Thursday, May 31, 2012

PC TuneUp – Spyware and Virus Removal

One of the biggest issues I see when I am dealing with a computer that needs a tuneup is the slowness from viruses and spyware.
I like to first cleanup the temp files viruses and trojans are know for being in the temp directory the best tool I find for cleaning out the temp files is ATF Cleaner.  Just select all then hit clean and all those files are cleaned.  This will also free up space on the hard drive we will be going over temp files and hard drive space in a later part of this series.
The next thing I do is I run Spybot being the ideal spyware removal tool.  After you install spybot make sure you do the updates before running the tool.  A lot of times people run spybot with out of date spyware definitions and a lot of spyware gets missed on the system.
The next tool I run is Malwarebytes again same procedure as before update your spyware definitions before running.  A quick scan is good for getting those few pieces of spyware that Spybot could not get but if you want to be thorough run a full scan this will take longer but in the long run might catch something that been sitting on your hard drive hidden.
Another tool I run is CWshredder this tool is great at getting rid of browser hijacks.  This is that unwanted homepage or bookmark you did not want and can’t change or get rid of no matter how hard you try.
Now that we have removed most if not all spyware lets focus on any viruses.  The first anti virus I run is web based so not much install is needed but you you will need an active internet connection HouseCall by TrendMicro does a good job.  During the install you will be prompted to do all updates and again do a full scan this will search all directories on your PC to make sure you have a trojan sitting in a common folder or in system32.
The last step I like to is install an anti virus for day to day use.  These tools are great that I have suggested but do not give you real time protection.  I am a big fan of Free AVG it’s free and has anti virus and anti spyware built in.   During the install process you will be prompted to do all updates and again do a full system scan so this way you can catch anything that HouseCall might have missed.
I recommend doing all scans in this article in Safe Mode some times regular mode has locked files and other issues can arise plus the scan will go faster due to less resources being used on the PC.
Please look for my entire PC TuneUp Series as I will be posting the Helix Zones first multi part series this month.

Tuesday, May 29, 2012

Hamfest On Saturday June 2nd

As everyone knows I am a HAM Radio Operator I enjoy attending HAMFESTS.  I will be attending this if anyone cares to join me on Saturday looking forward to seeing everyone there.

Pandora Revenue and Business Model

Pandora a decade-old company which relies mainly on advertising and subscription revenue and competes with traditional radio, satellite radio and upstarts like Spotify, Rhapsody, iHeart Radio, and TuneIn just to name a few.  Pandora's subscription based service called Pandora One is $36 a year which allows for more skips and ad free listening.  Pandora has never disclosed how many Pandora One subscribers they have from research I have done on the internet the estimated number is 800,000.
The company has over 150 million registered users with about 52 million active listeners that have given Pandora almost a 6 percent share of the U.S. radio listening market.  The company has made huge strides on the mobile market clinching a spot in the top 25 most download apps.  But the company has admitted that they only make about $20 dollars for a 1000 hours of listening on the mobile app which is down in comparison to the $80 it makes on the PC for the same amount of listening hours.  The company lifted its 40 hour a month restriction to help gain more advertising revenue.
Pandora has taken some negative press after Timothy Westergren co-founder of Pandora said the company had 80,000 artists, 800,000 tracks in its library.  Spotify had made mention that they have over 15,000,000 tracks in there library which made Pandora look inferior but over all Pandora's loyal fan base stood by them.
Pandora reported that first-quarter revenue rose 58 percent to $80.8 million blasting past analysts average forecast of $74.3 million as the company scooped up more advertisers.  Pandora a mostly free service that recommends music based on a listener's playlists, also raised its full-year revenue outlook. 

Friday, May 25, 2012

Video Blog 5-25-2012

Video Blog 5-25-2012
Our video blog our Top 5
1. Facebook IPO Fraud Issue
2. Apple App of the Week
3. Facebook Camera App
4. Google Purchases Motorola Mobility
5. IBM Bands Siri, Dropbox and iCloud

Marriott Wireless Security Issues

Marriott has says it stopped Ad Service hidden in free wireless.  The free wireless connection inserted lines of code for serving special ads into every Web page a guest visited.
The Marriott's corporate headquarters said it has investigated the situation and disabled this feature at two New York hotels the Courtyard by Marriott on W. 40th Street as well as the Residence Inn on the Avenue of the Americas.
The company said in a statement that it was not aware of the ad-serving practice and the security of people’s data was not at risk. The Marriott said it did not approve of this practice:
"As soon as we learned of the situation, we launched an investigation into the matter. Preliminary findings revealed that, unbeknownst to the hotel, the Internet service provider (ISP) was utilizing functionality that allowed advertising to be pushed to the end user. The ISP has assured the hotel that this functionality has now been disabled. While this is a common marketing practice with many Internet service providers, Marriott does not condone this practice. At no time was data security ever at risk.  We will continue to look into this matter and find opportunities to remind our hotels of Marriott’s high-speed Internet policies."
Justin Watt a Web engineer with a background in making advertising tools, discovered that every Web page he visited was being rewritten with new code that could allow a company to inject its own ad banners. “Imagine the U.S.P.S., or FedEx, for that matter, opening your Amazon boxes and injecting ads into the packages,” Mr. Watt said in a previous interview.
The lines of code contained references to RXG which stands for Revenue Extraction Gateway a service aimed at generating money from Internet access points. A company called RG Nets offers the service.  Some hotels have went as far as to charge for internet plus make money on ads.

Thursday, May 24, 2012

Arnold Schwarzenegger Shakes Hands With Predator

This to me was just classic.  I love how Darth Vader is in the audience by the way.  Can't wait to see Arnold in the Expendables 2 along side Stallone, Norris and Van Damme. Kevin Peter Hall is credited as being the Predator in Predator 1 and 2 how ever what most people don't know is Jean-Claude Van Damme was an uncredited character he was one of the stunt man Predators.

Wednesday, May 23, 2012

Network Users Are The Biggest Security Issues

The fact is that the biggest security threat to an organization is there users.  In a 2006 survey called Information Security Breaches they found that 32% of Information Security attacks originated from internal employees while 28% came from ex-employees and partners.

Experts in Europe and the US estimate that over 50% of breaches result from employees misusing access privileges, whether maliciously, unwittingly or unknowing.  So securing the enterprise isn’t just about stopping external threats. It’s just as important to contain the threat from hapless, hazardous or naive employees.
One of the key internal threats to corporates is spyware, because it’s all too often introduced without malicious intent, by employees that naively click through a couple of pop-up browser windows, or install an unapproved application on the network. The situation isn’t helped by the myths that surround spyware.

Keven Mitnick has made a career out of educating people and users on social engineering.  Mitnick has said on many occasions that people are to willing to help others by giving out information.  As long as a user knows the lingo they get the information.  Verification of identity is so import for protecting your company.

Monday, May 21, 2012

Foursquare Revenue Plan

Despite Foursquare's garnering a $600 million valuation in an investment round last year, some investors are skeptical about its prospects.  Others just seem to find the app and the whole concept of checking in every place they go annoying. 
Foursquare has come up with an interesting concept of awarding badges, mayor ship and sharing that has made the app very popular among users and has made the company growth study and solid.  The company founder and CEO Dennis Crowley has over 100 employees and is described as a very hands on CEO.
The three year old company has a user base of 20 million people who have accumulated over two billion check ins.  The company has over 750,000 businesses that use the platform companies by the name of Pepsi, Walgreens and American Express just to name a few.  The company has been competing with Instagram, Facebook (FB), Groupon (GRPN), and Yelp (YELP).
Foursquare is looking at using coupons as a form of revenue.  This will require some tweaking of there app to help point users toward those places that they have checked in or other friends have checked in.  They have made changes to there app for recommendations that are tailored to the individual.
Foursquare has a lot of work a head of it now that they have built there user base they need to focus on making revenue.  The biggest problem with any .com company is making sure they have a revenue stream.  After 3 long years Foursquare as a company knows they need to produce a revenue stream or investors will pull out.  The revenue stream will also be important if the company decides to take the company public with the latest .com IPO boom.  For Foursquare I hope they are able to compete and continue on against composition and revenue issues in the future of there business.

Thursday, May 17, 2012

Top 10 E-mail Scams

1.PayPal Account Needs Attention

2. Ebay account needs you to verify your bid

3. UPS Package needs to be delivered

4. You inherited large sum of money from foreign relative.

5. Lottery Winning Scams

6. Best Stock Tips

7. Mystery Shopper Wanted

8. Cheap Medication

9. Your Bank Needs To Verify Your E-mail

10. Over Payment Scams

Wednesday, May 16, 2012

Windows 7 and Windows Server 2008 R2 Print Driver Isolation

I was having and issue with print drivers and print processes at a client and this information and article helped me out tremendoulsy.
There are three basic modes of isolation that can be configured for individual print drivers:
  • None – in this mode, print driver components are loaded into the spooler process. This is essentially the model found in previous versions of Windows
  • Shared – multiple drivers that are set for isolation are loaded into a single shared process space that is separate from the spooler process. Although this protects the spooler process, the drivers that are in shared mode can affect one another
  • Isolated – each driver is loaded into its own process space. This protects the spooler from individual driver failures, and also protects drivers from each other
Remember that the modes are configured on a per-driver and not a per-system basis. One other point to keep in mind – not all drivers will run in shared or isolated mode. Drivers that call spooler functions or a printer’s configuration module directly will need to run in “none” mode. The driver developer can advertise whether or not their driver supports isolation mode. Now lets take a look at how the new model works.
Anytime shared or isolated mode is used for a print driver, a new process – PrintIsolationHost.exe – is launched by the DCOM Server Process Launcher for each “print sandbox”. The print processor, the rendering module, the configuration module and the miscellaneous driver files are loaded into the address space for the new process, instead of the spooler’s process. The spooler essentially proxies calls for the print processor and other driver components in the PrintIsolationHost.exe process and DCOM is used for inter-process communications. Something to note here – if you examine the spooler closely you’ll find that the print processors are loaded into both the spoolsv.exe and the ProcessIsolationHost.exe processes when shared or isolated modes are used. For the print driver that you put into shared or isolation mode however, all the processing takes place in the processor in the ProcessIsolationHost.exe process. The duplicate loading of print processors is to accommodate drivers that may be running in “none” mode at the same time.
Let’s look at what this looks like in Process Explorer. We’ll look at Isolation Mode since that is the most complex of the three modes. In this mode, there are a number of differences from the printing model that we have been used to. As we mentioned above, the print processors and print driver components for each isolated driver are loaded into a separate PrintIsolationHost.exe process. Within the spoolsv.exe process and all PrintIsolationHost.exe processes, there is a new DLL, PrintIsolationProxy.dll that proxies the calls for specific printers between the processes. In the screenshot below, we can see that the spoolsv.exe process is running as normal – the printers installed are all running with no isolation mode specified.
Now let’s take a look at what happens when we put two print drivers into Isolation mode. Initially you won’t see anything in your Process Explorer view. However, once the printer is used, you’ll see the PrintIsolationHost.exe processes and the PrintIsolationProxy.dll
The reason that you don’t see the PrintIsolationHost.exe process spawn immediately after switching a driver to isolation mode is for better resource management. The process is called when needed, and is closed when not required. In shared mode, the printing model is very similar to isolated mode, except that you will only see one PrintIsolationHost.exe process – unless you also have drivers running in full isolation mode at the same time.
Now that we’ve covered some of the basics of PDI, let’s talk about configuring PDI via Group Policy. There are two new group policy settings that you can use to control the isolation mode of drivers on machines to which the policy applies. Both settings are in the Computer Configuration\Administrative Templates\Printers. The two settings are:
  • Execute Print Drivers in Isolated Processes– there are two settings
    • Disabled – Completely disable driver isolation, resulting in all the print drivers being loaded into the print spooler process as in previous OS versions. This would be a way to force “legacy” mode
    • Enabled or Not Configured – Allows driver isolation, in which case the driver isolation modes can be set as needed (or as specified by the OEM)
  • Override Print Driver Execution Compatibility Setting Reported by Print Driver– again, there are two settings
    • Enabled – Forces drivers flagged as incompatible with PDI to run in “shared” mode
    • Disabled or Not Configured – whatever isolation compatibility advertised in the .inf file for the driver is honored
The values for these policies are stored in the registry at HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\ in the following values:
  • PrintDriverIsolationExecutionPolicy
  • PrintDriverIsolationOverrideCompat
A value of 0 = disabled, and 1 = enabled. If the policy settings are “Not Configured” then these values will not exist in the registry by default and the system assumes the default settings as discussed above.
To wrap up this post, we’ll take a look at some of the registry values that can be used to modify PDI behavior – specifically the lifetime and recycle behavior of PrintDriverIsolation.exe processes. These values exist in the HKLM\SYSTEM\CurrentControlSet\Control\Print\ key.
Value Name Type Description
PrintDriverIsolationIdleTimeout REG_DWORD Time in milliseconds that specifies the maximum time a printer driver isolation process should remain idle before it is shut down.
PrintDriverIsolationTimeBeforeRecycle REG_DWORD Time in milliseconds that specifies the maximum time span a printer driver isolation process should be used for before it is shut down / restarted. The shut down and restart sequence reclaims memory potentially leaked by drivers
PrintDriverIsolationMaxobjsBeforeRecycle REG_DWORD Specifies the maximum number of operations a printer driver isolation process should be used for before it is shut / down and restarted. Again, the shut down and restart sequence reclaims memory potentially leaked by drivers
In instances where you might suspect isolated drivers leaking memory or if you have a large number of PrintDriverIsolationHost.exe processes, these settings may be worth tweaking.

Tuesday, May 15, 2012

Facebook Raises IPO Price Range Making $12.1 Billion Public Offering

Facebook Inc. raised the price range for its initial public offering.  The stock was said to open at $28 a share. Then it was bumped up from $28 to $34.  We then heard that the stock was bumped up again to $34 to $38 a share.  This makes Facebook's IPO to raise 12.1 billion.  Making it Silicon Valley's biggest public offering.
Facebook executives have been pitching the social network's stock to investors on a roadshow since last Monday.
The jump in price was said to be due to overwhelming demand by investors on the roadshow.  The company's initial price range put Facebook's evaluation at $77 billion to $96 billion With this recent hike puts Facebook's evaluation at $93 billion to $104 billion.  Facebook will pick a final price Thursday Night.  Thursday night its final IPO documents must be filed with the Securities and Exchange Commission. They must do this before its first day of trading Friday.
A new poll out by Associated Press-CNBC poll
shows more then half of Americans think Facebook is a fad and that it will be the next MySpace.

Monday, May 14, 2012

Oracle Zero Day Vulnerability Still Not Patched

Oracle Zero Day Vulnerability Still Not Patched after April’s patch release with had 88 patches.  The vulnerability allows an attacker to perform a man in the middle attack and capture information exchanged between clients and databases.  The vulnerability was reported in 2008 and has believed to been around since 1999 when the TNS Listener feature was added to Oracles product line.  Oracle has workarounds for the zero-day flaw which was found in there database server products.  Oracle has gone as far to release a security alert:

Oracle Security Alert for CVE-2012-1675
The vulnerability is in the TNS listener which has been recently disclosed as “TNS Listener Poison Attack” affecting the Oracle Database Server.  The products affected are Oracle Database 11g Release 2, versions,, Oracle Database 11g Release 1, version, Oracle Database 10g Release 2, versions,,, Fusion Middleware, Enterprise Manager and E-Business Suite.  Oracle has released work arounds which can be found at My Oracle Support Note 1340831.1 and My Oracle Support Note 1453883.1.

Saturday, May 12, 2012

President Obama and Bill Clinton

This is a picture that has been circulating the internet it's funny and I just thought everyone might get a laugh out of it.  The circulation of this picture started with the whole secrete service scandal.

Friday, May 11, 2012

Apple Releases Security Update for OSX Lion

Apple has just released an update for the Lion OS X 10.7.4
According to the release notes 10.7.4 includes fixes that improve the stability, compatibility, and security of your Mac.
This addresses the nasty bug that exposed FileVault passwords in plain text which we spoke about in
Here’s the list of fixes from the release notes:
  • Resolve an issue in which the “Reopen windows when logging back in” setting is always enabled.
  • Improve compatibility with certain British third-party USB keyboards.
  • Addresses permission issues that may be caused if you use the Get Info inspector function “Apply to enclosed items…” on your home directory. For more information, see this article.
  • Improve Internet sharing of PPPoE connections.
  • Improve using a proxy auto-configuration (PAC) file.
  • Address an issue that may prevent files from being saved to an SMB server.
  • Improve printing to an SMB print queue.
  • Improve performance when connecting to a WebDAV server.
  • Enable automatic login for NIS accounts.
  • Include RAW image compatibility for additional digital cameras.
  • Improve the reliability of binding and logging into Active Directory accounts.
  • The OS X Lion v10.7.4 Update includes Safari 5.1.6, which contains stability improvements.

Thursday, May 10, 2012

Apple Update Makes Lion Login Passwords In Clear Text

The latest Lion security update, Mac OS X 10.7.3, Apple has accidentally turned on a debug log file outside of the encrypted area that stores the user’s password in clear text.  An Apple programmer, apparently by accident, left a debug flag in the most recent version of the Mac OS X Lion.  In a specific configurations applying OS X Lion update 10.7.3 turns on a system-wide debug log file that contains the login passwords in clear text of every user who has logged in since the update was applied.  Anyone who used FileVault encryption on their Mac prior to upgraded to Lion but kept the folders encrypted using the legacy version of FileVault is vulnerable. FileVault 2 will full disk encryption is unaffected by the security flaw.  The Mac OSX patch10.7.3 was released on February 1, 2012.  The good news is that log file are only kept by default for several weeks.  Meaning that users do not have months of unencrypted passwords sitting on there PC.  Apple needs to fix this issue ASAP.  When a patch is released people need to ensure the log file has been deleted and your password has been changed.  I hope Apple takes care of this VERY SOON!

Wednesday, May 9, 2012

Purchase Facebook Stock Or Not

Facebook which is set to IPO on Friday May 18, 2012 has been getting a lot of mixed reactions from investors.  Warren Buffet has said he believes it's hard to buy companies like Facebook when they IPO because companies like that IPO when they are popular and in a few years they may not be as popular so he was going to wait on the purchase. 
Microsoft (MSFT) founder Bill Gates is a person that has said he sees a lot of himself in Facebook CEO and founder Mark Zuckerberg.  Both Gates and Zuckerberg are Harvard drop outs.  Bill gates goes on to say how Mark Zuckerberg has a vision of Facebook and he is willing to put in the hours and time into the company to achieve his goals.
Facebook has been on a campaign like mission over the last week meeting with investors and throwing parties to try and get investors to purchase there stock on IPO day.  Facebook is hoping to raise a 1 billion dollars with there IPO there stock is going to open at approximately $35 dollars a share.  Over the past month or 2 Facebook has been trying to beef up there IPO the most recent attempt was the purchase of Instagram for 1 billion dollars.  In 9 days Facebook will IPO with a stock symbol of (F) for Mark Zuckerberg sake lets hope the F stands for fantastic rather then failure.

Tuesday, May 8, 2012

Add Web Page To Google

Type the web site address you want to add into Google

If you get no results back or the URL you typed in is not the top hit on the search return then go to

Submit the URL wait a few days and site should be added

Monday, May 7, 2012

5 Ways To Secure Cloud Computing

1. Secure data transfer – Always make sure you data is encrypted this is very important.  Always make sure your data is traveling over a secure encrypted and authenticated channel.  Always make sure to use FTP, SSH or SSL when transferring files.

2. Secure software interfaces – Know how any cloud provider you’re considering integrates security throughout its service, from authentication and access control techniques to activity monitoring policies.  Know how or if they notify you in the case of a compromised server.  Make sure to read the terms of service.

3.  Secure stored data – Your data should be securely encrypted when it’s on the provider’s servers and while it’s in use by the cloud service.  Make sure you know there Data disposal procedures before you put your faith in there services.  Where is the server your data is located on stored?  Where are the backups stored?  How do they get rid of the old backup media?  Make sure the cloud provider assure protection for data.

4. User access control – Who has access to there data centers and servers?  Make sure all your security permissions are setup properly before uploading sensitive data.  Remember you have no control over the cloud providers employees touching your server or seeing your data.  You will also have no way of monitoring if they do.

5. Data separation – Attacks have surfaced in recent years that target the shared technology inside Cloud Computing environments.  Every cloud-based service shares resources, namely space on the provider’s servers and other parts of the provider’s infrastructure.   Remember servers have many virtual containers on the same server and accidents can happen.

Friday, May 4, 2012

Happy Star Wars Day

May 4 is considered a holiday by Star Wars fans to celebrate and honor the films.  The term comes from Star Wars fans and followers saying "May the fourth be with you".  The original date of the Star Wars The New Hope release was May 25, 1977.  In 2011, the first organized celebration of Star Wars Day took place in Toronto Ontario, Canada at the Toronto Underground Cinema.  Many other festivals and around the world have spawned over the years.  Many other film festivals and movie theaters play the trilogy in honor of the movie.

SEO Tips 4 Things that Hurt SEO

  1. Never Use Java Script or Java programming language it blocks meta crawlers the best sites are HTML.  Java is also slow and can make your rank lower due to performance.
  2. Flash is another problem don’t imbed your text inside of flash code the meta crawlers will have hard time reading the information and may miss content.
  3. Don’t use programs like Microsoft Paint or Photoshop to design hole pages Search Engines can’t read text built into images.
  4. Frames are not a great tag to use if you want to embed information into your site use the HTML embed tag instead of the frame tag.

Thursday, May 3, 2012

Conficker Still Affected Millions Of Computers And Businesses

Microsoft released a forth quarter security report stating that the worm Conficker is still infecting 1.7 million computers and work stations.   This news comes more than three years after the worm was first detected.  The rate of infection has increased despite widespread availability of tools to fight it.
Conficker has many different versions which make it hard to fight on large scale networks.  Although Microsoft had patches out way before a lot of companies were not patched.  Conficker can also turn off Automatic updates and BITS (Background Intelligent Transfer Service).  Despite Microsoft’s security patches and updates for Windows XP and Vista companies and end-users are still vulnerable due to Conficker’s ability to self-update by automatically connecting to hundreds of attacker-controlled domains.
Microsoft recommends two things
1. Adopting Better AV (Anti-Virus Solutions) and Malware Protection
2. Strong and Better passwords

Wednesday, May 2, 2012

Mac Flashback Trojan Began With WordPress Blogs

The whole Apple Flashback Trojan started with compromised word press blog.  Kaspersky labs confirms this the virus was spread threw a vulnerability in java.  When clicking on the wordpress link or post executed the silent malicious code.  This is the same thing that happened at pwn to own.  Any time you integrate the browser into the OS you are open up security vulnerabilities. Microsoft has had issues like this for years with Internet Explorer.  Apple sacrificed security for useability in there Safari browser and in iTunes.  One major security concern regarding iTunes is since they have designed iTunes as an all in one hub if there is every a security flaw it would be critical do to the integration into every Apple OS.  The flashback malware has infected more than 600,000 Macs worldwide.  There are removal tools available at Apples website  There is an update off of Apple’s website to prevent infection

Tuesday, May 1, 2012

VMware Source Code Stolen

VMware on Tuesday announced that a single 300 megabyte file was copied from there network.  The file was from the companies ESX server hyper visor source code.  The code was released online and it held out the possibility that more proprietary files could be leaked in the future.  The code was stolen from a Chinese company called China Electronics Import & Export Corporation (CEIEC) during the reported march security breach.  On the company’s blog Tuesday this information officially released VMware made an official statement “The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers.  The stolen code amounts to a single file from sometime around 2003 or 2004.”