Rootkits are becoming more common. By infiltrating deep into the system they are very hard to remove without damaging vital system resources. You play a game of tag, trying to remove the debris from the registry, while the rootkit runs on ahead, reclaiming territory you thought you had cleaned up. One of my clients recently lost his Windows ME to a rootkit. We ran some great antispyware tools, installed a compatible firewall (hard to find for ME), but it was too late. Soon all of his files were inaccessible, although he could still send e-mail. Rootkits love to copy themselves over the internet, so they often keep this resource alive when all else seems to drag into infinity. One client reports the sound of a child laughing, which indicates the contamination. Auditory hallucinations, or the first sign of impending doom?
XP's firewall seems to be sufficient for stopping rootkit contamination, and Windows 98 does not seem to be a big target. I have a feeling that Vista will resolve a lot of these issues. Or you can always switch to Linux!
Monday, December 11, 2006
Wednesday, November 15, 2006
Linksys drops settings
I have noticed that several of my small business clients consistently lose their Linksys router settings, affecting their cabled and wireless networks. It happens randomly, with no particular regularity. However, three clients report that this has happened more than once. As they did not know how to access the router settings, they could not have changed them. What they experience is that they can no longer connect to the internet until we go into the router settings and reset them. Sometimes all the settings are gone, but most of the time we just have to tell the router to connect. They are all on DSL.
If this is happening to you, you can check your Linksys settings by opening your browser and entering http://192.168.1.1 into the address bar. It will ask you for a password: If you don't know it, try leaving it blank, or entering "admin" - if neither of these work you may have to reset the router (small button), or call Linksys/Cisco for free support.
If this is happening to you, you can check your Linksys settings by opening your browser and entering http://192.168.1.1 into the address bar. It will ask you for a password: If you don't know it, try leaving it blank, or entering "admin" - if neither of these work you may have to reset the router (small button), or call Linksys/Cisco for free support.
Thursday, November 09, 2006
OSX 10.3 firmware update kills monitor
With the introduction of OSX 10.3, Apple demands JEDEC compatible RAM. How did I learn this? While updating a friend's computer to OSX 10.3, I encountered a new phenomenon for me, the disappearing screen. Let me tell you the story...
Bob has an iMac G3, which according to Apple is compatible with OSX 10.3. However when we tried to install 10.3, we received a message asking us to upgrade the firmware, a message that is typical for Apple upgrades. To update the firmware, you go to Apple's firmware list, and download the upgrade for your model, then run the installer, turn off the computer, and start it up while holding the programmer's key, a small button with a carat symbol. You hear a long chime, and the firmware is updated.
However, due to a little-known problem, Bob's firmware update crashed his video....the screen died, although we could hear the computer starting up and spinning the CD. There was no way to access the open firmware settings or the console. Had the firmware update crashed? Did we permanently damage the boot ROM? No, the answer was both simpler and more complex.
I swapped the hard drive into another iMac, and it booted correctly, displaying a message, "Your firmware update is complete!" - seemed like a good sign. Next I swapped the RAM from the working iMac into Bob's iMac. Now it started up with the normal tone, then emitted three beeps and stopped working. I went a step further and dug out some RAM sticks I had lying around. After trying a couple, I found one that worked. Bob's iMac started up correctly, booted his hard drive and the monitor. Soon after that I found this document on Apple's website:
Firmware Update: Firmware Updates 4.1.7 and Later May Disable Out-of-Spec Third-Party RAM
http://docs.info.apple.com/article.html?artnum=60839
So remember team:
"When purchasing RAM modules for use in Macintosh computers, make sure that they conform to the JEDEC specification."
Otherwise you may face the blank screen of death!
Bob has an iMac G3, which according to Apple is compatible with OSX 10.3. However when we tried to install 10.3, we received a message asking us to upgrade the firmware, a message that is typical for Apple upgrades. To update the firmware, you go to Apple's firmware list, and download the upgrade for your model, then run the installer, turn off the computer, and start it up while holding the programmer's key, a small button with a carat symbol. You hear a long chime, and the firmware is updated.
However, due to a little-known problem, Bob's firmware update crashed his video....the screen died, although we could hear the computer starting up and spinning the CD. There was no way to access the open firmware settings or the console. Had the firmware update crashed? Did we permanently damage the boot ROM? No, the answer was both simpler and more complex.
I swapped the hard drive into another iMac, and it booted correctly, displaying a message, "Your firmware update is complete!" - seemed like a good sign. Next I swapped the RAM from the working iMac into Bob's iMac. Now it started up with the normal tone, then emitted three beeps and stopped working. I went a step further and dug out some RAM sticks I had lying around. After trying a couple, I found one that worked. Bob's iMac started up correctly, booted his hard drive and the monitor. Soon after that I found this document on Apple's website:
Firmware Update: Firmware Updates 4.1.7 and Later May Disable Out-of-Spec Third-Party RAM
http://docs.info.apple.com/article.html?artnum=60839
So remember team:
"When purchasing RAM modules for use in Macintosh computers, make sure that they conform to the JEDEC specification."
Otherwise you may face the blank screen of death!
Wednesday, October 18, 2006
Anti-Rootkit Tools
There are two free tools that can help with detecting rootkits: Sophos Anti-Rootkit (www.sophos.com/products/free-tools/sophos-anti-rootkit.html) and Rootkit Revealer ( www.sysinternals.com/Utilities/RootkitRevealer.html). While both are useful tools, Rootkit Revealer digs deeper and returns more information than the Sophos tool. Some rootkits may prevent Rootkit Revealer from running properly, and you will receive an error message. This is a good sign that there is a rootkit on the machine. Some rootkits that I detected with Rootkit Revealer, were not detected by Sophos Anti-Rootkit, therefore I would recommend running both if you suspect a rootkit on your system.
Saturday, August 26, 2006
Vulnerability
"Feature-Rich" would be a good description for the majority of new software offerings. But with more features can come more vulnerabilities. The latest spectre is the dreaded "rootkit" which is rumoured to transform a $1000 computer into a pile of trash. Rootkits allow hackers to zombify your computer. They decide how much functionality is leftover for you, after your computer sends a million spam e-mails to Canada. Not a pretty sight.
Rootkits can be revealed. However, they show a dangerous precedent. There is currently no 100% defense against hackers, short of pulling your network connection. You can imagine a future where rootkits and other hacker tools mean your computer is not your own while it is plugged in on the internet. Because rootkits are very hard to detect, they are the ultimate trojan horse. As long as a hacker only uses part of your internet bandwidth, you may not even detect the manipulation.
Subscribe to:
Posts (Atom)