tansqrx

Throughout this tutorial the main objectives has been covered. Part 12 describes the exact packet structure generated by the shared files boot. Part 15 shows that it is possible to write a booter from the ground up only using information gathered through a network sniffer. Parts 16-18 shows that a booter performs its work by creating a timing fault that in turn cases the stack to be corrupted and an access violation generated. Part 18 also explores why injection of arbitrary code is not possible using current booter technology. In my closing opinion, I believe that Yahoo! has dodged the bullet for this exploit. This particular exploit has been in existence since mid-2004, and even with auto updates, Yahoo! has failed to fix this problem. If the stack corruption had occurred in any other place it may have been possible to run arbitrary code and a much more serious situation would occur. Program bug removal has always been a large problem for coders, especially with such a large user base as Yahoo! Messenger. There are hundreds if not thousands of rogue users all working against Yahoo! Messenger and the YMSG protocol. The question is not if another booter will expose itself but when. When the next round of booters are released, will random luck cause the program to crash in the program execution path or will it open a new door to run injected code? Only time will tell.

The holy grail of any exploit is to be able to run arbitrarily injected code. If code from the attacker can be run on the target system, in most cases the attacker just gained full control of the target system. An attacker can inject previously tested shellcode onto the victim machine and at the very least spawn a command prompt. The primary focus of this paper is to take the act of booting from annoying DoS attacks to much more sophisticated and dangerous remote code execution attacks. To analyze and follow the execution of Yahoo! Messenger, break points and analysis of the system stack was performed at key points. It is found that the stack is corrupted with the address 00730079 shortly after one of the registry accesses during the first packet. Because of the large amount of commands executed between packets, it still not clear as to which command causes the corruption or the exact timing of the corruption. While analyzing the stack after a crash, it is also found that the address of 00730079 is not completely random. When converted to UNICODE characters, 00730079 is the string âysâ. Looking further down the stack after a crash it is found that the string âD:\System\Program Files\Yahoo\Messenger\Ypager.exeâ is passed as an argument several times. In the case for this computer, âD:\System\Program Files\Yahoo\Messenger\Ypager.exeâ is the path for the Yahoo! Messenger executable. It is not hard to see that the string âysâ, aka 00730079 is actually part of the string D:\System\...â. While performing an earlier operation, the Messenger executable path overwrote a valid stack entry and eventually caused the access violation. Table 4 shows the system stack immediately after the crash. The address 00730079 (âysâ) and the Messenger executable path are both highlighted. Table 4 - Stack In short it is found that the ultimate goal for this paper, arbitrary code execution through a Yahoo! booter, is not possible. It is shown that the stack corruption that causes the access violation is the result of a timing issue and not the code sent in the booter packet.

The results from a crash can be simply summarized in the following statement: âAccess violation when reading (00730079). In windows terms, an access violation occurs when a program tries to read information from a protected area in memory or a section of memory that does not belong to that particular program. In this case, Yahoo! Messenger tried to read the memory address 00730079. Table 2 shows the currently allocated memory areas for Messenger sorted by ascending address. Table 2 - Currently Allocated Memory Addresses It is seen that 00730079 is not included as a valid address and thus the memory access violation occurs. Table 3 - Registers By examining the processor registers, as shown in Table 3, the EIP or instruction pointer is set to the value of MSVCR71.7C3417E1. MSVCR71 is one of the external dynamic link libraries (DLL) loaded by messenger at run time, and is a common DLL supplied by Microsoft. Through examination of the source assembly, it is found that this instructions lies within the strlen function and the instruction that caused the fault is MOV AL, BYTE PTR DS:[ECX]. This instruction moves the contents of the address located at ECX into the lower part of the EAX. ECX is unreadable and thus the access violation. After much experimentation it was found that a single shared files packet would not cause a crash. Even if multiple packets were sent, if enough time has elapsed between the packets Messenger will not crash. Only if a second packet is received by Messenger before processing is complete on the first packet will the access violation occur. This leads me to conclude that the packet being received by Messenger is not so much of the problem as timing issues within Messenger. By adding break points to the program, it is found that considerable processing is performed between certain types of packets. One such packet is the P2P file transfer packet used in the shared files boot. Several registry accesses are performed and in total over 10,000 operations are performed before this type of packet is fully processed. Even with lighting fast speeds of current processors, this lag gives plenty of time for a second packet to be received by a relatively slow network connection. This theory is further supported by studying other boot code. Although different packets are used, every boot needs to send multiple packets in rapid succession and all boots result in an access violation at address 00730079.

Overview To truly understand why a booter or any other types of exploits function, an investigator must have a look at the program’s source code. In the case of Yahoo! Messenger which is a closed source program, I am forced to dive into the dark and sometimes mystical realm of assembly debugging. By exploring the Yahoo! Messenger assembly code and the machine state at the time of a crash I can reveal why, on the machine level, how a booter works. Perhaps more importantly, is it possible to run arbitrary code from a remote attack. Tools In order to explore the assembly and machine states of Yahoo! Messenger, I used several assembly debuggers. The most used program is OllyDbg [http://www.t-online.de/top-themen/]. OllyDbg shows all the machine instructions that make up a program and also allows attachment to a currently running program. Two other tools that I used were Microsoft’s WinDbg [https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit] and DataRescue’s IDA Pro [http://www.datarescue.com/idabase/]. Each program has its strong points and I used knowledge gained from each program to complete an overall assessment of the crash. Figure 36 shows OllyDbg open and attached to Yahoo! Messenger just after a crash. Figure 36 - OllyDbg

Cool, perhaps but please don’t spam other threads. If the moderators see that you are abusing the system then you may face being banned. If this is actually an accident then sorry but please be advised that your credits may be revoked.

I thought the whole point of the web was to never actually “talk” to another person again. That said I may try the phone next time I have a problem. I have free long distance now so I can wait on hold as long as I like.

From what I have seen the chats are suffering from more than just bots. For the past several months it has taken forever to get into the rooms, may times several minutes. This is the same for all clients, not just Messenger. I am starting to wonder if Yahoo! is either abandoning chat all together or getting ready for another update. I remember the last time there was a chat update the servers were slow to respond and all sorts of problems popped up. BTW. Turbo you need to stop by my forums more often, I’m starting to miss you, lol.

I am a developer so I am thankful when someone points out a flaw in one of my programs. Many times a user will simply quit using your program because of the flaw and the developer is none the wiser. I figured I would be nice and tell Yahoo! about the problem with DEP. I was very descriptive about the problem. I explained that DEP was triggering the failure and that I suspected the problem was with allocating the memory pages as data and not setting the executable bit. I then explained how I solved the problem and I was just letting them know that there was a problem. Below is the response that I received. Not exectally what I was hoping for but at least I tried.

I first picked this up on Big Blue Ball in their newsletter (http://forums.xisto.com/no_longer_exists/). The administrators of Big Blue Ball speculate that this may mean another protocol change. I tend to disagree. The 8.x series of clients all use the same YMSG protocol as their predecessors. They may perhaps enforce the latest version of the protocol (15 vs. 12) but I donât think this will make a great deal of difference as the authentication is identical. My guess is they are trying to make the Messenger Plug-Ins standard. Apparently a lot of developers and advertisers are writing plug-ins for Messenger and the support just isnât there in earlier versions. Bottom line, I think it is about money from advertising not protocol changes.

Since the writing of this article the Yahoo! Trainer mentioned has gone through several revisions. The original code may not fully function but can be found at http://forums.xisto.com/no_longer_exists/ Login Sockets.rar.. The current iteration of the trainer is called YCC Trainer and can be found at http://forums.xisto.com/no_longer_exists/. The latest version currently does not have all of the functionality of the first version but the code has been rewritten to make it more understandable and a better learning tool. If reading from a different site, all of my code can be found at http://www.ycoderscookbook.com/. Overview The second objective of my research was to see if it is possible to create my own booter program. A program was successfully developed that is able to log into the Yahoo! network and run boot code from any username. The resulting program is named the Yahoo! Trainer and is written in Microsoft Visual Basic.Net 2003. While many programs are available that are considered booters, none of them are designed from a research point of view. More over, only a few programs come with source code and the ones that do are written in Microsoft Visual Basic 6 and are poorly coded. The full source code to the Yahoo! Trainer can be found at http://forums.xisto.com/no_longer_exists/ Login Sockets.rar. Below are the highlights and overview of the Yahoo! Trainer. Operations Figure 34 shows the main screen of the Yahoo! trainer. The same operation used to sign into the Yahoo! network via Yahoo! Messenger is used in the Yahoo! Trainer. The user enters the username and password and then clicks, "Login". An important feature to the trainer is the debug window located to the right of the main window. This dialog box shows what data is being sent and received by the program. The debug form also allows the individual data fields to be shown and a step by step login procedure performed. Once logged in the user's buddy list is shown in the main window. Unlike the standard Yahoo! Messenger client, the Yahoo! trainer has additional functionality which allows booter code to be run as shown in the "booting" group box. Although not critical to this paper, the Yahoo! trainer also incorporates instant messages to any user through a dialogue box or buddy list. Figure 34 - Yahoo! Trainer Main Screen Program Structure The Yahoo! Trainer uses seven classes to perform its operation as shown in Figure 35. Figure 35 - Yahoo! Trainer Class Structure ClientSocket The bottom most and most used component is the ClientSocket class. The ClientSocket class is a multi-threaded TCP socket library used for all network communication. The class is an adapted version of the code written by "The Silence" in an article posted on https://www.codeproject.com/ [http://forums.xisto.com/no_longer_exists/]. The major change to the original code has been to make the library use a TCP socket instead of a TCP client modYahooPackets The modYahooPackets class holds all the functions necessary to create a Yahoo! packet. All packets and related subsections are comprised of an array of bytes. Because some communication with the Yahoo! servers requires non-ASCII characters, all data must be kept in a raw byte format. The modYahooPackets class contains functions for concatenating byte arrays, extracting bytes, creating packet service types, status messages, and finding packet lengths to name a few. The modYahooUser class has an instance created for each username that is logged in. Although not fully implemented, this class is designed to handle multiple users being logged in at the same time. Drawing from functions in the ClientSocket and modYahooPackets classes, the modYahooUser class is where a packet to be sent is constructed. Table 1 shows how combining operations from other classes are used to send an IM to another user. modYahooPackets.byteCat(aBytePayload, modYahooPackets.pAddField("5", strRecipant))modYahooPackets.byteCat(aBytePayload, modYahooPackets.pAddField("49", "FILEXFER"))modYahooPackets.byteCat(aBytePayload, modYahooPackets.pAddField("1", strUsername))modYahooPackets.byteCat(aBytePayload, modYahooPackets.pAddField("13", "5"))modYahooPackets.byteCat(aBytePayload, modYahooPackets.pAddField("54", "MSG1.0"))modYahooPackets.byteCat(aByteRequest, "YMSG")modYahooPackets.byteCat(aByteRequest, Chr(0))modYahooPackets.byteCat(aByteRequest, modYahooPackets.pProtocol(11))modYahooPackets.byteCat(aByteRequest, modYahooPackets.pLength(aBytePayload))modYahooPackets.byteCat(aByteRequest, modYahooPackets.pType("P2PFileXfer"))modYahooPackets.byteCat(aByteRequest, modYahooPackets.pStatus("Available"))modYahooPackets.byteCat(aByteRequest, modYahooPackets.pSessionID("Null"))modYahooPackets.byteCat(aByteRequest, aBytePayload) Table 1 - Combining functions to create the Shared Files Boot frmMain frmMain is where most of the user interaction is captured. The user is able to select the Yahoo! server to log into, select username and password, see his buddy list, IM, or run boot code. frmDebug It was an early design decision to include a method to show incoming and outgoing packets from the client in real time. The Debug window provides this functionality by showing packets in a datagrid. Other specialized data and operations are also shown on this form. modPMBox and modVisualEffects The ability to send IM's from the Yahoo! Trainer was not a goal for this paper but was added along the way to help understand the Yahoo! protocol. The modPMBox class supports the use of multiple IM boxes and conversations with other users. Likewise, the modVisualEffects class is not an integral part of the Yahoo! Trainer for this project. modVisualEffects is used to support the features and functions found on the debug form.

This is what I get at the top of Internet Explorer 7 when I start it. I can click the banner and set the settings to the default but it always show up again after a reboot. I have had this problem ever since I installed Internet Explorer 7. I recently wiped my system clean and this time I never got the very annoying warning banner. Several days went by and I installed all of my programs except two. Because the install just takes so long, I waited until last to install Microsoft Visual Studio 2003, Visual Studio 2005. I installed one right after another and right after the reboot I started getting the warning banners again. This of course leads me to believe that something Visual Studio (2003 or 2005) installed is causing grief with Internet Explorer security. So far I have not found anything out on the web. I did find that Microsoft has intentionally made it so you can not turn this warning off. I was wondering if anyone else has had similar problems and if you have found a solution.

It looks like the famous H.D. Moore is trying to get Metasploit Microsoft Certified for Vista in an article at physorg.com (http://phys.org/news/2007-03-rootkit-certified-vista.html). Apparently getting your software certified by Microsoft only costs $500 and is somewhat of a conveyer belt mindless system. The problem with this is Vista and XP, if enabled, only allows signed drivers to be installed. I suppose this is nothing new but having a signed driver gives the comfort of legitimacy to the users and in the case of Vista, gives legitimacy to the OS. Even though only allowing signed drivers is a good thing, it is not fool proof.I think all in the security arena would agree that Metasploit is not a rootkit but I’m certain Microsoft would not like to have it certified. Maybe I should go ahead and get a few things certified while there is still a mad rush to be Vista compatible…

I have found that VMWare and Virtual PC works differently when running. Virtual PC will directly allocate the RAM when the machine runs. If you set the machine to take 500MB of RAM then you will see a 500MB RAM spike in Task Manager when the machine starts. I haven’t quite figured out VMWare’s memory model but you will see only marginal increases in Task Manager. They may be allocating the memory on a hardware level that Windows never sees.I have 4GB of RAM on a AMD 5000+ dual core machine. I’m not a gamer but this type of application will suck your resources dry in a hurry and that is why I bought fairly high end hardware. Depending on if the virtual machines are idle, I can usually comfortably run around 5 machines at the same time and still use the host OS. You can run many more than this but the guests start getting sluggish.

I just wiped my hard drive and I was installing Yahoo! Messenger when I was greeted by something not unusual but unexpected. Above is the message Windows XP SP2 gave me when I tried to install Yahoo! Messenger using Yahooâs own web installer. Since I have enabled DEP (data execution prevention) on Windows, I have seen a few of these pop up form time to time. What is unexpected is that a major software vender like Yahoo! allows this to happen. I thought for sure that with a user base as large as theirs, they would solve it very quickly, guess not. In the end I had to disable DEP, restart the computer, install Messenger, re-enable DEP, and then restart one more time. Nothing too big, just a gripe. For those of you who do not know what DEP is, I have included several links below. DEP is a feature added into Windows XP SP2. It basically stops buffer overflows which has been the number one vector for computer exploits for the past 15 years. According to some (see Steve Gibson and Leo Laporte in Security Now!, episode 78 https://twit.tv/shows/security-now/episodes/78) DEP is almost as important as having a firewall enabled on your machine. The downside is that unlike the SP2 firewall, DEP is not enabled by default. DEP may cause hassle on some older programs but it has actually demonstrated itself as a helpful security product on my PC (I will tell you about my adventures with PWDump2 one day). Standard Microsoft Article: https://support.microsoft.com/en-us/kb/875352 https://support.microsoft.com/en-us/kb/875351 TechNet Article: http://forums.xisto.com/no_longer_exists/

There’s not many times or places in this world where you and your good friends can come together and hack into a network and not get into trouble and at the end of the day be considered somewhat heroes. I had an excellent opportunity this past week to do just that.Once a year there is a software engineering conference that comes to my town. I have participated for the past few years and the absolute highlight is an event call the Digital Combat Exercise (actually if it weren’t for this, I most likely would not even go at all). The Digital Combat Exercise is basically a hacking competition to show all of the conference attendees how important computer and software security is and ultimately what happens if security is not implemented. The exercise consists of two teams, blue and red. The blue team is the defenders and comprised of conference organizers. The red team consists of conference attendees such as myself. The red team “hackers” are placed on a row of tables with nothing but a switch in front of them. Directly behind us is a curtain and behind that curtain is the network to be hacked. The last time I had the honor of participating, my team came in first place so I had every intention of retaining that rank.What follows are my preparations. Of course I am not advocating anything illegal and this does not mean you should go out and do something stupid. Just as the Digital Combat Exercises for the conference is meant to educate the attendees, this is meant to be an education for you. This is very real and this should be a wake up if you have not secured your machine and taken the appropriate precautions. Consider this a favor, and you don’t even have to pay the $500 for the conference.My preparation actually started about a month ago. I had a rough idea what to expect so I turned my computer into a mini attack/defend platform. I broke down and bought a copy of VMWare Workstation (http://www.vmware.com/). I tried to use Microsoft’s free Virtual PC but the features were severally lacking and I never could get half OSs to install. After installing VMWare, I created several virtual machines; Windows 98, Windows 2000 unpatched, Windows 2000 fully patched, Windows 2000 Server, Windows XP, Windows XP SP1, Windows XP SP2, Windows XP fully patched, Window 2003 Server unpatched, and Windows 2003 Server fully patched. Additionally I also created a Red Hat Fedora Core 5 attack machine and Red Hat 7.0 and 8.0 machines.VMWare provides all the necessary features to create your own virtual network. By configuring the virtual network adaptors I was able to make a DMZ and several subnets. When finished I had the following in the DMZ: Windows 2000 Server unpatched running IIS 5.0 with a webpage, Windows 2003 Server unpatched running IIS 6.0 with a webpage, and Red Hat 8.0 running Apache with a webpage. The front facing network had an address in the 10.1.1.x range. The rest of the machines were in the 192.168.1.x range. I could not run all of the virtual machines at one time so I swapped them in and out according to my purpose. After many hours of preparation I had a fairly decent network together and I was ready to start hacking.Later this week I will start to describe how I started the attack…

What's an electric card?

Overall: B- If you can stand the harassment.Hardware: A+ The hardware has performed very well, little to no problems.Software: A- Only one glitch found.Licensing: C-This has caused me some problems. My license is for 10 concurrent connections. I had a LAN party in February which had 15 people, needless to say I had some problems.Harassment: F-If you don’t renew the software prepare to be bombarded with email, snail mail, and phone calls.This journey starts with the need for a stronger and more robust firewall for my home. For many years I used a Linksys home firewall/router that you can buy at any name brand electronic store (I got this one at Best Buy for around $100). At first I had no problems but as my usage increased, I started to have dropped packets and some quite strange behavior. As it turns out, one of the programs that I was developing required a rather large number of HTTP requests to be left open for a reply. As this is a distributed application, I had five computers running it which made the open request buffer too large for my router to handle. After extensive research I found that the Linksys only supported 256 concurrent connections. A quick back of the napkin calculation reveled that my program busted the limit almost immediately. Time to look for a new router/firewall.From the onset I was looking for a small to medium business firewall. The usual suspects were mostly ruled out (Linksys and D-Link). This leaves the more traditional business brands such as Cisco, ZyXEL, and SonicWall. A friend of mine recommended SonicWall (https://www.sonicwall.com/) so I started my research in that direction. The bottom of the SonicWall market starts with the TZ 150. Although much pricier than many of the consumer level products, it still lacked some of the features that I wanted. The next best thing is the TZ 170. There are two versions of the 170, wired and wireless. Since I want to keep a secure perimeter to my network and since I have already invested time, money, sweet, and some quite literal blood into running Cat 5 in my house, I decided to ditch wireless and go with the wired solution. My purchase was from NewEgg.com (http://www.newegg.com/) and was around $300. I made my purchase in September of 2006 (which is about six months prior to this review).The firewall arrived fully functional and without defects. Despite the warning on the NewEgg reviews, I found the setup to be very simple and I did not have any problems understanding any of the interface options. It did take me a minute to figure out that two different pages were needed to setup a firewall rule. As expected all incoming requests are denied by default. All I had to do was add a few rules to allow the basics such as FTP and other servers to run. The interface also included free trials of SonicWall’s premium services such as virus protection, mail filtering, and content filtering. Being a home user I have little use for these so I decided not to activate any of the premium features. (As a side note, I actually found the content filtering to be offending. Although I want protection, the last thing I want is to be limited to information based on someone else’s opinion of what is morally right or wrong).It is now six months down the road and I feel that I have enough information for an informed review. The main points are found at the top of this article. The hardware has performed very well. I crashed the firewall once but that was fixed very quickly with a power cycle. During the first few weeks I did find a bug in the software. It was related to defining a service and then trying to remove that service. I never did find a solution but it was not major so I just learned to live with it.The next section starts with the cons of the TZ 170. I have quickly found that the commercial firewall business is much like a cell phone company. The hardware is somewhat subsidized in order to sell their services. Just like Verizon (or any other) you can buy a $500 cell phone for $50 as long as you sign up for a 23 year contract. SonicWall is not as strict as to enforce an extended contract but they do give added “incentives” to buy their services. My firewall has a license for 10 computers to connect to the Internet. If this is exceeded then the machines above this limit are simply denied access to the Internet. I have only had one problem with this and it was during a LAN party that I hosted. I had around 15 people over and I soon found that the limit could not be stretched. I had to spend half the night not enjoying my game but shuffling machines in and out of the restricted list. The initial license agreement also includes access to technical support. Apparently if you do not pony up an additional $150 or so dollars a year you loose out on technical support. Needless to say, my support option has lapsed.The last complaint is the harassment. I have found out that if you do let your “essential software” lapse, then you will get no less than 10 emails, 3 letters in the mail, and 2 phone calls (no this is not exaggerated). I am a home user and not a business and quite frankly I can not afford the extra $500 or so extra a year that SonicWall wants from me. I just hope they give up eventually.The bottom line is this. I would buy another SonicWall TZ170. The hardware is fantastic and I am the personality type that can ignore the propaganda to renew my license. Without a renewed technical support license, I don’t think it will be the end of the world. If one the other had you have to have all the upgrades and keep constant support, I would not buy from SonicWall.

This is in response to my previous post about trying AVG and Kerio. After some research I found that AVG is apparently no longer free or at least they gave that feel (http://www.avg.com/de-de/homepage). I decided to go with Avast! (https://www.avast.com/de-de/index) which I already had on two of my other machines. As for Kerio, I had some problems as well. It looks like Kerio has been bought out by Sunbelt Software. For now it is still free but it was buggy. I had several applications that just plain stopped working even though I explicitly allowed them access to the Internet. I also started to experience some system stability problem such as my machine locking up. Once I uninstalled Kerio, everything went back to normal. I next found Comodo firewall at https://personalfirewall.comodo.com/. I had never heard of it but several reviews were promising so I decided to give it a try. It has been a week since I ditched Norton and installed Avast! and Comodo on my main machine. So far I am very pleased and I did not have to shell out any money. I can now recommend both programs.

.NET 3.0 is backward compatible with all previous versions of .NET. Just as you can run a version 1.1 application on 2.0, you can also run a 2.0 application on 3.0. As stated earlier, 3.0 is mostly a rebuilt 2.0 with Vista features.To put your mind at ease, I have successfully deployed one of my larger 2.0 VB.NET applications on Vista. This particular application has a good range API so I would have to say you shouldn’t have anything to worry about.

I guess you are talking about the recovery record that is optional with RAR and not something related to your CD burner. I have rarely been able to get a CD with a CRC to work. Sometimes a little spit and elbow grease does the trick. I have also considered buying one of those scratch removers but I usually decide to instead to burn 3 more copies that what is needed. On a side note I have discovered the hard way that CDs will not last forever. I dug up some from around 10 years ago and the film that holds the data just crumbled in my hands.

It looks like all is well now

Looks like I once again forgot to pay the Electric Company (I let my credit go to 0.00 again and my webpage got suspended). It happened over the weekend so I visited my local utility and got back up to snuff (I now have positive credits). I figured it would take until today, Monday, to get my lights back on (webpage working again), but the line truck as yet to stop by the house. Who should I give a shout out to get my electricity back on (get my webpage back up and running)?

The best parallel that I can draw between using Internet Explorer as a FTP client is trying to type a term paper in Microsoft Notepad. For the absolutely basic tasks Internet Explorer is ok but you are missing an entire world of possibilities. I will take updating my webpage as an example. 1. Internet Explorer 7 no longer allows using usernames and passwords to FTP so there is no way of accessing your HTML directory. 2. Internet Explorer does not show a split view of both the local and remote file system. This is handy when you are navigating the remote site. Internet Explorer also acts like Windows Explorer. This may not exactly be a downfall but I prefer the split view much better. 3. When a stand alone FTP client crashes, the whole operating system does not go down the drain. This applies for those system timeouts that happens frequently with Internet Explorer. 4. Most FTP clients have a queue option. This way you can get different files from many remote folders without having to baby sit Internet Explorer. 5. FTP client allow for auto resume. Nothing destroys your day like downloading a 3 Gb Linux DVD and having it crash 12 hours later and having to start all over again. 6. You can change the file permissions with a FTP client. I have had to do this many times with my website. This is usually a lot faster than firing up my SSH client. These are just a few of the reasons to not use Internet Explorer. Even if I had a very simple task I would never use Internet Explorer again unless I absolutely had to. A very functional and free client is Filezilla. You can download it at https://filezilla-project.org/. I think once you try it you will not go back.

Currently I have Norton 2005 installed but I am in search of better things (the reason that I am reading this thread). I think the whole line of Norton products help to protect your computer very well. I would feel very safe recommending it to my own mother or grandmother. It has found absolutely everything that has come in its path and that is exactly the problem.Norton has become somewhat of a dictator when it comes to anything suspicious on your computer. It’s Norton’s way or the highway. This is fine as long as you only use your computer for routine tasks, for power users this becomes a problem because “hacktools” are found and dealt with very harshly. Some tools that I consider useful has fallen prey to Norton and it has become a massive headache every time Norton finds one of them. I have taken to installing some programs into an encrypted drive and I never run a full system scan.Norton is great for your grandmother. It will find EVERYTHING. Since this I think I will install AVG and Kerio. Wish me luck.

I have a Logitech MX Laser and I am very satisfied with it.