View Single Post
  #11 (permalink)  
Old 12-02-2007, 11:57 AM
codezmith codezmith is offline
Junior Member
Join Date: Feb 2007
Posts: 27
codezmith is on a distinguished road

Error Evolution of Security Malware Update with Windows Update
Why does malware use BITS for downloading files? For one simple reason: BITS service is part of the operating system, so it’s trusted and bypasses the local firewall while downloading files. Malwares need to bypass local firewalls but, usually the most common methods found in real samples are intrusive, require process injection or may raise suspicious alarms.
shafted by m$ (again).

*At the moment there’s no immediate workaround against this type of attack. It’s not easy to check what BITS should download and not download. Probably the BITS interface should be*(removed) designed to be accessible only with a higher level of privilege, or the download jobs created with BITS should be restricted to only trusted URLs.
It’s worth mentioning that the BITS method was already well-documented in the underground and was posted as an “antifirewall loader” example on a Russian forum during the end of 2006.
Many thanks to Frank Boldewin for reporting this.
I enjoyed this article and installing Windoze with updates and b.i.t.s removed,
but oh no, no updates that's really insecure. (If they made it flawed! will the update be an improvement? lol) did use autopatcher but ....Sad day hahah Microsoft service called 'Intelligent', ironic.
*nLite lets users customize and remove components from their Windows install disc, integrate updates, automate the installation process, and install third party programs automatically.
S.e.c.u.r.i.t.y is a.portable+storage.device
+ 'live cd'

Things you will need:

# cd-rw/dvd-rw &media! doh | bootable flash *(requires compatible main board)
# 1 blank (formatable) *bootable storage media
# downloaded deepburner *for flash-boot
# downloaded bt2final.iso (or other live distro) BackTrack-' started directly from the CD-Rom'(or flash.disk)

Do this:
1 get media
2 download= bt2final.iso
2.1 [if 'flash disk' do;return;]*
3 download= DeepBurner (portable edition)
4 Burn- bt2final.iso

- boot from cd*
fin .

Microsoft Toast(tm)
live-because this is a-differ-ent-app-roach

Mostly security is considered as holding the fort, stopping "it" getting "in" (it being virus spyware) etc etc. This has always seemed to me like defending low ground: a bad idea.

LiveDistro or Live CD is a generic term for an operating system distribution that is executed upon boot, without installation on a hard drive.
the other way ...

-Let the spyware hijacker worm virus come to you.. it's as good as dead!
Boot your computer from your live disk, load your programs from flash drive, shut down> loose all your settings and modifications to windows viruses worms etc,
your next bootup will be as cleen as the last.

This is not holding the fort waiting for an "attack", this is hiking through rough terrain using natural cover to get "the high ground". Tired/hungry, "setting up camp" breifly to complete operations then moving on, carrying only what is needed... i.e. gorilla.

*system monitoring applications/utilities help keep your running you live os "tight"
*sysinternals (liked them more before the takover #M$)

BartPE (Bart's Preinstalled Environment) is a Live CD/ Live USB version of the Microsoft Windows XP or Windows Server 2003 operating systems.

BartPE allows a user to boot Windows XP/Windows Server 2003 from a CD-ROM, DVD or a flash disk, regardless of the condition of the installed operating systems on the internal hard drive. This means that the user can, for instance, recover data from a failed operating system installation, or reset a lost administrator password.

A user can create his or her own installation of BartPE using the installation disk of the operating system in question and the program PE Builder, programmed by Bart Lagerweij. PE Builder is available on the BartPE homepage
So the above is an example of windows 'live cd'.

Windows live is all well and good but your applications, will they fit on a live cd? Probably not, but lets be fair, where does your spyware really come from? Most likely I'd guess you're downloading it bundled with that application that you didn't need and didn't use.

So great alive cd= "bare" windows- not much better than a kick in the teeth! It gets better open source and free and better.

In the form of:

The Portable Freeware Collection - All categories
About The Portable Freeware Collection
I started this website in 2004 for a few reasons:
* I wanted to pick up some PHP.
* I wanted a quick way of searching through all the portable freeware that I have collected.
* I wanted to share my collection with like-minded people.

Since then, I have learnt that different people interpret the term "portable" differently. For example, some of the earlier emails I received were from people asking me why I was listing Windows-only software, since portable software should run on other operating systems as well! Needless to say, I have also learnt that different people interpret the term "freeware" differently as well.
Although a lot of people use their USB Flash Drive to take files around with them, you can also load up some cool programs and utilities. You can turn your drive into a portable toolbox filled with all sorts of goodies.

I started looking into portable USB apps when I wanted to have a password manager program that I could use at home and work. As I looked for info on the internet, I found efforts to identify other easily portable programs. Now I have my USB Flash Drive loaded with a password manager, a complete office suite, virus scanner, encryption tools, and a whole lot more.

By the way, you may have heard about U3. U3 is a new standard for USB drives that supports portable applications. So far, there are several U3 compatible drives on the market. On September 20th, 2005, the U3 group launched a collection of U3 compatible software apps.

Although the U3 initiative sounds interesting, so far it just sounds like marketing hype. As you can see from the collection of apps listed here, there is already a ton of available portable applications. I think the U3 specification is going to just be a reason to charge extra for a U3 logo on your USB device and to make even more money off the software. - Portable software for USB drives | Your Digital Life, Anywhereâ„¢
About is a community site devoted to the development, promotion and use of portable applications. The site was created by John T. Haller, the developer behind numerous portable applications (like Portable Firefox and Portable as a way to centralize the knowledge and development efforts of multiple portable application efforts.
Press Inquiries and Press Coverage

Portable apps have been covered quite a bit both online and off all over the world. To see a list of stories and coverage, learn more about portable apps for a story or request an interview, please visit the Press Page.

To contact, visit our Contact page.
If you got this far ...
A list of all the standard services

It's also possible to make almost any application portable, possibly any os live!
There are many examples above of modified applications, plenty more exist
and are just waiting for you to find them! I've even tested a copy of
portable- virtual pc (m$).

...and finally reversengineering xp
Slimming Down Windows XP: The Complete Guide


Last edited by codezmith; 12-02-2007 at 12:42 PM.. Reason: spelling errors.
Reply With Quote