jump to navigation

Security: The Same Mistakes in 2009 1 January, 2009

Posted by aronzak in security, Virtualisation, Windows.
Tags: , , , , ,
1 comment so far

An article that was on Slashdot today shows that after the malware makers that brought us “XP Antivirus 2008” have now made “XP Antivirus 2009”, which has infected over 400,000 PC’s. Have you updated to the latest threat? Now, new and improved, this version is compatible with Vista.

The inevitable question we must ask is are users getting any smarter about security? And the real question is will computer security ever be able to defend dumb users from themselves. Probably not. You can make something as annoying as UAC and users will still get hit.

*sigh*. In other news, the results of a “malware challenge” are out, with reports produced on how malware works and what it does to computers. Using a safe virtualised environment, the top entry, by Emre Bastuz examines the changes to the Windows registry that a virus makes, and sets up a fake network to observe the virus keylogging Windows and sending data back to the ‘host’ server by IRC. Pretty cool. I was thinking, would it be possible to make an open source tool that can automate this some of process and make it easier to respond to malware in the wild? Doing something like this would be fun and could help projects like ClamAV, an open source antivirus program.

AROS Research Operating System 22 December, 2008

Posted by aronzak in Uncategorized.
Tags: , , , ,
3 comments

AROS is an open source operating system that builds on AmigaOS. It can be run on powerpc and x86 hardware. Here’s its description from its sf page:

The AROS Research Operating System is a lightweight, efficient and flexible desktop operating system, designed to help you make the most of your computer. It’s an independent, portable and free project, aiming at being compatible with AmigaOS 3.1 at the API level (like Wine, unlike UAE), while improving on it in many areas. The source code is available under an open source license, which allows anyone to freely improve upon it.

and wiki:

AROS Research Operating System (AROS) is a free software/open source implementation of the AmigaOS 3.1 APIs. Designed to be portable and flexible, ports are currently available for x86-based and PowerPC-based PCs in native and hosted flavors, with other architectures in development.

So there you go. I don’t actually know that much about it, I just used it because I thought that it would be fun. As with ReactOS. Except that this one has an interesting logo.

In order to virtualise it, you can download a linux program that will display a window that has AROS running. You can also download a live system called vmwaros. Humourously, in the version that I downloaded, it does not start under QEMU, or Virtualbox, but does start in Microsoft Virtual PC 2007, a proprietary virtualisation system. Ironic.

vmwaros

AROS is pretty cute. You can do stuff like play doom. Lots more software is being ported to AROS.

doomIt’s ironic that the only virtualisation solution that has worked for me is a Microsoft product running on XP. Then again, it reminded me of the limitations of Windows when I used paint to paste the screenshots, which created 2.5 MB bmp’s, which wordpress can’t use, while GNU IMP converted them to 70 KB Jpegs. When you use Linux for long enough, you are surprised when things don’t work.

ReactOS; a free alternative to Windows 26 November, 2008

Posted by aronzak in Windows.
Tags: , , , , , ,
6 comments

“For every action there is an equal and opposite reaction” is where ReactOS, what is essentially an attempt at a free Windows clone, derives its name. The project aims to be ‘binary compatible’ with Windows NT, which XP, Vista and the upcoming 7 are based on, meaning that users will be able to run native Windows applications without forking out for a licence from Microsoft, or turning to Bittorrent. It’s an ambitious goal, which, understandably, will take a long time to reach. It’s still in alpha, and aims to be 50% compatible with the NT kernel in version 0.4. But, despite being in the alpha stage of development, it can run some programs without a hitch. You can download .iso images from the main website, or prebuilt disk images for VMware or QEMU. The OS should only be installed on test machines. Virtualising is safer and easier.qemu

Running ReactOS in QEMU seems to work quite well. The system boots up fairly quickly, but then runs slightly sluggishly, possibly because I have not set it up optimally. After the boot, you are confronted with a Windows 2000 look that just seems out of place in today’s operating system shells. There are no programs bundled with it (as one would expect from Windows), but you can use an inbuilt downloader that should automatically install programs from the project’s subversion repository. I didn’t have any luck with it. So, I quickly make an iso with programs from Portable apps on my USB stick. These run with a varying degree of success.

TrueCrypt, AbiWordPortable, Notepad++Portable, PortableAppsBackup, WinSCPPortable and 7-ZipPortable all seem to work.

PortableAppsMenu opens, and can spawn other applications, but it’s image is out. Otherwise it works.

ClamWinPortable opens a window, but does not have any icons, and freezes the OS after it successfully brings up a configuration dialogue.

VLCPortable cause the whole OS to crash in version 0.3.6, but running the latest build it starts. Icons are missing, however, and the logo seems to be upside down and blue (Inversed colours?) (???), some icons are missing, and trying to open a dialogue to open media causes the program to crash. Might be a long day tomorrow on IRC.

Both SunbirdPortable and PuTTYPortable had some errors and did not start.

So, as you see, there’s quite a range. But generally, there is a lot of programs that seem to be able to run fine. There’s a fair bit of testing going on, to establish application and driver compatibility, and to address issues. ReactOS is a neat collection of software that you can download and try out with virtualisation. But it’s not an OS to install on your computer, and probably never will be. One of the main premises behind the OS is that Linux is too complicated for most uders and they will never be able to use Free software that is diffrent from Windows. I think that this is wrong, especially given Linux’s long history of development. Also, doubts are handing in the air as to weather or not ReactOS really is a clean reverse engineering process, or weather code was stolen from the Windows kernel. There are no real IP threats to Linux.