Friday, May 15, 2009

Windows 7 Release Candidate; The Good and The Ugly Sides

Microsoft's limited distribution of the Windows 7 release candidate (RC) on April 30 -- followed by its more widespread release a week later -- has triggered a firestorm of opinions, comments, critiques and compliments.
As usual, the commenters can be generally divided into two camps: Windows haters and Windows fans. On the whole, though, the RC has received a considerable amount of praise, even from some Macintosh users.
However, security -- always an issue with Microsoft -- could be a problem with the RC, which apparently has a security hole that has hung around on Windows operating systems for years.
Just Loving It
The Windows 7 RC has generated lots of positive comments.
Michael Cherry, a senior analyst at Directions on Microsoft, is running the RC on a newly purchased netbook with an Intel (Nasdaq: INTC) Atom processor and 1 GB of RAM. "I was skeptical because a lot of Microsoft executives were promoting running it on a notebook, but it works just fine," he told TechNewsWorld.
The RC has also generated quite a bit of fan mail. "So far, I'm apprehensively impressed," one fan signing himself "Daniel" wrote in response to an article on The New York Times' Gadgetwise blog about the RC. "Seems Microsoft really pulled their finger out to make this simple and sexy."
After running the RC for two days, another commenter on the blog, Joe Richards, said that he prefers his PC running Windows 7 RC over his Apple Macintosh.
Even on the Apple Blog, which (perhaps predictably) ripped the Windows 7 RC, there were a few favorable comments.
"I've used Windows 7 RC1 quite a lot and it's been blisteringly fast," wrote Chris Neal in response to a post about Windows 7 RC, suggesting that it outperforms Windows Vista, Windows XP and, in some cases, Apple's own OS X operating system.
The Other Side
Not everyone who has tried the Windows 7 RC has fallen head over heels in love with it, however. Naysayers include many other commenters on the aforementioned Apple Blog.
Among them is Christian Walker, who considers himself as a hardcore Windows user. The Windows 7 RC has "frozen up on me as much as and perhaps even more than Vista," he wrote, adding that the RC also caused him other problems. "Let's just say I'll be purchasing a Mac. My first Mac."
Meanwhile, security vendor F-Secure points out on its blog that the Windows 7 RC retains a known security hole in Windows Explorer that lets malware authors trick people into clicking on and downloading their malware.
This is a feature that hides extensions for files. Instead of seeing a file name with the extension ".doc" or ".txt" ("Finances.doc" or "MyFile.txt"), for example, users will see the file name without the extension (simply "Finances" or "MyFile").
The problem has been around since Windows NT, according to the F-Secure post. Windows NT, a family of operating systems first released in 1993, is the first fully 32-bit version of Windows.
Hiding the Extensions
Malware authors leverage the extension-hiding feature by renaming an executable file, which uses the ".exe" extension. "The trick was to rename 'Virus.exe' to 'Virus.txt.exe' or 'Virus.jpg.exe' and Windows will hide the '.exe' part of the filename," the F-Secure post says.
However, this may not be much of an issue, according to Directions on Microsoft's Cherry. "The first thing I do on any Windows machine is set the file attribute so I can see the attributes even on hidden files," he noted.
"Microsoft uses this feature because it's very confusing to a lot of users to see all these file extensions out there," Cherry explained. "They just want to name their file. They don't want to know the difference between the '.xls,' the '.doc' and the '.dot' extensions, for example."

Monday, May 4, 2009

How to Find out Keylogger? | Is keylogger insalled on my System?

What a keylogger do?

It traces all your keystrokes, and sometimes screenshots of your display and sends the information to the email id of the desired person frequently. It is very harmful since it can capture our username, password and other personal information.

There are software and hardware keyloggers. It is pretty easy to find hardware keyloggers : check the keyboard cable connected to the PC, and observer is there any extra connectors between your PS2 or USB connector and port, and remove it.
Software keyloggers are very harmful and very difficult to find out.

A keylogger is a harmful program that runs almost invisibly as a low level system process. Usually started up when your computer is booted - so there is no way of you detecting it - this program logs all the keys that you type and then sends that information out to the person who infected you with the keylogger.

Keyloggers are extremely dangerous and can be used to steal personal information such as your social security number, credit card number, and passwords to just about everything. This may lead to identity theft or theft in general. Keyloggers are especially dangerous to anyone who uses online cash sites such as PayPal for a large amount of money.

When you suspect that you are infected with a keylogger, do NOT type any personal information. Even if you are typing in a normal word document, the keylogger still keeps track of everything you type.

Sponsored Links

Alternatively, if you suspect that keylogger is installed and you want to type your username and password with an immediate requirement, use on screen key board instead. This is a very good tool to overcome keylogger, since keylogger trace only the key strokes of hardware keyboard.

Go to run à type osk à hit enter; now you will get on screen keboard.

These days some of the websites, especially banking websites, started adding onscreen keyboards on their website, to prevent possible threat of key logging.
But email web portals and similar websites not yet started providing this option.

Doing this opens up a keyboard on your screen so that you can click whatever letter you would like to type. Since a keylogger does not track where and what you click, this helps you to get around it in times of urgency. Typing with the on-screen keylogger is a great hassle. The only alternative is the remove the keylogger completely.

Before you can destroy the keylogger and make your compute safe, you will need to detect it. Detecting a keylogger is not easy. It can be installed in over a 100 places on your computer, usually located in one of the system files. However, there is a much easier way to detect if a keylogger is running or not. Right click on your menu bar and click Task Manager. Alternatively you can press Ctrl + Alt + Del. You should be looking at all the applications you are running at the moment. Click the tab that says Processes. This gives you information about all the programs, hidden and visible that your computer is currently running.

Unless you know a lot about which processes the computer runs and does not run you will have trouble figuring out what you are looking at. The name of each process is under Image Name. The keylogger will show up on the list of processes as well as many other programs and background processes. However, you may not be able to distinguish between the different processes.

You will need to know which process to end before you can stop the keylogger. There are many sites available on the Internet that provides a vast amount of information on each and every process that you may encounter. One of these sites is Liutilities. This site provides some background information on each process as well as telling you the author and which program it is part of. One of the best features of this site includes a recommendation about what to do with that process. Most of the time, the process you look up will be harmful and simply part of the operating system or another program you are running.

Another fantastic site for information on processes is Neuber. As with Liutilities, Neuber gives you background information on that process. A special feature they have is user created comments. Anyone can rate a process in terms of its security a leave a comment about how to deal with the process. Generally, these comments are very accurate. Neuber also provides a 'security rating' for each process based on the average rating by users.
However, some find it hard and long drawn out to research each process individually. Thankfully, there is a program called Security Task Manager that is free to download. It will display information about each of the processes that are currently running, as well as telling you if they are dangerous or not. You will immediately be notified should anything harmful come up. Produced by Neuber, the program also shows the security rating and a random comment made by a user for each process. This program does have its disadvantages though. Processes that the program has never encountered before are not given a security rating or a comment. It is therefore advised that you research these processes individually.

Once you have found the harmful process, click the process and then click the 'End Process' button towards the bottom right. The process you have selected should be terminated immediately.

Once this is complete, you should be safe until you reboot your computer. If you do not delete the keylogger, upon rebooting your computer, the keylogger will start up again.
Once you have stopped the keylogger, run anti-virus and spyware checks on your entire computer. Some free virus scan utilities that are recommended are A2, Dr. Web and AVG. However, highly advanced keyloggers such as TypeAgent, KGB, and SpyOutside can often slip through these scans and remain undetected.

If the anti virus scans fail to show any result, you will need to manually detect and delete the keylogger. Keyloggers are usually located in the system files, so do not delete anything that you aren't 100% sure is the keylogger. Doing so may lead to errors in other areas of the computer. Go to 411-spyware and search for the type of keylogger that has infected your system. If it is listed, there should be instructions about how to manually remove the keylogger.
A great way to check if the keylogger has been completely removed from the system is to reboot. Remember the name of the keylogger's process and reboot the computer. If the process is not there when the computer has rebooted, you are safe.
Related Posts Plugin for WordPress, Blogger...