Ajay's Home - One place where i do exist

2008-09-18T20:22:00.000-07:00

World's Worst Internet & Email Scams

* ) The Nigerian scam, also known as 419

Most of you have received an email from a member of a Nigerian family with wealth. It is a desperate cry for help in getting a very large sum of money out of the country. A common variation is a woman in Africa who claimed that her husband had died, and that she wanted to leave millions of dollars of his estate to a good church.In every variation, the scammer is promising obscenely large payments for small unskilled tasks. This scam, like most scams, is too good to be true. Yet people still fall for this money transfer con game. They will use your emotions and willingness to help against you. They will promise you a large cut of their business or family fortune. All you are asked to do is cover the endless “legal” and other “fees” that must be paid to the people that can release the scammer’s money. The more you are willing to pay, the more they will try to suck out of your wallet. You will never see any of the promised money, because there isn’t any. And the worst thing is, this scam is not even new; its variant dates back to 1920s when it was known as 'The Spanish Prisoner' con.

*) Advanced fees paid for a guaranteed loan or credit card

If you are thinking about applying for a “pre-approved” loan or a credit card that charges an up-front fee, ask yourself: “why would a bank do that?” These scams are obvious to people who take time to scrutinize the offer. Remember: reputable credit card companies do charge an annual fee but it is applied to the balance of the card, never at the sign-up. Furthermore, if you legitimately clear your credit balance each month, a legitimate bank will often wave the annual fee. As for these incredible, pre-approved loans for a half-a-million dollar homes: use your common sense. These people do not know you or your credit situation, yet they are willing to offer massive credit limits.Sadly, a percentage of all the recipients of their “amazing” offer will take the bait and pay the up-front fee. If only one in every thousand people fall for this scam, the scammers still win several hundred dollars. Alas, far too many victims, pressured by financial problems, willingly step into this con man's trap.

*) Lottery scams

Most of us dream of hitting it big, quitting our jobs and retiring while still young enough to enjoy the fine things in life. Chances are you will receive at least one intriguing email from someone saying that you did indeed win a huge amount of money. The visions of a dream home, fabulous vacation, or other expensive goodies you could now afford with ease, could make you forget that you have never ever entered this lottery in the first place. This scam will usually come in the form of a conventional email message. It will inform you that you won millions of dollars and congratulate you repeatedly. The catch: before you can collect your “winnings”, you must pay the “processing” fee of several thousands of dollars. Stop! The moment the bad guys cash your money order, you lose. Once you realize you have been suckered into paying $3000 to a con man, they are long gone with your money. Do not fall for this lottery scam.

*) Phishing emails and phony web pages

Phishing email will be a result of the private web pages that may be registered to unauthorized ISP's and the domain names by themselves may be faulty and may mislead the user (i.e. redirect ) to another webpage which when visited installs the exploit on the user's machine. This is the most widespread Internet and email scam today. It is the modern day "sting" con game. "Phishing" is where digital thieves lure you into divulging your password info through convincing emails and web pages. These phishing emails and web pages resemble legitimate credit authorities like Citibank, eBay, or PayPal. They frighten or entice you into visiting a phony web page and entering your ID and password. Commonly, the guise is an urgent need to "confirm your identity". They will even offer you a story of how your account has been attacked by hackers to lure you into entering your confidential information. The email message will require you to click on a link. But instead of leading you to the real login https: site, the link will secretly redirect you to a fake website. You then innocently enter your ID and password. This information is intercepted by the scammers, who later access your account and fleece you for several hundred dollars.This phishing con , like all cons, depends on people believing the legitimacy of their emails and web pages. Because it was born out of hacking techniques, “fishing” is stylistically spelled "phishing" by hackers. Tip: the beginning of the link address should have https://. Phishing fakes will just have http:// (no “s”). If still in doubt, make a phone call to the financial institution to verify if the email is legit. In the meantime, if an email seems suspicious to you, do not trust it. Being skeptical could save you hundreds of lost dollars.

*) Items for sale overpayment scam

This one involves an item you might have listed for sale such as a car, truck or some other expensive item. The scammer finds your ad and sends you an email offering to pay much more than your asking price. The reason for overpayment is supposedly related to the international fees to ship the car overseas. In return, you are to send him the car and the cash for the difference. The money order you receive looks real so you deposit it into your account. In a couple of days (or the time it takes to clear) your bank informs you the money order was fake and demands you pay that amount back immediately. In most documented versions of this money order scam, the money order was indeed an authentic document, but it was never authorized by the bank it was stolen from. In the case of cashier's checks, it is usually a convincing forgery. You have now lost the car, the cash you sent with the car, and you owe a hefty sum of money to your bank to cover for the bad money order or the fake cashier's check.

*) Disaster relief scams

What do 9-11, Tsunami and Katrina have in common? These are all disasters, tragic events where people die, lose their loved ones, or everything they have. In times like these, good people pull together to help the survivors in any way they can, including online donations. Scammers set up fake charity websites and steal the money donated to the victims of disasters. If your request for donation came via email, there is a chance of it being a phishing attempt. Do not click on the link in the email and volunteer your bank account or credit card information. Your best bet is to contact the recognized charitable organization directly by phone or their website.

*) Turn Your Computer Into a Money-Making Machine

Although not a full blown scam, this scheme works as follows: You send someone money for instructions on where to go and what to download and install on your computer to turn it into a money-making machine… for spammers. At sign-up, you get a unique ID and you have to give them your PayPal account information for the “big money” deposits you’ll “soon” be receiving. The program that you are supposed to run, sometimes 24/7, opens multiple ad windows, repeatedly, thus generating per-click revenue for spammers. In other scenario, your ID is limited to a certain number of page clicks per day. In order to make any money whatsoever from this scheme, you are pretty much forced to scam the spammers by hiding your real IP address with Internet proxy services such as “findnot”, so you can make more page clicks. I won’t even go into the discussion about what this program will do to your computer’s performance... it is a true tragedy if you get conned into this scam.

These were some of the most comman frauds that have been tried and tested on users ( i would like to say DUMB user's ) of internet. To gain more knowlegde in this regard is always recommended and it is also advised to install Secure Antivirus and Firewall systems on your end machines so that any attempts to get into your system or possibility of your system being compromised can be thwarted.

2008-09-14T21:12:00.000-07:00

Deadlock issues in Sql Server

Deadlocking occurs when two user processes have locks on separate objects and each process is trying to acquire a lock on the object that the other process has. When this happens, SQL Server identifies the problem and ends the deadlock by automatically choosing one process and aborting the other process, allowing the other process to continue. The aborted transaction is rolled back and an error message is sent to the user of the aborted process. Generally, the transaction that requires the least amount of overhead to rollback is the transaction that is aborted.

As you might imagine, deadlocks can use up SQL Server's resources, especially CPU power, wasting it unnecessarily. Most well-designed applications, after receiving a deadlock message, will resubmit the aborted transaction, which most likely can now run successfully. This process, if it happens often on your server, can drag down performance. If the application has not been written to trap deadlock errors and to automatically resubmit the aborted transaction, users may very well become confused as to what is happening when they receive deadlock error messages on their computer.

Here are some tips on how to avoid deadlocking on your SQL Server:
· Ensure the database design is properly normalized.
· Have the application access server objects in the same order each time.
· During transactions, don't allow any user input. Collect it before the transaction begins.
· Avoid cursors.
· Keep transactions as short as possible. One way to help accomplish this is to reduce the number of round trips between your application and SQL Server by using stored procedures or keeping transactions with a single batch. Another way of reducing the time a transaction takes to complete is to make sure you are not performing the same reads over and over again. If your application does need to read the same data more than once, cache it by storing it in a variable or an array, and then re-reading it from there, not from SQL Server.
· Reduce lock time. Try to develop your application so that it grabs locks at the latest possible time, and then releases them at the very earliest time.
· If appropriate, reduce lock escalation by using the ROWLOCK or PAGLOCK.
· Consider using the NOLOCK hint to prevent locking if the data being locked is not modified often.
· If appropriate, use as low of an isolation level as possible for the user connection running the transaction.
· Consider using bound connections

When a deadlock occurs, by default, SQL Server choose a deadlock "victim" by identifying which of the two processes will use the least amount of resources to rollback, and then returns error message 1205.
But what if you don't like default behavior? Can you change it? Yes, you can, by using the following command:

SET DEADLOCK_PRIORITY { LOW NORMAL @deadlock_var }
where:
Low tells SQL Server that the current session should be the preferred deadlock victim, not the session that incurs the least amount of rollback resources. The standard deadlock error message 1205 is returned.
Normal tells SQL Server to use the default deadlock method. @deadlock_var is a character variable specifying which deadlock method you want to use. Specify "3" for low, or "6" for normal. This command is set a runtime for a specified user connection. To help identify deadlock problems, use the SQL Server Profiler's Create Trace Wizard to run the "Identify The Cause of a Deadlock" trace. This will provide you with the raw data you need to help isolate the causes of deadlocks in your databases. To help identify which tables or stored procedures are causing deadlock problems, turn on trace flag 1204 (outputs basic trace data) or trace flag 1205 (outputs more detailed trace data).

DBCC TRACEON (3605,1204,-1)

Be sure to turn off this trace flag when you are done, as this trace can eat up SQL Server's resources unnecessarily, hurting performance. Ideally, deadlocks should be eliminated from your applications. But if you are unable to eliminate all deadlocks in your application, be sure to include program logic in your application to deal with killed deadlock transactions in a user-friendly way. For example, let's say that two transactions are deadlocked and that SQL Server kills one of the transactions. In this case, SQL Server will raise an error message that your application needs to respond to. In most cases, you will want your application to wait a random amount of time after the deadlock in order to resubmit the killed transaction to SQL Server. It is important that there is a random waiting period because it is possible that another contending transaction could also be waiting, and you don't want both contending transactions to wait the same amount of time and then both try to execute at the same time, causing another deadlock.

2008-09-13T21:20:00.000-07:00

these were some of the snap shots of the sql triages that i deleivered recently @ Microsoft.

2008-06-30T04:41:00.000-07:00

How Network Address Translation Works

Internet has grown larger than anyone ever imagined it could be. Although the exact size is unknown, the current estimate is that there are about 100 million hosts and more than 350 million users actively on the Internet. That is more than the entire population of the United States! In fact, the rate of growth has been such that the Internet is effectively doubling in size each year.

So what does the size of the Internet have to do with NAT? Everything! For a computer to communicate with other computers and Web servers on the Internet, it must have an IP address. An IP address (IP stands for Internet Protocol) is a unique 32-bit number that identifies the location of your computer on a network. Basically, it works like your street address -- as a way to find out exactly where you are and deliver information to you.

When IP addressing first came out, everyone thought that there were plenty of addresses to cover any need. Theoretically, you could have 4,294,967,296 unique addresses (232). The actual number of available addresses is smaller (somewhere between 3.2 and 3.3 billion) because of the way that the addresses are separated into classes, and because some addresses are set aside for multicasting, testing or other special uses.

With the explosion of the Internet and the increase in home networks and business networks, the number of available IP addresses is simply not enough. The obvious solution is to redesign the address format to allow for more possible addresses. This is being developed (called IPv6), but will take several years to implement because it requires modification of the entire infrastructure of the Internet.

This is where NAT (RFC 1631) comes to the rescue. Network Address Translation allows a single device, such as a router, to act as an agent between the Internet (or "public network") and a local (or "private") network. This means that only a single, unique IP address is required to represent an entire group of computers.

What Does NAT Do?

NAT is like the receptionist in a large office. Let's say you have left instructions with the receptionist not to forward any calls to you unless you request it. Later on, you call a potential client and leave a message for that client to call you back. You tell the receptionist that you are expecting a call from this client and to put her through.

The client calls the main number to your office, which is the only number the client knows. When the client tells the receptionist that she is looking for you, the receptionist checks a lookup table that matches your name with your extension. The receptionist knows that you requested this call, and therefore forwards the caller to your extension.

NAT has many forms and can work in several ways:

Static NAT - Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network.

Dynamic NAT - Maps an unregistered IP address to a registered IP address from a group of registered IP addresses.

Overloading - A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. This is known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT.

Overlapping - When the IP addresses used on your internal network are registered IP addresses in use on another network, the router must maintain a lookup table of these addresses so that it can intercept them and replace them with registered unique IP addresses. It is important to note that the NAT router must translate the "internal" addresses to registered unique addresses as well as translate the "external" registered addresses to addresses that are unique to the private network. This can be done either through static NAT or by using DNS and implementing dynamic NAT.

NAT can be configured in various ways. In the example below, the NAT router is configured to translate unregistered (inside, local) IP addresses, that reside on the private (inside) network, to registered IP addresses. This happens whenever a device on the inside with an unregistered address needs to communicate with the public (outside) network.

• ISP assigns a range of IP addresses to your company. The assigned block of addresses are registered, unique IP addresses and are called inside global addresses. Unregistered, private IP addresses are split into two groups. One is a small group (outside local addresses) that will be used by the NAT routers. The other, much larger group, known as inside local addresses, will be used on the stub domain. The outside local addresses are used to translate the unique IP addresses, known as outside global addresses, of devices on the public network.

• Most computers on the stub domain communicate with each other using the inside local addresses.

• Some computers on the stub domain communicate a lot outside the network. These computers have inside global addresses, which means that they do not require translation.

• When a computer on the stub domain that has an inside local address wants to communicate outside the network, the packet goes to one of the NAT routers.

• The NAT router checks the routing table to see if it has an entry for the destination address. If it does, the NAT router then translates the packet and creates an entry for it in the address translation table. If the destination address is not in the routing table, the packet is dropped.

• Using an inside global address, the router sends the packet on to it's destination.

• A computer on the public network sends a packet to the private network. The source address on the packet is an outside global address. The destination address is an inside global address.

• The NAT router looks at the address translation table and determines that the destination address is in there, mapped to a computer on the stub domain.

• The NAT router translates the inside global address of the packet to the inside local address, and sends it to the destination computer.

A real benefit of NAT is apparent in network administration. For example, you can move your Web server or FTP server to another host computer without having to worry about broken links. Simply change the inbound mapping at the router to reflect the new host. You can also make changes to your internal network easily, because the only external IP address either belongs to the router or comes from a pool of global addresses.

NAT and DHCP (dynamic host configuration protocol ) are a natural fit. You can choose a range of unregistered IP addresses for your stub domain and have the DHCP server dole them out as necessary. It also makes it much easier to scale up your network as your needs grow. You don't have to request more IP addresses from IANA. Instead, you can just increase the range of available IP addresses configured in DHCP to immediately have room for additional computers on your network.

2008-05-30T07:39:00.000-07:00

Virus Programming

Everybody is scared of computer ‘virus’ as it does harmful actions on our computer. But when we look into the virus programming, we may certainly come out with the conclusion that it requires intelligence to code a virus.so it hought i pen down an article about basics of virus programing.

Logic
It is easy to mess-up the right program. For example, if you remove even a single byte from an EXE file, that EXE file won’t be usable! Virus program don’t have any specific rules. But it’s a common practice to include ‘signatures’ by virus creators. The main idea is to force the innocent user to run the programs. So certain viruses come along with so called ‘programmer utilities’ or ‘free tools’. Another thing is, it is easy to hang-up a working system using some ‘bad’ interrupts. Viruses use this logic too!

TSR viruses
When TSR got its popularity, crackers started using TSR concepts for virus programming. There was a time when people who knew TSR started writing their own TSR viruses. But when Windows operating system was introduced, TSR viruses lost their “popularity”.

I have written the following program. This is actually a TSR virus. It is not much harmful; it just changes the attribute (color) byte of the existing characters present on screen.

#ifndef __SMALL__
#error Compile with Small memory model
#else
#include

int i = 1;
char far *Vid_RAM = (char far *)0xb8000000;

void interrupt (*Int9)( void );
void interrupt MyInt9( void );

void interrupt MyInt9( void )
{
*( Vid_RAM + i ) = i;
if ( i>4000 )
i = 1;
else
i += 2;
(*Int9)( );
} /*--interrupt MyInt9-----*/

int main(void)
{
Int9 = getvect( 9 );
setvect( 9, MyInt9 );
keep( 0, 500 );
return(0);
} /*--main( )----*/

#endif

Though the program might not be that efficient , i've tried my level best. I do not have a stronghold programming myself.

Windows viruses
When Windows operating system was introduced, much of the DOS based viruses lost their “popularity”. Under Windows operating system, only certain viruses like “Boot sector virus” and “Disk formatting viruses” can do harmful actions. So crackers went for exploiting Windows. Windows based viruses exploit Internet ‘loopholes’. As VB Script even has access to Windows Registry, VB Script is commonly used for Windows or Internet based “spreading viruses”.

Anti-Viruses
As I said earlier, many virus programmers add signature to their program. So by checking the signature, we can find the name of the virus. Most of the anti-virus packages use this logic! The following table shows few viruses and their signatures. Let us see some of the standard viruses and their signatures :

Einstein - 0042CD217231B96E0333D2B440CD2172193BC17515B80042
Phoenix - 927 E800005E81C6????BF0001B90400F3A4E8
Spanz - E800005E81EE????8D94????B41ACD21C784
Necropolis - 50FCAD33C2AB8BD0E2F8
Trivial-25 -B44EFEC6CD21B8??3DBA??00CD2193B440CD
Trivial-46 - B44EB120BA????CD21BA????B80?3DCD21%2BA0001%4B440CD
SK - CD20B80300CD1051E800005E83EE09

you can find that writing anti-virus package is not a tough job. But understand the fact that checking out the signature is not 100% foolproof. You may find many of the buggy antivirus packages even point out the right programs as virus programs and vice-versa.

Top 5 viruses

Which viruses are the most successful ever? Here i present a selection of those that travelled furthest, infected most computers ... or survived the longest.

1) Love Bug (VBS/LoveLet-A)

The Love Bug is probably the best-known virus. By pretending to be a love letter, it played on users’ curiosity, spreading around the world in hours. The original version sends an email with the subject line ‘I LOVE YOU’ and the text ‘kindly check the attached love letter coming from me’. Opening the attachment allows the virus to run. If Microsoft Outlook is installed, the virus tries to forward itself to all addresses in the Outlook address book. It can also distribute itself to other newsgroup users, steal user information and overwrite certain files.

2) Kakworm (VBS/Kakworm)

Kakworm made it possible for users to become infected just by viewing infected email. The worm arrives embedded in an email message. If you are using Outlook or Outlook Express with Internet Explorer 5, the machine can be infected when you open or preview the infected email. The virus changes the Outlook Express settings so that the virus code is automatically included with all outgoing mail. On the 1st of any month after 5 pm, it displays the message ‘Kagou-Anti_Kro$oft says not today’ and shuts down Windows.

3) Melissa (WM97/Melissa)

Melissa is an email virus that uses psychological subtlety to spread rapidly. It appears to come from someone you know and to include a document you would definitely want to read. As a result, Melissa spread worldwide within a single day. Sends a message to the first fifty addresses in all the address books accessible by Microsoft Outlook, using the current user’s name in the subject line. There is an attachment containing a copy of the infected document. If the minute and day are the same when the document is opened (e.g. 10.05 am on the 5th), the virus adds text about the game Scrabble to the document.

4) Concept (WM/Concept)

Concept achieved instant success by being shipped accidentally on official Microsoft software. It was the first macro virus found in the wild and one of the commonest viruses in 1996-1998. The virus takes control with its AutoOpen macro, which Word runs automatically, and carries out infection with its FileSaveAs macro, which runs when Word saves a document. Many variants exist. When you open an infected document, a dialog box titled ‘Microsoft Word’ and containing the figure 1 appears. The virus includes the text ‘That’s enough to prove my point’ but this is never displayed.

5) Parity Boot

Parity Boot spreads on the boot sectors of floppy disks. Its success shows that boot sector viruses, which were commonest in the 1980s and early 1990s, can still thrive. This virus was still among the most commonly reported as recently as 1998. It was particularly common in Germany, where it was distributed on a magazine cover-disk in 1994. Displays the message ‘PARITY CHECK’ and freezes the computer. This mimics a genuine memory error. As a result, users often think that there is a problem with their computer’s RAM (Random Access Memory).

2008-05-28T10:15:00.000-07:00

ANATOMY OF COMPUTER VIRUSES
~ THEY TOO HAVE A LIFE~

Here i'm going to post my technical seminar , which i presented in my final year of Engineering year 2008. Let me start of with what this paper is all about : The There has been considerable interest in computer viruses since they first appeared in 1981, and especially in the past few years as they have reached epidemic numbers in many personal computer environments. Viruses have been written about as a security problem, as a social problem, and as a possible means of performing useful tasks in a distributed computing environment. However, only recently have some scientists begun to ask if computer viruses are not a form of artificial life — a self-replicating organism. Simply because computer viruses do not exist as organic molecules may not be sufficient reason to dismiss the classification of this form of “vandalware” as a form of life.

You can always get back to me for more detail on computer viruses & malwares at ajaykumar127@gmail.com

2008-05-18T11:53:00.000-07:00

The New meaning of P2P

I am writing this article to encourage the budding engineers out there to take concrete and meaningful steps to address the serious risks posed to our culture and to the entire humanity by today’s peer-to-peer (“P2P”) file-sharing technology. My concern here is to address issues relating problems of today as the use of P2P Networks to disseminate pornography invade privacy and infringe copyrights, P2P software may one day realize its potential as a means for facilitating a wide range of collaborative, project management, business planning, and academic/education activities. At present, P2P software has too many times been hijacked by those who use it for illegal purposes to which the vast majority of today’s computer users do not wish to be exposed.

The users need to be provided with the information necessary to understand this Technology and to make informed decisions concerning its use. P2P file-sharing technology works by allowing consumers to download free software that enables them to directly share files stored on their hard drive with other users. This type of direct access to one’s computer differentiates P2P file-sharing technology from garden-variety e-mail accounts and commercial search engines such as Google and Yahoo.

One substantial and ever-growing use of P2P software is as a method of disseminating Pornography, including child pornography. While at least some of today’s so called top companies do provide “filters” to help screen out unwanted files, including presumably those containing pornography, those filters appear to work by focusing on language in the file’s description or the file’s title rather than on the file’s content. P2P users interested in disseminating and receiving offensive or illegal material, such as child pornography, can simply use an innocuous file title and/or description in order to bypass those filters. Consequently, P2P users need to be made aware that they are exposing themselves, and their children, to widespread availability of pornographic material when they download and install P2P file-sharing programs on their computers.

Furthermore, P2P file-sharing technology can allow its users to access the files of other Users, even when the computer is “off” if the computer itself is connected to the Internet via Broadband. P2P users, including both home users and small businesses, who do not properly understand this software have inadvertently given other P2P users access to tax returns, medical files, financial records, personal e- mail, and confidential documents stored on their computers. Combating identity theft is the main priority , and government of our country has enacted slow motion laws to stop it. Consequently, P2P users need to be properly educated so that they will not inadvertently share personal files on their hard drives with other users of your P2P file-sharing technology.

P2P file-sharing programs also are being used to illegally trade copyrighted music, movies, software, and video games, contributing to economic losses. Being quite a download freak myself I gave up P2P for downloading movies and other copyrighted material after I hitting a massive ONE TERABYTE download. The Business Software Alliance estimates that its members lost $13 billion in revenue last year due to software piracy. According to a January 2007 CNN article, “U.S. software companies lose up to $170 billion a year in piracy according to the Software and Information Industry Association. Music companies lost more than $46 billion worldwide last year, according to the RIAA [Recording Industry Association of America] ”.

Also viewing the reports that P2P software is being used as a means of transmitting unwanted spyware and adware that is bundled with the P2P software. Spyware aids an individual or a corporation in gathering information about P2P users without their consent or in asserting control over P2P users’ computers without their consent. We hope that at least some P2P file-sharing services add encryption features to those services. The addition of such encryption features will make it more difficult, if not impossible, for law enforcement to police users of P2P technology in order to prosecute crimes such as child pornography. Encryption only reinforces the perception that P2P technology is being used primarily for illegal ends.

Every time a new communications medium is presented, pornography and erotica seem to be distributed using it. Unfortunately, we live in times in which there are people in positions of political and legal influence who believe that they should be able to define what is and is not proper, and furthermore restrict access to that material. We have also heard of cases in which people have had their computers confiscated for having a computer image on disk, which they were unaware was present, that depicted activities that someone decided violated "community standards." There have also been cases where individuals have been convicted of pornography charges, even though the material was not considered obscene where the system was normally accessed. And last of all, you can be in serious legal trouble for simply FTPing an image of a naked minor, even if you don't know what is in the image at the time you fetch it.

We should also point out that as part of any sensible security administration, you should know what you have on your computer, and why. Keep track of who is accessing material you provide, and beware of unauthorized use.

And on an ending note I would like to say that it is the duty of today’s youth to see to that the technology is not misused because it will take us in the direction we want it to go.

please step forward to put an end to this ...
ajay

2008-05-15T08:04:00.000-07:00

Dummies guide to Strong passwords: How to create and use them

Your passwords are the keys you use to access personal information that you've stored on your computer and in your online accounts. If criminals or other malicious users steal this information, they can use your name to open new credit card accounts, apply for a mortgage, or pose as you in online transactions. In many cases you would not notice these attacks until it was too late.
Fortunately, it is not hard to create strong passwords and keep them well protected.

What makes a strong password???

To an attacker, a strong password should appear to be a random string of characters. The following criteria can help your passwords do so:

Make it lengthy. Each character that you add to your password increases the protection that it provides many times over. Your passwords should be 8 or more characters in length; 14 characters or longer is ideal.

Many systems also support use of the space bar in passwords, so you can create a phrase made of many words (a "pass phrase"). A pass phrase is often easier to remember than a simple password, as well as longer and harder to guess.

Combine letters, numbers, and symbols. The greater variety of characters that you have in your password, the harder it is to guess. Other important specifics include:

The fewer types of characters in your password, the longer it must be. A 15-character password composed only of random letters and numbers is about 33,000 times stronger than an 8-character password composed of characters from the entire keyboard. If you cannot create a password that contains symbols, you need to make it considerably longer to get the same degree of protection. An ideal password combines both length and different types of symbols.
Use the entire keyboard, not just the most common characters. Symbols typed by holding down the "Shift" key and typing a number are very common in passwords. Your password will be much stronger if you choose from all the symbols on the keyboard, including punctuation marks not on the upper row of the keyboard, and any symbols unique to your language.

Use words and phrases that are easy for you to remember, but difficult for others to guess. The easiest way to remember your passwords and pass phrases is to write them down. Contrary to popular belief, there is nothing wrong with writing passwords down, but they need to be adequately protected in order to remain secure and effective.

In general, passwords written on a piece of paper are more difficult to compromise across the Internet than a password manager, Web site, or other software-based storage tool, such as password managers.
Create a strong, memorable password in 6 steps

Use these steps to develop a strong password:

1. Think of a sentence that you can remember. This will be the basis of your strong password or pass phrase. Use a memorable sentence, such as "My son Aiden is three years old."

2. Check if the computer or online system supports the pass phrase directly. If you can use a pass phrase (with spaces between characters) on your computer or online system, do so.

3. If the computer or online system does not support pass phrases, convert it to a password. Take the first letter of each word of the sentence that you've created to create a new, nonsensical word. Using the example above, you'd get: "msaityo".

4. Add complexity by mixing uppercase and lowercase letters and numbers. It is valuable to use some letter swapping or misspellings as well. For instance, in the pass phrase above, consider misspelling Aiden's name, or substituting the word "three" for the number 3. There are many possible substitutions, and the longer the sentence, the more complex your password can be. Your pass phrase might become "My SoN Ayd3N is 3 yeeRs old." If the computer or online system will not support a pass phrase, use the same technique on the shorter password. This might yield a password like "MsAy3yo".

5. Finally, substitute some special characters. You can use symbols that look like letters, combine words (remove spaces) and other ways to make the password more complex. Using these tricks, we create a pass phrase of "MySoN 8N i$ 3 yeeR$ old" or a password (using the first letter of each word) "M$8ni3y0".

6. Test your new password with Password Checker. Password Checker is a non-recording feature on this Web site that helps determine your password's strength as you type.

Password strategies to avoid

Some common methods used to create passwords are easy to guess by criminals. To avoid weak, easy-to-guess passwords:

• Avoid sequences or repeated characters. "12345678," "222222," "abcdefg," or adjacent letters on your keyboard do not help make secure passwords.

• Avoid using only look-alike substitutions of numbers or symbols. Criminals and other malicious users who know enough to try and crack your password will not be fooled by common look-alike replacements, such as to replace an 'i' with a '1' or an 'a' with '@' as in "M1cr0$0ft" or "P@ssw0rd". But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.

• Avoid your login name. Any part of your name, birthday, social security number, or similar information for your loved ones constitutes a bad password choice. This is one of the first things criminals will try.

•Avoid dictionary words in any language. Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, and substitutions. This includes all sorts of profanity and any word you would not say in front of your children.

•Use more than one password everywhere. If any one of the computers or online systems using this password is compromised, all of your other information protected by that password should be considered compromised as well. It is critical to use different passwords for different systems.

•Avoid using online storage. If malicious users find these passwords stored online or on a networked computer, they have access to all your information.

The "blank password" option

A blank password (no password at all) on your account is more secure than a weak password such as "1234". Criminals can easily guess a simplistic password, but on computers using Windows XP, an account without a password cannot be accessed remotely by means such as a network or the Internet. (This option is not available for Microsoft Windows 2000, Windows Me, or earlier versions) You can choose to use a blank password on your computer account if these criteria are met:

• You only have one computer or you have several computers but you do not need to access information on one computer from another one .

• The computer is physically secure (you trust everyone who has physical access to the computer) The use of a blank password is not always a good idea. For example, a laptop computer that you take with you is probably not physically secure, so on those you should have a strong password.

How to access and change your passwords

Online accounts

Web sites have a variety of policies that govern how you can access your account and change your password. Look for a link (such as "my account") somewhere on the site's home page that goes to a special area of the site that allows password and account management.

Computer passwords
The Help files for your computer operating system will usually provide information about how to create, modify, and access password-protected user accounts, as well as how to require password protection upon startup of your computer. You can also try to find this information online at the software manufacturer's Web site. For example, if you use Microsoft Windows XP, online help can show you how to manage passwords, change passwords, and more.

Keep your passwords secret

Treat your passwords and pass phrases with as much care as the information that they protect.

• Don't reveal them to others. Keep your passwords hidden from friends or family members (especially children) who could pass them on to other less trustworthy individuals. Passwords that you need to share with others, such as the password to your online banking account that you might share with your spouse, are the only exceptions.

• Protect any recorded passwords. Be careful where you store the passwords that you record or write down. Do not leave these records of your passwords anywhere that you would not leave the information that they protect.

• Never provide your password over e-mail or based on an e-mail request. Any e-mail that requests your password or requests that you to go to a Web site to verify your password is almost certainly a fraud. This includes requests from a trusted company or individual. E-mail can be intercepted in transit, and e-mail that requests information might not be from the sender it claims. Internet "phishing" scams use fraudulent e-mail messages to entice you into revealing your user names and passwords, steal your identity, and more. Learn more about phishing scams and how to deal with online fraud.

• Change your passwords regularly. This can help keep criminals and other malicious users unaware. The strength of your password will help keep it good for a longer time. A password that is shorter than 8 characters should be considered only good for a week or so, while a password that is 14 characters or longer (and follows the other rules outlined above) can be good for several years.

• Do not type passwords on computers that you do not control. Computers such as those in Internet cafés, computer labs, shared systems, kiosk systems, conferences, and airport lounges should be considered unsafe for any personal use other than anonymous Internet browsing. Do not use these computers to check online e-mail, chat rooms, bank balances, business mail, or any other account that requires a user name and password. Criminals can purchase keystroke logging devices for very little money and they take only a few moments to install. These devices let malicious users harvest all the information typed on a computer from across the Internet—your passwords and pass phrases are worth as much as the information that they protect.

What to do if your password is stolen

Be sure to monitor all the information you protect with your passwords, such as your monthly financial statements, credit reports, online shopping accounts, and so on. Strong, memorable passwords can help protect you against fraud and identity theft, but there are no guarantees. No matter how strong your password is, if someone breaks into the system that stores it, they will have your password. If you notice any suspicious activity that could indicate that someone has accessed your information, notify authorities as quickly as you can. Get more information on what to do if you think your identity has been stolen or you've been similarly defrauded.

The Password Management Problem

It's that time again. You've been asked to change the password that gives you access to all your crucial systems and information. Or perhaps you need to enter yet another new password to access yet another application, document, or system.

Choosing Hard to Guess Passwords

It's tempting to pick something easy to remember, like spelling your user name backwards, or child's name, or a word from the dictionary. The problem is, the easier it is to remember, the easier it is for an intruder to steal.

Malicious intruders often gain access to a company's systems by stealing, or cracking, a password and account name, then posing as that user. If the intruder knows you, they can easily gain access by trying password combinations related to your family or hobbies. If they have physical access to your desk or digital assistant, their chances of getting into your accounts are even greater if you've used something personal for your password.

Hackers use readily available software to rapidly enter random dictionary words until they hit pay dirt, and it can take only minutes! The shorter the password, the faster it can be guessed. Even words spelled backwards, rearranged, or including numbers are not safe. A common misconception is that substitutions, such as replacing the letter l or i with the digit 1 will fool password cracking software. Password cracking programs are smart enough to do this too.

Examples of bad passwords include:

mydog2
bi11smith
yromem (memory backwards)
win4me
The safest solution for choosing good passwords is to use a randomly generated or seemingly random password that:
Is at least 6 characters long, and longer if possible.
Contains a mix of upper and lower case letters.
Includes numerals, special characters, and punctuation.
Is not based on any personal information.
Is not based on any dictionary word.
Examples of strong passwords include:

De2#vu
5sd$oiP
er89TI

Writing Down Passwords

If you have too many passwords, it is tempting to write them down -- after all, can you really remember 10 different passwords, that change at different times, some of which are rarely used?
Writing down passwords is a serious breach of security, because it means that anyone who can physically get to the piece of paper, sticky note or PDA that contains the password, can also log into systems with your accounts. Should a visiting vendor really be able to sign into the finance application? Should the janitor be able to read your mail?

A better solution is to create a single, strong password, and apply it to all of your login accounts. One password is easier to remember, and is more secure than a post-it note.

Reusing Passwords

Another temptation, when imagination fails, is to reuse old password values when the time comes to change your password. This is also a security problem, since the whole point of a regular password change is to limit the time available to an intruder to crack your password. If an old password is reused, intruders would have more time to crack them. If the old password was already compromised, the new one will compromise your security again.

If you cannot think of a new, secure password -- have a program, like P-Synch®, randomly generate one for you.

How to Choose a Good Password

Some security experts recommend using a password based on a mnemonic, such as an easily remembered phrase. For example, take the first letter of a each word in a phrase, then add a few special characters or numbers to it. For example, "lend me your ears" can become "lmye4%". "To be or not to be, that is the question" can become "2Bor!2b?".

This is good technique, but you may need some patience to think up a new phrase every time you change your password -- especially if you have to think of a different password for every system that you log into. This may lead some users to recycle some version of their old password - another security threat.

Another easy way to choose a good, safe password is to let an application like P-Synch do it for you. P-Synch makes remembering passwords easy by synchronizing passwords, so that you only have one password to remember, and that password works on every system.

P-Synch can provide a suggested list of randomly generated passwords, and reject passwords that do not comply with strong password rules, so that you always choose good passwords.

When to Change Your Password

Perhaps just as important as how to choose a new password is when to do it. New passwords are most easily remembered if you start using them immediately, and use them often. Don't change your password at the end of the day, the end of the week, or before a holiday. Instead, change your password in the morning, at the start of the week. Your mind will be clearer, and frequent use of the new password will reinforce your memory.

if you need any more information regarding this topic , feel free to mail me at my email address or drop in your comments here on my blog.
regards....
ajay

2008-02-04T04:30:00.000-08:00

Network Security Via Reverse Engineering of TCP Code:

The Transmission Control Protocol/Internet Protocol (TCP/IP ) suite is a very widely used technique that is employed to interconnect computing facilities in modern network environments. However, there exist several security vulnerabilities in the TCP specification and additional weaknesses in a number of widely-available implementations of TCP. These vulnerabilities may enable an intruder to attack TCP-based systems, enabling him/her to hijack a TCP connection or cause denial of service to legitimate users. The analysis of TCP code via a reverse engineering" technique called slicing to identify several of these vulnerabilities, especially those that are related to the TCP state-transition diagram.

Now here rather than telling how intrusion dectection works , i'm going to be writing a series of FAQ's about The Process :

1.1 What is a "network intrusion detection system (NIDS)"?

An intrusion is somebody (A.K.A. "hacker" or "cracker") attempting to break into or misuse your system. The word "misuse" is broad, and can reflect something severe as stealing confidential data to something minor such as misusing your email system for spam (though for many of us, that is a major issue!).

An "Intrusion Detection System (IDS)" is a system for detecting such intrusions. For the purposes of this FAQ, IDS can be broken down into the following categories:

network intrusion detection systems (NIDS) monitors packets on the network wire and attempts to discover if a hacker/cracker is attempting to break into a system (or cause a denial of service attack). A typical example is a system that watches for large number of TCP connection requests (SYN) to many different ports on a target machine, thus discovering if someone is attempting a TCP port scan. A NIDS may run either on the target machine who watches its own traffic (usually integrated with the stack and services themselves), or on an independent machine promiscuously watching all network traffic (hub, router, probe). Note that a "network" IDS monitors many machines, whereas the others monitor only a single machine (the one they are installed on).

system integrity verifiers (SIV) monitors system files to find when a intruder changes them (thereby leaving behind a backdoor). The most famous of such systems is "Tripwire". A SIV may watch other components as well, such as the Windows registry and chron configuration, in order to find well known signatures. It may also detect when a normal user somehow acquires root/administrator level privleges. Many existing products in this area should be considered more "tools" than complete "systems": i.e. something like "Tripwire" detects changes in critical system components, but doesn't generate real-time alerts upon an intrusion.

log file monitors (LFM) monitor log files generated by network services. In a similar manner to NIDS, these systems look for patterns in the log files that suggest an intruder is attacking. A typical example would be a parser for HTTP server log files that looking for intruders who try well-known security holes, such as the "phf" attack. Example: swatch

Deception systems (A.K.A. decoys, lures, fly-traps, honeypots) which contain pseudo-services whose goal is to emulate well-known holes in order to trap hackers. Also, simple tricks by renaming "administrator" account on NT, then setting up a dummy account with no rights by extensive auditing can be used.

1.2 Who is misusing the system?

There are two words to describe the intruder: hacker and cracker. A hacker is a generic term for a person who likes getting into things. The benign hacker is the person who likes to get into his/her own computer and understand how it works. The malicious hacker is the person who likes getting into other people's systems. The benign hackers wish that the media would stop bad-mouthing all hackers and use the term 'cracker' instead. Unfortunately, this is not likely to happen. In any event, the word used in this FAQ is 'intruder', to generically denote anybody trying to get into your systems.

Intruders can be classified into two categories:
Outsiders
Intruders from outside your network, and who may attack you external presence (deface web servers, forward spam through e-mail servers, etc.). They may also attempt to go around the firewall to attack machines on the internal network. Outside intruders may come from the Internet, dial-up lines, physical break-ins, or from partner (vendor, customer, reseller, etc.) network that is linked to your corporate network.
Insiders
Intruders that legitimately use your internal network. These include users who misuse privileges (such as the Social Security employee who marked someone as being dead because they didn't like that person) or who impersonate higher privileged users (such as using someone else's terminal). A frequently quoted statistic is that 80% of security breaches are committed by insiders.

There are several types of intruders Joy riders hack because they can. Vandals are intent on causing destruction or marking up your web-pages. Profiteers are intent on profiting from their enterprise, such as rigging the system to give them money or by stealing corporate data and selling it.

1.3 How do intruders get into systems?

The primary ways a intruder can get into a system:

Physical Intrusion If a intruders have physical access to a machine (i.e. they can use the keyboard or take apart the system), they will be able to get in. Techniques range from special privileges the console has, to the ability to physically take apart the system and remove the disk drive (and read/write it on another machine). Even BIOS protection is easy to bypass: virtually all BIOSes have backdoor passwords.

System Intrusion This type of hacking assumes the intruder already has a low-privilege user account on the system. If the system doesn't have the latest security patches, there is a good chance the intruder will be able to use a known exploit in order to gain additional administrative privileges.

Remote Intrusion This type of hacking involves a intruder who attempts to penetrate a system remotely across the network. The intruder begins with no special privileges. There are several forms of this hacking. For example, a intruder has a much more difficult time if there exists a firewall on between him/her and the victim machine.

Note that Network Intrusion Detection Systems are primarily concerned with Remote Intrusion.

1.4 Why can intruders get into systems?

Software always has bugs. System Administrators and Programmers can never track down and eliminate all possible holes. Intruders have only to find one hole to break in.

1.4.1 Software bugs

Software bugs are exploited in the server daemons, the client applications, the operating system, and the network stack. Software bugs can be classified in the following manner:

Buffer overflows: Almost all the security holes you read about in the press are due to this problem. A typical example is a programmer who sets aside 256 characters to hold a login username. Surely, the programmer thinks, nobody will ever have a name longer than that. But a hacker thinks, what happens if I enter in a false username longer than that? Where do the additional characters go? If they hackers do the job just right, they can send 300 characters, including code that will be executed by the server, and voila, they've broken in. Hackers find these bugs in several ways. First of all, the source code for a lot of services is available on the net. Hackers routinely look through this code searching for programs that have buffer overflow problems. Secondly, hackers may look at the programs themselves to see if such a problem exists, though reading assembly output is really difficult. Thirdly, hackers will examine every place the program has input and try to overflow it with random data. If the program crashes, there is a good chance that carefully constructed input will allow the hacker to break in. Note that this problem is common in programs written in C/C++, but rare in programs written in Java.

Unexpected combinations: Programs are usually constructed using many layers of code, including the underlying operating system as the bottom most layer. Intruders can often send input that is meaningless to one layer, but meaningful to another layer. The most common language for processing user input on the web is PERL. Programs written in PERL will usually send this input to other programs for further evaluation. A common hacking technique would be to enter something like "| mail < /etc/passwd". This gets executed because PERL asks the operating system to launch an additional program with that input. However, the operating system intercepts the pipe '|' character and launches the 'mail' program as well, which causes the password file to be emailed to the intruder.

Unhandled input: Most programs are written to handle valid input. Most programmers do not consider what happens when somebody enters input that doesn't match the specification.

Race conditions: Most systems today are "multitasking/multithreaded". This means that they can execute more than one program at a time. There is a danger if two programs need to access the same data at the same time. Imagine two programs, A and B, who need to modify the same file. In order to modify a file, each program must first read the file into memory, change the contents in memory, then copy the memory back out into the file. The race condition occurs when program A reads the file into memory, then makes the change. However, before A gets to write the file, program B steps in and does the full read/modify/write on the file. Now program A writes its copy back out to the file. Since program A started with a copy before B made its changes, all of B's changes will be lost. Since you need to get the sequence of events in just the right order, race conditions are very rare. Intruders usually have to tries thousands of time before they get it right, and hack into the system.

1.4.2 System configuration

System configuration bugs can be classified in the following manner:

Default configurations: Most systems are shipped to customers with default, easy-to-use configurations. Unfortunately, "easy-to-use" means "easy-to-break-in". Almost any UNIX or WinNT machine shipped to you can be hacked in easily.

Lazy administrators: A surprising number of machines are configured with an empty root/administrator password. This is because the administrator is too lazy to configure one right now and wants to get the machine up and running quickly with minimal fuss. Unfortunately, they never get around to fixing the password later, allowing intruders easy access. One of the first things a intruder will do on a network is to scan all machines for empty passwords.

Hole creation: Virtually all programs can be configured to run in a non-secure mode. Sometimes administrators will inadvertently open a hole on a machine. Most administration guides will suggest that administrators turn off everything that doesn't absolutely positively need to run on a machine in order to avoid accidental holes. Note that security auditing packages can usually find these holes and notify the administrator.

Trust relationships: Intruders often "island hop" through the network exploiting trust relationships. A network of machines trusting each other is only as secure as its weakest link.

1.4.3 Password cracking

This is a special category all to itself.

Really weak passwords: Most people use the names of themselves, their children, spouse/SO, pet, or car model as their password. Then there are the users who choose "password" or simply nothing. This gives a list of less than 30 possibilities that a intruder can type in for themselves.

Dictionary attacks: Failing the above attack, the intruder can next try a "dictionary attack". In this attack, the intruder will use a program that will try every possible word in the dictionary. Dictionary attacks can be done either by repeatedly logging into systems, or by collecting encrypted passwords and attempting to find a match by similarly encrypting all the passwords in the dictionary. Intruders usually have a copy of the English dictionary as well as foreign language dictionaries for this purpose. They all use additional dictionary-like databases, such as names (see above) and lists of common passwords.

Brute force attacks: Similar to a Dictionary attack, a intruder may try all possible combinations of characters. A short 4-letter password consisting of lower-case letters can be cracked in just a few minutes (roughly, half a million possible combinations). A long 7-character password consisting of upper and lower case, as well as numbers and punctuation (10 trillion combinations) can take months to crack assuming you can try a million combinations a second (in practice, a thousand combinations per second is more likely for a single machine).

1.4.4 Sniffing unsecured traffic

Shared medium: On traditional Ethernet, all you have to do is put a Sniffer on the wire to see all the traffic on a segment. This is getting more difficult now that most corporations are transitioning to switched Ethernet.

Server sniffing: However, on switched networks, if you can install a sniffing program on a server (especially one acting as a router), you can probably use that information to break into client machines and trusted machines as well. For example, you might not know a user's password, but sniffing a Telnet session when they log in will give you that password.

Remote sniffing: A large number of boxes come with RMON enabled and public community strings. While the bandwidth is really low (you can't sniff all the traffic), it presents interesting possibilities.

1.4.5 Design flaws

Even if a software implementation is completely correct according to the design, there still may be bugs in the design itself that leads to intrusions.

TCP/IP protocol flaws: The TCP/IP protocool was designed before we had much experience with the wide-scale hacking we see today. As a result, there are a number of design flaws that lead to possible security problems. Some examples include smurf attacks, ICMP Unreachable disconnects, IP spoofing, and SYN floods. The biggest problem is that the IP protocol itself is very "trusting": hackers are free to forge and change IP data with impunity. IPsec (IP security) has been designed to overcome many of these flaws, but it is not yet widely used.

UNIX design flaws: There are number of inherent flaws in the UNIX operating system that frequently lead to intrusions. The chief problem is the access control system, where only 'root' is granted administrative rights.

1.5 How do intruders get passwords?

Intruders get passwords in the following ways:

Clear-text sniffing: A number of protocols (Telnet, FTP, HTTP Basic) use clear-text passwords, meaning that they are not encrypted as the go over the wire between the client and the server. A intruder with a protocol analyzer can watch the wire looking for such passwords. No further effort is needed; the intruder can start immediately using those passwords to log in.

Encrypted sniffing: Most protocols, however, use some sort of encryption on the passwords. In these cases, the intruder will need to carry out a Dictionary or Brute Force attack on the password in order to attempt decryption. Note that you still don't know about the intruder's presence, as he/she has been completely passive and has not transmitted anything on the wire. Password cracking does not require anything to be sent on the wire as intruder's own machine is being used to authenticate your password.

Replay attack: In some cases, intruders do not need to decrypt the password. They can use the encrypted form instead in order to login to systems. This usually requires reprogramming their client software in order to make use of the encrypted password.

Password file stealing: The entire user database is usually stored in a single file on the disk. In UNIX, this file is /etc/passwd (or some mirror of that file), and under WinNT, this is the SAM file. Either way, once a intruder gets hold of this file, he/she can run cracking programs (described above) in order to find some weak passwords within the file.

Observation: One of the traditional problems in password security is that passwords must be long and difficult to guess (in order to make Dictionary and Brute Force cracks unreasonably difficult). However, such passwords are often difficult to remember, so users write them down somewhere. Intruders can often search a persons work site in order to find passwords written on little pieces of paper (usually under the keyboard). Intruders can also train themselves to watch typed in passwords behind a user's back.

Social Engineering: A common (successful) technique is to simply call the user and say "Hi, this is Bob from MIS. We're trying to track down some problems on the network and they appear to be coming from your machine. What password are you using?" Many users will give up their password in this situation. (Most corporations have a policy where they tell users to never give out their password, even to their own MIS departments, but this technique is still successful. One easy way around this is for MIS to call the new employee 6-months have being hired and ask for their password, then criticize them for giving it to them in a manner they will not forget :-)

1.6 What is a typical intrusion scenario?

A typical scenario might be:

Step 1: outside reconnaissance The intruder will find out as much as possible without actually giving themselves away. They will do this by finding public information or appearing as a normal user. In this stage, you really can't detect them. The intruder will do a 'whois' lookup to find as much information as possible about your network as registered along with your Domain Name (such as foobar.com. The intruder might walk through your DNS tables (using 'nslookup', 'dig', or other utilities to do domain transfers) to find the names of your machines. The intruder will browse other public information, such as your public web sites and anonymous FTP sites. The intruder might search news articles and press releases about your company.

Step 2: inside reconnaisance The intruder uses more invasive techniques to scan for information, but still doesn't do anything harmful. They might walk through all your web pages and look for CGI scripts (CGI scripts are often easily hacked). They might do a 'ping' sweep in order to see which machines are alive. They might do a UDP/TCP scan/strobe on target machines in order to see what services are available. They'll run utilities like 'rcpinfo', 'showmount', 'snmpwalk', etc. in order to see what's available. At this point, the intruder has done 'normal' activity on the network and has not done anything that can be classified as an intrusion. At this point, a NIDS will be able to tell you that "somebody is checking door handles", but nobody has actually tried to open a door yet.

Step 3: exploit The intruder crosses the line and starts exploiting possible holes in the target machines. The intruder may attempt to compromise a CGI script by sending shell commands in input fields. The intruder might attempt to exploit well-known buffer-overrun holes by sending large amounts of data. The intruder may start checking for login accounts with easily guessable (or empty) passwords. The hacker may go through several stages of exploits. For example, if the hacker was able to access a user account, they will now attempt further exploits in order to get root/admin access.

Step 4: foot hold At this stage, the hacker has successfully gained a foot hold in your network by hacking into a machine. The intruder's main goal is to hide evidence of the attacks (doctoring the audit trail and log files) and make sure they can get back in again. They may install 'toolkits' that give them access, replace existing services with their own Trojan horses that have backdoor passwords, or create their own user accounts. System Integrity Verifiers (SIVs) can often detect an intruder at this point by noting the changed system files. The hacker will then use the system as a stepping stone to other systems, since most networks have fewer defenses from inside attacks.

Step 5: profit The intruder takes advantage of their status to steal confidential data, misuse system resources (i.e. stage attacks at other sites from your site), or deface web pages.

Another scenario starts differently. Rather than attack a specific site, and intruder might simply scan random internet addresses looking for a specific hole. For example, an intruder may attempt to scan the entire Internet for machines that have the SendMail DEBUG hole. They simply exploit such machines that they find. They don't target you directly, and they really won't even know who you are. (This is known as a 'birthday attack'; given a list of well-known security holes and a list of IP addresses, there is a good chance that there exists some machine somewhere that has one of those holes)

1.7 What are some common "intrusion signatures"?

There are three types of attacks:

reconnaisance These include ping sweeps, DNS zone transfers, e-mail recons, TCP or UDP port scans, and possibly indexing of public web servers to find cgi holes.

exploits Intruders will take advantage of hidden features or bugs to gain access to the system.

denial-of-service (DoS) attacks Where the intruder attempts to crash a service (or the machine), overload network links, overloaded the CPU, or fill up the disk. The intruder is not trying to gain information, but to simply act as a vandal to prevent you from making use of your machine.

1.8 What are some common exploits?

1.8.1 CGI scripts

CGI programs are notoriously insecure. Typical security holes include passing tainted input directly to the command shell via the use of shell metacharacters, using hidden variables specifying any filename on the system, and otherwise revealing more about the system than is good. The most well-known CGI bug is the 'phf' library shipped with NCSA httpd. The 'phf' library is supposed to allow server-parsed HTML, but can be exploited to give back any file. Other well-known CGI scripts that an intruder might attempt to exploit are: TextCounter, GuestBook, EWS, info2www, Count.cgi, handler, webdist.cgi, php.cgi, files.pl, nph-test-cgi, nph-publish, AnyForm, FormMail. If you see somebody trying to access one or all of these CGI scripts (and you don't use them), then it is clear indication of an intrusion attempt (assuming you don't have a version installed that you actually want to use).

1.8.2 Web server attacks

Beyond the execution of CGI programs, web servers have other possible holes. A large number of self-written web servers (include IIS 1.0 and NetWare 2.x) have hole whereby a file name can include a series of "../" in the path name to move elsewhere in the file system, getting any file. Another common bug is buffer overflow in the request field or in one of the other HTTP fields.

Web server often have bugs related to their interaction with the underlying operating system. An old hole in Microsoft IIS have been dealing with the fact that files have two names, a long filename and a short 8.3 hashed equivalent that could sometimes be accessed bypassing permissions. NTFS (the new file system) has a feature called "alternate data streams" that is similar to the Macintosh data and resource forks. You could access the file through its stream name by appending "::$DATA" in order to see a script rather than run it.

Servers have long had problems with URLs. For example, the "death by a thousand slashes" problem in older Apache would cause huge CPU loads as it tried to process each directory in a thousand slash URL.

1.8.3 Web browser attacks

It seems that all of Microsoft's and Netscape's web browsers have security holes (though, of course, the latest ones never have any that we know about -- yet). This includes both URL, HTTP, HTML, JavaScript, Frames, Java, and ActiveX attacks.

URL fields can cause a buffer overflow condition, either as it is parsed in the HTTP header, as it is displayed on the screen, or processed in some form (such as saved in the cache history). Also, an old bug with Internet Explorer allowed interaction with a bug whereby the browser would execute .LNK or .URL commands.

HTTP headers can be used to exploit bugs because some fields are passed to functions that expect only certain information.

HTML can be often exploited, such as the MIME-type overflow in Netscape Communicator's command.

JavaScript is a perennial favorite, and usually tries to exploit the "file upload" function by generating a filename and automatically hidden the "SUBMIT" button. There have been many variations of this bug fixed, then new ways found to circumvent the fixes.

Frames are often used as part of a JavaScript or Java hack (for example, hiding web-pages in 1px by 1px sized screens), but they present special problems. For example, I can include a link to a trustworthy site that uses frames, then replace some of those frames with web pages from my own site, and they will appear to you to be part of that remote site.

Java has a robust security model, but that model has proven to have the occasional bug (though compared to everything else, it has proven to be one of the most secure elements of the whole system). Moreover, its robust security may be its undoing: Normal Java applets have no access to the local system, but sometimes they would be more useful if they did have local access. Thus, the implementation of "trust" models that can more easily be hacked.

ActiveX is even more dangerous than Java as it works purely from a trust model and runs native code. You can even inadvertently catch a virus that was accidentally imbedded in some vendor's code.

1.8.4 SMTP (SendMail) attacks

SendMail is an extremely complicated and widely used program, and as a consequence, has been the frequent source of security holes. In the old days (of the '88 Morris Worm), hackers would take advantage of a hole in the DEBUG command or the hidden WIZ feature to break into SMTP. These days, they often try buffer overruns. SMTP also can be exploited in reconnaissance attacks, such as using the VRFY command to find user names.

1.8.5 Access
Failed login attempts, failed file access attempts, password cracking, administrative powers abuse

1.8.6 IMAP
Users retrieve e-mail from servers via the IMAP protocol (in contrast, SMTP transfers e-mail between servers). Hackers have found a number of bugs in several popular IMAP servers.

1.8.7 IP spoofing
There is a range of attacks that take advantage of the ability to forge (or 'spoof') your IP address. While a source address is sent along with every IP packet, it isn't actually used for routing. This means an intruder can pretend to be you when talking to a server. The intruder never sees the response packets (although your machine does, but throws them away because they don't match any requests you've sent). The intruder won't get data back this way, but can still send commands to the server pretending to be you.

IP spoofing is frequently used as part of other attacks:

SMURF
Where the source address of a broadcast ping is forged so that a huge number of machines respond back to victim indicated by the address, overloading it (or its link).

TCP sequence number prediction
In the startup of a TCP connection, you must choose a sequence number for your end, and the server must choose a sequence number for its end. Older TCP stacks choose predictable sequence numbers, allowing intruders to create TCP connections from a forged IP address (for which they will never see the response packets) that presumably will bypass security.

DNS poisoning through sequence prediction
DNS servers will "recursively" resolve DNS names. Thus, the DNS server that satisfies a client request will become itself a client to the next server in the recursive chain. The sequence numbers it uses are predictable. Thus, an intruder can send a request to the DNS server and a response to the server forged to be from the next server in the chain. It will then believe the forged response, and use that to satisfy other clients.

1.8.8 Buffer Overflows
Some other buffer overflow attacks are:
DNS overflow
Where an overly long DNS name is sent to a server. DNS names are limited to 64-bytes per subcomponent and 256-bytes overall.
statd overflow
where an overly long filename is provided

1.8.9 DNS attacks
DNS is a prime target because if you can corrupt the DNS server, you can take advantage of trust relationships.
DNS cache poisoning
Every DNS packet contains a "Question" section and "Answer" section. Vulnerable servers will believe (and cache) Answers that you send along with Questions. Most, but not all, DNS servers have been patched as of November, 1998.
DNS poisoning through sequence prediction & DNS overflow

1.9 What tools do intruders use to break into my systems?

1.9.1UNIX utilities
These utilities either come with your favorite UNIX platform or you can download them for free.

ping
to see if a host is alive.
traceroute
to find the route to the host
nslookup/dig
to discover all your DNS information
whois
finds out Internic registration information
finger
finds out who is logged in and info about users
rpcinfo
finds out what RPC services are running
showmount
display shares on a machine
SAMBA
displays info about WinNT SMB shares
telnet
the granddaddy of them all -- allows you to connect and play with any text-based protocol (HTTP, FTP, SMTP, etc.)

1.9.2 WinNT utilities

All of the UNIX utilities mentioned above can be used with WinNT. There are also some WinNT specific ones.
nbtstat
discovers NetBIOS information on remote machine
net view
is the LANMAN program that allows you to remotely view WinNT shares

1.9.3 Hacking-specific utilities

The standard toolkit for a intruder.
netcat
is characterized as a "TCP/IP" Swiss Army Knife, allows intruders to script protocol interactions, especially text-based protocols.
crack / NTcrack / L0phtCrack / etc.
that crack network passwords (Dictionary or Brute Force). These packages also contain utilities for dumping passwords out of databases and sniffing them off the wire.
Sniffing utilities
for watching raw network traffic, such as Gobbler, tcpdump, or even an honest-to-god Network Associates Sniffer© Network Analyzer
TCP and UDP port scanners
for scanning/strobing/probing which TCP ports are available. TCP port-scanners can also run in a number of stealth modes to evade/elude loggers.
Ping sweepers
for pinging large numbers of machines to see which ones are active.
Exploit packs
which are a set of one or more programs that know how to exploit holes on systems (usually, once the user is logged in).
Remote security auditors
such as SATAN that look for a number of well known holes in machines all across the network.
War dialers
that dial lots of phone numbers looking for dial-in ports.
NAT
is based upon the SAMBA code, and is useful for discovering NetBIOS/SMB info from Windows and SAMBA servers.
Scanners
are programs (like SATAN, ISS, CyberCop Scanner) that probe the system for vulnerabilities. That have a huge number of vulnerabilities they check for and are generally automated, giving the hacker that highest return for the minimal effort.

2.0 What are the pros/cons of setting up a system that can be hacked?

The three most commonly hacked servers on the net are unpatched systems running older Linux (like Red Hat 5.0), Solaris 2.6, and Microsoft IIS 4.0. Therefore, as part of your honeypot plan, you might want to setup one or all three of these systems.

Remember: if you put one of these systems on the Internet, within a month it will be discovered and hacked.

Pros:

Learn about incidence response
Most people believe "it can't happen to them", and are unprepared when it does. Setting up systems that hackers break into will teach you about how to detect hacker breakins and how to clean up after them.

Learn about hacking techniques
Watching hackers break into your system teaches you a lot about hacking.

If you need a secure system inside your company (for example, one that holds financial information), setup a similar system outside your company with bogus data. If a hacker compromises that system, you'll learn how to protect the one inside your company from similar exploits.

Early warning systems
Setting up servers inside your company that can easily be hacked will alert you to hostile activity long before real systems get compromised. Hackers try the simpler techniques first before moving on to harder ways of breaking into system. Therefore, setting up an easily hacked system will clearly indicate the hostile intent of somebody.

Cons:

Launching Point
The biggest danger is that somebody could use that system to launch further attacks against either you or other people. In particular, there might be legal considerations when a system you control attacks a third party.

and finally What are deception countermeasures?

Beyond honeypots in particular, you can setup "deception countermeasures". Your network "leaks" lots of information about itself, which hackers in turn use to break into your network. Therefore, if you leaks deceptive information about you network, then you'll at minimum misdirect your attackers, but hopefully trigger alerts.

I personally have done the following sorts of things:

E-mail headers
A classic problem on the web is that e-mail systems insert the IP address of the system sending the message to it. If you are inside a corporation and send e-mail out, you reveal internal e-mail servers. If you are using a free e-mail system like Yahoo mail or Hotmail, the IP address of the machine you used to send the mail is included in the header. This process can go several level deep as e-mail inside companies often travel several hops through gateway, firewalls, and anti-virus content scanners. It's difficult, but you can reprogram things in order to insert bogus IP addresses in to the headers.

DNS info
One of the first things a hacker will do against you is a DNS Zone Transfer. Many admins blocks access to TCP port 53 to stop this (though that breaks other DNS services). By inserting bogus machines or even entire bogus subdomains you misdirect the hacker. For example, I could setup a machine called "bogus.robertgraham.com" with an IP address of 192.0.2.132, then tell my IDS to trigger whenever it sees traffic to that address. Since my IDS already triggers on Zone Transfers, this'll catch somebody who is seriously trying to scope out my network.

anti-sniffers
Are you certain that your ISP isn't sniffing you? Well, in order to find out, setup machines elsewhere on the Internet to connect to some of your boxes using clear-text passwords. Then setup your IDS to trigger when anybody else uses those passwords. This is best used with a honeypot that doesn't have real services. For example, I've setup a virtual Telnet daemon on that another machines logs into every once-and-a-while. I've setup the IDS to trigger if anybody but that machine logs in using that account name. When they log in, they will soon find out it isn't real account.

anti-sniffers, part deux :P
Similar to above, you can transfer password files across the network that contain easily crackable passwords, then have the IDS trigger whenever anybody attempts to login. For example, setup a batch file that regularly transfers files via FTP, one of which is /etc/passwd. This will tell you if anybody has sniffed that file.

if you people have still got any more questions to ask you are free to mail me at my id : ajaykumar127@gmail.com

2007-06-12T14:34:00.000-07:00

Check The Orkut Scraps without logging in !!!

It all began on a lazy afternoon , when i came across this news that orkut can be hacked :P I started to do get some information on this , and soon found out the thing . Then i thought that, i will build a small application which can do so. Thanks to the support by few friends online and along with that my small dwelling flash i have made a small application that allows you to read ORKUT scraps just by knowing the UID ( which is shown in the scrap book , as shown in image below ).

This thing mainly works because of a thing that is at core doing the act.

Here's the Screenshot of the THING.

To know more details about how this thing came about ...you know whom to contact.

If you need my app , just mail me : ajaykumar127@gmail.com with subject "NEED ORKUT Scrap Viewer" .I'll get back to you.

regards...
ajay

2007-03-27T08:10:00.000-07:00

Intel Builds 80-Core, 1-Trillion Calcs Per Second Prototype Chip

A typical 80 core processor

A typical Motherboard socket for the 80 core processor

What's cool: Performing 1 Trillion calcs per second, the chip could do the same number crunching that 10 years ago took up 2,000 square feet of machinery to do. Instead of the half-megawatt of juice, it could take as little as 62 watts. The chips has 80 cores.

What sucks?: Five years, at least, till these are available. No x86 architecture version yet, even in prototype. And optimizing programs that to take advantage of eighty cores is still a very hard thing to do. Multiple core processing is still best for mass rote operations like those involving math and video.

Intel's researchers have produced an 80-core chip that uses less energy than a quad-core processor and has teraflop performance capabilities.

Researchers have built the prototype to study how best to make that many cores communicate with each other. They're also studying new designs for cores and new architectural techniques, according to Manny Vara, a technology strategist with Intel's R&D labs. The chip is just for research purposes and lacks some necessary functionality at this point, but Vara says Intel will be able to produce a chip with 80 cores in five to eight years.

The chip is being called the Tera-Scale Teraflop Prototype. Intel is planning on releasing specifics about the research project at the 2007 International Solid State Circuits Conference in early February.

Since dual-core and quad-core chips were just introduced to the market in the past year, looking forward to an 80-core chip is a major departure from the expected natural progression in microprocessors.

This is being done as a test, The scientists came up with all these different ideas and there is a need to test them on a piece of silicon. The only thing is about the uncertainity regarding if it works till a working model is built and then tested the heck out of it.

The 80-core chip uses less than 100 watts of energy; a dual-core chip uses 60 to 70 watts and a quad-core uses 105 to 130 watts. Of course the numbers for the 80-core chip could be affected by the fact that it's lacking some functionality, but it's still a significant accomplishment.
I can call this as Intel's research project thus by far "revolutionary."

It showcases a focus on power efficiency and keeping things within a power and thermal envelope, they recognize that they can't generate any more heat or pull more power or they'll just become power hogs. With that large a number of cores, it's significant they can get it down below 100 watts. So this is pretty impressive. Real impressive.

They're different kinds of cores, and energy efficiency is a major part of the research project. If you look at it, by the time you put dozens of cores on a chip, they won't be the same kind that you can put three or four on a chip today. The new ones will be much simpler. You break the core's tasks into pieces and each task can be assigned to a core. Even if the cores are simpler and slower, you have a lot more of them so you have more performance.

Here i note that the power efficiency lies in the new, simpler cores.

Think more-complex four cores compared to simpler 80 cores. Each of those four cores can do more individually than one of the 80,But with an 8-core chip you will get a lot more performance and lower power because you have a lot of them running at lower speed. You're only using the cores you need. It's performance on demand. If you need more performance, it wakes up more cores, and when you're done, they go back to sleep."

With that many cores, Intel is able to design what is called "core hopping." If one part of the chip gets hot, the work that those particular cores are doing is moved to other cores on another part of the chip. That, will lower the heat being generated.

This's definitely exciting, as they're pushing the boundaries out in terms of how many cores they can squeeze onto a chip. It's about the horizontal scalability of cores on a single chip. They're relatively dumb and unsophisticated cores, but the experiment is how can they do it. How many can they pack in and still work together and communicate with each other?

Part of the challenge with building a chip with so many cores has been to design a communication network so that they all can communicate with each other.

Handling that much network traffic has been quite a task, and the chip will be just slightly larger than the average chip today. What they are doing is designing a network inside the chip. Today, you hear about high-performance computing and they have these big, fat super-powerful servers and they're all networked together. They are trying to basically do that, but on a chip. How do you bring a real network inside a chip so all the cores can talk to each other?.

At work they are quite literally creating a network mesh to let each little core communicate with the other cores and the rest of the system, the cores will want to know what the other cores will doing so they don't fight.

While it may take five to eight years to come out with a working 80-core chip, IT managers might start watching for what he calls "different flavors" of quad-core chips. Maybe you'll have interim chips where they have more complex cores along with simpler cores, too.

The bottom line: Congrats on the teraflop chip, Intel, but wake us up when this baby is for sale.
The Verdict: Vaporous CPU,solid PR move by Intel.

words of interest by...
ajay.

2007-03-14T06:50:00.000-07:00

How Does Bit Torrent Work ?

BitTorrent is the name of a client application for the torrent peer-to-peer (P2P) file distribution protocol. created by programmer Bram Cohen. BitTorrent is designed to widely distribute large amounts of data without incurring the corresponding consumption in server and bandwidth resources (and typically, monetary fees attracted as a result of that).

The original BitTorrent application is written in Python and its source code has been released under the BitTorrent Open Source License (a modified version of the Jabber Open Source License), as of version 4.0. The name "BitTorrent" refers to the distribution protocol, the original client application, and the .torrent file type.

The bittorrent protocol breaks the file(s) down into smaller fragments, typically a quarter of a megabyte (256 KB) in size. Peers download missing fragments from each other and upload those that they already have to peers that request them. The protocol is 'smart' enough to choose the peer with the best network connections for the fragments that it's requesting.

To increase the overall efficiency of the swarm (the ad-hoc P2P network temporarily created to distribute a particular file), the bittorrent clients request from their peers the fragments that are most rare; in other words, the fragments that are available on the least number of peers, making most fragments available widely across many machines and avoiding bottlenecks.

The file fragments are not usually downloaded in sequential order and need to be reassembled by the receiving machine. It is important to note that clients start uploading fragments to their peers before the entire file is downloaded.

Sharing by each peer therefore begins when the first complete segment is downloaded and can begin to be uploaded if another peer requests it. This scheme is particularly useful for trading large files such as videos and operating systems. This is contrasted with conventional file serving where high demand can lead to saturation of the host's resources as the consumption of bandwidth to transfer the file to many requesting downloaders surges.

With BitTorrent, high demand can actually increase throughput as more bandwidth and additional “seeds” of the file become available to the group. Cohen claims that for very popular files, BitTorrent can support about a thousand times as many downloads as HTTP.

BitTorrent-etiquette

Because BitTorrent relies on the upstream bandwidth of its users — and the more users, the more aggregate bandwidth is available for sharing the files — it is considered good etiquette to leave one's BitTorrent client open after downloading has completed so that others may continue to gain from the file that has been distributed.

It is not clear, however, how long one should leave their client open after downloading has finished. Many clients report the byte traffic upstream as well as down, so the user can see how much they have contributed back to the network. Some clients also report the "share ratio", a number relating the amount of data uploaded to the amount downloaded. It is generally considered good form to at least share back the equivalent amount of traffic as the original file size.

It is worth noting that the requirement of a "1.00" share ratio (uploading as much data as you have downloaded) is rather hotly contested given its relative impossibility to achieve for every person. On any given torrent, the best possible outcome is the original seeder with an infinite ratio (having only uploaded data and never downloaded any data), a number of peers with 1.00 ratios (having downloaded the file, uploaded just as much data, and then promptly logged off), and two users with a .50 ratio (the last two having each downloaded a separate half of the file and then shared their half with the other). This is highly unlikely to be achieved due to the very small chance of the last two peers downloading completely opposite halves and finishing just as the last seeder logged off and the fact that not all people will upload the same amount of data they downloaded as some will upload less and others will upload more. Ultimately, a perfect torrent would leave two end users with only a .50 ratio for the torrent, which means every user would have to provide new content at least equal to the portion of data they did not get to upload in the last torrent to maintain an overall ratio of 1.00.

While it's highly unlikely that all users who download a given torrent will achieve a 1.0 ratio on it (because the net ratio of all users is 1.0, if any user uploads past 1.0 some other user will have to sustain a lower ratio), it is more of a guideline to encourage the average upstream of a given network. Some networks, for example, prevent access to new torrents for the first 24-48 hours that the torrent is active to people with overall ratios of less than 1.0 and a certain amount of data uploaded.

The amount of time the client is left open may be more important than the amount of traffic contributed, since new users attempting to download a file will first need to find peers hosting the file.

Many advanced trackers now track statistics such as how many seeders and downloaders were on a torrent at the time of a user's disconnect as many consider this information more important than just the user's ratio of downloaded/uploaded.

For any more clarifications and doubts do mail me at : ajaykumar127@gmail.com

regards..
ajay

2007-01-31T13:05:00.000-08:00

The Day Vista came onto my PC

It was not so long that i saw my new vista coming back to life.
All i remember is it was a lazy afternoon in the mid of my holidays after the 5th
semester @ college , and it's like this new thing is just come to my mind. So i decided to give it a try .As you might have seen the screen shot above from my desktop , i hereby want to write say about 10 features which i liked in Vista the most , here they go :

Top 10 Favorite New Features

From the core to the cosmetic, there's a lot to like in Vista.

1. Improved security. Running as a standard user with limited permissions is finally practical. With User Account Control, even administrators operate with reduced-privilege credentials and have to verify attempts to "escalate"—in other words, to execute commands that could expose the OS to danger.

2. New Start menu. With integrated search, you can type in a path—such as C:\Users\John—to launch Windows Explorer there, or simply start typing in a program or filename.

3. Internet Explorer 7. It may not be as good as Firefox or Opera, but it's a big improvement over IE6. Sure, we groused about the lack of tabs—but they're finally here.

4. New Windows Explorer. Explorer makes file navigation easier, with breadcrumbs that let you jump to a specific level in the directory hierarchy, integrated search, live icons that show both a visual preview of a document and the app that it opens in, and buttons that make it easy to perform common context-appropriate tasks.

5 .Live views of application windows. Press Windows-Tab to get this "Flip 3D" view, or Alt-Tab for a 2D view. Either way, task switching is clearer.

6. Faster, image-based installation process.

7. Improved backup, including full-disk imaging.

8. Ad hoc collaboration with Windows Meeting Space.

9. Mobility Center, it's the Best bet!!

10. New Reliability and Performance Monitor, Task Scheduler, and Event Logs

so just go and grab you copy!!!!

2006-10-24T01:35:00.000-07:00

Invisibility Cloaks Working

Optical-camouflage technology developed at the University of Tokyo

This seems perfectly believable when you're reading about a fictional world filled with witches, wizards and centuries-old magic; but in the real world, such a garment would be impossible, right? Not so fast. With optical-camouflage technology developed by scientists at the University of Tokyo, the invisibility cloak is already a reality.

Optical camouflage delivers a similar experience to Harry Potter's invisibility cloak, but using it requires a slightly more complicated arrangement. First, the person who wants to be invisible (let's call her Person A) dons a garment that resembles a hooded raincoat. The garment is made of a special material that we'll examine more closely in a moment. Next, an observer (Person B) stands before Person A at a specific location. At that location, instead of seeing Person A wearing a hooded raincoat, Person B sees right through the cloak, making Person A appear to be invisible. The photograph on the right below shows you what Person B would see. If Person B were viewing from a slightly different location, he would simply see Person A wearing a silver garment (left photograph below).

So What is Optical Camouflage?

Optical camouflage is a kind of active camouflage.

This idea is very simple. If you project background image onto the masked object, you can observe the masked object just as if it were virtually transparent.

This shows the principle of the optical camouflage using X'tal Vision. You can select camouflaged object to cover with retroreflector. Moreover, to project a stereoscopic image, the observer looks at the masking object more transparent.

Optical camouflage can be applied for a real scene. In the case of a real scene, a photograph of the scene is taken from the operatorfs viewpoint, and this photograph is projected to exactly the same place as the original. Actually, applying HMP-based optical camouflage to a real scene requires image-based rendering techniques.

though this technology appears as a remarkable invention this can easily misused.however we all are looking forward to buy this piece of clothing.......

regards..
ajay

2006-10-22T01:53:00.000-07:00

War of Web Browsers

By now, we know that many of you are au courant with the uber-browsers available. Which is the best beta browser to choose is still a question mark.

Version 7.0 of internet explorer has just been unveiled by Microsoft Corp. for Windows XP and boasts of enhanced security features, making everyday tasks easier.

Talking about IE 7, Dean Hachamovitch, general manager, Internet Explorer team, Microsoft, said, "We listened carefully to our customers, and are delivering a safer browser that makes the tasks they do every day much easier."

The security framework of the new explorer has been overhauled, and as a result of these enhancements, the browser will be a stand-alone application, rather than integrated with the Windows shell, and it will no longer be capable of acting as a file browser.

IE7 in Windows Vista contains additional security measures, most significantly ‘Protected Mode’, whereby the browser runs in a sandbox. As such, it can write to only the Temporary Internet Files folder and cannot install start-up programs or change any configuration of the operating system without communicating through a broker process. This increases the security of the system considerably.

The ‘Protected Mode’ operation will not be included in the Windows XP version of Internet Explorer 7, as it relies on technologies not found on systems before Vista. It also supports the Parental Controls and Network Diagnostics features which are unique to Vista.

The security level of IE7 is vaunted to be high, but other browsers like Firefox, Safari, Netscape and Opera too vaunt of additional features and better security.

Mozilla Firefox, a free open source, cross-platform, graphical web browser developed by the Mozilla Corporation and hundreds of volunteers, has a spontaneous interface and blocks viruses, spyware, and popup ads.

The main features included with Firefox are tabbed browsing, incremental find, live bookmarking, a customizable download manager and a built-in search toolbar.

The new version of Firefox boasts of automatically upgrading the latest security and feature updates.

Safari, on the other hand, is a web browser developed by Apple Computer, Inc. and is available as part of Mac OS X. It was included as the default browser in Mac OS X v10.3 (Panther) and is the only browser bundled with Mac OS X v10.4 (Tiger).

Safari 2.0.4, the latest version, was released on June 27, 2006, and is packed with Apple's brushed metal user interface and has a bookmark management scheme that functions like the iTunes jukebox software. It also integrates Apple's QuickTime multimedia technology and features a tabbed-browsing interface similar to that of Firefox and Opera. The browser also includes an integrated pop-up ad blocker and a configurable image blocker.

Opera 9, developed by Opera Software, is the latest version unmasked on September 21, 2006. There are several new features in Opera 9. The most important ones are: Simple BitTorrent client, targeted towards novice users, content blocker (also known as AdBlock), thumbnail preview of tabs, site specific preferences (pop-up blocking, cookies, scripts, user style sheets, user-agent masking), the ability to create search engines from a textfield, improved rich text editing and redefined default hot keys to be more like Internet Explorer.

Netscape Communications Corporation(commonly known as Netscape), an American computer services company, best known for its web browser, was once dominant in terms of usage share, but lost most of its share to Internet Explorer during the first browser war. As of 2006, the usage share of Netscape browsers is under 1% and falling.

The company existed only from 1994 to 2003, latterly as a subsidiary of AOL, but the Netscape brand is still in use. In June 2006, Netscape redesigned their website to a totally different format which was similar to Digg. Users can vote for which stories are to be included on the front page, and may comment on them as well. Netscape's market share had been declining for over a year at the time of the change-over.

The current version of Netscape was released to mixed reactions. Some users really like that users had more participation ability, while others found the pages to be harder to navigate and not as structured. In fact, soon after the release of the new site, a story entitled ‘Netscape's Blunder’ was the top rated story.

As of July 2006, estimates suggest that Firefox's usage share is around 12% of overall browser usage, with its highest usage in Germany (about 39%). The usage data gives Opera's overall global share of the browser market as being between 0.5% and 1.0%, although Opera's usage share is over 11% in Ukraine, over 8% in Russia, over 7% in Poland and over 6% in Lithuania.

Safari’s global share has been climbing ever since its release, but is still below 5%.

The adoption rate of Internet Explorer seems to be closely related to that of Microsoft Windows, as it is the default web browser that comes with Windows. Since the integration of Internet Explorer 2.0 with Windows 95 OSR 1 in 1996, and especially after version 4.0's release, the adoption was greatly accelerated: from below 20% in 1996 to about 40% in 1998 and over 80% in 2000.

Internet Explorer had almost completely superseded its main rival Netscape and dominated the market.

After having fought and won the browser wars of the late 1990s, Internet Explorer began to see its usage share shrink. Having attained a peak of about 96% in 2002, it has since been in a steady decline, likely due to the rapid adoption of Mozilla Firefox, which statistics indicate is the current most significant competitor.

Nevertheless, Internet Explorer remains the dominant web browser, with a global usage share of around 85%. Usage is higher in Asia and lower in Europe.

regards..

ajay

2006-09-12T07:16:00.000-07:00

Do you Want secure your to secure Windows2000 / XP to the max....then follow these basic steps [:)]

IMPORTANT INFORMATION REGARDING WINDOWSXP SP2 Some security softwares have had problems with Service Pack 2, like for example ZoneAlarm and some antivirus software. Also, there has been other issues regarding the SP2, I have personally found out that after installing it my computer stops working properly, I have not yet managed to solve the situation. Also, the SP2 has some changes regarding the settings of Internet Explorer, Windows ICF and other issues, so this page is not updated to meet SP2 details for now. My suggestion regarding SP2 is, that you should backup and try it out. If it works, fine, Microsoft has fixed some major security issues with it so you likely safe enought for now on default install on SP2 if you follow its security center guides. If you cannot install SP2 or get it working, then restore the old WindowsXP and use the settings and tips in this page as it is. Try later to install SP2 when Microsoft either fixes its bugs or we can discover some way to counter them.

These settings can be used with both Windows 2000 and WindowsXP to *really* secure the system and also boost up its performance. Depending upon your version and whether it is Win2k or XP, you might notice that some of the features/options arent there. Just skip and move on until you hit something that IS on YOUR Windows2k/XP. The "best" option of all is to have WindowsXP professional, since the screenshots are from WindowsXP professional. However, please notice that you can access some of the features in WindowsXP professional even if you are installing home edition, by booting into "Safe Mode" some time.

WindowsXP offers pretty good security features, but only if you know how to use them. By default, WindowsXP is clumsy and has many possible security holes due to its poor default settings. If you use WindowsXP pro, you can really make your computer your fortress against almost any invader. The build-in EFS (Encrypting File System with NTFS), strong authentication methods, firewall, etc. give you good tools for it. Home edition does not have all these features but you can always implement your own according to these guidelines. These principles are designed for ONLY single-user "home" computers (standalone), NOT computers in, lets say, corporate networks! On standalone computers you can and should fill all holes possible but in corporate enviroment, the whole point is to allow computers to be used via corporate networks or intranet. You can still take suggestions and clues here and implement them properly if you are installing or using Windows2k/XP in corporate enviroment or are using multiple user accounts.

Please remember!
As sayed earlier, these settings work like dream for me and most 2k / XP users too, but not with all of them. The best option would be to either make and "image" of your C-drive or write down your original settings before you start implementing these settings. The problems that might occur are mostly related to network connections / internet access. You can also troubleshoot the problems using the Windows Help and Support while going throught the settings to see what needs perhaps to be enabled. And if the worst happens...And you just cant revert the changes you made, run "repair install" using your Win2k/XP cdrom. It will keep all the programs etc. but restore regular settings. Remember to update and patch your software after this "repair install".

When you do some alterations to settings, make sure you exit that window by pressing OK or YES keys. If you simply close the window clicking from the X in the corner of it or press CANCEL, the alterations you just made will NOT become affective!

Two good links related to securing and tweaking Windows 2000 and Windows XP
Black Viper's guide on Windows 2000 and XP services
NSA security guides on securing WindowsNT, 2000 and XP (in corporate/network enviroment)

Before installing Windows 2000 / XP
-> Physically disconnect from the net!
- -> Do NOT plug the network cable/internet connection!

-> Backup all your personal files and documents to different HDD or partition
--> Optionally back up to CDRW or external HDD

During installation of Windows 2000 / XP
-> Delete old system partition(s), install from "fresh"!
--> Its a good idea to create atleast two partitions, one for the system (you need atleast 5 Gb for this one, but 10-20 Gb is better) and second for your own files and images from first partition (rest of the HDD space, but atleast double the amount of what is the size of first partition, so atleast 10, but 20-40 Gb is better). Ofcourse, if you have backed up your data to some other partition than C:, then do NOT remove or format that partition or your backups will be lost!
---> Format partitions to NTFS.

-> Create one account for yourself (besides the default "administrator account" there already is). This account does not have password by default.

-> Use good passphrases, atleast 14 marks long, containing both letters, numbers and special marks (like !"#¤%&/().). To be ultra-secure, use over 28 marks long Administrator passphrases.
--> Never use the same passphrase in two places/systems

After installation is done
-> When logging in first time when "Welcome" screen appears
--> Press ctrl+alt+del (couple times in row perhaps)
---> Login as Administrator and with administrator passphrase

Try to close all ports and shares
-> Control Panel
--> Network and Internet connections
---> Network connections
----> Select connections and right click on them
-----> Properties
------> Select all other items (one by one) than: TCP/IP
-------> Uninstall
------> Select: TCP/IP
-------> Properties
--------> Advanced
---------> WINS
----------> Remove: Enable LMhosts lookup
----------> Select: Disable Netbios over TCP/IP
---> Repeat the procedure on all other connections too

-> Control panel
--> Performance and maintenance
---> Administrative tools
----> Computer management
-----> Shared folders
------> Shares
-------> (delete everything inside)

-> (WindowsXP ONLY) Run: regedit.exe
--> Go to (if key/value does not exist, create one by right clicking in the right window)
---> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
----> EnableDCOM (REG_SZ)
-----> Set to: N
---> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
----> Value: DCOM Protocols
-----> Remove ncacn_ip_tcp
---> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\
----> Value: MaxCachedSockets (REG_DWORD)
-----> Set to: 0
---> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
----> SmbDeviceEnabled (REG_DWORD)
-----> Set to: 0
---> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\
----> REG_DWORD
-----> AutoShareServer
------> Set to: 0
-----> AutoShareWks
------> Set to: 0
---> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSession Pipes\
----> NullSessionPipes
-----> (Delete all value data INSIDE this key)
----> NullSessionShares
-----> (Delete all value data INSIDE this key)
---> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths\
----> Machine
-----> (Delete all value data INSIDE this key)

Enable Windows XP internet connection firewall (ICF)
-> Control Panel
--> Network and internet connections
---> Network connections
----> Select connection and right click on them
-----> Properties
------> Advanced
-------> Internet Connection Firewall (enable it)
--------> Settings
---------> Make sure NOTHING is selected/enabled
----> Repeat the procedure on all other connections too

Secure your Internet Explorer settings
-> Control Panel
--> Network and Internet connections
---> Internet Options
----> General
-----> Temporary internet files
------> Settings
-------> Set to: Every visit to page
-----> Days to keep pages in history
------> Set to: 0
----> Security
-----> Internet
------> Custom level
-------> Reset to: High
--------> Reset (yes)
------> Scroll down to "File download"
-------> Set to: Enable (yes) (THAT IS, IF YOU WANT USERS TO BE ABLE TO DOWNLOAD FILES FROM THE INTERNET!)
-----> Local intranet
------> Sites
-------> Make sure nothing is selected!
-----> Trusted sites
------> Sites
-------> Add this web site to the zone:
--------> Add all the domains here you can absolutely trust here (and press add after each domain)
---------> For example, add: *.microsoft.com
---------> For example, add: *.passport.com
---------> For example, add: *.msn.com
---------> For example, add: *.markusjansson.net
--------> Make sure "require server verification..." is not selected!
------> Move the tab to "Medium"
-----> Restricted Sites
------> Custom level
-------> Reset to: High
--------> Reset (yes)
------> Scroll down to "File download"
-------> Set to: Enable (yes)
----> Privacy
-----> Advanced
------> Override automatic cookie handling
-------> First party cookies: Block
-------> Third-party cookies: Block
-------> Enable: Always allow session cookies
----> Content
-----> Autocomplete
------> Disable all
------> Clear forms (yes)
------> Clear passwords (yes)
------> Programs
------> Disable: Internet Explorer should check whether it is the default web browser
----> Advanced
-----> Disable everything else, but enable the following
+ Always send URL:s as UTF-8
+ Disable script debugging
+ Enable folder view on FTP sites
+ Enable page transitions
+ Show friendly http error messages
+ Show go button in address bar
+ Use passive ftp
+ Use smooth scrolling
+ Use http 1.1
+ Use http 1.1 through proxy connections
+ Dont display online media content in the media bar
+ Play animations in webpages
+ Play sounds in webpages
+ Play videos in webpages
+ Show pictures
+ Smart image dithering
+ Check for publishers certificate revocation
+ Check for server certificate revocation
+ Check signatures on downloaded programs
+ Do not save encrypted pages to disk
+ Use SSL 3.0
+ Use TLS 1.0
+ Warn about invalid site certificates
+ Warn if form submittal is being redirected

Turn Telnet NTLM logings off
-> Run: telnet.exe
--> Type (and press enter): unset ntlm

Turn SYSKEY on
-> Run: syskey.exe
--> Encryption enabled
---> Update
----> Store key locally

Turn extra accounts off
-> Control Panel
--> Performance and maintenance
---> Administrator tools
----> Computer management
-----> Local Users and groups
------> Local Users
-------> Delete all users other than "Administrator" and "Guest" and the user accounts you specially have created.

Create/edit user level accounts
-> Run: control userpasswords2
--> Here you can easily add, remove and edit existing accounts. Ideal composition is that you have administrator account and one user account per every user who uses your computer (and they all are protected by good passwords). If you didn't create a user level account during setup, you can easily change one of the accounts here from "administrators group" to "user".
--> Enable: Users must enter a user name and password to use this computer
--> After installing, you usually have TWO accounts that are in administrator group. One that is "administrator" and other that is account in administrators group (named as you named it during Windows XP installation).
---> Select the latter account
----> Properties
-----> Group membership
------> Set to "Restricted User"
----> Reset password
-----> Set the password what you desire, but do not use the same password as you used with your administrator account

Turn safer login on
-> Control Panel
--> User Accounts
---> Change the way users login
----> Disable: Use welcome screen

-> Run: regedit.exe
--> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
---> DefaultPassword
----> (Delete this KEY if present)

Optionally) Create password reset diskettes
-> Control Panel
--> User Accounts
---> Click onto account you want to create password reset diskette to
----> Related tasks
-----> Prevent a forgotten password, etc.
------> Keep that diskette in SAFE place!

Close all not-needed services
-> Control Panel
--> Performance and maintenance
---> Administrative tools
----> Services
-----> Go to every service EXCEPT
+ Application Layer Gateway Service
+ Application Management
+ Automatic Updates
+ Backround Intelligent Transfer Service
+ Cryptographic Services
+ DHCP Client
+ Event Log
+ Help and support
+ Human Interface Device Access
+ Internet Connection Firewall
+ Network Connections
+ Network Location Awareness (NLA)
+ Plug and Play
+ Print Spooler (if you have printers)
+ Remote Access Connection Manager
+ Remote Procedure Call (RPC)
+ System Event Notification
+ Task Scheduler
+ Telephony
+ Themes (hey, you dont want to shutdown cute themes right?)
+ Windows Audio
+ Windows Image Acquisition (if you have scanners or digital cameras attached)
+ Windows Installer
+ Windows Management Instrumentation
+ Windows Management Instrumentation Driver Extensions
------> Doubleclick with left mouse button or click right mouse button and select "Properties"
-------> Startup type
--------> Set to: Disabled
-----> Go to
+ Automatic Updates
------> Startup type
-------> Set to: Automatic

Prevent not-needed programs from starting up
-> Run: msconfig.exe
--> Startup
---> Unselect all (unless you KNOW that there is some specific program launching up that you need, for example third party application for your printer, xDSL connection or similiar).
----> If you are unsure, still unselect all. You can later come back and re-select some if it was important

Secure settings
-> Control panel
--> Performance and maintenance
---> Administrative tools
----> Local security policy
-----> Account policies
------> Password policy
------> Enforce password history - 0 passwords remembered
------> Maximum password age - 360 days
------> Minimum password age - 0 days
------> Minimum password lenght - 14 characters
------> Password must meet complexity requirements - Enabled
------> Store passwords using reversible encryption for all users in the domain - Disable
-----> Account lockout policy
------> Account lockout threshold - 3 invalid logon attempts.
------> Account lockout duration - 15 minutes
------> Reset account lockout counter after - 15 minutes
-----> Local policies
------> Audit policy
-------> Audit account logon events - Success, failure
-------> Audit account management - Success, failure
-------> Audit logon events - Success, failure
-------> Audit Object access - Success, failure
-------> Audit policy change - Success, failure
-------> Audit system events - Success, failure
------> User rights assignment
-------> Access this computer from the network -
-------> Act as part of the operating system -
-------> Add workstations to domain -
-------> Adjust memory quotas for a process - LOCAL SERVICE,NETWORK SERVICE,Administrators
-------> Allow logon through Terminal Services -
-------> Back up files and directories - Administrators
-------> Bypass traverse checking - Authenticated Users,Administrators
-------> Change the system time - Administrators
-------> Create a pagefile - Administrators
-------> Create a token object -
-------> Create permanent shared objects -
-------> Debug programs - Administrators
-------> Deny access to this computer from the network - Everyone
-------> Deny logon as a batch job -
-------> Deny logon as a service -
-------> Deny logon locally -
-------> Deny logon through Terminal Services - Everyone
-------> Enable computer and user accounts to be trusted for delegation -
-------> Force shutdown from a remote system -
-------> Generate security audits - LOCAL SERVICE,NETWORK SERVICE
-------> Increase scheduling priority - Administrators
-------> Load and unload device drivers - Administrators
-------> Lock pages in memory - LOCAL SERVICE, Authenticated Users,Administrators
-------> Log on as a batch job -
-------> Log on as a service -
-------> Log on locally - Authenticated Users, Administrators
-------> Manage auditing and security log - Administrators
-------> Modify firmware environment values - Administrators
-------> Perform volume maintenance tasks - Administrators
-------> Profile single process -
-------> Profile system performance -
-------> Remove computer from docking station - Authenticated Users,Administrators
-------> Replace a process level token - LOCAL SERVICE
-------> Restore files and directories - Administrators
-------> Shut down the system - Authenticated Users, Administrators
-------> Synchronize directory service data -
-------> Take ownership of files or other objects - Administrators
------> Security options
-------> Accounts: Administrator account status - Enabled
-------> Accounts: Guest account status - Disabled
-------> Accounts: Limit local account use of blank passwords to console logon only - Enabled
-------> Accounts: Rename administrator account - (TYPE SOME NAME HERE AND USE IT WHEN YOU LOGIN AS ADMINISTRATOR IN THE FUTURE)
-------> Accounts: Rename guest account - Guest
-------> Audit: Audit the access of global system objects - Disabled
-------> Audit: Audit the use of Backup and Restore privilege - Disabled
-------> Audit: Shut down system immediately if unable to log security audits - Disabled
-------> Devices: Allow undock without having to log on - Disabled
-------> Devices: Allowed to format and eject removable media - Administrators
-------> Devices: Prevent users from installing printer drivers - Enabled
-------> Devices: Restrict CD-ROM access to locally logged-on user only - Enabled
-------> Devices: Restrict floppy access to locally logged-on user only - Enabled
-------> Devices: Unsigned driver installation behavior - DO not allow installation
-------> Domain controller: Allow server operators to schedule tasks - Disabled
-------> Domain controller: LDAP server signing requirements - Not defined
-------> Domain controller: Refuse machine account password changes - Enabled
-------> Domain member: Digitally encrypt or sign secure channel data (always) - Enabled
-------> Domain member: Digitally encrypt secure channel data (when possible) - Enabled
-------> Domain member: Digitally sign secure channel data (when possible) - Enabled
-------> Domain member: Disable machine account password changes - Enabled
-------> Domain member: Maximum machine account password age - 1
-------> Domain member: Require strong (Windows 2000 or later) session key - Enabled
-------> Interactive logon: Do not display last user name - Enabled
-------> Interactive logon: Do not require CTRL+ALT+DEL - Disabled
-------> Interactive logon: Message text for users attempting to log on -
-------> Interactive logon: Message title for users attempting to log on -
-------> Interactive logon: Number of previous logons to cache (in case domain controller is not vailable) - 0 logons
-------> Interactive logon: Prompt user to change password before expiration - 14 days
-------> Interactive logon: Require Domain Controller authentication to unlock workstation - Enabled
-------> Interactive logon: Smart card removal behavior - Lock Workstation
-------> Microsoft network client: Digitally sign communications (always) - Enabled
-------> Microsoft network client: Digitally sign communications (if server agrees) - Enabled
-------> Microsoft network client: Send unencrypted password to third-party SMB servers - Disabled
-------> Microsoft network server: Amount of idle time required before suspending session - 1
-------> Microsoft network server: Digitally sign communications (always) - Enabled
-------> Microsoft network server: Digitally sign communications (if client agrees) - Enabled
-------> Microsoft network server: Disconnect clients when logon hours expire - Enabled
-------> Network access: Allow anonymous SID/Name translation - Disabled
-------> Network access: Do not allow anonymous enumeration of SAM accounts - Enabled
-------> Network access: Do not allow anonymous enumeration of SAM accounts and shares - Enabled
-------> Network access: Do not allow storage of credentials or .NET Passports for network authentication - Enabled
-------> Network access: Let Everyone permissions apply to anonymous users - Disabled
-------> Network access: Named Pipes that can be accessed anonymously -
-------> Network access: Remotely accessible registry paths -
-------> Network access: Shares that can be accessed anonymously -
-------> Network access: Sharing and security model for local accounts - Classic local users authenticate as themselves
-------> Network security: Do not store LAN Manager hash value on next password change - Enabled
-------> Network security: Force logoff when logon hours expire - Disabled
-------> Network security: LAN Manager authentication level - Send NTLMv2 response only\refuse LM & NTLM
-------> Network security: LDAP client signing requirements - Require signing
-------> Network security: Minimum session security for NTLM SSP based (including secure RPC) clients - Require message integrity,Require message confidentiality,Require NTLMv2 session security,Require 128-bit encryption
-------> Network security: Minimum session security for NTLM SSP based (including secure RPC) servers - Require message integrity,Require message confidentiality,Require NTLMv2 session security,Require 128-bit encryption
-------> Recovery console: Allow automatic administrative logon - Disabled
-------> Recovery console: Allow floppy copy and access to all drives and all folders - Disabled
-------> Shutdown: Allow system to be shut down without having to log on - Disabled
-------> Shutdown: Clear virtual memory pagefile - Enabled
-------> System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing - Enabled
-------> System objects: Default owner for objects created by members of the Administrators group - Object creator
-------> System objects: Require case insensitivity for non-Windows subsystems - Enabled
-------> System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) - Enabled

Secure various other settings
-> Control Panel
--> Appearance and Themes
---> Display
----> Screen Saver
-----> Set to: Blank
-----> Set to: Wait 15 minutes
-----> Enable: On resume, password protect
---> Folder options
----> View
-----> Make sure the following are enabled:
+ Display the content of system folders
+ Display full address in address bar
+ Show hidden files and folders
+ Show encrypted and compressed NTFS files in color
-----> Make sure the following are NOT enabled:
+ Automatically search for network folders and printers
+ Hide extension of known file types
+ Hide protected operating system files
+ Restore previous folder windows at logon
+ Use simple sharing
--> Performance and maintenance
---> System properties
----> Advanced
-----> Performance - Settings
------> Advanced
-------> Virtual memory
--------> If you have plenty or RAM (lets say 512MB or more), you can disable Windows Swapfile. This will increase performance and security, since no sensitive data can be written on the hdd (swapfile) in any situation. If you dont have that much RAM, in theory it is good idea to have fixed size swap file, lets say 256 or 512MB.
---------> Select each partition and "No paging file" (or set it as fixed on one partition if you dont have 512MB or more RAM)
-----> Startup and recovery - Settings
------> System failure
-------> Unselect all
-------> Write debugging information
--------> None
-----> Error reporting
------> Select: Disable error reporting, but notify me when critical errors occur
----> Automatic Updates
-----> Enable: Keep my computer up to date
-----> Select: Download the updates automatically and notify me when they are ready to be installed
----> Remote
-----> Unselect: Remote Assistance
-----> Uselect: Remote Desktop
---> Power Options
----> Hibernate
-----> Disable: Enable Hibernation

-> Run: mmc.exe
--> File
---> Add/Remove snap-in
----> Add
-----> Select: Group policy
------> Finish/Close/OK
--> Local Computer Policy
---> Computer configuration
----> Administrative Templates
-----> Windows Components
------> Netmeeting
-------> Disable remote desktop sharing - Enabled
-----> System
------> User profiles
-------> Only allow local user profiles - Enabled
------> Remote assistance
-------> Solicited remote assistance - Disabled
-------> Offer remote assistance - Disabled
------> Turn off autoplay - Enabled (all drives)
------> Network
-------> Offline Files
--------> Allow or disallow use of the Offline Files feature - Disabled
-> Notice that you can use this group policy tool to restric users from altering all kinds of settings in your computer. For example, you could set up Internet Explorer settings very secure (and prevent downloading of files), and then prevent users from altering those settings. This is excellent tool when you learn to use it properly.

Adjust event viewer settings
-> Control Panel
--> Performance and maintenance
---> Administrative tools
----> Event viewer
-----> Right click: Application
------> Properties
-------> Maximum log size: 10048
-------> Select: OVerwrite events as needed
-----> Right click: Security
------> Properties
-------> Maximum log size: 10048
--------> Select: Overwrite events as needed
-----> Right click: System
------> Properties
-------> Maximum log size: 10048
--------> Select: Overwrite events as needed

Secure file and folder permissions
-> My Computer
--> Right click on your mouse to C:\
---> Properties
----> General
-----> Disable: Allow indexing service to index this disk for fast file searching
----> Security
-----> Add
------> Type: Authenticated Users
-------> Press enter
-----> Select: Authenticated Users
------> Allow: Read & Execute, List folder content, Read
-----> Advanced
------> Unselect: Inherent from parent permission entries...
-------> Copy
------> Remove all other users except: Administrator, System and Authenticated Users
-------> Select: Replace permissions entries...
--------> OK
---------> Yes
--> Go to C:\documents and settings\
---> Right click on your mouse to Administrator folder
----> Properties
-----> Security
------> Advanced
-------> Unselect: Inherent from parent permission entries...
--------> Copy
---------> Remove: Authenticated Users
----------> Select: Replace permission entries...
-----------> OK
------------> Yes
---> Right click on your mouse to, one at the time, all other user folders (like "mom", "userX", etc.)
----> Properties
-----> Security
------> Advanced
-------> Unselect: Inherent parent permission entries
--------> Copy
--------> Remove: Authenticated users
---------> Add that users name (like "mom", "userX", etc.) who's folders these are. This will prevent all other users except admins from getting into their folders.
----------> Allow: Full Control
---------> Select: Replace permission entries...
----------> OK
-----------> Yes
--> Go to C:\windows (or if your Windows is installed onto some other directory, then go there)
---> Select "temp" folder
----> Properties
-----> Security
------> Select: Authenticated Users
-------> Allow: Full Control
--> You can also set permissions like this in other partitions and folders. Please be adviced, that if you store something like games in somewhere, users who need to play those games need to have, usually, full control on those folders so that they can save games etc. Same goes if you store other files in those partitions, like music, documents etc. that other people want to not only access, but also save and edit. Then you should give "Authenticated Users" full permissions on those folders. The main thing is, that your personal folders (C:\documents and settings\userX\) are safe from other peoples tampering and so are important system folders (C:\windows\).

-> To encrypt (EFS) the content of directories and prevent all other users (including administrators) from reading the content of files inside (only in XP pro version) the directory (notice: they can still see the file names and alter folder settings)
-> Only use this for YOUR personal directories (like to folders where you keep personal documents etc.), do not use on system, program, etc. directories!
--> Right click on your mouse to the directory you wish to encrypt
---> Properties
----> General
-----> Advanced
------> Enable: Encrypt the contents to secure data (notice: If you are logged in as administrator, this will encrypt the data for administrator account only. To encrypt data for your USER account, please secure you WindowsXP installation, login as user and then start encrypting your folders)

(Optionally) Export your EFS certificate
-> Make sure you have encrypted some directory with the user that you wish to export the EFS certificate from (otherwise you dont have EFS certificate which to export)
-> Run: MMC
--> File
---> Add/Remove Snap-in
----> Add
-----> Select: Certificates
------> Add
-------> Select: My user account
--------> Finish/close/OK
--> Certificates - Current User
---> Personal
----> Certificates
-----> Select your certificate from the right window
------> Right click with your mouse
-------> All tasks - Export
--------> Next
---------> Select: Yes, export the private
----------> Next
-----------> Write a passphrase to protect the certificate and remember it!
------------> Choose where and under what name to export it
-------------> Next, etc. etc.

Reboot your computer
-> If/When "Welcome" screen appears
--> Press ctrl+alt+del (couple times in row perhaps)
---> Login as (WHATEVER NAME YOU RENAMED THE ADMINISTRATOR ACCOUNT AS) and with administrator passphrase

Now you can physically connect to internet!
-> Plug in the network cable etc.
--> Set whatever settings needed to make it possible for you to connect to internet.

Update Windows
-> Go to http://windowsupdate.microsoft.com
--> Download ALL updates available
---> Reboot when asked to administrator account again
----> Return to this site to download more and more and more patches
-----> Continue to download/install patches, rebooting and returning to this page until you have downloaded ALL patches and cannot download any more patches.
-> Remember to come back to see new patches hopefully every week but atleast once a month! We have set automatic Windowsupdate, but I STILL insist that you recheck for ANY new updates every once and while. Just to be sure. Updating your Windows, Windows Media Player, Internet Explorer, Outlook Express etc. is REALLY THAT IMPORTANT!

And finally...
-> Go throught this list AGAIN, since so might have missed something, or some updates/patches might have changed some settings, for example downloading Windows Messenger update automatically changes your ICF setting (!!!), opening few ports on your system!
-> When you are done installing, updating and securing your Windows XP, login as USER with the passphrase you resetted it to previously. Only use ADMINISTRATOR account/permissions when you REALLY need to install/update/modify some settings. Logging in as administrator permissions is severe security risk and it should be avoided at all costs.
--> Remember to change the password in all new account when you login for the first time. By default, new accounts have NO password set. Press Ctrl+Alt+Del and Change Password to change your password.

Regards....

TheSolutionProvider

2006-09-11T15:20:00.000-07:00

for all those people who want to enjoy windows environment but still want to install linux.... U can use VMWARE.....

first of all thanks to my Best Friend Jagtesh singh Chadda (Jaggu) who enlightened me on this topic...

VMWare runs Windows inside Linux, and it works ...very well too

If you switch to Linux and get rid of Windows, your computer will run without crashing and will be immune to all the problems that plague Windows. But let's be real. You'll have another set of problems to deal with.

You won't be able to run any of your Windows software. You won't be able to run Microsoft Money or Quicken. You won't be able to run Microsoft Word or Excel, or any of the thousands of other good Windows programs.

You'll have a lot of good Linux software to choose from, but sometimes there is no substitute for the stuff you're used to.

An easy way around this is to create a dual-boot PC. When you install most modern versions of Linux, you can set aside space on your hard drive for Linux while keeping everything the way it is for Windows. When your PC boots up, you can choose one or the other. That way, you can reboot when running Linux and come up running Windows. This is ideal for anyone who plays a lot of Windows games, because Windows is a wonderful operating system for games.

But a dual-boot PC won't let you run Windows programs while you're running Linux. To do that, you need VMWare.

VMWare, from a California company with the same name, lets you run the entire Windows operating system inside a window on your Linux PC. While your PC is running Linux, you can click over to your Windows desktop and work in Excel or check your finances with Microsoft Money. You can run Outlook Express or Family Tree Maker or any other Windows program. You can do this while continuing to run all your Linux software, too. Windows becomes just another program in Linux.

After running VMWare for many weeks on my main Linux PC, I'm convinced it's about as close as you can come to a miracle this side of Heaven. It ran every normal Windows program I installed -- I didn't try any major games, but I ran all my standard software -- and VMWare hardly slowed down my Linux PC at all.

You'd probably think I'm exaggerating when I describe what VMWare does, so let me give you a short list.

VMWare:

-- Can run many copies of Windows on one PC, all while Linux is doing its normal functions, without requiring a reboot. In other words, you could have Windows 98 and Windows 2000 running separately from each other in your Linux PC.

-- Keeps the Windows operating system and all Windows programs isolated from Linux. A crash in Windows has no effect on your PC.

-- Connects the Linux and Windows operating systems to each other by a virtual network within the PC. No networking card is needed.

-- Allows quick cut-and-paste operations between Windows and Linux.
VMWare costs $100 for individuals or $300 for businesses. You can download a free trial copy or find out more about VMWare from the company's Web site at http://vmware.com/ . The company also sells a version of VMWare that uses Windows NT or Windows 2000 as the host operating system, but I didn't try that version. (Because Windows is less stable than Linux and because Linux is free, I can't recommend the NT version of VMWare. If you want to run VMWare, install Linux first.)

VMWare works by creating one or more virtual machines (VMs) inside the Linux operating system. A virtual machine is something that acts just like a real thing -- in this case, a PC -- while not existing at all except as a software program. In VMWare, each virtual machine acts like a totally separate computer. These virtual machines can run any version of Windows -- from Windows 3.1 to Windows 2000 -- and they can also run other PC operating systems such as Linux or the PC version of Sun's Solaris.

VMWare could be described as a PC emulator or Windows emulator, but that's not what it is. PC emulators do all their work in software, but VMWare takes advantage of a function of the Intel computer-chip design that allows the creation of a virtual machine within the processor. The virtual computer VMWare creates uses the PC's peripherals and hardware directly, just as a normal PC would. Because of the advanced multitasking of Linux, VMWare is able to make Windows run smoothly without slowing down anything on the Linux side.

Your PC needs a lot of memory -- 128 megs is the minimum for normal operation, although 96 megabytes would be OK if you can't add more at the moment -- and it needs a fast processor. My experience running VMWare on my cousins 450 MHZ Pentium II showed that you need all the speed you can get. His processor actually runs at 464 MHZ (I turned up the speed slightly), but this didn't help boost VMWare much.

My guess is that a 500 MHZ Pentium III PC would give a virtual PC speed of 100 MHZ to 133 MHZ. If this seems to be a big loss in speed, keep in mind that all other operations on the Linux PC are unaffected. I saw no perceptible loss in the speed of most other operations in Linux when Windows 98 was running in VMWare.

...so give it a try

regards...
thesolutionprovider

2006-09-08T07:11:00.000-07:00

Click here to join my group TheSolutionProvider on yahoo network
Click to join TheSolutionProvider

The basics
Grid computing is a form of distributed computing that involves coordinating and sharing computing, application, data, storage, or network resources across dynamic and geographically dispersed organizations. Grid technologies promise to change the way organizations tackle complex computational problems. However, the vision of large scale resource sharing is not yet a reality in many areas — Grid computing is an evolving area of computing, where standards and technology are still being developed to enable this new paradigm.

Why is it important?
Time and Money. Organizations that depend on access to computational power to advance their business objectives often sacrifice or scale back new projects, design ideas, or innovations due to sheer lack of computational bandwidth. Project demands simply outstrip computational power, even if an organization has significant investments in dedicated computing resources.

Even given the potential financial rewards from additional computational access, many enterprises struggle to balance the need for additional computing resources with the need to control costs. Upgrading and purchasing new hardware is a costly proposition, and with the rate of technology obsolescence, it is eventually a losing one. By better utilizing and distributing existing compute resources, Grid computing will help alleviate this problem.

The benefits of building an enterprise grid with Grid MP platform include:

Lower Computing Costs
On a price-to-performance basis, the Grid MP platform gets more work done with less administration and budget than dedicated hardware solutions. Depending on the size of your network, the price-for-performance ratio for computing power can literally improve by an order of magnitude.

Faster Project Results
The extra power generated by the Grid MP platform can directly impact an organization's ability to win in the marketplace by shortening product development cycles and accelerating research and development processes.

Better Product Results
Increased, affordable computing power means not having to ignore promising avenues or solutions because of a limited budget or schedule. The power created by the Grid MP platform can help to ensure a higher quality product by allowing higher-resolution testing and results, and can permit an organization to test more extensively prior to product release.

2006-09-06T09:54:00.000-07:00

The Anna Kournikova e-mail worm that whacked networks this week was not the work of a skilled cracker. It was created using one of the many virus-generating kits that are easily available on the Internet.

The kits, which have names like Satanic Brain Virus Tools 1.0, Instant Virus Production Kit, and Ye Olde Funky Virus Generator, make writing a virus a straightforward and uncomplicated task.

If you can install a program on a computer, you can also -- using one of these kits -- write and release a virus just like the authors of Cartman, Poppy and Kenny did.

Anna was created by a 20-year-old Dutch man who calls himself "OnTheFly" using the VBS Worm Generator, an application credited to a cracker known as [K]alamar, who is believed to be based in Buenos Aires.

[K]alamar's VBS Worm Generator 1.5 includes a well-written readme file, and an easy-to-understand point-and-click interface.

"A 10-year-old could use [K]alamar's VBS Worm Generator 1.5 to create a worm," said Ken Dunham, a senior analyst with SecurityPortal.

Sporting a polished interface with pop-up windows and handy help files that walk you right through the process, the VBS Worm Generator first asks you to name your virus and designate an author.

The writer of the Anna worm called it OnTheFly, the name he also used as its author.

In the program, the user is then asked to choose a method to spread the virus, either as an e-mail attachment or via Internet relay chat. Either way, the virus is spread via an attachment that is affixed to an e-mail or a file.

OnTheFly opted to transmit Anna by e-mail.

Then comes the fun part. The toolkit asks the user to choose up to four actions, known as payloads, which determine how the virus will affect the computers that it infects.

There are a variety of payloads: flashing sarcastic text messages to the infected machine's user, forcing the computer to connect to any designated website or making the worm crash the infected computer.

OnTheFly chose the least offensive action: Anna was coded to connect to a Dutch computer shop's website next January. OnTheFly stated in an e-mail that he assumed Anna would not be active by next year.

The Anna Kournikova worm is contained in a Visual Basic script (VBS) attachment. When the attachment is clicked, the worm sends itself via e-mail to all addresses found in a user's Outlook address book. The virus also uses encryption to hide itself, a feature included in the kit, which makes it harder for antiviral software to detect it.

"These virus kits are bad juju. People who wouldn't normally dream of releasing a virus are too tempted by the ease of writing and releasing crap with those kits," a cracker named Taltos wrote in an e-mail.

OnTheFly has admitted to being tempted, and has since expressed deep remorse for writing the Anna Kournikova worm.

"And there are going to be more and more of these viruses released, mark my words. Maybe OnTheFly did people a favor by releasing his harmless virus," Taltos said. "Maybe people will wise up and stop clicking on everything that lands in their e-mail boxes before some kiddie unleashes something that's really destructive."

Jesper Johansson, professor of computer science at Boston University, agrees with Taltos. He does not think other virus writers will be deterred by OnTheFly's legal problems.

"Criminals never think they will get caught. I think we will see a lot of 'kit' viruses," said Johansson, adding he has no respect for virus kit users.

"Do I think they are elite? No, I don't. I think they are petty criminals."
"Do they know a lot about the systems they are breaking? No. Do they have a specific objective, such as breaking into System X? No, not usually. These are simple vandals, who basically get their kicks from destroying things for other people. That does not make them elite, nor does it prove how knowledgeable they are, other than in a very narrow circle of like-minded deviants."

Virus creation kits are not new. The Mutation Engine (MtE), Virus Creation Laboratory (VCL), and Phalcon/Skism Mass-Produced Code Generator were developed in the early 1990s, Dunham said.

Richard Smith of the Privacy Foundation, said there are at least 100 virus-writing kits available on the Internet. He believes that creating viruses via kits may replacing childish stunts like prank phone calls -- but are much more insidious.

Smith, who was instrumental in tracking down the authors of both the Melissa and the ILOVEYOU worms, likened the wide availability of virus-creation kits to "giving a loaded gun to a kid."

"The main reason kids and young adults don't release more viruses is that most people know it is wrong and they don't want to go to jail," Smith said. "I think the rather heavy sentences handed out to virus writers and hackers are acting as a deterrent."

Smith believes that e-mail program vendors must also take responsibility, and should put a lock on their products.

"We need to get all the e-mail vendors (Microsoft, Netscape, Lotus, Qualcomm, etc.) to fix this problem of e-mail viruses. Dangerous file attachments such as script files and .exe files should automatically be thrown away," Smith said.

Microsoft has already made the change in Outlook with its e-mail security patch. "But I think Microsoft needs a similar patch for Outlook Express and Hotmail," Smith said. "And other vendors need to follow Microsoft's lead here."

Both Smith and Dunham said that the creators of the kits do have some cracking skills.

"If you're creating a virus-creation utility, you have to know more than the average bear," Dunham said.

But Dunham added that while viruses can easily be created with such tools, distributing them without getting into legal trouble is an entirely different manner.

Dunham said that many users might play with virus kits and only share creations with friends. But only a select few go a bit further and attempt to distribute new viruses on the Internet.

"It takes more knowledge, time and motivation to learn how to conceal your identity as well as being able to create new viruses that are different enough to not be picked up by current antiviral programs on the market," Dunham said.

Dunham also said that OnTheFly demonstrated a great grasp of psychology when he dubbed his worm after the sexy tennis star.

"Imagine if that attachment had been named after someone else. Would that have made a difference? What if Anna had been called SeanConnery.jpg.vbs? You might get only 40 percent of Anna's share on the market with that one."

Dunham thinks that an ElvisPresleyLives.jpg.vbs could be really successful, but believes that something like ExplicitHotPorn.jpg.vbs would have the greatest potential.

"It has everything the average employee is looking for when reading e-mail," Dunham said. "Attachments such as TasksToComplete.jpg.vbs would not be popular."

2006-09-06T08:47:00.000-07:00

we have seen all kinds of viruses!!

we have seen all kinds of viruses!!
but the worst one's are those which you get when you have them
in your belongings..be it your body or your machine.
but wer'e here to talk only about the viruses that exist on the machine.

let me start of with a brief intoduction about viruses and then let me move you to methods of detection and fianlly i will also suggest you some of the best ANTI-Virus solution available in the market.

so let's begin with the very basic defintion

First, what is a virus?

A virus is simply a computer program that is intentionally written to attach itself to other programs or disk boot sectors and replicate whenever those programs are executed or those infected disks are accessed. Viruses, as purely replicating entities, will not harm your system as long as they are coded properly. Any system damage resulting from a purely replicating virus happens because of bugs in the code that conflict with the system's configuration. In other words, a well-written virus that only contains code to infect programs will not damage your system. Your programs will contain the virus, but no other harm is done. The real damage--the erasing of files, the formatting of hard drives, the scrambling of partition tables, etc.--is caused by intentional destructive code contained within the virus. Generally, the destructive part of a virus is programmed to execute when certain conditions are met, usually a certain date, day, time, or number of infections. An example is the now infamous Michelangelo virus. This virus can run rampant on your computer for months and you won't notice that anything is wrong. That is because even though your hard disk's master boot record is infected with the virus, the destructive code has not yet been executed. The virus is programmed to trigger its destructive code on March 6, Michelangelo's birthday. Therefore, if Michelangelo contained no destructive code, nothing bad would happen to your computer even though it was infected with a virus.

An important thing to remember is that not all virus attacks produce catastrophic results. For example, one of the most common viruses in the world is called Form. I got Form from a floppy disk given to me by a friend who didn't know he had the virus. In fact, I didn't know I had it either until I received a call from a company to whom I mailed my resume using that floppy disk. They called me, not to tell me that I got the job, of course, but rather that my computer had the Form virus. How embarrassing! Apparently, Form had been on my computer for a long time, but its effects were so slight that I never noticed it. The only peculiarity I encountered was a clicking sound that emitted from my PC speaker every time I pressed a key, but this only happened for one day. Later, I learned that Form is programmed to trigger this action on the 18th of every month. Other than that, it doesn't contain any destructive code.

The only other time my system actually became infected was considerably more serious. It happened only a few months ago on the job. I was scanning a large stack of diskettes for viruses when I was distracted by a phone call. After completing the lengthy call I turned my computer off and took a short break. When I returned I booted my computer, forgetting that I had left a diskette in the A drive. I discovered my error when the floppy drive began to spin. At that point I also noticed that the disk was being accessed far too much for a non-system disk. Upon rebooting from the hard drive, I quickly realized my mistake. A virus called Junkie was all over my hard drive. It had infected command.com, as well as my screen reading software and all associated drivers. The Junkie virus was alive in the boot sector of the diskette that I inadvertently left in the drive, and it ran wild when I accidentally tried to boot from it. Junkie is a perfect example of a virus that, if written properly, would not have damaged my system. It contains no destructive code. It simply replicates by infecting .com files. However, not all .com files are structurally accurate. Without getting too technical, .com files are raw binary data read by your computer, and .exe files need to be interpreted first. There are some files, particularly ones used by memory management software, that have .com extensions, but that are actually written more like .exe files. When Junkie infects one of these types of files, it becomes corrupted because it is essentially an .exe file, but Junkie has appended .com-like instructions to it; similar to repairing a can opener with parts from a toaster.

After the near heart attack I had during my battle with the Junkie virus, I began to study the phenomenon very seriously, and since then, though I have run into many viruses on the job, none of them has infected my computer. This is because I now have an effective antivirus strategy in place.

What Is A Macro Virus?

The most common viruses that infect computers today--viruses such as Concept, Nuclear, Showoff, Adam, Wazzu, and Laroux--are macro viruses. They replicate by a completely different method than conventional viruses. We said earlier that a virus is a small computer program that needs to be executed by either running it or having it load from the boot sector of a disk. These types of viruses can spread through any program that they attach themselves to. Macro viruses can not attach themselves to just any program. Rather, each one can only spread through one specific program. The two most common types of macro viruses are Microsoft Word and Microsoft Excel viruses. These two programs are equipped with sophisticated macro languages so that many tasks can be automated with little or no input from the user. Virus writers quickly realized that it would be possible to construct self-replicating macros using these languages. The reason why this is possible is because Word documents and Excel spreadsheets can contain auto open macros. This means that when you open a Word Document in Word or an Excel spreadsheet in Excel any auto open macros contained within the document will execute automatically and you won't even know it's happening. In addition to auto open macros, both of these programs make use of a global macro template, which means that any macros stored in this global file will automatically execute whenever something is opened in that program. Macro viruses exploit these two aspects to enable themselves to replicate.

Here's how it works... You open an infected document in Microsoft Word. (Remember, Word documents can contain auto open macros). These macros, which in this example, contain a virus, execute when the document is opened and copy themselves into the global template that Word uses to store global macros. Now, since the infected macros are now part of your global template file they will automatically execute and copy themselves into other word documents whenever you open any document in Microsoft Word. Excel macro viruses work in relatively the same way. Because Word documents and Excel spreadsheets contain auto open macros it is important to think of them as computer programs in a sense. In other words, when you open Word documents in Word, or excel spreadsheets in Excel, you could be executing harmful code that is built right into the objects you're opening. They should be checked thoroughly for viruses before you open them in their respective programs. It is important to have an effective anti-virus strategy in place to prevent infection by these and all other kinds of viruses.

How to avoid viruses...?

Anyone who does a lot of downloading, like me or accesses diskettes from the outside world on a regular basis should develop an antivirus strategy. The most important weapon in your antivirus arsenal is a clean, write-protected bootable system diskette. Booting from a clean write-protected diskette is the only way to start up your system without any viruses in memory. No virus scanner/cleaner of any quality will run if there is a virus in memory because more programs can be infected by the virus as the scanner opens the files to check them. This diskette should also contain a record of your hard disk's master boot record, partition table, and your computer's CMOS data. Most antivirus packages contain utilities that can store this information for you. Lastly, this diskette should contain your favorite scanning/cleaning software because a virus may have infected this program on your hard drive. Running it from a clean diskette will ensure that you're not spreading the virus further.

A second effective defense against viruses is a clean backup of your hard drive. Many antivirus packages will attempt to disinfect infected programs for you so that the virus is no longer in your system. However, there are times when removing the harmful code from programs or from the master boot record does not solve the problem completely. Some programs may not run properly because their code has been altered, or your system may not boot properly because of the alterations made to the master boot record. In addition, there are some viruses, Midnight for example, that encrypt or scramble the data files associated with a program which are then descrambled by the virus when the program is executed. If you remove the virus from the program the data is still scrambled and the virus is not there anymore to descramble it. A good reliable backup ensures that all of these problems are solved and everything is back to normal.

The third part of your antivirus strategy should be antivirus software, preferably more than one package since no one product can do everything. There are many products out there to help you guard against viruses. Since other people have gone to great lengths to review these products I am not going to go into detail about them. I will briefly talk about which programs I use to give you an example of how antivirus software can be used, but please remember that these are only my opinions and should not be considered advertisements for other companies...

some terms you must know

MBR: Master Boot Record

The master boot record is, in a sense, a small program that is automatically executed when the computer is booted. It resides in the hard drive's master boot sector which is located at the very beginning of the drive. The main function of the code contained within the MBR is to give the operating system valuable information about how the hard drive is organized. Since the MBR is accessed so early on in the boot process, it is an excellent target for viral infection. A boot sector virus will overwrite the MBR's code with its own code so that it is executed first. The virus will generally copy the actual MBR to another place on the hard drive and give control back to it after the virus gets a chance to execute.

Partition Table The partition table is a small storehouse of information that tells the operating system where to look for its specific boot code. It is located in the master boot sector and is read by the master boot record at bootup. Thus, if you had both DOS and Linux installed on your hard drive, the partition table would contain the information pointing to the boot code of each of these operating systems. This information is often either moved, or encrypted by boot sector viruses.

CMOS The CMOS, complimentary Metal Oxide Semiconductor, is a small segment of internal memory which contains vital information about your entire computer: its number of drives, their size, amount of RAM, etc. Without the information contained in the CMOS your computer would be virtually useless. At the present time, only a handful of viruses, most notably exebug, will target the CMOS.

.com file A .com file is a program that ends with an extension of .com. The vast majority of PC-based viruses are .com programs. There are several reasons for this. The most important reasons are: 1) Since .com programs contain instructions that can be executed by a computer without interpretation they tend to operate faster. 2) .com programs are much more compact than their .exe counterparts so they are easier to hide. 3) In DOS, except for internal commands, .com files will always execute before any other program of the same name with a different extension. For example, if you have three programs called chart.com, chart.exe, and chart.bat in the same directory, typing "chart" will execute chart.com. A special type of virus called a companion virus exploits this situation by searching for a file with an .exe extension and creating a hidden file of the same name with a .com extension containing a virus. Thus, typing a program's name will execute the virus first, (since it has a .com extension), then code contained within the virus will start the actual .exe program.

.exe file A .exe file is the most common type of program in the PC world. Though they are not as compact as .com programs, they provide a great deal of functionality and flexibility in terms of what they can accomplish. Viruses that can infect .exe files generally have a better chance of surviving because there are more places in an .exe file for a virus to hide. All .exe files begin with a header that tells the program how large it is an how much memory it needs to allocate. After the header there is a blank space, usually about 512 bytes long, that contains nothing but blank characters. This space is a perfect place for a virus to hide itself. Since the virus is simply filling a blank space in the file, the size of the infected file does not change, making the infection much more inconspicuous.

TSR TSR stands for terminate, but stay resident. A TSR program will remain resident in your computer's memory after it executes. Programs such as memory managers, disk caching software, and device drivers reserve a section of your computer's memory so that they can continue to perform their function for the whole time your system is turned on. Many viruses, (particularly boot sector viruses), will stay resident in memory so they can spread to other disks and programs much faster and more transparently. In addition, once a virus becomes memory-resident it is much harder to detect because it can monitor every action taken by your computer and cover its tracks accordingly.

how anti viruses work??

Anti-virus software typically uses two different techniques to accomplish this: Examining files to look for known viruses by means of a virus dictionary Identifying suspicious behavior from any computer program which might indicate infection Most commercial anti-virus software uses both of these approaches, with an emphasis on the virus dictionary approach.

Virus dictionary approach In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary of known viruses that have been identified by the author of the anti-virus software. If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file.

To be successful in the medium and long term, the virus dictionary approach requires periodic online downloads of updated virus dictionary entries. As new viruses are identified "in the wild", civically minded and technically inclined users can send their infected files to the authors of anti-virus software, who then include information about the new viruses in their dictionaries.

Dictionary-based anti-virus software typically examines files when the computer's operating system creates, opens, and closes them; and when the files are e-mailed. In this way, a known virus can be detected immediately upon receipt. The software can also typically be scheduled to examine all files on the user's hard disk on a regular basis.

Although the dictionary approach is considered effective, virus authors have tried to stay a step ahead of such software by writing "polymorphic viruses", which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match the virus's signature in the dictionary.

Suspicious behavior approach

The suspicious behavior approach, by contrast, doesn't attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to write data to an executable program, for example, this is flagged as suspicious behavior and the user is alerted to this, and asked what to do.

Unlike the dictionary approach, the suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any virus dictionaries. However, it also sounds a large number of false positives, and users probably become desensitized to all the warnings. If the user clicks "Accept" on every such warning, then the anti-virus software is obviously useless to that user. This problem has especially been made worse over the past 7 years, since many more nonmalicious program designs chose to modify other .exes without regards to this false positive issue. Thus, most modern anti virus software uses this technique less and less.

Other ways to detect viruses

Some antivirus-software will try to emulate the beginning of the code of each new executable that is being executed before transferring control to the executable. If the program seems to be using self-modifying code or otherwise appears as a virus (it immeadeatly tries to find other executables), one could assume that the executable has been infected with a virus. However, this method results in a lot of false positives.

Yet another detection method is using a sandbox. A sandbox emulates the operating system and runs the executable in this simulation. After the program has terminated, the sandbox is analysed for changes which might indicate a virus. Because of performance issues this type of detection is normally only performed during on-demand scans.

now for some good antiviruses for u other than normal onesItalic text... (FULL VERSIONs)

Sophos Anti-Virus provides best-of-breed anti-virus protection for file servers, desktops and laptops on a wide range of platforms, including Windows, Macintosh, Linux, NetWare and UNIX. It also protects NetApp Storage Systems.

download link -- http://urlsh.com/?WKXY98cC

CA eTrust PestPatrol Anti-Spyware v8.0.0.7 provide powerful protection against spyware, adware and other non-viral threats. These threats are rapidly growing, causing PCs and networks to slow to a crawl, increasing helpdesk calls for IT departments and introducing new and dangerous security and privacy risks that can expose your confidential information. These solutions offer business-grade anti-spyware protection that detect and remove spyware in real time, streamline management and update you on the latest threats, enabling you to surf the Web with confidence.

download link -- http://rapidshare.de/files/27889159/share_id_4_rancord.rar.html

ClamWin is a Free Antivirus for Microsoft Windows 98/Me/2000/XP/2003. It provides a graphical user interface to the Clam AntiVirus engine. It features a command line interface for scanning files, updating the virus definitions, and a daemon for faster scanning needed on high performance systems

download link --http://puzzle.dl.sourceforge.net/sourceforge/clamwin/clamwin-0.88.4-setup.exe

Portable Anti-Virus AIO package...

download link --http://rapidshare.de/files/28253134/Port_Antivir.rar

The Best in AntiVirus 6 in 1

except for the norton which is also present in the package..

download link --http://rapidshare.de/files/10624896/AtV.rar.html password... www.soft-force.com

Avira AntiVir PersonalEdition Premium 7

download link -- http://rapidshare.de/files/28486523/antivirys.rar

Panda Titanium Antivirus keeps your computer safe from attacks from all types of viruses, worms and Trojans. To guarantee your peace of mind, it also incorporates TruPrevent Technologies capable of detecting and blocking unknown viruses that can slip past traditional antivirus products. It includes anti-spyware and anti-dialer software along with firewall technology against hackers

download link --http://rapidshare.de/files/15704939/Panda.Titanium.v5.rar password : www.2baksa.net

this is what all i have provided you people with the details.. any more quiries just post it on the group..

regards.. TheSolutionProvider