Peter's z80.eu site blog
Search 

Please read ! 
If NO IMAGES will be shown, use www.z80.eu/blog instead of blog.z80.eu

Please note also - THIS BLOG ENDS HERE WITH THE LAST ENTRY FROM NOVEMBER 9th 2021.

I have prepared a new blog with wordpress at https://vintagecomputing.info !!!

Thank you.
OT: Personal Firewall "Snake Oil" .... why so many are misinformed 
Monday, September 17, 2012, 07:00 PM
Posted by Administrator
Yes, software vendors of security suites are really smart.
They give you always advice to have the latest anti virus solution, and, last but not least, they suggest to use personal firewalls as one part of their complete suite as well.

Unfortunately (software) personal firewalls permit always access for some "trusted" applications like your own browser. Very often they do not check if the browser is using original DLLs and of course they can't check if the permitted applications are remotely controlled by another application.
So if a malware opens a browser in a invisible/hidden window, this malware can send commands (messages) to this opened (program) window with ease.
Such a malware can send data via that hidden browser window, e.g. with a special formed URL or with the help of a html (input) form on a well prepared server.
The personal firewall will not be able to forbid this.

Even Microsoft itself describes that weakness: http://support.microsoft.com/default.as ... -us;327618 ...

Ok, you ask me how a malware can do this, because you didn't download (yet) unknown executables ? Very easy. Just look for zero day exploits, preferrable also for your browser, like the newly discovered exploit here - http://eromang.zataz.com/2012/09/16/zer ... -over-yet/ ... works easily by using flash (I hate flash meanwhile, this ugly plugin isn't necessary anymore since HTML 5 was implemented).

Hint: Using Firefox with "noscript" plugin would prevent getting such flash (look for "moh2010.swf") malware. Also, most of my 5 year old advices are still valid, see http://www.z80.eu/protected.html for more infos.
2 comments ( 338 views )   |  permalink   |  related link   |   ( 3 / 2409 )
Very interesting Computer Chronicles TV Episode (1995) about Gary Kildalls lost deal with IBM 
Saturday, September 8, 2012, 07:50 PM
Posted by Administrator
That seems to be worth to be viewed... much background information about Gary Kildalls try to compete with Microsoft, we all know how it ended.



And this photo is an early picture of both protagonists.
Bill Gates looks like a young innocent school boy (but this really misleading....):

add comment ( 445 views )   |  permalink   |  related link   |   ( 3 / 3666 )
Thinkpad T23 (and now also 600E) boots CP/M-86 (despite of Wikipedia) 
Saturday, August 18, 2012, 07:00 PM
Posted by Administrator
This is great. And it was not done with an ancient IBM PC/XT.
It was done with a Thinkpad T23 (not the most modern one, but still working with Windows XP, and having a build-in high density floppy disk drive ...).
Here is the proof:

There is a Wikipedia Entry for a boot sector explanation, and there is a discussion page for this article, see here: http://en.wikipedia.org/wiki/Talk:Boot_ ... _signature
Somebody said there, CP/M-86 with missing magic bytes (0x55 0xAA) in its boot sector could not be used with other PCs except an ancient IBM PC/XT (or in best case, with an original IBM PC/AT). That's simply wrong (test it with the 1.44MB image file and the appropriate floppy disk writing program like RAWRITE, my DOS program writeimg or even David Dunfield's famous ImageDisk).
Boot sectors from floppy disks must not have such a magic byte sequence at the end of the sector (instead, this check is only mandatory for harddisk boot sectors/an MBR on a HD).

Btw.: My Compaq Portable II (an AT compatible machine) boots CP/M-86 also.


Later added:
Meanwhile I've access to a Thinkpad 600E. Of course I was able to boot CP/M-86, too.
Just look at this second picture:

That's the proof "Crispmuncher" just has no idea what he talks about. He told me he "tests" a Thinkpad 600E and he was not able to boot CP/M-86. I guess he has no idea how to transfer the mentioned 1.44MB floppy disk image onto the real floppy disk media.

1 comment ( 563 views )   |  permalink   |  related link   |   ( 3 / 2486 )
CP/M-86 with VMWare Player and Virtualbox 4 ? YES 
Tuesday, August 7, 2012, 06:00 PM
Posted by Administrator
Last time I followed a discussion at comp.os.cpm, subject named "Running CP/M within Linux?", it was not really related with Linux, but with running CP/M-86 in an x86 emulator.

My preferred choice is VMWare Player, so I decided to get the 1.44MB floppy image from http://www.retroarchive.org/cpm/archive ... inary.html , named "CP/M-86 BOOTABLE for 1.44MB FLOPPY". Unfortunately this floppy disk image is faulty.
Somebody should delete it from retroarchive.org.

I got it working... with a floppy image file from http://www.cpm.z80.de/binary.html , named "CP/M-86 binary for 1.44mb floppys" - THIS WORKS even in VMWare Player 4 !


For a raw image version usable in VMWare Player 4, just download it from here:
New CP/M-86 floppy image file (raw format,ZIPped) for VMWare Player usage

EDITED AGAIN A DAY LATER:

The second floppy disk image runs also with Virtualbox 4.1. It's a bit tricky maybe, because you have to add a virtual "floppy disk controller" first, see screenshot:


You can add a media (=floppy disk image file) only if you have a disk controller.
You should change the file extension from ".flp" to ".dsk", otherwise VirtualBox does not recognize the format.

Like before, I selected "DOS" as OS in VirtualBox. It runs smoothly too:


EDITED DAYS LATER:

I got also cpmtools working, with the help of a self written program, which can convert the image into a different track order (no alternating heads, just one side and then the second side of a floppy disk is expected from cpmtools).
The result - I can use "-f cpm86-144feat" as the needed media type option:


To get the same result, try my Turbo-C program cpm86cnv, which can be d/l'd from >here<.

Usage: cpm86cnv input-image-file output-image-file vmw-to-cpmt
... for converting it to VMWare compatible image format
Usage: cpm86cnv input-image-file output-image-file cpmt-to-vmw
... for converting it to cpmtools compatible image format

After converting it to a cpmtools compatible image,
you can use a similar command to add single files to the image file:

cpmcp -f cpm86-144feat image-file file-to-add-stored-locally 0:cpm86-filename

I tried to copy CBASIC-86 to the above mentioned CP/M-86 boot disk and it works great:


For your convenience, >here<'s the resulting new boot disk WITH added CBASIC-86.

BUT WHY NOT USING A HARDDISK ? SURE I WILL, ALSO WITH VMWARE.

A bit tricky, because just using HDMAINT does not work.
You have to change the harddisk type, for example to an old MFM Type 2 (like in a PC/AT):


After this, use HDMAINT, create a partition (8192K here) and make it bootable.
Copy CPM.SYS with the help of PIP to C:, but you can also copy other stuff (as you like).

This is the result (STAT DSK: of the virtual Type 2 harddisk):


Unfortunately 144BLDR2 will not automatically loaded then, SETUP.CMD and the function "Power-Up command line" does only work with floppy drives. So you have to type in "submit autoexec" manually...

Because this blog entry grows and grows, I will try to make a separate web page for it.

add comment ( 231 views )   |  permalink   |  related link   |   ( 3 / 2510 )
OT: Strange experience made with Symantec Endpoint Protection and their deficient virus detection 
Tuesday, June 26, 2012, 06:30 PM
Posted by Administrator
Recently I was desperately looking for a possibility to resurrect my Turbo Delphi Explorer Installation. A long time ago I received from Borland a message with a key for it, and that worked perfectly. After my Thunderbird Archiv was not readable anymore (from a DVD-R), I thought it should be no problem to get a key again, but there is no chance to get it again from Embarcadero (they want to sell a $200 XE2 Starter version now - too expensive for a hobbyist programmer).

So I used Google to get an alternative solution and I found a Patch-Program from a Cracker group "FFF". My Symantec Antivirus immediately reported this as a "Trojan" malware program (this is definitely not the case, it's a false alarm - it changes only one file, BDE.EXE ).
I took a Hex Editor and looked into it, and I recognized the file was PECompact 2 packed.
So I unpacked it and uploaded it to Virustotal.com.
At this time it wasn't recognized from most of the antivirus solution anymore as malware, Symantec AV didn't found malware anymore, too.

This happened 2 month ago. Today I tried to copy this unpacked file again, and Symantec AV recognized it again as malware. So I looked again into the file itself, and I altered the string "PEC2", which was left over from my last unpacking try.
Guess what happened. Symantec AV immediately says nothing anymore (=it's clean).

So the bottom line of it: Symantecs pattern search mechanism is really rudimentary implemented, they look only for "PEC2" and that seems to be enough for them to detect an "exepacked" program ???
That's a reason why I do NOT recommend Symantec and their Antivirus solution at this moment...

If you're interested in working Exepacker detection, just take a look >here<.

P.S.: And btw. does Symantec also analyzing all results from Virustotal.com ??

add comment ( 184 views )   |  permalink   |  related link   |   ( 3 / 3874 )

<<First <Back | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | Next> Last>>