Hello world! 哈囉!

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!

廣告
張貼在 未分類 | 1 則迴響

The block message from Norton DNS

Recently Norton was announced beta DNS service – http://nortondns.com/

 

I was always curious the warning picture or block message of Norton DNS? Finally, I have a chance to meet it on my computer – The block message from Norton DNS:

 

  

Look like it’s really effectively, not only provide DNS query.

I like this weekend surprise. Awesome!

張貼在 未分類 | 發表留言

Preview of Security Management Online Service – Intune

The beta edition of Windows Intune was announced in 2010/4/19. In usual, system administrators are managing enterprise computers via group policy and other security server – such as WSUS. And employees only can update latest policy when they connect to intranet network.

 

But currently, companies have more and more mobile users at their branch office or partner office. So how to keep computer to compliance enterprise security policy is a important issue. Windows Intune is a similar solution for security management. But the different is, the server is in the “Cloud”, not in the company’s server room.

 

Manage console of Windows Intune( Source: Windows Intune Overview )

 

Basically, Intune can:

1.      Manage the hotfix or service pack for Windows platform. Just like WSUS in enterprise network.

2.      Deploy and manage antivirus software and virus definition.

3.      Centralized security policy, such as enable or disable firewall.

4.      Help desktop from remote IT, I guess this may similar with Remote Desktop Service.

5.      The inventory management for software and hardware.

6.      Platform supported: Windows 7 Enterprise/Ultimate/ProfessionalWindows Vista Enterprise/Ultimate/ BusinessWindows XP Professional with SP2/SP3

 

Currently this service only provide via Microsoft online service. I’m still curious about the authentication about administration permission when patch deployed, or other similar issues. However I believe that one day the answer will be find out when production version is announced.

 

More information: http://www.microsoft.com/windows/windowsintune/default.aspx

張貼在 未分類 | 發表留言

MS10-015的檢測工具

Windows是否會因病毒導致更新MS10-015後當機,

可透過這篇文章來檢測。該文章提供兩支程式:

 

1. 並執行Fix It,若沒問題則出現如下畫面:

 

2. 若有問題,可透過MpSysChk.exe取得建議做法

Mpsyschk.exe:主要掃描程式,亦可單機掃瞄

Run_mpsyscheck.Sample.cmd.txt:多電腦掃描的script

 

 

有病醫病、無病強身,這樣的程式,

應也可視為一種特定Rootkit的掃描工具吧!

 

原文網址:http://support.microsoft.com/kb/980966

張貼在 未分類 | 發表留言

殺人鯨病毒事件回顧

最近有一則殺人鯨殺人的新聞

除了引發一些動物的心裡探討之外,

在病毒圈也造成話題,

 

該新聞最早於2/24發布於國外
中文版約2/25陸續出現在許多電子媒體上;

至於病毒的消息,則是2/26資安顧發表,

2/27中文病毒新聞也跟著發表。

 

2/25當天,我看到消息後,

搜尋了一下相關新聞;當時不是為了病毒,

純粹是興趣。但卻意外發現此病毒。

 

現在此病毒許多已都移除了,

不過我2/25當天有抓一些,有興趣的人可參考。

 

以下是2/25搜尋的結果,其中第三筆就是病毒網站!

請注意McAfee警示仍為綠燈,也就是認為它是安全的。

(以下是Google的結果,用Bing則無此病毒網站)

 

 

點了之後,就轉址到病毒網站了(下面是假裝掃毒的頁面)

 

 

要離開時還會貼心的提醒你。

 

該網站目前已移除了;至於後續狀況,

已有很多病毒的分析報告,在此不冷飯熱炒啦!

 

 

心得:

 

雖然假掃毒真入侵是老掉牙的手法了,

但讓人我訝異的是,新聞出來第二天、新病毒馬上現身,

SEO排名之高、用詞之貼心,讓人不點也難

 

難道新的機器人,可以自動產生新病毒後、

從新聞抓關建字、加到病毒網站、

然後一頁之間拉高搜尋排名、而不需任何人為操作?

張貼在 未分類 | 發表留言

Microsoft Security Essentials in Traditional Chinese now available

Microsoft Security Essentials in Traditional Chinese language,

now available for download!

 

 

 

Click here:

http://www.microsoft.com/security_essentials/default.aspx?mkt=zh-tw

 

And just click “Save”

 

 

Ps. Thanks for Alex Chou’s sharing!

 

張貼在 未分類 | 發表留言

BSoD is because rootkit, not MS10-015 hotfix

The hotfix MS10-015, which announced on 2010/2/9, was leaded to many BSoD situations.

Many users and companies complained and pending the hotfix deploy temporary.

 

After the test by MSRC, they found that the BSoD is not because this hotfix.

The true reason is because the rootkit named “Alureon”.

 

On MSRC they listed the debug processes. Basically,

If the user infected Alureon virus and then install MS10-015 hotfix, the BSoD occurred.

But if user install MS10-015 hotfix first then infected Alureon virus, then BSod won’t happen.

 

 

I think it’s really hard working to find out the real problem about BSoD,

especially it’s a rootkit virus. And after this report announce,

I think it’s about time to deploy this hotfix in company or enterprise environment.

However it’s also need to test more carefully in pre-deploy phase.

 

 

 

 

張貼在 未分類 | 發表留言