Users with a recent Symantec product faced several problems after updating their computer from Windows XP Service Pack 2 to the latest version, among them removed network connections, an empty device manager, unusable wireless connections and thousands of bogus Registry entries. This was apparently caused by the toolsymprotect, a part of many Symantec applications, that is protecting those applications against malware. It did that so well that it prevented the Windows XP installation routine from deleting temporary Registry keys which in turn caused the problems for the users.

Initially Symantec blaimed Microsoft solely but admitted that symprotect was involved as well. The tool SymRegFix.exe has been designed by Symantec to remove the bogus Registry entries and correct the errors that have been caused by them on the user’s system. The software has to be downloaded to the local computer and executed from there, it will fix the Registry automatically.

Symantec users who have not updated to Windows XP Service Pack 3 yet will be delighted to hear that Symantec added a solution to prevent the situation to live updates of their products. If the Symantec product is fully updated the problems will not arise and symprotect does not have to be disabled during Service Pack 3 installation.

continue reading "Symantec Registry Fix for Windows XP Service Pack 3"

Choice is good, most of the time at least but to much choice can also lead to confusion. I’m talking about five applications that practically perform the same operation or a tool that can delete files securely using one of fourteen different algorithms. It’s not really that easy for inexperienced users - and probably even most of the experienced computer users - to find the best algorithm for a task.

Wipe Disk and Wipe Files (via Download Squad) are two applications that can delete disks and partitions or files securely so that they cannot be recovered by normal means. Normal means are those typical file recovery applications like Recuva.

Both applications are available in different languages which can be changed in the Extras > Language menu. The default language of both applications is German. Both are pretty straightforward. A disk, file or directory is added to the queue and one of the fourteen algorithms is selected that delete the data securely.

continue reading "Wipe Disk and Wipe Files"

An internal British Telecom document was released two days ago on the Wikileak website that provides the results of British Telecom’s validation of Phorm, also known as (aka 121Media), Deep Packet Inspection. According to that report 18000 users were chosen as test objects without their knowledge or consent. In that 2-week period more than 18 million page requests were intercepted and injected with JavaScript.

Only 15-20 users recognized the interference and reacted negatively to it. It goes on by suggesting changes so that the process will be 100% transparent to the user which simply means that they want a system where the user is not knowing that his connection is being hijacked and misused.

I have not had time to read the whole report but it seems like an illegal act to me to inject advertisement on web pages without the users and webmasters consent. In addition to spying on the users about 7000 cookies were dropped as well.

continue reading "British Telecom Phorm report leaked"

Have you ever asked yourself what law enforcement agencies would find when analysing your computer ? How their tools would look like and what they would be checking ? If you answered the questions with yes you might want to try out Evidence Collector (via Techtrends) which is a forensic computer program. Evidence Collectors main purpose is to help with IT incidents but it can give a solid impression on how such tools work generally.

It’s a standalone tool which means it can be run from external devices connected to the computer which is definitely a prerequisite for all forensic tools. It analyses the user level at startup and displays information like the local IP and hostname. A click on Start Collecting processes 14 sequences, some with subsequences, that collect data and write that data into logfiles in the Evidence Collector directory.

The software did write 25 different log files into the log directory including a list of opened files, installed applications and processes. Evidence Collector concentrates on hardware and software only while law enforcement agencies would definitely scan the computer for files as well, probably using a software like Locate to find information in filenames and contents.

continue reading "Evidence Collector"

Firekeeper is an intrusion detection and prevention add-on for Firefox that is adding another layer of security. The basic purpose of the Firefox add-on is to identify browser vulnerabilities and exploits that have not yet been patched in Firefox by scanning the data that is transferred between the client computer and the website. Both http and https connections are supported.

Possible threats are identified by a default rule set and additional custom rules that can be downloaded from the Internet or created by the user. If a threat or vulnerability has been identified the user is alerted about it before it is executed. The alert displays the url and type of threat and a list of references that explain the current alert in detail.

The user is prompted for action. This can mean to blacklist or whitelist the url permanently or to block or allow it once for the session. Instead of alerting the user Firekeeper can also block specific threats automatically without prompting for action. This behavior can be defined in the rules of the add-on.

continue reading "Secure Firefox with Firekeeper"