Comments Off

By admin, November 27, 2009 18:14

Hot:

I wasn’t going to get into this too much since the download is one you’ll have to build and I didn’t want to go through all the motions to make this happen.  But it appears someone has created a Virtual Machine (VM) you can use to try it out.

http://gdgt.com/google/chrome-os/download/ is the place to get it at.  You will need to create an account on the site (free), download a copy of Chrome OS which they offer a link to do that and you’ll need a VM platform to get it working.  VMWare is what it’s designed for, but VirtualBox can also use vmware images but there could be issues (not all work perfectly) as you’ll see from the site.

http://www.vmware.com/products/player — To Get Vmware Player.  If you have a Mac you can use Fusion, and it should work find on other VMWare products.

http://www.virtualbox.org — To get VirtualBox, but I’d recommend installing it from your distributions repository for full support, other wise you’re on your own updating it and all that fun stuff.

http://www.google.com/chrome/intl/en/eula_dev.html — Source from Google, may have to jump through some hoops to download it

http://gdgt.com/google/chrome-os — To Get Chrome OS ready to go.

Note: all these links can be found on gdgt.com directly from the first link in this article.  I include them for convenience.

Also you can review TechCrunch’s web site that will give you some step-by-step instructions along with a torrent link to download it from also

http://www.techcrunch.com/2009/11/19/guide-install-google-chrome-os/

Have fun!

Comments Off

By Admin, May 21, 2007 17:09

Hot:

I recently took the challenge to try out the new Snort 3.0 alpha that Marty Roesch released upon the world. I was glad to see a new version of this tool available and was eager to see it work. I have had extensive use of snort over the years and can say I’m quite happy with the current 2.6.x.x builds. They are however very good working builds and are capable of doing what they’re configured for but they seem overly complex for the job at hand.

Honestly I can say that the instructions are very good at installing but like most people…who follows instructions? Don’t we all want to trailblaze?

I was at the time running Ubuntu 6.06 and getting ready to upgrade to 7.04 and decided to do the upgrade before I tried to build snort. I had a current 2.6.x build installed and also a 2.7.0.1 beta that were working. I removed the 2.6 build and left the 2.7 beta1 which managed to work with a bit of fixing.

After confirming this was fine and did a complete image backup of the computer. This ensures I can reload this image to disk and reboot the computer immediately. In fact I use disk partitions but I think you get the idea. This is my saving and backup method of choice. I use Restorer 2000 Pro Net to perform these tasks to a networked storage box. Restorer allows you to mount images also to partially restore or to test backups. Image backups can be quite handy let alone time saving.

Well I decide to pop in the 7.04 cd and start the upgrade process. What? No upgrade process? Cheap buggers, well I’ll just have to make my own. Using the Synaptic Package Manager, I run a full upgrade check and compare against the latestest versions on the CDROM. Then I force it to apply all upgrades.

This gets to about 25% of the way and then fatally errors with something I don’t recall. The system now boots but not completely and even though to some degree I can use it, really it’s not.

So, back to the drawing board I restore the original partition and decide to do the proper upgrade to 6.10. Well this worked very well. I was quite happy with myself so much I made another backup after successfully using my 6.10 installation. Then I went ahead and did the 7.04 upgrade. This worked also very well. Afterwards I found myself enjoying my new Ubuntu package I recalled that I was doing this for my snort alpha testing!

Back to work I get the snort alpha copied over to this box using wget, awesome. Unpacking the tar.gz I review the README to discover I need LUA and LIBDNET and UUID in addition to LIBPCAP. Well I have libpcap working fine as I have snort 2.7 working fine. Ok, so I need to get lua and libdnet (at this point) for sure since I’m pretty confident I have e2fsprogs installed fine (which was the recommended means to get the UUID stuff). I attempt to get the source for lua and compile it, but I get stupid errors with readline. I realize the *dev package doesn’t version match the readline package and as a consequence doesn’t want to compile nice and easy.

Cursing, I decide either I figure out how to get readline to compile or I find out how I revert back to an older libdnet/lua. Then I remembered that Marty mentioned that it worked with 6.10 so I figured this must have had a matching revision for these packages to their devel counterparts! So I went back to the 6.10 install and then tried the same thing. This was a better success, but still ended up encountering errors with libdnet. This was befuddling but this time the errors were specific to finding the files that ‘should’ be there. Guess what? They weren’t. I hadn’t installed the devel packages so I realized that I needed to actually ‘make’ these installs instead of using synaptic. While I was running around looking for the actual downloads, I realized the ’3rdparty’ directory that actually included both these tar files. Sure lets use these. First I did libdnet and it worked fine. Attempted to make snort again, and it still didn’t work, but this time I had no errors on libdnet. So I decided to go ahead and make lua from the snort package and then attempted to make snort. It got past lua and then found a new complaint.

This time it complained about UUID. In fact I did not have the UUID headers and again was dumbfounded over the missing headers. I did a quick google however and came up with a forum for some other product with a similar problem, and everyone complaining about having to download the entire e2fsprogs-devel package to get them. Someone then stated that the uuid-dev package would have them (for debian) and have been recently added to the 3rd party repo’s for this very reason. A quick ‘sudo apt-get install uuid-dev’ did the trick for me I’m quite happy to say.

After this I completed the make of snort and was able to quickly start testing it out.

It looks to have some very effective ways to process traffic, but have only finished the suggestions of the README. I’m curious to see how well it develops into a future version. Using LUA was a big concern for me, but really doesn’t seem to be causing any resounding concerns. I’ve become accustomed to it for now, but I’m not actually using it for development either. Hopefully I’ll update my experiments with it in short time.

For now Snort 3.0.0.a1.4 gets a thumbs up as a usable alpha program, now back to testing!

Comments Off

By Admin, January 1, 2007 21:01

Hot:

Well continuing my review of ‘integrated security solutions’ I have once again become dismayed by the terrible offerings by the various security vendors out there.

Today we don’t have massive virus outbreaks, nor do we even have a big problem with Trojans (except when it comes to malware) and worms are even starting to slow down. We can thank enterprise scale solutions and active monitoring of networks for this. Yes, even email/spam solutions are stopping many of these things right at the server at our ISP, so very little should be getting into our machines today, unlike just a couple years ago when ISP’s were leaving each of us to our own solutions.

Today, malware in the form of ADWARE and SPYWARE, as well as BOTNETS and ROOTKITS are our big challenge, and in many of these that we encounter tend to not be detected in many products until they are discovered. In my mind this does not provide a solution but a clean up.

So I don’t recommend people who are pro-active to buy these ‘Internet Security’ solutions that the vendors are pumping. They are just no good and a waste of CPU time.

F-Secure’s offering is probably the worst I’ve encountered to date. But like many of these packages, they taunt you with a free trial offering, which seems to work pretty good.

F-Secure offers the same as every other package, Anti-Virus, Anti-Spam, Firewall, as well as malware detection and a rudimentary rootkit check tool. Let’s start at the top.

The anti-virus solution is definitely the best of the inclusions with this product. When it updated that is. Our biggest challenge was getting this product to work through a proxy. Seems the F-Secure developers don’t comprehend proxies and the awesome solutions they provide, and many times our updates would never get downloaded. An Anti-Virus product is only as good as it’s updates, and we constantly had to fiddle with the settings to do a simple update. Pathetic. So we would just as soon use Avast for FREE which does not seem to have a problem with proxies.

The anti-spam solution was incredibly poor however causing several minutes of delays in processing email from nearly every ISP I tested this with. A normal POP session usually takes about 1 minute and about 10 seconds per email on the slow side. With F-Secure Anti-spam this increased ten fold. We were easily waiting about a minute per email, causing us to go for coffee every time we checked email. Since we use spam-assassin on our free servers and a very pricey solution for our Microsoft exchange server, we really don’t need anti-spam. It was no better at detecting the stuff that made it through these tools so it was simply wasting time.

The firewall was the worst of the bunch. First problem we encountered was one of our test boxes had NVideo Forceware Network Access Manager already installed. This is a firmware based firewall, and it works very well. The downside was that F-Secure Internet Security refused to install “anything” with this product installed. In this box we simply wanted to test the anti-virus and anti-spam solutions but we were forced to install the firewall product also. Trying to disable the firewall and reinstall NAM was ok, and thankfully NAM remembered are old settings saving us more time. Not F-Secure!

Once everyhting was installed in this box, we found out we could no longer access our network shares. Yes F-Secure firewall was blocking these accesses. Adding rules to allow this traffic made no difference. Isn’t a firewall made to configure what “I” want, not what some dork developer wants? I guess not. Nothing we could do (short of disabling the firewall) would allow us access to our network shares again.

The rootkit checker was bland. Featureless, did not detect 22 of our suspicious ADS streams and did not provide any output that could be used to track and discover where potential problems could be. The average person does not understand rootkits enough to be able to troubleshoot this without a lot of hand holding, and this tool has none of that available. Eeye’s BLINK was better for this yet even it was an ineffective tool at current rootkits. Old and very public rootkit technology was noted effectively, but most of the problems these days are botnet driven and none of these were detectable until infection occured and the OS was exploited. Then the anti-virus solution did it’s job.

The anti-malware portion of this software was very paranoid and kept advising us of tools that it didn’t think the average PC should have, like netcat or nmap, even PE builder tools were quarantined by F-Secure which annoyed me to no end. Sure one could build exceptions but shouldn’t the tool ask this during detection, not AFTERWARDS? Barts PE builder broke thanks to F-Secure’s gross paranoia. Perhaps they should devise a color coding like DHS has for terrorist alerts, ah never mind, they’d all be red…

The kicker was purchasing a license and getting technical support. I had to send two emails to get my license since they didn’t bother sending it automatically as part of the order. Very irritating to have to ask after a week of buying a license where it is.

The next kicker was contacting support about our two major issues. Updates and our firewall problems. Neither were addressed in a satisfactory manner. We were advised to disable proxies for updates. Ok, not a big deal but every week this needed to be changed since it seemed to forget the settings. As a consequence we were hardly up to date. This should be automatic and not require tweaking internet settings just to update so we fail this product on this point alone. The other components had very few updates (some never updated in the two months we used this product) so we wonder how effective a solution is if it is never updated. Snort rules for instance are updated almost every day, and they haven’t come close to detecting everything yet, so if I have a choice I’ll stick to a real IDS solution and not the ‘cleanup’ proposed by F-Secure.

Technical support was terrible also. Three phone calls to them and after explaining my problem to some fellow who speaks very poor English, he would offer to ‘email’ me a solution. I think he simply could not grasp the English alphabet over the phone when I tried to spell my email address since on all three occasions I never received an email from him. By phone call#4 I asked if he could simply walk me through this on the phone. He refused and insisted to email it. I then asked if he really was a technical support person? He said yes. I asked if he could REALLY help with my problem or if he didn’t have a clue how to fix my firewall/proxy solutions? He said he could. So I told him that I want him to help me now on the phone. He hesitates, but otherwise agreed..

F-Secure — you call that support? I call that very disappointing and disrespectful of your clients when you continually waste there time. Secondly, get people who can speak English. Make it a requirement of the job for those who prefer to get support in english.

After talking to this guy for about 20 minutes and following his instructions I was able to ‘one time’ update the package (I had to repeat his instructions every time I needed an update), but my firewall issue was not finding a solution. Even with rules in place (confirming I had indeed set them up correctly, but it still didn’t work) with the fellow from technical support still did not lead me to a working solution. I asked if there was a way to remove the firewall component completely. The tech stated I would have to download the Anti-virus program alone to accomplish this. I did not have a license for that product so I would have to buy another product to do this.

At this point I simply stated this product was ineffective and I requested a refund. This the tech support fellow was able to do very quickly, and in minutes I had a email in my inbox to confirm this.

This was the best performance I received from F-Secure.

My suggestion for you considering this ‘integrated solution’ Save your money and just buy the Anti-Virus product alone. IT’s the only thing worth any money, provided you don’t have any proxies to affect your updates.My suggestion was to stick with Avast anti-virus, which does most of this stuff for free and much more effectively.

My rating of this product is 1 out of 10. This should not even be out of beta, but getting a refund was no trouble.