250,000.00 reward for information that results in the identification, arrest and criminal conviction of those responsible for controlling the notorious Rustock bot-net.

Microsoft says that IP address infections of Rustock have reduced by more than 50% worldwide since the company took action in March. Microsoft took the infamous Rustock botnet down earlier this year alongside U.S. enforcement agents, and claims that it remains dead.

The Rustock botnet was the largest source of spam in the world, consisting of around 150,000 machines sending around 30 billion spam messages a day. The take down was part of Microsoft’s fight against illegal botnets, designed to stop the spread of malware and spam mail.

Anyone with information on the Rustock botnet or its operators should contact Microsoft at avreward@microsoft.com.

To find out more about Microsoft Offering a Reward for Information on Rustock Botnet, click here to see the post on the Official Microsoft Blog.

If you have missed previous TechCo Support posting about the fight against the menace of Botnets and the progress of the Microsoft Digital Crimes Unit please see:

Microsoft Reward Document

Quick Fix If Primary Domain Relationship Fails in Windows 7

OK! So you go to your Windows 7 machine and find that there is a problem which requires you to select the Repair option. After the usual wait, it reboots and presents the login screen after your three finger salute. You attempt to log on when you are presented with the message:

Trust Relationship Between This Workstation And The Primary Domain Failed

A possible cause of this problem is that Windows computers change their internal password every 30 days, and if you have had cause to roll back to a restore point before the last password change, then the local password and the domain password do not match. In this event the computer must re-join the domain. If you not a domain Administrator then you should contact your domain administrator to have the computer’s domain account re-created or re-enabled, as appropriate.

If you are a domain admin and there is a local account on the computer that you can use (it does not have to be an administrator), then there is a quick fix:

  • Log on to the local account
  • Right click on Computer and click Properties
  • Click on Change Settings, next to Computer name
  • Click on Change next to rename the computer or change its domain or workgroup
  • At the Computer Name/Domain Changes dialogue, check the Workgroup radio button and enter anything into the Workgroup textbox
  • Acknowledge the warning about rebooting
  • When back at the Computer Name/Domain Changes dialogue, check the Domain radio button and enter the domain short-name.
  • When prompted enter the domain credentials, then OK your way back to the System Properties page at which point you will be given the opportunity to reboot.
  • After rebooting enter the normal domain name which you would normally use, and Bingo! You are back in business.

There is a Microsoft Support article which refers to a slightly different way to generate this error message, which can be found under Article ID: 976494 – Error 1789 when you use the LookupAccountName function on a computer that is running Windows 7 or Windows Server 2008 R2. If the quick fix does not work for you, you can check out the article by clicking here

Hopefully the repair fixed your problem and as you are back in the domain, you will not see the message “Trust Relationship Between This Workstation And The Primary Domain Failed” for a while

How to Use Remote Desktop on an iMac

Have you ever wanted to access something on your iMac without going back to your desk? Wouldn’t it be cool to remotely access you iMac and check on your email without even being there? Did you know that Mac OS X comes with Remote Desktop software included, which allows you to connect to your iMac from another machine?

To set this up and try it out for yourself, follow the following sequence on the target Mac:

  • Go into System Preferences
  • Select Sharing
  • Check Remote Management
  • Note down the the IP address of the Mac, you will need this later
  • Click on Computer Settings
  • Check VNC viewers may control screen with password,
  • Enter a suitable password and the click OK

Your Mac is is now ready to receive input from another machine on the network. Now go to the machine you want to use to control your Mac and install a VNC client such as Chicken of the VNC, (for a Mac) or TightVNC (for Windows).

Using Chicken of the VNC

  • Open Chicken of the VNC and at the VNC Login screen check if the target Mac is listed. If not, click on New Server, and enter the IP address you noted earlier and the password, and click Connect. If the Mac is listed, select it and enter the password, then click Connect.

Using TightVNC for Windows

  • Open TightVNC Viewer (for a default Windows installation this will be under Start, All Programs, in the TightVNC folder)
  • In the New TightVNC Connection enter the IP address you noted earlier and Click Connect.
  • At the Standard VNC Authentication dialogue enter the password and click OK

Remember if you want to make a remote connection though a firewall, you will need to set up Port Forwarding, and point port 5900 to the IP address of your machine. You can do this by logging into the router with the administrator name and password.

You can now access your Mac OS X machine across the network as if you were sitting at it. Enjoy!

If you are interested in using your desktop Mac remotely, the links below may be usefull:

Microsoft Floors The Coreflood Botnet

With headlines like “More Than 2 Million Computers Infected with Keylogging Software as Part of Massive Fraud Scheme”, the U.S. Department of Justice (DoJ) and Federal Bureau of Investigation announced the filing of a civil complaint, the execution of criminal seizure warrants, and the issuance of a temporary restraining order as part of the most complete and comprehensive enforcement action ever taken by U.S authorities to disable an international botnet.

The U.S. Attorney’s Office for the District of Connecticut has filed a civil complaint against 13 “John Doe” defendants, alleging that the defendants engaged in wire fraud, bank fraud and illegal interception of electronic communications.

The Coreflood botnet is a particularly harmful type of malicious software that records keystrokes and private communications on a computer. Once a computer is infected with Coreflood, it can be controlled remotely from another computer, known as a command and control (C & C) server.

Interestingly, the US Government also obtained a temporary restraining order (TRO), granting authorization to respond to signals sent from infected computers in the United States in order to stop the Coreflood software from running, thereby preventing further harm to hundreds of thousands of unsuspecting users of infected computers.

Essentially the DoJ was allowed to impersonate the commanding servers and send a Stop command to the botnet agents that were tethered to the 5 illegal computers, known as a command and control (C&C or CnC) servers. This is believed to be a precedent, and opens the door for more active countermeasures against these criminal money-making machine networks.

Following on from the earlier successes against the Rustock botnet in March, and the Waledac botnet in February, this action takes the war against these cyber crimanls a stage further.

Other links on the subject: