Archive | August, 2014

Virtual Machine: A way to cross computation

30 Aug

Computer need operating system to interact with underlying hardware. Different OS has a different interface and internal component to interact with the hardware. Some of the most popular OS are: Window, Linux, Mac, Solarix, Unix etc. With different OS, applications are associated. Some computer application have multi-platform version and some don’t have.

With the aforementioned details, It can be understood clearly that sometimes a situation arises when we need to access two or more applications and all they need different OS. Such type of problem can be solved with the help of virtual machine.

The virtual machine is a software, which use virtualization techniques and give the power to create different instances of the OS and different type of OS (Windows, Linux etc.) can be installed in one physical system. So with virutal machine, users can work with more than one OS without installing multiple OS parallel.

There are different type of virtual machine, some of popular area:

1. VM Ware

2. Virtual box

The virtual machine is also used to do dynamic malware analysis, sandboxing for an untrusted application etc. The virtual machine is capable to run different image format on OS. Some of Image format use to have lots of pre-installed application with required settings, which makes using application easy. For example Cloudera offer version of Linux with pre-installed Hadoop and mapreduce, users just have run those instances in virtual machine and they are ready to do map reduce programming.

 

 

 

Taking screen shot using python script

29 Aug

Today, my writing time went on reading the python script to take system screenshot. It’s quite interesting and useful. Automated screenshot capturing can be used in many ways: computer vision, automating click based task etc. Python has many libraries for doing the same. For windows system ImageGrab is the module who does the task while for Linux pyscreenshot is the module (unfortunately i was not able to install). Other GUI based python module  can also be used for doing the same.

Below I have some import link for doing the same.

http://stackoverflow.com/questions/69645/take-a-screenshot-via-a-python-script-linux

https://github.com/ponty/pyscreenshot

Anti-Virus as service: A Multiple Parallel AV engine approach

28 Aug

Antivirus or Anti-malware software are computer programs, which use to detect and prevent host, network or computing infrastructure from different malware attack.

Antivirus programs work basically on two underlining technologies: Signature Based and Non-Signature based. Signature based technology uses groups of bytes as signature to identify the malware and Non-signature based technology use heuristic, anomaly and machine learning techniques for addressing malware. Signature based solution have good accuracy for known malware detection, but almost fail in detecting zero day and unknown new malware due to limited by its signature database. On the other hand, non-signature based solution works well in detecting unknown and new zero day malware but resulted in low accuracy and high false positive and false negative.

Most of the users use anyone of anti-virus product to protect their computing devices from malware attack. If these antivirus has an update signature database, then it will work well, but new malware surfacing with a very high speed and hence most of AV developers are not able to cope with this speed and give a time window in updating the signature.  Practically, it is also not possible to be up to date with malware signature because signature generation is a time consuming and complex job and these limitations is increasing due to use of more advance malware writing techniques.

In such critical scenario, AV as a service is very good option. It has many benefits over standalone host based anti-virus products, such as:

1. More update signature DB, due to single maintance

2. Multiple parallel AV-engine can be used to scan each file and hence the accuracy will improve

3. Pay-per-use type of services is also cost effective

4. Get benefit from others detection

5. Global detection of malware makes targeted attack difficult

 

Few are the best and free online or AV as a service are:

1. VirusTotal

Virus Total have an online interface and also have a thin client from starting on demand file scan. It will scan one file at a time. It is maintained by Google and is a free service. It also offers API services.

Link:  https://www.virustotal.com/

2. Metascan

Metascan also offers very similar services as VirusTotal and it’s OWSAT maintained. It’s also free and have lots of AV engine. It also provides API services.

Link: http://metascan-online.com/

3.  Panda Security

Panda security also have in-cloud type of AV scanning services. It runs single AV but users don’t have to install a full fledge AV product. It provides a thin client to host and detection and the other thing is done in the cloud.

Link:http://www.pandasecurity.com/india/

By using such services, users can be more secure.

Wish you happy and safe computing.

🙂

 

 

Contextual Computing: Compute based on Surrondings

27 Aug

Contextual Computing or Context aware computing is the use of software and hardware to automatically collect and analyze data about device’s surroundings and use these data to make a more personalized computing and reflect result to the end user.

Today, smartphone, tablets and wearable devices offering a sense of contextual computing. Google glass and (Facebook auto status update based on background music) are an example of contextual computing, which offer location based augmented reality and contextual marketing.

Contextual computing relies on stored data about the user’s preferences and previous actions as well as data gathered in real time, such as the time of day or the device’s location. Web browsers, cameras, microphones and Global Positioning Satellite (GPS) receivers and sensors are all potential sources of data for context-aware computing.

The challenge of contextual computing is user privacy and integrating data from multiple sources.

Source: http://searchconsumerization.techtarget.com/definition/contextual-computing

Further Reading:

1.http://www.forbes.com/sites/reuvencohen/2013/08/20/the-next-frontier-in-computing-your-brain/

2.http://www.nytimes.com/2014/05/08/technology/personaltech/the-app-that-knows-you.html?_r=0

3.http://www.fastcodesign.com/1672531/the-future-of-technology-isnt-mobile-its-contextual

4.https://research.cc.gatech.edu/ccg/

5.http://www.wired.com/2010/09/context-aware-computing/

Happy reading and be context aware…………:)

Python Tools and Modules for Malware research

26 Aug

Malware can be defined as “any program with malicious intention”. Today, we live in a world surrounded by digital device and hence these malware can be a major threat for this digital/cyber world security. Malware research contains set of activities: Malware analysis, malware detection and malware prevention.

Python is a free, open source programming language and very popular among scientific and research community. Python also has many user contributed modules, script and tools for malware research. In this post, I have listed some of the most popular and useful programs.

1. Pefile:

The pefile is a python module for analysis and extraction of Portable Executable header values, sections values and data. It is very easy to use and very powerful and efficient. Pefile is a multi-platform which makes this module very handy.

Some of the tasks that pefile makes possible are:

  • Modifying and writing back to the PE image
  • Header Inspection
  • Sections analysis
  • Retrieving data
  • Warnings for suspicious and malformed values
  • Packer detection with PEiD’s signatures
  • PEiD signature generation

Example to use: (For more please check https://code.google.com/p/pefile/wiki/UsageExamples)

% importing pefile module and loading a PE file.

import pefile
pe
=  pefile.PE(‘/path/to/pefile.exe’)

% printing and reading values

pe.OPTIONAL_HEADER.AddressOfEntryPoint
pe
.OPTIONAL_HEADER.ImageBase
pe
.FILE_HEADER.NumberOfSections

Mendeley: A Research content manger

26 Aug

Mendeley is a pdf manager and reference citation tools. It was started as a opensoure project, but later purchased by Elsevier. Mendeley has two types of licensing: Basic (Free) and Pro (Paid). Mendeley free version has all basic funcationlaites that a new researcher need. Mendeley also provides an online account with 2GB storage. By providing office plug-in, Mendeley provides reference citation tools. Mendeley web importer is good for storing online article, posts and papers.

The few important features of Mendeley are:

1. Good pdf manager (pdf can be organized in various folders without multiple copy)

2. Good highlighter

3. Good notes maker

4. Online sync of desktop (It helps to synchronize your pdf from your online account so you work from multiple location)

5. Reference citation tool

6. Web importer

7. Active communities of user and developers

All the best. Happy learning.. 🙂