AVG is one from this quite old trio of big free anti-virus software. The others being AntiVir/Avira (my current antivirus) and Avast!. I tried them all a long while ago, by the time of version 5-6 of AntiVir and AVG, and from this period I remembered how heavy AVG and Avast! were (plus they used to require a registration on their website) while AntiVir felt so light, with a rather miserable GUI that I liked but which used to repulse “basic” users. And I stuck with it until now, even though they “upgraded” the interface to something shiny but heavy like hell, notably because Avast! was still heavier and heavier and because AVG got pretty poor ratings from anti-virus tests during a large period.

But it wasn’t all brilliant. AntiVir saved my @$$, well, I don’t remember of a single time actually. Probably it caught a few highly suspicious files that I was going to check myself anyway, but that remained highly rare. During the same time, it gave me tons and tons of false positives, notably on a lot of things I programmed myself and packed using UPX, and on a lot of trainers (I used quite many of them for Wiki4Games…). It also failed to register that I don’t want it to detect that Abel & Cain installation file which has been sleeping on my PC for ages (and suddenly got detected forever after some update). And finally, it totally missed Buzus, which I only caught thanks to RegRun. When I caught the files and sent them to online scanners (Virustotal and VirSCAN), I noticed that:

1. as usual, Kaspersky pwned
2. only a few scanners detected the virus (3/41=7% or 5/36=14%)
3. and AVG was amongst those!

After all I’d heard and seen in tests about AVG, I was rather amazed. But considering how I was disappointed with my AntiVir experience, I eventually decided to give it another chance.

First impression: bloody hard to find on avg.com: I ended up searching for AVG free on Google…
Second impression: omfg it’s huge: the installer is more than twice as big as AntiVir: 84 MiB vs 40 MiB (Avast: is 46 MiB)
The installer is ok, it seems to do weird things at the beginning but it turns out to be a good, normal installer with the usual options. No restart needed at the end, the first run update is fast, too. The installed program is, despite the bigger installer, smaller than AntiVir (around 55 MiB, maybe there’s stuff elsewhere though?).
I start by scanning the folder where I had isolated the infected files. They’re all detected and… deleted. Ow, not cool, the default configuration is to slay the infected files. Gladly, I found them in quarantine (they call this the Virus Vault ), and there are options to disable this “I act without asking you first” behavior. Then I scan the whole infected Windows partition… gosh it takes ages… but it does find what AntiVir hadn’t found.
I finish cleaning and finally can get back to my primary Windows XP installation. There I promptly replace AntiVir with AVG. It detects a keygen on the desktop (bloody false +, hey…) but the whitelist does work and is not limited in size to a ridiculous value like AntiVir. The Cain & Abel installer isn’t detected, too.

So, to summarize:

• kind of heavy, but not more than AntiVir after all, notably faster interface than AntiVir
• seems to have a good detection rate. OK, that’s just one sample, but on this random one he’s in the top 10% already…
• false positives on trainers and such, but working white-list system and no detection of unarmed malware like the Cain & Abel installer.

Looks like AVG is definitely back in the race. At least it’s back on my computer now

• C:\WINDOWS\system32\winupdte\winupdte.exe (the file to be loaded at start-up)
• {temp folder}\is.exe (one of the crap processes by Adbul Raheem which add the above one to start-up)
• {temp folder}\output.exe (same)
• {temp folder}\svhost.exe (same)

I don’t know if there are other files around.

I checked one of the file on Virus Total, here is the result. Only 5 antiviruses out of 41 detected it. Kaspersky called it “Trojan.Win32.Buzus.emdx”, the other detection names were Dropper.Generic2.UFN (AVG), Heuristic.LooksLike.Trojan.Chinky.B (Mc Afee), VirTool:Win32/VBInject.gen!BH (Microsoft), Suspicious file (lol) (Panda). So globally, it seems that only Kaspersky detected the file as a specific virus, the other tools detected it thanks to heuristic or generic detection. I sent the virus an hour ago to Avira, because that’s the anti-virus I use and I actually need a fix (oops :s). I don’t have the time to send it to other vendors, so if you’re willing to send it yourself or if you’re precisely an anti-virus maker looking for this Buzus, here it is (beware, all 4 exes in the 7-zip archive are very most likely infected), in a 7-zip encrypted archive (password: virus).

1. Let’s get Firefox

That’s right, my PC is on MSIE 6. The whole company network is. Even the IT guys complain about this, but we’re stuck on Internet Explorer 6 and this might last still a while. There’s no running an installer here, so I went for the portable version, as usual.

First problem: exe blocked

First surprise of the day: no can download an executable file. This must be a new policy since it used to be possible half a year ago. Never mind, let’s get a zipped version… or so I thought. But I found out that it’d been a while since they last released the Portable Fox as a ZIP. Additionnally, although Protable Apps do list their old versions, they only list the exe ones. The easy solution is of course to zip Portable Firefox at home then bring it at home, but the I’m-in-a-hurry solution was to go find a zipped version. After a lot of disappointing searches (a lot of sites refer to portable firefox as a zip file, probably because they haven’t been updated during the last 4 years…), I resigned to get a pretty old version, 1.5.7, from sourceforge.
Edit (June 15): here is the current version (3.6.3) of Firefox Portable as a 7-Zip archive.

Second problem: configuring the connection

Firefox wasn’t able to connect to Internet. Which wasn’t really surprising since I knew my company requires us to go through a proxy. The problem was: how to find informations about that proxy?
In Internet options? → They’re hidden.
Use Firefox’s option “use the same proxy settings as MSIE”? → Should work but isn’t available in Firefox 1.5.
In the registry? → Good idea, but then how to launch regedit?
The run menu is disabled (Windows key+R returns an error), but there’s a cheap and easy workaround: batch files. Create a new text file, put regeditin it, change the file extension from .txt to .bat and run it. (NB: for the more generic command prompt, do the same replacing regedit with cmd) Now that we’re in the registry, we just need to browse to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings (thanks to the manual). In this key, the proxy is stored in the DWORD value ProxyServer, and the exclusion list (Firefox’s “No Proxy for” field) is stored in ProxyOverride.
If you don’t know or can’t figure out by yourself how to use this information to configure Firefox you probably shouldn’t be following this guide. But since I like unreasonable stuff I’m still pointing you to the direction: go to Tools → Options, then in General → Connection Settings. Then check “Manual proxy configuration”, enter your proxy in the HTTP proxy field, also add the port (that’s the part of the proxy address after the column, e.g. in myproxy.com:80 the port is 80 and the proxy is myproxy.com). Also check “Use this proxy server for all protocols”. Finally, fill the “No Proxy for” field as mentioned earlier. Click OK as many times as needed, and try again to load a website. If it still fails probably you did something wrong, but it’s also possible that your company filters which programs can or can’t connect (firewall…), and then sorry but you’ll have to stick with your corporate browser.

Finally, don’t forget…

…to update Firefox. The update package isn’t an exe file so auto-update should be able to download it. Because of performance issues (I’m, in May 2010, on a Pentium 4 2.8 GHz with 512 MiB of RAM – yes that’s like 7 years old), I chose to stay on Firefox 1.5 (so, 1.5.12), but the updater should be able to update to the latest Firefox version (and the launcher should keep working with it). If you want to stick with an old version, you can still use plenty of old add-ons since addons.mozilla.org, like sourceforge, keeps all older versions. For instance with my 1.5.12 version I installed the good old Littlefox theme, in its 1.7 version.
Edit: I just compared 1.5.12 and 3.6.3 RAM usage: when writing an e-mail in Gmail, 1.5.12 uses around 57MiB while 3.6.3 uses around 81MiB. So, it’s not that huge in absolute but it’s still a 42% relative increase.

2. Let’s get more portable stuff

In my previous tips to freedom I remained quite unspecific about the portable apps because there are so many of them. This time I’ll list a few chosen for their availability as a zipped (non executable) package (either an official package or one packed by myself for future use).

Opera

Unlike Firefox Portable, Opera Portable (actually, Opera@USB) is still being actively distributed as a zip version. You can get it there: http://www.opera-usb.com/operausben.htm.

R

Although it’s not distributed as a portable installer, R is natively portable (by this I mean, the installer can’t be run on a restricted computer, but if you just copy/paste an existing installation it will work and be 100% functional). So I simply packed my 2.10.1 installation into an archive. There: http://notepad.patheticcockroach.com/512/r-project-portable/.

Notepad++

The must-have notepad replacement with syntax highlighting for most common languages (notably R, too) is, as of today (version 5.6.8), distributed as a zip that might be usable as a portable version. To be verified… => http://sourceforge.net/projects/notepad-plus/files/. But anyway, here’s Notepad++ Portable 5.6.8 packed as a 7-Zip archive.

Name it!

I’ll add here a few things I pack for myself, but if you request some not too big ones I can do them for you, too.

A possibility (which I didn’t test) would be to create a tiny PHP page that outputs just the hash of your wanted new pass, save this as a text file and upload it in phpMyAdmin.

Another possibility is to follow the LimeSurvey wiki, which says to restore the install folder and run a password reset script (btw, this explains a lot why you need to delete/move the install folder after the installation process…).

My personal favorite, because I think it’s the fastest, is:

1. edit the file admin/usercontrol.php as follow:
   
   find if (SHA256::hash($_POST['password']) == $fields['password']) (in LimeSurvey 1.72 it’s on line 115)
   replace it with if(true)
2. now log in using your proper admin login and any password
3. go to user management and edit the your password (don’t worry, it won’t ask you to enter your old password)
4. edit admin/usercontrol.php back to normal, i.e. replace:
   if(true)
   with
   if (SHA256::hash($_POST['password']) == $fields['password'])

Now you’re done
It should be noted that with this method, anyone can log in to any account provided that they know the name of this account. So if your admin account is easy to guess (random example: if you let the defaut name “admin”), the method is a bit risky, particularly if you’re slow. In this case, putting an .htacces like the following one in the admin folder would be more reasonable:
Order Deny,Allow
Deny from all
Allow from [put your IP here]


Read more | Digg it

Problem : as a reader points out, “If you tell people to never write their passwords down, they pick easy to remember things, and tend to use the same one over and over again.

Come up with a strong password, write it down, and keep it in your wallet. Guard it like you guard your credit cards, and treat it the same.
If you lost your wallet, you’d change your credit card numbers – so do the same with your passwords. See Microsoft security guru: Jot down your passwords“

Read more | Digg it

Read more

Read more | Digg it

Full story | Digg it

Full article | Digg it