Battle of the titans?

Posted on 2007-07-04 by Oliver

Ptacek, Lawson and Ferrie – well-known security specialists – joined up to challenge Rutkowska and prove that her virtualization rootkit BluePill (up to now AMD-specific) is detectable regardless of her claims. The above link leads to her official reply to them.

Rutkowska likes to speak in absolutes, as it seems. In one instance I could even falsify one of her claims concerning VMM detection from within a VM using the interrupt descriptor table address as an indicator. This shows she is human as everyone, but having her own company now and being busy all the time (who is not?) she never found the time to respond to my articles 🙄

Anyway, this gets me really excited about who will win the challenge, but Peter Ferrie, being a former FRISK employee, has all my sympathies :mrgreen:

// Oliver

Posted in EN, IT Security, Programming, Reversing | Comments Off on Battle of the titans?

DW-Reportage zur documenta 12

Posted on 2007-07-04 by Oliver

Auf DW-World gab es letztens eine Reportage zum Thema documenta 12, wo eine afrikanische Modeschöpferin gehypt wurde. Der Kommentar den sie abgab machte mich nachdenklich. Sie meinte, daß da wo sie herkäme nur Sklaven und Tiere einen Strick um den Hals bekommen und die Europäer sich (mit Krawatten) das gleiche freiwillig antun.

Also mir fällt dazu ein: in Europa haben wir die Sklaverei abgeschafft 😯

// Oliver

Posted in DE, Gedanken | Comments Off on DW-Reportage zur documenta 12

Nice tool from Microsoft.

Posted on 2007-07-03 by Oliver

No, this time it is not a binary file for download. It is a website. Hope you enjoy as much as I did when pointed to it by a colleague.

This website allows you to look up DLL versions and when they were bundled with which product and so on. Very nice idea.

// Oliver

Posted in EN, Programming, Software | Comments Off on Nice tool from Microsoft.

Autsch, das ist bitter.

Posted on 2007-07-01 by Oliver

Jene die über Online-Durchsuchungen und Gesetze das Internet betreffend entscheiden sollen, scheinen keinen Schimmer von dem zu haben worüber sie entscheiden:
Continue reading

Posted in DE, Gedanken | Comments Off on Autsch, das ist bitter.

What the heck, Kaspersky???

Posted on 2007-06-30 by Oliver

here Kaspersky claims:

An advisory has recently been published on rootkit.com regarding a vulnerability in KAV 7.0. Unfortunately, the authors of this material chose not to adhere to industry standard practice, and contact the vendor prior to disclosing vulnerability details. Although the authors claim that all attempts to inform Kaspersky Lab about this vulnerability were ignored, this is not the case: if we had been informed, this issue would have been addressed long ago.

I am really upset by this! I reported this vulnerability back in October 2005 in the Kaspersky subforum at malware-research.co.uk, a closed forum for security professionals, and one person from Kaspersky Labs Netherlands replied and said it would be taken care of. Back then (before the reply) I wrote that if they would not respond in due time I’d publish it (without details) through public channels which was taken as a threat by the person who responded. Interestingly I did never check again and it was almost one year later (September 2006) that I joined FRISK Software International and thus the AV industry.

Also fascinating, I am not the one who published it on rootkit.com, instead I chose to contact them in a closed security-aware community and the result was apparently the same, Kaspersky chose to ignore it in the end in both cases. I can well imagine that “the authors claim that all attempts to inform Kaspersky Lab about this vulnerability were ignored”.

Excuse me, but the claims in the above quote are ridiculous to say the least.

// Oliver

BTW: I met said person at the AV Workshop this year. A few weeks after the workshop a bug that I reported more than 18 months ago surfaces again (in one of their latest products!). Amazing!

Posted in EN, IT Security, Reversing, Software | Leave a comment

20th Anniversary of the UN Convention Against Torture

Posted on 2007-06-26 by Oliver

www.irct.org

Posted in EN | Comments Off on 20th Anniversary of the UN Convention Against Torture

Realtime protection

Posted on 2007-06-24 by Oliver

The term “Realtime protection” has been overused in recent years and used in a completely wrong sense ever since it was invented.

To make sure to not be misunderstood – yes, even the company I work for has used the term during the hype of the phrase and recently we published a patch to the “Realtime Protector” (included in a legacy product). However, this still doesn’t make the “protector” more realtime. Now, why is that?

None of the Windows systems is a realtime operating system. So how would any software running under these OSs be “realtime” in any way? Easy answer: it won’t. Since most malware is prevalent on the two Windows platforms (Win9x and WinNT), it is fair to claim that this also means that any anti-malware application isn’t “realtime” either.

Now what does it mean? It means that “realtime protection” is formally and technically a wrong term invented and misused by the marketing experts of the companies offering it. The more proper term would be “on-access scan” as this is exactly what these components do. Whenever you touch (or execute) a file the OAS will scan it and offer you a choice of cancelling your action or deny it right away (depending on the settings). Same for registry operations and whatever else can be “realtime-protected”.

// Oliver

Posted in EN, IT Security | Comments Off on Realtime protection

Behind the words #2

Posted on 2007-06-17 by Oliver

It took me a while to understand the subtle humor in one of LS’ slogan after being pointed to it by a good friend. The slogan is very prominent on the main website and says:

You have enough to worry about, WE’LL RELIEVE THE WORKLOAD.
(Source: lavasoft.com)

Here’s a screenshot of the part with the slogan:

The slogan as a picture

Let’s face it, with a mug of coffee and a non-working computer anyone is relieved of the workload for a while. A subtle but well-thought-out slogan!

// Oliver

Posted in EN, Lava-watch | Comments Off on Behind the words #2

Users grumpy? I don’t know why …

Posted on 2007-06-17 by Oliver

In this blog entry I outlined that the new approach LS takes to keep malware from the customer’s machine was due to downtime. Suddenly people start complaining about it, although this strategy was clearly shown during the beta phase in each and every of the betas.

Join the club.
At least you caught yours before it destroyed the operating system.
The new 2007 took 45 miinutes to eradicate my registry.
And no-one has responded, either on these forums or via e-mail to a support request sent earlier in the week.

How does System Restore work for you?
If I can get this open once, I need to know if System Restore (XP Pro, SP2) will fix it.
(Source: LS support forum)

First asking for protection and then complaining about the implementation details, as if they weren’t clearly outlined in advance 🙄

// Oliver

Posted in EN, Lava-watch | Comments Off on Users grumpy? I don’t know why …

Biometrie-Terror

Posted on 2007-06-16 by Oliver

http://www.ccc.de/updates/2007/biometrie-terror

In der Hoffnung, daß die Leute vom CCC noch ein schönes Banner kreieren …

// Oliver

Posted in DE, Gedanken | Comments Off on Biometrie-Terror

Behind the words …

Posted on 2007-06-16 by Oliver

Have you ever looked at LS’s management website? The fact that the number of (management) people seems to be shrinking in the last few months is well-known and I will leave it to my reader to compare the photos and this interesting video.

Maybe it is about bragging rights again? … maybe it’s just cool to stand in front of the capitol in Washington D.C. and talk about spyware, who knows. I am convinced any other place would have done as well here, if it wasn’t for the US-centric view on a global problem. What I was amazed about, was the fact that most of the stuff they (especially one of them) said was not right away wrong, but this doesn’t keep me from nitpicking, does it? After all I am a German 1 :mrgreen:
Continue reading

  1. … meaning I cannot handle humor of any kind :mrgreen:[]
Posted in EN, Lava-watch | Comments Off on Behind the words …

Russian view on G8

Posted on 2007-06-14 by Oliver

… the picture in the previous blog entry (below this one) contains the following text:

Go tell him all we think of him! Just don’t look into his eyes!!!

// Oliver

Posted in /dev/null, EN | Comments Off on Russian view on G8

Russische Sicht auf G8

Posted on 2007-06-14 by Oliver

Hier findet man eine Karikatur vierer altbekannter Figuren im G8-Kabinett. Die beiden rechts sagen der jungen Dame (nun wer mag das wohl sein ;)):

Das beschiebene Bild

Geh und sag ihm alles was wir über ihn denken! Aber schau ihm bloß nicht in die Augen!!!

// Oliver

Posted in /dev/null, DE | Comments Off on Russische Sicht auf G8

Let’s nitpick

Posted on 2007-06-12 by Oliver

On LS’ blog, the latest entry is bragging about the positive press AAW 2007 got. Well, not press in the traditional sense, because real journalists would have investigated thoroughly. Let’s nitpick a bit.

One of the first applications built to find and remove adware and spyware, Ad-Aware 2007’s excellent reputation is well-justified.

The first such utility was not written by Lavasoft, but by Steve Gibson under the name Optout, although LS officially claims: “We are not just any anti-spyware company, we are the original anti-spyware company”. While Steve Gibson is by far not an undisputed expert, the kudos is his, not LS’. Furthermore the whole statement was bullshit given that AAW 2007 was released in 2007, while other AS-companies (even LS themselves) have released products prior to that. So how could it be one of the first? Bad wording or negligence? As to the reputation, I ask my readers to visit the LS support forum to check by themselves (unless it’s being cleaned up). They even got a special rant thread – woohoo.
Continue reading

Posted in EN, Lava-watch | Comments Off on Let’s nitpick

Wirklich unverbesserlich, dieser “Mielke auf Rädern”

Posted on 2007-06-10 by Oliver

Während es früher für Ausländer in Deutschland hieß: “Beckstein, Beckstein, alles muß versteckt sein!”, scheint Schäuble tatsächlich nie genug zu bekommen. Es ist unglaublich mit welcher Skrupellosigkeit Politiker heutzutage bescheuerte Ideen zum besten geben dürfen ohne von einer breiten Bevölkerungsmehrheit kritisiert zu werden. Sieht so aus, als ob ehemalige DDR-Bürger resignieren oder resigniert haben und als ob die Überlebenden aus Nazizeiten die Parallelen nicht sehen oder sehen wollen.

Bundesinnenminister Wolfgang Schäuble hat vor, die Fingerabdrücke von in Deutschland lebenden Ausländern ohne EU- oder Schweizer Pass künftig zu speichern. Dies geht aus einem Gesetzentwurf namens “Änderung des AZR-Gesetzes” des deutschen Innenministeriums hervor, der sich in der Abstimmung zwischen den Ressorts befindet, berichtet das Nachrichtenmagazin Der Spiegel. (Quelle)

Traurig sowas,

// Oliver

Posted in DE, Gedanken | Comments Off on Wirklich unverbesserlich, dieser “Mielke auf Rädern”

“Happy” users everywhere …

Posted on 2007-06-10 by Oliver

This seems to be the case in Lavasoft’s support forum. Now, while there are some people not satisfied with the products of my company as well, it is not solely Ad-Aware 2007 which is to blame as it seems:

This is a JOKE!! I HAVE WASTED 90 MINUTES SO FAR ON A SYSTEM THAT SUCKS!! UNDER ORDER # xyz ON 6-10-07 I PAID GOOD MONEY AND NEVER GOT AN E-MAIL WITH A SERIAL NUMBER EITHER! JUST LIKE YOU, THE SYSTEM SAID MY E-MAIL ADDRESS IS NOT RECOGNIZED. FUNNY THEY HAD NO PROBLEM TAKING MY MONEY!! HORRIBLE !!!!!!!!!!!!!
(Source)

The username says it all: “MAD AS HELL” 😆
Continue reading

Posted in EN, Lava-watch | Comments Off on “Happy” users everywhere …

Comments suspended.

Posted on 2007-06-09 by Oliver

Thanks to the ever-increasing amount and frequency of spam-comments, I removed the option for comments for now. However, I’ll attempt to work out a fix (possibly similar to the fix I use in the UVNC forum) and then enable it again.

Sorry for the annoyance :-[

// Oliver

Posted in /dev/null, EN | Leave a comment

Cables glowing, servers burning …

Posted on 2007-06-07 by Oliver

… the launch of the newer and better product is a full success at download.com as it seems. A little less than 250 million (244229387 at the time of this writing) downloads in less than two hours, this has to be world record.

Let’s see what bandwidth download.com offers …

244229387 x 17.15 MiB = 4188533987.05 MiB

(For the sake of brevity let’s assume 2 hours, i.e. 7200 seconds)

4188533987.05 MiB / 7200 s = 581740.83 MiB/s = 4653926.65 MBit/s

Yes, dear reader, that is 4.6 million Megabit per second!!! Amazing. Not less amazing, how many users have rated the new product within this short time.

Evil to him who evil thinks,

// Oliver

Posted in EN, Lava-watch | 5 Comments

Morning has broken …

Posted on 2007-06-06 by Oliver

… as is the software.

Since a few minutes (Swedish time) the new day has begun and it will be a glorious day – it will be release day. Since everyone knows what it is about, I will not give any names here.

// Oliver

Posted in EN, Ich, der Zyniker | Leave a comment

Auch ich habe schon Arschlöchern die Hand …

Posted on 2007-06-05 by Oliver

… geschüttelt, fiel mir nur so ein, als ein DienerBediensteter aus Heiligendamm in einer Reportage auf DW-World zum besten gab, daß er schon im vorigen Jahr die Hände berühmter Politiker geschüttelt hätte. Allerdings fiele mir das natürlich nie im Zusammenhang mit dem kommenden G8-Gipfel in Heiligendamm ein, da sich ja bereits wieder “Gäste” im Land befinden und damit ja wiederum §103 StGB griffe. Oder gilt der jetzt für mich garnicht, weil ich in Reykjavik bin? Einerlei, ich verzichte also aktuell auf derlei Einlassungen und ziehe mich auf bekannte Positionen zurück 😉

// Oliver

PS: Ich fand übrigens Enzensbergers Einlassungen im Spiegel ganz nett – nur falls jemand nochmal nachlesen möchte.

Posted in DE, Gedanken, Ich, der Zyniker | Leave a comment