.blog

Microsoft is offering a free antivirus program called Security Essentials. It includes protection against viruses, spyware and other malware. I’ve just begun testing it in order to see if I would recommend it. The installation was simple, hassle free and it seems like it runs smoother than AVG, especially when opening documents in Microsoft Word (AVG occasionally hangs when working with documents). Security Essentials also has a “very good detection score” of 98.4% according to this article on PC World.

You can download Security Essentials for free from Microsoft here.

I received an email today from the Downloadtube.com Editor Team. They have decided to award neverRun with their Top Software Award. They describe it as a “Simple little tool created to detect and intercept autorun.inf files on usb and network drives.” It was surprising that this was would receive an award, as it was almost not even published. I created it over a weekend, largely to solve an in-house issue where I do not have Administrative Rights outside my immediate network.

If you are like most network administrators you have had to deal with USB virii as of late. CERT even issued an advisory about it (CERT Vulnerability Note VU#889747) labeling the autorun functionality a vulnerability. There are several work arounds, none of them useful if you do not have Administrative privileges on the machine in question.

I think for most people this is the reality of the situation. For example, at my work the network I run is only a small part in a larger organization. Unfortunately the guys who run the rest aren’t really up to par when it comes to security and even general maintenance. I do not control all of the machines I come into contact with.

To address the issue with those other machines I have written a small tool called neverRun. This user mode application sit’s in your system tray until a new usb or network drive is connected to your machine. Once this is detected it scans the drive for any autorun.inf file and renames it. It does not clean any virus that might be present but it will stop you from getting infected unless you purposely execute it.

Download the source code and the application here (For Windows XP).

I was checking my logs on today and I eventually noticed that someone has made a GUI wrapper for the USB History Dump tool. I think that’s pretty cool.

You can download it from the author’s site or cnet.

i’ve written a touch implementation for windows that follows the Single Unix Specificaton. it’s uploaded here with the source code.

Along with the utility, i wrote a function called StringToSysTime that might be helpful when working with times in windows. It allows you to convert a date string in [[CC]YY]MMDDhhmm[.SS] format to a SYSTEMTIME structure. Along with the helper functions it tests for a valid date and time.

i was bored today so i rewrote the program hide (source is here. Hide hides another file in an alternate data stream. With the rewrite it now checks for NTFS first and preserves the original filetime. i’ve also uploaded a binary on neworder.

I have finally published a tool that i’ve been sitting on since early January. It is called usbHistory and is a command-line tool to extract trace evidence of USB activity from the windows registry. It gathers information such as the last time the thumb drive or mp3 player was connected to the machine as well as the last drive letter.

you can check out the article on my site here.