George Chetcuti WS Blog

George Chetcuti is a promoter of effective IT governance and IT security best practices. With a personal experience of many years managing complex setups, his contribution to this community is to provide security related info and tips. This blog is aimed at increasing security awareness among IT professionals.

Microsoft Windows Malicious Software Removal Tool

The MS Windows Malicious Software Removal Tool available in 32-bit and 64-bit versions is not an anti-virus application but is intended to detect and remove specific malware such as, Blaster, Sasser and Mydoom. When anti-malware programs are designed for a specific task then the probability of success is much higher than generic programs. The tool removes malicious software from an already-infected computer. Again, this tool is not a replacement for an anti-virus product while Microsoft will be releasing an updated version every month.
This tool works on Windows Vista, Windows 7, Windows XP, Windows 2000, and Windows Server 2003 computers while the x64 version will only run on Vista x64, Windows XP x64 and Windows 2003 x64 computers. Although the tool notifies users (administrator privileges) when they log on to their computer that a malicious program was detected it is worth noting that the tool creates a log file named mrt.log in the %WINDIR%\debug folder.Note, that all computers with the Automatic Updates feature set to Automatic are getting the latest versions of this tool as soon as they are released. The same tool runs automatically in the background every month and notifies you when an infection is found. However, this process is part of the Automatic Updates feature and hence, is transparent and you can't manage it. Therefore, you need to download this tool from the links provided below to be able to run it whenever you suspect malicious activity on your computer.
To download the 32 bit version go here.
To download the 64 bit version go here.

Another free tool from SolarWinds

Beginning of May 2011, one of the most active management software houses SolarWinds has released another free tool called RTAFA (Real-Time AppFlow Analyzer) that monitors Citrix NetScaler, Juniper JFlow, sFlow and Cisco NetFlow – in real time. RTAFA analysis data to show you what types of traffic are on your network, and where it is coming from, and where it is going. The GUI is designed in a special way as to make diagnostics and monitoring more meaningful and easier to read.
RTAFA can help users in the analysis of application performance by measuring latency and other parameters. The tool can also be used in datacenters and cloud computing environments. SolarWinds will be demonstrating its RTAFA in Citrix Systems' booth at Interop in Las Vegas.
For more information go here.

Zoho CRM Happy Customers

Zoho's online CRM solution is wooing customers. As a hosted solution, the Customer Relationship Management solution allows customers the flexibility of performing work anytime anywhere. For big firms the whole customer relationship can get complicated and hence, a solution that is easy to use especially for newbies, and a solution that meets the users' needs in terms of functionality is definitely a winner. On top of all that the solution is very affordable when compared to established solutions such as, Salesforce's.
Zoho is getting very positive comments from their corporate customers and what makes the difference is that some comments are coming from ex-Salesforce users! The lower cost, the overall ease of use and functionality is what the users are finding attractive when compared to other vendors'. An important feature of hosted solutions that users need to look for is security and according to their existent customers, Zoho's solution has inbuilt security features that addresses the users' needs.
For more information about Zoho CRM and to see some customer comments go here.

Microsoft Security Essentials

If you are looking for a free anti-virus, anti-spyware, and anti-malware solution then Microsoft Security Essentials is a good candidate. It provides real-time protection against viruses, spyware and malicious programs while it's easy to install and manage. One of the major advantages of running Microsoft Security Essentials is that it integrates smoothly with the underlying operating system given that your machine runs genuine Windows. So, be clean before you try it! Make sure you uninstall any other anti-virus programs you may have running on your machine before installing it as two anti-virus programs may conflict and leave your machine unprotected apart from the intermittent problems they may cause.

Microsoft Security Essentials shares a number of core components that we find in other Microsoft security products such as, MS Forefront products which are backed by the Microsoft Malware Protection Center (MMPC) and the continuous research in the technology. When it comes to anti-virus software you have to rely on products that respond quickly to the latest threats. Behind MS security products there is a mechanism that provides an effective response to a wide range of threats with security research laboratories in multiple locations around the globe on the lookout for new malicious and potentially unwanted software threats wherever and whenever they arise.

Microsoft Security Essentials has a small footprint, scans and updates are scheduled to run when the PC is idle and use a low-priority thread. CPU throttling ensures that no more than 50 percent of the CPU is utilized b

Fraudulent Digital Certificates Fix

Microsoft has released an update to help users address any exploits that can arise from the fraudulent certificates that were signed by Comodo on March 16, 2011. Actually, these could be used to spoof content, perform phishing attacks and other malicious activities. The certificates were issued to some Iranian hackers by the Certificate Authority (Comodo). For more info read this blog post. Comodo has revoked these certificates and browsers with running Online Certificate Status Protocol should be able to block these certificates. In addition, users that have enabled automatic updates are safe as well!
To read the full Security Advisory go here.

Windows 7 Phone Banking Application

Bank of America customers can now perform banking activities such as, finding ATMs, transferring funds, managing accounts, etc. from their Windows 7 phones if they own one! The application that runs on Windows 7 Phones was launched on Tuesday. The news was more than welcomed by Microsoft's phone users after months of waiting and which left them behind iPhone, Blackberry and Android users. Other features such as, Check Deposit are planned for next year. Bank of America is one of the World's largest financial institutions and it operates all over the US and in 30 foreign countries. To read the full story go here.

Cyber Europe 2010

The European Union Agency ENISA (European Network and Information Security Agency) issued the final report on its first ever pan-European cyber security drill. A complete simulation of a cyber-attack aimed at turning critical online services to a halt across Europe. All member states where brought together to test national, pan-European and an overall loss of the Internet infrastructure. The main objective was to enhance the cooperation between member states and find bottlenecks in the event of an attack scenario. Since, the infrastructure is shared an attack on one member state may impact other states and hence, a total network crash could be avoided with the help of all member states. This was ENISA's first experience and it is hoping to plan more simulations in the near future. ENISA is recommending the involvement of the private sector, to have better contingency plans at national levels and to create an appropriate contact mechanism at all levels.
To see a video with some comments from the participants go here.
ENISA (European Network and Information Security Agency) is the European body which handles cyber security issues for the European Union member states. The ultimate goal is to become EU's main access point for security related issues, best practices and knowledge base. Furthermore, ENISA assists the European Commission in the technical preparatory work for updating and developing the Community legislation. ebuild up of europena polices and

Spiceworks Gets Another $25 Million in Funding

Spiceworks will expand its business with a $25 Million investment from new investors Adams Street Partners and Tenaya Capital. Thanks to the new and some existing investors, Spiceworks will include integrated commerce within its social network business model for IT professionals and technology vendors. IT Professionals will now benefit from added functionality from the rapidly growing Facebook-like platform. Read the full news item here.

European CIIP

In 2009, the European Union Commission released a preliminary document about Critical Information Infrastructure Protection (CIIP) to protect Europe from large scale cyber-attacks and cyber-disruptions. The main objective of the plan is to protect the most critical ICT infrastructures within the European states. To achieve its main goals, the Commission wants to stimulate awareness and support the development of security and resilience capabilities both at national and European levels.

The CIIP's action plan is based on five key elements (pillars) which are preparedness and prevention, detection and response, mitigation and recovery, international cooperation and criteria for European Critical Infrastructures in the field of ICT. It defines the participants and their role in each pillar together with ENISA (European Network and Information Security Agency) as the main support agency.

The EU Council strongly believes in the need of united front with all stakeholders participating in a holistic approach to ensure the security and resilience of ICT infrastructures. The council announced various measures in the Digital Agenda for Europe (DAE) of May 2010. These measures ensure that all member states participate in the fight against cyber-criminality. The need to strengthen and modernize ENISA in view of the new forms of cyber-attacks such as, botnets was proposed by the Commission as to boost confidence and participation within member states and the private sector.

The next steps of CIIP's action focus on the global dimension of cyber-crime challenges and the importance of c

Icacls command line tool

The command icacls displays and/or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories. Icacls.exe replaces the Cacls.exe command line tool for viewing and editing DACLs. This tool may become handy when a security executive need to run an audit exercise on files or a domain administrator need to protect some files such as, to make sure that users do not have access to log files on client computers. For example, a quick tip how to restrict users from modifying scheduled tasks is found here. Typical example using Icacls would be:

icacls test1 /grant User1:(d,wdac) – To grant the user User1 Delete and Write DAC permissions to a file named "Test1"

For more detailed info about Icacls go here.

Scroll to Top