Thursday, June 6, 2019

Group Policy editor for commonly used group policy control items in Windows 10

The following  tool can help Group Policy editor for commonly used group policy control items in Windows 10 .

Please refer GitHub URL : https://github.com/velanr1980/GroupPolicyEditor1

The GPO objects covered are as follows :
  1. Enable/Disable Firewall (Domain profile) - HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
  2. Enable/Disable Firewall (Standard profile) - HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
  3. Group Policy refresh interval - HKLM:\Software\Policies\Microsoft\Windows\System -Name GroupPolicyRefreshTime
  4. Group Policy refresh time offset - HKLM:\Software\Policies\Microsoft\Windows\System -Name GroupPolicyRefreshTimeOffset
  5. No Autorun option enable/disable - HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutoRun
  6. Disable Cortana in Windows 10 Searches (Only applicable for Windows 10 Home, Professional & Enterprise)
  7. Disable Windows Store (Only applicable for Windows 10 Professional & Enterprise)
  8. Screen saver activation, with password, and timeout setting
Please also find Powershell script equivalent of this program in the Github repository (file name : group_policy_win10_v2.ps1).
This Powershell script covers same features/GPO objects as the CLI EXE program in the GitHub repository, and can also be used for group policy objects changes.
License and copyright applicable.

Note :
a) This was tested in Windows 10 Professional Edition environment , and should work on Windows 10 Enterprise Edition (and WIndows 2016) as well.
b) This program will NOT work for Windows 8.1, Windows Vista, Windows 7, and Windows XP.
c) It is designed for local GPO of Windows 10 (local profile), and NOT for domain level GPO objects.
d) This CLI EXE program is designed to edit registry settings, so please run it in adiministrator mode.


I did not include a USAGE manual , as it is easy & straight forward to use.

Friday, May 10, 2019

How to disable Outlook attachment preview feature


One of the main ways malware spreads these days is via Office documents and macros. Some malware are known to utilise bugs in Adobe Flash and macros, and use Office documents to invoke those bugs and cause infection.

The attachment preview feature in Microsoft Outlook can also expose the user to malware, by unknowingly running preview of the malware Office attachment, and cause the malware infection to start.



Fortunately , the attachment preview feature can be disabled in Outlook.

I have created a simple console tool (C# EXE file) to help change this setting in registry.
I have also provided below the registry setting that needs to be changed to disable it.

Or, you can simply go to the Outlook settings to disable it:
i) In Outlook , go to File > Options > Trust Center > Trust Center Settings, and then select Attachment Handling.
ii) To turn off all attachment previewers, click Turn off Attachment Preview and click OK.


This tool helps enable / disable email attachment preview function in Microsoft Outlook.
It is useful as it can help eliminate malware execution by attachment preview of malware infected Office documents/macro via unpatched Office/Adobe Flash bugs.

Please note the following :
a) The registry script & C# tool below works on Microsoft Outlook 2016, 2013 & 2010 only. It does not work on Microsoft Outlook 365.
b) The C# tool below works on Windows 7 & Windows 10 PCs, and should be "run as administrator".
c) It requires Microsoft .NET Framework 3.5 or above.


Registry setting to disable Outlook attachment preview :

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\outlook\preferences]
"disableattachmentpreviewing"=dword:00000001

[HKEY_CURRENT_USER\Software\Policies\Microsoft\office\15.0\outlook\preferences]
"disableattachmentpreviewing"=dword:00000001

[HKEY_CURRENT_USER\Software\Policies\Microsoft\office\14.0\outlook\preferences]
"disableattachmentpreviewing"=dword:00000001



You can download the C# tool here:
File name : Outlook_disable_attachment_preview.exe
MD5 checksum value :761716ed7ab1bebb197aa5f84a0625e7


Saturday, December 3, 2016

A concern for decentralisation ... and shadow IT

I read with interest about the article "Confirmed: Cloud no longer purchased or managed just by IT" from ComputerWorld Malaysia.

It just shows a concern I have about the growth of shadow IT , and IT dept decentralisation.

When I say shadow IT, I mean that certain IT related roles & jobs (IT services , IT systems setup & deployment, data storage , etc) are being taken & done by individual departments, without IT department consultation or knowledge.

When I say decentralisation, I mean that certain departments are taking the role of running certain systems ( example : cloud based applications, online ERP system , online office productivity & collaboraiton solutions ) from the IT department , thus decentralizing IT services.

Why the concern? The concern is simple.

When other departments run IT solutions on their own, they just want to use it to get their work done. They do not look into various aspects WHICH INCLUDES :

a) Compliance to ISO27001/2/3 or Information Security management standards, and good IT management and governance (etc COBIT).
b) Evaluation (features , requirements, suitability to users , support given, emphasis on security, infrastructure requirements & feasibility)
c) Third party assessments ( IDC, Gartner, products reviews, etc )
d) Product lifecycle & upgrade cycles .
e) Comparison between various vendor offerings, and possible internal IT & cloud solutions provided by parent companies / HQ (features, deliverables, cost).
f) Return on investment of product (ROI) and fulfillment inline with company business goals.
g) Compatibility with existing IT systems (if not it will become a silo system).

..............And the list goes on.

These aspects are usually evaluated and filtered by the IT department.

If these are not evaluated, they could end up giving more cost (or risk) to the company, and not getting what you want with the money spent.

And if something goes wrong, or there was an data loss / security incident, or there is incompliance, they fall back to the IT department, who had no role in it, in the first place.

This can create additional workload for IT department, in terms of troubleshooting, compliance and compatibility integration of this new system to the current IT systems. More of often than not, business owners would want data from the new system to be integrated with existing IT systems, which may not be readily compatible. Not only that , in the case of incidents of data loss , leakage, or security breach , IT department would need to do investigations and countermeasures, which includes additional costs.

In the article, it is mentioned that "84 percent of respondents now also believe the IT department should be responsible for helping other lines of business to drive innovation and must set the strategic direction and be accountable for security".


If so, how can IT department be accountable for something they were not involved in?

The solution is simple : In driving towards innovation and business goals, it is important to have IT department on board , all the way, not half the way.


Based on the article "IT Centralization or Decentralization? - Harvard Business Review" , it mentions that "Decisions rights define who makes what decisions about IT. In allocating rights, a loose rule of thumb is that line managers should have authority over what services are delivered and IT should have authority over how the services are delivered."


Put it simply, business related departments should state what services are required , and IT will handle how it is delivered.


In the article "Following both sides of the decentralized vs. centralized IT debate - SearchDataCenter", there is some good points in the debate between a centralized & decentralized IT. Centralized IT benefits includes (i) to meet centralized compliance requirements, (ii) reduces data processing costs by server consolidation by merging systems and virtualization, (iii)  reduces hardware and software costs through bulk purchases & discounts, (iv) centralized functions and reduces redundant IT staffing, & (v) cost effective maintenance. All this can lead to faster & effective service delivery, under one authority , that is IT.


All in all, despite the growth and automation offered by cloud platform solutions , centralized IT dept is STILL the way to go in the long term.


Reference :
a. Confirmed: Cloud no longer purchased or managed just by IT - ComputerWorld Malaysia - http://www.computerworld.com.my/resource/applications/confirmed-cloud-no-longer-purchased-or-managed-just-by-it/

b. IT Centralization or Decentralization? - Harvard Business Review (July 2008) - https://hbr.org/2008/07/it-centralization-or-decentral

c. Following both sides of the decentralized vs. centralized IT debate - SearchDataCenter - http://searchdatacenter.techtarget.com/opinion/Following-both-sides-of-the-decentralized-vs-centralized-IT-debate

Sunday, November 20, 2016

The antivirus has failed ....... a survey opinion, and points on countermeasures.

I was reading in shock , concerning this article "Antivirus Fails to Stop Ransomware 100% of the Time" from InfoSecurity Magazine website.

It seems , in general IT survey opinion , that antivirus on all times, fails to contain the ransomware infection. It also states that the firewall, the anti-malware , the email filtering and security awareness also were not good at repelling ransomware.

Also worth noting is that despite the attacks, the companies involved did not alter / countermeasure much on the ongoing threat.



Points I would like to note here :

a. I have always highlighted that cybersecurity requires proactive measures, to be successful. Constant improvements & monitoring with regards to latest threats, and updated security awareness campaign to all staffs, is crucial.

b. In my field of work, I did not leave it to chance for my antivirus & email filtering solutions to stop the ransomware threat. I did some extra measures, that is typical & latest ransomware file types were manually blocked in the email filters, as well as filename patterns & keywords. This is despite the email filter scannning was able to detect the ransomware on their own, given the chance. Those extra measures provided another layer of protection and assurance from ransomware penetration.

c. Other extra measures were tightening/removing the USB drives usage, as it is also another vector for ransomware infection. Latest antivirus solutions have features to control & limit USB drives capability, to stop USB based infections.

d. Also , autorun.inf and program execution from USB drives can be disabled by either using the antivirus solution policies, or Active Directory security group policies. This can stop auto execution of any programs (legitimate & malicious), and allow time for antivirus solution to scan he USB drive and contain any threat.

e. Contants bugs and vulnerabilities patching is a must.




I strongly believe that proper expertise in fixing the gaps and flaw is necessary, as strong knowledge can really help make good countermaeasure solutions. Knee-jerk fixes does not solve the problem, and I believe that is what was done by these companies.

"Proper deployment , constant monitoring , patching and daily updates , for combination of proven firewall/IPS & email filters & antivirus solutions can certainly go a long way in putting ransomware infections to a stop."


Prevention is better than cure .......



Reference :
http://www.infosecurity-magazine.com/news/antivirus-fails-to-stop-ransomware/
https://blog.barkly.com/ransomware-attacks-bypassing-antivirus

Sunday, October 20, 2013

My Upgraded Samsung Galaxy SII

I had problems with my Samsung Galaxy SII , where any incoming or outgoing calls will have strong static sound and I cannot hear the other side.

I needed to send my SII for repairs since it is still under warranty.  I logged the case at the Samsung Malaysia website and got a call the next day to send my phone to Samsung mobile service centre at LowYat plaza 4th floor.

I sent the SII there and was repaired within 2 working days. Service was fast and friendly,  no complaints.  But I got a pleasant surprise. ...

The service centre said the issue forced them to replace the smartphone mother board with latest SII board. The latest board ran on Android Jellybean 4.1.2 !

Wow I got a hardware and OS upgrade  !

My SII is now smoother & faster, less OS RAM memory footprint and more user RAM by 100MB, and smooth UI effects . I loved it.

The camera is faster too. My SII feels like a new smartphone!

Thank you Samsung!

Sunday, July 21, 2013

TuneIn radio app for Android

I installed the TuneIn radio app for my Android Samsung Galaxy SII so I can listen to local radio stations when I am abroad.

Its such a cool app. I love it. Clear sound.
It has choices of over 70,000 radio stations worldwide and also includes podcasts. 


I have tested the radio delay , the delay between actual broadcast time and broadcast time in the app, and it is about 1 minute delay , which is not bad.

Screenshot below shows I am tuning in to a local
Malaysian radio station .

Saturday, May 25, 2013

About Htc One & Samsung Galaxy S4

I want to pour it out........ HTC One smartphone is cool and all...... It was a good competitor to Samsung Galaxy S4 . But the 4MP camera on HTC One is the only reason I am against it and prefer S4. Why HTC put in a 4MP camera ?

It should at least have 8MP or more......... Its a letdown.

Wednesday, April 24, 2013

Truecrypt HDD encryption case study

Wow..... The security from HDD encryption ensures your data is protected from prying thiefs.

The below screenshot is taken from Wikipedia search of the term 'Truecrypt'.

Wednesday, April 3, 2013

Bitmeter OS bandwidth speed measurement

I have tried using Bitmeter OS Android app to measure a Streamyx UNIFI fibre 10Mbps line. It seems to be accurate, since it is run from an Android app from my Samsung Galaxy SII.

Thursday, July 26, 2012

High internal memory usage in my Samsung Galaxy Ace...ouch!

Topic : High memory consumption of Samsung Galaxy Ace S5830


OH BOY!
I always had a problem with my Samsung Galaxy Ace phone , with it's internal storage memory to be precise (not to be confused with the device RAM).
The internal storage memory ( which is 181MB in size) is used to store app programs data and code, other than the SD card storage.
Most apps store the data in this memory area, although some apps give option to store in SD card.
The PROBLEM WAS, this memory usage keeps increasing slowly, eventhough I uninstalled some apps. Even after that , it goes more than 150MB , max 181MB !
As a result , the phone GUI response slows down. It takes several seconds just to switch screens or exit an app. One example, just to open the Messaging SMS screen , it takes 10~12 seconds !
It got into my nerves......
I had to reboot the phone just to get it back to normal , everytime !
But that would not last long, so frequent reboots became a norm.........
I had to uninstall my Whatsapp several times, as well as other favorite apps like eBuddy and Angry Bird.

I have searched the Internet for a solution, but there is was no bulls-eye solution.......
After going to through many trials and tribulations, EUREKA !
The problem was the app cache !
I went through the all the apps installed in my Galaxy Ace, I noticed that:

a. The Gmail app cache took 10MB
b. The Youtube app cache took a whopping 30MB !
c. The builtin Android browser had cache 14MB


Next thing I did? CLEAR ALL THOSE CACHE!
After all , usage reduced from 150MB+ , to around 100MB.
The phone was smooth all the way after that...... no more slow response ! Smiley



Photobucket
Memory usage at 111MB (after memory cache clearing). Previously it went above 150MB !


Photobucket
Go to "Memory Usage" section in Settings to see which apps using memory plus cache in detail....


Photobucket
Go in each app one by one and checked it's cache usage....


Photobucket
Youtube app memory usage .... previously the cache was 30MB. It emptied to zero after pressing "Clear Cache" button ! The cache uses the internal memory as storage.