Monthly Archives: October 2005

Football

Georgia vs Florida

14-10, crushing defeat.  Brings the season to 7-1.  :(

Football

Razorbacks vs. Dawgs

Georgia moves to 7-0 after eeking out a 23-20 win over the Arkansas Razorbacks.  Already bowl bound in October.

Football

Georgia-Vandy

Georgia moves to 6-0 with a 34-17 win over the Commodores.

Football

Georgia vs. Tennessee

5-0 season so far, Georgia defeats Vols 27-14

Mac OS X Mac OS X Server

Finding Things on Mac OS X

Mac OS X has a number of commands that will help you find things.  There’s find, grep and way more.  But the easiest of them all to use is locate.  To run locate simply type the word locate from within terminal followed by the case sensitive string of what you are looking for.  For example, if you want to find all files with the word Krypted in the name use the following command:

locate Krypted

Keep in mind when using the locate command that it will also find files that have the name in the path, so if I have a folder called Krypted, every single file in that folder will appear.

On the Road

On the Road: DC

There are few cities where it is hard for me to stay on-task.  This is one of them.  I want to leave the job early every day to go to some museum or another.  I came here once in college and loved it and it turns out I still do.  Every time I come here I want to hit memorials, the Smithsonian, etc.  It’s a learning experience in the history of American Civics.  Miss Connor would be proud.

Windows XP

Malware: the Cat and Mouse Game

I originally posted this at http://www.318.com/TechJournal

Spyware is software that covertly gathers user information through the user’s Internet connection without their knowledge, usually for advertising purposes. Adware refers to any software application or program displaying advertising banners or Pop-up. Adware is often considered spyware (although not always) and is typically installed without the user’s knowledge. Malware is a general term that encompases both of these and often viruses and trojan horses, which can cause computers to become slow due to the amount of processing power that these applications can take and the number of them that can infect computers.

Malware applications are typically bundled as a hidden component of shareware programs, online music, scripts hidden on websites and viruses that can be downloaded from the Internet. Over the past two years, many products have been released such as Windows XP Service Pack 2, Adaware and Spybot Search and Destroy that can effectively remove spyware. However, spyware and adware authors were able to make a lot of money from their pseudo-legal actions and have become better programmers in their newfound spare time.

Many spyware and adware products have begun to incorporate the use of root kits into their software. A root kit is a set of tools used by intruders once they have hacked into a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes. Root kits often discuise themselves in order to prevent detection. Root kits exist for a variety of operating systems such as Linux, Solaris, and versions of Microsoft Windows. Root kits are typically used by attackers to build collections of slave systems and hide their tracks.

By using techniques that are most commonly attributed to attackers, spyware and adware products are becoming more and more harmful to systems. The utilities that once helped to resolve malware issues on systems are not working as well as they once did because of these new techniques employed by malware authors. Many of these techniques go far beyond simply hiding the malware and involve teaching the operating system to pretend that the malware doesn’t exist to make it almost impossible to find.

RootKit Revealer is a free product distributed by sysinternals.com that can search for known root kits. A litmitation of this application is that it doesn’t find new attacks that were released since the last revision of Rootkit Revealer. Microsoft is also looking into software that can detect root kits with their Strider Ghostbuster Project. Both RootKit Revealer and Strider Ghostbuster not only look for root kits but also look for any attempts to hide any applications from the operating system.

This was effective when the projects were announced and first released. Now, a new generation of malware is coming along that is intelligent enough to actually hide itself from standard searches and then not hide itself from the RootKit Revealer or Strider Ghostbuster scans. The finesse with which authors of malware are creating their root kits often leaves one wondering who is ahead in the game.

For more information on the many rootkit removal services that may be available to your business, please contact Three18, Inc. at 310-581-9500 or via email at sales@318.com