Thursday, November 12, 2009

Concerned about your data privacy? Enable Bitlocker on Windows Vista/Windows 7

With the ever increasing demand for privacy, it is no wonder that Microsoft has packaged some encryption tools with its latest release of operating system. BitLocker and BitLocker ToGo, are available only in Windows Vista Ultimate, Windows Vista Enterprise, Windows 7 Ultimate and Windows 7 Enterprise.

I remember reading an article online during the first few days when Windows 7 RC had come out. One of the bloggers had commented that while installing Windows 7, he noticed a hidden partition being created, and couldnt figure out why it was there, and he recommended deleting it and absorbing the free space into the system drive using some partitioning tools. I now realise that the reason why there is a hidden unused partition, is so that your computer can boot up if you use BitLocker to encrypt your system drive.

BitLocker allows you to encrypt the whole volume, not a specific file, like you could with Encrypted File System (EFS). If your computer has a Trusted Platform Module (TPM) chip, you could use it to store the encryption keys, else you can use a flash disk. This however, would be requested everytime you reboot your computer. The encryption/decryption happens seemlessly by the Operating System, so the user doesnt need to do much in regards to that.

BitLocker To Go, is a new feature, added to Windows 7 by default, that allows you to encrypt your external drives.

Please do note that if you do not own the high end version of Windows Vista or Windows 7, you can still enjoy the privacy of BitLocker and BitLocker To Go. You can use the free tool Truecrypt.

You can get more details about BitLocker and BitLocker To Go from this Microsoft published Walkthrough .

Till the next time ..

Monday, November 9, 2009

Combating Spam - My personal approach to it

Gone are the days when you could surf to a website, click on a download link, and have the download start instantly. Nowadays more and more sites are resorting to asking you for your email address, to which they send a link to the file that you are wanting to download. Even though the site states that your email address will not be used for spamming by them or by any of their partners, you start receiving more junk email after a few days. Sounds familiar? Well believe it or not, email harvesting is a very promising business in the underwground community.

One of the ways you could circumvent the above is by creating some disposable email addresses, those that you only use to download software. This could be as easy as signing up for a free gmail,yahoo or msn account. The only downside to this is that you will have to login to those addresses to retrieve the links that are sent to you.

Another approach is using the following technique. Most of the web based email accounts give you disposable addresses by default. Yahoo gives you disposable addresses on their premium accounts. I personally use gmail and if you were to read the help section on it, you will find out that it also gives you disposable email addresses.

Lets say your email address is john.doe@gmail.com. Now if someone sends you an email at john.doe@gmail.com, you will receive it in your inbox (trivial). Now the funky part that you dont get told off hand is that any email sent to the address john.doe+{blurb}@gmail.com (you have to have + in the address) will also get directed to your inbox. So for instance, if someone sends an email to john.doe+tuesday@gmail.com, this will get delivered to john.doe@gmail.com inbox. So now when you go to download something off a website, and they require you to enter your email address so that they can send you the link to the file, just enter the email address in the above format (i generally append the site name, so that I can track where the spam is coming from). Some sites are smarter and do not allow you to have a + in the email address, but almost 80% of the ones that I have tried, take it as a genuine email address.

The next step will be to create a filter in gmail, that uses the To: address as the filter condition. In this, add the disposable email address that you had given to the website, and in the actions, select delete. Activate this filter after you have received the download url (or you could suspend the rule for a few days and monitor the amount of spam you receive from the website).

You can use this technique to create disposable email addresses out of your personal gmail address. Also, you can use it evaluate how "trustworthy" the website you gave your email address to is.

Have fun.

Sunday, October 25, 2009

More Bubbles anyone? - How to add more features to the bubbles screensaver in Windows Vista/Windows 7

This week, Microsoft released Windows 7 to the masses. The official release date was 22 Oct,09. We saw the launch first here in Auckland since as you would all know, the sun rises first here (and also because we are on daylight savings). There was a big launch held both in Auckland and Wellington, with HP laptops as prize giveaways. For those that would like to see the photos from the event, click here

Now, as with any operating system, there comes cosmetics that help you "dress up" your computer. One of these are screensaves. With Windows Vista and Windows 7, comes some pre-installed screensavers (as with the previous versions). One of the nice ones that you can find in this list is Bubbles. While on its own, this screensaver is quite pleasing on the eyes, one wonders if there is more that they could squeeze out of it. And guess what. Yours truely did just that and managed to find some tweeks and tricks that could extend this screensaver. [Please note that this tweak requires you to modify your registry, and if you are not very comfortable with this, it is recommended that you backup your registry prior to carrying out the following steps].

In its out-of-package form, Bubbles, gives you transparent bubbles that move across your desktop. You are unable to do any further settings to this. But if you would like to add some more features, do the following.

Open the registy editor (type regedt32 on the run/search area)
Browse to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ScreenSavers\Bubbles

To Add Shadows create a DWORD (32 bit) Value key and name it ShowShadows. Set this to decimal 0 if you do not want the shadows to be shown, and 1 if you want the shadows

To Make the Bubbles Solid instead of Transparent. Create a DWORD (32-bit) Value key and name it MaterialGlass. Set this to decimal 0 if you want a solid bubble and decimal 1 if you want transparent bubbles

To black out the background so that your current desktop doesnt show, but only the bubbles show, create a DWORD (32-bit) Value key and name it ShowBubbles. Set this to decimal 1 if you want the background to be blacked-out, thereby hiding your desktop, or set it to decimal 0 to keep showing the current desktop (showing your currently open files etc)

While this post may not be the niftiest but it surely makes you appreciate the easter eggs that Microsoft hides in its Operating System releases.

Until the next post, keep safe and enjoy

Friday, October 9, 2009

A Sneak Peek at Windows 7

I am not normally an early adopter of Microsoft Operating systems but I guess this time, curiosity had the better of me. Also, I won a full version of Windows 7 Ultimate at Microsoft NZ TechEd 2009, so that kind of nudged me more into using it.

This report is more on what I have read and so far experienced in Windows 7 Ultimate.

Windows 7, as many call it, is what Windows Vista was meant to be. Microsoft really went back to the drawing board and looked at all the aspects of Vista that people disliked and improved on it. I guess one of their motivations of doing this was the fact that Vista was the one Microsoft operating system that hardly penetrated the user market and was the biggest flop, to put it lightly. But kudos to Microsoft, they have done quite a lot of work around improving their OS and Windows 7 shines with the brightness of the heavens.

1. To Upgrade or to install fresh?
The upgrade path is only from Windows Vista to Windows 7. If you are running anything earlier than Windows Vista, I am sorry but you are out of luck if you are thinking of upgrading. I think this is because of the whole kernel revamp that was noticed in Windows Vista, and which has carried on to Windows 7 (Windows 7 uses a newer security and kernel architecture and this means that it has shunned the older legacy archictecture that was used in Windows XP. This makes it more secure, but also means that it breaks all those legacy programs that you were meant to upgrade, but just never got the time to get around to). There are some advantages of installing fresh as opposed to upgrading. One of them being that you dont carry the rubbish you have accumulated over to the new operating system. But then upgrading does take off the hassle of having to reinstall everything all over again. I have tried both and I must say, upgrade is so much better. Just keep a note that most of the computers sold after June 23rd this year come with a free upgrade to Windows 7 sticker. I tried using this path but I found it hard to digest the fact that just to get the dvds, it would cost me $US19.95!!

2. Which platform architecture should I get.
Windows 7 comes in two flavors. 32 and 64bit (just saw some literature on the internet that said that Windows 8 and Windows 9 might support 128 bit OS!!). One of the main reasons for choosing one or the other is your hardware and your software base. 32 bit OS means that there is an upper limit to what physical memory can be addressed by the OS, which sort of shys away just before 4GB (3.6GB is what it can see I think). 64bit allows you to see 4GB and more. The next thing to look at is all your current software and if they will be able to run on 64bit if you are going to take that path. 64bit does run 32bit software in a 32bit bubble so that might allow you to run your legacy programs while a 64bit version of it gets released.

3. AeroSnap
AeroSnap is a new feature of Windows 7 that allows you to compare two screens side by side. And it makes it very easy to do this. All you do is take one screen and move it to left and as you are moving it, like a magnet, it is pulled to the left hand side of the screen and "snaps" in, thereby taking the left half of the screen. Move the other screen to the right the same way and it will snap into place.

4. AeroPeek
This is the Windows 7 version of Show Desktop. In Windows 7, on the Task Bar, at the far right, you will see a small rectangle. If you hover the mouse pointer over this, it will replace all the open screens with a transparent white border, thereby showing you the desktop. Windows 7 has done away with the Side Bar that was present in Windows Vista. You can dock gadgets on the desktop and using this "Show desktop" feature, see them.

5. AeroShake
If you shake the current application, it will minimise all the other windows except that for the application that you currently have the focus on. Neat aye. Guess we are entering the age of natural movements in operating systems, a path started by the iphone revolution (might be wrong so dont quote me on this) which allowed one to communicate with their phone using the natural action of touching.


6. Windows XP Mode.
This is only available in Windows 7 Ultimate and allows you to have a preinstalled Windows XP virtual PC in Windows 7 which you can use to run those stubborn programs that just wont run on the new architecture of Windows 7.

There are numerous other features that have been added to Windows 7. If you would like to get a detailed look at all those, please visit the official Windows 7 website.

Have fun and all the best. As for me, I am actually loving my Windows 7 install.

Sunday, October 4, 2009

Reason for not updating this blog

Hi all.

Let me start with an apology for not updating my blog for almost a month. This has majorly been due a lot of undertakings on my side, some personal and some professional. But in the next few weeks, I would be putting up some really cool stuff , things that I have been busy with during this month that I was away.

Below are the things I had been involved in.
1. TechEd 2009
I managed to get tickets to Microsoft New Zealand TechEd 2009, which was held at Skycity Convention Center here in Auckland from September 14 - 16, 2009 [One of the project managers for Codeplex , Microsoft's open source hosting site, Sara Ford , decided to jump off the Sky Tower which at 192m is the tallest building in the Southern Hemisphere. You can see her in action here ]. This was my first TechEd and I was overwhelmed with all the information that was offered. There were some things that I already knew and the sessions broadened my understanding in those areas, while there were others that I was not aware about. All in all it was a really nice experience. The theme of this year seemed to be centered around Windows 7 since that was the topic of most of the talks. One of the few lines that stuck to me was "Windows 7 is the first Microsoft offered Operating System that runs on a lower hardware spec than its predecessor".
2. RSA Training and Certifications
I attended a week of training around RSA SecurID Authentication Manager. I always had a very basic understanding of RSA tokens and how they plugged in to a corporate environment. This course really opened my eyes around them. RSA has build a whole infrastructure around authentication, whereby you can have realms of authentication servers, with clustering, replicas, server nodes, inter-realm trusts and authentications. It was really nice to see all this and more. For more information please visit the RSA website. After the training I took two weeks to re-read and digest all the information, going through the course manuals and other administation documentations to prepare for my RSA exams. I am happy to say I passed them both. I now hold the following RSA certifications
RSA Certified Administrator
RSA Certified Systems Engineer

To get more details, visit the RSA Certifications website.
3. Books
I have been reading quite abit about VMware and how it can be used for VDI deployment. There are similar offerings from Microsoft using their HyperV technology and also from Citrix with their Xen flavor of platforms. Also, I am trying to get my internet security skills up to speed as well, and this involves a lot of reading. Sadly I wasnt able to get myself a ticket to BlackHat or to Defcon. I guess the biggest hurdle was the price tag. Well someday I will be able to afford to pay my way to them, or might find a sponsor :D

As I stated in the opening lines of this article, I will be posting some really cool stuff on this blog in the next few weeks, so do check back, unless you have got RSS or twitter feeds enabled, in which case you will be notified as soon as the articles get posted. The topics I will be covering are

A brief overview of the RSA SecurID Infrastructure
Windows 7 - the good the bad and the Ugly
Virtual Infrastructure - An overview of where the technology currently is and the various offerings from the different vendors (VMware,Microsoft,Citrix)
VDI - Virtual Desktop Infrastructure. What is VDI and how you could use it in your environment.

Hope to see you all back in a few weeks. Have a great weekend.

Monday, August 31, 2009

Are you sharing your USB flash disks? Secure your personal documents!!

With the price of usb flash disks plummetting, and with the removal of floppy disk drives from computers (but seriously, who uses those 1.44MB devices anymore?), almost everyone is getting themselves one to store documents etc. Some people copy data that they later share with their friends, collegues etc. But due to the portability factor, they might also be storing personal data (financial statements, CVs etc), which they would not like to share with others. So how would you protect these personal items while still be able to share other non sensitive data with others?

There are quite a few tools on the internet for this. One of these that caught my attention is Rohos Mini Drive . Its a freeware with some built in restrictions (for instance the protected partition is limited to 2GB). But it is really cool since it doesnt need a software that you have to install on all the computers you use it on. Once you have configured the software, a hidden partition is created. This partition can only be visible by clicking on the rohos shortcut and inputting the configured password. Once this is done, another disk is visible in your My Computer. Encryption and decrytion of files from/to this partition is seemless.

Give this a try. It might not be the best solution, but surely its better than not having any protection :)

Tuesday, August 18, 2009

Moving MediaMonkey from one PC to another

As you might already know, I use MediaMonkey for all my podcast catching. It is a really great software, one of the best in my view. It downloads the podcasts, auto creates playlists and prunes out those that I have listened to. All that I have to do is to listen to them, which is all that I want to do.

I recently bought a new laptop since my old one was getting a bit too old and wasnt able to run all that I was trying to run on it. As you know, with new laptop comes the migration. I must give myself a big pat on the back to have kept all my files well organised so the copy of the data wasnt too painful. But when it comes to applications, thats another story. I do want to carry my application settings over to my new laptop, so I tried to invest a few minutes into finding out how this could be possible.

This post describes all I did to move the settings from mediamonkey to the new laptop. This meant that I didnt have to recreate the podcast links etc. They were all seamlessly migrated over .. well sorta :).

The steps for the migration are as follows
1. Install MediaMonkey on the new laptop and go through the licensing etc.
2. Start MediaMonkey on the new laptop so that it creates all the folders etc that it needs.
3. Make sure you keep the folder structure same on the new computer to what it was on the old.
4. Copy the folder from C:\Documents and Settings\{username}\Local Settings\Application Data\MediaMonkey to the same location on the new computer (overwriting the folder on the new computer).
5. Start MediaMonkey on the new computer. It will look at the new settings and inherit it.
6. Once it finishes, you will see some tracks that are grayed out or which you know are present but have a wrong path on them. Highlight all such tracks and click on File\Locate Moved/Missing Tracks.

And presto, you are all done.
Now I am off to have a well deserved dinner, if I can figure out what to have that is .

MediaMonkey - one of the best podcast catcher out there

These days almost everyone has got a mp3/mp4 player. From ipods to iphones to a creative zen (which is one of my proud posessions). These devices are really nice music players but they can be used for much much more. I use mine for podcasts especially because it fits into my busy lifestyle. I hardly have time to readup on news stuff but can easily download podcasts that read the latest and greatest news out to me. To make this happen, one needs to get a podcast aggregator. You can easily get free software that does that for you. ITunes is good but not the best. One of the greatest softwares for this, as I found, is MediaMonkey . It allows you to easily create rules to download podcasts, create playlists automatically, delete the listened tracks and synchronise your media player so that you have the latest podcasts on it. It is simply magical and I am so glad I have it. I dont need to worry about anything except fire it up, wait it to finish downloading the podcasts, then connect my Creative Zen, wait for it to synch. And Viola! I am all ready for my journey.

Give it a try and let me know what you think of it.

Monday, August 17, 2009

Remove hidden data from Office documents

Collaboration holds a very important role in todays world. The web allows multiple people contribute to a document with ease. For instance, the author of the document and the proof reader could be continents apart yet they could share documents within minutes.

When such documents are made available to the general public, care should be taken to not disclose information that needs to be kept private. For instance, records of changes done by each collaborater (change tracking and comments) should be removed before the document is made public. There are two ways this can be done. One is to change the document into a PDF. The other is to use the Office 2003/XP Addin: Remove Hidden Data . This tool is built into Office 2007, so you dont need a separate download.

You can find more details about this tool here

Have fun. Hope your monday is going good.

Sunday, August 16, 2009

Windows requires a digitally signed driver!

Microsoft seems to have an age old vendetta against driver manufacturers. With every new version of Microsoft OS, there are always driver woes that come packaged with it.

Windows 7 is no different. If you are installing system drivers, they need to be digitally signed by Microsoft or else you will get the following message.


Vendors need to purchase a certificate from Microsoft to include in their driver to ensure they dont get the above message. This can be an issue when you have software you already own and are moving to Windows 7. This was the issue I was having when installing Vmware Server on Windows 7.

Fortunately there is a way to get around this issue.

Firstly we need to change a group policy so that windows ignores drivers that are not signed instead of blocking them.
1. Press on Start and then type gpedit.msc in the bottom textfield (this has has got a light gray text that says Search programs and files)
2. The Local Group Policy Editor will start up.
3. Browse down to the Local Computer Policy\User Configuration\Administrative Templates\System\Driver Configuration
On the right side window, double click on Code signing for device drivers
Click on Enable and in options choose Ignore for the When Windows detects a driver file without a digital signature:

4. Close the Local Policy Editor and restart your computer.
5. Install your program.
6. Now you have to note down which drivers are being stopped from running by Windows. Check the event logs (Go to Start and then type eventvwr and press enter and look under System logs)

7. Before anything, disable UAC
8. Then download the Driver Signature Enforcement Overrider 1.3b (DSEO).

9. Install DSEO and start it. You will get the following menu.




10. Select Test Mode and click Next
11. After that select Sign a System File and click Next. In the path put in the full path and filename of the drivers that you want to sign (step 6 above)
12. Once you have signed all the drivers, restart your computer and that should now run the drivers that you were having problems with.

Hope that helps you all. Cheers.

How to disable UAC in Windows 7 and Windows Vista

For those of you that have moved on to Windows Vista or are pioneering Windows 7, one of the most annoying feature you will come across is the constant nagging when you try installing something or carrying out some system changes. Windows provides you with screens asking if you would like to carry out the task over and over again. Sorta reminds me of donkey from Shrek (are we there yet .. are we there yet .. are we there yet... oooh what a great movie that was). Well if you want, you can easily disable this feature (but be warned that then you will not be asked for a confirmation, even if the task is carried out by some rogue program).

BTW this feature is called User Access Control (UAC)

1. Click on Start and then click on Run.
2. Type msconfig in the window that comes up press enter
3. The System Configuration screen will come up. Click on the Tools tab.
4. Select Change UAC Settings by highlighting it and click on Launch
5. In Vista, a command prompt window comes up while in Windows 7 the User Access Control Settings window will come up.
6. Vista: close the command prompt when it finishes
Windows 7: Select the setting you want and click OK.
7. Restart your computer to activate the settings.

Tuesday, July 28, 2009

To Twitter or not to Twitter!

Unless you have been lying under a rock for the past few years, you might be well aware of Twitter by now. How could you escape the 'twittering' of people around you? hehe. Well believe it or not, Twitter is one of the recent big booms in the internet community. So for those that are not too familiar with this marvelous technology, I decided to write a few lines to describe it.

Most of you might remember those good old days of mailing lists (if you dont, then just pretend you do hehe). This was quite an interesting technology, piggybacking on simple email. You would have a program (a bot as I would call it) that would receive requests/posts, moderate them or execute them if they were commands, and then send out updates to all the members or to a particular member (if it was a command that was being executed). A simple yet elegant piece of technology. The only thing with this was that once in a while you would get bombarded with emails, especially if the mailing list was a very active one. Then came the age of online forums. These were websites where you could discuss hot topics etc and opt to receive notifications of updates to the threads you were monitoring, via email. This was not as bulky as mailing lists and provided a better solution for those that didnt have enough bandwith. And it allowed you to sieve though the posts at your own leasure. After this came the age of blogging. This was a marvellous idea. It allowed users to collaborate on a website almost instantly. Wikipedia, for instance is a collaboration of many people. The only thing is that, as with forums, you have to go to the website to interact. I think before I continue, I should also mention RSS feeds. How many of you frequent some websites daily. For instance news websites etc. And how much time do you spend trying to find what you want to read on it or rather what is new on it? Wouldnt you want a system whereby you were notified of the changes that were made to the website instead of you going and finding it for yourself? Well that is basically what RSS feeds are. You download a RSS reader and configure it to check for updates off a RSS server. This in laymans terms, turns that website into a mailing list, where you get updates of what all has changed. This technology puts the control back into the hands of the user, who gets news delivered to him/her and can choose what he/she wants to read.

Now RSS feeds are great. Just that if you want to put in your thoughts about a certain topic, you have to go back to the website, and if they allow, you can upload your feedback. But wont it be easier to receive updates and be able to also update them all from the comfort of your laptop/desktop, without having to go to any websites? Presto! Thats what Twitter is. You subscribe to feeds (these can be people, organisations etc) by following them. And then any updates done by them are delivered to you. And if you want to add your thoughts to that article or retweet it, you can do so and all your followers will receive this. Since the size of your tweet is restricted to 140 char (as are text messages or sms as some might know it as), this means that the contents are summarised and most probably have a link that you can follow should you want to read more. So all in all, it is a brilliant technology that puts you in the drivers seat. Now thats what I call innovation, as do the millions out there. If you would like to turn your RSS feeds into a twitter feed, there are numerous free tools that will do that for you as well.

So take a break, spread your wings and twitter a little :)

You can follow me on twitter at http://twitter.com/nivleshc

Saturday, July 25, 2009

Too many chat clients? Maybe its time you started Pidgin'in

How many of you have got more than one chat client installed on your computer? Well as for me, I have got yahoo,gtalk,windows live installed on mine. The reason for this is because I have friends that are not all on one network. And I guess I cant blame them because there is no ONE network that everyone likes. Windows Live is good but then so is Yahoo Messanger. Google Talk is the new kid on the block but then it is not to be taken lightly. Keeping track of multiple chat clients can be a task, and one needs to free as much time administering stuff, and should instead use that time surfing the web or doing other productive tasks :)

Also, I am all about trying to lower my RAM and CPU usage, and having 3 clients, each adding about 50M of RAM footprint doesnt quite seem right to me. So I started looking around for chat clients that would handle multiple networks. There are quite a few out there but I settled on Pidgin. Its quite a nifty software and it supports all the three networks that I currently have single clients to (I also checked out trillian, but that doesnt support Google Talk :( ). Now, all I have is one client that doesnt use more than 40MB of RAM.

There is one gripe with this client (actually it is with all the other single chat clients as well). I still havent been able to bind a timezone to my chat buddies. This will be handy since then you would know what their local time is instead of having to ask them.. dont you think that would be a cool addition?

Anyways, you can try pidigin out for yourself. Click here to download yourself a copy.

Sunday, July 19, 2009

K-Meleon The best lighweight web browser by far

After switching to a laptop, one of my goals has been to find alternates to my everyday desktop software so that I could run them with the slightest expense to the cpu and memory. Laptops have gained far more popularity in the last few days than desktops, more because they provide a way for people to be mobile yet be connected. But as you all know, to get a comparable power in a laptop, you have to fork out more dollars. These go towards paying for the price of being mobile. Also, upgrading a laptop is not as easy as a desktop. So the more juice you can squeeze out of your current laptop specs, the better mileage you will get.

I find that 85% of my time spent on my laptop is spent using a web browser. Be this Internet Explorer, Opera, Safari or Firefox. Now you might ask, why have so many browsers when they all do the same thing. In reply, I would ask you a question, why do we have so many models/brands of cars when they all do the same thing? It all boils down to the mileage you get out of something. Each browser is good in its own realm. But one thing I have found similar with all the modern browsers is that they grab a lot of system memory and cpu speed. This makes the overal performance of my laptop slower. The latest version of Firefox (3.5) is even more demanding than its predecessors. It takes a while to start and this it seems is because it is loading up a lot of things into memory. And given time, Firefox, Opera, Safari and Internet Explorer all cross the 200MB RAM limit.

I finally found a light weight browser that appealed to me and I found it by sheer chance. Its name is K-Meleon. It is built on the Gecko engine. This is the same engine that Firefox uses. It has tab browsing, macro and mouse gestures. It allows you to customize your search engine. But the biggest difference compared to the other browsers is that it doesnt take as much memory. I have been running it continuous for 3 days now and it hasnt gone beyond 80MB of RAM. And thats with 5 tabs open. I am truely impressed.

Give this browser a try. I am sure you will like it from the first time you start using it. You can download it from http://kmeleon.sourceforge.net/

Wednesday, July 15, 2009

TrendMicro 2009 Annual Threat Roundup Report

TrendMicro has also posted an annual thread roundup report for the year 2008. This is similar to the report posted by Symantec (Check my blog posting) .

This report in a nutshell gives a summary of the major threats that were noticed worldwide during the year 2008. These mostly comprised of the following:

Viruses
Worms
Adaware/Spyware
Botnets

It is interesting to note that some of the old virus infection tricks have been redeployed by writers with a taste for the newer technology. How many of you remember those days when you could infect a pc with a floppy disk? Well believe it or not, that same infection vector was used last year to release one of the many viruses, but instead of floppies, removable drivers (usb flash disks, SD cards etc) were used. Windows had a major vulnerability where it automatically launched the autorun file whenever a removable device was connected. This feature was used by virus writers to spread their creation. Also, another Trojan that caught my attention was Sinowal. This Trojan would rewrite the MBR (master boot record) of a disk and restart your PC. On doing this, it would load even before the operating system was loaded. Amazing isn't it?

The number one on the charts was spybots/botnets. These are basically a chain of zombie PCs that have been taken over using spyware/adaware programs. These "call home" every so often to download commands. The place where they call back is called a Command & Conquer Center (C&C). The threats from these can range from showing ads to running DDOS.

Forecasts for 2009 seem be similar to what we had in 2008. Though the infections are to grow more complex and would definitely target other operating systems as well. Also mobile technologies such as iPhone and the like might get more infections.

If you would like to read the detailed report, you can access it at http://us.trendmicro.com/imperia/md/content/us/pdf/threats/securitylibrary/trend_micro_2009_annual_threat_roundup.pdf

Monday, July 13, 2009

Multiple homepages in Internet Explorer

Gone are the days when Internet was a simple tool meant for the rich and popular. Nowadays, it has become as important a utility as anything. If you don't believe me, just skip using anything to do with internet for a day (and yes that means emails, twitter, webpages and anything of the like). We are expecting a lot from internet nowadays, from news to bank access.

I cant speak for others but I want multiple homepages open when I start up my browser. And yes I do use Internet Explorer hehe. Well I still cant make up my mind as to which browser to use. I like Firefox but it is too memory intensive and Internet Explorer is not too bad, except for the security issues, so am running it in a sandbox. Safari is good but not as elegant as Firefox and Opera is too bloated for simple things.

Anyways, if you would like to open multiple homepages in Internet Explorer 7+, do the following

1. Click the Tools Menu
2. Click Internet Options
3. Click the General Tab
4. Type in or paste an URL that you want to use as your home page in the Home Page section.
5. Hit ENTER and type in another URL
6. Repeat until you have all the ones you want
7. Click OK
8. Close and Restart your browser to see them all open.

For a full discussion on this go to http://www.tech-recipes.com/rx/1171/ie7-start-up-with-multiple-home-page-tabs-open-in-internet-explorer-7/

Sunday, July 12, 2009

A new monopoly in the making?

Microsoft has been in the OS industry for ages. Their debut came in 1981 with the release of MSDOS 1.0. And years later, here we are, with Microsoft dominating the desktops and servers of this world.

Google was started as a search engine in 1996. It was to rival the likes of Yahoo and Altavista. And this it did with such grace and perfection that now it is the search giant of the web industry. Google has become a verb that is known to pretty much everyone.

One of the things that Google is really good at is trying out new things. They dabbled their toes in emails with gmail, with cloud computing by offering GoogleApps. Then they wanted to try out the mobile market by releasing their open source mobile OS, Android. After that it was the release of Chrome, their flagship web browser, which gave Internet Explorer a run for its money.

And now Google has announced that they would like to scratch a mark of their own in the OS industry. They are looking at releasing Google Chrome OS, which will be in direct competition with Microsoft Windows. If Google gets as much fame and popularity in the OS market as it did in the search market, Microsoft will surely have a lot to worry about. Finally there will be a competitor that Microsoft will have to look out for. But then with pretty much taking over every part of the technological market under its wings, are we looking at a world domination from Google? Just imagine what this means? Already we have a Google satellite looking down at us, and then to have Google on our phones and not too far away, on our desktops and laptops?

Saturday, July 4, 2009

Seattle fire knocks out Bing/Travel .. what a crackup!

Did you all hear what happened to www.bing.com/travel? Apparently all of microsoft's servers that host their travel section of bing.com were housed at Fisher Plaza. This "Class A, 21st century datacenter" experienced a fire, which knocked out all the websites it hosted, among which was www.bing.com/travel. So much for DRP!! Seriously, if Microsoft is to challenge Google at its game, then they should get their act right. Had Google experienced the same situation, I bet traffic would have been automatically routed to another datacenter that would have kept the website alive while work one done to restore the damages. Talk about Microsoft storing all their eggs in one basket lol!

You can read more at http://news.cnet.com/8301-1023_3-10279084-93.html

Transformers: Revenge of the Fallen

I absolutely loved this movie. Some of my friends were disappointed, complaining that although the special effects lived up to the "Transformers Charisma", the storyline was a bit hollow. But as for myself, just seeing those machines breathing life, morphing from those awesome road huggers to tall skyscraper height robots just took my breath away. And not to forget those awesome fighting scenes. I was glued to the edge of my seat from start to finish.

I will not post any spoilers for the sake of those that still have t see this awesome movie. If you are one of these then you better hurry up to the cinemas since you wont know what you are missing till you see it.

You can catchup on a review at imdb

Monday, June 29, 2009

Symantec Internet Security Threat Report available for download

Symantec has released its Internet Security Threat Report Volume XIV: April, 2009. This report details some trends that have been noticed ,by this security giant, that are used by hackers to compromise computers. Also, it details some of the incentives that are driving such attacks, for instance credit card numbers that are harvested are sold in the underground community, open email relays are used for spamming, botnets can be used to carry out distributed denial of service (dDOS) attacks.

You can download this document for free at http://www4.symantec.com/Vrt/wl?tu_id=gCGG123913789453640802

To visit the Symantec Threat Report webpage follow this link http://www.symantec.com/business/theme.jsp?themeid=threatreport

Sunday, June 28, 2009

New trends in computer usage means new methods for computer security

As you all are aware, computers nowadays don't serve the same functionalities they did 10 years back. If you were to go down memory lane, a decade ago, internet was still in its infancy and pretty much everything you used on the computer was installed on it.

Nowadays, with the big push towards Software-As-A-Service (SaaS) or Cloud Computing (as most of you might know it), pretty much everything that you use now (or will use in the next decade) is run inside a browser. Some predict that this is the stepping stone towards WebOs (as google has envisioned it some years back). This method has got some great benefits yet some fallacies as well.

The benefits are that all you need to run your applications now is a browser (provided you have got a vendor that is giving you the application over the cloud). You do not have to worry about backups etc since these will all be taken care of by the vendor. You do not even need a powerful computer. Trends show that people nowadays use their computer mostly to browse the internet and to check their email. The hard core users use theirs for playing games etc but the general population can be satisfied with a low end computer. This is the basis of the netbook era, where these machines are less powerful than a laptop that is 5 years old, but is portable and most of them have great battery life. They are not powerful enough to run cpu intensive applications but provide a good means of surfing the web and checking emails.

The disadvantage is that your browser has become the most important application on your computer. With the vulnerabilities that are discovered everyday, it is important to keep your browser secure. I recommend the following referenced whitepaper as a light read to securing your browser. There are two methods descrived in it. The first is that of using sandboxing (refer to my post about sandboxie). The second is virtualising the browser using utilities like ThinApp from Vmware.

The whitepaper can be accessed at http://www.sans.org/reading_room/whitepapers/hsoffice/rss/a_virtually_secure_browser_33124

Wednesday, March 11, 2009

http:// www.sysinternals.com - Your first stop for windows tools

Most of you may be aware of this website but for those that are still in the shadows, be it that you are budding newbies to the wonderful world of computer administration (run while you can .. while there still is a chance.. being a network/system administrator slowly takes over your whole life .. you will not have time to spend with your family/friends :( ) or that you have been lying under a huge rock, http://www.sysinternals.com is a treasure chest of amazing tools.

The Sysinternals web site was created in 1996 by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information. Microsoft acquired Sysinternals in July, 2006. It contains tools, webcasts, forums etc, all of which are quite handy for any administrator.

Just seen that now you dont even need to download the tools. You can run them live from the website itself. I still have to try it for myself, but hey go ahead and try them out for yourself and let me know how it goes.

Hope you having a great day. Email me about any thing that you would like to know more about and I will try to answer it to the best of my abilities.

Ciao

Monday, February 2, 2009

Offline Address Book - OALGen Error

I take my hat off to Microsoft for making life so easy. I mean compare the number of commands you have to type on those command line *ix machines (before you start replying saying that *ix is no longer command line but GUI, I should make my statement more coherent by saying that I am referring to those distros about 10 years back) to get a task done with the number of clicks you would do for the same on a Windows box.

But at times Microsoft can be quite dumb as well, especially when it comes to support. The error codes generated can be so misleading that even the best techie can on the first try be taken on a path miles away from the solution. But then again I should not complain because the more time I spend finding the solution, the more money I make :)

I recently was faced with an issue with Offline Address Book generation. I kept getting the following error

OALGen will skip user entry 'user name' in address list '\Global Address List' because the SMTP address '' is invalid


I did some searching on google and found the following article on support.microsoft http://support.microsoft.com/kb/926206 but the solution outlined there didnt help much.

I finally found another article that explained what the problem was. The user that was causing OALGen to spit the errors had about 5 email addresses attached to his account. Now if you look under the General tab of the user account in Active Directory, you will see that there is an email address listed there. Now what had happened is that that email address was not the same as the primary email address, and because of that OALGen kept on bombing out. I changed the address in the General tab, ran an update on OAL and presto, all was good.

For those of you interested in the article that came to my rescue, here is the link http://exchangepedia.com/blog/2007/02/offline-address-book-mystery-of-missing.html

Have a lovely week.