tag:blogger.com,1999:blog-130709842024-02-28T15:01:36.176-08:00CACroll Small LANsChuckhttp://www.blogger.com/profile/12567784744046514146noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-13070984.post-1116684924101443482005-12-31T07:12:00.000-08:002006-08-26T23:12:57.833-07:00Welcome to CACroll Small LANsMicrosoft Windows is an incredibly complex operating system. Making an installation of computers running Windows work, at all, is a challenge. Making one work properly is even more of a challenge. Fortunately, thanks to the Internet, the problems which you may be observing today may have already been discussed, and resolved, by other folks before you. And there are many websites to give you advice, based upon those experiences.<br /><br />Now, many websites offer you learned advice on various subjects; some on Windows Networking, as CACroll Small LANs does. Many websites are procedure oriented. If you know what to do, they will give you details showing you how you can use a particular wizard. But - if you don't know what to do, or how to solve a given problem, how are you going to find a solution? That's like using a dictionary - some folks think that you can learn how to spell a word, by looking it up in a dictionary.<br /><br />CACroll Small LANs is organised by goal. For problem solving, it's organised by symptom. Now, it's not finished - few websites are ever actually finished. But give it a shot - it may have an answer or two for you.<br /><br />If this is your first visit here, you may wish to start with the introduction, <a href="http://nitecruzr.blogspot.com/2005/06/how-to-get-most-out-of-pchucks-network.html"><span style="font-style: italic;">How To Get The Most Out Of CACroll Small LANs</span></a>.<br /><br />Having reviewed the site introduction, you may find that there are several ways to benefit from the material here.<br /><ul><br /><li>From my featured articles.<br /><ul><br /><li>This week's feature is a reminder to anybody installing a computer network, that <a href="http://nitecruzr.blogspot.com/2006/01/proper-network-design.html#WiFi">Ethernet cannot be replaced by WiFi</a>, without compromise and planning. The total bandwidth of a WiFi LAN is limited. You have to protect your LAN from your neighbors. And noise, both analogue and digital, will further reduce your bandwidth.<br /></li><li>Last week's feature was a pair of short advices about professional proactive techniques for ensuring that your computer, and network, are all running properly. Proactive monitoring of your computer, and of your network, can save you hours of wondering "what's up with this?" when something isn't running with its usual speediness. Learn about <a href="http://nitecruzr.blogspot.com/2006/08/finding-and-tracking-computers-on-your.html"><span style="font-style: italic;">Finding, and Tracking, Computers On Your Network</span></a>, and about <a href="http://nitecruzr.blogspot.com/2006/04/watching-what-your-computer-is-doing.html"><span style="font-style: italic;">Watching What Your Computer Is Doing</span></a>, using free tools, each available for quick download.<br /></li></ul><br /></li><li>From the current list of known <a href="#Problems">Problems and Resolutions</a>, which present a lightweight view of the various subjects, indexed by symptom.<br /></li><li>From the various <a href="#Tutorials">Tutorials</a>, which present an in depth view of the various subjects, indexed by overall topic.<br /></li><li>From the individual articles, indexed by category.<br /><ul><br /><li><a href="#Events">Current Events</a>.<br /></li><li><a href="#Tools">Diagnostic Procedures and Tools</a>.<br /></li><li><a href="#Internet">Using The Internet Properly</a>.<br /></li><li><a href="#NetworkingSecurity">Networking / Security</a>.<br /></li><li><a href="#WindowsNetworking">Windows Networking / File Sharing</a><br /></li></ul><br /></li><li>By using the Google <a href="#Search">Search Engine</a>.<br /></li></ul><br /><br />And check out my <a href="http://nitecruzr.blogspot.com/2005/12/links.html">Links</a> page, for extra interests of mine.<br /><br />More articles are added frequently, and existing articles are revised even more frequently. Check here regularly, using a <a href="http://nitecruzr.blogspot.com/2005/06/how-to-get-most-out-of-pchucks-network.html#Blog">newsfeed reader</a> for best results. And tell your friends about <a href="http://nitecruzr.blogspot.com/">CACroll Small LANs</a>!<br /><br /><a href="#Top">>>Top</a><br /><br /><a name="Problems"><strong>Common Problems and Resolutions</strong></a><br /><blockquote><br /><a href="http://nitecruzr.blogspot.com/2005/06/mysterious-error-5-aka-access-denied.html">"Error = 5" aka "Access Denied"</a><br /><a href="http://nitecruzr.blogspot.com/2005/06/mysterious-error-53-aka-name-not-found.html">"Error = 53" aka "Name Not Found"</a><br /><a href="http://nitecruzr.blogspot.com/2005/06/does-your-computer-lose-network.html">Intermittent Connectivity Problems When Computer Is Idle</a><br /><a href="http://nitecruzr.blogspot.com/2005/07/restrictanonymous-and-your-server.html">Intermittent Server Visibility Caused By The Restrictanonymous Setting</a><br /><a href="http://nitecruzr.blogspot.com/2006/01/stabilise-your-wifi-use-only-one-wifi.html">Intermittent WiFi Connectivity Problems Caused By WiFi Client Manager Conflicts</a><br /><a href="http://nitecruzr.blogspot.com/2006/03/dns-server-settings-on-your-computer.html">Internet Access Problems Caused By DNS Problems</a><br /><a href="http://nitecruzr.blogspot.com/2005/07/local-name-and-address-resolution-on.html">Internet Connectivity Problems Caused By A Corrupt Or Hijacked Hosts File</a><br /><a href="http://nitecruzr.blogspot.com/2005/06/internet-connectivity-problems-caused.html">Internet Connectivity Problems Caused By The MTU Setting</a><br /><a href="http://nitecruzr.blogspot.com/2005/11/irregularities-in-individual-share.html">Irregularities In Access To Individual Shares On A Single Server</a><br /><a href="http://nitecruzr.blogspot.com/2005/10/irregularities-in-workgroup-visibility.html">Irregularities In Access To Network Neighborhood (Workgroup)</a><br /><a href="http://nitecruzr.blogspot.com/2005/07/limited-or-no-connectivity.html">Network Access Affected By Limited Or No Connectivity</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/problems-with-lsp-winsock-layer-in.html">Network Access Affected By LSP / Winsock / TCP/IP Corruption</a><br /><a href="http://nitecruzr.blogspot.com/2006/04/netbios-over-tcpip.html">Network Access Affected By NetBIOS Over TCP/IP Being Inconsistently Set</a><br /><a href="http://nitecruzr.blogspot.com/2005/11/lost-ability-to-create-new-network.html">New Network Connections Wizard Functionality Damaged By System Restore</a><br /><a href="http://nitecruzr.blogspot.com/2005/06/server-functionality-affected-by.html">Server Access Affected By IRPStackSize</a><br /><a href="http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Help">Server Access Affected By User Not Granted Requested Logon Type</a><br /><a href="http://nitecruzr.blogspot.com/2005/07/server-availability-affected-by.html">Server Access Affected By Maximum Simultaneous Connections</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/hiding-your-server-from-enumeration.html">Server Visibility Affected By The Invisibility Setting</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/your-personal-firewall-can-either-help.html">Server Access And Visibility Affected By Personal Firewalls</a><br /><a href="http://nitecruzr.blogspot.com/2006/05/registry-settings-which-affect-access.html">Server Access and Visibility Affected By Less Known Registry Settings</a><br /><a href="http://nitecruzr.blogspot.com/2006/01/look-at-complete-detail-in-error.html">Well Known, Yet Mysterious, Errors May Have Simple Resolutions</a><br /></blockquote><br /><br /><a href="#Top">>>Top</a><br /><br /><a name="Tutorials"><strong>Tutorials</strong></a><br /><blockquote><br /><a href="http://nitecruzr.blogspot.com/2005/05/troubleshooting-internet-service.html#AskingForHelp">Asking For Help For Internet Connectivity Problems</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/troubleshooting-network-neighborhood.html#AskingForHelp">Asking For Help For Network Neighborhood Problems</a><br /><a href="http://nitecruzr.blogspot.com/2005/07/hacking-redefined.html">Hacking Defined</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html">Layered Security</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/dealing-with-malware-adware-spyware.html">Malware (Adware / Spyware)</a><br /><a href="http://nitecruzr.blogspot.com/2005/04/nt-browser-or-why-cant-i-always-see.html">Network Neighborhood and the Browser</a><br /><a href="http://nitecruzr.blogspot.com/2005/08/networking-your-computers.html">Networking Your Computers</a><br /><a href="http://nitecruzr.blogspot.com/2005/11/protect-yourself-restrict-your.html">Restrict Your Privileges</a><br /><a href="http://nitecruzr.blogspot.com/2005/08/solving-network-problems-tutorial.html">Solving Network Problems</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/troubleshooting-internet-service.html">Troubleshooting Internet Connectivity</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/troubleshooting-network-neighborhood.html">Troubleshooting Network Neighborhood (Windows Networking)</a><br /><a href="http://nitecruzr.blogspot.com/2005/11/setting-up-wifi-lan.html">WiFi Networking</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/setting-up-wifi-lan-please-protect.html">WiFi Security</a><br /><a href="http://nitecruzr.blogspot.com/2005/07/windows-networking.html">Windows Networking Concepts</a><br /><a href="http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html">Windows XP File Sharing</a><br /></blockquote><br /><br /><a href="#Top">>>Top</a><br /><br /><a name="Events"><strong>Current Events</strong></a><br /><blockquote><br />August 26, 2006: <a href="http://nitecruzrnews.blogspot.com/2006/08/one-small-bit-of-good-news.html">Hacker sentenced to 37 months in prison</a><br />August 21, 2006: <a href="http://nitecruzrnews.blogspot.com/2006/08/pizza-order-credit-card-scam.html">Pizza Order Credit Card Scam</a><br />August 13, 2006: <a href="http://nitecruzrnews.blogspot.com/2006/08/august-2006-patch-tuesday-report.html">August 2006 Patch Tuesday Report</a><br />August 7, 2006: <a href="http://nitecruzrnews.blogspot.com/2006/08/bots-and-you.html">Bots And You</a><br />July 6, 2006: <a href="http://nitecruzrnews.blogspot.com/2006/08/bump-keys-growing-security-problem.html">Bump Keys - A Growing Security Problem</a><br />June 16, 2006: <a href="http://nitecruzrnews.blogspot.com/2006/06/patch-tuesday-was-this-week.html">Patch Tuesday for June 2006</a><br />June 8, 2006: <a href="http://nitecruzrnews.blogspot.com/2006/06/rip-windows-98-98se-me-and-xp-sp1.html">R.I.P., Windows 98, 98SE, ME, and XP SP1</a><br />June 7, 2006: <a href="http://nitecruzrnews.blogspot.com/2006/06/sharing-pain.html">Sharing The Pain</a><br />June 6, 2006: <a href="http://nitecruzrnews.blogspot.com/2006/06/happy-devils-day.html">Happy Devil's Day</a><br /></blockquote><br />And more current events in <a href="http://nitecruzrnews.blogspot.com/">PChuck's Network News</a>, and in <a href="http://nitecruzr.blogspot.com/2006/12/todays-security-alert.html">Today's Security Alert</a>.<br /><br /><a href="#Top">>>Top</a><br /><br /><a name="Tools"><strong>Diagnostic Procedures and Tools</strong></a><br /><blockquote><br /><a href="http://nitecruzr.blogspot.com/2005/12/lsp-winsock-analysis-using-log-from.html">Autoruns</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/browstat-utility-from-microsoft.html">Browstat</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/using-cdiag-without-assistance.html">CDiag </a><br /><a href="http://nitecruzr.blogspot.com/2006/04/cpsserv-comprehensive-psservice-source.html">CPSServ (NOTE: Requires download of </a><a href="http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html#PSTools">PSTools</a> (free).<br /><a href="http://nitecruzr.blogspot.com/2005/06/command-window.html">Command Windows</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/using-event-viewer-to-get-details.html">Event Viewer</a><br /><a href="http://nitecruzr.blogspot.com/2006/08/finding-and-tracking-computers-on-your.html">Finding, and Tracking, Computers On Your Network</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/interpreting-hijackthis-logs-with.html">HijackThis</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/reading-ipconfig-and-diagnosing.html">IPConfig</a><br /><a href="http://nitecruzr.blogspot.com/2005/07/local-security-policy-editor.html">Local Security Policy Editor</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/essential-tools-for-desktop-and.html">My Personal Toolbox</a><br /><a href="http://nitecruzr.blogspot.com/2006/04/network-diagnostics-using-net-config.html">Net Config</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/using-network-setup-wizard-in-windows.html">Network Setup Wizard</a><br /><a href="http://nitecruzr.blogspot.com/2005/07/use-ntrights-to-grant-specific.html">NTRights</a><br /><a href="http://nitecruzr.blogspot.com/2005/12/ping-command.html">Ping</a><br /><a href="http://nitecruzr.blogspot.com/2006/02/diagnosing-network-problems-using_11.html">PingPlotter</a><br /><a href="http://nitecruzr.blogspot.com/2005/07/registry-editor.html">Registry Editor</a><br /><a href="http://nitecruzr.blogspot.com/2005/06/services-running-on-your-computer.html">Services Wizard</a><br /><a href="http://nitecruzr.blogspot.com/2005/11/static-route-table.html">Static Route Table</a><br /><a href="http://nitecruzr.blogspot.com/2006/01/windows-xp-system-restore.html">System Restore</a><br /><a href="http://nitecruzr.blogspot.com/2006/04/watching-what-your-computer-is-doing.html">Watching What Your Computer Is Doing</a><br /><a href="http://nitecruzr.blogspot.com/2005/12/windows-explorer.html">Windows Explorer</a><br /><a href="http://nitecruzr.blogspot.com/2006/06/analyse-your-wifi-environment.html">WiFi Environment Analysis</a><br /><a href="http://nitecruzr.blogspot.com/2005/09/problems-with-windowsupdate.html">WindowsUpdate Log Interpretation</a><br /></blockquote><br /><br /><a href="#Top">>>Top</a><br /><br /><a name="Internet"><strong>Using The Internet Properly</strong></a><br /><blockquote><br /><a href="http://nitecruzr.blogspot.com/2005/05/how-to-post-on-usenet-and-encourage.html#TopPosting">Bottom Post, Please</a><br /><a href="http://nitecruzr.blogspot.com/2005/12/download-software-selectively.html">Download Software Selectively</a><br /><a href="http://nitecruzr.blogspot.com/2005/06/privacy-statement.html">Help Us To Help You</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/getting-help-on-usenet-and-believing.html">Getting Help On Usenet - And Believing What You're Told</a><br /><a href="http://nitecruzr.blogspot.com/2005/06/how-to-get-most-out-of-pchucks-network.html#Contact">How To Contact Me</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/how-to-post-on-usenet-and-encourage.html">How To Post On Usenet And Encourage Intelligent Answers</a><br /><a href="http://nitecruzr.blogspot.com/2005/11/interactive-problem-resolution-and.html">Interactive Problem Solving</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/how-to-post-on-usenet-and-encourage.html#Hijacking">Please Don't Hijack Threads</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/please-dont-spread-viruses.html">Please Don't Spread Viruses</a><br /><a href="http://nitecruzr.blogspot.com/2006/01/providing-diagnostic-data.html">Provide Diagnostic Data As Text, No Attachments or Images</a><br /><a href="http://nitecruzr.blogspot.com/2005/06/background-information-useful-in.html">Provide Essential Details When Asking For Help</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/please-use-bcc.html">Please Use BCC:</a><br /></blockquote><br /><br /><a href="#Top">>>Top</a><br /><br /><a name="NetworkingSecurity"><strong>Networking / Security</strong></a><br /><blockquote><br /><a href="http://nitecruzr.blogspot.com/2005/05/ad-aware-vs-spybot-sd-you-decide.html">Ad-Aware or Spybot S&D? You Decide</a><br /><a href="http://nitecruzr.blogspot.com/2006/02/hidden-personal-firewall-nvidia-nforce.html">Beware Of Hidden Physical Personal Firewalls</a><br /><a href="http://nitecruzr.blogspot.com/2006/02/set-of-simple-network-components.html">Components Definition - Networking</a><br /><a href="http://nitecruzr.blogspot.com/2006/01/proper-network-design.html">Design Your Network Properly</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/have-laptop-will-travel.html">Have Laptop Will Travel?</a><br /><a href="http://nitecruzr.blogspot.com/2005/10/computer-uniqueness.html">Computer Uniqueness and Security Needs</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/ics-is-ok-but-you-can-do-better.html">ICS Is Not The Only Possible Solution</a><br /><a href="http://nitecruzr.blogspot.com/2005/11/make-your-wireless-computer-connect.html">Make Your Wireless Computer Connect Only To Your Network</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/what-is-nat-router.html">NAT Router - What Is It?</a><br /><a href="http://nitecruzr.blogspot.com/2006/01/nat-routers-with-upnp-security-risk-or.html">NAT Routers With UPnP - Security Risk, or Benefit?</a><br /><a href="http://nitecruzr.blogspot.com/2005/06/online-system-virus-scanning-services.html">Online System Virus Scanning Services</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/dealing-with-pop-ups.html">Pop-Ups - How To Deal With Them</a><br /><a href="http://nitecruzr.blogspot.com/2005/11/protect-yourself-restrict-your.html">Protect Yourself - Restrict Your Privileges</a><br /><a href="http://nitecruzr.blogspot.com/2006/02/using-public-computer-protect-yourself.html">Protect Yourself When Using A Public Computer</a><br /><a href="http://nitecruzr.blogspot.com/2006/05/using-public-wifi-networks.html">Protect Yourself When Using A Public WiFi LAN</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/protect-your-hardware-use-ups.html">Protect Your Hardware - Use A UPS</a><br /><a href="http://nitecruzr.blogspot.com/2005/07/connecting-two-computers-with.html">Quick Networking With A CrossOver Cable</a><br /><a href="http://nitecruzr.blogspot.com/2005/06/file-sharing-on-lan-with-two-routers.html">Setting Up Two Routers On The Same LAN</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/sharing-your-dialup-internet-service.html">Sharing Dial-up Internet Service With A Router</a><br />Spam Spam Spam - Spam Spam Glorious Spam: <a href="http://nitecruzr.blogspot.com/2005/05/brief-history-of-spam.html">Early Spam</a>, and <a href="http://nitecruzr.blogspot.com/2005/05/modern-spam.html">Modern Spam</a>.<br /><a href="http://nitecruzr.blogspot.com/2005/05/disabling-ssid.html">SSID Broadcasts</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/wep-just-isnt-enough-protection.html">WEP Just Isn't Enough Protection Anymore</a><br /><a href="http://nitecruzr.blogspot.com/2005/10/wifi-will-never-be-as-fast-as-ethernet.html">WiFi Will Never Be As Fast As Ethernet</a><br /></blockquote><br /><br /><a href="#Top">>>Top</a><br /><br /><a name="WindowsNetworking"><strong>Windows Networking / File Sharing</strong></a><br /><blockquote><br /><a href="http://nitecruzr.blogspot.com/2005/05/address-resolution-on-lan.html">Address Resolution On The LAN</a><br /><a href="http://nitecruzr.blogspot.com/2005/08/browsing-across-subnets.html">Browsing and Multiple Subnets</a><br /><a href="http://nitecruzr.blogspot.com/2005/08/setting-up-domain-or-workgroup-plan.html">Domain vs Workgroup? Plan Properly</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/fix-network-problems-but-clean-up.html">Cleanup Your Protocol Stack</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/simple-network-definition.html">Components Definition - Windows Networking</a><br /><a href="http://nitecruzr.blogspot.com/2005/07/local-name-and-address-resolution-on.html">Local Name and Address Resolution On Your Computer</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/one-unique-case-where-ipxspx-may-help.html">One Use For IPX/SPX</a><br /><a href="http://nitecruzr.blogspot.com/2005/06/file-sharing-under-windows-xp.html#Help">Setting Up File Sharing Properly</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/windows-9x-9598me-and-browser.html">Windows 9x (95/98/ME) and the Browser</a><br /><a href="http://nitecruzr.blogspot.com/2005/04/nt-browser-or-why-cant-i-always-see.html">Windows NT (NT/2000/XP/2003) and the Browser</a><br /><a href="http://nitecruzr.blogspot.com/2005/05/windows-xp-on-nt-domain.html">Windows XP / 2000 On A Domain</a><br /></blockquote><br /><br /><a name="Search"></a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13070984.post-1121205059212641932005-07-12T14:50:00.000-07:002005-08-06T10:54:05.396-07:00Hacking RedefinedThis article is an attempt to decribe malware, its delivery mechanisms, its payloads, and its detection and prevention, in a canonical and objective format. Modern malware is taking on new forms that it's hard to comprehend how aggressively it's developed and deployed.<br /><br />And even though it's malware, it's hard NOT sometimes to admire how professionally it's developed and deployed (as an IT professional only, NOT as a computer owner). Computer owners, who become victime of hacking, will NOT admire the tools, or the attackers.<br /><br />One of the problem is how you describe what's happening? Which came first - the chicken or the egg? How do you define hacking, other than what a hacker does?<br /><br />For the purpose of this article, I make the following definitions.<br /><ul><br /><li>Hacking is aggressive, deceiptful, and intentional misuse of any computer not legally owned by any Attacker, for commercial, financial, or personal purpose.<br /><li>Hacker is the person, or groups of people, doing the Hacking.<br /><li>Malware is the tool used for Hacking, AND the payoff of the Hacking.<br /><li>Victim is the legal owner of the computer Attacked by a Hacker.<br /></ul><br /><br />Malware includes:<br /><ul><br /><li>Adware - Software that delivers, or influences the delivery of, commercial material (aka advertisements) to the Victims computer.<br /><li>Hijackware - Software that makes the Victims computer do things not intended by the Victim.<br /><li>Spam - Unwanted Messages delivered to the Victims computer.<br /><li>Spyware - Software that collects and transmits personal information about the Victims computer, or about the Victim, to persons who have no legal entitlement to that information.<br /><li>Trojans - Software accompanied, in a package with software requested by, and installed when the requested software is intentionally installed by, the Victim.<br /><li>Viruses - Software that installs itself, and makes itself part of, software known by, and trusted by, the Victim.<br /><li>Worms - Software that travels by itself, and installs itself, on the Victims computer without any intent, or knowledge, of the Victim.<br /></ul><br /><br />The people performing the Hacking Attacks have been formerly referred to as, variously:<br /><ul><br /><li>Adware / Spyware Writers.<br /><li>Hackers (Classically).<br /><li>Spammers.<br /><li>Virus Writers.<br /></ul><br /><br />In the past, this cross-referencing was not necessarily done. Classically, Malware was of a distinct nature, and one type of malware was not used by another type, or group, of Attackers. Today, we have combined Attacks, where:<br /><ul><br /><li>Spam is used to deliver Trojans to be installed on Victims computers.<br /><li>Adware / Spyware is installed as Trojans.<br /><li>Trojans, installed on Victims computers, are used in the delivery of Spam to other Victims.<br /><li>Trojans, installed on Victims computers, are used in the delivery of Worms to other Victims.<br /><li>Viruses are used to attack people or software used to defend against Adaware, Spam, and Spyware.<br /><li>Viruses, having infected the Victims computer, can become Worms, and attack other computers on the same Network.<br /><li>Viruses or Worms were used to Attack the data on the Victims computer, rendering the data unusable unless actual money was paid by the Victim to the Attacker. No, <a href="http://news.zdnet.com/Miscreants+encrypt+files%2C+hold+them+for+ransom/2100-1009_22-5718678.html?part=rss&tag=feed&subj=zdnn">this is NOT fiction</a>.<br /></ul><br /><br /><a name="Trojans"><strong>Trojans</strong></a><br />The term Trojan refers classically to the ancient story of the Trojan Horse in Greece. A Trojan is software which travels, as a separate component, in a package of Host software that is requested by, and intentionally installed by, the Victim.<br /><br />A Trojan can be anything as innocent as an extra toolbar, installed as a part of the Victims browser, and used to "enhance the browsing experience", to software that makes the Victims computer act in a three role Spam delivery capacity. A Trojan typically requires action (wilfull or otherwise) by the victim to install.<br /><br /><a name="Viruses"><strong>Viruses</strong></a><br />A virus is software that travels as an integral part of Host software, that is intentionally installed by the Victim. A virus installs itself into an innocuous Host file, which is passed from Victim 1 to Victim 2. Both Victims intentionally pass the file, without either being aware of the total nature of its contents.<br /><br /><a name="Worm"><strong>Worms</strong></a><br />A worm is software that travels from Host to Host in a trusted media, such as the computer network (with no firewalls in place), or in email (with no malware malware / virus scanning software in place). A worm typically requires no action, or intentional action anyway, by the Victim, for propagation.<br /><br /><a name="Hackers"><strong>Hackers</strong></a><br />The classical Hacker was a disenfranchised teenager, hiding in his bedroom, attacking an individual computer owned by a single Victim, for amusement.<br /><br />See, for instance, <a href="http://www.imdb.com/title/tt0086567/">War Games</a>, one of the earliest movies about Hackers.<br /><br />Today, Hackers use programs that they may release as Trojans, as Viruses, or as Worms. The Hack, which when installed on the Victims computer, may make that computer part of a Botnet. A Botnet, or entire army of computers controlled by a Hacker, can be sold to individuals or corporations for delivery of Spam, for hosting of Adware or Spyware, or for the creation of even more Botnets. As of June 2005, the reported value of ONE bot was $.55 USD, thus a 10,000 member Botnet (a not at all abnormal number) could net the Hacker $5,000 or so.<br /><br />So let's classify the malware.<br /><br />We can classify it by delivery mechanism.<br /><ul><br /><li>Trojans - Software accompanied, in a package with software requested by, and installed when the requested software is intentionally installed by, the Victim.<br /><li>Viruses - Software that installs itself, and makes itself part of, software known by, and trusted by, the Victim.<br /><li>Worms - Software that travels by itself, and installs itself, on the Victims computer without any intent, or knowledge, of the Victim.<br /></ul><br /><br />We can classify it by payload.<br /><ul><br /><li>Adware - Software that delivers, or influences the delivery of, commercial material (aka advertisements) to the Victims computer.<br /><li>Hijackware - Software that makes the Victims computer do things not intended by the Victim.<br /><li>Spam - Unwanted Messages delivered to the Victims computer.<br /><li>Spyware - Software that collects and transmits personal information about the Victims computer, or about the Victim, to persons who have no legal entitlement to that information.<br /></ul><br /><br /><a name="Detection"><strong>Malware Detection</strong></a><br /><br />So, if there's malware out there, how do we know what's out there? More importantly, how do we describe what's out there? And how do we remove what's on our computers, and then hopefully, keep it from coming back?<br /><br />You have to know what's there before you can fight it. Knowing what's there is a matter of detecting it. Basic malware detection is based upon two alternate processes.<br /><ul><br /><li>Behaviour analysis and detection.<br /><li>Signature analysis and detection.<br /></ul><br />Behaviour analysis, also known as heuristic analysis, takes a suspect file (or a computer system), opens it (operate it), and sees what it does. Sophisticated heuristics are used by some antivirus / antitrojan products, which contain a sandbox, which is a replica of the operating system, within the AV / AT product code. A suspect file is copied into the sandbox, opened from within, and observed. If its opening makes suspicious references to the system services provided by the (replica) operating system, it is suspected to be malware, and examined further.<br /><br />Signature analysis takes the actual contents of the various bytes in a suspicious file, and mathematically calculates a hash of the contents. The hash becomes the signature, which is compared against a database listing known malware. If suspected malware has a hash matching known malware, it is determined to be malware.<br /><br />Malware analysis can be done heuristically against the entire system. Note <a href="http://nitecruzr.blogspot.com/2005/05/ad-aware-vs-spybot-sd-you-decide.html">the difference between adware and spyware</a>. The first will typically generate incoming network traffic; the second, outgoing. <br /><br />By statefully looking for incoming or outgoing traffic, compared against what should be expected, malicious activity can be detected. Software designed to look for malicious incoming traffic will be better at detecting adware, software designed to look for malicious outgoing traffic will be better at detecting spyware.<br /><br />Signature analysis is a much simpler process, but demands more work. To do a signature analysis of the system (a trojan or virus scan) requires taking each file, one at a time, on the entire system, generating a signature from the file, and comparing each against each entry in a very long list (database) of known malware. Multiply the number of files in your typical system, against the number of possible (known) malware, and you see what a massive effort that is. And each time a new set of signatures is produced (and with some antivirus products, it's multiple times / day), a rescan could be appropriate.<br /><br />Some malware is encrypted, to fool the signature scanners. Malicious code is taken, and subjected to rearrangement (packing), with some packing containing random operations which makes unpredictable results. Simple signature checking (and the bad guys, in some cases, know what procedures are followed to produce the signatures) won't detect packed code, which follows no known pattern. So suspect files have to be examined for unpacking code embedded in the code, and in some cases, the unpacking has to be allowed to execute so the signature checking can take place. This makes signature checking even more complex, and more time consuming.<br /><br />On the other hand, its somewhat possible that having unpacking code in a file indicates that it's malware. Most legitimate code (excepting openly compressed files) does not use unpackers, as most legitimate code is already in an executable state. So when an AV / AT scan finds a file with an embedded unpacker, it's a strong possibility that the file contains malware. Of course, the malware still has to be analysed, to determine just what malware it is. But the scanner doesn't have to continue the heuristic analysis, just switch to the signature check.Unknownnoreply@blogger.com0