The Windows 7 firewall will block the connection if the application has not been configured previously in the Windows Control Panel. The configuration can be strenuous especially in the beginning right after the first start of the operating system.

That’s where the Windows 7 Firewall Control steps in. The free version of the software program adds those application prompts to Windows 7. It displays a prompt whenever an unknown application tries to connect to the Internet.

This gives the user in front of the computer the option to enable or disable all traffic or enable only incoming or outgoing traffic. The selected setting will be stored in the program’s main interface only. This is one weakness of the program as it does not sync the settings with the Windows 7 Firewall. This is problematic as it means that the configured settings will be gone if the Windows 7 Firewall Control gets uninstalled. The reason for not syncing is that Windows 7 Firewall Control works independently from the Windows 7 Firewall. It does grab the configuration at startup but does not communicate with the firewall after that.

A pro version of Windows 7 Firewall Control is available offering additional features. Both versions can be downloaded at the developer’s website. (via Windows 7 News: Windows 7 Firewall Control)

Related posts

• Windows Registry Watcher (5)
• Windows Defender (11)
• Use USB Flash Drives To Lock Windows (13)
• USB Lost and Found (9)
• Trend Micro RootkitBuster (6)

PayPal recently began to sell a so called PayPal Security Key to protect PayPal users from phishing attacks. The system works by protecting the login to the account not only with a username and password but also a security key that is generated on the fly on an external device. Attackers who are able to steal PayPal login information would need physical access to the security key to be able to log into the account at a later time.

It is not a 100% perfect solution as attackers are still able to circumvent the security key if they have additional information related to the PayPal user’s account. It still is a viable protection in most cases. PayPal is hosting a security center on their website that is informing and educating users about security risks and how to reduce them and prevent attacks.

Probably the best way of fighting most attacks and all phishing attacks is to always open the PayPal website directly instead of clicking on links that are supposed to lead there. Another security method is to use a password manager to store the PayPal login information. Many password managers, such as Last Pass, can fill out the login form and log in the user automatically in configured accounts. This can be a very effective method of detecting fake websites as the password manager will not fill out the login information automatically on these websites.

Related posts

• PayPal Now Offering Mobile Security Key (2)
• Update on my PayPal Story (8)
• Protect PayPal Accounts With VeriSign Identity Protection Devices (19)
• Unauthorized Payment Done With My PayPal Account (50)
• Send a Fax to unsubscribe from paypals newsletter (4)

Having only worked with Winamp under Windows XP I was unaware that Winamp was installing the files elevator.exe and elveatorps.dll for elevation in Windows Vista and apparently Windows 7 as well as this thread at the Winamp forum suggests.

The easiest way to get rid of the files in the same session is by using the following Windows commands in the command line after switching to the directory Winamp was installed in:


elevator.exe /unregserver
regsrv32 /U elevatorps.dll
regsrv32 /U nscrt.dll


It is likely that these files can also be deleted in Windows Explorer after a restart of the computer system. Users who have UAC disabled in Windows can also get rid of these files according to the forum post quoted above.

Related posts

• Windows Media Player Import for Winamp (1)
• Winamp Tweak Guide (0)
• Winamp Minitube Adds Youtube Videos To Music (7)
• Winamp iPod Plugin (0)
• Winamp iPod Plugin (5)

Trend Micro are reporting about yet another Facebook phishing attack that is currently in the wild. The attack begins – like most phishing attacks – by mass mailing potential Facebook users informing them that they need to update their Facebook login credentials. A link is offered in that email and if they follow that link they land on a website that looks like Facebook. What’s interesting here is that the email address field of the Facebook login form is already filled out so that the Facebook user only needs to enter the Facebook password to complete the process.

A click on the login button will open a new page that contains a link to an update tool which installs a trojan on the user’s system.

It attempts to access a Web site to download a file which contains information where the Trojan can download an updated copy of itself, and where to send its stolen data. This configuration file also contains a list of targeted bank-related Web sites from which it steals information. Note that the contents of the file, hence the list of Web sites to monitor, may change any time.

It attempts to steal sensitive online banking information, such as user names and passwords. This routine risks the exposure of the user’s account information, which may then lead to the unauthorized use of the stolen data.

The blog post contains security tips on how to distinguish legit from phishing emails. Users who are interested in those can visit the blog post but the most important lesson once again is to avoid clicking on links that are send via email.

Related posts

• Facebook Login Page (28)
• facebook login (34)
• Worio Combines Bookmarking And Web Search (2)
• Windows Live Photo Gallery Facebook Plugin (4)
• Which Facebook Apps do You Think are Worthless? (9)

The focus of Double Anti-Spy Professional is a complete spyware protection of computer systems running the Microsoft Windows operating system which includes protection against spyware and adware but also against other forms of malware including backdoors, computer bots and trojans.

The installation of the anti-spyware software and the interface of the program have been designed with ease of use in mind. The program will always start up with the status report window which will display relevant information like the date and time of the last scan, the freshness of the definition files or the results of the last scan. The four buttons on the left side are used to switch between sections of the software.

Double Anti-Spy Professional can perform three types of scans: A quick scan that will only scan important locations, a full scan to scan all files and locations and a custom scan that the user can define individually. A full system scan is recommended after installation and updating the definitions to find all traces of spyware that might be located on the computer system.

The anti-spyware software protects the computer system from spyware that tries to attack the PC. It does so by actively monitoring the system for suspicious files. The depth and level of protection can be configured in the Active Defense section of the program.

Here it is possible to configure the active defense and email defense settings to block and quarantine files and software before it can become a threat. Email defense works with several popular desktop email clients including Microsoft Outlook, Windows Mail and Mozilla Thunderbird.

The very same menu can also be used to schedule scans and add programs and files to a whitelist or blacklist.

The fourth and final tab Settings can be used to configure the different scans that Double Anti-Spy Professional can perform, set the update check interval, configure a proxy server and scan optimizer or disable Windows Explorer automatically if it is running on the system to avoid compatibility problems.

Now, how good is the anti-spyware software? Avanquest show test results conducted by AV-Test on their homepage which tested Double Anti-Spyware Pro against PC Tools Spyware Doctor and Webroot Spy Sweeper. Other tests have not been published yet and it is not even possible to find the AV-Test results anywhere on the Internet. But what about the two engines that the security software is using? According to users on some web forums the program is using the engines of Outpost AntiSpyware + VIPRE (CounterSpy) which both did receive good reviews and recommendations.

Update: The software is using the following engines: Double Anti-Spy includes Sunbelt’s VIPRE (Engine A) + Outpost AntiSpyware combined with Virus Buster SDK (Engine B)

Verdict:

Double Anti-Spy Professional utilizes two scanning engines from respected companies to protect the computer against spyware which makes it more effective. Resource usage was a bit high on a Windows 7 test system if the window of the program was active (about 80 Megabytes). The program itself is compatible with Windows XP and 32-bit or 64-bit editions of Windows Vista and Windows 7. More information are available at the Double Anti-Spy Professional homepage.

Giveaway:

We have ten download copies and licenses for Double Anti-Spy Professional. Just leave a comment below for a chance to win a copy. Every comment in the next 24 hours will take part in the draw and the winners will be emailed. The email will contain the download link, license key and instructions.

Related posts

• Windows Defender (11)
• WinX DVD Author Giveaway (53)
• Windows Registry Watcher (5)
• Windows 7 Firewall Control (4)
• Use USB Flash Drives To Lock Windows (13)

SafeOnline is a security program developed by Prevx that is available as a standalone software or as part of Prevx 3.0. This program, according to its developers, is able to protect PCs against many forms of phishing and pharming even if they are infected.

How is it done?

The core protection lies in the ability to block keyloggers, screen scrapers, man-in-the-browser attacks, session hijackers, clipboard grabbers, and a number of other threats commonly installed by trojans like SilentBanker, Bancos, Zeus, Torpig, and Curtwail onto thousands of PCs daily. Rather than focusing on being able to identify the threats themselves, SafeOnline works to isolate the browser from the rest of the system even if unknown threats exist that try to steal data from the user. System level malware generally attempts to read data from the browser but Prevx introduces a layer in-between the browser and the rest of the operating system, tricking the threats into thinking that they have successfully read and transmitted the user’s credentials outside of the system when they have not. Unlike other solutions, Prevx SafeOnline works with the user’s existing browser, without requiring the use of a specialized browser so there is no need for the user to change their browsing habits – protection is applied seamlessly and silently in the background.

This sounds like a reverse sandbox where the contents in the sandbox are protected from the rest of the computer system. According to Prevx it offers protection against

* Man-In-The-Browser
* Phishing attacks
* Keyloggers
* Screen Grabbers
* Cookie Stealers
* Info Stealing Trojans such as ZEUS, MBR, Goldun, and Silent Banker

Prevx has contacted several banks in the UK offering their product for free to the bank’s customers. Six banks so far have shown interest in the product. These banks had special requirements according to PC World that included that the product would work with other security software and would not force the banks to change their websites. The security product was able to meet all of these requirements.

Verdict: The main question here is if it is really safe. Will it really defeat all keyloggers and phishing attacks? What if the security software fails do to so? What if users feel overconfident using the software? It might work as an extra layer of defense on a PC system but it might take a while before the company can build enough trust in their product. Thanks Dante for the tip.

Related posts

• Windows Registry Watcher (5)
• Windows Defender (11)
• Windows 7 Firewall Control (4)
• Which Programs Should I Run To Scan A Computer For Malicious Software? (13)
• Web of Trust: collaborative online security (7)

Microsoft has therefor created a solution for this problem by introducing the Bitlocker To Go Reader so that the data on the portable device can be read in operating systems that are not supporting Bitlocker. Microsoft’s solution is the Bitlocker To Go Reader, a software program compatible with Windows XP, Windows Vista and Windows 7 that can be used to decrypt the data on a Bitlocker encrypted removable storage device.

Bitlocker To Go Reader is added to the removable storage device when it is encrypted. The program will automatically be displayed if autoplay is enabled on the computer system when the user connects the removable storage device that has been encrypted with Bitlocker To Go. A right-click on the device and the selection of autoplay or a double-click on the drive icon in Windows are the other options to display the Bitlocker To Go Reader window.

The user only needs to enter the password the data was encrypted with to decrypt and access it on the other operating system. An alternative to encrypt file systems, removable storage devices and other data is the open source software True Crypt which we have reviewed in the past. True Crypt offers the advantage of encrypting and decrypting data not only in Windows but also Linux and Mac OS.

Related posts

• My Encrypted Tunnel (1)
• How To Password Protect Data On CDs or DVDs (6)
• Disk Encryption Software TrueCrypt 6.3 Released (4)
• Zoogmo Secure Peer To Peer Backups (3)
• ZoneScreen Finally Gets 64-bit Update (6)

Luckily though Ghacks reader Dante found a solution for the problem which he send in as a tip to share here at the website. The Avira update problem seems to only affect the automatic update of the antivirus software. What is not affected at all is the manual update process.

To fix Avira Antivir Update problems a user would therefor need to aquire a new virus definition file and update the software manually with it. This fixes the broken automatic update in Avira Antivir:

• Download the latest antivirus definition file for Avira Antivir at Softpedia.
• Bring up the Avira Antivir interface.
• Select Update and there Manual Update
• Use the file browser to select the downloaded updated definition file
• Wait until the update has finished.

The manual update of the antivirus software will fix the broken automatic update in Avira so that it can be used again afterwards. Thanks go to Dante for sending in the tip.

Related posts

• What You Should Do After Buying A New Computer System (18)
• Test Avira AntiVir PersonalEdition Premium for 6 months (10)
• Shardana Antivirus Rescue Disk Utility (3)
• Panda Internet Security 2010 [free] (7)
• Norton Security Scan (17)

The latest test by independent security researchers AV-Comparatives is another confirmation that Microsoft has developed a solid security software for the Windows operating system. The latest test concentrated on virus and malware removal capabilities of selected free and commercial antivirus products.

The test itself pitted sixteen different security products against ten malware samples. Six of the sixteen security software programs received an advanced plus rating. Among them Microsoft’s Security Essential product which was also the only free product to score the highest rating and one of three that scored a good rating in the two tested fields removal of malware and removal of leftovers.

While the test certainly does not make Microsoft Security Essentials the best free antivirus software that is currently available as Lee described it over at the Download Squad it certainly can be seen as an indicator that Microsoft has delivered a quality software program for the Windows operating system.

The test results are available in a pdf report on the AV Comparatives website.

Related posts

• Microsoft Security Essentials Beta Now Available (11)
• Norton Security Scan (17)
• Norton 360 Review (18)
• Microsoft Security Essentials Final Available (6)
• Microsoft Security Essentials Final Announced (10)

Some users have reported Microsoft Security Essentials crashes and other errors that prevent the tool from protecting the computer system. The Fix MSE Utility has been designed for those users. It can repair a Microsoft Security Essentials installation by resetting all Registry and other settings to their default values. The same could be achieved by uninstalling and installing the software program but the benefit of using the Fix MSE Utility is speed.

The portable software program is compatible with the same operating systems that Microsoft Security Essentials is compatible with. It will display a small program window upon startup that looks like the following:

The window contains a small description of the program’s functionality as well as a Fix MSE button which will start the repair of the Microsoft Security Essentials installation. The Microsoft Security Essentials program itself has to be closed during that process to avoid further complications.

The Fix MSE Utility is available at the Windows Club forum

Related posts

• Youtube Video Search Is A Barebone Youtube Downloader (2)
• Xkcd Comic Wallpaper Changer (2)
• Wireless Networking Software Homedale (13)
• Windows XP: Default Internet Browser Per User Profile (0)
• Windows XP System File Checker (7)

Fortunately there is a tool for that. The tool? Spamassassin. Spamassassin is a very versatile SPAM tool that is part of the Apache Foundation. Spamassassin uses numerous means to detect SPAM including: DNS and Checksum based SPAM detection as well as Bayesian filtering, external programs, black lists, and online databases. These tools together make for a fairly powerful detection system.

In this article you are going to see how to install and configure Spamassassin to work in conjunction with Postfix to further enhance your email server.

Installing Spamassassin

Obviously the first thing you need to do is install Spamassassin. You will find Spamassassin in the Ubuntu repositories. And since this entire series has been laid on top of a Ubuntu Server installation, that is quite convenient. So, to install Spamassassin, open up your terminal window and issue the following command:

sudo apt-get install spamassassin

There may or may not be some dependencies to install in order for the Spamassassin  installation to complete. Go ahead and OK those. Once this installation is complete you are ready to start configuring.

Configuration

Before we actually get to the configuration it is important to understand the SPAM scoring system. With Spamassassin, messages are tagged as SPAM only when they have enough SPAM-matching characteristics (according to a scoring level). The scoring level is 0-5, however it’s not as simple as saying a 0 means it is 0% SPAM. The system is set up so that every characteristic can add to the overall score. For example a message tested to find a base64 attachment does not have a file name filtered with both bayes+net will add 0.224 to the over all score of the message. When all of the characteristic scores are added up, if they exceed the default score you have set in the configuration file, that message is considered SPAM.

Now that you have a basic understand of how the scoring system works. Let’s start configuring Spamassassin.

The main configuration file is /etc/spamassassin/local.cf. The first option you want to configure is the default score. Look for the line:

# required_score 5.0

The first thing you want to do is uncomment that line (by removing the “#” character) and then changing the score. A score of 5 is pretty high and sure to be SPAM. Understand the more you lower that score the likely you are of missing message messages that are tagged false-positives. A score of 3.5 is a fairly reliable score that will catch a lot of SPAM but not a lot of false positives.

Above this line are a couple of other options that are important. The first is the option to set the option:

report_safe

To 0. This option can be set to either 0 or 1. A zero means that if a message is found to be SPAM the message will not be deleted, but instead the subject line will be rewritten to include a message marking it as SPAM.  This is handy to prevent users from losing important messages to false positives. This also allows you to set a lower score threshold.

To do this first look for the line:

# report_safe 1

Uncomment this line by removing the “#” character and then change the “1″ to “0″ (no quotes).

The next step is to uncomment the line:

# rewrite_header Subject *****SPAM*****

Now you can alter the “*****SPAM*****” section of this line to reflect what you’d prefer it to say. Just make sure it is clear to your users that a message with this rewritten subject line is most likely SPAM.

Now restart the Spamassassin daemon with the command:

sudo /etc/init.d/spamassassin restart

Configure Postfix

The last step is to set up Postfix to use Spamassassin. To do this open up the file /etc/postfix/master.cf and look for the line:

smtp     inet    n   –   –   –   –   smtpd

You need to alter this line to look like:

smtp      inet   n   -   -   -   -   smtpd -o content_filter=spamassassin

Finally, at the end of this file add the following:

spamassassin
unix - n n - - pipe
flags=R
user=spamd
argv=/usr/bin/spamc
-e /usr/sbin/sendmail
-oi -f ${sender} ${recipient}

Now all you need to do is restart Postfix with the command:

sudo /etc/init.d/postfix restart

Your mail server should now be scoring incoming message as SPAM or HAM.

Final thoughts

The mail server is a tricky beast. You have to ensure that users are getting their mail, but you have to make sure they aren’t receive SPAM or viruses. After completing this series of articles, you should have a pretty solid server running that will send out mail that is safe for users eyes.

Related posts

• Trap Spammers with Project Honey Pot (4)
• Tinymail Email Protection (18)
• Reduce Spam by using alternative Google Mail Address ? (8)
• Phishing Explained (4)
• Introduction Series Part 1: Spam (0)

Indo Cleaner is a privacy software that can deal with most recently used file listings. It basically is a cleaner that checks various lists for entries giving the user the option to delete some or all of them so that they cannot reveal any information about which files have been opened in the past.

All available mru lists are selected by default after installation and start of Indo Cleaner. This includes Windows Explorer, Internet Explorer, Microsoft Office and Windows Media Player but also Firefox and Opera. It is possible to uncheck any of the programs listed to prevent the lists from being cleaned up.

The remaining most recently used lists will then be checked and the number of entries that are stored in the Windows operating system are shown. Here it is again possible to uncheck some programs or proceed with the cleanup to delete the selected recently used files.

Indo Cleaner is not the only privacy software that can clean the most recently used files. Ccleaner is for example another program that can delete those files. Indo Cleaner (via Into Windows) is compatible with Windows XP and Windows Vista (and likely Windows 7).

Related posts

• Privacy Software CCleaner 2.25 Released (13)
• MRU Blaster (10)
• ZoneScreen Finally Gets 64-bit Update (6)
• ZC DVD Creator Platinum [Free Full Version] (16)
• Youtube Videos Downloader TubeQueue (14)

One of the best anti-virus systems for a Postfix server is ClamAV. This anti-virus tool kit is open sourced and can be used on all UNIX-like operating systems. It’s easy to install and effective. In this article we will be following our series started way back in the Installing Ubuntu Server 9.04 article. Of course we will be installing ClamAV on a Ubuntu server running LAMP and Postfix. With that in mind, let’s get busy!

Installation

The first thing to take care of is the installation of ClamAV. There are a number of tools you will need to install. Open up a terminal window and issue the command:

sudo apt-get install clamav clamav-freshclam clamsmtp

The above command should also pick up all of the necessary dependencies. The installation will also start the clamav daemon. You will restart that momentarily

Configuration

Once installed you have some configurations to take care of. There are three files you are going to have to edit:

• /etc/clamsmtpd.conf
• /etc/postfix/main.cf
• /etc/postfix/master.cf

The first file to configure is the clamsmtpd.conf file. The configuration in this file is simple. Look for the lines:

OutAddress: 10025

127.0.0.1:10026

Change them to:

OutAddress: 10026

127.0.0.1:10025

That’s it for the clamsmtpd.conf file. Now let’s move on to the heavier configurations.

Open up the /etc/postfix/main.cf file. Scroll down to the bottom of this file and add the following:

content_filter = scan:127.0.0.1:10025

receive_override_options = no_address_mappings

Save that file and now move on over to the /etc/postfix/master.cf file. Again, scroll down to the bottom of this file and add the following:

# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8

Save that file.

Restarting

The first thing you need to do is restart Postfix with the command:

sudo /etc/init.d/postfix restart

Once that has restarted you need to restart clamsmtpd with the command:

sudo /etc/init.d/clamsmtpd restart

Now, if nothing has gone horribly wrong, you should have a virus protected Postfix mail server.

Updating signatures

You should never go without updating your virus signatures. This is critical for keeping your mail server virus-free as new viruses are created or old viruses mutate. Fortunately ClamAV has its own tool for this. You will need to go back to that terminal window and issue the command:

sudo freshclam

Which will update the signatures.

You might even add the freshclam command into the root users crontab for regular signature updates.

Final thoughts

Your Postfix mail server is getting better and stronger each day. Adding anti-virus is a critical step in the grand scheme of Postfix things. In our next addition to the Postfix series, we will add Spamassassin for anti-spam measures.

Related posts

• What is your Security Concept ? (9)
• Test your Anti-virus program (10)
• Stop SPAM in Postfix with Spamassassin (1)
• Secure Windows XP (0)
• Mail relaying made simple with Postfix (0)

We explained Flash Cookies in detail back in 2007 when a larger group of Internet users became aware of them. More than two years have passed since then with Flash cookies still playing a major role on many popular web services and for many advertising agencies.

Here are four options to deal with Flash cookies:

Option 1: Adobe Flash Player Settings

Probably the best option to deal with Flash cookies is to open the Adobe Flash Player settings. Users can look at the stored Flash cookies, delete some or all and change several options that change or even block Flash cookies on the user system.

Option 2: The manual way

Flash Cookies are stored on the local computer system. Their location varies depending on the operating system. Flash cookies are stored as *.sol files in the operating system. Here are the locations they can usually be found in:

• Windows: LSO files are stored typically with a “.SOL” extension, within each user’s Application Data directory, under Macromedia\Flash Player\#SharedObjects.
• Mac OS X: For Web sites, ~/Library/Preferences/Macromedia/Flash Player. For AIR Applications, ~/Library/Preferences/[package name (ID) of your app].
• GNU-Linux: ~/.macromedia, ~/.macromedia/Flash_Player/#SharedObjects, ~/.adobe

The process of deleting those flash cookies could be automated with the right software program, e.g. CCleaner for Windows.

Option 3: Firefox add-on Better Privacy

The Firefox add-on Better Privacy can delete Flash cookies regularly to get rid of them automatically with options to whitelist some Flash cookies that are needed, e.g. for storing high scores on your favorite gaming website or playback settings on Youtube.

Option 4: Flash Cookie Cleaner (Windows software)

Flash Cookie Cleaner is a software program for the Windows operating system. The portable software program can be used to delete all stored Flash cookies of the logged in user. It is available at the developer’s website.

Related posts

• Manage Flash Cookies with Better Privacy (8)
• Flash Cookies explained (63)
• Delete Flash Cookies (15)
• Private Browsing Not So Private After All (13)

Having a tool that can quickly, and regularly, take snapshots of your network landscape is critical to keeping tabs on your PCs. Of course you can shell out some budget dollars for a proprietary tool, but why bother when you can fire up a Linux machine and use the trusty Nmap tool for the job.

Nmap is a command line tool that rapidly scans a network gathering information about machines and ports. It is easy to use and flexible, making it perfect for the job of asset scanning. In this tutorial you will see how to set up a system that will regularly scan your network and create a report that can then be used to keep inventory of your networked machines.

Installing

Before we get to the actual scanning we need to install a couple of applications. Since I am using a Ubuntu system, we’ll run the installation using apt-get. With some simple modifications, you can do the same on a fedora system. The two applications to install are: nmap and ndiff. We use ndiff to compare the results of scans. To install these applications open up a terminal window and issue the following command:

sudo apt-get install nmap ndiff

You will have to accept dependencies, at which point the two applications will install. Upon completion of the installation, you are ready to scan.

Using nmap

Nmap is actually a fairly powerful tool. If you issue the command man nmap you will see just how powerful this tool is. You can also see how many arguments you can use with Nmap as well as what each argument does. Fortunately I will show you a simple command you can issue to make this a bit easier.

I am going to illustrate how these tools work together by running an nmap scan on a small internal network. I will then scan the network after making a change to one machine and see if ndiff catches the change.

The command for the scan is:

sudo nmap -n -PN 192.168.1.1/24 -O > network_scan

I will then run that same scan after making the change with one alteration:

sudo nmap -n -PN 192.168.1.1/24 -O > network2_scan


The above commands will output to the files network_scan, and network2_scan.

Once you have the two files you will compare them using the ndiff command like so:

ndiff -b network_scan -o network2_scan

The two options used are:

• b – Baseline.
• o – Observed.

You can think of Baseline as your control group.

Figure 1

The results of the command are shown in Figure 1.

The results show exactly what occurred in my network change. I shut down the machine associated with IP address 192.168.1.37.

Of course you could also get a much clearer picture of your network by combing through the results of the initial scan, but if you are looking for how your network topography has changed from scan to scan, using ndiff is the best way.

To see the full usage of both nmap and ndiff, take a look at the man pages. I will warn you, they are fairly complex. But this tutorial should give you a solid understanding of how the basics of the tools work.

Related posts

• Port Scanning Networking Tool SuperScan (1)
• Map your network with Zenmap (1)

• Anti-malware Protection (including personal firewall, antivirus protection, wifi monitor, instant messaging protection and proactive protection)
• Identity Theft Protection (anti-phishing, anti-banking trojan engine and anti-rootkit technology)
• Safe Internet Browsing (anti-spam filter, parental control features, web filter and information filter)
• PC Backup including 2 Gigabytes of online backup storage

October 22, 2009 is the magical 24 hour period when ordinarily pricey things turn into free things. Well, Panda Security is now compatible with Windows 7, so why not pair the two? Register on this glorious day for ONE FREE YEAR of Panda Security’s anti-virus protection. Prevent viruses, malware, Trojans, worms, identity theft, online banking and other threats from infecting your PC. Internet Security is ultra light-weight because it’s using “cloud” technology so it won’t hinder your computer from operating as freely as it can. Because the only free thing we can think of that isn’t good is a computer virus.

Users who want the free license for Panda Internet Security 2010 need to visit the promotion website on October 22 (the countdown on the page is showing that the offer starts in 8 hours and 44 minutes from the time of posting this article).

Registration on the page is mandatory on October 22 to receive the activation code per email. A download link is already visible but not yet activated. The promotion website can be accessed by following this link. An overview of Panda Internet Security 2010 is available at the Panda Security website.

Related posts

• Norton Security Scan (17)
• Norton 360 Review (18)
• Microsoft Security Essentials Rated Highly In AV-Comparatives Test (6)
• Microsoft Security Essentials Beta Now Available (11)
• How To Run Commercial Antivirus Software Without Paying For It (21)

The problem that he sees with today’s form of identification – which is IP based – is that it is sometimes not possible to identify the person behind the connection at a specific time thanks to Internet cafes or hacked computers.

Most users will probably say bollocks and move on. Others will find flaws in his suggestion. If you look at real life examples you will notice for instance that people are anonymous there as well. You can phone someone from a public phone anonymously, you can send someone a letter without revealing your name. You can shop anonymously and talk to people without revealing your identity.

What’s your thought in the matter? The full interview is available at the Zdnet Asia website.

Related posts

• Steganos Security Suite 2007 for free (18)
• Kaspersky Rescue Disk (2)
• Kaspersky Application Vulnerability Analysis (2)
• Kaspersky Anti-Virus KAVRemover (9)
• Joe Biden: Piracy’s New Enemy (18)

• Cyber Security
• Alpha Antivirus
• Braviax
• Windows Police Pro
• Antivirus Pro 2010
• PC Antispyware 2010
• FraudTool.MalwareProtector.d
• Winshield2009.com
• Green AV
• Windows Protection Suite
• Total Security 2009
• Windows System Suite
• Antivirus BEST
• System Security
• Personal Antivirus
• System Security 2009
• Malware Doctor
• Antivirus System Pro
• WinPC Defender
• Anti-Virus-1
• Spyware Guard 2008
• System Guard 2009
• Antivirus 2009
• Antivirus 2010
• Antivirus Pro 2009
• Antivirus 360
• MS Antispyware 2009

A click on the start button will initiate the process of removing these rogue security software programs from the computer system if they are installed. It starts by stopping running processes and removing the programs from the computer. The program seems to be updated fairly regularly by the software developer which makes it likely that new rogue antivirus programs will be added to future versions. Remove Fake Antivirus is available for download at the developer’s website. (via Raymond)

Related posts

• Windows Registry Watcher (5)
• Secure Windows Services Configuration (2)
• Password Protect Applications (9)
• File Analysis (0)
• Antivirus software Uninstaller AppRemover (20)

The majority of the blame should not be put solely on Microsoft though. Other software companies like Apple or Google have been doing exactly the same thing. Firefox users might notice a Google Update plugin or Apple iTunes plugin in the plugin section of the web browser. And those installations are not blocked by the Firefox browser.

There is however an option to block automatic plugin installations. It is not a perfect solution though but it is all that is provided currently. The Mozilla developers have added several directories and locations in the Firefox preferences that are automatically scanned by the web browser for plugins. If a plugin is found it will be added and activated in the browser.

These plugin directories are listed in the all.js files which is located in the greprefs directory of the Firefox installation. The following directories and locations are listed in the file (search for plugin or another word that will move the cursor to that position).

// Locate Java by scanning the Sun JRE installation directory with a minimum version
// Note: Does not scan if security.enable_java is not true
pref(”plugin.scan.SunJRE”, “1.3″);

// Locate plugins by scanning the Adobe Acrobat installation directory with a minimum version
pref(”plugin.scan.Acrobat”, “5.0″);

// Locate plugins by scanning the Quicktime installation directory with a minimum version
pref(”plugin.scan.Quicktime”, “5.0″);

// Locate and scan the Window Media Player installation directory for plugins with a minimum version
pref(”plugin.scan.WindowsMediaPlayer”, “7.0″);

// Locate plugins by the directories specified in the Windows registry for PLIDs
// Which is currently HKLM\Software\MozillaPlugins\xxxPLIDxxx\Path
pref(”plugin.scan.plid.all”, true);

// Controls the scanning of the Navigator 4.x directory for plugins
// When pref is missing, the default is to pickup popular plugins such as
// Flash, Shockwave, Acrobat, and Quicktime. If set to true, ALL plugins
// will be picked up and if set to false the scan will not happen at all
//pref(”plugin.scan.4xPluginFolder”, false);

As you can see there are entries for Sun Java, Adobe Acrobat, Apple Quicktime, the Windows Registry and Netscape plugins. Putting a comment in front of the plugin locations that should not be scanned will block those plugins from being started with Firefox (comments are added by adding // in front of a row).

Many Microsoft, Apple and Google plugins are added from the location in the Windows Registry. It is not advised to block that location completely as it also lists the Adobe Flash plugin in the Registry which would stop Flash support in the web browser. The only solution right now would be to go into the Registry and backup and remove the plugins that are not needed. If it were not for the Flash plugin the whole Registry location could be blocked from being scanned.

The programs will not add their plugins again to the Windows Registry unless they are updated or reinstalled. Another option to automatically block plugin installation (and display a prompt instead) is to use a software that will show a prompt before a specific Registry key is edited in Windows. A program like MJ Registry Watcher can do that. Simply add the HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins key to the list of keys protected by the program to be informed whenever a software tried to change or add entries to the key.

Related posts

• How To Uninstall Windows Presentation Foundation Plugin In Firefox (18)
• Web Browser: Firefox 3.0.7 (5)
• Top 5 Security Plugins For Firefox, Chrome And Internet Explorer (16)
• Test The Phishing Protection In Firefox (3)
• Secure Firefox with Firekeeper (2)

With Secure Shell there are a number of ways to use (and configure) this tool to make it more useful and more secure. In this article  you will learn five different (and handy) secure shell tips to make sure your ssh usage is as good as it can be. And for some basic secure shell knowledge, check out my article “Get to know Linux: Secure shell“.

Password-less logon

Have have dealt with this before (as a side note), but wanted to re-iterate this process. Because I use ssh so much I get tired of having to enter passwords constantly. Now I will preface this by saying only do this on a network you trust. Yes you will be logging into ssh with a certificate, and that certificate will be on your machine, but you don’t want to employ this method on a network that can not be trusted. With that in mind, here are the steps for setting this up.

On the local machine issue the command:

ssh-keygen -t dsa

This command will generate a public key that will be then copied to your server. During this creation process you will be asked for a password – just press enter to use a blank password for this. You will have to verify the password, so hit enter again. )

With the key created you have to copy it to the server you want to ssh into. To do this enter the command:

ssh-copy-id -i .ssh/id_dsa.pub username@destination

Where username is the username you will be logging into on the remote server and destination is the IP address of the remote server.

Now when you go to secure shell into that remote machine you will not have to enter a password.

Block root login

Although secure shell is a secure means of logging into your server, you do not want to allow root access (for obvious reasons). Blocking root access is simple. Open up the /etc/ssh/sshd_config file and look for this line:

PermitRootLogin

and make sure it is set to “no” (no quotes). So the complete line will read:

PermitRootLogin no

Once you have saved that file, restart the ssh daemon with the command:

sudo /etc/init.d/ssh restart

Now the root user can no longer log in remotely via ssh.

Enable X tunneling

Secure shell is made even more powerful when you can run a remote X application on your local machine. And what is better is that it’s not difficult at all. In order to allow X tunneling you will first need to open up the /etc/ssh/sshd_config file and search for this line:

X11Forwarding

and make sure it looks like:

X11Forwarding yes

Once that is set save the file, restart sshd, and you are ready to tunnel and X Windows application through ssh. To accomplish this you have to add the -X flag to your secure shell command like this:

ssh -v -l USERNAME IP_ADDRESS -X

Where USERNAME is the username you want to log in with and IP_ADDRESS is the actual IP address of the machine you are logging into.

Final thoughts

There are so many cool tricks and tips with secure shell, but the above three are, in my opinion, the most helpful. Have you come across a helpful ssh tip you’d like to share? Or are you looking for a particular behavior out of secure shell? If so. share with your fellow Ghacks readers.

Related posts

• Linux Command Line Fu (5)
• Get To Know Linux: Secure Shell (4)
• Yoggie PICO Personal Mobile Security Computer (3)
• With Ubuntu 9.10 Arrives Wubi 9.10 (1)
• Widgets for Linux: SuperKaramba (6)