Sunday, August 29, 2010

Learn to Set Up a Secure Server

Have you ever wanted to learn how to set up a Linux server? Have you ever wanted to learn how to set up properly (i.e. securly)? The best way to learn is to do. Here is what you will need: An old desktop PC, a separate internet-connected PC, a router and an ISP that allows servers to be set up from your home. This last part is important, or it could mean getting in trouble with your ISP. Be sure to check the Terms of Service agreement to make sure you are allowed to run a server from your home.

Start by downloading an ISO for Debian Linux. Why Debian? It's a highly popular Linux distribution with huge package repositories, very stable releases, very universal-purpose, and it even has a manual on how to set up and secure a Debian server! Follow this guide and do each step on the list. Keep a notebook handy to write down shell commands, what went wrong, what went well, etc. You'll learn a lot just by setting up the OS and its services. The separate internet-connected PC is for inevitable Googling, and for running Nmap, ping, etc. on your server to see how it's working.

Once you've set up your server (this will probably take hours or days or weeks), you can sign up for a free dynamic DNS service at DynDNS. Set up your router with your DynDNS account if supported, assign your new server a static IP address from your router, port forward the necessary ports to the static IP, and hopefully you're up and running (externally visible on the internet).

Make sure you set up Snort on your server, and check it regularly to see how your server is doing, and what might need to be improved. Leave your PC on over the next few weeks or months and you'll see quite a few logs of people trying to log in to SSH, etc. despite that fact that you never ever advertised your server's existence!

I went through this whole process just for the fun of it and to learn something, and it was a pretty valuable experience. It's even something you can put on your resume. If anyone decides to take on this project and needs help at any point, let me know and I might be able to help.

Friday, August 27, 2010

Announcing the Mikazo Tech Blog WCG Team

For those of you that don't know, World Community Grid is a non-profit organization that anyone can join who wishes to devote their spare CPU processing time to distributed computing projects that benefit humanity. Here is the description of WCG from their homepage:

"World Community Grid brings together people from across the globe who donate their idle computer time to create the largest volunteer computing grid benefiting humanity. Our work is built on the belief that technological innovation combined with visionary scientific research and large-scale volunteerism can help make the planet smarter. Our success depends on individuals - like you - collectively contributing their unused computer time to this not-for-profit endeavor."

I've always liked the thought of contributing to an organization such as this, but my computer hardware has been what's stopped me in the past. My old desktop computer is simply too slow to make any meaningful contribution, and my laptop computer is on and off so much that it would take forever to complete a single work unit.

But, since I've just recently bought and assembled my own computer, I now have a modern machine that stays on for longer periods of time. With a brand new Intel Core i7 870 processor (4 physical cores, with Hyper Threading makes 8 logical cores, each running at 2.93 GHz), I decided to sign up for World Community Grid. The other plus side to my situation is that hydro is included in my apartment rent every month, so no matter how much I use (i.e. contributing to WCG) my hydro cost is the same.

I've been running WCG projects for about a week now, and I've made several contributions. Having 8 logical processor cores means that I can work on 8 work units at once. I received an email saying "thank you" and advising me to join a WCG team. Since I don't have much care for points systems when it comes to helping save humanity, I didn't give joining a team much thought. But then an idea came to me. What if I started a WCG team around my blog? Perhaps I can convince the readers of MTB to chip in, and join my newly-created "Mikazo Tech Blog WCG Team". Not only would it build a sense of community around my blog, it would be fun to see how many readers I have, and to interact with them.

So, if you have a desktop computer that sits idle at times, consider joining World Community Grid, and then the "Mikazo Tech Blog WCG Team". The team's BOINC Team ID is: 25936. I plan to add a permanent static page to the navigation links at the top of this blog, showing team statistics and an offer to join.

It's all for a great cause, you can help in making scientific breakthroughs, and you get a cool free sceensaver.




Coffee Spillage

If you work in the software development industry, odds are that you drink one or more daily doses of that sweet brown caffeine-infused liquid known as coffee.

As I was walking back to my cubicle the other day with a steaming hot mug (unfortunately made with CoffeeMate whitener instead of real cream), I realized that at a certain point on my journey I always nearly spill some coffee. I found this puzzling, since I walk completely steady with a steady hand all the way back.

Then I realized something. I always stir my freshly-filled mug vigorously before leaving the coffee station, then I begin my journey back. I usually watch the mug in my hand now so as to avoid the spilling moment that inevitably follows. I realized that the coffee in the mug is always spinning quickly from the stirring when I first start walking, then begins to slow down as I progress. At some point the coffee hits a strange pattern of motion as it slows down, where the coffee almost slops out the sides. I'm sure this is to do with some fluid mechanics phenomenon that I'm not quite aware of. Perhaps it's similar to the case of how "Spin-stabilized projectiles with liquid payloads can experience a severe flight instability characterized by a rapid yaw-angle growth and a simultaneous loss in spin rate".

My friend verified my claim, and mentioned that he could mitigate spillage by not filling the mug as full. I pointed out that this solution is not ideal, as it reduces the ratio of caffeine per trip to the coffee station.He then suggested some type of coffee sealant device that he calls a "lid". I told him that's a good idea, and that he should patent it.

Anyway, have you any thoughts or similar experiences?

Thursday, August 26, 2010

Book Review: The Art of Computer Virus Research and Defense

Some time ago, I developed an interest in learning about computer viruses and malware. It's a fascinating topic for anyone interested in computer programming, and I learned much from this book. Some background in programming and assembly language is recommended. It gives a very thorough picture of all the different forms malware can take, from the earliest viruses to the latest botnets. The book was written in 2005 by Peter Szor of Symantec. It contains some very advanced malware concepts that are no doubt still in use "in the wild" today, despite being written over five years ago. It's exciting to think how far the concepts from this book have developed since then.

The book starts off by giving a short history of computer viruses, and proceeds to briefly describe a wide variety of platforms on which malware can exist. This list includes executable binaries, macros in documents, specific scripting languages, emails, web pages, and so on. Once you've been convinced that if there's a platform with a large enough user base, a virus can be written for it, the book starts with the main content of the subject.

The book is divided into two parts. The first part spends about half the book discussing all the different techniques malware uses to infect, hide, exploit, and even retaliate against users. From this section, I learned much about the Portable Executable (PE) file format for Windows executables. The section was so interesting that it inspired me to experiment with making my own PE-appending infector program with Visual Studio. The program is non-replicating and causes no real damage, but it helped me learn more about the techniques a virus can employ. This section of the book also covers how modern viruses can encrypt their own contents, obfuscate their assembly code by inserting junk instructions, re-arrange their code without changing its meaning to avoid binary-pattern-scanning from anti-virus programs (polymorphism), and even re-program themselves (metamorphism).

Once a thorough description of virus techniques is covered, the second part of the book discusses how to defend against these types of attack. The inner workings of anti-virus programs are discussed, as well as their advantages and disadvantages. There is always a trade-off between fast scan speeds, and high virus scan coverage of all different virus types. There is also discussion about the problem of false positive scan results and false negative scan results, both of which can be detrimental to an anti-virus user. The end of the book describes some methods of malware analysis, including which tools the pros use, how they catch virus samples with honeypot systems, and how automated analysis systems work.

Overall, the book was a very enjoyable read, the wording wasn't too heavy, and even someone with a limited programming or tech background can probably learn much about malware from this book. I would recommend picking up a copy if you are interested in how malware works, and how to defend against it.

Disclaimer: This is my first product endorsement blog post. I feel that it is worth mentioning that I plan only to review products that I have purchased myself, used, analyzed, and enjoyed. The Amazon links to buy this book do earn a commission for myself. I own this book, and learned much from it, and so I feel comfortable recommending it to the general readership of this blog.



Monday, August 23, 2010

Why I Am Never Buying An HP Computer Again

Hold on to your hats, this is going to be a long post. In July 2007, I purchased my first very own computer (i.e. didn't have to share with the rest of the family). I was going to be starting university in September of 2007, so I bought a laptop for doing assignments, taking notes, having a computer in my dorm room, etc.

I went to Future Shop and eventually decided on an HP Pavilion dv6568se. I shelled out for the extended 3-year warranty provided by Future Shop, which turned out to be a good idea. I even bought the bigger 12-cell battery for longer battery life. Stupidly, I paid for Future Shop's "computer setup" service. Having worked at Staples doing the same setups job, I know that you're supposed to get a set of recovery discs out of the deal, and have all your hardware installed, with anything else belonging to you returned when the setup is complete. Somehow, Future Shop got away with making recovery discs, but not giving them to me. I know because I didn't get any back, and I couldn't make my own because apparently a set had already been made. Also, I got my 12-cell battery, but they never returned the 6-cell that came with the laptop. This would have come in useful when the 12-cell wouldn't hold a charge anymore after a couple years. Instead, I had to buy a new battery. I'm smarter now, and know to look for these things.

In the fall, I met my girlfriend who also had a dv6000-series HP laptop. The way Future Shop's extended warranty works is, if the computer needs 3 major hardware repairs, and a fourth one is necessary, they will simply replace your computer with a brand new one of equivalent specifications. If it's been a while and they don't make the model you bought anymore, you get a free upgrade to the next highest version currently available. Not a bad deal.

Within the first year of university, my girlfriend's HP laptop had four such hardware problems. First, she noticed that after using her laptop for about a half hour, it would become very hot, as in too hot to touch without burning your hand. We brought it in to Future Shop and told them, so they sent it away to HP to have the processor cooling unit (heatsink/fan) replaced. When it came back, it seemed ok for a while. Later on, the internal wireless card started to go flaky. Brought it in to Future Shop, they determined that it was faulty, and sent it away to HP for repair. When the laptop came back, it started showing signs of overheating and wireless issues again. This seemed strange, so back it went again to Future Shop. After much waiting and going through the pain of using "replacement" laptops (i.e. you buy one with a Future Shop credit card and then return it within the 30-day window), it turned out the motherboard needed replacing. Once the laptop finally came back, it was still overheating, and the CD drive started making strange noises. I suspect that that particular processor/motherboard combination was just a lemon model altogether. So back a fourth time it went, and she got a replacement laptop. It was a pretty nice upgrade from the old one too. Just to be safe, she bought a new 3-year Future Shop warranty on the new laptop.

Since the new laptop has been in use, it's already been in once for a major hardware repair, and needs to go in again. We noticed that the screen flickered and the image disappeared each time it was opened, and eventually each time it was touched or each time someone walked by the laptop. It was taken in and sent away for repair, but then a week or two later, the same screen issue started happening again. Not only that, the CD drive decides to make weird noises and starts spinning up really fast. Also, some kind of Windows update causes the wireless card to turn off every time the laptop goes to sleep, and the user must turn it back on by pressing the wireless button twice to make it usable again. I've also seen this exact same issue in a newer HP laptop model that my Mom got for Christmas.

So now that the background is set for HP laptops causing problems, let's return to my HP laptop. I can honestly say that it's been very good to me. I've had the laptop for over three years, formatted it countless times as I couldn't make up my mind between Windows, Linux, or dual-booting. I've run virtual machines on it, stressed the video card with games and dual monitors, watched countless DVDs in the DVD drive, and lots more. There have been minor issues such as the webcam not always working (which I suspect was a software issue), and the card reader doesn't always seat memory cards firmly, causing blips in mounting/dismounting in the OS. The only major issue is that when the laptop was two and a half years old, the hard drive croaked. I wasn't surprised, given the amount of stress I put it through over the two and a half years. The laptop was still under warranty, so I brought it in, telling them why I thought the hard drive failed. They agreed, and sent the laptop away to HP. Up until this point, I didn't care that Future Shop never gave me my recovery discs back, because I still had the recovery partition on the laptop.

So when the laptop comes back from being repaired, the hard drive is replaced and a fresh copy of Windows is installed, but to my surprise, there was no recovery partition. I was a little screwed now, because I didn't have recovery discs or a recovery partition. I tried to make a set using the fresh copy of Windows, but of course it wouldn't work because there was no recovery partition from which to clone the information onto discs. I decided to contact HP about this, and ask for a free set of recovery discs. They normally cost about $50, and I didn't want to shell out just because they took away something that originally came with the laptop. I sent them a series of emails over this issue, and received a series of responses, from many different HP employees. Apparently their customer service system is to sent the whole support thread to whichever support agent happens to receive it, and have them pick up where the last support agent left off. It would be much more effective and efficient to keep track of support issues and have one support agent deal with an issue throughout its lifetime, but apparently that's just not how HP operates. The remainder of this blog post is a copy of my lengthy conversation with HP customer support.

Me (via web support form): Error message : The recovery partition could not be found. Exit PC Recovery Disc Creator and contact HP support.
Problem description : My laptop was still under Future Shop warranty when the hard drive failed, so they sent it to HP for a hard drive replacement. When I received the laptop back, it was in original factory-recovered condition, but there is no recovery partition. I noticed this when I went to make a set of recovery discs, as I do not have any original recovery discs. I don't care so much about the absent partition, but is it possible you could send a set of recovery discs? Thank you for any assistance.

HP: Hello Michael, Thank you for contacting HP Total Care. I am Victor. From your e-mail I understand that you are unable to create recovery disk as there is no recovery partition in replacement hard drive which you got from HP. Michael, in order to get recovery CDs, I am providing a link where you can place an order for the same. (link) NOTE: Clicking the link may give an error indicating that it is invalid. If this occurs, copy the link and paste it on the address bar in your browser until the complete address is displayed in the Address box. If you face any difficulty to place order or have any further concerns, please reply; we are always available round the clock to assist you. For information on keeping your HP and Compaq products up and running, please visit our Web site at: http://www.hp.com/go/totalcare
Sincerely, Victor


Me: Hi, I followed the link you provided, to learn that the cost of recovery discs in Canada is $40 plus shipping. As I am a university student in Ontario, my personal funds are limited. I feel that my laptop should retain some form of recovery functionality, whether it is from a partition or on disc. This recovery functionality has been lost as a result of a repair by HP. I would greatly appreciate some kind of resolution of this issue, however I have already been without my laptop for several weeks and spent over a day setting it up the way it was, as I am a computer science major and rely on my laptop heavily for school. Is it possible to send a set of recovery discs free of charge? Thank you for your understanding. -Michael

HP: Hello Michael, Thank you for your reply. As per your previous email, the notebook is restored to factory default settings. Then there must be two partitions C and D as factory default settings are restored. You will find the recovery partition on D drive and should be able to create the recovery disc. For your convenience, I will provide the steps to create the recovery disc. (Steps omitted to save space) If still you are not able to create the recovery disc, then I regret to inform you that the notebook is not within standard warranty period according to our database, you will be charged for the recovery disc and you need to order the recovery disc from the link which is provided in previous email. However, as per your email the notebook is within Future Shop warranty. So we need to update the warranty status in our database. For the same, you need to send the original receipt to our POP team. They will verify the status and update the records in our database. Then only we will be able to send recovery disc free of cost.
POP Requirements.
1.Copy of their Purchase Receipt.
2.Name of the owner.
3.Phone No.
4.PhysicalAddress.
5.Email Address.
6.Product Name.
7.Product Number.
8.Product Serial Number
Please, e-mail us as well as to the POP department with the following
information in the below mentioned e-mail address.
E-MAIL=== hp.pop@mail.support.hp.com
You can also fax to the POP department with the above information by the
below mentioned fax no. Fax No. 1-800-563-4860
If you need further assistance, please reply to this message and we will be happy to assist you further. For information on keeping your HP and Compaq products up and running, please visit our Web site at: http://www.hp.com/go/totalcare
Sincerely, Kristine


Me: Hi, Thank you very much for you help. I was not able to scan my original laptop purchase receipt, as it is in my home town. I was able to scan the repair receipt and repair invoice however. They are attached. Would this be of sufficient use to you? Here is the rest of my information: (personal info, etc.) Please let me know if there are any other problems or required information. Thank you. -Michael

HP: Hello Michael, I would like to thank you for replying to us. You will be receiving shortly FREE Recovery disc set at your address. POP Team : Check the attachment and update the warranty status as early as possible and revert back. Purchase Date: 01- Jul 2007 Expiration Date : 01- Jul 2010. Michael, I am personally following your email, please let us know where to ship the recovery discs set? We always try to make sure that the issues experienced by valued customers are always taken care of with utmost importance. Please reply to this message and we will be happy to assist you further. Sincerely, Sidney

Me: Hi, If you could ship the recovery discs to, (address). Thank you very much for your assistance. It is greatly appreciated, and I will seriously consider buying an HP notebook again in the future, when my current notebook has run its course. -Michael

HP: Hello Michael, Thank you for contacting HP Total Care. Michael, we have received your shipping address, however I regret to inform you that you may need to incur all applicable charges as the recovery discs are not covered under Extended warranty. Please get back to us with this email we will continue from there. Sincerely, Neal

Me: Hi, I've talked to four different people now, two have said that I must pay for my recovery discs, and two have said that I will be sent recovery discs free of charge. I feel that I should re-iterate that I had recovery functionality before I sent my laptop to HP for hard drive replacement, and now that it is returned, I do not have recovery functionality one way or another. From my perspective, this is a loss of quality as a result of a manufacturer repair under an extended third party warranty. I'm not aware of the relationship between HP and Future Shop, nor am I aware of who to speak to at HP with the authority to give me a final answer. Is there someone I could forward my concern to, rather than deal with a new HP employee with every reply? Thank you. -Michael

HP: Dear Michael, Thank you for contacting HP Total Care. I am Nick and this reply is in regards to the issue related to HP Pavilion dv6568se Entertainment Notebook PC. From your previous interactions, I understand that after replacement of replacement hard drive from HP there is no recovery partition on hard drive. Michael ,I would like to inform you that whenever hp replace hard drive it does not contain recovery partition on hard drive you need to use recovery disc to install OS. However, as you mentioned in your first email that your hard drive was replace by HP when your notebook was under Future Shop warranty. If HP replaced the hard drive then provide us the Service Order number to replacement of hard drive. Therefore, we can set up service order to send free recovery disc to you. I sincerely apologize for the inconvenience. I hope that you understand the limitation of our support. I believe the information that I have provided is useful. If you need further assistance, please reply to this message and we will be glad to assist you. Sincerely, Nick.

Me:Hi, Thank you for your reply. I understand the limitations of your support. The work order number for the hard drive replacement is: (number). The Unique ID number is: (number). I have attached the scanned copy of the service invoice. I am not concerned that my new hard drive does not have a recovery partition, I would just like to have some means of recovery available. If you could send recovery discs to: (address) I would greatly appreciate your effort. -Michael

HP: Hello Michael, Thank you for contacting HP Total Care. Michael, thank you for writing back to us with the details. I have forwarded the details to concerned person, soon they will work on it revert to you with the confirmation email. Mean time if there is anything in which I can help you regarding any of your HP product, please feel free to ask and will definitely assist you to the best of my ability. Sincerely, Rose

Me: Hi, After waiting patiently for almost two weeks for a reply from HP regarding my concerns about a means of recovery for my recently repaired laptop, I have decided to give up on the issue. This is the seventh email I have sent on the subject, and I am no closer to a solution. When it comes to the point where my laptop is in need of recovery and I will have no means of doing so, I will be forced to buy a new laptop which will assuredly be of a brand other than HP or its affiliates. Thank you to those in this email chain that have attempted to help me. -Michael

HP: Hello Michael, Thank you for contacting HP Total Care. I understand your concern regarding this issue. I apologize for the delay in our response to your issue. Due to an increase in requests, our response time will be longer than usual. HP values the relationship with its customers. Please be informed that your concern has already been forwarded to our supervisor and one of our supervisors will get back to you shortly after reviewing your case. Sincerely, Kathy

This last response was from HP in November 2009. It is now August 2010 and I have not heard from them. In total I got two "no"s and three "yes"es to free recovery discs, and two "I'm working on it"s. I'll leave it up to you to decide if this is the definition of acceptable customer service. I would much rather wash my hands of this whole issue, and buy a different brand next time I need a new laptop. Luckily, my HP is still kicking, and hasn't needed a recovery yet.

Saturday, August 21, 2010

Blog Roundup: Windows Refunds, Tablet Boom, and Free Security Software

An aggregation for your consideration:

It is a Windows World - Jeff Hoogland at Thoughts on Technology shares his perilous three-hour dispute with Asus over a refund for pre-installed Windows.

Tablet, Slate and Pad Makers – On Your Starting Lines - Jason Slater at Jason Slater Technology Blog speculates on where the big players stand at the top of the imminent tablet market boom.

Free Security Software To Secure your Information - Sherman Hand at Sherman's Security Blog has created an exhaustive list of free software to help you fight the enternal battle of securing your PC.

Friday, August 20, 2010

Why All Workplaces Need a Wiki

In my limited experience of two jobs in Canada's high-tech industry, one of those jobs had a wiki set up (it was actually SharePoint, but whatever you prefer). Throughout the 4 months that it was set up, I realized the true value of having a workplace wiki.

Firstly, if you are a new employee and your new job has a robust wiki set up, you can find a lot of what you need to know to get started right on the site. Most likely all your common questions will be answered there. Not only that, a good wiki will also have important documents, links, and software you might need.

If you are a new employee and your job does not have a wiki, suggest to your manager that one be set up, offering to post all your "new employee experiences" as start-up material. You could even offer to implement and maintain the project. Not only will your team gain a valuable resource, it will also show your manager that you take initiative.

If you have worked for a company for some time and your group doesn't have a wiki, you can still suggest the creation of one. That way when all the new employees come to you with questions, you can just refer them to the wiki. If you don't know the answer or the answer isn't on the wiki, you can add it in when the answer is found.

In any case, the beauty of a wiki is that it doesn't have to be a one-person job. Anyone can edit and provide content, allowing users to draw from the expertise of the entire group. Working on the wiki can also serve as something to do if an employee is between projects, or waiting for their code to compile.

Hopefully you can see the potential value of a wiki, if you haven't already used one in the workplace. Do you the reader have any wiki-related stories from work?

Thursday, August 19, 2010

Rogers BIS 3.0 in Ontario

I've you've been reading along for a while, you'll have noticed that I just recently got a Blackberry Curve 8520. It's serving me nicely so far but one of the things I was annoyed about was the fact that Gmail and Blackberry Internet Service (BIS) didn't play very nicely together. If I marked an email as read either in my PC's web browser or on the Blackberry, it wouldn't show up as read in the other.

I Googled around for the problem and found that "Hurray, BIS 3.0 to offer 2-way Gmail sync!" Then I found "Oh no, it seems they didn't include it in the release!"

The lack of 2-way sync on my Blackberry led me to believe that my carrier (Rogers) in Ontario hadn't upgraded to BIS 3.0 yet, so I decided to ask them. Here is the support email I received back:

Dear (name),
Thank you for your email.
My name is (name), I apologize for the delay in following up with your
email. I hope the information provided will be of assistance to
you.
Rogers currently using BIS 3.0.
Please advise if I was able to provide you with the information you have
requested.
(...)
Thank you for choosing Rogers.


So it seems indeed that the 2-way sync feature is lacking in BIS 3.0. Until the next version comes out, I've decided to unlink my Gmail and BIS, and just use the Gmail app instead.

Tuesday, August 17, 2010

An Introduction to the Malware Problem

Introduction


This article is my attempt to explain and understand the state of information security today, from the perspective of the average computer user. It is an article I wrote some time ago for my resume website, to demonstrate an understanding of the causes and effects of malware, and why malware is such a big problem today. I decided to re-post this article on MTB, in order to reach a larger audience and hopefully spark some discussion. Malware research, analysis and defense is an ever-evolving and ever-continuing field, and the following paragraphs give some idea as to why that is.

Responsibilities of the Security Suite


In my earliest memories of computers, every machine had a 5.25" floppy drive, RAM was measured in kilobytes, and monitors came in either monochrome green or monochrome orange. Computer viruses were just that, viruses. Viruses infected other files, and propagated via floppy disks. It was the time of 14.4 kbps dial-up modems, and the internet wasn't a household necessity yet. I'm aware there were older times in computers, but for me, this was pretty primitive. In any case, networked computers were only just beginning to become a medium for computer virus propagation. Now, in 2010, viruses aren't the only problem. The internet is plagued with viruses, trojans, worms, botnets, adware, spyware, phishing, hackers, denial of service attacks, distributed denial of service attacks, and who knows what else. These threats are collectively called "malware", to simplify what is being referred to. Granted some of the areas of malware overlap, but the point is that there is a very large number of threats to the home computer user, and more are created every day. How can the average home user be expected to keep on top of all these threats? Computers these days come pre-installed with all kinds of bloatware, usually including some kind of trial version of anti-virus/protection software. Most security software claims to protect against all of the above-mentioned threats, both online and offline. Home users can rest easy (and most do) that their security software will protect them from any virus, any worm, any spyware, and so on. Once their pre-installed trial dries up, the home user is expected to pay a moderate monthly sum. And why shouldn't they? Analysts at every anti-virus company are constantly examining the most dangerous new threats and developing signatures and cleansing routines for each of these dangerous threats, every day of the week. On top of dealing with the most dangerous threats, virus-analysis-automation systems need monitoring and maintenance to deal with some of the more mundane threats. Not only are analysts working tirelessly every day, it may even seem like they aren't getting anywhere, as there is most likely a hefty back-log of malware to look at. Many claim that enumerating every threat is the wrong approach, and that there will always be more threats. Trying to catalog and clean each one of them is an impossible and endless task. Analysts have to constantly research and develop malware signatures, anti-virus software has to constantly update its signature database, and users have to constantly scan their machines for any known malware. Back when there was a relatively small number of viruses and propagation was slow due to the lack of a network, this approach made sense. Now however, it is clear that some new thinking is required.

A Shift in Strategy


If there are an impossible number of threats on the internet, with more coming into existence every day, why not take a different approach to keeping them at bay? Instead of keeping a "blacklist" of all the malicious programs out there, keep a "whitelist" of programs that you trust and know to act as they are supposed to, and block everything else. This seems like a much better idea, and is much more feasible. There is a small, finite number of programs that a home user makes use of on a daily/weekly/monthly basis. Once this whitelist of allowed programs is established, a user need not worry anymore. Only the whitelist will execute, and the home user can rest assured that only what he or she desires will now run on his or her computer. The whitelist approach makes sense in the beginning, but new concerns arise when a user would like to install a new program. Can they trust this new program? How can they tell whether to trust it or not? An innovative new antivirus product called DriveSentry has been gaining popularity that uses the whitelist approach. Their method of determining trust of new programs draws from the (so-called) wisdom of crowds. Each DriveSentry user has a DriveSentry online account. When a user installs a new program, they have the option of assigning the program a "trust rating". Each trust rating is stored in DriveSentry's online database. Trust "votes" for programs are accumulated, and then displayed when a new DriveSentry user is installing a particular new program. A user can view how much other people trust this particular program, and hopefully make a more informed decision on whether to trust the program based on the crowd rating. DriveSentry combines the above two methods of application security with traditional blacklisting antivirus technology. Any program that does not appear on the whitelist, and is not in the blacklist, is suspect. This is when DriveSentry will display the program's trust rating and ask the user to make a decision. Any program that is on the blacklist or untrusted by the user is disallowed. This combined approach to security is a good idea, and is discussed further below. A fourth method of security not yet mentioned is the development in automatic behaviour analysis in recent years. Applications and the system on which they run can now be monitored to see if anything exhibits virus-like behaviour. There are many common approaches to infection that viruses employ, and a behaviour analyzer/blocker will recognize these patterns and alert the user. This approach can be useful against not-yet-analyzed malware, as it still provides some protection against unknowingly executing a harmful application. While these four methods of system security are not the only methods, they are commonly used and seem to work at least adequately. However, they are not without fundamental problems.

Nothing is Perfect


Each of the four methods of security described above (blacklisting, whitelisting, trust network, and behaviour analysis) has one or more fundamental problems. By combining these approaches, some problems can be mitigated, but that does not create a perfect solution. The fundamental problem with blacklisting has already been discussed above, the problem being that is it difficult and/or impossible to enumerate and protect against every single threat. Each of the three remaining security methods will be discussed in further detail in the following paragraphs. Whitelisting works by comparing a program requesting execution to several known good values. The most obvious methods of checking a program against known good values are file name, file size, when last modified, file header information, and file checksum. If a program matches these values, it is allowed to proceed. This is a fine idea when a whitelist is already established, and the programs on the whitelist are known to be trusted. But how does one obtain such a whitelist? How does whitelist anti-virus software determine what is safe to trust at installation-time? How does it know it is scanning real files to evaluate, or just scanning decoys? A malicious program could rename common files (eg. winword.exe) to something else, then rename itself to winword.exe. The whitelisting software might scan the so-called "winword.exe" and add it to the whitelist, checksum and all. Trust networks were described previously in the paragraph outlining how the DriveSentry program works. Trust networks are, in a way, whitelisting taken one step further. To initially determine if a program is trusted enough to be added to the whitelist, the opinions of others are taken into account. The more users that trust a program, the higher rating it will receive. Trust networks rely on the fact that users are correct in trusting a program that they are using. DriveSentry also displays votes against programs, however users may easily be fooled into trusting a program instead, causing a false positive in the trust network. Another scenario might involve the trust database itself becoming compromised, and providing false trust ratings as a result. Or what if user trust is split 50-50 between "trusted" and "not trusted"? The trust system provides only some insight into what others believe about a program, but no hard facts on which a user can base a trust decision.

Automated behaviour analysis of malware is one of the more exciting fields of anti-virus research, and also one that interests me. There are many different types of malware in existence, each with its own clever tactics. Luckily, these tactics can be grouped and generalized to some extent. While virus writers have come up with clever obfuscation tricks (eg. polymorphic code, metamorphic code, weak or strong encryption, etc.), an automated system need only recognize and deal with these layers of defense before applying generalization techniques. Of course, there are conceivably viruses that are too complex for automated analysis, and therefore require traditional manual analysis by a human. Viruses are constantly becoming harder to deal with, and automated analysis systems are constantly learning and playing catch-up. In effect, the two are in a never-ending arms race, neither allowing the other to achieve perfection in their task.

Conclusion


In the end, information security is, always has been and always will be a human problem. A communication channel or system may have the perfect security setup, end-point to end-point and being somehow unbreakable, and yet a human on either end can make an unintelligent, uninformed, or unknowing decision to compromise the entire system. Each of the fundamental problems explained above can somehow be explained in terms of the intervention of a malicious user. The never-ending nature of computer security is one of the most frustrating and enticing aspects of the field, and I suspect is what drives true enthusiasts to continue ever-onward.

Saturday, August 14, 2010

Twitter: Useful or Useless?

Ever since I first heard about Twitter, I've been of the opinion that I have no compelling need to document every second of my life because most likely nobody cares. Not only that, Twitter is really only for famous people and big brand names. Maybe the average person can get a couple hundred people to follow them at most, but I refuse to go through that kind of effort again, having done it once already with Facebook. I can just post there instead if I want to broadcast something to my social network. And who cares what famous people are doing anyway? Odds are it's something completely awesome or they're just funnier or better looking than you. All of the above will just make you sad and depressed that you're not them. Anyway, I'm getting off topic.

I did open a personal Twitter account some time ago, but I hardly ever post anything on it. I might use it once in a while to see what a handful of people are up to, but it's not something I check every day or even every week. I left the Twitter app on my Blackberry in the Downloads folder (a place I don't go to very often).

But then yesterday I was looking around at different blogs of the same subject matter as this one, and I noticed that nearly everyone has a "Follow me on Twitter!" link, and in some cases a Twitter counter showing how many followers they have. Then I realized: you can use Twitter as a more-colourful Feedburner RSS feed! If I asked my entire Facebook friends list if they knew what Feedburner was, or even RSS for that matter, I'm guessing the majority would say they have no idea. But, if I were to ask them what Twitter was, most or all would at least have heard of it and most likely use it in some way. It's much easier for the non-techie to just click "Follow" instead of picking their RSS reader of choice and subscribing to a URL.

Granted my target blog audience are for the most part techies, but it never hurts to have more than one medium in which a reader can follow my blog posts. Who knows how a reader prefers to aggregate their daily snack of information. Maybe they prefer Twitter. So away I go to dive into the Twitter-blogging world.

It was pretty easy to set up a second Twitter account. I made a new Gmail account solely for the purpose of this blog (which I've been meaning to do anyway), and just set the forwarding options to forward all mail to my main Gmail account. Then I set up the new Gmail account as an alternate sending email address in my main account, so I can basically impersonate mikazotechblog at gmail.com from my main Gmail account. I used the new email address to register for @MikazoTechBlog and tied it all together using twitter feed. Now whenever I post a new blog post, it automatically shows up on @MikazoTechBlog. It remains to be seen how useful a Twitter-linked blog or a blog-linked Twitter account will be, but I'm guessing it will at least contribute to building blog traffic.

So in conclusion, I've decided that at least for me, Twitter is useless personally, and possibly useful in a "business" situation.

Friday, August 13, 2010

The Desktop Has Arrived!

Normally I try not to post twice in one day, but you can understand my excitement when my brand new desktop arrived today. First, the pictures:




Something was rattling around inside the case when I got it, so I opened it and found some brackets that had come loose. Not sure who to blame for that one, but looks like nothing was damaged.



The DVD burner was about as OEM as it gets. Just a hard plastic wrapping around it.





This thing is disproportionately large. It sort of scares me to think the card is that big.

This thing is disproportionately small. It sort of scares me to think the drive is that small.


I did not speak the words "Deathstar" around this one. Let's hope typing the word didn't jinx it.

And finally, I can't finish this post without giving credit to my Unpacking Assistant.




Why You Shouldn't Put Things on the Internet

Today marks the day I wrote my very first guest post for another blog, "Why You Shouldn’t Put Things on the Internet". You can read the post at this link. Thank you to Justin Germino for letting me guest post on his blog, Dragon Blogger.

Wednesday, August 11, 2010

Beware ECN and ATS Fees!

This post is a little off the norm for MTB, but I did mention I might be adding a little finance content to my blog here and there. It won't be a very common occurrence, and tech articles will still continue to dominate the content of MTB. If this post doesn't interest or concern you, don't worry, more tech insight is on the way!

As I mentioned in a recent post, I've just recently opened a Tax-Free Savings Account with Questrade (a discount brokerage for stock trading). Questrade seemed appealing to me because their trading fees were a mere $4.95 up to a maximum of $9.95, as compared to the $29 some "discount" brokerages charge. Since I'm fairly new to the investing scene, I'm learning some things the easy way, and some things the hard way. This was one of the hard lessons.

I had made two stock purchases, and since I really like Google Finance's interface for portfolios and stock-tracking, I decided to put my purchase information in my Google Finance portfolio. I typed in the standard $4.95 commission since the cost is 1 cent per share, or minimum $4.95. I purchased 14 shares of one stock, and 26 shares of the other. I looked at the performance overview, and all was well. I was essentially the exact same as this guy. Later on, when I opened up my Questrade WebTrader account, I noticed that the cost basis on Questrade's account summary differed from the cost basis in my Google portfolio.

I clicked on "Details" in my Questrade account for each purchase. I multiplied number of shares by the stock price at the time, and added the $4.95 commission, just like it said in the details. But, the number I arrived at differed from Questrade's total by 5 cents. Hmm, this is strange. I tried summing up the other purchase I made, and this one differed by 9 cents! Is Questrade trying to nickel and dime its customers out of money? I sent them an email, asking them to explain why I was out 14 cents when I shouldn't have been.

While I was waiting for a reply, I started Googling around to see if others had had the same problem (something I should have done first off). Someone had, and they mentioned ECN fees. So I Googled for Questrade and ECN fees, and discovered their "Exchange & ECN fees" page.

ECN stands for Electronic Communication Network and ATS stands for Alternate Trading System. The purpose of ECN and ATS fees are to cover the fact that when a trader pruchases stock, they are reducing the liquidity of the market. In other words, they are reducing the amount of available cash that can be used at a moment's notice. These fees are charged to Questrade for their direct access to stock exchanges. Questrade passes the fees on to the trader, by silently charging the rates on their account. The "Details" page for a stock purchase makes no mention whatsoever of ECN or ATS fees. It just tacks them on to the total at the end, only causing confusion for poor beginner traders such as myself.

According to Questrade's ECN/ATS fee page, the Toronto Stock Exchange charges $0.0037 per share, when a trader is removing liquidity (buying stocks). I multiplied $0.0037 by 14, which equals 5 cents. I tried $0.0037 times 26, 9 cents. Aha! I have found the source of my balance discrepancies. I informed Questrade that I had figured out the dilemma on my own.

This isn't something I would close my Questrade account over, but I was ready to if they couldn't explain where the extra fees came from. I think that Questrade should place more warnings and information within the WebTrader account, not just on their pricing page. This would eliminate a lot of confusion, and show that Questrade would be acting openly and honestly with its customers.

Monday, August 9, 2010

The New MTB

Hello to my limited readership,

If you happen by remote chance to be a regular reader here, you'll noticed that the blog layout has changed. I was getting extremely sick of black, and the colour scheme hadn't changed since the blog's inception in 2008. An update was sorely needed.

With the blog's new theme, comes a new attitude and goal. For the past two years or so, this blog has been something I contributed to with high irregularity. I'd like to change that. I plan to try to post once a week on something insightful or useful, in an attempt to build up quality content and readership.

Not only does the blog have a new layout, I'm getting a new computer (it's being delivered as I type this), I just recently got a new smartphone (BlackBerry Curve 8520), and I've just recently taken an interest in investment and personal finance. Don't be surprised if you find the odd blog post peppered with investment discoveries or comments.

Here's to two years' and a summer's worth of MTB, and to a whole lot more in the future.

On a related note, if you the reader happens to own a quality technology or finance blog, let me know if you're interested in guest posting or exchanging links.

The New Desktop Is On Its Way!

For years I've been wanting to build my own desktop computer, mainly for the purpose of gaming and virtualization/school work. My need was temporarily satisfied when I did exactly that for my Dad, when he needed a new system for capturing video, storing files, scanning pictures, etc.

The time has finally come where my laptop just doesn't cut it anymore, and a new purchase is in order. Mystore of choice is TigerDirect.ca. I've dealt with them before, many times and have always been satisfied with their service. Their shipping rates are reasonable, and they have an excellent order-tracking system. The only exception is that I ordered my processor from NCIX.com, due to TigerDirect being out of stock for the next month or so.

So without further ado, here it is:

Ultra XBlaster Clear Side Blk Mid-Tower Case
ULTRA X4 750W POWER SUPPLY MODULAR
ASUS P7P55D Deluxe Intel P55 Socket LGA1156 MB
Lite On 24X SATA w/Lightscribe OEM
OCZ 8GB DDR3 PC10666 1333MHZ 8192MB (2 X 4GB)
Intel X25-M MLC 80GB SATA Solid State SSD
EVGA GeForce GTX 460 1GB GDDR5 PCIe SLI Ready
Hitachi 2TB Serial ATA HD 7200/32MB/SATA-3G
Intel Core i7 870 Quad Core Processor Lynnfield LGA1156 2.93GHZ Hyperthreading 8MB Cache

Grand total: Just over $2000.

Some justifications:

I went with the 8xx Core i7 series of processors mainly because of their higher turbo rating over the 9xx Core i7s. I'm aware of the PCI-E bottleneck running at 8x for SLI video cards with the 8xx series, but I'm not sure I care all that much.

The motherboard offered all the upgrade options I was looking for in a board. RAM is expandable up to 16 GB (which is why I got 2x4GB sticks), and I have room for an extra video card if need be. Also, the board had a legacy PCI slot for the wireless card I already own.

I decided to jump on the solid-state drive bandwagon for performance reasons, and 80 GB is enough room for an OS and a few apps/games. Anything else I want to store can be saved on the 2TB 7200rpm drive.

It's been a long time since I've kept up with video card model numbers, so the EVGA card was purchased on the advice of my good friend, who also advised me on the hard drive choices.

A sizeable power supply to provide juice for the whole thing, and cheap DVD burner, and a clear-sided case complete the selection. Now all I have to do is wait for it to get here. I'll post more with regard to individual components and how I find them to be.