12 июн. 2012 г.

xCore Beta 2012 testing

Today while surfing a well-known Russian IT-security forum, I found out that xCore AntiVirus, an antivirus toolkit which was developed in 2009 by two (?) guys and then not developed any more, has been reabilitated in January 2012. This project even became open-source, but now it has been taken by stopmalware.kz team who have some other usefull tools, maybe I’ll write more about them one day.
It is something like a small antivirus + some of the functions of AVZ by Oleg Zaytsev.
It was tested under Win 7 (no SP). Running in Win XP SP 2 compatibility mode doesn’t help to avoid the following bugs.
The core was completely remade on 10/03/2010 by old developers (beta 2.0) and now lots of new things have been added, but, unfortunately, the interface leaves the same (it isn’t an impotrant point at all, you do understand it if you’re an a bit advanced user).
Found bugs:
1. Database checking cannot be stopped while processing
2. If a scan was ran the virus database checking is performed and nothing else happens (may be sth is really checked but the uder isn’t informed)
3. The update doesn’t work: if to open xUpdate.exe than an icon in the tray appears but notning happens and it has no context menu
1-noupdate
4. The window cannot be neither closed neither something else. If the operation is complete, the ‘stop’ button is still active
2
I had to use Windows Task Manager to close scanners and ti terminate xupdate.exe proccesses.
Files and what they run:
scanwin.exe: cmd.exe (nothing happens) + database checking
xtest.exe: just the cmd is opened a closed (seems to be an application for using under cmd). A virus test file (if to run under cmd)
ureg.exe: the same as xtest.exe but the was a text in the opened & closed windows command line
reg.bat: the same. Used for regestering in the contextual menu (manually)
RegShell.exe: nothing (maybe registering ‘scan by xCore’ to the contextual menu)
xAsSystem.exe: seems to have a GUI, but again nothing happens. Is responsible for running scaner with System privileges (it it’s not said how to use it)
ASERreport.txt: the log, where everything you see in the window of the scanner is saved
xScanner.exe: Oh, the only running file with GUI working! Of course, while scanning it has the same bugs (does it scan anything?). But before starting scanner you may use some interesting tools, such as: opened ports viewer, Process, Autorun Managers, Settings, report (ASERreport.txt) opening. And opening some system tools, such as regedit, cmd etc.
Also a tool that lets you see MD5 of a chosen file and another toll to check if a file is registered in Microsoft’s clean files database. The bad point of md5 viewer is that it it doesn’t let you copy the result.
Working from the list above: opening system tools, MD5 and Microsoft. So everything from ‘File” menu works, nothing works from “tools”. Everything is OK with ‘Help’, but a local help file doesn’t exist. Whati liked is that cmd was ran from the folder of the program.
=================
So, it’s a tool, thar doesn’t work properly under Windows 7. The developers say it was tested under XP and verything was OK.
But it seems to be a good project (already with a long & cruel history :-)) and the toolkit seems to have lots of useful features.
I would recommend to the developers to, first of all, make a web-site and, secondly, give a fluent and detailed description how to use their beta. I can help :-)
At the moment of writing this post their website made under this toolkit had no content. Download xCore Beta 2012. If it runs on your system, please, let us know about it in comments. Attention! It is in Russian smile[1]

11 июн. 2012 г.

KOREA D.P.R. and Stuxnet

On Sunday Kaspersky labs found the missing link between Stuxnet and Flame, that was very, very good.

So, it’s one more fact that the USA & Israel won’t stop with Stuxnet.

Nowadays expert believe that Koread D. P. R. has the third in the world pottential for cyber wars after Russia and the USA. Of-course, as you know, peolpe who live there don’t know about this, I’m afraid they are even disinformed that computers are someting for their army, a secret machine.

So, can they be attacked by something like Stuxnet? In the same way definitely no. They are a very closed country and, of course, their computers which control nuclear power are disconnected from the Iternet. So you’ll have to have an insider who will bring the virus to the ‘object’, on a USB, for example.

An insider is from the word ‘inside’ – someone who helps you from inside ‘the object’.

When you come to the North Korea, the best they have is showed to you, e.g., opened shops, where there is everything, but in fact they’re in a big lack of food, that’s why nowadays they are trying to buy&sell abroad.

As it is a very closed country, it is not easy to send an insider. But USA and Israel at trhe moment don’t have anything big against Korea D. P. R.. In fact, Iran is bad not becaus of its nuclear bomb (other countries also have it), but because of oil.

What do you think?

9 июн. 2012 г.

F-Secure uses Windows Firewall in 2013 version. Part 1

This is the first post on this blog about cyber security and not only and today I'm writing about that F-Secure is using Windows Firewall in it's version 2013 instead of it's own.
Today I have registered for F-Secure beta test (F-Secure Internet Security 2013) and was surprised that it was written that now Windows Firewall with some additional filters is used in version 2012. As most a bit advances users know, Windows Firewall isn't a high quality product. So why have they decided to use it? I cannot answer this question for sure so I will ask F-Secure, but I don't think I will get a reply... But still.
You can read it in original here. Bellow is the screenshot:
fsecure-firewall
Ok. The latest anti-malware.ru Russian test laboratory test: Microsoft’s solutions (Microsoft Security Essentials + its firewall) showed the same result as F-Secure – both had a score 7 out of 17.
Hado skazat’, the results are surprising: Matousec tests always showed a  different situation! E.g., Outpost, OnlineArmor always had good results. The test was performed in June 2012, so at the moment of writing this post it’s the newest one. And also, I hope, Anti-Malware.Ru doesn’t take money for its tests and Matousec does, so… BUT. In this test sth else was tested, ISP/IDS, not proactive security as in Matousec’s tests.  So, now everything gets clear. Firewall software isn’t good at preventing DDos, for example, but such cases aren’t common for home users and small business.
antimalwareru-firewall-tst-june2012
And here are the results of the test performed by the same test lab in September 2011. The situation is like Matousec’s tests, the results are similar, but here Microsoft has worse results than F-Secure.
antimalwareru-firewall-test-september2011
So, why is F-Secure going to use Windows Firewall with additional filters instead of its own technology?
Wait for the next part of the story. Maybe they used not their own technology before? The investigation is continuing :)