It was not been a god day. Some people do not like you learning, flamed in the newsgroups, one troll has been posting my person stuff on the Net. I am at the point where I will have to see a lawyer about him and may even have to go to Small Claims Court about if I have a case. Defamation or whatever. This is the big trouble with the Internet there are all these people you have to put up with.
More Problems I have been running two boxes, One an one Meledium BOX and a Vista Box. I download stuff from the Internet. I have to learn about Zip files and Downloading, you think you would know all this this of stuff but you just have to learn it yourself. The Millennium box is showing dialogue box with "Randall32" showing so I will have to go into the Usenet groups and see if we can fix it. Probably have to take it to the repair shop. Well that is way it goes.
More trouble Go-ogle is down. I cannot get into the Groups Server seems to be down. On the Vista Box I can surf OK but it will not go into the groups. I took Norton off the Vista box and want to download some Freeware but cannot access go-ogle where somebody gave me a link.
Tuesday, July 17, 2007
Wednesday, July 11, 2007
I am using Usenet forums less and less
I am using Usenet forums less and less. My goal is to learn as many features of Vista as possible and I find I get more help in the Microsoft Forums. I am currently hanging out in Vistahlep.ca and the Bo2k. Forums. The main features I am looking at are controlling a remote host so that I can be used in business as peer to peer. You can connect to another person’s PC and Network do it out of your own home. There is a great deal to learn, but with perseverance and long hours learning it can be done. There are many blogs out there covering Computer Security so I am looking for ways to improve my blog and get advertisers on the blogs so it can start paying for itself. Running a web site is another idea at the back of mind and I think I will have to get one build professionally. There are many templates that you can use, but building one seems a better way to go. I am running two PC’s so that with the BO2k I can practise with the server on one box (PC) and have the client on the other. I expect it is going to be at least two months to get the hang of the bo2k software and get used to using it. It would be used for business purposes only as obviously it is a Trojan. I am learning to have AV not pick it up. There are some good posts in the Bo2k forum about this. For long, my spelling and writing have not been good so running the blog is a good way to improve on my typing, spelling and English skills. On the BOX that I have, a Lenovo, it came with a sixty free trial for Microsoft Word. Encrypting file’s has been of interest to me and I will write more about this latter. Having no Certifications or Computer Degree could be a draw back, but I feel that self teaching of the Net is a better way to learn about Computer Security as you learn by your own mistakes.
Troubleshoot PCs
Troubleshoot PCs After years spent fixing their kids' computers, Donna Gaynor and Maria Luskin decided they could earn extra income doing just that for people in their San Diego neighborhood. So they took classes to become certified through the Computing Technology Industry Association (comptia.com), an international IT trade organization. In 2002, Gaynor and Luskin formed PC Divas, a mini-business that brings in about $3,000 a month. They try to work no more than 20 hours a week -- usually from 10 a.m. to 2 p.m. while their teenage children are in high school. "We called ourselves PC Divas so we'd always remember that this is a side venture and that we have families and lives," says Gaynor, laughing. They have about 250 clients, charge $75 an hour, and limit repairs to computers within a 10-minute radius of their homes. A growing part of their business is diagnosing problems remotely -- provided the client has Windows XP. With the client's permission, Gaynor and Luskin use software that lets them see the customer's desktop from their home computer and even control the client's mouse to resolve problems. "We have a client in his 70s who regularly calls to say he can't find a file or that his computer is acting strange," says Luskin. "I connect to his PC while he's sitting in front of it, and I use his cursor to show him what's wrong or where a file is located. It freaks him out a little -- it's like watching a piano play by itself -- but we're on the phone together and he trusts me." Gaynor and Luskin's advice: Review a service contract from a major computer-repair company and use it as a model. Then have a lawyer draw up a tailor-made contract that advises the customer of the risk to his data and limits your responsibility to the agreed-upon repair. It should also specify a time limit to any guarantee of your work. "We make our own schedules; we work only a few hours a day and provide good service," says Gaynor. "We're computer divas."
Saturday, July 7, 2007
zlob
You have a wonderful search engine called Google that you should learn to use. Learn to use the advanced search features. Say search string "zlob". Search on the Web link's and use Groups. Search in Usenet.
I tried to find who wrote the original source code but have not found out yet. This post is also posted to my blog @
http://computersecurityissues.blogspot.com/
zlob is also known as: Zlob.h, Zlob Virus, Zlob Spyware, Zlob Trojan, Trojan.Zlob,
http://www.zlob-removal.com.removal-instructions.com/removezlob.html
It is a backdoor designed to give the attacker remote control over a compromised PC. It changes essential computer settings and modifies certain files. Zlob starts automatically on every Windows startup and hides its activities by injecting code into explorere.exe. It waits for remote connections and allows the attacker to download and install additional software, execute certain commands and manage the entire computer. Zlob can be very dangerous. Use antivirus and malware removal tools in order to get rid of this spyware
YouTube is again being used to distribute malware, this time a variant of the nuisance Zlob adware.
(snapped)
Recommendations
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":
Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched
I tried to find who wrote the original source code but have not found out yet. This post is also posted to my blog @
http://computersecurityissues.blogspot.com/
zlob is also known as: Zlob.h, Zlob Virus, Zlob Spyware, Zlob Trojan, Trojan.Zlob,
http://www.zlob-removal.com.removal-instructions.com/removezlob.html
It is a backdoor designed to give the attacker remote control over a compromised PC. It changes essential computer settings and modifies certain files. Zlob starts automatically on every Windows startup and hides its activities by injecting code into explorere.exe. It waits for remote connections and allows the attacker to download and install additional software, execute certain commands and manage the entire computer. Zlob can be very dangerous. Use antivirus and malware removal tools in order to get rid of this spyware
YouTube is again being used to distribute malware, this time a variant of the nuisance Zlob adware.
(snapped)
Recommendations
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":
Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched
Monday, July 2, 2007
Symantec Report IDs Holes in Vista Kernel Security
Anti-virus market leader Symantec has published its third and final report in a series of studies meant to examine the security improvements being made by Microsoft in early versions of its Vista operating system; while lauding the software maker's efforts to lock down the kernel of the next-generation Windows OS, the security company did find several shortcomings.
ADVERTISEMENT
As with Symantec's two previous reports, researchers at the company dissected portions of the beta versions of Vista already shared with the public by Microsoft.
The earlier reports, which studied networking and account privilege management features of Vista, respectively, broadly questioned Microsoft's ability to execute some of its security-oriented development efforts.
The third report provides mainly positive feedback for the software giant, but still includes a pair of criticisms.
The latest report hands out praise for much of Microsoft's kernel-related work, which includes the addition of driver signing requirements, the company's PatchGaurd anti-patching technology, kernel-mode code integrity checks, optional support for a secure boot mode, and use of restricted user-mode access to a Vista desktop's physical memory.
Symantec observed that there is substantial value in the enhancements, which are largely aimed at preventing unsigned code from being injected into the Vista kernel, and establishing a virtual "chain-of-trust" from the time a Vista PC boots until its applications are launched.
On the whole, the changes will improve security of the Vista kernel "significantly" compared to earlier iterations of the OS, according to the report, even when the Microsoft software is compared to products that have long claimed to be more secure than Windows, including Linux systems or Apple's Mac OS X.
Read more here about Vista security issues.
However, among the positives identified by Symantec, the research report highlighted a pair of perceived shortcomings which could still leave the Vista kernel at risk if exploited.
In both instances, Symantec researchers pointed out flaws in the driver signing technology that Microsoft has added to the kernel.
The most common mechanism for delivering malicious code into the Windows XP kernel is through a driver, typically installed on an end user's machine without his or her knowledge by a Web site or online banner advertisement.
In Vista, all such drivers must be authorized to download via an authorized code signing certificate, which must be provided by a trusted source such as Microsoft or VeriSign.
While the process should eliminate the threat previously posed by malicious drivers aimed at the kernel, as long as Microsoft keeps unauthorized sources from obtaining the certificates, Symantec said that it is possible to disable the driver signing and code integrity capabilities by using binary patches on the operating system's WINLOAD.EXE and CI.DLL files.
The security company said that patching the files at runtime to exploit the issue is quite straightforward, with each file requiring patching at just a single location. And despite the fact that the files are protected by the WRP (Windows Resource Protection), the files can be altered relatively easily, according to the report.
The second issue, revolving around the lack of certificate revocation support in WINLOAD.EXE, can "easily undermine" the advantages of driver signing if the legitimate software publishing certificate of a company is stolen, published or misused by another party, specifically a former or disgruntled employee.
Once the driver signing checks have been disabled, a malicious unsigned driver can be loaded, the researchers said.
However, Symantec pointed out that Microsoft has promised that certificate revocation will be available in the Release Candidate 1 version of the software, due out sometime in early 2007.
ADVERTISEMENT
As with Symantec's two previous reports, researchers at the company dissected portions of the beta versions of Vista already shared with the public by Microsoft.
The earlier reports, which studied networking and account privilege management features of Vista, respectively, broadly questioned Microsoft's ability to execute some of its security-oriented development efforts.
The third report provides mainly positive feedback for the software giant, but still includes a pair of criticisms.
The latest report hands out praise for much of Microsoft's kernel-related work, which includes the addition of driver signing requirements, the company's PatchGaurd anti-patching technology, kernel-mode code integrity checks, optional support for a secure boot mode, and use of restricted user-mode access to a Vista desktop's physical memory.
Symantec observed that there is substantial value in the enhancements, which are largely aimed at preventing unsigned code from being injected into the Vista kernel, and establishing a virtual "chain-of-trust" from the time a Vista PC boots until its applications are launched.
On the whole, the changes will improve security of the Vista kernel "significantly" compared to earlier iterations of the OS, according to the report, even when the Microsoft software is compared to products that have long claimed to be more secure than Windows, including Linux systems or Apple's Mac OS X.
Read more here about Vista security issues.
However, among the positives identified by Symantec, the research report highlighted a pair of perceived shortcomings which could still leave the Vista kernel at risk if exploited.
In both instances, Symantec researchers pointed out flaws in the driver signing technology that Microsoft has added to the kernel.
The most common mechanism for delivering malicious code into the Windows XP kernel is through a driver, typically installed on an end user's machine without his or her knowledge by a Web site or online banner advertisement.
In Vista, all such drivers must be authorized to download via an authorized code signing certificate, which must be provided by a trusted source such as Microsoft or VeriSign.
While the process should eliminate the threat previously posed by malicious drivers aimed at the kernel, as long as Microsoft keeps unauthorized sources from obtaining the certificates, Symantec said that it is possible to disable the driver signing and code integrity capabilities by using binary patches on the operating system's WINLOAD.EXE and CI.DLL files.
The security company said that patching the files at runtime to exploit the issue is quite straightforward, with each file requiring patching at just a single location. And despite the fact that the files are protected by the WRP (Windows Resource Protection), the files can be altered relatively easily, according to the report.
The second issue, revolving around the lack of certificate revocation support in WINLOAD.EXE, can "easily undermine" the advantages of driver signing if the legitimate software publishing certificate of a company is stolen, published or misused by another party, specifically a former or disgruntled employee.
Once the driver signing checks have been disabled, a malicious unsigned driver can be loaded, the researchers said.
However, Symantec pointed out that Microsoft has promised that certificate revocation will be available in the Release Candidate 1 version of the software, due out sometime in early 2007.
Vista Security Issues
Microsoft Vista has just come out these last few month's and all ready as usual security issues are surfacing. A good search on Go-ogle shows where they are occurring and what you can do about them. On the Net there is so much fraud and spamming that security is a major issue. The blog is run to address these issues and any topic on Computer Security Issues
Subscribe to:
Posts (Atom)