Home » Archive by category "Anti-Virus"

Google Mobile Malware

Is Google planning on integrating an antivirus scanner into Android? A just-released Google Play store app update, as well as the company’s recent acquisition of VirusTotal seem to hint that yes, Google is looking into it.

Google yesterday started rolling out an update to its Google Play Store app version 3.8.17 from August was bumped to version 3.9.16 in October.  The update to the phone has two parts.  The first thing called App Check would apparently allow Google to inspect apps you’ve already downloaded and a second feature would warn you if an app you’re trying to install is suspicious.

Google already has a server-side Play Store malware checker called Bouncer. The automated antimalware system removes malicious apps uploaded to the Play Store and is meant to prevent repeat-offender developers. Yet what is being described here is a client-side antimalware system, which would be particularly useful for apps not on the Play Store that Android users are installing from various sources.

This is not the first time Google has worked on removing and preventing malicious software in July Google has to remove 25 malicious apps which forced them to put Bouncer in place.  There are third party anti virus apps available buy almost every AntiVirus vendor like

  • AVG
  • Zoner
  • Avast
  • Nortain
  • Webroot
  • Mcafee
  • Trendmicro

But this move by Google shows that they are preparing to make some security changes and add possible a built in AntiVirus product on the client side.

With the recent FBI warning to consumers about mobile malware Google is adding better security features and possibly a built in AV on its latest Android mobile OS Jelly Bean 4.1 to avoid future security issues.  With Jelly Bean’s design, Google hopes to defend against hacks that install viruses, along with other malware.

Posted on October 16, 2012 by , Reply

Mac Apps That Need Retina Support

I was listening to This Week In Tech – http://twit.tv/ and one of the issues they spoke about was the Mac Retina display and how people have issues with the display and app support.  So I decided to do some research.

Every one who purchased the Next Generation Mac Book Pro have had apps that don’t use Apple’s system fonts or haven’t had their graphical assets super-sized look terrible.  The Retina Pro’s issues are with up scaling graphics across a compact 15-inch display area that’s harboring well over five million pixels.

Words jumbled into Images

Still Frames on Websites from bad Slash Animations

Applications and Web Pages are fuzzy

The issue is Apple has a great product so far ahead of its time that there is no design support for it yet.  Applications are suffering from this as well just to name the few I found from my research

Microsoft Office 2011 (This is the product I have heard most of the complaints about)

Spotify

Winamp

Adobe Products

AutoCad Products

Skype

Dropbox

AntiVirus Programs

Mozilla Firefox

Google Chrome

Posted on July 26, 2012 by , 1 comment

Facebook Children Charity Scam

Cybercriminals have developed a custom piece of malware that injects itself into your Facebook session and prompts you to donate to a charity for sick children. The scammers’ goal is to make off with your personal data, especially your credit card number. 

Security researchers have discovered a new variant of the Citadel malware that injects itself into your Facebook webpages and demands that you make a donation to a fake charity for sick children. Please be warned: there are no children charities that will ask you for a donation via Facebook. There are, however, individuals very interested in stealing your credit card number and other personal information (note: this is not the first time Facebook users are specifically being targeted, and it certainly won’t be the last), ZDnet reported.

http://www.zdnet.com/facebook-virus-warning-massive-children-charity-scam-7000001509/

Once your computer is infected with the malware, it quickly adds itself into your Facebook session.  After you log into your Facebook account, the Citadel injection mechanism displays a pop up that encourages you to donate $1 to children who “desperately” need humanitarian aid. Next, it asks you for your name, credit card number, expiration date, CVV, and security password.

DO NOT BE FOOLED BY THIS SCAM!

Posted on July 25, 2012 by , Reply

Conficker Still Affected Millions Of Computers And Businesses

Microsoft released a forth quarter security report stating that the worm Conficker is still infecting 1.7 million computers and work stations.   This news comes more than three years after the worm was first detected.  The rate of infection has increased despite widespread availability of tools to fight it.

Conficker has many different versions which make it hard to fight on large scale networks.  Although Microsoft had patches out way before a lot of companies were not patched.  Conficker can also turn off Automatic updates and BITS (Background Intelligent Transfer Service).  Despite Microsoft’s security patches and updates for Windows XP and Vista companies and end-users are still vulnerable due to Conficker’s ability to self-update by automatically connecting to hundreds of attacker-controlled domains.

Microsoft recommends two things

1. Adopting Better AV (Anti-Virus Solutions) and Malware Protection

2. Strong and Better passwords

Posted on July 24, 2012 by , Reply

DnsChanger Trojan

DNSChanger is a trojan that will change the infected system’s Domain Name Server (DNS) settings, in order to divert traffic to unsolicited, and potentially illegal sites. This Trojan is designed to change the ‘NameServer’ Registry key value to a custom IP address. This IP address is usually encrypted in the body of a trojan.

The FBI under a court order expiring July 9 the Internet Systems Consortium is operating replacement DNS servers for the Rove Digital network. This will allow affected networks time to identify infected hosts, and avoid sudden disruption of services to victim machines.

July 9th is being called Internet Dooms Day.  The FBI set up a safety net months ago using government computers, but that system will shut down July 9. At that point, infected users won’t be able to connect to the Internet.

The Trojan can be removed

Manual Removal Instructions:
1. Navigate to the following paths in the registry.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters “DhcpNameServer”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% “DhcpNameServer”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% “NameServer”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\%Random CLSID% “DhcpNameServer”

2. Look for unknown IP Addresses in the Data part. Change them into IP addresses for your DNS Servers.

Posted on June 13, 2012 by , Reply

Installing Forefront 2010 Extensions on SCCM

When setting up Microsoft ForeFront The first thing to do is to run Serversetup.exe.
Of course you’ll want to run the file so click Run.Fill in your Name and Organization then click Next.You’re going to have to put a check in I accept the software license terms.When you do Next will be available so click Next.Now this is where you’re be choosing your topology. For this example we’llgo ahead and chose a Basic topology. This will install Microsoft ForefrontEndpoint Protection 2010 Database, Site Server Extension, Console Extension,Reporting components, and Reporting database based on your currentConfiguration Manager deployment. Maybe in future blogs I’ll go through otherdeployment options. Don’t forget to click Next.

Here is where you will setup the Reporting server account information.Mostly it will be filled out by the user running setup but you can change thedomainusername. Click Next.

If the password you typed doesn’t match the domainusername you’ll get theerror below.

Microsoft Forefront Endpoint Protection 2010
Error: The password is incorrect, or this account is not valid. Account :domainusername

After I corrected my intentional typo FEP is now warning me that I shouldn’tuse my domain admin account.
Microsoft Forefront Endpoint Protection 2010
For security reasons, it is not recommended to use a domain administratoraccount ‘domainusername’ as the reporting account.

I’m going to OK this because it’s just a test lab.
By default FEP will want to Join the Customer Experience ImprovementProgram. I recommend keeping this checked. I also checked User Microsoft Updateto keep my products up to date.

Join Microsoft Spynet Basic is checked by default. I changed mine toAdvanced SpyNet.

Location and disk space requirements blah blah blah.

Oh no! It looks like my Verifying SQL Server prerequisite Failed with anError.

When I click the More link I see the error below
Forefront Endpoint Protection 2010 requires that the SQL Server Agentservice is running. Set the service to start automatically, and then start theservice.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01
Warning: Forefront Endpoint Protection 2010 requires the following servicesto be set to start automatically.
Service Name: SQLSERVERAGENT
Server Name: SERVER01
Forefront Endpoint Protection 2010 requires that the SQL Server Agentservice is running. Set the service to start automatically, and then start theservice.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01
Warning: Forefront Endpoint Protection 2010 requires the following servicesto be set to start automatically.
Service Name: SQLSERVERAGENT
Server Name: SERVER01
Warning: Setup has detected that the connection to the SQL Server is notencrypted. If the SQL Server and Forefront Endpoint Protection 2010 are notlocated on a shared secure subnet, transmitted data can be viewed by third parties.We recommend that you secure the connection to the SQL Server. For moreinformation, see Securing SQL Server in the SQL Server documentation.

Fixing the error was simple. I set the SQL Server Agent to Automatic and startedit.

When I ran the Prerequisites Verification again (by clicking back then next)I got a warning.

Clicking more gave me the message below.
Warning: Setup has detected that the connection to the SQL Server is notencrypted. If the SQL Server and Forefront Endpoint Protection 2010 are notlocated on a shared secure subnet, transmitted data can be viewed by thirdparties. We recommend that you secure the connection to the SQL Server. Formore information, see Securing SQL Server in the SQL Server documentation.

I like the fact that it’s encouraging you to enable SQL server encryptionbut since this is for testing and and on the same box this isn’t required. I’mgoing to ignore this warning.
The final screen is where you’ll get a summery of what the setup applicationwill do.
Microsoft Forefront Endpoint Protection 2010
General Settings
Local Computer Name: server01.fep.local
Location of Setup media files:C:UsersAdministrator.SERVER01Desktopevalcdmedia_en_amd64
Installation Directory: C:Program FilesMicrosoft Forefront
Configuration Manager Console Directory: C:Program Files (x86)MicrosoftConfiguration ManagerAdminUIbin

Updates, Spy Net and Customer Experience Options
Windows Update: Enabled
Participation in Customer Experience Improvement Program: Enabled
Participation Microsoft SpyNet: Join with an advanced membership

FEP 2010 Site Extension for Configuration Manager
Configuration Manager Site Server: server01.fep.local

FEP 2010 Reporting and Monitoring components
Configuration Manager Site Server: server01.fep.local
Configuration Manager Database Server: SERVER01
Configuration Manager Database Instance Name: MSSQLSERVER
Configuration Manager Database Name: SMS_AAA
FEP 2010 Database Name: FEPDB_AAA
FEP 2010 Reporting Database Server: SERVER01
FEP 2010 Reporting Database Instance Name: MSSQLSERVER
FEP 2010 Reporting Database Name: FEPDW_AAA
Liveness checking URL for SQL Reporting Service: http://server01.fep.local/ReportServer/ReportService2005.asmx
User account used for accessing of FEP 2010 Reports: FEPAdministrator

Configuration Manager Console Extensions for Forefront Endpoint Protection 2010
No additional properties for this component

Clicking Next will start the install so sit back and take a break. I know Idid.

Hello. Why are you popping up?

It appears a hotfix got installed and is asking for a reboot. I’m not sureif it’s because of the FEP install or not.
http://support.microsoft.com/kb/981889
A Windows Filtering Platform (WFP) driver hotfix rollup package is availablefor Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

The install was successful.
.
I’m going to view the log.
[7/26/2010 1:55:43 PM] Setup Started
[7/26/2010 1:55:44 PM] Product ID validation succeeded (Product ID:03116-270-0001260-04309)
[7/26/2010 1:56:28 PM] For security reasons, it is not recommended to use adomain administrator account ‘FEPAdministrator’ as the reporting account.
[7/26/2010 1:56:33 PM] Error: The password is incorrect, or this account is notvalid. Account: FEPAdministrator
[7/26/2010 1:56:45 PM] For security reasons, it is not recommended to use adomain administrator account ‘FEPAdministrator’ as the reporting account.
[7/26/2010 1:57:19 PM] Setup Log has been relocated from’C:UsersAdministrator.SERVER01AppDataLocalTemp1ServerSetup_26072010_135543.log’
[7/26/2010 1:57:21 PM] [7/26/2010 1:57:21 PM] Verifications started:

[7/26/2010 1:57:21 PM]
[7/26/2010 1:57:21 PM] Verification(Verifying hardware requirements) passed
[7/26/2010 1:57:21 PM]
[7/26/2010 1:57:21 PM] Verification(Verifying .NET Framework 3.5 SP1prerequisite) passed
[7/26/2010 1:57:41 PM]
[7/26/2010 1:57:41 PM] Verification(Verifying SQL Server prerequisite) failed
Forefront Endpoint Protection 2010 requires that the SQL Server Agent serviceis running. Set the service to start automatically, and then start the service.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01
Warning: Forefront Endpoint Protection 2010 requires the following servicesto be set to start automatically.
Service Name: SQLSERVERAGENT
Server Name: SERVER01
Forefront Endpoint Protection 2010 requires that the SQL Server Agentservice is running. Set the service to start automatically, and then start theservice.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01
Warning: Forefront Endpoint Protection 2010 requires the following servicesto be set to start automatically.
Service Name: SQLSERVERAGENT
Server Name: SERVER01
Warning: Setup has detected that the connection to the SQL Server is notencrypted. If the SQL Server and Forefront Endpoint Protection 2010 are notlocated on a shared secure subnet, transmitted data can be viewed by thirdparties. We recommend that you secure the connection to the SQL Server. Formore information, see Securing SQL Server in the SQL Server documentation.
[7/26/2010 1:58:05 PM]
[7/26/2010 1:58:05 PM] Verification(Verifying SQL Reporting Servicesprerequisite) passed
[7/26/2010 1:58:06 PM]
[7/26/2010 1:58:06 PM] Verification(Verifying Configuration Manager version)passed
About to compare required version ’4.0.6487.2000′ to installed version’4.0.6487.2000′
[7/26/2010 1:58:06 PM]
[7/26/2010 1:58:06 PM] Verification(Verifying Configuration Manager Site Serverpermissions) passed
About to verify Configuration Manager Site Server permissions
[7/26/2010 1:58:08 PM]
[7/26/2010 1:58:08 PM] Verification(Verifying Configuration Manager clientcomponents) passed
About to verify client component ‘Configuration Management Agent’ is enabled
About to verify client component ‘Hardware Inventory Agent’ is enabled
About to verify client component ‘Software Distribution’ is enabled
[7/26/2010 1:58:08 PM]
[7/26/2010 1:58:08 PM] Finished running verifications.
[7/26/2010 1:59:52 PM] [7/26/2010 1:59:52 PM] Verifications started:

[7/26/2010 1:59:52 PM]
[7/26/2010 1:59:52 PM] Verification(Verifying hardware requirements) passed
[7/26/2010 1:59:52 PM]
[7/26/2010 1:59:52 PM] Verification(Verifying .NET Framework 3.5 SP1prerequisite) passed
[7/26/2010 2:00:08 PM]
[7/26/2010 2:00:08 PM] Verification(Verifying SQL Server prerequisite) failed
Forefront Endpoint Protection 2010 requires that the SQL Server Agent serviceis running. Set the service to start automatically, and then start the service.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01
Forefront Endpoint Protection 2010 requires that the SQL Server Agentservice is running. Set the service to start automatically, and then start theservice.
Service Name: SQLSERVERAGENT
SQL Server: SERVER01
Warning: Setup has detected that the connection to the SQL Server is notencrypted. If the SQL Server and Forefront Endpoint Protection 2010 are notlocated on a shared secure subnet, transmitted data can be viewed by thirdparties. We recommend that you secure the connection to the SQL Server. Formore information, see Securing SQL Server in the SQL Server documentation.
[7/26/2010 2:00:09 PM]
[7/26/2010 2:00:09 PM] Verification(Verifying SQL Reporting Servicesprerequisite) passed
[7/26/2010 2:00:09 PM]
[7/26/2010 2:00:09 PM] Verification(Verifying Configuration Manager version)passed
About to compare required version ’4.0.6487.2000′ to installed version’4.0.6487.2000′
[7/26/2010 2:00:10 PM]
[7/26/2010 2:00:10 PM] Verification(Verifying Configuration Manager Site Serverpermissions) passed
About to verify Configuration Manager Site Server permissions
[7/26/2010 2:00:11 PM]
[7/26/2010 2:00:11 PM] Verification(Verifying Configuration Manager clientcomponents) passed
About to verify client component ‘Configuration Management Agent’ is enabled
About to verify client component ‘Hardware Inventory Agent’ is enabled
About to verify client component ‘Software Distribution’ is enabled
[7/26/2010 2:00:11 PM]
[7/26/2010 2:00:11 PM] Finished running verifications.
[7/26/2010 2:00:52 PM] [7/26/2010 2:00:52 PM] Verifications started:

[7/26/2010 2:00:52 PM]
[7/26/2010 2:00:52 PM] Verification(Verifying hardware requirements) passed
[7/26/2010 2:00:53 PM]
[7/26/2010 2:00:53 PM] Verification(Verifying .NET Framework 3.5 SP1prerequisite) passed
[7/26/2010 2:01:08 PM]
[7/26/2010 2:01:08 PM] Verification(Verifying SQL Server prerequisite) warning
Warning: Setup has detected that the connection to the SQL Server is notencrypted. If the SQL Server and Forefront Endpoint Protection 2010 are notlocated on a shared secure subnet, transmitted data can be viewed by thirdparties. We recommend that you secure the connection to the SQL Server. Formore information, see Securing SQL Server in the SQL Server documentation.
[7/26/2010 2:01:09 PM]
[7/26/2010 2:01:09 PM] Verification(Verifying SQL Reporting Servicesprerequisite) passed
[7/26/2010 2:01:09 PM]
[7/26/2010 2:01:09 PM] Verification(Verifying Configuration Manager version)passed
About to compare required version ’4.0.6487.2000′ to installed version’4.0.6487.2000′
[7/26/2010 2:01:10 PM]
[7/26/2010 2:01:10 PM] Verification(Verifying Configuration Manager Site Serverpermissions) passed
About to verify Configuration Manager Site Server permissions
[7/26/2010 2:01:11 PM]
[7/26/2010 2:01:11 PM] Verification(Verifying Configuration Manager clientcomponents) passed
About to verify client component ‘Configuration Management Agent’ is enabled
About to verify client component ‘Hardware Inventory Agent’ is enabled
About to verify client component ‘Software Distribution’ is enabled
[7/26/2010 2:01:11 PM]
[7/26/2010 2:01:11 PM] Finished running verifications.
[7/26/2010 2:23:20 PM]
[7/26/2010 2:23:20 PM] Installation tasks started:
Root Folder: C:UsersAdministrator.SERVER01Desktopevalcdmedia_en_amd64
Current Folder: C:UsersAdministrator.SERVER01Desktopevalcdmedia_en_amd64
[7/26/2010 2:25:04 PM]
[7/26/2010 2:25:04 PM] Installation(Installing the Microsoft Forefront EndpointProtection 2010 Security Client) completed
Installing FepInstall.exe.
completed
[7/26/2010 2:25:42 PM]
[7/26/2010 2:25:42 PM] Installation(Installing Microsoft Forefront EndpointProtection 2010 Console Extensions for Configuration Manager) completed
Installing FEPUX.msi.
completed
[7/26/2010 2:29:45 PM]
[7/26/2010 2:29:45 PM] Installation(Installing Microsoft Forefront EndpointProtection 2010 Site Server Extension for Configuration Manager) completed
Installing FEPExt.msi.
completed
[7/26/2010 2:40:03 PM]
[7/26/2010 2:40:03 PM] Installation(Installing Microsoft Forefront EndpointProtection 2010 Reporting) completed
Installing FepReport.msi.
completed
[7/26/2010 2:40:04 PM]
[7/26/2010 2:40:04 PM] Finished running installation tasks.

[7/26/2010 2:40:05 PM] Setup has completed successfully.
Here’s the final screen in the setup program. I really want to see theConsole and check for updates so I’ll leave them both checked and click Finish.

As I’m waiting for SCCM to open I’ll look and see what databases FEPcreated.
It appears it created a FEPDB_AAA and FEPDW_AAA database. AAA being my SCCMsite code.

Well there it is. FEP installed and in SCCM. FEP looks like it’s going to becompletely different than FCS so in my upcoming blogs I’ll talk about thedifferences.

 http://blogs.catapultsystems.com/arafels/archive/2010/07/25/installing-microsoft-forefront-endpoint-protection-2010-beta.aspx

Posted on April 3, 2012 by , Reply
This site is protected by Comment SPAM Wiper.