WinSpark Network » Security

What is Virus Signature ?

Rahul — Fri, 27 May 2011 18:53:11 +0000

Though virus attach themselves to executable program in a way that they are difficult to detect, they are not completely invisible. Every virus executes in a particular way, using certain methods to spread. These characteristics from a pattern called Virus Signature and every virus has its own specific pattern or signature. These pattern or virus signature are used to create a program called Antivirus which detects and sometimes even removes viruses. They search memory and secondary storage, monitor execution and watch for specific patterns or signature of viruses. When a scanner recognises a known virus’s signature then it can block the virus, inform the user and deactivate or remove the virus. Antivirus should be updated regularly with latest information and patterns of current viruses.

Virus signature can be identified by observing their:

Storage pattern.
- Characteristic code
- Characteristic Data table
- Characteristic Byte Sequence
Execution pattern
- Peculiar File Handling
- Peculiar Interrupt handling
- Characteristic Interrupt Hook
- Specific device access.
System beaviour
- Unique Behaviour pattern
- Abnormally observation on the system

What are Covert Channels ? How can potential covert channel can be identified?

Rahul — Mon, 23 May 2011 08:57:14 +0000

The channels that leak information where information travels unnoticed, accompanying other perfectly proper communication, are called Covert channels. In other words, through these channels information is received by people who should not receive it.

To understand the concept of Covert Channels, consider the following example:

There are four friends who are going to give an entrance exam where question paper is objective, i.e every question will have four options (a,b,c,d) and you are suppose to pick right answer.
Jhon being smartest of four decides to help his friends.
He says that he will follow a certain code like he will “cough” once if answer is a, “sigh” if answer is b; and so on.
Here Ram is using a communication channel that invigilator may not notice. His communication is a Covert Channels.

Types of Covert Channels:

Storage Channel
Timing Channel

1 > Storage Channels :

They pass information using the precence and absence of object in storage. A simple example of a covert channels is a file lock channel. In a multiuser environment, file can be locked, so as to prevent two people from user writing into same file at same time. E.g. : Suppose there is a service programe using certain protecteddata and accessing file “A”.

Now, there is a spy program running on the system and service program is not aware of it. Spy program is keeoing track of what service program is doing.
Now when service program is accessing file “A” it locks the file. ’1′ indecates file is locked. Spy program requests for file “A” and gets ’1′ for reply. So it understands that file is locked.
Later when service program unlocks file A spy program gets ’0′ saying file A is free to use now.

Information Leaked : when spy programe gets 1, it knows that

Service program is using file A. (i.e. it is running)
Bits ’1′, ’0′ received by spy program are stored, these will be accumulated by spy program.

2 > Timing Channels :

It passes information by using speed at which things happen. These are shared resource channels where shared resource is time. A service programe uses a timing channel to communicate by using or not using an assigned ammount of computing time. In multi programed system, two user processes divide time into blocks and these blocks are then allocated to them alternately. Suppose a process is offered processing time but it is waiting for another event to occur and has no processing to do, it rejects the offer. Consider three programes running simultaneously in a multiprogramming system. All three will be allotted time slots. Spy program wants to get information about service program 1.

When program other than service program is running, spy program will get 1.
When spy program is running it will get 0.

Now spy program wants to keep track on only service program 1. So it will get 0 even when service program 2 is running. i.e. : Service program 1 running -> 1 Service program 1 Not running -> 0

Information Leaked :

Service program running: Spy program gets to know when service program is running.
Information Bits : Spy program accumulates these bits to get new information.

Difference between time channel and covert channel is that, information is passed at every time slot in time channel but in case of storage channel information is given only when request is made. As we can see that same information is reveled by timing and storage channel hence convertable. This full post covers about the Covert Channels and how Covert chanel is classified. Any queries regarding the topic, you can comment here in this post or mail me at admin[at]winspark.net.

What is Salami Attack ? understanding and control

Rahul — Mon, 23 May 2011 07:42:48 +0000

The salami attack approach gets its name from salami or sausage that is made by fushing small bits of meat and fat. In salami attack we merge bits of seemingly inconsistant data to get powerfull results.

To understand the Salami Attack better, we can consider following example:

A bank has several account holders. Every month these account holders get interest of 9% on their savings in bank.
In some month it is Rs. 100.25 that account holder “A” gets, in some other month it is Rs. 154.60.
Now the atacker may write a program to steal away this 0.25 and 0.60 Rs. and add it to its own account.
Value of 0.25 or 0.6 Rs. is negligible for “A”.
If there are 5,000 account holders in the bank and attacker steals away such negligible ammount from each account every month, then by the end of year he will have a large amount added to his account.
Here attacker has yielded large profit by stealing away negligible bits.

Its just like we always pay Rs. 12 for 11.75 Rs. bus ticket. The remaining 0.25 Rs. will go to conductor pocket and at the end of the day he will be getting a good ammount of money which can be greater then his monthly salary.

Control against Salami Attack:

If proper auditing of accounts is done then salami attack can be easily caught.
If proper roundings operation is done then Salami attack will not exist.
If proper testing is done by the user it can be prevented.

Download Microsoft Security Intelligence Report Volume 10

Rahul — Sun, 15 May 2011 11:29:00 +0000

With more than a billion systems using its products and services worldwide, Microsoft collaborates with partners, inductry, and governments to help create a safer, more trusted internet and to improve security. Microsoft has released the 10th volume of Security Intelligence Report which contains an in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in 2010. The Microsoft Security Intelligence report (SIR) focuses on software vulnarabilities, software vulnerability exploits, malicious and potentially unwanted software, and security breaches.

Here are some of the Security statistics which are covered in this volume.

Fig : top 10 families detected on domain-joined computers in 2010, by percentage of domain-joined computers reporting detections. In this volume of Microsoft Security Intelligence Report, statistics about malware families and infections are reported on a quarterly basis with a focus on 2010. Volume 10 (SIR v10) is the most current edition covering 2010 and contains five sections:

Key Findings provides data and analysis produced by Microsoft security teams.
Reference Guide gives additional information for topics covered in the Key Findings.
Featured Intelligence spotlights the latest threat topic.
Global Threat Assessment provides deep dive telemetry by specific country or region.
Managing Risk offers methods for protecting your organization, software, and people.

To download complete report visit : http://www.microsoft.com/security/sir/default.aspx past reports and resources are available at : http://www.microsoft.com/sir (Microsoft Security Intelligence Report homepage)

Steps to secure your Windows 7 PC

Rahul — Tue, 16 Nov 2010 17:22:20 +0000

Now a days most of the users concerned about their security over the web even though they are fully protected by the administrator, they use try different preserving steps to keep them more secure and this may lead them to the danger zone or may be open to the insecure threads.

In this post we will be having the closer looks on the facts through which we can protect overselves from Virus, System crash and instability by performing little bit changing in your default operating system.

According to the research 1/3rd of the people now switched to Windows 7, a secure operating system by Microsoft which provides inbuilt security tools as follows.

The new Windows 7 Action Center in the Control Panel helps you make sure that your firewall is on, your antivirus software is up to date, and your computer is set to install updates automatically.
BitLocker Drive Encryption encrypts your Windows hard disk to help keep documents, passwords, and other important data safe. Once you turn on BitLocker, any file that you save on that drive is encrypted automatically.

(To open, click on start and in the search box type “Bitlocker drive encryption”)

Steps to secure your Windows 7 PC :

Continuously monitor “Windows 7 Action Center” (Windows Security Center in Windows Vista)
Use Windows Defender to scan for spyware and potentially unwanted program execution.
Keep your system patched and up to date, download and install system updated regularly.
Avoid creating unsophisticated users and acquire strong login credentials.
Backup your important files daily.
Create restore point within interval of 2 to 3 days.
Use Microsoft system certified antivirus security.

Other useful tools:

(Preferred antivirus Solution) Microsoft Security Essential : It provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

Microsoft Security Essentials is a free download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology.

Windows Patch management system : Patch management tools identifies accurately which patches are missing on each system, provide an easy means to deploy patches and provide administrative reports tracking patch status across multiple machines.

Windows Credential Manager allows you to store credentials, such as user names and passwords that you use to log on to websites or other computers on a network. By storing your credentials, Windows can automatically log you on to websites or other computers.

Surf safely, Stay secured.

Google providing a secure search through Secure Socket Layer (SSL)

Rahul — Tue, 25 May 2010 15:32:31 +0000

Are you scared of being caught by your ISP or any other third party user while having a personal search about your required private data . Google has made a good incremented by providing Secure Socket Layer over their search engine’s protocol.

Now search your required information by just changing the protocol from http:// to https://. Now you have to type https://google.com on your addressbar rather then the traditional http://google.com, and your required query and your search data will by encrypted through Secure Socket Layer (SSL).

Whats SSL ?

SSL (Secure Sockets Layer) is a protocol that helps provide secure Internet communications for services like web browsing, e-mail, instant messaging, and other data transfers. When you search over SSL, your search queries and search traffic are encrypted so they can’t be read by any intermediary party such as employers and internet service providers (ISPs).

Why SSL ?

SSL encrypts the communication channel between Google and a searcher’s computer. When search traffic is encrypted, it can’t be read by third parties trying to access the connection between a searcher’s computer and Google’s servers.

Caution : Your Google experience using SSL search might be slighly slower than you’re used to because your computer needs to first establish a secure connection with Google. – From Google explanation of SSL Search

Change your IP address and surf anonymously {Astrill Giveaway}

Rahul — Tue, 19 Jan 2010 16:37:41 +0000

Microsoft, Google and Firefox has made an effort to hide your internet job stuff being cached on history page or in any physical memory by integrating Private browsing mode in their Browsers. But whatever web pages or sites you open can be viewed by your network server or remote PC. But Astrill has the solution for it. Why not you change your IP address dynamically and surf anonymously without being cached even by your ISP.

Astrill is a new virtual private network provider. Servers provided by Astrill are located in the United States and the United Kingdom. It changes your default IP address to UK or US based IP address.

While surfing with Astrill, your connection is encrypted thus protected from eavesdropping (even from your ISP). You can feel safe to use Wi-Fi on public places, because with Astrill all your information is protected. And it bypasses any kind of firewall or filtering.

: Default IP address when Astrill is made Off

Astrill is still in Private Beta and its trial version of 3 days is available for download. You may get a fully functional Private beta Invitation. We are able to get the 100 Invites exclusive for the readers of WinSpark.net. All you have to do is simply subscribe to us and write down the comment for the Beta request.

Offer Closed

Password checker from Microsoft Online Safety

Rahul — Thu, 15 Oct 2009 03:46:10 +0000

R u safe !!!! , Is your password secure or not, want to get new secure password??? Don’t worry here is the Password checker initiated by Microsoft Online Safety. Here you can check your password strength whether your password is able to protect your account or not. Or you can create your own secure password. Microsoft has provided the detailed 6 steps to build a strong password.

If someone steals your passwords, they can use your name to open new credit card accounts, apply for a mortgage, or pose as you in online transactions. To prevent this, you can do the following

Follow 6 steps to build a strong password
Learn what makes strong passwords
Avoid common password strategies that fail.

Microsoft Releases Security Advisory 972890

Rahul — Tue, 07 Jul 2009 05:21:40 +0000

Microsoft has released Security Advisory 972890 to alert users about a vulnerability in Microsoft Video ActiveX Control. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. The advisory also indicates that Microsoft is aware of attacks attempting to exploit the vulnerability.

US-CERT encourages users and administrators to review Microsoft Security Advisory 972890 and implement the workaround listed in the advisory. This workaround will help mitigate the risks until a patch or update is released by the vendor.

Automatically scan your received file in Windows Live Messenger

Rahul — Sat, 04 Jul 2009 20:03:05 +0000

Windows Live messenger has inbuilt facility to set your virus scanner as a default file sharing virus scanner. Now receive files through live messenger safely.

To set Microsoft Security Essential as your default virus scanner follow the simple steps described below. First of all you need to Install Microsoft Security Essential or any other virus scanner.

Go to Tools > Option as described in image below

Select File Transfer from left sidemenu.
Check “Scan files for virus using :“
Click on browse and navigate “msseces.exe” (If you are going to use MSE as a default scanner) from “C:\Program Files\Microsoft Security Essentials” directory. (If you are using any other virus scanner than locate another scanner application.)

Apply it and click on OK.

Note :

Scanned files that are infected should be deleted
Infected and potentially infected files that are found by the safety scanner can be accessed in a Hidden folder.
If you’re using Windows XP, the hidden folder can be found at the following location: “C:\Documents and Settings\your username\Local Settings\Application Data\Microsoft\QuarantinedFiles”.
If you’re using Windows Vista, the hidden folder can be found at the following location: “C:\users\your username\AppData\local\Microsoft\QuarantinedFiles”

Be safe from Internet World Happy Computing