Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Tuesday, October 21, 2008

win32.USBworm Heap41a

Source
Whenever they try to open firefox, a message pops up:

"USE INTERNET EXPLORER YOU DOPE" "I DNT HATE MOZILLA BUT USE IE OR ELSE...".
When they try to access Orkut.com, this the message that pops up:
"Orkut is banned you fool. The administrators didnt write this program guess who did?? MUHAHAHA!!"
When they try to access Youtube.com, this the message that pops up:
"Youtube is banned you fool,The administrators didnt write this program guess who did?? MUHAHAHA!!"

This worm is called Heap41a / win32.USBworm. It usually spreads via USB drives.
It runs a exe file which is name MicrosoftPowerpoint.exe
which is located in the USB disk. The autorun.inf runs this file when
double clicked. Once this program is run you are infected. It hides all
your hidden folders, runs the process in the memory, makes the worm to
start with windows and pops those annoying messages. This worm doesn’t
destroy any system files. It just infects other USB drives and spreads
to new hosts.

A brilliant techie named Sarath Lakshman from Kerala have developed a solution for this worm.
This is a virus removal tool. You can find more info on virus removal in that webpage.
After cleaning the worm in your PC, dont forget to format your USB drive, otherwise your PC will get reinfected.
Other method to clean the Spyware.

(Its better that you take a printout or write these down in a paper)
Step.1: Download and install necessary tools
Step.2: Inactivate the Process.
Step.3: Clean the Card.
Step.4: Clean the PC.


Step.1: Download and install necessary tools
You have already downloaded and installed the AnVir Task Manager.
Now You need to download two more tools.
1. Download this Flash Disinfector for the USB Drive.

Save that file at an easily accessible place. No need to install it, you can run it later from that file itself.
2. Download, install and fully update SpyBot S&D

And don't forget to restart your PC after cleaning the virus.
At the time of installation, it
will ask whether you want to backup your registry. DONT BACKUP YOUR
REGISTRY as your registry is already infected. Select No when you see
that. After installation Update it. and close it. We will scan later.
We need these tools in Step 3 & 4

Step.2: Inactivate the Process.
Phase.A
Open the same "AnVir Task Manager"
Click on the startup"
Select the entry "OfcpfwSvcs.exe"
Uncheck(remove the tick mark) the box next to it.
Then a message box will open up asking you,
"Disable OfcpfwSvcs.exe?"
Check(Add tick mark) both the boxes below it and press "Ok"

Phase.B
Go to Windows XP safe Mode.
Windows XP safe mode is a special mode in which only the selected system applications will run at startup.
That means the Spyware wont autorun in safe mode.
To go to safe mode,
* If the computer is running, shut down Windows, and then turn off the power.
* Wait 30 seconds, and then turn the computer on.
* Start tapping the F8 key. The Windows Advanced Options Menu
appears. If you begin tapping the F8 key too soon, some computers
display a "keyboard error" message. To resolve this, restart the
computer and try again.
* Ensure that the Safe Mode option is selected.
* Press Enter. The computer then begins to start in Safe mode.
*
Sign In on your usual account if you have enabled one.
Now after your Windows XP starts in safe mode, it will look blurred, dont worry, its how safe mode looks.
While we are in safe mode, we will go to Step.3 & Step.4.

Step.3: Clean the Card(in safe mode).
Now go to that Flash Disinfector exe file which we saved in Step.1.
* Plug the USB drive in you card reader.
* Click on that Flash Disinfector file.
* After the disinfection is done, Go to "My Computer", Right Click on the USB drive icon and select "Format"
* That will clean the USB drive.


Step.4: Clean the PC(in safe mode).
* Now launch the SpyBot Search & Destroy.
* Run a scan of your PC.
* Remove all possible threats.

Restart your PC in normal mode,
Open the Windows task Manager by Pressing Ctrl+Alt+Delete and see
whether that OfcpfwSvcs.exe process is still there. If its not there
your PC is clean.

1000 or 1024?

Monitor Test [simple - vereinfacht)

Si puede ver aquí todos los 20 niveles grises claramente separados, su monitor está calibrado correctamente (hacer doble click sobre la cuña de grises) [brillo y contraste]
If you can see here all 20 levels of grey clearly separated, your monitor is calibrated correctly! (double click on grey scale)
Wenn Sie alle 20 graue Rechtecke dieses Graukeiles deutlich auseinander erkennen, ist Ihr Monitor richtig eingestellt (Helligkeit und Kontrast)


Monday, October 20, 2008

scanscience.com

Source


B&W Scanning Lab Study by K and B. Gale, - With thanks
Used: ScanScience Kit for the Epson 4990 with LUMINA Optical Fluid


About these three images

A) TOP scan of an old picture
B) MIDDLE:  a dry scan of the film for this picture
C) BOTTOM:  A fluid scan of the same film as in B)

Please notice the elimination of dust and scratches on the fluid scan and the uniform and smooth tonality that sets it apart from the other images.

This was a large project involving hundred's of similar old images and the artists were amazed at the simplicity of the technique and the effectiveness of fluid mounting which saved them countless hours in digital retouching. Fluid mounting is over 10 X as efficient as digital dust and scratch removal and in addition delivers better gradation and impact not attainable by any other means.
Additionally, fluid mounting works with all films where digital IR techniques do not work on silver halide negatives like these.

Thursday, October 16, 2008

Boot Camp

Boot Camp es un software desarrollado por la empresa Apple que asiste al usuario en la instalación de las versiones de 32 bits de Windows XP Service Pack 2 de Microsoft (las versiones Home y Profesional) y Windows Vista Home Basic, Home Premium, Business o Ultimate en computadoras Macintosh con procesador Intel.
Boot Camp guía al usuario a través de un reparticionamiento no
destructivo (incluyendo poder cambiar el tamaño de las particiones
existentes) de sus discos duros y también le da la posibilidad de crear
un CD
con los controladores de hardware correspondientes para Windows XP y
Vista. Además de los controladores para el hardware, el CD incluye un
panel de control de Windows para configurar el sistema operativo
primario.


Boot Camp no es un herramienta de virtualización, la cual permite al usuario correr Windows y Mac OS X
al mismo tiempo.

[Es un simple implementación dual boot como se hace con Linux, BSD y otros sistemas operativos]
El administrador de arranque
incluido con todos los ordenadores Mac con Intel permiten la selección
del sistema operativo.

EMSIsoft.com

Source

a-squared Free 3.5
Freeware! This program contains only the basic scanner. Background Guard, Automatic Updates, Scheduled Scans and HiJackFree are only available with a-squared Anti-Malware.
Version 3.5.0.25 - 7/31/2008 - for Windows XP, 2003/2008 Server and Vista, limited functionality on x64 (26 MB) changelog stable/beta

a-squared Free Download

a-squared Command Line Scanner 4.0
Freeware! This program is a console application to scan your PC. It was made for professionals who don't need a setup or graphical user interface. All features of the Anti-Malware scanner are included.
Version 4.0.0.14 - 9/13/2008 - for Windows XP, 2003/2008 Server and Vista, limited functionality on x64 (56 MB)

a-squared Commandline Scanner Download

a-squared Emergency USB Stick files
Freeware!
Contains a-squared Free and a-squared Commandline Scanner files. Unpack the zip to a USB Stick to make an easy to use scanning and removal tool.
This file is kept always up to date with the latest program and signature files. For Windows XP, 2003/2008 Server and Vista, limited functionality on x64 (25 MB)

a-squared Emergency USB Stick files Download

a-squared HiJackFree 3.1
Freeware!
a-squared HiJackFree helps advanced users to detect and remove Malware manually.
Version 3.1.0.16 - 5/12/2008 - for Windows XP, 2003/2008 Server and Vista, limited functionality on x64 (2 MB).

a-squared HiJackFree Download
Standalone EXE

a-squared Anti-Dialer 3.5
Freeware! a-squared Anti-Dialer scans the harddisk for Dialers and provides a permanent background guard protection against new Dialer infections.
Version 3.5.0.5 - 6/11/2008 - for Windows XP, 2003/2008 Server and Vista, limited functionality on x64 (3 MB).
a-squared Anti-Dialer Download

LANPARTY UT nF4 Ultra-D MBoard: ITE smart guardian x64

DFI.com
direct download is here
Monitors temperatures and voltages, controls fan speed
Driver: Smart I/O Driver
OS: Windows Vista64
File: NF4_SG_Vista.exe

Size: 3,522,002 bytes
Date: 2007/05/15
Description:
ITE Smart Guardian for
Windows XP32Bit /XP64Bit / Vista 32Bit / Vista 64Bit
(for LanParty NF4 and LanParty UT NF4 Series only).

More info

XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus

Extracted from Source

What this programs does:
XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus are rogue antivirus programs that, when run, display false results as a tactic to scare you into purchasing the software. Older versions of XP Antivirus would create 9 entries in your Windows Registry that impersonate infections on your machine. In reality, though, these registry entries were harmless and had absolutely no effect on your computer. Instead, these entries were set so that XP AntiVirus can find them when scanning your computer and report them as infections. The newer of versions of the program , such as XP Antivirus 2008 and XP Antivirus 2009, instead just display false results when scanning your computer that state infections were found. In order to remove these fake infections, though, you would first need to purchase the software as the trial does not allow you to remove them.
While running, XP Antivirus will also display fake alerts stating that you are infected or under attack from some type of threat. These alerts are fake and can be ignored. If you do click on the alert, though, it will prompt you to purchase the software. Examples of text contained in these alerts can be found below.

Privacy Violation alert!
XP antivirus detected Privacy Violation. Some program is secretly sending your private data to untrusted internet host. Click here to block this activity by removing threats (Recommended).
or
System files modification alert!
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss. Click here to block unathorised
<sic> modification by removing threats (Recommended).

As you can see these programs are fraudware because they make changes to your computer and then state these changes are infections as a scare tactic to have you purchase the software. It goes without saying that under no circumstances should you buy it. The older program, XPAntivirus, does come with a removal option in the computer's Add or Remove Programs list, but when you attempt to uninstall it, all that happens is the entry is removed from the list and program's process is terminated. Next time you reboot, XP AntiVirus will start up again. The newer versions of the program do not contain an entry in the Add or Remove Programs list at all.

XP Antivirus 2008 screenshot
XP Antivirus 2008 screenshot
For more screen shots of this infection click on the image above.
There are a total of 7 images you can view.

Tools Needed for this fix:

Wednesday, October 15, 2008

remove process PARTLOGIC-0.69-ISO.EXE

Source
PARTLOGIC-0.69-ISO.EXE Remove process

Author:PARTLOGIC-0.69-ISO.EXE
How to remove PARTLOGIC-0.69-ISO.EXE

Following is PARTLOGIC-0.69-ISO.EXE description and detail
of How to remove PARTLOGIC-0.69-ISO.EXE:
For successful remove PARTLOGIC-0.69-ISO.EXE , following the instruction:

1. Temporarily Disable System Restore.

2. Update the virus definitions for remove PARTLOGIC-0.69-ISO.EXE. Reboot computer in SafeMode.

3.Stop PARTLOGIC-0.69-ISO.EXE virus files process if you can find on the task list;

4. Locate PARTLOGIC-0.69-ISO.EXE virus files and uninstall PARTLOGIC-0.69-ISO.EXE files program. Follow the screen step-by-step screen instructions to complete uninstallation of PARTLOGIC-0.69-ISO.EXE.

5. Delete/Modify any values added to the registry related with PARTLOGIC-0.69-ISO.EXE,Exit registry editor and restart the computer.

6.Clean/delete all PARTLOGIC-0.69-ISO.EXEinfected file(s):PARTLOGIC-0.69-ISO.EXE and related,or rename PARTLOGIC-0.69-ISO.EXE virus files.

7.Please delete all your IE temp files manually (PARTLOGIC-0.69-ISO.EXE file may exist there),or download the tool ATF Cleaner to delete all your IE temp files.

8.Use antivirus program run a whole scan,or use the free online scaner (different famous antivirus online scaner)on the right site of home.

Following is the information of the virus file PARTLOGIC-0.69-ISO.EXE
PARTLOGIC-0.69-ISO.EXE: The filename PARTLOGIC-0.69-ISO.EXE was first seen on Aug 11 2008 in BELGIUM.The filename PARTLOGIC-0.69-ISO.EXE refers to an object. It has file size of 4,795,607 bytes. This file has no vendor, product or version information specified in the file header.
PARTLOGIC-0.69-ISO.EXE has been seen to perform the following behavior(s):
  • Executes a Process
PARTLOGIC-0.69-ISO.EXE has been the subject of the following behavior(s):
  • Created as a process on disk
  • Executed as a Process
  • Terminated as a Process
  • Has code inserted into its Virtual Memory space by other programs
Virus, Spyware & Malware Center
IF you can not get your needed information from the article PARTLOGIC-0.69-ISO.EXE and fail to removal successfully,you may seek help on
Free Virus Remove Help forum
URL:
http://help.antiviruses123.com.

IE8 Activities for Firefox 0.7.3

Source

This extension is an implementation of IE8 Activities for Firefox (and Flock).
Añadir a Firefox 


Activities
is a new feature in IE8 beta.
You can get more information after the line



Internet Explorer8 beta (Readiness Toolkit)
Accelerators
Accelerators are a contextual feature used to quickly access a service from any webpage. It is common for users to copy and paste content from one webpage to another, and accelerators simplify this process.

Accelerators allow users to find information without leaving the current webpage. For example, to determine the location of a specific restaurant, a user will select the restaurant's address, generating an in-place view of the map. Clicking the view will open a full webpage that includes additional information from the mapping service.

Accelerator Map Screenshot
Accelerators can also be used to send information to a service. For example, to blog about a section of an article, a user will make the selection and use the blog Accelerator. This will take the user to the blog site, with the selection available in the edit field.

Users can manage Accelerators and install them from the Internet Explorer Gallery or through any website that offers Accelerators for download. For more information, see Faster and Easier

Visopsys

Source

Visopsys (VISual OPerating SYStem) is an alternative operating system for PC-compatible computers, written "from scratch", and developed primarily by a single hobbyist programmer since late 1997.

Visopsys is free software and the source code is available under the terms of the GNU General Public License.  The libraries and header files are licensed under the terms of the GNU Lesser General Public License.

The bulk of Visopsys is a fully multitasking, 100% protected mode, virtual-memory, massively-monolithic-style kernel.  Added to this is a bare-bones C library and a minimal suite of applications together comprising a small but reasonably functional operating system which can operate natively in either graphical or text modes.  Though it's been in continuous development for a number of years, realistically the target audience remains limited to operating system enthusiasts, students, and assorted other sensation seekers.  The ISO and floppy images available from the download page can install the system, or operate in 'live demo' mode.

Partition Logic

Source
Partition Logic is a free hard disk partitioning and data management tool.
It can create, delete, format, defragment, resize, and move partitions and modify their attributes. It can copy entire hard disks from one to another.
Partition Logic is free software, based on the
Visopsys operating system.  It boots
from a CD or floppy disk and runs as a standalone system, independent
of your regular operating system.  It is intended to become a free
alternative to such commercial programs as

Partition Magic, Drive Image, and Norton Ghost... (read
more
)

Some notes about using Partition Logic with
Windows Vista

McAfee Avert Stinger

Source
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.
How do I use Stinger?
The Stinger for W32/Polip can be found here
  1. Download v10.0.1.602 [2,482,695 bytes] (9/18/2008)

  2. Download ePOStg305.Zip EPO deployable version (for EPO administrators). Instructions for EPO 2.5X and EPO 3.X are available.
  3. This version of Stinger includes detection for all known variants:
    More...
When the download is complete, navigate to the folder that contains the
downloaded Stinger file, and run it. WindowsME/XP users read
this first
.
Command-line parameters for Stinger. The parameters are displayed when passing Stinger the /? switch:
  • /ADL - Scan all local drives.
  • /GO - Start scanning immediately.
  • /LOG - Save the log file after scans.
  • /SILENT - Do not display graphical interface.

Web of Trust

MSN cleaner

Fuente

Descripción:
MSNCleaner.exe Elimina malwares
que utilizan Programas de mensajería instantánea, como Msn Messenger,
Windows Live Messenger, entre otros.

MSNCleaner no bloqueará su página de inicio y si por alguna razón no
puede poner la página de su preferencia, utilice el programa IniRem 2.0.exe, el cual desbloqueará el navegador Internet Explorer y puede colocar la página de inicio que desee.


Algunos de los Malwares que elimina MSNCleaner

  • Foto_Celular.scr
  • Foto_Celular.zip
  • Foto_Posse.zip
  • Bush.exe
  • Desnuda.exe
  • F0538_jpg.zip
  • Fotos.zip - Fotos roberto.exe
  • img4851.zip
  • IMG-0024.zip
  • IMG0024.zip
  • MessengerSkinner
  • MSN Content Plus
  • MSN Messenger Guiños
  • MyGallery5156.zip
  • p0017_jpg.zip
  • Photos-webcam2007.zip
  • PictureAlbum2007.zip
  • portaldeayuda - portaldeayudita
  • S_00305_jpg.zip
  • W139_jpg.zip
  • Winks Instalador
  • Z058_jpg.zip
  • Listado completo de archivos que detecta y elimina MSNCleaner



  • Utilización correcta del MSNCleaner
    .- Descargar el programa MSNCleaner.zip, lo puede descargar al final del tema

    .- Reiniciar el sistema en Modo a Prueba de Fallos

    .- Utilizar el programa MSNCleaner.exe (Ultima Versión)
    • Descomprimir el archivo MSNCleaner.zip
    • Ejecutar el archivo MSNCleaner.exe
    • Hacer Clic en el botón Analizar, Si se detecta algún archivo nocivo, se activará el botón Eliminar
    • Seleccionar las opciones "Eliminar archivos temporales" y "Restaurar el archivo Hosts"
    • Hacer Clic en el botón Eliminar
    .- Utilizar el programa CCleaner
    • Primero Ejecutar la opción "Limpiador" para eliminar cookies, archivos temporales, etc. Luego utilizar la opción de "Registro" para limpiar el registro de Windows (Recuerde hacer una copia de seguridad)
    .- Reinicie en modo normal.



    Otras características
    • Desbloquea el "Regedit"
    • Desbloquea el "Task Manager"
    • Desbloquea la pagina de inicio en "IE".
    • Borra archivos temporales
    • Restaura valores originales del registro de Windows
    • Restaura el archivo "HOSTS" al original
    • Habilita las funciones del "Panel de Control".
    • Habilita el "Escritorio"
    • Habilita el "Iconos de Escritorio"
    • Habilita el "Reloj"
    • Habilita el "Apagar equipo" en el Menú Inicio.
    • Habilita el "Buscador" en el Menú Inicio.
    • Habilita el "Ejecutar" en el Menú Inicio.
    • Habilita el "Consola CMD"
    • Habilita el "Menú Contextual"
    • Habilita el "Opciones de Carpeta"
    • Sistema de Backup (respaldo) en "C:\MSNCleaner\BackUpMsnCleaner"
    • Función automática de "Borrar al reiniciar" para archivos rebeldes.
    Descargar MSNcleaner:
    MSNCleaner.zip

    RogueRemover

    Source
    The Internet today is full of scam sites, otherwise known as phishing sites that try to sell you products. These products can be potenially harmful to your computer. They install malware, provide false feedback about your computer, and can slow down the computer drastically. These products are known as rogue applications and come in a variety of forms - from anti-malware applications to registry cleaners and even hard drive utilities.
    We at Malwarebytes realize this is becoming a more prevalent issue, and have created a free application to help keep you safe and secure - RogueRemover FREE
    RogueRemover FREE is an application that can remove rogue antispyware, antivirus, and hard drive cleaning applications with ease. Rogue applications provide false information about the safety of your computer as well as, give erroneous scan results or put their own malware on your computer.

    RogueRemover FREE has the ability to completely remove WinAntiSpyware / WinAntiVirus, SpyAxe, VirusBlast, VirusBursters, as well as a number of other rogue applications. In addition, we have implemented a threats center which will allow you to keep up to date with the latest rogue threats.

    Usage
    Simply download RogueRemover FREE from the one of the links below. Double click the downloaded file to install the application on your computer. Once the application is installed, double click on the RogueRemover FREE icon to start the program. When the application is open, select Scan and the application will guide you through the remaining steps.

    Download

    Problemas relacionados con programas basados en MS-DOS

    Microsoft.com
    Comprobar el subsistema Ntvdm
    Cuando se tienen problemas con programas basados en MS-DOS lo primero que hay que comprobar es el subsistema de máquina DOS virtual de Windows (NTVDM). Puede utilizar Command.com para comprobar si el subsistema de NTVDM se está ejecutando correctamente. Para iniciar Command.com, siga estos pasos:
    1.Haga clic en el botón Inicio y, a continuación, haga clic en Ejecutar.
    2.En el cuadro Abrir, escriba command.com y haga clic en Aceptar.
    Esto debería iniciar una ventana de símbolo del sistema. Si esto no funciona correctamente, tiene un problema con el subsistema de NTVDM y debería comprobar los elementos siguientes:
    More...
    Mi sugerencia (cebaehren):
    Comodo BOCleaner reconoce a NTVDM.exe como un peligro. Si se usan programas basados en "tecnologia DOS" se los debe excluir en la configuración de BOCleaner.

    XPreload

    My solution:
    Do not use IExplorer version<7! Better: uninstall it completely!
    Use Firefox, Flock or Opera instead (with webpage-threat advisors as belarcAdvisor, Sitehound, wot and McAfeeSiteAdvisor)
    Don't forget NoScript! And hosts related software to protect zonemapping
    Use Spybot Searcha&Destroy!



    Company:
    Product: XPreload
    Threat: Trojan
    Description
    If executed this trojan horse will run in background and download various other malware.

    Sgrunt - IE4321.exe

    My solution:
    Do not use IExplorer version<7! Better: uninstall it completely!
    Use Firefox, Flock or Opera instead (with webpage-threat advisors as belarcAdvisor, Sitehound, wot and McAfeeSiteAdvisor)
    Don't forget NoScript! And hosts related software to protect zonemapping
    Use Spybot Searcha&Destroy!

    Close unused ports!
     OR use Linux


    Company:
    Product: Sgrunt
    Threat: Dialer
    Description
    Connects via ICMP to its website. Without user consent, of course. File is named "IE4321.exe".

    TNS-Search

    My solution:
    Do not use IExplorer version<7! Better: uninstall it completely!
    Use Firefox, Flock or Opera instead (with webpage-threat advisors as belarcAdvisor, Sitehound, wot and McAfeeSiteAdvisor)
    Don't forget NoScript! And hosts related software to protect zonemapping
    Use Spybot Searcha&Destroy!



    Company:
    Product: TNS-Search
    Threat: Hijacker
    Description
    This hijacker creates a false security warning when opening IE asking the user to download the latest virus definitions. In consequence, it will install an IE toolbar, redirect the IE start page and creates a lot of icons on the desktop.

    Bestsearch.Scvhost

    My solution:
    Do not use IExplorer version<7! Better: uninstall it completely!
    Use Firefox, Flock or Opera instead (with webpage-threat advisors as belarcAdvisor, Sitehound, wot and McAfeeSiteAdvisor)
    Don't forget NoScript! And hosts related software to protect zonemapping
    Use Spybot Searcha&Destroy!



    Company:
    Product: Bestsearch.Scvhost
    Threat: Hijacker
    Functionality
    supposed to be a windows system file
    Description
    This hijacker pretends to belong to the windows system files. It runs in background, hijacks the start pages of the Internet Explorer and adds itself as debugger for exe files to get started with every application. Bestsearch.Scvhost also adds itself twice to the system start.

    CoolWWWSearch

    My solution:
    Do not use IExplorer version<7! Better: uninstall it completely!
    Use Firefox, Flock or Opera instead (with webpage-threat advisors as belarcAdvisor, Sitehound, wot and McAfeeSiteAdvisor)
    Don't forget NoScript! And hosts related software to protect zonemapping
    Use Spybot Searcha&Destroy!



    Company:
    Product: CoolWWWSearch
    Threat: Hijacker
    Description
    This piece of malware hijacks the IE start page and redirects to its own sites. This will then lead to a malicious web search page causing popup windows while using IE. The sites may also advertise trojans and/or install them directly without user consent.

    Smitfraud-C.

    My solution:
    Do not use IExplorer version<7! Better: uninstall it completely!
    Use Firefox, Flock or Opera instead (with webpage-threat advisors as belarcAdvisor, Sitehound, wot and McAfeeSiteAdvisor)
    Don't forget NoScript!
    And hosts related software to protect zonemapping
    Use Spybot Searcha&Destroy!



    Company:
    Product: Smitfraud-C.
    Threat:
    Description
    This program installs itself through the internet and creates new desktop wallpaper. This wallpaper looks like a Windows 98 blue screen and contains a warning that the computer is infected with viruses, that one should download run a virus scanner and that the computer wouldn't work in normal mode. In addition to this one gets a desktop icon leading to a pretended anti virus application named PSGuard.
    Scanning the computer with this software will return a virus found (that was installed by this software itself). In order to remove this virus one has to download the full version for about 20 EUR.
    Another unpleasant effect of Smitfraud-C. is that some configuration options in the Control Panel will no longer be available. This way it stops the user from changing the wallpaper and forces him to keep the blue screen. Overall Smitfraud-C is a very sneaky software trying to sell PSGuard by frightening less experienced users.

    WindowsSecurityCenter_disabled

    My solution:
    Do not use IExplorer version<7! Better: uninstall it completely!
    Use Firefox, Flock or Opera instead (with webpage-threat advisors as belarcAdvisor, Sitehound, wot and McAfeeSiteAdvisor)
    Don't forget NoScript!
    And hosts related software to protect zonemapping
    Use Spybot Searcha&Destroy!



    Company:
    Product: ABetterInternet
    Threat: Malware
    Company URL:
    _http://www.abetterinternet.com/_
    Company privacy URL:
    _http://www.bestoffersnetworks.com/privacy.php_
    Description
    Installs an IE Browser Helper Object and delivers advertisement and promotional information while the user is surfing through the Internet. Also collects various information about the user like IP address, his operating system and so on.

    Company: Media Motor
    Product: MediaMotor
    Threat: Adware
    Company URL:
    _http://media-motor.com/_
    Description
    MediaMotor gets installed through trojan horses. It causes pop up windows on the desktop without user consent. It creates autorun entries in order to be launched on every Windows startup. It changes the Internet Explorer settings by adding the domain media-motor.net to the zonemaps.

    Company:
    Product: WindowsSecurityCenter_disabled
    Threat: Security
    Functionality
    if the Windows Security Center is disabled this entry will be shown
    Description
    Malware can disable the Windows Security Center to make your System more vulnerable.
    If you have other security software suit installed, this may also deactivate the Windows Security Center to avoid double warning messages.

    180Solutions.SearchAssistant --Threat: Spyware

    My Solution: Use Spybot Seearch & Destroy!

    Company: 180Solutions, Inc.
    Product: 180Solutions.SearchAssistant
    Threat: Spyware
    Company URL:
    _http://www.180solutions.com/_
    Company product URL:
    _http://www.180solutions.com/_
    Company privacy URL:
    _http://www.180solutions.com/_
    Functionality
    "180search Assistant" is a permission-based search assistant application that provides access to a wide range of websites, applications and information powered by 180solutions, Inc. ("180solutions"). This means that 180search Assistant will periodically direct you to our sponsors' websites. 180search Assistant will collect information about the websites you visit, but will not collect any information that will be used by 180solutions to identify you personally. The information that 180search Assistant collects and transmits to 180solutions will be used to provide you with access to comparative shopping opportunities at times when we consider them most relevant. 180search Assistant can be uninstalled at any time by going to the "Add/Remove Programs" menu on your computer and clicking the "Remove" button next to the entry or entries for 180search Assistant.
    Description
    Renaming the zanu.exe to searchassistant.exe causes the file to register itself as searchassistant in Sytemstart. Also the boomerangg.exe is installed in the windowsdirectory under a variable filename, it is also registered in Systemstart with this variable value. Boomerang.exe does not show up on screen. User IS asked for consent prior to installation of searchassistant but not for Boomerang.
    Also the searchassistant.exe has no option for shutting itself down. And since it is also in Systemstart it will practically always run and will always look for updates on 180Solutions Server and install them without user consent.
    Depending on the filename the searchassitant has, the behavior may differ a bit. Some variant do NOT ask for any consent and they do NOT show any licesense agreement or privacy policy.
    Some variants also do not install the Boomerang.exe
    filename variants for the searchassistant.exe are:
    zanu.exe
    zango.exe
    msbb.exe
    sac.exe
    sau.exe
    bmrg.exe
    saap.exe
    180sa.exe
    sahra.exe
    180ax.exe
    samds.exe
    sain.exe
    saip.exe
    sahrb.exe
    sahrc.exe
    sahrd.exe
    Privacy Statement
    Opt In Information. Occasionally, 180solutions may display additional questions to you, inviting you to opt in and supply information that may include demographic information. This demographic information may include, but is not limited to, your age, gender, geographic region and interests. This demographic information is linked to your Anonymous User ID, and is not connected or linked to information that will be used to identify you personally. Any answers you supply are covered by this privacy policy. 180solutions uses this information to learn more about its audience and may share this information with third parties. 180solutions also uses this demographic information to provide you with content and information most likely to be relevant to you.
    IP Addresses. Your use of the 180search Assistant software will involve the transmission of your Internet protocol address ("IP Address") to 180solutions' servers. This IP Address is necessary for communication with you via the Internet and may be used and stored on our servers. With the cooperation of your Internet service provider, it is possible for your IP Address to be used to identify you personally, however, 180solutions agrees that it will not use it for this purpose, unless required to by law.
    Third Party Collection. We may use other third party services to assist us in providing targeted websites to you. These services may place cookies on your hard drive and use the cookies to tailor delivery of these websites to you by profiling your use of a site or advertisements that you select. These services may collect information such as your IP address, your browser type and the date and time that targeted websites were served to you. You should refer to the websites and privacy policies of the services we use, which may include, but are not limited to: Doubleclick, 24/7 Connect, Fastclick, and Commission Junction. To learn about how they collect and use information visit

    Mi acábose...

    Tuesday, October 14, 2008

    Alternativen zu Google

    Quelle
    Platz 5: Yasni.de


    Mit Yasni können Sie selbst herausfinden was das Internet alles über
    Sie weiß. Denn Yasni ist eine spezielle Personensuchmaschine. Dabei
    findet sie Informationen über Sie oder andere Personen nicht nur besser
    als Google, sondern auch strukturierter. Sie durchforstet diverse
    Soziale Netzwerke wie zum Beispiel Facebook.


    Platz 4: Blinkx.com

    Blinkx bietet die Möglichkeiten alle bekannten Videoplattformen, wie
    YouTube oder blip.tv, auf einen Schlag komplett durchsuchen zu lassen.
    Aber auch bei Newsportalen wie CNBC wird Aussicht nach dem gesuchten
    Begriff gehalten.


    Platz 3: Metager.de

    Dieser Dienst führt unterschiedliche Suchmaschinen zusammen. Die Seite
    wird von der Leibniz Universität Hannover betrieben und bietet die
    Möglichkeit, Yahoo, Wikipedia und Co. auf einen Schlag nach den
    gewünschten Begriffen durchsuchen zu lassen. Außerdem kann der User
    wissenschaftliche Suchmaschinen und Spezialsuchmaschinen hinzufügen.


    Platz 2: Exalead.de

    Die Suchmaschine wurde im Rahmen des deutsch-französischen
    Suchmaschinenprojekts Quaero gestartet, das Gerhard Schröder und
    Jacques Chirac 2005 initiierten. Die Seite zeigt ähnliche Begriffe zur
    Suchanfrage und bietet die Möglichkeit, die Suche durch diverse
    Optionen wie Sprache weiter zu verfeinern. Zusätzlich zeigt Exalead für
    jedes Sucherergebnis ein Thumbnail der Seite an.


    Platz 1: Cuil.com

    Diese Suchalternative hebt sich vor allem durch ihren Suchindex hervor.
    Die Seite durchstöbert nach eigenen Angaben 121.617.892.992 Webseiten,
    mehr als jede andere Suchmaschine. Die Ergebnisse werden in drei
    Spalten aufgeteilt und können durch bestimmte Schwerpunkte gegliedert
    werden. Cuil verzichtet zudem auf die Speicherung von Suchanfragen.

    Karen's power tools

    BarracudaDrive for Linksys NSLU2

    BarracudaDrive is a secure application server with an integrated scripting language, database engine, WebDAV server, Web File Manager, tiny SSL server, HTTPS tunnel, and various SLL VPN clients for the HTTPS tunnel.
    The NSLU2 (Network Storage Link for USB 2.0 Disk Drives) is a device made by Linksys. It makes USB Flash memory and hard disks accessible over a network (NAS).
    The SQLite database engine and the Lua scripting language are integrated into the BarracudaDrive server. The server supports what is known as Lua Server Pages (LSP). BarracudaDrive LSP applications are deployed as standard ZIP files. The ZIP files, which are in the "applications" sub directory, are loaded and mounted as read only file systems by the application server.
    The server comes with a Content Management System and an Electronic Bulletin Board implemented by using LSP. The server also comes with an application designed explicitly to help new users configure the server by using a browser.
    The blog engine powering this site is the same blog engine that comes with the BarracudaDrive application server. You can visit the Content Management System home page if you like to know more about the blog and the CMS engine, but please note that the CMS is just one of many applications in the BarracudaDrive server.

    Running an application server such as BarracudaDrive on the NSLU2, by using an external USB flash memory for storing the database files, yields an application server that is virtually maintenance free.
    Technically, the server should run 24/7 for a good 20 years.

    BarracudaDrive, or BD for short, is a product developed by using the Barracuda Embedded Web Server SDK and is well suited for running on the NSLU2. BarracudaDrive is a commercial product, but we are offering a free version for Unslung.

    BarracudaDrive Application Server

    Source

    Easily turn any computer into a Web Server
    Easy To Use

    • Designed to be secure for non techies.
    • Host your own web site on your home or business computer.
    • Contains step by step instructions for how to configure the server and your home/business network.
    • Automatically configures home/business routers, if installed on a private network.
    • Includes instructions on how to get a free sub domain name or how to use your own domain name.
    • Includes a Dynamic DNS client that keeps your domain name working
      if you have a varying IP address -- i.e. a dynamic WAN IP address.
    • Optimized for slow networks such as DSL and cable modems.

    Typical BarracudaDrive deployment:



    Typical BarracudaDrive deploymentEasy Web Page Creator
    (Content Management System)

    The webserver blog
    The Barracuda HTTPS Tunnel
    The Barracuda HTTPS Tunnel acts as a SOCKS, HTTP, and HTTPS proxy server.
    The HTTPS Tunnel allows you to use your Internet applications such as your browser anonymously, despite firewalls. The Barracuda HTTPS Tunnel also supports a direct tunnel for protocols that do not support proxying; such as TELNET, FTP, VNC, and most Internet protocols.
    Interactive tunnel overview:
    Tunnel overview
    See our SSL VPN solutions for a gentle introduction.
    Use Cases

    contig

    Source
    There are a number of NT disk defraggers on the market, including Winternals Defrag Manager. These tools are useful for performing a general defragmentation of disks, but while most files are defragmented on drives processed by these utilities, some files may not be. In addition, it is difficult to ensure that particular files that are frequently used are defragmented - they may remain fragmented for reasons that are specific to the defragmentation algorithms used by the defragging product that has been applied. Finally, even if all files have been defragmented, subsequent changes to critical files could cause them to become fragmented. Only by running an entire defrag operation can one hope that they might be defragmented again.

    Contig is a single-file defragmenter that attempts to make files contiguous on disk. Its perfect for quickly optimizing files that are continuously becoming fragmented, or that you want to ensure are in as few fragments as possible.

    Using Contig

    Contig works on NT 4.0 and higher. Contig can be used to defrag an existing file, or to create a new file of a specified size and name, optimizing its placement on disk. Contig uses standard Windows defragmentation APIs so it won't cause disk corruption, even if you terminate it while its running.


    To make an existing file contiguous use Contig as follows:

    Usage: contig [-v] [-a] [-q] [-s] [filename]

    -vUse the -v switch to have Contig print out information about the file defrag operations that are performed.
    -a If you want to simply see how fragmented a file or files have become, use the -a switch to have Contig analyze fragmentation.
    -qThe -q switch, which over-rides the -v switch, makes Contig run in "quiet" mode, where the only thing it prints during a defrag run is summary information.
    -sUse the -s switch to perform a recursive processing of subdirectories when you specify a filename with wildcards.


    For instance, to defragment all DLLs under c:\winnt you could enter "contig -s c:\winnt\*.dll".

    To make a new file that is defragmented upon creation, use Contig like this:

    Usage: contig [-v] [-n filename length]

    How it works
    Contig
    uses the native Windows NT defragmentation support that was introduced with NT 4.0 (see my documentation of the defrag APIs for more information). It first scans the disk collecting the locations and sizes of free areas. Then it determines where the file in question is located. Next, Contig decides whether the file can be optimized, based on free areas and the number of fragments the file currently consists of. If the file can be optimized, it is moved into the free spaces of the disk.


    Download Contig
    (100 KB)

    Run Contig now from Live.Sysinternals.com

    Optimización básica

    SOURCE
    Una de las razones principales por el cual el sistema operativo se hace lento e inestable es la falta de mantenimiento, esto se puede evitar realizando por lo menos 1 vez al mes estos pasos y en el mismo orden en que se le presentan:
    • Limpie cookies, temporales y algunos archivos innecesarios con, CCleaner(gratuito).
    • Elimine programas, aplicaciones, o datos de usuario que no necesite, para eliminar los programas debe hacerlo con su respectivo desinstalador o desde Agregar o quitar programas desde el Panel de control.
    • Limpie el registro de entradas innecesarias con el CCleaner(gratuito).
    • Realice un diagnóstico completo del disco duro con ScanDisk (para Windows 9x) o CHKDSK (para Windows NT) para identificar errores en el disco duro o posibles fallos. Vease Realizar examen de disco para hacer el diagnóstico completo.
    • Realice una desfragmentación de todas las unidades de disco duro presentes, esto organizará los datos en el disco duro, con esto logrará que se consigan más rápidamente los archivos y carpetas y el sistema acceda más rápido a los datos. Para conocer el desfragmentador siga el siguiente enlace ¿Para qué sirve y cómo se utiliza el Desfragmentador de disco?
    • Libere el escritorio de Windows de íconos, esto permitirá que el escritorio cargue más rápidamente.
    • Libere el menú inicio de programas o agrupe todos los programas similares o sueltos en una sola carpeta, esto acelerará el despliegue del menú Inicio.

    Otras Optimizaciones.
    Si con lo antes mencionado no logra que el sistema o las aplicaciones se ejecuten más rápidamente puede intentar estos pasos:
    • Para Windows XP: Disminuya la cantidad de efectos gráficos, si no le importa el aspecto de Windows XP podría colocar el tema clásico de Windows (como el de Windows 98/ME/2000), al hacer esto la velocidad aumentará muy considerablemente, pero esto no es lo único que puede disminuir, en las opciones de rendimiento (clic derecho a MI PC / Propiedades / Pestaña Opciones avanzadas / Clic en el botón Configuración de la zona Rendimiento) tenemos la posibilidad disminuir los efectos gráficos como sombras, colores, los efectos Smoot y muchos más, lo que hará que el sistema vuele :). Recomendaciones de efectos a desactivar:
      Atenuar o deslizar los menús en la vista
      Mostrar contenido de la ventana mientras se arrastra
      Mostrar sombras bajo los menús
      Usar imagen de fondo para cada tipo de carpeta
    • Todos menos Windows 2000: Quite aplicaciones del inicio mediante el MSCONFIG, se recomienda quitar aquellas que se ejecutan automáticamente al inicio del sistema, que tengan que ver con actualizaciones automáticas y programas que no use. Si tiene dudas de alguna aplicación, no sabe para que sirve o no conoce el proceso puede buscar el nombre del proceso en Google . Véase Uso del MSCONFIG para conocer su funcionamiento en XP.
    • Para Windows XP: Desactive servicios innecesarios del sistema, si logra hacerlo con éxito el sistema se iniciará más rápidamente y tendrá a su disposición mayor cantidad de memoria disponible. Véase Los Servicios De Windows XP para información de servicios de Windows.
    Sistema lento por falta de mantenimiento físico
    Un computador puede mostrar síntomas de lentitud por falta de mantenimiento físico. Cuando hay mucho polvo en los ventiladores suelen girar lentamente, los componentes empiezan a calentarse más y el calor se acumula dentro del cajón, provocando que los dispositivos no funcionen a su velocidad normal. Para realizar un mantenimiento completo y tener buena refrigeración vea estos enlaces:

    Monday, October 13, 2008

    Snort.org

    What is Snort?
    SNORT® is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry.

    Das Synchronisationstalent Dropbox

    Von Christian Meyer
    Quelle
    Dropbox

    Intrusion Detection und Prevention... (Buch)

    prevx.com

    Source

    Prevx CSI

    Free PC Check

    What does Prevx CSI do?
    Scans your PC checking for active malware
    Prevx CSI includes a very fast malware scanner that will find and fix active rootkit, spyware, trojan, virus and malware infections in about 1 minute. It's free and you can use it as often as you like, you only pay if you want to use Prevx CSI to remove infections.

    Finds and fixes all types of PC infections Prevx CSI can be used free of charge to find active infections including rootkits and advanced spyware. You can use it as often as you like for free to ensure nothing has bypassed your antivirus or other security software. If your PC is infected you can use Prevx CSI to remove the infection and restore your PC to good health. Removal requires the purchase of a license key from our website.

    How does Prevx CSI find infections that other security products missed?Prevx CSI has been used by more than 2 million people to find and remove PC infections that were missed by other security products. Our database includes details of more than 3.5 million infections and we add protection for more than 500,000 new infections every month. That's more than any other security company. Most anti-virus products will only detect about 50% of the new threats we see every month.

    Use Prevx CSI free PC check to find rootkit, spyware, trojan, virus and malware infections on your PC
    Simply download and run Prevx CSI, it will check your PC for active infections in about a minute
    Check your PC and remove malware infections in around a minute with the World's fastest malware scanner.

    Prevx CSI at a glance
    • Ultra-fast scanner typically takes just a minute
    • Works with all major antivirus and security products
    • Always up to date with the World's largest threat database
    • Finds advanced spyware
    • Finds low volume targeted attack malware
    • Finds viruses, Trojans, Adware, Bots
    • Provides free detection
    • Can be run as often as you like
    • You only need pay to remove infections
    • The easiest and fastest guaranteed way to restore your PC to full health and safety
    Don't risk using an infected PC when fixing it is so cheap and easy

    ---------------------------------------------------------
    Prevx 2.0 (anti-malware) Protect your PC from rootkits, spyware, trojans, worms, viruses, and any other malicious files threatening your PC security.
    • Desktop / Laptop

    Windows XP and Windows 2000 Professional
    (All versions - 32/64bit)



    Windows Vista Beta (All versions - 32/64bit)
    (Please Note this is a BETA release - You must use an Admin type account and disable UAC).
    To
    turn off User Account Control (UAC) in Vista go to the Vista Control
    Panel, User Accounts and Family Safety, User Accounts, Turn User
    Account Control on or off.


    • Server Edition

    Windows 2003 Server (All versions - 32/64bit) and Windows 2000 Server (SP4 only).

    Intrusion Detection System & Intrusion Prevention System

    Tools and Utilities to Monitor Your Network For Suspicious or Malicious Activity
    Free Intrusion Detection Systems
    Source
    Snort for Linux Snort is an open source network intrusion detection system, capable of
    performing real-time traffic analysis and packet logging on IP
    networks. It can perform protocol analysis, content searching/matching
    and can be used to detect a variety of attacks and probes, such as
    buffer overflows, stealth port scans, CGI attacks, SMB probes, OS
    fingerprinting attempts, and much more.

    Snort for Windows Snort is an open source network intrusion detection system, capable of
    performing real-time traffic analysis and packet logging on IP
    networks. It can perform protocol analysis, content searching/matching
    and can be used to detect a variety of attacks and probes, such as
    buffer overflows, stealth port scans, CGI attacks, SMB probes, OS
    fingerprinting attempts, and much more.


    Prevx Home Home computer users remain vulnerable to each new (‘Zero Day’)
    cyber-attack during the critical period between the launch of a new
    attack and a “signature” update becoming available. Spyware tools only
    detect and clean up installed malware AFTER the infection has happened.
    Often threats are missed entirely by traditional security tools. Prevx
    Home STOPS ‘Zero Day’, Spyware and hack attacks and STOPS malicious
    software from installing on your PC.


    SnoopNetCop Standard SnoopNetCop
    Standard is a program that can detect possible packet sniffing attack
    on your network. LAN cards has two oprating modes, 'normal mode' and
    'promiscuous mode'.


    AIDE (Advanced Intrusion Detection Environment)
    AIDE (Advanced Intrusion Detection Environment) is a free replacement
    for Tripwire. It does the same things as the semi-free Tripwire and
    more.


    Prelude Prelude is a new innovative Hybrid Intrusion Detection system designed to be very modular, distributed, rock solid and fast.


    Foundstone Attacker A TCP/UDP port listener.


    Foundstone Carbonite A Linux Kernel Module to aid in RootKit detection.


    Foundstone Filewatch A file change monitor. Used with BlackICE Defender.

    More Intrusion Detection System Software

    Computación confiable vs. Computación traicionera

    Source
    Trusted Computing vs. Treacherous Computing
    La organización
    Free Software Foundation (FSF) inició en el 2006 una campaña contra
    Windows Vista, para lo cual creó el sitio Badvista.org

    La
    finalidad del sitio es "poner de relieve las desventajas de Vista y
    potenciar el uso de alternativas de gratuitas como el sistema operativo
    gNewSense.

    La campaña de Microsoft en Vista Trusted Computing (computación confiable),
    que según FSF es más bien Treacherous Computing (computación
    traicionera). En principio, la tecnología de Trusted Computing apunta a
    proteger contenidos como música y películas contra la piratería.

    Según
    FSF, esta tecnología también hace que el usuario pierda el control
    sobre su propia máquina.:


    "Microsoft ha iniciado uno de los
    lanzamientos más grandes de su historia y usa su dinero de marketing
    para desinformar a los medios y usuarios sobre los objetivos de Windows
    Vista. Nuestra campaña planteará la siguiente pregunta:"

    ¿Desea usted
    liberarse personalmente y liberar a su empresa? ¿Desea independizarse
    de Microsoft?

    What's wrong with Vista?

    Source
    Microsoft's new Windows Vista operating system is a giant step backward for your freedoms.
    Usually, new software enables you to do more with your computer. Vista, though, is designed to restrict what you can do.
    Vista enforces new forms of “Digital Rights Management (DRM)”. DRM is more accurately called Digital Restrictions Management, because it is a technology that Big Media and computer companies try to impose on us all, in order to have control over how our computers are used.
    Technology security expert Bruce Schneier explains it most concisely:

    Windows Vista includes an array of “features” that you don't want. These features will make your computer less reliable and less secure. They'll make your computer less stable and run slower. They will cause technical support problems. They may even require you to upgrade some of your peripheral hardware and existing software. And these features won't do anything useful. In fact, they're working against you. They're digital rights management (DRM) features built into Vista at the behest of the entertainment industry—And you don't get to refuse them.

    DRM gives power to Microsoft and Big Media.
    • They decide which programs you can and can't use on your computer
    • They decide which features of your computer or software you can use at any given moment
    • They force you to install new programs even when you don't want to (and, of course, pay for the privilege)
    • They restrict your access to certain programs and even to your own data files

    DRM is enforced by technological barriers. You try to do something, and your computer tells you that you can't. To make this effective, your computer has to be constantly monitoring what you are doing. This constant monitoring uses computing power and memory, and is a large part of the reason why Microsoft is telling you that you have to buy new and more powerful hardware in order to run Vista. They want you to buy new hardware not because you need it, but because your computer needs it in order to be more effective at restricting what you do.
    Microsoft and other computer companies sometimes refer to these restrictions as “Trusted Computing.” Given that they are designed to make it so that your computer stops trusting you and starts trusting Microsoft, these restrictions are more appropriately called “Treacherous Computing”.

    Even when you legally buy Vista, you don't own it.
    Windows Vista, like previous versions of Windows, is proprietary software: leased to you under a license that severely restricts how you can use it, and without source code, so nobody but Microsoft can change it or even verify what it really does.

    Microsoft says it best:

    The software is licensed, not sold. This agreement only gives you some rights to use the software. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways.

    To make it even more confusing, different versions of Vista have different licensing restrictions. You can read all of the licenses at http://www.microsoft.com/about/legal/useterms/default.aspx.
    It's painful to read the licenses, and this is often why people don't object to them. But if we don't start objecting, we will lose valuable freedoms. Here are some of the ridiculous restrictions you will find in your reading:

    • If your copy of Vista came with the purchase of a new computer, that copy of Vista may only be legally used on that machine, forever.
    • If you bought Vista in a retail store and installed it on a machine you already owned, you have to completely delete it on that machine before you can install it on another machine.
    • You give Microsoft the right, through programs like Windows Defender, to delete programs from your system that it decides are spyware.
    • You consent to being spied upon by Microsoft, through the “Windows Genuine Advantage” system. This system tries to identify instances of copying that Microsoft thinks are illegitimate. Unfortunately, a recent study indicated that this system has already screwed up in over 500,000 cases.
    Free software like GNU/Linux does not require you to consent to these absurd licensing terms. It is called free software because you are free to make as many copies as you want, and to share it with as many friends as you want. Nobody will be monitoring your actions or falsely calling you a thief.

    ...
    ...

    Bad Vista Campaign

    The BadVista campaign is an advocate for the freedom of computer users, opposing adoption of Microsoft Windows Vista and promoting free (as in freedom) software alternatives.
    Read more...

    Intrusion Detection System

    An Intrusion Detection System (IDS) is a software or hardware tool used to detect unauthorized access of a computer system or network.

    An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet. These attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled employees. An IDS cannot directly detect attacks within properly encrypted traffic.

    An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).

    Types of Intrusion-Detection systems
    In a network-based intrusion-detection system (NIDS), the sensors are located at choke points in network to be monitored, often in the demilitarized zone (DMZ) or at network borders. The sensor captures all network traffic and analyzes the content of individual packets for malicious traffic. In systems, PIDS and APIDS are used to monitor the transport and protocols illegal or inappropriate traffic or constructs of language (say SQL). In a host-based system, the sensor usually consists of a software agent, which monitors all activity of the host on which it is installed. Hybrids of these two systems also exist.

    • A protocol-based intrusion detection system (PIDS) consists of a system or agent that would typically sit at the front end of a server, monitoring and analyzing the communication protocol between a connected device (a user/PC or system). For a web server this would typically monitor the HTTPS protocol stream and understand the HTTP protocol relative to the web server/system it is trying to protect. Where HTTPS is in use then this system would need to reside in the "shim" or interface between where HTTPS is un-encrypted and immediately prior to it entering the Web presentation layer.
    • An application protocol-based intrusion detection system (APIDS) consists of a system or agent that would typically sit within a group of servers, monitoring and analyzing the communication on application specific protocols. For example; in a web server with database this would monitor the SQL protocol specific to the middleware/business-login as it transacts with the database.
    • A host-based intrusion detection system (HIDS) consists of an agent on a host which identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state. An example of a HIDS is OSSEC.
    • A hybrid intrusion detection system combines two or more approaches. Host agent data is combined with network information to form a comprehensive view of the network. An example of a Hybrid IDS is Prelude.

    Passive system vs. reactive system
    In a passive system, the intrusion detection system (IDS) sensor detects a potential security breach, logs the information and signals an alert on the console and or owner. In a reactive system, also known as an
    intrusion prevention system (IPS), the IDS responds to the suspicious activity by resetting the connection or by reprogramming the firewall to block network traffic from the suspected malicious source. This can happen automatically or at the command of an operator.

    Though they both relate to network security, an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.

    This is traditionally achieved by examining network communications, identifying heuristics and patterns (often known as signatures) of common computer attacks, and taking action to alert operators. A system which terminates connections is called an intrusion prevention system, and is another form of an application layer firewall.

    IDS evasion techniques
    Intrusion detection system evasion techniques
    bypass detection by creating different states on the IDS and on the targeted computer. The adversary accomplishes this by manipulating either the attack itself or the network traffic that contains the attack.

    An IDS can be composed of several components: Sensors which generate security events, a Console to monitor events and alerts and control the sensors, and a central Engine that records events logged by the sensors in a database and uses a system of rules to generate alerts from security events received. There are several ways to categorize an IDS depending on the type and location of the sensors and the methodology used by the engine to generate alerts. In many simple IDS implementations all three components are combined in a single device or appliance.

    Norton Safe Web

    How do you know when you’re visiting a safe Web site?
    Attractive site design and the appearance of legitimacy can simply
    disguise a site that aims to steal your identity, co-opt your computer
    to spam others, or simply take your hard-earned cash.
    That’s
    why Norton Safe Web is one of our most exciting new beta projects. It
    is a new Web safety solution based on Symantec's automated analysis of
    Web sites in order to determine their potential impact on you and your
    computer.
    The Norton Safe Web beta makes it easy for
    you to differentiate safe sites from malicious ones by providing visual
    site ratings within everyday search results from top search sites like
    Google, Yahoo! and Live Search. Additionally, due to the nature of
    security threats on the Web, Norton Safe Web will also warn you before
    you visit a site that contains malicious content.




    Accessible
    from the Norton Internet Security 2009 Norton Toolbar installed on your
    PC, once you download the Norton Safe Web beta plug-in, we let you know
    how safe a particular Web site might be before you view it. If you need
    to find out more about how a Web site might behave, we provide more
    detailed information on the Norton Safe Web Report.



    The
    Norton Safe Web Beta is available exclusively to Norton Internet
    Security 2009 users
    who want to experience the latest solution against
    online threats. If you are ready to install the Norton Safe Web plug-in
    now, please click here. . If you do not have Norton Internet Security 2009, you may purchase a subscription at http://shop.symantecstore.com/store/symnahho/en_US/DisplayProductDetailsPage/ThemeID.106300/productID.105548000.