MarcoFrom.Com ☆ Marco in Seattle

« November 2004 | Main | January 2005 »

December 27, 2004

A short introduction on computerviruses (-virii)

Definition

A computervirus is a program that multiplies itself, just like the biological virus. That’s the basic definition, but common use of the word computervirus is a little more biased:
A computervirus is a malicious piece of code written with the intention to harm as many systems as possible. It is rather a philosophical decision witch definition one prefers.

Architecture

All viruses are build out of the same components (note that all but the first one are optional):

1. Replication code: Spread the virus to other files, diskettes, systems, ... . Also contains a selection routine, that determines which target is chosen next.
2. Avoid-Detection code: Hide the virus from simple pattern scanner through code changes with every replication (see Polymorphic virus)
3. Action code: Triggered by a certain event (e.g. a special date). Can be harmful (e.g. deleting data) or just a gag screen ("give me a cookie").

The virus types

Bootvirus

This type of virus resides in the bootsector of diskettes or harddisks. As these sectors are read at a very early stage of the boot-process the virus is already memory-resident before any antivirus-software can be active. These viruses are spread by booting from an infected device on a clean system. Protection: Do not boot from untrusted disks. Disinfection: On DOS-based-systems "fdisk /mbr" rewrites the master boot record and thus overwrites the virus.

Filevirus

Executable files (.COM, .EXE, .SYS) were the targets of this virus-type, now Windows extended this list with (.DLL, .SCR, .DLL, ….). When a file is infected the virus replaces the original file-loading code with its own code with the result that the virus is executed before the actual program. Protection: Do not execute untrusted programs. Disinfection: Only with antivirus software (not always possible, since sometimes original program data is lost).

Macrovirus

Modern office suites like Microsoft Office offer powerful macro-languages. This macro code can be embedded into documents, thus making them ideal hosts for computerviruses. Protection: Do not execute untrusted documents, disable auto-execution or all macro functions Disinfection: With antivirus software or via copy and paste of document content into a clean one

Trojan horses

Like in ancient Troja, things are not always what they seem. A program that offers some nice function may do some nasty things in the background. Often these programs promise something unrealistic like doubling the processor speed. Protection: Do not execute untrusted programs, download only from trusted organisations Disinfection: Just delete the program

Backdoor programs

These programs are similar to Trojan horses, since they do not hook on any other program either. When active a backdoor program enables a hacker to access the infected machine over a network. This access may range from just reading some files (or passwords) to full control of the system. A well known backdoor program is Back Orifice. Protection: Do not execute untrusted programs Disinfection: Delete program (may be tricky, antivirus software may be of help)

Worms / Email-viruses

These viruses replicate over networks (mostly via email). Some worms use bugs in the operating system or mail program, but most rely on user interaction (like the Loveletter virus required the user to execute the attached visual basic script). Protection: Do not execute untrusted email attachments, do not use html-mails, disable potential security risks like VBS, apply latest security patches to OS and mail program, set up your system to show extensions of known file-types Disinfection: Delete email / program (may be tricky, antivirus software may be of help)

Hoax

A warning of a virus that doesn’t exist is called a hoax. The warning itself is the virus. These warnings, mostly in the form of emails, contain horrible descriptions of what the virus will do to your system and often quote big companies like IBM or Microsoft confirming that the virus is really bad. There are also other hoaxes or chain-letters that refer to other invented stories – they all advice you strongly to forward the mail to every one in your address-book. The damage that is done by these mails is hard to measure, but the consume expensive bandwidth on our always-slow network connections. Protection: Tell your email-buddies not to forward any virus warnings – at work it is the duty of your system administrator to warn the employees of possible dangers. Use your common sense. Disinfection: Delete email and do not forward it.

Polymorphic virus

Some viruses try to avoid detection by antivirus software by changing their code with every replication. Luckily this only fools very simple pattern scanners. This trick my be used by every type of virus (so no special protection or disinfection tips here).

Remarks

• "Untrusted" refers to files or disks that were downloaded from servers where you cannot be sure of the trustworthiness of the operator, that were sent to you without request and were not checked with an up-to-date antivirus software.
• Always use your common sense – information is the best protection against computerviruses.
• A recent backups of your data are essential for every serious computer user, too (not only viruses can harm your system).
• Keep your antivirus software up-to-date.
• Disable possible security risks, like VBS or macro extensions of your software and enable them only if you explicitly need them.
• Change the boot-sequence to boot from harddisk first.
• If you have discovered a virus on your system remain calm, do not exchange data with other systems any more. Try to identify the virus and take appropriate actions. Upon disinfection scan all possibly infected media. Warn all people you recently exchanged data with, especially the source of the infection. At work contact your system administrator or designated virus-institution.

Antivirus software

Always protect your system with an up-to-date antivirus software. It is also advisable to have a bootdisk with an executable antivirus software at hand in case your system cannot start after a virus attack. The system has to be scanned regularly, as well.

There are different possibilities for antivirus software to discover an infection: The techniques that are used here are pattern scan (identify the virus by a typical code signature – can be tricked by a polymorphic virus), heuristic scan (search for code patterns typical for virus-like activities – my produce false alarms when scanning low-level system utilities), checksum scan (monitor file changes – since executables shouldn’t change a change would indicate an infection) and background scan (monitor the system for virus-like activities and scan every file that is created, opened or executed – may decrease system performance).

Since today almost every computer is connected to the internet a personal firewall is advisable, too. These programs monitor the ports of your network connection (especially the well-known ports used by backdoor programs) and can prevent hackers to access your system.

Advertisement

For more information (in German) and links to free and commercial antivirus software visit ma-de.de.

Posted by marco at 11:14 PM | Comments (0)

December 24, 2004

I made it

People take your kids inside, Marco got his drivers license ;)

I lost only two points for not knowing where left and right is ... but that wasn't even in the WA Driver Guide! Anyway it's not too special since I have been driving around for 8 years already - only the possibility of failing made it special.

Posted by marco at 1:18 AM | Comments (0)

December 22, 2004

A very special xmas greeting

Click here to see it!
And here for more ;)

Posted by marco at 11:28 AM | Comments (1)

December 20, 2004

See this movie ;)

Posted by marco at 11:36 AM | Comments (3)

December 17, 2004

Got ducktape?

View image

Posted by marco at 4:24 PM | Comments (1)

December 15, 2004

Birds and Bees in the 21st Century

Bobby SAYS: Daddy, how was I born?

DAD SAYS: Ah, my son, I guess one day you will need to find out anyway!

Well, you see your Mom and I first got together in a chat room on MSN.

Then I set up a date via e-mail with your mom and we met at a cyber-cafe.

We sneaked into a secluded room, where your mother agreed to a download from my hard drive.

As soon as I was ready to upload, we discovered that neither one of us had used a firewall, and since it was too late to hit the delete button, nine months later a blessed little Pop-Up appeared and said:

"You've Got Male!"

Posted by marco at 11:05 AM | Comments (0)

December 14, 2004

Achtung!

This is "The German Joke of the Day":

Geklaut bei Einmon ;)

Posted by marco at 5:45 PM | Comments (1)

December 13, 2004

Eüropa - mit oder ohne Scharf?

www.eüropa.de

Posted by marco at 5:47 PM | Comments (0)

A story about democracy

On a neighborhood party we heard the following story:
We were protesting against Bush on his only visit to the state of Washington. Of course we brought posters and signs.
Nearby was a group of Bush-Fans and a lady with her kids was angrily yelling at us protesters: "Why are you disturbing the peace here? I came here to show my kids democracy!"
I am not sure that the equation Bush=democracy is true ;)

Posted by marco at 3:22 PM | Comments (0)

Nutella in USA

The good news for us Germans is: Nutella is available in stores here and it tastes exactly like at home! BUT:

You don't eat Nutella with salty Pretzels (Which are spelled Breze(l) correctly, by the way!) nor with salty crackers... *shudder*

Posted by marco at 3:13 PM | Comments (0)

December 9, 2004

Innocent English

One of my German Professors once said during a lecture: "I have to go do something in the secretary"
Here is a couple of other funny lapses made by non native English speakers:
Innocent English

Posted by marco at 3:35 PM | Comments (0)

Nice shot - Seattle by night

I did this during our launch yesterday from the Pacific Medical in night shot mode:

Posted by marco at 3:29 PM | Comments (0)

Rent Gay P0rn from Amazon.co.uk

Yesterday we finally launched the project that took most of my time awy for the past month - so now you can rent DVDs from Amazon.co.uk! ... and I can get home before 9pm and might not have to work on the weekend for a change ;)

One discussion during that launch was if we were recommending gay porn to our customers. The dvd in question was this one:

Since the movie is rated 15 I'm pretty sure it is not porn at all. And the guys are wearing jeans (also quite uncommon for porn movies). And in the UK nobody would really care. When I did some research on the movie I found out that I had previously heard about it (see Imdb: Coming Out): It was the first movie about gays in the former GDR and had it's premier roughly the same time as the fall of The Wall. No porn there, anyway.

Posted by marco at 3:12 PM | Comments (0)

December 2, 2004

Canada busy sending back Bush-dodgers

The flood of American liberals sneaking across the border into Canada has intensified in the past week, sparking calls for increased patrols to stop the illegal immigration. The re-election of President Bush is prompting the exodus among left-leaning citizens who fear they'll soon be required to hunt, pray and agree with Bill O'Reilly.

Canadian border farmers say it's not uncommon to see dozens of sociology professors, animal-rights activists and Unitarians crossing their fields at night. "I went out to milk the cows the other day, and there was a Hollywood producer huddled in the barn," said Manitoba farmer Red Greenfield, whose acreage borders North Dakota. The producer was cold, exhausted and hungry. "He asked me if I could spare a latte and some free-range chicken. When I said I didn't have any, he left. Didn't even get a chance to show him my screenplay, eh?"

In an effort to stop the illegal aliens, Greenfield erected higher fences, but the liberals scaled them. So he tried installing speakers that blare Rush Limbaugh across the fields. "Not real effective," he said. "The liberals still got through, and Rush annoyed the cows so much they wouldn't give milk."

Officials are particularly concerned about smugglers who meet liberals near the Canadian border, pack them into Volvo station wagons, drive them across the border and leave them to fend for themselves. "A lot of these people are not prepared for rugged conditions," an Ontario border patrolman said. "I found one carload without a drop of drinking water. They did have a nice little Napa Valley cabernet, though."

When liberals are caught, they're sent back across the border, often wailing loudly that they fear retribution from conservatives. Rumors have been circulating about the Bush administration establishing re-education camps in which liberals will be forced to drink domestic beer and watch NASCAR.

In the days since the election, liberals have turned to sometimes-ingenious ways of crossing the border. Some have taken to posing as senior citizens on bus trips to buy cheap Canadian prescription drugs. After catching a half-dozen young vegans disguised in powdered wigs, Canadian immigration authorities began stopping buses and quizzing the supposed senior-citizen passengers. "If they can't identify the accordion player on The Lawrence Welk Show, we get suspicious about their age," an official said.

Canadian citizens have complained that the illegal immigrants are creating an organic-broccoli shortage and renting all the good Susan Sarandon movies.

"I feel sorry for American liberals, but the Canadian economy just can't support them," an Ottawa resident said. "How many art-history majors does one country need?"

In an effort to ease tensions between the United States and Canada, Vice President Dick Cheney met with the Canadian ambassador and pledged that the administration would take steps to reassure liberals, a source close to Cheney said. "We're going to have some Peter, Paul & Mary concerts. And we might put some endangered species on postage stamps. The president is determined to reach out."

Posted by marco at 11:40 AM | Comments (2)