Tuesday, 30 April 2013

Ergonomics part 2

Having previously written about the poor state of my office chair and my affection for energy drinks I was stunned not to be bowled over by Herman Miller and Red Bull in a stampede to sign me up to some incredibly lucrative sponsorship deals.

Instead I had to buy my own kit.

The chair
Back-, butt- and buck-saver
Ultimately I chose an on-sale, mesh-back chair from Staples. Specifically it was the Ergo Mesh Executive Chair, and incredibly comfortable it is too.

I'd always suspected that those who spend around £100 on an office chair will feel the benefit. Now I am sure.

It might look like something you'd see in the dentist's surgery, and it is probably too space-consuming for those who perch at a desk in the corner of cramped living quarters, but if you have the room this is a back-saver.

I struggle to imagine that if I spent £800 I'd be sitting even twice as comfortably.

I only wish I had taped myself assembling it. That farce would surely have gone viral on YouTube, earning me numerous lucrative sponsorship deals...

The drink

Blue Spark: Energy drink
of penny-pinching champions
I have long maintained that Red Bull is the least vile-tasting option on the market, while Emerge is one of the most effective.

Neither of these drinks hold any interest for me now.

What about the new 'Limited Edition' Red Bull drinks? They are, it is to be hoped, very limited because they actually beat Emerge for tasting horrible.

The discovery of the month, however, is Tesco's new Blue Spark energy drink.

Blue Spark is half the price of KX, the previously cheapest option at UK supermarket Tesco. KX is a strong contender in my book, being inexpensive, quite effective and with a flavour that nearly escapes the realms of unpleasantness.

Blue Spark has, on the face of it, identical ingredients to KX and I can't tell much difference in the taste, if indeed there is a difference.

But it only costs 35p a tin. Now that's a five-star budget-buy winner!
By Simon PG Edwards - 13:20 2 comments
Categories:

Friday, 26 April 2013

Dennis Technology Labs is six

Six years ago today I launched Dennis Technology Labs.

Today we have a great team working on testing dozens of products all year round, using advanced forensics techniques.

It was not always so.

The very first version of the lab was a small box containing two servers, a switch and four Shuttle PCs. It sat in the corner of the editorial office, next to a publisher's office. People would walk past and casually observe world-leading anti-virus products failing to block malware. They were always surprised.

You can marvel at this system's glory above right, or here for slightly more detail.

While the latest version features significantly more equipment and is vastly more scalable, sadly it lacks the exciting blue and green fluorescent lighting.

We still have the original biohazard sign, though.
By Simon PG Edwards - 11:08 0 comments
Categories: ,

Introduction to malware forensics

Earlier this month I was delighted to sit on a discussion panel at Kaspersky Lab's reviewers workshop in Lisbon.

I later demonstrated some tools and techniques for analysing the behaviour of malware. I have provided links to the tools and some other useful resources.

(left to right) Peter Stelzhammer, Sveta Miladinov, Simon Edwards and Andreas Marx
The area that I focussed on involved detecting rootkit-related malware in tests. Usually you can't tell if there are hidden processes running using conventional tools.

At Dennis Technology Labs we always check for hidden processes using some advanced techniques usually reserved for malware analysts and forensics investigators.

To get a short insight into how we do that (and how you can), take a look at the link above.

Following a series of interviews, Arne Arnold from PC-Welt wrote an interesting article that shows the difference in opinions of testers and analysts. [Original (German); a poor Google Translation (English)]
By Simon PG Edwards - 10:58 0 comments
Categories: , , , , ,

Monday, 15 April 2013

Is it infected?

How do you know if a system is infected with malware?

This question is important to journalists, testers and other reviewers of anti-malware software.

The security product may claim to have defeated the threat but you need to dig down into the system using forensic tools to be sure that it has succeeded.

The following links and notes are intended for the journalists who attended Kaspersky Lab's reviewers workshop this week:

Wireshark
http://www.wireshark.org/download.html
http://wiresharkdownloads.riverbed.com/wireshark/win32/Wireshark-win32-1.8.6.exe
http://wiresharkdownloads.riverbed.com/wireshark/win64/Wireshark-win64-1.8.6.exe

CaptureBAT
https://www.honeynet.org/node/315
https://www.honeynet.org/files/CaptureBAT-Setup-2.0.0-5574.exe

>> CaptureBAT.exe -l demo.txt -n -c

Autoruns

http://technet.microsoft.com/en-US/sysinternals


WinPrefetchView
http://www.nirsoft.net/utils/win_prefetch_view.html
http://www.nirsoft.net/utils/winprefetchview.zip

Volatility
https://code.google.com/p/volatility/
https://volatility.googlecode.com/files/volatility-2.2.standalone.exe

>> volatility-2.2.standalone.exe -f stuxnet.raw pslist

>> volatility-2.2.standalone.exe -f stuxnet.raw psscan

>> volatility-2.2.standalone.exe -f stuxnet.raw psxview

Malware Analyst's Handbook
http://www.malwarecookbook.com
http://goo.gl/7gONZ (specific page on Amazon.com)

Stuxnet analysis
http://mnin.blogspot.co.uk/2011/06/examining-stuxnets-footprint-in-memory.html
By Simon PG Edwards - 18:41 2 comments
Categories: , , , , , ,
Subscribe to: Posts (Atom)