XP SP3 and Office 2003 Support Ends April 8, 2014

Windows XP has been around since August 24, 2001 – 12 years ago now. It is getting VERY long in the tooth.

Windows XP SP3 and Office 2003 Support Ends April 8th, 2014

Like many Operating System versions, Windows XP was not such a great OS in the beginning. BUT, like many Microsoft products, it got better after Service Pack 1 (SP1), but wasn’t the best it could be till after Service Pack 2 (SP2) and mildly better after Service Pack 3 (SP3). SP3 is the current version of Windows XP.

I loved Windows XP for a long time, even though it was getting long in the tooth. But I have come to love Windows 7 even more. Windows 8 … the jury is still out. For me I use several different operating systems. I also love and use Mac OS X or just OS X (as it is called now) and Debian Linux.

Windows XP has been on life support or Extended Support since April 8, 2009 when Mainstream Support ended. That was after two says of execution as it were since it was supposed to be ended earlier than 2009.

Windows XP has been the main stay for many folks for a long time in the Windows world — the last 12 years. That’s a long time for an Operating System version.

Windows XP still holds the #2 spot at 31.24% of computer users as shown below in the graph from NetMarketShare.com:

NetMarketShare.com Operating System Breakout - November 1, 2013

NetMarketShare.com Operating System Breakout – November 1, 2013

Windows 7 holds the #1 spot for a very good reason. It is still the best of the newer Operating Systems from Microsoft to date — in my opinion and nearly half of all Windows users to date. And Windows 7 is still good to go until January 14, 2020 (end of Extended Support – it is still in Mainstream Support until January 15, 2015). Here’s the break out of the Windows lifecycle fact sheet info:

Windows Life Cycles from the Windows Life Cycle Fact Sheet

Windows Life Cycles from the Windows Life Cycle Fact Sheet

I have said all this because we need to see where were are, and where we need to be as computer users, particularly as Windows users with April 8, 2014 looming over those of us still using Windows XP.

Especially in the light of the pervasive malware purveyors out there today.

We need to make sure we are all no longer using Windows XP of any kind before or at least by April 8, 2014 when Microsoft will no longer be providing ANY security updates for Windows XP.

A few years back they did the same thing with Windows 2000. It’s now Windows XP’s turn.

Please read the following articles to see why this will be very important:

Windows XP infection rate may jump 66% after patches end in April – Computerworld

Microsoft yesterday again put the scare into Windows XP users, telling them that after April 8, 2014, the chance that malware will infect their PCs could jump by two-thirds.

Windows lifecycle fact sheet – Microsoft.com (image above)

New stats show Windows 8 usage up sharply as XP usage plummets – ZDNet (for curiosity though, look at the difference between the table on ZDNet’s article and the one today).

NetMarketShare (choose Operating Systems from the dropdown to see the chart above in real time)

Gartner Says Worldwide PC, Tablet and Mobile Phone Shipments to Grow 4.5 Percent in 2013 as Lower-Priced Devices Drive Growth – Gartner.com

Source: Gartner Oct 2013 - Worldwide Device Shipments by Segment

Source: Gartner Oct 2013 – Worldwide Device Shipments by Segment

It would appear, that, as predicted, many around the world are moving to other types of computers, in particular mobile devices. This was forecast and it would seem to be coming to pass rather dramatically now.

It is amazing to see the number of people who rarely if ever use their desktop computers these days, relying on their mobile devices for almost all, if not all, their computing and Internet needs. Some folks no longer even have a computer other than a tablet, like the iPad or Nexus Tablet, or Surface, etc., or just use their smartphones for their email, browsing, messaging, gaming, etc. which is the bulk of what people seem to do on the Internet these days. Unless of course if their work or business, or gaming bents, are important to them. Having said that, even gaming has very much gone mobile for many people.

I am hoping that folks will take a look at the overall picture and determine which direction they wish to go now that there are only a few months left before Windows XP will no longer be a viable Internet connected computer.

Will a Desktop or Laptop be the way to go, or will a Mobile device like a Tablet or maybe even just a smartphone be enough for many folks? Staying with Windows or moving to a Mac may also be a consideration.

No matter which way folks ultimately go, deciding will be important and thinking about this is really needed with Windows XP going away in just a short few months.

Over 31% of computer users will need to make this decision before April 8, 2014, if they wish to remain as safe as they can be on the Internet.

Even with Google Chrome continuing to support Windows XP SP3 a year after Microsoft (till 2015), if the Operating System itself has no updates, that will certainly not be enough.

Lots to think about and only a few months to decide … Windows XP SP3 and Office 2003 Support Ends April 8th, 2014

Advertisements

Emails with Malware URLs

It is amazing to me how many malicious emails one can get!

Just today, I got one that purported to be from CNBC, however, the link was not any of the CNBC franchise websites. So I thought, well, maybe I missed one?

I searched Google for the root domain name in email link and it tried to give me real life news channel results which were of course all legitimate websites, not the dangerous one that was in the email.

However, it did give the ability to search on the exact domain again if I really meant it, which of course I did. The only links available — which I was very happy to see — for that domain name were several links to malwareURL.com – (The MalwareURL Team is a group of Internet security experts dedicated to fighting malware, Trojans and a multitude of other web-related threats) that exposed the website in the email as a malware site for a work at home scam:

This web site is a known security risk – Detailed web site security report

Security Category: Work-At-Home scam

The results on the link above about the website stated the following:

Domain matching reallivenewschannel.com were found in our database.

1348 other active domains were found on 707 IP(s) for AS30058 (FDCSERVERS)

Show the report for AS30058 (FDCSERVERS)

Malicious URLs on reallivenewschannel.com
/weeknews/lastnews.php
/weeknews/go.php

Blacklist
Google
Google Diagnostic Page

My WOT
WOT Score Card

hpHosts
hpHosts listing

MalwareDomainList
MDL listing

After the above information, there was information specific to the domain.

Interestingly, the domain appears to be registered in NY, USA.

The name servers are in .RU/Ukranian domain origins.

In addition, this malware link in the email had a prefix that looked like the following, except I changed the numbers in the link:

cf533cb444.reallivenewschannel.com

NOTE: Notice the above is not a live link as we don’t want to visit under any circumstances, unless you are a security researcher preferably using a throwaway Virtual Machine or live CD.

If I had looked at this email in full HTML as it was intended by the malware purveyors, it would have looked somewhat like the following in simple HTML except it would likely have had the look of a CNBC website rather than just the text as it does in simple HTML:

A CNBC Event – Work At Home Mom Makes Almost $10,000/Month, Part-Time

Patricia Feeney of , never thought she’d have a job working at home until she filled out a simple form online, one afternoon. Before she knew it, she had discovered her secret to beating the recession and no longer had worries about being able to provide for her family – and she did all of this by working from home. » Continue reading

CNBC
To unsubscribe to this email click here. If this e-mail was forwarded to you and you’d like to sign up for additional alerts from CNBC click here.

© 2012 CNBC, Inc. All Rights Reserved. 900 Sylvan Avenue, Englewood Cliffs, NJ 07632

See where the Continue reading is? That was the link, totally obfuscated from view to trick users into thinking it was a CNBC link when actually it was linked to the full malware URL I have been discussing in this posting.

Pretty convincing isn’t it? Looks like a legitimate email from CNBC.

If you looked at the email source, you would also have seen that the real Return path is not CNBC, but a user from a .pl domain.

Thankfully, SpamAssassin did give it a 6.5 Spam Status level (required was 5 so it was 1.5 beyond the level required to be considered Spam. X-Spam-Report says the following:

X-Spam-Report: 
*  2.3 FROM_STARTS_WITH_NUMS From: starts with many numbers
*  1.8 URI_HEX URI: URI hostname has long hexadecimal sequence
*  0.0 HTML_MESSAGE BODY: HTML included in message
*  2.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
*  0.1 RDNS_NONE Delivered to trusted network by a host with no      rDNS

Sadly, many emails that look like they originate from legitimate sites come in every day and people are often fooled by them. Many times just because they look at emails in HTML.

These types of things would fall by the wayside if everyone was more wary and understood that when they send out millions of emails like this likely every day or every week, it only takes 1.5% of the people to respond to make it well worth while to the spam, malware, phishingspear phishing, or scam (or any combination together) purveyors.

Also check out the Anti-Phishing Workgroup website for more information.

There are many of us who have been using email clients that allow you to view emails as Plain Text such as; Thunderbird (opensource – free – accepts donations), Postbox ($9.95 – based on Thunderbird and by original Thunderbird developers), Pegasus (free but proprietary – accepts donations), and there are many others that allow plain text. Most Linux based email clients give this ability as well.

Oddly, however, although Apple Mail granularly allows you to choose (after already choosing the email message) to read in plain text on an email by email basis — Apple Mail DOES NOT have an option in Preferences that allows you to choose to view emails as Plain Text by default which would prevent many problems with these dangerous types of emails. This is very sad news for Apple users. Microsoft Outlook DOES NOT give users the ability to view emails in Plain Text either (on an email by email or by option in preferences). I would very much like to know why Microsoft and Apple do not give that option to people. These are the two most ubiquitous email clients used in OS X and Windows.

I have read emails in plain text from the very beginning. Intentionally. Simply because I don’t want to be accidentally fooled by this type of  spammalwarephishingspear phishing, or scam.

Email clients like Thunderbird (opensource – free – accepts donations), Postbox ($9.95 based on Thunderbird and by original Thunderbird developers), Pegasus (free but proprietary – accepts donations) give the ability to view in original HTML, simple (non-executable) HTML or Plain text. They also give you the ability to allow or disallow images inline! Very important if you wish not to be tracked by email senders with beacon ads, web beacons, web bugs. These email clients also give an easy way to view the source of an email so you can do your own investigation of information in the headers or body of the email, and to facilitate sending comprehensive email information about spammers, etc. to sites like PayPal, Google, eBay, your bank, etc.

Sadly even many website based email clients, like GMail, Yahoo Mail, Outlook.com, Hotmail, MSN Email, etc, go only half way in regard to these very necessary capabilities … if that.


A wave out to all my Google+ friends

[tweetmeme source=”franscomputerservices” only_single=false]And other Google+ users who might soon be wondering where I went…

EDIT 9/6/2011: In the comments, I continue to add articles. I hope to have this be a pretty inclusive list of articles on this issue. If you know of one I have missed please feel free to leave a comment with the link. Thanks!

I have found that as much as I absolutely love Google+ the ‘social network’ — now known to be an ‘identity service’, I am leaving on 9/9 along with some others that have identified 9/9 as the day to leave. Hopefully it will have some impact even if it’s only a small overall number of users. But more than anything, I hope it will have a lasting impression regardless on how dangerous ‘identity services’ appearing to be ‘social networks’ can be.

Google has determined that Google+ aka Google Plus or G+ is to be an ‘identity service’ and that Google/Google+ require your real/common name not a pseudonym, pen name, stage name but only western style two name real/common names apparently.

Some may say so what. But others will know that this is a major issue and has been since Facebook started this trend. Here‘s my Google+ posting on this and this one reshared from Tom Anderson both which will be gone after 9/9.

Not to mention the fact that Google+ is linked to things like your GMail account, Google Search, Picasa, Youtube, Google maps/location data, Android apps purchases, and so much more — and even more of Google’s offerings as time goes on (and boy do they have a lot of social types of offerings or apps). And if you don’t like that and decide to leave G+, you are prompted to remove all, what they call connections to their ‘social apps’ linked to your G+ GMail account.

“Just go somewhere else” is a fallacy. The name policy stretches far beyond Google+, and here’s why. (Todd Vierling on Google+)

Here’s just a couple early articles the weekend when Google started arbitrarily disabling accounts:

Google+ and the loss of online anonymity by Matthew Ingram (GigaOm)

Update: Complaints mount over Google+ account deletions by Juan Carlos Perez (Computerworld)

Dutch researcher downloads 35 million Google Profiles (State of Search)

So what’s the big deal? First, it’s a great security risk for users. Especially normal/average users since many business users already have their ‘real’ name out there and it’s part of their branding. I actually am one who has done just that. Fran Parker is Fran’s Computer Services and this posting is on my Fran’s Computer Services blog. And technically Fran Parker is a common variation on my real name, but that is ‘allowable’ on G+ because it is how I am commonly known. Also, there is some arbitrariness about it all too. If disabled users can ‘prove’ who they are, or can ‘prove’ that they have a ‘valid’ reason for allowing the ‘pseudonym’ to those at Google/G+ who handle complaints or vetting of those who want to try to get reinstated, you can be back in their good graces.

However I am leaving Google+ — and don’t get me wrong — it would certainly benefit me to stay on G+ and let their new service benefit my business networking online. Instead, I am leaving Google+.

My name is Clo | My Name Is Me

My name is Albatross | My Name Is Me

Why? I am leaving because Google has decided to build G+ as an identity service — in some ways like Facebook, but not really since G+ is a public profile server — yes, you can hide nearly everything but your public posts or responses to public posts, your +1 (think: Facebook Like), AND you can’t hide your real/common name because they make that public — and Google has changed the rules on their services so they can now link you, by name, and even by what you put in the field for ‘also known as’, or ‘nicknames’ field, on every one of their services and boy do they have a lot of services. And if you don’t believe me, try this. Especially if you are a member of Google+, search on your name, particularly your Google+ profile name.

Will cyberthugs exploit Google Plus ‘identity service’ for spear phishing attacks? by Darlene Storm (Computerworld)

What’s the big deal, you say? Oh, nothing much accept that by doing this, they have made each and every one of us a bigger phishing, actually more like spear phishing, and/or unethical hacking/cracking target by linking everything we do or say online. For business users whose names are linked to their branding, they live with that day in and day out and it’s a major pain, but they made that decision to deal with that consciously at some point. But the average user? I don’t think the average or normal user needs or wants those types of hassles. OK, so maybe you say, So what? It’s a greater security risk for users. You can be targeted so much easier by linking so much about yourself online. And there is this to think about:

Google fined in Brazil for refusing to reveal bloggers’ identities (TheNextWeb)

OK, and if that wasn’t bad enough. By limiting the ability to use pseudonyms, stage names, pen names, non-English Western civilization name standards, etc., Google is cutting of their nose to spite their face. And some folks have been known by nothing else but a pseudonym, pen name or stage name online for as much as 20+ years, by the way. But that’s OK, they don’t really want to be everyone’s Google+ friend, they obviously just want to make more money.

Why do I say that? Because all of this linking is data they can market with, sell to others in corporations, governments, highest bidder, whatever — in aggregate form of course, like Facebook does. Facebook makes a bundle on this already and Google apparently wants a piece of that action…well a bigger piece. Besides they already know you. Now they are getting your permission to basically track you further, and use more of your data that you share with them….errr, enter on their services, like Google+.

Also, but many of us have been working against abuse of marketing crap since Steve Gibson created OptOut when he became aware of the crap that was going on in the early days of computing online on the Internet. Marketing which was more like spyware than benign advertising in the newspapers or magazines where they can’t track you!

OK, enough about that side of things. Now on to the other side. The discrimination, the arbitrary decisions to disable accounts and require proof of who they are or the changing of their ‘name’ to something more western or 1st world or whatever you want to call it … two name (first and last name) like western countries do. Which is not at all like real/common names in other parts of the world.

Also, some folks really do need to use a pseudonym, or alternative name, stage name, pen name …whatever you want to call it. And many people in this type of situation would rightfully feel this is a discrimination against women. Many women have been stalked, have had abusive spouses or coworkers/bosses or have spouses or jobs where it would be ‘inconvenient’ (like they could lose their job or their spouses job for them or their position), if they were not able to speak out anonymously through a pseudonym.

There are so many angles on this issue. It was wrong when Facebook did it and it’s even more wrong (if there is such a thing) for Google to do it. Why is it more wrong for Google? Because we have higher expectations of Google. They have always tried to ‘do no evil’ in the past and now they will be right in the middle of it. Was ‘do no evil’ only to get people to trust them? Like Apple with their ‘think different’ and revolution anti-big brother stance in their 1984 commercial? But all the time they had other plans?

If you are not familiar, and it would likely be easy not to be familiar if you are not on G+ aka Google Plus service or have friends that are. Since it is an invite only ‘field test’ at the moment anyway, many would be not involved. But many geeks, technicians, artists, artisans, journalists, etc. are on it to help improve it and try it out as the new kid on the block in social networking. I have been one of these folks for some time now. First with a pseudonym which was quickly squashed through either someone turning me in for having a pseudonym or their algorithm bot got me because the name was obviously not a real name, and after that was disabled, I decided to come back as my business name.

Here are some, and just a few really of the articles that address the issues better than I could ever do:

Understanding the Nym Wars (BoingBoing) with several links and some great commentary


A Case for Pseudonyms (EFF.org)


Google+ Identity Crisis: What’s at Stake With Real Names and Privacy (Wired.com)

Violet Blue: just one of her many postings about Pseudonyms on G+ and she has a legitimate gripe and one of her articles on ZDNet


“Real Names” Policies Are an Abuse of Power (danah boyd blog)


Tracking the Nym Wars (G+ Insider’s Guide)

On Pseudonymity, Privacy and Responsibility on Google+ – Kee Hinkley

Why It’s Important To Turn the Tide on Google’s Real Name Policy (Botgirl’s Second Life Diary blog)

Who is harmed by a “Real Names” policy? (GeekFeminism – Wikia.com) (and related Pseudonymity article).

Who is harmed by a “Real Names” policy?

This page lists groups of people who are disadvantaged by any policy which bans Pseudonymity and requires so-called “Real names” (more properly, legal names).

This is an attempt to create a comprehensive list of groups of people who are affected by such policies.

The cost to these people can be vast, including:

  • harassment, both online and offline
  • discrimination in employment, provision of services, etc.
  • actual physical danger of bullying, hate crime, etc.
  • arrest, imprisonment, or execution in some jurisdictions
  • economic harm such as job loss, loss of professional reputation, reduction of job opportunity, etc.
  • social costs of not being able to interact with friends and colleagues
  • possible (temporary) loss of access to their data if their account is suspended or terminated

The groups of people who use pseudonyms, or want to use pseudonyms, are not a small minority (some of the classes of people who can benefit from pseudonyms constitute up to 50% of the total population, and many of the others are classes of people that almost everyone knows). However, their needs are often ignored by the relatively privileged designers and policy-makers who want people to use their real/legal names.


Nymwars – Wikipedia

The icing on the cake was Eric Schmidt the recent but former CEO of Google stating this (guess he can say anything now, eh?):

Eric Schmidt: Google+ Is An Identity Service; User Your Real Name Or Don’t Sign On (Huffington Post)

Schmidt: G+ ‘Identity Service,’ Not Social Network by David Gerard (slash dot or /.):

David Gerard writes
“Eric Schmidt has revealed that Google+ is an identity service, and the ‘social network’ bit is just bait. Schmidt says ‘G+ is completely optional,’ not mentioning that Google has admitted that deleting a G+ account will seriously downgrade your other Google services. As others have noted, Somewhere, there are two kids in a garage building a company whose motto will be ‘Don’t be Google.‘”

And here’s one I missed that I just saw over at Google+ on Nom DeB‘s profile posts:

Google+ Can Be A Social Network Or The Name Police – Not Both by Bob Blakley at Gartner Blogs

Really all you need to do to find out more about this is to search on Google or any other search engine for any number of combinations of words in this article.

Now we even have a place for Google Refuges to be able to link up after they leave Google+.

EDIT: grammer/clarity and to add Bob Blakley’s Gartner blog article. Also almost forgot my TWEETMEME link, and Added Todd Vierling’s “Just go somewhere else” is a fallacy. The name policy stretches far beyond Google+, and here’s why.”

Attackers exploit latest Flash bug on large scale

[tweetmeme source=”franscomputerservices” only_single=false]Attackers exploit latest Flash bug on large scale, says researcher (Computerworld):

Hackers are aggressively exploiting a just-patched Flash vulnerability, serving attack code “on a fairly large scale” from compromised sites as well as from their own malicious domains, a security researcher said Friday.

The attacks exploit the critical Flash Player bug that Adobe patched June 14 with its second “out-of-band,” or emergency update, in nine days.

Check your current version of Adobe Flash and make sure you have their latest version. They have put out 2 out of band updates recently, so we all need to really be sure.