Tuesday, August 21, 2007

Rootkits

Rootkits were first developed for Unix-like systems (Solaris, Linux) but later the threat encompassed windows systems as well. The first public rootkit developed for the Windows NT platforms was introduced by Greg Hoglund, a wellknown security researcher and owner of www.rootkit.com, in 1999. The term rootkit is actually derived from root — a Unix reference to administrator or the root user priviledges. On October 31st 2005, Mark Russinovich, of Sysinternals and Microsoft TechNet fame, discovered the Sony Digital Rights Management (DRM) Rootkit.

Rootkits are used to hide other malware. They do so by gaining administrator priviledges and using them to make the operating system hide the malware from users as well as anti-malware programs. Experts may say there are techniques for combatting rootkits; but for the end-user it is not so. There are ways of removing viruses and spyware but mostly if you have a rootkit, you will need to wipe the hard disk. Moreover, anti-rootkit tools are not provided by major anti-virus and anti-spyware vendors like Norton and McAfee. Avg however provides a free anti-rootkit tool.

Sophos also provides an anti-rootkit tool.


Panda Labs provide a nice anti-rootkit tool.
Mark Russinovich's Rootkit revealer is also a nice tool, but you have to interpret the data yourself. It is very good for experts in the field.

Sunday, June 24, 2007

Adobe Reader 8.1

Most of you must be familiar with the term e-book by now. The most important and popular e-book format is pdf. Well pdf stands for portable document file. Adobe Reader is most commonly used for pdf viewing, though professional adobe acrobat as it allows them capability to edit pdf documents. Recently Adobe launched Adobe Reader 8.1. It has got a new user interface, and many more memory improvements. Previous versions of Adobe Reader gave a reading of a minimum of 25 to 35 MB in Task Manager, but the current version gives a reading of 5 to 10 MB.

Thursday, June 14, 2007

Limewire, torrents and Bearshare

Limewire is a peer-to-peer file sharing software that needs java runtime to operate. limewire is a great software because unlike torrent downloading softwares like Bit-torrent, Bit-comet etc, Limewire allows viewing of half-downloaded files. You have to locate the incomplete directory and copy the incomplete file to a separate directory and u can view it. The partial view can give you the idea whether the file is what u expected or something else. that way you wont be easily tricked. On the other hand, if u use reliable torrents, they provide u higher speeds and if u are an experienced user u will know things not available through limewire are available through torrents. a better option is using bearshare as it can connect to torrents as well as limewire users. If u are using torrents, switch to utorrent as it is the most compact and fastest torrent client today. Limewire has an integrated search and search is dependent on the current users while torrents are available on the internet to be downloaded. So while speed of downloading depends on available seeders i both cases, search in case of torrents is not affected available users.

Tuesday, June 12, 2007

Vista vs XP

I shall compare them at two levels:

1. The core level (the developer level)

2. The end-user level (or simply the superficial or outward level).

At the core level, Windows XP is first of all very stable, actually the maximum stable till date of Microsoft’s operating systems. It is C/C++ - based and that’s why windows programmers can use VB or VC++ for windows XP coding. On the other hand, Windows Vista uses .NET technology. Now .NET is a kind of platform - dependent cousin of JAVA and all programmers are well aware of, JAVA takes more time than C++. The speed based optimisations in java are rather recent. Vista uses much more resources compared to XP basically because of this not because of graphics as is popularly thought. Glassy graphics and 3d desktop come in openSUSE but unlike a minimum of 1gb ram of vista openSUSE uses 256 mb ram. and this is because SuSE uses C++ for creating such graphics.

At the end-user level, vista copies a lot from Mac OS X. You may but still original rules. Apple's friendliness is always more than its competitors. The sidebar, widgets, etc. that come from mac into vista can be brought into XP too using a vista transformation pack. Moreover, for the end-users vista is a real trouble installing.

Many have bought original DVDs of vista but failed in installing it on their systems.

Sunday, June 10, 2007

Antispyware – 5 (AVG)

Recently, AVG products have been gaining good market. The AVG antispyware comes in 2 versions, the free one and the commercial one. Looking into its performance, we find that it takes long to complete. It scans as if it were some antivirus tool rather than an antispyware, though there are no criteria to decide this. Nonetheless, it is an effective scanner. Much like Spyware Terminator, it integrates with the right click menu for files and folders.

Antispyware – 4 (Spyware Terminator)

Spyware Terminator is another free antispyware tool. It has got real-time protection including system guard, application guard, and internet guard. It has got impressively low CPU usage, Ad-Aware like interface, which loads fast, is good to look at, and is also quite intuitive and thus easy to use. It scans quite fast much like AdAware. The most interesting part of the results is that they provide details about processes on your system. They recognise a good number of processes and provide you information about them in situ, i.e. you don’t have to look up the net again. It integrates well with the right click menu for files and folders.

Antispyware – 3 (Spyware Doctor)

Spyware Doctor is a good proprietary antispyware. It has got real-time protection, registry clean-up and all. Its spyware definition updates are usually around 4.5 MB and most updates also accompany an update of the scan engine. Its problem is speed and CPU usage. The usual memory usage recorded in task manager for its process is about 80 MB. It slows down the pc to a great extent and if allowed to run at start-up, it lengthens the start-up time too much. On a typical 3 GHz system, it slowed down the start-up time by about 2 minutes. I would not recommend it especially when same performance can be obtained using free tools using much low memory and CPU.

Antispyware – 2 (Registry scans)

Almost all antispyware products scan for registry values as traces of spyware activity. NoAdware is especially good at registry clean-up. However, its free version only scans but doesn’t clean. If you are acquainted with registry clean-up using regedit, you may do the clean-up part yourself which of course shall take more time than if the software did it for you. And these registry values are not cleaned by the typical registry clean-up softwares available because they clean obsolete registry values.

Sunday, May 20, 2007

Antispyware – 1 (Adware.LinkMaker)

I have been experimenting with various antispyware products for some time now. I had Spybot-Search and Destroy and Ad-Aware installed. Besides those, there was the antispyware that comes along with ZoneAlarm. Then I tried SpyDefense beta. It showed a spyware called Adware.LinkMaker to be present on my system. After the scan, without removing the spyware I scanned using Ad-Aware, strangely it didn't show this spyware.

Saturday, May 12, 2007

system performance, disk I/O, file handles

Which process maintains the maximum file handles?

It is reasonable to go for explorer.exe but the correct answer is svchost.exe. It is the service host process.

For those of you who do not know about file handles and their importance, I would like to clarify a bit. First of all let me tell u this about computer performance. The performance of a computer is majorly dependent upon processor speed, available primary memory or RAM and disk access speed. Disk input/output (I/O in short) is the slowest of the three and information on disk is stored as files. Files are accessed using streams. Imagine pipes with streams of water, which here becomes data. So file handles can be considered as the taps at the ends of those pipes. Most of the programs running on your computer needs disk I/O. For that the underlying operating systems provides them file handles to operate on the files required by them.

It is obvious that the process that maintains the maximum number of file handles is responsible for a fairly good amount of disk I/O. We cannot say that that process contributes to maximum disk I/O because it also depends on the amount of data. Thus in assessment of performance of your system the processes that maintain the maximum number of file handles and those that handle maximum amount of data are noteworthy. The amount of data handled by various processes varies a lot to predict. However, the number of file handles maintained by some processes remains high. These include native or system processes like explorer.exe.

How to check the number of file handles maintained by a process?

The procedure is simple. Right click on task bar > click on Task Manager > Go to View menu > Click on select columns > Check on Handle Count.

The Task Manager then shows the number of file handles maintained by each process in the Processes tab.

Similarly, if we check the I/O writes option in the Select Columns menu, we can see that lsass.exe has exceptionally high number of I/O writes.

To determine, which program has a particular file or directory open you can use the tool ProcessExplorer. It is a GUI/device driver combination that shows you information about which handles and DLLs processes have opened or loaded.


Friday, April 27, 2007

recent documents

if i open an ebook by first navigating to it and then double clicking on it, it shows up in recent documents; but if i open adobe reader then using open file option i open the ebook, it doesn't show up in recent documents. same happened in case of winrar but not in case of notepad.