Smokey's Security Weblog

veritas odium parit

[UPDATED] Microsoft IIS 0-Day Vulnerability in Parsing Files Reported

TheRegister | 25th December 2009

A researcher has identified a vulnerability in the most recent version of Microsoft’s Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.

The bug stems from the way IIS parses file names with colons or semicolons in them, according to researcher Soroush Dalili. Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension “.asp.” By appending “;.jpg” or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the malware.

There appears to be some disagreement over the severity of the bug, which Dalili said affects all versions of IIS. While he rated it “highly critical,” vulnerability tracker Secunia classified it as “less critical,” which is only the second notch on its five-tier severity rating scale.

“Impact of this vulnerability is absolutely high as an attacker can bypass file extension protections by using a semicolon after an executable extension such as ‘.asp,’ ‘.cer,’ ‘.asa’ and so on,” Dalili wrote. “Many web applications are vulnerable against file uploading attacks because of this weakness of IIS.”

Opinion Sans | 25th December 2009

After reading up on related posts and IIS issues, the nature of the vulnerability is such that it’s going to be widely exploited soon, quite successfully, and not only by the usual suspects, but more effectively by the specialized groups of attackers that are after unrestricted access to your protected network, and, of course, the other groups after more mundane items like bank accounts.

Update 2009-12-28: Microsoft response

MSRC TEAM | Sunday, December 27

On Dec. 23 we were made aware of a new claim of a vulnerability in Internet Information Services (IIS). We are still investigating this issue and are not aware of any active attacks but wanted to let customers know that our initial assessment shows that the IIS web server must be in a non-default, unsafe configuration in order to be vulnerable. An attacker would have to be authenticated and have write access to a directory on the web server with execute permissions which does not align with best practices or guidance Microsoft provides for secure server configuration. Customers using out of the box configurations and who follow security best practices are at reduced risk of being impacted by issues like this.

Once we’re done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.

This vulnerability was not responsibly disclosed to Microsoft and may put customers at risk. We continue to encourage responsible disclosure of vulnerabilities as we believe reporting vulnerabilities directly to a vendor serves everyone’s best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.

I want to close by providing some resources and best practices for securely configuring IIS servers:

IIS 6.0 Security Best Practices
http://technet.microsoft.com/en-us/library/cc782762(WS.10).aspx

Securing Sites with Web Site Permissions
http://technet.microsoft.com/en-us/library/cc756133(WS.10).aspx

IIS 6.0 Operations Guide
http://technet.microsoft.com/en-us/library/cc785089(WS.10).aspx

Improving Web Application Security: Threats and Countermeasures
http://msdn.microsoft.com/en-us/library/ms994921.aspx

*This posting is provided “AS IS” with no warranties, and confers no rights*

Update 2009-12-29: Microsoft denial

MSRC TEAM | Tuesday, December 29

We’ve completed our investigation into the claims that came up over the holiday of a possible vulnerability in IIS and found that there is no vulnerability in IIS.

What we have seen is that there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It’s this inconsistency that the claims have focused on, saying this enables an attacker to bypass content filtering software to upload and execute code on an IIS server.

The key in this is the last point: for the scenario to work, the IIS server must already be configured to allow both “write” and “execute” privileges on the same directory. This is not the default configuration for IIS and is contrary to all of our published best practices. Quite simply, an IIS server configured in this manner is inherently vulnerable to attack.

However, customers who are using IIS 6.0 in the default configuration or following our recommended best practices don’t need to worry about this issue. If, however, you are running IIS in a configuration that allows both “write” and “execute” privileges on the same directory like this scenario requires, you should review our best practices and make changes to better secure your system from the threats that configuration can enable.

The IIS folks are evaluating a change to bring the behavior of IIS 6.0 in line with the other versions. In the meantime, they’ve put more information up about this on their weblog.

*This posting is provided “AS IS” with no warranties, and confers no rights*

Take care and remain alert!

December 27, 2009 Posted by Smokey | Advisories, Alerts, Security, Vulnerabilities | , , , , , , , , , , , , , , | No Comments Yet

AV-Comparatives Award Best Anti-Virus Product of 2009: Symantec/Norton

The well-known and trustworthy anti-virus test organisation ‘AV-Comparatives’ have announced the winner of the Year 2009: Symantec.
AV-Comparatives is an Austrian Non-Profit-Organization, which is providing independent Anti-Virus software tests free to the public.

The “Product of the Year” Award is given based on all tests done by AV-Comparatives in a particular year, e.g. malware removal test, dynamic test, PUP test, etc., so the yearly Award is an acknowledgement of the anti-virus product with the best overall test results in that year.

Like said, the Winner of 2009 is Symantec. A well-deserved Winner, after all we remember very well the severe struggles with Symantec/Norton anti-virus products in the past, what finally resulted in bloatware products that couldn’t be handled anymore, they were totally out of control and had also huge negative impact on system resources.

Symantec/Norton finally decided to entirely revamp their ant-virus products, we noticed the enormous positive progress in development of their 2009 line products, and the final touch was performed in the 2010 line: Norton AntiVirus 2010, Norton Internet Security 2010 and Norton 360 Version 3.0

I am really pleased that all efforts of Symantec/Norton to improve their products are finally rewarded with AV-Comparatives “Product of the Year 2009 Award”. Well done and really deserved Symantec!

December 26, 2009 Posted by Smokey | Advisories, Anti-Spyware, Downloads, Malware, Security | , , , , , , , , , , , , | No Comments Yet

Trend Micro is Smokey’s Security Weblog 2009/2010 Hall of Shame Awardee

Like I explained in the introduction of the Smokey’s Security Weblog Hall of Shame, sole purpose of this Hall is to improve users experiences and interests concerning all security related issues. Experiences that are many times not satisfying and even really disappointing: users are treated in a way that isn’t acceptable, e.g. by (government) instances and institutions, security vendors, aso aso.

This time I had to Award a well-known security vendor: Trend Micro. They prefer to ignore warnings and to correct incorrect behavior. ‘File Trend Micro’ regard a childish loser with condemnable attitude.

Let’s summarize the facts about Trend Micro and the reason to provide them the honor to be added to Smokey’s Security Weblog Hall of Shame: one week ago I blogged about Trend Micro, not just a security company but also the developers of ‘HJT – HijackThis’, a free log analyzing/report tool used by malware fighters to clean infected systems from malicious content. Because HJT missed the malware combat train, more and more security websites (my site Smokey’s Security Forums included) and malware hunters/fighters decided to ditch HJT in favor of OTL (formerly OTListIt2) Log Analysis Tool by OldTimer, a highly sophisticated, always up-to-date application regarding combating (new) malware threats.

Irresponsible, childish and condemnable reaction of Trend Micro: flagging ‘G2G – GeeksToGo!’, home of OTL and OldTimer, as a bad site, and also blocking OTL from running.

Like I wrote one week ago: Trend Micro, I am done with your company and your products. You aren’t trustworthy. You are childish and bad. Again, don’t try to explain it are all mistakes, it are determined actions to destroy the competition. I warned you to correct your wrong behavior, regrettably you decided to ignore my warning.

For reasons mentioned above it’s a great pleasure to add Trend Micro to Smokey’s Security Weblog Hall of Shame, you really deserved this honor!

Smokey

December 19, 2009 Posted by Smokey | Anti-Spyware, Anti-Virus, Bundleware, Downloads, Malware, News, Phishing, Security | , , , , , , | No Comments Yet

Trend Micro is a bad and a childish loser

To me it’s amazing that a well-respected security company like Trend Micro act in such an infantile and, more important, irresponsible way on what’s going on in malware combating land.

Trend Micro is not just a security company, they are also the developers of ‘HJT – HijackThis’, a free log analyzing/report tool used by malware fighters, to clean infected systems from malicious content. Regrettably Trend Micro missed the malware combat train, since considerable time HJT didn’t evolve in a desired way: malware evolve incredibly fast, HijackThis have no answer on it.

No need to say that malware fighters searched for- and found a new log analyzing tool: OTL (formerly OTListIt2) by Oldtimer. Highly sophisticated, always up-to-date regarding new malware threats, and also great support by the developer, Oldtimer.

Unavoidable consequence: more and more malware fighters and sites they are working for ditch HijackThis in favor of OTL, my own board Smokey’s Security Forums included: HijackThis logs aren’t accepted anymore, instead we demand an OTL log from the customer searching for help to clean his/her system.

HijackThis lose ground very fast, OTL is the rising star. And this is something that isn’t appreciated by the Trend Micro folks at all: they flag ‘G2G – GeeksToGo!’ as a bad site, they also try to block OTL from running. Everybody knows that G2G is a well respected and acknowledged security site, same is valid for the program OTL: a great malware fighting/cleaning tool, acknowledged by the entire security community.

Now you will ask: what is the relationship between G2G and OTL? The answer is simple: G2G is the ‘home’ of the program OTL… Unbelievable that Trend Micro perform such condemnable actions. They lose a battle for reason of own mistakes -insufficient development of their tool HijackThis- and have the rudeness to react in such a childish way.

Trend Micro, I am done with your company and your products. You aren’t trustworthy. You are childish and bad. Don’t try to explain it are all mistakes, it are determined actions to destroy the competition.

I can tell you this too: I consider to add you to Smokey’s Security Weblog Hall of Shame. If you don’t solve the issues mentioned by me fast, your Hall Award will be fact. With fast I mean: within now and 3 days.

December 13, 2009 Posted by Smokey | Anti-Spyware, Anti-Virus, Malware, Phishing, Security | , , , , , , , | 4 Comments

Smokey’s Seasonal Competition 2009 will run from Mon 14th Dec. until Monday 21st Dec.

Competition time!!!

The 2009 Smokey’s Security Forums Seasonal Competition will run from Mon 14th Dec. until Monday 21st Dec. This particular Competition is dedicated to a security related organisation, more when the Competition is open to the member of Smokey’s Security Forums. Keep in mind that only members subscribed to the board Newsletter are eligible to join the Competition.

Like in the previous Competitions, there are valuable software licenses to win. We found again several (respectable/well-known) vendors prepared to provide licenses for free, all staff Smokey’s would like to give a personal thank to these vendors. Vendors that are interested to provide our Competition with free licenses are invited to contact me via ‘competition2009 at smokey-services dot eu’

This years competition will be slightly different to last years competition.
Last year we had a lot of individual winners, this year we are only having a few winners….(how many is a secret!) but those winners will receive a ‘Lucky bag’ of licenses. This means that you won’t only win one license this year…. it could be 2, 3 or more.

The rules

* The competition is open to all non staff members at Smokey’s.
* Only members of the ‘Newsletter Subscribers’ group are eligible to take part.
* All board guests are invited to join the competition by registering for free as board member Smokey’s (but must also subscribe to the ‘Newsletter’ group).
* Will run from Mon 14th December until Monday 21st December.
* Because of time differences around the world… GMT will be used.
* A list of all winners will be published on Tuesday 22nd December.
* Winning licenses will be given at random.
* Winners will not be able to choose their licenses.
* Members can only submit one entry, any extra entries will be void
* If in the event of any complaints, the normal board TOS and complaints procedure will be used.

See ya on Smokey’s! :)

Smokey

December 12, 2009 Posted by Smokey | Alerts, Anti-Spyware, Anti-Virus, Security | , , , , , , | No Comments Yet

Get Top-rated DefenseWall HIPS for Free on Dec 10-12, 2009

From Gizmo: “SoftSphere, the makers of the highly regarded DefenseWall HIPS are offering a free copy of DefenseWall exclusively to Gizmo’s Freeware readers. The offer will be available for a three day period starting from 2.00 PM Pacific Standard Time, Thursday 10 December and ending at 2.00 PM Sunday 12 December.”

This is a great offer! DefenseWall HIPS is a top-notch security product, the program was reviewed by AV Comparatives in May 2009. In their tests it provided a 100% protection score against their sample set of malware. Grab your free copy of DW HIPS now!

System requirements: Windows 7 32 bit as well as Windows 2000, XP, 2003 and Vista 32-bit.

Full info about the offer: Gizmo

December 11, 2009 Posted by Smokey | Advisories, Alerts, Anti-Virus, Downloads, Malware, Phishing, Security, Vulnerabilities | , , , , | No Comments Yet

Part 2: Malware is evolving, HijackThis not – OTL Log/Report Tool as replacement

Like I wrote a couple of months ago, malware is evolving at a very fast rate, sadly HijackThis isn’t evolving so quickly. In OTL (formerly OTListIt2) by Oldtimer my board Smokey’s Security Forums found an excellent replacement for HijackThis, from now on my board will only accept OTL logs. Again, OTL will serve our members looking for malware removal help in an optimal way, and it will accomplish at the same time our high board demands and standards.

Like before, if you think your PC is infected or if you want to be sure your PC is clean, feel free to post your OTL log here: OTL (formerly OTListIt2) Log Analysis and Malware Hunting, Removal & Cleaning
Please keep in mind, that (malware removal) help will only be offered to registered board members. Of course board registration and all help is free. You are invited to register here.

Safe computing! :)

On behalf of Starbuck, OTL Team Leader Smokey’s Security Forums,

Smokey

December 11, 2009 Posted by Smokey | Advisories, Anti-Spyware, Anti-Virus, Bundleware, Phishing, Security, Vulnerabilities | , , , , , | No Comments Yet

KB 2008373: Upgrading Vista to Windows 7 fails with error 0xc0000359 and reference to iastor.sys

Symptoms

When trying to upgrade from Vista to Windows 7, upgrade process fails with error message and rolls back to Vista.

\$windows.~bt\windows\system32\drivers\iastor.sys

Status: 0xc0000359
Windows failed to load because a critical system driver is missing or corrupt

Cause

During upgrade process the incorrect version of the iastor is referenced resulting in the above error.

Resolution

To resolve this issue perform the following steps:

1. Access Driver Repository Folder under C:\Windows\System32\DriverStore\FileRepository and move any folders that contain the file: iastor.inf to a temporary location.

Note: To move the files from the FileRepostiry you may require additional permissions which can be accomplished by taking ownership of the the folder:

- Right-click on the folder and choose Properties,
- Click Security tab.
- Click Advanced button.
- Click Owner tab.
- Click Edit button.
- Select your account.

2. Search for references to iastor within the oem inf files in the c:\windows\inf folder.

Example Command: findstr /i /c:”iastor” %windir%/inf/oem*.inf

3. Make a note of the oem##.inf files reported where ## is a numeral. Move the oem##.inf and corresponding oem##.pnf from c:\windows\inf folder to a temporary folder.

4. Delete $~bt, $~LS and $~Upgrade folders from c:\ drive if they exist

5. Download and install the latest version of the iastor.sys driver from Intel website on the Vista machine: http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=17882&lang=eng

6. Start the Windows 7 upgrade process. It should complete successfully now.

Author/source: Microsoft Support

November 26, 2009 Posted by Smokey | Uncategorized | , , , , , , , , | No Comments Yet

[VULNERABILITY] IE6 and IE7 0-Day Exploit Reported

SANS | 2009-11-22

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the “getElementsByTagName()” method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.

Symantec has verified the exploit:

November 21, 2009 – “A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future… To minimize the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit Web sites they trust until fixes are available from Microsoft.”

Sources:

SANS, Symantec, SecurityFocus BugTraq

November 22, 2009 Posted by Smokey | Advisories, Alerts, Anti-Virus, Security | , , , , , , , , | No Comments Yet

New flash attack has no real ‘fix’: ‘everyone is vulnerable’

We all know Adobe Flash, it’s the most widely installed software product possibly in the Internet environment. And of course, the internet-creeps abuse that fact and misuse flash to drop their malicious crap on PC’s that are not well protected against flash attacks.

Past week I stumbled (again) over an article that describe the dangers of flash very well, I will share an excerpt of that article with my blog readers, to warn them and do the necessary to defend them against the dangers of flash.

New flash attack has no real ‘fix’: ‘everyone is vulnerable’
Dark Reading | nov 12, 2009

Researchers have discovered a new attack that exploits the way browsers operate with Adobe Flash — and there’s no simple patch for it.

The attack can occur on Websites that accept user-generated content — anything from Webmail to social networking sites. An attacker basically takes advantage of the fact that a Flash object can be loaded as content onto a site and then can execute malware from that site to infect and steal information from visitors who view that content by clicking it.”Everyone is vulnerable to this, and there’s nothing anyone can do to fix it by themselves,” says Michael Murray, CSO for Foreground Security, which today posted demonstrations of such an attack against Gmail, SquirrelMail, and cPanel’s File Manager. “We’re hoping to get a message out to IT adminstrators and CIOs to start fixing their sites one at a time.”An attacker could upload malicious code via a Flash file attachment or an image, for instance, and infect any user that clicks on that item to view it. “If I can trick a system to let me upload anything, I can run code in any browser, and Adobe can’t fix this,” Murray says. “If I can upload a picture to a site and append it with Flash code to make it look like an image, once a user views that, the code executes and I can steal your cookies and credentials.”

The only thing close to a “fix” is for the Website to move its user-generated content to a different server, according to Michael Bailey, the senior researcher for Foreground Security who discovered the attack.

Bailey says the attack is similar to a cross-site scripting attack. “This is very easy to perform,” he says.

The researchers don’t expect Adobe to issue any fixes to Flash’s origin policy, mainly because it would affect so many applications.

Web application developers could help prevent the attack by denying Flash content by default, which isn’t a very realistic option: “Doing that will break a lot of applications,” Bailey says. “And that’s the problem.”

For end users, the Firefox browser add-in NoScript provides some protection from this attack, as does Toggle Flash for Internet Explorer, the researchers say.

 

I produced the same article on DSLReports, feel free to join the DSLR-discussion, and to look for suggestions how to protect yourself.

November 15, 2009 Posted by Smokey | Advisories, Alerts, Anti-Spyware, Anti-Virus, Bundleware, Downloads, News, Security, Vulnerabilities | , , , , , , , , , , , , | No Comments Yet

Windows 7 Review by Softpedia

Windows 7 Review by Softpedia
By Marius Oiaga, Technology News Editor
17th of October 2009

On October 22nd, 2009, Microsoft will reboot Windows. Next week, just five days from now, Windows 7 will hit store shelves worldwide. And yet, there already are millions of users currently running Windows 7, including the gold version of the operating system. For the early adopters that have embraced Windows 7 since before Milestone 3 approximately a year ago, through the Beta Build 7000 and Release Candidate (RC) Build 7100, and every other leaked interim development release of the OS, the Windows reboot has already taken place. A new apex of Windows is now booting on production environment computers on a daily basis, including a few of the machines I’m using.

On October 22nd, 2009, Microsoft will reboot its operating system to the best Windows client the company has developed since MSDOS. Some might be fooled into thinking that Windows 7 was a less ambitious project than Vista, and only a minor upgrade. I disagree. To put it simply, Windows 7 is a result of realistic strategy, made public only in bite-size chunks with the tactic to underpromise and overdeliver. And make no mistake about it, Steven Sinofsky, now president, Windows and Windows Live Division, together with Jon DeVaan, senior vice president, Windows Core Operating System Division, and the thousands of developers on the Windows team, have indeed overdelivered.

The legacy

Windows 7 is so far from the mess that was Vista that it is hard to believe that it is the successor of Windows XP that acted as the foundation of the latest iteration of the Windows client. Vista debuted to a barrage of criticism, some of which originated with the platform’s own testers slapping Microsoft for the release of what they believed to be an OS still far from being finalized. Appearing aimless, bloated and plagued with problems, Vista was only fixed with Service Pack 1, as far as end users are concerned.

But the fact of the matter is that Vista deserves a lot more credit than given. After all, make no mistake about it, dig just a little under the new, shiny Windows 7 surface and you will find Vista. And yet Windows 7 is getting nothing but love and accolades, while Vista got the boot. On numerous occasions I’ve had to sit through anti-Vista diatribes from users who had never used the operating system at all.

But in a sense, Vista also acted as the perfect buffer for Windows 7. Users transformed Vista into a punching bag, and relentlessly took swings at the operating system. Vista simply absorbed a lot of frustration from consumers, albeit it also generated more than its fair share, but it managed to give Microsoft a quasi-clean slate for Windows 7. I don’t care what your perspective on Windows 7 is, but the platform shines when you compare it to Vista, no matter how you look at it.

Conclusion

The way I planned the final thoughts initially was to offer an answer to “Should I buy Windows 7?” After all, the scope of every good review is to make it clear whether a product is worth your money. If it’s worth a computer upgrade or buying a new machine. If it’s worth your time and trouble. If it’s better than its precursor.

Well, let me start with the last question. As I’ve said at the start of this piece, Windows 7 is a reboot for the Windows client. A reboot that introduces customers to the evolution of Microsoft’s proprietary operating system. Projects from Microsoft Research such as Midori, Singularity and Barrelfish will feed the imagination of geeks everywhere, but Windows 7 is already palpable and almost here.

This time around there are no more excuses for waiting for Windows Next, which as far as codenames go is Windows 8. Windows 7 is hands down better than Windows Vista, and I have no hesitation in saying this, despite the Windows 6.0 to Windows 6.1 evolution. And while incomparably superior to Vista, Windows 7 makes Windows XP feel old and obsolete, just like an OS released in 2001 should feel.

This time around there aren’t any excuses for waiting around for Windows 7 SP1. Think of Vista SP1 and SP2 as all the service packs Windows 7 has ever needed. And while perfecting the operating system is a path Microsoft has embarked on already, Windows 7 is also ready for prime time and mainstream adoption from the get go.

For me, Windows 7 was more than worth the trouble of what must be approximately 100 upgrades and clean installs. Windows 7 was also worth the money I paid recently for a new laptop. I have already run Windows 7 for the most part of 2009 and when using Vista or XP I find myself searching for the Show Desktop shortcut in the bottom right hand side corner, trying to arrange windows side by side with Aero Snap, right-clicking icons while searching for JumpLists. For me it’s clear, I’m never going back to Vista or XP, as Windows 7 offered me a superior experience to both, and to any Linux distribution as well as Mac OS X release I’ve ever used.

Source/full review: Softpedia

October 17, 2009 Posted by Smokey | Advisories, Security | , , , , , , | No Comments Yet

Important notification about F-Secure hotfix fsav840-02

Important F-Secure Announcement

F-Secure released the hotfix fsav840-02 on 15th of October for F-Secure Client Security 8.00 – 8.01, Anti-Virus for Workstations 8.00 and Anti-Virus for File Servers 8.00 – 8.01. We have after that discovered that this hotfix will cause the product to be put in network quarantine mode in systems this feature is enabled. Practically, it means that clients has connections only to Policy Manager and update servers. We instruct all users who have downloaded this hotfix to delete the file and refrain from installing it on any computers. Network connectivity can be restored for computers with this hotfix installed by following the instructions below:

if you already installed the problematic hotfix in systems which has Network Quarantine feature enabled, disable it on Policy Manager console:

F-Secure Internet Shield / Settings / Network Quarantine /

> Network Quarantine Enable -> No

And distribute policies again.

The new hotfix will be published as soon as possible, estimate is end of the week 43.

October 17, 2009 Posted by Smokey | Advisories, Alerts, Anti-Virus, Security | , , , , , , , , , , | No Comments Yet

Front USB ports not recognized: How-To-Fix

Some time ago I posted how to fix Windows Vista / USB device detection problems. Because till today this how-to is one of the best readed posts on my blog it is clear that numerous people suffer from problems with USB devices.

Some investigation learned me that a huge amount of people also have problems with the front USB ports. In this particular case it regard a recognition problem. On internet I found a possible solution:

1- Remove the side panel (with the computer off)
2- Follow the cables from the back of the front I/O ports where your front USB is located (maybe on the memory card reader)
3- Follow those cables to where they connect to a header (a set of pins) on the motherboard
4- Disconnect the cables from the motherboard but leave them connected to the front
5- Turn on the computer and wait till Windows fully boots
6- After the full boot turn off the computer
7- Reboot one more time Windows in the same manner
8- Turn off the PC, plug the cables back to the motherboard, replace the side panel
9- Turn on the PC

Enjoy yourself :)

September 13, 2009 Posted by Smokey | Advisories, Uncategorized | , , , , | No Comments Yet

Sunbelt’s ‘Vipre Antivirus + AntiSpyware program’ with 20% discount for members of Smokey’s

Sunbelt have very generously offered all members of Smokey’s Security Forums a 20% discount on their ‘Vipre Antivirus + AntiSpyware program’. To take advantage of this offer please follow these instructions: http://www.smokey-services.eu/forums/index.php/topic,42891.0.html
Our gratitude and thanks to Sunbelt and to Kara Kritzer for this offer to our members!

VIPRE Antivirus + Antispyware

VIPRE combines antivirus, antispyware, anti-rootkit and other technologies into a seamless, tightly-integrated product. Built with next-generation technology, VIPRE (Virus Intrusion Protection Remediation Engine) gives you powerful antivirus and antispyware software in-one that protects you against today’s highly complex malware threats including viruses, adware, spyware and rootkits.

Features:

High performance threat protection with low impact to system resources.
User surveys show the biggest frustration with existing antivirus programs is bloat and high resource usage. VIPRE Antivirus runs seamlessly without significantly impairing system performance and is designed for an unobtrusive user experience, keeping notification pop-ups and warnings to a minimum.

All-new technology delivers a unique antivirus and antispyware engine

At VIPRE’s core is an antivirus and antispyware engine that merges the detection of all types of malware into a single efficient and powerful system. The new technology was developed exclusively by Sunbelt, without building on older generation antivirus engines. VIPRE uses next-generation technologies making it the future of antivirus programs!

Advanced anti-rootkit technology

VIPRE’s all-new anti-rootkit technology finds and disables malicious hidden processes, threats, modules, services, files, Alternate Data Streams (ADS), or registry keys on a user’s system.

VIPRE is Checkmark Anti-Virus Desktop certified by West Coast Labs and will receive additional certifications through other certifying bodies in the coming months.

Removing rootkits is supplemented by VIPRE’s FirstScan™ which runs at the system’s boot time. FirstScan bypasses the Windows operating system, to directly scan certain locations of the hard drive for malware, removing infections where found.

Real-time monitoring with Active Protection™

VIPRE’s Active Protection delivers real time monitoring and protection against known and unknown malware threats. Active Protection works inside the Windows kernel (the core of the operating system), watching for malware and stopping it before it has a chance to execute on a user’s system.

Active Protection incorporates three methods to protect the user:

* Signature matching, comparing a file for an exact match against VIPRE’s definition database
* Heuristic analysis, which looks at the internal characteristics of a file to determine the likelihood that it is malware;
* Behavioral analysis, observing the actual actions of a program to determine if it is possibly malware.

Full protection against email-borne threats

VIPRE Antivirus includes comprehensive protection against email viruses, with direct support for Outlook, Outlook Express and Windows Mail; and support for any email program that uses POP3 and SMTP (Thunderbird, IncrediMail, Eudora, etc.).

System Requirements

* At least an IBM Compatible 400MHZ computer with minimum 512MB RAM
* At least 150MB of available free space on your hard drive
* All Internet browsers are supported for Active Protection, scanning, and removal of threats. Internet Explorer 6 or higher must be installed for VIPRE to function properly; however IE does not have to be your default browser.
* Supported Operating Systems: Windows 2000 SP4 RU1, Windows XP and higher (32 and 64-bit), Windows Vista and higher (32 and 64-bit)
* Supported Email Applications: Outlook 2000 and higher, Outlook Express 5.0 and higher, Windows Mail on Vista, and SMTP and POP3 (Thunderbird, IncrediMail, Eudora, etc.)

August 22, 2009 Posted by Smokey | Anti-Spyware, Anti-Virus, Malware, Security | , , , , | No Comments Yet

« Previous Entries