Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Tuesday, September 30, 2008

Troyano bancario, keylogger + captura de pantalla

Fuente Enviado por admin
27/09/2006
Descubierto un nuevo troyano bancario que combina la captura del teclado físico con una técnica optimizada para los teclados virtuales.
Está diseñado específicamente contra los usuarios de diversas entidades de Argentina, Bolivia, Brasil, Cabo Verde, España, Estados Unidos, Paraguay, Portugal, Uruguay y Venezuela.
La principal novedad de este troyano reside en la combinación de la técnica keylogger tradicional con un método de captura de pantalla optimizado para los teclados virtuales. Esta combinación le permite atacar a una gran variedad de páginas de autenticación de acceso a la banca electrónica, de manera independiente a si utilizan o no teclados virtuales.
El método que utiliza contra los teclados virtuales consiste en realizar una pequeña captura de un área de pantalla, alrededor del cursor del ratón, en el momento que el usuario hace click en la tecla virtual. Adicionalmente, y para que el atacante no tenga la menor duda, el troyano incluye en la imagen capturada una señal en color rojo que indica el punto exacto donde el usuario pinchó con el ratón.
Tanto el log del keylogger en formato texto, como los archivos de imágenes capturadas en formato JPG, son enviadas por FTP al ordenador del atacante. Una vez recibe los datos, el atacante puede hacerse pasar por la víctima y suplantar su identidad en la web de la entidad bancaria.
Este troyano, aunque también afecta a bancos de EE.UU o Portugal, entre otros países, tiene su objetivo mayoritario en entidades españolas y latinoamericanas.
Según países, el troyano se dirige a las siguientes entidades:
ARGENTINA: Banco Hipotecario, Banco de La Pampa, Banco de la Provincia de Buenos Aires, Banco Credicoop Coop. Ltdo., Banco Ciudad de Buenos Aires, Banca Nazionale del Lavoro, ABN AMRO Argentina, Banco Itaú del Buen Ayre, Banco Patagonia, Banco Macro Bansud, BankBoston, Banco RIO, Banco Comafi y Banco del Chubut.

BOLIVIA: Banco Ganadero, Banco BISA, Banco de Crédito de Bolivia, Banco Santa Cruz, Banco Solidario y Banco Central de Bolivia.

BRASIL: Caixa Econômica Federal, Banrisul, Banco do Estado de Santa Catarina, Banco Rural, Santander Banespa, Banco do Brasil, Banparanet, e-tim y CitiBank Brasil.
CABO VERDE: Banco de Cabo Verde
ESPAÑA: Banca March, Bancaja, BBVA, Fibanc, Banco de Valencia, Banesto, Banco Finantia Sofinloc, Banco Espirito Santo, Banco Cetelem, Banco Gallego, Banco Guipuzcoano, Banco Urquijo, Barclays, Banco Popular, Bankoa, Bansacar, Santander Central Hispano, Bbk, Caixa Laietana, Caja Castilla La Mancha, Caja de Extremadura, Caja Granada, Caixa Girona y Caja Murcia.
ESTADOS UNIDOS: Bank of America y Citibank.
PARAGUAY: Interbanco, Banco Amambay, Banco Continental SAECA, Banco Regional, Banco Sudameris, Abogacía del Tesoro y BBVA.
PORTUGAL: Banco de Portugal, Millennium bcp, Banif - Banco Internacional do Funchal, BBVA Portugal, Banco Finantia, Barclays Bank, CitiBank Portugal y Banco Invest.
URUGUAY: BBVA, Nuevo Banco Comercial, Banco Surinvest, BankBoston y CitiBank.
VENEZUELA: Banco Mercantil y Banco Banesco.

Más información del troyano

Winsock -Layered Service Provider (LSP)

Fuente

Hay Anti-spyware que rompe, borra o modifica el Winsock por Layered Service Provider (LSP), lo que origina que no se pueda conectar a Internet, el programa en si no tiene muchas opciones pero vamos a detallar un poco como funciona.
LSP-fix leerá la lista de módulos LSP desde el registro de Windows y verificará que cada módulo esté presente. Si falta  o no encuentra un módulo, es colocado en la lista "Remove" para removerlo del registro de windows.
Los usuarios que no tengan experiencia deberian dejar todo como esta, pero los usuarios con conocimientos podran modificar que modulos remover y cuales no activado la casilla de "I know what I'm doing". REPITO ESTA OPCION ES PARA USUARIOS AVANZADOS, si no sabes lo que haces no lo actives, puedes inutilizar más aún el sistema.

A continuacion pulsa en el boton "Finish",conseguiendo que las entradas no deseadas sean eliminadas, y las entradas restantes serán reenumeradas para hacerlas consecutivas.
El total de módulos contados es actualizado.
Al final el LSP-Fix nos mostrada un detalle de los cambios que hemos realizado.
Para que los cambios surgan efecto debera reiniciar la maquina.

IMPORTANTE
Antes de utilizar el programa es recomendable que haga una copia de seguridad del registro.
1. Haga clic en Inicio y, a continuación, en Ejecutar.
2. En el cuadro Abrir, escriba regedit y, después, haga clic en Aceptar.
3. Localice y, después, haga clic en la subclave que contiene los valores que desea modificar.
4. En el menú Archivo, haga clic en Exportar.
5. En el cuadro Guardar en, seleccione una ubicación donde desea guardar el archivo Entradas de registro (.reg), escriba un nombre de archivo en el cuadro Nombre de archivo y, a continuación, haga clic en Guardar. 

Descargar LSP-Fix

Eli -minadores SATINFO.es

Utilidades Satinfo
 ELIFRAME.EXE 1.1
    UTILIDAD ESPECIFICA PARA LIMPIAR IFRAME HTM L DEL FINAL DE LOS FICHEROS .GIF Y .JPG INFECTADOS POR POP-UP UNDER ---v1.0--- [sigue]
 ELIGEDZA 1.6
    Utilidad para combatir virus de Gedzac Labs, especialmente el CAZDEG que presenta en pantalla un mensaje de no ser virus... [sigue]
 ELISERV.EXE 1.0
    Utilidad para eliminar clave de servicios O23 cuando, tras eliminar fichero correspondiente, no se deja eliminar con FIX CHEC [sigue]
 Mcafee Rootkit Detective 1.1
    UTILIDAD DE DETECCION DE ROOTKITS Tras descargarla en una carpeta y ejecutarla desde allí, postearnos el contenido del fiche [sigue]
 ELIPEN.EXE 1.08
    UTILIDAD PARA PROTEGER CONTRA PROPAGACION DE VIRUS DE PENDRIVE A TRAVES DE DICHAS UNIDADES  Ante la progresion de estos viru [sigue]
 ELISHELL.EXE 1.0
    ELISHELL.EXE ---v1.0---(17 de Julio del 2007)   Comprueba el valor "Shell" de la Clave "HKLM Software Micr [sigue]
 ELILESLI.EXE 1.1
    Utilidad ELILESLI.EXE para eliminar virus LESLIE (alias ELILES, ITZAR, ELPERFECTO) que llega como MSN.EXE y modifica el TASKM [sigue]
 ELINUJA.EXE 1.1
    VIRUS NUJAMA alias SPYBOT HISTORIAL del EliNujama Este virus llamado por algunos SPYBOT, nombre que se presta a confusion [sigue]
 ELIMALUS.EXE 1.00
    ELIMALUS: ELIMINA MALWARE EN USER.INIT UTILIDAD PARA NUEVO MALWARE QUE SE LANZA DESDE EL USER.INIT De bastante dificultad de [sigue]
 ELISTRAT.EXE 3.9
    ELISTRAT.EXE Utilidad para detecccion y eliminacion virus W32/STRATION @ MM Virus polimorfico que se propaga por e.mail anexa [sigue]
 ELRSTRUI.EXE 1.0
     ERSTRUI.EXE     "Utillida para acceso a la utilidad de Windows para restaurar un punto de registro de sistema  [sigue]
 FIXMS615.EXE 1.0
      Tras los problemas ocasionados con el parche MS06-015, como comentamos en Microsoft alerta de problemas con HP despue [sigue]
 ELIKLEZ.EXE 1.7
    PARA ELIMINACION DEL VIRUS KLEZ SEGUN INDICACIONES: 1.- Bajar el ELIKLEZ.EXE al directorio raiz de C:2.- Desconectar las maq [sigue]
 ELIFEEBA.EXE 1.6
   
Descargas > Utilidades SATINFO
ELIFEEBA.EXE 1.4Enviado por msc ho [sigue]
 ELIBACTA.EXE 1.2
    utilidad para eliminar el virus de P2P W32/BACTERA ---v1.0---( 5 de Marzo del 2006) (para el W32/Bactera.worm!p2p de McAfee [sigue]
 ELIAUTO.EXE 1.0
    UTILIDAD EXPERIMENTAL ELIAUTO.EXE Para eliminacion de claves de servicios en XP y W2000 que esten instaladas pero no tengan [sigue]
 ELIMYWIF.EXE 1.1
   Para la familia MYWIFE, especialmente para el MYWIFE.D, dados los múltiples nombres con que es detectado segun cada antivirus, [sigue]
 ANTIWMF.EXE 1.0
    Eliminador/Restaurador de clave de registro, inicialmente para Windows XP, para evitat con ello la vulnerabilidad del EXPLOIT [sigue]
 ELINOTIF.DLL 9.15
    DLL COMPLEMENTARIA AL ELISTARA ---v1.5.12.19---(19 de Diciembre del 2005) (Para el VUNDO)---v1.5.12.27---(27 de Diciembre de [sigue]
 SPROCESS.EXE 3.1
    Utilidad de investigación para visualizar procesos y módulos utilizados por los mismos. CREA LOG DE SALIDA EN C:SPROCLOG.TXT [sigue]

EliLesli

Utilidad ELILESLI para eliminar virus LESLIE (alias ELILES, ITZAR, ELPERFECTO) que llega como MSN.EXE y modifica el TASKMGR.EXE firmandolo al final con el nombre LESLIE y añadiendose al principio el codigo virico, pasando a tener mas de 200 KB.

Crea en la carpeta principal una copia del gusano como C: EL_69.EXE
Además modifica claves del registro que impiden editar el REGEDIT, acceder al TASKMANAGER, ejecutar ficheros desde Inicio->Ejecutar, acceder a MIPC, y cambia el nombre del usuario y organizacion por LESLIE y ELILES, todo lo cual es eliminado por nuestra utilidad

---v1.1---(17 de Septiembre del 2007) (Anulada la Eliminación de "%WinSys%CatRoot2TMP.EDB")

CONDICIONES DE LAS DESCARGAS de UTILIDADES de SATINFO
ESTAS UTILIDADES NO PUEDEN SER OFRECIDAS POR CUALQUIER OTRO MEDIO NI POR NINGUNA OTRA WEB SIN EL CONTRATO POR ESCRITO DE SATINFO AL RESPECTO. EN ESTA WEB SE OFRECEN EN CONCEPTO DE EVALUACION EN EL FORO DE ZONAVIRUS, SIENDO COMO SON, NO COMO PUDIERA PENSARSE QUE DEBERIAN SER, O DESEARSE QUE FUERAN, QUEDANDO ZONAVIRUS.com Y SATINFO, AL IGUAL QUE LOS QUE LAS SUGIRIERAN USAR EN EL FORO de ZONAVIRUS.com, EXIMIDOS DE CUALQUIER RESPONSABILIDAD POR LOS PERJUICIOS QUE PUDIERAN OCASIONAR, Y EN CUALQUIER CASO ES RESPONSABILIDAD DEL USUARIO EL PROBARLAS, SIENDO NECESARIO CONTRATAR CON SATINFO LA LICENCIA DE USO DE LAS MISMAS, PARA SU USO FUERA DE ZONAVIRUS.com

Descargar EliLesli

EliStarA

Satinfo.es
Zonavirus.com

Lista parcial de Malware que elimina.

---
---v16.90-(
8 de Septiembre del 2008) (Muestras de Trojan.Agent.ABUE
"SERVICEPANEL.EXE", Trojan.Agent.ZRE "SVRSE.EXE" y Añadida la Extension
.ZIP a la Exploración de Ficheros)
---v16.91-( 9 de
Septiembre del 2008) (Muestras de (4)PWS-OnLineGames.CKVO, CrackAVNOD
"CRAK.EXE", AdWare.Agent.BN o Vapsup "VANWXEMGNFW.DLL",
Morphine(notify) "__C00B400C.DAT", AutoRun(Recycle) "SERVICE.EXE" y
(2)Exploit.Java.Gimsh.A  "VMAIN y BAAAABAA.CLASS")
---v16.92-(10
de Septiembre del 2008) (Muestras de (3)PWS-OnLineGames.AMVO,
FakeAlert(braviax) "BRAVIAX.EXE", Blackster.B "LPHC*.EXE",
Malware.Cpl32ver, PWS.Y "RUNMGR.EXE", DownLoader.Cutwail "UKBAUB.DLL",
Trojan.Agent.ABUE "SYSPREP.EXE", Spy.Goldun.AXA "MSSQLDB.DLL" y
Trojan.FraudPack "TI87612.EXE")
---v16.93-(12 de
Septiembre del 2008) (Muestras de Dropper(ConHook) "FND0.EXE",
BackDoor.CVT "WIN***32.DLL", AutoRun(Recycle) "SERVICE.EXE",
Trojan.Agent.ABUE "SYMBOOTER.EXE", Trojan.Mondera "TKKYGH.EXE",
Boaxxe(BHO) "CLUSAP.DLL", Trojan.FraudPack "AV2009.EXE" y
Exploit.Wmfap.A "DJIK.EXE")
---v16.94-(12 de Septiembre
del 2008) Versión de emergencia mejorando la anterior en lo que
respecta al DownLoader.Cutwail, incluyendo últimas novedades.
---v16.95-(15
de Septiembre del 2008) (Muestras de (6)PWS-OnLineGames.CKVO,
(3)PWS-OnLineGames.KAVO, (2)Blackster.B "LPHC*.EXE y BLPHC*.EXE",
Malware.Cpl32ver, AutoRun.LWX "WUAUCLT.EXE", Trojan.Agent.BUI
"ADMXPROX32.DLL", Trojan.Agent.ABUE "SYMCFGSRV.EXE", AntiVirus2009
"SCUI.CPL", Trojan.Agent.FPP "NORTON.EXE", Excluido "WinLogonNotify
HBLOGON" y Mejoras para el DownLoader.Cutwail)
---v16.96-(16
de Septiembre del 2008) (Muestras de DownLoader.ConHook,
FakeAlert(braviax) "BRAVIAX.EXE", DownLoader.Cutwail "LUGQGRJK.DLL",
(2)CrawlerToolbar "CTBR.EXE", WinAntispyware2008(dldr) "WINIVSTR.EXE",
RiskTool.PrcView "PROCESS.EXE" y Añadida la Eliminación de los ficheros
"OEMBIOS.EXE y .DLL")
---v16.97-(16 de Septiembre del
2008) (Muestras de (11)PWS-OnLineGames.CKVO, Blackster.B "LPHC*.EXE",
Obfuscated.GX "BALYBELQ.EXE" y (2)Fakealert.Renos.AY "VIDEO1109.CFG.EXE
y MSXML71.DLL")
---v16.98-(17 de Septiembre del 2008)
(Muestras de DownLoader.ConHook, Blackster.B "LPHC*.EXE",
(2)DownLoader.Small.ACES "SVCHOST.EXE", DownLoader.Cutwail
"WINCTRL32.DLL", (2)Trojan.Agent.ABUE "SYMLNSVC y SYMLSMD.EXE",
Spy.Zbot.OemBios "OEMBIOS.EXE" y Fakealert.Renos.AY "MSXML71.DLL")
---v16.99-(18
de Septiembre del 2008) (Muestras de (3)PWS-OnLineGames.AMVO,
(6)PWS-OnLineGames.CKVO, (4)PWS-OnLineGames.KXVO, (2)Blackster.B
"LPHC*.EXE y BLPHC*.EXE", FraudTool.XPAntivirus08(dldr) "RHC*.EXE",
AutoRun.LWX "WUAUCLT.EXE", JuanSearch "NDKJJC.DLL", (2)AutoRun(Recycle)
"SYSTEM y LALALAX.EXE" y DownLoader.BShooterEgypt "BRICKSHOOTER.EXE")
---v17.00-(19
de Septiembre del 2008) (Muestras de (4)PWS-OnLineGames.AMVO,
(18)PWS-OnLineGames.CKVO, (2)PWS-OnLineGames.KAVO y DownLoader.Cutwail
"OHHTOGO.DLL")
---v17.01-(22 de Septiembre del 2008)
(Muestras de Vundo9, (6)Vundo5, (2)DownLoader.ConHook,
(3)PWS-OnLineGames.CKVO, Blackster.B "LPHC*.EXE",
FraudTool.XPAntivirus08(dldr) "RHC*.EXE", (2)JuanSearch,
AutoRun(Recycle) "EMACS.EXE", MyWebSearch "NPMYWEBS.DLL",
InvisibleKeyLogger.R "ZIPDLL.DLL", VunDrop "MSPDTC.DLL",
Trojan.Agent.AEAW "DSD.EXE" y Corregida Falsa Detección con MZVKDB.DLL
de Kaspersky)
---v17.02-(23 de Septiembre del 2008)
(Muestras de Vundo5, (2)DownLoader.ConHook, (2)PWS-OnLineGames.CKVO,
Blackster.B "LPHC*.EXE", Trojan.Agent.ABUE "SYMCLIENT.EXE")
---v17.03-(23
de Septiembre del 2008) (Muestras de (3)PWS-OnLineGames.AMVO y
AutoRun.NZ "SSDPDISCOVV.EXE", FraudTool.XPAntivirus08(dldr) "RHC*.EXE"
y YahLover "LOCALE.EXE")

---v17.04-(25 de Septiembre del
2008) (Muestras de (2)Vundo5, (2)Blackster.B "LPHC*.EXE",
DownLoader.Small.UYL "CFTMON.EXE", DownLoader.Small.ACES "SVCHOST.EXE",
Malware.Cpl32ver, AutoRun.LWX "WUAUCLT.EXE", Sfkeylogger "KLG.EXE" y
Malware.Heuric "VIRUS W32.HEURIC.EXE")
---v17.05-(26 de
Septiembre del 2008) (Muestras de PWS-OnLineGames.CKVO,
FraudTool.XPAntivirus08(dldr) "RHC*.EXE", AdWare.BHO.CRZ(dropper)
"UOYZSYDZ.EXE", Kobcka "RS32NET.EXE" y Dropper.SID "AUTORUNME.EXE")
---v17.06-(26
de Septiembre del 2008) (Muestras de NaviPromo, (4)FakeAlert.YUR
"YUR*.EXE", (4)AdWare.Agent.BN o Vapsup y (2)ZangoSA "JOLIN.DLL y
ALOJA.EXE")
---v17.07-(29 de Septiembre del 2008)
(Muestras de NaviPromo, Blackster.B "LPHC*.EXE", AdWare.Agent.BN o
Vapsup, AntiVirus2009 "AV2009.EXE", Fakealert.Renos.AY "MSXML71.DLL",
DownLoader.Agent.AHQZ "SYSTEMINIT.EXE", FraudPack.ADA
"IEEXPLORER32.EXE", Obfuscator.BE "WINSRC.DLL" y (2)DownLoader.Renos.DU
"C-SETUP.EXE y GPATBS.DLL")
---v17.08-(30 de Septiembre
del 2008) (Muestras de Vundo9, Vundo5, (3)PWS-OnLineGames.AMVO,
Blackster.B "LPHC*.EXE", JuanSearch, DownLoader.Small.ACES
"SVCHOST.EXE", AutoRun(Recycle) "GRINDER.EXE", MediaBack.G "ROOT.DLL",
Dialer-RAS "SCDATA.DLL", (6)Malware.TDSS, Rootkit.EIG "HUADIO.TMP" y
Malware.PRScheduler)

CONDICIONES DE LAS DESCARGAS de UTILIDADES de SATINFO
ESTAS UTILIDADES NO PUEDEN SER OFRECIDAS POR CUALQUIER OTRO MEDIO NI POR NINGUNA OTRA WEB SIN EL CONTRATO POR ESCRITO DE SATINFO AL RESPECTO. EN ESTA WEB SE OFRECEN EN CONCEPTO DE EVALUACION EN EL FORO DE ZONAVIRUS, SIENDO COMO SON, NO COMO PUDIERA PENSARSE QUE DEBERIAN SER, O DESEARSE QUE FUERAN, QUEDANDO ZONAVIRUS.com Y SATINFO, AL IGUAL QUE LOS QUE LAS SUGIRIERAN USAR EN EL FORO de ZONAVIRUS.com, EXIMIDOS DE CUALQUIER RESPONSABILIDAD POR LOS PERJUICIOS QUE PUDIERAN OCASIONAR, Y EN CUALQUIER CASO ES RESPONSABILIDAD DEL USUARIO EL PROBARLAS, SIENDO NECESARIO CONTRATAR CON SATINFO LA LICENCIA DE USO DE LAS MISMAS, PARA SU USO FUERA DE ZONAVIRUS.com

Descargar EliStarA  Tamaño: 409,01 Kb.

Defragmenters

Source
Click image for larger version  Name: ud.JPG Views: 8 Size: 289.5 KB ID: 203154

Unlike Linux file systems, NTFS gets fragmented over time and use.
To develope a decent file system that doesn't need defragging is something
that should definitely be sorted out. Its definitely Microsoft's fault... no
doubt.
Larger and faster drives have minimized the impact of fragmentation.
The Windows file system tends to fragment files all on its own to a
small degree, but fragmentation starts for real when the drive starts
to get full—as in over 70%
.
As the drive fills up, the larger areas of
free space become scarce and the file system has no choice but to
splatter large files around the disk.
As the drive gets really full
(over 90%), the file system then starts to fragment the MFT and the
Pagefile
.
Now you've got a full drive, with lots of fragmented files,
making the job of the defragmenter nearly impossible because it also
needs space to do its job.
A drive more than 80%
full is fast not defragmentable. You can see that effect with huge hard disk
drives, since they generally use smaller percentages of the drive's
total free space. A side-effect is that the overall fragmentation is
reduced, and the fact that these drives have faster seek times makes
the effect even less noticeable.


Special comparison:

I have 3 partitions, system C, data D & E on a single HDD on this
PC. Uncompressed, unshadowed, just the plain old NTFS. The partitions
were never defragged in a life of HD (1,5 years). Here's the
"Fragmentation Analysis" results from a couple of popular defraggers
(latest versions of course) - C, D and E respectively -
  1. SmartDefrag - 55%, 42%, 44%
  2. PerfectDisk - 4%, 5.5%, 7%
  3. Diskeeper - 32%, 14%, 78%

Defraggers:
Puran, PerfectDisk, SmartDefrag, O&O, JKDefrag, UltimateDefrag, Diskkeeper, Defraggler
Best combination?: Puran+UltimateDefrag
Maybe: O&O and JKDEFRAG
My defragger: Defraggler

Smart Placement orders the files from the oldest created/modified to
the newest. It does not take in account the last access date.

This means that on the faster tracks will be placed those files that
are almost never modified and in the slower tracks will be placed your
newly created files and those that are modified more frequently.

With PD you do not gain speed at your most often tasks on the contrary you loose it.

PD defragmentation method is great for servers but is almost useless on a common use modern system.


On the other hand Puran Defrag and Smart Defrag will speed your drive,
since they place 1st the directories, 2nd the last accessed files, 3rd
a small free space
(1-2gb) which will be used for the temp files and
the more frequently modified files, 4th every other file and 5th a
large free space chunk
.


O&O gives detailed advice on what strategy to use. The choices are far more
than what other defraggers offer and when done right, O&O excels in
terms of performance. German Software, was soll denn!

Minimalistic solution:
Use Contig together with the Power Defragmenter GUI for Contig. Plus Pagedefrag when necessary. Also wipe free space with Blowfish Advanced.
Contig 1.54
Power Defragmenter GUI for Contig
Pagedefrag

Freeware for modifying the attributes of
files and directories:


Attribute Changer 6.0a


SetFileDate 2.0


The safest browser in Windows

"Browsers are as good as their users"

The browser is only as safe as the user who use adecuately all the possible security mechanismus of the browser!

Firefox can be very unsafe if someone (who doesnt know anything) does not configure it.


Opera performed better when tried/tested by visiting the "Darkest side of the Net":
i.e. heavily infected Russian, Chinese, XXX sites, etc.
And the rest of browsers: Crashed or frozen.
Special security add-ons as NoScript, AdBlock/Plus, etc. make Firefox the safest browser.
Under Linux and other GNU/Unix variants (all BSDs or perhaps OSX) and their browsers you can explore the web without the typical viral problems of the MS world!

SmitFraudFix

SmitFraudFix v2.xxx (WinXP, Win2K)

This tool removes Desktop Hijack malware:
Advanced Antivirus, AdwarePunisher, AdwareSheriff, AlphaCleaner, AntiSpyCheck, AntiSpyware Expert, Antispyware Soldier, AntiVermeans, AntiVermins, AntiVerminser, AntiVirGear, Antivirus 2009, AntiVirus Lab 2009, Antivirus Master, Antivirus XP 2008, AntivirusGolden, AVGold, Awola, BraveSentry, IE Defender, Internet Antivirus, MalwareCrush, MalwareWipe, MalwareWiped, MalwaresWipeds, MalwareWipePro, MalwareWiper, Micro Antivirus 2009, MS Antivirus, PestCapture, PestTrap, Power Antivirus, Power-Antivirus-2009, PSGuard, quicknavigate.com, Registry Cleaner, Security iGuard, Smart Antivirus 2009, Smitfraud, SpyAxe, SpyCrush, SpyDown, SpyFalcon, SpyGuard, SpyHeal, SpyHeals, SpyLocked, SpyMarshal, SpySheriff, SpySoldier, Spyware Vanisher, Spyware Soft Stop, SpywareLocked, SpywareQuake, SpywareKnight, SpywareRemover, SpywareSheriff, SpywareStrike, Startsearches.net, System Antivirus 2008, TheSpyBot, TitanShield Antispyware, Total Secure 2009, Trust Cleaner, Ultimate Antivirus 2008, UpdateSearches.com, Virtual Maid, Virus Heat, Virus Protect, Virus Protect Pro, VirusBlast, VirusBurst, VirusRay, VirusResponse Lab 2009, Win32.puper, WinHound, Vista Antivirus 2008, XP Security Center, XPert Antivirus, Brain Codec, ChristmasPorn, DirectAccess, DirectVideo, EliteCodec, eMedia Codec, EZVideo, FreeVideo, Gold Codec, HQ Codec, iCodecPack, IECodec, iMediaCodec, Image ActiveX Object, Image Add-on, IntCodec, iVideoCodec, JPEG Encoder, Key Generator, LookForPorn, Media-Codec, MediaCodec, MMediaCodec, MovieCommander, MPCODEC, My Pass Generator, NetProject, Online Image Add-on, Online Video Add-on, PCODEC, Perfect Codec, PowerCodec, PornPass Manager, PornMag Pass, PrivateVideo, QualityCodec, Silver Codec, SearchPorn, SiteEntry, SiteTicket, SoftCodec, strCodec, Super Codec, TrueCodec, VideoAccess, VideoBox, VidCodecs, Video Access ActiveX Object, Video ActiveX Object, Video Add-on, VideoCompressionCodec, VideoKeyCodec, VideosCodec, WinAntiSpyPro, WinMediaCodec, X Password Generator, X Password Manager, ZipCodec...

Download: Use:
  • Search:
    • Double-click SmitfraudFix.exe
    • Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt


  • Clean:
    • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    • Double-click SmitfraudFix.exe
    • Select 2 and hit Enter to delete infect files.
    • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt


  • Optional:
    • To restore Trusted and Restricted site zone, select 3 and hit Enter.
    • You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.

Note:
    process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Ewido | AVG anti-spyware

How to remove Ewido anti-spyware







Did you use the ewido or AVG Anti-Spyware Software in the past?

For the case you used the ewido Software, please check in your program
files folder for the ewido installation folder.
Default path is
(Example here for english Version of Windows):

C:\program files\ewido anti-spyware 4.0

older ewido Versions have other Installations folders, e.g:

C:\program files\ewido anti-malware

For the case you used AVG Anti-Spyware, then please locate the
installation folder of AVG Anti-Spyware in your program files folder:

C:\program files\Grisoft\AVG Anti-Spyware 7.5

and then run there the uninstall.exe file to start the uninstallation
of the Software, if you deleted manually the Folders and files, but you
still get Errors during the Installation of AVG 8, please follow there
steps:

If you want to uninstall the ewido Software:

- Download the Setup for the ewido Anti-Spyware Version 4 from this website:

http://filehippo.com/download_avg_antispyware/1331/

- Run the downloaded installer and install the ewido Software on your System

- Restart Windows.

- After the restart and if there are any open ewido Windows or System Tray Icons, please close them.

- Now locate the installation folder of the ewido Software in your
program files folder (C:\program files\ewido anti-spyware) and run the
uninstall.exe file to start the uninstallation process.

- Now restart Windows again.

---------------------------------------------------------

If you want to uninstall the AVG Anti-Spyware Software:

The same steps, but instead of downloading and installing the ewido
Software, you have to download and install the AVG Anti-Spyware
Software from an other URL:

http://filehippo.com/download_avg_antispyware/

Residential gateway

This article is about the types of network routers and modems found in many homes, known colloquially as "residential gateways".

There are multiple devices that have been described as "residential
gateways," each with a quite different function. Each type of device
allows the connection of a LAN (used in the home) to a WAN (wide area network).
The WAN can be the "Internet" or can merely be a larger LAN of which
the home is a part (such as a municipal WAN that provides connectivity
to the residences within the municipality).




The term "residential gateway" was originally used to distinguish
the inexpensive networking devices designated for use in the home from
similar devices used in corporate LAN environments (which generally
offered a greater array of capabilities). In recent years, however, the
less expensive "residential gateways" have gained many of the
capabilities of corporate gateways and the distinctions are fewer. Many
home LANs now are able to provide most of the functions of small
corporate LANs.
Therefore the term "residential gateway" is becoming obsolete and
merely implies a less expensive, lower capability networking device.
Multiple devices have been described as "residential gateways":


Types
A
router provides:



Most routers are self-contained components, using internally-stored
firmware. They are generally OS-independent (i.e. can be used with any operating system).
________________________________________



  • Wireless routers
    perform the same functions as a router, but also allows connectivity
    for wireless devices with the LAN, or between the wireless router and
    another wireless router. (The wireless router-wireless router
    connection can be within the LAN or can be between the LAN and a WAN).
  • A modem (or ADSL modem)
    provides none of the functions of a router. It merely allows digital
    Ethernet data traffic to be modulated into analogue information
    suitable for transmission across telephone lines, cable wires, optical
    fibers, or wireless radio frequencies. On the receiving end is another
    modem that re-converts the transmission format back into digital data
    packets.
  • This allows network bridging using telephone, cable, optical, and
    radio connection methods. The modem also provides handshake protocols,
    so that the devices on each end of the connection are able to recognize
    each other. However, a modem generally provides few other network
    functions.


  • A USB
    modem plugs into a single PC and allow connection of that single PC to
    a WAN. If properly configured, the PC can also function as the router
    for a home LAN.
  • An internal modem can be installed on a single PC (e.g. on a PCI card), also allowing that single PC to connect to a WAN. Again, the PC can be configured to function as a router for a home LAN.


  • A wireless access point
    can function in a similar fashion to a modem. It can allow a direct
    connection from a home LAN to a WAN, if a wireless router or access
    point is present on the WAN as well.

Super Ubuntu

Super Ubuntu, one of my latest "inventions"!Source
Super Ubuntu is an operating system based on Ubuntu. Its main goal is to provide an ‘Out of the Box’ experience, containing various enhancements over Ubuntu. It is made with remastersys

Features

SOHO connectivity devices

Small Office Home Office (SOHO)
Main article: Residential gateway
Residential gateways (often called routers) are frequently used in homes to connect to a broadband service, such as IP over cable or DSL. A home router may allow connectivity to an enterprise via a secure Virtual Private Network.
While functionally similar to routers, residential gateways use port address translation in addition to routing. Instead of connecting local computers to the remote network directly, a residential gateway makes multiple local computers appear to be a single computer.

A wireless router is a network device that performs the functions of a router but also includes the functions of a wireless access point. It is commonly used to allow access to the Internet or a computer network without the need for a cabled connection. It can function in a wired LAN (local area network), a wireless only LAN, or a mixed wired/wireless network. Most current wireless routers have the following characteristics:
  • LAN ports, which function in the same manner as the ports of a network switch
  • A WAN port, to connect to a wider area network. The routing functions are filtered using this port. If it is not used, many functions of the router will be bypassed.
  • Wireless antennae. These allow connections from other wireless devices (NICs (network interface cards), wireless repeaters, wireless access points, and wireless bridges, for example).
Wireless routers have become popular in recent years because they allow you to connect to a network from anywhere in your home or office, and you don't have to worry about the large mess of cables and wires which are associated with traditional wired networks. In addition to this, many wired networks require holes to be drilled in walls so the network can be transferred from one floor or room to another, an expensive and time consuming process.
A wireless network bypasses these issues entirely. For many people, a wireless network is the only way they can route their internet connection from one location to another. A wireless network is excellent for situations where you wish to use your laptop in any location of your home, whether it is the kitchen or the bathroom.The wireless router can be thought of as the very heart of the wireless network, and it unctions in the same manner as a cordless phone base station. What most people refer to as being a wireless router is actually a device that has dual functions, which includes the access point, and the router itself.
The access point will be responsible for connecting the computers in the facility to one another, and it will then connect all of these to the Internet. An office which is substantially large in size may have access points or routers which are stored in distinct boxes to obtain a larger range via the network. However, these are more expensive than the typical wireless router, because they have a much larger range.

WAP functions

The wireless functions operate as a separate nested "mini-LAN" within the router. The devices that connect wirelessly use the wireless router as their hub, and the wireless router presents that "mini-LAN" as a single device to the rest of the LAN. This mini-LAN has the same features as discrete WAPs have.
Wireless routers, access points, and bridges are available that utilize each of the commonly used wireless frequencies (used in the Wireless-B, Wireless-A (and -G), and Wireless-N standards). The frequency bands for these wireless standards can be used license-free in most countries.
Wireless routers can work with devices in a point-to-point mode, but more commonly functions in a point to multipoint mode.
Wireless devices used that communicate with the wireless router must be set to the same service set identifier (SSID) and radio channel.

Firewalls: History, types and technique

Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity. The predecessors to firewalls for network security were the routers used in the late 1980s to separate networks from one another. The view of the Internet as a relatively small community of compatible users who valued openness for sharing and collaboration was ended by a number of major internet security breaches, which occurred in the late 1980s:

We are currently under attack from an Internet VIRUS! It has hit Berkeley, UC San Diego, Lawrence Livermore, Stanford, and NASA Ames.
  • The Morris Worm spread itself through multiple vulnerabilities in the machines of the time. Although it was not malicious in intent, the Morris Worm was the first large scale attack on Internet security; the online community was neither expecting an attack nor prepared to deal with one.

First generation - packet filters
The first paper published on firewall technology was in 1988, when engineers from
Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls. This fairly basic system was the first generation of what would become a highly evolved and technical internet security feature. At AT&T Bell Labs, Bill Cheswick and Steve Bellovin were continuing their research in packet filtering and developed a working model for their own company based upon their original first generation architecture.
Packet filters act by inspecting the "packets" which represent the basic unit of data transfer between computers on the Internet. If a packet matches the packet filter's set of rules, the packet filter will drop (silently discard) the packet, or reject it (discard it, and send "error responses" to the source).
This type of packet filtering pays no attention to whether a packet is part of an existing stream of traffic (it stores no information on connection "state"). Instead, it filters each packet based only on information contained in the packet itself (most commonly using a combination of the packet's source and destination address, its protocol, and, for TCP and UDP traffic, the port number).
TCP and UDP protocols comprise most communication over the Internet, and because TCP and UDP traffic by convention uses well known ports for particular types of traffic, a "stateless" packet filter can distinguish between, and thus control, those types of traffic (such as web browsing, remote printing, email transmission, file transfer), unless the machines on each side of the packet filter are both using the same non-standard ports.

Second generation - "stateful" filters
Main article:
stateful firewall
From 1989-1990 three colleagues from AT&T Bell Laboratories, Dave Presetto, Janardan Sharma, and Kshitij Nigam developed the second generation of firewalls, calling them circuit level firewalls.
Second Generation firewalls in addition regard placement of each individual packet within the packet series. This technology is generally referred to as a stateful firewall as it maintains records of all connections passing through the firewall and is able to determine whether a packet is either the start of a new connection, a part of an existing connection, or is an invalid packet. Though there is still a set of static rules in such a firewall, the state of a connection can in itself be one of the criteria which trigger specific rules.
This type of firewall can help prevent attacks which exploit existing connections, or certain Denial-of-service attacks.

Third generation - application layer
Main article:
application layer firewall
Publications by Gene Spafford of Purdue University, Bill Cheswick at AT&T Laboratories, and Marcus Ranum described a third generation firewall known as an application layer firewall, also known as a proxy-based firewall. Marcus Ranum's work on the technology spearheaded the creation of the first commercial product. The product was released by DEC who named it the DEC SEAL product. DEC’s first major sale was on June 13, 1991 to a chemical company based on the East Coast of the USA.
The key benefit of application layer filtering is that it can "understand" certain applications and protocols (such as File Transfer Protocol, DNS, or web browsing), and it can detect whether an unwanted protocol is being sneaked through on a non-standard port or whether a protocol is being abused in a known harmful way.

Subsequent developments
In 1992, Bob Braden and Annette DeSchon at the
University of Southern California (USC) were refining the concept of a firewall. The product known as "Visas" was the first system to have a visual integration interface with colours and icons, which could be easily implemented to and accessed on a computer operating system such as Microsoft's Windows or Apple's MacOS. In 1994 an Israeli company called Check Point Software Technologies built this into readily available software known as FireWall-1.
The existing deep packet inspection functionality of modern firewalls can be shared by Intrusion-prevention systems (IPS).
Currently, the Middlebox Communication Working Group of the Internet Engineering Task Force (IETF) is working on standardizing protocols for managing firewalls and other middleboxes.

Network layer and packet filters
Network layer firewalls, also called packet filters, operate at a relatively low level of the
TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set. The firewall administrator may define the rules; or default rules may apply. The term "packet filter" originated in the context of BSD operating systems.
Network layer firewalls generally fall into two sub-categories, stateful and stateless. Stateful firewalls maintain context about active sessions, and use that "state information" to speed packet processing. Any existing network connection can be described by several properties, including source and destination IP address, UDP or TCP ports, and the current stage of the connection's lifetime (including session initiation, handshaking, data transfer, or completion connection). If a packet does not match an existing connection, it will be evaluated according to the ruleset for new connections. If a packet matches an existing connection based on comparison with the firewall's state table, it will be allowed to pass without further processing.
Stateless firewalls require less memory, and can be faster for simple filters that require less time to filter than to look up a session. They may also be necessary for filtering stateless network protocols that have no concept of a session. However, they cannot make more complex decisions based on what stage communications between hosts have reached.
Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, netblock of originator, domain name of the source, and many other attributes.
Commonly used packet filters on various versions of Unix are ipf (various), ipfw (FreeBSD/Mac OS X), pf (OpenBSD, and all other BSDs), iptables/ipchains (Linux).

Application-layer
Main article:
Application layer firewall
Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgement to the sender). In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines.
On inspecting all packets for improper content, firewalls can restrict or prevent outright the spread of networked computer worms and trojans. In practice, however, this becomes so complex and so difficult to attempt (given the variety of applications and the diversity of content each may allow in its packet traffic) that comprehensive firewall design does not generally attempt this approach.
The XML firewall exemplifies a more recent kind of application-layer firewall.

Proxies
Main article:
Proxy server
A proxy device (running either on dedicated hardware or as software on a general-purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, whilst blocking other packets.
Proxies make tampering with an internal system from the external network more difficult and misuse of one internal system would not necessarily cause a security breach exploitable from outside the firewall (as long as the application proxy remains intact and properly configured). Conversely, intruders may hijack a publicly-reachable system and use it as a proxy for their own purposes; the proxy then masquerades as that system to other internal machines. While use of internal address spaces enhances security, crackers may still employ methods such as IP spoofing to attempt to pass packets to a target network.

Network address translation
Main article:
Network address translation
Firewalls often have network address translation (NAT) functionality, and the hosts protected behind a firewall commonly have addresses in the "private address range", as defined in RFC 1918
. Firewalls often have such functionality to hide the true address of protected hosts. Originally, the NAT function was developed to address the limited number of IPv4 routable addresses that could be used or assigned to companies or individuals as well as reduce both the amount and therefore cost of obtaining enough public addresses for every computer in an organization. Hiding the addresses of protected devices has become an increasingly important defense against network reconnaissance.

See: Comparison of firewalls

Computer security

Computer security is a branch of technology known as information security as applied to computers.
The objective of computer security varies and can include protection of
information from theft or corruption, or the preservation of
availability, as defined in the security policy.
Computer security imposes requirements on computers that are
different from most system requirements because they often take the
form of constraints on what computers are not supposed to do. This
makes computer security particularly challenging because it is hard
enough just to make computer programs do everything they are designed
to do correctly. Furthermore, negative requirements are deceptively
complicated to satisfy and require exhaustive testing to verify, which
is impractical for most computer programs. Computer security provides a
technical strategy to convert negative requirements to positive
enforceable rules. For this reason, computer security is often more
technical and mathematical than some computer science fields.
Typical approaches to improving computer security (in approximate order of strength) can include the following:


  • Physically limit access to computers to only those who will not compromise security.
  • Hardware mechanisms that impose rules on computer programs, thus avoiding depending on computer programs for computer security.
  • Operating system mechanisms that impose rules on programs to avoid trusting computer programs.
  • Programming strategies to make computer programs dependable and resist subversion.



1.Secure Operating Systems
One use of the term computer security refers to technology to implement a secure
operating system.
Much of this technology is based on science developed in the 1980s and
used to produce what may be some of the most impenetrable operating
systems ever. Though still valid, the technology is in limited use
today, primarily because it imposes some changes to system management
and also because it is not widely understood. Such ultra-strong secure
operating systems are based on operating system kernel
technology that can guarantee that certain security policies are
absolutely enforced in an operating environment. An example of such a Computer security policy is the
Bell-LaPadula model
: The strategy is based on a coupling of special microprocessor hardware features, often involving the memory management unit,
to a special correctly implemented operating system kernel. This forms
the foundation for a secure operating system which, if certain critical
parts are designed and implemented correctly, can ensure the absolute
impossibility of penetration by hostile elements. This capability is
enabled because the configuration not only imposes a security policy,
but in theory completely protects itself from corruption. Ordinary
operating systems, on the other hand, lack the features that assure
this maximal level of security. The design methodology to produce such
secure systems is precise, deterministic and logical.


Systems designed with such methodology represent the state of the
art of computer security although products using such security are not
widely known. In sharp contrast to most kinds of software, they meet
specifications with verifiable certainty comparable to specifications
for size, weight and power. Secure operating systems designed this way
are used primarily to protect national security information, military
secrets, and the data of international financial institutions. These
are very powerful security tools and very few secure operating systems
have been certified at the highest level (Orange Book
A-1) to operate over the range of "Top Secret" to "unclassified"
(including Honeywell SCOMP, USAF SACDIN, NSA Blacker and Boeing MLS
LAN.) The assurance of security depends not only on the soundness of
the design strategy, but also on the assurance of correctness of the
implementation, and therefore there are degrees of security strength
defined for COMPUSEC. The Common Criteria
quantifies security strength of products in terms of two components,
security functionality and assurance level (such as EAL levels), and
these are specified in a Protection Profile for requirements and a Security Target
for product descriptions. None of these ultra-high assurance secure
general purpose operating systems have been produced for decades or
certified under the Common Criteria.


In USA parlance, the term High Assurance usually suggests the system
has the right security functions that are implemented robustly enough
to protect DoD and DoE classified information. Medium assurance
suggests it can protect less valuable information, such as income tax
information. Secure operating systems designed to meet medium
robustness levels of security functionality and assurance have seen
wider use within both government and commercial markets. Medium robust
systems may provide the same the security functions as high assurance
secure operating systems but do so at a lower assurance level (such as
Common Criteria levels EAL4 or EAL5). Lower levels mean we can be less
certain that the security functions are implemented flawlessly, and
therefore less dependable. These systems are found in use on web
servers, guards, database servers, and management hosts and are used
not only to protect the data stored on these systems but also to
provide a high level of protection for network connections and routing
services.


2.Security Architecture
Security Architecture can be defined as the design artifacts that
describe how the security controls (security countermeasures) are
positioned, and how they relate to the overall information technology
architecture. These controls serve the purpose to maintain the system's
quality attributes, among them
confidentiality, integrity, availability, accountability and assurance."[1].
In simpler words, a security architecture is the plan that shows where
security measures need to be placed. If the plan describes a specific
solution then, prior to building such a plan, one would make a risk
analysis. If the plan describes a generic high level design (reference
architecture) then the plan should be based on a threat analysis.


3.Security by Design
The technologies of computer security are based on
logic.
There is no universal standard notion of what secure behavior is.
"Security" is a concept that is unique to each situation. Security is
extraneous to the function of a computer application, rather than
ancillary to it, thus security necessarily imposes restrictions on the
application's behavior.
There are several approaches to security in computing, sometimes a combination of approaches is valid:
  1. Trust all the software to abide by a security policy but the software is not trustworthy (this is computer insecurity).
  2. Trust all the software to abide by a security policy and the
    software is validated as trustworthy (by tedious branch and path
    analysis for example).
  3. Trust no software but enforce a security policy with mechanisms that are not trustworthy (again this is computer insecurity).
  4. Trust no software but enforce a security policy with trustworthy mechanisms.







Many systems have unintentionally resulted in the first possibility.
Since approach two is expensive and non-deterministic, its use is very
limited. Approaches one and three lead to failure. Because approach
number four is often based on hardware mechanisms and avoids
abstractions and a multiplicity of degrees of freedom, it is more
practical. Combinations of approaches two and four are often used in a
layered architecture with thin layers of two and thick layers of four.
There are myriad strategies and techniques used to design security
systems. There are few, if any, effective strategies to enhance
security after design.
One technique enforces the principle of least privilege to great extent, where an entity has only the privileges that are needed for its function. That way even if an attacker gains access to one part of the system, fine-grained security ensures that it is just as difficult for them to access the rest.
Furthermore, by breaking the system up into smaller components, the
complexity of individual components is reduced, opening up the
possibility of using techniques such as automated theorem proving to prove the correctness of crucial software subsystems. This enables a closed form solution
to security that works well when only a single well-characterized
property can be isolated as critical, and that property is also
assessable to math. Not surprisingly, it is impractical for generalized
correctness, which probably cannot even be defined, much less proven.
Where formal correctness proofs are not possible, rigorous use of code review and unit testing represent a best-effort approach to make modules secure.
The design should use "defense in depth",
where more than one subsystem needs to be violated to compromise the
integrity of the system and the information it holds. Defense in depth
works when the breaching of one security measure does not provide a
platform to facilitate subverting another. Also, the cascading
principle acknowledges that several low hurdles does not make a high
hurdle. So cascading several weak mechanisms does not provide the
safety of a single stronger mechanism.
Subsystems should default to secure settings, and wherever possible
should be designed to "fail secure" rather than "fail insecure" (see fail safe
for the equivalent in safety engineering). Ideally, a secure system
should require a deliberate, conscious, knowledgeable and free decision
on the part of legitimate authorities in order to make it insecure.
In addition, security should not be an all or nothing issue. The
designers and operators of systems should assume that security breaches
are inevitable. Full audit trails
should be kept of system activity, so that when a security breach
occurs, the mechanism and extent of the breach can be determined.
Storing audit trails remotely, where they can only be appended to, can
keep intruders from covering their tracks. Finally, full disclosure helps to ensure that when bugs are found the "window of vulnerability" is kept as short as possible.




Early history of security by design
The early
Multics
operating system was notable for its early emphasis on computer
security by design, and Multics was possibly the very first operating
system to be designed as a secure system from the ground up. In spite
of this, Multics' security was broken, not once, but repeatedly. The
strategy was known as 'penetrate and test' and has become widely known
as a non-terminating process that fails to produce computer security.
This led to further work on computer security that prefigured modern security engineering techniques producing closed form processes that terminate.





4.Secure coding
Seacord, "Secure Coding in C and C++"





5.Capabilities vs. ACLs
Within computer systems, the two fundamental means of enforcing privilege separation are access control lists (ACLs) and capabilities. The semantics of ACLs have been proven to be insecure in many situations (e.g., Confused deputy problem).
It has also been shown that ACL's promise of giving access to an object
to only one person can never be guaranteed in practice. Both of these
problems are resolved by capabilities. This does not mean practical
flaws exist in all ACL-based systems, but only that the designers of
certain utilities must take responsibility to ensure that they do not
introduce flaws.
Unfortunately, for various historical reasons, capabilities have been mostly restricted to research operating systems
and commercial OSs still use ACLs. Capabilities can, however, also be
implemented at the language level, leading to a style of programming
that is essentially a refinement of standard object-oriented design. An
open source project in the area is the E language.
First the Plessey System 250 and then Cambridge CAP computer
demonstrated the use of capabilities, both in hardware and software, in
the 1970s, so this technology is hardly new. A reason for the lack of
adoption of capabilities may be that ACLs appeared to offer a 'quick
fix' for security without pervasive redesign of the operating system
and hardware.
The most secure computers are those not connected to the Internet
and shielded from any interference. In the real world, the most
security comes from operating systems where security is not an add-on, such as OS/400 from IBM.
This almost never shows up in lists of vulnerabilities for good reason.
Years may elapse between one problem needing remediation and the next.
A good example of a secure system is EROS.
But see also the article on secure operating systems.
TrustedBSD is an example of an open source project with a goal, among other things, of building capability functionality into the FreeBSD operating system. Much of the work is already done.


Applicattions
Computer security is critical in almost any technology-driven
industry which operates on computer systems. The issues of computer
based systems and addressing their countless vulnerabilities are an
integral part of maintaining an operational industry.
[3]



Lightning, power fluctuations, surges, brown-outs,
blown fuses, and various other power outages instantly disable all
computer systems, since they are dependent on electrical source. Other
accidental and intentional faults have caused significant disruption of
safety critical systems throughout the last few decades and dependence
on reliable communication and electrical power only jeopardizes
computer safety.


Terminology
The following terms used in engineering secure systems are explained below.
  • Firewalls
    can either be hardware devices or software programs. They provide some
    protection from online intrusion, but since they allow some
    applications (e.g. web browsers) to connect to the Internet, they don't
    protect against some unpatched vulnerabilities in these applications
    (e.g. lists of known unpatched holes from Secunia and SecurityFocus).

  • Automated theorem proving
    and other verification tools can enable critical algorithms and code
    used in secure systems to be mathematically proven to meet their
    specifications.
  • Thus simple microkernels can be written so that we can be sure they don't contain any bugs: eg EROS and Coyotos.

A bigger OS, capable of providing a standard API like POSIX,
can be built on a secure microkernel using small API servers running as
normal programs. If one of these API servers has a bug, the kernel and
the other servers are not affected: e.g. Hurd or Minix 3.


  • Cryptographic
    techniques can be used to defend data in transit between systems,
    reducing the probability that data exchanged between systems can be
    intercepted or modified.
  • Strong authentication techniques can be used to ensure that communication end-points are who they say they are.

Secure cryptoprocessors can be used to leverage physical security techniques into protecting the security of the computer system.


  • Chain of trust techniques can be used to attempt to ensure that all software loaded has been certified as authentic by the system's designers.
  • Mandatory access control
    can be used to ensure that privileged access is withdrawn when
    privileges are revoked. For example, deleting a user account should
    also stop any processes that are running with that user's privileges.
  • Capability and access control list techniques can be used to ensure privilege separation and mandatory access control.