average admins

I’m puzzled, perplexed, and bewildered.  This isn’t anything out of the ordinary, except I’m pretty good at finding why a computer is running an unwanted program most of the time.  When I boot in to WinXP there is a very miniscule window frame at the top left of my screen.  Most of it is off the screen, just the bottom corner of the window shows.  I can drag it out to my desktop and see that it is a very, very small program window.  I started going through the process list in task manager when I noticed an iexplore.exe running when I didn’t have an IE window open. I killed the process and the window went away, but it comes back at the next log in.  I have reinstalled IE to try and fix, but it won’t go away.  Do any of you have any suggestions or knowledge of Malware that would do this.  I tried to Google it, but you could only guess how many near misses came up in the search listing. 

Originally posted at cocoacrusty.com on Thursday, November 8th, 2007

Well, the upgrade to Mac OS X Leopard went smoothly, as Wooley predicted in his comment on my previous post.

The whole upgrade took about an hour and 15 minutes (which included verifying the install DVD) on my MacBook. I now am running the latest and greatest version of Apple’s OS, a certified flavor of UNIX, and am, so far, extremely impressed. The dock is beautiful, Stacks look extremely useful and efficient, there are a lot of desktop customizable features, Spaces (which I am looking forward to setting up soon), and more.

I look forward to getting a bit more intimate better acquainted with Leopard in the upcoming days and months. Anyway, the upgrade went smoothly. If you’re scared, don’t be. Mine was a breeze! I just wish I had upgraded the day this package arrived on my doorstep…

uname Output:

% uname -a
Darwin xbook 9.0.0 Darwin Kernel Version 9.0.0: Tue Oct 9 21:35:55 PDT 2007; root:xnu-1228~1/RELEASE_I386 i386

Until next time…

Originally posted at cocoacrusty.com on Thursday, November 8th, 2007

I have had Apple’s latest release of Mac OS X, Leopard, since it launched a couple of weeks ago. I used my in-store credit from my iPhone purchase reimbursement from when I purchased my iPhone 45 days too early for the price drop… or something… Anyway, I got Leopard and tonight I’m gonna install it!

Backups are running as we speak… I’m jonesing as we speak… I’m ready to install this new OS!!!! I’ll let you know how it goes…

Until next time…

I use the MMC for various system management jobs but I’ve never thought about blogging about it. It’s just one of those things that I’ve never given a second thought.

Rob, from confessions of a freeware junkie, posted about how he has his setup. I have to say, his looks a lot more useful that the one I created.

http://maximillianx.blogspot.com/…-extending-power-of-your-management.html

One thing I do differently than Rob is that I launch the entire MMC with my domain admin credentials. This is what the Target: field of my shortcut looks like:

C:\WINDOWS\system32\runas.exe /user:domain\my-admin-acct “mmc C:\Chris\Microsoft Management Consoles\Domain Management.msc”

Note: If you want to save your password so you don’t have to type it in every time you launch the MMC add /savecred right after /user:domain\my-admin-acct.

Also, in order to add Active Directory Users and Computers, you’ll need the Windows Server 2003 Administration Tools Pack available here:
http://www.microsoft.com/downloads/…

While you’re at his site, take a look around. I monitor his RSS feed on Bloglines and he’s always posting cool stuff.

This is probably the best third-party test of AV that I’ve seen in a while. They actually use a LOT of samples and they seem to have tested just about every possible AV product out there.

http://www.pcmag.com/article2/0,1895,2135092,00.asp

There are a couple of things that don’t sit well with me:

ClamAV scored very poorly. ClamAV is probably the most widely used AV scanner for Linux mail gateways out there. I use it and F-Prot in all of mine.

F-Prot scored pretty badly, too. Well, I seem to be 0 for 2 now.

Ewido bombed as well. Who is Ewido, you ask? Ewido was bought by AVG so while AVG did well, how will this affect their future performance?

AVG is my personal favorite. It’s free (for personal use) and works very well. I tried Avast! for a while and it didn’t pick up half the malicious files I tinker with that AVG usually catches. I also don’t like the Avast!’s interface AT ALL!

I could go on about what I like about AVG, but that’s not what the point of this thread is about.

One thing I did notice recently is that AVG has a Linux version. A FREE Linux version. A FREE Linux version packages as a .deb file! It sucks that they don’t have a source package available, or a binary file that will work on other distros, but I can’t complain that they offer a version for Debian, which is my OS of choice. I haven’t tested their version with Amavis, yet, but it’s on my todo list. It also appears that Avast! has a free Linux version (and they offer a .tgz file, too). I’m not crazy about needing to keep up with a key that will expire, but you really can’t complain about free.

Original articles:

http://dmiessler.com/archives/1315
http://dmiessler.com/archives/176

Maybe I’m alone here, but I had no clue about Firefox’s quicksearch ability. Apparently, just by typing ‘g keyword’ in the URL bar, you’ll automatically search Google.

Back in 2005 Daniel Miessler expanded this feature by configuring FF to also search MSN and Technorati, which are also both very cool.

Well, now Google has added the ability to use command-line switches to their search feature such as /img to search images, /maps to search Google’s maps, /groups to search Google newgroups database, and so on.

You can find a great explanation for all the search functions here: http://projects.felipc.com/gcl/

To quote Daniel’s 2005 post, this is how you configure FF to also search MSN and Technorati:

1. Create a new bookmark in Firefox.
2. For the URL, add the text below for MSN:
“http://search.msn.com/results.aspx?q=%s&FORM=QBRE”
3. For the prefix, add “m” (or whatever you want to use).
4. Create another bookmark.
5. Add this for the URL:
“http://www.technorati.com/cosmos/search.html?rank=&url=%s”
6. Use “t” for the prefix (or whatever you want to use).

Thanks, Daniel, for bringing this to my attention. I can see myself using this ALL the time.

http://www.security-database.com/toolswatch/Nipper-version-93-released.html

This software works both in Windows and Linux.

(more…)

We just recently rolled out about 60 new desktops at work and none of those systems were showing up on our WSUS server.

I spent the better part of today addressing the issue.

(more…)

I use this link often when setting up new computers or helping a friend or family member secure theirs. Since I’m always searching for this site, I decided to mirror a copy of it here.

If someone knows of a better suite of tools please let me know.

So how did I get infected in the first place?
http://www.castlecops.com/postlite7736-.html

(more…)

Originally posted on cocoacrusty.com on Monday, April 16th, 2007.

This post is the reason I posted my previous blog entry on installing the Metasploit framework on my Apple MacBook. Chris sent me a link to this movie showing someone exploiting a vulnerability in Microsoft’s Windows. The .ANI Header Stack Overflow vulnerability allows a remote attacker to send a malicious e-mail to an unsuspecting user with an unpatched Windows machine and gaining remote shell access.

After Metasploit was installed on my MacBook, I followed the steps in the movie as they were shown and it worked like a champ. The recipient of the e-mail has to be viewing the e-mail in HTML. I was only able to exploit this vulnerability when using Microsoft Outlook or Microsoft’s Outlook Express e-mail client’s when the client was setup to view messages in HTML. Either way, I gained access to one of my own machines using this exploit and it showed me just how easy it would be for someone with malicious intent to really wreak havoc on a novice or unsuspecting user.

I am impressed at the whole concept behind the Metasploit framework for exploiting known vulnerabilities and delivering payloads with basically the push of a button. The interface and command logic is easy to understand, for this exploit anyway, and I look forward to learning more about the framework, the exploits, and the payloads in the near future.

Until next time…