Speed up FireFox Mozilla


1.Type "about:config" into the address bar and hit return. Scroll down and look for the following entries:
network.http.pipelining network.http.proxy.pipelining network.http.pipelining.maxrequests
Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page loading.
2. Alter the entries as follows:
Set "network.http.pipelining" to "true"
Set "network.http.proxy.pipelining" to "true"
Set "network.http.pipelining.maxrequests" to some number like 30. This means it will make 30 requests at once.
3. Lastly right-click anywhere and select New-> Integer. Name it "nglayout.initialpaint.delay" and set its value to "0". This value is the amount of time the browser waits before it acts on information it recieves.
If you're using a broadband connection you'll load pages MUCH faster now!

Continue reading →

Other Approaches

In this particular engagement, we obtained enough access that we did not feel the need to do much more, but other steps could have been taken. We'll touch on the ones that we can think of now, though we are quite certain that this is not comprehensive.

We are also aware that not all approaches work with all databases, and we can touch on some of them here.

Use xp_cmdshell

Microsoft's SQL Server supports a stored procedure xp_cmdshell that permits what amounts to arbitrary command execution, and if this is permitted to the web user, complete compromise of the webserver is inevitable.

What we had done so far was limited to the web application and the underlying database, but if we can run commands, the webserver itself cannot help but be compromised. Access to xp_cmdshell is usually limited to administrative accounts, but it's possible to grant it to lesser users.

Map out more database structure

Though this particular application provided such a rich post-login environment that it didn't really seem necessary to dig further, in other more limited environments this may not have been sufficient.

Being able to systematically map out the available schema, including tables and their field structure, can't help but provide more avenues for compromise of the application.

One could probably gather more hints about the structure from other aspects of the website (e.g., is there a "leave a comment" page? Are there "support forums"?). Clearly, this is highly dependent on the application and it relies very much on making good guesses.

Mitigations

We believe that web application developers often simply do not think about "surprise inputs", but security people do (including the bad guys), so there are three broad approaches that can be applied here.

Sanitize the input

It's absolutely vital to sanitize user inputs to insure that they do not contain dangerous codes, whether to the SQL server or to HTML itself. One's first idea is to strip out "bad stuff", such as quotes or semicolons or escapes, but this is a misguided attempt. Though it's easy to point out some dangerous characters, it's harder to point to all of them.

The language of the web is full of special characters and strange markup (including alternate ways of representing the same characters), and efforts to authoritatively identify all "bad stuff" are unlikely to be successful.

Instead, rather than "remove known bad data", it's better to "remove everything but known good data": this distinction is crucial. Since - in our example - an email address can contain only these characters:

abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
0123456789
@.-_+

There is really no benefit in allowing characters that could not be valid, and rejecting them early - presumably with an error message - not only helps forestall SQL Injection, but also catches mere typos early rather than stores them into the database.

Sidebar on email addresses

---

It's important to note here that email addresses in particular are troublesome to validate programmatically, because everybody seems to have his own idea about what makes one "valid", and it's a shame to exclude a good email address because it contains a character you didn't think about.

The only real authority is RFC 2822 (which encompasses the more familiar RFC822), and it includes a fairly expansive definition of what's allowed. The truly pedantic may well wish to accept email addresses with ampersands and asterisks (among other things) as valid, but others - including this author - are satisfied with a reasonable subset that includes "most" email addresses.

Those taking a more restrictive approach ought to be fully aware of the consequences of excluding these addresses, especially considering that better techniques (prepare/execute, stored procedures) obviate the security concerns which those "odd" characters present.

---

Be aware that "sanitizing the input" doesn't mean merely "remove the quotes", because even "regular" characters can be troublesome. In an example where an integer ID value is being compared against the user input (say, a numeric PIN):

SELECT fieldlist
 FROM table
WHERE id = 23 OR 1=1;  -- Boom! Always matches!

In practice, however, this approach is highly limited because there are so few fields for which it's possible to outright exclude many of the dangerous characters. For "dates" or "email addresses" or "integers" it may have merit, but for any kind of real application, one simply cannot avoid the other mitigations.

Escape/Quotesafe the input

Even if one might be able to sanitize a phone number or email address, one cannot take this approach with a "name" field lest one wishes to exclude the likes of Bill O'Reilly from one's application: a quote is simply a valid character for this field.

One includes an actual single quote in an SQL string by putting two of them together, so this suggests the obvious - but wrong! - technique of preprocessing every string to replicate the single quotes:

SELECT fieldlist
 FROM customers
WHERE name = 'Bill O''Reilly';  -- works OK

However, this naïve approach can be beaten because most databases support other string escape mechanisms. MySQL, for instance, also permits \' to escape a quote, so after input of \'; DROP TABLE users; -- is "protected" by doubling the quotes, we get:

SELECT fieldlist
 FROM customers
WHERE name = '\''; DROP TABLE users; --';  -- Boom!

The expression '\'' is a complete string (containing just one single quote), and the usual SQL shenanigans follow. It doesn't stop with backslashes either: there is Unicode, other encodings, and parsing oddities all hiding in the weeds to trip up the application designer.

Getting quotes right is notoriously difficult, which is why many database interface languages provide a function that does it for you. When the same internal code is used for "string quoting" and "string parsing", it's much more likely that the process will be done properly and safely.

Some examples are the MySQL function mysql_real_escape_string() and perl DBD method $dbh->quote($value).

These methods must be used.

Use bound parameters (the PREPARE statement)

Though quotesafing is a good mechanism, we're still in the area of "considering user input as SQL", and a much better approach exists: bound parameters, which are supported by essentially all database programming interfaces. In this technique, an SQL statement string is created with placeholders - a question mark for each parameter - and it's compiled ("prepared", in SQL parlance) into an internal form.

Later, this prepared query is "executed" with a list of parameters:

Example in perl

$sth = $dbh->prepare("SELECT email, userid FROM members WHERE email = ?;");

$sth->execute($email);

Thanks to Stefan Wagner, this demonstrates bound parameters in Java:

Insecure version

Statement s = connection.createStatement();
ResultSet rs = s.executeQuery("SELECT email FROM member WHERE name = "
                            + formField); // *boom*

Secure version

PreparedStatement ps = connection.prepareStatement(
   "SELECT email FROM member WHERE name = ?");
ps.setString(1, formField);
ResultSet rs = ps.executeQuery();

Here, $email is the data obtained from the user's form, and it is passed as positional parameter #1 (the first question mark), and at no point do the contents of this variable have anything to do with SQL statement parsing. Quotes, semicolons, backslashes, SQL comment notation - none of this has any impact, because it's "just data". There simply is nothing to subvert, so the application is be largely immune to SQL injection attacks.

There also may be some performance benefits if this prepared query is reused multiple times (it only has to be parsed once), but this is minor compared to the enormous security benefits. This is probably the single most important step one can take to secure a web application.

Limit database permissions and segregate users

In the case at hand, we observed just two interactions that are made not in the context of a logged-in user: "log in" and "send me password". The web application ought to use a database connection with the most limited rights possible: query-only access to the members table, and no access to any other table.

The effect here is that even a "successful" SQL injection attack is going to have much more limited success. Here, we'd not have been able to do the UPDATE request that ultimately granted us access, so we'd have had to resort to other avenues.

Once the web application determined that a set of valid credentials had been passed via the login form, it would then switch that session to a database connection with more rights.

It should go almost without saying that sa rights should never be used for any web-based application.

Use stored procedures for database access

When the database server supports them, use stored procedures for performing access on the application's behalf, which can eliminate SQL entirely (assuming the stored procedures themselves are written properly).

By encapsulating the rules for a certain action - query, update, delete, etc. - into a single procedure, it can be tested and documented on a standalone basis and business rules enforced (for instance, the "add new order" procedure might reject that order if the customer were over his credit limit).

For simple queries this might be only a minor benefit, but as the operations become more complicated (or are used in more than one place), having a single definition for the operation means it's going to be more robust and easier to maintain.

Note: it's always possible to write a stored procedure that itself constructs a query dynamically: this provides no protection against SQL Injection - it's only proper binding with prepare/execute or direct SQL statements with bound variables that provide this protection.

Isolate the webserver

Even having taken all these mitigation steps, it's nevertheless still possible to miss something and leave the server open to compromise. One ought to design the network infrastructure to assume that the bad guy will have full administrator access to the machine, and then attempt to limit how that can be leveraged to compromise other things.

For instance, putting the machine in a DMZ with extremely limited pinholes "inside" the network means that even getting complete control of the webserver doesn't automatically grant full access to everything else. This won't stop everything, of course, but it makes it a lot harder.

Configure error reporting

The default error reporting for some frameworks includes developer debugging information, and this cannot be shown to outside users. Imagine how much easier a time it makes for an attacker if the full query is shown, pointing to the syntax error involved.

This information is useful to developers, but it should be restricted - if possible - to just internal users.

Note that not all databases are configured the same way, and not all even support the same dialect of SQL (the "S" stands for "Structured", not "Standard"). For instance, most versions of MySQL do not support subselects, nor do they usually allow multiple statements: these are substantially complicating factors when attempting to penetrate a network.

---

We'd like to emphasize that though we chose the "Forgotten password" link to attack in this particular case, it wasn't really because this particular web application feature is dangerous. It was simply one of several available features that might have been vulnerable, and it would be a mistake to focus on the "Forgotten password" aspect of the presentation.

This Tech Tip has not been intended to provide comprehensive coverage on SQL injection, or even a tutorial: it merely documents the process that evolved over several hours during a contracted engagement. We've seen other papers on SQL injection discuss the technical background, but still only provide the "money shot" that ultimately gained them access.

But that final statement required background knowledge to pull off, and the process of gathering that information has merit too. One doesn't always have access to source code for an application, and the ability to attack a custom application blindly has some value.

Continue reading →

Other Approaches

In this particular engagement, we obtained enough access that we did not feel the need to do much more, but other steps could have been taken. We'll touch on the ones that we can think of now, though we are quite certain that this is not comprehensive.

We are also aware that not all approaches work with all databases, and we can touch on some of them here.

Use xp_cmdshell

Microsoft's SQL Server supports a stored procedure xp_cmdshell that permits what amounts to arbitrary command execution, and if this is permitted to the web user, complete compromise of the webserver is inevitable.

What we had done so far was limited to the web application and the underlying database, but if we can run commands, the webserver itself cannot help but be compromised. Access to xp_cmdshell is usually limited to administrative accounts, but it's possible to grant it to lesser users.

Map out more database structure

Though this particular application provided such a rich post-login environment that it didn't really seem necessary to dig further, in other more limited environments this may not have been sufficient.

Being able to systematically map out the available schema, including tables and their field structure, can't help but provide more avenues for compromise of the application.

One could probably gather more hints about the structure from other aspects of the website (e.g., is there a "leave a comment" page? Are there "support forums"?). Clearly, this is highly dependent on the application and it relies very much on making good guesses.

Continue reading →

Mail me a password

We then realized that though we are not able to add a new record to the members database, we can modify an existing one, and this proved to be the approach that gained us entry.

From a previous step, we knew that bob@example.com had an account on the system, and we used our SQL injection to update his database record with our email address:

SELECT email, passwd, login_id, full_name
 FROM members
WHERE email = 'x';
     UPDATE members
     SET email = 'steve@unixwiz.net'
     WHERE email = 'bob@example.com';

After running this, we of course received the "we didn't know your email address", but this was expected due to the dummy email address provided. The UPDATE wouldn't have registered with the application, so it executed quietly.

We then used the regular "I lost my password" link - with the updated email address - and a minute later received this email:

From: system@example.com
To: steve@unixwiz.net
Subject: Intranet login

This email is in response to your request for your Intranet log in information.
Your User ID is: bob
Your password is: hello

Now it was now just a matter of following the standard login process to access the system as a high-ranked MIS staffer, and this was far superior to a perhaps-limited user that we might have created with our INSERT approach.

We found the intranet site to be quite comprehensive, and it included - among other things - a list of all the users. It's a fair bet that many Intranet sites also have accounts on the corporate Windows network, and perhaps some of them have used the same password in both places. Since it's clear that we have an easy way to retrieve any Intranet password, and since we had located an open PPTP VPN port on the corporate firewall, it should be straightforward to attempt this kind of access.

We had done a spot check on a few accounts without success, and we can't really know whether it's "bad password" or "the Intranet account name differs from the Windows account name". But we think that automated tools could make some of this easier.

Other Approaches

In this particular engagement, we obtained enough access that we did not feel the need to do much more, but other steps could have been taken. We'll touch on the ones that we can think of now, though we are quite certain that this is not comprehensive.

We are also aware that not all approaches work with all databases, and we can touch on some of them here.

Use xp_cmdshell

Continue reading →

Finding some users

At this point we have a partial idea of the structure of the members table, but we only know of one username: the random member who got our initial "Here is your password" email. Recall that we never received the message itself, only the address it was sent to. We'd like to get some more names to work with, preferably those likely to have access to more data.

The first place to start, of course, is the company's website to find who is who: the "About us" or "Contact" pages often list who's running the place. Many of these contain email addresses, but even those that don't list them can give us some clues which allow us to find them with our tool.

The idea is to submit a query that uses the LIKE clause, allowing us to do partial matches of names or email addresses in the database, each time triggering the "We sent your password" message and email. Warning: though this reveals an email address each time we run it, it also actually sends that email, which may raise suspicions. This suggests that we take it easy.

We can do the query on email name or full name (or presumably other information), each time putting in the % wildcards that LIKE supports:

SELECT email, passwd, login_id, full_name
 FROM members
WHERE email = 'x' OR full_name LIKE '%Bob%';

Keep in mind that even though there may be more than one "Bob", we only get to see one of them: this suggests refining our LIKE clause narrowly.

Ultimately, we may only need one valid email address to leverage our way in.

Brute-force password guessing

One can certainly attempt brute-force guessing of passwords at the main login page, but many systems make an effort to detect or even prevent this. There could be logfiles, account lockouts, or other devices that would substantially impede our efforts, but because of the non-sanitized inputs, we have another avenue that is much less likely to be so protected.

We'll instead do actual password testing in our snippet by including the email name and password directly. In our example, we'll use our victim, bob@example.com and try multiple passwords.

SELECT email, passwd, login_id, full_name
 FROM members
WHERE email = 'bob@example.com' AND passwd = 'hello123';

This is clearly well-formed SQL, so we don't expect to see any server errors, and we'll know we found the password when we receive the "your password has been mailed to you" message. Our mark has now been tipped off, but we do have his password.

This procedure can be automated with scripting in perl, and though we were in the process of creating this script, we ended up going down another road before actually trying it.

The database isn't readonly

So far, we have done nothing but query the database, and even though a SELECT is readonly, that doesn't mean that SQL is. SQL uses the semicolon for statement termination, and if the input is not sanitized properly, there may be nothing that prevents us from stringing our own unrelated command at the end of the query.

The most drastic example is:

SELECT email, passwd, login_id, full_name
 FROM members
WHERE email = 'x'; DROP TABLE members; --';  -- Boom!

The first part provides a dummy email address -- 'x' -- and we don't care what this query returns: we're just getting it out of the way so we can introduce an unrelated SQL command. This one attempts to drop (delete) the entire members table, which really doesn't seem too sporting.

This shows that not only can we run separate SQL commands, but we can also modify the database. This is promising.

Continue reading →

Schema field mapping

The first steps are to guess some field names: we're reasonably sure that the query includes "email address" and "password", and there may be things like "US Mail address" or "userid" or "phone number". We'd dearly love to perform a SHOW TABLE, but in addition to not knowing the name of the table, there is no obvious vehicle to get the output of this command routed to us.

So we'll do it in steps. In each case, we'll show the whole query as we know it, with our own snippets shown specially. We know that the tail end of the query is a comparison with the email address, so let's guess email as the name of the field:

SELECT fieldlist
 FROM table
WHERE field = 'x' AND email IS NULL; --';

The intent is to use a proposed field name (email) in the constructed query and find out if the SQL is valid or not. We don't care about matching the email address (which is why we use a dummy 'x'), and the -- marks the start of an SQL comment. This is an effective way to "consume" the final quote provided by application and not worry about matching them.

If we get a server error, it means our SQL is malformed and a syntax error was thrown: it's most likely due to a bad field name. If we get any kind of valid response, we guessed the name correctly. This is the case whether we get the "email unknown" or "password was sent" response.

Note, however, that we use the AND conjunction instead of OR: this is intentional. In the SQL schema mapping phase, we're not really concerned with guessing any particular email addresses, and we do not want random users inundated with "here is your password" emails from the application - this will surely raise suspicions to no good purpose. By using the AND conjunction with an email address that couldn't ever be valid, we're sure that the query will always return zero rows and never generate a password-reminder email.

Submitting the above snippet indeed gave us the "email address unknown" response, so now we know that the email address is stored in a field email. If this hadn't worked, we'd have tried email_address or mail or the like. This process will involve quite a lot of guessing.

Next we'll guess some other obvious names: password, user ID, name, and the like. These are all done one at a time, and anything other than "server failure" means we guessed the name correctly.

SELECT fieldlist
 FROM table
WHERE email = 'x' AND userid IS NULL; --';

As a result of this process, we found several valid field names:

• email
• passwd
• login_id
• full_name

There are certainly more (and a good source of clues is the names of the fields on forms), but a bit of digging did not discover any. But we still don't know the name of the table that these fields are found in - how to find out?

Finding the table name

The application's built-in query already has the table name built into it, but we don't know what that name is: there are several approaches for finding that (and other) table names. The one we took was to rely on a subselect.

A standalone query of

SELECT COUNT(*) FROM tabname

Returns the number of records in that table, and of course fails if the table name is unknown. We can build this into our string to probe for the table name:

SELECT email, passwd, login_id, full_name
 FROM table
WHERE email = 'x' AND 1=(SELECT COUNT(*) FROM tabname); --';

We don't care how many records are there, of course, only whether the table name is valid or not. By iterating over several guesses, we eventually determined that members was a valid table in the database. But is it the table used in this query? For that we need yet another test using table.field notation: it only works for tables that are actually part of this query, not merely that the table exists.

SELECT email, passwd, login_id, full_name
 FROM members
WHERE email = 'x' AND members.email IS NULL; --';

When this returned "Email unknown", it confirmed that our SQL was well formed and that we had properly guessed the table name. This will be important later, but we instead took a different approach in the interim.

Continue reading →

The Target Intranet

This appeared to be an entirely custom application, and we had no prior knowledge of the application nor access to the source code: this was a "blind" attack. A bit of poking showed that this server ran Microsoft's IIS 6 along with ASP.NET, and this suggested that the database was Microsoft's SQL server: we believe that these techniques can apply to nearly any web application backed by any SQL server.

The login page had a traditional username-and-password form, but also an email-me-my-password link; the latter proved to be the downfall of the whole system.

When entering an email address, the system presumably looked in the user database for that email address, and mailed something to that address. Since my email address is not found, it wasn't going to send me anything.

So the first test in any SQL-ish form is to enter a single quote as part of the data: the intention is to see if they construct an SQL string literally without sanitizing. When submitting the form with a quote in the email address, we get a 500 error (server failure), and this suggests that the "broken" input is actually being parsed literally. Bingo.

We speculate that the underlying SQL code looks something like this:

SELECT fieldlist
 FROM table
WHERE field = '$EMAIL';

Here, $EMAIL is the address submitted on the form by the user, and the larger query provides the quotation marks that set it off as a literal string. We don't know the specific names of the fields or table involved, but we do know their nature, and we'll make some good guesses later.

When we enter steve@unixwiz.net' - note the closing quote mark - this yields constructed SQL:

SELECT fieldlist
 FROM table
WHERE field = 'steve@unixwiz.net'';

when this is executed, the SQL parser find the extra quote mark and aborts with a syntax error. How this manifests itself to the user depends on the application's internal error-recovery procedures, but it's usually different from "email address is unknown". This error response is a dead giveaway that user input is not being sanitized properly and that the application is ripe for exploitation.

Since the data we're filling in appears to be in the WHERE clause, let's change the nature of that clause in an SQL legal way and see what happens. By entering anything' OR 'x'='x, the resulting SQL is:

SELECT fieldlist
 FROM table
WHERE field = 'anything' OR 'x'='x';

Because the application is not really thinking about the query - merely constructing a string - our use of quotes has turned a single-component WHERE clause into a two-component one, and the 'x'='x' clause is guaranteed to be true no matter what the first clause is (there is a better approach for this "always true" part that we'll touch on later).

But unlike the "real" query, which should return only a single item each time, this version will essentially return every item in the members database. The only way to find out what the application will do in this circumstance is to try it. Doing so, we were greeted with:

---

Your login information has been mailed to random.person@example.com.

---

Our best guess is that it's the first record returned by the query, effectively an entry taken at random. This person really did get this forgotten-password link via email, which will probably come as surprise to him and may raise warning flags somewhere.

We now know that we're able to manipulate the query to our own ends, though we still don't know much about the parts of it we cannot see. But we have observed three different responses to our various inputs:

• "Your login information has been mailed to email"
• "We don't recognize your email address"
• Server error

The first two are responses to well-formed SQL, while the latter is for bad SQL: this distinction will be very useful when trying to guess the structure of the query.

Continue reading →

SQL Injection
It is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises.

We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different -- and better -- approaches. But the fact that we were successful does suggest that we were not entirely misguided.

There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation.

Continue reading →

What to Do If Your Computer Is Infected

Sometimes even an experienced user will not realise that a computer is infected with a virus. This is because viruses can hide among regular files, or camoflage themselves as standard files. This section contains a detailed discussion of the symptoms of virus infection, how to recover data after a virus attack and how to prevent data from being corrupted by malware.

Symptoms of infection

There are a number of symptoms which indicate that your computer has been infected. If you notice "strange things" happening to your computer, namely:

• unexpected messages or images are suddenly displayed
• unusual sounds or music played at random
• your CD-ROM drive mysteriously opens and closes
• programs suddenly start on your computer
• you receive notification from your firewall that some applications have attempted to connect to the Internet, although you did not initiate this, then it is very likely that your computer has been infected by a virus

Additionally, there are some typical symptoms which indicate that your computer has been infected via email:

• your friends mention that they have received messages from your address which you know you did not send
• your mailbox contains a lot of messages without a sender's e-mail address or message header

These problems, however, may not be caused by viruses. For example, infected messages that are supposedly coming from your address can actually be sent from a different computer.

There is a range of secondary symptoms which indicate that your computer may be infected:

• your computer freezes frequently or encounters errors
• your computer slows down when programs are started
• the operating system is unable to load
• files and folders have been deleted or their content has changed
• your hard drive is accessed too often (the light on your main unit flashes rapidly)
• Microsoft Internet Explorer freezes or functions erratically e.g. you cannot close the application window

90% of the time the symptoms listed above indicate a hardware or software problem. Although such symptoms are unlikely to be caused by a virus, you should use your antivirus software to scan your computer fully.

What you should do if you notice symptoms of infection

If you notice that your computer is functioning erratically

1. Don't panic! This golden rule may prevent the loss of important data stored in your computer and help you avoid unnecessary stress.
2. Disconnect your computer from the Internet.
3. If your computer is connected to a Local Area Network, disconnect it.
4. If the computer cannot boot from the hard drive (error at startup), try to start the system in Safe Mode or from the Windows boot disk
5. Before taking any action, back up all critical data to an external drive (a floppy disk, CD, flash memory, etc.).
6. Install antivirus software if you do not have it installed.
7. Download the latest updates for your antivirus database. If possible, do not use the infected computer to download updates, but use a friend's computer, or a computer at your office, an Internet cafe, etc. This is important because if you are connected to the Internet, a virus can send important information to third parties or may try to send itself to all email addresses in your address book. You may also be able to obtain updates for your antivirus software on CD-ROM from the software vendors or authorized dealers.
8. Perform a full system scan.

If no viruses are found during a scan

If no viruses are found during the scan and the symptoms that alarmed you are classifed, you probably have no reason to worry. Check all hardware and software installed in your computer. Download Windows patches using Windows Update. Deinstall all unlicensed software from your computer and clean your hard drives of any junk files.

If viruses are found during a scan

A good antivirus solution will notify you if viruses are found during a scan, and offer several options for dealing with infected objects.

In the vast majority of cases, personal computers are infected by worms, Trojan programs, or viruses. In most cases, lost data can be successfully recovered.

1. A good antivirus solution will provide the option to disinfect for infected objects, quarantine possibly infected objects and delete worms and Trojans. A report will provide the names of the malicious software discovered on your computer.
2. In some cases, you may need a special utility to recover data that have been corrupted. Visit your antivirus software vendor's site, and search for information about the virus, Trojan or worm which has infected your computer. Download any special utilities if these are available.
3. If your computer has been infected by viruses that exploit Microsoft Outlook Express vulnerabilities, you can fully clean your computer by disinfecting all infected objects, and then scanning and disinfecting the mail client's databases. This ensures that the malicious programs cannot be reactivated when messages which were infected prior to scanning are re-opened. You should also download and install security patches for Microsoft Outlook Express.
4. Unfortunately, some viruses cannot be removed from infected objects. Some of these viruses may corrupt information on your computer when infecting, and it may not be possible to restore this information. If a virus cannot be removed from a file, the file should be deleted.

If your computer has suffered a severe virus attack

Some viruses and Trojans can cause severe damage to your computer:

1. If you cannot boot from your hard drive (error at startup), try to boot from the Windows rescue disk. If the system can not recognize your hard drive, the virus has damaged the disk partition table. In this case, try to recover the partition table using scandisk, a standard Windows program. If this does not help, contact a computer data recovery service. Your computer vendor should be able to provide contact details for such services.

If you have a disk management utility installed, some of your logical drives may be unavailable when you boot from the rescue disk. In this case, you should disinfect all accessible drives, reboot from the system hard drive and disinfect the remaining logical drives.

2. Recover corrupted files and applications using backup copies after you have scanned the drive containing this data.

Diagnosing the problem using standard Windows tools

Although this is not recommended unless you are an experience user, you may wish to:

• check the integrity of the file system on your hard drive (using CHKDSK program) and repair file system errors. If there are a large number of errors, you must backup the most important files to removable storage media before fixing the errors
• scan your computer after booting from the Windows rescue disk
• use other standard Windows tools, for example, the scandisk utility

For more details on using these utilities, refer to the Windows Help topics.

If nothing helps

If the symptoms described above persist even after you have scanned your computer, and checked all installed hardware and software and your hard drive using Windows utilities, you should send a message with a full description of the problem to your antivirus vendor's technical support department.

Some antivirus software developers will analyse infected files submitted by users.

After you have eradicated the infection

Once you have eradicated the infection, scan all disks and removable storage media that may be infected by the virus.

Make sure that you have appropriately configured antivirus software installed on your computer.

Practice safe computing.

All of these measures will help prevent your computer getting infected in the future.

Continue reading →

Who Writes Malicious Programs and Why?

Virus writers: four general types

Virus writers belong to one of four broad groups: cyber-vandals, who can be divided into two categories, and more serious programmers, who can again be split into two groups.

Cyber vandalism - stage 1

In the past, most malware was written by young programmers: kids who just had learned to program who wanted to test their skills. Fortunately most of these programs did not spread widely - the majority of such malware died when disks were reformatted or upgraded. Viruses like these were not written with a concrete aim or a definite target, but simply for the writers to assert themselves.

Cyber vandalism - stage 2

The second largest group of contributors to malware coding were young people, usually students. They were still learning programming, but had already made a conscious decision to devote their skills to virus writing. These were people who had chosen to disrupt the computing community by committing acts of cyber hooliganism and cyber vandalism. Viruses authored by members of this group were usually extremely primitive and the code contained a large number of errors.

However, the development of the Internet provided space and new opportunities for these would-be virus writers.Numerous sites, chat rooms and other resources sprang up where anyone could learn about virus writing: by talking to experienced authors and downloading everything from tools for constructing and concealing malware to malicious program source code.

Professional virus writers

And then these 'script kiddies' grew up. Unfortunately, some of them did not grow out of virus writing. Instead, they looked for commercial applications for their dubious talents. This group remains the most secretive and dangerous section of the computer underground: they have created a network of professional and talented programmers who are very serious about writing and spreading viruses.

Professional virus writers often write innovative code designed to penetrate computers and networks; they research software and hardware vulnerabilities and use social engineering in original ways to ensure that their malicious creations will not only survive, but also spread widely.

Virus researchers: the 'proof-of-concept' malware authors

The fourth and smallest group of virus writers is rather unusual. These virus writers call themselves researchers, and they are often talented programmers who devote their skills to developing new methods for penetrating and infecting systems, fooling antivirus programs and so forth. They are usually among the first to penetrate new operating systems and hardware. Nevertheless, these virus writers are not writing viruses for money, but for research purposes. They usually do not spread the source code of their 'proof of concept viruses', but do actively discuss their innovations on Internet resources devoted to virus writing.

All of this may sound innocent or even beneficial. However, a virus remains a virus and research into new threats should be conducted by people devoted to curing the disease, not by amateurs who take no responsibility for the results of their research. Many proof of concept viruses can turn into serious threats once the professional virus writers gain access to them, since virus writing is a source of income for this group.

Why write viruses?

Fraud

The computer underground has realised that paid for Internet services, such as Internet access, email and web hosting, provides new opportunities for illegal activity with the additional satisfaction of getting something for nothing. Virus writers have authored a range of Trojans which steal login information and passwords to gain free access to other users' Internet resources.

The first password stealing Trojans appeared in 1997: the aim was to gain access to AOL. By 1998 similar Trojans appeared for all other major Internet service providers. Trojans stealing log in data for dial-up ISPs, AOL and other Internet services are usually written by people with limited means to support their Internet habit, or by people who do not accept that Internet resources are a commercial service just like any other, and must therefore be paid for.

For a long time, this group of Trojans constituted a significant portion of the daily 'catch' for antivirus companies worldwide. Today, the numbers are decreasing in proportion to the decreasing cost of Internet access.

Computer games and software license keys are another target for cyber fraud. Once again, Trojans providing free access to these resources are written by and for people with limited financial resources. Some hacking and cracking utilities are also written by so-called 'freedom fighters', who proclaim that all infomration should be shared freely throughout the computing community. However, fraud remains a crime, no matter how noble the aim is made out to be.

Organised cyber crime

The most dangerous virus writers are individuals and groups who have turned professional. These people either extract money directly from end users (either by theft or by fraud) or use zombie machines to earn money in other ways, such as creating and selling a spamming platform, or organizing DoS attacks, with the aim here being blackmail.

Most of today's serious outbreaks are caused by professional virus writers who organize the blanket installations of Trojans to victim machines. This may be done by using worms, links to infected sites or other Trojans.

Bot networks

Currently, virus writers either work for particular spammers or sell their wares to the highest bidder. Today, one standard procedure is for virus writers to create bot networks, i.e. networks of zombie computer infected with identical malicious code. In the case of networks used as spamming platforms, a Trojan proxy server will penetrate the victim machines. These networks number from a thousand to tens of thousands of infected machines. The virus writers then sell these networks to the highest bidder in the computer underground.

Such networks are generally used as spamming platforms. Hacker utilities can be used to ensure that these networks run efficiently; malicious software is installed without the knowledge or consent of the user, adware programs can be camoflaged to prevent detection and deletion, and antivirus software may be attacked.

Financial gain

Apart from servicing spam and adware, professional virus writers also create Tojan spies which they use to steal money from e-wallets, Pay Pal accounts and/or directly from Internet bank accounts. These Trojans harvest banking and payment information from local machines or even corporate servers and then forward it to the master.

Cyber extortion

The third major form of contemporary cyber crime is extortion or Internet rackets. Usually, virus writers create a network of zombie machines capable of conducting an organized DoS attack. Then they blackmail companies by threatening to conduct a DoS attack against the corporate website. Popular targets include estores, banking and gambling sites, i.e. companies whose revenues are generated directly by their on-line presence.

Other malware

Virus writers and hackers also ensure that adware, dialers, utilities that redirect browsers to pay-to-view sites and other types of unwanted software function efficiently. Such programs can generate profits for the computer underground, so it's in the interests of virus writers and hackers to make sure that these programs are not detected and are regularly updated.

In spite of the media attention given to young virus writers who manage to cause a global epidemic, approximately 90% of malicious code is written by the professionals. Although all of four groups of virus writers challenge computer security, the group which poses a serious, and growing threat is the community of professional virus writers who sell their services.

Continue reading →

Indian economy will not be affected as badly as other countries by the global financial crisis as it has a strong growth record, Jamie Dimon, chief executive of financial services firm JP Mrgan Chase, said.

"India is doing far better than most other countries. Most important that you (India) might slow down a little bit but you have still a pretty good growth, so I don't think it needs to do quiet anything like it has been done elsewhere

," Dimon said in an interview with NDTV.

He, however, said that the global economic scenario was alarming and the current crisis was "worst since the great depression" of 1930s.

Referring to the great depression, he said: "I don't think it will go that bad but that will be the worst."

With the three major economies - the U.S, Europe and Japan - facing downturn, Dimon urged the emerging economies to be prepared to deal with its consequences.

"The three 3 major economies in the world are slowing down that it will have an effect on them (emerging economies)," he said.

Continue reading →

How To Increase Your Broadband Speed In 3 Minutes

Here?s a simple 3 minute tweak (XP Pro only) that will increase your broadband speed.

By default (even with QoS disabled) Windows XP reserves up to 20 percent of your connections bandwidth. To override this reserve take the following steps.

Make sure you Log on as Administrator, not as a user with Administrator privileges.

* Start-> Run-> type gpedit.msc
* You will see [Local Computer Policy]
* Expand the [Administrative Templates] branch
* Expand the [Network] branch
* Highlight [QoS Packet Scheduler]
* Double-click [Limit Reservable Bandwidth]
* Check [Enabled]
* Change [Bandwidth limit %] to 0 %
* Click [Apply] [OK]

* Restart

Effect is immediate.

Continue reading →

23 Ways To Speed WinXP, Not only Defrag

Since defragging the disk won't do much to improve Windows XP performance, here are 23 suggestions that will. Each can enhance the performance and reliability of your customers' PCs. Best of all, most of them will cost you nothing.

1.) To decrease a system's boot time and increase system performance, use the money you save by not buying defragmentation software -- the built-in Windows defragmenter works just fine -- and instead equip the computer with an Ultra-133 or Serial ATA hard drive with 8-MB cache buffer.

2.) If a PC has less than 512 MB of RAM, add more memory. This is a relatively inexpensive and easy upgrade that can dramatically improve system performance.

3.) Ensure that Windows XP is utilizing the NTFS file system. If you're not sure, here's how to check: First, double-click the My Computer icon, right-click on the C: Drive, then select Properties. Next, examine the File System type; if it says FAT32, then back-up any important data. Next, click Start, click Run, type CMD, and then click OK. At the prompt, type CONVERT C: /FS:NTFS and press the Enter key. This process may take a while; it's important that the computer be uninterrupted and virus-free. The file system used by the bootable drive will be either FAT32 or NTFS. I highly recommend NTFS for its superior security, reliability, and efficiency with larger disk drives.

4.) Disable file indexing. The indexing service extracts information from documents and other files on the hard drive and creates a "searchable keyword index." As you can imagine, this process can be quite taxing on any system.

The idea is that the user can search for a word, phrase, or property inside a document, should they have hundreds or thousands of documents and not know the file name of the document they want. Windows XP's built-in search functionality can still perform these kinds of searches without the Indexing service. It just takes longer. The OS has to open each file at the time of the request to help find what the user is looking for.

Most people never need this feature of search. Those who do are typically in a large corporate environment where thousands of documents are located on at least one server. But if you're a typical system builder, most of your clients are small and medium businesses. And if your clients have no need for this search feature, I recommend disabling it.

Here's how: First, double-click the My Computer icon. Next, right-click on the C: Drive, then select Properties. Uncheck "Allow Indexing Service to index this disk for fast file searching." Next, apply changes to "C: subfolders and files," and click OK. If a warning or error message appears (such as "Access is denied"), click the Ignore All button.

5.) Update the PC's video and motherboard chipset drivers. Also, update and configure the BIOS. For more information on how to configure your BIOS properly, see this article on my site.

6.) Empty the Windows Prefetch folder every three months or so. Windows XP can "prefetch" portions of data and applications that are used frequently. This makes processes appear to load faster when called upon by the user. That's fine. But over time, the prefetch folder may become overloaded with references to files and applications no longer in use. When that happens, Windows XP is wasting time, and slowing system performance, by pre-loading them. Nothing critical is in this folder, and the entire contents are safe to delete.

7.) Once a month, run a disk cleanup. Here's how: Double-click the My Computer icon. Then right-click on the C: drive and select Properties. Click the Disk Cleanup button -- it's just to the right of the Capacity pie graph -- and delete all temporary files.

8.) In your Device Manager, double-click on the IDE ATA/ATAPI Controllers device, and ensure that DMA is enabled for each drive you have connected to the Primary and Secondary controller. Do this by double-clicking on Primary IDE Channel. Then click the Advanced Settings tab. Ensure the Transfer Mode is set to "DMA if available" for both Device 0 and Device 1. Then repeat this process with the Secondary IDE Channel.

9.) Upgrade the cabling. As hard-drive technology improves, the cabling requirements to achieve these performance boosts have become more stringent. Be sure to use 80-wire Ultra-133 cables on all of your IDE devices with the connectors properly assigned to the matching Master/Slave/Motherboard sockets. A single device must be at the end of the cable; connecting a single drive to the middle connector on a ribbon cable will cause signaling problems. With Ultra DMA hard drives, these signaling problems will prevent the drive from performing at its maximum potential. Also, because these cables inherently support "cable select," the location of each drive on the cable is important. For these reasons, the cable is designed so drive positioning is explicitly clear.

10.) Remove all spyware from the computer. Use free programs such as AdAware by Lavasoft or SpyBot Search & Destroy. Once these programs are installed, be sure to check for and download any updates before starting your search. Anything either program finds can be safely removed. Any free software that requires spyware to run will no longer function once the spyware portion has been removed; if your customer really wants the program even though it contains spyware, simply reinstall it. For more information on removing Spyware visit this Web Pro News page.

11.) Remove any unnecessary programs and/or items from Windows Startup routine using the MSCONFIG utility. Here's how: First, click Start, click Run, type MSCONFIG, and click OK. Click the StartUp tab, then uncheck any items you don't want to start when Windows starts. Unsure what some items are? Visit the WinTasks Process Library. It contains known system processes, applications, as well as spyware references and explanations. Or quickly identify them by searching for the filenames using Google or another Web search engine.

12.) Remove any unnecessary or unused programs from the Add/Remove Programs section of the Control Panel.

13.) Turn off any and all unnecessary animations, and disable active desktop. In fact, for optimal performance, turn off all animations. Windows XP offers many different settings in this area. Here's how to do it: First click on the System icon in the Control Panel. Next, click on the Advanced tab. Select the Settings button located under Performance. Feel free to play around with the options offered here, as nothing you can change will alter the reliability of the computer -- only its responsiveness.

14.) If your customer is an advanced user who is comfortable editing their registry, try some of the performance registry tweaks offered at Tweak XP.

15.) Visit Microsoft's Windows update site regularly, and download all updates labeled Critical. Download any optional updates at your discretion.

16.) Update the customer's anti-virus software on a weekly, even daily, basis. Make sure they have only one anti-virus software package installed. Mixing anti-virus software is a sure way to spell disaster for performance and reliability.

17.) Make sure the customer has fewer than 500 type fonts installed on their computer. The more fonts they have, the slower the system will become. While Windows XP handles fonts much more efficiently than did the previous versions of Windows, too many fonts -- that is, anything over 500 -- will noticeably tax the system.

18.) Do not partition the hard drive. Windows XP's NTFS file system runs more efficiently on one large partition. The data is no safer on a separate partition, and a reformat is never necessary to reinstall an operating system. The same excuses people offer for using partitions apply to using a folder instead. For example, instead of putting all your data on the D: drive, put it in a folder called "D drive." You'll achieve the same organizational benefits that a separate partition offers, but without the degradation in system performance. Also, your free space won't be limited by the size of the partition; instead, it will be limited by the size of the entire hard drive. This means you won't need to resize any partitions, ever. That task can be time-consuming and also can result in lost data.

19.) Check the system's RAM to ensure it is operating properly. I recommend using a free program called MemTest86. The download will make a bootable CD or diskette (your choice), which will run 10 extensive tests on the PC's memory automatically after you boot to the disk you created. Allow all tests to run until at least three passes of the 10 tests are completed. If the program encounters any errors, turn off and unplug the computer, remove a stick of memory (assuming you have more than one), and run the test again. Remember, bad memory cannot be repaired, but only replaced.

20.) If the PC has a CD or DVD recorder, check the drive manufacturer's Web site for updated firmware. In some cases you'll be able to upgrade the recorder to a faster speed. Best of all, it's free.

21.) Disable unnecessary services. Windows XP loads a lot of services that your customer most likely does not need. To determine which services you can disable for your client, visit the Black Viper site for Windows XP configurations.

22.) If you're sick of a single Windows Explorer window crashing and then taking the rest of your OS down with it, then follow this tip: open My Computer, click on Tools, then Folder Options. Now click on the View tab. Scroll down to "Launch folder windows in a separate process," and enable this option. You'll have to reboot your machine for this option to take effect.

23.) At least once a year, open the computer's cases and blow out all the dust and debris. While you're in there, check that all the fans are turning properly. Also inspect the motherboard capacitors for bulging or leaks. For more information on this leaking-capacitor phenomena, you can read numerous articles on my site.


Following any of these suggestions should result in noticeable improvements to the performance and reliability of your customers' computers. If you still want to defrag a disk, remember that the main benefit will be to make your data more retrievable in the event of a crashed drive.

Continue reading →

23 Ways To Speed WinXP, Not only Defrag

Since defragging the disk won't do much to improve Windows XP performance, here are 23 suggestions that will. Each can enhance the performance and reliability of your customers' PCs. Best of all, most of them will cost you nothing.

1.) To decrease a system's boot time and increase system performance, use the money you save by not buying defragmentation software -- the built-in Windows defragmenter works just fine -- and instead equip the computer with an Ultra-133 or Serial ATA hard drive with 8-MB cache buffer.

2.) If a PC has less than 512 MB of RAM, add more memory. This is a relatively inexpensive and easy upgrade that can dramatically improve system performance.

3.) Ensure that Windows XP is utilizing the NTFS file system. If you're not sure, here's how to check: First, double-click the My Computer icon, right-click on the C: Drive, then select Properties. Next, examine the File System type; if it says FAT32, then back-up any important data. Next, click Start, click Run, type CMD, and then click OK. At the prompt, type CONVERT C: /FS:NTFS and press the Enter key. This process may take a while; it's important that the computer be uninterrupted and virus-free. The file system used by the bootable drive will be either FAT32 or NTFS. I highly recommend NTFS for its superior security, reliability, and efficiency with larger disk drives.

4.) Disable file indexing. The indexing service extracts information from documents and other files on the hard drive and creates a "searchable keyword index." As you can imagine, this process can be quite taxing on any system.

The idea is that the user can search for a word, phrase, or property inside a document, should they have hundreds or thousands of documents and not know the file name of the document they want. Windows XP's built-in search functionality can still perform these kinds of searches without the Indexing service. It just takes longer. The OS has to open each file at the time of the request to help find what the user is looking for.

Most people never need this feature of search. Those who do are typically in a large corporate environment where thousands of documents are located on at least one server. But if you're a typical system builder, most of your clients are small and medium businesses. And if your clients have no need for this search feature, I recommend disabling it.

Here's how: First, double-click the My Computer icon. Next, right-click on the C: Drive, then select Properties. Uncheck "Allow Indexing Service to index this disk for fast file searching." Next, apply changes to "C: subfolders and files," and click OK. If a warning or error message appears (such as "Access is denied"), click the Ignore All button.

5.) Update the PC's video and motherboard chipset drivers. Also, update and configure the BIOS. For more information on how to configure your BIOS properly, see this article on my site.

6.) Empty the Windows Prefetch folder every three months or so. Windows XP can "prefetch" portions of data and applications that are used frequently. This makes processes appear to load faster when called upon by the user. That's fine. But over time, the prefetch folder may become overloaded with references to files and applications no longer in use. When that happens, Windows XP is wasting time, and slowing system performance, by pre-loading them. Nothing critical is in this folder, and the entire contents are safe to delete.

7.) Once a month, run a disk cleanup. Here's how: Double-click the My Computer icon. Then right-click on the C: drive and select Properties. Click the Disk Cleanup button -- it's just to the right of the Capacity pie graph -- and delete all temporary files.

8.) In your Device Manager, double-click on the IDE ATA/ATAPI Controllers device, and ensure that DMA is enabled for each drive you have connected to the Primary and Secondary controller. Do this by double-clicking on Primary IDE Channel. Then click the Advanced Settings tab. Ensure the Transfer Mode is set to "DMA if available" for both Device 0 and Device 1. Then repeat this process with the Secondary IDE Channel.

9.) Upgrade the cabling. As hard-drive technology improves, the cabling requirements to achieve these performance boosts have become more stringent. Be sure to use 80-wire Ultra-133 cables on all of your IDE devices with the connectors properly assigned to the matching Master/Slave/Motherboard sockets. A single device must be at the end of the cable; connecting a single drive to the middle connector on a ribbon cable will cause signaling problems. With Ultra DMA hard drives, these signaling problems will prevent the drive from performing at its maximum potential. Also, because these cables inherently support "cable select," the location of each drive on the cable is important. For these reasons, the cable is designed so drive positioning is explicitly clear.

10.) Remove all spyware from the computer. Use free programs such as AdAware by Lavasoft or SpyBot Search & Destroy. Once these programs are installed, be sure to check for and download any updates before starting your search. Anything either program finds can be safely removed. Any free software that requires spyware to run will no longer function once the spyware portion has been removed; if your customer really wants the program even though it contains spyware, simply reinstall it. For more information on removing Spyware visit this Web Pro News page.

11.) Remove any unnecessary programs and/or items from Windows Startup routine using the MSCONFIG utility. Here's how: First, click Start, click Run, type MSCONFIG, and click OK. Click the StartUp tab, then uncheck any items you don't want to start when Windows starts. Unsure what some items are? Visit the WinTasks Process Library. It contains known system processes, applications, as well as spyware references and explanations. Or quickly identify them by searching for the filenames using Google or another Web search engine.

12.) Remove any unnecessary or unused programs from the Add/Remove Programs section of the Control Panel.

13.) Turn off any and all unnecessary animations, and disable active desktop. In fact, for optimal performance, turn off all animations. Windows XP offers many different settings in this area. Here's how to do it: First click on the System icon in the Control Panel. Next, click on the Advanced tab. Select the Settings button located under Performance. Feel free to play around with the options offered here, as nothing you can change will alter the reliability of the computer -- only its responsiveness.

14.) If your customer is an advanced user who is comfortable editing their registry, try some of the performance registry tweaks offered at Tweak XP.

15.) Visit Microsoft's Windows update site regularly, and download all updates labeled Critical. Download any optional updates at your discretion.

16.) Update the customer's anti-virus software on a weekly, even daily, basis. Make sure they have only one anti-virus software package installed. Mixing anti-virus software is a sure way to spell disaster for performance and reliability.

17.) Make sure the customer has fewer than 500 type fonts installed on their computer. The more fonts they have, the slower the system will become. While Windows XP handles fonts much more efficiently than did the previous versions of Windows, too many fonts -- that is, anything over 500 -- will noticeably tax the system.

18.) Do not partition the hard drive. Windows XP's NTFS file system runs more efficiently on one large partition. The data is no safer on a separate partition, and a reformat is never necessary to reinstall an operating system. The same excuses people offer for using partitions apply to using a folder instead. For example, instead of putting all your data on the D: drive, put it in a folder called "D drive." You'll achieve the same organizational benefits that a separate partition offers, but without the degradation in system performance. Also, your free space won't be limited by the size of the partition; instead, it will be limited by the size of the entire hard drive. This means you won't need to resize any partitions, ever. That task can be time-consuming and also can result in lost data.

19.) Check the system's RAM to ensure it is operating properly. I recommend using a free program called MemTest86. The download will make a bootable CD or diskette (your choice), which will run 10 extensive tests on the PC's memory automatically after you boot to the disk you created. Allow all tests to run until at least three passes of the 10 tests are completed. If the program encounters any errors, turn off and unplug the computer, remove a stick of memory (assuming you have more than one), and run the test again. Remember, bad memory cannot be repaired, but only replaced.

20.) If the PC has a CD or DVD recorder, check the drive manufacturer's Web site for updated firmware. In some cases you'll be able to upgrade the recorder to a faster speed. Best of all, it's free.

21.) Disable unnecessary services. Windows XP loads a lot of services that your customer most likely does not need. To determine which services you can disable for your client, visit the Black Viper site for Windows XP configurations.

22.) If you're sick of a single Windows Explorer window crashing and then taking the rest of your OS down with it, then follow this tip: open My Computer, click on Tools, then Folder Options. Now click on the View tab. Scroll down to "Launch folder windows in a separate process," and enable this option. You'll have to reboot your machine for this option to take effect.

23.) At least once a year, open the computer's cases and blow out all the dust and debris. While you're in there, check that all the fans are turning properly. Also inspect the motherboard capacitors for bulging or leaks. For more information on this leaking-capacitor phenomena, you can read numerous articles on my site.


Following any of these suggestions should result in noticeable improvements to the performance and reliability of your customers' computers. If you still want to defrag a disk, remember that the main benefit will be to make your data more retrievable in the event of a crashed drive.

Continue reading →

Two easy ways to download youtube videos.

---

many people already know how to do this but i just thought i'd write this for those that don't.

The first method is as easy as cut and paste. just copy the url of the youtube video you require. then take it to the website below and paste the url in the box. Once you press the button the file will begin downloading.

http://video.qooqle.jp/dl/

only problem using this method is that you require an flv player to view files. if that doesn't bother you then you can download an flv player from here.

http://www.download.com/FLV-Player/3...-10467082.html.


The second method is just the same cut and paste job as the first, only take it to this site instead...

http://vixy.net/

once you get the youtube video url pasted into the box on vixy.net, you then have the option to convert the file into a number of formats.
mov
avi
mp4 -- for ipod
3gp -- for mobile
mp3 -- just the sound

just select the format you desire and download and it will be converted and downloaded to your computer. easy enough!

Continue reading →

3 ways to get IP of a person


Obtaining an IP from MSN Messenger.
----------------------------------

Firstly we learn the method used by most people when they want to get
someone elses IP Address.

Step 1 - Start MSN Messenger and login as yourself.

Pg.17

Step 2 - Hit your "Start" button and click run. Type into the white box
"Command" (without the quotation marks)

Step 3 - Type in "Netstat -N" (without the quotation marks) into the
black box and hit enter.

Step 4 - Start a conversation with your 'victim' and send them a file.
Once they accept the file Hit your "Start" button and click run. Type
into
the white box "Command" (without the quotation marks) and Type in
"Netstat -N" (without the quotation marks) into the black box and hit
enter.

Step 5 - Look in the middle column of both your MS Dos boxes and look
in the newer wndow for the IP address that has magically appeared in
the middle column. This is your victim's IP Address.

Obtaiing an IP from an E-Mail.
-------------------------------

Ok, lets say the person does not use MSN Messenger (can't blame them)
we can get an IP address from most E-Mail address. In this example we
shall use Outlook Express to view the E-Mails in.

Step 1 - Load Outlok express and left click on an E-Mail that was sent
from your 'victim'

Step 2 - Right click this E-Mail and click the "Properties" button.

Step 3 - Now Click on the tab displaying as it's text "Details" and
look for the buttom saying "Message Source", once found (not hard) click it.

Step 4 - Look in all the jargon for something like "X-Originating-IP: "
with a number after the colon. This number is the sender's IP Address.

Step 5 - If you cannot find "X-Originating-IP: " then do not worry.
Look for instead "Received:", and go along this string untill you come
to a nuber in brackets, this however maybe an IP but it might not be
the IP address of the 'victim', infact if they sent the E-Mail from a
we E-Mail service (like hotmail.com) then chances are it is not their
IP address.

Obtaiing an IP from Physical Access.
------------------------------------

If you have physical access to a computer then getting the IP address
is simple.

Step 1 - Click the "Start" button and hit "Run". Type in "Command" and
hit enter.

Step 2 - Type in "ipconfig" OR "winipcfg" and hit enter now look for
where it says "IP Address:", next to this is the IP of the computer you
are using.

Continue reading →

Major Hackers Personalities

This section contains brief information on some of the most famous hackers, both black and white hats. The individuals below are well known for a variety of reasons: their actions, whether good or bad, their contributions to software and technology development, or their innovative approach, skills and ability to think out of the box.

Richard Stallman is known as the father of free software. When Stallman started working at MIT's Artificial Intelligence Lab in 1971 he was confronted with 'non disclosure agreements' and closed program sources while he was hacking and improving system drivers the 'traditional way'. After an interesting battle to obtain the source code of a faulty printer utility, Stallman gave up his job and became the loudest advocate for free computer software, creating GNU and the Free Software Foundation in the process.

Dennis Ritchie and Ken Thompson are famous for two major software developments of the 20th century: the UNIX operating system and the C programming language. These two began their carriers at Bell Labs in 1960's, revolutionising the computer world forever with their ideas. While Ken Thompson has retired from the computer world, Dennis Ritchie is still employed at Lucent Technology, working on a new operating system derived from Unix, called 'Plan9'.

John Draper, aka 'Cap'n Crunch' is famous for his ability to hack phone systems using nothing but a whistle from the 'Cap'n Crunch' cereal boxes (hence the nickname). Besides being the father of 'phone phreaking', John Draper is also famous for writing what was perhaps the first IBM PC word processor. He now heads his own security venture, developing antispam solutions, thwarting hacker attacks and securing PCs.

Robert Morris is famous for creating the first Internet worm in 1988. It infected thousand of systems, and practically brought the Internet to a halt for nearly a day. The 'Morris Worm' was perhaps the first fully automated hacking tool, exploiting a couple of unpatched vulnerabilities on Vax and Sun computers.

Kevin Mitnick, possibly the best known case of a 'black hat', was caught by the computer expert Tsutomu Shimomura back in 1995.

Kevin Poulsen remains famous for his 1990 hack of the phone system in Los Angeles. This enabled him to become the 102nd caller in a radio-phone and win a Porsche 944. Kevin Poulsen was eventually caught and imprisoned for three years. He now works as a columnist for the online security magazine 'SecurityFocus'.

Vladimir Levin, a Russian computer expert, hacked into Citibank and extracted USD $10 million. He was arrested by Interpol in UK, back in 1995 and sentenced to three years in prison, as well as being required to pay USD $240,015 in restitution.

Tsutomu Shimomura is a good example of a 'white hat'. He was working for the San Diego Supercomputing Center when Kevin Mitnick broke into his network and stole information on cellular technology and other classified data. Tsutomu started the pursuit for Mitnick which eventually led to his arrest.

Linus Torvalds is known as the father of Linux, the most popular Unix-based operating system in use nowadays. Linus started his work on a new operating system in 1991, adopting several controversial technologies for his project, namely the concept of Free Software and GNU's Public License system. He is also known for his early disputes with Andrew Tannenbaum, the author of Minix, which was the inspirational source for Linus' OS project.

Continue reading →

Software Vulnerabilities

'Errare humanum est' (' To err is human.')
Marcus Tullius Cicero, Roman statesman, philosopher and author

'To err is human, but to really foul things up you need a computer'
Paul Ehrlich

The term 'vulnerability' is often mentioned in connection with computer security, in many different contexts.

In its broadest sense, the term 'vulnerability' is associated with some violation of a security policy. This may be due to weak security rules, or it may be that there is a problem within the software itself. In theory, all computer systems have vulnerabilities; whether or not they are serious depends on whether or not they are used to cause damage to the system.

There have been many attempts to clearly define the term 'vulnerability' and to separate the two meanings. MITRE, a US federally funded research and development group, focuses on analysing and solving critical security issues. The group has produced the following definitions:

According to MITRE's CVE Terminology:

[...] A universal vulnerability is a state in a computing system (or set of systems) which either:

• allows an attacker to execute commands as another user
• allows an attacker to access data that is contrary to the specified access restrictions for that data
• allows an attacker to pose as another entity
• allows an attacker to conduct a denial of service

MITRE believes that when an attack is made possible by a weak or inappropriate security policy, this is better described as 'exposure':

An exposure is a state in a computing system (or set of systems) which is not a universal vulnerability, but either:

• allows an attacker to conduct information gathering activities
• allows an attacker to hide activities
• includes a capability that behaves as expected, but can be easily compromised
• is a primary point of entry that an attacker may attempt to use to gain access to the system or data is considered a problem according to some reasonable security policy

When trying to gain unauthorized access to a system, an intruder usually first conducts a routine scan (or investigation) of the target, collects any 'exposed' data, and then exploits security policy weaknesses or vulnerabilities. Vulnerabilities and exposures are therefore both important points to check when securing a system against unauthorized access.

Continue reading →

How to Detect a Hacker Attack

Most computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit, several exploits at the same time, a misconfiguration in one of the system components or even a backdoor from an earlier attack.

Due to this, detecting hacker attacks is not an easy task, especially for an inexperienced user. This article gives a few basic guidelines to help you figure out either if your machine is under attack or if the security of your system has been compromised. Keep in mind just like with viruses, there is no 100% guarantee you will detect a hacker attack this way. However, there's a good chance that if your system has been hacked, it will display one or more of the following behaviours.

Windows machines:

• Suspiciously high outgoing network traffic. If you are on a dial-up account or using ADSL and notice an unusually high volume of outgoing network (traffic especially when you computer is idle or not necessarily uploading data), then it is possible that your computer has been compromised. Your computer may be being used either to send spam or by a network worm which is replicating and sending copies of itself. For cable connections, this is less relevant - it is quite common to have the same amount of outgoing traffic as incoming traffic even if you are doing nothing more than browsing sites or downloading data from the Internet.
• Increased disk activity or suspicious looking files in the root directories of any drives. After hacking into a system, many hackers run a massive scan for any interesting documents or files containing passwords or logins for bank or epayment accounts such as PayPal. Similarly, some worms search the disk for files containing email addresses to use for propagation. If you notice major disk activity even when the system is idle in conjunction with suspiciously named files in common folders, this may be an indication of a system hack or malware infection.
• Large number of packets which come from a single address being stopped by a personal firewall. After locating a target (eg. a company's IP range or a pool of home cable users) hackers usually run automated probing tools which try to use various exploits to break into the system. If you run a personal firewall (a fundamental element in protecting against hacker attacks) and notice an unusually high number of stopped packets coming from the same address then this is a good indication that your machine is under attack. The good news is that if your personal firewall is reporting these attacks, you are probably safe. However, depending on how many services you expose to the Internet, the personal firewall may fail to protect you against an attack directed at a specific FTP service running on your system which has been made accessible to all. In this case, the solution is to block the offending IP temporarily until the connection attempts stop. Many personal firewalls and IDSs have such a feature built in.
• Your resident antivirus suddenly starts reporting that backdoors or trojans have been detected, even if you have not done anything out of the ordinary. Although hacker attacks can be complex and innovative, many rely on known trojans or backdoors to gain full access to a compromised system. If the resident component of your antivirus is detecting and reporting such malware, this may be an indication that your system can be accessed from outside.

Unix machines:

• Suspiciously named files in the /tmp folder. Many exploits in the Unix world rely on creating temporary files in the /tmp standard folder which are not always deleted after the system hack. The same is true for some worms known to infect Unix systems; they recompile themselves in the /tmp folder and use it as 'home'.
• Modified system binaries such as 'login', 'telnet', 'ftp', 'finger' or more complex daemons, 'sshd', 'ftpd' and the like. After breaking into a system, a hacker usually attempts to secure access by planting a backdoor in one of the daemons with direct access from the Internet, or by modifying standard system utilities which are used to connect to other systems. The modified binaries are usually part of a rootkit and generally, are 'stealthed' against direct simple inspection. In all cases, it is a good idea to maintain a database of checksums for every system utility and periodically verify them with the system offline, in single user mode.
• Modified /etc/passwd, /etc/shadow, or other system files in the /etc folder. Sometimes hacker attacks may add a new user in /etc/passwd which can be remotely logged in a later date. Look for any suspicious usernames in the password file and monitor all additions, especially on a multi-user system.
• Suspicious services added to /etc/services. Opening a backdoor in a Unix system is sometimes a matter of adding two text lines. This is accomplished by modifying /etc/services as well as /etc/ined.conf. Closely monitor these two files for any additions which may indicate a backdoor bound to an unused or suspicious port.

Continue reading →

An Analysis of Hacker Mentality:

Why people hack is a subject which is often discussed. Some say the explanation is the same as the one given by people who climb mountains: 'because they [computers] are out there'. Others claim that by highlighting vulnerabilities, hacking helps increase computer security. And finally, there is the explanation most often put forward: criminal intent.

Whatever the reason, as long as computers exists there will be hackers - white hats, black hats and grey hats. And because there is no way of predicting which kind of attack ('curiosity' versus 'malicious') will hit your computer first, it is always best to be prepared for the worst.

The truth is that in hours of a machine being connected to the Internet, somebody will scan it with an automated vulnerability probing tool, looking for ways to get in. It may be somebody who is just curious to see what is on the machine, or a white hat from the other side of the world checking to see if the computer is secure. Of course, in real life you wouldn't want passing strangers stopping to check if your house or car were locked, and, if not, to go inside, look around, go through your possessions and leave a note saying 'Hi, I was here, your door was open, but don't mind me and BTW, fix your lock'. If you wouldn't want someone to do this to your house, you wouldn't want someone doing it to your computer. And there is no excuse for doing it to someone else's computer either.

Premeditated, criminal, hacking is obviously even worse. In the real world, somebody walks by, breaks your lock, gets inside, disables your alarm system, steals something or plants listening devices in your phone or surveillance equipment in your living room. If this happens you call the police, they look around, write a report, and you wait for the thieves to be caught. Unfortunately, this is a rare luxury in the computer world; the culprit may be far, far way, downloading your confidential files while sitting in his personal villa or sunbathing by his huge pool, nicely built with stolen money. Or, in a business environment, many large corporations prefer not to report hacking incidents at all, in order to protect their company image. This means that the criminals remain unpunished.

Another hacker motivation may be hooliganism, or digital graffiti, which can be summed up as hacking into systems to cause damage. Web site defacement is a very popular form of digital graffiti and there are some hacking groups which focus on this task alone. Just as in the physical, non-cyber world, catching the hooligans is a tedious task which usually doesn't repay the effort or resources expended.

Whatever the reasoning, be it 'to help others', 'security heads-up!', 'hooliganism' or 'criminal intent', hacking is a phenomenon which is deeply rooted in the world of computing and will probably never die. There will always be people immature enough to abuse public resources, self-proclaimed 'Robin Hoods' and criminals hiding in the dark alleys of cyberspace.

Continue reading →

If your PC is infected:

What to Do If Your Computer Is Infected

Sometimes even an experienced user will not realise that a computer is infected with a virus. This is because viruses can hide among regular files, or camoflage themselves as standard files. This section contains a detailed discussion of the symptoms of virus infection, how to recover data after a virus attack and how to prevent data from being corrupted by malware.

Symptoms of infection

There are a number of symptoms which indicate that your computer has been infected. If you notice "strange things" happening to your computer, namely:

• unexpected messages or images are suddenly displayed
• unusual sounds or music played at random
• your CD-ROM drive mysteriously opens and closes
• programs suddenly start on your computer
• you receive notification from your firewall that some applications have attempted to connect to the Internet, although you did not initiate this, then it is very likely that your computer has been infected by a virus

Additionally, there are some typical symptoms which indicate that your computer has been infected via email:

• your friends mention that they have received messages from your address which you know you did not send
• your mailbox contains a lot of messages without a sender's e-mail address or message header

These problems, however, may not be caused by viruses. For example, infected messages that are supposedly coming from your address can actually be sent from a different computer.

There is a range of secondary symptoms which indicate that your computer may be infected:

• your computer freezes frequently or encounters errors
• your computer slows down when programs are started
• the operating system is unable to load
• files and folders have been deleted or their content has changed
• your hard drive is accessed too often (the light on your main unit flashes rapidly)
• Microsoft Internet Explorer freezes or functions erratically e.g. you cannot close the application window

90% of the time the symptoms listed above indicate a hardware or software problem. Although such symptoms are unlikely to be caused by a virus, you should use your antivirus software to scan your computer fully.

What you should do if you notice symptoms of infection

If you notice that your computer is functioning erratically

1. Don't panic! This golden rule may prevent the loss of important data stored in your computer and help you avoid unnecessary stress.
2. Disconnect your computer from the Internet.
3. If your computer is connected to a Local Area Network, disconnect it.
4. If the computer cannot boot from the hard drive (error at startup), try to start the system in Safe Mode or from the Windows boot disk
5. Before taking any action, back up all critical data to an external drive (a floppy disk, CD, flash memory, etc.).
6. Install antivirus software if you do not have it installed.
7. Download the latest updates for your antivirus database. If possible, do not use the infected computer to download updates, but use a friend's computer, or a computer at your office, an Internet cafe, etc. This is important because if you are connected to the Internet, a virus can send important information to third parties or may try to send itself to all email addresses in your address book. You may also be able to obtain updates for your antivirus software on CD-ROM from the software vendors or authorized dealers.
8. Perform a full system scan.

If no viruses are found during a scan

If no viruses are found during the scan and the symptoms that alarmed you are classifed, you probably have no reason to worry. Check all hardware and software installed in your computer. Download Windows patches using Windows Update. Deinstall all unlicensed software from your computer and clean your hard drives of any junk files.

If viruses are found during a scan

A good antivirus solution will notify you if viruses are found during a scan, and offer several options for dealing with infected objects.

In the vast majority of cases, personal computers are infected by worms, Trojan programs, or viruses. In most cases, lost data can be successfully recovered.

1. A good antivirus solution will provide the option to disinfect for infected objects, quarantine possibly infected objects and delete worms and Trojans. A report will provide the names of the malicious software discovered on your computer.
2. In some cases, you may need a special utility to recover data that have been corrupted. Visit your antivirus software vendor's site, and search for information about the virus, Trojan or worm which has infected your computer. Download any special utilities if these are available.
3. If your computer has been infected by viruses that exploit Microsoft Outlook Express vulnerabilities, you can fully clean your computer by disinfecting all infected objects, and then scanning and disinfecting the mail client's databases. This ensures that the malicious programs cannot be reactivated when messages which were infected prior to scanning are re-opened. You should also download and install security patches for Microsoft Outlook Express.
4. Unfortunately, some viruses cannot be removed from infected objects. Some of these viruses may corrupt information on your computer when infecting, and it may not be possible to restore this information. If a virus cannot be removed from a file, the file should be deleted.

If your computer has suffered a severe virus attack

Some viruses and Trojans can cause severe damage to your computer:

1. If you cannot boot from your hard drive (error at startup), try to boot from the Windows rescue disk. If the system can not recognize your hard drive, the virus has damaged the disk partition table. In this case, try to recover the partition table using scandisk, a standard Windows program. If this does not help, contact a computer data recovery service. Your computer vendor should be able to provide contact details for such services.

If you have a disk management utility installed, some of your logical drives may be unavailable when you boot from the rescue disk. In this case, you should disinfect all accessible drives, reboot from the system hard drive and disinfect the remaining logical drives.

2. Recover corrupted files and applications using backup copies after you have scanned the drive containing this data.

Diagnosing the problem using standard Windows tools

Although this is not recommended unless you are an experience user, you may wish to:

• check the integrity of the file system on your hard drive (using CHKDSK program) and repair file system errors. If there are a large number of errors, you must backup the most important files to removable storage media before fixing the errors
• scan your computer after booting from the Windows rescue disk
• use other standard Windows tools, for example, the scandisk utility

For more details on using these utilities, refer to the Windows Help topics.

If nothing helps

If the symptoms described above persist even after you have scanned your computer, and checked all installed hardware and software and your hard drive using Windows utilities, you should send a message with a full description of the problem to your antivirus vendor's technical support department.

Some antivirus software developers will analyse infected files submitted by users.

After you have eradicated the infection

Once you have eradicated the infection, scan all disks and removable storage media that may be infected by the virus.

Make sure that you have appropriately configured antivirus software installed on your computer.

Practice safe computing.

All of these measures will help prevent your computer getting infected in the future.

Continue reading →