I realize the default permission on Slashdot is set to "anti-Microsoft," but before that gets out-of-line, consider this attack was purportedly done by an insider (or possibly even insiders).
At that point, it doesn't really matter what the operating systems(s) the business runs. If it was an inside job, the attacker would have been damaging things regardless of the operating system(s) used. How environments are secured and managed is a lot more important these days than what operating systems they run.
It is interesting in reading the article and comments here on Slashdot that no one has talked about the effect cooperation between Iran and North Korea would have on either accelerating the pace of malicious software deployed against these nation-states, or even worse, the use of other means to combat their nuclear ambitions.
The Stuxnet worm was designed to target a single specific network. Yes, it spread in other ways, but the payload it deployed would was engineered so that it would only work on the Natanz nuclear facility's network. That is an insane level of precision and it clearly shows the huge investment made by the attacker(s) to ensure that this "cyberweapon" could only be triggered by the correct environmental conditions. It costs money to develop the targeting, payload and telemetry systems to support that, and the attacker(s) are only going to make that type of investment in what has to have been a highly-speculative "cyberweapon" if they believe they are going to get some value out of it.
The value in malicious software like this (as well as in commercial spyware offerings, like FinFisher) is in their ability to perform without being detected by anti-malware software. As soon as that happens, the malicious software no longer has any value. The attacker may attempt to update their malicious software for a few generations, but once they are on the radar of anti-malware companies, samples of the new variants will make their way to the researchers at the anti-malware companies, possibly with metadata or telemetry that allows the point of origin to be identified. Which is not so good for plausible deniability. It is also possible that the countermeasures introduced to foil detection by anti-malware programs will introduce unforeseen errors into the malicious program, simply because it was not as fully tested as the original attack.
If one is to believe that the Stuxnet worm was jointly-created by the United States and Israeli to (1) degrade Iran's nuclear ambitions; and (2) as a means of delaying an attack by Israel on Iran than one has to wonder about what sort of options are to be considered if malicious software is no longer an option.
From the defender's point of view, Iran's response to the Flame malware was probably the most effective thing they could do to combat it: The Iranian CERT blasted out copies of it to anti-malware companies around the world, ensuring that detection would be added in a matter of hours. Anti-malware companies add detection of malicious software sent to them; that's what they do, after all.
The idea that an anti-malware company would not add detection for a threat because it may have been created by or used by a governmentâ"or they were told not to by their governmentâ"does not hold water. While anti-malware software may be thought of as an American or Western European creation, there are plenty of anti-malware companies in South America, the Middle East, Asia, Eastern Europe and other parts of the globe, and any anti-malware company that did not add detection for such a threat would be subject to speculation and scrutiny about why. It would be a tacit admission by the country the anti-malware company operated in that their government was responsible for the malware.
Maintaining plausible deniability means not blocking or otherwise interfering with the detection of malware by anti-malware companies, and when they respond to a threat in hours that may have taken weeks, months or even years to develop, well, you start looking for other ways to get more bang for your buck. My fear is the emphasis will be on the bang.
A list of OS software developers who are members of UEFI:
Apple
Canonical
Cisco
Cray
Fujitsu
Hewlett-Packard
IBM
Microsoft
NEC
Novell
Oracle
Red Flag
Red Hat
And there are also other companies who work in the same neighborhood (CPU manufacturers, firmware developers, etc.). Source: UEFI Membership List.
While I understand (and, to some extent, sympathize with) the desire to hold Microsoft solely responsible for every activity in the computing industry, this is clearly a joint effort across the industry to replace a two decade-old invention whose time has come. And as far as I know, the largest installed base of UEFI firmware—albeit an older version of the standard—is Apple, a company not precisely known for having a cordial relationship with Microsoft.
Some operating system and application developers--and online stores--scan all files with a battery of anti-malware programs before releasing them. This allows them not just to check for malicious code embedded in those files, but to avoid reports of a false positive detections on files they are going to distribute before they are released.
Many anti-malware programs are available on multiple platforms (Windows, OS X, Linux, BSD, Solaris, and so forth) and their databases are cross platform as well, e.g., the Windows version will detect malicious software not just for Windows, but for the other platforms, including mobile ones like WinCE, Symbian and Android.
Typically, the only time you limit detection to a specific platform is for mobile versions of an anti-malware product. Those devices are storage and memory constrained, so it makes more sense to just look for the threats which either (1) target that particular platform; or (2) are cross-platform and capable of affecting the mobile device (J2ME comes to mind). This would not be an issue when using the desktop or server version of an anti-malware program.
In this case, it sounds like Apple is either not pre-scanning submitted files for malicious code, or they are not using enough different anti-malware scanners to catch this. Depending upon the number of customers, potential for brand damage and even possibly the costs of legal action resulting from even accidentally distributing malware in your software (or through your online store) it makes sense to use a dozen or two anti-malware programs to check things--or even more as the situation warrants. Simply scanning with just a few programs, even five or six, isn't going to cut it, especially if one of those products is an OEM'd version of another you already use, as it's just going to report the same things as the product it's derived from.
One thing I haven't seen mentioned about this particular mole hill is that it was uttered by someone who runs a blog dedicated to small form-factor devices like smart phones and tablets.
Given that typing anything of length on such devices is painful, it is unsurprising that he is denigrating the command line interface. It simply doesn't fit in his worldview.
Somewhat surprised to see that the original research on the worm by ESET has not been mentioned yet on Slashdot. For all those who are interested, here it is:
I do not see this so much as an ultimatum by Microsoft to its partners as a warning.
Microsoft has invested a great deal of R&D into making Windows fast and reliable, only to find those efforts wasted by computer manufacturers who load up trial or otherwise limited versions of third-party programs which slow down the boot process and system performance overall, use up memory and disk space and introduce incompatibilities with other operating system components and third-party software, all in the pursuit of pumping up profits by turning the computer that you buy from them into a billboard, with those programs being the advertisements. Software companies have to pay for pre-loading the trial version onto a computer, and also have to pay a commission when a license is sold from that preloaded version.
The fact that whole taxonomies of software have been created (bloatware, crapware, shovelware to name a few), and that an ecosystem of programs like CCleaner (formerly Crap Cleaner) and PC Decrapifier (formerly Dell Decrapifier) have sprung up to solve the problem indicates how badly Microsoft's partners have abused their position.
In the case of the whole OEM software preload business, I think Microsoft has largely been the victim. They put strict branding requirements into Windows 95 for the desktop because they wanted end users to have the best experience possible. Manufacturers saw it as a way to make more money ("sell advertising space") and that's what pretty much started the initial antitrust investigation into Microsoft by the US DoJ. Yes, Microsoft has done plenty of horrible things, but they've also paid the price for those past misdeeds, not just in terms of fines, but in the distraction of having to deal with lawyers instead of being able to focus on delivering products and competing with companies like Apple.
Microsoft's partners cannot have ignored what Microsoft is doing with Windows Phone, Windows RT, the Microsoft Store, the Signature PC program and so forth. The writing has pretty much been on the wall for a while; this is just the latest paragraph: We have worked very hard to provide you with the tools to provide customers with a great Windows experience. If you do not choose to execute on that, we will.
As usual and for the record, all of this is my own opinion and commentary derived by observation and other public sources and neither reflects the opinions of Microsoft or my employer (who actually competes with them), although they'd both be fools to disagree with me.:)
I have heard that Look 'n' Stop is a good firewall, however, it is not as far as I am aware, free for home or personal use, which was what I wanted to provide via the list.
Below is a list of free application software firewalls I put together a while ago. Not sure if they are all current, and I am probably missing quite a few, but it is a starting point.
What Dr. Jakobsson has described is a reputation system.
At Virus Bulletin 2009, Symantec gave a presentation on reputation systems: "Using the wisdom of crowds to address the malware long tail," which cited data from one that began development in 2006. While I do not claim to understand the system, in a nutshell, it seems to work by generating a hash for files after they are downloaded or when they are to be executed, and sends this to Symantec along with some metadata, such as source IP/host, filename, path specification on the local host, date and time stamp on the file and other useful information, which is sent to Symantec, initially to provide a quick lookup, but more information can be sent if additional analysis is required. Symantec's client software can then display a message saying "Program XYZ.EXE has been seen n time(s) over the course of n day(s)/week(s)/month(s)." along with some suggestions about how safe it is likely to be based on new/unique program files more likely to be untrusted (higher potential for malcode) and older, commonly program files having a higher degree of trust.
One advantage of this approach is that it quickly allows malcious files encoded using server-side polymorphism to be quickly identified, as well as the sites hosting them. This negates the technique used by the bad guys to constantly modify code to in order to escape detection by anti-virus software.
Many years ago, I purchased an edition of The Seecret Guide to Computers. I am not sure if it is still available in its entirety online, but it might be a good starting point for novice computer users.
Both Fujitsu and Kohjinsha have been offering small (<9" screen) tablet PCs for a number of years, so I'm not sure exactly why this is considered newsworthy. Asus' contribution here seems to be in reducing the price and shipping them into the consumer channel. While it is nice to have inexpensive hardware, I would hardly qualify that as revolutionary, let alone evolutionary.
Programs that I have personally used and had good experiences with are Acronis' Recovery Expert, DataRescue's Photo Rescue, Naltech's Data Rescue line and Runtime Software's GetDataBack line.
Here is a list of data recovery programs I have put together. Some of them may be a little old, for floppies or optical media only, but should still be useful. Unless otherwise noted, they are all for Microsoft Windows.
I have seen a few recommendations for mounting a server in a transportable case (which seems like a reasonable suggestion), but little to no mention of actual ruggedized servers. A quick search revealed a number of manufacturers:
That's just a few companies I came across when I did a search for "ruggedized server". More specialized searches incorporating terms like "military" and "oil rig" would no doubt return interesting results as well. I am sure you can find many more results by performing some searches yourself. *ahem*
Of course, none of these systems are particularly inexpensive, but I think if you want a reliable system located at your site (as opposed to going the remote computing route) then you are going to need to spend several times the cost of a comparable non-ruggedized system. You could look at buying used or reconditioned equipment, checking with computer surplus dealers (especially those that have offices near military bases, petrochemical companies, et cetera), visiting eBay and perhaps even writing some of the manufacturers in question and asking if they would be willing to sponsor your server.
Addition, most of these companies have online scanners you can run to detect and remove the worm. Oh, and in case you are wondering, I work for one of the abovementioned companies. So there.
I have worked in the antivirus industry for about nine years (with about another nine years doing networking things), starting with the technical support department at McAfee Associates (now McAfee). Even in the late 1980s and early 1990s, there were times when we had to run other companies tools to assist in detection or removal of computer viruses, or to obtain a sample. Peter Norton Computing's Norton Utilities Disk Editor and Sybex' Teledisk come to mind, as do various Microsoft MS-DOS utilities (DEBUG, FDISK with its then-undocumented/MBR switch, SYS and so forth).
A few years ago, I re-entered the anti-virus (or anti-malware, as classic replicating infectors account for a few percentage points of what is seen these days) industry and it was and is not uncommon for our technical support people to help people remove rootkits, various Trojan downloaders and other pieces of malware that are either not detected or detected and not properly removed by our own software. One thing we make sure of is to get copies of any objects like files and registry entries so that our virus lab can add detection (or removal) in a new virus signature database update.
Sometimes, customers do get upset when they are sent download links to a third-party tool to assist with removal because they assume that one tool will protect them against all threats, however, with the shear number of unique pieces of malware being released every day by organized criminal businesses no one tool is going to prevent, detect or remove every piece of malware, every time, even with the best heuristics and generic detection technology. This is something which all anti-virus companies have to deal with, not just Symantec. On the plus side, we just started deploying our own supplmentary tools to detect and remove threats that the mainline products do not, and that will help wean our dependence on third-party programs.
That is pretty much how things stand with recommendations for the use of third party software by anti-virus vendors, now.
As far as selling support goes, well, fifteen years ago it was not unusual to sell support contracts or service level agreements to enterprise customers offering them priority round-the-clock access to technical support. Free, unlimited support via telephone, fax, electronic means (email, BBS, CompuServe, et cetera) was provided, but it was on a first-in-line basis. That started to change in the mid-1990s when the anti-virus companies started to generate substantial revenue and get taken over by professional business people instead of engineers, but when a company becomes publicly-traded, it switches from being technology-focused to being focused on maximizing stakeholder value every quarter, and that means looking at things which cost money like having to pay salaries for support engineers and turn them into things which generate revenue. At that point, I was leaving the company, and really did not care what they did with my department. I have been told by a couple of people who stayed on after me said that Bill Larsen used to give motivational speeches like, "I would fire you if I could." and "I don't understand why we have to provide support to customers, after all, we've got their money." to the support staff, but even if they are not actual quotations, they certainly are reflective of the culture at that time. At a publicly-traded company, loyalty to the shareholders usually takes precedence over loyalty to the customers. Some companies figure out that customer loyalty actually translates into more value for shareholders in the form of increased revenue from license renewals, customers who purchase new products or services from the company, et cetera, but it seems there are plenty who are unable to make this evolutionary leap in understanding how their business works.
These days, my current employer does provide free, unlimited technical support via phone and electonic means and
My antivirus software said the "GIFC Anti-Censorship Tools Bundle" download from the Global Internet Freedom Consortium contained
"probably a variant of Win32/Delf trojan."
I am not sure if this is a false positive alarm or a bona-fide infection, but you may want to exercise some caution before installing the software on your computer.
Having read TFA, I did not see any mention of which operating systems might perform well on SanDisk's SSDs. Does anyone have a link to a transcript of their 2Q earnings conference call, or information about operating systems which perform well when paired with them?
What I would like to know is how Yoggie's devices compare to Zyxel's ZyWALL P1. Zyxel's device is larger at about 5×3×0.75" (assuming I'm doing the metric conversion properly) but it is a standalone device with two 10/100 Ethernet ports. Zyxel's web site says anti-virus, IDP and anti-spam will be available in the future, but since that was two years ago with no update to the web site since then, I'm guessing they will never be added, so the device only acts as a firewall with SPI and DDoS protection and VPN client. Still, at around $70.00 or so, it is half the cost of the Yoggie and you can always run anti-virus and anti-spam on your client PC.
I have not used either device, so I am wondering how their respective firewall and VPN feature sets compare.
There's not really a lot of information about how Proactive Worm Containment (PWC) works in the article. A quick bit of searching found the Penn State University Cyber Security Lab's home page here and Professor Peng Liu's home page here along with the university's press release here, but I did not see any actual articles on PWC.
A more detailed description would be most welcome, since the press release makes it sound like this is an automated response to quarantining a host which is performing a DDoS, and it is not clear how PWC would differentiate between that and just a very busy server.
Slashdot Mirror
Hello,
I realize the default permission on Slashdot is set to "anti-Microsoft," but before that gets out-of-line, consider this attack was purportedly done by an insider (or possibly even insiders).
At that point, it doesn't really matter what the operating systems(s) the business runs. If it was an inside job, the attacker would have been damaging things regardless of the operating system(s) used. How environments are secured and managed is a lot more important these days than what operating systems they run.
Regards,
Aryeh Goretsky
Hello,
It is interesting in reading the article and comments here on Slashdot that no one has talked about the effect cooperation between Iran and North Korea would have on either accelerating the pace of malicious software deployed against these nation-states, or even worse, the use of other means to combat their nuclear ambitions.
The Stuxnet worm was designed to target a single specific network. Yes, it spread in other ways, but the payload it deployed would was engineered so that it would only work on the Natanz nuclear facility's network. That is an insane level of precision and it clearly shows the huge investment made by the attacker(s) to ensure that this "cyberweapon" could only be triggered by the correct environmental conditions. It costs money to develop the targeting, payload and telemetry systems to support that, and the attacker(s) are only going to make that type of investment in what has to have been a highly-speculative "cyberweapon" if they believe they are going to get some value out of it.
The value in malicious software like this (as well as in commercial spyware offerings, like FinFisher) is in their ability to perform without being detected by anti-malware software. As soon as that happens, the malicious software no longer has any value. The attacker may attempt to update their malicious software for a few generations, but once they are on the radar of anti-malware companies, samples of the new variants will make their way to the researchers at the anti-malware companies, possibly with metadata or telemetry that allows the point of origin to be identified. Which is not so good for plausible deniability. It is also possible that the countermeasures introduced to foil detection by anti-malware programs will introduce unforeseen errors into the malicious program, simply because it was not as fully tested as the original attack.
If one is to believe that the Stuxnet worm was jointly-created by the United States and Israeli to (1) degrade Iran's nuclear ambitions; and (2) as a means of delaying an attack by Israel on Iran than one has to wonder about what sort of options are to be considered if malicious software is no longer an option.
From the defender's point of view, Iran's response to the Flame malware was probably the most effective thing they could do to combat it: The Iranian CERT blasted out copies of it to anti-malware companies around the world, ensuring that detection would be added in a matter of hours. Anti-malware companies add detection of malicious software sent to them; that's what they do, after all.
The idea that an anti-malware company would not add detection for a threat because it may have been created by or used by a governmentâ"or they were told not to by their governmentâ"does not hold water. While anti-malware software may be thought of as an American or Western European creation, there are plenty of anti-malware companies in South America, the Middle East, Asia, Eastern Europe and other parts of the globe, and any anti-malware company that did not add detection for such a threat would be subject to speculation and scrutiny about why. It would be a tacit admission by the country the anti-malware company operated in that their government was responsible for the malware.
Maintaining plausible deniability means not blocking or otherwise interfering with the detection of malware by anti-malware companies, and when they respond to a threat in hours that may have taken weeks, months or even years to develop, well, you start looking for other ways to get more bang for your buck. My fear is the emphasis will be on the bang.
Regards,
Aryeh Goretsky
Hello,
A list of OS software developers who are members of UEFI:
And there are also other companies who work in the same neighborhood (CPU manufacturers, firmware developers, etc.). Source: UEFI Membership List.
While I understand (and, to some extent, sympathize with) the desire to hold Microsoft solely responsible for every activity in the computing industry, this is clearly a joint effort across the industry to replace a two decade-old invention whose time has come. And as far as I know, the largest installed base of UEFI firmware—albeit an older version of the standard—is Apple, a company not precisely known for having a cordial relationship with Microsoft.
Regards,
Aryeh Goretsky
Hello,
Some operating system and application developers--and online stores--scan all files with a battery of anti-malware programs before releasing them. This allows them not just to check for malicious code embedded in those files, but to avoid reports of a false positive detections on files they are going to distribute before they are released.
Many anti-malware programs are available on multiple platforms (Windows, OS X, Linux, BSD, Solaris, and so forth) and their databases are cross platform as well, e.g., the Windows version will detect malicious software not just for Windows, but for the other platforms, including mobile ones like WinCE, Symbian and Android.
Typically, the only time you limit detection to a specific platform is for mobile versions of an anti-malware product. Those devices are storage and memory constrained, so it makes more sense to just look for the threats which either (1) target that particular platform; or (2) are cross-platform and capable of affecting the mobile device (J2ME comes to mind). This would not be an issue when using the desktop or server version of an anti-malware program.
In this case, it sounds like Apple is either not pre-scanning submitted files for malicious code, or they are not using enough different anti-malware scanners to catch this. Depending upon the number of customers, potential for brand damage and even possibly the costs of legal action resulting from even accidentally distributing malware in your software (or through your online store) it makes sense to use a dozen or two anti-malware programs to check things--or even more as the situation warrants. Simply scanning with just a few programs, even five or six, isn't going to cut it, especially if one of those products is an OEM'd version of another you already use, as it's just going to report the same things as the product it's derived from.
Regards,
Aryeh Goretsky
Hello,
One thing I haven't seen mentioned about this particular mole hill is that it was uttered by someone who runs a blog dedicated to small form-factor devices like smart phones and tablets.
Given that typing anything of length on such devices is painful, it is unsurprising that he is denigrating the command line interface. It simply doesn't fit in his worldview.
Regards,
Aryeh Goretsky
Hello,
Somewhat surprised to see that the original research on the worm by ESET has not been mentioned yet on Slashdot. For all those who are interested, here it is:
From speaking with some of the ESET folks involved in the above, it seems there may be additional details forthcoming.
Regards,
Aryeh Goretsky
Hello,
I do not see this so much as an ultimatum by Microsoft to its partners as a warning.
Microsoft has invested a great deal of R&D into making Windows fast and reliable, only to find those efforts wasted by computer manufacturers who load up trial or otherwise limited versions of third-party programs which slow down the boot process and system performance overall, use up memory and disk space and introduce incompatibilities with other operating system components and third-party software, all in the pursuit of pumping up profits by turning the computer that you buy from them into a billboard, with those programs being the advertisements. Software companies have to pay for pre-loading the trial version onto a computer, and also have to pay a commission when a license is sold from that preloaded version.
The fact that whole taxonomies of software have been created (bloatware, crapware, shovelware to name a few), and that an ecosystem of programs like CCleaner (formerly Crap Cleaner) and PC Decrapifier (formerly Dell Decrapifier) have sprung up to solve the problem indicates how badly Microsoft's partners have abused their position.
In the case of the whole OEM software preload business, I think Microsoft has largely been the victim. They put strict branding requirements into Windows 95 for the desktop because they wanted end users to have the best experience possible. Manufacturers saw it as a way to make more money ("sell advertising space") and that's what pretty much started the initial antitrust investigation into Microsoft by the US DoJ. Yes, Microsoft has done plenty of horrible things, but they've also paid the price for those past misdeeds, not just in terms of fines, but in the distraction of having to deal with lawyers instead of being able to focus on delivering products and competing with companies like Apple.
Microsoft's partners cannot have ignored what Microsoft is doing with Windows Phone, Windows RT, the Microsoft Store, the Signature PC program and so forth. The writing has pretty much been on the wall for a while; this is just the latest paragraph: We have worked very hard to provide you with the tools to provide customers with a great Windows experience. If you do not choose to execute on that, we will.
As usual and for the record, all of this is my own opinion and commentary derived by observation and other public sources and neither reflects the opinions of Microsoft or my employer (who actually competes with them), although they'd both be fools to disagree with me. :)
Regards,
Aryeh Goretsky
Hello, That's not even John McAfee. Regards, Aryeh Goretsky
Hello, Groklaw seems to imply a relationship between the two: http://www.groklaw.net/articlebasic.php?story=20090711015440158 Regards, Aryeh Goretsky
Hello,
I have heard that Look 'n' Stop is a good firewall, however, it is not as far as I am aware, free for home or personal use, which was what I wanted to provide via the list.
Regards,
Aryeh Goretsky
Hello,
Below is a list of free application software firewalls I put together a while ago. Not sure if they are all current, and I am probably missing quite a few, but it is a starting point.
Firewalls
Active Network - Active Wall Free Edition
Agnitum - Outpost Firewall Free
AS3 Soft4U - AS3 Personal Firewall
Ashampoo - Ashampoo Firewall Free
Comodo Group - Comodo Firewall (now a part of Comodo Internet Security)
FilSecLab - Filseclab Personal Firewall Professional Edition
Group 4 Business Intelligence - IDNWebShield (main web site down when last checked)
NetVeda - NetVeda SafetyNet
PC Tools - PC Tools Firewall Plus Free Edition
PrivacyWare - Privatefirewall
SecurePoint - Securepoint Personal Firewall & VPN Client - (discontinued?)
SoftPerfect - SoftPerfect Personal Firewall
Tall Emu - Online Armor Free - (acquired by EmsiSoft?)
WIPFW Project - WIPFW - (port of BSD IPFW)
Firewall Managers
GT Delphi Components - Windows Firewall Ports & Applications Manager (WFWPAM)
Sheesley, Eric - XPFiremon
Hopefully, this is of help.
Regards,
Aryeh Goretsky
Hello,
," which cited data from one that began development in 2006. While I do not claim to understand the system, in a nutshell, it seems to work by generating a hash for files after they are downloaded or when they are to be executed, and sends this to Symantec along with some metadata, such as source IP/host, filename, path specification on the local host, date and time stamp on the file and other useful information, which is sent to Symantec, initially to provide a quick lookup, but more information can be sent if additional analysis is required. Symantec's client software can then display a message saying "Program XYZ.EXE has been seen n time(s) over the course of n day(s)/week(s)/month(s)." along with some suggestions about how safe it is likely to be based on new/unique program files more likely to be untrusted (higher potential for malcode) and older, commonly program files having a higher degree of trust.
What Dr. Jakobsson has described is a reputation system.
At Virus Bulletin 2009, Symantec gave a presentation on reputation systems: " Using the wisdom of crowds to address the malware long tail
One advantage of this approach is that it quickly allows malcious files encoded using server-side polymorphism to be quickly identified, as well as the sites hosting them. This negates the technique used by the bad guys to constantly modify code to in order to escape detection by anti-virus software.
Regards,
Aryeh Goretsky
Hello,
.
In the United Kingdom, the Cabinet Office published a short strategy paper on using Twitter. I found it to be quite good, and while it obviously is Twitter-centric, the ideas are applicable to a other social networking sites. The document can be downloaded from http://blogs.cabinetoffice.gov.uk/digitalengagement/post/2009/07/21/Template-Twitter-strategy-for-Government-Departments.aspx
Regards,
Aryeh Goretsky
Hello,
Many years ago, I purchased an edition of The Seecret Guide to Computers. I am not sure if it is still available in its entirety online, but it might be a good starting point for novice computer users.
Regards,
Aryeh Goretsky
Hello,
Both Fujitsu and Kohjinsha have been offering small (<9" screen) tablet PCs for a number of years, so I'm not sure exactly why this is considered newsworthy. Asus' contribution here seems to be in reducing the price and shipping them into the consumer channel. While it is nice to have inexpensive hardware, I would hardly qualify that as revolutionary, let alone evolutionary.
Regards,
Aryeh Goretsky
[...continued from previous message. AG] .CHK files)' /16 /12 v3.0 Release 3 (floppy diskttes and hard disks <2GB)
LSoft Technologies - Active@ Boot Disk, Active@ File Recovery and Active-Undelete
Micware Software - Encopy
Naltech - Multi Data Rescue (optical discs only?)
Nucleus Tecnologies - Kernel Recovery for FAT+NTFS
Ontrack Data Recovery - Easy Recovery Professional
Paragon Software Group - Paragon Rescue Kit
Partition Support - FindPart (and other utilities)
Phelps, Eric - Uncheck (for
Piriform - Recuva
Phoenix Technologies Undelete+
ProSoft Engineering - Data Rescue PC
Quetek Consulting Corp. - File Scavenger
R-Tools Technology - R-Studio Data Recovery
Recover Data - Windows Data Recovery
Regall LLC (dba Object Rescue) - File Rescue and Data Rescue and Any Reader
Runtime Software - GetDataBack
Smart PC Solutions - Smart FAT Recovery
SoftLogica - Handy Recovery
Stellar Information Systems - Stellar Phoenix Windows Data Recovery
SysTech Software - RECOVER Fixed/Floppy Disk FAT32
TOKIWA - DataRecovery (erased files only?)
Zero Assumption Recovery - ZAR32 for Windows
Programs that I have personally used and had good experiences with are Acronis' Recovery Expert, DataRescue's Photo Rescue, Naltech's Data Rescue line and Runtime Software's GetDataBack line.
Regards,
Aryeh Goretsky
Hello,
Here is a list of data recovery programs I have put together. Some of them may be a little old, for floppies or optical media only, but should still be useful. Unless otherwise noted, they are all for Microsoft Windows.
A-FF Labs - NTFS Undelete and Partition Find and Mount
Access Data - FTK Imager
Acronis - RecoveryExpert
Advanced NTFS Recovery - NTFS Recovery (may handle FAT32 as well)
bitMART - Restorer Ultimate
Brant, Dmitry - DiskDigger
BriggSoft - Directory Snoop
CGSecurity - TeskDisk and PhotoRec
Convar - PC Inspector File Recovery
Digital Assembly - Adroit Photo Recovery (pictures only)
DiskInternals - NTFS Recovery
DIY Data Recovery - iRecover
DTI Data - Recover It All
DataRescue.Com - PhotoRescue (intended for flash RAM cards, which are typically formatted with FAT, may work with other devices as well)
EASEUS - Data Recovery & Security Suite
Fsys Software - DFSee
Gibson Research Corp. - Spinrite
Gillware - GillWare File Viewer
Higher Ground Software - Hard Drive Mechanic Gold
Kato, Brian - Restoration (also here)
LC Technology -
[Continued in next message, as for some reason, Slashdot would not let me post in its entirety (too many URLs?). AG]
I have seen a few recommendations for mounting a server in a transportable case (which seems like a reasonable suggestion), but little to no mention of actual ruggedized servers. A quick search revealed a number of manufacturers:
That's just a few companies I came across when I did a search for "ruggedized server". More specialized searches incorporating terms like "military" and "oil rig" would no doubt return interesting results as well. I am sure you can find many more results by performing some searches yourself. *ahem*
Of course, none of these systems are particularly inexpensive, but I think if you want a reliable system located at your site (as opposed to going the remote computing route) then you are going to need to spend several times the cost of a comparable non-ruggedized system. You could look at buying used or reconditioned equipment, checking with computer surplus dealers (especially those that have offices near military bases, petrochemical companies, et cetera), visiting eBay and perhaps even writing some of the manufacturers in question and asking if they would be willing to sponsor your server.
Regards,
Aryeh Goretsky
Hello,
Here is a list of Conficker removal programs:
BitDefender - http://www.bdtools.net/#
Enigma Software - http://www.enigmasoftware.com/conficker_removal_tool_more_info.php
ESET - http://www.eset.eu/encyclopaedia/conficker_anet_worm_kido_t_downadup_conficker_worm?lng=en
F-Secure - http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml
Kaspersky - http://support.kaspersky.com/wks6mp3/error?qid=208279973
McAfee - http://vil.nai.com/vil/stinger/default.aspx
Microsoft - http://support.microsoft.com/kb/890830
Symantec - http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99
Addition, most of these companies have online scanners you can run to detect and remove the worm. Oh, and in case you are wondering, I work for one of the abovementioned companies. So there.
Regards,
Aryeh Goretsky
Hello,
/MBR switch, SYS and so forth).
I have worked in the antivirus industry for about nine years (with about another nine years doing networking things), starting with the technical support department at McAfee Associates (now McAfee). Even in the late 1980s and early 1990s, there were times when we had to run other companies tools to assist in detection or removal of computer viruses, or to obtain a sample. Peter Norton Computing's Norton Utilities Disk Editor and Sybex' Teledisk come to mind, as do various Microsoft MS-DOS utilities (DEBUG, FDISK with its then-undocumented
A few years ago, I re-entered the anti-virus (or anti-malware, as classic replicating infectors account for a few percentage points of what is seen these days) industry and it was and is not uncommon for our technical support people to help people remove rootkits, various Trojan downloaders and other pieces of malware that are either not detected or detected and not properly removed by our own software. One thing we make sure of is to get copies of any objects like files and registry entries so that our virus lab can add detection (or removal) in a new virus signature database update.
Sometimes, customers do get upset when they are sent download links to a third-party tool to assist with removal because they assume that one tool will protect them against all threats, however, with the shear number of unique pieces of malware being released every day by organized criminal businesses no one tool is going to prevent, detect or remove every piece of malware, every time, even with the best heuristics and generic detection technology. This is something which all anti-virus companies have to deal with, not just Symantec. On the plus side, we just started deploying our own supplmentary tools to detect and remove threats that the mainline products do not, and that will help wean our dependence on third-party programs.
That is pretty much how things stand with recommendations for the use of third party software by anti-virus vendors, now.
As far as selling support goes, well, fifteen years ago it was not unusual to sell support contracts or service level agreements to enterprise customers offering them priority round-the-clock access to technical support. Free, unlimited support via telephone, fax, electronic means (email, BBS, CompuServe, et cetera) was provided, but it was on a first-in-line basis. That started to change in the mid-1990s when the anti-virus companies started to generate substantial revenue and get taken over by professional business people instead of engineers, but when a company becomes publicly-traded, it switches from being technology-focused to being focused on maximizing stakeholder value every quarter, and that means looking at things which cost money like having to pay salaries for support engineers and turn them into things which generate revenue. At that point, I was leaving the company, and really did not care what they did with my department. I have been told by a couple of people who stayed on after me said that Bill Larsen used to give motivational speeches like, "I would fire you if I could." and "I don't understand why we have to provide support to customers, after all, we've got their money." to the support staff, but even if they are not actual quotations, they certainly are reflective of the culture at that time. At a publicly-traded company, loyalty to the shareholders usually takes precedence over loyalty to the customers. Some companies figure out that customer loyalty actually translates into more value for shareholders in the form of increased revenue from license renewals, customers who purchase new products or services from the company, et cetera, but it seems there are plenty who are unable to make this evolutionary leap in understanding how their business works.
These days, my current employer does provide free, unlimited technical support via phone and electonic means and
Hello,
I just heard back from the anti-virus vendor. They confirmed it was a false positive and fixed it in the next signature update.
Regards,
Aryeh Goretsky
Hello,
My antivirus software said the "GIFC Anti-Censorship Tools Bundle" download from the Global Internet Freedom Consortium contained "probably a variant of Win32/Delf trojan."
I am not sure if this is a false positive alarm or a bona-fide infection, but you may want to exercise some caution before installing the software on your computer.
Regards,
Aryeh Goretsky
Hello,
Having read TFA, I did not see any mention of which operating systems might perform well on SanDisk's SSDs. Does anyone have a link to a transcript of their 2Q earnings conference call, or information about operating systems which perform well when paired with them?
Regards,
Aryeh Goretsky
Hello,
What I would like to know is how Yoggie's devices compare to Zyxel's ZyWALL P1. Zyxel's device is larger at about 5×3×0.75" (assuming I'm doing the metric conversion properly) but it is a standalone device with two 10/100 Ethernet ports. Zyxel's web site says anti-virus, IDP and anti-spam will be available in the future, but since that was two years ago with no update to the web site since then, I'm guessing they will never be added, so the device only acts as a firewall with SPI and DDoS protection and VPN client. Still, at around $70.00 or so, it is half the cost of the Yoggie and you can always run anti-virus and anti-spam on your client PC.
I have not used either device, so I am wondering how their respective firewall and VPN feature sets compare.
Regards,
Aryeh Goretsky
Hello,
There's not really a lot of information about how Proactive Worm Containment (PWC) works in the article. A quick bit of searching found the Penn State University Cyber Security Lab's home page here and Professor Peng Liu's home page here along with the university's press release here, but I did not see any actual articles on PWC.
A more detailed description would be most welcome, since the press release makes it sound like this is an automated response to quarantining a host which is performing a DDoS, and it is not clear how PWC would differentiate between that and just a very busy server.
Regards,
Aryeh Goretsky