No Recovery For You!

When consumers purchase personal computers, they should be given the means to restore/repair their operating system via an included LIVE CD/DVD, in NOT doing so by the OEM is just plain stupid. Bear in mind that as a Microsoft Windows licensee, meaning YOU, the thing with a Windows license is that you DO NOT OWN the software, you DO NOT OWN the product, that you are paying for and by receiving a license to use that software under the terms given, you must abide by them, whether you like it or not. That doesn’t sound to user friendly does it?

What you typically have included with you computer, is a recovery CD (best case), perhaps a recovery partition that just re-images your partition setting everything back to the way it was originally or nothing at all (worst case), none of these truly do fix anything. Normally the best way to accomplish this feat is to boot from a Linux LiveCD to recover your files. (more…)

Exercise your Computer

It’s always kind of surprising to me how many people don’t really bother to maintain their PC. A lot of folks seem to think that they can simply let their computer run without any sort of user intervention at all. The trouble is, it doesn’t work that way. As with one’s vehicle, which needs timely maintenance, so does your computer. Your computer’s is a complex, intricate machine, and it needs to be well-cared for in order to properly function, if not you will suffer problems down the road.

What’s more, it’s not just the hardware of a system that has a tendency to degrade over time. Modern computers are complex, intricate pieces of technology- fifty years ago, people wouldn’t have even dreamed this sort of stuff existed. As with any complex system, sometimes things tend to go wrong. A glitch in the software here, a misplaced line of code there, and boom. What’s shocking isn’t the fact that there’s literally thousands of ways a computer could break down and simply stop working. No, what’s shocking is that most of these issues, most of these errors, are preventable. Windows users suffer through lot’s of problems, this is why I openly advocate Linux.

Here’s a few exercises (primarily meant for Windows users) that you should do, to ensure that your computer is in top working condition.

(more…)

Speedup Your PC

Want to make your Windows PC run faster and smoother?  These are some small tips which make great impact on the performance of your computer. Everybody wants a PC which runs the way we want. A newly bought computer just impresses you, with its fast interface, quick reactions, negligible garbage, in short just like what a new computer should.

But after using your computer for about a year or so, like me, you would also face some minor problems with your computer performance e.g. takes more time to boot up, hangs up very frequently, you see a large cluster of useless icons on your desktop, applications run slower, some even refuse to run. Innumerable problems are faced by all of us. This happens from how Windows is designed, the filing system used (NTFS) is sloppy, as opposed to EXT3/4 journaling  file system as used on Linux distributions.

Now all of us won’t buy a new computer just for this reason, so what would you do? Format your hard disk? Probably, but who wants to lose precious data? There are many small things that PC users, don’t know about, or though being aware of them don’t prefer to use them as they require investment of time. And who has free time?

I am going to tell you, what I do to my own PC, to achieve the performance level I want from it. This doesn’t require much effort to follow these simple tips, nor do they require much time, but surely they increase our PC performance, your PC would surely run smoother and faster. (more…)

My Scam PC

I’ve seen this ad on TV for a program to speed up your computer off on on when viewing cable. The program that installed was called “Cyber Defender”. It’s listed in many sites on the internet as a possible Virus, Trojan or Rogue.

It would do one and only one operation and that was to scan the registry. Or at least it appeared that’s what it was doing. I was locked out of selecting any other options. Then it reported over 400 errors in my registry, but when I hit the button to Fix the problems, it took me right to there web site, where I was presented with the opportunity to spend money to buy their program. (more…)

How Windows gets malware

When a Microsoft Windows machine gets infected by viruses/malware it does so mainly because users forget to update the Java, Adobe Reader/Acrobat and Adobe Flash. This is revealed by a survey conducted by CSIS Security Group A/S. This group has been collecting data for 3 months on actual infections of computers by drive-by attacks on browsers.  Drive-by attacks are when you go to an innocent website and get a virus anyway.  This is typically from ads or hacked links.

Basis of the study

CSIS has over a period of almost three months actively collected real time data from various so-called exploit kits. An exploit kit is a commercial hacker toolbox that is actively exploited by computer criminals who take advantage of vulnerabilities in popular software. Up to 85 % of all virus infections occur as a result of drive-by attacks automated via commercial exploit kits.

The purpose of this study is to reveal precisely how Microsoft Windows machines are infected with malware and which browsers, versions of Windows and third party software that are at risk.

CSIS monitored more than 50 different exploit kits on 44 unique servers / IP addresses. Figures come from the underlying statistical modules, thereby ensuring an as precise overview of the threat landscape as possible. The statistical material covers all in all more than half a million user exposures out of which as many as 31.3 % were infected with the virus/malware due to missing security updates.

Among the vulnerabilities we have observed abused by the monitored exploit kits, we find:

CVE-2010-1885 Microsoft Help & Support HCP
CVE-2010-1423 Java Deployment Toolkit insufficient argument validation
CVE-2010-0886 Java Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE
CVE-2010-0842 Java JRE MixerSequencer Invalid Array Index Remote Code Execution Vulnerability
CVE-2010-0840 Java trusted Methods Chaining Remote Code Execution Vulnerability
CVE-2009-1671 Java buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll
CVE-2009-0927 Adobe Reader Collab GetIcon
CVE-2008-2992 Adobe Reader util.printf
CVE-2008-0655 Adobe Reader CollectEmailInfo
CVE-2006-0003 IE MDAC
CVE-2006-4704 Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
CVE-2004-0549 ShowModalDialog method and modifying the location to execute code

The report above describes those operating systems, browsers, and applications that are vulnerable in the real world scenarios they have observed.  Here it is slimmed down:

Internet Explorer is the worst offending browser. Mozilla is second.
Windows XP, Windows 7, and Windows Vista are the worst offending operating systems.
Java, Adobe Reader, and Adobe Flash are the worst offending applications.

Salient point is that, fully updated and patched installs let 70% of the infections through. Mainly because the technology is reactive. Even more salient is that only 13% of the successful infections relied on software that was Windows only (10% were IE exploits, 3% were Windows Help exploits) All you folks encourgaging your friends and families to buy Macs for the specific reason of their security are in for a world of hurt in a few years when Mac hits ~30+% market share. Kits are already starting to appear.

Conclusion: 99.8 % of all virus/malware infections caused by commercial exploit kits are a direct result of the lack of updating five specific software packages:

Java JRE 37%
Adobe Reader/Acrobat 32%
Adobe Flash 16%
MS Internet Explorer 10%
Windows HCP (Help) 3%
Apple Quicktime 2%

For the sake of security, I would not run Java, Adobe anything or Internet Exploiter.

We don’t want you getting viruses because it’s difficult to remove and more importantly, expensive and time consuming.

1. Uninstall java. Most end users never have a need for it and don’t update it.

2. Use Chrome to read PDFs or use Foxit. No need for Adobe, but to be fair Adobe’s new sandbox model in version X is resistant to viral infections and exploits.

3. Update flash as often as it says or switch to Chrome.

4. Use ESET NOD32 & HitmanPro for protection

Your Computer Appears to Be Infected

Google has begun warning more than a million Internet users that their computers are infected with a malicious program that hijacks search results and tries to scare users into purchasing fake antivirus software.

Google security engineer Damian Menscher said he discovered the monster network of hacked machines while conducting routine maintenance at a Google data center. Menscher said when Google takes a data center off-line, search traffic directed to that center is temporarily stopped. Unexpectedly, Menscher found that a data center recently taken off-line was still receiving thousands of requests per second.

Menscher dug further and discovered the source of the traffic: more than a million Microsoft Windows machines were infected with a strain of malware designed to hijack results when users search for keywords at Google.com and other major search engines. Ironically, the traffic wasn’t search traffic at all: The malware instructed host PCs to periodically ping a specific Google Internet address to check whether the systems were online.

Menscher said the malware apparently arrives on victim desktops as fake antivirus or “scareware” programs that use misleading warnings about security threats to trick people into purchasing worthless security software. He suspects that the fake AV program either ships with or later downloads the search hijacker component.

The malware intercepts traffic destined for high profile domains like google.com, yahoo.com and bing.com, and routes it through intermediate hosts or “proxies” controlled by the attackers. The proxies are used to modify the search results that a victim sees for any given search term, and to redirect traffic to pay-per-click schemes that pay for traffic to specific Web sites.

Fortunately, the traffic generated by the malware has a unique “signature” that Google is able to use to alert victims. Google is placing a prominent notification at the top of victims’ Google search results; it includes links to resources to help remove the infection.

Google should be applauded for alerting users, but the hard work will be in the cleanup: Search hijackers are notorious for blocking users from visiting antivirus Web sites or other popular sources of malware removal tools.
Here is the link with explanation: http://www.google.com/support/websearch/bin/answer.py?answer=1182191

A warning appears at the top of the search results page when we believe that the computer you’re using is infected with malicious software, also known as “malware.” Malware can be used to intercept your computer’s connection to Google and other sites. When Google’s system detects that a connection has been intercepted, it’s likely that the computer was previously infected with malicious software.

An infected computer can result in deleted data, stolen personal information, and a slower connection to many websites. We showed you the warning so that you can scan your computer and take any necessary action to protect yourself.

I understand how the link on Google’s warning essentially goes against all the things we’ve been taught to ignore online. It may not be a pop-up, but it’s also not something we went looking for. However, if I saw the warning… knowing that it’s not wise to click anything. I might be more prone to run my anti-virus or go to a security site to see if I could find anything on it. Naturally, having the warning on a Google search page would make me leary of searching for the information on that page.

The other thing we have to remember – is that these users are most likely ones that don’t know to not click on things. They’ll happily click it – and, for a change, be directed to something that will help them. Now yes, this can start to be spoofed and lead to bad things too – but again, remember, these people are already clicking links they’re told to… they’re going to be infected regardless. So what’s wrong with actually getting them to click something that will actually help them for a change?

Honestly, I think more of these types of things should be done. Users need to be better educated and learn how to protect themselves online. However, it’s nice to see others trying to make the internet safer instead of leaving all the responsibility on the user (who in most cases doesn’t even know the basics when it comes be online security).

While I’m grateful to Google for making the effort, the malware I’ve seen causing Google search redirections is _not_ simple to remove. Suggesting to users that they can just download a tool and get rid of it is doing them a disservice.

Despite Google’s intent, I have to side with the argument for consistency in dealing with my users. I have invested a lot of time and energy in getting them to not click links that appear to promise to solve problems–especially problems that are not apparent or that users might not understand.

So, I have just sent a notice to all users on my list that, should they see the Google alert message, to NOT click the clink, but to close the browser and then call for IT help. And no telling how quickly the scareware writers will mimic Google’s message, with their own destination to other malware embedded in the learn-how-to-fix-this link.

Everyone who gets this warning also needs to be aware that every password they’ve typed since infection now belongs to the criminals – e-mail, banking, etc. If Google has to inform users that they’re infected, what do you think the odds are that they have clean, restorable backups?

The ONLY way to guarantee that all bots are eliminated is to re-install the OS and apps from scratch. Take time to think about what you are doing and what can go wrong. Be particularly careful not to infect other systems or flash drives as you work.

Back up important data files. Make a drive image which can be searched for data files you forgot to back up. In general, do not recover old program files. Be sure to bring up the new system behind a hardware firewall / router until you get your security patches in place.

Allow me to repeat for emphasis the fact that: A FULL OS RE-INSTALL IS REQUIRED TO RECOVER FROM MODERN MALWARE and as I know very well, OS re-installs can be confusing and tedious. No, there is no easy way around this.

While the Microsoft Malicious Software Removal Tool has “removal” right up there in the title, and older malware might be removed, expecting that is a bad bet. Many or even most modern malwares simply cannot be “removed” in the sense of returning the original computer state. Once a bot is in place, it can modify any file, and there is no way to know what has been done, so there is no way to reverse it.

It’s usually some variation of the TDL4 bootkit/rootkit, and careless attempts to clean it up can leave a computer unbootable or result in irretrievable data loss. I’ve never yet seen a PC with this infection have just _one_ malware kit installed either, since they generally keep downloading botnet components.

The correct response to malware is to re-install the OS and apps. Remember that the malware in question is malicious because it modifies search results returned by Google. So we can assume that it has 100% control over the DOM presented by Google. In fact, it wouldn’t surprise me if the malware gets an “update” to simply hide this message.

Stay safe!

Seagate sees big drive capacity jump coming, I see problems for many users

Seagate expects a significant increase in disk capacities this year.

However. when you start pushing the data smaller and smaller, invariably more and more errors will become prevalent. A word to mention, Google created a report on hard drive failures, it is available here: https://docs.google.com/viewer?url=http://labs.google.com/papers/disk_failures.pdf&pli=1

I have written about hard drive problems before in the past: http://jet-computing.com/recover-from-errors-on-your-hard-drive-using-spinrite

Carnegie Mellon has written a report on the subject: https://docs.google.com/viewer?url=http%3A%2F%2Fwww.cs.cmu.edu%2F~bianca%2Ffast07.pdf

First of all Seagate is unfazed by the supposed coming tablet boom, with dozens of flash-using tablets bursting through the doors blasted open by the iPad, and multi-level cell flash posed to make inroads into the netback and notebook markets.

Second, Seagate expects 2011 to be a year of meaningful capacity increase transitions across its product line with a step up in areal density with sixth generation perpendicular magnetic recording (PMR). It’s saying there could be/will be a desktop hard disk drive (3.5-inch) transition this quarter and a notebook one (2.5-inch) around the middle of the year.

Seagate thinks it is three months ahead of competitors in the desktop HDD space and up to nine months ahead in the enterprise product space. We assume this is ahead in shipment and not announcement terms.

Where are we with Seagate’s current products? The 7,200rpm Barracuda desktops are at 2TB with the 4-platter XT and a 347Gbit/in2 areal density. A 2TB, 5,900rpm Barracuda Green has three platters and 422Gbit/in2. The enterprise Cheetah 15K.7 (15,000rpm) has 600GB and 225Gbit/in2 and the enterprise 2.5-inch Savvio is at 600GB with the 10K.4 (10,000rpm) and 252Gbit/in2, and 146GB with the 15K.2 (15,000rpm) and 237.1Gbit/in2.

The notebook Momentus 5400.7 offers 640GB on two platters with 507Gbit/in2 and is reckoned to be a fifth generation PMR drive. Where are these puppies going?

That depends on how much of a step change there is in areal density. The 4th to 5th generation PMR increase was around 30 per cent so let’s use that as the gen 5 to gen 6 increase, and see what it gives us. Barrucuda XT and Barracuda Green desktops jump from 2TB to 2.6TB while the 3TB, 5-platter Barracuda XT goes up to 3.9TB – surely that would be pushed to 4TB though.

The enterprise Cheetahs go to 780GB and the 10,000rpm Savvio will reach 780GB too, while the 15,000rpm Savvio will increase its capacity to 190GB – which might get pumped up to 200GB for round number comfort. In the notebook area the Momentus would get 832GB.

Recover from errors on your hard drive using SpinRite!

In the past week, I have had to deal with two failing hard drives. One personally and another from a paying customer’s machine.

My recently new Seagate hard drive on my desktop, started throwing errors and being noticeably sluggish at times. Not broken but just noticeably slow.  This might indicate some drive damage I thought.

So I pulled the log file and find:

[68489.756311] ata3.00: status: { DRDY ERR }
[68489.756314] ata3.00: error: { UNC }
[68489.951583] ata3.00: configured for UDMA/133
[68489.951604] ata3: EH complete
[68492.671124] ata3.00: exception Emask 0×0 SAct 0×0 SErr 0×0 action 0×0
[68492.671133] ata3.00: BMDMA stat 0×24
[68492.671140] ata3.00: cmd c8/00:08:55:e8:8d/00:00:00:00:00/e2 tag 0 dma 4096 in
[68492.671142] res 51/40:00:56:e8:8d/00:00:00:00:00/02 Emask 0×9 (media error)

Looking at some SMART data from the drive, I find more information. Seems that I have some uncorrectable errors that the drive itself cannot remedy and running a FSCK command from the terminal, does not fix it either. So, there is only one thing to do in a case like this, and that is SpinRite.

SpinRite is the industry standard system for hard and floppy disk care, maintenance, and data recovery. SpinRite utilizes deep analysis technology to recover loss and unreadable data to locate and lock unsafe areas from use, to move endangered data to safety, and to repair areas of the drive which have become damaged or bad through use. SpinRite should be reused periodically to aid in the prevention of hard disk loss.

The first three images are from a program used to pull technical details, from the drives being used on my Linux system, the software is called “GSMART”. The remaining images (blue DOS looking) are from the SpinRite CD itself.

So after booting the CD, SpinRite detects some sector errors on my “/” partition and proceeds to read and repair. Typically this may take hours or days on larger hard drives. Mine was completed in a  few hours. I’ve been using SpinRite to repair hard drives, for years now and find it indispensable. I am not guaranteeing a 100% recovery rate, but I wager to guess is at least 95% or more.

A word of warning here. If a hard drive is nearly “dead”, SpinRite often will warn against running anything except a basic data recovery; this warning should be heeded. If a drive is marginally readable, or is physically damaged to the point that heat or wear would kill it, SpinRite may very well be the last thing the drive sees.

This is because SpinRite is best used preventively. In my experience, running SpinRite every few months is a good way to detect far in advance that a drive is going to die.

SpinRite performs the following:

• Reads a sector of data.
• Checks for errors.
• Inverts the data.
• Writes the data back.
• Checks for errors
• Inverts the data again.
• Writes the data back.
• Checks for errors.

… and this happens several hundred million times. If SpinRite finds an error, it tries re-reading the data for a very long time to attempt to get just one good read. If it gets one, it turns on the hard drive’s own error correction so the drive will smack itself in the forehead and say, “Oh, dear, a bad sector! Let’s get a good sector to fill in and hide this bad one.” Then the data–or a statistically computed “best guess” (rather “better than anyone else’s guess”) at the data–is written to a safe(r) sector.

The end result is that SpinRite forces a hard drive to read and write every bit twice at this setting, which ensures the data is as safe as reasonable

Remember, computer hardware requires vigilant maintenance, just like one’s conveyance. SpinRite is no substitute for regular backups. Still, having the software around for maintenance–and knowing it’s there in an emergency–makes it worth it.