Administrator Log

Yesterday, I decided to test my work computer for viruses. The last test I made when I still had Avira as antivirus solution. For several months I use Kaspersky Internet Security 2009 but since that time I had not yet complete any tests of the running system.
Although KIS found no malicious software, it found a lot of vulnerabilities. The new version of Kaspersky apparently seeks not only for viruses or Trojans, but also examining the whether installed on the system software up to date and has no security gaps. Here were my failings clearly visible. From the report I learned that my system has not only a one version of Flash player installed, but also two older versions (8 and 9). There were also a few programs that are written in Java and had an independent Java Runtime Environment. This two programms had JRE not up to date and were a serious security vulnerability. An Attack with the help of such JRE is rather unlikely, because these programs are not as widespread (For example Brockhaus encyclopedia), but in the case of a targeted attack, it would have disastrous consequences. The fact that I work with rights of a user, would not help in this case. Overall, KIS found in my system a dozen of such gaps.
The reason why there are so many gaps in my system, is that I have except a work computer, 2 other computers at home. I was not able to maintain an overview of all of my installed programs, and so it came to such negligence. There were no viruses or Trojans found on my system, but such a vulnerability that could certainly be exploited to access the system. I am really pleased that Kaspersky offers such feature.

This update was developed for Windows XP and Windows 2000, to block the use of static source ports for DNS requests, because the hacker were able to guess and falsify the transaction-ID of DNS queries with a very high probability.
Although this problem was known since a long time and several software vendors worked together with the aim to find a solution, Checkpoint, the maker of ZoneAlarm, was obviously surprised. After the installation of the above update, ZoneAlarm blocks all connections, so there is no name resolution possible and the Internet activity is paralysed. I had this problem yesterday, when I started my notebook. I knew already that such problem is exists, but I thought that I will not have this problem on my laptop. But because Windows Auto Update on my computer is on, the update was downloaded and installed on my computer automatically. As a result, I could not access the Internet. The problem was solved by getting firewall on “Medium”, then I could update ZoneAlarm to the latest version. Despite the rapid solution, I am very disappointed that I had experiencing this problem. It could occur not at home, but at work, while presentation of some product to my customers. It would be very unprofessional act and I’m sure that the customers would see the source of the problem not at Checkpoint, but at me.

Regular expressions are widely used and provide a filter criterion, in which the expression in the form of a pattern is matched.
That’s the theory …
In practice, the regular expression often used, for example, to filter strings or to create a rewrite rules for Apache. To understand the regular expressions, you must lern the EBNF. In this topic I would like to explain the basics, so that you could understand how the regular expressions work:

| - Pipe symbol stands for logical “or”.
() - Round brackets indicate a grouping.
e.g. (a | b) stay for „a or b“.
[] - The square brackets define a range of characters that can occur. For example, [0-6] means that there is a number from 0 to 6 can occur.
[a-z] would mean that there is a small letter of the alphabet can occur.
You can also combine: [a-zA-Z0-9] would mean that any Latin letter or any number can occur.
[^ f] - A ^-symbol before a character means an exception, it could occur any symbol expect f.
. - Point stands for „any character“. (Note, if you would like to match point self, you should mask it with a backslash “\.”).
? - The term with question mark is optional.
Example: (aaa) (abc)? All of the strings with the phrase “aaaabc”, but also just “aaa” will be matched.
+ - The expression occurs at least once, but it can also occur many times.
Example: (aaa) + - This allows strings “aaa”, but also “aaaaaa” or “aaaaaaaaa” etc.
* - This expression can occur many times, but it is not required.
For example [a-z] *
{min, max} – This rule define how often the expression may occur.
For example, [0-9] (1.2) would mean that a number from 0 to 9 could occur at least 1 times and not more than 2 times.

If you have problems and do not know where the your mistake, I recommend the program The Regex Coach, so you can operate wonderfully debugging and error.

I search a good antivirus solution that is able to monitor HTTP and FTP connections and protect a network against viruses.

The main problem is to find a solution for windows that is good and not very expensive. At the moment I read about solutions from CA, F-Secure and Trend Micro. Perhaps know somebody a solution for SBS that are cheap and good at the same time?:-)

If some important e-mail address of your firm is an aim of spammer, you have a problem.

It is impossible to delete or rename such e-mail addresses as info@domain.tld or webmaster@domain.tld and that’s why it is needed to find some other way to protect e-mail and reduce spam.

Some time ago I have this problem on my to-do-list. My aim is to find a solution, which is able to act against spam not only on client side, but on server side too.

The most simply and free solution that I tried at first is an Intelligent Message Filter (IMF) by Microsoft.

IMF is since Service Pack 2 for Exchange Server a part of Exchange Server. This filter detects approx. the half of spam mails. For me is a good result, because of the big amount spam.

But because I had some false positives on level 4, I can’t increase it any more.

Some other solution that I will test in near future is ASSP.

I don’t know anything about how powerful is ASSP, but I’ll test it and tell about my experience.

Notepad++ is a good alternative text editor for windows.

This editor shows his best not only in the functionality, but in speed and flexibility too.

Notepad++ can be extended with different plugins and customized for your needs.

Here you can find some general features of this software:

• Syntax highlighting
• WYSIWYG
• Customizeible syntax highlighting
• Auto-completion
• Multi-document
• Multi-view
• Search with regular expressions
• Dynamic position of Views
• full support of „Drag’n’Drop
• Detection of file status
• Zoom in/out
• Multilanguage environment
• Bookmarks
• Brace and Indent guideline Highlighting
• Macro recording and playback

I use Notepad++ more than 2 years and I’m very satisfied with it and that’s why I would like to suggest everyone to try it.