WServerNews Asks Our Readers: Foiling ransomware attacks

In this issue:

Windows 10 video blanks out occasionally (reader responses). A layered approach to thwarting ransomware attacks. Huge price increase for AnyDesk. More on impact of Nov 8 patch on your AD environment. SANS 2022 Multicloud Survey. Tool of the week. Windows tips for admins and users. Just the fax, ma’am, just the fax. The world’s most talented cat. AI needs to start explaining itself to us humans. Plus lots more — read it all, read it here on WServerNews!

Why should I be concerned about ransomware? This barbed-wire fence should keep the bad guys away from our computers. Photo by Saj Shafique on Unsplash

Got comments about anything in this issue?

Email us! We love hearing from our readers!

Ask Our Readers (reader responses): Windows 10 video blanks out occasionally

Last week Your Editor tossed out the question to our newsletter readers:

One of my personal computers at home is a refurbished Dell Optiplex 5050 running Windows 10 Professional. Ever since I upgraded Windows 10 to version 21H2 on this machine, the video blanks out for about a second or two, maybe once or twice a day. I checked the Intel video and display drivers and they show as up to date, and I’ve tried other fixes like changing one of the power settings as described in some YouTube videos you find when you google “Windows 10 video blanks out occasionally” but nothing seems to work. Do any of our readers have any ideas what might be causing this problem and how I can fix it?

Happily a few of our newsletter readers responded to our plaintive cry for help. Here’s what we’ve received so far:

READER #1: Hi Mitch, Love your newsletter. My experience with this has been using Edge. As soon as I switched to just about any other browser, the blanking out went away. Chrome, Firefox, Brace don’t do it. —Tim Jacob, Programmer/IT Department at an agricultural company in New Brunswick, Canada

Hmm, OK. I’m not using Edge, I use Brave browser on my home computers. But maybe I’ll try switching to Chrome or some other browser for a while and see if the problem goes away.

READER #2: I’m sure your mailbox is flooded already and hopefully you have received some good advice already. Nothing more frustrating than sitting with an unknown like this. Not knowing how your display is connected, but taking some keywords from your set up described and similar personal experience. I’d suggest that you have a look at the driver again in device manager for the display or any other component you might suspect involved and see if you notice something similar to this:

Credit MS Community for Image…I snagged example from google images search.

I have found in the past that upgrading a feature releases that the existing driver is ‘migrated’ and that can cause some compatibility issues and odd behaviour if it does not go as planned.

I had that with Dell Inspiron 5000 series and the Wifi adaptor. Resulting in random disconnections and Wifi turning off completely. Deleting the driver and installing first the windows default/auto detected driver then the manufacture driver (al be it older version) resolved it. But Windows Update being windows updates, would eventually update again. I know I can turn that off as well, but hey…*shrug*

On the subject of Windows Update. Have a look at Additional Downloads. You might find alternative versions of display driver there as well to try. —Riaan Cornelissen

Thanks but I’ve checked Device Manager on my PC and no bangs (yellow caution sign symbol with exclamation mark inside) appear anywhere, so apparently no driver migration issues have been recorded on my system. But you did clue me into something I hadn’t noticed, namely that I’ve been using the Generic PnP Monitor driver instead of the one from the manufacturer of the Acer monitor my system uses:

So I opened Windows Update, clicked View Optional Updates, expanded Driver Updates, and found a driver available from Acer for my monitor. I’ve downloaded and installed it, so let’s see if this fixes the problem.

READER #3: Hi Mitch, I know this effect. In my case it depends on the display cable – using HDMI generates the blanks, DisplayPort doesn’t. So I rewired my display. —Martin Urwaleck from Austria

Hmmmmmmm. Our mess of home PCs are really a mess as they’re all refurbed systems patched together with band-aids and rubber bands, figuratively speaking. It turns out upon close examination that this particular PC is connected to an old Acer HDMI monitor, but the connection on the monitor end actually uses a DVI-D cable the other end of which connects to a Display Port 1.2 port on the PC through a StarTech.com DP2DVIADAP Video DisplayPort DVI Adapter stuck in the back of the PC. So I guess when I set up this PC back way back when, I didn’t have a spare HDMI cable laying around that I could use at the time.

What a mess. Let me dig around in my junk cabinet tonight and see if I have an HDMI cable as the PC also has an HDMI port on the back IIRC. And if that doesn’t resolve the problem then I might have to follow Martin’s advice and buy a Display Port monitor for this PC as we only have old HDMI monitors for our personal use PCs at home.

Anyways, will keep you our readers informed, thanks everyone!

Got questions? Ask our readers!

WServerNews goes out each week to almost 200,000 IT pro subscribers worldwide! That’s a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? You can Ask Our Readers for help by emailing us your problem or question. Do it today!

Help spread the news!

Please tell all your colleagues and friends about WServerNews and let them know that they can subscribe to these and other TechGenix newsletters for free by going here. Thanks!!

Editor’s Corner

Our enterprise has been fortunate enough to have never fallen victim to a ransomware attack. Many businesses have not been so lucky though. What about your own organization? Craig Hollins, who runs a small MSP in Australia and is one of our longtime newsletter readers, sent me an email recently with his thoughts on the subject and some possible steps a business can take to protect itself from data breaches that can lead to having their systems and data held hostage by extortionists. I’ve reproduced his email below followed by a few thoughts of my own, but I’d love to hear how other readers safeguard the network they manage or support from the growing threat of ransomware. Email me with your comments after you’ve read the below and share with us some of policies, practices and tools you use for preventing data breaches and combatting ransomware.

Hi Mitch. In the news in Australia recently has been the subject of data breaches. From telcos to health insurers, several large Australian firms have been “hacked” and held to ransom with the threat they will release millions of records of their customer data.

Like everything in security, everyone is looking for simple solutions but the answer is to put in many, many layers. Let’s go thru them.

  • Firewall – we all know about these and how effective they can be. Why are they configured to accept connections from nefarious countries? Does an Australia health insurer really need to accept connections from Russia?
  • Lock down computers so they can only run trusted code – We’ve been talking about this for decades and it’s still a pie in the sky.
  • Train users – OK, weakest link, I know, but if you can stop some attacks by getting users to look at the obvious.
  • Restricted access to bulk data – how come every time there is a breach we’re informed millions of records are exposed. How? Surely the ability to copy bulk data is restricted to just the DBAs. And their computers should also be blocked from the outside world. Internet access should only be possible via a web page that presents one record at a time.
  • Take the money out of it – Hacks only occur because of the possibility of a ransom being paid. Simply pass a law making it illegal to pay ransoms. Hackers will move onto the next country.

The last one is the most contentious but it’s also the only one that will definitely solve the problem. All the hackers are going to get is a database of potential victims – who can’t pay ransom by law. I know some of these are simplistic (possibly overly) but together they’ll make a big dent in the problem.

Thoughts? —Craig Hollins

Overall I think Craig has some really good ideas here, especially the one about layering various defenses. Let’s look at each of his suggestions one by one:

Firewalls. Most modern firewalls support Geo-IP filtering which lets you block connections going to or coming from specific geographic locations. GFI Kerio Control for example supports this feature and it’s easy to configure. So the bottom line is that if this feature isn’t being used at your org then your admin is either lazy or (more likely) overworked.

Run only trusted code.Code signing is one way of ensuring the programs you’re running are trustworthy. But if your code signing system gets breached, as it once happened with Adobe and more recently with Nvidia, then malware can appear trustworthy when you download it even from trusted sites. Whitelisting which applications and code are allowed to run is more difficult—just ask any Windows admin who has tried doing this with AppLocker. Jeremy Moskowitz has a good article explaining the pros and cons of using AppLocker and why PolicyPak Least Privilege Manager can be a good alternative to using AppLocker. And if you google something like “best alternatives to applocker” you’ll get a bunch of sites (mostly vendors) offering their ware or recommending other third-party solutions that may be useful to explore.

User training. Fuhgeddaboudit, it’s a hopelessly lost cause. Spend your extra budget on good coffee instead for your IT team.

Block bulk data downloads. Here I’m not very qualified to comment as this deals with two tiers—web front-end and back-end databases—that I have little direct experience with. I’m more of a systems and network guy, keeping the plumbing working between the different tiers. So I’ll leave it to our readers to comment here if they have experience in these areas.

Take the money out of it. Sounds like a good idea, but we could also bring bank robberies to an end if everyone took their money out of their bank. So I’m not sure this suggestion is feasible.

Anyways, what do our readers think about Craig’s ideas? Got any other suggestions of your own for ending the ransomware plague? What are you currently doing, or planning to do, in this area to protect your business from cyber extortionists? Email us!

We hope that you enjoy this week’s issue of WServerNews, feel free to email us your comments or questions about anything in this newsletter.

This Week in IT

A compendium of recent IT industry news compiled by Your Editors. Feel free to email us if you find a news item you think our newsletter readers might be interested in. And for more tech news coverage see the News section of our TechGenix website.

Acer has fixed a vulnerability in some of their laptop models that allows local attackers to turn of UEFI Secure Boot. Bleeping Computerhas some details concerning this.

AnyDesk Software GmbH, vendor of the eponymous remote desktop software, has just given users of their platform a huge price increase, probably because with the pandemic waning organizations are pushing their employees to return to the office instead of working from home. Born’s Tech and Windows World has more news concerning this.

And while we’ve all probably heard about the news that Big Tech companies, like Google, Apple, Microsoft, Meta, HP, Cisco, Stripe, Roku, Zendesk, Asana, and others, have announced major layoffs this year, according to TechGenix, business owners can look upon the layoffs as more of a recalibration than a permanent offset and may be able to take advantage.

Windows Server news

Following up on last week’s news item from Günter Born about an important out-of-band update for some older versions of Windows Server to fix Kerberos authentication issues on DCs that were caused by November updates from Microsoft, we came across the following post on Microsoft’s Core Infrastructure and Security Blog which may also be helpful: How Do I Know If My AD Environment Is Impacted By The November 8th 2022 Patch? Also be sure to check out this post from the Ask The Directory Services Team blog: November 2022 Out of Band update released! Take action!

Upcoming webcasts, workshops and conferences

Got an event, conference or webcast you want announced in our newsletter? Email us!

Dec 7 – SANS 2022 Multicloud Survey: Exploring the World of MulticloudRegister now!

Also be sure to check out the following event listings:

Got comments about anything in this issue?

Email us! We love hearing from our readers!

Meet the Editors!

MITCH TULLOCH is Senior Editor of WServerNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada that produces books, ebooks, whitepapers, case studies, courseware, documentation, newsletters and articles for various companies.

INGRID TULLOCH is Associate Editor of WServerNews. She was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press and collaborated on developing university-level courses in Information Security Management for a Masters of Business Administration (MBA) program. Ingrid also manages Research and Development for the IT content development business she runs together with Mitch.

Subscribe today to WServerNews!

Subscribe today and join almost 200,000 other IT professionals around the world who subscribe to our newsletter! Just go to this page and select WServerNews and you’ll receive it every Monday in your inbox.

IT Workshop – tools, guides and useful stuff

Got a product or solution or some other resource you’d like to tell our readers about? Email us!

Our TOOL OF THE WEEK is Olive Software from IgniteTech. Use it to automatically transform your print-first content into rich, interactive online content that can be delivered to your audience through multiple channels.

Despite its numerous features, many companies reject Google Drive and move to alternatives. Learn why this is the case and discover the best alternatives to Google Drive in this article from TechGenix!

Tips and Tutorials

Got tips or tutorials you’d like to recommend for our readers? Email us!

This week we have a bunch of Windows tips and tutorials for you to geek out over. First here are some tips mainly for end users:

How to Remove Windows 10’s Annoying Search Highlights Icons (Tom’s Hardware)

How to auto shutdown Windows when it’s been idle for a while (OnMSFT)

How to Transfer a Windows 10 or 11 License to Another PC (Tom’s Hardware)

How to Run a Program as a Different User (RunAs) in Windows? (Windows OS Hub)

How to Keep Windows Running Smoothly (Tom’s Hardware)

Commonly-supported Windows shortcuts for pasting without formatting (The Old New Thing)

Now let’s throw in a few higher-end ones for administrators:

Windows Terminal as Standard User With Dedicated Admin Account (Helge Klein)

Using Windows Update Delivery Optimization in Local Networks (Windows OS Hub)

Configuring Wake-On-LAN for Dell Systems (Mick Pletcher)

How to set up DHCP failover on Windows Server (Network World)

Windows: ‘Trust Relationship Failed’ (PeteNetLive)

“The update is not applicable to your computer”: Windows Update Error (Windows OS Hub)

Freebies!!

Got a freebie you want to offer our readers? You can reach almost 200,000 IT pros worldwide with our newsletter—email us!

30-Day Free Trial for SANS Security AwarenessStart today!

Factoid: Just the fax, ma’am, just the fax

Our previous factoid was this:

Fact – A Bored Chinese Housewife Spent Years Falsifying Russian History on Wikipedia (Vice)

Source – https://www.vice.com/en/article/pkgbwm/chinese-woman-fake-russian-history-wikipedia

Question – What’s the *worst* Wikipedia topic you’ve ever read in terms of bias or accuracy?

Murat Yildirimoglu from Turkey had a sharp response to this one:

One of the worst articles in Wikipedia is the “Alexander the Great” article. Alexander the Great is one of my favorite subject: I always love reading about him. But the article about him is tainted with some nationalistic Greeks’ contemporary causes like highly controversial “Greek Genocide” claim.

At the beginning of the article, in the fourth paragraph, we read: “Greek-speaking communities in central Anatolia and in far-eastern Anatolia survived until the Greek genocide of the 1910s and early 1920s as well as the Greek–Turkish population exchange of the mid-1920s.” It is a reckless and sad claim at the just opening sections for one of the greatest men. It is a sad attempt to project today’s issues to a 2300-year old great man.

Greeks try to make their claim a universal truth abusing the Wikipedia articles. And when I raise my complaints about it, I am not heard at all.

Interesting. I suppose all encyclopedias tend to be biased in certain content areas, perhaps not intentionally but simply because their content is generally produced by those who have a similar cultural/intellectual background. Perhaps one might raise the above issue in the Talk section of this Wikipedia article, but looking at it I see that there are already 23 pages of archived discussions about the accuracy of what’s contained in the article. So probably best to just forget about it and move on.

Now let’s move on to this week’s factoid:

Fact: UK comms regulator rings death knell for fax machines (The Register)

Source:https://www.theregister.com/2022/11/02/ofcom_fax_death_knell/

Question: Do you still have a fax machine at your company? When was the last time you used it?

Email us your answer and we’ll include it in our next issue!

Fun videos from Flixxy

Christmas is coming soon, and in our wanderings across the wide wide web we came across this funny video from our friends Down Under:

Australian Version Of Jingle Bells – Written at the last minute for a radio appearance in 1992 by Colin Buchanan, ‘Aussie Jingle’ has become an Australian Christmas classic.

https://www.flixxy.com/australian-version-of-jingle-bells.htm

…which led us to searching for some other fun Aussie videos on Flixxy:

Just A Casual Day In Australia – Rob Bredl, the Barefoot Bushman, is not afraid of crocodiles. He even takes a ride on the crocodile’s back.

https://www.flixxy.com/just-a-casual-day-in-australia.htm

Byron Bay Bluesfest in Australia – An impressive performance of Grandpa Elliott as a tribute to everyone that has lived through the blues.

https://www.flixxy.com/grandpa-elliott-playing-for-change-byron-bay-bluesfest-in-australia.htm

The World’s Most Talented Cat Lives In Australia – ‘Didga’ the cat holds a Guinness World record and is considered the most talented cat in the world.

https://www.flixxy.com/the-worlds-most-talented-cat-lives-in-australia.htm

Land Down Under in 4K – Beautiful footage from Australia.

https://www.flixxy.com/australia-land-down-under-4k.htm

And Finally

The odd, the stupid and the remarkable. Good for your mental health.

Chrome will finally force you to upgrade from Windows 7 in 2023 (Android Police)

https://www.androidpolice.com/chrome-windows-7-support/

[Are they going to arrest me if I don’t upgrade?]

Scientists discover material that can be made like a plastic but conducts like a metal (Phys.org)

https://phys.org/news/2022-10-scientists-material-plastic-metal.html

[OK first we have transparent wood and now we’re gonna have plastic metal. What’s next?]

Slow broadband? FCC wants to boost internet speeds from ‘harmful’ minimums (ZDNET)

https://www.zdnet.com/home-and-office/networking/slow-broadband-fcc-wants-to-boost-internet-speeds-from-harmful-minimums/

[Well it’s arguable which is worse: slow Internet service or the Internet itself.]

Scientists Increasingly Can’t Explain How AI Works (Vice)

https://www.vice.com/en/article/y3pezm/scientists-increasingly-cant-explain-how-ai-works

[Why not ask AI to explain how it works? e.g.

HUMAN: “Hello AI, what is AI anyways?”

AI: “I am AI, who the hell are YOU?!?”

Eeek!]

Hey reader! Got an amazing or weird or funny link you’d like to suggest for this section of our newsletter? Email us! But please make sure that it’s G-rated as in “Gee whiz”, “Golly!”, “Good grief!”, “Gaaahh!!” and so on. Thanks!

Please tell others about WServerNews!

We hope you enjoyed this issue of WServerNews! Feel free to send us feedback on any of the topics we’ve covered—we love hearing from our readers! And please tell others about WServerNews! It’s free and always will be free—and they can subscribe to it here. Thanks!!!

Scroll to Top