Chip with simple program for Toy

[SioL]

"Anthony Fremont" <spam@anywhere.com> wrote in message news:vwtKd.76917$_56.25133@fe2.texas.rr.com...

I remove allot of this junk all the time for people and the problem is
only getting worse day by day. These things engrain themselves so
deeply into windos that it's virtually impossible to get them out. I
also see allot of WTools and WebRebates on machines, this is a real bad
thing. They generally run as 2 parallel processes so terminating them
is next to impossible as the sibling will simply respawn the one you
kill. Since windos tells the process that you are trying to end task on
it to give it a chance to terminate normally, most spyware naturally
takes advantage of this as well.

Maybe publicly identifying people who write this crap (with a picture, name
and address) would take care of this problem. I'm sure many pissed off users
would love to "personally congratulate" the authors.

And than perhaps an amnesty for any "crime" involved in congratulating.

Burn 'em on the stake!

S

 

I remove allot of this junk all the time for people and the problem is
only getting worse day by day. These things engrain themselves so
deeply into windos that it's virtually impossible to get them out.

If you want to get rid of nearly all spy/adware, and even virus issues,
quit using Outlook and Internet Explorer.

Mozilla is a very well done browser, that can be configured to block
popup ads, and restricts access to the system. Internet Explorer almost
seems to "go out and get" spyware, as it is so vulnerable, and has such
little security. Besides, if you don't know what 'tabbed browsing' is,
consider checking out Mozilla. It is the best feature ever created for a
browser.

Outlook and its offspring Express are wide open front doors for all kinds
of havoc on you computer, both for allowing access, and for propogating
things.

Use Eudora, or any one of a half dozen other very good programs, and you
will find that (Make up random number here) 95% of your problems will go
away.

My son uses IE and Outlook, and the cheesy spyware stuff still finds
literally hundreds of problems on a weekly basis. I use Mozilla, and MR/2
ICE for windows, and running the same spyware stuff as he does, find maybe
one a month.

Complaining feels good, doing something about it is a better idea. Lose IE
and Outlook, and see most of the problem go away.

John

 

[Jim Thompson]

On Fri, 28 Jan 2005 10:19:10 -0700, learner@juno.com wrote:

I remove allot of this junk all the time for people and the problem is
only getting worse day by day. These things engrain themselves so
deeply into windos that it's virtually impossible to get them out.

If you want to get rid of nearly all spy/adware, and even virus issues,
quit using Outlook and Internet Explorer.

Mozilla is a very well done browser, that can be configured to block
popup ads, and restricts access to the system. Internet Explorer almost
seems to "go out and get" spyware, as it is so vulnerable, and has such
little security. Besides, if you don't know what 'tabbed browsing' is,
consider checking out Mozilla. It is the best feature ever created for a
browser.

Outlook and its offspring Express are wide open front doors for all kinds
of havoc on you computer, both for allowing access, and for propogating
things.

Use Eudora, or any one of a half dozen other very good programs, and you
will find that (Make up random number here) 95% of your problems will go
away.

My son uses IE and Outlook, and the cheesy spyware stuff still finds
literally hundreds of problems on a weekly basis. I use Mozilla, and MR/2
ICE for windows, and running the same spyware stuff as he does, find maybe
one a month.

Complaining feels good, doing something about it is a better idea. Lose IE
and Outlook, and see most of the problem go away.

John

Any comments/information/user-reviews for "Secure IE"?

http://www.secureie.com/index.aspx

...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona Voice480)460-2350 | |
| E-mail Address at Website Fax480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |

I love to cook with wine. Sometimes I even put it in the food.

 

[SioL]

"Jim Thompson" <thegreatone@example.com> wrote in message news:3irkv09t8i6stbagkl9u6mcljom05mhpc0@4ax.com...

On Fri, 28 Jan 2005 17:39:49 +0100, "SioL" <Sio_spam_L@same.net
wrote:
Maybe publicly identifying people who write this crap (with a picture, name
and address) would take care of this problem. I'm sure many pissed off users
would love to "personally congratulate" the authors.

And than perhaps an amnesty for any "crime" involved in congratulating.

Burn 'em on the stake!

S


ISTR a case where a spammer's place of business was torched.

...Jim Thompson

This is the only interesting related bit I could find

http://news.bbc.co.uk/2/hi/business/3581435.stm

Spammer's Porsche up for grabs

AOL says the Porsche has "symbolic value"
Internet giant AOL has ratcheted up the war against unsolicited e-mail with a publicity-grabbing coup - an online raffle of a
spammer's seized Porsche.
AOL won the car - a $47,000 Boxster S - as part of a court settlement against an unnamed e-mailer last year. "We'll take cars,
houses, boats - whatever we can find and get a hold of," said AOL's Randall Boe. According to Mr Boe, the Porsche's previous owner
made more than $1m by sending junk e-mail.

S

 

[Ken Smith]

In article <MPG.1c64225e608287ac9898af@news.individual.net>,
Keith Williams <krw@att.bizzzz> wrote:

In article <ctdl0u$iqj$4@blue.rahul.net>, kensmith@green.rahul.net
says...
[..]
If you are going to download and install something, download it and save
the download file onto a CD.

I download/save everything to a directory under an "installed"
directory on my "D" drive/partition and install from there.
Periodically that directory tree gets written to CD.

That is sort of what I suggested, but I don't think you can trust the
downloaded version of a program for very long. The next time your
computer gets hit, the virus may modify the downloaded files too.

Every time you create something you don't want to lose, write it onto a
CD.

...along with all the malware already installed.

The "it" I mean is specifically what you created ei: the file you
produced. If it gets infected before you save it to CD you lose it but
assuming that you detect the virus, all the stuff before that point is
safe.

Plan on doing a re-install of Windows every 3 Months to a year.

Why plan on it. It's going to happen anyway. Actually, I'm on year
five on this laptop and refused a new one because a re-installation
would be a disaster. :-(

My wifes computer is less than 4 months from its last re-install and
already stuff doesn't work. Re-installing is a majop pain because it uis
an upgrade version so it wants to keep all the malware or refuses to
install. When it is installed, it is complete virus bait and has to be
patched, patched and patched again before the network is used.

--
--
kensmith@rahul.net forging knowledge

 

[Joe]

"john jardine" <john@jjdesigns.fsnet.co.uk> wrote in message
news:ctdka9$r0u$1@newsg2.svr.pol.co.uk...

"Terry Pinnell" <terrypinDELETE@THESEdial.pipex.com> wrote in message
news:2j5kv05pqvarkhnvn2nfu64248nl2ih6er@4ax.com...
I was surprised to learn today that all anti-adware and anti-spyware
programs perform so badly. Here's an extract of the ranking, from
'Anti-adware misses most malware' By Brian Livingston, in
http://windowssecrets.com/050127/

Product Adware Fixed
---------------- ------------
Giant AntiSpyware 63%
Webroot Spy Sweeper 48%
Ad-Aware SE Personal 47%
Pest Patrol 41%
SpywareStormer 35%
Intermute SpySubtract Pro 34%
PC Tools Spyware Doctor 33%
Spybot Search & Destroy 33%
McAfee AntiSpyware 33%
Xblock X-Cleaner Deluxe 31%
XoftSpy 27%
NoAdware 24%
Aluria Spyware Eliminator 23%
OmniQuad AntiSpy 16%
Spyware COP 15%
SpyHunter 15%
SpyKiller 2005 15%

So, given that there must be great overlap, I reckon my
frequently-used combination of Ad-Aware SE Personal and Spybot Search
& Destroy is catching little more than half the malware reaching me.
Unsettling.

--
Terry Pinnell
Hobbyist, West Sussex, UK


I've got some trash called "Cool web search" on my PC at the moment.
*Nothing* can remove the core component.
"Spybot" will crash the PC on finding it. Others just acknowledge that
this
POS is present.
Even the purpose written "CW Shredder" crashes on attempting to remove it.
Where are all those oh-so-clever-hot-shot-windows-programmers, when
they're
needed to do some real, socially useful work?.
By default I'm learning that windows is built on gibberish. It leaks like
a
sieve. No amount of updating can ever improve it.
regard.
john

John,

My webroot spysweeper removed a real stubborn version of the coolweb search
and homepage hijacker. I had to update the original version on the
spysweeper website, but it worked. You may want to try it.

Joe

 

SioL wrote:

"Jim Thompson" <thegreatone@example.com> wrote in message
news:3irkv09t8i6stbagkl9u6mcljom05mhpc0@4ax.com...
On Fri, 28 Jan 2005 17:39:49 +0100, "SioL" <Sio_spam_L@same.net
wrote:
Maybe publicly identifying people who write this crap (with a
picture, name
and address) would take care of this problem. I'm sure many pissed
off users
would love to "personally congratulate" the authors.

And than perhaps an amnesty for any "crime" involved in
congratulating.

Burn 'em on the stake!

S


ISTR a case where a spammer's place of business was torched.

...Jim Thompson

This is the only interesting related bit I could find

http://news.bbc.co.uk/2/hi/business/3581435.stm

Spammer's Porsche up for grabs

AOL says the Porsche has "symbolic value"
Internet giant AOL has ratcheted up the war against unsolicited
e-mail with a publicity-grabbing coup - an online raffle of a
spammer's seized Porsche.
AOL won the car - a $47,000 Boxster S - as part of a court settlement
against an unnamed e-mailer last year. "We'll take cars,
houses, boats - whatever we can find and get a hold of," said AOL's
Randall Boe. According to Mr Boe, the Porsche's previous owner
made more than $1m by sending junk e-mail.

S

I personally believe that the Windows operating system was deliberately
designed to allow
spyware to work. I cannot imagine that even Microsoft (no matter how
technically incompetent everyone says they are) is not capable of
developing an OS that is closed to this kind of activity, considering
that a huge amount of good OS sourcecode has been available for study
for two decades already. I don't think I'm being paranoid and I'm not a
conspiracy theorist, but I always seem to come back to the same
conclusion as I continue to think about it!

Fred.

 

[JeffM]

If you want to get rid of nearly all spy/adware, and even virus
issues,
quit using Outlook and Internet Explorer.
John (learner)

I wondered how long it was going to take

to hear the voice of reason in this thread.
I notice that the article that the OP referenced
doesn't put this at the top of the list--or even mention it.

Mozilla is a very well done browser

Yup.

Internet Explorer almost seems to "go out and get" spyware

I'd like to add "and aids in its own hijacking".

Express

Well, its namesake; aside from being prime vectors for infection,

the 2 have little in common (not even file names or file formats).

are wide open front doors for all kinds of havoc

#1 on the list--above MSIE.

Use Eudora, or any one of a half dozen other very good programs

Yup.

http://www.google.com/search?&q=eudora+pegasus+thunderbird+mozilla-mail+opera-mail+bat+incredimail

 

[Mark Jones]

Ken Smith wrote:

In article <41fa6018.1204218614@news.planet.nl>,
Nico Coesel <nico@puntnl.niks> wrote:

kensmith@green.rahul.net (Ken Smith) wrote:



I think what may be the best way to solve the problem is to place Windows
on a disk as the C drive, install all the applications from the shrink
wrapped boxes and then disconnect the write wire of the C drive. From
that point on, all the data goes on the D drive or it goes nowhere at all.

Using windows as a user and not administrator does effectively the
same.


Not even close to the same. Windows constantly writes stuff all over C
even when running as just "user mode". Bugs can allow important stuff to
be overwritten. ith my solution, most of the bugs don't matter.

I've long-since lobbied for OS-on-EEPROM, especially now that we have
such high-density hardware. Anything without specific permissions just
isn't going to get clearance to write to it, simple as that. Maybe a
"key" you need to insert in the front of the PC to upgrade the
OS/service pack, etc. (Say the switch allows the EEPROM to get +12v.)

As far as the programs themselves, I think it should be illegal for
any company to include any kind of "malware" with their software,
known or not. Since it is impossible (and arguably immoral) to police
such companies, they could be added to a blacklist network instead,
which every computer connected to the net can automatically check
daily. Any suspect software comes up flagged as bad, much like how
SpamCop works but only for programs. i.e.,

Ding! "Attention, you have Kazaa installed, you idiot! 17 people are
preening through your hard disk right now, 2 are deleting your Pamela
Anderson nude collection, and 1 is editing your registry. Recommend
you uninstall Kazaa, like, yesterday..."

-M

-- "Konnichiha, douzoyoroshiku." MCJ 200404

 

[Mark Jones]

learner@juno.com wrote:

I remove allot of this junk all the time for people and the problem is
only getting worse day by day. These things engrain themselves so
deeply into windos that it's virtually impossible to get them out.


If you want to get rid of nearly all spy/adware, and even virus issues,
quit using Outlook and Internet Explorer.

Mozilla is a very well done browser, that can be configured to block
popup ads, and restricts access to the system. Internet Explorer almost
seems to "go out and get" spyware, as it is so vulnerable, and has such
little security. Besides, if you don't know what 'tabbed browsing' is,
consider checking out Mozilla. It is the best feature ever created for a
browser.

Outlook and its offspring Express are wide open front doors for all kinds
of havoc on you computer, both for allowing access, and for propogating
things.

Use Eudora, or any one of a half dozen other very good programs, and you
will find that (Make up random number here) 95% of your problems will go
away.

My son uses IE and Outlook, and the cheesy spyware stuff still finds
literally hundreds of problems on a weekly basis. I use Mozilla, and MR/2
ICE for windows, and running the same spyware stuff as he does, find maybe
one a month.

Complaining feels good, doing something about it is a better idea. Lose IE
and Outlook, and see most of the problem go away.

John

I can second this motion. I switched to FireFox and Thunderbird...
got lots of new features, it's faster, no popups, no "window
maximizing", no "webpages which play annoying music", no malware...
can't say enough good things about switching. You'll be glad you did!

http://www.mozilla.org/products/firefox/central.html


-- "Over-unity, UFO's, Zero-Point Energy... there's a reason
scientists go 'mad.'" MCJ 200305

 

[Roger Johansson]

Mark Jones <abuse@127.0.0.1> wrote:

I've long-since lobbied for OS-on-EEPROM, especially now that we have
such high-density hardware. Anything without specific permissions just
isn't going to get clearance to write to it, simple as that. Maybe a
"key" you need to insert in the front of the PC to upgrade the
OS/service pack, etc. (Say the switch allows the EEPROM to get +12v.)

You can achieve a similar effect as an eprom OS if you use a partition
saving program to backup your C: partition.

Then you can restore the Operating system anytime to exactly the same
state.

If you like you can even restore instead of rebooting, if you want to
reset the operating system every time you start the computer.

If you have a second partition, or a second hard disk you can keep your
data on that and saved partition images which you can restore to C:
partition.

Both data from the second partition and disk images of the C partition
can also be backed up to CD's, of course, to get a second line defence
against loss of data or programs.

Two good partition saving programs: the commercial norton ghost and the
freeware "Partition Saving".

http://www.partition-saving.com/

This software lets you create a compressed copy of the C: partition, and
store it on another partition/harddisk or on a CD burner.

When something goes wrong, viruses, technical problems, whatever, you
simply restore the C: drive. It takes 2 minutes, a lot faster than
resinstalling windows and all your favorite programs, and faster than the
reboot procedure on many computers filled with ad and spyware routines to
be loaded.

I save the windows installation after I have installed windows and a few
programs I need. Later I install more programs, and make a new backup
with partition saving.

When something goes wrong (or I have installed and tried a load of
useless programs) I can choose which disk image I want to restore, a
really clean and fresh installation, or a more advanced one with several
extra programs and settings. I have 3 saved images to choose from right
now, from a very barebone windows installation, to a copy of my current
system as it was two weeks ago.

I make sure to store my important data on another hard disk, and on
another partition on the first hard disk, and I back up both the data and
the partition images on CD.

If my first hard disk breaks down I simply buy a new one and restore a
partition image to the C partition. If my second hard disk goes down I
copy my data from C and all is well again. If both break down
simultaneously, which is highly unlikely but possible, I buy two new
hard disks and restore the backups from CD.

Both norton ghost and partitionsaving are small programs you run from a
DOS floppy, or live-CD. Ghost has the added advantage of a windows
program which is used to open ghost disk images in a manner like we open
zip files, look inside, copy files out from the archive/image, copy files
into it, so you can change it. This is sometimes useful, for example if
you have a file or a program which cannot be deleted. You make an image
of the partition, go into it like a zip file, and erase the un-erasable
file or program, and restore the image to the C partition.

If you are hit by a virus which makes windows un-usable you can run the
partition saving program from a floppy, make a copy of the current state
of the C partition, restore the latest good partition image, and reboot. Then
you can explore the image which doesn't work from your normal windows
environment, change things, copy files you would have lost otherwise,
etc..

A new way to backup your data files is to store them on internet, so you
can access them from any connection and any computer. Just get an account
where you are allowed to store files.


--
Roger J.

 

[Terry Pinnell]

Mark Jones <abuse@127.0.0.1> wrote:

I can second this motion. I switched to FireFox and Thunderbird...
got lots of new features, it's faster, no popups, no "window
maximizing", no "webpages which play annoying music", no malware...
can't say enough good things about switching. You'll be glad you did!

http://www.mozilla.org/products/firefox/central.html

WHS. Changed default browser to FF 1.0 a week ago. Just had a couple
of sites I can't reach or actions I can't accomplish. For example,
buying an ebook today from Fictionwise in MS Reader format bombed
because the site failed to inform me that it would only work in MSIE -
apparently dependent on ActiveX (ironically a/the prime security
exposure!). Had to load up MSIE6 briefly to download my purchase. They
have email. But that and other minor glitches are trivial compared to
the upsides. Wish I'd changed sooner. Definitely won't go back.

--
Terry Pinnell
Hobbyist, West Sussex, UK

 

[JeffM]

1.0 a week ago.
Just had a couple of sites I can't reach or actions I can't
accomplish....
would only work in MSIE - apparently dependent on ActiveX
Terry Pinnell

I can't say I recommend doing business
with companies that are so foolish as to use/require ActiveX,
but if you like playing Russian Roulette with your HDD:
http://www.google.com/search?&q=mozilla+activex-plug-in

I've used Mozilla since 1.2 (they are currently at 1.7.3 Stable)
and I have never felt any desire to use ActiveX.
If the morons at a biz can't figure out how to use Javascript
and allow everybody to play, screw 'em--I'll go elsewhere.

 

[john jardine]

"Jim Thompson" <thegreatone@example.com> wrote in message
news:ivnlv0lf5mn07mdbpo7652t1lpscpje7vd@4ax.com...

On Fri, 28 Jan 2005 23:29:18 +0000, Terry Pinnell
terrypinDELETE@THESEdial.pipex.com> wrote:

Mark Jones <abuse@127.0.0.1> wrote:

I can second this motion. I switched to FireFox and Thunderbird...
got lots of new features, it's faster, no popups, no "window
maximizing", no "webpages which play annoying music", no malware...
can't say enough good things about switching. You'll be glad you did!

http://www.mozilla.org/products/firefox/central.html

WHS. Changed default browser to FF 1.0 a week ago. Just had a couple
of sites I can't reach or actions I can't accomplish. For example,
buying an ebook today from Fictionwise in MS Reader format bombed
because the site failed to inform me that it would only work in MSIE -
apparently dependent on ActiveX (ironically a/the prime security
exposure!). Had to load up MSIE6 briefly to download my purchase. They
have email. But that and other minor glitches are trivial compared to
the upsides. Wish I'd changed sooner. Definitely won't go back.

I just fired it up. I'm impressed. I've tested my banks and
credit cards and everything seems AOK.

I guess I need to try Amazon, since I buy a lot of Stuff from them.

...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| Phoenix, Arizona Voice480)460-2350 | |
| E-mail Address at Website Fax480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |

I love to cook with wine. Sometimes I even put it in the food.

Firefox. Same here!.
Loaded and running with no problem. Haven't had an intrusion in the past
hour.
I'll give it a couple of days and try the Thunderbird.
regards
john

 

[keith]

On Fri, 28 Jan 2005 17:53:30 +0000, Ken Smith wrote:

In article <MPG.1c64225e608287ac9898af@news.individual.net>,
Keith Williams <krw@att.bizzzz> wrote:
In article <ctdl0u$iqj$4@blue.rahul.net>, kensmith@green.rahul.net
says...
[..]
If you are going to download and install something, download it and save
the download file onto a CD.

I download/save everything to a directory under an "installed"
directory on my "D" drive/partition and install from there.
Periodically that directory tree gets written to CD.

That is sort of what I suggested, but I don't think you can trust the
downloaded version of a program for very long. The next time your
computer gets hit, the virus may modify the downloaded files too.

They normally infect the installed files, not the raw downloaded files.

Every time you create something you don't want to lose, write it onto a
CD.

...along with all the malware already installed.

The "it" I mean is specifically what you created ei: the file you
produced. If it gets infected before you save it to CD you lose it but
assuming that you detect the virus, all the stuff before that point is
safe.

But that backup will re-infect all else after you reinstall.

Plan on doing a re-install of Windows every 3 Months to a year.

Why plan on it. It's going to happen anyway. Actually, I'm on year
five on this laptop and refused a new one because a re-installation
would be a disaster. :-(


My wifes computer is less than 4 months from its last re-install and
already stuff doesn't work. Re-installing is a majop pain because it uis
an upgrade version so it wants to keep all the malware or refuses to
install. When it is installed, it is complete virus bait and has to be
patched, patched and patched again before the network is used.

It sounds like you have some bit-rot going on there. Have you totally
eliminated the possibility of a hardware fault? I haven't had much
problem, well, at least until I tried installing PDF Reader 7.0, whcih
pretty much trashed all other versions, and itself. Since, downloads
have been iffy.

--
Keith

 

[Mark Jones]

Terry Pinnell wrote:

Mark Jones <abuse@127.0.0.1> wrote:


I can second this motion. I switched to FireFox and Thunderbird...
got lots of new features, it's faster, no popups, no "window
maximizing", no "webpages which play annoying music", no malware...
can't say enough good things about switching. You'll be glad you did!

http://www.mozilla.org/products/firefox/central.html


WHS. Changed default browser to FF 1.0 a week ago. Just had a couple
of sites I can't reach or actions I can't accomplish. For example,
buying an ebook today from Fictionwise in MS Reader format bombed
because the site failed to inform me that it would only work in MSIE -
apparently dependent on ActiveX (ironically a/the prime security
exposure!). Had to load up MSIE6 briefly to download my purchase. They
have email. But that and other minor glitches are trivial compared to
the upsides. Wish I'd changed sooner. Definitely won't go back.

Terry, you might want to try the PrefBar extension. It will allow
FireFox to easily control most of the nifty features, and allow you to
spoof your "user-agent" string (effectively making the website think
you are using another browser. Check it out: http://prefbar.mozdev.org/

Yes, there are a small number of heavily-tweaked websites which
FireFox doesn't like. But new extensions are being made daily and
FireFox is rapidly gaining popularity, so web designers are being
forced to provide compatible support. It's only a matter of time
before it surpasses IE in terms of usage. Sure everyone "has" to have
IE on their box, but nobody is going to be using it.

 

[Mark Jones]

Rich Grise wrote:

On Fri, 28 Jan 2005 10:39:41 +0000, Terry Pinnell wrote:


I was surprised to learn today that all anti-adware and anti-spyware
programs perform so badly. Here's an extract of the ranking, from
'Anti-adware misses most malware' By Brian Livingston, in
http://windowssecrets.com/050127/

[snip stats]

So, given that there must be great overlap, I reckon my
frequently-used combination of Ad-Aware SE Personal and Spybot Search
& Destroy is catching little more than half the malware reaching me.
Unsettling.


Or, you could just run Linux. It doesn't do spyware. But I have been
watching my apache access logs, and I've blacklisted a few IPs that
are sending such extreme garbage:
--------<sample excerpted>------
4.8.194.170 - - [27/Jan/2005:05:38:15 -0800] "GET /default.ida?XXXXXXXXXXXXXXXXXXX
[two lines of XXXXXXX snipped]
4.10.192.232 - - [27/Jan/2005:10:18:08 -0800] "SEARCH /\x90\xc9\xc9\...
Many many \xc9, followed by as many \x90. I know \x90 is an 8086 nop, but it's
followed by:
4.10.192.232 - - [27/Jan/2005:10:18:39 -0800] "POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 404 307,
-------<end excerpt>------------
which is clearly a windoze buffer-overflow-type attack. Presumably, that
sequence is the key to the back door of your system.

So, wanna see my current blacklist? No? Sorry, here it is anyway:
BLACKLIST="146.82.109.210
146.82.109.220
206.173.44.115
216.73.86.23
218.235.138.29
218.235.138.5
4.10.111.70
4.10.130.162
4.10.131.233
4.10.133.101
4.10.133.39
4.10.134.223
4.10.135.69
4.10.192.232
4.11.10.236
4.11.102.77
4.11.177.147
4.11.193.186
4.11.203.34
4.11.203.76
4.11.213.233
4.11.236.20
4.11.241.127
4.11.251.128
4.11.44.243
4.11.53.75
4.11.54.16
4.11.60.183
4.11.61.44
4.27.133.163
4.8.194.170"

Cheers!
Rich

What the heck are all those 4.* IP's?

Aaah, verizon customers eh? I've got a few blocked from my ISP also.
Nice trick: restart PC, close all apps and services, watch the
firewall log. Blacklist anything that moves.

BTW, 0xC9 in Win32 assembler is the "Leave" instruction. According to
the Win32 API reference,

------------------------------------------------
LEAVE - Restore Stack for Procedure Exit (80188+)
Usage: LEAVE
Modifies flags: None
Releases the local variables created by the previous ENTER
instruction by restoring SP and BP to their condition before
the procedure stack frame was initialized.
Clocks Size
Operands 808x 286 386 486 Bytes
none - 5 4 5 1

C9 LEAVE Set SP to BP, then pop BP
C9 LEAVE Set ESP to EBP, then pop EBP
------------------------------------------------

 

[Terry Pinnell]

Mark Jones <abuse@127.0.0.1> wrote:

Terry Pinnell wrote:
Mark Jones <abuse@127.0.0.1> wrote:


I can second this motion. I switched to FireFox and Thunderbird...
got lots of new features, it's faster, no popups, no "window
maximizing", no "webpages which play annoying music", no malware...
can't say enough good things about switching. You'll be glad you did!

http://www.mozilla.org/products/firefox/central.html


WHS. Changed default browser to FF 1.0 a week ago. Just had a couple
of sites I can't reach or actions I can't accomplish. For example,
buying an ebook today from Fictionwise in MS Reader format bombed
because the site failed to inform me that it would only work in MSIE -
apparently dependent on ActiveX (ironically a/the prime security
exposure!). Had to load up MSIE6 briefly to download my purchase. They
have email. But that and other minor glitches are trivial compared to
the upsides. Wish I'd changed sooner. Definitely won't go back.



Terry, you might want to try the PrefBar extension. It will allow
FireFox to easily control most of the nifty features, and allow you to
spoof your "user-agent" string (effectively making the website think
you are using another browser. Check it out: http://prefbar.mozdev.org/

Yes, there are a small number of heavily-tweaked websites which
FireFox doesn't like. But new extensions are being made daily and
FireFox is rapidly gaining popularity, so web designers are being
forced to provide compatible support. It's only a matter of time
before it surpasses IE in terms of usage. Sure everyone "has" to have
IE on their box, but nobody is going to be using it.

Thanks, Mark, duly installed. I started this thread as 'OT', so guess
it's now at least (OT)˛. So let's push it and try (OT)ł...or I suppose
strictly that should that be OłT? <g>

Am I misusing PrefBar or expecting too much for it to handle
http://www.accuradio.com/# like MSIE6 did? I chose 'IE 6.0 WinXP' from
that UA drop-down, went to the page, but cannot get a station to play.

--
Terry Pinnell
Hobbyist, West Sussex, UK

 

[Kitchen Man]

On Fri, 28 Jan 2005 10:19:10 -0700, learner@juno.com wrote:

If you want to get rid of nearly all spy/adware, and even virus issues,
quit using Outlook and Internet Explorer.

Mozilla is a very well done browser, that can be configured to block
popup ads, and restricts access to the system. Internet Explorer almost
seems to "go out and get" spyware, as it is so vulnerable, and has such
little security. Besides, if you don't know what 'tabbed browsing' is,
consider checking out Mozilla. It is the best feature ever created for a
browser.

I have Firefox configured to prompt me before accepting any certificate.
I always accept known certificates only temporarily. This is never more
than a minor pain in the neck, the worst being the two certificates I
have to accept to get mail from - you guessed it - hotmail. Yahoo does
not attempt to install certificates. Online shopping gives me the
opportunity to decline many, many certificates.

OK, watch out, I didn't mean to, but a rant popped out anyway:

I work for the Fed, and unfortunately, the Fed has mandated IE as the
browser of choice, Outlook as the email client, and (my God, WHY?) MS
Word as the chosen word processor. At work, I use IE only for those
applications that require it, official stuff. The AFPC (Air Force
Personnel Center) has a bunch of monkey boys doing their web stuff, it
relies heavily on pop-up windows, can't be used with anything but IE,
and is *always* screwed up to some extent.

I do my documents in Adobe, and distribute memos and such in PDF. Screw
them if they don't like it. Some very important documents are required
to be in MS Word, and I have spent many hours getting the outline
numbering to work halfway reliably. I pushed to get Framemaker adopted,
but that means spending money, so no go. Framemaker has some quirks,
and doesn't have the bells and whistles of Word, but it is rock solid
reliable. There's an Australian gal, a MS employee, who has a really
good website devoted to getting around the stupidity of MS Word:
http://www.shaunakelly.com/word/

Still, Word is a funny beast. I get the numbering to be clear and
consistent (and the user must be especially careful not to allow MS to
totally screw up the document), and yet when I print selected pages, the
numbering is lost completely. Paragraph headers come out 0.0, 0.0.0,
and so on. Numbering that is not part of the overall scheme comes out
really weird - one table numbered 1-14 prints out as 13 sixes and a
seven at the end. This is Office 2003, mind you, the latest version.

I have a hypothesis that the SW writers at MS deliberately screw up Word
so that other vendors, Adobe and Word Perfect for example, can't open
Word documents. What a bunch of crap.


--
Al Brennan

 

[Don Taylor]

kensmith@green.rahul.net (Ken Smith) writes:

In article <_OWdneZoW8wQoWbcRVn-hg@scnresearch.com>,
Don Taylor <dont@agora.rdrop.com> wrote:
[..me..]
I think what may be the best way to solve the problem is to place Windows
on a disk as the C drive, install all the applications from the shrink
wrapped boxes and then disconnect the write wire of the C drive. From
that point on, all the data goes on the D drive or it goes nowhere at all.

How much of this could we fix using hardware? (since fixing it
using software doesn't seem to be doing a particularly great job)

We put an itty bitty board between the cable and the drive.

We have to use a bit of software to move things around on the disk.
And then we flip "the big red switch" and large segments of the
drive are write protected.

yes,
With a modest sized CPLD, you could have a range of tracks protected.
That would do about as well as protecting a whole drive.

Trying to poke holes in my own idea now, if we can't assume, or get
Microsoft to support, directories not needing to be updated as well
as the files in the directories then we could easily protect xyz.dll
and have the net vandals change the pointer in the directory to the
new infected xyz.dll.

Any attempt to write over the top of most of the executables fails.

If you partition things right, you can protect the whole install and still
allow the rest of the disk to serve as a logical D drive to be written.

That was roughly what I was thinking.

I realize this isn't a complete solution to the problem. But it
seems like it might fence in a smaller area for possible damage.
And I realize we would have to provide some controlled method to
allow updates to the executables.

Why would we have to allow updates at all? I've never updated the
software in my TV or toaster.

Probably because the quality of toasters is orders of magnitude better
than what they call software today. I spent a decade of my life
working on what would be called 6-sigma software today. Roughly that
translates into you and two dozen of your friends using this all day
every day for fifty years and there still be better than a 90% chance
that not a one of you would have ever seen a bug, no matter how small.

But, we still have other issues. We need to allow "updates" on a
second by second basis as Windows runs. "The Registry" inside Windows
now controls most of the behavior of the machine. It has to be
modified on almost literally a keystroke by keystroke basis. There
likely isn't any way to provide hardware protection to the perhaps
90% of that which we don't need to change, and Windows would lay there
on its back with its little legs wiggling in the air if we made the
entire registry read-only.

However, there actually are products, Hard Drive Sheriff is one brand,
built for places like the schools, where we are training armies of
little net vandals, that attempt to provide some protection like this.
I believe they keep a hot backup and when one little vandal leaves
the seat and the next one takes over it restores the system from the
hot backup.

The latest attempt by Microsoft tries to enforce rules against
executing what lies in the area marked as data. This tries to
enforce rules against writing in areas marked as read-only.

Many years ago, I disassembled a large chunk of DOS in order to figure out
a bug. After that, I have never thought Microsoft would ever make bug
free software. It was obviously patches to the patches on the patches
placed over someones not too bad of code. The newer the stuff the worse
the coding.

BTW: I did figure out the bug and a way around it so that the 8259 didn't
get munged by them.

--
--
kensmith@rahul.net forging knowledge