Many of our friends do not understand the term... Simply defined,
Rootkit is a special type of malware that hides itself in targeted
installation files, processes or web links. Rootkit is generally used in
conjunction with other malicious programs like trojan horses and
back-doors. When Rootkit loads onto a hard drive, it modifies the system
kernel and thus achieves its purpose of hiding information. Rootkit
technology is a double-edged sword, it can be used for research purposes
to make our system more robust and secure, but it also allows hackers
to create back-doors into a system, and capture passwords or messages
from a computer.
Some people misunderstand and think that Rootkit is a tool used to gain
root access. No, not directly. Rootkit is an attacker that can hide its
tracks and keep root access tools. Typically, the attacker remotely
gains root access through password guessing or password enforcement, for
first deciphered acquisition of system access. After entering the
system, if it has yet to gain root privileges, it will wait for other
users to log on and collect the required information for back door
access. If it is the only one who accessed the system, it will clear the
log of related information so no one realizes the system has been
hacked.
The first version of Rootkit was used for bona fide purposes but later,
hackers modified it to attack computer systems. As a result, most
anti-virus applications have classified Rootkit as a harmful malware.
Linux, Windows, Mac OS and other operating systems have the potential to
become victims of Rootkit.
Rootkit Protection
1. Do not use clear text passwords, instead replace with hidden
passwords (e.g. *****) on the network or use a one-time password. This
way, even if a rootkit has been installed in your system, the attacker
cannot perform network monitoring, or access additional user names and
passwords.
2. Scan for Rootkit with Tripwire, AIDE application, or other testing
tools that can help users find the intruder with system integrity
checks. Intrusion detection tools are different from other protection
tools in that they do not trace attackers through security logs, but
monitor and check for system changes. Tripwire was the first to perform
specific function scans and clone fake system files and directories. If a
file was modified by Rootkit, even if the file size remains the same,
it is easy to discover system changes.
3. There are limited remedial methods after the discovery of Rootkit.
Because the Rootkit can hide itself, you may not be able to determine
how long it has existed in the system. In addition, you don't know what
type of Rootkit has been causing the damage. The best solution is to
wipe and reinstall the system. Although it is a tough step, it is the
only way to completely remove a Rootkit.
Wednesday, March 20, 2013
Tuesday, December 25, 2012
Cloud Computing
Cloud computing is a combination of multiple traditional technology developments, including distributed computing, parallel computing, utility computing, network storage, virtualization and load balancing. It has become a popular term in recent years, and many experts believe that cloud computing will change the technical foundation of the Internet, and even affect the pattern of the IT industry as we know it. After super computers, personal computers (PC) and the world wide web (WWW), cloud computing is the third wave of computer evolution. As a result, many large enterprises such as Amazon, Google, Microsoft, IBM, SUN, and Apple are researching ways in which cloud computing technology can expand their market share.
The fundamental concept of cloud computing is similar to that of water and electricity supply. Each user connects to a single pipe and shares the same resources. This evolution changes our lifestyle, business model and operations. It successfully evolves from built in IT systems, to save costs and boost business revenue. Below are examples that may help us understand how cloud computing works:
1. Server A - 50GB storage
2. Server B - 100GB storage
3. Server C - 150GB storage
Traditionally, each server is a stand alone and none of the servers can store 200GB of data. To do so, a business owner would have to spend additional money to upgrade the hardware. With the cloud system, the three servers can share their capacity without any upgrades, and achieve 300GB storage.
In another scenario, if a single PC downloads 1MB of antivirus definitions to a local drive, it causes the main server to lose 1MB of bandwidth. When 10,000 PCs makes the same download, it will cause the main server to lose 10GB of bandwidth. With cloud antivirus, all virus updates refer to the main server and no downloads are required. It saves server cost and user time.
Similarly, in an Apple game center for example, each user’s game score is stored in a remote location. When the user needs the data, it can be accessed through any Apple device and not necessarily a personal device.
The fundamental concept of cloud computing is similar to that of water and electricity supply. Each user connects to a single pipe and shares the same resources. This evolution changes our lifestyle, business model and operations. It successfully evolves from built in IT systems, to save costs and boost business revenue. Below are examples that may help us understand how cloud computing works:
1. Server A - 50GB storage
2. Server B - 100GB storage
3. Server C - 150GB storage
Traditionally, each server is a stand alone and none of the servers can store 200GB of data. To do so, a business owner would have to spend additional money to upgrade the hardware. With the cloud system, the three servers can share their capacity without any upgrades, and achieve 300GB storage.
In another scenario, if a single PC downloads 1MB of antivirus definitions to a local drive, it causes the main server to lose 1MB of bandwidth. When 10,000 PCs makes the same download, it will cause the main server to lose 10GB of bandwidth. With cloud antivirus, all virus updates refer to the main server and no downloads are required. It saves server cost and user time.
Similarly, in an Apple game center for example, each user’s game score is stored in a remote location. When the user needs the data, it can be accessed through any Apple device and not necessarily a personal device.
Wednesday, December 5, 2012
Google Being Hacked?
Recently, Google being hacked in Romania and Pakistan became a popular topic for discussion. "Real" hacking would mean someone successfully broke into Google's server, changed the server permission, and stole Google data. So in actual fact, Google was not hacked, but instead had a DNS redirection problem.
For example, to visit lns.com.my, we need to memorize the specific IP address 103.3.72.5. To make it easy for users to remember a website, DNS (Domain Name System) is responsible for translating Internet domain and host names to IP addresses. So when a user types lns.com.my in a browser, the DNS will automatically direct the user to visit the 103.3.72.5 website.
In Google's case, someone has taken advantage of the conversion tool (DNS), and switched off google.com.pk by pointing it to a different IP address. As a result, millions of users saw the hacker message instead of the usual Google landing page
If you find a page with an error message or non-common landing page, don't linger or click anything. Leave the site and let the administrator solve the problem, because syncing DNS to the correct IP address is a process that may take up to a few hours.
For example, to visit lns.com.my, we need to memorize the specific IP address 103.3.72.5. To make it easy for users to remember a website, DNS (Domain Name System) is responsible for translating Internet domain and host names to IP addresses. So when a user types lns.com.my in a browser, the DNS will automatically direct the user to visit the 103.3.72.5 website.
In Google's case, someone has taken advantage of the conversion tool (DNS), and switched off google.com.pk by pointing it to a different IP address. As a result, millions of users saw the hacker message instead of the usual Google landing page
If you find a page with an error message or non-common landing page, don't linger or click anything. Leave the site and let the administrator solve the problem, because syncing DNS to the correct IP address is a process that may take up to a few hours.
Tuesday, November 6, 2012
Trojan Horse Virus
The name "trojan" comes from the ancient Greek legend of the trojan horse. The "trojan horse" program is a popular virus file. It is not self-propagating to infect other files. Usually, trojans are disguised to attract users to download them. Once a user opens the particular file, it plants a trojan virus. Hackers can then use the security hole to remote access users' computers, monitor user behavior and even transfer data.
Trojans work in a way that is similar to remote access, the difference is trojan horses can obtain the permission of the computer, without users' right. The program capacity is very light and small, and runs with resources and bandwidth. It is difficult for computers without anti-virus software to detect it, and stop its actions. It automatically runs each time Windows loads, immediately changes the file name, can even be invisible, or immediately auto copies to another folder, stopping users from running the antivirus.
In order to prevent detection of the trojan, hackers usually encrypt the packet file. When the trojan runs and connects to the user's computer, the hacker is able to get most of the server operating authority, such as copying files, deleting files, modifying the registry, and changing the system configuration of the user's computer. There are two types of trojans - universal and transitive. Universal trojan horses can be controlled, but you cannot control transitive ones.
Trojan technology develops rapidly, mainly because of youngsters who are curious or eager to show their skills. So far, trojans have gone through six generations of improvements:
The first generation is the most original. Simple password theft by sending a trojan via e-mail and waiting for users to respond to the e-mail.
Second generation trojans have made great progress in technology. Glacier is one of the typical representatives of China's trojans.
With major improvements in data transfer technology, third generation trojans are ICMP types that use malformed packet transmission data, increasing the difficulty for antiviruses to identify the software.
The greatly changed fourth generation is a hidden process, using a plug-in kernel to remote and insert threading technology to DLL thread, or articulated PSAPI.
The fifth generation is a hard drive stage trojan. This trojan uses Rootkit technology to achieve hidden depth, then infects the hard drive and attacks the anti-virus software and network firewalls, so they lose their self protection effect. Some hard drive level trojans can lock BIOS, making it more difficult to remove.
Trojans work in a way that is similar to remote access, the difference is trojan horses can obtain the permission of the computer, without users' right. The program capacity is very light and small, and runs with resources and bandwidth. It is difficult for computers without anti-virus software to detect it, and stop its actions. It automatically runs each time Windows loads, immediately changes the file name, can even be invisible, or immediately auto copies to another folder, stopping users from running the antivirus.
In order to prevent detection of the trojan, hackers usually encrypt the packet file. When the trojan runs and connects to the user's computer, the hacker is able to get most of the server operating authority, such as copying files, deleting files, modifying the registry, and changing the system configuration of the user's computer. There are two types of trojans - universal and transitive. Universal trojan horses can be controlled, but you cannot control transitive ones.
Trojan technology develops rapidly, mainly because of youngsters who are curious or eager to show their skills. So far, trojans have gone through six generations of improvements:
The first generation is the most original. Simple password theft by sending a trojan via e-mail and waiting for users to respond to the e-mail.
Second generation trojans have made great progress in technology. Glacier is one of the typical representatives of China's trojans.
With major improvements in data transfer technology, third generation trojans are ICMP types that use malformed packet transmission data, increasing the difficulty for antiviruses to identify the software.
The greatly changed fourth generation is a hidden process, using a plug-in kernel to remote and insert threading technology to DLL thread, or articulated PSAPI.
The fifth generation is a hard drive stage trojan. This trojan uses Rootkit technology to achieve hidden depth, then infects the hard drive and attacks the anti-virus software and network firewalls, so they lose their self protection effect. Some hard drive level trojans can lock BIOS, making it more difficult to remove.
Sunday, October 21, 2012
Antivirus Knowledge
1. Antivirus software cannot kill all types of viruses.
2. Antivirus software may find a virus, but may not be able to kill it.
3. Each computer or operating system cannot install two or more antivirus software, unless they are compatible versions.
4. Antivirus software can act on infected files in a variety of ways:
a. clear
b. delete
c. prohibit access
c. isolate
d. do not handle
Once you clear a file that is infected with worms, the file will go back to normal, just as a sick person who is given treatment will recover. If it is a virus file, as opposed to a file infected by viruses, it cannot be cleared and you must delete it.
Users who choose not to clear or delete a virus file, can prohibit access to the file by creating an error dialog box with the message "the file is not a valid Win32 file".
With isolation, the virus is transferred to the quarantine area. Quarantined files cannot run any activity, but users can retrieve files from quarantine.
Do not handle means the user is not sure if it is a virus file, and chooses not to deal with it.
2. Antivirus software may find a virus, but may not be able to kill it.
3. Each computer or operating system cannot install two or more antivirus software, unless they are compatible versions.
4. Antivirus software can act on infected files in a variety of ways:
a. clear
b. delete
c. prohibit access
c. isolate
d. do not handle
Once you clear a file that is infected with worms, the file will go back to normal, just as a sick person who is given treatment will recover. If it is a virus file, as opposed to a file infected by viruses, it cannot be cleared and you must delete it.
Users who choose not to clear or delete a virus file, can prohibit access to the file by creating an error dialog box with the message "the file is not a valid Win32 file".
With isolation, the virus is transferred to the quarantine area. Quarantined files cannot run any activity, but users can retrieve files from quarantine.
Do not handle means the user is not sure if it is a virus file, and chooses not to deal with it.
Wednesday, October 17, 2012
About Antivirus Technology
Antivirus installation is used to eliminate computer viruses, hijackers, key-loggers, malicious LSPs, rootkits, spyware, and other malicious software. Antivirus software is usually integrated with monitoring recognition, virus scan, virus removal, and automatic upgrade features. Some antivirus software has data recovery and computer defense systems such as firewalls as well, to ensure that systems work properly.
Through real-time monitoring, signature-based detection can constantly scan for known virus definitions and behavior from the database, compare them with virus attack patterns, and release further executable protection codes. However, it is not possible for an antivirus to identify new or unknown malware. To cover this weakness, some antivirus software groups unknown source files to a sandbox where it further analyzes what they do to see if they perform any malicious action.
Antivirus Technology
1. Shelling technology is very commonly used. It is able to scan and analyze compressed files.
2. Self-protection technology is basically like an immune system. It prevents the virus or malware from stopping antivirus monitoring.
3. Virus corrupted file repair technology can repair files destroyed by viruses. Without this technology, anti-virus software often deletes the infected system files, which makes the computer crash or unable to start properly.
4. Active real-time upgrade technology automatically upgrades server information and virus definitions each time you connect to the Internet. There is also more advanced cloud technology, which uses real-time access to cloud data centers to make virus database comparisons and protect against the latest viruses. Users do not need frequent upgrades.
5. Active defense technology through automatic monitoring of anti-virus system for dynamic simulation of various procedural actions, the logical relationship between the actions of automatic analysis program, integrated application of virus identification rules knowledge to achieve the purpose of active defense.
6. Inspired technology is the original eigenvalue recognition technology based on a summary of the analyses of suspicious program samples, which are transplanted into the antivirus program. When viruses meet the conditions, users will be notified to defend against the unknown viruses or malware. In contrast, conventional antivirus software collects virus definitions, types, or behavior from a huge number of user computers, analyzes the database, then redistributes it as antivirus updates. This method is time-consuming.
7. Using artificial intelligence (AI) algorithms with "self-learning, self-evolution" capabilities, antivirus software can remove packers and variants of viruses without frequent updates to the database, or analyses of virus static characteristics. It uses the intelligent algorithms to discover and learn new virus variations. This leading technology does not have the "do not upgrade the virus database, cannot kill the virus" technical problems that the first two generations of antivirus engines have.
Antivirus Problems
Many antivirus software requires a lot of system resources, such as memory resources and CPU resources, to ensure the safety of the system but this reduces the system speed.
Antivirus technology continues to progress but for now, antivirus software can only kill viruses. If used to kill Trojans, some user data or system files may be destroyed as well, causing system corruption problems.
Through real-time monitoring, signature-based detection can constantly scan for known virus definitions and behavior from the database, compare them with virus attack patterns, and release further executable protection codes. However, it is not possible for an antivirus to identify new or unknown malware. To cover this weakness, some antivirus software groups unknown source files to a sandbox where it further analyzes what they do to see if they perform any malicious action.
Antivirus Technology
1. Shelling technology is very commonly used. It is able to scan and analyze compressed files.
2. Self-protection technology is basically like an immune system. It prevents the virus or malware from stopping antivirus monitoring.
3. Virus corrupted file repair technology can repair files destroyed by viruses. Without this technology, anti-virus software often deletes the infected system files, which makes the computer crash or unable to start properly.
4. Active real-time upgrade technology automatically upgrades server information and virus definitions each time you connect to the Internet. There is also more advanced cloud technology, which uses real-time access to cloud data centers to make virus database comparisons and protect against the latest viruses. Users do not need frequent upgrades.
5. Active defense technology through automatic monitoring of anti-virus system for dynamic simulation of various procedural actions, the logical relationship between the actions of automatic analysis program, integrated application of virus identification rules knowledge to achieve the purpose of active defense.
6. Inspired technology is the original eigenvalue recognition technology based on a summary of the analyses of suspicious program samples, which are transplanted into the antivirus program. When viruses meet the conditions, users will be notified to defend against the unknown viruses or malware. In contrast, conventional antivirus software collects virus definitions, types, or behavior from a huge number of user computers, analyzes the database, then redistributes it as antivirus updates. This method is time-consuming.
7. Using artificial intelligence (AI) algorithms with "self-learning, self-evolution" capabilities, antivirus software can remove packers and variants of viruses without frequent updates to the database, or analyses of virus static characteristics. It uses the intelligent algorithms to discover and learn new virus variations. This leading technology does not have the "do not upgrade the virus database, cannot kill the virus" technical problems that the first two generations of antivirus engines have.
Antivirus Problems
Many antivirus software requires a lot of system resources, such as memory resources and CPU resources, to ensure the safety of the system but this reduces the system speed.
Antivirus technology continues to progress but for now, antivirus software can only kill viruses. If used to kill Trojans, some user data or system files may be destroyed as well, causing system corruption problems.
Monday, October 8, 2012
Difference Between Hacker and Cracker
There are many definitions of the term "hacker". In most cases, a hacker is defined as having superb programming technology, and a strong desire to solve problems and overcome limitations. If you want to know how to become a hacker, there are two important things - attitude and technical knowledge. Historically, the word "hacker" can be traced back to a few decades ago, to the earliest ARPAnet experiment period, when expert-level programmers and network engineers shared their knowledge through minicomputers.
Hackers built the Internet with the Usenet and Unix operating systems. Hackers allowed WWW. to operate normally. Any individual who participated in the online community automatically became a hacker, as they contributed to building the system.
The hacker spirit is not limited to software applications. Hackers can also be found in other industries such as electronics and music. In fact, we can find hackers in any higher-level science and art field. In this article, we only focus on the skills and attitudes of software hackers, as well as the invention of the word "hacker".
There is another group of people who claim themselves to be hackers, but they are really not. They are intentional destructors of computer and telephone systems. In this century, the actual hackers call these people "crackers". Most real hackers think of "crackers" as irresponsible and lazy people, not a great accomplishment. Setting out for the specific purpose of destroying others' safety behavior does not make a person become a hacker, just as using wire to open a car door does not make one an automotive engineer. Unfortunately, many journalists and writers often use the words "cracker" and "hacker" interchangeably, which angers the real hackers. The fundamental difference is that hackers provide solutions with informative advise, whereas crackers purely create damage.
Hackers solve problems and help people. In order to be a real hacker, the person must have a good attitude and good behavior. The purpose of becoming a hacker is not for public recognition, but more importantly for helping, learning and discovering.
Hackers built the Internet with the Usenet and Unix operating systems. Hackers allowed WWW. to operate normally. Any individual who participated in the online community automatically became a hacker, as they contributed to building the system.
The hacker spirit is not limited to software applications. Hackers can also be found in other industries such as electronics and music. In fact, we can find hackers in any higher-level science and art field. In this article, we only focus on the skills and attitudes of software hackers, as well as the invention of the word "hacker".
There is another group of people who claim themselves to be hackers, but they are really not. They are intentional destructors of computer and telephone systems. In this century, the actual hackers call these people "crackers". Most real hackers think of "crackers" as irresponsible and lazy people, not a great accomplishment. Setting out for the specific purpose of destroying others' safety behavior does not make a person become a hacker, just as using wire to open a car door does not make one an automotive engineer. Unfortunately, many journalists and writers often use the words "cracker" and "hacker" interchangeably, which angers the real hackers. The fundamental difference is that hackers provide solutions with informative advise, whereas crackers purely create damage.
Hackers solve problems and help people. In order to be a real hacker, the person must have a good attitude and good behavior. The purpose of becoming a hacker is not for public recognition, but more importantly for helping, learning and discovering.
Subscribe to:
Posts (Atom)