The Risk of Running Windows XP After Support Ends April 2014

Back in April I published a post about the end of support for Windows XP called The Countdown Begins: Support for Windows XP Ends on April 8, 2014.  Since then, many of the customers I have talked to have moved, or are in the process of moving,  their organizations from Windows XP to modern operating systems like Windows 7 or Windows 8.

There is a sense of urgency because after April 8, Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.  This means that any new vulnerabilities discovered in Windows XP after its “end of life” will not be addressed by new security updates from Microsoft.  Still, I have talked to some customers who, for one reason or another, will not have completely migrated from Windows XP before April 8.  I have even talked to some customers that say they won’t migrate from Windows XP until the hardware it’s running on fails.

What is the risk of continuing to run Windows XP after its end of support date?  One risk is that attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders. Let me explain why this will be the case.

When Microsoft releases a security update, security researchers and criminals will often times reverse engineer the security update in short order in an effort to identify the specific section of code that contains the vulnerability addressed by the update. Once they identify this vulnerability, they attempt to develop code that will allow them to exploit it on systems that do not have the security update installed on them. They also try to identify whether the vulnerability exists in other products with the same or similar functionality. For example, if a vulnerability is addressed in one version of Windows, researchers investigate whether other versions of Windows have the same vulnerability.  To ensure that our customers are not at a disadvantage to attackers who employ such practices, one long standing principle that the Microsoft Security Response Center (MSRC) uses when managing security update releases is to release security updates for all affected products simultaneously.  This practice ensures customers have the advantage over such attackers, as they get security updates for all affected products before attackers have a chance to reverse engineer them.

But after April 8, 2014, organizations that continue to run Windows XP won’t have this advantage over attackers any longer.  The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities.  If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP.  Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a “zero day” vulnerability forever.  How often could this scenario occur?  Between July 2012 and July 2013 Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8.

Some of the people I have discussed this scenario with are quick to point out that there are security mitigations built into Windows XP that can make it harder for such exploits to be successful.  There is also anti-virus software that can help block attacks and clean up infections if they occur.  The challenge here is that you’ll never know, with any confidence, if the trusted computing base of the system can actually be trusted because attackers will be armed with public knowledge of zero day exploits in Windows XP that could enable them to compromise the system and possibly run the code of their choice. Furthermore, can the system’s APIs that anti-virus software uses be trusted under these circumstances? For some customers, this level of confidence in the integrity of their systems might be okay, but for most it won’t be acceptable.

As for the security mitigations that Windows XP Service Pack 3 has, they were state of the art when they were developed many years ago.  But we can see from data published in the Microsoft Security Intelligence Report that the security mitigations built into Windows XP are no longer sufficient to blunt many of the modern day attacks we currently see.  The data we have on malware infection rates for Windows operating systems indicates that the infection rate for Windows XP is significantly higher than those for modern day operating systems like Windows 7 and Windows 8.

Figure 1: Infection rate (CCM) by operating system and service pack in the fourth quarter of 2012 as reported in the Microsoft Security Intelligence

I recently wrote about the findings of a new study on exploit activity that we just published: Software Vulnerability Exploitation Trends – Exploring the impact of software mitigations on patterns of vulnerability exploitation. This seven-year study indicates that attackers have evolved their attacks to overcome one of the key security mitigations that Windows XP has: Data Execution Prevention (DEP). Figure 3 shows the number of common vulnerabilities and exposures (CVEs) that had exploits that would have been mitigated if DEP were enabled compared to the number of CVEs that had exploits that bypassed DEP. With the exception of 2007 and 2008, there appears to be a clear downward trend in DEP’s ability to retroactively break exploits. This trend is not because DEP is no longer effective; rather, it is an indication that attackers have been forced to adapt to environments in which DEP is already enabled—at increased cost and complexity. The evidence is the increasing number of CVEs that had exploits that bypassed DEP.

Figure 2 (left): The number of CVEs that were exploited using specific exploitation techniques; Figure 3 (right): The number of CVEs for which exploits were written that could have been mitigated by enabling DEP as compared to the number of CVEs that had exploits that bypassed DEP

This new data shows us that the predominate threats that individuals and organizations face are now much different than they were when Windows XP Service Pack 3 was released. Turning on the Windows Firewall in Windows XP Service Pack 2 and later operating systems forced attackers to evolve their attacks. Rather than actively targeting remote services, attackers now primarily focus on exploiting vulnerabilities in client applications such as web browsers and document readers. In addition, attackers have refined their tools and techniques over the past decade to make them more effective at exploiting vulnerabilities. As a result, the security features that are built into Windows XP are no longer sufficient to defend against modern threats. Windows 8 has significantly superior security mitigations compared to Windows XP as Figure 4 illustrates. Detailed information on the new security mitigations built into Windows 8 is available in the aforementioned research paper.

Figure 4: The table below compares the mitigation features supported by Internet Explorer 8 on Windows XP Service Pack 3 with the features supported by Internet Explorer 10 on Windows 8. As this table shows, Internet Explorer 10 on Windows 8 benefits from an extensive number of platform security improvements that simply are not available to Internet Explorer 8 on Windows XP.

Organizations need a level of certainty about the integrity of their systems. Minimizing the number of systems running unsupported operating systems is helpful in achieving that. End of support for Windows XP is April 8, 2014.

Reference by http://www.microsoft.com

Google Apps Migration for Outlook

1. Download, install, and import

You can use Google Apps Migration for Microsoft Outlook® to import data from a Microsoft® Exchange account or PST file, by stepping through a simple migration wizard. You can import your mail, personal contacts, and calendar events, either all at once, or one application at a time.

  1. If you haven’t already, sign in to your Google Apps account on the web at least once, to accept Google’s Terms and Conditions.
  2. Install Google Apps Migration for Microsoft Outlook® on the computer where you run Microsoft Outlook®, which should not be running. Use one of the methods below to install (whichever one applies for you).

I’m downloading Google Apps Migration myself

  1. If you are your domain’s administrator, enable Google Apps Migration for Microsoft Outlook® for your domain by making some quick settings in your Google Apps control panel, as described in these system requirements. Otherwise, skip this step as it’s probably already been done for you.
  2. Review these system requirements for your computer. Before continuing with installation, install any necessary updates to your version of Microsoft Outlook® or Windows.
  3. Go to the Google Apps Migration for Microsoft Outlook® download page and click the big blue download button to download and install the utility.
  4. From the Windows Start menu, open Google Apps Migration for Microsoft Outlook®.

My administrator downloaded it for me

If you belong to a large organization, your administrator might have prepared an installation file for you. In that case, all you have to do is install it.

  1. From your Windows Control Panel, open Run Advertised Programs, select Google Apps Migration for Microsoft Outlook® from the list of programs, and click Run to install the wizard.
  2. From the Windows Start menu, open Google Apps Migration for Microsoft Outlook®.

After starting the wizard, you’re asked to sign in to your Google Apps account…

2. Sign in to Google Apps

After starting Google Apps Migration for Microsoft Outlook®, you’re prompted to sign in to your Google Apps account. Signing in here lets Google Apps Migration connect to your account to get ready for importing.

 

  1. Enter the email address that you use to log in to your Google Apps account.
  2. Enter your password, choosing one of the following options:No, help me sign in: Select this option if you’ll be using a non-Google Apps password to sign in to your account—that is, if your administrator has set up a Single Sign On service that signs you in to other services in your organization, along with your Google Apps account.Yes, I have a password: Select this option if you’ll be signing in with your Google Apps password. Then enter the password here, too. (If no one has told you otherwise, this is probably the option you should select.)
  3. Check Remember me if you think you might be importing data to this account again from the command line. That way, when you next import data from the command line, Google Apps Migration won’t ask you to sign in.
  4. Click Next in the wizard to continue.

Now you need to choose the Microsoft Outlook® profile you want to import..

 

3. Choose what Outlook data to import

Next, Google Apps Migration for Microsoft Outlook® asks you to select where to import data from. You can import data directly from a Microsoft® Exchange profile. Or export it first from Microsoft Outlook® as one or more PST files, and import those files.

  1. Choose where to import your data from, as follows:If your existing profile is listed, choose its profile name to import directly from the profile—Google Apps Migration takes a snapshot of the profile’s current data and imports just that. If instead you’ve exported your data to a PST file, choose From PST File(s) and browse to the file on your computer or network. (Control-click multiple PST files to import them all at once.)
    You can’t import PST files that are read-only. The migration utility needs write permission to access your data

  2. If you’ve already imported data into this account, choose the appropriate migration option, as described below. (If you’re importing for the first time, either option works fine):
    • Migrate all data: Imports all your mail, contacts, and calendar events. You can choose this option for your initial migration. Or, choose it if you’ve deleted all previously imported data from this account (such as after a test migration), and want to import all your data again.
      If you already have data in this Google Apps account, choosing this option will import duplicate contacts and overwrite your existing calendar data (email won’t be duplicated).
    • Migrate only new data: Imports only data that hasn’t been imported before (doesn’t duplicate contacts or overwrite existing calendar data). Choose this option to resume a migration that didn’t fully complete (say, if you had to turn your computer off), or to import data that arrived after your first migration.
  3. Click Next in the wizard to continue.

All that’s left is selecting what data to import…

4. Start importing data

Finally, you need to select what data to import—your email, contacts, calendar events, or all of the above.

Specify what to import, and whether to import only mail that was sent before or after a particluar date (just check each appropriate box). To speed up your import, uncheck Junk mail and Deleted items as you probably don’t need any of these messages.

Importing before or after a particular date? The date you choose is effective as of midnight GMT. Messages are migrated based on the time they were submitted to the Microsoft® Exchange server as outgoing messages.

What Gets Imported?

The following data can be imported from the current Microsoft Outlook® profile or PST file:

  • Email messages: Messages from all folders in your profile or PST file, except the Deleted Items, Junk E-mail, and Public folders.
  • Deleted messages: Messages from your Deleted Items folder.
  • Junk email: Messages from your Junk E-mail folder.
  • Contacts: Personal contacts (global contacts are provided by your administrator).
  • Calendars: Events from your all your calendars.

Note that Microsoft Outlook® Notes, journal entries, and tasks are not imported, since these features aren’t available in Google Apps.

  1. Click Migrate in the wizard to begin importing. If you’re importing from a Microsoft Outlook® profile rather than a PST file, you might be prompted to log in to your profile.

Now just sit back and let your data import. Here’s what to expect…

5. Monitor your migration

Once you start the migration, Google Apps Migration for Microsoft Outlook® begins to import data to your Google Apps account. Contacts are imported first, followed by calendar data, and then email. If you’re importing more than one PST file or email account, each file or account is imported in sequence (completing one before moving on to the next).

If you’re importing from a Microsoft® Exchange profile, Google Apps Migration takes a snapshot of data currently in the profile and imports just that; it doesn’t import any messages received afterwards.

You can monitor your migration’s process to see the number of items migrated and the number of items remaining.

When your migration has finished, you can click Start new migration to import more data (if you’re migrating in stages). Otherwise, click Cancel to close the wizard.

You’re now ready to log in to your Google Apps account!

What to expect during migration

  • How long does it take? Depending on how much mail and other data you have, it might take several hours for all of it to import (although you can begin to work in your Google Apps account right away).
  • Pause a migration. To temporarily halt importing, click Pause Migration. Click Resume Migration to continue importing from where you left off.
  • Restart a migration. If your import is interrupted and you need to run the migration again (say, if you click Cancel in the wizard or if you have to shut down your computer), simply rerun the wizard. To avoid importing duplicate contacts, select the option to Migrate only new data.
  • My Internet connection went away. If the migration is interrupted without closing the wizard—say, if your Internet connection goes away—it will resume where it left off if the connection comes back soon. Otherwise, you should start a new migraiton. To avoid importing duplicate contacts, select the option to Migrate only new data.

 

Hijacked Chrome extensions cleanup

We have found that some Chrome extensions come bundled with malicious programs that try to hijack your browser settings. To help keep your browser settings under your control we added a “reset browser settings” button to Chrome’s settings page in October.

Despite this, settings hijacking remains our number one user complaint. To make sure the reset option reaches everyone who might need it, Chrome will be prompting Windows users whose settings appear to have been changed if they’d like to restore their browser settings back to factory default. If you’ve been affected by settings hijacking and would like to restore your settings, just click “Reset” on the prompt when it appears.

Note that this will disable any extensions, apps and themes you have installed. If you’d like to reactivate any of your extensions after the reset, you can find and re-enable them by looking in the Chrome menu under “More tools > Extensions.” Apps are automatically re-enabled the next time you use them.

Editions included: 
Google Apps for Business, Education, and Government

For more information:
http://chrome.blogspot.com/2014/01/clean-up-your-hijacked-settings.html
http://chrome.blogspot.com/2013/10/dont-mess-with-my-browser.html

Reference by : http://www.google.com/

Steps to configure emails in iphone

1. Tap Settings on your home screen.

 

2. Scroll down and tap Mail, Contacts, Calendars.

 

3. Tap the Add Account option

 

4. Tap Other.

 

5. Tap Add Mail Account.

 

6. Enter the following settings:

Name: karan

Email: karan@your domainname

Password: Enter your email password.

Description: karan

tap next

 

7. select IMAP

Name: karan

Email: karan@your domainname

Description: karan

 

8. Incoming Mail Server

host name: imap.domainname.com

UserName : karan@your domainname

password : Enter your email password.

port : 143

 

9.outgoing Mail Server

host name: smtp.your domainname

UserName : karan@your domainname

password : Enter your email password.

port : 25

 

10.Tap Next

Your device will now verify your email account settings. Be patient, as this may take several minutes.

 

11. Tap save

 

12. The email account configuration has been completed. Your email address will now be listed and you can start using the same.

 

Add names to Hangouts video calls in Google Calendar

Starting January 29th, you will be able to give a name to Hangouts video calls in Google Calendar events. This name makes it easier for you and other guests to join the video call. Note that this feature is only available to domains that have enabled Google+ Premium Features.

Release track:
Scheduled release

Editions included: 
Google Apps for Business, Education, and Government

For more information:
https://support.google.com/a/answer/4362302

Reference by : http://www.google.com/

New sign-in page for Google Apps customers

The new sign-in page that was announced last November will be rolling out over the next four weeks starting today. With this change, the sign-in page for all Google Apps customers will be updated to be consistent across all Google Apps services. In other words, the sign-in page for Gmail will now be identical to the sign-in page for Google Calendar, Google Drive, or any other Google Apps service. This change will improve security and make it easier for users to switch between accounts. This means a few things for your organization:

The Google Apps sign-in page can no longer be personalized with colors and custom logos. It will now look the same across all Google sign-in pages.
Users will have to log in with their full email address (example: joe@company.com)
For SSO domains with a network mask, users will be presented with the new Google sign-in page when they log in from outside the SSO network mask. This change does not affect SSO domains without a network mask.

Editions included: 
Google Apps for Business, Education, and Government

For more information:
https://support.google.com/a/answer/4421331

 

Reference by : http://www.google.com/

A new activity stream in Drive shows you what’s changed

Over the next few days, you’ll notice a new activity stream in Drive. When you open Drive, click the “Details and activity” button (ⓘ) on the top right corner and the activity stream will appear, showing you who has taken action on files and folders in My Drive. You’ll see a rundown of what your team has been doing, such as editing and commenting on notes, adding a new spreadsheet, renaming a presentation, etc. If you select a specific file or folder, the stream will change to show you specific information about that item.

Release track:
Rapid release

Editions included: 
Google Apps for Business, Education, and Government

For more information:
https://support.google.com/drive/answer/3323935
http://googledrive.blogspot.com/2014/01/a-new-activity-stream-in-drive-shows.html

Reference by : http://www.google.com/

 

Print Google Forms in a fillable format

You now have the option to print Google Forms. When you print a form, each question is formatted in a way that makes it simple for people to fill in when printed on paper. To try it out, just create a form and press the print button.

Editions included: 
Google Apps for Business, Education, and Government

Release track:
Rapid release

For more information:
https://plus.google.com/+GoogleDrive/posts/ZSWMyZKC22t

Reference by : http://www.google.com/

Reach people you know more easily through Gmail and Google+

Over the next few days we’ll be rolling out a new feature that will suggest users’ Google+ connections as recipients, along with their traditional Gmail contacts, when composing a new email. Your email address isn’t visible to a Google+ connection unless you send that person an email, and likewise, that person’s email address isn’t visible to you unless they send you an email.  Importantly, if someone outside a your Google+ circles sends you an email this way, you can decide whether you want to receive more emails from that person.

Domain administrators will have the option to control the availability of this feature through a new setting in the Admin console under Google Apps-> Gmail Settings -> End User Settings. If this feature is enabled in the Admin console, users can control whether people outside their circles can reach them with a new setting in Gmail. They will be able to choose from Anyone on G+, Extended Circles, Your Circles and No one.  The default setting will be ‘Anyone on Google+’.

Editions included: 
Google Apps for Business, Education, and Government

For more information:
http://gmailblog.blogspot.co.uk/2014/01/reach-people-you-know-more-easily.html

 Reference by : http://www.google.com/

Mcafee epo 4.6 Installation

  1. Upload file zip file
    1. Vse 8.8 zip file
    2.  Ase 8.7 zip file
    3. Ma 4.6 zip file
  2. Epo Agent Meta zip file2. Menu –software – Extension Then Click Install Extension
    1. Click Ok To Complete Install Extension
  3. Menu-software-Master Repository- Click Product (Zip) & Browse Following File
    1. Vse 8.7 Zip
    2. 8.7 Zip
    3. Ma 4.6 Zip
  4. Update Schedule
    1. Menu-Software- Master Repository –Click On Action-Click  Schedule Pull – Name-Update Mcafee Antivirus –Schedule Status-Enable -Next –Action Select On Reposition Full
    2. Source Site Macfee ftp-Current-All Package
    3. Schedule Type-Daily-Start Date-End Date-Schedule Between –next-Save
  5. Product Deployment
    1. Menu-Policy-Client-Task Catalog
    2. Click –Product Deployment
    3. Action-New Task-Task Type Select- Product Deployment-Ok
    4. Task Name-Product Deployment
    5. Target Platform-Windows
    6. Product & Compost :-  a) Mcafee Agant for Windows 4.6.0.2292
    7. Virus Enterprise 8.7.0.56
    8. Anti Spyware Enterprise Mode 8.7.0
    9. Click On Run At Every Policy Enforcement – Save
    10. Then Click On Assign on This Policy & Click On My Organization Ok
    11. Open Windows Show On: – Product                   Task Type                                Task Name
    12. Mcafee agent        Product Deployment             Deploy
    13. Created On :-  My Organization
    14. Lock task Inheritance :-   Unlocked
    15. Tags: – Sent This Task All Computer- Next
  6.   Schedule On This Client Task
    1. Schedule Status –enable
    2. Schedule Type –Run Immediately-Other Font Are by Default Task Runs according To Local Time     Client –next – Then Save
  7. Download Frame Package
    1. Menu – System – System Tree
    2. Click On-System Tree Action
    3. Then Click on New System
    4. Choose: – Create and download agent Installation Package in How to Add System Then Click Ok
    5. Then Click Frame Package in Download File and save desktop – Click Close