The Life of Josh

Computer Engineer, Security Consultant, and Tech Nerd.



Spybot Search & Destroy in the enterprise

[ An update to this: They don’t make it very obvious but you need a license for Enterprise use of this product. So much for leveraging this at work. I’ll have to pull back on my installs and figure out about purchasing it for some. I hope this note helps some folks to make sure they have a proper license.]

In the battle against malware at work I have finally decided to use Spybot. For years everyone has always used it to clean up a machine after someone complained about a problem, but I thought maybe I could use it proactively, and hopefully silently. I did a lot of Googling but it is so very hard to find all the information in one place so I thought I’d share the commands I use to install and update Spybot.

Continue reading “Spybot Search & Destroy in the enterprise”


Mac OS X 10.5.6 stuck on Java 1.5.0_13

So I use InstaDMG to build my Mac OS X images for work. I got reports of Java being broken in my latest image. On looking at the problem the machines were at Java 1.5.0_13 when they should have been at 1.5.0_16. Reinstalling Java Update 2 and Java Update 3 didn’t bring the machines to 1.5.0_16 like it should have. Also the Java apps in /Applications/Utilities/ are broken.

Continue reading “Mac OS X 10.5.6 stuck on Java 1.5.0_13”

Hit by a new varient of Gaobot

At work we got hit by a rather nasty virus. I thought I would get this out there in case anyone else is being hit by it.

Continue reading “Hit by a new varient of Gaobot”

Project Honeypot

I joined an interesting project called Project Honeypot. It involves putting up scripts on websites that give harvesters addresses that are used to catch them spamming. You can donate mail domains to the project to make it so diverse that the address harvesters will have no way to know that they are harvesting Honeypot addresses. It seems like a very cool idea to catch these bastards before even a single email is sent. It will work because many harvesters also send from the same IPs, and additionally ISPs can be notified about harvesting and they can add TOS requirements that users not harvest addresses.

Rootkit Hunter 1.0 released

So Rootkit Hunter 1.0 was released. For those that don’t know what a rootkit is; It is usually an automated way of taking control of a computer and it usually hides the intrusion. Usually you see rootkits on UNIX / Linux / BSD systems, but the term could refer to any platform I believe. The “root” part of rootkit refers to the root user on a UNIX box that has full control of the system, and “kit” is because it’s like a kit that is all set up nice for you with the tools needed to break in to a system. So anyways… the reason I’m happy about this release is because I have a few minutes of fame in the Changelog. If you read it you’ll see…

Continue reading “Rootkit Hunter 1.0 released”

OS X cron job to launch LiveUpdate

So I decided I would share. 🙂 This is the cron job I use to keep OS X machines up to date with LiveUpdate and Norton AntiVirus 9.0.1. It’s a fairly simple script. I put this in /sw/etc/cron.daily/ because I use anacron that I installed with Fink. If you don’t want Fink on your system then there is a system cron that is in /etc you can use, but it requires that the machine must be on when the cron job should run. This condition was not acceptable to me. Read on to see the script…

Continue reading “OS X cron job to launch LiveUpdate”

Customizing Symantec LiveUpdate on OS X

If anyone uses Norton AntiVirus on OS X in a big company then you know how annoying it is to configure it for a big company. Well I learned some stuff that I thought I’d share with the world. Tomorrow maybe I’ll share my daily cron job that replaces the Symantec Scheduler for updates on my corporate build.

Continue reading “Customizing Symantec LiveUpdate on OS X”

Symantec AntiVirus and AOL

NOTE: This is not an exploit. This is not a vulnerability. This is simply a bug that makes management of clients more difficult / broken. Posting this to hopefully bring a bug in to the open that may not have been discovered yet at companies other than my own. If this was a flaw that allowed an exploit or if this allowed a system compromise then I would not post this. If anyone knows of other virtual adapters that cause this problem then I would appreciate emails listing the product and the MAC address that the product uses.

Continue reading “Symantec AntiVirus and AOL”

Bad news on RPC DCOM vulnerability


There are few bad news on RPC DCOM vulnerability:

1. Universal exploit for MS03-039 exists in-the-wild, PINK FLOYD is
again actual.
2. It was reported by exploit author (and confirmed), Windows XP SP1
with all security fixes installed still vulnerable to variant of the
same bug. Windows 2000/2003 was not tested. For a while only DoS exploit
exists, but code execution is probably possible. Technical details are
sent to Microsoft, waiting for confirmation.

Dear ISPs. Please instruct you customers to use personal fireWALL in
Windows XP.
{ , . } |\
+–oQQo->{ ^ }<—–+ \
+————-o66o–+ /
You know my name – look up my number (The Beatles)

Blog at

Up ↑

%d bloggers like this: