Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Softpanorama Malware Protection Bulletin, 2008

Malware 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010
2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Nov 19, 2008] Microsoft To Offer Free Security Software By Paul McDougall

"[Free] Morro will replace the subscription Windows Live OneCare service starting next year. "

November 19, 2008 | InformationWeek

Microsoft (NSDQ: MSFT) on Tuesday said it plans to kill off its Windows Live OneCare subscription security service in favor of a free offering that will feature a core of essential anti-malware tools while excluding peripheral services, such as PC tune up programs, found in OneCare.

The move could help the software maker extend its footprint in the low-cost PC market, but it might also catch the eye of trustbusters.

As a streamlined offering, Microsoft said the new service-presently code-named Morro-will be suitable for use on low-cost, low-powered Netbooks that are growing in popularity in emerging markets and in some segments of the North American computer market.

"This new, no-cost offering will give us the ability to protect an even greater number of consumers, especially in markets where the growth of new PC purchases is outpaced only by the growth of malware," said Amy Barzdukas, Microsoft's senior product manager for Online Services and Windows, in a statement.

The definition of malware covers a range of computer threats, including viruses, spyware, rootkits and trojans. Hackers, many of them connected to organized crime, often use such tools to extract sensitive data such as bank account numbers and passwords from users' PCs.

Microsoft said it will launch Morro in June of 2009, at which time it will discontinue the $49.95 per year OneCare service. Morro will be compatible with Windows XP, Windows Vista and the forthcoming Windows 7 operating systems, the company said.

[Jun 6, 2008] Spear-phishing attacks have hooked 15,000, says VeriSign - Network World

Two groups of criminals have stolen data from an estimated 15,000 victims over the past 15 months, using targeted "spear-phishing" e-mail attacks (Compare Messaging Security products), according to researchers at VeriSign.

VeriSign has tracked 66 of these attacks since February 2007 and believes that two shadowy crime groups are behind 95% of the incidents.

Don't Miss!Read the latest WhitePaper - Steps for a Successful Exchange Migration

Unlike traditional phishing attacks, which are sent to millions in hopes of luring some victims to fake Web sites, spear-phishing e-mails contain personal information, such as the name of the victim or his employer's name to make them appear legitimate. In the attacks tracked by VeriSign, victims are tricked into visiting malicious Web sites or opening malicious attachments, which then give attackers a back door onto their PCs so they can steal information.

After tinkering with their attack techniques in the first few months of 2007, the spear-phishers appear to be stepping up their campaigns.

Attacks have spiked over the past two months, said Matthew Richard, director of VeriSign's iDefense Rapid Response Team. "The bad guys have really fine-tuned both the delivery methods... as well as their use of the data," he said. "All the e-mails target businesses in some form or another. "

In April, they launched their most successful spear-phish to date. A targeted e-mailing was sent to corporate executives, informing them that they had been sued. This attack worked well because it was novel, Richard said. "The subpoena one really took people off guard," he said. "Especially at the executive level. That fear of litigation certainly scared people."

In May, over 2,000 victims were compromised with spear-phish e-mails claiming to come from the U.S. Internal Revenue Service, the United States Tax Court, and the Better Business Bureau, according to VeriSign.

VeriSign does not expect the spear-phishers to give up anytime soon."Now that they have developed this well-tuned system, they will just keep doing it over and over again" Richard said (Compare Patch and Vulnerability Management products).

[Jun 6, 2008] New crypto virus a looming threat

Network World

The emergence of a variant on a virus that encrypts the victim's data with a strong 1,024-bit algorithm so the victim can't unscramble it without paying a ransom has begun to spread, potentially posing a major threat, according to the antimalware firm which discovered it.

Windows SteadyState Disk and System Protection

Useful for daily sessions: complete protection from malware for a day.

Undo your worries with Windows Disk Protection

Windows Disk Protection keeps everything on the Windows disk partition from being permanently changed by users. This means every change made during a user session can easily be undone and the computer returned to its original state.

Create a consistent experience

On a shared computer, the goal is to create a consistent, uniform environment for all users. They should not be able to modify or corrupt the system. However, activities performed during a user session cause many changes to the operating system partition. Program files are created, modified, and deleted. The operating system also updates system information as part of its normal operation.

Windows Disk Protection clears all changes to the operating system partition whenever you restart the computer-or at whatever interval you specify.

How Windows Disk Protection works

When disk protection is turned on, it creates a cache file to retain all the modifications to the operating system or program directories. Histories, saved files, and logs are all stored in this cache file which has been created on a special partition of the system drive. At intervals you designate, Windows SteadyState deletes the contents of the cache and restores the system to the state in which disk protection was first turned on.

Set it and forget it

Choose the disk protection level that fits how your computer is used and whether or not your users need to save data for a specific length of time.

Use Windows Disk Protection, Try&Decide or ShadowMode to secure your PC by Donna Buenaventura

Jul 4, 2008

Malware infection and unwanted system changes are the biggest concerns by organizations and individuals. It's easy to be infected nowadays if the anti-virus' real-time protection failed to detect malicious behavior while a user is surfing or installing unknown programs. It's also easy to have unusable system if an update or software installation contains bugs or incompatibility with existing applications.

The above problems will be solved by using ShadowMode, Try&Decide or Windows Disk Protection. For screenshots, please refer to below images.

1. ShadowMode feature in ShadowSurfer, ShadowUser and ShadowServer

StorageCraft's ShadowServer, ShadowSurfer and ShadowUser include a feature called ShadowMode. ShadowMode will create a virtual volume so you can run your PC or server in a virtual state. Unwanted changes or malware infection will not affect the system if ShadowMode is enabled. If you will install software, updates or make a major change on the system but later realize that it is not what you like or the update has unknown or known issues, you can simply end the ShadowMode session and go back to the previous system state.

ShadowSurfer and ShadowUser are compatible on Windows 2000 and XP systems. Vista system is not supported yet at the time of this writing. ShadowServer will run on 2000 and 2003 editions of Windows Server. You can commit the changes on files, folder or entire system; continue a ShadowMode session across reboots; schedule automatic reset of the computer to previous state and schedule to enable or disable a ShadowMode session if you will use ShadowUser and ShadowServer.

The Old New Thing Windows 95 almost had floppy insertion detection but the training cost was prohibitive

Boot viruses died around this time, anyway

One feature which Windows 95 almost had was floppy disk insertion detection. In other words, Windows 95 almost had the ability to detect when a floppy disk was present in the drive without spinning up the drive.

The person responsible for Windows 95's 32-bit floppy driver studied the floppy drive hardware specification and spotted an opportunity. Working through the details of the specification revealed that, yes, if you issued just the right extremely clever sequence of commands, you could determine whether a disk was in the floppy drive without spinning up the drive. But there was a catch.

The floppy drive hardware specification left one aspect of the drive behavior unspecified, and studying the schematics for various floppy drive units revealed that about half of the floppy drive vendors chose to implement it one way, and half the other way. Here's the matrix:

Floppy Style Disk present Disk absent
"A" 1 0
"B" 0 1

The results were completely reliable within each "style" of floppy drive, but the two styles produce exactly opposite results. If you knew which style of drive you had, then the results were meaningful, but the hard part was deciding which style of drive the user had.

One idea was to have an additional "training" step built into Setup:

Once the disk was in, we could run the algorithm and see whether it returned 0 or 1; that would tell us which style of floppy drive we had.

Unfortunately, this plan fell short for many reasons. First of all, a user who bought a computer with Windows 95 preinstalled would have bypassed the training session. You can't trust the OEM to have gone through the training, because OEMs change suppliers constantly depending on who gave them the best deal that week, and it's entirely likely that on the floor of the warehouse are a mix of both styles of floppy drive. And you certainly don't want to make the user go through this training session when they unpack their computer on Christmas morning. "Thank you for using Window 95. Before we begin, please insert a floppy disk in drive A:." You can't just try to figure out what type of drive the user has by comparing the clever technique against the boring "turn on the floppy drive light and make grinding noises" technique, at least not without displaying a warning to the user that you're about to do this-users tend to freak out when the floppy drive light turns on for no apparent reason. "Thank you for using Windows 95. Before we begin, I'm going to turn on your floppy drive light and make grinding noises. Press OK."

Floppy disk insertion detection is not a sufficiently compelling feature that users will say, "I appreciate the benefit of going through this exercise."

Sadly, floppy insertion detection had to be abandoned. It was one of those almost-features.

Published Thursday, April 02, 2009 7:00 AM by oldnewthing

Recommended Links

Softpanorama hot topic of the month

Softpanorama Recommended

...



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: September, 19, 2017