Michał ‘GiM’ Spadliński, a Polish blogger wrote in his article “Czy Redpill Joanny Rutkowskiej jest poprawny?“:
Oliver Schneider (Reverse Engineer pracujący dla F-Prota) opublikował […] artykuł, datowany na pierwszego kwietnia, który wcale nie wygląda na prima aprilisowy żart.
This made me really laugh. No, I have to admit my Polish is not the best (and getting worse due to lack of exercise), but I could clearly understand the quoted parts and quite some more.
Continue reading
Ptacek, Lawson and Ferrie – well-known security specialists – joined up to challenge Rutkowska and prove that her virtualization rootkit BluePill (up to now AMD-specific) is detectable regardless of her claims. The above link leads to her official reply to them.
Rutkowska likes to speak in absolutes, as it seems. In one instance I could even falsify one of her claims concerning VMM detection from within a VM using the interrupt descriptor table address as an indicator. This shows she is human as everyone, but having her own company now and being busy all the time (who is not?) she never found the time to respond to my articles 🙄
Anyway, this gets me really excited about who will win the challenge, but Peter Ferrie, being a former FRISK employee, has all my sympathies 
// Oliver
Auf DW-World gab es letztens eine Reportage zum Thema documenta 12, wo eine afrikanische Modeschöpferin gehypt wurde. Der Kommentar den sie abgab machte mich nachdenklich. Sie meinte, daß da wo sie herkäme nur Sklaven und Tiere einen Strick um den Hals bekommen und die Europäer sich (mit Krawatten) das gleiche freiwillig antun.
Also mir fällt dazu ein: in Europa haben wir die Sklaverei abgeschafft 😯
// Oliver
No, this time it is not a binary file for download. It is a website. Hope you enjoy as much as I did when pointed to it by a colleague.
This website allows you to look up DLL versions and when they were bundled with which product and so on. Very nice idea.
// Oliver
Jene die über Online-Durchsuchungen und Gesetze das Internet betreffend entscheiden sollen, scheinen keinen Schimmer von dem zu haben worüber sie entscheiden:
Continue reading
… here Kaspersky claims:
An advisory has recently been published on rootkit.com regarding a vulnerability in KAV 7.0. Unfortunately, the authors of this material chose not to adhere to industry standard practice, and contact the vendor prior to disclosing vulnerability details. Although the authors claim that all attempts to inform Kaspersky Lab about this vulnerability were ignored, this is not the case: if we had been informed, this issue would have been addressed long ago.
I am really upset by this! I reported this vulnerability back in October 2005 in the Kaspersky subforum at malware-research.co.uk, a closed forum for security professionals, and one person from Kaspersky Labs Netherlands replied and said it would be taken care of. Back then (before the reply) I wrote that if they would not respond in due time I’d publish it (without details) through public channels which was taken as a threat by the person who responded. Interestingly I did never check again and it was almost one year later (September 2006) that I joined FRISK Software International and thus the AV industry.
Also fascinating, I am not the one who published it on rootkit.com, instead I chose to contact them in a closed security-aware community and the result was apparently the same, Kaspersky chose to ignore it in the end in both cases. I can well imagine that “the authors claim that all attempts to inform Kaspersky Lab about this vulnerability were ignored”.
Excuse me, but the claims in the above quote are ridiculous to say the least.
// Oliver
BTW: I met said person at the AV Workshop this year. A few weeks after the workshop a bug that I reported more than 18 months ago surfaces again (in one of their latest products!). Amazing!
The term “Realtime protection” has been overused in recent years and used in a completely wrong sense ever since it was invented.
To make sure to not be misunderstood – yes, even the company I work for has used the term during the hype of the phrase and recently we published a patch to the “Realtime Protector” (included in a legacy product). However, this still doesn’t make the “protector” more realtime. Now, why is that?
None of the Windows systems is a realtime operating system. So how would any software running under these OSs be “realtime” in any way? Easy answer: it won’t. Since most malware is prevalent on the two Windows platforms (Win9x and WinNT), it is fair to claim that this also means that any anti-malware application isn’t “realtime” either.
Now what does it mean? It means that “realtime protection” is formally and technically a wrong term invented and misused by the marketing experts of the companies offering it. The more proper term would be “on-access scan” as this is exactly what these components do. Whenever you touch (or execute) a file the OAS will scan it and offer you a choice of cancelling your action or deny it right away (depending on the settings). Same for registry operations and whatever else can be “realtime-protected”.
// Oliver
It took me a while to understand the subtle humor in one of LS’ slogan after being pointed to it by a good friend. The slogan is very prominent on the main website and says:
You have enough to worry about, WE’LL RELIEVE THE WORKLOAD.
(Source: lavasoft.com)
Here’s a screenshot of the part with the slogan:
Let’s face it, with a mug of coffee and a non-working computer anyone is relieved of the workload for a while. A subtle but well-thought-out slogan!
// Oliver
In this blog entry I outlined that the new approach LS takes to keep malware from the customer’s machine was due to downtime. Suddenly people start complaining about it, although this strategy was clearly shown during the beta phase in each and every of the betas.
Join the club.
At least you caught yours before it destroyed the operating system.
The new 2007 took 45 miinutes to eradicate my registry.
And no-one has responded, either on these forums or via e-mail to a support request sent earlier in the week.How does System Restore work for you?
If I can get this open once, I need to know if System Restore (XP Pro, SP2) will fix it.
(Source: LS support forum)
First asking for protection and then complaining about the implementation details, as if they weren’t clearly outlined in advance 🙄
// Oliver
http://www.ccc.de/updates/2007/biometrie-terror
In der Hoffnung, daß die Leute vom CCC noch ein schönes Banner kreieren …
// Oliver
Have you ever looked at LS’s management website? The fact that the number of (management) people seems to be shrinking in the last few months is well-known and I will leave it to my reader to compare the photos and this interesting video.
Maybe it is about bragging rights again? … maybe it’s just cool to stand in front of the capitol in Washington D.C. and talk about spyware, who knows. I am convinced any other place would have done as well here, if it wasn’t for the US-centric view on a global problem. What I was amazed about, was the fact that most of the stuff they (especially one of them) said was not right away wrong, but this doesn’t keep me from nitpicking, does it? After all I am a German 1
Continue reading
… the picture in the previous blog entry (below this one) contains the following text:
Go tell him all we think of him! Just don’t look into his eyes!!!
// Oliver
Hier findet man eine Karikatur vierer altbekannter Figuren im G8-Kabinett. Die beiden rechts sagen der jungen Dame (nun wer mag das wohl sein ;)):
Geh und sag ihm alles was wir über ihn denken! Aber schau ihm bloß nicht in die Augen!!!
// Oliver
On LS’ blog, the latest entry is bragging about the positive press AAW 2007 got. Well, not press in the traditional sense, because real journalists would have investigated thoroughly. Let’s nitpick a bit.
One of the first applications built to find and remove adware and spyware, Ad-Aware 2007’s excellent reputation is well-justified.
The first such utility was not written by Lavasoft, but by Steve Gibson under the name Optout, although LS officially claims: “We are not just any anti-spyware company, we are the original anti-spyware company”. While Steve Gibson is by far not an undisputed expert, the kudos is his, not LS’. Furthermore the whole statement was bullshit given that AAW 2007 was released in 2007, while other AS-companies (even LS themselves) have released products prior to that. So how could it be one of the first? Bad wording or negligence? As to the reputation, I ask my readers to visit the LS support forum to check by themselves (unless it’s being cleaned up). They even got a special rant thread – woohoo.
Continue reading
Während es früher für Ausländer in Deutschland hieß: “Beckstein, Beckstein, alles muß versteckt sein!”, scheint Schäuble tatsächlich nie genug zu bekommen. Es ist unglaublich mit welcher Skrupellosigkeit Politiker heutzutage bescheuerte Ideen zum besten geben dürfen ohne von einer breiten Bevölkerungsmehrheit kritisiert zu werden. Sieht so aus, als ob ehemalige DDR-Bürger resignieren oder resigniert haben und als ob die Überlebenden aus Nazizeiten die Parallelen nicht sehen oder sehen wollen.
Bundesinnenminister Wolfgang Schäuble hat vor, die Fingerabdrücke von in Deutschland lebenden Ausländern ohne EU- oder Schweizer Pass künftig zu speichern. Dies geht aus einem Gesetzentwurf namens “Änderung des AZR-Gesetzes” des deutschen Innenministeriums hervor, der sich in der Abstimmung zwischen den Ressorts befindet, berichtet das Nachrichtenmagazin Der Spiegel. (Quelle)
Traurig sowas,
// Oliver
This seems to be the case in Lavasoft’s support forum. Now, while there are some people not satisfied with the products of my company as well, it is not solely Ad-Aware 2007 which is to blame as it seems:
This is a JOKE!! I HAVE WASTED 90 MINUTES SO FAR ON A SYSTEM THAT SUCKS!! UNDER ORDER # xyz ON 6-10-07 I PAID GOOD MONEY AND NEVER GOT AN E-MAIL WITH A SERIAL NUMBER EITHER! JUST LIKE YOU, THE SYSTEM SAID MY E-MAIL ADDRESS IS NOT RECOGNIZED. FUNNY THEY HAD NO PROBLEM TAKING MY MONEY!! HORRIBLE !!!!!!!!!!!!!
(Source)
The username says it all: “MAD AS HELL” 😆
Continue reading
Thanks to the ever-increasing amount and frequency of spam-comments, I removed the option for comments for now. However, I’ll attempt to work out a fix (possibly similar to the fix I use in the UVNC forum) and then enable it again.
Sorry for the annoyance :-[
// Oliver
… the launch of the newer and better product is a full success at download.com as it seems. A little less than 250 million (244229387 at the time of this writing) downloads in less than two hours, this has to be world record.
Let’s see what bandwidth download.com offers …
244229387 x 17.15 MiB = 4188533987.05 MiB
(For the sake of brevity let’s assume 2 hours, i.e. 7200 seconds)
4188533987.05 MiB / 7200 s = 581740.83 MiB/s = 4653926.65 MBit/s
Yes, dear reader, that is 4.6 million Megabit per second!!! Amazing. Not less amazing, how many users have rated the new product within this short time.
Evil to him who evil thinks,
// Oliver
… as is the software.
Since a few minutes (Swedish time) the new day has begun and it will be a glorious day – it will be release day. Since everyone knows what it is about, I will not give any names here.
// Oliver