Attended World Premiere of John Carter

I do not usually blog about movies nowadays much because I hardly attended any. However, recently, I was somehow lucky enough to get hold of tickets to the World Premiere of John Carter, based on novels which was written say, yes exactly 1 century ago by Edgar Rice Burroughs. When I first viewed the trailer, I was amazed and I thought avatar kinda ripped it off this movie since it was created 100 years ago. However, I must say I was kind of disappointed when I saw the Disney label on it because basically it would say : "No blood, no  extreme violence and definitely no sex!" Well I can't say I was totally disappointed with the Pirates of the Caribbeans, so maybe I should give it a chance.

To be honest, this was not the first movie based on the first book "A Princess from Mars". In fact in 2009, there was a STV movie made with the same title, which obviously flopped, gaining a 3.2 / 10 on IMdb. I was fortunate enough not to have watched that. I had not read any of the books too, so this movie is a fresh start for me.

Firstly, I must say, I am impressed with the 3D. It had came so far and in this movie, its not just cosmetics. The 3D effects actually tries to put the user into the world by feeling it. The story line is kinda old, but what would you expect from a 100 years old tale. However, you can see how this old story could had brought about others like Narnia, Stars Wars and Avatar. The creature created are not anything we had not seen before, but there are believable and some more cute than others. But I guess in the end, the leads had put in good effort into their characters and it eventually plays out well in the whole.

I really enjoyed the show and look forward to a sequel soon.

Goodbye Bullguard, Hello Bitdefender

One of the main Internet Security Suite I had been using is Bullguard Internet Security ( www.bullguard.com ). It may not had been the BEST and most accurate detector in the market, but it certainly had done its job protecting me when I somehow miss a click and allowed something to run. Bullguard is backed with Outpost's firewall and Bitdefender's AV engine, which in my opinion is one of the BEST in the market. Bullguard had its glory, claiming VB100 awards (http://www.bullguard.com/news/latest-press-releases/press-release-archive/24-06-2011.aspx) and what is most important is that it is user friendly. There aren't millions of click allows like some other AV suite such as Kaspersky or Qihun 360 which basically made the product totally unusable since I will be spending most of my time clicking "Yes, Allow, Remember (PLEASE!)".

But sad to say, my subscription is coming to an end soon and I am in the process to reacquire another AV product for my mainstream machines. I do not mind going again with Bullguard, but since the Windows Home Server 2011 issue, it had basically crippled all my PC Backups.


After some research, I decided to go with Bitdefender for a while since it was the same engine. just directly from the original AV company now. Moreover, the 2011 version had gotten really lots of good review. However, since I will be using the latest version, I will be using the 2012. Well, I will be posting some review of my own soon.

Where is my shell - Ubuntu 11.10

I know this is late, but I had been real busy in the past month over things which matters and does not matters. Eventually, I even missed to download and install Ubuntu 11.10 when it was out in Oct... But its better late than never since 12.04 is in alpha1 only and will only be available in April 2012.

The first thing I saw after a reboot as a culture shock.

The familiar top menu is gone and how do I start a shell? I tried right clicking and look for it on the top right, but its not there...

Well thats the good part about installing this late, but other people had done it and had wrote up documents on how-to do this and that. It seems that the terminal is not hidden inside the DASH icon.

http://complete-concrete-concise.com/ubuntu-2/ubuntu-11-10-how-to-get-a-command-line-shell-or-terminal

Anyway, this is the new desktop interface call Unity. At the first look, I like the new Ubuntu 11.10. Its about time Linux gets it right.

Racist Nandos made it onto my banned list

I had heard of the $2.50 for plain water incident in Singapore, but I had not visited it myself to find out how bad it really was. However, since I was in KL this weekend, I thought I should pop by Nandos and find out.

Anyway, here is the incident details about the $2.50 plain water incident.
http://caveat-emptor-singapore.blogspot.com/2011/06/poor-service-at-nando.html

So, I was at KLCC, and next in the line with J and had indicated to the waitress that I want a table for 2. I saw a table clearing up and I knew it would be my turn soon. And then another family of 3 arrived and they just walked in. Then they were told they need to wait in line first. Disappointed, they walked out, but before you know it, the waiter then came out and told then they have a table for them, totally walked passed me and tell them to come in.

I mean, WTF? Am I invisible or something. Or I get it. Most of the waitress actually have the same skin color and wear the same type of head dress with the family of 3. And I certainly did not see any triangle table which is designed for table of 3. If they can fit in a table for 3, why can't they fit in for a table of 2 first?

I told myself this is rubbish. I am a spending customer and I will not stand or this type of Bullshit. I can fucking spend my money elsewhere were I like it and I do not have to stand for your poor service and fucking racist attitude. This is clearly a case of discrimination against us and I swear that if this is somewhere else, I would meet them in court and make they pay dearly for this!

Anyway, FUCK IT. Nandos is on my banned list now.

Anyway, I was lucky though. Because I missed Nandos, I have a damn great dinner at Uncle Duck.

eNet problem with Chrome browser - Solved

Sometimes, we just do not have a choice. Some of the eGovernment services happens to use something known as eNets, which in my very humble opinion is still fucked up as ever. Out of the 2 times I have to use it in the pass 1 month, one of then returned a 404 page not found and the other one certain made me bang table.

Just put the 404 one aside since I do not care, as long as I attempted to pay, if the payment failed, I would point finger at Nets. The second case was actually much worse. But since I am here to bitch about it, I might as well start from the beginning.

It all started when I needed to renew some something which is not important in the story. And I ended up on the payment gateway. Its none other than eNets. I actually wonder why the Singapore government continue to use such a lousy payment system. Even some of the primitive China payment gateway works better than this. Anyway that aside it could be a left pocket right pocket things, it still doesn't solve my problem.

When I made the payment after filling up the big long form, a golden bar pops up on my Chrome browser. Well, it seems like it needs Java and Chrome had to be sure to ask me. +1 for Chrome. When I click run, it loads Java, but the form is still stuck, The fields are not enabled and I cannot type in anything at all. Now that sucks. I know I should go and complain, but I also know they will go tell me to use IE6. So just fuck it.

The most natural thing to do was to press F5 to refresh the page. And guess what, it failed once again and now I am unable to pay because there is an active sessions. Ok, thats a good precaution, but it suggest that I close the browser and try again. And so I did, losing all the entered data and I had to go through the forms once more. This time I tried to enable the Java run, but still it doesn't load. That's just fucked up.

Ok, if I am going to bitch about it, I might as well give everyone a solution here. On the payment form. there is actually a Cancel button. Go click that and you will be returned to the page which you came in from. You can submit the payment once more and since you already allowed the Java to run, it will load successfully this time, thus enabling you to complete you payment.

I know by the time you find this page, its probably already too late, but having a workaround sure beats having to go queue up and submit anything manually. I just hope that company like Nets wake up their idea and make their application compatible with other browsers! And IE6 is in no way the dominating browser anymore since a few years back!!!

Summary:
If Java does not load on eNets page, DO NOT REFRESH or PRESS F5!!! Instead, click cancel and you will be allowed to resubmit the payment request.

File association hell - File Types Change Grayed out

Ever encounter a really screwed up system where the file association sucks? For example, opening a ZIP file, it goes ahead and launches Acrobat reader... Ya, I think you know what I mean. And worse of all, not everyone has the power to go change it in the registry and ever so it may not solve the problem at all.

According to various forum, one way to save it is to set:

"NoFileAssociate" value DWORD=0
at these two keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explore
r
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explor
er


But if you notice, when you run regedit in admin mode, the current_user is admin, and not whatever user you may be. Also, let's say you do not even have admin right, then what? Come to think of it, how the hell did you manage to mess it up so badly?

If you are not admin and you manage to mess it up, it can only mean that you have the power and thus the responsibility to set it right. I am going to show you one of the way which I found out that works.

Find one of those file you need to associate. Create a fake one if you have to. Right click on it, Property.
Now, do you see the change button there? I had tried even in non-admin mode that the button is not disabled. So go ahead and use that to change it to whatever you need.

Another way which did not work for me is to go to any explorer window. Tool->Folder Option. Click on the File Types tab and there you can see the buttons Change as well. But for my non-admin case, the button is disabled and getting it enable is more trouble than worth it.

In any case, I hope this helps you. Drop me a comment if you find it useful.

Enable tab auto complete in command prompt

Often I come across PC which does not have the "tab" auto complete enabled and it can be very frustrating to work with. Actually I just realized that Microsoft even has a KB to guide you through getting this fixed.

Enable "tab" autocomplete in (DOS) command prompt:
http://support.microsoft.com/kb/310530

I figured its better for me to blog it here so that I can easily access this information when I need it.

1. Click Start, click Run, type regedit, and then click OK.
2. To enable automatic completion for the computer, locate and click theHKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor key.
3. To enable automatic completion for the current user, locate and click theHKEY_CURRENT_USER\Software\Microsoft\Command Processor key.
4. For folder name completion, double-click the CompletionChar value. Type in hexadecimal the control character that you want to use.
   
   For example, if you want to use the TAB key as the control character, the control character is 0x9 (type 9 as the value; Windows converts it to hexadecimal). If you want to use the same control characters that you use for a single command session, type 0x4 for CTRL+D and 0x6 for CTRL+F. You can use the same control character for both folder and file name completion.
5. For file name completion, double-click the PathCompletionChar value. Type in hexadecimal the control character that you want to use.
   
   For example, if you want to use the TAB key as the control character, the control character is 0x9 (type 9 as the value; Windows converts it to hexadecimal). If you want to use the same control characters that you use for a single command session, type 0x4 for CTRL+D and 0x6 for CTRL+F. You can use the same control character for both folder and file name completion.
6. Quit Registry Editor.

Flash Player 11 download fail at 12% AGAIN

It seems that that download issue for Flash Player still haunts some of of us. I had talked about it for Flash Player 10:
http://nemesisv.blogspot.com/2011/08/12-timeout-downloading-adobe-flash.html

The most direct solution is to download the full version from Adobe's website:
http://www.adobe.com/special/products/flashplayer/fp_distribution3.html

Here are the direct links:
64 bits - IE
http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_active_x_64bit.exe
64 bits - Plugin
http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_plugin_64bit.exe

32 bits - IE
http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_active_x_32bit.exe
32 bits - Plugin
http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe

Again, I stress this is for Flash Player 11 ONLY. Once a newer version is out, I strangly suggest you find an updated link.

Symantec Endpoint Upgrade Error "A necessary file could not be loaded: SAVCProd"

While upgraded my Symantec Endpoint from some old version to the latest 7000 series, all a sudden I get this weird errror :

A necessary file could not be loaded: SAVCProd

It turns out its due to the email component begin changed from one folder to another causing it to be executed from the wrong place. The details can be found on the official website:

http://www.symantec.com/connect/forums/necessary-file-could-not-be-loaded-savcprod

So, just take their recommendation and disable ccApp.exe to boot up and everything is fine. 

Even Java now installs spyware

Do you get a surprise when you install the latest version of Java Runtime for your browser?

Don't be. Its a documented "feature" on Sun's webpage.
http://java.com/en/download/faq/ask_toolbar.xml

Well, looks like even Java cannot be spared from bundling with spyware in order to obtain "statistic" from user. Well, they do say that there is no free lunch. Especially not from Sun.

Warhammer 40K Windows 7 Theme

I went around looking for a Warhammer 40k theme and found one, but the site is installing all sort of spyware when downloading the theme. So, I manage to just rip out the theme in a VMWare and I uploaded it myself for you to take it as it is. Just all the desktop wallpaper, in 30 mins interval.

Download:
http://www.fileserve.com/file/pVhAZxa/W40K-SM.themepack

Here are some preview:

Region Free for Philips Immersive Sound Home theater HTS3560 Blu-ray

At Home screen, type on your remote: 13893108520 

This will display all of the current settings for your player.
Region_Code: DVD(X) BD(A)

This will not change any settings, but will report your current settings. So it's a reporting function only. 

If your X is 0, its already region free.

To change your DVD region settings try the following:

Turn on player with no disk inserted
Press "Home" on the remote control
Press and hold "stop" on the remote control, until you see the eject on the display
Press 259 on the remote control
After enter the code 13893108520 again on the HOME Screen and the player will show Region_Code: DVD(0) BD(A)

Now the buttons on the front of the player do not work anymore....

You will need to go to SETUP and click on RESET FACTORY SETTINGS....
Wait until the player restarts and now you can play all DVD regions

Hacking the company's laptop PART 2

In the previous articles, I mentioned how easy it was for me to obtain my administrator’s right simply by social engineering the IT support department. However, that doesn’t not solve ALL the problems we have. It is good to have a laptop with an additional local admin account, but it is not enough to simply have that. There are still other helpless laptops out there. Ultimately, what I wanted was the admin account so that I can help them out too.

While I have my admin rights, it’s easy and simple to just change the password of the admin account to whatever I like, but that’s not my aim. I also realized that in order to push my hacking tools onto the laptop to extract the password hash, I will probably have to disable or uninstall the antivirus system because it is basically blocking and deleting my software whenever I copy it in.

Touching the antivirus is probably not where I want to go. Basically, messing with the antivirus may trigger some audit alarms which will not look nice on me. Secondly, I may not be able to properly uninstall or install the antivirus back because it may have a secondary password or some required files for the group policy. Enterprise level antivirus usually has all these additional stuffs. Destroying the antivirus will be a last resort for me.

Just to recall in the first article, the hard disk has a disk based encryption and that is why I am unable to use a boot disk or boot CD to extract the password hash.  In short, I am pretty screw if I continue in this path to try to extract the password hash. In a separate thread, I did manage to break one of these systems using a floppy boot up, but that’s another story. I had another thought. That is to install the system console and boot that up. But the chances that I will be able to run or do anything else in that restricted shell is quite close to none. So, what will be better than the password hash? Answer : The password itself.

So, how can one get the password? Let’s backtrack this a bit. How does the IT department upgrade and change all our passwords? Typically if you work smart, you will either push it down a GPO or use some sort of batch processing, maybe even SMS or WUSS. Now, being such a huge enterprise, I would guess they would use at least one of these. I strike GPO off because the admin account is a local account. So, what I will do is to find out how they changed the password (in batch).

I do not know why, but my IT department like to leave a link to their software repository around on their desktop. I guess that’s probably the root of corporate piracy if any happens here. In any case, this is the place I would start. Looking through the folders, I basically had gone through these times to times for other reasons, so pretty much know which are the new stuffs, or simply just sort them by date. Then from the new folders, I found another link to another server which contains the new software sets for this upgrade. Now, this will contains the binaries for the antivirus. I almost thought that I would reconsider breaking the antivirus and reinstalling it back using these binaries. Until I saw a very obvious file in the root directory.  It sound like jackpot. In fact, there is even a file call “ChangePasswordforXXX.exe” lying around there for the picking. Bingo.

So, this is a exe file. I would like to break it apart using IDA Pro or other debugger, but just throwing at a long shot, I thought I would start with a text editor instead. Based on my experience, most people do not encrypt or even obfuscate their binary. I had been able to break many applications and website basically because the binaries is not protected. Again, this enables me to accomplish what I did. By looking through the binary file, I notice this is a simple WISE installation binary. Yes, actually I already knew that when I saw the icon. They did not even bothered to change it. WISE has tendency to leave some of the configuration in clear text even when it is compiled into a binary. That is the reason why I saw the things I saw without even the use of a debugger. Somewhere in the file, I saw the password I was looking for. In fact, I did not even really take a look at the file, I simple do a search for “password” and I am brought to that offset in the file.

The password was long, complex and consists of alphanumeric with upper and lower case and symbols. But it is just another password hacked by me today.

As an added bonus, I even got hold of an additional password in the file just right below it. It is the encryption password for the harddisk. I haven’t figured out how I could use it, but I guess it will probably be useful, someday.

Hacking the company's laptop PART 1

This articles talks about hacking and other activities which may seems to be illegal and will certainly get you into trouble if you are caught doing it. I would advise you read it as a form of entertainment and treat it as entirely fiction without any truth in it. Ok, let’s set this imaginary environment.

WE all had laptops for a long, long time that I did not even remember the days where laptop did not exist. Due to special considerations, my department had always had the privilege of admin rights on our laptop due to the work we do. We are required to install software, run privilege tasks etc on a daily basis. We never imagine the day that this would end. We never had the problem of facing this. Until now.

Due to new firm requirement, we are required to upgrade to a new version of the laptop OS with some enhancements as well as a new set of software for our work. This time, the top management came down on us hard and decided that we should not have administrative rights to the corporate laptop because we are supposed to perform our privileged task on another laptop. Ok, let’s leave that out of our story. The fact that we may be caught out in the field for weeks, it does not seems logical that we do not have access to our email and other corporate information systems. Therefore, we NEED to have administrative rights to the laptop. SOMEHOW.

Let’s pause for a minute if you feel that we need to discuss the moral and legal issue here. Like I said, its an imaginary environment. By all rights of standard, we should never have to ask for any thing and everything is given. However, this does not actually happen in the real world or for that matters, this imaginary world of our. So, someone needs to be the hero. Someone need to break some rules. Someone will have to do it. Yes, I know, that would be me.

Ok, lets come back to the story. So, many of us find that we cannot even insert a thumbdrive (oops, sorry, flashdrive) without triggering an administrative prompt. Life has been hell since the upgrade and it seems like the end of days is just about to begin. Unknown to most, a few of us are already beginning to work on this “problem”. The intention is just to be able to have enough rights to perform some of our installations etc without having to tear the laptop apart. Of course, in the process, we would not want to trigger any alert or alarms as well. Hackers get caught. Good hackers DON’T get caught.

So, we narrowed down our options. One of the endgame objectives would no doubt be the administrative rights. A more direct answer would be the administrator password. And inside our laptop, there is the local administrator account, which is used by the IT support department to roll out updates and perform installation on our laptop. This seems like the very object we want.

Usually before I go about the hard way, I try the easy way. In fact, the easy way usually works. I tried a few passwords. No luck. In fact, I was very caution to ensure that password lockout was not enable on this account. For very obvious reasons, if this account is lockout, it will be difficult to recover the system. I always wonder if this is the reason why everyone wants to attack the admin account, beside than knowing it has the rights of god on the machine. So, it does not use a simple password.

Another very direct way to recover a system is to wipe the password. This is more effective than you can imagine. I had broken tons of laptop whose owner does not want me to enter their system by simply rebooting into my boot CD and wiping off the administrator password. However, we have a problem here. This system is protected by a disk based encryption. When we boot up from a foreign OS, the encrypted partition simple will not mount. In fact, this was one problem I was dying to crack. Anyway, wiping the password is not the way to go.

Another approach is to extract the password hash. We all heard of rainbow tables and LCP. I guess this would be easy. I had extracted lots of passwords hashes in the past using PWDump or FGDump. One obstacle lies ahead. Antivirus. The antivirus is switch on to the maximum mode which simply detect and delete anything and everything it feels is dangerous. This includes some of our tools which we use for work as well. Nasty. The question is : Do I want to break the antivirus as well? Antivirus firm has spend millions on R&D to ensure their solution works and works well in a corporate environment. I am sure they had figured out that someone will want to disabled or uninstall their product in the corporate. Secondly, I also do not want to trigger some alarm if I had my antivirus off.  

I am trying out a new look and feel for my blog. Its been a long while since my previous theme and I thought I should give it a change. Let me know what you think!

Breaking Deep Freeze 6

I had came across Faronics Deep Freeze and despite what they claim on their website, it is not as secure as it seems which I will show later in this post.

First, some links to the official product:
http://www.faronics.com/enterprise/deep-freeze

And before I do on, read about the Unfreezer which written by Blackhat Emiliano Torres.
http://usuarios.arnet.com.ar/fliamarconato/pages/edeepunfreezer.html
He had managed to break Deep Freeze again and again, at least until v5.7. Then there was nothing. Did version 6 onward finally defeated all the hacks? Well, I am going to the answer is NO. In fact, it just got simpler!

Before I go about talking about hacking Deep Freeze, let me show talk about the critical flaw in the design which can cause some totally disastrous situations which is irrecoverable.

Lets imagine for a moment that you suspect there are malware in the system and the malware is going to clean it up at the next reboot. But hell, you have no idea there was a schedule scan at reboot and you freeze your system drive. What is going to happen? It will boot up and scan the HDD and then maybe it will find the malware and remove it, but it doesn't matter because its frozen. And at the end of the scan, the anti malware would reboot to make sure you boot up clean and good. And then it will reboot, and because the flag for "I have already scanned" is actually not save, it would scan again. Infinite loop. So totally screwed aren't we.

Similarly, if you have a really good defrag program like PerfectDisk or similar product which allows your to perform a boot time defrag for your system files, you can imagine it will be the similar case above. Defrag and it will try to set flag and reboot, but it will not change the flag and it will loop forever.

And now this is the part which I talk about the flaw. YOU CANNOT UNFREEZE UNLESS YOU CAN BOOT INTO WINDOWS!!!! So, there is no way out even if you have the password, the admin access and the physical. OK, let me take it back, you can if you read on. But otherwise, its great format time and a good round of curse and swearing at Deep Freeze.

Now, you will notice I had talked about the flag in the above case. That is the same principle we are going to use to break Deep Freeze. Let's take a look at some of those boot up files which are in Windows system and main directory:

• DepFrzLo.sys (kernel driver)
• DepFrzHi.sys (filesystem driver)
• dfserv.exe (service)
• frzstate.exe (password dialog)
• persis00.sys (password file and “on/off switch”)

If you are sharp, you would already know how I would do it. During one of the penetration test, I was asked if I have and do-not-have physical access, how would I do it. So, lets tackle the have physical access first because its definitely easier.

You can go ahead and delete the filesystem driver, which does not work. The trick actually lies in the persis00.sys or persis0.sys depending on which version. What you will need is the trial version at least and install it on another system with a known password since you install it. Then boot it up and unfreeze the drive and shut down. Copy out the file. I will advise using a WinPE based boot up vie a LiveCD or Mini-XP to read the file out.

What you need to do next is to plant and replace the locked file in the target drive. Using the same method, boot up your LiveCD and mount the drive. Then just replace the file. YES, its that simple. Nothing prevents you from doing anything at all from the LiveCD. Make you feel pretty stupid paying so much for this piece of software don't it?

Anyway, after the file had been replaced, boot it up and its unfreeze. Uninstall it, reinstall it, do whatever you want. And remember to get the flag for your anti malware or defrag software set before getting stuck again in another infinite loop. But what the hell, as long as you keep your unfrozen persis00.sys handy, break it is only limited to how fast your LiveCD can boot up.

So, what if I have no physical access? OK, this part is concept only, since I did not completely test it. Deep Freeze does not protect the boot MBR if you bypass the mass IRP hooking using another driver. OK, you will look at me and give me the WTF look. Yes, Deep Freeze uses rootkit technology obviously. Their IRP hook however could be bypassed. One such tool is MBRKit. With that in, all you need to do it to redirect the boot up somewhere else. For example, another mini-Linux with Samba image. Then put in the boot up script into the boot image to replace the file persis00.sys and of course do remember to set the boot back to normal once it had successfully done so. So does that sound far fetch. Of course NOT. But it has man risk which may cause the system to hang up etc, so extensive testing is required to create such an attack. Of course, I think I just gave the concept design for a Deep Freeze attack rootkit.

So, Deep Freeze is totally crap. No, obviously not. It just had its flaw. Is there a way to prevent this attack. Yes. Consider full disk encryption. And NO. Even with a full disk encryption, there is an unencrypted partition and that could be attacked. Unless its pure hardware based implementation.

I hope this very long article is help to give you some insight on Deep Freeze. While this exposed on way to overcome it, it can prove to be helpful in life and death situation such as the one above. I hope Deep Freeze give this more thought rather than the "We will think about it" when they got hacked by Emiliano Torres.

Download the workable Anti Deep Freeze Rootkit here:
HAHA, sorry no download! :P

The mysterious LGA1944

While surfing on Asus support website (http://support.asus.com), I notice there are 2 new categories of motherboard listed. They are the LGA2011 and the LGA1944. I know whats LGA2011. That's the supposed motherboard which will house the X79 chipset coming in at Nov 2011. But what is socket LGA1944? Could the industry been keeping so quiet about a secret socket that nobody had heard about so far?

I did some research and found out that the LGA1944 could be the socket to support the G34 chipset from AMD. So here we have it. There is no secret socket and neither is it for Ivory Bridge...

COMEX 2011 Brochures Mirrors

I had uploaded the brochures for reference.

Hardwarezone's :
http://www.fileserve.com/file/y6ecmzw/Comex_2011.7z

Bootsrikes's:
http://www.fileserve.com/file/XkA7H59/comex2011.zip

Today is the last day for the fair!

PC Tools Threatfire vs Windows Home Server 2011

I had merely touched on a Anti malware called Threafire (http://www.threatfire.com/) in my previous post, which claim to be very effective and could be combined with other AV products to increase effectiveness. I had tried the product for a while in the past. It is not very heavy in memory, but I think eventually, it is something like a IDS with cloud analysis. This is a really good and cheap addon if you only have the AV component.

For my WHS 2011, I had been tweaking to get the best AV/Firewall combination working. In the end, my last configuration was:

• Comodo Internet Security 2011 Pro (Firewall Off)
• Threatfire 

It turns out that I am unable to open the Dashboard from a remote workstation. I pinpointed the problem to Threatfire somehow blocking it and there is no configuration to unblock it. So, in the end (for now), Threatfire is kicked out of the WHS and everything is working fine now again.

So, after a extended period of hunting, the best combination I could get working is Comodo Internet Security 2011 Pro without the Firewall enabled. Let me know how you addresses your WHS 2011 AV/FW needs!

Private Firewall and Comodo Anti Malware

I had previous mentioned that I had given up Bullguard (www.bullguard.com) in favor for 2 products on one of my system and so far it seems to be working good. Let me talk a little more about these 2 products.

First, its a FREE personal firewall call PrivateFirewall. Something special about this firewall is that it does a little bit more than the normal host based firewall. It does process detection, anti screen, key logging as well as system anamly. These are actually very good measures against trojans. Because it does not actually have a detection modules, Trojan may somehow be able to install, but when it tries to does anything funny, PrivateFirewall is likely to be able to catch it and terminate it because it connects back. Its not fool proof, but at least it does that part the firewall should.

Download PrivateFirewall from:
http://www.privacyware.com/personal_firewall.html

Therefore I still strongly recommend that a malware detection engine be installed. In this case, I choose AD-Aware FREE. IT does not have the Firewall, which is only in the PRO version. Ad-Aware had ben gaining some attention recently and I reckon that I should give it a chance. However, I am not sure if its because it doesn't play nice with other security products, I am unable to activate the other components besides than registry which then is pretty useless for me.

If you are not using Private Firewall, Ad-Aware may work for you:
http://www.lavasoft.com/products/ad_aware_free.php

So, my quest continues for the Anti Malware that works with PrivateFirewall and I eventually end up with Avast (for now). Avast FREE had always been one of the more popular choices because of its high accuracy and effective protection. However, it was a bit heavy on the GUI resources and I kinda avoided it until now.

So, here is the link to get Avast FREE. You will have to activate it with your email though.
http://www.avast.com/free-antivirus-download

Lets see how this deployment goes and I will post some updates again soon.