Adware
Adware is software that presents banner ads or in pop-up windows through a bar that appears on a computer screen. Those advertising spots usually can't be removed and are consequently always visible. The connection data allow many conclusions on the usage behavior and are problematic in terms of data security.
Backdoors
A backdoor can gain access to a computer by going around the computer access security mechanisms.
A program that is being executed in the background generally enables the attacker almost unlimited rights. User's personal data can be spied with the backdoor's help, but are mainly used to install further computer viruses or worms on the relevant system.
Boot viruses
The boot or master boot sector of hard drives is mainly infected by boot sector viruses. They overwrite important information necessary for the system execution. One of the awkward consequences: the computer system cannot be loaded any more…
Bot-Net
A Bot-Net is collection of softwarre bots, which run autonomously. A Bot-Net can comprise a collection of cracked machines running programs (usually referred to as worms, Trojans) under a common command and control infrastructure. Boot-Nets server various purposes, including Denial-of-service attacks, etc., partly without the affected PC user's knowledge. The main potential of Bot-Nets is that the networks can achieve dimensions on thousands of computers and its bandwidth sum bursts most conventional Internet accesses.
Dialer
A dialer is a computer programm that establishes a connection to the Internet or to another computer network through the telephone line or the digital ISDN network. Fraudsters use dialers to charge users high rates when dialing up to the Internet without their knowledge.
EICAR test file
The EICAR test file is a test pattern that was developed at the European Institute for Computer Antivirus Research for the purpose to test the functions of anti-virus programs. It is a text file which is 68 characters long and its file extension is “.COM” all virus scanners should recognize as virus.
Exploit
An exploit (security gap) is a computer program or script that takes advantage of a bug, glitch or vulnerability leading to privilege escalation or denial of service on a computer system. A form of an exploit for example are attacks from the Internet with the help of manipulated data packages. Programs can be infiltrated in order to obtain higher access.
Grayware
Grayware operates in a way similar to malware, but it is not spread to harm the users directly. It does not affect the system functionality as such. Mostly, information on the patterns of use is collected in order to either sell these data or to place advertisements systematically.
Hoaxes
The users have obtained virus alerts from the Internet for a few years and alerts against viruses in other networks that are supposed to spread via email. These alerts are spread per email with the request that they should be sent to the highest possible number of colleagues and to other users, in order to warn everyone against the "danger".
Honeypot
A honeypot is a service (program or server), which is installed in a network.
It has the function to monitor a network and to protocol attacks. This service is unknown to the legitime user - because of this reason he is never addressed. If an attacker examines a network for the weak points and uses the services which are offered by a Honeypot, it is protocolled and an alert sets off.
Keystroke logging
Keystroke logging is a diagnostic tool used in software development that captures the user's keystrokes. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on certain clerical tasks. Like this, confidential and personal data, such as passwords or PINs, can be spied and sent to other computers via the Internet.
Macro viruses
Macro viruses are small programs that are written in the macro language of an application (e.g. WordBasic under WinWord 6.0) and that can normally only spread within documents of this application. Because of this, they are also called document viruses. In order to be active, they need that the corresponding applications are activated and that one of the infected macros has been executed. Unlike "normal" viruses, macro viruses do consequently not attack executable files but they do attack the documents of the corresponding host-application.
Polymorph viruses
Polymorph viruses are the real masters of disguise. They change their own programming codes - and are therefore very hard to detect.
Program viruses
A computer virus is a program that is capable to attach itself to other programs after being executed and cause an infection. Viruses multiply themselves unlike logic bombs and Trojans. In contrast to a worm, a virus always requires a program as host, where the virus deposits his virulent code. The program execution of the host itself is not changed as a rule.
Script viruses and worms
Such viruses are extremely easy to program and they can spread - if the required technology is on hand - within a few hours via email round the globe.
Script viruses and worms use a script language such as Javascript, VBScript etc. to infiltrate in other new scripts or to spread by activation of operating system functions. This frequently happens via email or through the exchange of files (documents).
A worm is a program that multiplies itself but that does not infect the host. Worms can consequently not form part of other program sequences. Worms are often the only possibility to infiltrate any kind of damaging programs on systems with restrictive security measures.
Spyware
Spyware are so called spy programs that intercept or take partial control of a computer's operation without the user's informed consent. Spyware is designed to expolit infected computers for commerical gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements. AntiVir is able to detect this kind of software with the category "ADSPY" or "adware-spyware".
Trojan horses (short Trojans)
Trojans are pretty common nowadays. We are talking about programs that pretend to have a particular function, but that show their real image after execution and carry out a different function that, in most cases, is destructive. Trojan horses cannot multiply themselves, which differenciates them from viruses and worms. Most of them have an interesting name (SEX.EXE or STARTME.EXE) with the intention to induce the user to start the Trojan. Immediately after execution they become active and can, for example, format the hard drive. A dropper is a special form of Trojan that 'drops' viruses, i.e. embeds viruses on the computer system.
Zombie
A Zombie-PC is a computer that is infected with malware programs and that enables hackers to abuse computers via remote control for criminal purposes. The affected PC, for example, can start Denial-of-Service- (DoS) attacks at command or send spam and phishing emails.
Saturday, March 27, 2010
VIRUS SCIENCE
Wednesday, March 24, 2010
IT SECURITY - BASICS
IT security is an important as well as critical factor in today's business world. However, it's still hard for small and medium-sized businesses to apply the manpower and money to make their security better. Here's a list of the Top 10 items you should check before you even start your security project. As all these have same importance these are not in any particular order.
1. Choose your platforms wisely. Many small businesses had suffered through the recent economic downturn, though business is improving. There couldn't be a better time to retire any remaining Windows 9x devices you're allowing on the network. These computers have absolute no security. Windows 2000 or XP would be a great replacement.
2. Replace your old network equipment by some new one. Perhaps you are one of the few organizations that is still using hubs. If so, you should replace them. They have a low bandwidth as well as they are also a security risk because they allow anyone on the network to easily eavesdrop on sensitive traffic.
3. Patch your Web server. Sure, you have some dedicated IP addresses and computers which are capable of hosting your Web site, but should you really do it? This all depends on the amount of time and effort you can devote to this activity. It is important to know that your Web site is the one thing that attackers can easily find and access. So be sure you update your Web server software regularly. Be sure you are always running the latest versions of software to stay ahead of attackers; otherwise they could use your Web server as a beachhead into your network.
4. Forget about peer-to-peer. Maybe the small satellite office you maintain seems to work fine with a peer-to-peer network. If so then get rid of it! Peer-to-peer networks should not be in any size of business. They lack security and have no centralized control and is a security disaster going to happen.
5. Change default passwords. I am sure some of you are saying, "Everyone changes their passwords!" Well, it's not true. I cannot count the number of security assessments I have performed where unauthorized access was but one password away because the passwords had never been changed. I found some default passwords. If you see your password on this list, please take a few minutes to change it.
6. Enforce a strong password policy. Everyone likes easy passwords, but it is critical to enforce a strong password policy. Microsoft makes a free tool called Passprop, which makes configuring strong password policies.
7. Educate your employees. If you can't afford this year's newest security gizmo, if so then no problem. Many network security breaches are human-based so just spend extra time educating your employees on the importance of IT security. This process should start the day an employee is hired and continue throughout his/her employment. Contests, newsletters, tips and policy reminders are all easy ways to get the message out that security is everyone's job.
8. Think about total security. I wish I could tell you that security is something that can be done and then forgotten about, but this is not the case. Security is a process, not a product. Practice really makes one perfect or at least very close to perfect!
9. It is not just the outsiders. While you may have installed a firewall or other border device to keep the bad guys out, just remember that firewalls only secure the perimeter. The best approach is "defense in depth." One idea is to install host-based firewalls on internal devices.
10. Beware of the cleaning crew. It is unfortunate but true, that once everyone has gone home, the lingering employees and other after-hours crews are sometimes overlooked as being security threats. These people usually have full access to the facility and are aware that not many people are around. Don’t think that they cannot do anything.
1. Choose your platforms wisely. Many small businesses had suffered through the recent economic downturn, though business is improving. There couldn't be a better time to retire any remaining Windows 9x devices you're allowing on the network. These computers have absolute no security. Windows 2000 or XP would be a great replacement.
2. Replace your old network equipment by some new one. Perhaps you are one of the few organizations that is still using hubs. If so, you should replace them. They have a low bandwidth as well as they are also a security risk because they allow anyone on the network to easily eavesdrop on sensitive traffic.
3. Patch your Web server. Sure, you have some dedicated IP addresses and computers which are capable of hosting your Web site, but should you really do it? This all depends on the amount of time and effort you can devote to this activity. It is important to know that your Web site is the one thing that attackers can easily find and access. So be sure you update your Web server software regularly. Be sure you are always running the latest versions of software to stay ahead of attackers; otherwise they could use your Web server as a beachhead into your network.
4. Forget about peer-to-peer. Maybe the small satellite office you maintain seems to work fine with a peer-to-peer network. If so then get rid of it! Peer-to-peer networks should not be in any size of business. They lack security and have no centralized control and is a security disaster going to happen.
5. Change default passwords. I am sure some of you are saying, "Everyone changes their passwords!" Well, it's not true. I cannot count the number of security assessments I have performed where unauthorized access was but one password away because the passwords had never been changed. I found some default passwords. If you see your password on this list, please take a few minutes to change it.
6. Enforce a strong password policy. Everyone likes easy passwords, but it is critical to enforce a strong password policy. Microsoft makes a free tool called Passprop, which makes configuring strong password policies.
7. Educate your employees. If you can't afford this year's newest security gizmo, if so then no problem. Many network security breaches are human-based so just spend extra time educating your employees on the importance of IT security. This process should start the day an employee is hired and continue throughout his/her employment. Contests, newsletters, tips and policy reminders are all easy ways to get the message out that security is everyone's job.
8. Think about total security. I wish I could tell you that security is something that can be done and then forgotten about, but this is not the case. Security is a process, not a product. Practice really makes one perfect or at least very close to perfect!
9. It is not just the outsiders. While you may have installed a firewall or other border device to keep the bad guys out, just remember that firewalls only secure the perimeter. The best approach is "defense in depth." One idea is to install host-based firewalls on internal devices.
10. Beware of the cleaning crew. It is unfortunate but true, that once everyone has gone home, the lingering employees and other after-hours crews are sometimes overlooked as being security threats. These people usually have full access to the facility and are aware that not many people are around. Don’t think that they cannot do anything.
Sunday, March 21, 2010
WINDOWS XP HIDDEN APPLICATIONS
After a week long exam i am back to my blog. hope you will read this.To run any of these apps go to Start > Run and type the executable name (ie charmap).
WINDOWS XP HIDDEN APPS:
=========================================
1) Character Map = charmap.exe (very useful for finding unusual characters)
2) Disk Cleanup = cleanmgr.exe
3) Clipboard Viewer = clipbrd.exe (views contents of Windows clipboard)
4) Dr Watson = drwtsn32.exe (Troubleshooting tool)
5) DirectX diagnosis = dxdiag.exe (Diagnose & test DirectX, video & sound cards)
6) Private character editor = eudcedit.exe (allows creation or modification of characters)
7) IExpress Wizard = iexpress.exe (Create self-extracting / self-installing package)
8) Microsoft Synchronization Manager = mobsync.exe (appears to allow synchronization of files on the network for when working offline. Apparently undocumented).
9) Windows Media Player 5.1 = mplay32.exe (Retro version of Media Player, very basic).
10) ODBC Data Source Administrator = odbcad32.exe (something to do with databases)
11) Object Packager = packager.exe (to do with packaging objects for insertion in files, appears to have comprehensive help files).
12) System Monitor = perfmon.exe (very useful, highly configurable tool, tells you everything you ever wanted to know about any aspect of PC performance, for uber-geeks only )
13) Program Manager = progman.exe (Legacy Windows 3.x desktop shell).
14) Remote Access phone book = rasphone.exe (documentation is virtually non-existant).
15) Registry Editor = regedt32.exe [also regedit.exe] (for hacking the Windows Registry).
16) Network shared folder wizard = shrpubw.exe (creates shared folders on network).
17) File siganture verification tool = sigverif.exe
18) Volume Contro = sndvol32.exe (I've included this for those people that lose it from the System Notification area).
19) System Configuration Editor = sysedit.exe (modify System.ini & Win.ini just like in Win98! ).
20) Syskey = syskey.exe (Secures XP Account database - use with care, it's virtually undocumented but it appears to encrypt all passwords, I'm not sure of the full implications).
21) Microsoft Telnet Client = telnet.exe
22) Driver Verifier Manager = verifier.exe (seems to be a utility for monitoring the actions of drivers, might be useful for people having driver problems. Undocumented).
23) Windows for Workgroups Chat = winchat.exe (appears to be an old NT utility to allow chat sessions over a LAN, help files available).
24) System configuration = msconfig.exe (can use to control starup programs)
25) gpedit.msc used to manage group policies, and permissions.
WINDOWS XP HIDDEN APPS:
=========================================
1) Character Map = charmap.exe (very useful for finding unusual characters)
2) Disk Cleanup = cleanmgr.exe
3) Clipboard Viewer = clipbrd.exe (views contents of Windows clipboard)
4) Dr Watson = drwtsn32.exe (Troubleshooting tool)
5) DirectX diagnosis = dxdiag.exe (Diagnose & test DirectX, video & sound cards)
6) Private character editor = eudcedit.exe (allows creation or modification of characters)
7) IExpress Wizard = iexpress.exe (Create self-extracting / self-installing package)
8) Microsoft Synchronization Manager = mobsync.exe (appears to allow synchronization of files on the network for when working offline. Apparently undocumented).
9) Windows Media Player 5.1 = mplay32.exe (Retro version of Media Player, very basic).
10) ODBC Data Source Administrator = odbcad32.exe (something to do with databases)
11) Object Packager = packager.exe (to do with packaging objects for insertion in files, appears to have comprehensive help files).
12) System Monitor = perfmon.exe (very useful, highly configurable tool, tells you everything you ever wanted to know about any aspect of PC performance, for uber-geeks only )
13) Program Manager = progman.exe (Legacy Windows 3.x desktop shell).
14) Remote Access phone book = rasphone.exe (documentation is virtually non-existant).
15) Registry Editor = regedt32.exe [also regedit.exe] (for hacking the Windows Registry).
16) Network shared folder wizard = shrpubw.exe (creates shared folders on network).
17) File siganture verification tool = sigverif.exe
18) Volume Contro = sndvol32.exe (I've included this for those people that lose it from the System Notification area).
19) System Configuration Editor = sysedit.exe (modify System.ini & Win.ini just like in Win98! ).
20) Syskey = syskey.exe (Secures XP Account database - use with care, it's virtually undocumented but it appears to encrypt all passwords, I'm not sure of the full implications).
21) Microsoft Telnet Client = telnet.exe
22) Driver Verifier Manager = verifier.exe (seems to be a utility for monitoring the actions of drivers, might be useful for people having driver problems. Undocumented).
23) Windows for Workgroups Chat = winchat.exe (appears to be an old NT utility to allow chat sessions over a LAN, help files available).
24) System configuration = msconfig.exe (can use to control starup programs)
25) gpedit.msc used to manage group policies, and permissions.
Saturday, March 13, 2010
WANNA CHANGE TEXT IN XP START BUTTON
Step 1 - Modify Explorer.exe File
In order to make the changes, the file explorer.exe located at C:\Windows needs to be edited. Since explorer.exe is a binary file it requires a special editor. For purposes of this article I have used Resource Hacker. Resource HackerTM is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Microsoft Windows 95/98/ME, Windows NT, Windows 2000 and Windows XP operating systems.
Get this from h**p://delphi.icm.edu.pl/ftp/tools/ResHack.zip
Tuesday, March 09, 2010
KNOW WINDOWS SHORTCUTS
Getting used to using your keyboard exclusively and leaving your Getting used to using your keyboard exclusively and leaving your mouse behind will make you much more efficient at performing any task on any Windows system. I use the following keyboard shortcuts every day:
Windows key + R = Run menu
This is usually followed by:
cmd = Command Prompt
iexplore + "web address" = Internet Explorer
compmgmt.msc = Computer Management
dhcpmgmt.msc = DHCP Management
dnsmgmt.msc = DNS Management
services.msc = Services
eventvwr = Event Viewer
dsa.msc = Active Directory Users and Computers
dssite.msc = Active Directory Sites and Services
Windows key + E = Explorer
ALT + Tab = Switch between windows
ALT, Space, X = Maximize window
CTRL + Shift + Esc = Task Manager
Windows key + Break = System properties
Windows key + F = Search
Windows key + D = Hide/Display all windows
CTRL + C = copy
CTRL + X = cut
CTRL + V = paste
Also don't forget about the "Right-click" key next to the right Windows key on your keyboard. Using the arrows and that key can get just about anything done once you've opened up any program.
Keyboard Shortcuts
[Alt] and [Esc] Switch between running applications
[Alt] and letter Select menu item by underlined letter
[Ctrl] and [Esc] Open Program Menu
[Ctrl] and [F4] Close active document or group windows (does not work with some applications)
[Alt] and [F4] Quit active application or close current window
[Alt] and [-] Open Control menu for active document
Ctrl] Lft., Rt. arrow Move cursor forward or back one word
Ctrl] Up, Down arrow Move cursor forward or back one paragraph
[F1] Open Help for active application
Windows+M Minimize all open windows
Shift+Windows+M Undo minimize all open windows
Windows+F1 Open Windows Help
Windows+Tab Cycle through the Taskbar buttons
Windows+Break Open the System Properties dialog box
acessability shortcuts
Right SHIFT for eight seconds........ Switch FilterKeys on and off.
Left ALT +left SHIFT +PRINT SCREEN....... Switch High Contrast on and off.
Left ALT +left SHIFT +NUM LOCK....... Switch MouseKeys on and off.
SHIFT....... five times Switch StickyKeys on and off.
NUM LOCK...... for five seconds Switch ToggleKeys on and off.
explorer shortcuts
END....... Display the bottom of the active window.
HOME....... Display the top of the active window.
NUM LOCK+ASTERISK....... on numeric keypad (*) Display all subfolders under the selected folder.
NUM LOCK+PLUS SIGN....... on numeric keypad (+) Display the contents of the selected folder.
NUM LOCK+MINUS SIGN....... on numeric keypad (-) Collapse the selected folder.
LEFT ARROW...... Collapse current selection if it's expanded, or select parent folder.
RIGHT ARROW....... Display current selection if it's collapsed, or select first subfolder.
Type the following commands in your Run Box (Windows Key + R) or Start Run
devmgmt.msc = Device Manager
msinfo32 = System Information
cleanmgr = Disk Cleanup
ntbackup = Backup or Restore Wizard (Windows Backup Utility)
mmc = Microsoft Management Console
excel = Microsoft Excel (If Installed)
msaccess = Microsoft Access (If Installed)
powerpnt = Microsoft PowerPoint (If Installed)
winword = Microsoft Word (If Installed)
frontpg = Microsoft FrontPage (If Installed)
notepad = Notepad
wordpad = WordPad
calc = Calculator
msmsgs = Windows Messenger
mspaint = Microsoft Paint
wmplayer = Windows Media Player
rstrui = System Restore
netscp6 = Netscape 6.x
netscp = Netscape 7.x
netscape = Netscape 4.x
waol = America Online
control = Opens the Control Panel
control printers = Opens the Printers Dialog
internetbrowser
type in u're adress "google", then press [Right CTRL] and [Enter]
add www. and .com to word and go to it
For Windows XP:
Copy. CTRL+C
Cut. CTRL+X
Paste. CTRL+V
Undo. CTRL+Z
Delete. DELETE
Delete selected item permanently without placing the item in the Recycle Bin. SHIFT+DELETE
Copy selected item. CTRL while dragging an item
Create shortcut to selected item. CTRL+SHIFT while dragging an item
Rename selected item. F2
Move the insertion point to the beginning of the next word. CTRL+RIGHT ARROW
Move the insertion point to the beginning of the previous word. CTRL+LEFT ARROW
Move the insertion point to the beginning of the next paragraph. CTRL+DOWN ARROW
Move the insertion point to the beginning of the previous paragraph. CTRL+UP ARROW
Highlight a block of text. CTRL+SHIFT with any of the arrow keys
Select more than one item in a window or on the desktop, or select text within a document. SHIFT with any of the arrow keys
Select all. CTRL+A
Search for a file or folder. F3
View properties for the selected item. ALT+ENTER
Close the active item, or quit the active program. ALT+F4
Opens the shortcut menu for the active window. ALT+SPACEBAR
Close the active document in programs that allow you to have multiple documents open simultaneously. CTRL+F4
Switch between open items. ALT+TAB
Cycle through items in the order they were opened. ALT+ESC
Cycle through screen elements in a window or on the desktop. F6
Display the Address bar list in My Computer or Windows Explorer. F4
Display the shortcut menu for the selected item. SHIFT+F10
Display the System menu for the active window. ALT+SPACEBAR
Display the Start menu. CTRL+ESC
Display the corresponding menu. ALT+Underlined letter in a menu name
Carry out the corresponding command. Underlined letter in a command name on an open menu
Activate the menu bar in the active program. F10
Open the next menu to the right, or open a submenu. RIGHT ARROW
Open the next menu to the left, or close a submenu. LEFT ARROW
Refresh the active window. F5
View the folder one level up in My Computer or Windows Explorer. BACKSPACE
Cancel the current task. ESC
SHIFT when you insert a CD into the CD-ROM drive Prevent the CD from automatically playing.
Use these keyboard shortcuts for dialog boxes:
To Press
Move forward through tabs. CTRL+TAB
Move backward through tabs. CTRL+SHIFT+TAB
Move forward through options. TAB
Move backward through options. SHIFT+TAB
Carry out the corresponding command or select the corresponding option. ALT+Underlined letter
Carry out the command for the active option or button. ENTER
Select or clear the check box if the active option is a check box. SPACEBAR
Select a button if the active option is a group of option buttons. Arrow keys
Display Help. F1
Display the items in the active list. F4
Open a folder one level up if a folder is selected in the Save As or Open dialog box. BACKSPACE
If you have a Microsoft Natural Keyboard, or any other compatible keyboard that includes the Windows logo key and the Application key , you can use these keyboard shortcuts:
Display or hide the Start menu. WIN Key
Display the System Properties dialog box. WIN Key+BREAK
Show the desktop. WIN Key+D
Minimize all windows. WIN Key+M
Restores minimized windows. WIN Key+Shift+M
Open My Computer. WIN Key+E
Search for a file or folder. WIN Key+F
Search for computers. CTRL+WIN Key+F
Display Windows Help. WIN Key+F1
Lock your computer if you are connected to a network domain, or switch users if you are not connected to a network domain. WIN Key+ L
Open the Run dialog box. WIN Key+R
Open Utility Manager. WIN Key+U
accessibility keyboard shortcuts:
Switch FilterKeys on and off. Right SHIFT for eight seconds
Switch High Contrast on and off. Left ALT+left SHIFT+PRINT SCREEN
Switch MouseKeys on and off. Left ALT +left SHIFT +NUM LOCK
Switch StickyKeys on and off. SHIFT five times
Switch ToggleKeys on and off. NUM LOCK for five seconds
Open Utility Manager. WIN Key+U
shortcuts you can use with Windows Explorer:
Display the bottom of the active window. END
Display the top of the active window. HOME
Display all subfolders under the selected folder. NUM LOCK+ASTERISK on numeric keypad (*)
Display the contents of the selected folder. NUM LOCK+PLUS SIGN on numeric keypad (+)
Collapse the selected folder. NUM LOCK+MINUS SIGN on numeric keypad (-)
Collapse current selection if it's expanded, or select parent folder. LEFT ARROW
Display current selection if it's collapsed, or select first subfolder. RIGHT ARROW
Subscribe to:
Posts (Atom)