Windows XP default wallpaper

Ever wonder where the Windows XP default wallpaper came from?

One of the most famous wallpaper images is undoubtedly the default Windows XP image, showing a blissfully relaxing vista of green rolling hills and a bluer than blue sky. The wallpaper, probably one of the most viewed images of all time, is aptly named ‘Bliss.’ Do a Google image search for just the word ‘bliss,’ and the first result is the Windows wallpaper.

Bliss as seen in a clean Windows XP desktop

Have you ever stopped to wonder where the image was taken, or who took it? In fact, the image is so crisp you might have assumed it wasn’t real at all.

‘Bliss’ is the name of a Windows bitmap image included with Microsoft Windows XP, produced from a photograph of a landscape in Sonoma County, California, southeast of Sonoma Valley near the site of the old Clover Stornetta Inc. Dairy.

The man behind the camera is American photographer Charles O’Rear (born 1941)

The photo was taken in 1996, years before Windows XP launched, and before the area was converted into a vineyard. In fact, a photo taken 10 years later from exactly the same spot where Bliss was shot, shows a disappointingly, dreary view:

The same location November 2006

So how much did O’Rear get for taking what is considered one of the most famous photos of all time? A non-disclosure agreement prevents him from revealing the actual figure, but according to Napa Valley Register, O’Rear stated that it was:

“extraordinary” and second only to that paid to another living, working photographer for the photo of then-President Bill Clinton hugging Monica Lewinsky.

Taken with a medium format camera, the most surprising fact about the image is that O’Rear claims that it wasn’t digitally manipulated.

Source: wikipediathenextweb

Computer Virus

Computer Virus:  Like most people, you run a Windows-based operating system (or perhaps something else), you run anti-virus software. Perhaps you’re even diligent about keeping your virus definitions up-to-date. Are you completely protected against viruses?  Of course not. Let’s examine what viruses and Trojans are, and how they find their way onto your computer. We all have heard the terms Virus, Worms, Trojans and spyware but only a few of us know the difference between them. We generally consider everything that is detected by an antivirus as virus but this is not the case. All these can be harmful to your computer hardware and software. To differentiate all these terms from each other. let’s start with the introduction to viruses.

Virus: A virus is a self-replicating program that attaches itself to an executable file. When  the file is executed the virus automatically gets executed and enters into the system memory .Once it enters into the system memory it either searches for other files that can be infected or stays in the background and infects the files that  uses the virus infected program.

Worms: Worms are very similar to viruses but differ in way that they do not bind themselves to executable files instead they uses the network to replicate themselves. If you find excessive use of your network bandwidth then you may be infected by a worm. So, a worm does not require a user to execute any file for its execution it can work without user intervention.

Trojan horse: A Trojan horse is harmful program which may seem harmless to the user before its installation but instead it is programmed or reverse engineered to facilitate unauthorised remote access to the computer. Trojan’s do not replicate themselves.

  The name Trojan horse comes from that fateful episode in the novel The IliadThe limitation of Trojans is that the user needs to be convinced to accept/run them, just as the Trojans had to first accept the Greek gift of the wooden horse, in order for them to have their way. So they are typically mislabeled, or disguised as something else, to  fool the user into running them.

Spyware: A spyware is a program that secretly monitors and collects pieces of information. It usually runs in stealth mode and cannot be detected easily. Key loggers is a great example of spyware software. It is not limited to just spying but can also send data to remote computers.

Rootkit:  A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or by cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.

A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a “backdoor” into the system for the hacker’s use; alter log files; attack other machines on the network; and alter existing system tools to escape detection.

If a rootkit is detected, however, the only sure way to get rid of it is to completely erase the computer’s hard drive and reinstall the operating system.

Botnets: Once users’ computers are infected with viruses, the computers are turned into “zombies”. These computers, serving as “Bots” controlled by hackers, are used to send a large number of forged data packets or junk data packets to the pre-defined target for launching a DOS (Denial-of-service ) attack. As a result, the attacked target breaks down.

 Grayware: The spyware and rogue software are software designed by certain immoral companies to collect users’ habits in browsing Web pages for working out their advertisement push policies. The grayware does not harm computers greatly. The privacy of victims, however, is compromised and collected by others. Once being installed, the gray-ware cannot be deleted or uninstalled normally. For example, advertisement software designed for the Internet Explorer can change and lock default homepages automatically, and load the toolbars of advertisement companies.

 Malware: Malware is mischief. Malware is not infectious, but can also lead to serious consequences. For example, when certain malware is run, hard disks are formatted automatically, which causes the great losses of users’ important data.

 Features of Computer Viruses:

  • Destructive  

               When a computer is infected with viruses, normal programs cannot be run, and important data may be damaged or stolen. Thus, huge losses are caused.

  • Infectious

                     Computer viruses are destructive as well as infectious. The infectivity is more harmful. Once viruses are reproduced or virus variations are generated, the spread speed is rather fast. The viruses are hard to be defended. Viruses can spread through multiple means such as storage media and networks. Among them, the network becomes a major means of virus spread.

  • Covered

                   Computer viruses are well-covered. For common users, computer viruses are difficult to sense.

  • Latent

                   Certain viruses have “latent periods”. These viruses burst out sometime in the future. For example, in 1999, CIH viruses damaged the BIOS. The CIH viruses burst out on April 26 every year. If latent periods of viruses are long, viruses can exist in systems for a long time. Thus, the infectious scale of viruses is large.

Basically, viruses are programs that the programmer designed to do something you generally would not want to have happen if you were aware of their function. These programs usually get onto your computer through some sort of trickery. They pretend to be something else, they’re attached to a program you wanted, or they arrive on media you inserted without knowing it was infected. They can also be placed by a remote attacker who has already compromised your security.

How does anti-virus software work? Before program execution can take place, the anti-virus software will scan the program or media for “bad things,” which usually consist of viruses, Trojans, and even a few potential hacker tools.

               Keep in mind, though, that your anti-virus software vendor is the sole determiner of what to check for, unless you take the time to develop your own signature files. Signature files are the meat of most anti-virus programs. They usually consist of pieces of code or binary data that are (you hope) unique to a particular virus or Trojan. Therefore, if you get a virus that does not appear in the database, your anti-virus software cannot help you.

             So why is the process so slow? In order to produce a signature file, an antivirus vendor has to get a copy of the virus or Trojan, analyse it, produce a signature, update the signature file (and sometimes the anti-virus program too) and publish the update. Finally, the end user has to retrieve and apply the update. As you might imagine, there can be some significant delays in getting new virus information to end users, and until they get it they are vulnerable. You cannot blindly run any program or download any attachment simply because you run anti-virus software. Not so long ago, anti-virus software could usually be relied upon, because viruses propagated so slowly, relying on people to move them about via diskettes or shared programs. Now, since so many computers connect to the Internet, that connectivity has become a very attractive carrier for viruses. They spread via Web pages, e-mail and downloads. Chances are much greater now that you will see a new virus before your anti-virus software vendor does. And don’t forget that a custom virus or Trojan may be written specifically to target you at any time. Under those circumstances, your anti-virus software will never save you.

Steps to remove virus from computers: 

    1. If the computer is on then restart. Keep tapping F8 and start the computer simultaneously and select “safe mode with networking” from the Advanced Boot Menu by using the arrow keys and press the “Enter” key on the keyboard.

Note: The reason we go to safe mode is because, most viruses do not function in safe mode.   

                 

2. Delete Temp (temporary) files.

For Windows XP – Click on “start” button from the desktop and select “Run”. In the run text box type “%temp%” and press “Enter”.

For Windows Vista and Windows 7 – Click on “Windows logo” and on the search box just above the Windows logo, type “%temp%” and press “Enter”.

Now the “Temp” folder will open. Select all the files and press Shift + Delete to delete the files.

3. Delete prefetch files.

For Windows XP – Click on “start” button from the desktop and select “Run”. In the run text box type “prefetch” and press “Enter”.

For Windows Vista and Windows 7 – Click on “Windows logo” and on the search box just above the Windows logo, type “prefetch” and press “Enter”.

Now the “Prefetch” folder will open. Select all the files and press Shift + Delete to delete the files.

4. In Windows XP , MS Removal Tool is running or keeps popping up, look for them in the task manager and close it. Also, you can disable them in services. To access services follow the steps below:

For Windows XP – Click on “start” button from the desktop and select “Run”. In the run text box type “services.msc” and press “Enter”.

For Windows Vista and Windows 7 – Click on “Windows logo” and on the search box just above the Windows logo, type “services.msc” and press “Enter”.

5. Download the free version of Malwarebytes and run a virus scan. Following the scan if there is any infection it will show and give you the option to delete . After you remove the virus, it may ask you to restart.

6. If Malwarebytes does not help, then try Hitman pro. Before downloading check whether the system is 32 bit or 64 bit as Hitman Pro has different version for 32 bit and 64 bit.

7. Try TDS Killer from Kaspersky. Download TDS Killer.exe file and run a scan for Rootkits.

8. Try Combofix. It is a freeware but  very good software to remove virus. It is available for free download. While you run Combofix you may lose Internet connection temporarily.

9. You may also try SuperAntispyware. You may try this only when none of the other software given here helped.

10. If you are unable to run or access the computer even in safe mode then create a new user account and login to that. Now start running the software. If they do not detect anything, go to the user account which is affected and look for suspicious files. Confirm with the user, if they are aware of such file, if not, delete it. Then try going to the affected user account and run the anti virus software.

11. If after virus removal, you face issues with file association or running .exe files on Windows XP, then try the tweaks from Kellys Korner XP.

12. If nothing works and severe damage is done. Then we have two options left:

  • If there is important data on the computer then you should take the hard disk to a local vendor to check if the data can be backed up. Then perform a clean installation of operating system. That is, you should format your hard drive and install your Windows OS again.
  • If there is no important data, then you can go ahead and do a clean installation of Windows OS.
source: Huawei Symantec,Hack Proofing Your Network,pctipstricks

Firewall

A firewall is defined as a system which is designed to prevent unauthorized access to or from a private network. Claimed to be implemented in both hardware and software, or a combination of both, firewalls are frequently used in order to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.

Types of firewall techniques:

Packet filter: Each packet entering or leaving the network is checked and based on user-defined rules it is either accepted or rejected. It is said to be fairly effective and transparent to users, but is difficult to configure and is susceptible to IP spoofing.
Application gateway: Security mechanisms are applied to specific applications, such as FTP and Telnet servers. Although this is very effective, performance degradation can be imposed.
Circuit-level gateway: Security mechanisms are applied when a TCP or UDP connection is established. Upon establishing the connection, packets can flow between the hosts without further checking.
Proxy server: All messages are intercepted while entering and leaving the network, while the true network addresses are kept effectively hidden by the proxy server

Principle of a Firewall:

A set of predefined rules constitute a firewall system wherein the system is allowed to:

Authorise the connection (allow)
Block the connection (deny)
Reject the connection request without informing the issuer (drop)

Firewall Management Best Practices:

  • Don’t assume that the firewall is the answer to all your network security needs.
  • Deny all the traffic and allow what is needed and the other way, allowing all and blocking the known vulnerable ports.
  • Limit the number of applications running (Antivirus, VPN, Authentication software’s) in your host based firewalls to maximize the CPU cycles and network throughput.
  • Run the firewall services from unique ID rather than running from generic root/admin id.
  • Follow good password practices

                   – Change the default admin or root passwords before connecting the firewall to the internet

                   – Use long and complex pass phrase difficult to crack and easy to remember

                   – Change the passwords once in 6 months and whenever suspected to be compromised

  • Use features like stateful inspection, proxies and application level inspections if available in the firewalls.
  • Physical Access to the firewall should be controlled.
  • Keep the configurations simple, eliminate unneeded and redundant rules.
  • Audit the firewall rule base regularly.
  • Perform regular security tests on your firewalls for new exploits, changes in rules and with firewall disabled to determine how vulnerable you will be in cased of firewall failures.
  • Enable firewall logging and alerting.
  • Use secure remote syslog server that makes log modification and manipulation difficult for an attacker.
  • Consider outsourcing firewall management to a managed service provider to leverage on their expertise, trend analysis and intelligence.
  • Have strong Change Management process to control changes to firewalls.
  • Try to have personal firewalls/intrusion prevention software’s, as the network firewalls can be easily circumvented when connected through devices like USB modems, ADSL links etc.
  • Backup the firewalls rule base regularly and keep the backups offsite