tansqrx

I don’t think you should pick on Windows and call it buggy. The first rootkits were created for *NIX years before it caught on for Windows.

As mentioned before, the purpose of disabling the task manager is to lock the computer down for unprivileged users. It is a supported design feature in Windows that can be enabled along side of things like disabling the run button on the start menu.Has anyone gone to the site mentioned in the third post (http://forums.xisto.com/no_longer_exists/)? It appears to be a virus site to me. There is no information and it pushes you to only download the program. I also experienced several pop-ups and script error messages. This all indicates a possible virus.All of this is under the title of rootkits. The main purpose of a rootkit is to hide processes or activates from the user. It also goes a step further and runs at the kernel level. This makes it extremely difficult to defend again once the rootkit has successfully entered the system. You can forget about antivirus because the file system is lying to the antivirus application about what is on the system. I just got through a great book a few months ago called “Rootkits: Subverting the Windows Kernel” (https://www.amazon.com/Rootkits-Subverting-Addison-Wesley-Software-Security/dp/0321294319). It basically tells you how to do exactly what is in this thread. All of the example are in C and it is very technically oriented so be prepared for a difficult read. Overall I will recommend it to anyone interested in this area of computer security.

There is a new story on Slashdot (https://it.slashdot.org/story/07/10/22/1851226/new-password-recovery-technique-uses-cpu-and-gpu-together) today about an article (https://www.helpnetsecurity.com/2007/10/22/patent-filed-for-revolutionary-technique-to-quickly-recover-lost-passwords/) that could possible speed up password cracking by a factor of 25. ElcomSoft (https://www.elcomsoft.com/) has filed for a patent for a technique that uses both the CPU and GPU (graphics card) in a modern computer. ElcomSoft is a known software company that has specialized in selling password cracking software for many years. I have personally bought their software for the purpose of discovering how Yahoo! Messenger stores its passwords. Password cracking is a very shady area but it appears that ElcomSoft can actually be trusted.The idea of using the GPU is not particularly new. The idea has been thrown around for several years but to my knowledge this is the first wide-spread practical application that has bee proposed. The science of cryptography has always been similar to the virus-antivirus arena. It is a rat race to one up the other side. It will be interesting to see which algorithms are susceptible to this attack and how the crypto community will react.

I have always found that it’s not the boot time that matters but the responsiveness of windows after it is booted. This matters even less if you do not reboot your computer everyday. Why obsess over an action that is only one half of one percent of the time that you spend on your computer anyway. My suggestion is to turn the computer on and go get a nice cup of coffee.My tweeking has always been geared toward getting the OS more functional once it has booted. Currently I don’t have much problem in this area as I have a fairly modern processor and more than enough RAM. (As mentioned earlier RAM is usually the key.) Fortunately keeping a smooth running system overlaps in many of the areas as speeding up boot times.•Get rid of all of those annoying programs that absolutely insist on installing at startup. This has already been covered well.•You can also kill some more obscure Windows services.•I like to use TweekUI from Microsoft.•Much of my tweeking goes into getting the OS just the way I like it. Enabling extra security, making the look and feel of XP more like 2000, and efficiently organizing my shortcuts.One point that turbo brought up was the firewall and antivirus. I will have to agree that these two programs will slow down your machine more than anything. You could have 100 startup programs and the combined effect will not come close to the processing power needed by a resource hogging antivirus application. In my honest opinion I can not recommend not going without antivirus. Instead I would recommend a light-weight antivirus and the standard Windows firewall. If you have Norton or McAfee then you have just identified your problem and finding a better antivirus will automatically cut 30 seconds from your boot time. I personally use Avast! But I know it is not the smallest or least resource hungry.My thinking is this. Why bother with 20 seconds during boot when you are wasting 30 minutes a day waiting for the hour glass to stop spinning or looking for a misplaced shortcut. Streamline your environment and you will same tons more time than fighting with the boot process.

A product that you might want to look into is nClover at http://www.ncover.com/. Clover is a code coverage and unit test tool that has many of the features that you are looking for. Quite frankly it is over kill for what you are looking for but it will certain get the job done. It is free and using code coverage analysis may be a good habit to pick up especially for production software.

My hats off to you yordon! This whole discussion brings back nightmares of MATH 431 – Complex Variables. I failed it the first time around and barely got through it the second time. I will certainly say that you retained much of your higher education where I was glad to forget it the first chance I got.The biggest thing that you should remember that “i" is not simply the square root of -1. It is better represented as a+ib. The prior is what is commonly taught in high school math.

My choice of Hotmail is more historical than anything else. I setup my Hotmail account just after Microsoft bought Hotmail which was many years ago. Since then I have used it as my primary account for just about everything I do. All of the other accounts that I have are all forwarded to the Hotmail account.I use Hotmail not because I think it is the best but because it would be almost impossible to switch. I still have contacts from over 10 years ago that occasionally send me a message. Microsoft could certainly make me happier but it works good enough to bare the pain. The only feature that I wish they had was forwarding.

You missed the best one of them all, Yahoo! Coders Cookbook, ycoderscookbook.com. And yes this is self promoting.

Another possibility would be to use one of the antivirus programs that you boot from a CD. This way you can delete all of the files that are currently being used by the OS. The big thing to remember is to update your definitions before running it.My personal favorite is to remove the hard drive from the afflicted computer and mount it in a known good system as a data drive. Boot the good OS and then run virus scan on the data drive. This only woks if you have a second machine but I am fortunate and have many such systems.

I will have to agree with you but it is not a sure thing even with very intelligent virus scanners. The proof? I have actually done what I suggested above and the top of the line, up-to-date scanners from all the major publishers simply said âohh thatâs a nice program. Nothing wrong with itâ and let it run. Many of the current scanners do run heuristic scans. This means that in general a virus will exhibit certain tendencies and use certain API calls. Even if you do not have an exact MD5 hash of a particular virus, you can still guess to a certain degree if a program is performing âvirus likeâ activities. The effectiveness of this scheme is somewhat debated. On one hand you want to find every single program that does DLL injecting because it exhibits âvirus likeâ behavior. On the other you will get about 50 false positives an hour looking for DLL injections because although a lot of virus uses this technique, a lot of legitimate programs do also. The antivirus company has to decide how tight they want to make the heuristic algorithm. From what I can tell there is a lot of black magic going on behind the scenes in heuristics and you just canât predict the outcome. From personal experience I would have to say that heuristics do not work unless you try to modify a very will know virus.

Here’s the real question. What are the “tune up” utilities everyone is using? Back in the day I used to use Norton Utilities to keep everything going smoothly. My personal favorite was the Windows Cleaner.Now days I don’t have anything and I can’t say that I can tell much of a difference. I keep antivirus and a firewall running all the time and I periodically check for spyware using SpyBot. When I first configure my machine I always set the security policies and run TweekUI form Microsoft. After installing all the programs I clean out the startup registry keys and certain services. That’s about it.If you don’t think this is enough or you think I could see a real performance gain from running a “tune up” program let me know what you recommend. The requirements will be that it helps more than it does harm, is free, and preferable open source.

The Yahoo! Messenger development team announced that there have been a few minor upgrades to the web version of Yahoo! Messenger (http://forums.xisto.com/no_longer_exists/). From what I can see nothing major has been added except for SMS to mobile users and a few new languages for India. Apparently the web version of Messenger has taken off in India as nine new languages are added for that region. You add the support for the biggest demand.

Thanks for the feedback. That sounds close to the same version that I have. I will give my account another look to make sure nothing else is causing it.

You have learned one of the first lessons of the bad guys. Antivirus programs rely on virus definitions to work. If the definition for a particular program is not present then no red flags are thrown.For the most basic antivirus this is how it works. The antivirus program hooks all the Windows API’s for opening a file and starts to listen. Then a file is opened the antivirus opens the file itself and creates a MD5 hash of it. The antivirus then goes to its database and sees if a corresponding hash exists. If it does then it is flagged and not opened, else nothing happens. This is why it is important for users to always keep their antivirus definition up to date.There are a few ways around this. The best is to simply recompile the program if you have the source. You can take the meanest, nastiest virus that any antivirus would smell from a mile away and make it “clean” again by simply recompiling the source. A few years ago when antivirus companies decided to put “Potentially Unwanted Programs” into their databases I started having problems. Norton decided one day to delete a whole slew of regularly used programs with absolutely no warning (I no longer use Norton). These were not viruses or even malicious in nature but in the wrong hands they could be so they were just deleted. The most notable example is NetCat. I use NetCat all the time to communicate to my other computers. Having it deleted every time I put it back on my hard drive got really old so I fixed the problem permanently. I downloaded the source and recompiled without any changes at all to the code. I haven’t had any problems since.I almost forgot the other solution.If you don’t have access to the source you can edit the binary code. This is not for the faint of heart and it doesn’t work as well as recompiling. The best way is to open the .exe in a hex editor and change one of the strings. The replaced string must be the exact same length as the original and it must be something that is in the program (not one of the standard .exe header strings). A good target might be what is displayed in the About box of a Windows form or the help output for a command line program. Change a few of these and the MD5 hash will not be the same.

Here is a related question. If someone else gets hacked on the same server that I am hosted at, how does this affect me? Is the server hardened enough to prevent any cross account hacking. I know that each account is protected from others to a certain extent but once a machine has been taken over can you really trust it?

Over the past few days (It is September 23, 2007 now) I have noticed what appears to be a bug in Yahoo! Messenger concerning unread mail. No matter if there are unread messages or not, Messenger always reports new mail. I have even gone through the trouble of deleting EVERYTHING from my mail account and it still pops up. The same behavior happens on Yahelite and Pidgen so it is a server side bug. Yahoo! has been upgrading their server so I would expect that this is a side effect of some of the upgrades.Of course this could be confined to me so let me know if you are also having this problem.

This sounds a lot like security through obscurity. Basically if you want to “hide” the drive you should take real steps to protect the data. If someone really wants to know about your drives they are not going to use Windows Explorer but some more sophisticated forensics tool. This may be a good parlor trick but I would not trust it beyond that.

I have never heard of hipergate before but some of their applications look interesting. Does this mean that Xisto member will benefit from this installation also?

I was also going to suggest a captcha system similar to Rapidshare. It seems like every time I am there the font changes for the captcha.

The latest blog post from the Yahoo! Messenger development teams is about Discovr, a proposed new way of sharing Messenger contacts. As is stands Messenger is a closed social community. It is very hard to discover new buddies unless you start trolling around the chat rooms or have a buddy in real life. Discovr is a method to make Messenger more like Facebook or Myspace where everyone knows who your friends are. Discovr came from Hack Days, a common occurrence at Yahoo! that encourages different departments to throw out new ideas. (To think Yahoo! actually names it Hack Days is a surprise in itself.) The new system would only list your friends friends and not which friend they came from. This will in itself help to insulate some of the privacy concerns surrounding this new proposal. From the comments I am reading in the postbacks I can not say this idea will be welcomed by many in the community. An overwhelming majority of posters did not like the idea for fear of privacy concerns. As one poster put it: Another poster did not think it was a big issue because tabbed IM windows were previously proposed at a previous Hack Day and that has clearly yet to materialize. For anyone who depends on inherent privacy through Yahoo! Messenger, I would suggest segregating your wife and 3 girlfriends into different Yahoo! IDs before this is implemented.

I useful too that I have found is SpaceMonger (http://www.stardock.com/products/spacemonger/). SpaceMonger is a free utility that graphically displays how much space a file or directory is taking up. You can quickly look at the diagram that it generates and see that large DVD rip sitting on your hard drive. The larger the file, the larger the rectangle it generates.There are also a few other possibilities if Windows is the only thing on your primiary drive. Take a look at the Internet Explorer cache size. Tools > Internet Options, Settings button under Temporary Internet Files for Internet Explorer 6. Out of the box Internet Explorer tends to take a lot of space for caching. Another place to look is the size that the Recycle Bin is taking. Right click Recycle Bin > Properties. Yet another is System Restore. Right click My Computer > Properties, System Restore Tab.I hope this helps you out a little.

The trick about scvhost is it should only run under system credentials. That is when you view the Task Manager and look at the User Name (view > select columns.. if you don’t see it), you should only see SYSTEM, LOCAL SERVICE, or NETWORK SERVICE. If you ever see your logged on user name then you have a problem.

I can give it a try but you will have to post the results.As a side note, several legitimate programs use rootkit type technologies in their functionality. I know several years back Norton Antivirus hid its definition files from the OS. This worked really well to keep viruses from attacking the definition files directly. No one realized what was going on until programs such as rootkit revealer were created and a bunch of suspicious files were popping up. Since then I have heard of several non-rootkit files being detected. You could call them a false positive. Like I said before post the results and I am sure there are several individuals here that can help you.

Just in case you haven’t been keeping up with Yahoo! Chat, it looks like a new sheriff is in town (http://forums.xisto.com/no_longer_exists/). Just before the Labor Day weekend Yahoo! started making users enter a captcha before they could enter a chat room. This could possibly mean that the chat rooms will be bot free for the time being.My first impression of the system was not that bad. I logged in with Yahelite and was quickly prompted to enter the captcha in a separate dialogue box. I do have to admit that the process did get very tedious as you have to enter the captcha every single time you change rooms. This is very hard on me because I tend to change rooms almost every minute. I have also noted that the captchas are getting longer. This is most likely to make it harder for captcha guessing program to work.My impressions of the new system quickly went down hill once I tried to chat from the official Messenger client. Instead of a dialogue box, a hyperlink appears. The link opens your default web browser where you are then presented with the image and a space to enter the text. The soon became way too bothersome and I reverted back to Yahelite.The last comment on this new scheme is one of bot evolution. The captcha for chat is brand new and thus the bot writers have not had time to catch up. As I have discussed before, there are already programs that can correctly guess the captcha more than 95% of the time. It is only a matter of time before these technologies are adapted to chat bots once again. Even if the majority of bots do adapt, the less programming adept writers will be left out and thus few bots will be in the rooms, even in the long run.

I would actually recommend VNC over any commercial solutions out there. Its free and open source, did I mention it is free? I use tightVNC on all of the computers in my LAN.