Sunday, September 7, 2008

viruses on the international space station

this past week there was a lot of buzz surrounding the news that an autorun worm had infected 2 laptops aboard the international space station... i wasn't sure i was going to bother saying anything about it at first but then i decided it might serve as an interesting object lesson so let's look at what we can learn from this event and what could have been done differently....

my first reaction when reading of the event was that this just goes to show how pernicious and autonomous self-replicating malware truly is... that notion (that viruses/worms are somehow worse or more autonomous than other forms of malware) has been scoffed at in the past but viruses in space stand as a testament to their ability to get into places no one intended or would have imagined... no other form of malware besides self-replicators would have been able to find new victims in that sort of environment...

another thing we can learn from this is to stop clinging to the fantasy that the only kind of malware we need to worry about anymore is the new stuff, that old-style viruses and worms aren't worth worrying about anymore... this wasn't brand new malware, it wasn't state of the art, and it wasn't something researchers on the bleeding edge would have taken notice of even when it was new... the malware threat landscape isn't composed exclusively of novelties, there's a heck of a lot of banality out there as well...

yet another lesson is that can be learned is that for all the whining about how AV is failing, at least some of the evidence used to support that argument (in other words, some of the failures) is actually a result of not using AV in the first place, not keeping it up to date, or not following the various other best practices for AV...

actually using an AV program is the first thing the astronauts and/or NASA could have done differently... while i'm sure there are plenty of arguments for why one might not want an anti-virus program on them, such as highly critical real-time processing of experimental data, these were laptops running windows and so were already unsuitable for real-time processing ('what do you mean the OS must have been busy don't something else during that time period?')... i assume someone up there must have had AV or else we wouldn't have a name for the malware...

failing that, they could have used some other sort of anti-malware technology like application whitelisting... in fact, considering the environment that might even be a more appropriate approach since it's unlikely that astronauts need to introduce new software to those machines very often... that is unless part of their job requires them to rewrite or apply patches to software being used in the experiments to collect/analyze data... come to think of it, that might actually be the case - it's not like the folks designing the experimental payloads have a lot of chances to test and debug their software under real-world conditions when the real-world in question is actually out of this world...

the astronauts could have operated the machines under non-administrative accounts - actually there isn't really anything to suggest they didn't, nor is there anything specific to an autorun worm's replication technique that should require administrative access... despite a previous post i made highlighting the ways in which least privilege can fail to stop malware, it still is fairly effective against a lot of existing malware...

they could have disabled autorun on those machines - in fact, they probably still should disable it... autorun is purely a convenience feature for the technologically inept; hopefully that's not the sort of folks NASA is sending into space (then again, they did get infected by somewhat old malware)...

finally, they could have used something other than windows machines... although technically not immune to malware, macs and linux machines have a far smaller pool of threat agents to worry about and the lower population density means that they are less connected to other similar endpoints that could pass on something they'd be susceptible to... of course, once again this is likely subject to what the machines are being used for - if they're running or monitoring experiments with them then they may be stuck with whatever the people who designed those experiments wrote their software for (and considering the cost of doing anything in space, cutting corners on the ground and using cheap windows developers is pretty likely)...

according to NASA this is not the first time they've had a virus infection in space... let's hope they also look at these sorts of events as learning experiences and figure out how to do things better in future...

src="" width="88" height="31">

Monday, July 28, 2008

Best antivirus Software

2007 BEST AntiVirus software:

Golden:BitDefender AntiVirus
Copper:Quick Heal antivirus software
04:PC-cillin AntiVirus
05:ESET Nod32 antivirus software
06:McAfee VirusScan
07:Norton AntiVirus
08:AVG Anti-Virus
09:eTrust EZ Antivirus
10:F-Secure Anti-Virus
12:AVAST! AntiVirus
13:Panda Titanium
14:F-Prot antivirus software

Antivirus software are computer programs that attempt to identify, neutralize or eliminate malicious software. The term "antivirus" is used because the earliest examples were designed exclusively to combat computer viruses; however most modern antivirus software is now designed to combat a wide range of threats, including worms, phishing attacks, rootkits, trojan horses and other malware. Antivirus software typically uses two different approaches to accomplish this
These are the world renowed BEST AntiVirus softwares

Need of anti virus software...

By practicing responsible web surfing and email handling most Internet users can and do cut their virus threats down to one every blue moon, the anti virus program on the other hand is with you every day of your life.

So why do many anti virus packages try to attract attention, take up lots of resources and generally just bug the life out of you every day, all this to prevent a relatively rare occurrence.

Anti virus software create little popups to inform you of every single program trying to access the Internet, tell you in freaky computerized voices that they have been updated, suck a load of your computers resources, cause your computer to lag on startup as they start their scan services; just to name a few problems.

New VIPRE Antivirus + Antispyware

For the more technically inclined VIPRE offers several useful bonus tools. If you enable the Secure File Eraser, you get a menu item to the right-click menu for files and folders that lets you permanently erase sensitive data. Specifically, Eraser overwrites the file three times before erasing it. The erases recently used file lists and other traces of computer and browser activity for several dozen popular programs. And the PC Explorer offers a view of many system settings that are relevant to security.

Probably the most useful PC Explorer elements are the list of startup programs and running processes. For each program it displays the name, publisher, and description along with an icon identifying that program as safe, suspicious, hazardous, or unknown. These are strictly informational—you can't remove a program from the startup list or terminate a process.,2817,2326532,00.asp

Friday, June 27, 2008

Avast! Antivirus Professional Edition

The professional solution to great protection avast! 4 Professional Edition represents the best antivirus protection avast! 4 Professional Edition comes with anti-spyware, anti-rootkit and strong self-protection built-in. It is designed to protect your valuable data and programs, as well as keep itself up-to-date and has the kind of built-in features that many vendors charge for additionally, or don’t include at all. Simply install and forget. All-inclusive, comprehensive protection avast! 4 Professional Edition includes ANTI-SPYWARE protection, certified by the West Coast Labs Checkmark process, to protect against the latest spyware threats and ANTI-ROOTKIT DETECTION based on the best-in class GMER technology, built in to the scan engine. No additional purchase is required. Simple to use and automated Just install and go. Automatic incremental updates provide real-time protection of your system, including web surfing. We’ve made avast! antivirus as simple to use as possible, while allowing full control of your security.-
Fast direct download Avast!

Spyware and Winlogon

Do you know what is Winlogon?

Winlogon creates the desktop for the windows environment.

The registry key is located at:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

Just by adding an ADDITIONAL shell (to the default explorer application) a spyware program can get itself loaded on windows startup.

"The Shell key value can contain a comma-separated list of programs to be executed. Explorer is the default shell program and will be executed if the Shell key value is null or not present. By default, Explorer is listed."

Editing the Windows registry-
You can use either regedit.exe or regedt32.exe to modify the registry. Under Windows XP and Windows Server 2003 there is no difference.

However if you are using Windows NT 4 or Windows 2000 then regedit.exe would have a few restrictions and is recommended only to search the registry (to view the restrictions, please refer to the references below)

Tuesday, June 24, 2008

Hacker Pleads Guilty to Attacking Anti-phishing Group

A California hacker has pleaded guilty to launching a Valentine's Day 2007 computer attack that nearly knocked an anti-phishing Web site offline.

21 year old Gregory King pleaded guilty Tuesday in federal court to two counts of "transmitting code to cause damage to a protected computer," for launching distributed denial of service (DDOS) attacks against the Castlecops anti-phishing Web site and Killanet, an online forum for gamers and graphic designers.Read more..