Virtual Machine Is A Very Beautiful Thing

Virtual machine is a very beautiful thing, but the majority computer users might be ignorant of it.  How beautiful virtual machine is?  Let me just say this right off the bat, virtual machine is there to piss off evil doers!  It’s so beautiful that you can basically download computer viruses onto a virtual machine without the fear of these nasty things go around and infect a physical machine.  Of course, with just about anything, if one is so inept in computer things, one might be able to allow the computer viruses and what not to infect the whole Intranet (LAN) network even one is using a virtual machine.  Nonetheless, one has to be very inept to do so.  For an example, allowing virtual machine to be on the same subnet with a physical machine without its own protection measures (i.e., antivirus, firewall and what not) — thus, showing just another door to the evil doers.  The evil doers can use a compromised active virtual machine as a gateway for their Intranet (LAN) hacking activities.  The beautiful thing is that if one is smart enough to secure a virtual machine, one basically has a hardened sandbox which can easily be used as a platform for browsing the dangerous web at will.  Perhaps, even downloading computer viruses and what not for testing purposes such as testing to see the effectiveness of an antivirus program.  Professional antivirus software reviewers are mostly using a hardened virtual machine to test to see how effective an antivirus program can be.

Virtual machine is so beautiful that it is very perverted.  How?  I’ve heard how many people have seen their computers got infected with computer viruses, worms, trojans, and what not just because they have been browsing dangerous pornographic websites.  What’s worse is that these folks do not use readily available simple measures such as Javascript blocker software/plugins (e.g., ScriptSafe, Noscript, etc…).  For an example, I’d talked to one person who complained that he would format his computer often, because he caught too many computer viruses.  This very person would like to say that he’s an advance computer user.  Nonetheless, he’d told me that he befuddled how his Windows machine kept on catching a flu (i.e., sarcasm for computer viruses).  Furthermore, he told me that it was too easy for his computer to catch a flu whenever he got perverted.  Obviously, it meant that he browsed pornographic websites and his computer caught a flu.  In the end, he told me his assumption that there’s no way a PC can be OK if one is browsing a pornographic website.  I told him flat out that he’s dead wrong.  The simplest answer I could give to him at that point was that just make sure his physical machine is clean (i.e., not being infected with any computer virus) and then install a virtual machine.

Virtual machine is beautiful since it’s allowing us to have a secure sandbox to play around.  Of course, it’s a bit more complicated than just a secure sandbox, because a virtual machine can run just about all major operating systems.  Furthermore, a virtual machine can be a quick testing ground for security software and what not.  If a virtual machine user doesn’t like what he or she sees, he or she can simply go through few clicks to delete a virtual machine and make a new one.  My suggestion for whoever that does browse the web dangerously is to install a virtual machine on a clean physical machine, install Linux such as Ubuntu, install firewall and ClamAV onto Ubuntu, harden up Ubuntu (virtual machine) as if it’s running on a real machine, and then browse the dangerous web.

Virtual machine is a strange beast, because it can do certain things exceptionally well and efficient, but it can be totally useless at times.  For an example, playing games on a virtual machine is a no no.  First of all, a virtual machine does not use a dedicated graphic card, because it’s emulating one.  Even if a virtual machine environment allows a physical computer to share dedicated graphic resources, I doubt a virtual machine could really share dedicated graphic resources efficiently.  Playing intensive graphic resource demanding games would be almost impossible.  Nonetheless, if one uses a virtual machine for applications such as virtualizing a NAS (i.e., Network Attached Storage server), it can become very interesting.  Imagining this further, how interesting it is for one to be able to clone a virtualized NAS easily, right?  Virtual machine platforms such as VirtualBox is certainly carrying the option of allowing a computer user to clone a virtual machine through few clicks of a mouse.

In summary, virtual machine is very beautiful, but the degrees of beautifulness are scaling accordingly according to whoever is using it.  One can simply use a virtual machine to test out how effective an antivirus software can be, but one can also use it to run a virtualized NAS.  If one is horny, one can simply browse the dangerous pornographic websites with a virtual machine.  Basically, virtual machine is quite useful and secure if one knows how to use it as a sandbox.

 

Advertisements

There’s Time To Be Nice, But Digital One Isn’t So

Should you be a nice guy when it comes to Internet etiquette?  The answer isn’t so simple since it’s all depending on the context of things.  For an example, a friend sent you an email for whatever purpose, important or not, you might have to reply to him or her.  Down to earth Internet etiquette cannot be so disconnected from physical world, otherwise we are not who we are, as in being human with complex emotions.  Thus, our strong human traits such as politeness can also be our weaknesses.  This is why social engineering is useful for some bad actors who have intension to hack into your digital life.

Without going to rant much on elusive Internet/digital philosophy, let me get to the point.  I’d recently received many online bank surveys through my email inbox.  The politeness of online etiquette wanted me to click on the survey request link in the email so I could start a survey, because being polite is good, whether that would be on the web or off the web.  Unfortunately, in the back of my head, my impolite part of the brain told me to not being so nice and polite, because the survey itself might not be sent from the bank.  I think there are ways to fake emails that look like they’re from the legitimate party.

My eventual action was usually a quick delete of such email.  Why?  Although I’m a nobody and poor, thus my bank account would be a waste of time for whoever wants to hack into it.  Thus, I’m not supposed to be all that protective toward my online bank account.  Regardless, I don’t really like being hack, because it feels very invasive.  Imagine a stranger just walks into your life and does whatever to you, how do you feel?  This is the feeling of being hack, because you don’t know the hacker or hackers!  So, it was a quick and simple decision, I rather not being polite and willy nilly clicking on a bank account survey link.  I don’t care if the email is legitimate or not, I just won’t subject myself to downloading malware or virus or trojan onto my computer just so I could have a nice digital etiquette.

In summary, I think we need to be very cautious about the stuffs that go through our emails.  Especially, survey invitations and what not might not be so innocent.  I’m writing this post is to remind my future self and whoever else to be more cautious about Internet security in regarding to email.  Furthermore, I like to remind my future self and whoever else that if a hacker has your email account, he or she can basically try to reset your passwords from your bank accounts, social website accounts, and what not.  If hackers are successful at resetting your online accounts’ passwords, then they’re basically taking control of your digital life.  Simply put, do you want a stranger to take over your life, albeit it’s an Internet one?

Latest Mac Flashback Trojan Threatens Mac Users With Java Enabled

Mac?!

Mac?! (Photo credit: Kramchang)

It’s being reported that the newest version of Mac Flashback Trojan can now exploit Java engine in Mac OS X, all versions of Mac OS X I guess.  It bypasses the administrator privilege protection, and so it can install itself onto any Mac machine with Java enabled without the need to use an administrator password.  As now, Apple has yet to release a security fix to counteract Mac Flashback Trojan’s Java exploit, therefore I think it’s best for you to disable Java plugin for your browsers!

Should you disable Java on Mac altogether?  Yes, but unfortunately Java is so interconnected with Mac OS X (all versions), therefore I do not yet know how to disable Java on Mac.  If you know, please write a comment or two and share your knowledge with my blog’s readers.  Anyhow, the easy quick fix for now is not to use Java in any browser that you use on Mac.

Without further ado, now I’m going into how to disable Java on the most popular browsers that you can use on Mac.  These browsers will have to be Safari, Firefox, Chrome, and Opera!  So check the instructions below…

  • Safari – disable Java, you need to go to Safari > Preferences > Security > and uncheck the box that says Enable Java.
  • Firefox – disable Java, you need to go to Tools > Add-ons > Plugins > and disable the Java Applet Plug-in plugin.
  • Chrome – disable Java, you need to type in about:plugins in the browser address bar and disable the Java plugin.
  • Opera – disable Java, you need to go to Tools > Advanced > Plug-Ins > and disable the Java Applet Plug-in.

Please don’t confuse Java with Javascript!  These two are different from each other!  Nonetheless, let me digress a little.  Javascript can also be dangerous sometimes, therefore you can disable Javascript by using popular extensions that are made available for certain popular browsers!  In Firefox, you can use Noscript extension.  In Chrome, you can try out the ScriptNo extension.  I don’t know any extension that can disable Javascript for Safari and Opera.

Sources:

New Mac Trojan Pretends To Be Flash, Tricking Users To Install Fake Flash

In case you haven’t heard it yet, Mac users are now ripe to be targeted by a new malware known as Flashback which relies on users who don’t yet have Flash on their Macs.  This trojan horse tricks Mac users to download the fake Flash installer and install it onto their Mac systems.  Mac users can also be infected by this fake Flash installer by visiting a malicious link (i.e., website).  Once Flashback trojan is on a Mac system, it will deactivate security software, inject malicious codes into Mac applications, and sending users’ information back to the malware owner (i.e., hackers).

I can imagine hackers come up with an attractive malicious websites such as a fan website for a very sexy and famous movie star, and then promise some type of pornographic images belong to such movie star if a user clicks on a certain link or installs the fake Flash (i.e., Flashback).  Of course, the hacker can use a trick where it checks to see if a user has already had Flash.  If a Mac user has already had Flash on his/her system, hacker can preprogram the website to show something else more attractive so a user will click on the malicious link to acquire the trojan anyway.  If a Mac user isn’t yet installed Flash on his/her Mac, then the preprogramming website can maliciously present the fake Flash so the user can install it.  I also don’t see why not hackers won’t go as far as sending malicious web links in emails, instant messengers, and so on to infect Mac users with Flashback trojan.

Basically, I advise one not to install Flash when a strange website wants one to do so.  One can always visit the official website of Adobe to install Flash.  Also, one can visit YouTube to acquire a legitimate Flash link, because YouTube will let one knows if one has Flash or not and point one to a legitimate Flash link so one can obtain Flash this way.

Flash may not be necessary as the world wide web moving forward in days to come.  Why?  HTML5 has now become ever more popular.  Many big web services such as Google has now begin concentrating on producing HTML5 web applications.  For an instance, users who don’t have Flash can still view YouTube videos by using a compatible browsers that support HTML5, because Google has programmed HTML5 to perform similar video functions as Flash for YouTube.

In conclusion, one needs not to install Flash and just use HTML5 in replacement for Flash, therefore one can stay away from this Flashback trojan. Flashback trojan can still infect users who click on malicious web links.  So, it’s important for users not to open up strange web links for now.  Hopefully, Apple will release some kind of fix to allow users to be able to actively protect themselves against the mechanics of Flashback trojan.

Source:  http://arstechnica.com/apple/news/2011/09/mac-trojan-pretends-to-be-flash-player-installer-to-get-in-the-door.ars?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+
arstechnica%2Findex+%28Ars+Technica+-+Featured+Content%29