April 2012 IT Business Consulting Newsletter

Kill A Virus

By Tom K

There has been LOTS of virus activity in the wild of late; much of it attributed to un-patched security holes in Adobe Reader & Java. As these apps/platforms pretty much live on every device used everywhere, they are prime targets for attack vectors.

Since I’ve seen this affecting a lot of folks (as these vulnerability viruses can sneak past your Anti-Virus protections), I'm bumping the scheduled topic to give you all a heads-up.

In this month’s newsletter I point out the dangers and show you how to prevent these viruses from infiltrating your environments.


There are many ways to spread a virus. That’s why all of you use Corporate Anti Virus protections, right? But the nasties can still get through back doors unlocked by vulnerabilities in un-patched systems and applications.

We’ve already discussed how important it is to have Corporate Anti-Virus systems in place (March 2010 – “Protect Your Company from Viruses and Malware”), and how to keep all of your systems and Microsoft applications updated automatically (June 2010 – “Centrally Manage Microsoft Updates”). Another item that needs to be addressed is keeping your non-Microsoft applications updated.

As mentioned above, since Java and Adobe products are so widely used, they are grand targets. And, since updating these products on a PC is usually the responsibility of each individual user, the chances of a virus getting through on any PC (as we HATE to rely on users) is pretty high. In my recent travels, I’ve seen way too many PCs with long ignored alerts to Click here to Update Adobe or Java (did I mention we HATE to rely on users?), so we need to fix this!

User Interaction

Advise your staff that when they see an icon in the system tray of their PC advising that an update is available for Adobe or Java they should click and update. If the message looks suspicious, they can go to the Adobe or Java sites to check for & get the update.

But, when your users are updating the software, have them use caution when accepting the updates. Adobe & Java (Sun) are both notorious for including extra software in their updates which are set as automatic opt-ins The “yes” checkboxes are checked and the user has to uncheck the box if the user doesn’t want to install the garbage Adobe and Java are being paid to dump onto your PCs.

Setting Auto Updates

You can go to each PC (or send out instructions if your staff is reasonably computer savvy) to set the software in the application (Adobe) or the Control Panel (Java) to auto-update.

To set Adobe Reader to auto-update, open Adobe Reader, go to Edit -> Preferences -> Updater and select “Automatically install updates”.

We can’t force an auto update for Java. It always requires user interaction. But we can control how often Java checks for updates. The Java settings can be found in the Java applet in Control Panel. Open the applet and select the Update tab. The "Check for Updates Automatically" box is checked by default (leave it checked). I suggest you set the “notify me” to “before installing” and hit the Advanced button to change the update frequency to Weekly.

Setting Auto Updates in Group Policy

You can use Group Policy (see my May 2011 article “Use Group Policy to Centrally Tune YOUR Business Computing Environment”) to automatically adjust the settings mentioned above, but this would entail using Group Policy to edit the Registry on all of your PCs. Registry edits should not be taken lightly and are not for the faint of heart. To make matters more complex, the Registry locations and edits differ for different versions of the software, so we don’t recommend using this tool to push down these settings without significant testing.

If you have any questions or comments concerning this article, or would like assistance working within Group Policy, I’d be happy to discuss this with you at your convenience. Feel free to contact me at TomK@TomKConsulting.com, or via my cell 443.310.5110.

Next month (See "Protect Your Admin Accounts") I’ll get back to the discussion of properly setting up Administrative access to your systems, and best practices for managing that access, as mentioned in my March 2012 article “Departing Employee? How to Process Them Gracefully and Securely”.