rootkits « WordPress.com Tag Feed

Can You Trust Search Engine Results? - Maybe Not

billmullins — Thu, 03 Jul 2008 17:07:08 +0000

Since many of us now have access to GPS, finding the way to Grandma’s house (if you’re Little Red Riding Hood) has never been easier. Not many of us would question the output of a GPS inquiry since it is a technology we are familiar and comfortable with.

An even more familiar technology to the seasoned web surfer is the Internet search engine, and just like most familiar technologies we comfortable with, we are not likely to question a search engines output.

Web of Trust Warning Screen

The question is though, should we question the output? How sure are we that the results are untainted and free of potential harmful exposure to malware or worst?

Recent comments on this issue in Panda Security’s Oxygen 3 E-bulletin on IT security, indicates that Cyber-crooks continue to be unrelenting in their chase to infect web search results. According to Panda “there is a steady increase in the use of custom-built websites designed to drop malicious code on computers, or even the manipulation of legitimate pages in order to infect users with malware.”

PandaLabs maintains that cyber-crooks have begun to opt for a new technique: the manipulation of search engine results, or seeding websites among the top results returned by these engines. When a potential victim visits one of these sites the likelihood of the downloading of malicious code onto the computer by exploiting existing vulnerabilities is high.

Let’s take, as an example, a typical user running a search for “great vacation spots” on one of the popular search engines. Unknown to the user, the search engine returns a malicious or compromised web page as one of the most popular sites. Users with less than complete Internet security who visit this page will have an extremely high chance of becoming infected.

There are a number of ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate. In the example mentioned earlier, the web page would appear to be a typical page offering great vacation spots.

One more common method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

Unfortunately, since Cyber-crooks are relentless in their pursuit of your money, and in the worst case scenario your identity, you can be sure that additional threats are being developed or are currently being deployed.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

As I have pointed out in the past on this Blog, the following are actions you can take to protect your computer system, your money and your identity:

Install an Internet Browser add-on such as WOT (my personal favorite), which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams
Don’t open unknown email attachments
Don’t run programs of unknown origin
Disable hidden filename extensions
Keep all applications (including your operating system) patched
Turn off your computer or disconnect from the network when not in use
Disable Java, JavaScript, and ActiveX if possible
Disable scripting features in email programs
Make regular backups of critical data
Make a boot disk in case your computer is damaged or compromised
Turn off file and printer sharing on the computer
Install a personal firewall on the computer
Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
Ensure the anti-virus software scans all e-mail attachments
Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The free software listed below, in my view, provides better than average malware protection.

avast! 4 Home Edition

This anti virus app is a real fighter, scanning files on demand and on access, including email attachments. Let’s you know when it detects mal-ware through its shield function. An important feature is a boot-time scan option which removes mal-ware that can’t be removed any other way.

AVG Anti-Virus Free Edition 8.0.1

Similarly, this program scans files on access, on demand, and on schedule. Scans email; incoming and outgoing. For those on Vista, your in luck, it’s Vista-ready. I have been using this application since its release and it now forms part of my front line defenses. I recommend this one highly.

Ad-Aware 2007

In my view, Ad-Aware 2007 Free is the best free spyware and adware remover available. It does a relatively good job of protecting against known data-mining, Trojans, dialers, malware, browser hijackers and tracking components. The only downside with the free version; real-time protection is not included.

ThreatFire 3

ThreatFire 3 blocks mal-ware, including zero-day threats, by analyzing program behavior and it does a stellar job. Again, this is one of the security applications that forms part of my front line defenses. I have found it to have high success rate at blocking mal-ware based on analysis of behavior. Highly recommend this one!

Comodo Firewall Pro

The definitive free firewall, Comodo Firewall protects your system by defeating hackers and restricting unauthorized programs from accessing the Internet. I have been using this application for 6 months and I continue to feel very secure. It resists being forcibly terminated and it works as well, or better, than any firewall I’ve paid for. This is one I highly recommend. Amazing that it’s free!

WinPatrol

Do you want to get a better understanding of what programs are being added to your computer? Then WinPatrol is the program for you. With WinPatrol, in your system tray, you can monitor system areas that are often changed by malicious programs. You can monitor your startup programs and services, cookies and current tasks. Should you need to, WinPatrol allows you to terminate processes and enable, or disable, startup programs. There are additional features that make WinPatrol a very powerful addition to your security applications.

Sandboxie

Surfing the Internet without using Sandboxie is, to me, like jumping out of an airplane without a parachute. Deadly! This application creates a “Sandboxed” protected environment on your machine within which you browse the net. Data that is written to your hard drive is simply eliminated, (or not, your choice), when the sandbox is closed. Utilizing this application allows you to surf the web without the risk of infecting your system with mal-ware or other nasties. This is another security application I have been using for over 6 months and it has yet to let me down. Highly recommended.

Snoop Free Privacy Shield

Snoop Free Privacy Shield is a powerful application that guards your keyboard, screen and open windows from all spy software. If you’re serious about privacy, this is a must have addition to your security toolbox. Unfortunately this application does not operate under Vista.

Ferramentas de remoção de Rootkits

Antivírus Brasil — Thu, 26 Jun 2008 13:07:59 +0000

Ferramentas de remoção de Rootkits

Os rootkits são uma das pragas mais incômodas que um usuário pode adquirir. Além de comprometerem criticamente o desempenho do sistema, permanecem ocultos e geralmente não se deixam vencer por programas antivírus. Apesar de muitos desenvolvedores de softwares de segurança embutirem mecanismos para a detecção deles, a melhor solução ainda é o uso de programas específicos para tratar esse tipo de infecção, como o McAfee Rootkit Detective, AVG Anti-Rootkit .

São um tipo de vírus diferente. Receberam esse nome por serem um kit com vários aplicativos juntos em apenas um arquivo, que se instala no sistema de tal forma a obter acesso a todo ele; por isso Root, que é o nome dado ao usuário que tem controle total sobre o sistema (também conhecido como administrador).

Essas suítes de softwares maléficos, sempre que acessadas (seja pelo usuário ou pelo escaneamento do antivírus), interceptam o pacote de informações capturado e retiram dali os dados que o identificam como um vírus. Usando essa artimanha, o rootkit não pode ser reconhecido por nenhum antivírus convencional.

Prevenindo-se:

Utilize contas de usuários limitadas no Windows, as quais restringem o uso de alguns recursos do sistema que o rootkits utilizam para se instalar.

Seja cauteloso ao baixar arquivos em redes P2P (peer-to-peer), local onde eles geralmente são distribuídos.

Mantenha seu sistema atualizado. Sempre que disponível, instale as atualizações do Windows, pois elas vêm com correções para falhas de segurança que, se não corrigidas, podem ser usadas para a introdução do rootkit no sistema.

Não utilize programas do tipo cracks, pois além de ilegais, são os principais hospedeiros destas pragas. Além disso, sites que hospedam programas assim, comumente possuem códigos maliciosos que prejudicam seu computador ao serem acessados.Infelizmente, ainda não há programas que previnam este mal, porém se o seu computador estiver se comportando de forma irregular sem motivo, mesmo após a utilização de antívirus e limpadores de registro, não perca tempo em escaneá-lo com o Panda Anti-Rootkit, pois o quanto antes detectado, melhor!

Diga adeus aos rootkits!

O programa atua vasculhando o sistema atrás de entradas do registro e processos ocultos — principal forma de manifestação dos rootkits. Em seguida, ele relata os itens encontrados em uma lista, da qual você pode remover processos suspeitos ou renomear valores e entradas incoerentes. Como é de se perceber, o uso do McAfee Rootkit Detective requer experiência no assunto, pois o uso inadequado desta ferramenta pode inutilizar o sistema.

___________________________________________________________________________________________

O Panda Anti-Rootkit é uma ferramenta leve e funcional para detectar e remover rootkits, uma nova espécie de vírus com um sistema muito avançado de programação.
O programa é simples e prático. Sua funcionalidade é resumida em rastrear o sistema na busca de rootkits — verificando principalmente os processos ocultos — e apagar eventuais ocorrências. Ao final, é exibido um relatório com os resultados do escaneamento. Ao contrário de alguns softwares do gênero que apenas revelam os rootkits, o Panda Anti-Rootkit, além de removê-los, também apaga as entradas do registro, processos e arquivos relacionados a eles.

____________________________________________________________________________________________

O Trend Micro RootkitBuster é um "caçador" e eliminador de rootkits. Ele procura por arquivos escondidos, entradas de registro, processos e drivers em busca dessas pragas da internet. Basta executar o programa e escolher onde ele deve procurar por rootkits. Em seguida, se ele encontrar alguma ameaça, basta clicar em "Delete Selected Items" e pronto. Se você não desejar eliminar um arquivo encontrado, basta desmarcá-lo na lista.

____________________________________________________________________________________________

AVG AntiRootKit irá auxiliá-lo na árdua tarefa de combates mais um mal da internet: os rootkits. Agora a Grisoft também entrou na luta contra esses vilões que até pouco tempo eram invisíveis aos olhos de qualquer anti-vírus, devido ao seu funcionamento diferenciado. Há algum tempo foi desenvolvido um sistema de reconhecimento e extinção desse tipo de software. AVG AntiRootKit usa esse sistema para tornar seu computador mais seguro contra ataques inesperados de pragas invisíveis.

Fonte: Baixaki

Dicas de Downloads de Segurança na Internet

Fernand Koda — Mon, 16 Jun 2008 03:25:28 +0000

McAfee Rootkit Detective

Os rootkits são uma das pragas mais incômodas que um usuário pode adquirir. Além de comprometerem criticamente o desempenho do sistema, permanecem ocultos e geralmente não se deixam vencer por programas antivírus. Apesar de muitos desenvolvedores de softwares de segurança embutir mecanismos para a detecção deles, a melhor solução ainda é o uso de programas específicos para tratar esse tipo de infecção, como o McAfee Rootkit Detective.

Diga adeus aos rootkits!

O programa atua vasculhando o sistema atrás de entradas do registro e processos ocultos ? Principal forma de manifestação dos rootkits. Em seguida, ele relata os itens encontrados em uma lista, da qual você pode remover processos suspeitos ou renomear valores e entradas incoerentes. Como é de se perceber, o uso do McAfee Rootkit Detective requer experiência no assunto, pois o uso inadequado desta ferramenta pode inutilizar o sistema.

Fácil de usar

Seguindo a mesma linha dos produtos da McAfee, o software apresenta um consumo moderado dos recursos do sistema e execução estável. A interface é intuitiva e simples de ser utilizada, exigindo apenas que se conheçam alguns termos da informática.

Se o seu computador está com comportamento anormal e os métodos tradicionais não estão solucionando isso, baixe já o McAfee Rootkit Detective, um verdadeiro detetive pessoal para encontrar e acabar com os rootkits.

Minha Opinião

Com certeza o McAfee Rootkit Detective é um dos softwares mais simples de serem utilizados do segmento. Por trás de uma interface gráfica amigável e objetiva, o programa mostrou que possui um poderoso sistema de detecção de rootkits, procurando não apenas por processos como também por entradas ocultas do registro.Em compensação, essa busca detalhada pode tornar o escaneamento muito demorado, ainda mais se o registro do sistema estiver abarrotado de entradas inválidas. Para obter um melhor desempenho, experimente efetuar a limpeza do registro previamente com um software apropriado. Sugerimos o CCleaner.
Se o seu computador esta com comportamento anômalo e o seu antivírus não está dando conta, o McAfee Rootkits Detective é uma excelente opção para lhe ajudar.

Vista Inspirat BricoPack 1.1

Para quem já cansou daquele visual padrão do seu Windows XP e procura um pacote que mude, de vez, o modo como você o vê diariamente, uma boa escolha é o Vista Inspirat Bricopack. Mais do que um simples tema atrativo, o pacote traz uma série de mudanças na aparência do seu sistema, incluindo ícones, papéis de parede e esquemas de janela exclusivos.

A-squared Free

A-squared Free é um complemento para o seu antivírus e seu firewall. Os softwares antivírus são especializados em detectar vírus clássicos e muitos deles têm fraquezas na detecção de softwares maliciosos (malwares) como trojans, discadores, worms, spywares e adwares. A-squared Free preenche a lacuna que os malwares exploram.

FireFox 2

O Firefox 2 permite que você navegue mais rápido, com mais segurança e eficiência do que qualquer outro browser. Mude hoje mesmo ? o Firefox importa seus favoritos e outras informações. E você ainda pode continuar usando outros navegadores junto com o Firefox.

MSN Pictures Displayer 4.5

MSN Pictures Displayer é o programa que vai facilitar muito a sua vida na hora de escolher seu avatar do Windows Live Messenger. Com ele, você não precisa ficar mudando sua imagem de exibição constantemente, é só escolher as que você mais gosta.

Messenger Plus! Live 4.21.270

O software que adiciona diversos recursos ao MSN Messenger - agora conhecido como Windows Live Messenger - está de cara nova! Agora com total suporte a mais nova evolução do mensageiro instantâneo da Microsoft.

DVD Shrink 3.2.0.15

DVDShrink é ótimo para ser usado em conjunto com softwares de gravação de DVD, criando cópias de qualquer disco. Para gravar discos você pode usar o Nero ou alternativas gratuitas como o CDBurnerXP e o Infra Recorder. Os arquivos podem ser salvos no seu disco rígido ou como imagem ISO e gravados mais tarde. Por que usar DVDShrink? A maioria dos títulos em DVD é projetado para impedir que você faça cópias. A primeira medida preventiva das produtoras é a criptografia. A maioria dos DVDs é encriptado, isto significa que você não pode copiar os arquivos para o seu PC, e, mesmo se conseguir copiá-los, não será capaz de reproduzi-los. DVDShrink resolve este problemas com algoritmos sofisticados de decriptação. O próximo problema não é tão fácil de resolver. A maioria dos títulos em DVD é simplesmente muito grande para caber, sem modificações, em apenas um disco de DVD-R. DVDShrink soluciona isso ao modificar ou "encolher" os dados do DVD original. DVD Shrink também permite que você recompile seu DVD. É possível criar sua própria compilação a partir de uma ou mais fontes de DVD, ou selecionar apenas as partes que você deseja visualizar ? assim preservando mais espaço no seu backup e propiciando a melhor qualidade. Como funciona? Recentemente, os codificadores atingiram alguma popularidade. Eles são baseados em algoritmos projetados para recomprimir uma transmissão MPEG-2 em tempo real. Esse tipo de programa pode recodificar um filme em DVD inteiro em apenas poucos minutos, pois não precisa decodificar e recodificar o vídeo completo, apenas uma parte dele. Basicamente o que você obtém é uma redução de tamanho (e conseqüentemente na qualidade) melhor do em qualquer outro programa no mesmo estilo. O DVD2One foi o primeiro programa a trabalhar dessa maneira e o DVD Shrink o primeiro programa gratuito do gênero.

CoolSMS 1.97.6

O CoolSMS é um software que tem como principal função o envio de Torpedos SMS através do computador diretamente para o celular, GRÁTIS! O CoolSMS apresenta uma interface amigável e bastante intuitiva, além das vantagens de centralizar o envio de mensagens num único aplicativo, salvar o seu histórico de Torpedos SMS enviados e também possuir agenda para armazenamento e acesso rápido aos contatos! Confira as principais funções deste software que é Cool! ? Envia Torpedos SMS grátis para as maiores operadoras do Brasil, diretamente do seu computador. É rápido e fácil! ? Envia Torpedo SMS individualmente ou para grupos de pessoas (para os amigos do futebol, por exemplo), mesmo os celulares não sendo da mesma operadora. ? Criação da sua agenda de celulares, acessível de qualquer computador com CoolSMS e conectado a internet; ? Classificação dos seus contatos em grupos. Ex: Família, Amigos, Trabalho... ? Ter todo o seu histórico de Torpedos SMS salvo! (opcional); ? Acesso a conteúdos exclusivos de acordo com o seu perfil, diretamente nas abas do CoolSMS; ? Acumular CoolPons (pontos no programa de relacionamento) e trocar por vantagens exclusivas; ? Design moderno e mais fácil de usar;

AVG Free Edition 7.5.467a1008

O AVG é um excelente antivírus, gratuito para uso doméstico. Possui atualizações via web, vasculha a memória do micro, conta com proteção de e-mails e downloads infectados e tem um sistema que já foi aprovado por inúmeros laboratórios independentes

Google Earth 4.1.7076

Com o programa você pode encontrar qualquer localidade na Terra, algumas com tanta precisão que é possível ver ruas, cruzamentos, até hospitais e os restaurantes mais famosos em mapas 3D. Claro que esses recursos não estão presentes em todas as cidades.

WinRAR em Português 3.70 beta 8

O WinRAR é o mais popular compressor RAR para Windows com gerenciador de arquivos integrado. Ele oferece uma compactação entre 8% e 15% maior que seu concorrente direto, o Winzip. Oferece suporte para RAR e ZIP, além de ACE, ARJ, BZ2, GZ, ISO, JAR etc..

Fernand Koda

Alternate Data Streams (ADS)

bughira — Sat, 07 Jun 2008 17:59:27 +0000

With the introduction of NTFS file system in Windows NT, Microsoft introduced new concept of having multiple streams into single file known as Alternate Data Streams (ADS). In this blog i will discuss some advantages and disadvantages of ADS.
Whenever we perform any operations on any file like - reading, writing, editing etc, we did it on the main stream of the file. This alternate data stream can be of binary or ASCII data. We can attach the streams to any file including executables and folders.

The biggest advantage of the ADS is its by default invisibility to the file handling utilities provided by Microsoft Windows like - File explorer, dir command etc. Unlike staganography, adding alternate stream to a file does not affect its original size that makes it almost impossible to detect.

ADS Capability was originally introduced to for compatibility with the Hierarchical File System (HFS) where data sometimes gets forked into separate resources. ADS are used by many legitimate windows programs to store file information such as attributes and temporary storage.
Virus writers can take advantage of these stealth functionalities provided by ADS to hide malicious data in the alternate stream attached with legitimate files and easily defeat normal user and most of the antivirus present.

How to create an ADS:
===============
Following command will create an hiddenFile.txt as ADS with explorer.exe file present in %SystemRoot%
c:\>echo "This is confidential data." >c:\windows\explorer.exe:hiddenFile.txt

Following command will allow you to read the data present in the ADS. If you check the size of explorer.exe after attaching the alternate stream, will be exact same.

c:\>type c:\windows\explorer.exe:hiddenFile.txt
This is confidential data.
c:\>

Attaching executable as an ADS:
=======================
You can even attach executables using ADS and believe me this is where ADS is boon for virus writters. Virus writters can attach malicious executable with the legitimate one and make it execute at every boot time.

C:\>copy %SystemRoot%\system32\calc.exe c:\blog\ads\
C:\>type maliciousFile.exe > c:\blog\ads\calc.exe:newCalc.exe
C:\> reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v newLiveUpdate /t REG_SZ /d C:\blog\ads\calc.exe:newCalc.exe

Once these three commands are executed on the victim machine, on every boot program newCalc.exe will automatically gets executed.
To test it, you will need to reboot your system once.

Above things are very simple and does not require any skills, this is what makes it very dangerous. Virus writer can hide most of its virus code into ADS and to keep a small executable that will extract the virus.
Whatever we discuss till now can be considered as an Ugly side(for us) of ADS. Now lets focus on about the removal of ADS from the infected systems.

How to detect ADS:
==============
Unfortunately, there are no windows tool which will scan the file and let you know about the alternate stream attached with the file.
There is one third party utility called lads.exe which you can use to manually scan the file for the presence of the ADS. You can download this tool from http://www.heysoft.de

Manually scan following REGISTRY location using regedit tool for the presence of string containing ":" e.g. c:\windows\exeplorer.exe:virus.exe

Always be suspecious for the entries in the above locations and delete unwanted entries and like one given in above example.

Lets look at the good side of the ADS. We can use these invisibility feature of ADS for many different purposes.
1) We can attach confidential files or files which we don't want to get deleted accidently to the system files which usually nobody deletes. This is useful especially when system us shared between multiple users.
2) We can store passwords, pin codes in ADS.
3) You can use freeware "Xidie Security Suite" to keep your private data hidden usin ADS. You can download this tool from http://www.xidie.ro

How to Delete already created ADS:
========================
As we have already seen, ADS is only supported on NTFS file system. So Moving ADS file on drive fomatted with FAT will remove the ADS present on the moved file.
On the NTFS file system, go to start->run and type "notepad <path of ADS>"

e.g notepad c:\blog\ads\test.txt:hiddenFile.txt
and delete the complete content of the file and save it.

As of now there are very few viruses exists which exploits this ADS functionality but don't get surprised if you see more of those in near future as most of the current anti-viruses are not capable of detecting virus hidden inside ADS.

Free Anti-Rootkits - Kernal Mode Trojan Protection

billmullins — Sat, 31 May 2008 14:27:52 +0000

A rootkit is a malware program, or a combination of malware programs, designed to take low level control of a computer. In other words, system operations that are generally outside the control of the user. Frequently, they are Trojans or Keyloggers as well.

Techniques used to hide rootkits include concealing running processes from monitoring programs, and hiding files or system data from the operating system. In other words, the rootkit’ files and processes will be hidden in Explorer, Task Manager, and other detection tools.

It’s easy to see then, that if a malware threat uses rootkit technology to hide, it is going to be very difficult to find.

A number of major anti-malware companies though have developed free functional solutions to rootkits. Enter the Rootkit detector which will provide you with the tools to find and delete rootkits, and to help you uncover additional threats rootkits may be hiding.

Generally, rootkit detectors are capable of the following type of scans, although it is important to note that not all scan, or handle rootkits, in precisely the same way.

· hidden processes

· hidden threads

· hidden modules

· hidden services

· hidden files

· hidden Alternate Data Streams

· hidden registry keys

· drivers hooking SSDT

· drivers hooking IDT

· drivers hooking IRP calls

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything. To be safe, I use each of the free rootkit detectors listed below on my machines.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and Hacker Defender.

Download here: www.download.com

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

Download here: www.majorgeeks.com

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

Download here: www.gmer.net/files.php

F-Secure Anti-Virus for Windows Servers 8.00.123

jecspawn — Thu, 29 May 2008 18:28:05 +0000

Um número cada vez maior de novos vírus são encontrados todos os dias, alguns deles com a capacidade de serem disseminados globalmente no prazo de horas.

Se um vírus entrar em uma rede corporativa, lutar contra ele pode ser difícil e demorado.

As infecções de vírus normalmente provocam perdas financeiras significativas, devido a interrupções na rede, redução na produtividade, dados corrompidos e vazamentos de dados confidenciais.

Mesmo a reputação de uma empresa pode estar em perigo se ela espalhar, sem saber, vírus para seus parceiros comerciais.

A Solução

O F-Secure Anti-Virus for Windows Servers, garante que os usuários que se conectam a servidores de arquivo com máquinas infectadas, não espalhem vírus para ouras máquinas da rede.

Com a F-Secure, a proteção contra vírus é rápida, eficaz e fácil. As instalações e o gerenciamento do antivírus podem ser realizadas remotamente a partir de uma única localização central.

Principais Funcionalidades

· Proteção em tempo real contra vírus, spyware e riskware

· Varredura manual a procura de vírus, spyware e riskware

· Varredura manual a procura de rootkits

· Varredura programada a procura de vírus, spyware, riskware e rootkits

· Atualização automática de assinaturas de vírus, spyware e riskware (é necessário ter conexão com a Internet)

· Suporte a 64 bits

Plataformas Suportadas

· Microsoft Windows 2000 SP4

· Microsoft Windows Server 2003 32-bit

· Microsoft Windows Server 2003 64-bit edition para processadores x64

· Microsoft Windows Server 2008

· Observação: O Windows Server 2003 64-bit edition para processadores Itanium (IA64) não é suportado

Tam.:56.3MB

http://rapidshare.com/files/118609027/F-SECURE.ANTI-VIRUS.for.SERVERS.8.00.123.rar

Rootkits have nothing to do with gardening

dvanarsd — Thu, 29 May 2008 17:12:50 +0000

Rootkits are one of the newer hazards on the Web, and may include trojans. They are designed to take control of your computer with or without your knowledge (usually without) and do who-knows-what with it.

They might report back your activities to somebody (to detect any suspected violations of copyright on music, for example) or something more sinister.

Fortunately, there are a number of programs to detect and deal with rootkits, and some of them are even free.

Find a good one at Antirootkit.com .

Antivirus = Waste of money? and Vista's UAC vs Rootkits

xerosai — Tue, 27 May 2008 19:15:26 +0000

Antivirus is 'completely wasted money': Cisco CSO

Companies are wasting money on security processes — such as applying patches and using antivirus software — which just don't work, according to Cisco's chief security officer John Stewart.

...

"If patching and antivirus is where I spend my money, and I'm still getting infected and I still have to clean up computers and I still need to reload them and still have to recover the user's data and I still have to reinstall it, the entire cost equation of that is a waste.

...

A better way of dealing with the unknown is to use whitelists — where only authorised or approved software can execute, said Stewart.

"I'm sick of blacklisted stuff. I've got to go for whitelisted stuff — I know what that is because I put it there," he said.

...

Chris Thomas, technology specialist for CA's Internet Security business unit, said that antivirus alone did not provide enough protection.

Interesting article. First of all, anyone who uses only antivirus to protect their computer(s) deserves to be compromised. A layered approach to security always seems to be the most effective method of protection. Sure there may be alternative operating systems such as linux/unix variants that are generally more secure than Windows but which one dominates the market?

Vista's Despised UAC Nails Rootkits, Tests Find

Vista's UAC has a security feature that marks it out from any other type of Windows security program -- it can spot rootkits before they install. This is one finding buried in a report published in two German computer magazines some months ago after testing by the respected AV-Test.org, which set out to find out how well antivirus programs fared against known rootkits.

The answer: not particularly well ... either for Windows XP, or Vista-oriented products.

Of 30 rootkits thrown at XP anti-malware scanners, none of the seven AV suites found all 30, a similar story to the six web-based scanners assessed. Only four of the 14 specialized anti-rootkit tools managed a perfect score. For Vista, only six rootkits could run on the OS, but the testers had to turn off UAC to get even this far. Vista's UAC itself spotted everything thrown in front of it.

In a period of where Vista has received criticism, Microsoft's programmers can at least point to evidence that UAC is efficient at stopping infections from happening automatically.

This should be good news. Rootkits are dangerous and if Vista can spot them before they can be installed then it shows that Microsoft got something right even though quite a few things still need to be fixed in terms of vulnerabilities. Based on the article it should discourage users from disabling UAC since it serves a purpose.

-xerosai

Drive-by Downloads - The Paradox Created by Firewalls/Security Applications

billmullins — Mon, 26 May 2008 17:27:27 +0000

Your Firewall and Security Applications provide the ultimate in protection while you’re surfing the web, right? Well in a sense they do.

Paradoxically, it’s because current anti-malware solutions are much more effective than they have ever been in detecting worms and viruses, that we’re now faced with another insidious form of attack.

Drive-by downloads are not new; they’ve been lurking around for years it seems, but they’ve become much more common and more crafty recently.

More than three million unique URLs on over 180,000 websites are automatically installing malware via drive-by downloads, according to recent statements by the Google Anti-Malware Team. Google has not been alone in noticing this trend by criminal hackers using these techniques. IBM noted recently, that criminals are directly attacking web browsers in order to steal identities, gain access to online accounts and conduct other illicit activities.

If you’re unfamiliar with the term, drive-by download, they are essentially programs that automatically download and installed on your computer without your knowledge. This action can occur while visiting an infected web site, as previously noted, opening an infected HTML email, or by clicking on a deceptive popup window. Often more than one program is downloaded, for example, file sharing with tracking spyware is very common. Again, it’s important to remember that this can take place without warning, or your approval.

What can you do to ensure you are protected, or to reduce the chances you will become a victim?

The following are actions you can take to protect your computer system:

When surfing the web: Stop. Think. Click
Don’t open unknown email attachments
Don’t run programs of unknown origin
Disable hidden filename extensions
Keep all applications (including your operating system) patched
Turn off your computer or disconnect from the network when not in use
Disable Java, JavaScript, and ActiveX if possible
Disable scripting features in email programs
Make regular backups of critical data
Make a boot disk in case your computer is damaged or compromised
Turn off file and printer sharing on the computer.
Install a personal firewall on the computer.
Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
Ensure the anti-virus software scans all e-mail attachments
Install McAfee Site Advisor, WOT, or a similar browser add-on

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

If you missed "Rogue Security Software on the Rise – What You Need to Know Now!" you can read it here.

Pay Pal's Security Questioned, Yet Again

oregonnerd — Mon, 19 May 2008 12:54:19 +0000

This time it's demonstrably, as you can see here, although as the article is careful to point out the weakness hasn't been successfully used as yet. (Then again, over the years there have been at least 50 eBay stories I've happened upon that somehow never hit the major press.)

I'm also going to correct something I said recently. Spybot S & D evidently no longer measures up, as shown by some recent reputable reviews. If you use ZoneAlarm and AVG you're pretty well covered; I'm actually using RuBotted to cover for rootkits (note this is a beta and not for the faint of heart) and then a suite.

--Glenn

BugCON

virtualgeeks — Tue, 13 May 2008 23:47:53 +0000

BugCON busca reunir a todos los investigadores, desarrolladores y aficionados relacionados al área de la seguridad informática y ofrecerles un foro en donde puedan mostrar sus últimas investigaciones en:

Técnicas de explotación
Técnicas de intrusión
Prevención de incidentes
Rootkits
Friki stuff

El Call For Papers esta abierto, no esperes mas y envia tus propuestas. Estas serán analizadas por un equipo técnico quienes seleccionarán las mejores para presentarlas en BugCON.

La primer edición de BugCON se celebra en instalaciones del Instituto Politécnico Nacional. En modalidades de "non-conferences" de una hora dividas en dos auditorios; uno de ellos dedicado a temas white hat y otro a temas black hat.

Habra conexión inalambrica, concursos y demás cosas de interes, no puedes faltar.

Espero poder asistir al evento para poder comentarles

Desde su pagina oficial BugCON

Malware by Proxy - Fake Search Engine Results

billmullins — Thu, 08 May 2008 16:46:18 +0000

For the past several months I’ve been watching closely, as the pace of Blog and Internet Forum debate has been escalating regarding fake search engines results and malware.

Recent news on this issue from Panda Security’s Oxygen 3 E-bulletin on IT security, indicates that Cyber-crooks are unrelenting in their chase to infect web search results. According to Panda “there is a steady increase in the use of custom-built websites designed to drop malicious code on computers, or even the manipulation of legitimate pages in order to infect users with malware.”

It was reported recently that fifteen thousand web pages were infected daily between January and March of this year; three times the rate of infection noted in the previous year. More disturbing, seventy nine percent of compromised web pages tracked this year were on legitimate web sites; including web sites belonging to Fortune 500 companies, government agencies and ironically, security vendors.

There are several ways that this can occur. Cyber-crooks can exploit vulnerabilities on the server hosting the web page to insert an iFrame, (an HTML element which makes it possible to embed another HTML document inside the main document). The iFrame can then activate the download of malicious code by exploiting additional vulnerabilities on the visiting machine.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

Another method is the insertion of false dialogue boxes, fake toolbars, and more on sites; all designed to load destructive malware which could include rootkits, password stealers, Trojan horses, and spam bots.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

As I have pointed out in the past, the following are actions you can take to shield your computer system from malware infections:

Install an Internet Browser add-on such as WOT which provides detailed test results on a site’s safety; protecting you from security threats including spyware, adware, spam, viruses, browser exploits, and online scams.
Don’t open unknown email attachments
Don’t run programs of unknown origin
Disable hidden filename extensions
Keep all applications (including your operating system) patched
Turn off your computer or disconnect from the network when not in use
Disable Java, JavaScript, and ActiveX if possible
Disable scripting features in email programs
Make regular backups of critical data
Make a boot disk in case your computer is damaged or compromised
Turn off file and printer sharing on the computer
Install a personal firewall on the computer
Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
Ensure the anti-virus software scans all e-mail attachments

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The free software listed below, in my view, provides better than average malware protection.

avast! 4 Home Edition

Snoop Free Privacy Shield

Snoop Free Privacy Shield is a powerful application that guards your keyboard, screen and open windows from all spy software. I have been using this application for quite some time, and I have been amazed at the number of programs that have requested access to my keyboard and screen; particularly, programs that I am in the process of installing. If you’re serious about privacy, this is a must have addition to your security toolbox.

Symantec coupons - Offer Expires 06/30/08

andypopps — Wed, 07 May 2008 13:02:11 +0000

Symantec coupons

Save $5 on Norton AntiVirus 10.0 for Macintosh when purchased via the US store! Click Here

Save 10% on pcAnywhere
Save 10 % of on pcAnywhere products by entering the following coupon code: 08EPPromo. Offer Expires 07/01/08

Coupon Code: 08EPPromo

Save 10% on Ghost Solutions Suite
Save 10% on Ghost Solutions Suite 2.0 by entering the following coupon code: 08EPPromo Available in all countries Offer Expires 07/01/08

Coupon Code: 08EPPromo

10% off Norton AntiVirus 2008
United States - Norton AntiVirus 2008 - 10% off Coupon Offer Expires 06/30/08

Coupon Code: 10NAV08

Norton Internet Security 2008
United States - Norton Internet Security 2008 Offer Expires 06/30/08

Coupon Code: 15NIS08

$10 off of Norton Internet Security 2008
United States - Norton Internet Security 2008 - $10 off Offer Expires 06/30/08

Coupon Code: 10offNIS08

Save 15% on Norton Internet Security 2008
Australia - Norton Internet Security 2008 - 15% off Coupon Offer Expires 06/30/08

Coupon Code: 15NIS08

$10 off on Norton Internet Security 2008
Australia - Norton Internet Security 2008 - $10 off Coupon Offer Expires 06/30/08

Coupon Code: 10offNIS08

10% off on Norton Internet Security 2008
Australia - Norton Ghost 14.0 - 10% off Coupon Offer Expires 06/30/08

Coupon Code: 10NGHST08

10% off Norton AntiVirus 11 for Mac
Australia - Norton AntiVirus 11 for Mac - 10% off Coupon Offer Expires 06/30/08

Coupon Code: 10NAVMAC08

10% off Norton AntiBot
Australia - Norton AntiBot - 10% off Coupon Offer Expires 06/30/08

Coupon Code: 10NAB08

10% off Norton AntiVirus 2008
UK - Norton AntiVirus - 10% Discount Offer Expires 06/30/08

Coupon Code: 10NAV08

15% off Norton Internet Security
UK - Norton Internet Security - 15% Discount Offer Expires 06/30/08

Coupon Code: 15NIS08

£10 off Norton Internet Security 2008
UK - Norton Internet Security 2008 - $10 Discount Offer Expires 06/30/08

Coupon Code: 10offNIS08

10% off Norton Ghost 14.0
UK - Norton Ghost 14.0 - 10% Discount Offer Expires 06/30/08

Coupon Code: 10NGHST08

10% off Norton AntiBot
UK - Norton AntiBot - 10% Discount Offer Expires 06/30/08

Coupon Code: 10NAB08

10% off Norton AntiVirus 11 for Mac
UK - Norton AntiVirus 11 for Mac - 10% Discount Offer Expires 06/30/08

Coupon Code: 10NAVMAC08

10% off of Norton AntiBot
United States - Norton AntiBot - 10% off Coupon Offer Expires 06/30/08

Coupon Code: 10NAB08
CART LINK Click Here

Geek+Spyware*

techpaul — Fri, 02 May 2008 16:50:49 +0000

I want to apologize to you in advance for a word I will use in this blog from time to time, and that word is "geek."

When I was a boy--many years ago now--"geek" was a completely pejorative and insulting word. A "geek" was typically a socially inept, small, quiet, know-it-all (who usually wore glasses) kid who couldn't connect his bat with the softest-thrown baseball or catch a football to save his life...and he used big words all the time. Perhaps in your day you referred to 'him' as a Pointdexter, nerd, dork, or wimp. Back then there was no doubt or question about it--"geek" was a put-down: a derogatory statement. Period.

Today, I proudly declare: I am a geek. When I do, I am not broadcasting my pride in my inability to catch a football. (I can catch; and, even throw a tight spiral.) I am saying that I'm "into" computers and electronic gadgets, and I know a little about how they work.

At some point and time our common usage of the word "geek" has changed. It is no longer used strictly as a 'slam' and a put-down (however, if that is your intent, I believe the other words I listed above are still 100% negative...although Bill Gates may have softened the word "nerd" some...). If, in the course of reading this blog, you see me use the word "geek"--please rest assured that I am always using it with the nicest of meanings. I even use "geek" as a compliment. Really.

Tip of the day: A reader mentioned in a comment to yesterday's post on defragmention that spyware, if it gets onto and runs on your machine, will cause it to (amongst other unpleasant things!) suffer performance degradation and make it run slower. I intend to spend a fair amount of time discussing malware, and spyware in particular, and how you can combat and remove it. I will return to this topic in the future. But for today I just want to make this point: If you connect to the Web, you need to run anti-spyware programs. Notice I that I wrote programs. Plural.

That fact is, no one anti-spyware application is 100% effective at stopping and removing spyware. There are many anti-spyware programs available and some are more effective than others. Some are great at stopping keylogger's but fall down when it comes to Trojan Horses, and others are visa-versa...as an example. So I strongly recommend running two anti-spyware's, in the hopes that one will catch what the other missed. (There are many free anti-spyware applications [and some are adware disguised as anti-spyware, (called "rogue apps")] available. For my more detailed descriptions and a fuller listing of free anti-spyware tools, click here.) I cannot stress to you strongly enough to install and run some kind of anti-spyware program...and preferably, two. In that vein, today I will provide not one, but two, Today's free links.

Today's free link #1: AdAware SE Personal from Lavasoft. "Ad-Aware 2007 Free remains the most popular anti-spyware product for computer users around the world, with nearly one million downloads every week. Our free anti-spyware version provides you with advanced protection against spyware..."

Today's free link #2: SpyCatcher Express from Tenebril. From site: "Allows novice PC users to remove aggressive spyware . Stops next-generation, mutating spyware. Blocks reinstallation of aggressive spyware. Removes spyware safely and automatically."

*Original posting 6/13/07

Share this post :

Free HJT Log Analyzing and Malware Cleaning Services again available on Smokey's

Smokey — Fri, 25 Apr 2008 01:07:18 +0000

After a period of a closed HJT Log Analyzing/Malware Cleaning Forum I am pleased to announce that from now on Smokey's Security Forums offer again HijackThis Log Analyzing & Malware Cleaning related Support, Help and Advice.

This (free) help will only be provided by full qualified HJT Analyzers/Malware Hunters, this for reason of maintaining the high standars of my forums: Help and Support only by qualified people.

Only registered forum members will be helped with solving their malware (related) problems.
Registering on my forum is for free.

Smokey

Site Owner Smokey's Security Forums
Site Member ASAP - Alliance of Security Analysis Professionals

Υποκριτές και Φαρισαίοι..

stardust30 — Fri, 04 Apr 2008 11:52:58 +0000

Ακούσατε- ακούσατε,
Σύμφωνα με την ιστοσελίδα:
http://arstechnica.com/news.ars/post/20080331-sony-bmgs-hypocrisy-company-busted-for-using-warez.html
και την αντίστοιχη ελληνική του Pc-magazine :
http://www.e-pcmag.gr/modules/news/article.php?storyid=4143
H Sony BMG εγκατέστησε το πρόγραμμα Ideal Migration της PointDev ΧΩΡΙΣ να αγοράσει τις απαιτούμενες άδειες χρήσης.
Η παραπάνω εταιρεία είναι από τους μεγαλυτερους πολέμιους της πειρατείας..
Επίσης η παραπάνω εταιρεία έχει βάλει σε μουσικά της cd πρόγραμμα που επεμβαίνει στον υπολογιστή έτσι ώστε να κάνεις μόνο ένα αντίγραφο του cd.Το πρόγραμμα αυτό όμως αφήνει κάποιες πύλες ανοικτές στον υπολογιστή κι έτσι ένας έμπειρος hacker μπορεί να μπει στον υπολογιστή σου και να τον κάνει ό,τι αυτός θέλει (να αντιγράψει αρχεία,να τα σβήσει). Το κορυφαίο είναι ότι είναι πολύ δύσκολο (εώς αδύνατο) να το απεγκαταστήσεις.
Μπράβο στη Sony! Εύγε! Θα ακολουθήσουμε το παράδειγμά της!

Storm Botnets – The Computational Power of Super Computers

billmullins — Thu, 03 Apr 2008 18:27:37 +0000

I must admit that I get very tired of opening my email accounts only to see spam email after spam email, reminding me that enlargement, growth, and natural male enhancement techniques can all be mine if I just click on the enclosed link.

It didn’t take long to establish that the driving force behind the majority of these annoying emails is the well established Storm bot network. Security experts maintain that the Storm bot network continues to be leased to online pharmacy spammers.

The Storm Trojan which first appeared in Europe more than a year ago, takes its name from the content contained in emails relating to extreme bad weather striking parts of Europe at that time.

Those users who were enticed into clicking on links enclosed in the email were directed to a web site that included malevolent code designed to infect Windows PCs with the aim of turning the now infected machine into a spam bot.

The initial success and the continued implementation, in various forms, of this highly sophisticated malware attack has led to the creation of a botnet of unprecedented proportions; a colossal spam-producing network.

According to Bradley Anstis, Vice-President of Products for Marshal, a leader in integrated email and Internet content security solutions, the Storm botnet was responsible for 20 per cent of all spam email sent in the first quarter of 2008.

Marshall is currently monitoring five botnets, including the Storm botnet, believed to be responsible for approximately 75 per cent of all spam currently in circulation. Heavily promoted products on all of these botnets tend to be male enlargement drugs, replica watches and sexually explicit material. The strategy employed by the owners of these botnets is particular ingenious since there’s a strategic crossover with the products being promoted by all five of these botnets.

Frighteningly it is accurate to say that these botnets are getting increasingly larger every day. According to the U.S. Federal Bureau of Investigation, there are at least 1 million botnetted computers in the U.S. Worst, some security firms estimate that currently there are as many as 10 million botnetted machines worldwide. In fact, some researchers believe that this may just be the part of the iceberg we can see above the waterline.

Not surprisingly such large numbers of infected machines have produced some of the most powerful networked computer systems in the world. As a result, many industry analysts are convinced malware and phishing attacks from these botnets can be expected to increase in frequency.

A more frightening possibility involves the potential power of these botnets being turned against secure computer systems in the government, commercial, and industrial sectors in brute-force attacks. Some have argued a coordinated attack, such as the one we witnessed last year against Estonia’s infrastructure, is inevitable.

For your own benefit it’s obviously important to keep your computer from becoming infected and becoming a part of this problem. Perhaps it’s less obvious that we all share a responsibly to help protect other computer users on the Internet from becoming infected. The way to do that is to ensure that you are part of the solution; not part of the problem created by running an insecure machine, or by engaging in unsafe surfing practices.

As I have pointed out in the past on this Blog, the following are actions you can take to protect your computer system:

· When surfing the web: Stop. Think. Click
· Don’t open unknown email attachments
· Don’t run programs of unknown origin
· Disable hidden filename extensions
· Keep all applications (including your operating system) patched
· Turn off your computer or disconnect from the network when not in use
· Disable Java, JavaScript, and ActiveX if possible
· Disable scripting features in email programs
· Make regular backups of critical data
· Make a boot disk in case your computer is damaged or compromised
· Turn off file and printer sharing on the computer.
· Install a personal firewall on the computer.
· Install anti-virus/anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet
· Ensure the anti-virus software scans all e-mail attachments
· Install McAfee Site Advisor, WOT (my recommendation), or a similar browser add-on

Share this post :

Book of Month: April

y2h4ck — Thu, 03 Apr 2008 12:57:19 +0000

Rootkits: Subverting the Windows Kernel

Author: Greg Hoglund, Jamie Butler

Publisher: Addison-Wesley Professional

Year: 2005

Pages: 352

Amazon's book description: Rootkits are the ultimate backdoor, giving hackers ongoing and virtually undetectable access to the systems they exploit. Now, two of the world's leading experts have written the first comprehensive guide to rootkits: what they are, how they work, how to build them, and how to detect them. Rootkit.com's Greg Hoglund and James Butler created and teach Black Hat's legendary course in rootkits. In this book, they reveal never-before-told offensive aspects of rootkit technology--learn how attackers can get in and stay in for years, without detection.

Fake/Redirected Search Engine Results = Malware

billmullins — Thu, 27 Mar 2008 16:55:47 +0000

For the past several months I’ve been watching closely, as more and more Blog discussions have been taking place around the topic of search engines results and malware.

Alternatively, a new web page can be built, with iFrames inserted, that can lead to malware downloads. This new web page appears to be legitimate.

For more information on this, and other threats checkout Spyware Sucks, a great Blog that will keep you up to date on the latest risks to your online safety.

So what can you do to ensure you are protected, or to reduce the chances you will become a victim?

As I have pointed out in the past on this Blog, the following are actions you can take to protect your computer system:

• Don’t open unknown email attachments

• Don’t run programs of unknown origin

• Disable hidden filename extensions

• Keep all applications (including your operating system) patched

• Turn off your computer or disconnect from the network when not in use

• Disable Java, JavaScript, and ActiveX if possible

• Disable scripting features in email programs

• Make regular backups of critical data

• Make a boot disk in case your computer is damaged or compromised

• Turn off file and printer sharing on the computer.

• Install a personal firewall on the computer.

• Install anti-virus and anti-spyware software and ensure it is configured to automatically update when you are connected to the Internet.

• Ensure the anti-virus software scans all e-mail attachments.

Be proactive when it comes to your computer’s security; make sure you have adequate software based protection to reduce the chances that your machine will become infected.

The free software listed below, in my view, provides better than average malware protection.

avast! 4 Home Edition

www.avast.com

AVG Anti-Virus Free Edition

Ad-Aware 2007

ThreatFire 3

Comodo Firewall Pro

WinPatrol

Sandboxie

Snoop Free Privacy Shield

www.snoopfree.com

Snoop Free Privacy Shield is a powerful application that guards your keyboard, screen and open windows from all spy software. I have been using this application for quite some time, and I have been amazed at the number of programs that have requested access to my keyboard and screen. Particularly, programs that I am in the process of installing. If you’re serious about privacy, this is a must have addition to your security toolbox.

Share this post :

Free Spyware Doctor – Excellent Secondary On-Demand Malware Scanner

billmullins — Thu, 27 Mar 2008 15:31:17 +0000

As I wrote recently, Spyware Terminator is my current application of choice for active real-time protection in the spyware wars that we, as computer users, are involved in any time we log onto the Internet.

Having tested virtually all of the major anti-spyware apps over the last year or more, I’ve settled, for now, on Spyware Terminator primarily due to this strong real-time protection against spyware, adware, Trojans, key-loggers, home page hijackers and other malware threats.

As we all know however, there is no one anti-malware tool that is likely to identify and remove all of the millions of rogue malware that infest the cyber world. So to ensure maximum safety, if that’s even possible, it’s important to have layered defenses in the ongoing fight against malware.

An excellent choice, as a secondary line of defense, is Spyware Doctor Starter Edition from PC Tools. http://www.pctools.com/spyware-doctor/ This free version of the award winning program, with its easy to use interface, is used by millions of people worldwide to protect their computers; it’s reported there are a million+ additional downloads every week.

I have been able to establish through various forums and user groups, that the free version and the paid version have identical detection rates. However, the most important real-time protection functions are disabled in the free version.

File protection is the only real time protection that operates in the free version and unfortunately, this level of real-time protection is inadequate in the current Internet environment.

I would not recommend then, that you use this free version of Spyware Doctor as a stand alone security application because it simply will not offer you adequate protection. Instead, use it only as an on-demand scanner.

Despite this real-time protection shortcoming in the free version, Spyware Doctor has an excellent reputation as a first class security application, and I highly recommend that you add this free version to your security toolbox to be used as a secondary line of defense.

Quick Facts:

Spyware protection
Adware protection
Scan and Remove
Smart Updates
Limited OnGuard Protection Note: Be particularly aware of this limitation.

You can download the free Spyware Doctor Starter Edition via Google Pack, or better yet download this application at Download.com and save yourself some hassle.

Ubuntu 8.04 Hardy Heron Alpha 6 Ya disponible

Cross — Sun, 09 Mar 2008 03:53:40 +0000

Aquí os traigo la última Alpha pública de Ubuntu. Hablando de novedades lo nuevo que podemos apreciar frente a las otras Alphas que ya os he comentado estas son las nuevas;

Integración de ActiveDirectory

Likewise Open está disponible atraves del repositorio "Universe". Esto permite la integración de Ubuntu con una red de Active Directory. Los usuarios pueden usar sus credenciales AD (ActiveDirectory) para registrarse desde sus Ubuntu's y acceder a cualquier servicio kerberizado que ofreca un servidor Ubuntu.

Soporte iSCSI

iSCSI ha sido totalmetne integrado con el kernel, permitiendo a ubuntu montar objetivos iSCSI como un dispositivo más.
iSCSI está disponible en la versión de Servidor de Ubuntu si iscsi=true (Verdadero) en la linea de comandos del kernel en el principio de la instalación.

Protección de Memoria

Se han añadido algunos checkeos adicionales para que así /dev/mem y /dev/kmem solo puedan usarse para acceder al dispositivo de memoria. Estos cambios ayudaran a defendernos contra los RootKits y otros códigos maliciosos.
Los 64k más bajos de memoria no podrán ser accesibles por defecto. Esto ayudará a defendernos contra códigos maliciosos que intentan hacer uso de los bugs (Fallos) dee el kernel y convertirlos en vulnerabilidades de seguridad.
Aplicaciones compiladas como Position Independent Executables (PIE && Ejecutables de Posición Independiente) son ahora puestos en localizaciones inpredecibles haciendo más dificil explotar vulnerabilidades de seguridad.

Aquí podeís encontrar los enlaces para Ubuntu y sus distribuciones hermanas:

Los "rootkits", el malware silente

Radamés — Mon, 25 Feb 2008 18:13:14 +0000

El "rootkit" es una modalidad de malware donde éste se aloja en el sistema de una forma que parece "invisible" para el Windows Explorer, el Task Manager y otras herramientas de detección. Esta característica los hace sumamente peligrosos y se necesitan aplicaciones que sean específicamente para detectarlos y removerlos. Algunos de estas aplicaciones son:

Fuente: Billmullins

Rootkits - Kernel Mode Trojans – Are You Protected?

billmullins — Mon, 25 Feb 2008 17:40:26 +0000

A rootkit is a malware program, or a combination of malware programs, designed to take low level control of a computer system. Often, they are Trojans or Keyloggers as well.

Techniques used to hide rootkits include, concealing running processes from monitoring programs, and hiding files or system data from the operating system. In other words, the rootkit’ files and processes will be hidden in Explorer, Task Manager, and other detection tools.

It’s easy to see then, that if a threat uses rootkit technology to hide, it is going to be very difficult to find.

All power to the major anti-malware companies though; many have come up with a free serviceable solution to rootkits. Enter the Rootkit detector which will give you the tool to find and delete rootkits, and to uncover the threat rootkits may be hiding.

Generally, rootkit detectors are capable of the following type of scans, although it is important to note that not all scan, or handle rootkits, in precisely the same way.

· hidden processes

· hidden threads

· hidden modules

· hidden services

· hidden files

· hidden Alternate Data Streams

· hidden registry keys

· drivers hooking SSDT

· drivers hooking IDT

· drivers hooking IRP calls

The following are a number of free rootkit detectors available for download.

AVG Anti-rootkit

The AVG Anti-rootkit download is a tiny 414kb, and it installs quickly. Its straightforward, no-frills interface allows a regular search and an in-depth search.