A view from the technical underground
RSS icon Home icon
  • Armour while fighting the internet deamons

    Posted on July 11th, 2010 admin No comments

    After the virus cleaning last weekend I wanted to find a more updateable media than constantly burning new CDs and throwing away the obsolete when the AV is worthless when new viruses come out (new viruses (no it’s not virii!) are always coming out) doesn’t seem environmental or convenient. So my favourite online store, Newegg has exactly what I was looking for: A read-write selectable thumb drive. 8gbs is more than enough for a disinfectant kit (usually a mix of Avast, Avira, Malwarebytes and Combofix gets rid of the bulk of viruses. Update at home, throw the switch and it’s read-only and insert into the USB port with confidence!

    Microsoft looks like they are getting ready to put McAfee and Symantec out of business, they already have security essentials out (and it is really good!), but now they are coming out with a complete package called InTune, not public yet but it will be one-stop protection up to a corporate level! Personally I am not a huge fan of either McAfee or Symantec; They are probably responsible of more infections than they have cured, I mean they pay Dell, Acer (insert PC manufacturer here) to put their nag-ware software on new machines, then at the end of a year they nag the user that they have to buy AV software that they think they already did with their now year old PC and then when they expire, they just stop protecting the system, not only from new viruses and even the old ones! That and they are charging people for AV software that bettered by free software readily available! Nah, it’s time for Microsoft to just ship antivirus with their OS.

  • Ah for a quiet weekend…

    Posted on July 4th, 2010 admin No comments

    Working in the finance security I am looking forward to a quiet 4th of July with my own projects to work on:

    Re-casing my E-71 Nokia, does everything I need, has the right apps (turn by turn GPS, Verisign passcoding and everything) and a battery life in weeks, I am not sure what all the hub-bub of iPhone 4s is all about. Picked up a cheap white keyboard and dark case off Ebay a while back to dress-up my constant companion.

    Also my local ISP offered me 6months at 40d/20u DSL2 speeds for less than I was spending on my 20d/5u. My poor old Linksys WRT54GS 2.1 with dd-wrt firmware wasn’t able to keep up.

    So I was looking at the new crop of Netgear N rounters, but they all have firmware issues and even with dd-wrt firmwares, they still have config issues…what to do!?!?

    Well a peer in my dept put me on to loading up a Soekris box with a a Free or Open BSD OS, (choosing between Monowall or PFsense) secure, solid and very low power usage. Funny, when I was webmaster at Intel, I had a BSDI proxy/firewall that was the size of my front door, now the same power fit in the palm of my hand (board, the case is a bit better). Soekris as makes a sub-board called a 1401 that does VPN (A “Virtural Private Network” tunnel that goes through the internet), to keep script kiddies and pineapple routers from reading my private email in my local coffeehouse.

    But instead I got to enjoy my first day fighting a virus at one of the local art galleries I support technically. I’ve seen this one on a few newbies and novice computer users systems. It’s the sysinternals anti-malware(Contrary to name, it itself is a virus/malware), first the user gets a pop-up that says their computer is infected, if they click on it in any way, even to close it triggers a package and loads up on the system with “Scareware” saying everything is infected and then extorts money out of the user (and probably steals the credit card number) to get rid of fake viruses it’s planting itself.

    A few ways to avoid it, A good virus scanner and don’t use IE. AND DON’T click on pop-ups. Kill the browser session and reload!

    Actually if you use Firefox and aren’t in an IE Tab session, you should be ok, if you are in an IE tab session, just close the tab.

    How to get rid of it is tricky, depending on version, it sets up a fault proxy to block your browsers, it sets up a new home page in IE to direct your browser on opening to get you re-infected, it hides itself as svhost (a system file), it sets up registry links to reload itself if removed and puts itself in the registry so if you do remove it, Windows forgets what an EXE is.

    It also sets up a group policy to block from the system being able to use Microsoft Update. Insidious is an understatement.

    A few evenings and 4 hours yesterday with a mixture of hijackthis, Trinity and the Ultimate boot Disk 3.5, Avira, Avast and Malwarebytes and I think the system is fixed. But to honest, I never feel I can trust a system once infected, if given the choice I would recommend saving whatever data files you need and doing a complete re-install.

    We’ll see. Of course the gallery can’t pay me. Art isn’t selling these days but hopefully it will all come out evenly in the wash and there is one less infected on the net…

    Hopefully the rest of my weekend is quieter…