Tag: platform

Jun 29

MIG: Mozilla InvestiGator by mozilla

Mozilla’s platform for real-time digital forensics and incident response of modern infrastructures

MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security. Watch on YouTube

MIG is composed of agents installed on all systems of an infrastructure that are be queried in real-time to investigate the file-systems, network state, memory or configuration of endpoints.

It’s an army of Sherlock Holmes, ready to interrogate your infrastructure within seconds.

Capability Linux MacOS Windows
file inspection check check check
network inspection check check (partial)
memory inspection check check check
vuln management check (planned) (planned)
system auditing (planned) (planned) (planned)

Imagine that it’s 7am on a saturday morning, and someone just released a critical vulnerability for your favorite PHP application. The vuln is already exploited and security groups are releasing indicators of compromise. Your weekend isn’t starting great, and the thought of manually inspecting thousands of systems isn’t making it any better.

MIG can help. The signature of the vulnerable PHP app (an md5 of a file, a regex on file, or just a filename) can be searches for across all your systems using the file module. Similarly, indicators of compromise such as specific log entries, backdoor files with {md5,sha{1,256,512,3-{256,512}}} hashes, IP addresses from botnets or signature in processes memories can be investigated using MIG. Suddenly, your weekend is looking a lot better. And with just a few command lines, thousands of systems will be remotely investigated to verify that you’re not at risk.

Source: MIG: Mozilla InvestiGator by mozilla

Apr 18

CALL FOR PAPERS | eDemocracy

CALL FOR PAPERS | eDemocracy.

 

e-Democracy 2015: Citizen rights in the world of the new computing paradigms 
6th International Conference on 
e-Democracy
CALL FOR PAPERS 
December 10-11, 2015, Athens, Greece
www.edemocracy2015.eu

Information and communication technologies move fast; faster than society, faster than governments, faster than the law. Connectivity is already impressive, but the near future brings about the interconnection of everything, via the Internet of Things. It also brings fundamental changes to our computing paradigm, with cloud computing gaining momentum and being expected to become the prevalent computing paradigm in the years to come. Increasingly more data are being collected, about almost everything one can imagine; and they remain there, in cyberspace, for ever, sometimes even resisting efforts to delete them. These data are so attractive that a new science, going by the name “big data” has already emerged. All these developments constitute in most cases an improvement in our everyday lives, but sometimes infringe our rights as citizens. The challenge, therefore, is to safeguard citizen rights in the face of a new era, landmarked by new computing paradigms.
This is the theme of the 6th occasion of the International Conference on e-Democracy that will be held in Athens, the cradle of democracy, on 10-11 December 2015. The conference is organized by the Scientific Council for the Information Society, in co-operation with the Hellenic Data Protection Authority and a substantial number of European and Greek universities and academia. It is intended, similarly to previous occasions, to provide a forum for presenting and debating the latest developments in the field, from a technical, political, and legal point of view.
The conference will include keynote addresses, tutorials, panels, Ph.D. colloquia and sessions, workshops, special, regular and poster sessions. All papers will be peer reviewed. Acceptance will be based on quality, relevance, and originality. Accepted papers will be published in the conference proceedings and selected papers will be invited to participate (after the necessary enhancements) to the evaluation process for inclusion in special issues of peer-reviewed journals.
The working language of the 6th International Conference on “e-Democracy ‘15: Challenges for Citizen Rights in the World of the New Computing Paradigms” is English. It is possible, however, that papers on Greek Law cases of e-Democracy issues be presented in Greek.
Topics of interest
The topics of interest include, but are not limited to, the following:

  • e-Democracy and e-Participation
      o e-Campaigning, e-Politics
      o e-Voting
      o Information and Consultation Platforms
      o Collaborative working environments for e-Democracy
      o Social computing and e-Democracy

• e-Government

    o Open and Big Data for e-Government
    o Cloud computing for e-Government
    o m-Government
    o e-Government services and administrative burdens
    o Business process modeling for e-Government systems
    o Tools and models for e-Government development
    o Case studies and European projects

• Security, Privacy and Trust

    o Security, Privacy and Trust in e-Business services
    o Security, Privacy and Trust in e-Government services
    o Security, Privacy and Trust in Online Social Network Services
    o Cloud Computing Security and Privacy
    o Identity Management, Identity Theft and Trust Management
    o Information Audit and Trust
    o Digital Rights Management
    o Trust and Reputation in Digital Environments
    o Cyber attacks and advances on network security
    o Cryptographic Technologies
    o Anonymisation Methodologies and Best Practices
    o Privacy by Design and Default Methodologies
    o Tracking Technologies and Do-Not-Track Systems
    o Privacy Impact Assessment Methodologies
    o Privacy Enhancing Location and Mobility Management
    o Security and Privacy Audit, Risk and Governance
    o Security and Data Protection Education
    o Tradeoffs between security and efficiency, usability, reliability and cost

• e-Crime, e-Fraud and Digital Forensics

    o Cyber Crime Detection and Prevention
    o Internet Fraud, Cyber War
    o Computer Forensics and Anti-forensics

• Social, legal and ethical issues

    o Digital Divide
    o Internet Addiction
    o Transparency and Accountability in Data Protection
    o Ethics in Digital Societies
    o Surveillance Technologies and Legal Implications
    o Freedom of Expression and Privacy
    o Freedom of Information and Privacy
    o Social factors of collaborative creativity

Important Dates
Full paper submission deadline: May 31, 2015
Notification of decision: July 15, 2015
Camera-ready deadline: July 30, 2015

Instructions for Authors
Submitted papers must not substantially overlap with papers that have been published or that have been simultaneously submitted to a journal or a conference with proceedings. All submissions should be appropriately anonymised (i.e., papers should not contain author names or affiliations, or obvious citations). Submissions should be at most 15 pages, including the bibliography and well-marked appendices, and should follow the LNCS style (http://www.springeronline.com/lncs). Submissions are to be made to the submission web site at https://easychair.org/conferences/?conf=edemocracy15. Only pdf files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Papers must be received by the deadline of 31 May 2015 (11:59 p.m. American Samoa time). Authors of accepted papers must guarantee that their papers will be presented at the conference. Efforts will be made to publish the conference proceedings by Springer in the Lecture Notes in Computer Science (LNCS) series.

The authors of selected accepted papers will be invited to extend their work for further publication in the Emerald journal Information and Computer Security (http://www.emeraldinsight.com/journal/ics# ).

Conference Steering Committee
Sokratis K. Katsikas, University of Piraeus, Greece (Chair)
Vassilis Zorkadis, Vice-President of SCIS, Greece (Vice-chair)
Philippos Mitletton, Secretary General of SCIS, Greece (Secretary)
Lazaros Iliadis, Democritus University of Thrace, Greece
Constantina Costopoulou, Agricultural University of Athens, Greece
Constantine Yialouris, Agricultural University of Athens, Greece
Elias Pimenidis, University of the West of England, UK
Spyros Voulgaris, Vrije Universiteit, The Netherlands
Irene Vassilaki, Board member of SCIS, Greece
Charalampos Patrikakis, Technological Educational Institute of Piraeus, Greece

Conference Honorary Chair
Alexander B. Sideridis, Agricultural University of Athens, Greece

Program Committee Chair
Sokratis K. Katsikas, University of Piraeus, Greece

Program Committee
Isaac Agudo, University of Malaga, Spain
Evgenia Alexandropoulou, University of Macedonia, Greece
Zacharoula Andreopoulou, Aristotle University of Thessaloniki, Greece
Maria Bottis, Ionian University, Greece
Christos Bouras, University of Patras, Greece
Athena Bourka, ENISA, Greece
David Chadwick, University of Kent, UK
Vassilios Chryssikopoulos, Ionian University, Greece
Nathan Clarke,University of Plymouth, UK
Tina Costopoulou, Agricultural University of Athens, Greece
Ernesto Damiani, University of Milan, Italy
Sabrina De Capitani Di Vimercati, University of Milan, Italy
Christos Douligeris, University of Piraeus, Greece
Carmen Fernández-Gago, University of Malaga, Spain
Simone Fischer-Hübner, Karlstad University, Sweden
Sara Foresti,University of Milan, Italy
Steven Furnell, University of Plymouth, UK
Jürgen Fuß,University of Applied Sciences Upper Austria,Austria
Dimitris Geneiatakis, EC Joint Research Center Ispra, Italy
Christos Georgiadis, University of Macedonia, Greece
Dimitris Gouscos, University of Athens, Greece
Stefanos Gritzalis, University of the Aegean, Greece
Mp.Gupta,Indian Institute of Technology Delhi (IIT Delhi), India
Marit Hansen,Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, Germany
Lazaros Iliadis, Democritus University of Thrace, Greece
Dimitra Kaklamani, National Technical University of Athens, Greece
Christos Kalloniatis, University of the Aegean, Greece
Ioanna Kantzavelou, Technological Educational Institute of Athens, Greece
Maria Karyda, University of the Aegean, Greece
Vasilis Katos, Bournemouth University, UK
Spyros Kokolakis, University of the Aegean, Greece
Nicholas Kolokotronis, University of Peloponnese, Greece
Panayiotis Kotzanikolaou, University of Piraeus, Greece
Costas Lambrinoudakis, University of Piraeus, Greece
Maria Lambrou, University of the Aegean, Greece
Konstantinos Limniotis, University of Athens, Greece
Antonio Lioy, Politecnico di Torino, Italy
Javier Lopez, University of Malaga, Spain
Nikos Lorentzos, Agricultural University of Athens, Greece
Euripidis Loukis, University of the Aegean, Greece
Emmanouil Magkos, Ionian University, Greece
Vicky Manthou, University of Macedonia, Greece
Nikolaos Marianos, University of the Aegean, Greece
Giannis Marias, Athens University of Economics and Business, Greece
Olivier Markowitch, Université Libre de Bruxelles (ULB), Belgium
Vashek Matyas, Masaryk University, Czech Republic
Vojtech Merunka, Czech Technical University in Prague, Czech Republic
Lilian Mitrou, University of the Aegean, Greece
Martin Molhanec, Czech Technical University in Prague, Czech Republic
Haris Mouratidis, University of Brighton, UK
Maria Ntaliani, Agricultural University of Athens, Greece
Christoforos Ntantogian, University of Piraeus, Greece
Martin Olivier, University of Pretoria, South Africa
Rolf Oppliger, eSECURITY Technologies, Switzerland
Andreas Pashalidis, K.U.Leuven, Belgium
Charalampos Patrikakis, National Technical University of Athens, Greece
Guenther Pernul, University of Regensburg,Germany
Elias Pimenidis, University of the West of England, UK
Nineta Polemi, University of Piraeus, Greece
Bart Preneel, K.U. Leuven, Belgium
Andreja Pucihar, University of Maribor, Slovenia
Gerald Quirchmayr, University of Vienna, Austria
Muttukrishnan Rajarajan, City University, UK
Kai Rannenberg, Goethe University Frankfurt, Germany
Panagiotis Rizomiliotis, University of the Aegean, Greece
Carsten Rudolph, Fraunhofer Institute for Secure Information Technology, Germany
Christoph Ruland, University of Siegen, Germany
Pierangela Samarati, University of Milan, Italy
Einar Snekkenes, Gjovik University College, Norway
Miguel Soriano,U niversitat Politècnica de Catalunya (UPC), Spain
Diomidis Spinellis, Athens University of Economics and Business, Greece
Paul Spirakis,University of Patras, Greece
Stephanie Teufel, University of Fribourg, iimt, Switzerland
Marianthi Theocharidou, Athens University of Economics & Business, Greece
Yannis Theocharis,University of Mannheim, Germany
Aggeliki Tsochou,Ionian University, Greece
Irene Vassilaki, SCIS, Greece
Maro Vlachopoulou, University of Macedonia, Greece
Vasileios Vlachos, Technological Educational Institute of Larissa, Greece
Spyros Voulgaris, VU University Amsterdam, The Netherlands
Edgar Weippl, Vienna University of Technology, Austria
Christos Xenakis, University of Piraeus, Greece
Constantine Yialouris, Agricultural University of Athens, Greece
Jianying Zhou, Institute for infocomm research, Singapore
Vassilis Zorkadis, Hellenic Data Protection Authority, Greece
Sotiris Karetsos, Agricultural University of Athens, Greece

Download CfP

Aug 18

The Secret Life of SIM Cards – DEFCON 21 – simhacks

SIM cards can do more than just authenticate your phone with your carrier. Small apps can be installed and run directly on the SIM separate from and without knowledge of the phone OS. Although SIM Applications are common in many parts of the world, they are mostly unknown in the U.S. and the closed nature of the ecosystem makes it difficult for hobbyists to find information and experiment.

This talk, based on our experience building SIM apps for the Toorcamp GSM network, explains what (U)SIM Toolkit Applications are, how they work, and how to develop them. We will explain the various pieces of technology involved, including the Java Card standard, which lets you write smart card applications using a subset of Java, and the GlobalPlatform standard, which is used to load and manage applications on a card. We will also talk about how these applications can be silently loaded, updated, and interacted with remotely over-the-air.

via The Secret Life of SIM Cards – DEFCON 21 – simhacks.

Jul 08

Top 10 Secure Coding Practices – Secure Coding – CERT Secure Coding Standards

Top 10 Secure Coding Practices

Validate input. Validate input from all untrusted data sources. Proper input validation can eliminate the vast majority of software vulnerabilities. Be suspicious of most external data sources, including command line arguments, network interfaces, environmental variables, and user controlled files [Seacord 05].

Heed compiler warnings. Compile code using the highest warning level available for your compiler and eliminate warnings by modifying the code [C MSC00-A, C++ MSC00-A]. Use static and dynamic analysis tools to detect and eliminate additional security flaws.

Architect and design for security policies. Create a software architecture and design your software to implement and enforce security policies. For example, if your system requires different privileges at different times, consider dividing the system into distinct intercommunicating subsystems, each with an appropriate privilege set.

Keep it simple. Keep the design as simple and small as possible [Saltzer 74, Saltzer 75]. Complex designs increase the likelihood that errors will be made in their implementation, configuration, and use. Additionally, the effort required to achieve an appropriate level of assurance increases dramatically as security mechanisms become more complex.

Default deny. Base access decisions on permission rather than exclusion. This means that, by default, access is denied and the protection scheme identifies conditions under which access is permitted [Saltzer 74, Saltzer 75].

Adhere to the principle of least privilege. Every process should execute with the the least set of privileges necessary to complete the job. Any elevated permission should be held for a minimum time. This approach reduces the opportunities an attacker has to execute arbitrary code with elevated privileges [Saltzer 74, Saltzer 75].

Sanitize data sent to other systems. Sanitize all data passed to complex subsystems [C STR02-A] such as command shells, relational databases, and commercial off-the-shelf (COTS) components. Attackers may be able to invoke unused functionality in these components through the use of SQL, command, or other injection attacks. This is not necessarily an input validation problem because the complex subsystem being invoked does not understand the context in which the call is made. Because the calling process understands the context, it is responsible for sanitizing the data before invoking the subsystem.

Practice defense in depth. Manage risk with multiple defensive strategies, so that if one layer of defense turns out to be inadequate, another layer of defense can prevent a security flaw from becoming an exploitable vulnerability and/or limit the consequences of a successful exploit. For example, combining secure programming techniques with secure runtime environments should reduce the likelihood that vulnerabilities remaining in the code at deployment time can be exploited in the operational environment [Seacord 05].

Use effective quality assurance techniques. Good quality assurance techniques can be effective in identifying and eliminating vulnerabilities. Fuzz testing, penetration testing, and source code audits should all be incorporated as part of an effective quality assurance program. Independent security reviews can lead to more secure systems. External reviewers bring an independent perspective; for example, in identifying and correcting invalid assumptions [Seacord 05].

Adopt a secure coding standard. Develop and/or apply a secure coding standard for your target development language and platform.

Bonus Secure Coding Practices

Define security requirements. Identify and document security requirements early in the development life cycle and make sure that subsequent development artifacts are evaluated for compliance with those requirements. When security requirements are not defined, the security of the resulting system cannot be effectively evaluated.

Model threats. Use threat modeling to anticipate the threats to which the software will be subjected. Threat modeling involves identifying key assets, decomposing the application, identifying and categorizing the threats to each asset or component, rating the threats based on a risk ranking, and then developing threat mitigation strategies that are implemented in designs, code, and test cases [Swiderski 04].

 

via Top 10 Secure Coding Practices – Secure Coding – CERT Secure Coding Standards.

Jul 08

50. Android (DRD) – java – CERT Secure Coding Standards

The following rules and guidelines are specific only to the Android platform. These do not apply to the development of Java or C programs for non-Android platforms. (The full set of Android -relevant rules and guidelines are here.) The term sensitive incorporates the Java glossary definition of sensitive data, as well as the Android concept of permission-protected.

DRD00-J. Do not store sensitive information on external storage (SD card) unless encrypted first

DRD01-J. Limit the accessibility of an app’s sensitive content provider

DRD02-J. Do not allow WebView to access sensitive local resource through file scheme

DRD03-J. Do not broadcast sensitive information using an implicit intent

DRD04-J. Do not log sensitive information

DRD05-J. Do not grant URI permissions on implicit intents

DRD06-J. Do not act on malicious intents

DRD07-J. Protect exported services with strong permissions

DRD08-J. Always canonicalize a URL received by a content provider

DRD09-J: Restrict access to sensitive activities

DRD10-J. Do not release apps that are debuggable

DRD11-J. Ensure that sensitive data is kept secure

DRD12-J. Do not trust data that is world writable

DRD13-J. Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)

DRD14-J. Check that a calling app has appropriate permissions before responding

DRD15-J. Consider privacy concerns when using Geolocation API

DRD16-J. Explicitly define the exported attribute for private components

DRD17-J. Do not use the Android cryptographic security provider encryption default for AES

DRD18-J. Do not use the default behavior in a cryptographic library if it does not use recommended practices

DRD19-J. Properly verify server certificate on SSL/TLS

via 50. Android (DRD) – java – CERT Secure Coding Standards.

Jun 22

Subrosa – Talk freely

Subrosa is an encrypted communication platform.

via Subrosa – Talk freely.

Feb 28

New software: cryptosat

This package allows for the user to generate, manipulate, and solve SAT instances encoding cryptographic algorithms of the ARX family (Addition, Rotation, eXclusive or) that make use of bitwise Boolean functions and S-Boxes. Currently supported algorithms include the compression function of the obsolete hash algorithm MD4, the stream cipher ZUC used in 4G LTE, and the key schedule of block ciphers WIDEA and MESH. The package can be easily extended in order to support other algorithms.
System requirements: Linux, g++, little-endian platform.

Download: cryptosat_0.2.1.tar
cryptosat_0.1.0.tar

Jul 17

Vodstok – Share files freely

Vodstok was primarily developped as a voluntary distributed storage kit that anybody may use to be part of a acentered storage network. More than that, it is now an easy-to-use platform to share information (your files, pictures, documents, whatever you want) freely and securely.

You can see Vodstok as a great hard drive splitted over multiple servers all over the Internet. Since Vodstok is an OpenSource web application, anybody can install it on a server and share a part of its allocated space with other Vodstok users ! Vodstok is easy to install, because it does not need any heavy database and only relies on PHP version >5.2.

 

Vodstok – Share files freely.

Jul 12

Windows Security Downloads

Publisher: Malwarebytes
Version: 0.9.2.1200 | Platform: Windows | Category: Security Utilities | Total Downloads: 2,429 | Downloads last week: 1,238
Added on July 01, 2013
Malwarebytes Anti-Exploit BETA, formerly known as ExploitShield by ZeroVulnerabilityLabs, is a security program that protects you from zero-day exploits that target browser and application vulnerabilities. This program is meant to run alongside your traditional anti-virus or anti-malware products and provides extra protection against software and Windows vulnerabilities that are discovered, but do not have a patch available to fix them.

HitmanPro Logo
Publisher: SurfRight
Version: 3.7 | Platform: Windows | Category: Anti-Virus | Total Downloads: 64,437 | Downloads last week: 4,939
Added on April 03, 2013
HitmanPro is an anti-virus program that describes itself as a second opinion scanner that should be used in conjunction with another anti-virus program that you may already have installed.  If malware slips past your anti-virus software, HitmanPro will then step in to detect it.  Though SurfRite bills themselves as a second opinion scanner that does not mean that you cannot use the program as your primary anti-virus product. This is because its scanning technology not only incorporates its own virus definitions but also has the ability to scan files on your computer with the definitions of 5 other anti-virus vendors.

Shortcut Cleaner Logo
Publisher: BleepingComputer
Version: 1.2.3.0 | Platform: Windows | Category: Security Utilities | Total Downloads: 26,566 | Downloads last week: 2,778
Added on June 11, 2013
Shortcut Cleaner is a utility that will scan your computer for Windows shortcuts that have been hijacked by unwanted or malicious software.  When Shortcut Cleaner finds bad shortcuts, it will automatically clean them so that they do not open unwanted programs.

Malwarebytes Anti-Rootkit Logo
Publisher: Malwarebytes
Version: 1.01.0.1021 | Platform: Windows | Category: Rootkit Scanner | Total Downloads: 90,574 | Downloads last week: 2,361
Added on March 21, 2013
Malwarebytes Anti-Rootkit is a free program that can be used to search for and remove rootkits from your computer.  When started, Malwarebytes Anti-Rootkit will scan your computer and allow you to remove any rootkits that it finds.

Junkware Removal Tool Logo
Publisher: thisisu
Platform: Windows | Category: Security Utilities | Total Downloads: 133,715 | Downloads last week: 9,822
Added on December 14, 2012
Junkware Removal Tool is a security utility that searches for and removes common adware, toolbars, and potentially unwanted programs (PUPs) from your computer.  A common tactics among freeware publishers is to offer their products for free, but bundle them with PUPs in order to earn revenue.  This tool will help you remove these types of programs.

AdwCleaner Logo
Publisher: Xplode
Platform: Windows | Category: Security Utilities | Total Downloads: 1,516,212 | Downloads last week: 88,061
Added on July 11, 2013
AdwCleaner is a program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer.  By using AdwCleaner you can easily remove many of these types of programs for a better user experience on your computer and while browsing the web.

SecurityCheck Logo
Publisher: screen317
Platform: Windows | Category: Security Utilities | Total Downloads: 13,139 | Downloads last week: 419
Added on January 16, 2013
SecurityCheck is a program that searches for installed and running security programs on a user’s program. After it is finished, SecurityCheck will then display a log file that contains information about the security programs found on your computer and the status of security services such as Windows Firewall.

RogueKiller Logo
Publisher: Tigzy
Platform: Windows | Category: Security Utilities | Total Downloads: 122,826 | Downloads last week: 6,088
Added on October 01, 2012
RogueKiller is a security tool that can be used to terminate and remove malicious processes and programs from your computer.  RogueKiller has the ability to remove infections such as ZeroAccess, TDSS, rogue anti-spyware programs, and Ransomwares.

SUPERAntiSpyware Logo
Publisher: SUPERAntiSpyware
Platform: Windows | Category: Anti-Spyware | Total Downloads: 30,704 | Downloads last week: 815
Added on September 27, 2012
SUPERAntiSpyware is a free anti-spyware program that offers excellent detections and quick removal of common infections. As malware is constantly evolving and new variants are released, there is not one particular security program that will be able to protect you from all threats.  Therefore it is important to have a variety of programs in your security toolbox that you can use to scan your computer for malware and aid you in their removal.  SUPERAntiSpyware is definitely one of the programs that you want to have at your disposal.

Secunia PSI Logo
Publisher: Secunia
Version: 3.0 | Platform: Windows | Category: Monitoring Software | Total Downloads: 17,859 | Downloads last week: 309
Added on August 07, 2012
Secunia PSI is a tool that can be used to monitor your installed applications for new updates.  When started, Secunia PSI will scan your computer for applications and install any updates that are available for them. This allows your computer to remain secure from possible vulnerabilities in your installed programs.
Publisher: Emsisoft
Platform: Windows | Category: Security Utilities | Total Downloads: 11,833 | Downloads last week: 178
Added on August 24, 2012
BlitzBlank is an advanced system administration tool that allows you to disable drivers, delete files, folders, Windows Registry keys and values that are in-use or locked by malware. BlitzBlank also includes the ability to create scripts for removing multiple files, folders, and Registry information at once in order to avoid malware recreating the files and locking them again. This tool should only be used by advanced system administrators and IT professionals due to its ability to delete almost any file or folder.

Emsisoft Emergency Kit Logo
Publisher: Emsisoft
Platform: Windows | Category: Anti-Virus | Total Downloads: 115,794 | Downloads last week: 718
Added on January 27, 2013
Emsisoft Emergency Kit is a collection of standalone security programs and scanners that can be run from a USB key, bootable CD/DVD, or from within Windows Safe Mode without having to download and install a full security product.  This program is very useful for infections, such as Ransomware,  that cannot be removed while the infections are active or while logged into Windows.

OTL Logo

OTL

Publisher: OldTimer
Platform: Windows | Category: Security Utilities | Total Downloads: 30,667 | Downloads last week: 625
Added on July 24, 2012
OTL, or OldTimer ListIt, is a tool that is used to diagnose a computer for a possible malware presence and to provide system diagnostics information that can by someone working on a computer.  When run, OTL will scan your computer for a variety of information and then generate a report with a tremendous amount of information about your computer’s hardware, programs, files, and running environment.

HijackThis Logo
Publisher: Trend Micro
Version: 2.0.4 | Platform: Windows | Category: Security Utilities | Total Downloads: 112,015 | Downloads last week: 1,991
Added on August 24, 2012
HijackThis is a program that can be used to quickly spot home page hijackers and startup programs that you do not want to start automatically. This program is a not anti-virus program, but rather a enumerator that lists programs that are starting up automatically on your computer as well as other configuration information that is commonly hijacked.

Hosts-perm.bat Logo
Publisher: BleepingComputer
Platform: Windows | Category: Security Utilities | Total Downloads: 12,752 | Downloads last week: 227
Added on June 02, 2012
Hosts-perm.bat is a batch file that will reset the permissions for the Windows HOSTS file.  In the event that you attempt to delete or modify the HOSTS file and receive a message stating that you do not have permission, you can use the Hosts-perm.bat to reset the permissions so that you can properly access it.

ListParts Logo
Publisher: Farbar
Platform: Windows | Category: Security Utilities | Total Downloads: 13,638 | Downloads last week: 206
Added on June 13, 2012
ListParts is a small utility that will create a log that contains a listing of all the hard drive partitions on your computer, which can then be posted on the forum that you are receiving help.  This tool is useful for diagnosing rootkit infections that create additional hidden partitions on your computer.

VT Hash Check Logo
Publisher: Andrew Lambert
Version: 1.3 | Platform: Windows | Category: Security Utilities | Total Downloads: 3,365 | Downloads last week: 45
Added on May 09, 2013
VT Hash check adds a context menu item for all files allowing you to quickly search VirusTotal.com for matching files and their corresponding malware reports.

GrantPerms Logo
Publisher: Farbar
Platform: Windows | Category: Security Utilities | Total Downloads: 13,037 | Downloads last week: 234
Added on May 30, 2012
GrantPerms is a small portable tool that can be used to check permissions or unlock multiple files and folders. It is useful in cases where malware locks security files and system files and prevent them from running even after the malware is removed.

MiniToolBox Logo
Publisher: Farbar
Platform: Windows | Category: Security Utilities | Total Downloads: 59,263 | Downloads last week: 1,331
Added on June 26, 2012
MiniToolBox detects Internet connection issues due to broken or hijacked LSP, proxy settings, and problems with network adapters. It can also be used to detecte search redirections and router hijackings.

Farbar Recovery Scan Tool Logo
Publisher: Farbar
Platform: Windows | Category: Security Utilities | Total Downloads: 143,221 | Downloads last week: 4,139
Added on April 22, 2013
Farbar Recovery Scan Tool, or FRST, is a portable application designed to run on Windows XP, Windows Vista, Windows 7 and Windows 8 in normal or safe mode to diagnose malware issues.
Farbar Service Scanner Logo
Publisher: Farbar
Platform: Windows | Category: Security Utilities | Total Downloads: 85,921 | Downloads last week: 1,770
Added on July 02, 2013
Farbar Service Scanner allows you to diagnose network connectivity issues due to corrupted or missing Windows services.

ComboFix Logo
Publisher: sUBs
Version: 13.7.11.3 | Platform: Windows | Category: Anti-Virus | Total Downloads: 10,507,380 | Downloads last week: 155,855
Added on January 29, 2013
ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program.

Vba32 AntiRootkit Logo
Publisher: VirusBlockAda
Platform: Windows | Category: Rootkit Scanner | Total Downloads: 11,231 | Downloads last week: 162
Added on May 21, 2012
Vba32 AntiRootkit is an advanced Rootkit scanner from VirusBlockAda.  This free scanner will search for kernel-mode rootkits, suspicious autoruns, and hidden processes.  VBA AntiRootkit is an advanced tool as it does not perform an automatic scan and removal.  Instead it displays any possible issues, which you will then have to decide how to act upon.

McAfee Labs Rootkit Remover Logo
Publisher: McAfee Labs
Platform: Windows | Category: Rootkit Scanner | Total Downloads: 9,051 | Downloads last week: 165
Added on May 21, 2012
McAfee Labs Rootkit Remover is a free stand-alone product that scans your computer for Rootkits and attempts to remove them.  This version of Rootkit Remover is limited as it only detected and removes the ZeroAccess and TDSS family of rootkits.

Panda Anti-Rootkit Logo
Publisher: Panda Security
Platform: Windows | Category: Rootkit Scanner | Total Downloads: 8,489 | Downloads last week: 152
Added on May 20, 2012
Panda Anti-Rootkit is a free rootkit scanner from Panda Security. This program will scan your computer for Rootkits and attempt to remove them.

Sophos Virus Removal Tool Logo
Publisher: Sophos
Platform: Windows | Category: Anti-Virus | Total Downloads: 12,383 | Downloads last week: 194
Added on May 20, 2012
The Sophos Virus Removal Tool is a stand-alone program that allows you to perform a quick scan of your computer for computer viruses.  If any infections are found it will attempt to remove them for free. As this program only scans your computer and remove any infections it finds, it can be used even if you have another anti-virus product installed.

Trend Micro RootkitBuster Logo
Publisher: Trend Micro
Platform: Windows | Category: Rootkit Scanner | Total Downloads: 16,200 | Downloads last week: 289
Added on June 03, 2013
Trend Micro RootkitBuster is a program that will scan your computer for Rootkits.  This scanner will scan for rootkits that are using the latest technology including Master Boot Record (MBR) infections.

RootRepeal Logo
Publisher: ad13
Platform: Windows | Category: Rootkit Scanner | Total Downloads: 7,693 | Downloads last week: 123
Added on May 19, 2012
RootRepeal is a rootkit scanner thatRootRepeal is a rootkit scanner that scans for kernel-mode drivers, whether they are hidden, or if the driver file is hidden on disk.  It also has the ability to look for hidden files, hidden process, SSDT hooks, hidden services, and stealth objects.

RootkitRevealer Logo
Publisher: Microsoft
Platform: Windows | Category: Rootkit Scanner | Total Downloads: 7,116 | Downloads last week: 111
Added on May 19, 2012
RootkitRevealer is a rootkit scanner from Microsoft Sysinternals.  This program will search for user-mode or kernel-mode rootkits and list any API discrepancies that are found.

FixExec Logo
Publisher: BleepingComputer
Platform: Windows | Category: Security Utilities | Total Downloads: 125,414 | Downloads last week: 801
Added on August 24, 2012
FixExec is a program that is designed to fix executable file associations for the .bat, .exe, and .com file extensions. If the program detects any of these associations are missing, changed, or hijacked, the settings will be set back to the original Windows defaults. When file associations for batch, executable, or COM files are changed it could cause your executables to no longer start. If you are looking for FixNCR.reg, this file replaces FixNCR with greater functionality.
RKill Logo
Publisher: BleepingComputer
Version: 2.5.4.0 | Platform: Windows | Category: Security Utilities | Total Downloads: 1,961,881 | Downloads last week: 37,963
Added on June 03, 2013
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.

Unhide Logo
Publisher: BleepingComputer
Version: 2.0.0.0 | Platform: Windows | Category: Security Utilities | Total Downloads: 343,891 | Downloads last week: 1,568
Added on November 24, 2012
Unhide is a program that reverts back the changes made to your files and Windows Registry by the rogue.FakeHDD family of rogue anti-spyware program. This family of malware pretends to be a hard disk repair and system optimization program for Windows. In reality, though, these programs are computer infections that deliberately hide your files and change certain settings in the Windows Registry to make it appear that you have lost data on your hard drive. It will then prompt you to purchase the program to restore the data.

Defogger Logo
Publisher: jpshortstuff
Platform: Windows | Category: Security Utilities | Total Downloads: 20,737 | Downloads last week: 244
Added on May 17, 2012

If you have a CD or DVD emulation software installed, it may make it harder to get accurate scan results when you scan your computer with a anti-rootkit scanner. Due to this it is wise to first disable these emulation programs before scanning your computer so that the scan results are more accurate.


Malwarebytes Anti-Malware Logo
Publisher: Malwarebytes
Version: 1.75.0.1300 | Platform: Windows | Category: Anti-Spyware | Total Downloads: 1,718,986 | Downloads last week: 28,996
Added on April 10, 2013
Malwarebytes is a light-weight anti-malware program that is excellent at removing the latest detections.  This program is recommended as a support product for your normal anti-virus program.

TDSSKiller Logo
Publisher: Kaspersky Lab
Platform: Windows | Category: Rootkit Scanner | Total Downloads: 715,665 | Downloads last week: 20,728
Added on August 24, 2012
TDSSKiller is a utility created by Kaspersky Labs that is designed to remove the TDSS rootkit. This rootkit is know under other names such as Rootkit.Win32.TDSS, Tidserv, TDSServ, and Alureon. TDSSKiller will also attempt to remove other rootkits such as the ZeroAccess or ZeroAccess rootkit if it is detected.

GMER Logo
Publisher: GMER
Version: 2.1 | Platform: Windows | Category: Rootkit Scanner | Total Downloads: 22,389 | Downloads last week: 333
Added on April 19, 2013
GMER is a anti-rootkit scanner that searchs your computer for Rootkits on your computer and then allows you to attempt to remove them.

aswMBR Logo
Publisher: AVAST Software
Platform: Windows | Category: Rootkit Scanner | Total Downloads: 50,931 | Downloads last week: 840
Added on August 24, 2012
aswMBR is a anti-rootkit scanner that searchs your computer for Rootkits that infect the Master Boot Record, or MBR, of your computer. This includes the TDL4/3, MBRoot (Sinowal), and Whistler rootkits. For this program to properly work it must first download the Avast virus definitions, so you will need an active Internet connection before using it.

 

Windows Security Downloads.

May 06

Who Has Your Back? 2013 | Electronic Frontier Foundation

When you use the Internet, you entrust your conversations, thoughts, experiences, locations, photos, and more to companies like Google, AT&T and Facebook. But what do these companies do when the government demands your private information? Do they stand with you? Do they let you know what’s going on?

In this annual report, the Electronic Frontier Foundation examined the policies of major Internet companies — including ISPs, email providers, cloud storage providers, location-based services, blogging platforms, and social networking sites — to assess whether they publicly commit to standing with users when the government seeks access to user data. The purpose of this report is to incentivize companies to be transparent about how data flows to the government and encourage them to take a stand for user privacy whenever it is possible to do so.

We compiled the information in this report by examining each company’s published terms of service, privacy policy, transparency report, and guidelines for law enforcement requests, if any. We also considered the company’s public record of fighting for user privacy in the courts and whether it is a member of the Digital Due Process coalition, which encourages Congress to improve outdated communications law. Finally, we contacted each company to explain our findings and gave them an opportunity to provide evidence of improved policies and practices. These categories are not the only ways that a company can stand up for users, of course, but they are important and publicly verifiable. In addition, not every company has faced a decision about whether to stand up for users in the courts, but we wanted to particularly commend those companies who have done so when given with the opportunity.

 

Who Has Your Back? 2013 | Electronic Frontier Foundation.