Comments Off

By admin, October 30, 2009 15:24

Hot:

If you’ve attempted to upgrade your Java from Sun and encountered this error, you probably were left scratching your head,  The link to Sun’s Help Resources have no effective solution at the time or writing this, it simply states:

The actual root cause of this issue is still under investigation…

Isn’t that helpful…I have discovered a solution hopefully it will work for you.

Continue reading 'Sun Java Error: 25099 Unzipping Core Files Failed – Fix discovered'»

Comments Off

By Admin, December 12, 2007 08:51

Hot:

I recently came across an article from ‘Information Security’ that reviewed several “Enterprise” class security suites. I have reviewed several here on this blog in the past year and have found very disappointing results. There have been a couple of new comer’s to the land of the personal desktop namely ‘Blink’ by eEye that I have been testing for several months. The tool isn’t ready for personal use, but it’s professional version has been commended for a while. This article compared Blink’s Enterprise tool (at time of writing I haven’t been able to confirm the differences between Pro and Enterprise).

For most readers of this blog, they may dismiss reviews of enterprise class applications but I decided to include it since for most of these vendors the Enterprise version represents the ‘best of the best’ of their offerings. As this review compares all the top providers including Symantec, CA, Trend Micro, ISS, eEye and a few others I decided it was worth while comparing them.

The article can be found here:

(I included the print-friendly version of the article as it is a 15 page review, and 15 pages is ridiculous since every page is barely a screenful on my PC, I prefer reading to clicking links and waiting for advertising to load so…)

A lot of these offerings are strictly for Windows machines, very few have linux offerings or Mac. Something to keep in mind if your network has blended OS’s you will have to seek other options for a network wide protection. However if your network is mostly Windows bases these products will meet your needs.

The offerings were presented and reviewed by many criteria, such as ‘ease of information gathering’ to usage, to malware detection capability.

The most interesting note to this is that NONE of the products had 100% detection. NONE! The best came in around 92% detection.

It’s also important to note that some were plainly incompetent at detecting malware that was present and moving around a machine. This too was a interesting consequence of the article.

Here is the features offered in the product.

The real nice extra feature that only two of the above offer is vulnerability scanning. This is a must to ensure your machines are patched and up to date. However the features can be very valuable in a work environment that can have strict policies, in a home environment its benefits will be less. My experience shows that they typically have inaccurate results so being able to use this as a guideline rather than a definitive state is important. Its still very valuable.

Since we like Blink, it’s also important to note that even the Personal version of their product offers all these features, most of the other vendors are not so accommodating for their lower end versions of the product.

So this review does in fact support our arguments regarding malware. There is NO 100% effective solution, so a multi-tiered approach to malware is wise.

It also proves our case about not relying on a traditional antivirus product alone. This type of product has pretty much no life in todays market. A blended product is what is required which most of these provide. It’s unfortunate that most of these companies cannot improve their offering to be more effective.

Additionally it’s important to note that ‘false positives’ are the #1 problem with most of these packages so it’s critical to compare ‘detection results’ with other products before making a decision to buy. As a lot of spyware vendors like to do with their product offerings is to have LARGE numbers of detection, regardless of it’s importance or even accuracy.

Comments Off

By Admin, October 17, 2007 13:40

Hot:

If you have a web site, chances are you deal with spam in some way. It’s become reality in the last couple years and dealing with it can be either finicky and time consuming or you spend very little time with it, thanks to effective solutions.

Here we get lots of spam even though the traffic here doesn’t warrant it. 90% of the visitors here are bots and only about 2% of those are spammers.

We have a great system for dealing with spam and so far we’ve had great success with it. No spam has been posted on this site that had to be manually removed. However we get an endless number of attempts.

One IP 195.225.177.190 has been particularly mindless in their attempt to spam our site got up to 10 to 15 attempts per day. During the latter part of September 2007, this ONE BOT generated over 100 attempts.

This is the detail of the identified spammer.

10/17/07 11:25:56 whois 195.225.177.190@whois.geektools.com

whois -h whois.geektools.com 195.225.177.190 …

GeekTools Whois Proxy v5.0.4 Ready.

Final results obtained from whois.ripe.net.

Results:

% This is the RIPE Whois query server #1.

% The objects are in RPSL format.

%

% Rights restricted by copyright.

%
See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.

% To receive output for a database update, use the "-B" flag.

% Information related to ’195.225.176.0 – 195.225.179.255′

inetnum: 195.225.176.0 – 195.225.179.255

netname: NETCATHOST

descr: NetcatHosting

country: PA

admin-c: VR1273-RIPE

tech-c: VR1273-RIPE

status: ASSIGNED PI

mnt-by: RIPE-NCC-HM-PI-MNT

mnt-lower: RIPE-NCC-HM-PI-MNT

mnt-by: NETCATHOST-MNT

mnt-routes: NETCATHOST-MNT

mnt-routes: WZNET-MNT

source: RIPE # Filtered

remarks: ***************************************

remarks: * Abuse contacts: abuse@netcathost.com *

remarks: ***************************************

person: Vladislav Radchek

address: IBC Tower Floor 9 PO Box 901-2389

address: Manuel Espinosa Batista Avenue

phone: +372 7121250

nic-hdl: VR1273-RIPE

source: RIPE # Filtered

% Information related to ’195.225.176.0/22AS31159′

route: 195.225.176.0/22

descr: NETCATHOST (full block)

mnt-routes: WZNET-MNT

mnt-routes: NETCATHOST-MNT

origin: AS31159

mnt-by: NETCATHOST-MNT

remarks: ****************************************

remarks: * Abuse contacts: abuse@netcathost.com *

remarks: ****************************************

source: RIPE # Filtered

% Information related to ’195.225.177.190/32AS31159′

route: 195.225.177.190/32

descr: Mark Stosberg

origin: AS31159

mnt-by: NETCATHOST-MNT

source: RIPE # Filtered

remarks: *******************************

* Mark Stosberg *

* +1 (202) 657-5440 *

* US, 47374, Indiana *

* Richmond, 914 E Main St *

****** Send abuse to: *********

* abuse@myfreepages.org *

*******************************

Results brought to you by the GeekTools WHOIS Proxy

Server results may be copyrighted and are used with permission.’,'This IP is part of the NETCATHOST.COM Domain and is a Web hosting provider. Two IP’s in this block were attributed in the spamming the one noted above and this one 195.225.176.177. This is a RIPE address space from the looks of it being used by an ISP in Europe and further used by this American either intentionally or otherwise. Given it’s a web hosting account I’d say the server has been compromised.

It was interesting that while these bots were spamming me, I received no other spam attempts. [well there were two] Once I blocked this IP block from accessing my site, the other bots started up again. Most curious.

I still average about 3 spam attempts per day and depending on the success of this article I may post further major spammers in the coming months.

Comments Off

By Admin, September 4, 2006 13:40

Hot:

Like most folks these days I presume, you typically scan your computer either daily or weekly using a Anti-Virus program.  You also probably run cleanmgr.exe routinely to clean up your drives from junk and temp files.  You probably use some kind of firewall on the PC.  You probably also then use some kind of spyware product also.

I’ve become very disappointed with most spyware/adware products these days.  They are simply either ineffective or too paranoid.  Neither is an effective solution.  The industry leading Webroot is probably the most balanced on the market today, but it’s updating is making it ineffective when a outbreak occurs.  I for one will not buy a product that doesn’t effectively update its database constantly.  This is a big job and why I think it’s worth the money to spend on a solution, ONLY if it stays up to date. 

For a free solution you can always turn to SpyBot and Ad-aware SE.  Both these tools can be had for no cost stay ”reasonably” up to date, if not as current as some of the non-free products.  However every day one see’s a new product coming out claiming to be the latest and greatest. 

In order to get the most effective detection capabilities I think one needs to run the anti-spyware using a central repository that is constantly updated and does not require ”downloading” to update, or does so with the latest (built hourly) rules.

I have tried out Trend Micro Anti-Spyware Online Scan and will provide you with a step by step usage.

Using Trend Micro Online Scan

This is a very easy process.  The first thing you’ll obviously need is a PC connected to the Internet and to be running Internet Explorer v6.01 or greater to use the ActiveX component.

I tried it with Firefox using the ”IE Tab” extension, which worked fine, and also with the ”Open in IE” extension, which also worked fine.  Obviously the latter actually spawns IE, where the former simply opens a window within the firefox chrome.  If you don’t understand all this, don’t worry.  It works.

So, next you go to the link I provided above and allow the web site to install the ActiveX component which downloads the executable to perform the update and scan.

Once you get the executable running it will then update it’s rules from the repository at trend micro and start scanning.

Now we wait until it’s done.  The final result is noted by this screenshot we took:

From here we would have taken a very serious glance at the machine itself, if it wasn”t for the simple facts.

1.  This PC has Avast AV running, Scanned before detected nothing.
2.  This PC also has Tiny PF 2005 installed, and could not verify any infection directly or indirectly.
3.  We don’t know what it exactly found that was the problem.
So we take a closer look at the details that Trend Micro found, and this was the screenshot:


Taking a closer look would again give us indication that our box is owned.  But a few of these items are not a total surprise as far as the findings, the others are just lacking any real detail.
So we click on the ”Threat Details” link at the bottom for a select item such as this keyfinder.  Unfortunately the ”Detail” is rather pathetic.

As you can see for yourself this doesn’t tell us anything, and doesn’t confirm what we’ve found.  So I decide to submit these ”positives” to virus.com for testing against the worlds top AV programs.

First though, lets just double check it against our machines Avast AV:

Nothing. Well lets just make 100% sure.

As I was able to verify NONE OF THE ”POSITIVES DETECTED BY TREND MICRO ANTI-SPYWARE were legit.  Most of them in fact would have been cleaned and then rendered numerous software packages unusable.  The ONLY agreement with Trend Micro was noted in this screenshot below.  No other files were tested positive.

This is not an acceptable tool for any ”type” of detection and certainly not acceptable as a cleaner. 

I would not consider this tool to be ”beta” quality.  You are better off running NOTHING than this software.