Stop AutoRun (Part 2)

The most common vector for virus infection thru USB flash drives exploits the AutoRun feature of Windows. Find out how to turn off this feature and hopefully provide you another level of protection. Read the Introduction here.

AutoRun, Be-gone! (Continued)

Solution? Globally block the autorun.infs from executing. Keep in mind, though, that this will block all friendly and hostile autorun.infs - nothing will happen when you insert a USB flash drive or CD and DVDs - but that's what we want. We don't want a rogue virus to execute when we insert a removable media. Of course, your installation CDs might not launch the setup program automatically. You have to manually open the program in Windows Explorer - a minor drawback.

To block autorun.infs from executing, follow these steps

1. Start Notepad or another text editor (don't use Microsoft Word or Wordpad)


2. Copy the following text from this page and paste it into your text editor (everything between the square brackets should be all on one line)
   
   REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]@="@SYS:DoesNotExist"
   
   


3. Save the file with a name like NoAutoRun.reg, taking care to include the .reg extension


4. Right-click your .reg file and choose Merge. Confirm any warning prompts to add the information to the Registry.

What we did is to nullify the file that Windows searches when you insert a removable drive. Windows was instructed to find the autorun information inside the name autorun.inf. Here, we changed that to nothing, so Windows will attempt to search for the file with no filename (which is impossible since no file has no filename).

The benefit is a big one: a rogue program that you never intended to launch won't silently take over your system if you happen to insert a Trojan-carrying disc into a drive.

The Fastest Internet Browser

Apple Safari is faster than Internet Explorer and Mozilla, a testing firm says.


Surfing with Apple Safari

A testing firm says that Apple is faster than Microsoft's Internet Explorer, and Firefox - proof to what Apple said in June when it released the new beta version.

The testing firm has tried to download a webpage off a busy server using Apple's Safari, Microsoft Internet Explorer, and Firefox, and timed the results. Based on the tests, Apple's Safari is faster than Microsoft Internet Explorer 7 by 1.6 seconds, and Firefox by 1.2 seconds -- way slower than what Apple is currently advertising: 2x faster than Internet Explorer












However, the test is not conclusive. The firm has tested the browsers by downloading on a busy server - a huge no-no when testing for speed. This will result in bad data as busy servers may respond quicker or slower depending on the load. What they should have used is a local, dedicated testing server, to avoid interference with the data.

Apple has released a public version of Safari 3 on their website, available for both Mac and Windows.

I have tested the new Safari, and I must say it is faster than Internet Explorer 6 and 7. Loading Safari is comparable to Internet Explorer, but loading the page is faster - probably because it uses the progressive technique of loading pictures rather than displaying the image once the download is complete, a technique used by Internet Explorer. Using progressive loading, a blurry avatar or the image is displayed first, and later refined as the whole image is downloaded completely.

Other cool stuff is the tabbed browsing of Safari, and the ability to customize the toolbar (with cool movement animations). Safari for Windows uses manifests from Apple, meaning, the checkbox, option button, buttons, and checkboxes look like the ones on a Mac. Also, the ability to resize a text box is pretty neat. That way, if you want to see your entire text inside one, just drag and resize.

But the biggest drawback is that it does not display all pages correctly, especially the ones with Flash content. Adobe has not yet released a Flash player for Safari for Windows at the time of this writing. Since this version is also a beta, crashes are often.

You can find the latest version here and download the beta here.

Story:
Copyright 2007 by Sonicsoft Corporation
All Rights Reserved
Image: Apple Website

BETA: Yahoo! Messenger

Fans of the popular Yahoo! Messenger, great news! Yahoo! has released the beta version of the new Y! Messenger


Yahoo! Messenger 9.0

October 29 - Yahoo! has released a new version of Yahoo! Messenger, the Yahoo! Messenger 9.0. It is still in beta state, meaning the program is bound to have bugs or glitches that will be fixed on the final release of the product.

The new Y! Messenger, version 9.0, now supports better-looking skins. These new skins allows you to customize not only the color of the window, but also the title bar of the window, with cool designs. Default skins are available, ranging from wood to icy blue.

The interface is sleeker and cleaner than the previous version, reducing the visual clutter.

Along with the new additions is the 'friend-happy' contact list. The list is now expanded, so that you can view the image of your contacts. It also gives more room for the status of each contact. But sometimes this wastes so much space, instead of displaying more contacts. That makes you scroll through the list unnecessarily. However, you have the option to revert back to the former list view. By the way, you can now use Emoticons for your status messages.

Also, a new contact group has been added - your Address Book list. That way, you can easily IM or text message your friends in your Y! Mail address book.

The photo sharing features of Y! Messenger has been improved, integrating photos from Flickr. Plus a cool new integrated Media player has been added. Just include a link from a video site, such as YouTube, and Messenger allows you to play the video right inside the chat window.

Yahoo! Messenger also features some protection against malicious attacks like viruses and malwares, but I haven't tested them yet.

The chat window is changed, too. The toolbar now only contains IMvironment, Plugins, and Photos, along with the Call button. The rest are moved to the lower portion of the window, right above the text box.

No new options are available in the Preference window, and the Skins section has been moved to the top of the title bar.

It's a working program, but it is still in beta state. There's no guarantee that it will work properly. Expect some glitches and crashes here and there. And any features described here will eventually change and additional features may be available in the future. If you decide to try and install the new version, you can download one here: http://beta.messenger.yahoo.com/

While in the subject of instant messengers, why not try Trillian by Cerulean Studios. This allows you to connect to multiple instant messenger accounts, like Yahoo!, MSN, AOL, ICQ, AIM, IRQ, Bonjour, Jabber, Skype and others. Plus, it also allows you to log in to multiple accounts at the same time. So you can be online on both of your Yahoo! IDs and another for Windows Live messenger. Cool, huh? It's free, by the way. Download the software here: http://www.ceruleanstudios.com/

Story:
Copyright Sonicsoft Corporation
All Rights Reserved

The Giant Google

Google is expanding, and it can have so much data about you that you might not even aware of. But can we trust it with so much data?


Is Google Too Big?

Google is popular as a search engine, but it's really more than that. Now you have emails run by Google, along with word processors, spreadsheets, and presentations. Add to that Google's Picasa, Maps, and other things. Google is becoming big - too big perhaps.

With all that online services available from Google, it's not really a shocking revelation that it knows a lot of information about you.

The question is can you trust Google with your data?

This is a short list of what Google knows about you:

• Google Search
  Tying your search history to your browsing activities via the DoubleClick advertising network gives the company a much more detailed view of your online activities
  


• GMail
  The routing information and content of your mail--including any attachments--reside unencrypted on Google servers. Loss of, or unauthorized access to, business correspondence increases your company's legal exposure
  


• Google Docs and Spreadsheets
  Your files are stored unencrypted on Google servers. A business could be found negligent if it loses, or allows unauthorized access to, business documents. Until applications supporting Google Gears arrive, you lose access to your files when your Internet connection fails
  


• Picasa Web Albums
  Photographs in albums designated "unlisted" can still be viewed by anyone who knows the URL. At present you have no option to view or back up your albums offline
  


• Google Calendar
  Your daily schedule and associated information reside unencrypted on Google servers. Loss of, or unauthorized access to, business information puts your company at risk. You can't open your calendar without an Internet link, although this will change with the arrival of the Google Gears browser extension
  


• Google Desktop
  If you neglect to lock the search function, anyone using your PC has access to your personal files. Copies of business documents may be stored on Google servers, making them susceptible to loss or unauthorized access
  


• Google Talk
  Instant-message logs can be archived and searched in Gmail
  


• Google Product Search
  A log of your product searches could be associated with your browsing history via the pending DoubleClick acquisition
  
  Source: PCWORLD.com

The question is, can you trust Google with all that information about you? And since the data resides unencrypted on Google's server, who knows who can access your data - the government? agencies, hackers, rival business?

Google's online trove of personal and sensitive information is proving attractive to law enforcing agencies. In the previous year, Google has prevented the Department of Justice from demanding millions of search queries, stating that this is an invasion of privacy.

Google also said that it will begin clearing out some personal information of users, like their IP address, after 18 months from its logs, though this step may be insufficient for security-conscious users.

I'm not saying your data is at-risk all the time, but you should take precautions over what to store with Google. Also, Google should take steps to prevent unauthorized access and enforce privacy restrictions on the data it stores.

Nintendo Number One

For the first time in years, Nintendo displaced Sony as the leader in video game consoles


Wii Love Nintendo

For the first time in years, Nintendo displaced Sony as the leader in video game sales. This quarter, said a new market report on Tuesday, Nintendo's sales of Wii and DS was up 31 percent from the second quarter of this year. That's more than double the amount than the sales in the year prior. This news marks the first time Nintendo has accomplished this feat since first being displaced by Sony with the release of the new Playstation 1, compared to Nintendo 64.

The combined sales of Wii and DS, according to iSupply, totaled US$1.2 billion during the third quarter of 2007. Sony's PSP, PS2, and PS3 combined sales was $1.0 billion on the same period. Microsoft, however, reached $318 million for the combined sales of the original Xbox and the new Xbox 360.

Because of the slow move of Sony to reduce the prices of its products and produce compelling games, third-party game publishers are moving towards a different platform. If this continues, developers may feel that working with Nintendo outweighs the benefits of working with Sony.

The Hackintosh

The spanking new version of Apple OS X, the Leopard, has been released this October 26, and already, it's been hacked to run on PCs


Leopard Hacked to Run on PCs

The newest version of Apple's OS X is not immune to hacks, as already it has been hacked to run on PCs. News that Leopard has been successfully installed on a Windows PC spread across the Internet, particularly in forums.

The OSx86 Scene forum released the instructions on how to install OS X to a Windows machine, along with the details on how to migrate from Windows to Apple new OS, without investing on new hardware. The forum also shows screenshots of the installation process.

However, not all features of Leopard is compatible with PCs. For example, the Wi Fi connection will not work. Also, don't be surprised if your sound and network is inoperable.

Apple's next move will likely be to track down and act against those who are behind the hack. This has been Apple's problem every time they release a new version of their operating system. People want their software, but not necessarily the hardware. Consumers want to be able to install any operating system they like on their machine.

Installing any Apple OS on any machine other than a licensed hardware is illegal and will violate the Apple's terms and conditions.

iPhones and iPods are also vulnerable to hacks. JailBreak Me is a hack that can be installed on an iPhone and iPod Touch to allow third-party software to be installed, as this was impossible without the hack. It also allows the user to choose other wireless carriers besides AT&T for the iPhone. Apple countered this move by releasing an update that disables any iPhones that was hacked. The update rendered the hacked phone inoperable, even if the sim card inserted was the original AT&T sim card.

Story:
Copyright 2007 Sonicsoft Corporation
All Rights Reserved

The Nintendo Mystery

The mysterious Totaka Song is a short, 19 note, looping tune, hidden in some titles of Nintendo games


The Totaka Song

Nintendo games are great, along with the music tracks and pieces that came with the game. It really pumps up its entertainment value. But did you know that there is a piece of music that is tucked away with many Nintendo titles? It's a short, 19-note, looping tune, hidden in some games that can only be played by waiting in a screen for some minutes or clicking an item. This piece of music is like an Easter egg. This was known as the Totaka song.

The Totaka song was first discovered in Mario Paint, released in 1992. Clicking the letter O in the end of MARIO will turn the letter into a bomb, and then exploding all the letters across the screen. The background music will stop, and the Totaka Song will start to play. This is why most people called it the 'Mario Paint Song', and was thought to be the first instance of the song. But after that, the song was actually discovered in a Japanese-only Game Boy game X, that was released long before Mario Paint was. X's contained a hidden bonus track that was the Mario Paint song, which later on was renamed to Totaka song. Other games include Zelda: Link's Awakening, Yoshi Touch & Go, Luigi's Mansion, and Animal Crossing.

The Totaka song also appeared in Super Mario Land 2: 6 Golden Coins. Lose all your lives to get to the Game Over screen. Wait in the screen for 2 minutes and 30 seconds, and the Totaka song will start to play. In Yoshi's Story, waiting in the Trial Mode screen will also cause the Totaka song to play after the background music stopped looping.

In some games, there seems to be no way of accessing the music. That means, waiting or pressing something won't play the music. Dumping the contents of the game's ROM would reveal the Totaka song, however.

As of February 2007, people are actively seeking for other games that included the Totaka song. Of course, the games are limited to those titles the person responsible for the song, worked on. These include Wave Race 64, Wii Sports, and the coming Super Smash Bros. Brawl.

The person responsible with this easter egg music was Kazumi Totaka. Totaka is a Japanese music composer and voice actor. He composed music for many major Nintendo games. He worked on every game that song appeared.

It's still fun to discover that these type of Easter eggs exists, and that people are actively hunting for them.


Story:
Copyright 2007 by Sonicsoft Corporation
All Rights Reserved

Vista Sales Hit the Mark

Despite the number of complaints and whines of consumers using Vista, the operating system's sales is growing

Microsoft Ships 88 Million Copies Windows Vista

Windows Vista came out not without its problems. Vista users complained the operating system was hard to use, and that many of their past software, and even hardware, are incompatible. Add to that the fact that the operating system required a meaty computer to run smoothly.

It may seem that consumers and enterprises doesn't like the new OS. However, this week, Microsoft announced that it has shipped 88 million copies of Windows Vista - that's double the number of Windows XP copies shipped at the same period. Vista hit its 60 million mark this late July.

Three-quarters of the sales were 'premium' versions of Windows Vista, compared to Windows XP's 59 percent sales.

The 88 million amount mostly includes computers with Vista preinstalled in them purchased by consumers and businesses. That number also includes those copies of Vista purchase online and in stores.

Business, who renewed their volume license with Windows that allowed them to upgrade to Vista, was up 27 percent.

Update: Apple Leopard

Apple releases its newest operating system today



Add a new Mac to your Mac

October 26 - The newest version of Mac OS X is now available. Apple says Mac OS X 10.5 or Leopard is their biggest upgrade in their operating system, with the new version containing 300+ new features. These includes improved security features, new interface, greatly improved backup system, and fixes from the previous operating system.

You can find more info in the Apple Leopard page at http://www.apple.com/macosx/

The Excel Bug

Microsoft has acknowledged that there is indeed a display bug in Microsoft Office 2007


Microsoft Excel Math Problem

A bug in the new Office 2007 Excel causes a number to be displayed incorrectly. Microsoft said, that under certain specific circumstances, if a calculation yields the answer 65,535, the number will be displayed at 100,000. However, Microsoft said this is just a minor bug and only affects the display, not the actual value of the number itself. So, adding one to the answer will result to 65,536. Microsoft also said that Excel knows the real number, but shows the incorrect figure.

Well, good news: If your salary is exactly $65,535 and your company handles its payroll in Excel 2007, you may be in for a big raise! You can find more information and the patch at the Microsoft Excel team blog.

The Storm Worm Botnet

What's the most powerful computer in the world? The IBM's BlueGene/L supercomputer? Sort of.


The Storm of the Century
The world is abuzz with a new threat that's spreading over the Internet. The Storm Worm has infected more than a million computers and now created a vast network of computers, or botnet (robot network), with the power to dwarf the world's fastest supercomputer, the IBM BlueGene/L. With the power of millions of computer, amounting to a million CPUs and petabytes of RAM, the worm could knock could easily knock out a website or a server at the command of a single individual (bot herder).

The Storm worm infects computers by tricking the users into running the worm. It arrives as a harmless spam email attachment. However, the contents of the email message may contain a message that compels the user into opening the attachment. This is also why the worm was called the Storm worm. When the worm first appeared, the email message it contained was about a storm in Europe, with a 'video' attachment for the said event. The recipient of the email may open the attachment, hoping to see clips of the storm's devastation, but instead launching the virus.

Perhaps the most notable trait of the worm is that it changes the email message it sends. For example, the worm sent out email spams containing advertisements for a anonymous-surfing internet browser called Tor, which is a genuine web browser. The worm sent an email that used actual text and images from the actual Tor website. However, clicking the download link and installing the program downloaded (tor.exe) will install Storm. It also used to send fake e-greeting cards, and during the peak season of football, sent email containing the team's football scores as the attachment.

Once the Storm infected the computer, it defends itself. If the Storm is scanned or gets detected, it sends a message to some, or even all, of the botnet to send garbage to the victim. The stream of garbage is often enough to knock a website offline or take down the victim's internet connection. This is called DDoS, or Distributed Denial-of-Service attack. It's even sneaky when it does that, as the flood of garbage is sent not from within the network or the same IP address. That will make the attack look like it came from somewhere else.

The Storm became so popular it even has a video in YouTube. Comments from the site even said the worm came from aliens and extraterrestrial life.

My advice, always have a good antivirus and firewall installed in your computer. Also, refrain from using older software, like Internet Explorer, Adobe Reader, or even WinZip, as the worm exploits the vulnerabilities in these old programs.

Story:
Copyright 2007 Sonicsoft Corporation
All Rights Reserved

Happy Birthday Sonicsoft!

My own company celebrates its 8th year of existence today, October 23, 2007


Sonicsoft Turns Eight!

Sonicsoft was founded October 23, 1999 when I started creating programs for my computer. My first programs were created in Microsoft QBasic, and was fairly simple. It doesn't sport any slick interface, as the only available interface to me was DOS. Now, Sonicsoft has expanded not only covering software, but also media such as short movies, websites, book reviews, and hardware. It's amazing how time changes everything.

I remember back in the days when my poor old computer was running Windows 3.11 and DOS. It was during that time that I tried to 'improve' my computer (since Windows 98 was already available at that time), and Sonicsoft was created.

Early Sonicsoft programs included an automatic checking of disk errors when Windows didn't shutdown properly. That feature was not available with Windows 3.11, and it seems a pretty good idea, so I created one. It ran ScanDisk whenever it detected that Windows was not exitted properly (with Windows 3.11, you don't shut-down, you exit to DOS).

Sonicsoft also created games in that era, ranging from the gamut of card games (Klondike solitaire, black jacks) to simulation (dice throwing, ball bouncing). Tic Tac Toe and Cheat were also developed.

In an attempt to run these application, Sonicsoft Vision was created, but was never finished. It was supposed to be the central starting point of all Sonicsoft programs - providing all the libraries and certain functionalities available to running programs.

Then, Sonicsoft went Windows, employing Microsoft Visual Basic 6.0. Programs created in this era now have user-friendly interface and runs on Windows. The range of Sonicsoft products broadened, now involving word processors and more games.

Sonicsoft then entered the business of systems development. It now produce entire database management systems for corporations. From Employee management system, to scheduling systems, Sonicsoft created programs that uses the power of databases.

Sonicsoft spanned the Microsoft Office suite itself, using Visual Basic for Applications.

Sonicsoft went online last year, creating online applications and websites for third party companies.

Now, as Sonicsoft turns 8, we are striving to create more software that follows the company's standard - to be user-friendly and effective at the same time. Web applications and systems are being entered into the market, to make a dent in the software business industry.

Happy birthday, Sonicsoft!

For more information about Sonicsoft, visit http://sonicsoft.live.tripod.com.

Story:
Copyright 2007 by Sonicsoft Corporation
All Rights Reserved

A New Virus Infection Method

A new USB virus technique that could compromise your computer. This virus exploits the AUTORUN.INF vector attack.


USB Virus Get Sneaky


A new virus infection method just may well be the most ingenious way to fool people into running the virus. It rigs the default context-menu (right-click menu) to all point to the virus, thereby executing the infection no matter what menu choice you select.

Before this technique was utilized, a safe method to bypass a USB infector's execution is to right-click the USB drive, and select either Open or Explore, making sure both commands are spelled correctly. If either command is misspelled, like Explorer or 0pen with zero as the O, they are usually a sign of a virus infection.

However, the new virus infection method modifies the registry so that the honest-looking, Open and Explore themselves point to the virus execution. This renders the safe method above useless, as selecting any of the context-menu choices will trigger the virus.


Safely Open an Infected USB

To bypass this technique, we shall employ what people who know DOS say as a fastest technique to access a drive - typing the drive letter, followed by a semicolon, and pressing enter in the DOS prompt. Luckily, Windows still follows this tradition. To open a suspected USB drive:

1. Of course, insert the USB drive. If an AutoPlay window pops up, this is usually a sign of a clean USB drive, but not always. On the AutoPlay window, select the option Open folder to view files using Windows Explorer. If this is the case, Windows opens the USB drive without triggering the infection.




2. Otherwise, open My Computer without clicking anything. Look for the drive letter of your USB drive. It should look like, Removable Disk (D:). The D: is the drive letter. Type that in the Address bar. After that, press Enter
   



3. Your USB drive contents will appear on your screen.

If the Address bar is not visible on My Computer, select Status Bar under the View menu.

With this technique, you will dodged the method of the virus infecting your system. Windows opens the USB drive without executing any other background commands. This is most effective if this is not your USB drive, since you will dodge the virus until you return the USB drive to the owner. Of course, it's your responsibility to alert the owner that the USB drive is infected. But if it is yours, you need to remove the virus from the drive itself, or the problem will persist and infection will spread. For more information on how to remove the virus, check out SonicsoftTODD.blogspot.com

The virus I encountered that used the new technique is called mveo.exe and jay.exe. This virus only changes the title of your Internet Explorer, as far as I know. And this virus infects the root directory of all your drives. This is a new kind of virus that Norton Antivirus doesn't detect yet at the time of my writing. See http://sonicsofttodd.blogspot.com/ on how to remove the USB virus.

So my recommendation, don't insert your USB drive into any computer without examining the computer first. And should you need to use your USB drive on another computer, be sure to scan the drive for viruses when you insert it to your computer. You should also have a good antivirus protection, and make sure you update the virus definitions as often as possible.

Story:
Copyright 2007 Sonicsoft Corporation
All Rights Reserved

The New Internet Explorer 7

Microsoft released its newest web browser last year, but it was only available for only a limited users as it requires your Windows to pass the Windows Genuine Advantage (WGA)


Microsoft Aims for Safe Computing

Microsoft released the newest Internet Explorer 7 last 2006, and it's the safest Internet Explorer to date, Microsoft said. It sports a cleaner interface, tabbed browsing, always available search box, built-in phishing security feature, pop up blocker, and dozens of new security features. Deleting history, cookies, and temporary files is also made easier with a single click of a button. And finally, Internet Explorer 7 supports transparency for PNG files - a feature supported by other browsers long before.

Internet Explorer 7 was a nice addition to the IE family, but was only available to users running genuine Windows. Before you can download the installer, your computer has to pass the WGA. Not only that, to protect it from being installed to computers running a non-genuine copy of Windows, the installer itself validates your computer before installation.

However, this October, Microsoft removed the validation requirement for Internet Explorer 7. This makes the new web browser available for all users running Windows XP SP2, even if they are running copies of Windows that do not pass the WGA. This will make IE available to a broader public.

While this may look like another attempt to monopolize the web browser business, Microsoft said this move was to increase the security of Windows and the computing world, as this was one of the aims of the company. With the new security features of Internet Explorer 7, surfing the web is safer than before.

You can download the latest version off the Microsoft site.

Story:
Copyright 2007 by Sonicsoft Corporation 2007
All Rights Reserved.