DHT, PEX and Magnet Links Explained

Recently The Pirate Bay confirmed it would shut down its tracker for good, instead encouraging the use of DHT, PEX and magnet links. This move confounded many BitTorrent enthusiasts, who although wishing to adapt, were confronted with hard to grasp terminology and technology. Time for some explaining.

The Pirate Bay’s recent confirmation that they had closed down their tracker since DHT and Peer Exchange have matured enough to take over, was coupled with the news that they had added Magnet links to the site. This news has achieved its aim of stimulating discussion, but has also revealed that there is much confusion over how these technologies work.

The key thing to understand is that nobody is being forced to use Magnet links or trackerless torrents. While these long-standing technologies may prove to be the future, they will co-exist with tracker-enabled torrenting for quite some time. For now, nobody will be forced to immediately change their existing downloading habits, although it may be wise to switch to a BitTorrent client that is compatible with these technologies.

In an attempt to clear some of the mystique surrounding DHT, PEX and Magnet links we will walk through all three briefly, hoping to assure those who’ve become confused earlier this week.




DHT

Using DHT instead of trackers is one of the things The Pirate Bay is now trying to encourage, and torrent downloads that rely solely on this technology are often referred to as “trackerless torrents.” DHT is used to find the IP addresses of peers, mostly in addition to a tracker. It is enabled by default in clients such as uTorrent and Vuze and millions of people are already using it without knowing.

DHT’s function is to find peers who are downloading the same files, but without communicating with a central BitTorrent tracker such as that previously operated by The Pirate Bay.

DHT is by no means a new technology. A version debuted in the BitTorrent client Azureus in May 2005 and an alternative but incompatible version was added to Mainline BitTorrent a month later. There is, however, a plugin available for Azureus Vuze which allows it access to the Mainline DHT network used by uTorrent and other clients.


Peer Exchange (“PEX”)

Peer Exchange is yet another means of finding IP addresses. Rather than acting like a tracker, it leverages the knowledge of peers you are connected to, by asking them in turn for the addresses of peers they are connected to. Although it requires a “kick start”, PEX will often uncover more genuine peers than DHT or a tracker.


Magnet links

Traditionally, .torrent files are downloaded from torrent sites. A torrent client then calculates a torrent hash (a kind of fingerprint) based on the files it relates to, and seeks the addresses of peers from a tracker (or the DHT network) before connecting to those peers and downloading the desired content.

Sites can save on bandwidth by calculating torrent hashes themselves and allowing them to be downloaded instead of .torrent files. Given the torrent hash – passed as a parameter within a Magnet link – clients immediately seek the addresses of peers and connect to them to download first the torrent file, and then the desired content.

It is worth noting that BitTorrent can not ditch the .torrent format entirely and rely solely on Magnet links. The .torrent files hold crucial information that is needed to start the downloading process, and this information has to be available in the swarm.

Pirate Bay links cf. Mininova links: When the Magnet link specification first came out, in January last year it called for a particular format (“base32 encoded”). The links that EZTV, Mininova and ShareReactor have displayed for some time all conform to that original specification. In May of last year the specification was changed, in favor of “hex encoding”, and that is the format of the links being displayed by The Pirate Bay. Torrent clients should accept either format.


Compatible Clients

All the main torrent clients: uTorrent 1.8.5, Vuze 4.3.0.2, BitTorrent 6.3, BitComet 1.16, and Transmission 1.76 (and others) support Peer Exchange and DHT (via a plugin in the case of Vuze). Neither BitComet nor Transmission yet support Magnet links but Transmission is planning to include Magnet link support in the upcoming 1.8 release. Bearing in mind that no site, including The Pirate Bay, has yet abandoned support for traditional torrent files, there is plenty of time for support to be added.

We hope that this article has cleared some of the smoke that was generated by The Pirate Bay’s announcements earlier this week. There is no need to panic, cry or be angry, and it’s not a problem if you’re still confused after reading this article. Torrents will still be available and aside from some extra downloading options thanks to sites that add Magnet links, nothing drastic will change in the near future.

Read more!

Best Android Applications

If you have come to love and depend upon your Android-based phone, you’ve no doubt discovered the wealth of applications on the Android Market. But as with the iPhone App store, not every app is a gem. So you’ve probably found yourself installing and quickly removing plenty of apps from your phone, hoping to find ones that are truly useful.

To help in this quest, I’ve narrowed the field to 10 indispensable applications. These apps serve a number of purposes with little overlap. Some are free and some have a price tag, but all of them are at (or near) the top of their category

1. Dolphin (free)
Dolphin is one of the best mobile Web browsers. Period. It is fast, reliable, has real tabs, gestures, and multi-touch. Although the default Android browser is an okay solution, it simply doesn’t compare, feature for feature, to Dolphin. Dolphin is also much faster than most of the other Android solutions. My big question: Why is there no Chrome for Android?

2. ChompSMS (free)
ChompSMS is the best text client for the Android phone. In fact, this text app is so much better than the default, I’m surprised that the various Android-based phones haven’t switched. One aspect that makes this app so much better than the default is the battery usage. Especially in pre-2.0 releases, the Android text app has a problem with going to sleep, so it is constantly draining battery. By switching to Chomp, you will save your battery.

3. iMusic (free)
iMusic is a tricky one because of what it does: It allows unlimited downloads of MP3s. There is a EULA that insists you agree to remove the song as soon as you have listened to it. Or you can just listen to the song off the Web. Either way, this app will have you happily searching music to your heart’s content.


4. FeedR (free)
FeedR is an RSS reader that works as both an app and a widget. So far, in my quest for the perfect RSS widget, it has proven to be the best yet. FeedR can add preconfigured feeds or you can add your own personal favorites. This app beats the competition with its ability to truly auto-update. Many other feed readers (especially those in the widget category) require a user update to function properly. FeedR handles all updates in the background, with no intervention.

5. Advanced Task Killer ($4.99)
Advanced Task Killer is one of those apps you hope you don’t need, but you sometimes must have. I have noticed on occasion a rare app hanging out in the background unnecessarily. This can lead to a much lower battery life and slower app loading or usage. Advanced Task Killer allows you to kill an application with a single click. This particular app killer includes an ignore list, a widget version, and a long-press to menu feature.

6. Exchange by Touchdown (free demo)
Exchange by Touchdown is one of the best means to Exchange connectivity on the Android phone. Its Exchange connectivity is outstanding, and the support from the developers is just as great. Now this app is a demo and is free. There is a paid version, which does not revert to demo mode (after five days). However, you must install the free version first, as the paid version is only a key to unlock the demo. If you need Exchange connectivity on your Android phone, this is THE tool.

7. ConnectBot (free)
ConnectBot is an open source secure shell client for your Android phone. This client can manage simultaneous ssh connections and copy/paste between apps, and it has shortcuts for ctrl sequences. You may notice on its Market entry that a bug exists for the Hero. The upcoming Hero update will solve this bug, and it will be worth the wait. Now if HTC will push the 2.0 update!

8. Barcode Scanner (free)
Barcode Scanner has quickly become one of my favorites. If you need to find product reviews (or price comparisons) while shopping, all you have to do is scan the bar code with your camera and open up the results. No more having to Google a product and sift through pages for reviews and/or prices.

9. Places Directory (free)
Places Directory is one of those apps you will constantly be thankful you have. With this tool, you can locate (thanks to your GPS) any nearby place, such as a hotel, restaurant, retail location, or movie theatre. Everything is broken into categories, and you can bookmark your favorites. From a places listing, you can instantly dial a location’s phone number or visit its Web site


10. Evernote (free)
Evernote is not just for the iPhone. This handy app lets you keep track of nearly anything — and in many ways. You can keep track of things with notes, photos, recordings, and more. And with an Evernote account, you can keep everything in sync online and on your PC. If you’re looking for a one-stop productivity shop app, this is it

Read more!

Ethical Hacking

You're devoted to making your network secure. You've applied all the latest patches, updated your virus software, installed an intrusion-detection system, and double-checked the rules on the firewall(s). Nevertheless, you're still dogged by nagging questions. Have you done enough? Do you know all the weaknesses in your network? Are you truly safe from attackers? How can you know?

One way to know the enemy is to think like the enemy. To protect your network from hackers, you must think like one. In other words, you must learn to hack. Of course, hacking is illegal, so you must become part of a new breed called the ethical hacker.

What is ethical hacking?
The term ethical hacking, according to the EC-Council (International Council of Electronic Commerce Consultants), refers to security professionals who apply their hacking skills for defensive purposes. An ethical hacker is someone who attempts to hack a system or network in order to expose vulnerabilities. Ethical hackers work for the particular company they're attempting to hack, providing the company with details of their work.

The EC-Council is an organization specializing in training and certification for e-business consultants. It offers certification in a number of areas related to e-business. The Certified Ethical Hacker is one of the latest additions to its offerings.


How does one become an ethical hacker?
The EC-Council has put together a training course and associated certification for becoming an ethical hacker. The course is titled "Ethical Hacking and Countermeasures" and runs five days. The training consists of instructor-led comprehensive course material combined with hands-on laboratory exercises utilizing a wide assortment of hacking tools. Below is an outline of the topics covered:

• Foot-printing—Foot-printing is the process of gathering information about a machine or company you want to attack.
• Scanning—Scanning is the technique administrators are probably most familiar with. A port scanner is used against a target to determine what TCP and UDP ports are open on a system.
• Enumeration—The process of enumeration takes advantage of weaknesses in protocols, such as NetBIOS, to provide information about a network (e.g., users, groups, shares, and computer names).
• System-hacking—This module examines the techniques used to penetrate a system, such as password cracking, keystroke logging, and privilege escalation.
• Trojans and back doors—This module examines various Trojan and back-door programs, such as Back Orifice, and the methods used to trick users into installing the programs.
• Sniffers—Sniffing involves capturing network traffic using a tool such as Ethereal or NetMonitor. Once the traffic is captured, it can be analyzed for sensitive information such as passwords.
• Denial of Service (DoS)—DoS is one of the most popular types of Web site attacks. This module explains how the attack works and explains countermeasures.
• Social engineering—Social engineering is the process of gathering information from computer users by deceiving them and causing them to give out passwords or other information. There are no software tools to prevent this type of attack. This can be combatted only with user training and education.
• Session-hijacking—Session-hijacking is the process of “stealing” another user's TCP session. Once a legitimate user has established a session, the hacker can take over and "become" that user.
• Hacking Web servers—This module explores the techniques for attacking Web servers. It primarily delves into the vulnerabilities in Internet Information Services (IIS), since it is the most popular target.
• Web application vulnerabilities—This module examines the vulnerabilities in Web-based applications.
• Web-based password-cracking—This module explains the various Web-based authentication schemes and the weaknesses of each.
• SQL injection—This explores the weaknesses of SQL Server and explains the techniques and countermeasures for hacking SQL Server.
• Hacking wireless networks—Wireless network hacking has received much attention over the last several years as wireless networks grow in popularity. This module explains the various techniques and countermeasures involved in securing a wireless network.
• Viruses—This module discusses some of the more popular viruses that have infected systems over the last few years, gives insight into how the viruses operate, and discusses antivirus software.
• Novell and Linux hacking—Although most of the course focuses on weaknesses in the Microsoft OS, this module specifically examines hacking non-Microsoft systems such as Novell and Linux.
• Evading IDS and firewalls—This module examines IDS systems, firewalls, and honeypots, and explains the techniques used in each for protecting a network. It also examines the techniques for evading such systems and the countermeasures.
• Buffer overflows—Probably the most exploited weaknesses in software are buffer overflows. This module explains buffer overflow attacks and countermeasures.
• Cryptography—This module looks at the various methods of data encryption used over the Internet and examines the efforts required to crack them.

Read more!

Most Common Mistakes made by Linux Administrators

This article will help you avoid those mistakes by laying out the most typical Linux missteps.

Installing applications from various types

This might not seem like such a bad idea at first. You are running Ubuntu so you know the package management system uses .deb packages. But there are a number of applications that you find only in source form. No big deal right? They install, they work. Why shouldn’t you? Simple, your package management system can’t keep track of what you have installed if it’s installed from source. So what happens when package A (that you installed from source) depends upon package B (that was installed from a .deb binary) and package B is upgraded from the update manager? Package A might still work or it might not. But if both package A and B are installed from .debs, the chances of them both working are far higher. Also, updating packages is much easier when all packages are from the same binary type.

Neglecting updates

Okay, this one doesn’t point out Linux as much as it does poor administration skills. But many admins get Linux up and running and think they have to do nothing more. It’s solid, it’s secure, it works. Well, new updates can patch new exploits. Keeping up with your updates can make the difference between a compromised system and a secure one. And just because you can rest on the security of Linux doesn’t mean you should. For security, for new features, for stability — the same reasons we have all grown accustomed to updating with Windows — you should always keep up with your Linux updates.

Poor root password choice

Okay, repeat after me: “The root password is the key to the kingdom.” So why would you make the key to the kingdom simple to crack? Sure, make your standard user password something you can easily remember and/or type. But that root password — you know, the one that’s protecting your enterprise database server — give that a much higher difficulty level. Make that password one you might have to store, encrypted, on a USB key, requiring you to slide that USB key into the machine, mount it, decrypt the password, and use it.

Avoiding the command line

No one wants to have to memorize a bunch of commands. And for the most part, the GUI takes care of a vast majority of them. But there are times when the command line is easier, faster, more secure, and more reliable. Avoiding the command line should be considered a cardinal sin of Linux administration. You should at least have a solid understanding of how the command line works and a small arsenal of commands you can use without having to RTFM. With a small selection of command-line tools on top of the GUI tools, you should be ready for just about anything.

Not keeping a working kernel installed

Let’s face it, you don’t need 12 kernels installed on one machine. But you do need to update your kernel, and the update process doesn’t delete previous kernels. What do you do? You keep at least the most recently working kernel at all times. Let’s say you have 2.6.22 as your current working kernel and 2.6.20 as your backup. If you update to 2.6.26 and all is working well, you can remove 2.6.20. If you use an rpm-based system, you can use this method to remove the old kernels: rpm -qa | grep -i kernel followed by rpm-e kernel-{VERSION}.

Not backing up critical configuration files

How many times have you upgraded X11 only to find the new version fubar’d your xorg.conf file to the point where you can no longer use X? It used to happen to me a lot when I was new to Linux. But now, anytime X is going to be updated I always back up /etc/X11/xorg.conf in case the upgrade goes bad. Sure, an X update tries to back up xorg.conf, but it does so within the /etc/X11 directory. And even though this often works seamlessly, you are better off keeping that backup under your own control. I always back up xorg.conf to the /root directory so I know only the root user can even access it. Better safe than sorry. This applies to other critical backups, such as Samba, Apache, and MySQL, too.

Booting a server to X

When a machine is a dedicated server, you might want to have X installed so some administration tasks are easier. But this doesn’t mean you should have that server boot to X. This will waste precious memory and CPU cycles. Instead, stop the boot process at runlevel 3 so you are left at the command line. Not only will this leave all of your resources to the servers, it will also keep prying eyes out of your machine (unless they know the command line and passwords to log in). To log into X, you will simply have to log in and run the command startx to bring up your desktop.

Not understanding permissions

Permissions can make your life really easy, but if done poorly, can make life really easy for hackers. The simplest way to handle permissions is using the rwx method. Here’s what they mean: r=read, w=write, x=execute. Say you want a user to be able to read a file but not write to a file. To do this, you would issue chmod u+r,u-wx filename. What often happens is that a new user sees an error saying they do not have permission to use a file, so they hit the file with something akin to chmod 777 filename to avoid the problem. But this can actually cause more problems because it gives the file executable privileges. Remember this: 777 gives a file rwx permissions to all users (root, group, and other), 666 gives the file rw privileges to all users, 555 gives the file rx permissions to all users, 444 gives r privileges to all users, 333 gives wx privileges to all users, 222 gives w privileges to all users, 111 gives x privileges to all users, and 000 gives no privileges to all users.

Logging in as root user

I can’t stress this enough. Do NOT log in as root. If you need root privileges to execute or configure an application, su to root in a standard user account. Why is logging in as root bad? Well, when you log on as a standard user, all running X applications still have access only to the system limited to that user. If you log in as root, X has all root permissions. This can cause two problems: 1) if you make a big mistake via a GUI, that mistake can be catastrophic to the system and 2) with X running as root that makes your system more vulnerable.

Ignoring log files
There is a reason /var/log exists. It is a single location for all log files. This makes it simple to remember where you first need to look when there is a problem. Possible security issue? Check /var/log/secure. One of the very first places I look is /var/log/messages. This log file is the common log file where all generic errors and such are logged to. In this file you will get messages about networking, media changes, etc. When administering a machine you can always use a third-party application such as logwatch that can create various reports for you based on your /var/log

Read more!

Tried and Tested method to Recover Damaged CD / DVD

Well, there are many methods that can be used to recover damaged CDs but to recover DVDs is somewhat tougher, I have come across many software which claim to do the same but when I tried them, none of them was able to achieve the desired result.

So after banging my head for some time, I have come across one method that worked for me. I am just going to explain and then hope that maybe it would work for you too.

The tool I am going to use here is called CD Check. Well its a paid tool but you I happen to have copy which you can download here.

Whats better is that this tool is just 1.5 MB. Download and install.

This is how it looks


All you need to do is, click on check, once it checks the DVD, you can go ahead and click on Recover Button

You'll see something similar to below


Just specify an output folder and click continue, you should be good to go.

Please let me know if it worked

Read more!

Minimize removable media headaches in Linux

For many new Linux users, removable media can be a deal-breaker. Anyone coming over from Windows knows you simply insert the CD, use it, and eject it. With Linux, it isn't always that simple. In fact, with Linux, removable media has always held a completely different philosophy.
In the old days of UNIX, removable media was seen in the same light as the PC itself -- multi-user. So when you inserted some form of media (usually a floppy disk, back then), it had to be mounted to a mount point (such as /mnt/floppy) and was then made available to all users on the system. Because of this, the removable media synchronization wasn't "on demand." It typically worked by caching the data until the media was unmounted. Upon unmounting the media, the data was written and the media could be removed.

Linux has caught up to the needs of today's user and, in many cases, the media mounting/unmounting is automatic. But not every situation is the same. Here are some tips that should make your Linux life with removable media better.


Use the right desktop
The right desktop can make your job so much easier. The newest releases of both KDE and GNOME offer systems that check for the insertion of removable media. When a CD is inserted, you will be greeted with a window asking what you would like to do with the media. You can even set that action you choose as the default action to take upon insertion of that type of media. Those desktops also have applets that reside in the panel (or desktop icons) that allow you to easily mount and unmount the media with a click of the mouse. No more entering commands like mount /dev/cdrom /media/cdrom.


Get to know /etc/fstab
Because I generally stick with more old-school desktops (such as Enlightenment DR16), I often still have to mount my removable media. So instead of having to issue the full command mount /dev/sda1 /media/mp3 to mount my MP3 player, I will add a line to my /etc/fstab file that will do two things: Point the device to the correct mount point and make sure the mount point is both readable and writable by the user. The fstab entry will look something like this:

/dev/sda1 /media/ipod vfat users,exec,noauto,managed 0 0

Now when you need to mount the device, enter mount /media/ipod. Just remember to unmount the device before you remove it.


Use udev to make your life easier
Let's build upon using fstab to simplify mount of removable media. Let's say you have an entry in your /etc/fstab file for your iPod pointing it from /dev/sda1 to /media/ipod. Now let's say you plug in another USB device or reboot. The problem is that entry in your fstab file may or may not be valid now because /dev/sda1 might be used by something else. To avoid this, make use of the udev system. You're going to tell udev to always make sure that device shows up with the same filename. Enter a line in the /etc/udev/rules.d/00.rules file that looks like:

## iPod
BUS="scsi", SYSFS{model}="iPod*", NAME="ipod"

Of course, your entry in /etc/fstab will have to change to reflect the above. So now /etc/fstab will look like:

/dev/ipod /media/ipod vfat users,exec,noauto,managed 0 0


Use menu entries for mount/umount
Back in the day, when I used AfterStep, I always had a submenu that included an entry for mounting and unmounting both the floppy and the CD-ROM. This made life much easier because I no longer had to open up a command line and enter the mount and umount commands to use the device. Granted, the window manager you use will determine how this is employed. For example, in Enlightenment, I can create two entries in the user_apps.menu file that look like:

"mount iPod" NULL exec "mount /media/ipod"
"umount iPod" NULL exec "umount /media/ipod"

Now on the Enlightenment menu, I will see two entries: mount iPod and umount iPod. With the device connected all I have to do is click the mount entry. To remove the device I only need to click the umount entry.


Be safe with your removable hard drives
One time, I left a USB drive plugged into a machine I was re-installing the operating system on. I wasn't paying enough attention and wound up with an operating system spanning both my internal drive and my removable drive. Yes, this was a big mistake and no, it has never happened since. Why? Because anytime I install an OS on a machine with a removable drive, that removable drive is removed during installation. It's not a problem, because upon first boot, I plug the drive back in and it is always automatically recognized and mounted. Of course, I will make an entry in /etc/fstab that will automatically mount the drive on boot.


Never forget to use the dmesg command
When you plug in a device or insert removable media, the dmesg command will give you the status of the system. For example, when I insert an iPod into a Mandriva 2008 machine I run the dmesg command and see:

usb 1-4: new high speed USB device using ehci_hcd and address 2
usb 1-4: configuration #1 chosen from 3 choices
usb 1-4: USB disconnect, address 2
usb 1-4: new high speed USB device using ehci_hcd and address 3
usb 1-4: configuration #1 chosen from 2 choices
Initializing USB Mass Storage driver...
scsi2 : SCSI emulation for USB Mass Storage devices
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
usb-storage: device found at 3
usb-storage: waiting for device to settle before scanning
scsi 2:0:0:0: Direct-Access Apple iPod 1.62 PQ: 0 ANSI: 0
sd 2:0:0:0: [sdb] 58605120 512-byte hardware sectors (30006 MB)
sd 2:0:0:0: [sdb] Write Protect is off
sd 2:0:0:0: [sdb] Mode Sense: 68 00 00 08
sd 2:0:0:0: [sdb] Assuming drive cache: write through
sd 2:0:0:0: [sdb] 58605120 512-byte hardware sectors (30006 MB)
sd 2:0:0:0: [sdb] Write Protect is off
sd 2:0:0:0: [sdb] Mode Sense: 68 00 00 08
sd 2:0:0:0: [sdb] Assuming drive cache: write through
sdb: sdb1 sdb2
sd 2:0:0:0: [sdb] Attached SCSI removable disk
sd 2:0:0:0: Attached scsi generic sg1 type 0
usb-storage: device scan complete

From this, I know the device is being seen at /dev/sdb. Without knowing this, I would have a hard time guessing where the device has been mapped to.


Don't forget the eject command
Most people don't know that there's a command to eject CDs from the CD drive. Naturally, this isn't an issue for those who have tray CD drives. But for those with slot-loading CD drives, eject will save you from pulling your hair out. After you have used and unmounted your CD drive, open up a terminal and enter the eject command, and your CD will pop out. To simplify the process, make a menu entry for the command.


Remember that the mount command tells all
If you're unsure what devices are mounted on your system, issue the mount command to see a listing of everything currently mounted on your machine. The output looks like:

/dev/sda1 on / type ext3 (rw)
none on /proc type proc (rw)
/dev/sda6 on /home type ext3 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
none on /sys/fs/fuse/connections type fusectl (rw)

From this output, I can see that I have no removable media mounted on the machine. So I know it's safe to unplug anything removable. Had there been an entry for, say, my iPod, I would know not to remove the device without unmounting it. Of course, on modern systems (using one of the major desktops), this will be made clear with the icon or the removable device applet on the panel. But this command will be helpful (along with dmesg) in debugging removable media issues.

Reformat your iPod to a Windows format
If you've tried to add songs on a Mac-formatted iPod on Linux, you've probably discovered that it's not possible without jumping through hoops even programmers don't want to jump through. Format your iPod in Windows format, and you won't have any problems using your iPod with Amarok, Banshee, or gtkpod.


Allow others to connect to your removable media
In my office, I have a removable drive mounted to /media/music that contains my entire music collection. I allow others to listen to that music via samba by including it as a share. I like doing this far better than allowing users to have access to my internal drive because 1) it keeps anyone from trashing the drive containing my OS and 2) it allows me to keep sensitive data physically separated from shared data. This approach doesn't have to be used for music, either. It's a great way to share interoffice files or have a single repository for backups. Once the drive is full, remove it and store it. Just add a new removable drive for the new backup.

Simpler, easier
Not only is today's Linux not nearly as challenged with removable media as it once was, it's really quite flexible and user friendly. With the help of these tips, you should now see how you can expand your Linux experience to include various ways to employ removable media.

Read more!

Cut down on Linux command-line typing with these 10 handy bash aliases

The Linux desktop has come a long, long way, but there are still times when I have to use the command line. (I am a hardcore user, after all.) But even though I'm used to typing, spending hours upon hours with my fingers at the keyboard, I still grow tired of typing the same commands over and over. To reduce that tedium, I always add aliases to my .bashrc file

What is an alias?
An alias is basically a shortcut for a command you place in your ~/.bashrc file. Aliases cut down on typing and can save you from having to look up a command

Aliases are set up near the bottom of the of the .bashrc file. You'll see a commented-out section that indicates where you should put them. The format of an alias is:

Alias NICKNAME='full command here'

The keyword alias must be used. The nickname is what you will type at the command line. Make this nickname easy to remember. The = sign must also be used. After the = sign, you enter the full command, including flags and switches, enclosed in single quotes. Once you are done, save the .bashrc file and open up a new terminal. I always find it best to leave the original terminal window open in case there are problems. In the new terminal, type the alias nickname and the command will run.

Following list of aliases to help make a command-line experience a bit easier

1. The ssh alias
This one should be a no-brainer for those of you who frequently secure shell into particular boxes. For this I add an alias like so:

alias server_name='ssh -v -l USERNAME IP ADDRESS'

Just change server_name to a memorable name for the server. Then, change USERNAME and IP ADDRESS to suit your needs.


2. The ls aliases
Some distributions don't include some of the handier ls commands. Generally, I like to see full listings instead of just filenames. For that I always include this alias:

alias ll='ls -l'

Another handy ls alias is this:

alias la='ls -a'


3. The rm safety net
I can't tell you how many times I have "rm'd" a file I shouldn't have "rm'd". To avoid this, I add this alias:

alias rm='rm -i'

Adding the '-i' flag it forces rm into interactive mode, which asks whether you're sure you want to remove a file


4. A more useful df command
This handy tool tells you how much space you have left on a drive. Only thing is, if you run the command by itself it replies in 1K blocks. Most people would prefer to see this in terms of MB. To make that happen, add this alias:

alias df='df -h'

Now, every time you run the df command, the information will be returned in a human-readable format


5. The nonstandard Firefox
Many times, I install Firefox in strange directories (or have more than one version of Firefox installed for testing purposes). For this, I will add an alias to start the correct Firefox. Say, for example, I have the beta of the newest, upcoming Firefox release installed, as well as the current stable Firefox. They are both installed in my home directory in different subdirectories. I will then add two aliases like so:

alias ff1='/home/jlwallen/firefox/firefox'
alias ff2='/home/jlwallen/firefoxb3/firefox'

Now I can start the stable firefox with ff1 or the beta with ff2


6. The bookmark alias
Speaking of Firefox, let's create an alias to open up it to a specific URL:

alias ffg='/home/jlwallen/firefox/firefox http://www.google.com'

This alias will open Firefox directly to the Google site


7. The constant editing of a file
There are certain files that I am constantly editing. For instance, when I used Enlightenment E16 (I now use E17), I was frequently editing the menu file ~/e16/menus/user_apps. Instead of constantly opening up a terminal and entering nano ~/.e16/menus/user_apps, I used an alias that allowed me to type emenu and start editing. I used this alias:

alias emenu='aterm nano -e ~/.e16/menus/user_apps'

Now, I just enter the command emenu (or I can enter that in the run command dialog) to open up this file in an editor


8. The apt-get update
There are numerous ways to use an alias to help you with apt-get. One of my favorite is to add this alias:

alias update='sudo apt-get update'

I only need to enter update and will be prompted for the sudo password. You can modify this to suit your frequent apt-get needs


9. The rpm batch install
I like to do a lot of batch installing with rpm. I will typically dump a bunch of rpm files into an empty directory (created for this specific purpose) and run the command rpm -ivh ~/RPM/*rpm. Of course, an alias makes this even easier:

alias brpm='rpm -ivh ~/RPM/*rpm'

You have to create the ~/RPM directory and enter the root password for this to work


10. The long, arduous path
There are some paths that I often change to that seem to take eons to type. When I was working on the Afterstep window manager, I had to constantly change to the ~/GNUstep/Library/AfterStep/start to edit menus. After a while, you get tired of typing cd ~/GNUstep/Library/AfterStep/start just to get to the directory. So I added an alias like so:

alias astart='cd ~/GNUstep/Library/AfterStep/start'

Naturally, you can change that to fit your needs. This will save you a lot of typing


So there you have it: a few simple bash aliases that will ease the load on your fingers. You can modify them to suit you, and they'll give you a good start on creating your own handy bash aliases

Read more!

10 ways to secure your Linux desktop

A Linux desktop is far more secure than most others. But this level of security doesn't necessarily involve typical security-focused software or techniques. Sometimes, the easiest means to security are those measures that are the easiest to forget. Let's take a look at 10 things you can do to secure a Linux desktop.
Note that we're talking about the desktop, not a server. Linux server security is another beast all together -- one that would confuse the average desktop user.


1. Locking the screen and logging out is important
Most people forget that the Linux desktop is a multi-user environment. Because of this, you can log out of your desktop and others can log in. Not only does that mean that others could be using your desktop, it also means you can (and should) log out when you're finished working. Of course, logging out is not your only option. If you are the only user on your system, you can lock your screen instead. Locking your screen simply means that a password will be required to get back into the desktop. The difference here is that you can leave applications running and lock the desktop. When you unlock the desktop, those same programs will still be running. Safe and secure.

2. Hiding files and folders is a quick fix
In Linux-land, files and folders are hidden by adding a "." before the name. So the file test will appear in a file browser, whereas .test will not. Most people don't know that running the command ls -a will show hidden files and folders. So if you have folders or files you don't want your co-workers to see, simply add the dot to the beginning of the file or folder name. You can do this from the command line like so: mv test .test

3. A good password is a must
Your password on a Linux PC is your golden key. If you give that password out, or if you use a weak password, your golden key could become everyone's golden key. And if you're using a distribution like Ubuntu, that password will give users much more access than, say, on Fedora. To that end, make sure your password is strong. There are many password generators you can use such as Automated Password Generator

4. Installing file-sharing applications is a slippery slope
I know many Linux users are prone to file sharing. If you want to run that risk at home, that's your call. But when at work, you not only open yourself (or your company) up to lawsuits, you open your desktop machine up to other users who might have access to sensitive data on your work PC. So as a rule, do not install file-sharing tools.

5. Updating your machine regularly is a smart thing
Linux isn't Windows. With Windows, you get security updates when Microsoft releases them (which could be many months away). With Linux, a security update can come minutes or hours after the security flaw is detected. With both KDE and GNOME, there are update applets for the Panel. I always recommend having them up and running so you know when updates are made available. Don't put off security updates. There is a reason they come out.

6. Installing virus protection is actually useful in Linux
Believe it or not, virus protection in Linux has its place. Of course, the chances of a virus causing problems on YOUR Linux machine are slim to none. But those e-mails you forward to others' Windows machines could cause problems. With a good virus protection, like ClamAV, you can ensure that e-mail going out of your machine doesn't contain anything nasty that could come back to haunt you (or your company)

7. SELinux is there for a reason
SELinux (Security-Enhanced Linux) was created by NSA. What SELinux does is help lock down access control to applications. And it does it very well. Sure, SELinux can sometimes be a pain. In some cases, it might take a hit out of your system performance. Or you might find some applications a struggle to install. But the security comfort you gain using SELinux (or Apparmor) far outweighs the negatives. During the Fedora installation, you get the chance to enable SELinux

8. Creating /home in a separate partition is safer
The default Linux installation places your /home directory right in the root of your system. Sure, this is fine, but

1. It's standard, so anyone gaining access to your machine knows right where your data is and
2. If your machine goes down for good, your data might be gone.

To solve this problem, you can place /home on a different hard drive or partition all together (making it a partition in and of itself). This is not a task for the weak of heart, but it is one worth employing if you're uber-concerned about your data

9. Using a nonstandard desktop is worth its weight in gold
Not only do the alternative desktops (Enlightenment, Blackbox, Fluxbox, etc.) give you a whole new look and feel for your PC, they offer simple security from prying eyes you may never have thought of. I have deployed Fluxbox on kiosk machines when I wanted a machine that could do one thing: Browse the network. How do you do that? Simple. Create a single mouse menu (or desktop icon) for the application you want to use. Unless the user knows how to get back to the command line (by logging out or hitting Ctrl-Alt-F*, where * is a desktop other than the one you are using), they will not be able to start up any application other than the one offered. Since most users have no idea how to move around in these desktops anyway, they aren't going to have the slightest idea how to get to your files. Simple pseudo-security

10 Stopping services is best
This is a desktop machine. It's not a server. So why are you running services like httpd, ftpd, and sshd? You shouldn't need them and they only pose a security risk (unless you know how to lock them down.) So don't run them. Check your /etc/inetd.conf file and make sure that all unnecessary services are commented out


You might find these suggestions to be pure common sense -- but maybe you'll see a means of security you never thought of before. And if you're a new Linux user, these tips are a great place to start to ensure that your Linux experience is a good one.

Read more!

How Hackers Breach Security

Hacking, cracking, and cyber crimes are hot topics these days and will continue to be for the foreseeable future. However, there are steps you can take to reduce your organization's threat level. The first step is to understand what risks, threats, and vulnerabilities currently exist in your environment. The second step is to learn as much as possible about the problems so you can formulate a solid response. The third step is to intelligently deploy your selected countermeasures and safeguards to erect protections around your most mission-critical assets. This white paper discusses ten common methods hackers use to breach your existing security.

Stealing Passwords
Security experts have been discussing the problems with password security for years. But it seems that few have listened and taken action to resolve those problems. If your IT environment controls authentication using passwords only, it is at greater risk for intrusion and hacking attacks than those that use some form of multifactor authentication.

The problem lies with the ever-increasing abilities of computers to process larger amounts of data in a smaller amount of time. A password is just a string of characters, typically only keyboard characters, which a person must remember and type into a computer terminal when required. Unfortunately, passwords that are too complex for a person to remember easily can be discovered by a cracking tool in a frighteningly short period of time. Dictionary attacks, brute force attacks, and hybrid attacks are all various methods used to guess or crack passwords. The only real protection against such threats is to make very long passwords or use multiple factors for authentication. Unfortunately, requiring ever longer passwords causes a reversing of security due to the human factor. People simply are not equipped to remember numerous long strings of chaotic characters.

But even with reasonably long passwords that people can remember, such as 12 to 16 characters, there are still other problems facing password-only authentication systems. These include:

• People who use the same password on multiple accounts, especially when some of those accounts are
• on public Internet sites with little to no security.
• People who write their passwords down and store them in obvious places. Writing down passwords is
• often encouraged by the need to frequently change passwords.
• The continued use of insecure protocols that transfer passwords in clear text, such as those used for
• Web surfing, e-mail, chat, file transfer, etc.
• The threat of software and hardware keystroke loggers.
• The problem of shoulder surfing or video surveillance

Password theft, password cracking, and even password guessing are still serious threats to IT environments. The best protection against these threats is to deploy multifactor authentication systems and to train personnel regarding safe password habits.

Trojan Horses
A Trojan horse is a continuing threat to all forms of IT communication. Basically, a Trojan horse is a malicious payload surreptitiously delivered inside a benign host. You are sure to have heard of some of the famous Trojan horse malicious payloads such as Back Orifice, NetBus, and SubSeven. But the real threat of Trojan horses is not the malicious payloads you know about, its ones you don't. A Trojan horse can be built or crafted by anyone with basic computer skills. Any malicious payload can be combined with any benign software to create a Trojan horse. There are countless ways of crafting and authoring tools designed to do just that. Thus, the real threat of Trojan horse attack is the unknown.

The malicious payload of a Trojan horse can be anything. This includes programs that destroy hard drives, corrupt files, record keystrokes, monitor network traffic, track Web usage, duplicate e-mails, allow remote control and remote access, transmit data files to others, launch attacks against other targets, plant proxy servers, host file sharing services, and more. Payloads can be grabbed off the Internet or can be just written code authored by the hacker. Then, this payload can be embedded into any benign software to create the Trojan horse. Common hosts include games, screensavers, greeting card systems, admin utilities, archive formats, and even documents.

All a Trojan horse attack needs to be successful is a single user to execute the host program. Once that is accomplished, the malicious payload is automatically launched as well, usually without any symptoms of unwanted activity. A Trojan horse could be delivered via e-mail as an attachment, it could be presented on a Web site as a download, or it could be placed on a removable media (memory card, CD/DVD, USB stick, floppy, etc.). In any case, your protections are automated malicious code detection tools, such as modern anti-virus protections and other specific forms of malware scanners, and user education.

Exploiting Defaults
Nothing makes attacking a target network easier than when that target is using the defaults set by the vendor or manufacturer. Many attack tools and exploit scripts assume that the target is configured using the default settings. Thus, one of the most effective and often overlooked security precautions is simply to change the defaults.

To see the scope of this problem, all you need to do is search the Internet for sites using the keywords "default passwords". There are numerous sites that catalog all of the default user names, passwords, access codes, settings, and naming conventions of every software and hardware IT product ever sold. It is your responsibility to know about the defaults of the products you deploy and make every effort to change those defaults to nonobvious alternatives.

But it is not just account and password defaults you need to be concerned with, there are also the installation defaults such as path names, folder names, components, services, configurations, and settings. Each and every possible customizable option should be considered for customization. Try to avoid installing operating systems into the default drives and folders set by the vendor. Don't install applications and other software into their "standard" locations. Don't accept the folder names offered by the installation scripts or wizards. The more you can customize your installations, configurations, and settings, the more your system will be incompatible with attack tools and exploitation scripts.

Man-in-the-Middle Attacks
Every single person reading this white paper has been a target of numerous man-in-the-middle attacks. A MITM attack occurs when an attacker is able to fool a user into establishing a communication link with a server or service through a rogue entity. The rogue entity is the system controlled by the hacker. It has been set up to intercept the communication between user and server without letting the user become aware that the misdirection attack has taken place. A MITM attack works by somehow fooling the user, their computer, or some part of the user's network into re-directing legitimate traffic to the illegitimate rogue system.

A MITM attack can be as simple as a phishing e-mail attack where a legitimate looking e-mail is sent to a user with a URL link pointed towards the rogue system instead of the real site. The rogue system has a look-alike interface that tricks the user into providing their logon credentials. The logon credentials are then duplicated and sent on to the real server. This action opens a link with the real server, allowing the user to interact with their resources without the knowledge that their communications have taken a detour through a malicious system that is eavesdropping on and possibly altering the traffic.

MITM attacks can also be waged using more complicated methods, including MAC (Media Access Control) duplication, ARP (Address Resolution Protocol) poisoning, router table poisoning, fake routing tables, DNS (Domain Name Server) query poisoning, DNS hijacking, rogue DNS servers, HOSTS file alteration, local DNS cache poisoning, and proxy re-routing. And that doesn't mention URL obfuscation, encoding, or manipulation that is often used to hide the link misdirection.

To protect yourself against MITM attacks, you need to avoid clicking on links found in e-mails. Furthermore, always verify that links from Web sites stay within trusted domains or still maintain SSL encryption. Also, deploy IDS (Intrusion Detection System) systems to monitor network traffic as well as DNS and local system alterations

Wireless Attacks
Wireless networks have the appeal of freedom from wires - the ability to be mobile within your office while maintaining network connectivity. Wireless networks are inexpensive to deploy and easy to install. Unfortunately, the true cost of wireless networking is not apparent until security is considered. It is often the case that the time, effort, and expense required to secure wireless networks is significantly more than deploying a traditional wired network.

Interference, DOS, hijacking, man-in-the-middle, eavesdropping, sniffing, and many more attacks are made simple for attackers when wireless networks are present. That doesn't even mention the issue that a secured wireless network (802.11a or 802.11g) will typically support under 14 Mbps of throughput, and then only under the most ideal transmission distances and conditions. Compare that with the standard of a minimum of 100 Mbps for a wired network, and the economy just doesn't make sense.

However, even if your organization does not officially sanction and deploy a wireless network, you may still have wireless network vulnerabilities. Many organizations have discovered that workers have taken it upon themselves to secretly deploy their own wireless network. They can do this by bringing in their own wireless access point (WAP), plugging in their desktop's network cable into the WAP, then re-connecting their desktop to one of the router/switch ports of the WAP. This retains their desktop's connection to the network, plus it adds wireless connectivity. All too often when an unapproved WAP is deployed, it is done with little or no security enabled on the WAP. Thus, a $50 WAP can easily open up a giant security hole in a multi-million dollar secured-wired network.

To combat unapproved wireless access points, a regular site survey needs to be performed. This can be done with a notebook using a wireless detector such as NetStumbler or with a dedicated hand-held device.

Doing their Homework
I don't mean that hackers break into your network by getting their school work done, but you might be surprised how much they learn from school about how to compromise security. Hackers, especially external hackers, learn how to overcome your security barriers by researching your organization. This process can be called reconnaissance, discovery, or footprinting. Ultimately, it is intensive, focused research into all information available about your organization from public and non-so-public resources.

If you've done any research or reading into warfare tactics, you are aware that the most important weapon you can have at your disposal is information. Hackers know this and spend considerable time and effort acquiring a complete arsenal. What is often disconcerting is how much your organization freely contributes to the hacker's weapon stockpile. Most organizations are hemorrhaging data; companies freely give away too much information that can be used against them in various types of logical and physical attacks. Here are just a few common examples of what a hacker can learn about your organization, often in minutes:

• The names of your top executives and any flashy employees you have by perusing your archive of press releases.
• The company address, phone number, and fax number from domain name registration.
• The service provider for Internet access through DNS lookup and traceroute.
• Employee home addresses, phone numbers, employment history, family members, previous addresses, criminal record, driving history, and more by looking up their names in various free and paid background research sites.
• The operating systems, major programs, programming languages, specialized platforms, network device vendors, and more from job site postings.
• Physical weaknesses, vantage points, lines of sight, entry ways, covert access paths, and more from satellite images of your company and employee addresses.
• Usernames, e-mail addresses, phone numbers, directory structure, filenames, OS type,Web server platform, scripting languages,Web application environments, and more from Web site scanners.
• Confidential documents accidentally posted to a Web site from archive.org and Google hacking.
• Flaws in your products, problems with staff, internal issues, company politics, and more from blogs, product reviews, company critiques, and competitive intelligence services.

As you can see, there is no end to the information that a hacker can obtain from public open sources. This list of examples is only a beginning. Each kernel of truth discovered often leads the hacker to unearth more. Often, a hacker will spend over 90% of their time in information-gathering activities. The more the attacker learns about the target, the easier the subsequent attack becomes.

As for defense, you are ultimately at a loss—mainly because it is already too late. Once information is out on the Internet, it is always out there. You can obviously clean up and sterilize any information resource currently under your direct control. You can even contact third-party information repositories to request that they change your information. Some online data systems, such as domain registrars, offer privacy and security services (for a fee, of course). You can also control or limit the output of information in the future by being more discrete in your announcements, product details, press releases, etc.

However, it is the information that you can't change or remove from the Internet that will continue to erode your security. The only way to manage uncontrollable information is to alter your environment so that it is no longer correct or relevant. Think of this as a new way to deviate from defaults or at least deviate from the previous known.

Monitoring Vulnerability Research
Hackers have access to the same vulnerability research that you do. They are able to read Web sites, discussion lists, blogs, and other public information services about known problems, issues, and vulnerabilities with hardware and software. The more the hacker can discover about possible attack points, the more likely it is that he can discover a weakness you've yet to patch, protect, or even become aware of.

To combat vulnerability research on the part of the hacker, you have to be just as vigilant as the hacker. You have to be looking for the problems in order to protect against them just as intently as the hacker is looking for problems to exploit. This means keeping watch on discussion groups and web sites from each and every vendor whose products your organization utilizes. Plus, you need to watch the third-party security oversight discussion groups and web sites to learn about issues that vendors are failing to make public or that don't yet have easy solutions. These include places like securityfocus.com, US CERT, hackerstorm.com, and hackerwatch.org

Being Patient and Persistent
Hacking into a company network is not typically an activity someone undertakes and completes in a short period of time. Hackers often research their targets for weeks or months, before starting their first tentative logical interactions against their target with scanners, banner-grabbing tools, and crawling utilities. And even then, their initial activities are mostly subtle probing to verify the data they gathered through their intensive "offline" research. Once hackers have crafted a profile of your organization, they must then select a specific attack point, design the attack, test and drill the attack, improve the attack, schedule the attack, and, finally, launch the attack.

In most cases, a hacker's goal is not to bang on your network so that you become aware of their attacks. Instead, a hacker's goal is to gain entry subtly so that you are unaware that a breach has actually taken place. The most devastating attacks are those that go undetected for extended periods of time, while the hacker has extensive control over the environment. An invasion can remain undetected nearly indefinitely if it is executed by a hacker who is patient and persistent. Hacking is often most successful when performed one small step at a time and with significant periods of time between each step attempt - at least up to the point of a successful breach. Once hackers have gained entry, they quickly deposit tools to hide their presence and grant them greater degrees of control over your environment. Once these hacker tools are planted, hidden, and made active, the hackers are free to come and go as they please.

Likewise, protecting against a hacker intrusion is also about patients and persistence. You must be able to watch even the most minor activities on your network with standard auditing processes as well as an auto-mated IDS/IPS system. Never allow any anomaly to go uninvestigated. Use common sense, follow the best business practices recommended by security professionals, and keep current on patches, updates, and system improvements.

However, realize that security is not a goal that can be fully obtained. There is no perfectly secure environment. Every security mechanism can be fooled, overcome, disabled, bypassed, exploited, or made worthless. Hacking successfully often means the hacker is more persistent than the security professional protecting an environment. Ultimately, it is an arms race to see who blinks or falls behind first. With enough time, the right tools, sufficient expertise and skill, mounting information collection, and persistence, a hacker can and will find a way to breach any and every security system.

Confidence Games
The good news about hacking today is that many security mechanisms are very effective against most hacking attempts. Firewalls, IDSes, IPSes, and anti-malware scanners have made intrusions and hacking a difficult task. However, the bad news is many hackers have expanded their idea of what hacking means to include social engineering: hackers are going after the weakest link in any organization's security—the people.

People are always the biggest problem with security because they are the only element within the secured environment that has the ability to choose to violate the rules. People can be coerced, tricked, duped, or forced into violating some aspect of the security system in order to grant a hacker access. The age-old problem of people exploiting other people by taking advantage of human nature has returned as a means to bypass modern security technology.

Protection against social engineering is primarily education. Training personnel about what to look for and to report all abnormal or awkward interactions can be effective countermeasures. But this is only true if everyone in the organization realizes that they are a social engineering target. In fact, the more a person believes that their position in the company is so minor that they would not be a worthwhile target, the more they are actually the preferred targets of the hacker.

Already Being on the Inside
All too often when hacking is discussed, it is assumed that the hacker is some unknown outsider. However, studies have shown that a majority of security violations actually are caused by internal employees. So, one of the most effective ways for a hacker to breach security is to be an employee. This can be read in two different ways. First, the hacker can get a job at the target company and then exploit that access once they gain the trust of the organization. Second, an existing employee can become disgruntled and choose to cause harm to the company as a form of revenge or retribution.

In either case, when someone on the inside decides to attack the company network, many of the security defenses erected against outside hacking and intrusion are often ineffective. Instead, internal defenses specific to managing internal threats need to be deployed. This could include keystroke monitoring, tighter enforcement of the principle of least privilege, preventing users from installing software, not allowing any external removable media source, disabling all USB ports, extensive auditing, host-based IDS/IPS, and Internet filtering and monitoring.



There are many possible ways that a hacker can gain access to a seemingly secured environment. It is the responsibility of everyone within an organization to support security efforts and to watch for abnormal events. We need to secure IT environments to the best of our abilities and budgets while watching for the inevitable breach attempt. In this continuing arms race, vigilance is required, persistence is necessary, and knowledge is invaluable.

Read more!

Windows Vista: Is it secure enough for business?

Microsoft’s latest desktop operating system, Windows Vista, contains a wide range of new features, from the user interface to the heart of the operating system. However, it is the new security-related technologies which were given top priority by Microsoft in response to the many criticisms of the vulnerabilities in Vista’s forerunner, Windows XP. Developments include improved monitoring and reporting on security status, minimized opportunity for attack and improved defense against spyware. There is also a new mechanism to prevent rogue code from being able to make malicious changes to the operating system kernel, and improved browser and firewall functionality.

Windows Security Center

Windows Security Center (WSC) runs in the background, monitoring and reporting on the security status of a computer. First introduced by Microsoft in Windows XP Service Pack 2, the enhanced version in Vista provides greater integration both with other Vista security features and with third-party security solutions.

As with Windows XP, WSC monitors the internet firewall and checks the status of automatic updates and anti-virus software but it has been extended in Vista to include monitoring of anti-spyware applications. Monitoring of the security settings in Internet Explorer 7 and of the new User Account Control function (see below) has also been added.

Part of the reasoning behind the enhancements to WSC is to raise end-user awareness of security issues by alerting them to any problems. While this clearly has home-user benefits, businesses and other organizations like education and government institutions will find this both insufficient and annoying and so might well choose to disable these
end-user alerts.

In addition, some security vendors have reacted negatively to the fact that WSC cannot be automatically disabled when their alternative security solutions are installed, although Sophos cannot see why any vendor should object to a built-in security center reporting on the status of its software.

User Account Control

User Account Control (UAC) is one of the most important security features in Windows Vista. Its objective is to minimize the opportunity for attack, preventing the installation of today’s malware threats, in a scenario where end users are given local administrator rights. As with Windows XP, end users are given administrator rights by default. However, instead of invoking administrator status in a blanket fashion across all applications, the Vista login generates two security tokens: StandardUser and Administrator.

By default, Vista assigns the StandardUser token to applications, so applications that do not require administrator rights will run with no user intervention. However, many applications require administrator privileges and in this case the Administrator token is invoked and the user is asked to cancel or allow the program as appropriate, as shown in the figure.


From a security point of view UAC is a significant step forward and the principle of the least required privilege is theoretically a good one as, by default, registry and file system access are restricted. This means that malware is prevented from automatically copying itself to locations such as the Windows system folder and cannot be written to registry keys in order to be automatically launched by the operating system. The principle of the StandardUser token also prevents malicious applications from writing to the memory space of other processes, a technique commonly used by malware to bypass personal or client firewalls.

Unfortunately UAC is not just secure but intrusive, with a high level of alerts, many of which are not intuitive for non-technical users. The danger is that they will automatically select “Allow” when prompted, without fully considering whether they should. The other danger is that UAC can be disabled – and indeed many beta testers chose to do this – which removes the improved security.

Windows Defender

Windows Defender is a free anti-spyware program built into Windows Vista that will detect and remove some adware, spyware and other unwanted programs. The software uses automatic updates provided by Microsoft analysts to help detect and remove new threats as they are identified. This protection does not offer comprehensive antimalware protection, in spite of the fact that the information in WSC implies that it does.

Windows Defender only supports Windows XP Service Pack 2 or later, or Windows Server 2003 Service Pack 1 or later. It does not support other operating systems including Windows 95/98/Me and 2000. And because it is targeted at the consumer market it does not offer any central administration capabilities. So it offers little to multi-platform, centrally managed enterprise networks.


Kernel protection

Two new mechanisms have been introduced to protect the operating system kernel – Kernel Patch Protection (KPP), or PatchGuard, and mandatory signing of drivers.

KPP has been implemented in 64-bit Vista to prevent a particular type of malicious activity that manipulates the operating system kernel, causing serious security breaches and adversely impacting the stability, reliability and performance of the operating system and user applications. Commonly known as “rootkits” this type of malware is often used to hide other potentially unwanted software, such as bots and spyware. KPP prevents kernel mode drivers from extending or replacing operating system services and should therefore stop rogue drivers from making malicious changes to the kernel.

KPP has not been added to 32-bit Vista since many programs (including security software) use the kernel space in an undocumented way and Microsoft was concerned about compatibility with the existing application set. This means that 32-bit systems remain vulnerable to rootkit attack. However, the second kernel protection mechanism – mandatory signing of drivers – has been implemented in both 32-bit and 64-bit Vista and can be set to prevent unsigned drivers from loading.

Some security vendors have complained that they are being “locked out” of the Vista operating system kernel by KPP. This is because they need to be able to make changes inside Microsoft’s kernel in order to ensure their existing products can support 64-bit versions.

While it is true that there will now be some dependency on Microsoft to deliver kernel interfaces which could slow all security vendors down, this is more than compensated for by the additional security offered by a locked down kernel. Windows Vista with KPP is a step in the right direction for customers – although, since this is a software mechanism it is quite likely that it will be circumvented by malware writers sooner or later – and security vendors should embrace and work with it rather than fight it.


Internet Explorer 7

Windows Vista’s built-in web browser, Internet Explorer 7 (IE7), includes security enhancements designed to protect users from phishing and spoofing attacks. In protected mode it helps prevent data and configuration settings from being deleted or changed by malicious websites or malware.

The feature is enforced by a new mechanism, called Mandatory Integrity Control, whereby every process has an integrity level assigned and each level limits access to system objects (registry, file system, other processes. etc).

The new IE7 protected mode actually runs IE with the integrity level “Low” – which is lower than the default for most user processes. This happens for all security zones except the trusted zone. Downloaded programs inherit the low integrity level which should prevent malicious programs and PUAs from infecting the system and integrating with the browser.

IE7 also has a phishing filter, which helps users browse more safely by advising them when websites might be attempting to steal their confidential information. The filter works by analyzing website content, looking for known characteristics of phishing techniques and using a global network of data sources to decide if the website should be trusted.


Windows Firewall

Windows Vista includes a new firewall that goes beyond the Windows XP Service Pack 2 firewall. Application-aware outbound filtering has been added as have location-based profiles, which allow users to set up different rules based on the network location.

However, the default policy is still to allow all outgoing traffic and the default settings will not provide any additional protection over the firewall in XP SP2.

In addition, although some management is available through Group Policy, the central management function does not provide enterprise administrators with the visibility, monitoring, policy configuration and rapid response capability that enterprise-level security management consoles deliver.

Other security features

Windows Vista also includes improved Wi-Fi security, readiness for multi-factor authentication, BitLocker data protection, a Network Access Protection client, and improved auditing for compliance.

In Windows Vista, wireless networking is more secure by default, and includes support for the latest and most secure wireless networking protocol, Wi-Fi Protected Access 2 (WPA2).

Windows Vista comes with an API to make it easier to add smart card and other systems such as biometrics to Windows authentication, to make it harder for hackers to gain access to computers and data through password cracking or social engineering techniques.

Enhanced encryption enables organizations to protect against theft or loss of corporate intellectual property. Windows Vista has improved support for data protection at the document, file, directory, and machine level, including the ability to define which employees have access to certain data. Encryption keys can now be stored on smart cards. The BitLocker disk encryption system provides some protection against hacking attacks that involve booting from removable disks.

The Network Access Protection (NAP) client can be used to prevent rogue or unprotected computers gaining full access to a network, although it will only really be implementable once the necessary server components are released with the next release of Windows Server, codenamed Longhorn, expected to be released soon.

Read more!