Next Great App for Android, iPhone –> Rootkit
Rootkit, SMS text messages used to build a botnet of smartphones
The “hot” tech items to own these days are the (not inexpensive) iPhone and Android “smart phone” devices. (If you doubt that, ask yourself why does the news infotainment departments send reporters and camera crews to film lines of people standing outside the Apple Store when a new model comes out?)
These phones are really not phones anymore, but mini-computers – which happen to make cellular phones calls. They are Internet-connected, so they can send/receive e-mail, text and ‘chat’, and download files.. such as movies. They contain address books of your friends and family… In short, they have everything a cyber-criminal wants to target.
In the interest of making the world a better place, “a researcher at ShmooCon DC this weekend will demonstrate a smartphone botnet spewing spam, and unleash proof-of-concept code that builds a botnet out of Android and iPhone smartphones.”
Yes, that’s right. A “researcher” will show us all how it’s done, and provide the code.
Georgia Weidman, an independent researcher, says her botnet attack evolved out of work she did on making an Android application send SMS text messages transparently such that the user didn’t even know it was happening from his or her smartphone. “As I did more research, I [realized] if I did this in the base operating system instead of in ‘userspace’ where most apps are, it would be a better way to do it,” she says. “If I can remotely control someone’s phone, it can be part of a botnet.”
While there has been plenty of smartphone research that pits one smartphone against another in an attack, she says, a more likely attack scenario would be a user unknowingly downloading an app that contains malicious code. “I think the majority of malware installations will come from a user downloading infected apps,” which can easily be rigged with rootkits given the lack of sufficient vetting of most smartphone apps, she says.
Well.. now that all someone has to do is copy>paste the code, yeah, she’s right. Invisible viruses that turn your smart phone into relay stations for spammers — sending us come on’s for V1@gra and C1al1s, and virus-laden links and attachments are only, I estimate, weeks away.
… and before you get too angry at this particular person, there is a whole industry of people doing this “research”, and several conventions have been going on for years. I believe that (some of) these people actually believe they are doing a good thing.
And maybe they would be.. if they only released the code to the affected device (or software) manufacturers and developers. But you don’t get rich or famous for that. (Maybe you heard about the “teen hacker” who got hired after writing viruses that attacked Twitter? There’s a lot of that kind of idiocy in tech..)
Here is the entire Dark Reading article, Researcher To Release Smartphone Botnet Proof-Of-Concept Code. I suggest you read it. Particularly if you own a smart phone.
In case you don’t know what a “botnet” is, http://en.wikipedia.org/wiki/Botnet…
Or why a “rootkit” is the worst kind of virus, http://en.wikipedia.org/wiki/Rootkit
Does your smart phone have an antivirus? A firewall? Maybe you want those things?
Maybe it’s important to know that the apps at the app store are not checked (aka “vetted”) for malware? Doesn’t that *smell*?
IMHO, there is something wrong with this whole deal. Top to bottom.
Related:
* iPhone Users Are About to Be Screwed Over. The addition of the NFC chip to the iPhone isn’t for easy credit card purchases, but so the phone companies can control your financial transactions. Be warned. ~ By John C. Dvorak
“There has been a lot of talk about the addition of an NFC (near field communication) chip to the next-gen iPhone. This will allow the phone to be used as a swipe-it-yourself credit card. I consider this technology to be the most onerous ever.”
* CNet’s roundup of security apps for Android.
Copyright 2007-2011 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<
Sunday Beauty XXVII
Today’s Sunday Beauty features a waterfall…
.. though I did not see it right away.
I was too busy thinking that’s where I belong.
Copyright 2007-2011 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<
Kallyfornyah Kasual
I am in a bit of a muddle here today, as I sit at my keyboard. I have six or seven directions I could head in, if you will, and am unsure which to share with you, Dear Reader. And how to do it. I think I will just “free flow” today. Kallyfornyah Kasual.
I will start with an educational word of caution..
Yesterday, I spent hours in a client’s home. They could not access their Gmail.
No. Their account was not “hijacked” (see, “My Gmail Account Was Hijacked”). They simply could not remember their password. They had set one, and then had been letting the computer remember it for them. But, their browser suddenly forgot to remember correctly the other day.
Well, no big deal.. their logins are stored on the “keychain” (it was a Mac).
Which is password protected.
Which they couldn’t remember either.. as they had set it years ago when the computer was new.
Catch 22.
Worse, this person was in the habit of setting passwords, and letting the computer do the work: they knew not a single one of their passwords (except their User password, which they use every day).. and didn’t have them written down anywhere.
I did my best to explain that in this Internet Age, user name + password combinations are our keys: they give you access: and w/o them, you are S.O.L.; and you want to hide a spare (copy) somewhere. Just like you would a house key.
But I could tell that not even the frustration of hours of playing the “guessing passwords game” and dozens of “click here to reset password” emails (Gmail said “No. we don’t believe you are you.”), nor my mild chiding coaxing, was going to change this person’s behavior or attitude. Neither would my bill.
In another one of my adventures in tech support..
Nah. I’ll save that for another day. I’ll just say I was slightly disappointed in my first encounter with the new AppleTV box.
But, I have seen an increase in the number of malware (aka “virus”) infections, and also an increase in the number of infections which included backdoors and keyloggers (this coincides nicely with the approaching tax season..). Many of these infections were spread by email coming from friends and contacts. So now would be a good time to ramp up your email “paranoid common sense”, and not implicitly trust that the email from your good buddy Joe is safe.
And it’s a good time for me to pitch to you my Got A Computer? Top 10 Things You Should Do article. It is a checklist worth knowing.
I won’t tell what the weather is like here, as I know many of you are up to your armpits in snow.. but I will tell you that I hope you have a nice, enjoyable weekend — and ask you to try to be safe.
Copyright 2007-2011 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<
Friday Fun
Hollywood used to know how to make good movies. They started with a good story, not a big budget for special effects. The other night, I just randomly happened to notice that a certain film was being shown. I haven’t sat and watched a movie since October (loyal friends may remember my mention of The African Queen)…
And, the title is on my Top 30 Movies Of All Time list, so, I forced myself to sit quietly and watched 1963’s It’s a Mad, Mad, Mad, Mad World — which featured a cast comprising anybody who was anybody.. and is darned funny.
In 2001 a .. um, er, “new version” was released, which I also thoroughly enjoyed, and also highly recommend, name Rat Race. Those of you with Netflix accounts might want to add this to your “what should I watch?” lists.. If for no other reason than it has Mr. Bean in it.
Here is the movie’s “trailer” to give you a taste of some Friday Fun. (Because, we can’t be all-work-and-no-play now, can we?!)
It’s like a mosquito bite… From the What Were They Thinking Department
… YesCash.com.. not a bad name…
A quotable quote for your day: “Thought is energy. Active thought is active energy; concentrated thought is a concentrated energy. Thought concentrated on a definite purpose becomes power. This is the power which is being used by those who do not believe in the virtue of poverty, or the beauty of self-denial. They perceive that this is the talk of weaklings.”
Copyright 2007-2011 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<
What is a “Virtual Machine”?*
Yesterday’s article brought up the topic of VM’s (virtual machines). The following article was one of my early Tech – for Everyone efforts, and while it references XP frequently (the main OS of the day), required only slight updating. I hope you will enjoy it.
One of the hot topics in the IT industry is virtualization ¹. Basically what this is, is software that creates an environment — on an existing PC — into which you can install (and run) another operating system [OS]; in short, running a PC on top of your PC.. which gives you two PCs. This “on top of” machine is called a “virtual machine“.
Tip of the day: Get more out of your PC by using a virtual environment.
(I must take a moment to state that it is the power of the newer generations of PCs that allow us to take advantage of machine virtualization. VM “shares” resources (CPU, RAM) with the existing install… so if you’re barely clunking along as it is, forget about VMs and click here to read my article(s) on when it’s time for a new machine.)
How can this benefit you? One of the main advantages is when you are thinking about a dual-boot install, or would like to do away with an existing dual-boot set up — say, for security reasons. Instead of partitioning your hard drive, and using FAT32 to run (boot to) either Windows 98 or XP, format your drive in NTFS, install XP/Vista/Win7, and run 98 inside the virtual environment. (I am using Windows 98 as an example. You may want to run a Linux distro, and learn about Open Source. The fact is you can run any OS that you have a license for [I believe. I have not tried to load every OS personally…])
If you do this, and create a shared folder for the VM on your ‘base OS’, you will be able to switch back and forth between the two and share files with both OS’s.
Another advantage of using a VM is, it loads much like “mounting” a disk image. You can make multiple ’snapshots’ of your VM, and load the one of your choosing. This is an absolutely fantastic method for dealing with security issues. I know several geeks who run an XP VM on their XP machine– they use the VM version for their daily surfing and usage, and as a “sandbox” for testing downloaded programs and patches/Updates. At the end of the day, they just close the VM, and when they open it again (unless they take a ’snapshot’ and Save those changes to the VM) their pristine VM loads: no browsing history, no spyware, no trace of yesterday’s activity… just a brand-new XP machine.
By keeping a copy of the VM snapshot in another location, they always have a full system backup on hand. (And all my readers know about the importance of recovery backups!)
These are just two uses and applications for virtual machines (VMs). You may be able to think of others. You are not just limited to one VM, either — but each VM (unless it is an Open Source OS, like Linux) does require a valid Product Key/license. This is not a way to cheat.
Today’s free download(s): The most popular virtual machine software is put out by VMware. The free offerings are VMware Server (don’t worry about the use of the word “server”) and VMware Player (which is a web browsing sandbox). Not only is this a flexible (highly compatible with your particular hardware) program, but VMware offers several pre-configured Open Source ’snapshots’, called “appliances”, that you can download and run without going through an OS install process.
Microsoft also offers free virtual machine software, that some people argue works better with Microsoft OS’s. From website: “Virtual PC 2007 is a powerful software virtualization solution that allows you to run multiple PC-based operating systems simultaneously on one workstation.”
Reader recommended VirtualBox is also free, and a possible alternative to Virtual PC and VMWare. Their homepage is here, http://www.virtualbox.org/.
Either way you decide, you are not making fundamental changes to your hard drive or currently installed operating system. This is just a program, like Excel or Word is a program. Simply uninstall it if you find you don’t like or need it.. but I doubt very much that you ever will– it’s just too useful and safe.
¹ (For IT types) Virtualization in the Data Center has (under the banner of the “green movement” – and because it saves money) been for several years now, an area of study and certification not to be overlooked.
* Orig post: 9/8/07
Copyright 2007-2011 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<
"This seems like a fairly simple question…"
“Hi Paul, I’m just a single user with a question I apparently can’t get answered very easily by searching for it via the Internet. I’m hoping maybe you can ‘square me away’ by answering it. On it’s face, this seems like a fairly simple question.
If I’m using an excellent antivirus program (which I am; it’s the Avira antivirus program) is it still necessary for me to install Windows so-called critical security updates to my computer…? I have a computer that so far still works very well but was built in 2001 and so, although I still have more than 75 percent of free space remaining on the hard drive, it doesn’t have tons of memory (and as you know, a lot of ‘critical’/?mandatory windows updates can use considerable mb’s of space).
Wouldn’t critical updates also be downloaded by/through the antivirus programs/companies, without having to separately download them as individual users…? I realize this is a two-part question and appreciate whatever appropriate response you may have.
Thank you,” ~ Anon
A: Your questions indicate that you are “mixing apples and oranges”, twice.
A program – and Microsoft Windows is a collection of programs – needs to receive security patches (these are usually called “updates”) to close holes and fix programming errors in the (program’s) code that hackers are (already) using to gain administrative control of the PC. (Currently, Apple and Adobe software are the most exploited.)
You ABSOLUTELY want them.
(Each program author will write their own ‘updates’, and you want those too!) See, What’s With All These Updates?!*
They have nothing to do with AV.. and the ‘virus definition updates‘. Your AV will receive “fingerprints” (samples) of virus/trojan/keylogger/etc. from the authors so that it can have something to use (for comparisons) to find such code on your machine. You want those too.. which is why letting your AV subscription “expire” is a very bad thing (not an issue for you and Avira).
Though the word is the same, it is being used to describe two different things. You’ll find that a lot when dealing with tech and “geek speak”.
Secondly,
You are mixing your “memory”.
There are two kinds — the dynamic RAM.. which you don’t want to load up unnecessarily, and “storage memory” (your hard disk — “c:\”). Windows Updates use the latter. And so they do not “slow down” your aging machine. Okay?
Windows Updates closes holes (in Windows) the bad guys are using to climb in through.
I like to use this as an analogy — think of a program as a house made of brick and mortar.. the hackers are like little tiny bugs, trying to find a crack to get in. And they find them. Updates are mortar patches that fill those cracks.
Also — I don’t mean to alarm you, and certainly not offend you, but I am the type of person who speaks what is on my mind. I would not connect a vintage 2001 Windows computer to the Internet. I would scrap it.. or keep it around for playing my old games on.. but I would not access the Web with it.
If my finances were such that I simply did not have the option of buying an up to date computer (Windows 7, 64 – bit/ Apple OS 10.6 [64 bit]) I would purchase Wondershare Time Freeze, or use the free Comodo Time Machine and learn how to use them. They “sandbox” your machine.
Copyright 2007-2011 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Windows 7 – Old Games Won’t Play.. Help! (Updated)
5 6 Methods For Getting Old Programs To Run On New Computers
This article is an updated and improved version of Windows 7 – Old Games Won’t Play.. Help!, a “reader question” article that has proven quite popular. It seems quite a few people want their 12-year old, 16-bit, Gen 1 games to play on latest generation, 64-bit machines, (I don’t blame them) but it doesn’t always work. Here are some tips for solving the problem. They are in the appropriate order, IMHO. (These work in Vista as well.)
1) Turn off “hardware acceleration”. A common cause of errors and “playability issues” is the old games’ use (or lack of) of hardware “acceleration”, which is referring to the “video card”, or more accurately, the graphics driver. Most graphics drivers allow you to turn off the hardware acceleration (which may resolve your issue).
Click Start in the lower left corner of Windows.
Click Control Panel, click Appearance and Personalization, click Personalization, click Display Settings, and then click Advanced Settings.
Click the Troubleshoot tab, and then click Change Settings.Move the Hardware Acceleration slider until it is one notch to the right of None. This is the basic acceleration setting.
Click OK twice, and then close the window.
Restart the computer.
[you can also get there via the graphic adapter’s Properties in Device Manager]
[Note: Change Settings will be disabled if the graphics card drivers do not support disabling hardware acceleration. You may need to check the video card manufacturer’s website, and download the latest driver.]
2) You may need set the troublesome games to launch in “Compatibility Mode”, and tell them to run under Windows XP SP2. This article, https://techpaul.wordpress.com/2009/06/28/compatibility-tricks-for-old-programs-new-machines/ shows you how. The “Compat Mode” section is about half way down the page.
3) You might need to try repeating Step 2, but this time install directly to your C:\ drive (by default, Windows will install programs to C:\Program Files or C:\Program Files(x86) folder) using the “Custom install” option during set up. This will eliminate some of the Permissions issues that keep older programs from running correctly.
4) You may also – if the game is old enough – need to turn off all but one CPU core. This is called “setting the affinity”. Also see, Compatibility Tricks for Old Programs, New Machines. If this resolves your issue, the article includes a download for a tool to make this setting ‘stick’.
5) For really old, DOS-based games, install DOSBox. DOSBox is a great tool, especially for old games. I would suggest reading the tutorial, here: http://www.dosbox.com/wiki/DOSBoxShortcuts#Windows
6) Though I view this as a bit of a ‘last resort’, you can install a “virtual machine” and run the game in there.
* If you have the Professional, Enterprise or Ultimate edition of Windows 7, you can download XP Mode – which is really Virtual PC – for free. If you have other editions of Windows, grab Virtual PC 2007 from the same place.
* Perhaps a better alternative is using VMWare Server (free), from www.vmware.com/products/server. I have read that the VMWare handles the hardware acceleration better.
In both cases, you’ll have to supply the copy of (old) Windows yourself, and install it (into the “virtual machine”) from scratch.
… I hate to say, but it is possible that you may try all these things and get unsatisfactory results. I keep an old Pentium II machine (Windows 98) around just for playing those old games (which I wouldn’t dream of connecting to the Internet!). The games play best on the hardware/OS of their day. You might need to do the same. Or.. say goodbye to your old friends.
Progress!
Copyright 2007-2011 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.
>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<
| Share this post : | |
|
|
|
|
|
|
|
|
|
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 