Wednesday, May 26, 2010

New antivirus software looks at behaviors, not signatures



The nature of the virus threat has changed significantly over the last few years. Alongside the "traditional" virus threat, there are now mass-mailers, Internet-aware worms, DDoS (distributed denial-of-service) attacks, backdoor Trojans, zombies, and the blended or hybrid threats that combine multiple attack mechanisms. This evolution of the virus threat has made the task of protecting users and corporate systems more complex, where companies with fewer resources for security are requiring more comprehensive solutions.


The problem is that most computers today rely on antivirus software that blocks malware by checking the code in a file against a database of signatures of known viruses. With thousands of new viruses arriving each day, many of them encrypted in part or otherwise disguised with modification, the signature lists require frequent updates and many new viruses slip through undetected.


"The antivirus companies are flooded with malware to add to signature databases," with 20,000 to 30,000 new unique samples coming out every day, said Roger Thompson, chief research officer at AVG. "It's time to do something different."


What is "Behavioral Analysis?"

Behavioral analysis or behavior blocking is not a new idea, and in fact, some security companies adopted the approach in the early 1990s in response to the sharp rise in number of viruses that threatened to overwhelm anti-virus researchers. It works from a set of established rules that define a program as either legitimate, or malicious - a virus, worm or Trojan. If the analyzed code breaks one of the legitimate rules or fits into a pre-defined profile established as "malicious," the code or application is flagged as a threat.

As traditional signature-based anti-virus scanning technology examines applications and code for a particular "signature" or pre-existing strain that has been discovered by anti-virus researchers, behavioral analysis technology monitors what an application or piece of code does and attempts to restrict its action. Examples of this might include applications trying to write to certain parts of a system registry, or writing to pre-defined folders. These and other actions would be blocked, with the actions notified to the user or administrator.

This fairly simple process can be further refined. It is possible, for example, to restrict the access of one application, like allowing Microsoft Internet Explorer read-only access to limited portions of the system registry while giving unrestricted access to other applications. Additionally, the actions of a downloaded application can be restricted on the local system and the application can be run in a protective "sandbox" to limit its destruction. The activity performed by the application can be checked against a set of rules in this environment, and depending on the policy set, the application's actions might be considered a violation of the policy, in which case they would be blocked.

In conclusion, which method is the best? All methods are good, there are pros and cons. So the best solution is to combine all these methods. Use antivirus that supports all these methods. But remember, for heuristic methods do not use the setting is too sensitive, to avoid false alarms. Let's fight the viruses.

In conclusion, which method is the best? All methods are good, there are pros and cons. So the best solution is to combine all these methods. Use antivirus that supports all these methods. But remember, for heuristic methods do not use the setting is too sensitive, to avoid false alarms. Let's fight the viruses.

Saturday, February 27, 2010

સ્વપ્નો ની રાજકુમારી !!!




સુંદરતાની એ મુર્તિ છે,
નિ:ખાલસતા ની એક ઝલક છે,
હાસ્ય નો એ સમુંદર છે,
આનંદ જેના વમળો છે...

અપ્રતિમ જેનો સ્વભાવ છે,
કુદરત જેવો એનો નિ:સ્વાર્થ પ્રેમ છે !
બાળક જેવી લાલચ છે,
તો પરમાત્મા જેવી સંભાળ પણ છે...

કાચ પણ જેની પાસે મસ્તક ઝુકાવે,
એવી તેની મૌલિક્તા છે !
રેશ્મિ વાળ ને નમણી કાયા,
જેની આજ સુધી મને રહી છે માયા !

સ્વચ્છ સ્વભાવ ને નિર્મળ દ્રષ્ટિ,
સુખ દુ:ખ ની છે એની શ્રુષ્ટિ,
ગુલાબી હોઠ ને મસમસળા ગાલ,
ઉદારતા ને ઉત્કંઠાથી લહેરાતી ચાલ !

મહેકતી ભીની માટીનો અવાજ,
જાણે લાગે છે એ કુદરતનો સંદેશ,
મોહ કે કોઇ માયા નથી,
દિલ દુભાવાની એને આશા નથી !


આજે હું નથી પુછતો,
તું ક્યાં છે ? કે ક્યારે આવશે ?
પણ જવાબ આપ હે પરમાત્મા,
મારો એ પ્રેમ કોણ છે ??
મારો એ પ્રેમ કોણ છે !!


- સ્પર્શક (હર્ષ જડિયા)


Thursday, February 25, 2010

Email Hoaxes and Why They Work !



Spotting the latest email hoaxes may be easier than you think!

There are thousands of email hoaxes moving around the Internet at any given time. Some may be the latest email hoaxes around. Others may be mutated versions of hoax messages that have travelled the Internet for years. These email hoaxes cover a range of subject matter, including:



* Supposedly free giveaways in exchange for forwarding emails.
* Bogus virus alerts.
* False appeals to help sick children.
* Pointless petitions that lead nowhere and accomplish nothing.
* Dire, and completely fictional, warnings about products, companies, government policies or coming events.


The most famous and possibly the most effective scam is the "Nigerian Scam" where a plea is made to assist an unknown foreigner to move a large sum of money out of his country. In the process of this shell game, the victim provides his bank account information to the scammer, and the bank account is drained of money. The scam works because it appeals to the victim's greed, and also implores the assistance of the victim in setting a wrong right. There are several variations on the theme of this scam.

Another indicator is that hoaxes tend not to provide checkable references to back up their spurious claims. Genuine competitions, promotions, giveaways or charity drives will usually provide a link to a company website or publication. Real virus warnings are likely to include a link to a reputable virus information website. Emails containing Government or company policy information are likely to include references to checkable sources such as news articles, websites or other publications.

A third indicator is often the actual language used. Email hoax writers have a tendency to use an emotive, "over-the-top" style of writing peppered with words and phrases such as "Urgent", "Danger", "worst ever virus!!", "sign now before it's too late" and so on, often rendered in ALL CAPITAL LETTERS for added emphasis. Paragraphs dripping with pathos speak of dying children; others "shout" with almost rabid excitement about free air travel or mobile phones. As well, some email hoaxes try to add credibility by using highly technical language.

Before forwarding an email, ask yourself these questions:

1. Does the email ask you to send it to a lot of other people?
2. Does the email fail to provide confirmation sources?
3. Is the language used overly emotive or highly technical?


A "yes" answer to one or more of the above questions, should start some alarm bells ringing. These indicators do not offer conclusive evidence that the email is a hoax but they are certainly enough to warrant further investigation before you hit the "Forward" Button.

For more help : Visit How to Check Out a Hoax

Source: www.sans.org
www.hoax-slayer.com

Tuesday, February 9, 2010

TCS website hacked !!



India’s largest information technology services company, Tata Consultancy Services (TCS), has become the latest target of hackers. The company has restored its website, after hackers changed its domain name and put it up for sale for nearly three hours, before the portal was restored by around 7 am. .

The hackers changed the domain name to 205.178.152.154 from 216.15.200.140, re-pointing the name server (NS) records of the company’s website. The hacker had also put up a whos.among.us widget to display how many people were on the site at any given point. The hackers, according to a report, also provided an email id, abed_uk@hotmail.com.When asked, a spokesperson said: “The TCS website, www.tcs.com, was disrupted. Subsequently, it has been restored and is functioning fine. None of the servers were compromised. Initial investigation reveals a DNS (Domain Name Server) redirection at the domain name registrar’s end. Further investigations are on.”

The hackers not only attacked the website but also allegedly changed its domain name and put it for sale. TCS spokesman said the attacks happened at the domain name registrar’s end, which is Network Solutions in this case. Network Solutions is one of the top five domain name registrars on internet, managing almost 6.4 million domains.

While this incident has raised questions about the level of security preparedness the country’s largest IT company has, experts think otherwise. “I am not at all surprised. This can happen with anyone. This certainly does not mean that the company is not giving better services to its customers. When you have signed a business deal with someone, you will give 100 per cent delivery. But, this is about a company that has probably not taken enough measures to keep its security up to date,” said a head of a security agency who did not wish to be quoted.



Hacked Website Image:




Source: www.business-standard.com


Saturday, February 6, 2010

Introducing Sandboxie

Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.





The red arrows indicate changes flowing from a running program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally. The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie. The animation illustrates that Sandboxie is able to intercept the changes and isolate them within a sandbox, depicted as a yellow rectangle. It also illustrates that grouping the changes together makes it easy to delete all of them at once.


Benefits of the Isolated Sandbox


* Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

* Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.

* Secure E-mail: Viruses and other malicious software that might be hiding in your email can't break out of the sandbox and can't infect your real system.

* Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

Download Sandboxie

Source: www.sandboxie.com/

What Is Heuristic Scanning And Why Is It Important?


Generally speaking, there are two basic methods to detect viruses - specific and generic. Specific virus detection requires the anti-virus program to have some pre-defined information about a specific virus (like a scan string). The anti-virus program must be frequently updated in order to make it detect new viruses as they appear. Generic detection methods however are based on generic characteristics of the virus, so theoretically they are able to detect every virus, including the new and unknown ones.

Why is generic detection gaining importance? There are four reasons:

1) The number of viruses increases rapidly. Studies indicate that the total number of viruses doubles roughly every nine months. The amount of work for the virus researcher increases, and the chances that someone will be hit by one of these unrecognizable new viruses increases too.

2) The number of virus mutants increases. Virus source codes are widely spread and many people can't resist the temptation to experiment with them, creating many slightly modified viruses. These modified viruses may or may not be recognized by the anti-virus product. Sometimes they are, but unfortunately often they are not.

3) The development of polymorphic viruses. polymorphic viruses like MtE and TPE are more difficult to detect with virus scanners. It is often months after a polymorphic virus has been discovered before a reliable detection algorithm has been developed. In the meantime many users have an increased chance of being infected by that virus.

4) Viruses directed at a specific organization or company. It is possible for individuals to utilize viruses as weapons. By creating a virus that only works on machines owned by a specific organization or company it is very unlikely that the virus will spread outside of the organization. Thus it is very unlikely that any virus scanner will be able to detect the virus before the payload of the virus does its destructive work and reveals itself.

Each of these scenarios demonstrates the fact that virus scanners can not recognize a virus until the virus has been discovered and analyzed by an anti-virus vendor.

These same scenarios do not hold true for generic detectors, and therefore many people are becoming more interested in generic anti-virus products. Of the many generic detection methods, heuristic scanning is currently becoming the most important.

How Does Heuristic Scanning Perform ?

Heuristics is a relatively new technique and still under development. It is however gaining importance rapidly. This is not surprising as heuristic scanners are able to detect over 90% of the viruses without using any predefined information like signatures or checksum values. The amount of false positives depends on the scanner, but a figure as low as 0.1% can be reached easily.

What To Look For In Antivirus Software


With up to 100 new malware threats being discovered per day, antivirus software is, for many home computer users, the primary method for protecting their computer from threats.

Many computers come with some sort of antivirus software, often a trial version, installed. Unfortunately, many users fail to properly configure the antivirus software or keep it up to date, and many may let the antivirus software expire without even realizing their computer is no longer protected against current malware threats.

This article provides a listing of some of the key features or functions that are commonly found in antivirus software.

* Realtime Scanner: The antivirus software realtime scanner monitors network data as it is coming into the computer to intercept any malware as it enters your system.

* On-access Scanner: The on-access scanner does what its name implies- it scans files as they are opened or accessed to detect any malware.

* On-Demand Scanner:The on-demand scanner provides the ability to perform a custom scan of a file, folder or drive initiated by the user.

* Heuristic Scanner: Antivirus software typically has a heuristic scanner as well. Heuristic scanning uses what is known about existing malware and what it has learned from past experience to identify new threats even before the antivirus vendor creates an update to detect it.

* Compressed File Scanner: Some malware may come inside a compressed file such as a ZIP file, or may even be embedded in a compressed file within a compressed file and so on. Most antivirus programs can scan within a compressed file. The better programs may be able to scan many levels deep to detect malware even if it is buried within multiple compressed files.

* Scheduled Scans: Most antivirus software provides some method of creating a schedule to set when the software will automatically perform a scan. Some antivirus programs may restrict what sort of scans can be scheduled, while the more flexible programs allow you to run any type of pre-configured or custom scan at the scheduled time.

* Script Blocking: Script languages are frequently used to execute malicious code from web sites. Many antivirus programs have the ability to monitor Java, ActiveX, Visual Basic and other script files and detect and block malicious activity.

* POP3 Email Scanning: The ability of the antivirus software to monitor incoming and/or outgoing POP3 email traffic and the associated file attachments to detect and alert about virus or other malware threats.

* Webmail Protection: The better antivirus programs can monitor web-based email traffic such as Hotmail or Yahoo! Mail to detect and block malware in file attachments.

* Instant Messaging Protection: Many worms and other malware can now be spread through instant messaging programs such as AOL Instant Messenger (AIM) or Yahoo! Messenger. Some antivirus software will monitor instant messaging traffic to detect and block malicious threats.

* Automatic Virus Updates: One of the biggest problems users have with antivirus software is simply keeping it up to date. Most antivirus software can be configured to automatically connect with the vendor site and download new updates on a regular basis.

* Automatic Program Updates: The scan engine(s) and program itself may periodically be updated to add functionality to detect newer threats. Many antivirus software programs can be configured to automatically check for new updates and download and install them if they are available.

Source: www.about.com

Thursday, February 4, 2010

Nokia Phones Universal Codes



I want to share something nice and maybe some of you has known the secrets already. But maybe you'll found it very cool if you don't know it yet. So here it goes:
The Nokia Universal Codes.
Well actually this codes work on most classic model so let this just be as an education or a knowledge.

1) Did you know you can view your phones version? Well try this and this is the official codes. Press *#0000# and it will display the version of your phone, the manufactured time and the model type. If it doesnt work try *#9999#

2) Discover your phone serial number by pressing *#06# . This serial number is very important. You must write it on somewhere so that you can use it in emergency especially when your phone is missing or someone steal it. You can report your phone serial number to your phone service provider so that they will blocked the usage of the phone or maybe another alternative service.

3) *#147# and *#1471# (For Vodafone only) . This is cool where you can trace who called you last.

4) *#21# This allow you to check the number that "All Calls" are diverted to

5) *#2640# Display security number in use in your phone. Be sure someone not holding your phone or he/she will apply this code for a simple hacking on your phone.

6)*#30# This function will display private number for you that available

7)*#43# Allow you to see "Call Waiting" status on your phone

8)*#61# Check the number that " On No Reply" calls are diverted to

9)*#62# Check the number that " Divert If Unreachable (no service)" calls are diverted to

10)*#67# check the number "On Busy Calls" that are diverted to

11)*#67705646# remove operator logo for Nokia 3310 & 3330

12) *#73# This will reset timer and game score

13) *#746025625# Display the SIM clock status, if your phone support power saving feature " SIM clock stop Allowed" ,it means you will get the best possible standby time

14) *#7760# manufactures code

15) *#7780# restore factory settings. Be careful this one for the experienced user.

16) *#8110# Software version for Nokia 8110

17)*#92702689# Display: 1. serial number, 2.Date made. 3. Purchase date. 4. date of last repair.

Monday, February 1, 2010

Rann He... Poetry inspired from title song of movie "Rann", based on web technology.



Rann he... !

Yaha network ka pura jal bicha, uska bhi kitna bura haal hua,
Security bhi jaha nakam hui, wahi to tools ki jay-jay kar hui,

Rann hai !!

Nahi tum jano nahi hum, jitni care karo utni lagti he kum,
Log todne pe jute he aur hum jodne me,
Par kiski kismat me aaj he ye dum ?
Aur kiska aaj hoga budget kum ?
Galti ka matlab yaha attack he...(2)

Rann he... !

Uska nahi koi patch he, nahi uski koi recovery...
Google hi yaha dharam he, aur blogging hi hamara karam he,
Uski saran me Dhann he, baki to net ka maran he.. (2)

Rann he.... Rann he...

-Sparshak ! (:

Sunday, January 31, 2010

Free Online Anti-Virus Tools


This is the first in IT Security's periodic list of free security tools.In the interest of listing tools that can help in a moment of crisis, this list only includes tools that can detect, clean, remove or neutralize viruses.Of course, if a file is small, an easy way to check it for a virus is to send it to yourself via a free email service like Yahoo! Mail, Gmail or Hotmail, which scan all file attachments.

In the future, IT Security will compile a list of free downloadable antivirus tools.

A-squared: The A-squared malware scanner looks for for Trojan horses, backdoors, worms, dialers, spyware/adware, keyloggers, rootkits, hacking tools, riskware and tracking cookies. However, it only works inside IE (Internet Explorer) with ActiveX controls enabled.

BitDefender Scan8 Online: BitDefender is a complete online anti-virus scanner that appears in a new window. It requires IE to function.

Command On Demand Scanner: Another straightforward online virus scanner that requires IE and ActiveX controls.

The ESET Online Scanner: This online antivirus scanner from ESET also requires ActiveX and IE.

Computer Associates CA Anti-Virus: The free online version of CA's anti-virus program requires ActiveX and IE.

Ewido Networks Anti-Spyware: Ewido Networks has an online anti-spyware scanner that is a predecessor to AVG Anti-Virus; it also requires IE and ActiveX.

Freedom Online Virus Check: One of the very few online scanners that works with both Firefox and IE. Firefox users will need to install a Java-based scanner, while IE users will need to activate ActiveX controls The service's engine is based on the F-Prot scanner.

F-Secure Online Scanner: Another scanner that requires IE and ActiveX. It also checks for rootkits.

Panda ActiveScan: Based on the popular Panda virus scanner, the online version also requires IE and ActiveX.

Windows Live OneCare: Microsoft's online virus scanner is based around its new Windows Live technology — and yes, this service too is only compatible with Internet Explorer with ActiveX controls enabled.

Trend Micro HouseCall
: A smarter online scanner than most, Trend Micro's solution detects browsers and installs the appropriate piece of code needed, whether it's Java or ActiveX. The service is based on TrendMicro's popular anti-virus engine.

Note that leading anti-virus vendors McAfee Inc. and Symantec Corp. have rich online scanning tools, but these services do not actually remove detected threats.


Source: www.itsecurity.com