Archive for the 'Windows Vista' Category

Bug introduced in Windows NT3.1 (1993) still affecting all subsequent releases of Windows!

Since NT was introduced, pure command line DOS was replaced with the Virtual DOS machine (VDM) that allows legacy DOS and 16-bit windows application to run on top of NT (all variants), XP, Vista and Windows 7.

It would seem the VDM engine has a major flaw!

Read more at neohapsis.com and packet storm security

A summary of the issue is that it is possible for a limited user (i.e. a non administrator user) to gain administrative privileges via the VDM.

A workaround is to disable 16-bit applications as part of the Active Directory policy for your domain.

SC



An alternative to WSUS and Windows Update

We manage a few standalone machines, and also a few machines that are on a network without access to the internet.

What is the alternative to WSUS and Windows Update?

Well, as I have to keep using a search engine to get this link, here it is:

http://support.microsoft.com/default.aspx/kb/913086

This page links to a list of ISO images that contain the security patches for a given month.

SpittingCAML



Interim fix for Sophos 7.6.8 issues on Windows Vista x64

This is not a fix for all the issues raised in my previous posts, but a workaround released by Sophos for Sophos customers.

Sophos is expecting version 7.6.9 to be released at the end of the month, and it include the registry key noted, and the fix is tentatively slated to be released in 7.6.10 at the end of July.  This will allow for proper and complete testing of the proposed fix for this issue

The packages to request from Sophos support are:

  1. "Windows Endpoint Security and Control 8.0 with SAV v7.6.8 S215 VDL4.42E" – for enterprise customers (distributed install)
  2. "Sophos Anti-Virus for Windows v7.6.8 S215 VDL4.42E" – for home/standalone customers.

This contains the following registry key set:
32-bit: HKLM\Software\Sophos\Webscanning\SuppressBHOLoader
64-bit: HKLM\Software\WOW6432Node\Sophos\Webscanning\SuppressBHOLoader

Please get in touch with Sophos support to get the URL to retrieve this interim workaround.

SC



Update on Sophos Issues

This is an update for posts

  1. Sophos IE8 add-on prevents IE8 from loading
  2. Resolution to Windows Security Centre not recognising Sophos Antivirus
  3. Sophos Antivirus on Windows Vista HP x64 not detected by Windows Security Centre
  4. Vista SP2 doesn’t recognize Sophos AV anymore

I’ve been in contact with Sophos support and they inform me:

The Windows Security Centre issue only affects 64 bit systems and will be corrected in the 7.6.9 version due out at the end of the month.

Sophos are aware of the IE8 issue as well.  IE8 will usually open if you use the link at the top of the start menu, or if you run as administrator.  To temporarily work around this issue, you can disable the BHO from within IE Options (this will disable the web scanning).  Sophos are currently waiting for more information from their Development Team on this particular issue

SpittingCAML



Sophos IE8 add-on prevents IE8 from loading

Are you having trouble launching IE8 from the desktop icon, the application icon or start menu?

Are you only able to launch it in ‘Administrator’ mode.

Are you running Sophos 7.6.8 on Windows Vista?

The problem might be related to the Sohos add-on. It seems that if you disable it, IE8 returns to working order.

Go to Internet Options and the programs tab. Click on ‘Manage add-ons’

imageFigure 1: Internet Options in IE8

Now disable the Sophos Web Content Scanner

image
Figure 2: Add-on management

Restart all instances of the browser you have open.

Things should now be back to normal.

This is likely to have something to do with the other Sophos issues that are currently related to an update in the last week. See Sophos Antivirus on Windows Vista HP x64 not detected by Windows Security Centre.

SpittingCAML



Resolution to Windows Security Centre not recognising Sophos Antivirus

I gave up in the end (see this post and comments) and went for a new install of Sophos AV, just in case one of the updates made it go pear shaped.

If you have a Sophos support account it should be no issue to go to their site and retrieve Version 7.6.x

image

I downloaded and ran the installer, and it seemed fine just overwriting the version already installed.

image

Security Centre is now happy… but for how long? :-)… I’m just off to tell Sophos support :-) who have been most helpful… this is why I don’t use a free AV :-)

SpittingCAML



Sophos Antivirus on Windows Vista HP x64 not detected by Windows Security Centre

I want my evening back!

Paranoia set in when I turned my PC on about four hours ago… Vista had been happily reporting that my machine was protected (for the last year+)… and it was, because it is loaded with Sophos Antivirus 7.6.8.. and it updated itself when I turned the machine on..

image

So why would Microsoft make me paranoid with this old chestnut:

image

I ran windows defender full scan, then for good measure the Conficker removal tool… then a full virus check… nothing found… hmm I thought, I’ll give the search engines a go.

Sophos appeared to know all about the issue, but it was stored deep in their knowledge base.

Microsoft also had ‘Windows Security Centre does not detect the antivirus application that is installed on a Windows Vista-based computer’ KB article. KB952923

I’m going to try the hotfix, and will report back if I doesn’t work… I’ll be paying close attention to the Sophos knowledge base as it seems to have more steps that Microsoft originally intended.

SpittingCAML




You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.