Old Windows Server machines can still fend off hacks. Here’s how

If you’re running a Windows Server 2003 machine, you have a problem. Your already-vulnerable computer is now at severe risk of being hacked.

img 20170425 150053 01

That’s due to the internet release earlier this month of a batch of updates that paint a bulls-eye on computers running Windows Server 2003, according to security researchers.

“I can teach my mom how to use some of these exploits,” said Jake Williams, founder of Rendition Infosec, a security provider. “They are not very complicated at all.”

Experts are urging affected businesses to upgrade to the latest Windows OSes, which offer security patches that can address the threat.

But some, particularly those in manufacturing and healthcare, cannot because they rely on legacy software that won’t run on a modern operating system.

“It’s usually very costly to upgrade,” he said. “And again, the machine is working fine, but control has to be done through Windows Server 2003.”

There may be over 500,000 Windows Server 2003 machines publicly exposed to the internet, according to Shodan, a search engine for devices. But Williams estimates there are many more vulnerable machines running behind company firewalls.

So, for those that can’t, here are some tips to keep your old Windows Server 2003 machine secure.

The danger

The spying tools include several Windows-based exploits, or hacking programs, that target the Windows Server Message Block (SMB) protocol, which is used for file-sharing purposes. The exploits work by remotely triggering the OS to execute code, which can be used to install other malware.

Network segmentation and monitoring

Companies saddled with older Windows Server machines can still protect themselves. Williams suggests they go beyond putting vulnerable servers behind a firewall, and use a tactic called network segmentation.

This can involve restricting access to your most critical servers, and ensuring only system admins can control them. “So instead of giving 20,000 people in a company access, you can cut that number down to 20,” Williams said.

Thus, if hackers ever do breach the firewall, they’ll have access to a smaller segment of the corporate network.

Network segmentation also doesn’t cost a lot of money. Enterprise internet routers often contain access control features that can limit which computers can talk to what, Williams said.

Businesses should also consider monitoring the vulnerable servers, or at least the ones carrying critical information. Any unusual data traffic moving through them is probably a sign they’ve been hacked, he said.

Weighing the risks

To keep malicious activity out of vulnerable systems, application whitelisting can also be used, said Jason Leitner, president of Below0Day, an IT security provider.

Whitelisting works by allowing only trusted applications to run on a computer. It’s the opposite approach of antivirus products, which essentially blacklists malicious programs based on known indicators.

Businesses can also create backups of any sensitive data stored in these machines. One malicious threat that’s been growing in recent years has been ransomware. It works by infecting a computer, and encrypting all the data inside. To free the machine, victims have to pay a ransom, usually in bitcoin.

However, even with these safeguards, the best solution to protecting a vulnerable Windows Server system is to upgrade, according to security experts.

Although it might be costly in the short-term, the investment can help businesses avoid a disastrous data breach. Tiago Henriques, CEO of security firm BinaryEdge, encourages businesses to calculate which is higher: “The cost of buying the upgrade or the damage to their brand and their clients if they get hacked?”

Webroot deletes Windows files and causes serious problems for users

Users of Webroot’s endpoint security product, consumers and businesses alike, had a nasty surprise Monday when the program started flagging Windows files as malicious.

The reports quickly popped up on Twitter and continued on the Webroot community forum — 14 pages and counting. The company came up with a manual fix to address the issue, but many users still had problems recovering their affected systems.

False positive detections cause headaches for system admins.

The problem is what’s known in the antivirus industry as a “false positive” — a case where a clean file is flagged as malicious and is blocked or deleted. False positive incidents can range in impact from merely annoying — for example, when a program cannot run anymore — to crippling, where the OS itself is affected and no longer boots.

The Webroot incident falls somewhere in the middle because it affected legitimate Windows files and sent them to quarantine. This is somewhat unusual because antivirus firms typically build whitelists of OS files specifically to prevent false positive detections.

“A folder that is a known target for malware was incorrectly classified as bad, and Facebook was classified as a phishing site,” Webroot said in an emailed statement. “The Facebook issue was corrected, and the Webroot team is in the process of creating a comprehensive fix for the false positive issue.”

The incorrect detection lasted for two hours, between 1PM and 3PM Mountain Standard Time in the U.S., and resulted in files being flagged as W32.Trojan.Gen. As suggested by the name, this is a generic detection signature intended to catch Trojan programs.

For now, Webroot has provided a solution on its community forum that involves logging into the Webroot online console and manually creating override rules for all of the erroneously blocked files.

Users then have to either wait for the endpoint client to poll the server and restore the files according to the new rules, which can take up to 24 hours, or manually trigger a forced polling for each client from the command line.

While this solution might work for home users or businesses with a relatively small number of computers, it creates problems for large environments, especially for managed services providers (MSPs).

“This is not a fix when you’re an MSP,” one user wrote on the forum.

“How am I supposed to do this across 3 GSMs [Webroot Global Site Manager deployments] with over 3 thousand client sites? Not good enough,” said another.

One user reported that he resorted to recovering the affected files using Windows’ Shadow Copy feature. Another one said that his MSP company is considering legal action because it might have to compensate its own customers for the downtime.

“We are not able to use recovery because most of the backup server cores are affected also,” he said. “Some of the servers are not yet up and we look like fools.”

Webroot representatives said on the company’s forum that the company is working on a universal solution that will also be suitable for MSPs.

FCC chairman to announce plans to repeal net neutrality

The chairman of the U.S. Federal Communications Commission is expected to announce plans to repeal the agency’s 2015 net neutrality rules on Wednesday.

Chairman Ajit Pai, a Republican, will likely announce a plan to reverse course on the 2-year-old regulations and end the agency’s classification of broadband as a regulated, common-carrier service. In a Wednesday speech, Pai will reportedly announce that he is scheduling a vote for the FCC’s May 18 meeting to begin the process of repealing the rules.

The FCC is moving toward a repeal of its net neutrality rules.

Pai has called the net neutrality rules a mistake that “injected tremendous uncertainty into the broadband market.” President Donald Trump, who appointed Pai as the FCC’s chairman, has also criticized the regulations.

The details of Pai’s plan are unclear, with several sources saying they have not yet seen the proposal. One plan under serious discussion has the broadband industry embracing self-regulation by promising not to block web traffic. Those promises would then be enforced by the Federal Trade Commission, not the FCC, similar to how the FTC now enforces privacy promises made by other companies.

ADVERTISING

Under FTC-style enforcement, the FCC or the FTC would not set any industrywide net neutrality rules, instead depending on broadband providers’ pledges to avoid blocking or slowing web traffic. A broadband provider could potentially decide to change its net neutrality policy after notifying customers.

Under the FTC, the agency would bring an enforcement action only after finding a broadband provider violated its net neutrality promises.

The FCC’s 2015 net neutrality, or open internet, rules reclassified broadband as a regulated, telecom-like service — as opposed to a lightly regulated communications service — as the foundation for regulations that prohibited broadband providers from selectively blocking or slowing web traffic and services.

The FCC received about 4 million public comments in the rulemaking proceeding leading up to its 2015 regulations, with the large majority of people supporting strong net neutrality rules.

Broadband providers and Republican lawmakers have opposed the rules, saying the reclassification adds unnecessary regulation that deters deployment and other investment in their networks.

There’s little evidence that the rules have hurt investment, however.  Broadband providers spent US$76 billion to upgrade their networks in 2015, the second highest total since 2001, according to USTelecom, a broadband trade group.

Net neutrality supporters say a repeal of the rules will give broadband providers more control over what websites customers visit and what web services they use. Broadband providers could slow traffic to services that compete with products they own or partner with, or they could charge websites for fast-lane access to customers, supporters fear.

Pai “is determined to give control of the internet to companies like Comcast, AT&T, and Verizon, no matter the cost to our economy and democracy,” Free Press CEO and President Craig Aaron said in a statement. “He’s continuing to ignore the mountains of evidence showing that the agency’s net neutrality rules are protecting internet users while spurring on investment and innovation.”

How to delete and disable location history in the Windows 10 Creators Update

Your devices scoop up all kinds of information about you to provide helpful services and deliver supposedly targeted advertising. Since the debut of Windows 10 this trend has also landed in full force on the PC. But what if you don’t want to participate in this cloud-based madness? A good start is to restrict your location information in Windows 10.

Here’s how to turn off location services in Windows 10 and delete your location history.

location

Some Windows Store apps in Windows 10 require your location to work correctly, while others would like it in order to tailor your experience. Before you turn off location services keep in mind that any location-specific services or apps will no longer be available to you.

If that’s okay with you, open the Settings app by clicking the Windows Start button and then selecting the cog icon in the lower left corner. In the Settings app go to Privacy > Location and turn off the slider labeled Location service.

locationapps

If restricting your location data systemwide is too extreme, Windows 10 lets you do it on a per-app basis. The feature only works for apps built with the Windows Store platform.

Scroll down in Settings > Privacy > Location, and toward the bottom of the screen is the heading Choose apps that can use your precise location. This is followed by a list of apps that want to use your location, each with a corresponding on/off slider. The only one you can’t change is Cortana, because the personal digital assistant requires your location to work. Other than that, you can restrict access to your location on a per-app basis.

historycleared

Next, it’s time to delete location history. You can do this regardless of whether you’ve turned off location services for your device. In Settings > Privacy > Location, scroll down to the sub-heading Location history. Click the Clear button in that section to erase your location history on your PC or tablet. Once the history has been cleared, a checkmark appears next to the Clear button.

That was easy enough, but we’re not done yet. Your location history is also stored on Microsoft’s servers. Below the Clear button, click the link labeled Manage my location info that’s stored in the cloud.

at will take you to the location section of your Microsoft Account’s privacy settings. On the right-hand side of this page look for the section called Clear location activity.

Under that heading is a button with the same title. Click Clear location activity and a pop-up appears asking you to confirm you choice, because you cannot undo this action. Click Clear and you’re done. If you want to be extra-sure, refresh the web page and you’ll see that the map it displays no longer shows any location data.

That’s all there is to clearing your location activity in the Creators Update. If you don’t want your location used at all, you should restrict your browser from asking for your location as well.