Peter's z80.eu site blog
OT again: Fooled Antivirus - Part 2 
Wednesday, November 14, 2012, 10:00 PM
Posted by Administrator
To get a clue what I mean, download an older patch program (aka crack program) as an example for blind or at least dumb Antivirus software.

Attention: You have to deactivate your Antivirus Software to unpack it (password for unpacking: novirus). After unpacking, upload both files to virustotal.com and see what happens. You need not to execute the exe files. After uploading it, you can reactivate your Antivirus Software (an alert for one of these two files will pop up).

patch_winver_unpacked.exe should give no negative results
patch_winver_upx.exe should give you a lot of negative results

But these files are virtually identical, except that patch_winver_upx.exe is packed with a modified, early UPX version.
You will be still able to unpack the second one manually, just take PE Explorer and you will have the possibility to save it uncompressed (it's done by a plugin of PE Explorer automatically).
Why is "Heaventools Software" able to do this with ease, but any Antivirus vendor is NOT able to unpack it "on the fly" ? Even if they argue that each unpack process will take additional time, it's a lot better than giving false alarms. At least, a user should have the possibility to switch "unpacking of known exepackers" on or off.

add comment ( 194 views )   |  permalink   |  related link   |   ( 3.2 / 81 )
Three remarkable and rare C64 peripheral devices/cartridges 
Sunday, October 14, 2012, 02:52 PM
Posted by Administrator
Just take a look at these three rare C64 items:

This NCS QUICK DATA DRIVE is basically a (data) tape drive, similar to Sinclairs Quickdrive, but for the C64 - I guess it's not really slower than the famous but painful slow 1541 floppy drive...


This is a rare DELA Z80 cartridge, similar to Commodore's CP/M cartridge, but smaller...


And this is a 1541 II floppy drive, but with a very nice track display.
(Build instructions for such a track display can be found in german C64 magazine "64er" issue 10 from 1991 ...)

If you know some additional rare C64 peripheral devices/cartridges, do not hesitate to send me a note and if possible, a picture - thanks in advance for your help.

For more C64 devices visit also http://www.z80.eu/equipment.html and for more cartridge infos, visit http://www.z80.eu/cartridges.html ...
1 comment ( 214 views )   |  permalink   |  related link   |   ( 3.1 / 5136 )
OT: Personal Firewall "Snake Oil" .... why so many are misinformed 
Monday, September 17, 2012, 07:00 PM
Posted by Administrator
Yes, software vendors of security suites are really smart.
They give you always advice to have the latest anti virus solution, and, last but not least, they suggest to use personal firewalls as one part of their complete suite as well.

Unfortunately (software) personal firewalls permit always access for some "trusted" applications like your own browser. Very often they do not check if the browser is using original DLLs and of course they can't check if the permitted applications are remotely controlled by another application.
So if a malware opens a browser in a invisible/hidden window, this malware can send commands (messages) to this opened (program) window with ease.
Such a malware can send data via that hidden browser window, e.g. with a special formed URL or with the help of a html (input) form on a well prepared server.
The personal firewall will not be able to forbid this.

Even Microsoft itself describes that weakness: http://support.microsoft.com/default.as ... -us;327618 ...

Ok, you ask me how a malware can do this, because you didn't download (yet) unknown executables ? Very easy. Just look for zero day exploits, preferrable also for your browser, like the newly discovered exploit here - http://eromang.zataz.com/2012/09/16/zer ... -over-yet/ ... works easily by using flash (I hate flash meanwhile, this ugly plugin isn't necessary anymore since HTML 5 was implemented).

Hint: Using Firefox with "noscript" plugin would prevent getting such flash (look for "moh2010.swf") malware. Also, most of my 5 year old advices are still valid, see http://www.z80.eu/protected.html for more infos.
2 comments ( 180 views )   |  permalink   |  related link   |   ( 3.1 / 4796 )
Very interesting Computer Chronicles TV Episode (1995) about Gary Kildalls lost deal with IBM 
Saturday, September 8, 2012, 07:50 PM
Posted by Administrator
That seems to be worth to be viewed... much background information about Gary Kildalls try to compete with Microsoft, we all know how it ended.



And this photo is an early picture of both protagonists.
Bill Gates looks like a young innocent school boy (but this really misleading....):

add comment ( 117 views )   |  permalink   |  related link   |   ( 3.1 / 5114 )
Thinkpad T23 (and now also 600E) boots CP/M-86 (despite of Wikipedia) 
Saturday, August 18, 2012, 07:00 PM
Posted by Administrator
This is great. And it was not done with an ancient IBM PC/XT.
It was done with a Thinkpad T23 (not the most modern one, but still working with Windows XP, and having a build-in high density floppy disk drive ...).
Here is the proof:

There is a Wikipedia Entry for a boot sector explanation, and there is a discussion page for this article, see here: http://en.wikipedia.org/wiki/Talk:Boot_ ... _signature
Somebody said there, CP/M-86 with missing magic bytes (0x55 0xAA) in its boot sector could not be used with other PCs except an ancient IBM PC/XT (or in best case, with an original IBM PC/AT). That's simply wrong (test it with the 1.44MB image file and the appropriate floppy disk writing program like RAWRITE, my DOS program writeimg or even David Dunfield's famous ImageDisk).
Boot sectors from floppy disks must not have such a magic byte sequence at the end of the sector (instead, this check is only mandatory for harddisk boot sectors/an MBR on a HD).

Btw.: My Compaq Portable II (an AT compatible machine) boots CP/M-86 also.


Later added:
Meanwhile I've access to a Thinkpad 600E. Of course I was able to boot CP/M-86, too.
Just look at this second picture:

That's the proof "Crispmuncher" just has no idea what he talks about. He told me he "tests" a Thinkpad 600E and he was not able to boot CP/M-86. I guess he has no idea how to transfer the mentioned 1.44MB floppy disk image onto the real floppy disk media.

1 comment ( 146 views )   |  permalink   |  related link   |   ( 2.8 / 91 )

<<First <Back | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | Next> Last>>