jump to navigation

Linux malware 18 February, 2009

Posted by aronzak in Uncategorized.
1 comment so far

A recent article, How to write a Linux virus in 5 easy steps outlines a vulnerability in KDE and gnome desktops. The article is well written and makes some good points about how no operating system is “inherently secure”. Essentially, the .desktop format bypasses the binary execution bit, which would otherwise stop a script that someone downloads from executing malicious code without explicitly allowing it to. Unfortunately, the article suffers from a few simple problems:

1. .desktop

Let’s try this out for size. First, I’m going to create a blank file called hotpictures.jpg.desktop, and email it to myself. The first thing any user would notice is the unusually poor grammar, and unusual request. (Most people these days are fairly good at managing to use Google to look up things for themselves, though some Linux help forums beg to differ.) Here’s how opening the attachment appears in Gmail and Thunderbird.

hotpictures2To download this file, I would have to ignore the .desktop filename 3 times. Same with Thunderbird:


Even if there is a long name, there is plenty of space to display the filename in the dialog boxes. The end of the filename will still show in the bottom of Thunderbird. Also, while the article states that a user would often download files to the desktop, Google’s online office software and PDF-HTML conversion system means that users are increasingly viewing documents as in the browser first, rather than downloading files straight away. If this fails, most users would be extremely cautious.

Next, if a user downloads the file to their home directory, and not the desktop, they will see the .desktop file for what it is again.


Finally, even if there is a bogus “document” icon or some such, people will expect a preview of the image, as with the portrait of Obama. Users would have to be very stupid to download a file with a format that they have never heard of, which doesn’t have a preview of the image that it is pretending to be.

2. root permissions

The article says that root permissions don’t matter as much as people may think. This is true. Superuser privileges are’nt needed to change some software like adding a keylogger to a single browser. this could be dangerous, but it is fairly trivial to pick up and remove. I’m not aware of a porgram like this being able to hide itself with only user level access, so a root shell can easily monitor the running process, and, if a user is on the ball, note that it is a rogue process. The possibility that graphical password managers, like kdesu and gksu can be subverted is unlikely, with a smart user picking this up very quickly. Observe:


Again, a smart user will not fall for this one. Also, having only user level access makes it much easier to recover by booting to level 2 and then sorting out the results. Simply creating a new user and copying the old data will ‘disable’ the code.

While an interesting theory, this couldn’t really be used to spread malware. The article does point out that groups like governments are adopting Linux, which could mean that there are a lot of users that are unfamiliar with Linux that are on each other’s email contacts lists. Other than that, this couldn’t work in real life as emailing Windows and Mac users with a Linux virus is just stupid. There’s no way for a virus to be able to know which platform email contacts are running (and not just which OS, but if Linux users are running a particular distribution, desktop etc…). In this way, multiple platforms, as well as the myriad of possible choices in Linux are a help. Just as it makes it hard to write an application that will work on all Linux distributions, it is hard to write malware that will.

What does scare me, and should you, is the alarming ease with which someone with physical access to almost any machine caget full access to it. Using grub, someone can press ‘c’ and add “init=/bin/bash” to the kernel parameters, and immediately get full root access, and the ability to change all of the passwords (or worse). Grub passwords can prevent this, but booting off other media (eg USB) will also give full root access straight away. The only real solution to this seems to be full system encryption, which is a pain.

There is a fair point that is made by the article that the security of Linux isn’t absolute. This doesn’t negate, however, any of the real security benefits the OS has. Many open source naysayers will say that this is evidence that the model of development doesn’t work when it comes to security, but it is evidence that it does. An article like this can be released, people can make note, and if there are any serious issues, the code can be changed, whereas in the proprietary development world the issues are suppressed with gags and NDAs, and outstanding issues can go unresolved.

By the way, Linux computers can still spread Windows viruses, through network sharing and other means. If you run antivirus software on Windows, it is a good idea to run antivirus software in Linux also.


Faceborg does it again 18 February, 2009

Posted by aronzak in Uncategorized.
add a comment

After the first major mess up with Beacon, Faceborg has gone and done it again with a new Terms of Service (ToS) policy, that basically means “we own everything you put on Facebook. Forever.” It’s already bad enough that when someone dies their Facebook pictures get pilfered to publish in news media, but this now means that Facebook itself will sell all of your private data to the highest bidder for any purpose. Slashdot is reporting that a Facebook group has a huge lot of people showing token support for a ‘protest’. The question is, why would Facebook do that? First, they need cash. Dan Lyons explains:

…There will be a lot of bailing out taking place at Facebook but it will be the old-fashioned kind — kids bailing out when they realize there’s no pot of gold at the end of the rainbow, and bigshot Google defectors bailing, preferably early and with good excuses, so they don’t end up with flop stink all over them… [they] really, really, really meant all that stuff about changing the world by creating software that lets recent college graduates hook up more efficiently and force-feeds them targeted advertising…

And we can find a second reason in his earlier coverage on the Beacon cock up as fake Steve Jobs:

Faceberg has posted an apology on the company blog for the Beacon fiasco. Money quote: “I’m not proud of the way we’ve handled this situation and I know we can do better.”

Thing is, nobody ever doubted that Facebook can do better. What’s scary is the fact that they won’t do better until people start to scream at them. It’s the fact that it doesn’t really seem to be in their nature to do the right thing. Their instinct, in fact, seems to be to do the wrong thing, and to keep doing it until they get caught. Even after they get caught, their instinct is to spin and fudge and brazen it out. No wonder the Borg has partnered with them. It’s a match made in heaven. These guys are like Google, only their slogan isn’t “Don’t be evil” — it’s “Don’t get caught.”

And he goes on:

Facebook’s business model … pits Facebook against its customers. The amount of money that Facebook can make is defined (and constrained) by the degree to which its users will allow themselves to be exploited.

This punk scares me. And I miss the days when the Valley was about making chips and routers and computers, not sending people zombie bites and tracking their online purchases. I miss the days when we were the good guys…

I have to echo that sentiment. It scares me that tech experts could potentially put their skills to use making the world a tangibly worse place.

World of Goo Ported To Linux 14 February, 2009

Posted by aronzak in Uncategorized.
1 comment so far

An indie development team of 2 guys has created an incredibly good game called “World of goo” that has received wide critical acclaim. The great news is that this game has been ported to Linux. After playing only a few levels of it, I can tell it’s awesome. It’s a little bit like some old bridge builder games, in which you get a train over a river, but much more fun. Simply put, I’m blown away by the quality of this game.

Some people view PC gaming as dying. Or to put it another way, it is changing. Less and less titles are being released only on PC, with most PC games being ports of console games. One reason that is slowing down Linux adoption is the lack of support for PC games. I’ve heard it said that the shift away from PC gaming will be good for Linux, as it will mean that people won’t expect to be able to play games on their computers. It’s true that this can help Linux, but does anyone want to see PC gaming die? Do you really want only to be able to play console ports and MMO’s? That’s what will happen if piracy isn’t controlled.

I want to present two futures of PC gaming. One is that PC only games will cease to exist. Games that do get released on the PC will  come with DRM that makes the game fail to run whenever you change your hardware. Many games also have online only play, some of which you pay extra for. Of course, they’ll still be consoles, but the traditional feel of games will be gone.

Let me give you another solution. One where rather than having just large companies like EA churn out unoriginal blockbusters, teams as small as two people can defect and make a creative fun, and clever game. This can only happen if the community supports them.

This comment on Isohunt is not in good English, but it gets the point across.

Think before downloading the game…great post over at piratebay by flowcharter…

1- I was curious to see whether there were people so vacuous as to trade around a cheap indie game with absolutely no DRM on it and then try to justify it with stated oxymora such as “oh, I’m not interested in the game anyway, that’s why I’m taking the time to download it.”. Turns out I was right

2- Absolutely, I download stuff all the time. I’ve downloaded a tonne of games from GOG, Stardock, even direct from the makers of some other games. I’m also pretty partial to hitting up Gametrailers when there’s an upcoming release I’m interested in. Left 4 Dead is looking up to spec I’m glad to see.

3- You’re going to start blaming the economy now? Still, if you’re suffering that badly that you can’t afford $20, I imagine you must have a hard time eating these days. How on Earth DOES one manage to spend on a high speed internet connection? Well, priorities are priorities I suppose…

4- This one’s really a three parter

a) There’s a pretty good and descriptive demo out, so no real problem “trying out the game” anyway.

b) These are indie devs, not your usual corporate types, just two guys that decided to make a game.

c) It’s $20, not $60. Even from an absolute minimum wage in the US you’d get as much in a little over two hours of work, and probably a lot less. You’d pay more for a night out. Well, unless your idea of a night out happens to be McDonalds, which I’m willing to accede may be position in your particular case.

5- If you’re so tired of picking the fight, why feel the need to justify your actions in the first place? Do you spend your spare time responding to youtube comments as well? Actually scrap that last one, maybe you do. In any case, you state it’s your given right to share this information, and I must say I’m impressed with your candour! Tell me, what have you yourself uploaded and shared with the rest of this fine community?

Still, perhaps an explanation is in order as to why this particular incidence is garnering a fair number of negative responses in comparison to most other cases.

It’s really quite simple. The fact that is this is just two indie developers who spent two years of their own effort and money to create a truly amazing indie game has garnered a lot of attention, and a pretty hefty amount of sympathy for them as well.

Ultimately, indie devs survive or don’t based on whether people are willing to purchase their games, but more importantly, so too does their future output. So if a pretty special game like this just gets pirated through the floor, they pretty much go under, nothing ever gets released from them again, and more importantly, more devs learn that the PC is NOT a viable platform anymore for anything. And it pretty much is heading that way at the moment. Ironic isn’t it?

They also happen to get extra bonus points for the fact that they actually listened to their customers and didn’t put any DRM on there TO crack.

If you want your answer as to why this is happening, that’s pretty much why. It could be argued that there may be a fair amount of hypocrisy involved in people having more sympathy for an indie developer just starting out (regardless of how excellent their starting title is), but what can I say, life’s like that. Few people are interested in defending corporates that weigh down their games with so much DRM and install limits that you need to call a helpline every time your PC installs a new driver. But an indie dev starting out with an awesome game and no DRM? Yeah, I guess people just tend to have more sympathy for that.

Still, I can appreciate that you say the game is boring to you and that you didn’t really like it. Saying that means it doesn’t ultimately have to cost you anything in either money or personal justification, so I’m glad that a happy ending was the result. Hmm, perhaps I should try that actually, simply HATE everything I download and therefore there’s no reason for me to actually concern myself with spending anything because my moral scruples have been satisfied. I say, this may very well be an astonishing discovery for market economics, I wonder if it’s patentable? Well in any case, it’s obvious you’re quite a capable individual, and you know a quality product. I genuinely look forward to when you have the opportunity to fully express yourself against the wages of the industry by releasing your own game. I guarantee you, if it’s good enough to not only live up to my relatively low standards, but even YOUR enviable ideals, I will happily buy that from you as well. Looking forward to it.

Well, I’m not looking to convince anyone. Not as if it’s realistically possible, but people were curious why so many people appeared to be posting complaints, so why not take the time to explain eh? All I can suggest is that if you like the game, support the devs. It’s a genuinely good game, and the devs were pretty on the level when selling it.

Apologies for length, but I appreciate that people of your stamina will have no problem easily digesting this modest article, and as you took the time to elucidate your point so thoroughly, I thought it would be positively discourteous if I did not respond in kind. Your patience is most appreciated.

There’s better coverage on Ken Starks’s Helios Blog. I just wanted to say two things. One is that this game is awesome. Two: Don’t punish the creative developers that have the audacity to release a game without DRM, and the vision to port it to Linux.

Cuba joins in Linux adoption 12 February, 2009

Posted by aronzak in Uncategorized.
1 comment so far

Recently, Cuba has joined an increacing number of governments in the world that are adopting Linux for use in their country’s educational systems and beurocracy. Thay are creating their own operating system for government, called Nova, something that Russia is also doing. Recently also, Kerala, a state in the Southern tip of India, has moved to open source, and has set up a free software training centre. Prize quote from a BuisnessWeek article:

“We’re using something called Linux,” says 12-year-old Arya VM as she plays with Tux Paint, a Linux drawing and painting application. And Windows? “Never heard of it,” she says.

A neighbouring region, Tamil Nadu, has a scheme that sells laptops preloaded with SUSE or Ubuntu for the educational market.

All is going well.


Cyber safety test 11 February, 2009

Posted by aronzak in web.
add a comment

Are parents floundering in a sea of pornography? You’d think so, if you paid attention to the alarmist statistics published in print media, but you’d be wrong. Here’s a humourous cyber safety test to illustrate the point:

1. Which of the following is not a social networking site?

  • eBay
  • Club Penguin
  • Facebook
  • Piczo

2. What does the following acronym stand for – PAW

  • Phew, am wasted
  • Play and wide
  • Parents are watching
  • Push and wait

3. What is edonkey?

  • A virtual pet for children and young people to look after online
  • A type of computer virus
  • A file sharing programme
  • A key logging programme manufactured by Edon

4. What does the following acronym stand for – ASL

  • Age, surname, likes
  • Alias, sex, location
  • Age, sex, location
  • Attitude, situation, loathes

5. According to OfCOM, what percentage of 8-15 year olds feel confident at getting the internet to do what they want it to?

  • 87%
  • 76%
  • 25%
  • 51%

6. What does LMIRL stand for?

  • Let’s make it really loud
  • Losers move in real low
  • Let’s meet in real life
  • Loads more in rap love

7. What does IWF stand for?

  • Intensive wiki fulcrum
  • Internet watch foundation
  • Independent website forum
  • Independent wi-fi field

8. What is a Trojan?

  • A program that appears to be desirable but actually contains something harmful
  • A computer with over 1GB of RAM
  • A type of server which can connect over 200 client machines to the internet
  • A program that allows you to illegally download music

9. What does SAMAGAL stand for?

  • Stupid, am messing and getting all lairy!
  • Stop annoying me and get a life!
  • Sick and moaning again, get a life!
  • Stop always moaning and get away love!

10 According to OfCOM, how many parents felt that their 12-15 year olds knew more about the internet than they did?

  • 93%
  • 34%
  • 57%
  • 77%

11. How much video content is uploaded to you tube every minute?

  • 1 hour
  • 100 hours
  • 10 hours
  • 30 minutes

12. In the UK, on Christmas Day 2008, how many internet visits were to Facebook?

  • 1 in 50
  • 1 in 5
  • 1 in 10
  • 1 in 100

13. What is a BLOG?

  • A big log
  • It stands for buy lots of gadgets
  • An online diary
  • A type of Trojan virus

14. What are you doing if you are twittering?

  • Making high pitched sounds like a bird
  • Leaving a comment on a free social networking site
  • Speaking to a friend on a chat site
  • Using an instant messaging service but not making any sense to the others using it

15. What is “sexting” used to describe?

  • Sending an erotic picture
  • Sending a text message, it’s just a play on words
  • The process of online dating
  • Searching the internet for inappropriate content

16. What are Safari and Firefox?

  • Online games popular with teens
  • Software companies who specialise in educational materials
  • Web browsers
  • Operating systems
  • Install spyware so you can see what they are doing online

17. What does the following acronym stand for? POS

  • Emergency!
  • Parents over shoulder
  • Point of sale
  • Paedophile alert

18. What has happened to you if you’ve been flamed?

  • A virus has attacked your machine
  • Your online character has been deleted by another user
  • You have been insulted by another internet user
  • You’ve reached the highest possible level in the game you are playing

19. What does the acronym LMFR stand for?

  • Let’s meet for real
  • Lower Miami Fire and Rescue
  • Looking for more
  • Let me freaking read!

20. What does a cookie do?

  • Make you fat
  • A piece of information placed on a computer by a web server
  • Remembers your passwords for you
  • Shares your information with other users that you choose

16 D shows that the authors are probably geeks and have a sense of humour.

How did I end up looking at this? There’s an amusing aarticle on Crunchgear about research findings. PS. What’s 100 divided by 3.5? 28.6. Divide by 7? 4. Scary.

The sad thing about most of these companies is firstly the focus on children and secondly the peddling of disinformation. The whole “hackers can turn your computer into a bomb; buy our products” still persists in 2009. If anyone is interested in real products, check out open source tools, or consider quality products such as those from  xxxchurch or covenanteyes.

Internet content filtering in Linux 27 January, 2009

Posted by aronzak in Linux, Mozilla Firefox, web.

For some reason you want to use content filtering software. You’ve probably heard of or used a few tools specifically for Windows.  Here are some solutions for Linux:

1. Dansguardian

Dansguardian works best with the proxy squid. It does some advanced url filtering, using slightly more complicated techniques to block some URLs. sites containing both one and a second listed word are blocked, as well as media such as pictures and video URLs with listed words. This is fairly clever, but has some problems. Sometimes, this has blocked Google for me, as some URLs with random strings of characters (used to track which search results are clicked on) can be blocked.

Content filtering is done with words and phrases having scores, positive or negative. Sites then get a total score based on their content.Interestingly, this can be positive and negative. For example, the word ‘breast’ is bad, but ‘breast cancer’ is a good phrase. In theory, this should limit the amount of overblocking. Dansguardian also filters against anonymous web proxies, which could otherwise be used to bypass filtering.

Sites are blocked if their score is over the ‘naughtiness’ threshold as defined in /etc/dansguardian/dansguardianf1.conf.

Dansguardian is meant to be used in a public sector network, such as a school or library. By default, it blocks many downloads that could contain viruses, or filtering circumvention software. In a home setup, this is just irritating. To stop this, blank out the configuration file that controls blocking files based on extensions; echo “” > /etc/dansguardian/lists/bannedextensionlist

Installation instructions

Dansguardian needs to be used with a web proxy. The installation of Dansguardian itself is fairly easy, with Dansguardian filtering on one port. Getting it to filter the entire connection is more complicated.

1 Install the squid and dansguardian packages.

apt-get install dansguardian squid

2 Edit /etc/dansguardian/dansguardian.conf file and remove the line that says “UNCONFIGURED”.
3 Start the dansguardian daemon.

/etc/init.d/dansguardian start

4 In Firefox,  open up edit -> preferences -> “Advanced” tab -> “Network” Tab > “Settings” button. Set it to manual proxy. Put (localhost)  in the IP address box and 8080 in the port box.
5 Try to connect to goolge.com to verify you can still connect to the internet.
Finally, check that the filter is working by checking that the network traffic is being logged. Open the file /var/log/dansguardian/access.log.

cat /var/log/dansguardian/access.log

There should be an entry there saying google.com. If the file doesn’t exist, something isn’t set up right.

2 Willow Content Filter

Willow adopts the novel concept of using Bayesian analysis to filter the web. Bayesian analysis is currently useb by most spam filters. The concept is that you have a ‘good’ and a’bad’ sample, and the filter can find ‘spamminess’ as a percentage match to the samples. Unfortunately, spammers attempt to make this difficuly by inserting ‘normal’ text into spam. Unlike spammers, most adult website owners are probably broadly supportive of efforts to more effectively filter the internet, as evidenced by the existence of voluntary labelling efforts.

In theory, Bayesian web filtering should work better than the more rigid score based system, with less overblocking or underblocking. Not only does it use words in the title, metas and body of a page, but it analyses the structure of the page itself. The system may also run faster than Dansguardian.

One issue this creates is that samples of content must be provided, including both kinds. Currently, these are not encrypted, or obfuscated. This creates some potential legal and moral hurdles in distributing and using willow.

Installation instructions

1. Download willow

2. Extract it to /var

3. Edit /var/willow/willow.conf and remove ‘exefilter’

4. You might need to.install some more software. Try installing python-profiler and python-central

5. That should be it. Run /var/willow/willow.py –config=/var/willow/willow.conf

6. Set up Firefox as above, to port 8000 (or whatever it is set to in /var/willow/willow.conf)

If that doesn’t work, edit the configuration some more. Unfortunately there doesn’t seem to be much support for willow right now.

3 Fx Extensions

While not as effective, Procon is extremely easy to install. Foxfilter is another filtering extension, but I find it a little slower and more clunky. If firefox is your only browser, this is an easy option.

(4) MintNanny

Linux Mint has introduced a novel way to prevent domains from being accessed by redirecting the request to by modifying the /etc/hosts file. This is a neat approach as it does not require any software to be set up, but, unless you are going to try and subscribe to a domain blacklist, it is relatively ineffective. Most web routers will give you this kind of simple filtering anyway.

If you want to give this a go, you don’t need the MintNanny frontend. Just get in there and edit /etc/hosts yourself. You can even redirect to another IP. Just add in a site you really don’t want to see, as in the example.          microsoft.com   microsoft

The IP here is one for google.com. Neat. You could also put in the IP of your own server.


So there you have it. If you are setting up a non-home network, you’ll probably want to filter transparently. This is complicated to set up and involves editing the configuration of iptables or your proxy. Good luck. Below are some extras that you might want to use if you do use DG or willow

You may want to edit the page that Dansguardian shows when a resource is blocked to give you the full reason. This can be quite long, so I stuck it in a box.

	<font color=red>
	<font color=black>
	<form action="/html/tags/html_form_tag_action.cfm" method="post">Full Reason:<br />
		<textarea style="width:500px;height:100px;background-color:#FF9900;">
		</textarea><br />

The logs Dansguardian gives contain a whole lot of sometimes irrelevant information. Below is a list to process a log file using the tab format, so that it is easier to read. In the future, it would be nice to work on a way of adding this to a database, and sorting into domains.

# Author: Aronzak
# License: GPL
# A script to process Dansguardian log files

# Use tab formatted access.log
# 1	Date Time
# 2
# 3	IP
# 4	URL
# 5	Full Denied report
# 7	File size
# 8	Score
# 9	Short Denied report
# 10	1
# 11	HTML error code
# 12	Type
# Edit the following variable to add/remove wanted fields in processed log:


cat /var/log/dansguardian/access.log | cut -f $DESIREDFIELDS > $DEST/full
cat /var/log/dansguardian/access.log | grep DENIED | cut -f $DESIREDFIELDS > $DEST/denied
if [ -f $DEST/old ]; then
	diff $DEST/denied $DEST/old > $DEST/diff
	if [ "`cat $DEST/diff | grep '<'`" != "" ]; then
		echo "bad"
cp $DEST/denied $DEST/old

Willow has a minimal page displayed when a resorce is blocked. I changed this to be more like the Dnasguardian page. The page that is displayed is set three times in urlfilter.py, domainfilter.py and contentfilter.py.

DEFAULTMSG = ('<html><head><title>Content Filtered</title></head>'
              '<body bgcolor=#FFFFFF><center>'
              '<table border=0 cellspacing=0 cellpadding=2 height=540 width=700>'
              '	<td colspan=2 bgcolor=#FEA700 height=100 align=center>'
              '	<font face=arial,helvetica size=6>'
              '	<b>Access has been Denied!</b>'
              '	</td>'
              '	<td align=center valign=bottom width=150 bgcolor=#B0C4DE><font size=1 >'
              '	<a href="http://www.digitallumber.net/software/willow/" target="_blank">Willow Content Filter</a>'
              '	</td>'
              '	<td width=550 bgcolor=#FFFFFF align=center valign=center><font size=4>'
              '	Access has been denied.<br><br><br><br>'
              '	The content of the resource requested has been determined to be innappropriate<br><br>'
              '	If you have any queries contact your ICT Coordinator or Network Manager.'
              '	<br><br><br><br><br></tr></table></body></html>')

You might want to back up the files before editing them. Have fun.

A look at Mozilla Snowl 17 January, 2009

Posted by aronzak in Mozilla Firefox.
Tags: , , , , ,

Mozilla Snowl is a new experimental Firefox addon that acts as a more advanced feed reader. It can display RSS feeds and also Twitter messages. I’ve never gotten into microblogging, but it’s an interesting concept. Here’s how Snowl works as an RSS/ATOM aggregator.

Snowl has three modes; List, Stream and River.

River modes shows a list of messages in a page view. It shows the title and a small snippet of text, and the author.


List mode shows messages like an email client. It allows the a news article to be displayed in full by double clicking the message. There doesn’t seem, however, to be any way to open up links in a tab.



Stream mode displays a sidebar with the latest messages at the top, with nice icons.


Snowl has a lot of nice concepts, but it seems to be more intended to be used with Twitter than web feeds. The small amount of text in river mode, the small size of the frame for viewing articles in list mode and the ability to select people, rather than just feeds, all point to this. It would be good if Snowl was more customisable to better suit needs one way or another.

1. It would be good to be able to select how much text is displayed in river mode.

2. It would be even better to have a feature to expand the text, like in the old Isohunt.

3. It would also be good to be able to customise the number of messages that are kept. I’m not really interested in anything in a feed if I don’t read it after a day.It would be good to limit the time of messages, as well as the number that display in stream mode.

4. It would look nice if icons are displayed in river mode.

5. It would be good to be able to use something like greasemonkey to alter the way in which Google news appears.

6. It would be good if river mode could support the formatting in Google news, rather than just displaying it as text, which repeats the title.

Otherwise, Snowl is looking good.

Accessing Yahoo Main in Thunderbird 10 January, 2009

Posted by aronzak in web.
Tags: ,
add a comment

Yahoo has relatively recently introduced a feature that lets some of their users access their mail via POP3. Apparently, this is only offered in some regions, supposedly not the US. Despite what many people say in old articles and forum posts, you can access your mail now with Mozilla THunderbird, rather than Zimbra Desktop. Here’s the process.

1. Create an account and log in.

2. Click on optionssnapshot443. Click on POP Access and Forwardingsnapshot45

4. snapshot46

5. Set up Thunderbird. Probably because of Mozilla’s relationship with Google, it is very easy to set up a gmail account. The easiest way to set up a Yahoo mail account is actually to select gmail account, then substitute the details that Yahoo gives. This gives you sane defaults, such as leaving mail on the server.

6. Done.


For the most part, this is a humourless proceeding. There is a good moment, though:

If you can’t click the link above, you can verify your email address by cutting and pasting (or typing) the following address into your browser:


That would only take abut 10 minutes to type out.

Antivirus for Linux 4 January, 2009

Posted by aronzak in Uncategorized.

One of the questions that many new Linux users ask is “Should I run antivirus software on Linux?” I have two reasons why not to and three why you should.

Why you don’t need to:

1. Linux has better inherent security features. The ‘root’ and normal user permissions means that it is harder for malicious code to damage your system. Also the files permissions can make it hard to execute code. There are ways around all of this, though.

2. Less malware is written for Linux. This will change in the future, but it is a great benefit now.

If you only want to keep your own computer safe, strictly speaking, there is no absolute need to install any antivirus software in Linux. But if you are running Linux on a mixed network, I have three reasons why you should:

1. Surviving to raise the alarm. Imagine for a moment that you are in charge of the Royal guard in a medieval castle. Who would you choose to defend the castle walls against intruders? A slow, sleepy, sloppy guard? Or a young, fit and fiercly loyal guard? Windows has a long history of letting intruders through, Mac a shorter one. Linux, at the moment, is uncompromisable.

When a new virus is written, it takes time for antivirus writers to respond. This window of opportunity for viruses is referred to as the “zero day” period. Analysis of files without needing virus signatures is one protection, but it is not perfect. If a Windows (or these days, Mac) computer gets hit with a zero day virus, any antivirus software on the computer is usually made ineffective by the virus. When a new virus signature is made for the virus, it’s too late for an infected computer. But Linux, which didn’t get infected, can get the update.

2. Fighting back. Now that you’ve got a new virus signature, the next time you scan for viruses in a network sharing folder, you’re likely to find the virus.If it bleeds, we can kill it. Linux has saved the day.

3. Mopping up. Imagine someone that is sick and throws up in your house. They then decide to try and run outside, but they don’t make it all the way and they throw up again. Similarly, when a computer gets sick it leaves a mess all over the place. Viruses usually copy themselves over your network and on USB sticks. Even if your network does not get compromised, it can still be convenient to use Linux to help mop up the viruses that end up coming into contact with your computer on USB sticks (even thouth they’re not dangerous).

So, in short, running antivirus software on Linux is a good idea. It can help defend Windows and Mac computers and can be convenient to get rid of lingering malware. So, what’s on offer?

1. ClamAV

ClamAV is a free and open source virus scanner. That means that it can easily be installed natively on a Linux system using the ordinary package management system. This is extremely convenient. In Debian types, just do

apt-get install clamav

and it should install.

You might also want to install a GUI frontend. One called klamav appears to be the most advanced. Here’s some screenshots:


A nice configuration dialogue with an icon.



Klamav has a nice drop down box and a percent bar that makes it easy to use. Unfortunately, while ClamAV is popular because it is free and open source, weather or not it is as effective as other AV products is questionable. Though I understand that it is getting much closer to the competition and does run a lot faster than other AV software in Linux.

Most vendors provide professional products for Linux servers; so they also provide home editions for the desktop for free. Most vendors that do provide free linux versions hide them, trying to get Windows users to buy professional products. If you search for “linux” in a box, usually you’ll find a page that has a link, which is impossible to find otherwise.

One exception to this is F-Prot antivirus which has a link to the Linux section on the front page. Also, F-Prot is integrated in Puppy Linux, wich gives a graphical tool (which automatically downloads the required files). This is one of the smallest AV downloads I’ve seen (only 13MB) but it is Command Line Interface (CLI) only. This may be a good or a bad thing.

I’ve also used AV products from Avast and Grisoft (AVG) with GUIs that were fairly user friendly.

Others you might want to check out:

AV            GUI

Avira ? 45MB

AVG Free yes   ~50MB Also brothersoft

Avast yes   registration required

Panda reg.

Bit Defender CLI only. Terrible website, never managed to get a download link, despide having used it in the past. Even send an angry email.

4 New Fear Mongering Tactics in 2009 3 January, 2009

Posted by aronzak in security.
Tags: , , , ,
add a comment

An article on Slashdot today links to another article “Four Threats For ’09 That You’ve Probably Never Heard Of (Or Thought About)”. They give us four things that are new threats and will surely break the internet and cause much panic in 2009 (specifically; not any other year). Here they are:

1. An Internet “e-bomb”

A large ‘bomb’ will destroy the internet. How do we come to this conclusion? There’s some flaws in TCP and DNS.

Attacks against the Internet infrastructure could very easily be next year.

Let me give you some very good wisdom from a well respected expert:

And again, the Internet is not something that you just dump something on. It’s not a big truck. It’s a series of tubes.

No, someone can’t ‘break’ the internet. It might be possible to break some of the “tubes” but not the whole series. Why? It’s not a big truck. The worst that could happen is that the internet becomes partially fragmented. And that wouldn’t be that bad. I don’t think that disruptions could last more than a few days (but you’re welcome to try!). There are backup systems for things like this. Why do we still have real stock market floors?

2. Radical extremist hackers

Attackers defaced more than 300 sites with anti-Israeli and anti-U.S. messages in the wake of Israel’s bombing of Gaza.

So a few pro Israeli sites get hit. Surprise!

3. Attacks on online ad revenue
Ok, this is the only interesting one that isn’t just the same fear tactics dressed up. This is a genuinely new emergence. If malicious hackers use compromised ad servers to spread malware, then people will block ads. This has already largely happened with popup blocking. It’s one of the reasons that NoScript exists, which makes about half of the ads that are on the wabpages I look at just appear as white space. The internet ad ecosystem currently doesn’t work very well. Already it has been found that some people are more likely to click on ads but have no intention to buy anything. They are an anomaly that means that the whole profit model is flawed.

Unfortunately, this hurts the little guys, because they end up being the ones that serve up unique content that smart users will want to look at. These are the smart users that run Fx and respond to emerging threats.

Still, this isn’t going to break the internet. Also, with the internet getting faster, bandwidth is getting cheaper. How can sites that stream megabytes of video with only a few ads on a page make money? Well, megabytes aren’t as big as they were.

4. Human casualties

This is the most and least real threat.

Three U.K. hospitals were forced to shut down their networks last month after a malware outbreak infiltrated their systems… Medical staff in some cases had to revert to using pen and paper… Human lives could be affected by a cyberattack like that of those hospitals or attacks on national infrastructures

Yes, people could die as a result of a malicious intruder attacking a hospital. Then again, it probably wouldn’t jsut happen at random. The idea that people all over the place could die just because of viruses is ridiculous. Almoast as ridiculous as this: