Practical 3.2 Testing your antivirus software

hello..... if you are the type that doubts your antivirus software and wants to test if it really works then continue on reading..... To test your antivirus software you will need to introduce a virus into your computer system so that your antivirus software can detect it.... So to test your antivirus software....first go to your start menu and search for "Security Center"... there, make sure that your "Virus protection settings" should be ON, if it is not, click on the "Recommendations" button and indicate that you want it to monitor your antivirus software...

OK after all the preparations and checkings.... NOW, go to www.eicar.org/anti_virus_test_file.htm or got to any search engine and search for "EICAR AntiVirus Test File".... doing either methods will bring you to the webpage as shown in the next screenshot>>>>>


This webpage introduces to you about the Anti-Virus or Anti-Malware test file.....(PLEASE NOTE!!!! this is not a real virus and does not even contain any viral codings.... this is just a file that your antivirus software will detect and treat it as a virus), continue scrolling down to come to a few downloading links....

NOW for the 1ST test for your computer's antivirus software...... Click on the eicar.com link to download it....WAIT..... DO NOT!!!! accept the download first... wait for a while to see if your antivirus software reacts to it. Most of the time your antivirus software will react to it and alerts you by showing an error message as shown in the screenshot below(in this case, I am using the Symantec Endpoint Protection antivirus software), if no alert message appears.. it means that it is time for you to go update your antivirus software......

After you close the alert messages, cancel the download....

Now continue on to the 2nd test..... For the second test click on the eicar_com.zip link to download the compressed version of the eicar.com file....AGAIN wait to see if your antivirus software detects it....if after a few minutes no alert message appears...proceed to download the eicar_com.zip file to any location on your computer system.....If your antivirus software still does not react to it and present to you an alert message as shown in the screenshot below.... Open the zip file and scan it... by now your antivirus software should shown the alert message alert already...(different antivirus software acts differently, some of them immediately detects it when you download it,even if it is compressed in a zip file;usually the more recent and powerful versions.Others detect it when the fake virus file has been successfully downloaded into your computer system.Lastly, your antivirus software should detect it if you open the zip fle and scan its contents.....if even after this, your antivirus software did not detect it that means you have been cheated and should immediately find a new antivirus software).....

After the 2nd test comes the last test, click on the eicarcom2.zip link to download a double compressed version of the eicar.com fake virus file...again repeat the previous steps; wait to see before downloading, then if that fails proceed to download, open the file if it has not been detected yet, and then lastly scan the contains of the file.....

After you have finish testing your antivirus software.... REMEMBER to delete all eicar fake virus files from your hard drive(if your antivirus software hasn't done it for you)

In my case both eicar_com.zip and eicarcom2.zip files were detected once they were successfully downloaded into my computer system...thus my antivirus software is functioning well :):):)

REFLECTIONS!!!!!

I am using the "Symantec Endpoint Protection" antivirus software.

It integrates essential technologies such as antivirus, antispyware, firewall, intrusion prevention, device and application control. It also enables instant NAC upgrade without additional software deployment for each endpoint.

Practical 2.3 Blocking a USB drive

For those who has their flash drives pluged-in into their computer 24/7 this would be a good software for you.....The Thumbscrew software.....This sofware would prevent anyone from editing any contents in your USB flash drives...... To get this useful software>>>> simply open any web browser and go to irongeek.com/i.php?page=security/thumbscrew-software-usb-write-blocker .......OR... go to any search engines and search for "Irongeek Thumbscrew"..... both ways will bring you to the website as shown in the next screenshot>>>>>>


After reaching this website.....just simply click on the "Download Thumbscrew" link to download the file..... After successfully downloading the file>>> double click on the Thumbscrew .exe file to run the program after a short while you will notice a new icon appearing at the bottom right of your computer screen(where the time and date are)....

As shown in the screenshot above.... that is how the icon would appear when you intially installed it....the program is now in a status whereby it allows the USB flash drives to be editted....

SO.... to test out if your USB drive blocker works..... click on the thumbscrew icon and choose "Make USB Read Only".... After which you will notice that the thumbscrew icon has now changed into another icon as shown in the screenshot below>>>>>

Now the thumbscrew icon has a red circle with a slash over its old icon..... This means that it is now blocking anyone from editing the contents of the USB drives that is connected to the computer..... After which... to make sure that it really blocks any editting copy any file to a USB flash drive that has already connected to your computer.... If it work it will produce an error message as shown in the next screenshot to tell you that your flash drive is write-protected>>>

If an error message appears..... then CONGRATULATION!!!! your USB blocker is fullly operational....... HOWEVER, if ther error message does not appear as shown in the above screenshot and you find the file that you copied appears in your flash drive , it does not necessarily means that your USB blocker software is faulty.....If this happens, right click on your flash drive and click "Properties".... After that, click on the "Hardware" tab, click on the "USB flash Memory\USB device" and then click on the "Properties" button....

After that.... another pop up will appear this time click on the "change settings" button....

Next click on the "Policies" tab and then check the "Better performance" circle instead of the default choice

Finally click on OK, it should work this time, so try copying another file to the same flash drive and the error message should pop up........

REFLECTIONS!!!!!!!

I think it is important and necessary to control the permission of a USB device, so that those who are not authorised would not be able to illegally edit and change the contents of the USB device for malicious intentions..... Other than "Thumbscrew" there are also other USB blockers such as the USB blocker by netwrix: www.netwrix.com/usb_blocker_freeware.html and another one by YzfSoft: www.brothersoft.com/usb-blocker-65603.html .... and more.... BUT I do not guarantee the safety and efficienicy of these other USB blockers so, test them out at your own risk..

Practical 2.1 Scanning for rootkits

This time would be about ROOTKITS..... And I will be using a rootkit revealer to scan for rootkits>>>> So to get your own rootkit revealer tool, first, open any web browser and enter the URL www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx or if you cannot get to the website....just go to any search engines and search for "RootkitRevealer"<><><>both will end you up in the website as shown in the screenshot below......

After reaching this website(as shown in the screenshot above) simply click the "Download RootkitRevealer" hyperlink to download the tool..... This webpage also as an introduction to this tool so,,,, you can read this introduction first before downloading to better understand this tool and what it does......

After successfully downloading it..... double click on the rootkit revealer zip. file and extract all the contents to any file that you want to....


After extracting run the rootkit revealer exe.file...... Depending on the computers that you are using,,,, the rootkit revealer screen will appear while others will have a popup message appearing, as shown in the screenshot below, if this happens just simply click the "View the message" button to view the rootkit revealer screen.... After which click on the "File" tab and then choose the "Scan"

After which,.,.,.,. the scanning will start......For those who needs to click on the "View the message" button to view the rootkit revealer scanner..... you would not be able to get out of the screen by simply clicking alt+tab.... to return to your desktop screen you would have to click the "Return now" link,,,,, do not worry,,,, the scan will continue>>>>and if you want to return to the rootkit revealer screen....just simply repeat the "View the message" steps to return.....Sorry but this time I wouldn't be able to show any example of rootkits being detected as the rootkit revealer screen does not allow print screen..... HOWEVER.... after the scan is completed, when you browse through the name of the files being detected, IF you find any discrepancy in any of the file names it does not neccessarily means that it is a rootkit......So do not anyhow go delete any files that has a discrepancy in its name....

REFLECTIONS!!!!!

According to wikipedia.org..... a rootkit is a software or hardware device that is designed to gain administrator-level control over a computer system without being detected....

There are a total of six different types of rootkits,, and they are:

-Firmware/Hardware-level rootkits

-Hypervisor-level rootkits

-Boot loader-level rootkits

-Kernel-level rootkits

-Library-level rootkits

-Application-level rootkits

If you would like to better understand what these different levels of rootkits do and how different they are from each other....just go to this link: http://en.wikipedia.org/wiki/Rootkit

Practical 1.4 Microsoft Windows Malicious Software Removal Tool

u hu... this time it would be about scanning for malwares using the Microsoft Windows Malicious Software Removal Tool...by the way "malwares" are short-forms for "malicious softwares"...... this tool runs in the background, checking for infections in the computer by specific malwares and then helps to remove these infections when found......

So,,,,,, to get this cool tool.... first open any web browser and go to www.microsoft.com/security/malwareremove/default.mspx
OR..... if this link does not work then go to any search engines and search for "Microsoft Windows Malicious Software Removal Tool"......Either way.... it will bring you to the webpage as shown in the screenshot below....


This webpage will give you a summary of what the malware removal tool does..... so if your the type that already know what it does or hates reading...... just click on the "Skip the details and download the tool" link or the download button at the lower part of the webpage..... Either way it will bring you to a page similar to the next screenshot....except that it has a pop-up message to prompt you to download the tool....

This webpage(shown in the screenshot above) gives a basic set of instructions to install and run the removal tool,,,,, however, if you are the type that hates reading wordy webpages, then just close the webpage after your downloading is complete and just stay with my post....

Ok... After the download is finished double click on the temoval tool's exe.file and you will see something similar to the screenshot below.....Just in case you are the worrywart type just click the link "View a list of malicious software that this tool detects and removes" to view the full list of malwares that the removal tool will work on......

Well....if you have finish viewing the list of malwares or if you just want to move on and ignore the list of malwares this removal tool work on...... Then just click on the "next" button and it will bring you to a list of scanning types that you would like to perform on your computer,,,, as shown in the next screenshot......

The list should explain for itself so I would not repeat the obvious of what each scan type does..... So ya.... you got three choices to choose from..... 1st choice is a Quick Scan, followed by a choice of Full scan and then a choice of Customise scan..... After choosing your scan type....just click the "next" button to start the scanning.

After the scan is completed, it will show the list of malwares that it has detected and the status of the malwares as shown in the screenshot above.....(in this case my computer is malware free so there is no list....yeah :) )

REFLECTIONS!!!!!!

Malware stands for malicious software which includes things like spywares,adwares,tracking cookies and even more evil things like keyloggers, worms and viruses.......malware can be harmful to your computer system because things like spyware,adware and tracking cookies can be used to monitor your surfing footsteps and well.... I am sure everyone would know what keyloggers, worms and viruses can do to your computer system, so I will not spend anytime reminding everyone the DUH things......

Practical 1.3 Secunia Software Inspector

This time.... I would be talking about the Secunia Software Inspector...... This software automatically scans your computer for any unupdated programs which might cause a loophole to appear in your computer system,which others might use to exploit. It makes the process of updating your computer programs easier.... unlike the traditional and tedious way of searching the internet for updates(which might be very dangerous, as when you do not have a reliable source to download an update from, the updates from other websites might come with viruses and would thus infect your computer when you download it), this software would provide you with a link to the latest updates required for any of your unupdated programs.... from there you can download the updates....(HOWEVER!!!! pls remember to ALWAYS scan any of your downloads before you open it to run...)

SO..... enough with the introduction and we shall move on..............

First... enter the URL "secunia.com/software_inspector" into your internet browser.... (if this link does not work......er.....well just go to google or any other search engines and search for "Secunia Software Inspector"....)

After that you will arrive at the webpage as shown in the screenshot below.......


It will show you the basic functions of the Online version of the Secunia Software Inspector and roughly what this inspector will scan for.... If you want to know what it does in better details just click the "Programs Covered" link at the left side of the webpage..... It will bring you to the webpage as shown in the following screenshot.....

Well.... If you don't want to confuse yourself with all the programs that this software inspector would scan for..... Just go to the previous page and click the very obvious "Start Scan" button in the middle of the webpage.......It would yet again.... go to the webpage as shown in the next screenshot.....

When you come to this webpage.... you have a choice of wether you want a quick scan(which only scan areas which are more likely to be infected by viruses).....(by default it should be this choice lahs), it will take a few minutes,or you can choose the thorough scan by checking the check box next to the "Enable thorough system inspector"(the name should speak for itself.... this is a full scan), however, this scan would take hours to complete depending on how many files the host computer has.....After choosing which type of scan you want just simply click the start button a little above the check boxes.......

After the scan is completed it will show the a page similar to the screenshot above..... with the list of unupdated programs at the bottom of the screen....When you scroll down.,.,.,. you would see something similar to the next screenshot(depending on how many unupdated programs you have)..... to see a more detailed explaination of the unupdated program just click the "+" box beside the name of your progam...... Usually your first unupdated program would already be shown in a detailed form already....

Now all you have to do is to click on the download link provided in the expanded tab of each of your unupdated programs to be directed to another website to download the new updates.....

P.S.... Instead of having to enter this website to use the software inspector.... You can simply download the software inspector known as the "Personal Software Inspector" or "PSI" for short.... All you have to do is either click on the hyperlinked "PSI" word in the first screenshot... or go to their home page, click the "Products" tab and then choose the "PSI-Personal Software Inspector" tab.... Both methods will bring you to the same webpage.... So after reaching that webpage just simply click on the download button to download the Personal Software Inspector.... Now you can use it anytime anywhere.....:)

REFLECTIONS!!!!!
I think it is very important to regularly update and patching the programs in our computer systems. As this would help us reduce the amount of loopholes that could possibly appear in our computers' protection systems.Regularly patching and updating our programs will also help us keep up with the technologies. For those who are security tech savvy, it would also allow them to learn about the previous loopholes and how the new update closes these loopholes.

Practical1.2 Google Reconnaissance....Caution!!!!

As everyone knows google.com is one of the most widely used search engines in the world. It provides people with almost every and any information they need. However, there is also a darkside to google.com(no offence), a flaw that is exploited by hackers and people with bad intentions.This darkside of google.com allows people to enter a certain input to search for confidential information such as passwords and user IDs...... That is what I will be showing in this post...







First.... go to the google website....

After that click on the "Advanced Search" tab as shown in the screenshot above.....

Then, in the space provided next to the "all these words:" phrase... Input "login:*" "password=*" (include the quotation marks too) and scroll down to the "file type" list and choose the microsoft excel or xls. format... as shown in the next screenshot...........

However.... as "*" is known as a wildcard... which means that it can represent anything from ali ba ba to some great minister of a certain country...,., which also means that "login:sakjfheiu","login:user1" or even "login:kudrish" will also be included into the search results.... back to the main point....... beacuse of this "*" there can also be xls. format file that just only contain the word "password" and/or "login" without any actual passwords or IDs will be included,.,., making the search difficult...........

NOW!!!! we will be seaching for something else.... so back to the advanced search menu....

There replace the "login:*" "password=*" with "index. of passlist" (again include the quotation marks), after which.... scroll down to the "file type" list and select the "any format" option as shown in the screenshot below.......

After this..... another list of mostly useless results will appear..... HOWEVER the one that we want is also in there.... the address is www.duniapassword.com/2009/02/stealing-password-with-google-hack.html .... and below is a screenshot of the webpage.....

the green bracket is the words you have to input into the search the light blue bracket is the file type that you have to choose and the red bracket is a summary of what the input and file type you have chosen, will let you search for...

REMEMBER!!!!!!!! YOU SHOULD ONLY USE THIS FOR YOUR OWN STUDY AND NOT FOR ANY MALICIOUS PURPOSES..... I WILL NOT BE RESPONSIBLE FOR ANY SUCH RELATED ATTACKS!!!!

Thank you for your time :):):):):):):):):):):)

REFLECTIONS!!!!!

After doing this practical.... I feel quite doubtful about whether every website is as secured as they claimed to be.... It feels as if no matter which website I go, I will not be able to 100% feel safe entering my password and IDs..... Hopefully google will fix the flaw in their system so that this will not happen again..... as this jeopardise alot ALOT of people and companies......

Practical 1.1 RSS reader....

This is my 1st practical log... its about the RSS reader. RSS stands for "Really Simple Syndication", and it allows the latest news from peoples' website to be automatcially updated to your reader website, when you subscribe them. If you want to have your own RSS reader, first...









sign up a reader account(e.g. google reader...), in this case i will be using a google reader account which you can sign up at www.google.com/reader........











After you have signed up...... this will be what you see......

Currently you won't have any news.... to subscribe a website just click on the "Add a subscription" button as shown in the screenshot above. Then a box will appear as shown in the next screenshot....













Next.,.,.,. enter the home address or URL of the website in the box and then click the "Add" button next to it..... Wala!!! you have successfully subscribe to a website and created your first RSS reader..... The news from the subscribed website will appear on the right side of your webpage as shown in the next screenshot...





And just in case you have added a wrong website and you want to get rid of it.... go to the top right of your webpage...next to your email address, click on the "Settings" button and then click on reader settings, the click on the Subscribtion tab.... It will bring you to the next screenshot.....

Then just check the box next to the subscribed website you want to delete and click on the "Unsubscribe" button.

OK.......now...... I will show an example of what the RSS reader can do......
From one of the articles I have got from a subscribed website, the article was posted on 20th may 2010.... Its about hackers penetrating german underground carder forum and uploading all the confidential infos such as passwords, IDs, IP addresses... and etc. onto Rapidshare,,,,, allowing other hackers to exploit it... The hackers make use of softwares such as keyloggers to safe all the passwords and private email addresses entered by the victims.

REFLECTIONS!!!!!
I think that this RSS reader thingy is very useful for people who requires information from the internet asap such as big businessmen, this RSS reader will shorten the time users spent on the internet searching for the latest news. So hopefully everyone will make use of this useful function nicely...... :) :) :)

my 1st

haloooooo.... new in blogger hahas, dun mind me :) but welcome 2 view n comment... any1 with tips to modify my page pls share with me......