Two companies aiming at world domination. Two companies facing lawsuits. Two companies having different turns in fortune.

Google‘s acquisition of YouTube (for US$1.65 billion in stocks) seems to be causing more headaches than revenues. Giant media companies like Viacom has sued Google over copyright infringements at YouTube. And to compound things, several other entities followed suit.

Knowing that Google is a cash cow (with US$4 billion in cash for that 750mHz auction alone), suits like these are expected. Them Americans can be sharks, you know.

In a complete reversal of fortune, Microsoft is faring better. Last February, a federal jury found Microsoft had violated patents owned by Alcatel-Lucent that are related to the MP3 format. The same jury also ordered Microsoft to pay Alcatel-Lucent a whopping US$1.5 billion. While it is just small change for a company awash with cash and lording over a vast computer empire, a US federal judge has overturned the jury decision.

Bill Gates and company must be heaving sighs of relief now.

Two companies. Two rivals. Two different fortunes.

If you have suspicions that your computer has been infected by a malware, what are the ways you can do to confirm such infection?

Here’s one thing that your antivirus vendor won’t tell you: they cannot prevent entry of a new malware if they don’t have detection for it. So it is very possible that you can get infected, specially if you are not careful.

Generally, check the following to find out if your computer is infected:

1. Running applications and processes
2. The system registry
3. New files
4. Open ports

We’ll discuss the first two, as the latter two are more complicated and technical.

Most malware are memory-resident; it means that they stay in memory upon execution. So to check, you can verify using the Windows Task Manager. To open the Task Manager, press Ctrl+Alt+Del or Ctrl+Shift+Esc. Check the Applications tab for unknown or unfamiliar names. Terminate them if necessary.

However, there are malware that employs techniques so that you can’t see them via Task Manager, or you can’t terminate them. A third-party process manager is necessary (for example, Process Explorer).

Check the process name. One time, I had encountered a process named “WORDPAD.COM”. The problem is that the file name of the real WordPad is “WORDPAD.EXE”.

Look for the file if it exists. In the same example, WORDPAD.COM was not present in my system.

Check what file the process points to. This will give you a clue on what file to delete or submit to AV companies for checking.

Most malware create registry entries so that they start when Windows boots up – this is what we call autostart technique.

Tweaking the registry is not for the faint-hearted. One mistake and you might have to re-install the operating system or an application that is affected by your mistake. It is better to back up the registry before doing any tweaking.

To view the registry, click Start, then Run. Type “REGEDIT.EXE” and then click Ok.

To back up your registry, click File on the main menu of the Registry Editor, then click on Export.

Go to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun. Check the entries at the right pane for suspicious file names. If you have to delete entries do so, as long as you know what you are doing.

Also, check HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun.

It seems that the release of Asus eee PC is delayed:

Asus has moved the release date of the EeePC 701 to “Mid/Sept to Early/Oct.” No word on any more details.

Bummer. Maybe I should get the Sony Ericsson P1i instead.

OpenOffice and Google Docs must be doing very well for Microsoft to take notice and take action.

In an interview with ZDNet, Satya Nadella (Corporate Vice President, Microsoft-Search & Advertising Platform Group) confirms the year-old rumor that Microsoft is going to release a free, ad-supported version of Microsoft Works. (See this article from Ars Technica.)

In the interview, it was said that the free version was released July 27. Like the interviewer, I cannot find the download link in the Microsoft Works home page.

Must be a premature announcement, then. Has OpenOffice and Google finally made an impact in Microsoft’s lucrative office productivity market?

—

Hosted apps are not for me. Yet. I am not totally online, and I am not convinced by the idea of a server holding my documents. There’s OpenOffice, despite the fact that this app is a resource hog.

I’m sure Rocky (being Google fanboy that he is) is convinced by this model. How about you? Are you ready for hosted office productivity apps?

Good news: Koei has announced that it will be releasing Dynasty Warriors 6 in Japan later this year.

Bad news: DW6 will be for PLAYSTATION 3.

Aw, crap.

Incidentally, I know two bloggers who owns Nintendo Wii, and one blogger who owns an Xbox 360, but I am unaware of a blogger who owns a PS3. Care to raise your hands, people?

Yesterday, I got this from my email inbox:

Subject: INVESTMENT OFFER.
Date: Sat, 21 Jul 2007 10:53:34 +0200
From: Mr Jude Estrada
Reply-To: info_j[OBFUSCATED]l0@yahoo.com.ph
To: [OBFUSCATED]@AWBHoldings.com

48 MILLION DOLLARS INVESTMENT PROJECT OFFER.

Dear Friend,

My name is Mr Jude D. Estrada,The first son of President. JOSEPH ESTRADA, the former President of Philippines located in the South East Asia: My family have a profiling amount which we seek your partnership in accommodating for us 48 Million Dollars. Can you be our partner on this? and also help my family in investment. Only reply if you are interested.

To know more about my father, flee free to read from this news:
http://archives.cnn.com/2001/WORLD/asiapcf/southeast/04/22/estrada.profile/
For further details contact me via my private box: info_j[OBFUSCATED]l0@yahoo.com.ph

Jude Estrada
For the family.
j[OBFUSCATED]l02@yahoo.com.ph

This is either a scam or worse.

I’ve been thinking about the Asus Eee PC, and reading some first hands-on reviews (here and here and here – lucky bastards), the main selling point for this device is still the price.

The Asus Eee PC (Eee for short) has no optical drive. And since Eee comes preloaded with Xandros variant of Linux, I cannot install the PC Suite of my Sony Ericsson m600i, in case I need to connect to the Internet via 3G. My only hope is (1) you can attach an external optical drive via USB, (2) you can boot via the external optical drive and (2) you can install Windows XP via that route.

No 3G = dialup. Crap. Making tambay at Robinsons malls is an expensive option, travel-fare wise.

I wish they have maximized the screen. I don’t have the need for speakers, they are useless anyway.

As for the measly flash drive storage, it’s not a problem for me. Since this is just a mobile computer for me, multimedia is not essential. Maybe a few megs of MP3s just in case. I am not sure if a music player software is included.

The reviews all point out that the keyboard is no good for long typing; geesh, short blog posts he he.

Hopefully, this device will land here in the Philippines. I am holding off getting Nokia E61i (E90 is out of the question, period) and a laptop just for this. Asus, please?

UPDATE:

It seems that PC Corner knows more about the pricing.

Like any business, antivirus companies compete with each other. They do cooperate on several fronts (like information and sample sharing), but primarily they are competitors. And since they are purveyors of information, too, they don’t have a standard when presenting information.

AV companies present malware descriptions in rather different styles. They also differ on how to suppress information. Viruslist.com is Kaspersky’s blog, and in its post, it laments how a lack of standards in presenting information is harmful to everyone (and manages to hit competitors in the process is a bonus – alright, Kaspersky).

The malware in question is the ransomware GPCoder. I am linking the descriptions here:

Symantec – Trojan.Gpcoder.E
Trend Micro – TSPY_KOLLAH.F
Computer Associates – Win32/Kollah.AB
Kaspersky – Virus.Win32.Gpcode.ai
McAfee – GPCoder.h

The dilemma here is what information to disclose and not to disclose. And if you are going to disclose, how and how much?

Removing parts of a URL does not make sense. I think the rationale for URL blocking is to disclose information but not that much. Why disclose the URL at all? In the said blog post, Kaspersky was able to show the URL blocked by Symantec and Trend Micro by comparing the two descriptions. Now this is a lucky break, but just the same, the purpose for such partial disclosure is defeated.

(Why disclose URLs and email addresses? To inform IT security personnel on what URLs/email addresses to block. Why not disclose URLs? To prevent stupid users from accessing the URL/sending messages to email addresses.)

If you want to block URLs in the description, I think it is safer to block the left side portion, before the domain extension name. For example, in http://sample-domain.domain.com/file/file.ext, blocking or obfuscation should be http://{BLOCKED}.com/file/file.ext.

Or better yet, do not publish the URL. Makes more sense. Besides, displaying an obfuscated URL doesn’t add much to a description, isn’t it?

And please, AV companies: standardize. Heck, you cannot even agree on a single name for the same malware.

In the last episode, you have tested yourself if you can spot phishing at its face or not. This post will discuss the forms of phishing and their combinations.

Note that this is not a comprehensive discussion.

The goal of a phisher is to get your login credentials. That is usually a user name and a password. To do this, a phisher can do several things: (1) fool you into giving your user name and password, and (2) sniff your credentials without you knowing it.

The first form of phishing involves an elaborate way of fooling a person. It is usually done by sending an email asking the user to log on to the phishing site. Depending on the phisher, it can be convincing or an obvious phish. Under this scenario, a phisher spams a fake email purporting to have come from a known Web company (like eBay or PayPal). The email is a social engineering trick to force you to click on a given link. This link is masked so that on first inspection, you won’t realize that the URL is not as what it seems. Clicking on the link will divert you to an authentic looking Web site. When you enter your user name and password, the phisher gets your credentials.

In order for this method to work, the email must be convincing enough for the user to click on the link. Also, since the attack is via spam, this is a hit-or-miss affair. The phisher will have no idea if the recipient has an account for that Web company.

Now there is such a thing as a targetted attack. This scenario is scary because the phisher knows you have an account, and the fact that the phisher knows your email address means your online security has been compromised. Note the conjunction. The implication is grim, though this scenario is very rare.

The second form is more insidious. It invariably involves a malicious software (malware) commonly known as spyware. A spyware is a program that attempts to collect information about a computer user. It can do a lot of things to gather whatever information it needs. Most common is to sniff network packets, or monitor Web surfing habits of a user.

For example, the Bancos or Banker family of spyware are notorious in information stealing. Most of them monitors whatever Web sites a user views. When a user views a bank Web site, it can either display a spoof login page – a phish – or intercept the data that is submitted when a user logs in. You will probably never know that you have been compromised.

Are you familiar with phishing?

Phishing is one of the new frontier of malicious activity over the Internet. While malware do damage to computers and networks, phishing is more insidious and more malicious. The goal of phishing is to gain money. Its objective is to gain a person’s logon credentials for known business, e-commerce, and online bank sites. Phishing takes several forms and combinations of these forms, but the most common is by spoofing a Web site login page. There’s also HTML email phishing; I am sure you have encountered spam emails purporting to have come from eBay or PayPal. I receive several of those every day.

Now, how well can you spot a phishing attempt? Take this quiz from McAfee SiteAdvisor. I got seven out of ten, so that means I have to be careful a wee bit. You will be surprised on the methods in determining whether a site is a spoof or not.

Why should you take phishing seriously? Quoting from CSO:

According to Gartner, between May 2004 and May 2005, roughly 1.2 million U.S. computer users suffered phishing losses valued at $929 million.

By this time, the amount should be more than a billion US dollars. That’s serious money, and some people realized that there is a market for phishing. Hence, phishing kits are now available, allowing you to set up a phishing site/spoof Web site within second.

Be careful if you do online transactions, specially if they involve money.

PS: Post your score at the comments.