Archive for November, 2008


DEP – Blocking unwanted programs in Vista

The UAC (User Account Control) prompt in Windows Vista is a security tool to prevent unauthorized access to the system. The problem I find in the field is that there will always be a percentage of users who will click “continue” = (please allow this malicious code to run on my PC because I really don’t know any better). It may also be difficult to manage the security of a computer when it is accessed by multiple users, and you need a secure computer on your network or in the office. There is a solution to this problem. It is a fiddly, requires familiarity with the mouse and navigation in Vista, but if you want to lock down Vista and prevent malicious code from running DEP is your answer.Data Execution Prevention has been around since Windows Server 2003 and monitors the way programs use system memory.

If the program attempts to access memory in an unsafe fashion, DEP closes it down. If the program has a valid ActiveX Control it should execute correctly. If it will not install or run and you know this program is safe you can add it to the DEP allowed list. The computer needs to be restarted after DEP changes. Not every program that is blocked by DEP is malicious or spyware but if DEP is monitoring the program it can detect attempts to execute code from protected memory areas, and help to mitigate the threat of attacks. If DEP closes the program you know is safe, try checking for a DEP capable version of the program or contact the vendor before changing DEP settings.

To access DEP settings and add or remove programs from the allow list:

· Go to start

· Right click computer

· Select properties

· Select advanced system settings

· Note the UAC prompt and continue

· Select the advanced tab

· Select the performance tab > settings

· Select data execution prevention

· DEP is turned on for essential Windows programs and services only by default – choose to turn on DEP for all programs

· Restart the computer

· If a new third party program does not run and is blocked by DEP specifically you can add it to the list by (A) turning off DEP, restart PC, install new program, turn on DEP and add the exe of the program to the DEP list, restart PC.

We turn on DEP on request or for some security scenarios on our new computers. A program blocked by DEP does not always notify you. DEP is not for everyone but is highly effective if you need advanced security.


How to repair Vista startup problems

The Windows Vista Recovery Environment can be useful in restoring system files affecting startup.

To use this feature:

1. Boot from the Vista Boot DVD

2. scroll through to choose a recovery tool

3. Statup repair can replace or repair corrupted system files. This is the first option shown

If startup repair is not able to resolve the issue and allow you to boot into Windows you will see the a dialogue window explaining that the repair was not successful along with problem details.

At this point you should contact your IT Admin or call tech support.


3 ways to recognize email scams

I get those emails that look like they come from my bank asking me to confirm my account details, or even threatening to suspend my account if I do not click this link NOW! I could say these emails are very good imitations complete with logo and contact details, legal disclaimer etc, except I have never received an email of any description from my bank. Banks send letters for notices and such.

I am used to dealing with these emails like everyone else with an email address but the email I received the other day was different. It made sense in a way. We use certificates on servers to enable secure access, so why not banks? The email informed me the bank was changing over to a certificate based system for login to internet banking. A link invited me to download a customer certificate – all in the name of better security. The certificate would recognise my computer by way of the certificate.

Aside from knowing banks do not, (1) would not send an email for such a big security change, there was was the spelling (2) mistakes. Server was spelt serve for example. Banks have and use spell and grammar checkers. I get spelling mistakes on school newsletters and even the education department letters, but never on a bank letter or legal documents.

Then I closed the email, right clicked it and selected message options (Outlook 2007). Scrolling down past the delivery path of my own ISP and its spam filters, I see the return address (3) is The return path / originating path could also be blank. Real emails have real addresses.

In my case the scam targetted ANZ bank customers so i rang 131314 and reported it to bank security.