Everybody’s heard about the Stuxnet virus by now, built specifically to attack Siemens’ SCADA systems through one of its most popular programmable logic controllers (PLCs). At the most recent Virus Bulletin conference in Vancouver, BC, in late September 2010, researchers from Symantec reported their findings about this fascinating and complex threat. These findings included their determination that Stuxnet includes “…the world’s first-ever tookit designed for…” PLCs (SC Magazine, October 8, 2010) and that the complexity of the malware involved “…would have been written using 5-10 core developers over six months and tested on systems mirroring the process control hardware” according to statements attributed to Symantec researcher Liam O Murchu at that conference (ibid). In fact, for the attack to work, the Stuxnet developers “…would have needed to teal digital certificates used to sign driver files used in target systems” (ibid).
Clearly, this is not the work of a single alienated cracker with too much time on his or her hands (O Murchu puts his assessment in pithier language: “This is not a teenage hacker coding in his bedroom-type operation”). Because the attack apparently affected much of Iran’s nuclear development infrastructure, in fact, many people inside and outside that country see government funding (if not an outright government-led “black op”) behind the Stuxnet virus. Israel and the US lead the list of likely culprits, though proving such involvement is also nearly impossible.
But where things get interesting is in the byplay that follows disclosure of such technical analysis and information. The n3td3v IT Security Consultancy in the UK, which is the brainchild of a well-known and eccentric self-professed security “expert” named Andrew Wallace, posted this response to the aforecited SC Magazine article:
“Motivation behind Stuxnet.” BP lobbied for the release of the Lockerbie bomber, and the people responsible for Stuxnet wanted to make sure they paid. To make sure the oil deal from releasing the bomber, BP couldn’t make a profit from. Stuxnet targeted the oil well. There were a lot of unhappy people after the release of Abdelbaset Ali al-Megrahi. Abdelbaset Ali al-Megrahi was convicted for blowing up Pan Am Flight 103 over Lockerbie, Scotland, on December, 21, 1988. He was freed on compassionate grounds by the Scottish government on August, 20, 2009. The claim was he had terminal prostate cancer and was expected to have less than three months to live. It was a lie and he is still alive living the life of riley in Libya.
Originally posted by me at http://www.schneier.com/blog/archives/2010/10/stuxnet.html#c467887
[Note: other postings on the Schneier blog are more coherent and intelligible, and have lots of interesting things to say about the affected Siemens PLCs.]
In fact, nt3td3v is pretty well-known in the security community because his identity serves as the focus of BlackHat study from 2006 entitled Who is “n3td3v”? Andrew Wallace has even had his psychological profile “done” on the full disclosure list upon which he made something of a pest of himself in that time frame. But as interesting technical events unfold on the information security stage, there’s apparently always a temptation to exploit the notoriety and the publicity that surrounds spectacularly successful (or mysterious) exploits like this one. Who’s to say if this kind of epiphenomenon doesn’t make the whole situation still more compelling than it already is?
Great article posted in today’s Computer Business Review (11/29/2010). It’s an interview with the CEO of App-DNA entitled “‘Migration means more automation': Q&A with Mike Welling…” While I’d recommend reading through the whole article to catch all the details — and there are serveral important items many readers will want to learn more about — here’s my capsule summary of what this fascinating story contains:
- The story begins with a nod to a 2009 Gartner study that estimated the costs of migrating from Windows 2000 or XP to Vista or 7 at “three to four times the cost of upgrading from Windows Vista to Windows 7 because of application remediation and replacement cost.” Numbers cited vary from $1,035 to $1,930 for the big jump versus from $339 to $510 per user for the smaller jump.
- App-DNA’s product, AppTitude, helps to automate compatibility testing for the thousands of applications in use in a typical enterprise that might be contemplating a major OS upgrade, platform migration, or virtualization effort. Big names who’ve used this technology to good effect include BAE Systems, British Telecom (BT), Exxon Mobil, and Barclays.
- Numerous big customers (names withheld) have experienced cost reductions when using AppTitude to focus and guide migration efforts from 50 – 75% of original estimated costs. Other outfits cite ongoing annual savings of $3M per year thanks to AppTitude.
- The “DNA” terminology comes from detailed analysis of common software components in applications, to build a database that captures somewhere around 80,000 data points around individual applications. This permits incredibly detailed profiling, and equally accurate assessments of potential compatibility issues.
As I said in the lead-in ‘graph, see the original story for more details and info, or visit the App-DNA Resources page for Windows 7 application migration checklists, workbooks, case studies, plus eBooks and white papers.
I’ve long been a fan of the Secunia vulnerability scanning and patching alert tools, known as the Personal Software Inspector (PSI) in its free for individual, at-home use version, and the Corporate Software Inspector (CSI) in its for-a-fee version for workplace use. A beta version of the next generation of PSI has been out for at least a couple of months now, but I finally got around to installing and working with this tool, and I very much liked what I saw (warning: on one of my 64-bit test machines, I had to explicitly use the right-click “Run as administrator” option to get the program to install properly; be prepared should this happen to you, or should you encounter difficulties the second time you run the program).
Here’s a snap-by-snap recitation of the install and first run processes for this nice piece of software, available for download as the PSI 2.0 BETA:
In terms of overall functionality — except for the program’s new auto-update facility, which allows it to handle downloading and installing updates without requiring user interaction — there isn’t much else new about the 2.0 beta version of PSI. What is new, however, is a complete reworking of the user interface that is much cleaner and easier to follow and that does away with the former versions’s Simple and Advanced UI modes, probably because the redesign makes that distinction moot. Check out the program and see what you think: I’m looking forward to the commercial release myself!
If you work with solid state disks, you’re probably already familiar with the various tools that your drive vendors provide for their units. Mostly, these are tools for checking and upgrading firmware, but occasionally, you’ll also come across a great tool like the Intel SSD Toolbox as well (note: a new version of this tool — v.2.0.1.000 — was released on October 19, 2010, so if you haven’t grabbed it yet follow the link and do that right now).
But there is at least one vendor-neutral tool that’s also worth adding to your system admin/troubleshooting toolbox if you work with SSDs — namely, Crystal Dew World’s (how the Japanese come up with these weird and wonderful Website names continues to amaze and delight me) CrystalDiskInfo utility can help with several key items of information:
- Firmware revision: This tells you the version number for the SSD firmware installed on the drive you’re inspecting. This can be a key element in obtaining the best possible performance from an SSD, and is information worth knowing
- Supported Features: This tells you what advanced features are turned on for the drive you’re inspecting. The TRIM feature is probably the most important item to look for. TRIM provides erasure optimization for SSDs, and allows blocks of data to be flagged for erasure and re-use, and permits garbage collection to be deferred until a convenient time, while also permitting the drive to manage its free space internally and to make sure it can generally provide blank pages for writing to satisfy pending write requests — SSDs can write to occupied pages, but they must erase those pages before writing can occur, which slows writes down. Likewise SSDs write data at the block level, not the page level, so writing requires special handling especially when used in tandem with write-leveling algorithms used on SSDs to keep “wear” even across the entire disk.
- Other features you’re likely to see turned on for PC SSDs include: SMART (Self-Monitoring, Analysis, and Reporting Technology, a monitoring system common on most hard disks and modern storage devices, including SSDs), 48bit LBA (48-bit logical block addressing introduced to support a liner addressing scheme on hard disks introduced with ATA-6 in 2003), and NCQ (native command queueing, a technology for improving SATA hard disk performance by enabling the disk firmware to opimtize the order in which it satisfied read requests).
- Other features you won’t find on SSDs, but will find for conventional hard disks are APM (Advanced Power Management, used to turn down power consumption on conventional spinning drives when they’re idle, but unnecessary on SSDs) and AAM (automated acoustic management, used to keep the noise that spinning drives can emanate to a minimum, also unnecessary on SSDs, which have no moving parts). You also won’t see temperature reported for SSDs, though such information is customary on SMART hard disks.
CrystalDiskInfo shows all of these things, and more, as you can see here:
A bit more data is presented for conventional (spinning) hard disks, like this Samsung 1GB SpinPoint drive, including temperature information, and lots of sector handling stats:
Best of all, this tool is freeware, and thus can’t strain your tools budget even one little bit. Check it out: you’re bound to like it. The same site also offers other free tools as well, and will reward the download and playtime required to learn them.
I’m currently in the throes of building a new primary production PC, and getting ready to migrate from my current production machine to its immanent successor. As I’ve gone through the latest build process I’m astounded by how much computing power you can buy for the bucks these days, and how much easier it’s getting to put complex systems together. Knocking on wood, I’m also happy to report that my new box ran the first time I powered it up and I was able to go straight from the initial power-on test to the OS install phase. This isn’t exactly a first for me, but it’s rare enough that I’m pretty happy about that aspect of the experience.
I did go through some “interesting behavior” during Windows7 installation, though: for some reason, I couldn’t load the OS from my install DVD when I loaded it into the brand-new LG WH10LS30 Blu-ray burner. And it wouldn’t install from my handy-dandy external USB-based DVD burner either (essential for somebody like me who sometimes works on ultraportable notebook and netbook PCs): the installer informed me that a driver was missing without providing me too much guidance to figure which one was AWOL, or where to go find the right one. So I created a new Windows 7 bootable UFD by using the Win7Professional x64 .iso from MSDN along with the Windows 7 USB DVD Download Tool and handled the install that way instead.
With a brand-new virgin machine at my disposal and some prior experience with SSDs under my belt, I knew to configure the system to run AHCI in the BIOS before the install, which led to a successful and simple first installation onto the 120GB OCZ Vertex2 drive I chose for the system/boot drive on that machine. The mobo is an Asus P6X58D-E with an Intel i7-930 CPU, a GTX460 graphics card, 12 GB of G.Skill DDR3-1600 RAM (3x4GB DIMMs), which also gives me SATA 3 (6.0 Gbps) and USB 3.0 interfaces to play with as well. I chose the Corsair H70 CPU cooler for the unit’s LGA1366 CPU, and its liquid cooling has proved pretty capable: the machine normally runs at temps from 36 – 42 °C, while it seldom exceeds 70 °C under heavy loads or stress testing (I’ve overclocked the CPU from its nominal 2.8 GHz speed to 3.8 GHz, and have also boosted the clock and memory rates on the GTX460 graphics card as well thanks to the killer MSI Afterburner utility).
I also hit an interesting gotcha while bringing the system’s firmware and drivers up to date, as I ran the OCZ 1.24 Firmware update utility, just released yesterday (11/18/2010). As recommended I did make an image backup of the drive before tackling this task, so when my machine blue-screened during the firmware update, I didn’t break too much of a sweat. I did find myself wondering if munged firmware would require me to return the drive to OCZ for a replacement, but when I saw the drive still correctly identified in the BIOS after a reboot, I breathed a sigh of relief. All I had to do was remove the SSD from its home machine, mount it on another Windows box, and run the firmware update utility on a system where the drive being updated was not the system drive, and everything worked flawlessly. To my delight, upon re-inserting the drive into its home system, and tweaking the BIOS to restore it to its proper boot position during start-up, the contents of the drive were completely unaffected. I’d more than halfway expected to have to reformat the SSD and then use my install UFD to reload the image from that system’s backup drive.
Over the next week to ten days I’ll be finishing up the new machine install and configuration, after which I’ll use a new copy of LapLink PC Mover to migrate my production environment from my current/old production machine to this brand-spanking new one. Count on me to report further on learning and experience as I go through those motions. I’m also going to have to find a local machine shop to make a clean cut-out in the side panel of the Antec 902 case in which I made this build: in attaching the H70 cooler to the unit’s 120mm rear exhaust fan mount points, the cooler projects about 3/8″ outside the normal limits of the enclosure. I’ll post pictures once I get this all straightened out. Please let me know if you’d like me to post complete hardware specs for this unit, too: I paid around $1,800 for its components, but I think you can buy all those parts brand-new right now for more like $1,600.
In a couple of recent blogs, I’ve examined various approaches to keeping access to Web sites and pages that are built to work with IE 6 rather than newer Internet Explorer versions in a Windows 7 environment (The Downside of Virtualizing Web-based Apps? Legal entanglements, for one… and Less than a VM, More Compatible than a Plain Host OS: App Virtualization for another). The issue of how to do browser virtualization to access IE 6 on a Windows 7 desktop without incurring potential legal liability for the pieces and parts of XP that must be integrated into the runtime for the IE 6 wrapper is apparently “interesting” in both the legal sense and in the sense of a celebrated Chinese curse (“May you live in interesting times”).
Windows maven Paul Thurrott suggests an interesting technology fix in a recent SuperSite blog entitled “Solving IE 6 Compatibility Issues Doesn’t Require Expense, Complexity of Virtualization.” In a nutshell, his prescription is a software solution called Browsium Unibrows that enables IE 6 access only to those pages or Websites that specifically need it, often on an organization’s own intranet. It’s set up to run as an IE 8 (or 9) child process that hides all the underlying complexity from its users and involves a minimal (under 100 MB) memory footprint. It enables users to acces sites with older, incompatible software versions of Flash, Java, and so forth on a per-page basis, and works with Group Policy rules to do its thing. Microsoft does require that IE 6 support elements be downloaded separately during installation, with relevant licenses for XP to match, so legal entaglements are avoided.
The program is in beta right now, but is expected to go commercial sometime soon. The software may be licensed for a mere $5 per seat per year. As Thurrott observes this is a good deal for a temporary solution to compatibility problems before April 8, 2014, when everything will have to migrate anyway as XP support vanishes completely. Sounds interesting…maybe you should check it out!
We’ve been living in a brave new world of Web-based apps for nearly a decade now, and some of the smelly old birds that took off in the early days are coming home to roost. What do I mean? Well, check out this recent story by Mary Jo Foley entitled “Gartner: Existing options for migrating from IE 6 are too pricey, risky” to see what I’m talking about. Her basic point is that Gartner’s research tells them that many organizations are still supporting or continue to standardize on IE 6 because they don’t want to budge from a substantial installed base of IE 6 based applications, many of which are line-of-business or downright mission critical.
Sure, it’s easy to build programs to interact with users via a Web browser, but the more customized (and browser-dependent) that code becomes, the harder it also becomes to move the code base forward as newer browser versions replace older ones. I can’t help but believe this is exactly what makes products like the InstallFree 7Bridge (which I blogged about last week) so appealing to so many enterprise customers because it enables them to move their computing platforms forward to Windows 7, while allowing them to access their IE 6 dependent services within a workable wrapper that looks and acts like IE 6 on XP inside the envelope, but that drops into the Windows 7 runtime environment with nary a ripple or problem.
What’s wrong with this approach, you ask? Here’s what Mary Jo says with chilling effect:
Companies including InstallFree, VMware, Symantec and Spoon.Net are offering tools specifically for virtualizing older versions of IE for use on Windows 7, Gartner said. “They embed certain OS components with the IE ‘bubbles’ to allow IE6 or IE7 to run and provide compatibility. But this kind of virtualization may run afoul of Microsoft licensing,” Gartner is warning its clients.
Furthermore, she quotes as follows from Gartner’s advice to enterprise customers regarding requests for “indemnification clauses” they should make:
Request Microsoft to grant specific contractual amendments to allow you to virtualize IE6 as a Windows 7 compatibility solution without fear of reprisal (but consider that Microsoft could still pursue your application virtualization vendor with legal action). Organizations in need of IE6 compatibility solutions that don’t have sufficient licenses to use Terminal Services and want to comply with Microsoft’s recommendation to avoid IE6 application virtualization should petition Microsoft for use of Windows 2003 Server software and associated Remote Desktop Services (RDS) client access licenses (CALs) for the sole use of accessing IE6 at no charge through 8 April 2014.
Microsoft has yet to comment on the potential for legal issues that might arise from third parties (such as InstallFree, VMWare, Symantec, and even Spoon.net) bundling older operating sytems components and capabilities along with older code to create usable, Windows-7-friendly runtime environments. But gosh, unless everybody’s planning on getting off the IE 6 bus by the time all XP support ends forever on April 8, 2014, this could be a huge potential liability for such organizations to swallow. Should be really interesting to see how this one turns out.
I’ve got an older, but still pretty powerful HP notebook I use for testing and watching the occasional video. It’s a HDX9203KW, aka “The Dragon” because of its snazzy exterior design. With 8 GB of RAM and 1.5 TB of disk space, it’s pretty powerful as notebooks go, and it runs Windows 7 like a top — most of the time. Thing is, HP never released a full complement of Windows 7 drivers for this notebook (it’s fully covered for Vista, but these units were so big and expensive, HP discontinued the model after only two years of production, and they apparently didn’t see fit to lead their buyers into the brave new world of Windows 7).
Thanks to the folks at the Notebook Review “HP HDX Dragon Owner’s Lounge” plus a little help and expert steering from my friend John RV Jones (a fellow Dragon owner who worked his way through the upgrade a couple of months before I had time to tackle it myself, and consequently saved me oodles of time running around and running down drivers and potential issues. There’s also a peachy Windows 7 Installer’s Guide, too.), I have been able to get Windows 7 up and running on this machine. In fact, I’ve got all the hardware working properly, but it doesn’t work with all the most current drivers for the various devices installed on the machine (I’m guessing it probably gets down to BIOS support issues and HP simply hasn’t updated the BIOS to incorporate elements specific to Windows 7 because it doesn’t support that OS for this machine).
Thus, DriverAgent reports four drivers are “behind the times” on this machine, including:
- The HP Bluetooth module
- My Authentec AES2501A fingerprint scanner
- The SigmaTel High Definition Audio codec
- The integrated HP WebCam
Sure, I can install those newer drivers (and I’ve tried, believe me). But when I do, the related devices quit working. That’s why I keep an eye on the aforementioned owners lounge to see if anybody’s hacked any new drivers lately, but otherwise keep those items where they currently stand, so as to keep the device working properly.
Interestingly, I’ve also got an Asus Eee PC 1000HE which that company released before Windows 7 went commercial. Nevertheless, they’ve got a complete set of Windows 7 drivers and have even published a guide on how to upgrade the unit from its original Windows XP Home to any of several Windows 7 versions (I run Windows 7 Professional on my notebooks so I can use Remote Desktop Connection to access them from my primary desktop machine, but I’ve also successfully installed Windows 7 Starter and Windows 7 Home Premium on this notebook as well). Two very different attitudes and levels of support from two very different PC makers where, perhaps not surprisingly the up-and-coming upstart company (Asus) is a lot more helpful and supportive than the long-time market leader (HP). Go figure!
Late last week, I had the pleasure of speaking to Alon Yaffe, the Director of Marketing at InstallFree.com, the maker of a snazzy tool for application virtualization. In particular we talked about InstallFree 7bridge, an application compatibility solution that addresses the kinds of problems that can pop up when legacy or homegrown applications don’t run properly (or at all) in Windows 7. InstallFree 7bridge is particularly good at dealing with the kinds of issues that changing Windows compatibility settings in Windows 7 doesn’t fix, or when there are out-and-out conflicts, mismatches, or missing bits and pieces that prevent apps built for older Windows vesions from running in a native Windows 7 environment.
Rather than launching an entire virtual machine (VM) to encompass and support a customized runtime environment that supports necessary functionality, InstallFree 7bridge runs in user mode, and creates a bridge between the application runtime and a virtual and physical interface into the Windows 7 host environment. Special filter drivers and what Yaffe jokingly called “special voodoo” come into play in the virtualization environment that handle COM, DCOM, the registry and various object requests that the application (or applications) need to work properly. The application launches in an environment called the PowerGuest Sandbox where it is equipped with all the parts and pieces it needs on the fly, including application dependency items, the application itself, application updates, and application add-ons or expansions. Everything binds together inside the sandbox so the user sees normal application behavior, and a special user data layer introduces statefulness and personalization to this otherwise generic but custom-crafted runtime environment. InstallFree 7bridge even handles GPOs including user rights, access rights, security controls, and so forth as if the app were running its native host Windows environment.
The key to the voodoo part, apparently, is that InstallFree has a special tool it uses to bundle all the necessary runtime elements (except the user data part, which gets bound in at launch time) into a purpose-built runtime file that can be accessed via a fileshare across a network. Organizations and companies that need application specific runtime instances can get them built for $4K at InstallFree, then pay $25 a seat to push the custom runtime to as many simultaneous users as they care to pay for. The package and encapsulation toolset used to build the custom runtimes is also available (for $10K) and per-seat charges for packages customers build themselves go up to $50 (but the number of packages is unlimited and presumably customers won’t want to take that route unless the economics of buying on a per-package basis are more expensive than the general purpose solution with packaging/encapsulation and as many custom packages as are needed).
This technology is incredibly slick, and offers a low overhead way to deliver completely seamless application compatbility. In fact, inside the app, even built-in Windows interfaces reflect whatever version of Windows is used to generate the custom runtime package, so users absolutely maintain the original computing experience. This one’s worth checking out, and digging into, and offers the kind of compatibility (running multiple versions of JRE, IE 6, or older Office versions are no problem at all). Check it out at the InstallFree 7bridge product page.
I read Windows Secrets regularly (a newsletter from Brian Livingston, Woody Leonhard, and a whole crew of other Windows stalwarts and experts). As I skimmed over the last issue, I chortled at the sight of an advertisement that promised to “…simply fix… Windows PC’s. Once only available to technicians, now available to home users. It will scan and diagnose all of your PC’s problems, then automatically fix them” [I’ve requested permission to reproduce the actual ad from Windows Secrets but because they haven’t yet gotten back to me with a yea or a nay, I can only paraphrase and describe things for now.]
“Ha!” I thought to myself “Another attempt to take advantage of those who don’t know enough about Windows to fix it for themselves.” Nevertheless, I was curious enough about the program that I started Googling (or was it Binging? I can’t really remember…) around to see what kinds of responses the program had picked up from the trade press. PC World said it was OK, but needed more work back in 2008, and more recent reviews in 2009 seemed to indicate the developers had made good progress in turning this tool into something production-worthy.
Then at day’s end yesterday, by an amazing coincidence, one of my test machines (an HP HDX 9203W notebook PC aka “The Dragon” because of its size and cool external embellishments) started to develop severe stability problems. IE kept bogging down horribly, the unit ran waaaaaaay more slowly than usual, and, worst of all, when I attempted to restart or shut down, the machine would hang interminably at the “Shutting down…” screen and that process would never complete, forcing me to impose what Windows designates a “disruptive shutdown” to reboot the system (hold the power button down until the unit turns itself off).
When this kept happening this morning, I ran the Windows integrity check
sfc /scannow at the command line, only to have Windows tell me it found no integrity issues in need of repair. I run Spyware Doctor with AntiVirus on that machine, and it found no telltale signs of malware of any kind, either. Something was obviously kerfluffed somewhere in the software, and it dawned on me that it might be worth plunking down the bucks necessary to see if Reimage could live up to its claims to restore stability on increasingly unstable systems.
So, off I went to download the program onto the ailing Dragon, buy a key (one costs $60 retail, but you can buy three for $90 so that’s what I did, so as to be able to test the program on other machines as problems come up in the future, as they occasionally but invariably will on Windows machines), and run the analysis and repair utility. Sure enough, the tool liked my hardware and also found my security flawless but indicated I had stability problems it could repair. So I fired off the repair, and I’m very happy to report that my Dragon is once again hale and healthy, and running as fast and capably as it usually does.
Other reports I’ve read about Reimage say it’s equally good at cleaning up after malware and spyware, but I wasn’t willing to deliberately infect a machine at this moment to try that side of the program out. But from what I can see for PCs that can’t be restored to a standard image, or for which a recent stable backup or image isn’t readily available, Reimage is worth a try as a second-line-of-defense repair and restoration tool. (I blush to confess I hadn’t backed the Dragon up for a couple of weeks, and because HP doesn’t support Windows 7 for this unit, I had to jump through enough hoops to find, test, and install working drivers that I didn’t relish the prospect of a “rebuild from scratch.”) It certainly did the trick for me in this case, anway.
[Note on 11/8/2010: After a couple of trouble-free restarts post-Reimage, my “hang on shutdown” issue returned to the Dragon. Turns out the temperature monitor utility that runs with the sidebar gadget All CPU Meter 3.3 — namely, Core Temp — was stopping the shutdown process from completing. As long as I remember to terminate the Core Temp process in Task Manager before restarting or shutting down my machine, everything works perfectly! Sigh. Windows. It’s always something.]