RAID-5 en Windows Server 2003

Raid5- Mirror C Partition
"Can I just add another dive and then use windows disk manager to mirror c:?"
Technically speaking yes you could software mirror. This is where you need to educated yourself to the difference between hardware raid and software raid.
Here is what you need to understand:
1. you lose two disks in your 3 disk raid5 you lost everything and you are only as good as your last backup. Google Hot Spare
2. if you software mirror the OS partition to another drive if you lost the raid5 array you lost everything except the OS [no data only os - back to #1]
3. if you lost the OS partition [and its boot] on the raid5 array you should be able to boot to the mirror and still access your data IF the OS sees the original OS as gone. If the partition is still there but not mountable it will be assigned a drive letter and you will not be able to mount your server programs or access data via the original drive letters.
No real failover here which makes this a waste of time and resources.
Now if you used a server version of cloning software you could clone the OS partition to a drive and then mirror that drive via the hardware. Then you could repartition the raid5 array and restore from backup so the drive letters/partitions all matched before the change [so everything works]. You would need two additional drives to accomplish this.

Configuración de un volumen seccionado con paridad (RAID-5) en Windows Server 2003
Un volumen seccionado con paridad, también denominada RAID-5 en Windows Server 2003, combina áreas de espacio libre de varios discos duros (de 3 a 32) en un volumen lógico.
La paridad es información redundante asociada con un bloque de información. En los productos Windows Server 2003, la paridad es un valor calculado que se utiliza para reconstruir datos después de producirse un error. Los volúmenes RAID-5 crean bandas de datos y paridad en un conjunto de discos. Cuando se produce un error en un disco, Windows Server 2003 utiliza la información de paridad para volver a crear los datos en el disco con errores.
Debido a esta tolerancia a errores, los administradores propician el uso de volúmenes RAID-5 cuando tanto la integridad de los datos como la velocidad de entrada y salida de los datos son importantes. Los volúmenes RAID-5 no pueden reflejarse ni ampliarse. En un volumen RAID-5 se puede utilizar cualquier sistema de archivos, lo que incluye los sistemas de archivos FAT, FAT32 o NTFS.
NOTA: Ni los archivos del sistema operativo ni los de inicio pueden residir en los discos RAID-5. Sin embargo, puede colocar el archivo de intercambio del sistema en un volumen RAID-5.
Un volumen seccionado (RAID 0) en Windows Server 2003
Un volumen seccionado (RAID 0) combina áreas de espacio libre de varios discos duros (entre 2 y 32) en un único volumen lógico. Los datos escritos en un volumen seccionado se intercalan en todos los discos al mismo tiempo en lugar de secuencialmente. Como consecuencia, el rendimiento del disco será mayor en un volumen RAID 0 en comparación con otro tipo de configuración de disco. Los administradores prefieren utilizar volúmenes seccionados cuando la velocidad de entrada y salida es importante. En un volumen seccionado puede utilizarse cualquier sistema de archivos, incluidos FAT, FAT32 o NTFS.
Reflejar la partición de sistema y de inicio (RAID1) en Windows Server 2003
Solucionar problemas
Una vez actualizado un disco básico a dinámico, las particiones existentes del disco básico se convierten en volúmenes simples (dinámicos). No puede volver a cambiar los volúmenes dinámicos a particiones.
Un disco dinámico no puede contener particiones ni unidades lógicas y no puede tener acceso a ellos mediante MS-DOS ni cualquier sistema operativo Windows que no sea Windows 2003.
Inicio desde el espejo cuando se pierde la partición primaria
Recuperación de una partición del sistema o de inicio reflejada que produce un error
Hardware RAID 5 on windows 2003
RAID 5 installation
Adding external drive to RAID
RAID -5 crashed
No backups. The worst mistake you can make with networks... There is no software to recover raid systems if the disks are not able to spin up. 
Now if you can get atleast one of the disks to spin up (depending on what is bad) there is software to recover or they might come up in the array long enough to recover the data. Raid 5 needs two working disks....Now if you have never disassembled a drive before it may not be your best bet. Otherwise as Jason suggested contact ontrack as i have found them the best in the recovery business. Not the cheapest but the best. Depends what your data is worth. www.ontrack.com 

Spyware Warrior

Spyware Warrior Blog
Spyware Warrior Forums
Spyware Warrior Home

Those who have followed the development of this page since 2004 will have noted that the list of "rogue/suspect" anti-spyware products has not been updated since May 2007. Unfortunately, other time commitments have precluded our efforts to keep that list up to date. Since the last update dozens of "new" rogue anti-spyware programs have hit the 'Net. The vast majority of them, however, are not really new, but are simply re-branded clones and knockoffs of the same rogue applications that have been around from years. In most cases, they are being pushed through the same deceptive practices by the same parties responsible for earlier versions. See in particular these "families" of anti-spyware products, which continue to live on through shameless re-branding: 15, 18, 19, 21, 22, & 23.

If you are looking for information on the most recent rogue anti-spyware applications, we recomend visiting these sites:

• BleepingComputer.com: Spyware & Malware Removal Guides
• MalwareBytes: Newest Rogue Threats
• MalwareBytes Blog
• Bharath's Security Blog
• VitalSecurity.org
• Sunbelt Blog

"Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection.
Some of the products listed on this page simply do not provide proven, reliable anti-spyware protection or may be prone to ridiculous false positives. Others may use unfair, deceptive, high pressure sales tactics to scare up sales from gullible, confused users. A very few of these products are either associated with known distributors of spyware/adware or have been known to install spyware/adware themselves. Not all products exhibit the same problems, however. Please see this "note to readers" for more information.
Users are advised to rely on the short list of Trustworthy Anti-Spyware Products with deserved reputations for quality performance.

Criteria & Testing
Criteria that we use to classify anti-spyware programs as "rogue / suspect" are discussed below in the Listing Criteria section.

Testing was performed with most of the apps listed below, though not all of them. The notes section below contains definitions and descriptions of some of the key terms used in the comments for the applications listed. Be sure to consult the Anti-Spyware Family Resemblances and Orphans & Outcasts companion pages for more information on the applications listed.

De-Listed Applications
Some applications that were originally included in this list of "rogue/suspect" anti-spyware programs have been de-listed after the vendors for those programs took steps to correct the problems identified on this page. For each program that has been de-listed there is a note explaining the circumstances at the bottom of the main "rogue/suspect" list. For more information on the process of de-listing application, see THIS discussion below.
Note: before contacting us about programs not included on the main list below, please check the list of lesser-known anti-spyware applications that we have tested as well as the list of legitimate, licensed clones of other anti-spyware programs.

More Information
For additional information on "rogue/suspect" anti-spyware products, see the More Information section towards the bottom of the page. Suzi has put together a "Top 10 Rogue Anti-Spyware" list HERE.
For reports on more extensive testing with a select group of anti-spyware utilities, see HERE. A short list of anti-spyware applications that are recommended as useful and trustworthy can be found on the list of Trustworthy Anti-Spyware Products below. An extended list of quality anti-spyware products is HERE.

If your PC is already infested with spyware or adware, see the instructions below for getting help.

• Rogue/Suspect Anti-Spyware Products
  - Notes
  - Listing Criteria
  - Special Cases
  - De-Listed Applications
  - Not On the List
  - Old News
• Rogue/Suspect Anti-Spyware Sites
  - Bogus Security Pages
• Legitimate/Licensed Clones
• Trustworthy Anti-Spyware Products
• If Your PC is Infested w/ Spyware...
• Google & Anti-Spyware Products
• More Information
  - News Stories
  - Complaints & Enforcement
• About These Web Pages
  - Linking to These Pages
  - Questions & Contact

See also:	Anti-Spyware Family Resemblances Anti-Spyware Orphans & Outcasts
	Anti-Spyware Programs: Feature Comparison
	Anti-Spyware Tests (by Eric L. Howes)
	Protecting Your Privacy & Security on a Home PC
	Ben Edelman - Spyware Research

Trojan & Adware removal procedures

Generic Trojan / Adware Removal Procedures
(2 different procedures you can try for malware removal)
By: David Lipman

Procedure #1

1. Download the following four items (links will open a new browser window)...
   

   McAfee Stinger
   http://vil.nai.com/vil/stinger/
   Trend Sysclean Package
   http://www.trendmicro.com/download/dcs.asp

   Latest Trend Virus Pattern Files. (example; lpt285.zip*)
   http://www.trendmicro.com/download/pattern.asp
   (*The file name lpt285.zip is simply an example name of the file and you'll find the filename posted at TrendMicro will have a higher number than 285. Each time TrendMicro produces new Pattern Files the number in the file name will be incremented accordingly.)

   Ad-Aware SE (free personal edition)
   http://www.lavasoftusa.com/

2. Create a new directory.
   

   • On drive "C:\"
     (e.g., "c:\New Folder")
   • or the desktop
     (e.g., "C:\Documents and Settings\username\Desktop\New Folder")

   Place SYSCLEAN.COM (the Trend Sysclean Package referenced above) into the new directory you created. Extract the latest Trend Virus Pattern Files (Example: lpt$vpn.285 and WHATSNEW.TXT) from the zip file you downloaded above into the same new directory you created. The Trend Pattern File contained in the ZIP file must be placed in the same directory as SYSCLEAN.COM!

   Important: The TrendMicro Pattern file is updated reguarly. Aywhere from once per day to a few times in a day. Always make sure you have the latest version of SYSCLEAN.COM and the Pattern File before you scan your platform. The McAfee Stinger Internet worm and Trojan removal tool is upgraded periodically. Always make sure you have the latest version of McAfee Stinger utility before you scan your platform.

3. Install and Update Ad-Aware with the latest definitions.
   
4. If you are using WinME or WinXP, disable System Restore.
   http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.aspx
   
5. Reboot your PC into Safe Mode [F8 key during boot process].
   How to Boot Into Safe Mode:
   Generic
   Windows XP
   How to perform a clean boot in Windows XP
   
6. Using McAfee Stinger, the Trend Sysclean utility and Ad-Aware, perform a Full Scan of your platform and clean and/or delete any infectors and/or parasites found (a few cycles may be needed).
   
7. Restart your PC and perform a "final" Full Scan of your platform using McAfee Stinger, the Trend Sysclean utility and Ad-Aware.
   
8. If you are using WinME or WinXP,Re-enable System Restore and re-apply any System Restore preferences (e.g. HD space to use suggested 400 ~ 600MB).
   
9. Reboot your PC.
   
10. If you are using WinME or WinXP, create a new Restore point
    

End of Procedure #1

Procedure #2

Download MULTI_AV.EXE from the URL --
http://www.pctipp.ch/index.cfm?pid=1411&pk=28470

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter { http://kixtart.org - Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command Line Scanners to remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files.

End of Procedure #2

Cyber Monday

Ensure you're protected ahead of Cyber Monday

PC Tools' tips for safe online Christmas shopping

1. Use web browser protection
While shopping online you may come across what appear to be legitimate-looking websites created with the express intent of committing financial or identity fraud. Hackers can also infect legitimate or reputable websites, such that by merely going to a website, you could infect your family's computer and expose your personal details and financial welfare to risk.
Reputable browser protection, such as PC Tools Browser Defender, warns you about potentially dangerous websites and identifies websites that are trying to infect or harm your computer - standard option with PC Tools Internet Security.

2. Install comprehensive security protection
You can also help protect yourself from malicious attacks by installing reputable security software such as Spyware Doctor with AntiVirus or PC Tools Internet Security which are recommended by leading independent publications. Make sure your security product has real-time and browser protection, which can block attacks as they happen and while you surf the web, as well as behavioural protection, which helps protect against new and unknown threats.3. Ensure you have the latest updates
Always keep your product up to date. Ensure you are using the inbuilt Smart Update feature which automatically downloads the latest databases and software updates.

4. Do your homework
Check out the website's refund and returns policies, privacy policy and legal notices. These documents should be readily available on online websites. You will want to know for example, what your rights are in relation to any goods you buy on line and how a company deals with your personal details.

5. Be click aware
Be wise about clicking on links in emails from online retailers. Cybercriminals wanting to steal your personal information can now create emails that look exactly the same as those that come from well-known online stores. So even emails that may appear to be from a legitimate company may be dangerous. Make sure you have a powerful spam filter that automatically detects suspicious emails as they arrive in your inbox.

6. Look for the signs
Using your browser, you can view the site's security certificate and verify that it is issued to the web site you intended. A security certificate is designed to give you comfort that the information you send from your computer is kept secure from access by other parties. You should also check that the security certificate is registered to the website you are visiting. You can do this by double clicking on the security icon and verifying that the name in the certificate matches the name of the retailer.

7. Pay using a secure method
If you use a debit card when purchasing from an online shopping site, the purchase amount will be immediately withdrawn from your account and will be more difficult to get back if the transaction turns out to be fraudulent. If you use a credit card you can contest transactions before you pay your monthly statement. Frequent online shoppers should consider setting up a separate credit card with a low limit, so that if their details do get stolen, a thief will be limited in the amount of money they can charge to the card.

8. Don't give out too many details
Online retailers should only require your basic contact details (for example, name, billing address and contact number) and card details in order to process a credit/debit card payment. If you are concerned that a retailer is requesting too much information, contact them by phone to find out why they need so much information, how they plan to use it and if they have a privacy policy to protect you.

9. Keep records of the transaction
Make sure you print and save records of any online transactions, including the product description, price and the receipt of payment. If the site turns out to be fraudulent, you'll need this information to advise the relevant authorities in order to try to get your money back.

How to restore a Windows 2003 DC using ASR and VMWare

Source

The following procedure should work for any type of hardware, but I’ve used VMWare (so this procedure is also valid if you want to convert a physical Domain Controller to VMWare). Additionally, the procedure works for Windows 2003 server, but also for Windows XP (professional)

Prerequisites :

• ASR backup .bkf file and the ASR floppy that corresponds with the ASR backup file. If you want to re-create the ASR floppy, have a look at http://support.microsoft.com/kb/325854/en-us
• Converted ASR floppy (use a tool such as winimage to convert the floppy into a .ima or .img file, and then rename the .ima/.img file to .flp, or have a look at http://www.vmware.com/community/thread.jspa;jsessionid=9977DD123ECD2AA3C2E131C02E35998E?messageID=210767&#210767 or http://www.vmware.com/community/thread.jspa?threadID=18046 )
• You will need to be able to have access to the .bkf file during the Windows setup in ASR mode.This is somewhat tricky. The only 2 ways I know of that work (read : that I have tested myself) is either back up to tape, and have the tape drive and tape available during the ASR restore; or back up to disk and put the bkf on a server in the vmware environment. Share the folder containing the bkf. Just don’t put the bkf file on the disks that will contain the Windows server afterwards, because all data will be removed during the ASR setup. According to some people, you should be able to put the bkf file on one of the disks in the server where ASR will run on. As long as it does not sit on the partition that has system files on it, and as long as the partition that will hold the bkf file is also available in the real DC, it should work. (But I tend not to believe this statement, because one of the first steps in the process is actually clearing the partitions and volumes on the disks… so the disk containing the bkf file would be emptied as well… right ?)
• Disk configuration of the physical server (size of each disk)
• Windows 2003 server CD
• Make sure the vmware machine does not have access to the production machine, if you are trying this for simulation/testing purposes. Set the virtual machine to use a vmware internal network, without connection to the rest of the network.
• Other backup sets (recent System State, Sysvol contents, …)

Before you start : Do not EVER EVER put the same machine twice on the same network. This will create havoc and in case of a DC, possible ruin your entire AD. Make sure to put the "to be restored" DC in an isolated network segment, without access to the real DC.

First all all, create a VMWare virtual machine, and make sure to create virtual disks that have at least the same size as the disks in the servers. (Note : I’m referring to disks, not partitions.) If your DC has 3 partitions of 12Gb, and the total disk is 36Gb, make sure to create 1 virtual disk of at least 36Gb.

Boot the vmware machine (boot from the Windows 2003 server CD.) When prompted, press F2 to enter ASR mode.

When you are prompted to insert the ASR Disk, mount the .flp file containing the ASR floppy. (Or just mount the physical floppy).

Windows setup will continue "loading files…", just wait until the following screen appears :

Press "C" to continue the setup. This step will remove everything that is on the disks listed in this view.

Next, the disks will be formatted and checked…

… and Windows setup will continue copying files :

Wait until this process has completed.

The system will reboot into the graphical mode of the ASR process. Make sure to change the BIOS not to boot from CD or floppy. (or press ESC at boot time to show the boot menu). You’ll end up at the ASR Welcome screen. Click next to continue (or just wait 90 seconds)

Select the path that contains the ASR .bkf file. If you have put the file on a fileserver in your vmware environment, you should be able to put in the UNC path to the folder (\\ip\sharename) and continue the restore process over the network. If you are doing this on a physical server and if you have put the asr backup on tape, the server should be able to detect the tape and find the asr backup automaticall. Of course, you can also browse to the bkf file over the network when you are performing a bare metal restore onto a physical server.

One more quick note on accessing a file server on the network. The network driver will be loaded in ASR mode, but you will need to make sure there’s a DHCP server in the network. If you are doing this in an isolated environment, you can put another 2003 server in the same isolated vmware environment, and install DHCP on that machine. The DHCP should be up and running at the time the "to be restored" server boots into ASR graphical mode. If DHCP doesn’t work, you can also rely on APIPA. Use a sniffer (wireshark) on the file server to see the APIPA address of the "to be restored" server :

Give the file server an apipa address in the same network range, and the two should be able to talk to each other. In my example, the file server (it actually is a Windows XP) has IP 169.254.145.192, the server has 169.254.145.191 (I got that address from the sniffer)

Go back to the ASR process. When you are at the dialog window to select your backup file, click "browse", and enter the UNC path to the share on the server. In my example, that is \\169.254.145.192\data. Provide a user/password to connect, when asked.

Select the bkf file that is stored on the server and click "open"

Click "next" to continue the process

Click "finish" to starting restoring

Wait until the process has completed. The ntbackup application will close and the server will reboot automatically.

When the machine reboots, a couple of things might happen

1. The server boots and works fine. Congratulations. Even if you need to install display drivers or some other drivers after the boot, you still made it successfully. And if you planned for these types of scenario’s, you could restore your DC in half an hour or so…
2. The server doesn’t boot. Try to repair the installation by booting with the 2003 server cd and go into repair mode. (You can choose to repair the Windows installation after the setup process has detected an existing Windows installation). If that doesn’t work, have a look at the following Microsoft KB’s :
   1. http://support.microsoft.com/kb/325375/en-us
   2. http://support.microsoft.com/kb/842009/en-us
   3. http://support.microsoft.com/kb/811944/en-us
   4. http://support.microsoft.com/kb/836421/en-us

If you get your DC to work, just check the Network Interface properties. If you do a ASR restore, odds are that the Firewall will be turned on again. Make sure to turn it off if that is what you need. You might need to reboot to get AD to run properly.

Event log : MSDTC errors/warnings

Finally, check the event log. There’s a pretty good chance that you will see MSDTC errors/warnings in the event log. You can clean these up using the following procedures :

Error EventID 53258

If the Event Log Application contains :

Source: MSDTC
Type: Warning
Category: SVC
Event ID: 53258
Description: MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1

Start equipment Component Services (Start - Programs - Administrative Tools).
Expand Component Services.
Expand section Computers.
Right click on My Computer, select Properties, MSDTC tab.
Select Security Configuration, then OK.
Select OK again.
Right click on My Computer, and select Stop MS DTC. This will stop the Distributed Transaction Coordinator.
Right click again on My Computer, and select Start MS DTC.

Also, make sure "Network Service" has full control on HKLM\Software\Microsoft\MSDTC and everything below. Then restart the server.

Error EventID 4404

Source: MSDTC
Type: Error
Category: Tracing Infrastructure
Event ID: 4404
Description: MS DTC Tracing infrastructure: the initialization of the tracing infrastructure failed. Internal Information: msdtc_trace: File: d:\srvrtm\com\complus\dtc\dtc\trace\src\tracelib.cpp, Line: 1107, StartTrace Failed, hr=0×80070070

Start equipment Component Services (Start - Programs - Administrative Tools).
Expand Component Services.
Right click on My Computer, select Properties, MSDTC tab.
Choose Tracing Options.
Select Stop Session, New Session, Flush Data, and OK twice.
Right click on My Computer, and select Stop MS DTC. This will stop the Distributed Transaction Coordinator.
Right click again on My Computer, and select Start MS DTC.

Errors EventID 1058, 1030

Source: Userenv
Type: Error
Event ID: 1058
Description: Windows cannot access the file gpt.ini for GPO CN = {31B2F340-016D-11D2-945F-00C04FB984F9}, CN=Policies, CN=System, DC=test, DC=net. The file must be present at the location <\\ test.net \sysvol \test.net \Policies \ {31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The network location cannot be reached. For information about network troubleshooting, see Windows Help.). Group Policy processing aborted.

or also

Source: Userenv
Type: Error
Event ID: 1030
Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

A full description of the solution is contained in article Microsoft #842804 at http://support.microsoft.com/?id=842804 . Be sure that:
Netlogon and DFS services are started.
The Controller of the domain valid reads and applies rules from Domain Controllers Policy.
The NTFS-rights to common resource Sysvol are configured correctly.
DNS records on server DNS are correct.

Other problems

If you try to open AD U&C, and you’re getting the following error : "Naming information cannot be located because the specified domain either does not exist or cannot be contacted. Contact your system administrator to verify that your domain is properly configured and is currently online.", check the Windows Time service and make sure it is running. Check DNS and make sure it does not contain any references to DC’s that are not available. Clean up AD (remove dead DC’s) using ntdsutil (see http://support.microsoft.com/kb/216498) and by removing entries in DNS. Reboot and wait for a little while.

Next, check if sysvol and netlogon shares are available. If not, check

http://www.jsifaq.com/SF/Tips/Tip.aspx?id=7979, http://support.microsoft.com/kb/316790, http://support.microsoft.com/kb/836421 and http://support.microsoft.com/kb/315457/.
Reboot and see what happens. If it works, fill up the sysvol folder with the sysvol backup (so you’ll have your scripts and gpo’s back) .

Finally, watch out for events in the Directory Service event log that say that the net logon service was paused. (NTDS Event ID 2103 : The Active Directory database has been restored using an unsupported restoration procedure. Active Directory will be unable to log on users while this condition persists. As a result, the Net Logon service has paused.) If you start the netlogon service manually, you should have a working DC (but you won’t have solved the problem – but that’s ok for now. If you really want to solve this USN Rollback issue as well, check http://blogs.dirteam.com/blogs/jorge/archive/2006/03/08/597.aspx, http://blogs.technet.com/petergal/archive/2006/02/04/418779.aspx, http://support.microsoft.com/kb/885875, http://www.ureader.com/message/1270504.aspx, http://www.mcse.ms/message1743890.html. Good luck)

Now run a dcdiag and look for errors and warnings.
2 more quick notes :

1. The ASR Backup/Restore is based on a ASR backup. Odds are that the ASR backup is a bit older than the last System State backup, so it might be a good idea to take the last ntds.dit file, and perform a Authoritative Restore on this DC.
2. If you had to restore one of the DC’s because all of the other ones died in a Disaster, and the DC you are restoring was not the primary DC, then you need to seize the FSMO roles to this DC. (depending on your environment, if this is the only DC in the forest left for example, you’ll need to seize ALL of the FSMO roles to this DC. You can do this using ntdsutil). http://support.microsoft.com/kb/255504 :

ntdsutil ntdsutil: roles fsmo maintenance: connections server connections: connect to server yourservername Binding to yourservername … Connected to yourservername using credentials of locally logged on user. server connections: q fsmo maintenance: seize domain naming master fsmo maintenance: seize infrastructure master fsmo maintenance: seize PDC fsmo maintenance: seize RID master fsmo maintenance: seize schema master fsmo maintenance: q ntdsutil: q Disconnecting from yourservername…

Additionally, if this is the only DC that will be left over, you will have to clean up all of the other ones (if any) before promoting new servers into the domain. Otherwise, you’ll end up with a lot of errors and warnings, timeouts, … when this restored DC tries to contact other DC’s that aren’t there anymore. Look at Microsoft KB 216498 to remove the dead DC’s

Links :

How to move a Windows installation to different hardware : http://support.microsoft.com/kb/249694
How to perform a disaster recovery restoration of Active Directory on a computer with a different hardware configuration:

http://support.microsoft.com/?id=263532
How to rebuild the SYSVOL tree and its content in a domain:

http://support.microsoft.com/kb/315457/
The Sysvol and Netlogon Shares Are Missing After You Restore a Domain Controller from Backup:

http://support.microsoft.com/kb/316790
A domain controller is not functioning correctly?:

http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8320
windows_bare_metal_recovery:ntbackup:

http://wiki.bacula.org/doku.php?id=windows_bare_metal_recovery:ntbackup
Recover from a system failure using Automated System Recovery:

http://technet2.microsoft.com/windowsserver/en/library/e96185f5-50b7-4b14-a2fd-0155d6b174f91033.mspx?mfr=true
How ASR Works:

http://technet2.microsoft.com/windowsserver/en/library/7b4f0436-cc90-4b52-b6ab-064f9db8d2721033.mspx?mfr=true
Restoring a Domain Controller Through Reinstallation:

http://technet2.microsoft.com/WindowsServer/en/Library/2f44ad0e-f84d-47a2-956b-df3f8554ea541033.mspx
Performing an Authoritative Restore of Active Directory Objects:

http://technet2.microsoft.com/WindowsServer/en/library/690730c7-83ce-4475-b9b4-46f76c9c7c901033.mspx
How backup works:

http://technet2.microsoft.com/windowsserver/en/library/9143ba85-587e-409d-b612-617e6617fece1033.mspx?mfr=true

3rd party tools :
http://www.stratesave.com/html/htmlhelp/meba2d89.htm

Cutting IT costs

Source
For the past few months everyone was hoping the IT industry might be saved the worst of the credit crunch fallout, on the basis that technology is vital to enterprise strategies to increase efficiency, improve services and ultimately benefit the bottom line. However, it is becoming increasingly apparent that CIOs, along with businesses in general, are now facing increased pressures to reduce their IT costs.

In addressing cost cuts, however, one of the central issues that need to be considered is the 'balance of value'. That is, it is crucial to resist the often knee-jerk reaction to simply cut IT costs down to the bone. Rather, one needs to look at the cost/productivity equation: how to reduce costs while at the same time increasing operational efficiency and competitive advantage.

Special report:

Recession and the IT economy
Radical cost-cutting may answer short-term needs but can lead to higher future costs as strategic projects that could improve efficiencies are delayed or deep frozen. With this in mind, it's vital to measure hardware, software and servicing not on cost alone, but in the context of performance and quality.
Here are some key points to consider in these cost-conscious times.
Making the right cut
Consider IT staffing. Before wielding the axe, one should first ask: How productive is the individual? What staffing levels are needed not just to maintain but to improve service delivery? Are our per-capita cost/performance ratios better, the same or worse than other companies in our market sector and against industry best practice?

These questions may seem obvious but to answer them requires a pre-existing benchmark of key performance indicators (KPIs) against which current measurements can be compared.

Without KPI and other IT benchmarking measurements, decisions about where to make cuts or where to spend money can only be based on internal politics, exigency or a best guess. However, gathering this data requires access to third-party best-practice peer and market data.

The conundrum is that in cost-conscious times CIOs are naturally reluctant to invest in benchmarking specialists. However unless the right cuts are made in the right place, the negative impact on service performance may lead to more revenue loss than money saved.

Outsourcing - get the price right
Analyzing outsourcing costs is even more challenging than planning internal cuts. Businesses often feel they are overpaying their IT service providers but can't pinpoint how much or why because of the lack of pricing transparency in the contract.

Cost creep can occur because of loss-leader cutbacks on renewal, because the client wants customized services or because their legacy infrastructure is highly complex.

In such cases, the client should be encouraged by providers to standardize application platforms, eliminate redundant desktops or rationalize service centers to save money.

Apples-to-apples comparisons
Sometimes clients automatically request a premium-level service where a standard one would suffice (however, don't expect providers to point this out, since it's rarely in their interests to do so).
Sometimes a CIO needs a job done in a rush whatever the cost. To save money CIOs should be encouraged to plan ahead and always check with their providers on the cost implications of doing work under time pressure.

However the services are delivered, it is important customers are able to compare what they are paying for a service - such as hosted email or help center support - on an apples-to-apples basis with the competition.

They should be able to make an informed choice between various service components by comparing every supplier's service catalogue and then compare these with the market average. Without this capability, there is no objective basis for knowing if one is paying under or over the
odds for any particular supplier.

Prosper or perish
While benchmarking cost/performance is currently enjoying a renaissance in the wake of cost-saving pressures, there has also been a trend towards companies - and outsource service providers - measuring their cost/performance ratios as a key part of
routine maintenance, or 'good housekeeping'.

This ensures that at any given time both clients and their suppliers can ensure they are working to best market practice. And in the case of service providers, it enables them to make a regular check that their price and quality positioning are competitive.

And those organizations who don't benchmark? Sometimes it's because they are reluctant to face the pain of change or undergo the disciplines involved in cost-containment. Or they may simply feel that the best approach is 'don't fix what ain't broke'.

Mediocre efficiency ratings may not be an issue during economic expansion when there is no compelling need to tighten a few extra points of operational cost but in a recession CIOs can suddenly find themselves under the microscope.

On the upside, tightened fiscal conditions can be just the catalyst needed to galvanize the complacent into action. There is something very focusing in the realization that the health of a company's IT price/performance environment may just be the key determinant in whether it prospers or perishes in the future.

Paul Michaels is director of consulting at Metri...

Windows Server 2003 & XP x64 Editions SP2

Source

There have been a few articles floating around on the Internet since we released the private beta of Windows Server 2003 SP2 a couple of weeks ago.  To remove any mystery or speculation about what this Service Pack 2 is about, I thought I would take a couple of minutes to lay it out.

First off, I know SP1 to Windows Server 2003 made some pretty big changes to the way we do security and it introduced a cycle of application testing and some compatibility issues….this was, however, a necessary evil needed to address server security.

Now that WS03 SP1 is the foundation for security moving forward, SP2 is back to a ‘standard’ service pack from MS…….

What this service pack contains:

• All previously release Security Bulletin Updates
• Roll-ups all individual hotfixes released since RTM of Windows Server 2003
• Provides fixes to increase reliability, robustness and security
• A collection of some customer requested features and features to support Windows Vista
  

What this service pack isn’t:

• It isn’t SP1 :-)

Windows Server 2003 Service Pack 2 will update the following versions:

• Windows Server 2003 Editions (32-bit x86)
• Windows Server 2003 R2 Editions (32-bit x86)
• Windows Server 2003 x64 Editions
• Windows Server 2003 R2 x64 Editions
• Windows Server 2003 for Itanium-based Systems
• Windows XP Professional x64 Edition

Did you catch that last one?  That's right - the same SP2 bits will also update the x64 Edition of Windows Server Professional.  Cool.

Even thought SP2 is a standard service pack meant to  will also introduce a few limited-scope features, which include:

Windows Deployment Services
WDS is an updated and redesigned version of Remote Installation Services (RIS). WDS will be required to support the deployment of Windows Vista. WDS offers this functionality along with improved security surrounding image store, delegation of administration and better management story.

Microsoft Management Console
Microsofr Management Console 3.0 supports richer functionality in snap-ins designed for the MMC 3.0 infrastructure. In addition it allows users to add or remove snap-ins and provides improved error handling via the MMC console. Microsoft Management Console 3.0 replaces its predecessor (v2.1) for Windows Server 2003 customers. This feature is installed by default upon Service Pack 2 installation. 

Wi-Fi Protected Access 2 (WPA2)
Wi-Fi Protected Access enhances the wireless client software with support for the new Wi-Fi Alliance certification for wireless security. The update also makes it easier to connect to secure public spaces that are equipped with wireless Internet access. These locations are otherwise known as "Wi-Fi hotspots". This feature is enabled by default upon Service Pack 2 installation.

Scalable Networking Pack
Scalable Networking Pack supports new hardware that allows TCP offloading capability (aka TOE) to the OS. These changes will scale Windows networking to multi-gigabit link rates and across multiple CPUs. This feature is turned OFF by default and can be enabled only when the specific hardware is present.

Enabling ‘Firewall per port’ Authentication
‘Firewall per port; authentication secures traffic between the Extranet environment and internal assets that are protected via IPsec domain isolation. This feature is enabled by default upon Service Pack 2 installation. 

Performance improvements for SQL Server
Service Pack 2 provides performance improvement for SQL Server 2005 under intensive workloads . These improvements are installed by default upon Service Pack 2 installation.

Enhanced discoverability options in MSConfig
MSConfig now contains an additional tab which provide a single launching point for common support tools that will ease the discoverability of common diagnostic functionality This improvement is turned on by default upon Service Pack 2 installation.

Improved IPSEC Filter Management
Service Pack 2 reduces the filter set that needs to be managed in a Server and Domain Isolation using IPSEC scenario from ~400 filters to just 2 filters. It also removes the need for ongoing filter maintenance due to infrastructure changes. This performance improvement is turned on by default upon Service Pack 2 installation.

Performance improvements under Windows Virtualization
Service Pack 2 improves the performance under high APIC access rate for Windows Server 2003 running as a multiprocessor guest operating system under Windows Virtualization. 

You can keep up to date with SP2's progress at our Service Pack roadmap website:

http://www.microsoft.com/windows/lifecycle/servicepacks.mspx

How to setup Network attached Storage

Source July 17th, 2007

Network-attached storage (NAS) is a dedicated data storage technology. The NAS server provides centralized data storage, which is easily accessible to users who belong to different networks over the Internet. There are different applications that can be implemented using NAS, such as data storage and file sharing. The purpose of the NAS server that I am going to set up, is that of data storage. It is to be used to provide remote backup of the data in clients™ servers.

The Operating System

Next step I have to do is to decide on an OS to setup the NAS server, which is free and easy to use.

I came across the site http://www.openfiler.com/

Openfiler is a project for a open source Network Attached Storage (NAS) OS distribution. It was developed by Xinit Systems and provides a file-based NAS system and block-based Storage Area Networking (SAN) in a single framework. Openfiler brings together almost all storage networking protocols into a single framework.

Installation via VMware :

Openfiler is a standalone Operating System, which requires access to all system resources in order to function. I got confused on how to install it remotely. Then I came to know that it can be installed in a virtual machine environment such as VMware. I decided to try out first in a test server which had a 40GB hard disk.

A VMware Server installs on any existing server hardware .
It partitions a physical server into multiple virtual machines, and provides for more hardware utilization and flexibility. So my first task was to install the VMware server.

The following packages needs to be installed in the remote server – The VMware Server itself and also the Management Interface.
Also install the VMware Server Linux client package, both in the server and your local machine. The rpms for the packages can be downloaded from the VMware site and the installation steps too are documented there. The installation guide can be obtained from

http://pubs.vmware.com/server1/wwhelp/wwhimpl/js/html/wwhelp.htm

Once the VMware installation is complete, you need to connect to the server remotely using the VMware Server client package.
Login using the IP address of the server and root password.

Once you are connected to the VMware server, you need to create a new virtual machine. It would create a set of files that represent a new computer, with a blank, unformatted hard disk, onto which the new operating system can be installed. The virtual disk by default has its disk space preallocated at the time of creation. I created a virtual disk of about 20GB size. The virtual disks are physically located in the folder /var/lib/vmware/Virtual Machines/ .

Now I have to obtain the iso image for the Openfiler OS. I got the latest one, Openfiler 2.1, from http://sourceforge.net/

The Images of CD-ROMs are usually .ISO files. The .iso image was downloaded to the folder that was created for the virtual disk in the remote server, using wget command in SSH. Now, use the virtual machine settings editor to connect the virtual machine’s CD-ROM drive to the .ISO image file, then Power ON the virtual machine. The Openfiler OS would start installing, and you would get a graphical installation screen as per the steps given here:
http://www.openfiler.com/docs/install/graphical_install.html
Once the installation is complete, you can start configuring Openfiler by pointing your browser at the host name or IP address of the Openfiler system. The interface is mounted on https port 446. e.g.
https://test.myserver.com:446.

Installation via Installer :

Now that everything went fine in the test server, I decided to give a try in the real server. But the actual server had a 2 TB hard disk, which made my task difficult. I was not able to use VMware, as the hard disk size was really huge to create virtual disks. So, I started thinking of other options. There was still the restriction of no physical access to the server.

Luckily, I got IPMI access to the server.
The Intelligent Platform Management Interface (IPMI) specification has a set of common interfaces to computer hardware which can be used to monitor system health and to manage the system remotely. The IPMI provided a Text console, which I could make use of in the installation purposes.

But the server wasn’t configured to show the grub menu over the serial console. This would prevent us from selecting alternate kernels during the boot process. I could find that, for grub to work with IPMI, it has to be enabled for the serial console. Follow the steps given below to do this.

Find the serial port number and speed used on your server:

# grep agetty /etc/inittab

On my server the console is connected to serial port 1 with a speed of 19200:<br />co:2345:respawn:/sbin/agetty<br />ttyS1 19200 vt100-nav<br />Now open /boot/grub/grub.conf, and add the following lines below “hiddenmenu”:<br />serial --unit=1 --speed=19200<br />terminal --timeout=80 console serial<br />Replace the port number , timeout and speed if necessary.<br />To test this out, reboot your server and then connect<br />to the serial console as soon as possible using IPMIView. <br />Eventually,after a minute or so, you should see the following message repeating:<br />Press any key to continue.<br />Press any key to continue.<br />Pressing a key at this point will launch GRUB on the serial console.<br />First off, you would need to download the network installation image for the Openfiler OS that you want to install. I was able to download one boot.iso for Openfiler from <br /><a href=”http://www.rpath.org/rbuilder/project/openfiler/release?id=5076″http://www.rpath.org/rbuilder/project/openfiler/release?id=5076<br />I downloaded the boot.iso image to the server itself, using the wget command. <br />Next, you need to create a temporary directory in which to mount the ISO image to get the files out of it:<br />mkdir /nas<br />mount -o loop<br />boot.iso /nas<br />You also need to create a directory in your /boot directory. The /boot should be on a partition of its own. Copy the boot files from the iso image to the folder created.<br /># mkdir /boot/nas<br /># cp -R /nas/* /boot/nas/<br />Next you need to find the appropriate initial RAM disk and kernel files amongst these boot files. These will generally be called “initrd-xxxxx” and “vmlinuz-xxxxxx” respectively. Now that you have the files in the boot partition, you need to configure GRUB to allow you to boot into the installation.<br />Add the following section to grub.conf file.<br />title NAS install<br />root (hd0,0)<br />kernel<br />/nas/isolinux/vmlinuz console=ttyS1,19200<br />initrd /nas/isolinux/initrd.img

This assumes that your boot partition is /dev/sda1 (or /dev/hda1) as indicated by the “(hd0,0)” part. If your /boot partition is different, you can alter the device accordingly. The “console=ttyS1,19200″ part is very important as it tells the installation program to use the serial console accessible through the IPMI View program for the installation.

Now, you should get the iso image for the openfiler as mentioned earlier. I had a second hard disk of 50GB, in the server. I mounted that as another partition and downloaded the iso image for openfiler to that partition.

Now, reboot the server and choose the NAS install from the grub menu. The installer would start running. Fill in the details appropriately. The installer gives different options for installing the OS, such as NFS, FTP, HTTP, Hard Disk, CDRom etc. I elected the Hard Disk option as my OS image was on the second hard disk. I selected the appropriate hard disk and gave the path to the iso image. Please note that Openfiler does not exist with any other Operating System. The installer would format the entire drive on which its being installed, before installing the packages. The installer successfully completed installing the Openfiler in the 2TB drive of my server in about 4-5 hours. The installation steps are the same as given earlier, http://www.openfiler.com/docs/install/graphical_install.html.
Only difference that it would be text based and not graphical in this case. You can partition the drive manually or automatically, as you prefer. Once the installation is over, Reboot the server and you would be able to get a new server with Openfiler OS installed.

Login to the Interface and configure the Openfiler as per your requirements. A very good manual is available here : http://www.openfiler.com/docs/manual/

The installation process was a Trial and Error method which took up a lot of my time . There may be other effective methods and there are other OS distributions available for NAS. The steps given above depict the way I set up my server.

References:

http://www.openfiler.com/

http://sourceforge.net/docman/?group_id=90725

http://www.vmware.com/support/pubs/server_pubs.html

http://www.znark.com/tech/serialconsole.html

http://www.cyberciti.biz/nixcraft/vivek/blogger/2004/03/how-to-mount-iso-image-under-linux.php

---

About the author: Reeshma
Ajin works as Sr. Software Engineer in Bobcares.com. She has worked in Bobcares for over 4 years and mainly specializes in Linux server administration.

Virtualization using VMware

Source October 18th, 2007

I have been using and recommending Xen for Full Virtualization for a while now. Yet, when I tried to install Xen on my old PC that ran on AMD’s Athlon XP processor, I was not able to enable Full Virtualization using Xen. I know that Xen uses technology that demands higher hardware specifications to provide full virtualization. Somehow, I wanted to make my old PC a fully virtualized machine. I evaluated a few virtualization applications to make that possible. A few of them were..

1. ‘VMware’ and
2. ‘Microsofts Virtual PC’ (it only supports MS-DOS, Windows, and OS/2).

I wanted to use this on Linux, therefore I opted for VMware.
Fortunately it worked like a charm. Now there are four different
Operating Systems are running concurrently on that old PC!.

NOTE : However I think XEN will be the right choice if your sole purpose is ‘Testing’ or you wish to implement Load balancing between the nodes.

Why ‘VMware’

1. Full virtualization is free of cost.
2. Transfer of one VMware node from one server to another is quite simple, just like copying a file.
3. Fewer system requirements than other full virtualization technologies.
4. Provides full virtualization on a wide variety of processors.
5. Free and robust node/server management tools.
6. Extremely faster on VT enabled processors.
7. Widest selection of Guest Operating Systems.
8. If you are not using the free version, there are several other reasons to choose ‘VMware’.

Tested on machines with following configuration

This configuration was based on tests performed on a local machine
and remote production server with the following configuration.

Local Machine
Processor “AMD Athlon XP
Number of Processors 1 No
OS Fedora Core 7
RAM 640 MB
Hard Disk 120 GB No of Nodes Created 4 nos (3 windows and 1 Linux)
Remote Server
Processor Intel(R) Xeon(R)
Number of Processors 3 Nos
OS Fedora Core 7
RAM 16 GB
Hard Disk 320 GB
No of Nodes Created 6 nos (3 windows and 3 Linux)
Configure ‘VMware’ on a remote server
Requirements
2. Pre-install steps
3. Install VMware server
NOTE : Read through the entire installation steps before start installing it on a remote server.
1. Requirements
Compatible Host Operating Systems
You can install VMware Server software on Microsoft Windows or Linux server. It is possible to install a wide variety of Guest Operating Systems on its virtual nodes.
Here we are going to use Fedora Core 7 Operating System for the VMware server on which we are going to create virtual nodes.
Compatible Processors
Intel : Pentium II, Pentium III, Pentium 4, Pentium M Xeon,and EM64T.(Dual-core processors are supported and counted as one processor for licensing.)
AMD : Athlon, Athlon MP, Athlon XP, AMD Opteron, AMD Athlon 64, Turion 64.
Experimental support for AMD Sempron.)
NOTE : Many of these processors are not supported by XEN for Full Virtualization!!! ‘VMware’ is amazing… right?
RAM requirement
It’s best to allocate at least 128 MB of RAM for each guest node.
Hard Disk Space requirement
Hard disk space really depends on the use. Better to provide at least 10 GB for each nodes.
2. Pre - Installation Steps
a. Log into remote server
Log into the server which you wish to make as VMware host server. You must have root access to the system for installing VMware.
b. Check the Kernel
If FC7 has been installed with the option ‘virtualization’ (tools for XEN), your system should have two kernels. Make sure that your system is running under the default FC7 kernel and not the kernel for XEN.
# uname -r
If you are using the XEN kernel the do the following steps.
1. Edit /etc/grub.conf to make the original FC7 kernel as the default kernel to run.
2. reboot the server.
3. Confirm using 'uname -r'
c. Development Support
The OS must have development tools. Use the following command to install them all.
# yum groupinstall "Development Tools"
#yum install gcc gcc-c++
You can also install them from the FC7 installation DVD/CDs.
d. Check whether the running kernel matches the kernel headers
# uname -r; rpm -q kernel-devel
If the versions are not matching run the following commands.
# yum -y upgrade kernel kernel-devel
# reboot
# uname -r; rpm -q kernel-devel (to make sure whether they matches)
If the kernel development tools are not installed currently, then perform the following commands.
# yum install kernel-devel
# uname -r; rpm -q kernel-devel (to make sure whether they matches)
e. Find the location for kernel headers
While installing ‘VMware’ you will be asked for the kernel headers location. You may find it by running the following command.
# ls -d /usr/src/kernels/$(uname -r)*/include
f. Install ‘xinetd’
# yum install xinetd
g. Download the latest VMware patch
Since VMware hasn’t been released for the new kernel version ‘2.6.21-1.3194.fc7′, we have to apply a patch as follows.
#mkdir /usr/src/vmware/ /usr/src/vmware/patch
#cd /usr/src/vmware/patch
#wget http://knihovny.cvut.cz/ftp/pub/vmware/vmware-any-any-update113.tar.gz
# tar -zxvf vmware-any-any-update113.tar.gz
#cd vmware-any-any-update113
Do not run ‘./runme.pl’ now, we will do this later.
h. Obtain the free serial number from ‘VMware.com’
Use the link ‘http://register.vmware.com/content/registration.html’ and register for the free serial code. You have to paste the serial code while installing ‘VMware’. If not you will not be able to install guest OSs on the nodes though you can create virtual nodes.
3. Install VMware server
Installing VMware server is quite simple.
Step : 1
Through RPM
#wget http://download3.vmware.com/software/vmserver/vmware-server-1.0.3-44356.i386.rpm
#rpm -ivh vmware-server-1.0.3-44356.i386.rpm
Through Source
# wget http://download3.vmware.com/software/vmserver/vmware-server-1.0.3-44356.tar.gz
#tar -zxvf Vmware-server-1.0.3-44356.tar.gz
#cd vmware-server-distrib
# ./vmware-install.pl
While doing this you will be prompted for running the VMware configuration script ‘/usr/bin/vmware-config.pl’. Do not run this, we will do it in the next step.
Step : 2
# cd /usr/src/vmware/patch/vmware-any-any-update113
# ./runme.pl
This will patch the kernel and automatically call
‘/usr/bin/VMware-config.pl’.
Simply press ‘enter’ for selecting default values.
You will also have to enter the serial code for activating the software.
NOTE 1 : Remember the VMware port you used while installing VMware?
It’s required to manage the server remotely. I have used the port 902.
NOTE 2 : I would strongly recommend you to never open the VMware port over Internet. Restrict the access of this port from localhost only. Make sure that it is accessible via localhost, else we can’t manage the server via other machine
Create/manage Virtual Nodes
Now lets see how to create and manage nodes on the remote VMware host server. We can do this easily by installing the VMware Server Linux/Windows client package.
On the remote server, do these step
# mkdir /usr/src/vmware
#cd /usr/src/vmware
#wget http://download3.vmware.com/software/vmserver/vmware-server-linux-client-1.0.3-44356.zip
#unzip Vmware-server-linux-client-1.0.3-44356.zip
# rpm -ivh Vmware-server-console-1.0.3-44356.i386.rpm
Connect to the remote VMware server using VMware client
NOTE : The local system must be installed with the VMware Server Linux client package as shown above.
1. Set an ssh tunnel from local system to remote VMware server
Since VMware port ‘902′ on the remote server has been restricted for localhost access only, we are not able to connect to this port directly. Connect(via SSH) to the remote server to setup a tunnel between the systems. This way we can access the VMware port of the remote server via the local port 1902.
# ssh root@remoteserver -L :1902:127.0.0.1:902
or
# ssh root@remoteserver -L 127.0.0.1:1902:127.0.0.1:902
Enter root password to log into the remote VMware server. Make sure that VMware is running fine on this server.
# service vmware status
2. Start the VMware client from local machine<br Open another console on the local machine and type the following command, this will open a graphical window to connect to the remote  server.
# vmware-server-console &
3. Connect to the remote server using the following details
Host name - 127.0.0.1:1902
Username - root
Password - [root password of remote VMware host]
This will open the window to manage your VMware server from the local machine.
If you haven’t blocked the port access over internet, you can ignore step 1 (but make sure that vmware is running fine on the remote server) and use Host Name as follows.
Host name - [remote server IP]:902
Username - root
Password - [root password of remote VMware host]
4. Create/manage nodes
It is quite easy to create, delete, or manage nodes on a VMware server through the client package. The application interface is self explanatory and you can easily use it.
5. Install the Guest Operating System
1. Insert the Windows/Linux CD/DVD in the CD/DVD drive.<br />2. Power on the virtual machine to start installing OS.<br />3. Follow the remaining installation steps as you would for<br />a physical machine.<br />You may also install it from network locations, ISO or from a OS template. You can also create a mirror of the existing node.

NOTE : If you click on the node window and the cursor disappears, you have to press ‘ctr’ + ‘alt’ keys to retrieve the cursor.

Acknowledgment

I would like to express my gratitude to Ajeesh T Vijayan, for helping me with this project.

References

1. http://www.vmware.com
2. http://www.howtoforge.com/vmware_server_fedora7
About the author:
Sibin C has worked for over a year in Bobcares as a System Administrator. His interests mainly lie in writing scripts that will ease the work of system administrators, securing and administrating Linux/Windows servers.

Business Software

2020software.com

Since 1995, this site has represented only the best accounting, ERP and business software systems in their class.

As
you probably know there are tens of thousands of software systems for
sale - there are a number of search engines you can use to get a list
of all products available. But do you have time to weed through them
all?

Our added value is to present this "short-list"
of products that are developed by fiscally stable corporations that
provide excellent support and long-term development strategies.

This site offers a number of free services:

• Free Demos - One form will allow you to request a number of demos.
• Selection Assistance - Provide your requirements and we can assist in the selection of the right system.
• Best Pricing - Receive a proposal from the best local sales consultants.
• Software Comparisons - Compare the top solutions head to head in various categories and industries

Do you need help in determining what's important in a product? Check
out our newly released buying guide for more detail!

• Manufacturing/ERP Software Buying Guide - An SMB's Guide to Buying Manufacturing ERP Software

Do you need help in determining what's important in a product? Check
out our newly released buying guide for more detail!
Manufacturing/ERP Software Buying Guide - An SMB's Guide to Buying Manufacturing ERP Software

Seamless Windows Virtualization in Ubuntu

Source (última edición 2008-10-13)

Rather than have an entire separate Windows desktop, you can run virtualized programs directly on your Linux desktop using the latest (version 1.5.0) rdesktop package that comes with Ubuntu 7.04, and Windows XP Professional's Terminal Services feature.

• You do not however need a whole Windows installation (and therefore not need a virtualization at all) to:
  • run Windows applications in general. This can be done with the open source project [Wine]

  • use Internet Explorer. See InstallingInternetExplorer

  • edit video, develop web applications, etc... There are very many open source alternatives to your old Windows application. See http://www.osalt.com/

• Start a Windows XP pro VM.
  • If using VMware, configure host-only networking, and note the VMs IP address for later.

    • You do not have to use host-only networking. Worked for me with "Custom: Specific visual network" [Ramvi]

  • If using QEmu, use the following command

qemu -m 384 -redir tcp:3389::3389 windows.img</pre></div><p class="line874" align="justify"> <span class="anchor" id="line-20"></span></p><div align="justify"><ul><li><p class="line862">This also works with <a href="https://help.ubuntu.com/community/VirtualBox">VirtualBox</a>, similarly easy as in <a href="https://help.ubuntu.com/community/VmWare">VmWare</a>. The only "tricky" part is configuring a host-only network in <a href="https://help.ubuntu.com/community/VirtualBox">VirtualBox</a>. Check these links for more information:<a class="http" href="http://ubuntuforums.org/showthread.php?p=2062234#post2062234">http://ubuntuforums.org/showthread.php?p=2062234#post2062234</a> and <a class="http" href="http://www.happyassassin.net/2007/02/06/vmware-to-virtualbox/">http://www.happyassassin.net/2007/02/06/vmware-to-virtualbox/</a> <span class="anchor" id="line-21"></span><span class="anchor" id="line-22"></span><span class="anchor" id="line-23"></span></p></li></ul></div><p class="line874" align="justify">This makes any connections to the localhost port 3389 be directed to the QEmu VM on port 3389, where Windows Terminal Services will run. <span class="anchor" id="line-24"></span></p><div align="justify"><ul><li><p class="line862">In the VM, log in as Administrator. Open the Control Panel (click <strong>Start</strong> → <strong>Control Panel</strong>) <span class="anchor" id="line-25"></span></p></li><li><p class="line862">Enable Terminal Services: in the control panel, click <strong>User Accounts</strong>. Ensure that <strong>Use the Welcome Screen</strong> and <strong>Fast User Switching</strong> are both checked. Click <strong>OK</strong>. <span class="anchor" id="line-26"></span></p></li><li><p class="line862">Allow remote connections: in the control panel, click <strong>System</strong>. On the <strong>Remote</strong> tab, tick <strong>Allow users to connect remotely to this computer</strong>. If you want to connect to a limited account, click 'Select Remote Users' and make sure the user account is in the list. Click <strong>OK</strong>. <span class="anchor" id="line-27"></span></p></li><li><span class="anchor" id="line-28"></span><br /></li><li><p class="line862">In the VM, download <a class="http" href="http://www.cendio.se/files/thinlinc/seamlessrdp/seamlessrdp.zip">http://www.cendio.se/files/thinlinc/seamlessrdp/seamlessrdp.zip</a>. Extract to <strong>C:\seamlessrdp</strong>. Ensure that the user account that you want to access has permissions to access this folder. Then log out of the VM. <span class="anchor" id="line-29"></span></p></li><li><p class="line862">If you don't have 'Internet > Remote Desktop Viewer' then install <strong>rdesktop</strong> on the host. See <a href="https://help.ubuntu.com/community/InstallingSoftware">InstallingSoftware</a>. <span class="anchor" id="line-30"></span></p></li><li>Test running an application seamlessly. <span class="anchor" id="line-31"></span><span class="anchor" id="line-32"></span></li></ul></div><p class="line867" align="justify"><span class="anchor" id="line-33"></span><span class="anchor" id="line-34"></span></p><div align="justify"><pre>rdesktop -A -s "c:\seamlessrdp\seamlessrdpshell.exe C:\Program Files\Internet Explorer\iexplore.exe" <IP of VM>:3389 -u administrator -p password</pre><span class="anchor" id="line-35"></span><span class="anchor" id="line-36"></span></div><p class="line862" align="justify">For QEmu, use 'localhost' for <IP of VM>. For VMWare and for <a href="https://help.ubuntu.com/community/VirtualBox">VirtualBox</a>, use the IP address noted down earlier. <span class="anchor" id="line-37"></span><span class="anchor" id="line-38"></span></p><p class="line874" align="justify">A large window will pop up briefly with the Windows login screen, then your application should start in its own window. <span class="anchor" id="line-39"></span><span class="anchor" id="line-40"></span></p><p class="line862" align="justify">You can now create a desktop launcher to run the command above in future, when the VM has been started. High-resolution .PNG icons for Windows applications are available from <a class="http" href="http://deviantart.com/">DeviantArt</a>. <span class="anchor" id="line-41"></span><span class="anchor" id="line-42"></span></p><p class="line867" align="justify"> </p><h3 id="Making Windows Apps Look at Home in Ubuntu" align="justify">Making Windows Apps Look at Home in Ubuntu</h3><div align="justify"> <span class="anchor" id="line-43"></span><span class="anchor" id="line-44"></span></div><p class="line874" align="justify">To help Windows apps look at home in Ubuntu, you may configure Windows to use the Ubuntu Human theme. <span class="anchor" id="line-45"></span><span class="anchor" id="line-46"></span></p><p class="line867" align="justify"><img alt="SeamlessVirtualizationWithThemingResized.png" class="attachment" src="https://help.ubuntu.com/community/SeamlessVirtualization?action=AttachFile&do=get&target=SeamlessVirtualizationWithThemingResized.png" title="SeamlessVirtualizationWithThemingResized.png" /> <span class="anchor" id="line-47"></span><span class="anchor" id="line-48"></span></p><div align="justify"><ul><li><p class="line862">In the VM, download the <a class="http" href="http://www.deviantart.com/deviation/37743373/">Human for Windows theme</a> from <a class="http" href="http://www.deviantart.com/download/37743373/">http://www.deviantart.com/download/37743373/</a>. Extract the file to <strong>C:\windows\resources\Themes</strong>. <span class="anchor" id="line-49"></span></p></li><li>In the VM, specify the theme to be used for Terminal Services in\the Group Policy Object Editor.  <span class="anchor" id="line-50"></span><ul><li><p class="line862">Click <strong>Start</strong> → <strong>Run</strong>. Then type <strong>gpedit.msc</strong>.  <span class="anchor" id="line-51"></span></p></li><li><p class="line862">In the Group Policy Object Editor, navigate to <strong>User Configuration/Administrative Templates/Control Panel/Display/Desktop Themes</strong>.  <span class="anchor" id="line-52"></span></p></li><li><p class="line862">Open the <strong>Load a specific visual style file or force Windows Classic</strong> setting. Enable the setting, and enter <strong>%windir%\Resources\Themes\Human\Human.msstyles</strong> as the style. <span class="anchor" id="line-53"></span></p></li></ul></li><li><p class="line862">Note: Windows 2003 only must also enable the Theme Service under <strong>services.msc</strong>. <span class="anchor" id="line-54"></span></p></li><li><p class="line862">Log out of Windows (you <strong>must</strong> log out of <strong>all</strong> accounts) <span class="anchor" id="line-55"></span></p></li><li>Test your application from the host: <span class="anchor" id="line-56"></span></li></ul></div><p class="line867" align="justify"><span class="anchor" id="line-57"></span><span class="anchor" id="line-58"></span></p><div align="justify"><pre>rdesktop -A -s "c:\seamlessrdp\seamlessrdpshell.exe C:\Program Files\Internet Explorer\iexplore.exe" <IP of VM>:3389 -u administrator -p password

If using QEmu, use 'localhost' rather than the IP of the VM.

The new theme will take effect after the login screen.

Some themes that are larger or smaller than default might show a few lines of the Windows wallpaper color.

Shortcomings/Notes

• Due to limitations in Windows XP clients, only one user can be logged in remotely at a time. The way the current solution is designed, this translates to one program running at a time.
  • I find that the best application to start is "C:\WINDOWS\SYSTEM32\taskmgr.exe". It lets you start more applications and got options for logging out (which you should do when done with Windows. Or else I've found that you're not able to log back in) ~~~~

  • Not necessarily. I've found that if you launch a program that can launch other programs (ex: my computer or cmd.exe), you can use it to open other programs, which then also show up as windows. I've tried it, and I was able to run Internet Explorer and Adobe Acrobat at the same time. The limitation seems to be in the windows program, not anything in rdp. -- JoeTerranova

  • However, RDP 6.0 (since Windows Server 2003 SP1) supports running individual programs, so no need for seamless desktop. Does rdesktop support 6.0 features yet? -- MarkReitblatt

    • Not yet. Ideally needs Microsoft need to release the protocol documentation. --ChrisRose4

  • There's an unofficial patch for XP Service Pack 2 that allows you to run unlimited concurrent remote user sessions to get around this limitation (it uses a terminal services library from a beta of SP2 that accidentally removed the limitation). It's probably OK for home users although I wouldn't recommend it for a business. http://www.kood.org/terminal-server-patch/

  • If you add a registry DWORD called NoDesktop to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer and set it to 1 then log out and log in, you can start explorer in your rdesktop command line and get just a Windows taskbar. Of course, then you can't see your desktop if e.g. you log in using VNC. see http://www.linux.com/feature/124908?theme=print

• The Human theme does not work in Windows XP x64.

• There is an unofficial rdesktop version with seamless support made by Fontis IT Consulting. It's provide some interesting feature like loading multiple application in a Master Slave mode. So you can call rdesktop several time to open more application in the same user session. http://www.fontis.com.au/rdesktop

• There is a freely available utility that launches a launchpad from which you can configure and run several applications from one seamlessrdp session. http://www.miguelfurtado.com/srdp.aspx

• The Windows classic theme has glitches on the taskbar - use the hideous Luna theme or Human theme instead

• XP Pro SP3 with the Hardy and Intrepid alpha 6 versions of rdesktop caused segmentation faults all over the place for me - I found that the 1.5.0 version from Debian doesn't have this problem - see https://bugs.launchpad.net/ubuntu/+source/rdesktop/+bug/275545 - fubarbundy

• The 1.6 version of rdesktop in Intrepid seems to not hide window decorations - Hardy's 1.5 version or Debian's 1.5 and 1.6 versions don't have this problem - see https://bugs.launchpad.net/ubuntu/+source/rdesktop/+bug/275528 - fubarbundy

• At least for XP Pro SP3, you can improve the appearance of Windows by enabling 24 bit colour and font smoothing. In Windows, run regedit, change HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\ColorDepth to 4, under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations add a DWORD called AllowFontAntiAlias and set its value to 1, and under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp add an identical key (AllowFontAntiAlias 1). Restart Windows and Robert's your mother's brother. - fubarbundy

The cost of Microsoft virtualization licensing

Source

A significant cost of any computing environment is licensing. Gone are the days when you could install Windows NT Server and enter all 1's Product ID key and make it work. Today it can be quite complex, with each vendor having its own way of licensing and enforcement for each of its products.

Microsoft virtualization licensing has ratcheted that confusion up a couple of notches. For instance, if you have one physical server with a Windows Server license on it, and then you run some virtualization product and install four virtual machines -- how do you license them?

You could do it by the physical server for one license. Or you could license the four virtual machines plus the host for a total of five licenses. And what about virtual desktops where a server in the data center runs 30 instances of XP and 15 of Vista but has only 20 people connect at any one time?

Does it make a difference if you license VMware Inc.'s VDI virtual desktop product versus Microsoft's SoftGrid in terms of licensing the OS for the virtual desktops? What about managing 12 virtual servers on a single box? Do you have to license something like System Center Operations Manager for each VM?

There are more questions, as you can imagine, but let's look at some answers too.

First, consider the licensing for virtual machines running the Windows Server OS. This is a key concept to understand because calculating the price point can get tricky. In addition to any licenses you have for your virtualization product, you still need to license the OS and applications. Here is the current Microsoft virtualization licensing strategy for servers:

• Windows Server 2003 requires a license per machine -- physical or virtual.
• Windows Server 2003 R2 Enterprise Edition provides up to four licenses for virtual machines per physical server.
• Windows Server 2003 Datacenter has unlimited licensing of virtual servers per physical host, with a couple of gotchas.
• It requires one license per physical processor – a four-processor server requires four licenses for unlimited virtual machines.
• It does not license cores – so a single quad-core processor requires one license. This could work to your advantage in planning new hardware purchases.

A major change was made recently in Microsoft's virtualization licensing scheme for servers. Now licenses are consumed per running instance rather than per total virtual machines. Thus, if you have a Windows 2003 Enterprise Edition R2 server with its four free licenses, you could build, say, 16 virtual machines for a library for fast rebuilds and just leave them turned off. The four licenses will be consumed only by active instances.

Another licensing wrinkle is the technology that allows virtual servers to move from one physical server to another. VMware calls this "VMotion." Microsoft refers to it as "migration." Although it is amazing technology that permits virtual servers to continue running even when their physical host dies, it messes up the licensing aspect.

Suppose you have three Windows 2003 Enterprise Edition R2 servers running, and you have four virtual machines loaded on each one. Three total licenses are required. But you have implemented the "migration" technology and one of the servers has a hardware problem, so you migrate the VMs to another physical server. You have just broken the licensing agreement because Microsoft licenses by the "high watermark" in this case.

It means that if you assume that any given server could have a maximum of eight virtual machines -- four from another server -- then you will need an additional four licenses for each of the three servers, for a total of 12 licenses. Of course, this assumes you have the resources to handle that many VMs.

An alternative to this would be to purchase Datacenter, which gives you unlimited virtual licenses and requires only a single license for each physical processor. Datacenter is considerably more expensive than an Enterprise server OS, so you will have to sharpen your pencil and see if this is advantageous or not to your overall cost management plan.

In licensing management software, Microsoft will sell you one license per physical server to run four of its System Center products. This is definitely a plus. It could be beneficial to get a bigger host to store more VMs and use Datacenter. The license includes these products:

• Data Protection Manager
• System Center Configuration Manager
• System Center Operations Manager
• System Center Virtual Machine Manager

Desktop virtualization is a whole 'nother ballgame. It allows the user's machine and OS to run in an instance on a server, as is the case with thin clients. Although Citrix Systems Inc., Microsoft, Quest Software Inc. and VMware all have their own "virtual desktop infrastructure" – or VDI – product, the licensing for XP or Vista is tricky.

Because a server license doesn't allow licensing of XP or Vista, we need a way to do this. Microsoft has a licensing program -- not a product -- called the Vista Enterprise Centralized Desktop (VECD), which allows licensing for centrally managed desktops. You actually buy an upgrade to the OEM license for the OS. The thing to remember is that while servers are licensed on a per-instance of the virtual machines, the client OS is licensed by the total number of people connecting to XP or Vista instances. So if you have 30 virtual XP desktops for 30 users, but only 20 people connect at a time, you still need 30 licenses.

The only way you can accomplish the licensing is by attaching the VECD to a Desktop SA agreement. If you have thin clients, you can buy a standalone subscription per device, which then allows the user to connect to up to four instances per subscription. You have to buy these licenses via subscription. You can't get them a la carte. You must license the client OS no matter whose virtual desktop product you are using.

Need a hand to help you figure out Microsoft virtualization licensing costs? Microsoft has a nice tool called the Microsoft License Advisor that tells you step by step how to determine your potential costs. Microsoft's licensing Web page and its virtualization Web page are two more great resources.

Using virtualization technology to consolidate servers will reduce costs. However, licensing costs can make or break the return on investment for a virtualization project. Take advantage of Microsoft's server licensing policies, which grant free Windows Server licenses, to maximize the cost benefit. Determine the number and distribution of your virtual servers and then see if it makes sense to use Windows Server 2003 R2 or Datacenter for the virtual machine licensing advantage.

Gary Olsen is a systems software engineer for Hewlett-Packard in Global Solutions Engineering. He wrote Windows 2000: Active Directory Design and Deployment and co-authored Windows Server 2003 on HP ProLiant Servers. Olsen is a Microsoft MVP for Windows Server-File Systems.

Linux Support in Virtual Server 2005 R2

Source 03 April 2006

Co-inciding with the announcment of Virtual Server 2005 R2 Enterprise Edition being free,
it was also announced that Virtual Machine Additions for Linux
additions are available for download along with the list of varients
which will be supported:

-Red Hat Enterprise Linux 2.1 (update 6)
-Red Hat Enterprise Linux 3 (update 6)
-Red Hat Enterprise Linux 4
-SuSE Linux Enterprise Server 9
-Red Hat Linux 7.3
-Red Hat Linux 9.0
-SuSE Linux 9.2
-SuSE Linux 9.3
-SuSE Linux 10
 
To sign-up for these additions, visit http://connect.microsoft.com
and logon with a passport account. Click on Available Programs and
apply for "Virtual Machine Additions for Linux". The status will be
marked as Pending for now.  - soon after you will be granted access
rights and have the ability to download them.

There will shortly be a KB article available documenting the list of
Linux OS's available (I'll post the link up as soon as I have it), and
similarly the information will be maintained under http://www.microsoft.com/virtualserver

It's also worth pointing out what capabilities the Virtual Machine Additions for Linux provide:
- Improved Mouse & Video interaction
- Guest Heartbeat detection
- Time Syncronisation
- Host co-ordinated shutdown
- Improved SCSI disk emulation

There will be further releases of the Virtual Machine Additions for
Linux which will co-incide with the release of Virtual Server 2005 R2
SP1 - more details on this to follow shortly.

More details on all of this can be found on the Microsoft Presspass site

Virtual Server 2005 R2 SP1

Virtualization with Microsoft May 8th, 2008

Talk
about server virtualization, you go on talking about Virtuozzo, Xen,
VMWare Server etc. This article aims to present another virtualization
application offered by Microsoft - Microsoft Virtual Server 2005 R2 SP1.

A couple of attractive features about
Microsoft Virtual Server 2005 R2 SP1 are: it is available free of cost
and also it supports the usage of Microsoft Windows as well as Linux
distributions as guest operating systems.

Where to get it?

Virtual Server 2005 R2 SP1 is offered
as a free download by Microsoft. It can be freely downloaded by
visiting the following URL:

http://www.microsoft.com/technet/virtualserver/software/default.mspx

In this article, we will deal with the 32-bit edition of this application.

System Requirements

The minimum system requirements for the physical computer are given below:

1. An x86-based computer with a 550 megahertz (MHz) or faster (1 GHz
   recommended) processor with L2 cache, such as processors from any of
   the following families:
   
   • Intel-Xeon or Pentium families.
   • AMD-AMD64 or Athlon families.
   
   
2. CD-ROM or DVD drive
3. Super VGA (800 x 600) or higher resolution monitor recommended
4. Host operating system: The 32-bit version of any of the following operating systems:
   
   • Microsoft Windows Server 2003, Standard Edition.
   • Microsoft Windows Server 2003, Enterprise Edition.
   • Microsoft Windows Server 2003, Datacenter Edition.
   • Microsoft Windows Small Business Server 2003.
   • Microsoft Windows XP Professional
   
   

By using Microsoft Virtual Server 2005
R2 SP1, it is possible to setup a virtual server, under which one or
more virtual machines can be deployed. Let us first examine the
components of a virtual server, before getting to the installation of
it.

Virtual Server Components

A virtual server is an application that
runs as a system service. Each virtual machine runs as a separate
thread of this application. The host operating system provides two core
functions to the virtual server:

1. The host operating system kernel schedules CPU resources.
2. Its device drivers enable virtual machines to access devices attached to the system

Basically, a virtual server setup using Virtual Server 2005 will have the following components:

1. Virtual Machine Monitor (VMM) - It is a kernel mode driver and acts
   as a firewall between the host operating system and virtual machines.
   It has access to the physical computer processor and manages resources
   between the two environments preventing application on a guest
   operating system from requesting excessive hardware resources from the
   host operating system.
2. Virtual Server Service (Vssrvc.exe) - It creates virtual machines
   and projects the emulated hardware into the virtual environment. This
   service should be running to be able to create and run virtual machines
   using the virtual server.
3. Virtual Machine Helper Service (Vmh.exe)- This allows the running
   of a virtual machine in the context of a specified user account.
   Specifying a user account is optional and if not specified the virtual
   machine runs under the account of the user that started it.
4. Virtual Networks- A virtual network will consist of one or more virtual machines. It can be of two types:
   
   • Virtual network configured to use a network adapter in the physical
     computer- If a virtual network is attached to a physical adapter it can
     access the networks attached to that adapter. This configuration can be
     used to provide access for the virtual machines to external machines
     and networks.
   • Virtual network configured not to use a physical network adapter-
     If no physical network adapter is selected then the virtual machines
     attached to that network can communicate only to other virtual machines
     within that same internal virtual network.
   
   
5. Administration Website - It is a browser based tool for configuring
   and managing the virtual server and its associated virtual machines and
   virtual networks.
6. Virtual Machine Remote Control Client- It is used for remote
   management of virtual machines. It communicates with the VMRC server
   component of virtual server service using VMRC protocol developed by
   Microsoft for communication between VMRC clients and VMRC server.
7. Virtual Machine Additions- This component adds enhancements to guest operating systems like:
   
   • Improved mouse cursor tracking and control.
   • Greatly improved overall performance.
   • Virtual machine heartbeat generator.
   • Optional time synchronization with the clock of the physical computer.
   
   

   Virtual Machine Additions are included for the following supported operating systems:

   
   
   • Microsoft Windows Server 2003 (all versions)
   • Microsoft Windows 2000 Server
   • Microsoft Windows NT Server 4.0 with Service Pack 6a (SP6a)
   • Microsoft Windows XP (all versions)
   • Microsoft Windows 2000 Professional
   • Microsoft Windows Millennium Edition
   • Microsoft Windows 98
   • Microsoft Windows 95
   
   
8. Virtual Machines- Within the Virtual Server one or more virtual
   machines running their own operating systems can be created. The
   virtual machine emulates a standard x86-based computer including basic
   hardware except the processor. Using emulated hardware and the
   processor of the physical computer each virtual machine operates
   similar to a physical computer.The Virtual Machine Monitor (VMM)
   manages virtual machines, providing the software infrastructure for
   hardware emulation. Each virtual machine consists of a set of
   virtualized devices. The guest operating system and applications run on
   the virtual machine as if they were running on physical hardware,
   rather than emulated hardware. All software code running within the
   virtual machine runs in a separate VMM context.A virtual server can
   support upto 64 virtual machines. The number of virtual machines that
   can be run simultaneously is limited primarily by, the amount of RAM
   and hard drive space available in the physical computer. A single
   virtual machine can have a maximum RAM size of 3.6 GB. Also even if the
   physical computer has multiple processors installed in it virtual
   machines created will emulate only one processor.
   

   Each virtual machine requires at-least the following files to function properly:

   
   
   • A virtual machine configuration (.vmc) file in XML format that contains the virtual machine configuration information.
   • One or more virtual hard disk (.vhd) files to store the guest operating system, applications and data for the virtual machine.
   
   
9. Virtual Hard Disks- A virtual hard disk provides storage for a
   virtual machine. Within the virtual machine it is visible as a physical
   disk, but actually it is file that resides on a physical disk that only
   the host operating system can access. The virtual machine does not have
   direct access to the physical disk that stores the .vhd file.There are
   four types of virtual hard disks that can be created:
   
   • Fixed-size disk- This is a .vhd file whose size is designated when
     the file is created. For example, if a fixed-size virtual hard disk of
     10 GB size is created the virtual server creates a 10 GB .vhd file. All
     the storage space that is required by the virtual hard disk is reserved
     when it is created. During creation, it utilizes as much contiguous
     space as is available on the physical disk storing it.
   • Dynamically expanding disk- In this type of virtual hard disk the
     size of a .vhd file grows as data is written to the virtual hard disk.
     A maximum size however, has to be specified at the time of its creation
     and the .vhd file cannot expand beyond this size limit set.
   • Linked disk- A linked disk points to an entire physical disk
     attached to the physical computer. It is used for converting a physical
     disk to a virtual disk. These disks cannot be used to start a virtual
     machine.
   • Undo and Differencing disks- These disks store changes made to the
     virtual machine operating system configuration as well as the virtual
     hard disk to a separate file. This can be used to keep the original
     virtual hard disk unchanged when testing configuration changes or
     applications. A single undo disk is configured for all virtual hard
     disks associated with a virtual machine, while differencing disks have
     to be configured for individual virtual hard disks.
   
   

Setting up a Virtual Server

Setting up a virtual server involves the following steps:

1. 
   

   Installation of IIS

   
   

IIS, specifically the World Wide Web Service component of IIS, has
to be installed on the host operating system. It is required by the
administration website used to manage Virtual Server.

2. 
   

   Installation of Virtual Server

   
   
   1. Download the Setup.exe file from the link given in the URL above and start the setup wizard.
   2. Continue the installation till you reach the ‘Setup type’ page.
   3. On this page select the ‘Complete’ installation option and proceed.
   4. On the ‘Configure Components’ page accept the default website port or enter another one and proceed.
   5. Then, either accept the default ‘Configure the Administration
      Website to always run as the authenticated user’, or select ‘Configure
      the Administration Website to always run as the Local System account’
      and proceed.
   6. Finally click ‘Install’ and to begin the installation and then ‘Finish’ when the ‘Setup Complete’ page appears.
   
   
   1. To setup Virtual Server Service:
      
      • Start the setup wizard and continue till you reach the ‘Setup Type’ page
      • On the computer you wish to install the Virtual Server service,
        select the ‘Custom’ installation option in the ‘Setup type’ page.
      • Then in the next page click on ‘Virtual Server Web Application’ and select ‘This feature will not be available’.
      • After that proceed with the installation and complete it as explained above.
      
      
   2. On the computer you wish to install the Administration Website:
      
      • Select the ‘Custom’ installation option in the ‘Setup type’ page and in the next page click on ‘Virtual Server Service’.
      • Select ‘This feature will not be available’ and complete the installation.
      
      
   
   
   1. 
      

      Create a new virtual machine:

      
      
      • Open the Administration Website.
      • In the Virtual Machines section of the navigation pane click on Create.
      • Enter the fully qualified path to the location you want to store
        the virtual machine files in the ‘Virtual machine name’ textbox.For
        example, if you want to create the virtual machine named Virt under the
        C:Virt folder enter the following name’ C:VirtVirt. This will create
        the Virt.vmc configuration file under C:Virt.If you enter just a name
        instead of the fully qualified path the virtual machine files will be
        created in the default location, C:Documents and SettingsAll
        UsersShared Documents.
      • In the ‘Virtual machine memory’ text box enter the amount of RAM you want to set aside for the virtual machine.
      • In the ‘Virtual hard disk’ setting you can either select ‘Create a
        new virtual hard disk’ and enter the size of the virtual disk to create
        it or select ‘Use an existing virtual hard disk’ and enter the fully
        qualified path to the virtual hard disk.
      • The virtual network adapter for the virtual machine can be
        configured to be connected to a physical network adapter, if you wish
        so, using the ‘Connected to’ drop down menu.
      • After entering all these options click ‘Create’ to create the new virtual machine.
      
      
   2. 
      

      Add a virtual machine from an existing configuration:

      
      
      • Open the Administration Website.
      • In the Virtual Machines section of the navigation pane click Add.
      • Enter the fully qualified path to the virtual machine configuration file and click Add.
      
      
   
   
   1. In the Administration Website go to the Virtual Disks section in the navigation pane and point to create.
   2. Click on the type of hard disk to be setup from the following options available:
      
      • Dynamically expanding virtual hard disk.
      • Fixed size virtual hard disk.
      • Differencing virtual hard disk.
      • Linked virtual hard disk.
      
      
   3. Enter the fully qualified file name for the virtual disk you wish to create and its size and then click ‘Create’.
   4. The only type of hard disk which requires any additional setting is
      the linked virtual hard disk for which the physical drive to which it
      has to be linked needs to be selected before clicking ‘Create’.
   
   
   1. Open the Administration Website.
   2. Under the ‘Virtual Machines’ section in the navigation’s pane,
      point to configure and then select the appropriate virtual machine.
   3. In the ‘Configuration’ section towards the lower part of the page, click CD/DVD, then either:
      
      • In the CD drive of the physical computer running the Virtual Server
        service, Insert the startup CD for the operating system. Click Physical
        CD/DVD drive. Also select the corresponding CD or DVD drive letter from
        the drop-down menu, if necessary.

      Or

      • Click Known image files. The ISO image (.iso) file containing a
        startup CD image can be selected from the drop-down menu, if the file
        is located in the default folder (Documents and SettingsAll
        UsersDocumentsShared Virtual Machines). Else, type the image file’s
        complete directory path in ‘Fully qualified path to file’
      
      
   4. After that go to status, point to the virtual machine name and click Turn On.
   5. Point to the virtual machine name, once the virtual machine is
      turned on. Then click Remote Control to connect to it and complete the
      operating system installation.
   
   
   • Red Hat Enterprise Linux 2.1 update 6
   • Red Hat Enterprise Linux 3.0 update 6
   • Red Hat Enterprise Linux 4.0
   • SUSE Linux Enterprise Server 9.0
   • Red Hat Linux 7.3
   • Red Hat Linux 9.0
   • SUSE Linux 9.2
   • SUSE Linux 9.3
   • SUSE Linux 10.0
   
   

The Virtual Server can be configured to have both the Virtual Server
Service and Administration Website components on the same physical
computer or on separate computers.

To setup both components on the same physical computer:

To setup both components on separate computers:

Now let us examine the methods for adding virtual machines, virtual hard disks to the virtual server.

Adding Virtual Machines

Everything related to the administration of the virtual server and
the virtual machines is done from the Administration website accessed
as shown below,

Start–>All Programs–>Microsoft Virtual Server–>Administration Website.

Adding a virtual machine to the virtual server can be done in two ways:

Setting up virtual hard disks

The most commonly used virtual hard disks are fixed-size virtual
hard disks and dynamically expanding virtual hard disks. All hard disks
are setup using the same procedure as explained below:

While creating a virtual machine, a previously created virtual hard
disk of any of the above mentioned types, except linked virtual hard
disk, can be used.

Adding an operating system to the virtual hard disk

When the virtual machine is created, a virtual version of the CD/DVD
drive in the physical machine is created in it. This CD/DVD drive can
be configured to either capture a physical disk inserted into the
physical drive or capture an ISO image file available anywhere in the
physical computer. To configure this:

Another and a much more easier way to deploy the guest operating
system would be to copy the .vhd file of another virtual machine having
the same operating system and application settings as the machine you
wish to setup, rename it to match that name of the new machine you are
setting up and then simply specify it as the virtual hard disk for the
virtual machine you create. This method can be used to setup the
virtual machine and deploy the guest operating system quickly and
reduce the time it takes to setup the virtual machine. However, if the
virtual machine whose .vhd file is being copied, as well as the new
machine being deployed, belongs to an active directory domain the
Sysprep utility needs to be run to prepare the operating system for
transfer before copying the virtual hard disk.

Conclusion

Virtual Server 2005 R2 SP1 definitely offers a cost effective and
robust technology that can be used to deploy virtual servers in a
production environment and presents itself as a viable alternative to
the VMWare Virtual Server applications. The guest operating systems
supported by it, in addition to Microsoft Windows operating systems,
include the following Linux distributions as well:

So it can be used for application development and application
migration across multiple platforms and the consolidation of separate
application servers under a single server bringing down administrative
and operations cost, as well as improve resource utilization. It is
also capable of providing efficient and quick disaster recovery
solutions to enterprise as well as business users.

---

 About the author: Jeffrey
T Jackson is basically
a Windows administration expert with more than 1 year experience in
pure Windows administration. At present, he is trying his hands on
Linux administration too.

Full virtualization using XEN

Source September 24th, 2007

Virtualization is a technique of dividing a single server into several Virtual Servers, according to hardware and/or software, CPU Time/Process scheduling and memory allocation. Users can install and use their own Operating Systems simultaneously on these virtual servers.

Simply put, it is a server that runs different guest Operating Systems like RedHat Linux, FreeBSD, Debian, Microsoft Windows XP…etc atthe same time, controlled by the Host Operating system. Users feel they are using their individual servers with the Operating System they wish to use.

Host OS - The base operating system which controls and co-ordinates the Virtual Servers
Guest OS - The Operating System installed on a Virtual Server

Types of Virtualization

The most commonly using virtualization techniques are;

1. Operating system-level virtualization
This is the simple and most popular virtualization technique. In this method, the virtualization is performed based on a single host operating system. Only the same instance of the host Operating System can be used on the virtual Servers as guest Operating Systems. Examples : OpenVZ, Linux-VServer

2. Paravirtualization
This technique is somewhat similar to OS level Virtualization, except it is possible to use different guest Operating Systems like Microsoft XP, RedHat Linux, SUSE…etc on the virtual servers. This requires customized versions of Operating systems as guest operating systems. i.e, we can’t use the currently available XP, FC6…etc on these virtual servers, but the specially designed versions of these operating systems.

Many OS vendors have started selling their modified versions to perform Paravirtualization. Examples : XEN, UML

hypervisor - The hypervisor is an application (eg. Kernel, Host OS) that runs between the server hardware and the guest operating systems. In the case of XEN, a specially designed Linux kernel is the hypervisor.

3. Full virtualization
This is the ideal virtualization technique in which any Operating system is used as the host OS and guest OSs. i.e, we can use unmodified versions of OSs on the virtual servers.

Examples : XEN, Vmware, z/VM

Full virtualization using XEN
Actually XEN lies between paravirtualization and full virtualization. XEN integrates its hypervisor on a linux kernal, so that we have to compile and run this modified kernel on the server on which we wish to perform the virtualization. XEN also supports virtual servers management though graphical interfaces. Therefore it is better to install a full version of Linux on the server first, then compile xen-linux kernel, reboot the server using the xen-linux kernel to create and manage servers. In this case, we can create and manage virtual servers through console and/or GUI oriented applications.

Implementing Full Virtualization using XEN (Simplified Steps)

• Requirements
• CPU support
• Installing XEN
• Enabling XEN KernelInstalling Windows 2003 on top of a Virtual Machine
• Installing Linux based OSs on top of a Virtual Machine

Requirements
The requirement of a XEN Fully Vitualized server are as follows;

1. A server installed with working Fedora 7 Operating System
2. Application builders like gcc v3.2.x binutils, GNU make
3. 1 GB Memory (Recommending 256 M for each virtual servers) 40 GB HDD
4. A VT enabled Intel system or AMD-V enabled AMD system (For Full Vitualization)
5. CDROMs of Guest Operating Systems (Linux OSs or Windows OSs like 2003/XP/Vista)

CPU Support
Make sure that the CPU supports Full virtualization over XEN.

1. For INTEL Systems, it should have the ‘vmx’ support. To check, use the following command;# grep vmx /proc/cpuinfo
2. For AMD systems, it should have ’svm’ support. To check, use the following command;# grep svm /proc/cpuinfo
   

   If these commands return nothing, then check whether the setting
   related to ‘Virtualization’ has enabled on the BIOS (it is turned OFF
   by default). If the BIOS is not enabled for virtualization, then it may
   be necessary to upgrade the BIOS.
   

Installing XEN
First, check for a XEN enabled kernel on the Host OS. Installation of a XEN kernel on Fedora 7 is quite simple using the ‘yum’ command as follows;

# yum install kernel-xen xen virt-manager

This will install,

1. XEN enabled kernel for both Host and Guest OSs
2. All required packages and their dependencies
3. Hypervisor for controlling Guest OSs
4. XEN packages for interacting with the Hypervisor

Enabling XEN Kernel

1. Edit the file ‘/boot/grub/grub.conf’ and set the default kernel to ‘kernel-xen’
2. Restart the server
3. Type the command ‘uname -r’ and make sure that the running kernel is ‘kernel-xen’

Installing Windows 2003 on top of a Virtual Machine

Not so long ago, installing any OS (whether it is Linux or Windows) on top of XEN was quite a nightmare for system administrators. Now Fedora 7 provides a way to install Guest OSs in a few mouse clicks.
Here is how to do it.

1. Log into Fedora 7 (Host OS) in X session
2. Goto Application menu and select ‘Virtual Machine Manager’ from ‘System Tools’
3. This will show the wizard to cerate/manage Virtual Machines
4. Select the ‘New Machine’ option from the ‘File menu’
5. Type a name for the new node, say ‘Windows2003′ (make sure there
   are no spaces on the node name), and click on the ‘Forward button’.
6. On the next window select ‘Full Virtualization’ and click on the ‘Forward button’.
7. Now locate the installation media, you can either use a CD-ROM or use an ISO image
8. Also select the type of Guest OS as ‘Windows 2003′
9. Assign a storage space for the Virtual Machine
10. Now select ‘default virtual network’ and click on the ‘Forward button’.
11. Now allocate memory and CPU for the new Virtual Machine (A minimum of 250 M of RAM and 1 VCPU)
12. Now the installation of Windows 2003 oven XEN will begin
13. Once the installation is completed, we can start using the Windows 2003 installed Virtual Machine.

Installing Linux based OSs on top of a Virtual Machine

Use the same steps described in the previous section, using proper CD-ROM or ISO image.

Comments
If you wish to create Virtual Machines using a bash shell, use the following command.

# /usr/sbin/virt-install

This method will not allow you to directly install the OS from a CD_ROM or from an ISO image, but it can from NFS, FTP, and HTTP locations. A detailed procedure for doing this can be found at xensource.

References

1. http://www.xensource.com
2. http://librenix.com/?page=Xen
3. http://fedoraproject.org
4. http://www.cl.cam.ac.uk/research/srg/netos/xen/

---

 About the author:
Sibin C has worked for over a year in Bobcares as a System Administrator. His
interests mainly lie in writing scripts that will ease the work of system administrators, securing and administrating Linux/Windows servers.

KISS

Keep It Simple, Stupid!
KISS principle
Principio KISS

The KISS principle (backronymed to "Keep It Simple, Stupid") states that design simplicity should be a key goal and unnecessary complexity avoided. It serves as a useful principle in a wide array of disciplines, such as software development, animation, journalism, photography, engineering, and strategic planning. Common variants of the acronym include: "Keep It Sweet & Simple", "Keep It Short & Simple", and "Keep It Super-Simple".

El principio KISS es aquel que recomienda el desarrollo empleando partes sencillas, comprensibles y con errores de fácil detección y corrección, rechazando lo enrevesado e innecesario en eldesarrollo de sistemas complejos en ingeniería.

Este término es un acrónimo que corresponde a la frase en inglés «Mantenlo simple, estúpido» (Keep It Simple, Stupid). Para evitar ser tosco, el acrónimo se hace corresponder con otras expresiones tales como «Manténgalo breve y simple» («Keep It Short and Simple») u otras similares, pero que mantienen la misma idea del principio.
El traductor de Costa Rica Orlando García-Valverde ha hecho una traducción al castellano de «KISS» en esta expresión manteniendo la correspondencia entre el acrónimo y el significado de las palabras que lo forman, de manera que tenga un significado para no anglohablantes y de facilitar su recordación permitiendo una asociación lógica de sonidos y conceptos: «principio BESO» por «¡Bobo, En SencillO!»

como exclamación exhortativa o imperativa; en esta traducción que según su criterio es completa y no híbrida, queda eufemizado con «bobo» el término «estúpido» del original, que en la versión original en inglés no es tan fuerte como lo sería en castellano, con lo cual se establece una equivalencia válida; y se transmite también la idea del original, que también es una oración exhortativa; al mismo tiempo pretende corresponder en forma y eufónicamente a características culturales de la expresividad iberoamericana. Este traductor propone que con todas las palabras en castellano no solo pueden recordarse más fácilmente el acrónimo y la frase en un contexto apropiado, sino por si solos de manera aislada.

Este dicho empezó a usarse en los años sesenta en EUA, quizás relacionado con el proyecto Apollo. Posiblemente pasó al español, al ser citado en algunas obras de ingeniería, en especial ingeniería en informática.

The 20 FOSS companies

Source

3Tera uses Linux and open source to build its Virtual Private Datacenter solution, which can be monitored from a browser anywhere in the world. Resources can be added (and, presumably, removed) from your virtual rack at any time.

Alfresco’s Enterprise Content Management (ECM) is being used by large companies to manage intranets as well as major Web portals. The big win for Alfresco in 2007? A deal with Facebook to manage content on the social networking site.
Despite its ugly patent policies, the company is offering some interesting technologies, like its Elastic Compute Cloud (EC2) and Amazon Simple Storage Service (S3) that seem likely to catch on in a big way in 2008. We’re also interested in the newly inked deal between Amazon and Red Hat to offer RHEL as part of EC2.
Canonical, the commercial sponsor of Ubuntu, is almost undoubtably going to have a major impact on the open source marketplace in 2008. With its success getting Ubuntu onto consumer laptops and desktops with Dell in 2007.
Centrify just happens to sell a solution along those lines. Centrify DirectControl integrates non-Microsoft systems with Microsoft’s Active Directory. Like it or loathe it, Active Directory isn’t going anywhere. Companies that have spent the money to deploy Active Directory are likely to stick with it, so DirectControl provides the glue between the systems.
That’s the hope of most IT administrators. Windows, Linux, and Mac OS X are inevitable components of most IT environments, and anything that fosters interoperability is going to be a hot technology.

Collaborative Software Initiative launched in early 2007, the brainchild of Stuart Cohen (formerly CEO of the Open Source Development Labs, which merged into the Linux Foundation in 2006). Its business model is to use the open development model to create necessary software for niche markets. For example, CSI’s most recent project is creating software to automate the BITS Shared Assessment Program for companies in the financial services industry.

Digium — the company behind open source telephony engine Asterisk - provides a range of solutions for Voice over IP (VoIP)– from a free edition called Switchvox, to Asterisk based appliances suited for SMBs that want to mix and match VoIP with old-time POTS equipment.EnterpriseDB, which bills itself as” the Oracle-compatible database company.” EnterpriseDB takes PostgreSQL, modifies it a bit with its own secret sauce to make it” Oracle-compatible,” and then undercuts Oracle’s licensing and support prices. The company is also a strong contributor to the PostgreSQL project, which will be important for the company as it continues to depend on PostgreSQL as the basis for its core product.

It’s about time somebody customized the heck out of Linux, put it on a cheap computer, and sold it for a low price. Actually, Everex isn’t the first company to do this, but it seems to be having the most success. The company launched its line of gPC using its Linux-based gOS in the Fall of 2007 through Wal-Mart, of all places. For about $200, anybody can buy an easy-to-use PC that runs Linux (though that’s not really the key selling point) and not break the bank.

As if Google wasn’t a large enough presence in the FOSS world with its ginormous online presence and sponsorship of the Google Summer of Code, the company cemented its place on our Top 20 with the announcement of Android and the Open Handset Alliance (OHA). We’ve long thought that mobile devices are going to play a huge role in the future of personal computing– and that Linux and FOSS would play a huge role in the future of mobile devices. While we’re still disappointed that we didn’t get the gPhone announcement we were hoping for, the OHA could be a major influence in the mobile market.

When we say that companies are worth watching in 2008, we don’t necessarily mean that they’re going to be assisting the open source community. (At least not intentionally.) However, Microsoft’s looming presence in the IT world means that its influence will be felt in the open source community.We’re also watching Microsoft because the company has, finally, taken some tentative steps towards a truce with the open source community. In 2007 Microsoft decided to submit its Microsoft Public License (MsPL) and Microsoft Reciprocal License (MsRL) to the Open Source Initiative (OSI) for approval. If the folks in Redmond wish to remain firmly at odds with the open source community, why approach one of its core institutions for validation?

If you haven’t heard of MontaVista, don’t fret– they’re more often than not behind the scenes. The company specializes in tools and software for telecom and mobile devices, and as such doesn’t necessarily make the same kind of splash as Canonical or Red Hat.  The company announced its fifth-generation operating system for mobile phones, Mobilinux 5.0, in mid-November, with improvements in performance and real-time features. The company claims that it already powers” 90 percent of Linux smartphones,” which is a pretty hefty percentage if not a lot of actual phones at the moment.

Mozilla isn’t quite like any of the other companies on the list– but, technically, the Mozilla Corporation (which owns the non-profit Mozilla Foundation) is a for-profit venture, even if its goal is simply to advance Firefox and other FOSS projects. With Firefox 3.0, we think that the MozCorp folks are important to watch for a couple of reasons. First, because Firefox has been, slowly but surely, increasing its market share over the past few years. Second because Web applications are becoming increasingly important for users and Firefox is at the forefront of enabling more elegant Web applications. Specifically, the work on offline applications that has gone into Firefox 3.0 is likely to be very important to vendors producing Web applications– and important to the users of those apps. The decision in 2007 to form a company behind Thunderbird, dubbed” MailCo” as of this writing, also looms large in our decision to tap MozCorp as a player for 2008. While we like Thunderbird, we think that the mail client was something of a distraction for MozCorp, and Firefox is more than enough to keep an organization busy.

Yes, yes, we know– yawn. Why is Red Hat worth mentioning? Because the company still funds a huge amount of innovation in the Linux and FOSS space.No matter how you slice it, Red Hat carries a lot of weight in the FOSS market. The company’s name is nearly synonymous with” Linux,” and it’s the first company that corporations turn to when they want Linux. Any company that Oracle sets its sights on (via the” Unbreakable Linux” Red Hat clone developed by Oracle) is a sure bet as a company to watch.

Why hassle with deploying software on 20 different Linux distros when you can just bundle up the OS and application and run it on top of VMware, Xen, KVM, Virtuozzo, or another virtualization technology? It’s a no-brainer that Linux makes a great foundation for the virtual appliance concept, but trimming down the fat to get just what you need is quite a lot of work. That’s why we’re interested in rPath and its offerings. The folks at rPath have paved the way to easy virtual appliances with their rBuilder technology and rPath Appliance program. You can even take rBuilder for a spin online to create your own virtual appliance foundation.

A few years ago, we might have counted Sun out. However, Sun’s focus on open source and willingness to look to Linux for inspiration (note the hiring of Ian Murdock to help its Solaris efforts) shows that there’s some fight left in Sun after all. In particular, Sun’s commitment to being open with their technologies over the past few years has impressed us that the company “gets it” when it comes to what customers are looking for — open solutions that don’t lock customers in.

Virtualization is here to stay, but VMware isn’t a lock to retain first place in the market. Underdog SWsoft may be coming up from behind, but it’s technology is first-rate. Companies looking to virtualization to consolidate homogenous Linux or Windows environments should be strongly eyeing Virtuozzo. Another reason we consider SWsoft a strong contender? Its open source roots with OpenVZ, and success at getting pieces of its technology into the mainstream Linux kernel. The company also poses a viable threat on the desktop, with Parallels virtualization technology that runs on Linux, Mac OS X, and Windows. While not as well established as VMware, Parallels has a strong following on the Mac, and is slowly gaining traction on Windows and Linux desktops as well.

Vyatta, a company that’s producing a fully open source router, firewall, and VPN solution. The company isn’t quiet about taking on the big C, and why should it be? Open source companies have never been shy about taking their commercial counterparts to task. But that’s not why we like them. We think Vyatta is a company to watch because it has a compelling technology, and because its offerings appeal to companies that don’t have a Cisco-sized budget. (And to companies that do, but would prefer to save the money for other things, like salaries.) We also like Vyatta because it commoditizes network deployment in the same way that Linux commoditized the operating system market.

Last year we tapped Zimbra as one of the Top 20 companies to watch, and that proved to be sage advice — Yahoo! acquired the company midway through 2007 for a staggering $350 million. Pretty nifty for company that made its public debut in October of 2005. We’re not quite sure how Yahoo! will integrate Zimbra’s technology into its portfolio, but we’re pretty sure that the company didn’t spend $350m to let the open source groupware go stale. It’s encouraging that, upon acquisition, Yahoo! didn’t board up the source code and make Zimbra a proprietary product. Yahoo! has also been a supporter of open source projects for some time, and has open sourced a bit of its own tools as well.

Technically, the Software Freedom Law Center (SFLC) isn’t a company, so it doesn’t quite qualify for the list. However, if there’s one entity that’s going to be crucial for open source adoption in 2008, it’s the SFLC. The SFLC, and its Software Freedom Conservancy (SFC), are dedicated to supporting FOSS projects need legal, financial, and administrative assistance– all the stuff that developers aren’t particularly good at. In 2007 the SLFC filed infringement lawsuits on behalf of the BusyBox developers, helped guide the GPLv3 process to completion, and helped review Linux wireless code to clarify a sticky licensing situation. Look for the organization to have even more influence in 2008. The SFC also provides crucial services for projects, including BusyBox, Inkscape, Mercurial, Samba, and Wine. We expect the conservancy to continue to expand and serve even more projects in 2008.

Linux Magazine’s Top 20 Companies

Source

Who knows what the future will hold? Well, heaven knows we don’t or we’d have already won the lottery a few times and retired to a private island somewhere. However, we can look at the past to make a few reasonable predictions– such as the companies in the free and open source software community that are going to have a major impact on the market in 2008.

Once again we’ve read the tea leaves in preparation for the coming year, to attempt to foresee the companies and technologies that will be preeminent in 2008. The criteria for selection? Obviously, picking the” Top 20″ companies is a fairly subjective exercise, and in the end it was a matter of opinion. However, to make the list, a company had to be involved in the FOSS community (one way or another) and have a major impact on that community.

Just being a consumer of FOSS technologies isn’t enough– a company needs to contribute in some way. And we stuck to commercial entities this year, even though some organizations (like the Free Software Foundation, and Software in the Public Interest) obviously have a major impact as well.

To come up with a list of movers and shakers we conferred with industry experts, conducted a reader poll through October online, and (of course) drew on our own observations of the industry. Having done so, we now humbly present our list to you.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
20 21 Next »

Thanks to Linux and Open Source

Source

No matter what Linux distribution or Open Source-based OS you use, be it Ubuntu, openSUSE, Fedora, Debian, OpenSolaris, RHEL/CentOS, The BSDs, Mac OS X, or any myriad of others, absolutely none of this would be possible without the determined and often thankless work of thousands upon thousands of programmers. Recently, a study undertaken by the Linux Foundation determined that Fedora was valued at about 10 billion dollars in terms of real world development cost if the labor hours were translated into actual greenbacks spent for a comparable closed source product. I’m not sure if that’s entirely accurate — it could very well be much higher than that, since this estimate is not including all the years and years of work that went into the entire stack prior to Red Hat’s involvement, and is a strictly by the numbers estimation based on lines of code (204 million).

This estimate does not include 3^rd-party external repositories not in the base distro, does not include the cost of code modifications between revisions, does not include collaborative development costs which increases man hours, and uses a median programmer salary of $75,000 per year with 2008 salary baseline, which I also think is far too conservative an estimate - programmers were a much higher paid group due to the lower costs of living 10 years ago, where a bulk of the code was developed, and this is not adjusting for inflation. The Linux kernel alone was valued at around $1.4 billion, which is also probably undervalued given salary estimates.

... We are talking about massive contributions. Be it from vendors like Red Hat, Canonical, Sun, Novell, HP and IBM who have contributed code they’ve paid for, the stalwart efforts of individual programmers who’ve never seen a dime for their work, organized efforts of not for profit entities like GNU/FSF, SPI, Apache and X.org, and countless others that would take me twenty pages to mention. You may have Free and Open Source OS and applications running on your system, and you might not have paid a dime for it, but this stuff had a real world cost associated with it.

So how do we give thanks to Open Source? Well, you can start by giving up some real money to the projects which actually produce thissoftware for you. The Open Source Initiative receives charitable donations ), as does Software In the Public Interest the Free Software Foundation and the Apache Software Foundation. Any project that is listed on SourceForge can also be donated to — for example, for the popular Shareaza (application, there’s a “Donate” link under the name of the project on that page.

Note to the community: It would be awfully nice if someone could put together a web-based master database of project donation links, as a clearinghouse of sorts. It would be a serious project in and of itself, but it would be worthwhile.

If you value a particular Open Source project, chances are, they’ve got a donations site. And if you’re tight on money this year like everyone else is, but have programming or software QA, documentation and testing skills, you might want to consider joining an Open Source project as a volunteer.

So remember, when you’re piling on the gravy over your mashed potatoes, your cooked protein of choice, and drinking your favorite mulled spices beverage during this holiday season while reading your emails on your preferred Open Source OS, think about the people that made it possible — and give back, because Open Source is a two-way street.

Jason Perlow is Senior Technology Editor of Linux Magazine. You can send Jason email at jperlow@linux-mag.com.

Virtual Machine Backup and Restore

Source (extract)

How often do you think about backups or your backup strategy? Most of us only think about such things during or after a failure occurs — because that’s then you need them. A good virtual machine (VM) backup strategy is a costly endeavor financially and in labor — or is it? It doesn’t have to be because your best backup strategy is part of your existing virtualization solution. Both VMware and Citrix provide the tools you need to create and maintain a successful backup strategy with supplied tools.

For backups, you have the following options:

• Treat VMs as if they are Physical Machines
• Treating VMs as Files
• Using an Internal VLAN for Client/Server Backup
• Snapshots¹ and VM Copy
• Built-in Backup Tools
• VM Cloning

Any method you choose has its drawbacks and not every method will work for every VM. You’ll probably have to use more than one backup method to satisfy backup requirements for your systems. For example, if you have an application server VM that cannot be shutdown or paused, then your best option is to treat this VM as if it were a physical system — meaning that you’ll install a backup client on it and backup its files over the network or to local disk or tape. Most of the other techniques require that the VM is quiescent, shutdown, or can tolerate decreased performance during the backup procedure.

For VMs whose services can go offline temporarily, treating the VMs as files is the traditional backup method. The VM disk images and configuration files are copied to storage media (Tape, Disk, SAN, NAS).

A generally non-supported strategy is to use an internal VLAN for backups. In this scenario, you run a backup client on your VM of interest and a backup server on another VM connected to a backup device and allows the backup to run. Both VMs must exist on the same host server so that the data isn’t transmitted over the physical network. This procedure takes its toll on the VM host system but the backup is very fast since no data flows over the LAN.

I like the Snapshot capability in VMware. A Snapshot is a hot copy of an entire VM while the VM stays up and running. For a very busy system, there may be a momentary disruption in service but the advantage of being able to grab a Snapshot far outweighs this minor downside. There’s no equivalent yet for Xen* users but the Snapshot is due for a future release. A VM copy (vm-copy) is the current Xen way to make a Snapshot of a VM. The downside is that the VM has to be shutdown (powered off) before making the copy.

Cloning is another oft-used backup method. For VMware and Xen alike, you’ll have to power off the VM to make a clone. For VMware, there is no direct clone creation tool. You’ll have to create the clone yourself by using a script, making a copy of the VM, or using the Snapshot method. Xen has a cloning tool (vm-clone) that’s used specifically for the job.

I don’t really like to say, “I love you, but” — or to take sides on a particular product but for backups, I’ll take the VMware road on backups alone. Xen, you’ve got a great product — a nice interface, a second-to-none Templating schema, world-class I/O but your backup technology is lagging behind. After all, what’s more important than backups for a company’s data and resources? Nothing except the data and resources themselves.

The second thing you should build into any software product, behind basic functionality, is the ability to backup, save, archive, or manage data versioning. It’s hard to believe that the only way to create true backups is to completely power off a virtual machine. Can you imagine powering off a physical machine when you need to do a backup? It isn’t very practical, is it?

If we are to move our valued infrastructure to a virtual one, then we need the same set of tools in those virtual environments that we have in the physical one. So, this discussion brings us back to the question, do you need to buy a third-party solution or can you use the built-in tools to do the job just as well? The answer is that if you’re running virtual machines that can’t be shut down for backups on VMware, you’re probably safe with the VMware-supplied tools. If you’re using Xen however, consider a third-party backup solution that doesn’t require shutting down your VMs.

¹ No SnapShot utility available as of XenServer version 4.1.

Kenneth Hess is a Linux evangelist and freelance technical writer on a variety of open source topics including Linux, SQL, databases, and web services. Ken can be reached via his website at http://www.kenhess.com.

Konqueror: the all in one -browser

Page 1
Ken Hess
Thursday, November 20th, 2008

Thanks, Ken!
Konqueror the Internet Protocol Client

One of the most interesting and useful features of Konqueror is its ability to act as a client for almost any Internet protocol such as ftp, fish(ssh), smb/cifs, and so on. This is accomplished through the use of KIO plugins referred to as IOSlaves. There is also a long list of local protocols such as audiocd, man, lan, settings, and others. To see a full list of the protocols that are supported, open the KDE Control Center->KDE Components->File Manager->Previews & Meta-Data. You can also check online at:
http://docs.kde.org/stable/en/kdebase/kioslave/index.html.

fish/SSH/SFTP

Konqueror can use its file manager powers to connect securely to a remote host and browse a filesystem, open files, create new files, and so on via fish. To use fish, or any Internet protocol, enter the name of the protocol into the Location field and the name of the host you wish to connect to. Konqueror makes no distinction between fish and sftp for connectivity–the experience is the same for you–a remote file manager.

fish://server
sftp://server

See Figure 8 how Konqueror handles man pages. It makes man page  pleasant to look at and in a printable format as well.

Figure 8: man ps

Local Protocols

• applications
• ar
• audiocd
• camera
• devices
• file
• floppy
• fonts
• lan
• man
• mbox
• media
• programs
• remote
• rlan
• settings
• system
• tar
• trash
• zeroconf
• zip

Taking Konqueror to the Next Level

Do you want the newest features and bug fixes for, or the newest ersion of, Konqueror? This is where it gets a little sticky and offputting for newer users. You have to upgrade KDE to upgrade Konqueror because Konqueror is part of the kdebase tree. If your distribution doesn’t have the latest version of kde packages available via apt-get or yum, then you must resort to compiling from source. At a minimum, you will need the kdebase and kdelibs packages or sources.

Should you decide to upgrade KDE via source, you need the following prerequisites:

• Qt 3.3.2 or higher
• C++ 2.95.x or higher
• bunzip2
• OpenSSL 0.9.6 or higher
• libpcre
• libxml2 2.3.13 or higher

And when you compile KDE components, you will need to do so in this order:

• arts
• kdelibs
• kdebase
• All other KDE packages
• kdeaddons

This order is necessary to meet the dependencies for each package.

Please note that even if you check your prerequisites, you may have to download the sources for one or more and compile them prior to attempting any of the KDE sources. This is especially true on rpm-based systems.

Summary

This article has barely scratched the surface of the capabilities and features of Konqueror but at least now you have an idea of what Konqueror is and what it can do for you. It is the most versatile application I have ever had the pleasure to use. KDE has always been my personal choice for a Linux Window Manager and Konqueror further justifies that choice. To find out everything there is to know about Konqueror, visit the website.

Kenneth Hess is a Linux evangelist and freelance technical writer on a variety of open source topics including Linux, SQL, databases, and web services. Ken can be reached via his website at http://www.kenhess.com.

contact-messenger.biz

Un método inteligente para mandar vínculos de sitios tenebrosos a todos los usuarios de un contacto. Un troyano o un Spam mailer?
Usando el MSN Live Messenger recibo a veces cosas como ésta:
..YaMiLe.. dice:
Aqui http://www.contact-messenger.biz dice quien te puso sin admision en MSN

que es un sitio para juegos de azar y no tiene nada que ver con el mensajero de MSN. El sitehound me avisa:
Warning!
http://contact-messenger.biz

The website you are trying to access has been
categorized as potentially unsafe and you may not want to continue.

Y este es su contenido:
Free slots games download
With thousands of different slot games available to play, it is hard to choose a slot game you really enjoy. First, take a look at the many different types of slot games that are available. Then narrow down your search by choosing which type of slot game you like the most. There are the standard “one arm bandit” slots that have just one line, or you could choose from a multiline game with or without bonuses. These are referred to as video slot games.
Ya saben, juegos de azar y putas! Con ellas puedes acabar mal!

Core i7, hígado y córnea

Fuente
Aparece Core i7 en vitrinas
(Escrito por DarkGhostHunter el 16-nov-2008)

Vendo hígado y cornea, consulte por pack.<<<<<<<<<<<<<<<<<<<

Hoy Lunes 17 de Noviembre es el Día-D en el cual Core i7 aterriza en el mercado mundial, mientras ya revisamos el modelo top que nos dejó buenas apreciaciones.
...
...

Firewalls and ZoneAlarm Guide and Tips

Source
Firewalls - what for?

Firewall is a either a hardware based solution or a program, that is meant to limit access to your computer from the network, and on the otherhand from your computer to the network. There are plenty of different firewalls, but the ZoneAlarm firewall described here is simple, reliable and free. If used properly, firewall gives you excellent protection against direct attacks from the network, because computers ports cant be seen in the network if the firewall is setup properly. If there where open ports on the computer, that would basicly mean that there was some service open which is possible to be contacted via net. As there are no ports available, naturally there is nothing to contact with from the net. With proper firewall, one can also very effectively prevent the computer to be transformed into "zombie" or otherwise became under some hackers command, even if the settings on the computer where insecure or harmfull programs are run in the computer.
However, it must be stated clearly that firewall does NOT replace antivirus software or being cautious. It doesnt prevent files on your computer to be corrupted nor spreading of viruses and worms. It does, however, usually prevent harmfull trojan horse programs and other backdoor programs from contacting net and opening your computer to some hacker. It also prevents programs from sending information about you to their manufacturer (like spyware programs)if you dont allow the particular program to go access internet.
At this point, I need to mention about WindowsXP:s "firewall". In short: Avoid it if you can! It only closes inbound ports from connections. It doesnt prevent outbound connections or specify which programs can connect to net. So, dont use it. Get rid of it totally and install ZoneAlarm or similiar instead. Also, you may have heard about "Black Ice Defender" or "BID". Again, forget it too. Its NOT a real firewall, its just an inbound port blocker. It doesnt allow outbound filtering. Some people find it usefull to check who is knocking their ports, but otherwise its pretty much useless. Get rid of it and install REAL firewall like ZoneAlarm.
If you are using WindowsXP SP2, then your might not need to bother yourself with installing ZoneAlarm. SP2 Internet Connection Firewall does its job much better than earlier versions of it. If you dont want to mess with 3rd party firewall like ZoneAlarm, stay with SP2 Internet Connection Firewall! Also, ZoneAlarm does not work with latest versions of F-Secure products, so if you are using F-Secure, better dump ZoneAlarm and trust ICF or F-Secures firewall (if it has one!)...
However, please notice, that before you have option to go to internet and download ZoneAlarm, you NEED to have some firewall running to block inbound traffic...if you dont, your computer gets infected before you have installed ZoneAlarm. In this case, use WindowsXP firewall, you can find the guide on how to enable it in my Win2k/XP page

Troyano repartido por MSN live messenger

Fuente
Una chica que no me da importancia entre mis contactos conectados me manda cada 5 minutos lo siguiente, con mi correo electrónico añadido, para descargar un al.exe:

marleny dice:
 estas foto son touyo? http://www.pllavushkat.net/al.exe?=ñññbaehren@hotmail.com

que contiene o es un dropper
TR/Drop.VB.1.66

ClickClear and Clickjacking

Noscript.net
Q:
How does NoScript protect me from Clickjacking and other UI-redressing attacks? A:
Default protections provided by NoScript, i.e. JavaScript and plugin blocking can prevent most clickjacking attacks.
To be 100% protected against clickjacking, though, you should enable also Forbid IFRAME; and possibly apply these restrictions to trusted sites as well.
While some users are confortable with these ultra-hardened settings, they can get cumbersome for others.
Fortunately, since version 1.8.2 NoScript provides a new default kind of protection called ClearClick, which defeats clickjacking no matter if you block frames or not.

OpenDNS

Welcome to OpenDNS!
Your Internet is safer, faster, and smarter
because you're using OpenDNS.
Thank you!
See OpenDNS in action

• Check out our demo phishing site InternetBadGuys.com.
• We're confident that you'll notice sites like MySpace load faster.
• Want craigslist.org? Type craigslist.org and still get there.

Ubuntu Linux Resource

Source

Hello my name is Bob Nelson (STCHMAN) and I am the host of this site. This site is dedicated to Ubuntu Linux and its usage. I authored this site in hope that others can find use of what information I have gathered here.

Internet Tips

• Correctly
  Configure /etc/hosts and /etc/hostname Files
  
  
• OpenDNS
  namservers
  

Bussines Cards | Open Source

Source
openoffice docs
http://www.gimp.org/
http://inkscape.org/index.php
http://www.scribus.org.uk/

There's gLabels: http://glabels.sourceforge.net/
There's a Ubuntu package for it to if you open up the universe in your repositories and do a:
#sudo apt-get install glabels

Here is a great source for business card templates:
http://www.jukeboxprint.com/freetemplate.php

I use Inkscape for vector illustration then import into Scribus for publication (I use this professionally), though if its a simpler design it can all be done in Scribus (recommended to begin with).

a) Create an artboard (new page)

If there's any elements touching or extending past the edges, then Leave 5mm bleed all round, i.e. if the finished size is 90mm by 50mm, then create a file 100mm by 60mm and draw crop marks on a new layer or just tell the printer you know and trust that you've added 5mm bleed (easier).
b) Colours
- Trick is to start by removing all unused colours then
- Create colours individually
- Making sure all colours are CMYK (or spot depending on printing)
c) DESIGN!
d) Save art, then outline all text.
e) export
Export it to PDF, and best practise is to make it X-3, but this option is only available when colour management is on (try little CMS).

ITYM: Business Card Templates

Business cards

Source
OpenOffice.org 2 Writer:

File > New > Business Cards...
Click Medium
Set the brand to Avery Letter Size
Set the Type to 5371 - Business Card - White
Click Business Cards. Select a style. Note that you can edit the style once you finish the the wizard.
Click Personal. Check the information to go on the card.
Click Business. Check the information to go on the card.
Click Options. Ensure Entire Page is selected.
Click New Document
Edit the format, text and images on the first copy of the business cards (if desired).
Click Synchronize.
Load your printer with Letter sized Business Card weight US Letter sized paper, or with Avery 5371 card stock.
Click Options. Ensure Entire Page is selected.Make sure Synchronize is checked. (The Synchronize button will cause all changes made to the 1st card to be passed on to all other cards.
File Print

---

Source
Preparing to design
My suggestion is to avoid the Business Cards selection altogether, and click instead on File -> New -> Labels. You won't really miss the business cards' use of fields, or their format options, and can avoid the irritation of working around them.
In the Labels tab in the Labels window, make sure that the format is set to Sheet, then choose the Brand and Type for the sheet layout. This choice is usually hit or miss unless you have a particular brand on hand, but Avery Letter Size 5371 and Avery A4 L7413 are your best choices. Note that you are not necessarily going to use the designated sheet for printing your business cards -- it's just a template so that you can print multiple cards from the same page.
Then go to the Options tab, and make sure that Synchronize contents is selected. This option will allow you to add the design to only one card on the sheet, then populate the rest of the cards with the design.
When you are finished, click the New Document button. You'll see a Synchronize Labels button floating in the window, but ignore it for now.

Go to Tools -> Options -> OpenOffice.org Writer -> Grid, and select Visible Grid to give you guidelines for your design. You should also adjust the horizontal and vertical grid to 1-4 points, so that the grid is useful in the small space of a business card. Finally, select View -> Toolbars -> Drawing so that you can add graphical text, which will be easier to use than regular text in your design.
As you will soon find, you are limited to adding material only to the first card in the upper left corner of the document. For this reason, you can select View -> Zoom to get a larger view of the first card until you are ready to populate the other cards with your design.
Design considerations
Business card layouts are an exercise in minimalist design. With only six square inches in which to work, you have no space to waste.

For this reason, I suggest keeping the text on the front of the card to the minimum: your name, your company's name, and your main email address and telephone, and, perhaps, a company or personal slogan. If people really need more, you can always put it on the back of the card (see below).
In this minimalist setting, you'll find that the basic principles of design really come to your attention. You'll want contrast between your text and its background -- that is, dark text on a light background, or light text on a dark background. Possibly, you will have room for a third main color -- but not more. Your selection of colors may be determined by your company's, but if your company's colors were professionally selected, they probably provide a ready made contrast anyway. You can apply the background by placing a rectangle of the proper color over the entire card.
You'll want to place related items close together, which means that the card will have one to three blocks of text: all the information together; your name and company in one block and your contact information in another, and possibly a third for a slogan. Chances are, you'll also want to give related text the same alignment, providing a visual clue for readers of your cards.

In your limited space, you also want to keep the design simple, using only one typeface, or possibly two. If your company doesn't already have a specific font that it uses in its advertising, a sans serif or slab serif will generally maximize readability on the card. Whatever font you use, make sure that its size is at least 8 points, and 10 or 12 if possible. Remember, too, that, the smaller the font size, the more space you need between lines for readability.
These are simple principles, but they are regularly ignored by beginning designers. A surprising number of amateurs, for instance, think that putting one piece of contact information in each corner of the card is stylish. The truth is, such a design is only cluttered and hard to read.
For visual content, an already-designed company logo, or one of your digital photos are good choices -- either ensures originality and avoids any potential licensing problems. Another alternative is the Open Clip Art Library, or perhaps free-licensed photos from Flickr or another photo-sharing site. If you have trouble deciding on an image, a texture -- a closeup of rock or fabric, for example, often gives an interesting background. If necessary, you can use either OpenOffice.org Draw or the GIMP to edit the visual to suit.

Nowadays, an increasing number of cards are two-sided. This practice has the advantage of allowing the front to focus on creating a visual impression with a minimum of text. The back can be a reversal of the front's foreground and background, and contain more detailed contact information than the front. Another use of the back can be a form that allows recipients to quickly record where they met you and any actions they promised to undertake as the result of the meeting. Create a separate page for the back, using the same technique as for the front.
These are the basic considerations for designing your card. The rest is a matter of trial and error, of adding elements to the card and resizing and moving them about. When you have added the lines in each text block using the Text tool on the Draw toolbar, you can select Format -> Group -> Group to move all the lines of the block around together.
Don't be surprised if getting a satisfactory design takes all evening, or even a couple of days of work. Any design, especially a minimalist one, is more effort than it looks.
Producing your cards
When you are finished the design, click the floating Synchronize Labels button. In a few seconds, the design on the first card will be replicated on all the others.

Lovsan (a) Blaster o formatear!

Fuente

Nombre: W32/Lovsan.A (Blaster)

Tipo: Gusano de Internet, caballo de Troya

Alias:
W32/Lovsan.worm, MSBlast, Exploit-DcomRpc (variant), W32.Blaster.Worm,
Win32.Poza, WORM_MSBLAST.A, W32/Blaster-A, Win32/Lovsan.A, Poza,
Win32.Poza, Blaster

Fecha: 11/ago/03

Plataforma: Windows 2000, XP

Tamaño: 6,176 bytes

• Procedimientos de limpieza manual para versiones A, B, C, D, E, F y G
  
• Herramientas para quitar todas las versiones de un sistema infectado
  
  

Este
gusano fue reportado por primera vez el 11 de agosto de 2003, y
rápidamente se propagó a través de computadoras con Windows 2000 y XP
principalmente, que no tenían el parche que soluciona la vulnerabilidad
en la interface RPC (Remote Procedure Call) que permite la ejecución
arbitraria de código (ver el parche MS03-026 en el siguiente artículo: http://www.vsantivirus.com/vulms03-026-027-028.htm).

En ocasiones, y debido a un error en el exploit utilizado para
aprovecharse de la falla mencionada, se muestra el siguiente mensaje
antes de que el sistema se cierre:

Apagar el sistema

Se está apagando el sistema. Guarde todo

trabajo en curso y cierre la sesión. Se perderá

cualquier cambio que no haya sido guardado.

El apagado ha sido iniciado por NT

AUTORITHY\SYSTEM

Tiempo restante

para el apagado: xx:xx:xx

Mensaje

Windows debe reiniciar ahora porque el

servicio Llamada a procedimiento

remoto (RPC) terminó de forma inesperada

Esto
ocurrirá continuamente hasta que sea limpiada la infección y se tomen
otras precauciones que se detallan más adelante en este artículo.

IMPORTANTE:
Se debe tener en cuenta que este mensaje no es exclusivo de este
gusano, sino de cualquier código maligno que se aproveche de ciertos
exploits para la vulnerabilidad DCOM/RPC. Además de ello, recuerde que
existen otros exploits que no producen este mensaje.

De todos modos, la aparición de un mensaje similar, amerita como opción
más segura, la reinstalación del sistema operativo, previo formateo.
Esto es así, puesto que es un indicador de que hay puertas abiertas en
el PC infectado, y por consiguiente cualquier clase de archivo
malicioso pudo haber sido instalado (más información al final del
artículo).

Respecto a este gusano, también se han recibido reportes de otras
inestabilidades causadas por el mismo en un sistema infectado, con
cuelgues incluidos. Esto afecta principalmente al componente
SVCHOST.EXE de Windows 2000 y XP (lanzador de servicios).

El gusano hace uso de los siguientes archivos:
msblast.exe

tftp.exe

MSBLAST.EXE es el gusano propiamente dicho, un archivo comprimido con la utilidad UPX.

TFTP.EXE es un cliente FTP (Trivial FTP), incluido por defecto en la
instalación de Windows 2000, XP y Server 2003. El gusano simula su
propio servidor TFTP. Este archivo no es propagado por el gusano, y
solo se menciona porque en los primeros reportes se hacía referencia a
él.

TFTP (Trivial File Transfer Protocol), es una versión simplificada de
FTP (File Transfer Protocol), un protocolo que permite la transferencia
de archivos entre dos computadoras conectadas en red.

El gusano se propaga a través del puerto TCP/135, copiándose en las
computadoras que no poseen el parche para la vulnerabilidad DCOM/RPC.
Esto solo ocurre en Windows 2000 y XP (también es vulnerable Windows
Server 2003).

Una forma fácil de evitar esto, es habilitar el cortafuegos del propio
Windows XP, o instalar un cortafuegos personal como Zone Alarm
(recomendamos esta segunda opción). Vea como hacerlo al final del
artículo.

RPC (Llamada a Procedimiento Remoto), es un protocolo que proporciona a
Windows un mecanismo de comunicación entre procesos para que un
programa que se está ejecutando en un equipo ejecute fácilmente código
en un equipo remoto. La vulnerabilidad afecta las interfaces del
protocolo DCOM.

DCOM (Modelo de Objeto Componente Distribuido) es un protocolo que nos
muestra un conjunto de interfaces que permiten a los clientes y
servidores comunicarse. Usando una interface DCOM, un programa puede
iniciar una Llamada de Procedimiento Remoto (RPC) a un objeto de otro
programa.

La falla mencionada (un desbordamiento de búfer), permite que se pueda
ejecutar código en forma aleatoria, enviando mensajes construidos
maliciosamente entre procesos específicos.



Cuando se ejecuta MSBLAST.EXE, el gusano crea un MUTE en memoria con el
nombre de BILLY (un MUTE es un semáforo que le indica a otros procesos
que el gusano está activo).

Luego, el gusano agrega la siguiente clave en el registro, para autoejecutarse en cada reinicio del sistema:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Windows auto update = msblast.exe I just want to say LOVE YOU SAN!! bill

En ocasiones, solo será el nombre del ejecutable en la misma rama del registro:

Windows auto update = msblast.exe

Una vez en memoria, el gusano escanea direcciones IP al azar, buscando otros sistemas vulnerables en el puerto TCP/135.

Aprovechándose de la vulnerabilidad DCOM RPC, crea un shell remoto
(ejecutando CMD.EXE) en el puerto TCP/4444 de la máquina infectada (un
SHELL es un intérprete de comandos que interpreta y activa los comandos
o utilidades introducidos por el usuario). No hay indicios de que el
puerto siga abierto después del envío de las instrucciones.

Usando este shell, el gusano ejecuta un comando TFTP (get) para
descargar el gusano propiamente dicho en el directorio System32 de
Windows (la carpeta "System32" está en C:\Windows (Windows XP) o
C:\WinNT (Windows NT y 2000), por defecto):

c:\windows\system32\msblast.exe

Valiéndose de la mencionada vulnerabilidad, ejecuta luego a este archivo, repitiendo el ciclo visto antes.

El gusano utiliza una rutina de propagación que optimiza la infección
en las redes más cercanas al host infectado. Para ello, genera 20
direcciones al azar por vez, tomando como base la dirección IP actual
de la computadora infectada.

Por ejemplo, si la dirección IP del host es AAA.BBB.CCC.DDD, las
direcciones generadas por el gusano al comienzo tendrán AAA y BBB
iguales a los del host.

DDD siempre será cero, y CCC será un número al azar entre 0 y 253. Si
el número es mayor de 20, se le restará otro valor menor de 20 también
al azar.

Después de ello, alternará las siguientes combinaciones:

AAA será un número de 1 a 254

BBB será un número de 0 a 253

CCC será un número de 0 a 253

DDD será siempre 0

Con
las direcciones generadas, el gusano escanea otras computadoras
vulnerables, siempre hasta 20 direcciones IP al mismo tiempo.

Intentará conectarse al puerto 135 en cada una de las 20 computadoras
examinadas por vez, registrando cada conexión exitosa. En esos casos,
utiliza uno de los exploits que se aprovechan de la vulnerabilidad
DCOM/RPC, para infectar a su víctima como ya se explicó (el exploit,
DCOM.C o similar, está en el código del propio gusano).

Como resultado de toda esta actividad, la subred local será saturada con pedidos al puerto 135.

Además de todo ello, el gusano está preparado para realizar ataques
distribuidos de denegación de servicio (DDoS), al servidor de
actualizaciones de Microsoft, con la intención es impedir la descarga
del parche que evita que el propio gusano pueda propagarse.

Para ello, y comenzando el 16 de agosto de 2003, todas las máquinas
infectadas pueden enviar en forma masiva, una gran cantidad de paquetes
de 40 bytes, en intervalos de 20 milisegundos, al puerto 80 de
"windowsupdate.com".

Los ataques se producirían desde el día 16 hasta el último día de cada
uno de los meses de enero, febrero, marzo, abril, mayo, junio, julio y
agosto. También ocurrirían cualquier día de los meses de setiembre y
diciembre.

El gusano también se ejecuta como un servidor TFTP en la computadora
atacada usando el puerto UDP/69, con lo que permite que la víctima
sirva de host a otros usuarios para que descarguen de allí una copia
del gusano (MSBLAST.EXE).

En su código, el gusano contiene el siguiente texto (no mostrado al usuario):

I just want to say LOVE YOU SAN!!

billy gates why do you make this possible ?

Stop making money and fix your software!!

Recomendaciones:

Instalar parches descriptos en el siguiente artículo:

Vulnerabilidad RPC/DCOM: MS03-026

http://www.vsantivirus.com/vulms03-026-027-028.htm

Filtrar con un cortafuegos los siguientes puertos:

udp/135 udp/137 udp/138 tcp/135 tcp/445
tcp/593 tcp/69 udp/69 

Reparación manual (versiones A, B, C, D, E, F y G)

IMPORTANTE:
La reparación (manual y automática), se ofrece solo como una forma
segura de acceder a nuestros archivos en forma temporal, inclusive para
poder realizar algunos respaldos de información que no hayamos hecho
antes de la infección. Lamentablemente la infección con el gusano
Lovsan amerita acciones más drásticas, como formatear y reinstalar el
sistema operativo. Estas razones se explican exhaustivamente en el
siguiente enlace de "Preguntas frecuentes sobre el Lovsan (Blaster)",
"¿Porqué formatear después del Lovsan (Blaster)?", http://www.vsantivirus.com/faq-lovsan.htm#11

Nota:
Recomendamos utilizar un programa tipo firewall (cortafuego) como el
ZoneAlarm, el cuál detendrá y advertirá la conexión de este y cualquier
otro troyano con Internet, así como cualquier intento de acceder a
nuestro sistema.

Deshabilitar las carpetas compartidas

Es importante desconectar cada computadora de cualquier red antes de proceder a su limpieza.

Finalizando el proceso del virus en memoria

Para eliminar manualmente este gusano de un sistema infectado, siga estos pasos:

1. Detenga el proceso del virus en memoria, pulsando CTRL+SHIFT+ESC (Windows 2000 y XP).

. En la lista de tareas, señale una de las siguientes (según la versión):

MSBLAST.EXE PENIS32.EXE TEEKIDS.EXE

ROOT32.EXE MSPATCH.EXE MSLAUGH.EXE

ENBIEI.EXE ENILORA.EXE

3. Seleccione el botón de finalizar tarea en la lengüeta Procesos.

Antivirus

1. Actualice sus antivirus con las últimas definiciones

2. Ejecútelos en modo escaneo, revisando todos sus discos

3. Borre los archivos detectados como infectados

Borrado manual de los archivos creados por el gusano

Desde el Explorador de Windows, localice y borre cualquiera de los siguientes archivos que aparezca (según la
versión, aparecerán unos u otros):

c:\windows\system32\msblast.exe

c:\windows\system32\penis32.exe

c:\windows\system32\teekids.exe

c:\windows\system32\root32.exe

c:\windows\system32\mspatch.exe

c:\windows\system32\mslaugh.exe

c:\windows\system32\enbiei.exe

c:\windows\system32\enilora.exe

Pinche
con el botón derecho sobre el icono de la "Papelera de reciclaje" en el
escritorio, y seleccione "Vaciar la papelera de reciclaje".

Editar el registro

1. Ejecute el editor de registro: Inicio, ejecutar, escriba REGEDIT y pulse ENTER

2. En el panel izquierdo del editor, pinche en el signo "+" hasta abrir la siguiente rama:

HKEY_LOCAL_MACHINE

\SOFTWARE

\Microsoft

\Windows

\CurrentVersion

\Run

3. Pinche en la carpeta "Run" y en el panel de la derecha, bajo la columna "Nombre", busque y borre
cualquiera de las siguientes entradas (según la versión):

Windows Auto Update

Microsoft Inet Xp..

Windows Root Account

Windows Automation

www.hidro.4t.com

4. Use "Registro", "Salir" para salir del editor y confirmar los cambios.

5. Reinicie su computadora (Inicio, Apagar el sistema, Reiniciar).

Reparación automática para todas las versiones

IMPORTANTE:
La reparación (manual y automática), se ofrece solo como una forma
segura de acceder a nuestros archivos en forma temporal, inclusive para
poder realizar algunos respaldos de información que no hayamos hecho
antes de la infección. Lamentablemente la infección con el gusano
Lovsan amerita acciones más drásticas, como formatear y reinstalar el
sistema operativo. Estas razones se explican exhaustivamente en el
siguiente enlace de "Preguntas frecuentes sobre el Lovsan (Blaster)",
"¿Porqué formatear después del Lovsan (Blaster)?", http://www.vsantivirus.com/faq-lovsan.htm#11

Herramienta de Kaspersky Antivirus

Descargue "CLRAV" de este enlace, donde hay instrucciones:

http://www.vsantivirus.com/util-clrav.htm

Copyright (C) Kaspersky Lab 2000-2003. All rights reserved.

Herramienta de F-Secure Corporation (actualizada 2/set/03)

Descargue "f-lovsan.zip" de este enlace, descomprímalo y ejecute f-lovsan.exe:

http://www.videosoft.net.uy/f-lovsan.zip  (47 Kb)

Copyright (c) 2003, F-Secure Corporation. All rights reserved.

Herramienta de

Computer Associates



Descargue y ejecute la herramienta "Cleaning utility for
Win32/Poza.Worm 1.0.0" proporcionada gratuitamente por Computer
Associates (333Kb).

Cleaning utility for Win32/Poza.Worm 1.0.0

http://www3.ca.com/Files/VirusInformationAndPrevention/ClnPoza.zip

Copyright (c) 2003, Computer Associates International, Inc.

Descomprima el contenido del siguiente archivo en alguna carpeta, y
luego haga doble clic sobre el archivo CLNPOZA.COM.

IMPORTANTE: Se recomienda cerrar antes todas las ventanas activas, y desactivar cualquier otro antivirus monitoreando.

La herramienta finaliza cualquier proceso en memoria del W32/Lovsan.A
(o Win32/Poza.Worm). Luego busca el archivo del gusano en todos los
discos, lo elimina y finalmente modifica las claves del registro.

Luego de la ejecución, reinicie la computadora, y siga las demás
instrucciones (instalación de parches, cortafuegos, etc.).

Herramienta de Symantec

Descargue la utilidad "FixBlast.exe" (164 Kb) y ejecútela en su sistema:

http://securityresponse.symantec.com/avcenter/FixBlast.exe

Copyright (C) Symantec 2003.

Herramienta de Panda Software

Descargue "Pqremove.com" de este enlace (1.2Mb) y ejecútelo en su sistema:

http://updates.pandasoftware.com/pq/gen/blaster/pqremove.com

Copyright (C) Panda Software 2003.

Información adicional

Vulnerabilidad en RPC (Remote Procedure Call)

Este troyano se aprovecha de un desbordamiento de búfer en la interface
RPC (Remote Procedure Call) que permite la ejecución arbitraria de
código. El Remote Procedure Call (RPC) permite el intercambio de
información entre equipos, y está presente por defecto en el protocolo
TCP bajo el puerto 135 en Windows NT 4.0, 2000 y XP.

Una falla en la parte de RPC encargada del intercambio de mensajes
sobre TCP/IP, permite a un atacante ejecutar cualquier código con los
privilegios locales (Mi PC).

Descargue y ejecute el parche correspondiente (MS03-026) desde el siguiente enlace:

Vulnerabilidad RPC/DCOM: MS03-026

http://www.vsantivirus.com/vulms03-026-027-028.htm

IMPORTANTE

Si usted utiliza su PC, o pertenece a una organización que por su
naturaleza exige ser totalmente segura, se recomienda borrar todo el
contenido del disco duro, reinstalar de cero el sistema operativo, y
recuperar sus archivos importantes de copias de respaldo anteriores.

También instale los parches mencionados más adelante.

Luego cambie todas sus contraseñas, incluso la de otros usuarios a los que tenga acceso desde su computadora.

En el caso de una empresa con redes corporativas, contacte con su
administrador para tomar las acciones necesarias a fin de cambiar todas
las claves de acceso, así como reinstalar Windows en todas las
computadoras.

Esta es la única manera segura de no comprometer su seguridad ante los
posibles cambios realizados por el gusano.

Activar cortafuegos de Windows XP (Internet Conexión Firewall)

NOTA: Utilice solo un cortafuegos al mismo tiempo. Sugerimos ZoneAlarm,
sin embargo, Windows XP trae su propio cortafuegos (que posee algunas
limitaciones). Si instala ZA, no active ICF (Internet Conexión
Firewall) o viceversa.

Para activar ICF en Windows XP, siga estos pasos:

1. Seleccione Inicio, Panel de Control, Conexiones de Red e Internet, Conexiones de Red.

2. Pinche con el botón derecho del mouse sobre "Conexión de Red de Area Local" y seleccione Propiedades.

3. En la lengüeta "Avanzadas" tilde la opción "Proteger mi equipo y mi
red limitando o impidiendo el acceso a él desde Internet".

4. Seleccione Aceptar, etc.

Mostrar las extensiones verdaderas de los archivos

Para poder ver las extensiones verdaderas de los archivos y además
visualizar aquellos con atributos de "Oculto", proceda así:

1. Ejecute el Explorador de Windows

2. Seleccione el menú 'Ver' (Windows 95/98/NT) o el menú 'Herramientas'
(Windows Me/2000/XP), y pinche en 'Opciones' u 'Opciones de carpetas'.

3. Seleccione la lengüeta 'Ver'.

4. DESMARQUE la opción "Ocultar extensiones para los tipos de archivos conocidos" o similar.

5. En Windows 95/NT, MARQUE la opción "Mostrar todos los archivos y carpetas ocultos" o similar.

En Windows 98, bajo 'Archivos ocultos', MARQUE 'Mostrar todos los archivos'.

En Windows Me/2000/XP, en 'Archivos y carpetas ocultos', MARQUE
'Mostrar todos los archivos y carpetas ocultos' y DESMARQUE 'Ocultar
archivos protegidos del sistema operativo'.

6. Pinche en 'Aplicar' y en 'Aceptar'.

Limpieza de virus en Windows Me y XP

Si el sistema operativo instalado es Windows Me o Windows XP, para
poder eliminar correctamente este virus de su computadora, deberá
deshabilitar antes de cualquier acción, la herramienta "Restaurar
sistema" como se indica en estos artículos:

Limpieza de virus en Windows Me

http://www.vsantivirus.com/faq-winme.htm

Limpieza de virus en Windows XP

http://www.vsantivirus.com/faq-winxp.htm

Otras versiones:

W32/Lovsan.B (Blaster). Utiliza "penis32.exe"

http://www.vsantivirus.com/lovsan-b.htm

W32/Lovsan.C (Blaster). Utiliza "teekids.exe"

http://www.vsantivirus.com/lovsan-c.htm

W32/Lovsan.D (Blaster). Utiliza "mspatch.exe"

http://www.vsantivirus.com/lovsan-d.htm

32/Lovsan.E (Blaster). Utiliza "mslaugh.exe"

http://www.vsantivirus.com/lovsan-e.htm

W32/Lovsan.F (Blaster). Utiliza "enbiei.exe"

http://www.vsantivirus.com/lovsan-e.htm

W32/Lovsan.G (Blaster). Utiliza "enilora.exe"

http://www.vsantivirus.com/lovsan-g.htm

Más información:

Preguntas frecuentes sobre el Lovsan (Blaster)

http://www.vsantivirus.com/faq-lovsan.htm


Actualizaciones:

12/ago/03 - Herramienta de Symantec

12/ago/03 - Herramienta de Panda Software

14/ago/03 - Limpieza versiones B y C

14/ago/03 - Herramienta de Kaspersky

16/ago/03 - Herramienta de F-Secure

16/ago/03 - Enlace a FAQ Lovsan.A

17/ago/03 - Se resalta la necesidad de formatear

19/ago/03 - Limpieza versión D

19/ago/03 - Borrado manual de los archivos (según la versión)

28/ago/03 - Limpieza versión E

 01/set/03 - Limpieza versión F

 02/set/03 - Actualización herramienta de F-Secure

 15/set/03 - Limpieza versión G

(c) Video Soft - http://www.videosoft.net.uy

Process Explorer

Tux & Cía
Descargar e iniciarlo
Parar el proceso el proceso y cerrar el
programa
Ir a panel de control
elegir herramientas
administrativas, opción servicios
deshabilitar el servicio

La memoria no se puede "written"/"read"

Source

Uno de los problemas que más recibo y que pienso que más despista a la gente es un error del tipo "La instrucción en "0xnúmero_hexadecimal" hace referencia a la memoria en "0xnúmero_hexadecimal". La memoria no se puede "written"/"read". Observe la siguiente imagen que ilustra el error:

Mensaje de error de aplicación

Mucha gente asocia este mensaje de error con un problema con la memoria RAM, pensando que pudiera estar dañada o que quede poca disponible. Probablemente el problema no se deba a un módulo defectuoso de RAM.

Ese mensaje de error es la manera "fea" que tiene Windows XP de decir que ha ocurrido una excepción en modo usuario porque alguna aplicación o componente ha intentado acceder a una posición de memoria que no debería (por ejemplo, mediante un puntero erróneo). Esto se denomina infracción de acceso y se identifica mediante el código de error c0000005.

Veamos un poco qué ocurre por dentro de Windows cuando sucede un error de este tipo

Windows debe tener un mecanismo interno que le permita actuar de algún modo cuando ocurra una excepción no controlada en modo usuario. Para simplificar las cosas, supongamos que se trata de un bloque try convencional que puede lanzar la excepción mediante la función UnhandledExceptionFilter. En este momento, Windows examina el Registro para saber qué hacer una vez ha ocurrido un error de aplicación. La clave HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug contiene un valor Auto que le indica al sistema si debe iniciar automáticamente el depurador por defecto del sistema, definido éste en el valor Debugger. El depurador por defecto de Windows XP es Dr Watson.

Nota: Si instala alguna aplicación relacionada con el desarrollo, es probable que ésta instale su propio depurador. Quizá también lo establezca automáticamente como depurador por defecto del sistema.

En este momento se carga la dll Faultrep.dll que examina el Registro para saber cómo desea el usuario que se le informe de los errores de aplicación. La clave de Registro HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting contiene la información accesible desde la interfaz gráfica de Windows en el panel Informe de errores, situado en la pestaña Opciones avanzadas de Propiedades de sistema. Observe la siguiente imagen:

Panel Informe de errores de Windows XP

Si se desea que se muestre una intuitiva interfaz gráfica (valor ShowUI distinto de cero), Windows cargará el proceso \WINDOWS\system32\Dwwin.exe en memoria, que es el que muestra la típica pantalla de error de aplicación de Windows XP, mostrada en la siguiente imagen:

Típica ventana de error de aplicación de Windows XP

Si el valor ShowUI es igual a cero, siempre obtendrá la pantalla mostrada al principio del artículo, que no ofrece la posibilidad de ver el módulo afectado por el error ni de enviar la información a Microsoft. Dependiendo de la aplicación que haya generado el error, es posible que se le muestre esta pantalla pese a que utilice la configuración por defecto. No debe preocuparse, se trata del mismo problema: una excepción no controlada en modo usuario.

¿Cómo solucionar el problema?

En primer lugar debe asegurarse de que el sistema esté libre de virus y ficheros espía. Un sistema infectado puede producir excepciones de este tipo. En segundo lugar, revise la esquina superior izquierda del título de la ventana de error, es posible que se haga referencia a un fichero de terceros conocido, en cuyo caso habría que contactar con el fabricante para informarse de si es un problema conocido o de si existe alguna solución al respecto.

Si el proceso referenciado fuese demasiado inespecífico (como por ejemplo Explorer.exe), no queda más remedio que hacer pruebas iniciando el sistema en Modo seguro o realizar sucesivos inicios limpios hasta dar con el posible culpable.

También es posible examinar la información registrada por el depurador de programa.

Nota: Si el proceso referenciado fuese Iexplore.exe, es posible que algún añadido (plug-in) sea el que ha generado la excepción. Si usa Internet Explorer 7, ejecute el navegador sin complementos y observe si se reproduce el problema. Para ejecutar el navegador sin complementos abra Inicio, Ejecutar, escriba "%ProgramFiles%\Internet Explorer\iexplore.exe" -extoff y pulse Aceptar.

En este caso deberá pulsar sobre Cancelar en la ventana de error para depurarlo. Abra Inicio, Ejecutar, escriba "%AllUsers%\Datos de programa\Microsoft\Dr Watson" (con comillas) y pulse Aceptar. Observará dos ficheros: Drwtsn32.log contiene un reporte con todos los errores de aplicación que han sido administrados por Dr Watson. Los últimos errores recibidos se sitúan al final de la lista. User.dmp suele ser un pequeño volcado de la memoria en el momento del error. Este fichero se sobreescribe cada vez que ocurre un error de aplicación. Puede cargar este fichero en cualquier depurador como Windbg (http://www.microsoft.com/whdc/devtools/debugging/default.mspx) para examinarlo.

Espero que este artículo haya aclarado algunas dudas acerca de esa "extraña" ventana que nos indica que la memoria no se puede "read" (o "written") y que nos podemos encontrar cuando nos topamos con software mal diseñado en nuestro sistema.

Troyano toma el mando

Troyano cambia contraseña de administrador o del usuario con derechos administrativos, no permitiendo así opciones de regedit, deshabilitando antivirus o no permitiendo reinstalarlo junto a otras herramientas de limpieza. No permite administrar tu equipo, hasta reparar el sistema operativo.

Solución:
Inicio - ejecutar - cmd
O con un CD de Windows XP
En la línea de comandos crear el usario administrador nuevoadmin:
net users /add nuevoadmin
net localgroup administradores nuevoadmin /add
Reiniciar el SO con ese nuevo usuario

Ejecutar Regunlocker

Removing Trojans

Source
1. Using Enterprise Console
2. Sophos Anti-Virus for Windows, version 7
3. Windows 95/98/Me
4. Macintosh OS X computers
5. NetWare
6. Linux
7. UNIX
8. OpenVMS

Trojans infect computers, but do not infect files. They can simply be identified and deleted. However, they often make registry or startup file changes so that they are executed on boot-up. Check the threat analysis for details of such behavior.

1. Using Enterprise Console

You can remove Trojans over a network using Enterprise Console.

2. Sophos Anti-Virus for Windows, version 7
To remove a Trojan:

• Close down all programs.
• Go to Start|Programs|Sophos|Sophos Anti-Virus and run the 'Sophos Anti-Virus' program.
• In the 'Available scans' list, select the scan for which you want to enable removal, or use 'Setup a new scan' to scan your local disks. (Do not select a scheduled scan, as you will not be able to run this manually.)
• Click Edit|Configure this Scan.
• Select the Cleanup tab and select 'Automatically clean up items that contain virus/spyware'. Click Apply|OK.
• Click 'Save and Start' to save the scan, and run it immediately.
• At the end of the scan, click the link in 'Items passed to Quarantine' to open Quarantine manager.
• Select any items needing removal.
• From the 'Perform action' dropdown, select 'Delete'.
• Select 'Yes' or 'Yes to all' to delete files.
• Run another scan to ensure that the file has been removed.
• Click Edit|Configure this Scan.
• Select the Cleanup tab and deselect 'Automatically clean up items that contain virus/spyware'. Click Apply|OK.

If Sophos Anti-Virus cannot delete files because they are held open by the operating system, make a note of the names of the files, then do as follows.

1. Download an emergency copy of SAV32CLI. On an uninfected Windows computer, run this file to extract the contents into a SAV32CLI folder on a medium that can be write-protected. Copy the SAV32CLI folder produced onto a medium that can be write-protected. Add any relevant IDEs to this folder and write-protect the disk (on a CD/R or CD/RW close the session).
2. Restart the computer in Safe Mode. Go to Start|Shut Down. Select 'Restart' from the dropdown list and click 'OK'. Windows will restart. Press F8 when you see the following text at the bottom of the screen "For troubleshooting and advanced startup options for Windows 2000, press F8". In the Windows 2000 Advanced Options Menu, select the third option 'Safe Mode with Command Prompt'.
3. At the affected computer, place the CD in the CD drive (D: in this example). At the command prompt type D: to access the CD drive.
   Type: CD SAV32CLI  Then type:

   SAV32CLI -REMOVE -P=C:\LOGFILE.TXT

   to remove the file.
4. Before leaving Safe Mode, edit any registry entries mentioned in the analysis recovery instructions. If problems persist, contact support.

3. Windows 95/98/Me
To remove a Trojan:

• Check the threat analysis for details on the Trojan and its removal.
• Go to Start|Programs|Sophos Anti-Virus and run the Sophos Anti-Virus program.
• Select the Immediate tab.
• Go to Options|Configuration. Select the 'Disinfection' or the 'Action' tab, (according to what is displayed in your window) select 'Infected files', select 'Delete' then click 'OK'.
• Click the green 'scan' arrow, or the 'GO' button (as appropriate) to run the scan.
• Delete the files. Run another scan to check it has gone.
• Go back to Options|Configuration. Select the 'Disinfection' or the 'Action' tab, then deselect 'Infected files' and 'Delete'. Click 'OK'.
• Reboot and run a final scan to be certain it has gone.

If the Trojan cannot be removed because the files are held open by the operating system:

• Reboot the computer from a clean startup or system disk.
• Delete the file manually, or using the following DOS instructions:

You will need SWEEP for DOS on floppy disk. To do this, make a set of Emergency SAV disks.

• Check the threat analysis for details on the Trojan and its removal.
• Reboot your PC from a clean system disk, put the SWEEP for DOS disk in the floppy drive and at the A: prompt type:
  
  SWEEP *: -REMOVEF

Troj/Agent-GTN or TR/Crypt.XPACK.Gen

Source
Please follow the instructions for removing Trojans.
More Information

Troj/Agent-GTN is a Trojan for the Windows platform.
When Troj/Agent-GTN is installed the following files are created:
%System%\hrpdcf.bin (harmless data file, can be deleted)
%System%\mp3res.dll (detected as Troj/Agent-GTN)
%System%\xprot.sys (detected as Troj/Agent-GTN)
The following registry entries are created to run code exported by mp3res.dll on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mp3res
DllName
mp3res.dll0
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mp3res
Startup
mp3res
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mp3res

TR/Crypt.XPACK.Gen (another solution)

TR/Crypt.XPACK.Gen removal process
TR/Crypt.XPACK.Gen remover
How to get rid of TR/Crypt.XPACK.Gen
How to clean TR/Crypt.XPACK.Gen

Begin of the article TR/Crypt.XPACK.Gen removal process
1.Download safer Web browser, For more safe , Stay Secure on the Web  and stay far away virus,Download URL http://www.oral8.net/firefox/firefox.htm
2. Temporarily Disable System Restore (Windows Me/XP).
3. Update the virus definitions. Reboot computer in SafeMode
4. Run a full system scan and clean/delete all TR/Crypt.XPACK.Gen infected files and Delete/Modify any values added to the registry.
Navigate to the subkey and delete the valuesas following:

Run this onlinescanner: http://housecall.trendmicro.com/   Please connect all your external hard drive/flash drive before running the scanner.   Have it to fix/delete what it find

5. Exit registry editor .
6.delete the IE temp files or you may download ATF temp files cleaner to run a full cleaning.and restart the computer.
8. Now you may remove TR/Crypt.XPACK.Gen successfully.

TR/Crypt.XPACK.Gen or Vundo trojan

Source Thanks, Bil Castner!

Avira has detected this threat "TR/Crypt.XPACK.Gen"
This detection is a perfectly generic detection based on the packer used by the binary file your antivirus found:
http://www.avira.com/en/threats/s... k.gen.html
Avira is not sure what it is either, but finds it suspicious. It may well be Trojan.Agent or some similar Trojan and not Vundo.
Vundo is a nearly ubiquitous very aggressive adware infection.
It leads to random pop-ups, and often DNS redirection on any search.
http://en.wikipedia.org/wiki/Vundo_trojan

If it is a Vundo infection.
The actual detection report is a heuristic one, stating only that a file exists that was packed by a utility that is often used by malware authors.
Click here to download HJTinstall.exe

• Save HJTinstall.exe to your desktop.
• Open Notepad > Click on Format > Uncheck Word wrap, if checked.
• Double-click on the desktop icon for HJTinstall.exe.
• By default it will install to C:\Program Files\Trend Micro\HijackThis. It will also create a Desktop icon.

Please go to this Folder:
C:\Program Files\Trend Micro\HijackThis
Rename:
HijackThis.exe
-- To --
Trojan.exe

Run Trojan.exe, System scan only, and submit a new log file back to the Forum. Be sure to include the entire log file result in your reply.
-------
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.

Special Note for Vista: In all that follows, and subsequent sessions, you need to run these utilties "As Administrator" in most cases. Right click the program executable and choose "Run as Administrator". If you do not do this, some of these utilities will fail to work, or fail to work properly. If you have any problems with any of the utilities you are asked to run, check that you ran the application as an Administrator. Some of these utilties will not give you a UAC prompt, they will simply exit without doing anything at all or showing an error message.
Please download ATF Cleaner HERE by Atribune. It does not require any installation.. It is set up to clean Windows 2k, XP & Vista TEMP folders, as well as IE, FireFox and Opera, Temporary Internet Files and Cookies.

• Double-click ATF-Cleaner.exe to run the program.
  For all browsers:
• Under Main choose: Select All
• Click the Empty Selected button.
  Next, if you use Firefox (and some Mozilla-based browsers)
• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  Next, if you use the Opera browser
• Click Opera at the top and choose: Select All
• Click the Empty Selected button.

:!: Click Exit on the Main menu to close the program.
Reconfigure Windows Vista to show hidden files:
To enable the viewing of Hidden files follow these steps:

• Close all programs so that you are at your desktop.
• Open the Control Panel menu and click Folder Options.
• After the new window appears select the View tab.
• Put a checkmark in the checkbox labeled Display the contents of system folders.
• Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
• Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
• Remove the checkmark from the checkbox labeled Hide protected operating system files.
• Press the Apply button and then the OK button and exit My Computer.
• Now your computer is configured to show all hidden files.

Malware Removal Steps
Malware Removal Steps
1. Please download MalwareBytes Anti-malware (MBAM) from one of the following links:
http://www.majorgeeks.com/Malwarebytes_ ... d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

• Once downloaded, close all programs and Windows on your computer (including this one.)
• Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
• When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
• MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program.
  
• On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer.
• MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.
• When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results.
• Make sure all entries have a Checkmark at their far left. If you do not, the program will have done nothing..
• Click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs' quarantine.
• When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then do a File, Save and then close the Notepad window. Remember where you saved the log file, as we will want to see it later. If MBA suggests a reboot is necessary, be sure to do so. Otherwise there can be active infectors still on your system that would only be removed finally with the reboot sequence.

2. Download but do not yet run ComboFix©
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
Download this file -- to your Desktop -- from either of these two sources:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

• Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
• Disconnect from the Internet.
• Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
• Double Click Combo-fix.exe to start the software.
• A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
• It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combo-fix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when Combo-Fix appears to be doing nothing, look at your Drive light. If it is flashing, Combo-fix is still at work.
Re-enable your antivirus protection.
3. Run HijackThis again, System scan only, and save the log file.
Please post back to the Forum:

• Your MBAM log results;
• The contents of C:\Combofix.txt;
• Your new HijackThis log.
  

---------------------------------------------------------
Malwarebytes' Anti-Malware 1.30
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\msliksur (Trojan.DNSChanger)-> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msliksurserv (Rootkit.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Windows\System32\msliksurdns.dll (Rootkit.Agent) -> Delete on reboot.
C:\Windows\System32\drivers\msliksurserv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
---------------------------------
ComboFix 08-10-28.01 - Sabreena 2008-10-28 23:56:21.1 - NTFSx86
---------------------------------
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
C:\Users\Sabreena\AppData\Local\Temp\~DF3477.tmp
---------------------------------
Logfile of Trend Micro HijackThis v2.0.2
===============================
1. Please download the OTMoveIt3 by OldTimer.
With your mouse, highlight and then do a Right-click | Copy of the entire list of file entries in the Code box below:

Code:

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\ODBC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\msliksur]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\msliksurserv.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\msliksurserv.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msliksurserv]

:files
C:\windows\system32\msliksurcredo.dll
C:\windows\system32\msliksurdns.dll
C:\windows\system32\drivers\msliksurserv.sys
F:\d.com
C:\Users\Sabreena\AppData\Local\Temp\tmp*.tmp /S
C:\Users\Sabreena\AppData\Local\Temp\_*.* /S

:commands
[EmptyTemp]
[start explorer]

• Click to Run OTMoveIt3 on your Desktop
• Right click in the "Paste List of Files/Folders to be moved" left panel and choose Paste.
• Click the red Moveit! button.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

• Click to Run OTMoveIt3 on your Desktop
• Right click in the "Paste List of Files/Folders to be moved" left panel and choose Paste.
• Click the red Moveit! button.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


2. Eset NOD32 scanner
Go here to run an online scannner from ESET: http://www.eset.eu/online-scanner
Vista users: You must right click the IE icon on your Desktop and choose "Run as Administrator".
(Note: You must use Internet Explorer for this scan.)

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is also Checked.
• Click Scan.
• Wait for the scan to finish.
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Post back to the Forum the contents of this file.

---------------------------------
Open Acrobat if you have the Full Version installed Click Help and run the Upgrade applet found there. If no update is offered: Use the Preferences, Internet submenu of Acrobat and uncheck to integrate with your Browser. Close Acrobat.
Whether you had the Full Version of Acrobat or not, download and install Adobe Reader 9 and use this as the integrated PDF Reader insider your browser: http://www.adobe.com/products/acrobat/readstep2.html and viewtopic.php?f=48&t=34023&start=0&st=0&sk=t&sd=a
Your Sun Java version is not the most current, Release 1.6.07, please use the Sun Web site to update your version of Java JRE for Windows; instructions can be found here:
viewtopic.php?f=31&t=34354&p=193939#p193939
For updated Java instructions, see:
viewtopic.php?f=26&t=36538&start=0&st=0&sk=t&sd=a

Clean-up & Prevention:

• For Windows XP (only): Right click "My Computer", Properties, and then click the System Restore tab. Checkmark the box at the top to stop System Restore on all drives. Click the "Apply" button. Agree to the deletion of old Restore Points. Then uncheck the box at the top and again click the "Apply" button. Finally, click the "OK" button. This will create a new Restore Point reflecting your clean system state.
  
• Click Start, then click Run.
  Enter into the command box that opens: combofix /u and then click OK.
  If you renamed this file, use the new name in following this instruction rather than "Combofix.exe".
  
  .
  Please double-click OTMoveIt3.exe to run it again.
  1. Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  2. This step removes the files, folders, and shortcuts created by the tools I had you download and run.

• Run ATF Cleaner , and checkmark "Empty Recycle Bin", click "Empty Selected" and exit the program. You can delete or keep this utility as you wish.
  
• As Malwarebytes' Anti-Malware was installed, use Add or Remove Programs and uninstall it. If you find any other files or folders created during this cleanup operation, please feel free to delete them.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  If I asked you to Disable something like TeaTimer or another malware blocker, please go ahead an re-enable them if you wish.
  
• Download and Install Windows Defender by Microsoft (free):
  http://www.microsoft.com/downloads/deta ... F14E605A0D
  .
• Add behavioral anti-malware protection. Download and install either
  
  1. PC Tools' ThreatFire (free)
     http://www.threatfire.com/
     
  2. Comodo BOClean (free):
     comodo.com/boclean/CBO_download.html
• Download, install, and keep updated Spyware Blaster (free):
  http://www.javacoolsoftware.com/spywareblaster.html
  
• Refer to my first set of instructions above, and reconfigure Hidden Files and Folders to your choosing.
  .
• Please read:
  Should You Use a Registry Cleaner in Windows XP?
  viewtopic.php?t=28099
  
• Finally, spend some time reading about how to keep your computer safe on the Internet:
  bleepingcomputer.com/tutoria ... ial82.html

Best wishes.
Bill Castner

---

Source
Crypt.XPACK.Gen infection

---

The computer is infected with a virus that appears to be sending out email spam and is spreading itself via Windows Live Messenger. When I inspected one of the suspect files with my virus scanner (avira), it identified it as "TR/Crypt.XPACK.Gen".
UPDATE
A bit of good news - the latest version of Windows Malicious Software removal tools appears to have detected and removed the virus in question. The virus no longer appears in the list of running processes on startup, it is no longer present in the HijackThis log, and the executable file in System32 "mootouluquy.exe" is gone. There are no longer any popups.

There may still be minor problems. For example, a full scan with the Symantec virus checker only takes about three minutes, which seems to be too short. The virus checker may need to be repaired to restore functionality that the virus damaged.

---

Source
virus tr/crypt.xpack.gen
apagar restaurar sistema
activar ver archivos ocultos
busca y elimina, todo el contenido de esta carpeta:

C:\Documents and Settings\ISABEL\Datos de programa\Microsoft\CryptnetUrlCache\Content
C:\Documents and Settings\JOSE MANUEL\Datos de programa\Microsoft\CryptnetUrlCache\Content
Elimina el contenido de las carpetas Content, No las carpetas en si.
Si no se deja utiliza:
FileASSASSIN
o Killbox
Descarga y Ejecuta el Ccleaner en sus dos opciones,limpiador, para limpiar cookies y temporales de internet.Y registro(no olvides hacer copia de seguridad).
Nuevo analisis con Kaspersky online (ANALIZA MI PC),y nos pegas aqui el reporte que te genere,para analizarlo.
Desactiva las opciones del punto y
No saltes ningun paso
Hacer el scan con kaspersky online
---------------------------------
Normal seria que tu ordenador ya este funcionando normalmente, aunque
hay temporales que aparentemente no elimino, hace una cosa:
Te vas a inicio, ejecutar, escribis %temp% y borras todo lo que encuentres ahi adentro, ya que son los temporales de Internet.
Para optimizar tu pc, vas a descargar:
Advanced WindowsCare v2
Lo vas a ejecutar para optimizar a fondo tu pc, sigiendo lo que te indica su Manual
Bueno eso es para optimizar tu pc.
Tambien te dejo aca unos trucos para que puedas optimizar windows:
*Aumenta el rendimiento de tu sistema Windows
*Trucos para que Windows XP sea mas rápido
Ăĝuşŧïn

Phishing

Source

Phishing, also known as "brand spoofing", is an elaborate
form of data theft, targeting possible clients of ISP companies, banks,
online banking services, government agencies etc.

When submitting your email address on the Internet, filling in
online forms, accessing newsgroups or websites, your data can be stolen
by Internet crawling spiders and then used without your permission to
commit fraud or other crimes.

The Phishing Concept
Phishers develop counterfeit webpages, which imitate the corporate
image of well-known, trusted service providers. Then, using collected
or random generated email addresses, they "throw the bait".

A
message with a credible subject is sent by email or instant messenger,
asking for confidential data, inviting you to access a website ( 'Click Here'
link; URL link; Image link; Text link) or even to fill in a form in the
email itself. It looks like a plausible request and it even comes with
a dire consequence, to get your immediate reaction.

Examples of email subject:
"Update Your PayPal Account"
"Your eBay User Account has been suspended!"

The required information is usually:
$ Credit card number;
$ ATM PIN and TAN number;
$ Bank account information;
$ Social Security Number;
$ Passwords;
$ Email accounts;
$ Other personal information.

Once entered, the user's information is no longer confidential and
it is immediately used by the fraudsters in their own interest. It is
usually very difficult to get the money back, as the phishing sites are
generally online for a few days or even just hours.

Phishing Techniques
The main method is using a trustworthy-looking email, which tries to
lead you to a fake web page. Some phishing emails contain an
application or order form directly in the message body. You should know
that officials will never send you an email containing a form or asking
for personal information.

On the fake website you might notice that the URL is not the correct one. Still, there are ways to fake the URL:

• Social engineering:
  The URL is very similar to the real one and you might just notice this on the first view. For example the real URL http://www.volksbank.com can be faked with http://www.voIksbank.com . If you think they are the same – not true! The lower case ‘l’ letter is replaced with the upper case ‘i’ letter.
• Browser vulnerabilities:
  
  The fake website may contain a script to exploit your browsers. In this
  case, the real URL is displayed, but the content of the web page is the
  one from the fake server. One example is to display a fake picture on
  top of the browsers real address bar. You can not ‘click’ in the bar’s
  input field to mark the URL. Other exploits allow a fake input field
  displayed on top, so it will be even possible to click into the field
  and mark the URL.
• Pop up’s:
  The link in
  the email points to the real website, but another browser window is
  displayed in front. Practically you can browse the real website without
  risk, but don’t get tricked by the second window. Those pop up's
  usually do not have an address bar to help identify a fake website.
• No address bar:
  Some fake sites do not display the address bar at all and unless you specifically look for it, you might not notice this.

There are other techniques, apart from playing with the address
bar, which can be used in addition or stand-alone, to get access to
confidential information.

• Other browser vulnerabilities:
  Some other
  vulnerability in your browser can be used to download and execute any
  malicious software. Such malicious software may be a Trojan that
  records all keystrokes and monitors all Internet traffic, especially
  when you are going to enter and submit data in an online form.
• Pharming:
  Also known as “domain spoofing”,
  it is used to redirect the users to a fake website. Although you type
  the correct URL in your browser, you are redirected to a fake website.
  The correct URL remains in your browser, without change. In order to
  accomplish the redirection process, the name resolution has to be
  modified. This can be done either by changing the TCP/IP protocol
  settings or by an entry in the hosts file.
• Man in the middle:
  
  Probably the most sophisticated method, as nothing has to be changed on
  the local computer. The phisher is located in between and redirects
  your connection to a fake server.

Phishing Camouflage
The phishing website might use other tricks such as:

• Forged tooltip,
• Right-click inaccessible.

Phishers avoid being detected by antispam/ antiphishing programs using:

• Random letters or famous quotes in the subject or in the body of the email;
• Invisible text in HTML emails;
• HTML or Java content instead of plain text;
• Pictures only (no other text in the email body).

Consequences
As the phishers can use so many techniques and can even combine
them, it is rather difficult to tell if an email request comes from
officials or not.

What are the consequences of disclosing confidential information?

$ The phishers can run up charges on your account.
$ They can open new accounts, sign utility or loan contracts in your name.
$ They can use a false ID and commit crimes using your personal information.

Do not bite the bait!

• Do not fill in email forms concerning confidential
  information. Any trustful service provider uses secure websites and
  digital certificates.
• Do not click on links provided by
  email, especially if you were not expecting that email. Contact the
  sender to verify if it was his/her intention to send this email (use
  the contact number the company gave you, not the one in the email).
• Do
  not reply. Delete the message and check with the real company (use the
  contact number the company gave you, not the one in the email).
• Do not click to follow the link provided in such a message. Type the address in the browser yourself.

Safety Rules
Repairing the damage caused by phishing may be frustrating and
time-consuming. Apart from the loss of productivity and use of network
resources, data theft requires considerable efforts on your part: you
will have to rescue your identity, property and rights and to clear
your name.

It is much easier to follow some basic safety rules:

• Update your operating system with the latest patches as soon as they appear.
• Alternate Internet Explorer with other browsers.
• Use antivirus and firewall solutions and keep them permanently up-to-date.
• Always type the URL yourself instead of following a link.
• Make sure you are using a secure website (HTTPS) and check the digital certificates.
• Regularly check your accounts and statements and immediately report any abuse.
• Report suspicious emails to security companies and authorities from your area.

You can send suspicious messages to Avira’s report addresses:

spam@avira.com
virua@avira.com

TR/Crypt.XPACK.Gen & Felix Mendelssohn B.

Do you like classical music styles)? What about Mendelssohn Bartholdy?
Looking for info about him I followed the link from google.com and
... encontrará la imagen en su contexto original en la página: cukedismissivev.blogspot.com/2008/09/felix-me...
Hmm... The blog from Davis: Agiotage
Whow! A lot of images of my predilected composer.
But Pay attention to the 4th of the links or the second of the pair of similar links
Or perhaps you would click at any of the images (from yabayaba.net?) as:
www.yabayaba.net/media/celebrity/db127/tk_felix+mendelssohn+bartholdy+sommernachtstraum/9277
and... surprise!:
PornTube.com version 2.0? Huh?
The URL is
http://fav-tube-xxx.net/xvideo.php?etcetera...
The Home, Video Channels and Community tabs and other sign Up, QuickList, Help, Log In, Site links are linked only to
http://fav-tube-xxx.net/xfreeporn.php?id=21167# (the same page)
with an forbidden access at the top level domain or root address (fav-tube-xxx.net) on an apache server named at tube-viewer.com that is a fake domain.
Simplified: When you select a movie from this list you see as a webpage a jpg image embedded with javascript code
Clicking at some selected pornmovie your browser redirects to a page
where you see the typical video viewer you always use in youtube.com,
but it doesn't show the same behavior (If you know what noscript is,
you know what I'm refering here)
As example the 6th video from sonny:
http://fav-tube-xxx.net/xvideo.php?Author=Sonny&Length=16:36&Rating=5&Views=6&thumbn=/dtr/thumbs/tttt18.jpg
Be careful!
You see a typical "html formatted page" (is only a image!) with comments of the porn lovers, changing mouse pointers, etc., but the only thing that happens is that you are confronted to download a litevideocodec.4.exe from an attack site (http://trusted-software-4pc.net)
This executable is the trojan pest TR/Crypt.XPACK.Gen
Look for the advisory provided by Google about this tricky site redirections and fakes.
Porn is not healthy, definitely is better that you make love!

nginx

Fuente

"Engine X" es un servidor HTTP y proxy inverso de alto rendimiento, y un servidor proxy para IMAP/POP3/SMTP. Nginx fue desarrollado por Igor Sysoev para Rambler.ru, el segundo sitio web más visitado de Rusia, donde ha estado funcionando en producción más de dos años y medio. Igor ha lanzado el código fuente bajo una licencia estilo BSD. Aunque aún se encuentra en una etapa beta, Nginx es conocido por su estabilidad, gran conjunto de características, configuración simple, y bajo consumo de recursos.

rogue search engine: Gogle

Gogle   written with one o and without (dot) com
it uses nginx ("engine x")

exempli gratia:
http://218.59.175.89/feed/search.php?q=amor
Results 1 - 1 of about 87,000 for amor 
1 of 1?
==============================
http://218.59.175.89/feed/search.php?q=usa
Results 1 - 0 of about 102,000 for usa

http://www.google.com/search?q=usa
Resultados 1 - 10 de aproximadamente 1,130,000,000 de usa. (0.13 segundos)

Storm botnet brought in daily profits of up to $9,500

Source

The investigation of spam and the malware payloads that accompany it is
a major focus of companies and organizations, from the federal
government down to the small-business part-time IT director. Most of
this work, however, is devoted to detecting and filtering spam
(infected or otherwise), as well as to predicting what delivery vectors
the industry might favor in the future. Actual data on the spam
industry's economic model is much harder to come by—at least it used to
be. Earlier this year, a group of researchers led by University of
California-San Diego computer scientist Stefan Savage conducted
research on the market fundamentals of the spam industry, from within
the industry itself.

In order to conduct their research, Savage's team took partial control
of part of the Storm Worm's massive botnet. A certain subset of the
botnet's traffic was then rerouted, and delivered interested potential
buyers to a web site under white hat control. Savage's websites
mimicked those set up by the creators of Storm, but were specifically
designed to return error messages if a visitor attempted to transmit
any sensitive information or conduct a transaction. The team discovered
three separate campaigns through the duration of their tests and
analyzed some 469 million e-mails. Full details on the investigation,
including a discussion of how the researchers infiltrated Storm and a
very specific breakdown of what they found, is available here (PDF).

A visual representation of Storm's structure. Savage's group infiltrated

the C&C channel between proxy servers and workers

Savage and his team ultimately controlled 75,869 worker bots, with a
maximum of 539 bots connected to the group's proxy servers at any one
time. 78 percent of the bots only contacted the team's proxy servers
once. 14 percent on the bots connected twice, and seven percent of the
bots connected three to five times. Only one percent of the infected
machines communicated five times, which underlines just how quickly
individual systems are cleansed and taken off the network. One notable
exception was an academic network in North Carolina that connected 269
times, and turned out to be an access hub for 19 individuals, which
still works out to a bit over 14 connections per person.

If you've ever despaired of teaching your friends/family/coworkers not
to open or respond to spam, the researchers' findings might make your
day. After sending some 350 million e-mail messages over 26 days,
Savage and his team had "sold" just 28 "male enhancement" products for
just under $100 each. This works out to a conversion rate that's
described as "well under" 0.00001 percent. Total revenue for the period
would have been $2,731.88, a bit over $100 a day. That's chump change
by corporate standards, and it's why the spam industry relies on truly
massive campaigns the way it does. By the scientists' estimates, they
controlled just 1.5 percent of the total Storm network. Extrapolate
their earnings against Storm's actual size, and the botnet may have
been raking in as much as $7,000 a day ($9,500 if we only count the
days Storm was actively conducting a campaign). For the curious, that
works out to some $3.5 million in revenue per year.

The researchers admit their work constitutes just one data point in
what they hope will be an ongoing investigation, but believe the
information they gathered is generally representative of botnet profit
margins. If it is, it suggests that spammers may be extremely sensitive
to costs—more so than was previously believed. Even a small increase in
the cost of sending an e-mail, they postulate, could have significant
ramifications for the botnet industry, and might slow the rate at which
it grows or put some spam operations out of business altogether.

informe de la investigación
Una red de bots daba una ganancia diaria de hasta 9.500 US$



Una botnet realiza su trabajo
en dos etapas. Apelando a una enorme base de correos, envía gusanos que
convierten a la máquina que los abre en un disimulado servidor smtp
bajo las órdenes de la red Storm Worm.
Estos zombies (ordenadores cuyo uso pasa desapercibido por los dueños que sólo notan que su
PC "anda lento") ofician de nodos de envío de spam ofreciendo productos: mejoradores de la virilidad, quemadores de grasa,
analgésicos de nueva generación. El ciclo se completa cuando algunos pocos
incautos compran esos productos.

El equipo de Savage logró hackear un proxy intermedio, de tal manera
que los correos que se enviaban producto de las tres "campañas" que
monitorearon eran adulterados y dirigían a los potenciales clientes a
un sitio propio en donde al intentar comprar los productos el cliente
llegaba a una página de error sin poder ingresar información
confidencial. Por supuesto que no se producía la compra pero el estudio marcaba
aquello como una venta exitosa.



La conclusión del estudio es reveladora. La tasa de eficiencia del
spam, si acaso se mantuviera la proporción, es de menos del 0.00001%,
lo cual es un pésimo resultado para cualquier empresa, excepto cuando los medios son PCs contaminados que funcionan gratis.

El equipo de Savage envió 350 millones de correos en 26 días y vendió
el equivalente a USD 2.800. Si pensamos que sólo controlaron el 1.5% de
la capacidad de la Storm Worm, podemos pensar que en un mes se envían
casi 27.000 millones de correos para obtener unos USD 215.000.

Gitso

Source
Usage
First, the person giving support needs to:

1. Launch Gitso.
2. Click on "Give Support"
3. Click "Connect"

Second, the person who needs help, needs to:

1. Launch Gitso.
2. Click on "Get Help"
3. Type in the "IP Address" provided by the supporter
4. Click "Connect"

Now the person who needs help sits back and watches as someone else moves their mouse and operates their pc from afar.

Note: The person who is giving support needs to have port 5500 open to their machine which requires a port forward on a NATed network.

How it Works

Using Python and wxWidgets, Gitso utilizes other applications for the actual VNC work:

• Getting support relies on x11vnc -connect (varies per platform).
• Giving support relies on vncviewer -listen (varies per platform).

Reviews

• podcast.ubuntu-uk.org (~ min 28 - 35)
• tinyapps.org
• linuxerie.midiblogs.com
• www.luthi.eu

VNC reverse connections

Source
Step 1: Setup your side

You are running Windows	You are running Mac OS X
1. If you have a router, make sure to forward port 5500 to your computer. If you're not sure how to do this, check here.
2. Download tightvnc-1.2.9_x86_viewer.zip	2. Download Mark Lentczner's version of Chicken of the VNC
3. Unzip vncviewer.exe to your Desktop	3. Unzip Chicken of the VNC to your Desktop
4. Open a command prompt and cd to your Desktop path	4. Double click Chicken of the VNC
5. Type: vncviewer -listen and press Enter. screenshot	5. Click Connection > Open Listener... > Start. screenshot
6. You are now ready to accept connections from your customer.

Step 2: Setup customer side

Customer is running Windows	Customer is running Mac OS X
1. Download tightvnc-1.2.9_x86.zip	1. Download Mark Lentczner's version of OSXvnc
2. Extract WinVNC.exe and VNCHooks.dll from tightvnc-1.2.9_x86.zip	2. Unzip OSXvnc to your Desktop
3. Send WinVNC.exe and VNCHooks.dll to customer (optionally, combine the two into a single executable with PEBundle and/or compress with UPX)	3. Send OSXvnc to customer
4. Have customer double click WinVNC.exe, type anything into the "Password:" box, and press OK. screenshot	4. Have customer double click OSXvnc
5. Have customer right click on WinVNC icon in system tray, choose "Add New Client", and type in your IP address. screenshot 1 | 2	5. Have customer click "Connect to Client", enter your IP address in the "Host" box, and click "Start Server". screenshot
6. You will now be able to control customer's computer from your own. When finished, right click VNC tray icon on customer's Desktop and choose "Close". Customer may delete the VNC file(s) you sent. screenshot	6. You will now be able to control customer's computer from your own. When finished, click "Stop Server" on customer's machine. Customer may delete OSXvnc if desired. screenshot

Alternatives & Updates:

0. Gitso is my current favorite - open source, cross-platform (Linux, Mac, and Windows), and just one click! Blog post
1. The easiest alternative for Windows users: Zolved Free Remote Control. Requires no port forwarding on either side. Highly recommended.
2. UltraVNC SC (Single Click) is an excellent alternative for Windows users.
3. Yannis Tsopokis has put together VCE_Remote, an open source wrapper to make things even easier for the customer.
4. EchoVNC works through firewalls and routers via a packet relay server.

Applications of RealVNC

Source

VNC has a wide range of applications including system
administration, IT support and helpdesks. It can also be used to support
the mobile user, both for hot desking within the enterprise and also to
provide remote access at home, or on the road. The system allows several
connections to the same desktop, providing an invaluable tool for
collaborative or shared working in the workplace or classroom. Computer
support within the geographically spread family is an ever popular use.

For the individual user, one common scenario is using VNC to help
troubleshoot the computer of a distant less-technically-savvy relative.
In other words, sitting at your desk in Baltimore, you could use VNC to
take control of your relative's PC in California and show them how to
install and use some new software package by actually doing it yourself.

A very common business application of VNC is in remote system
administration, where it is used to allow administrators to take control
of employee machines to diagnose and fix problems, or to access and
administer server machines without making a trip to the console. VNC can
also be used to provide a flexible hot-desking and road-warrior
environment by allowing employees to access their office desktop and
server machines from any machine in the company's offices or from other
remote sites, regardless of the type of computers involved at either
end.

VNC is widely used in educational contexts, for example to allow
a distributed group of students simultaneously to view a computer screen
being manipulated by an instructor, or to allow the instructor to take
control of the students' computers to provide assistance.

Of course, as these examples illustrate, the variety of uses of
VNC is really as diverse as the many millions of VNC users.

You can download a copy of VNC here.

Antivirus SW: Empresas de hace una década

2a Conferencia Alemana sobre Virus, Munich

Criptografía: ciencia de la seguridad

Fuente

Criptografía es la ciencia de la seguridad de la información aunque muchas veces ha sido descrita como el arte o la ciencia de la escritura secreta. Por medio de ella se puede almacenar o transmitir información en una forma tal que permite ser revelada únicamente a aquellos que deben verla. La palabra viene del griego kryptos, que significa “oculto”.
La criptografía está relacionada con el criptoanálisis, que es la práctica de violar los intentos de esconder información y es parte de la criptología, donde se incluye la criptografía y el criptoanálisis.

El origen de la criptografía data de el año 2000 AC., con los egipcios y sus jeroglíficos. Los jeroglíficos estaban compuestos de pictogramas complejos, donde sólo el significado completo podría ser interpretado por algunos. El primer indicio de criptografía moderna fue usado por Julio César (100 AC. a 44 AC.), quien no confiaba en sus mensajeros cuando se comunicaba con los gobernadores y oficiales. Por esta razón, creó un sistema en donde los caracteres eran reemplazados por el tercer carácter siguiente del alfabeto romano.1 No solo los romanos, sino los árabes y los vikingos hicieron uso de sistemas de cifrado.

Gabriel de Lavinde hizo de la criptografía una ciencia más formal cuando publicó su primer manual sobre Criptología en 1379.
Samuel Morse. El Código Morse, desarrollado en 1832, aunque no es propiamente un código como los otros, es una forma de cifrar las letras del alfabeto dentro de sonidos largos y cortos.

En tiempo modernos, la criptografía se ha convertido en una compleja batalla entre los mejores matemáticos del mundo y de los ingenieros en sistemas computacionales. La habilidad de poder almacenar de manera segura y de transferir la información ha dado un factor de éxito en la guerra y en los negocios.

Dado a que los gobiernos no desean que ciertas entidades entren y salgan de sus países para tener acceso a recibir o enviar información que puede comprometer y ser de interés nacional, la criptografía ha sido restringida en muchos países, desde la limitación en el uso, la exportación o la distribución de software de conceptos matemáticos que pueden ser usados para desarrollar sistemas criptográficos.

De cualquier manera, el Internet ha permitido que todas estas herramientas sean distribuidas, así como las tecnologías y técnicas de criptografía, de tal manera, que al día de hoy, la mayoría de los
sistemas criptográficos avanzados están en dominio público.

La criptografía incluye técnicas como esconder textos y en imágenes y otras formas de esconder información almacenada o en tránsito.

Simplificando el concepto, hoy en día la criptografía se asocia más a convertir texto sencillo a texto cifrado y viceversa. La Criptografía se ocupa de dar solución a los problemas de identificación, autenticación y privacidad de la información en los sistemas informáticos. Debido a la naturaleza de un medio no físico, no resultan útiles los métodos tradicionales de sellar o firmar documentos, con propósitos comerciales o legales.

En lugar de esto, dentro de la información digital que se desea proteger, debe colocarse algún tipo de marca codificada que sirva para identificar el origen, autenticar el contenido y asegurar la privacidad ante posibles intrusos. La protección de la privacidad utilizando un algoritmo simétrico, como por ejemplo el contenido en el estándar DES (Data Encryption Standard), es sencillo en redes pequeñas pero requiere el intercambio de la clave secreta de encriptación entre cada una de las partes. En la medida en que han proliferado las redes, el intercambio seguro de las claves secretas se ha vuelto costoso e inadecuado. Por tanto, el empleo aislado de esta solución, es inadecuado para grandes redes de comunicación. El estándar DES sufre una desventaja adicional: requiere que se comparta el conocimiento de la Clave Privada. Cada persona debe confiar en la otra respecto de la
custodia de la clave secreta común y, además, no transmitírsela a nadie más. Teniendo en cuenta que el usuario debe tener diferentes claves para cada una de las personas con las que se quiere comunicar, debe compartir con cada una de ellas una de sus claves secretas. Esto significa que desde el punto de vista de la implantación práctica, solamente se puede establecer una comunicación segura entre personas que tengan alguna relación.

Por tanto, los aspectos fundamentales que DES no cubre son la autenticación y el no repudio. El hecho de que la clave secreta sea compartida implica que cada una de las partes no puede estar absolutamente segura de lo que la otra ha hecho con la misma. Incluso, una de las partes puede, maliciosamente, modificar los datos sin que un tercero pueda determinar la verdadera identidad del remitente ni quién es el culpable de la alteración. La misma clave que hace posible comunicaciones seguras puede ser empleada para crear documentos falsificados en nombre del otro usuario.

Algoritmos

Un Algoritmo en general es la serie de reglas que no pueden ser ambiguas y deben tener una meta clara. Los algoritmos pueden ser expresados en cualquier lenguaje, desde el inglés al francés, hasta
lenguajes de programación de computadoras.

Los algoritmos criptográficos son la base para construir aplicaciones y protocolos de encripción.

Existen dos tipos generales de algoritmos basados en claves que son: Simétricos y Asimétrico.

Algoritmo de encripción simétrico

Cuando la clave que va a encriptar el mensaje puede ser calculada desde la clave para desencriptar y viceversa se le conoce como algoritmo simétrico. En muchos de los algoritmos asimétricos la clave para encriptar y desencriptar es la misma. Estos algoritmos requieren que el emisor y el receptor tengan la misma clave antes de comunicarse.

La seguridad de un algoritmo simétrico realmente recae en la clave. El divulgar la clave significa que cualquiera puede encriptar o desencriptar la información. La clave tiene que mantenerse en secreto tanto tiempo como la comunicación se quiera mantener en secreto.

Algoritmo de encripción asimétrico

Los algoritmos asimétricos o también llamados de clave pública son diseñados de tal manera que una clave se usa para encriptar y una diferente para desencriptar. Esto ocasiona que teniendo la clave para desencriptar, no se puede calcular la clave de encripción. Estos algoritmos son llamados de “clave pública” porque la clave para encriptar el mensaje, pero sólo una persona puede desencriptar el mensaje. En estos sistemas, la clave de encripción es llamada clave pública y la clave para desencriptar se llama clave privada.

Métodos de encripción

En las siguientes páginas se hablará de los algoritmos criptográficos más importantes usados hoy en día para la seguridad.
Cada uno de los algoritmos es identificado por un nombre, un propósito, un rango de clave y por la fecha de creación.

Todos los algoritmos tienen uno o más propósitos:

A) Encripción
Se usan simplemente para encriptar comunicación. Tanto el emisor como el receptor encriptan y decriptan el mensaje usando el mismo algoritmo.

B) Firmas Digitales
Existen muchos algoritmos de firma electrónica. Todos ellos son algoritmos de clave pública con información secreta para firmar documentos e información pública para verificar las firmas. Muchas veces al proceso de firmado se le llama encriptar con una clave privada y la verificación se le llama desencriptar con una clave pública, pero esto es sólo verdadero para el algoritmo usado por RSA.

C) Hashing y Digest
Un algoritmo de hashing es una función matemática que toma una cadena de longitud variable y la convierte a una cadena de longitud fija. Es una manera de obtener una huella digital de los datos. Si se necesita verificar un archivo que pertenece a cierta persona se manda un valor de hashing para comprobarlo. Esto es muy usado en transacciones financieras. El algoritmo de hashing genera un valor para el mensaje.

El Digest es la representación del texto en forma de una cadena de dígitos, creado con una formula de hashing de una sola dirección. El encriptar un digest de un mensaje con una clave privada, genera una firma digital.

* Alfredo Reyes Krafft es Doctor en Derecho por la Universidad

Panamericana. Actualmente es Director jurídico de e-business en BBVA Bancomer y Vicepresidente Ejecutivo de la Asociación Mexicana de Internet (AMIPCI)

1) Conocido en nuestros días como el Cifrado de Julio César, basado en la simple sustitución.

Algoritmos de encripción

Fuente
Por Alfredo Reyes Krafft*
RSA
Propósito: Encripción y Firma Digital

Rango de clave: 1024 bits para uso corporativo y 2048 para claves valuables
Fecha de Creación: 1977
RSA es un sistema de encripción y autenticación que usa un algoritmo desarrollado en 1977 por Ron Rivest, Adi Shamir y Leonard Adleman. El algoritmo RSA es el más usado en Internet dado a que es parte de los navegadores como Netscape e Internet Explorer, así como de muchos otros productos. Los problemas de autenticación y protección de la información en grandes redes de comunicación fueron analizados en 1976, en el plano teórico, por Whitfield Diffie y Martin Hellman, en un trabajo en el que explicaron sus conceptos respecto del intercambio de mensajes sin necesidad de intercambiarse claves secretas. La idea fructificó en 1977 con la creación del Sistema Criptográfico de Clave Pública RSA, por parte de Ronald Rivest, Adi Shamir y Len Adleman, por aquel entonces profesores del Instituto de Tecnología de Massachusetts (M.I.T.). En lugar de emplear una sola clave para encriptar y desencriptar datos, el sistema RSA emplea un par combinado de claves que desarrolla una transformación en un solo sentido. Cada clave es la función inversa de la otra, es decir, lo que una hace, sólo la otra puede deshacerlo.
La Clave Pública en el sistema RSA es publicada por su propietario, en tanto que la Clave Privada es mantenida en secreto. Para enviar un mensaje privado, el emisor lo encripta con la Clave Pública del receptor deseado. Una vez que ha sido encriptado, el mensaje sólo puede ser descifrado con la Clave Privada del receptor. Inversamente, el usuario puede encriptar datos utilizando su Clave Privada. Es decir, las claves del sistema RSA pueden ser empleadas en cualquier dirección. Esto sienta las bases para la firma digital.
Si un usuario puede desencriptar un mensaje con la Clave Pública de otro usuario, éste debe, necesariamente, haber utilizado su Clave Privada para encriptarlo originariamente. Desde el momento que solamente el propietario puede utilizar su propia Clave Privada, el mensaje encriptado se transforma en una especie de firma digital, un documento que nadie más ha podido crear. Bajo RSA se desarrolló el algoritmo estándar de firmas digitales para correos S/MIME Funcionamiento del RSA Los números enteros (el 0,1, 2… y sus opuestos -1.-2, etc.) tienen una estructura algebraica determinada con las operaciones que todos conocemos, el producto y la suma. Esta estructura es la de anillo conmutativo y una de sus caracten’sticas es la existencia de un elemento neutro respecto al producto, que es la unidad. En este anillo existen dos divisores de la unidad (el número 1), el 1 y el -1. Dados dos números enteros, p y q, es posible encontrar otros dos, c y r tales que p = q.c + r. A c se le suele llamar cociente y a r resto. Particularmente, existe un r tal que r< |q|.
Cuando r es cero, entonces decimos que q es un factor de p. Fijado un entero q, existen |q| restos posibles: 0, 1, 2,....,|q-1| y es definible una relación de equivalencia: Dos enteros m y n son equivalentes si y sólo si m-n es un múltiplo de q. Esto es lo mismo que decir que tanto m como n tienen el mismo resto, o que m es congruente con n módulo q, y lo simbolizaremos por m = n (mod q). El conjunto de las clases de equivalencia forma a su vez un anillo y tendremos tantas como restos posibles. Decimos que d es el máximo común divisor de dos números p y q cuando es el factor más grande de p y q: d = m.c.d (p,q).
Dos números p y q son primos entre sí, cuando m.c.d (p,q) = 1. Un número p es primo cuando siempre que exista un factor q tal que p =q.k entonces k es un divisor de la unidad (dicho en pocas palabras, sólo se puede dividir por él mismo). Cualquier número q es un producto de primos y este producto es único (salvo divisores de la unidad).
DSA
Propósito: Firmas Digitales
Rango de clave: 56 bits
Fecha de creación: 1994
El Digital Signatura Algorithm (DSA) fue publicado por el Instituto Nacional de Tecnología y Estándares (NIST) en el estándar llamado Digital Signatura Standard (DSS) que es parte de gobierno de los Estados Unidos. DSS fue seleccionado por el NIST con ayuda del NSA (National Security Agency) para ser el estándar de autenticación digital del gobierno de los Estados Unidos a partir de Mayo 19 de 1994. DSA está basado en el problema de logaritmos discretos y se deriva de sistemas criptográficos propuestos por Schnorr y EIGamal. Es únicamente para autenticación.
Diffie-Hellman (DH)
Propósito: Firmas Digitales
Rango de clave: 1536 bits
Fecha de Creación: 1976 Este fue el primer algoritmo de clave pública inventado. Tiene su seguridad en la dificultad de calcular logaritmos discretos infinitamente. DH se usa principalmente para distribución de claves. Es usado para generar claves secretas, mas no se usa para encriptar ni decriptar.
DES
Propósito: Encripción
Rango de clave: 56 bits
Fecha de Creación: 1976
El Data Encryption Standard (DES) conocido también como el Algoritmo de Encripción de Datos (DEA) ha sido un estándar por cerca de 20 años. Aunque muestra signos de que tiene mucho tiempo, se ha desempeñado muy bien a través de años de criptoanalisis y es aún seguro contra los adversarios. DES es un bloque cifrado, encriptando los datos en bloques de 64 bits. DES es un algoritmo simétrico, el mismo algoritmo se usa para encriptar y desencriptar. La clave tiene un tamaño de 56 bits, la clave usa un número de 56 bits y puede ser cambiado a cualquier hora. La seguridad recae directamente en la clave. Otros algoritmos de Encripción:
- 3DES y ya se está implementando el AES (Advanced Encryption Standard).
- RC2
- RC4
- RC5
- ECC (Criptografía de Curva Elíptica) MD5
Propósito: Hashing (Digestión de documentos digitales)
Rango de clave: 128 bits
Fecha de Creación: 1992 MD5 es una función de hashing de una sola dirección, produciendo un resultada de 128 bits. Después de un proceso inicial, MD5 procesa e! texto insertado en bloques de 512 bits, divididos en 16 bloques de 32 bits. El resultado de el algoritmo son 4 bloques de 32 bits, que juntos forman un bloque de 128 bits.
Otros algoritmos de hashing: -
SHA-1
Estándares abiertos: No hay que olvidar que utilizar estándares abiertos para la generación y utilizado de firmas digitales permite (1): Interoperabilidad entre diferentes plataformas en redes heterogéneas
Sectores Comercial, Financiero, Gobierno, TIC.
Interoperabilidad con empresas e instituciones internacionales
TLCAN, todos estamos conectados, reconocer comprobantes multinacionales.
Ambientes competitivos que benefician a los clientes.
Precios, servicios, calidad.
Implementación de soluciones probadas y seguras.
Outsourcing. No hay que inventar nada. Enfoque a procesos y servicios propios.
Evita tecnologías patentadas.
Riesgos de obsolescencia y especialización.
Implantación libremente disponible (open source) así como implantad o ríe comerciales.
Extensible — se puede usar en el futuro, cuando surgen aplicaciones nuevas. Las pautas que apoyan a los estándares abiertos (2): WebTrust para Autoridades de Certificación: Tiene la cobertura de áreas específicamente definidas por el AICPA/CHCA, para auditar las prácticas de negocio de AC, integridad de servicio (incluso ciclo de vida de llaves y actividades de administración de certificados} y controles ambientales de AC. Fue diseñado expresamente para los exámenes de actividades de negocios de AC. Federal Bridge CA (FBCA): El FBCA es el elemento que une las Autoridades de Certificación de agencias que por otra parte no se podrían conectar en un PKI sistemáticamente federal. El FBCA funciona como un ‘puente’ no jerárquico que crea un camino de su dominio hasta el dominio de la agencia que publicó el certificado, de modo que los niveles de aseguramiento honrado por PKIs puedan ser reconciliados. American National Standards Institute (ANSÍ): el ANSI X9F5 Política de Certificado y Firma Digital desarrolla el X9.79 PKI Prácticas y Marco de Política (X9.79) estándar para la comunidad de servicios financieros. American Bar Association’s Information Security Committee (ABA-ISC): Han desarrollado las Pautas de Evaluación PKI (PAG) que se dirigen a las exigencias legales y técnicas para Autoridades de Certificación. EU (European Commission) Electronic Signatura Directive: La directiva proporciona un marco común para firmas electrónicas. Armonización de los aspectos: legal, confianza, y técnico. Propone un marco para los estándares abiertos en proporcionar la base para la realización, revisión de cuentas y acreditación. European Telecommunications Standards Insütute (ETSI): El objetivo principal del ETSI es apoyar la armonización global proporcionando un foro en el cual todos los jugadores clave, puedan contribuirse activamente. El ETSI es oficialmente reconocido por la Comisión Europea y la secretaría de EFTA. Internet Engineenng Task Forcé (IETF): El IETF es una comunidad internacional abierta de diseñadores de red, operadores, vendedores e investigadores preocupados por la evolución de la arquitectura y la operación del Internet. Escribieron un documento (RFC2459) cuyo objetivo es desarrollar un perfil para facilitar el uso de certificados X.509 dentro de las aplicaciones de Internet y PKI. Microsoft Program: Microsoft inició un programa de PKI usando los principios y criterios de WebTrust para Autoridades de Certifición para auditar y revisar las autoridades de certificación de raíz en el Windows XP. Identrus: Identrus es una red global de instituciones financieras que proporciona un marco legal, empresarial al tradicional PKI y técnico a los estándares que permiten a los bancos servir a sus dientes de negocio. Estas actúan como terceras partes de confianza para el comercio electrónico en el que intervienen algunas instituciones financieras.
Alfredo Reyes Krafft es Doctor en Derecho por la
Universidad Panamericana. Actualmente es Director jurídico de
e-business en BBVA Bancomer y Vicepresidente Ejecutivo de la Asociación
Mexicana de Internet (AMIPCI)

1 Antonio Pecoar Musolino, Auditoria de PKI y Estandares Abiertos, CISA, CISM, CRP, Deloitte and Touche, México, 2003

2 Ibidem

Aufbau von Computer Viren

Quelle May 08
BS Sicherheit - Teresa Barbas

Nachdem hier bereits sehr viele spezifische
Einträge zu Antiviren Programmen vorhanden sind, werde ich kurz auf den
allgemeinen Aufbau eines Computer – Virus eingehen.

Computerviren
haben sehr viele unterschiedliche Formen, daher ist die folgende Erklärung keineswegs ein Standard für alle Viren. Manche Viren können mehr Funktionen haben, andere wiederum weniger.

Da ein Computervirus immer ein Programm zu seiner Ausführung (Wirtsprogramm) benötigt, werden nur ausführbare oder interpretierbare Dateien infiziert.

Entschlüsselungsroutine:
Dieser Teil sorgt bei verschlüsselten Viren dafür, dass die verschlüsselten Daten wieder zur Ausführung gebracht werden können.
Nicht alle Viren besitzen diesen Teil, da nicht alle verschlüsselt sind.

Reproduktionsteil: Mit diesem Programmteil wird die Vermehrung des Virus durchgeführt. Es ist der einzige Teil, den jedes Virus hat.

Erkennungsteil:
Im Erkennungsteil wird geprüft, ob die Infektion eines Programms oder Systembereichs bereits erfolgt ist. Jedes Wirts-Programm wird nur einmal infiziert. Hiermit wird auch die Entdeckung des Virus verzögert, da durch mehrfache Anlagerung des Virus-Codes die Dateien sonst so groß
werden, dass sie entweder nicht mehr ausführbar oder aber dem Benutzer die Größenveränderung schneller auffällt.

Schadensteil:
In einigen Viren ist absichtlich eine Schadensfunktion programmiert,
wobei im Verhältnis zur Zahl der Computerviren nur sehr wenige einen Schadensteil (Payload) haben.

Bedingungsteil(Triggerroutine): Der Bedingungsteil ist dafür verantwortlich, dass der Schadensteil ausgeführt wird. Bei einigen Viren tritt zum Beispiel der Schaden an einem bestimmten Datum oder bei einer bestimmten Anzahl von Aufrufen ein. Dieser Teil kann ebenfalls fehlen.

Tarnungsteil:
Der Tarnungsteil kann das Virus beispielsweise verschlüsseln, um die Entdeckung im infizierten System zu erschweren. Dieser Teil ist meist nur in wenigen, komplexen, neueren Viren vorhanden. Es gibt aber nur eine sehr geringe Anzahl von Viren, die nicht vollständig erkannt werden können (z. B.: Win32.ZMist, ACG, Win32.MetaPHOR oder OneHalf).

Bei
einer Infektion klinkt sich ein Virus in den Code eines Wirtsprogramms ein und platziert an dessen Beginn einen Sprungbefehl. Dieser ruft beim Start der verseuchten Datei den angehängten Virus auf. Der kann nun seine Instruktionen ausführen und übergibt am Schluss die Kontrolle wieder an das ursprüngliche Programm, das ganz normal weiterarbeitet.
Daher bemerkt der Anwender im Allgemeinen nichts von diesem Vorgang.

Simcult

Source
"Simcult" was a term coined by Mark C. Taylor and Esa Saarinen in Imagoligies. It is a compilation of the words "simulated" and "culture"; it literally means a simulated culture. Similar to virtual reality, simcult implies and portrays the impact of technology on culture.

mercadolibre.com.mx

Source
Mercadolibre.com.mx ha sido reportado como peligroso por contener spyware, virus o anunciadores digitales y repartir correo no deseado.
Lugar de los servidores:
SAVVIS Communications Corporation
Buenos Aires, AR

This website has been reported as containing spyware, viruses or adware.
alambre.info is downloading code segments from mercadolibre.com.mx website.

This Website May Contain:

Phishing & scams website

Porno graphy

Spam

Adware, spyware,  viruses

Warez &  Illegal  content

Adver- tising networks

Pop up  flood

Netcraft Toolbar

With the Netcraft Toolbar you can protect your savings from Phishing attacks.

• See the hosting location of every site you visit.
• Help defend the Internet community from fraudsters.

Getting Started
To learn more about using the Netcraft Toolbar visit the Tutorial.
If you have any further questions about the toolbar please see the FAQ

FOSS Remote Desktop SW

Source

P r o g r a m	P r o t o c o l	L i c e n s e	Client	Server	Java Viewer	Built-in Encryption	File Transfer	Audio Support	Multiple Sessions
C h i c k e n V N C	R F B (V N C)	G P L		X	X	X	X	X	X
C r o s s l o o p	R F B (V N C)	G P L			X	AES -128		X	X
E c h o V N C	R F B (V N C)	G P L						X
F o g C r e e k C o p i l o t	R F B (V N C)	G P L			X	SSL		X	X
F r e e N X	N X, R D P, R F B (V N C)	G P L	X		X	AES
j r d e s k t o p	P r o p r i e t a r y	G P L				SSL, TLS		X
r d e s k t o p	R D P	G P L		X
R e a l