computer viruses

Transcription

computer viruses
2
About CSI
Computer Society of India (C.S.I.) is a non-profit body comprising of
I.T. professionals, students, academicians, scientists and corporate and
other institutions. This wide spectrum of members is committed to the advancement of the theory and practice of Computer Engineering and
Technological Systems, Science and Engineering, Information Processing and other computer related fields.
CSI-NSIT students’ branch functions under the able guidance of Dr (Ms.)
Ritu Sibal and Dr M.P.S. Bhatia (DSW, NSIT).
CSI-NSIT primarily works to bridge the gap between technology and
the academia by conducting various seminars, presentations and workshops. It has also organized many competitions over the past years,
encouraging a new thought process in the budding engineers of NSIT.
It is one of the few societies in the college to have its own Web-Portal located at http://societies.nsitonline.in/csi , Discussion Forums at http://
societies.nsitonline.in/csi/forum and a very active Yahoo Group
([email protected]). The Yahoo group proves as a very useful
platform for communication between CSI members. It comprises of many
members (and growing each day...) and undertakes in-depth discussion
encompassing a wide range of topics.
2
1
3
Preface
The editorial team of CSI-NSIT Students’ Branch presents to you the
fourth edition of its quarterly newsletter, Bits ‘n’ Bytes. While the first two
editions primarily focused on spreading awareness about Open Source
and related tools, the third one focused on Web Development. This edition,
however, diversifies the focused area as we delve into topics like Digital
Security and 3G Technology. The article on ‘All About Computer Viruses’
would hopefully be an interesting read. The ‘3G—Technology and its
Evolution’ introduces one of most powerful ways of communication. Open
Source does feature in the form of gOS, an upcoming operating system.
Also included are tips and tricks about the Microsoft Windows. We hope that
you have a fine reading experience!!!
- Bits ‘n’ Bytes Team
Index
All about COMPUTER VIRUSES
……………………………………………
Pg 4
3g - Technology & its evolution
……………………………………………
PG 7
Encryption - Secure your data
……………………………………………
PG 9
Buyer’s guide for AssemBling A
Desktop PC - Part II
……………………………………………
Pg 11
gos
……………………………………………
Pg 13
Steganography
……………………………………………
Pg 14
Winhacks
……………………………………………
Pg 15
2
3
4
Activities
Academic Year 2008-2009
Placement Seminar: The Placement Seminar was conducted by
the triumphant final year students placed in companies like
Adobe, CISCO, Deloitte, DE Shaw, Amazon etc. It saw an attendance of more than 300 students. The successfully placed students
shared some invaluable tips with those present in the form of
their personal strategies, resources they utilized while preparing.
The seminar was very well received especially by the third year
students.
Joomla Workshop: Joomla! is a populat open source content management system. With Joomla!, its easy to
make complex websites in a matter of minutes using a simplified GUI which can be used even by novices. Students were given information of the platform on which Joomla! was developed and were informed of the need
for PHP, MySQL and Apache. They were given a detailed walkthrough of the installation of the Joomla! package on the client system, rather than on a web server. They were also given details on how to install and upload
code and text using Joomla‘s features. This workshop had an enthusiastic response from the students. The follow up to this workshop was also commendable since many students contacted the speakers later on for any
problems they were facing, and were helped out by the speakers over the Internet.
Ubuntu Workshop: This workshop focused on the installation of the popular open source Linux based operating system, Ubuntu. This workshop was quite a hit amongst students, especially those of IT and COE. Students were given a detailed walkthrough of installing Ubuntu and troubleshooting any problems that might occur during the installation. Students were provided with handouts with detailed instructions for installing and
using Ubuntu. CSI members were provided with Ubuntu CDs, free of cost, while non-CSI members were
charged a nominal rate for the CDs.
C it for yourself: This workshop was aimed at the 2nd year students in COE and IT. The aim was not to teach
them basic C coding but it was to hone and sharpen their C coding skills. Students were provided with brain
teasers bases on syntax and logic. Every attendee was given a handout containing the questions. These questions were discussed in detail by the speakers. This workshop was held in two parts, on consecutive Wednesdays. This workshop also received a very warm response from the students as it helped them to further their C
skills as well improve their understanding of C from an academic standpoint.
Startup Fair: The startup fair was held by CSI in collaboration with EDC- IIT
Roorkee. The startup fair provided an opportunity for students to land up lucrative
internships with upcoming startups at a time when the world economy is facing a
recession and job opportunities are becoming harder to find. Nearly 200 students
across all semesters participated in the startup fair. All the students were pre registered on the CSI website before hand. The fees for CSI members were quite less
compared to non-CSI members. 5 startups gave presentations on their startups and
the positions offered. Many students from IIT-Roorkee also attended the meet to
avail the internships. All from the startups were provided executive lunches from
NSIT, students were provided with refreshments coupons. Interviews were held
that very day in NSIT at various locations.
4
3
5
COMPUTER VIRUSES
A computer virus is a computer program that can copy
itself and infect a computer without the permission or
knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the
reproductive ability. A true virus can only spread from
one computer to another (in some form
of executable code) when its host is
taken to the target computer. Viruses
can increase their chances of spreading
to other computers by infecting files
on a network file system or a file system that is accessed by another computer.
Malware includes computer viruses, worms, trojan horses,
most rootkits, spyware, dishonest adware, crimeware, and
other malicious and unwanted software, including true
viruses. Viruses are sometimes confused with computer
worms and Trojan horses, which are technically different.
A worm can exploit security vulnerabilities to spread itself
to other computers without needing to be transferred as
part of a host, and a Trojan horse is a program that appears
harmless but has a hidden agenda. Worms and Trojans,
like viruses, may cause harm to either a computer system's
hosted data, functional performance, or networking
throughput, when they are executed.
low this link :
http://en.wikipedia.org/wiki/Computer_viruses
A brief history of viruses
THE 1st VIRUS
The Creeper virus was first detected on ARPANET, the
forerunner of the Internet in the early 1970s. Creeper
was an experimental self-replicating program written by
Bob Thomas at BBN in 1971. Creeper used the ARPANET to infect DEC PDP-10 computers running the
TENEX operating system. Creeper gained access via
the ARPANET and copied itself to the remote system
where the message, "I'm the creeper, catch me if you
can!" was displayed. The Reaper program was created
to delete Creeper.
The first PC virus in the wild was a boot sector virus
dubbed (c)Brain, created in 1986 by the Farooq Alvi
Brothers, operating out of Lahore, Pakistan. The brothers reportedly created the virus to deter pirated copies of
software they had written
Before computer networks became widespread, most
viruses spread on removable media, particularly floppy
disks. In the early days of the personal computer, many
users regularly exchanged information and programs on
floppies. Some viruses spread by infecting programs
stored on these disks, while others installed themselves
into the disk boot sector, ensuring that they would be
run when the user booted the computer from the disk.
Until floppy disks fell out of use, this was the most successful infection strategy and boot sector viruses were
the most common in the wild for many years.
Windows and UNIX have similar scripting abilities, but
while UNIX natively blocks normal users from having
access to make changes to the operating system environment, older copies of Windows such as Windows 95
and 98 do not. In 1997, when a virus for Linux was released – known as "Bliss" – leading antivirus vendors
issued warnings that Unix-like systems could fall prey
to viruses just like Windows. The Bliss virus may be
considered characteristic of viruses – as opposed to
worms – on UNIX systems. Bliss requires that the user
run it explicitly (so it is a Trojan), and it can only infect
programs that the user has the access to modify. Unlike
Windows users, most UNIX users do not log in as an
administrator user except to install or configure software; as a result, even if a user ran the virus, it could
A virus has basically three parts
1. Replicator - The replicators job is to ensure the survival of the virus on a system. Most successful viruses do
this by not inflicting damage on the system but by appending themselves to legitimate programs in the machine.
Each time the program is run then the virus will 'wake up'
and start to reproduce. As said earlier, this is the most important part of the virus code.
2. Concealer - This part of the virus has the job of hiding the virus. It uses a number of methods to do this but
the point is if you don't know a virus is there then you
wont try and kill it. Today's viruses use advance techniques to stop being caught from Antivirus software.
3. Payload - The payload of a virus can be practically
anything, in fact if it can be programmed then it can be the
payload. If an obvious payload gets delivered soon after
infection then the user is soon going to notice and will go
virus hunting. This does not help the long life or wide
spread of a virus.
To know about the stealth techniques of these viruses, fol5
4
6
not harm their operating system. The Bliss virus never
became widespread, and remains chiefly a research
curiosity. Its creator later posted the source code to
Usenet, allowing researchers to see how it worked.
The 10 Worst Virus Attacks of All Time
Morris, 1988: One of the first-ever Internet worms,
Morris was created by Cornell University student
Robert T. Morris, who claimed its purpose was to
gauge the size of the Internet. Instead, since it used
existing flaws in UNIX send mail and infected a given
computer multiple times, it crippled roughly 6,000
computers (the Internet had an estimated 60,000). Although Morris caused between $10 million and $100
million in damage, he wound up with just three years‘
probation and a $10,050 fine — along with a sweet
teaching gig at MIT.
Melissa, 1999: Allegedly named for a Florida lap
dancer whom David L. Smith, its creator, fancied,
Melissa forced major companies such as Microsoft,
Intel Corp. and Alcatel-Lucent to shut down their
email gateways due to the large volume of traffic the
virus generated. Smith faced 40 years in prison and
enormous fines, which he magically reduced to 20
months and $5,000 by spending a few years undercover helping the FBI catch other malware authors.
VBS/Loveletter, 2000: Starting on May 4 in the Philippines, this worm spread worldwide in a single day
by using infected computers‘ email address lists to
send large numbers of messages directed at new targets. It is thought to have caused $5.5 billion in damage, mostly in lost staff time, as corporate and government email systems had to be shut down to eradicate
the virus.
Code Red, 2001: It began on July 13. Code Red infected computers running the Microsoft IIS Web
server, exploiting a buffer overflow and defacing Web
sites with the text, ―HELLO! Welcome to http://
www.worm.com! Hacked By Chinese!‖ A fix had
been available for this vulnerability for about a month,
limiting its damage — kind of — to just $2.6 billion,
but Code Red still managed to cause a ―major disruption in connectivity,‖ according to the Internet Storm
Center. (―Hacked by Chinese‖ evolved into a fairly
common IT-world putdown, although never as popular
as ―All your base are belong to us.‖)
Nimda, 2001: Nimda (―admin‖ spelled backwards)
took just 22 minutes to spread as far and wide as Code
Red. Nimda's secret was using several different propagation vectors: It created masses of emails to transmit
itself, lured users to infected Web sites, and took ad- 6
5
vantage of lingering problems with Microsoft IIS security and previously installed Code Red or Sadmind
worms. Nimda cost an estimated $635 million in damage.
SQL Slammer, 2003: On January 25, this worm began
using a buffer-overflow bug in Microsoft SQL Server
and MSDE (Microsoft Desktop Engine) database products. It rapidly distributed copies of itself around the
world, causing major denials of service and slowing
down the entire Internet. An estimated 150,000 to
200,000 systems were affected. As with Code Red, a
patch for the SQL Server flaw had been available for
months.
MS Blaster, 2003: Beginning on August 11, Blaster
spread via various Windows operating systems and targeted Microsoft‘s windowsupdate.com site with DoS
(denial-of-service) attacks. It caused widespread trouble
and multiple restarts in machines running Windows NT,
Windows XP (64-bit) and Windows 2003, although a
patch for this vulnerability was already available. Victims included the Federal Reserve Bank of Atlanta,
BMW AG, Philadelphia‘s City Hall, and thousands of
home and corporate users. Although its ultimate origin
is thought to be Chinese, the Blaster.B variant was created by then-18-year-old Jeffrey Lee Parson, who was
caught because he programmed it to contact a domain
registered to his father.
MyDoom, 2004: This email-transmitted virus, first
identified on January 26, quickly spread by appearing to
be an error message with an attachment that, when
opened, emailed copies of the virus to addresses in the
victim‘s address book, and also propagated itself
through the Kazaa file-sharing service. Oddly, it avoided
infecting computers at certain universities (University of
California, Berkeley; Massachusetts Institute of Technology; Rutgers University and Stanford University)
and corporations (Microsoft and Symantec Corp.), but
then launched a distributed DoS attack against Microsoft
and The SCO Group Inc. from about 1 million infected
machines. Later versions attacked the Google, AltaVista
and Lycos Inc. search engines.
Sasser, 2004: On April 30, Sasser spread among Windows XP and Windows 2000 machines by exploiting a
buffer overflow in these operating systems. It had unusually direct physical-world consequences, resulting in
Delta Air Lines Inc. canceling 40 trans-Atlantic flights
and forcing Australian trains to halt because operators
could not communicate with signalmen. Despite this,
Sasser‘s then-teenage German creator was tried as a juvenile and drew a mere 21-month suspended sentence
for releasing Sasser into the wild.
7
Program viruses: These infect executable program
files, such as those with extensions like .BIN, .COM, .EXE,
.OVL, .DRV (driver) and .SYS
(device driver). These programs
are loaded in memory during execution, taking the virus with
them. The virus becomes active in memory, making
copies of itself and infecting files on disk.
Examples: Sunday, Cascade
default, leave a nice big hole in the security by allowing
applets free run into there machine. There has been a lot
of commotion behind this and with the amount of power
that JAVA imparts, things from the security angle seem
a bit gloom.
These are just a few broad categories. There are many
more specialized types.
The following link contains the name of all the known
viruses in a search-by-alphabet format.
http://www.probertencyclopaedia.com/virus.htm
Multipartite viruses: A hybrid of Boot and Program
viruses. They infect program files and when the infected
program is executed, these viruses infect the boot record. When you boot the computer next time the virus
from the boot record loads in memory and then starts
infecting other program files on disk.
Examples: Invader, Flip, and Tequila
10 virus symptoms
 Programs take longer to load. Memory-intensive operations take a lot of time to start.
 A change in dates against the filenames in the directory. When the virus modifies a file the operating
system changes the date stamp.
 Increased use of disk space and growth in file sizethe virus attaches itself to many files.
 Strange characters appear in the directory listing of
filenames.
 Strange graphic displays such as falling letters or a
bouncing ball appear on screen.
 Programs may hang the computer or not work at all.
Junk characters overwrite text in document or data
files.
Stealth viruses: These viruses use certain techniques to
avoid detection. They may either redirect the disk head
to read another sector instead of the one in which they
reside or they may alter the reading of the infected file‘s
size shown in the directory listing. For instance, the
Whale virus adds 9216 bytes to an infected file; then the
virus subtracts the same number of bytes (9216) from
the
size
given
in
the
directory.
Examples: Frodo, Joshi, Whale
Listed below are some of the steps recommended by experts to safeguard your PC from viruses. These are a
compilation of magazine sources and experience.
 Change a setting in the BIOS that enables your PC
to boot from the C-drive first.
 Use a good anti-virus program to scan floppy disks
before copying files. Recommended ones are Norton
Antivirus 2000 and McAffee 5.
 Do not install pirated software, especially computer
games.
 Activate watch-guard programs (monitors) that look
out for suspicious activity.
 Use the update service offered by software vendors
and update the anti-virus software every month.
 Scan the entire hard disk twice a month.
 Scan files downloaded from the Internet or those
transferred through a network.
 Prepare a rescue disk with critical system files. Preferably, it should be bootable.
 Keep the original CD-ROM or diskettes containing
the operating system handy.
Polymorphic viruses: A virus that can encrypt its code
in different ways so that it appears differently in each
infection. These viruses are more difficult to detect.
Examples: Involuntary, Stimulate, Cascade, Phoenix,
Evil, Proud, Virus 101
Macro Viruses: A macro virus is a new type of computer virus that infects the macros within a document or
template. When you open a word processing or spreadsheet document, the macro virus is activated and it infects the Normal template (Normal.dot)-a general purpose file that stores default document formatting settings. Every document you open refers to the Normal
template, and hence gets infected with the macro virus.
Since this virus attaches itself to documents, the infection can spread if such documents are opened on other
c
o
m
p
u
t
e
r
s
.
Examples: DMV, Nuclear, Word Concept.
Active X: ActiveX and Java controls will soon be the
scourge of computing. Most people do not know how to
control there web browser to enable or disable the vari- Compliled By : Nikhil Gupta, IT
ous functions like playing sound or video and so, by 7 Source : Wikipedia, Articles by Mayur Kamat, Internet.
6
8
3G – Technology and its Evolution
This was the first time when standards were set for the
Mobile Telecommunications. With the chart provided
the evolution of different Generations are shown with
some of their features. This would help in comparing
it with its previous generations.
More on 3G
3G technology, which is short for third generation mobile telephone communication systems technology,
improves the efficiency of data can be transferred
through your cellular phone. The data transfer rates for
third generation mobile telecommunications is up to 2
Mbps (Megabits per second). (EDGE is standardized
by 3GPP as part of the GSM family, and it is an upgrade that provides a potential three-fold increase in
capacity of GSM/GPRS networks! This means users
can download and view video contents in a jiffy.) 3G
networks offer a greater degree of security than 2G
predecessors. Aside from this feature, 3G cellular
phones also have conventional voice, fax and data services, as well as high-resolution video and multimedia
services which can be used while on the move. It also
includes mobile office services such as virtual banking
and online-billing, video conferencing, online entertainment and access to the Internet.
Such mobile telephone technology would improve the
way people will be able to communicate with each
other, as well as develop new uses for their cellular
phones. One particular advantage of using such a technology on your cellular phone would be your phone‘s
ability to watch television shows on your phone, and it
also allows you to have video conversations with other
people who also use the same 3G technology.
3G – What is it?
The latest buzz word in Mobile Technology for the
past few months has been 3G. Many a times we go
through the newspaper reading about 3G, without a
clue of what it is and its power. Ask a NERD what is
3G and you will get the following answer: 3G better
known as ‗International Mobile Telecommunications2000 (IMT-2000)‘ is a is a family of standards for
wireless communications defined by the ‗International
Telecommunication Union‘, which includes GSM
EDGE, UMTS, and CDMA2000 as well as DECT and
WiMax.
In lay man language we can say that 3G (Third Generation) is the latest wireless technology which provides wireless access to the data and information to
the users from anywhere and anytime. Its services include wide-area wireless voice telephone, video calls,
and wireless data, all in a mobile environment. First
launched in Japan in October 2001 3G phones were
designed so users would be able to surf the Internet,
view pictures of the people they are talking to, watch
movies and listen to music on their handsets.
Evolution - till now
The history of wireless telecommunication (mobile
phones) dates back to 1908. The Generation Zero (or
0G) was introduced in 1945.
8
7
7
This makes one of the 3G phone‘s most essential feature better, which is the ability for people to conduct
video conferencing. However, this only makes up a
very small fraction of use from the 3G phones.
Other applications of the 3G technology include map
and positioning services, as well as multiplayer gaming, which is more popular with the mobile phone‘s
y o u n g e r
s u b s c r i b e r s .
9
9
9
8
8
10
You can also pay your bills and balance your checks
by logging on to your bank account using the 3G devices that you have. You also book in advance dinner
and hotel reservations in any city that you are in. Such
technology also benefits you by giving you enough
flexibility to function at your best in your workplace.
Teleconferencing is one of the best applications for the
3G
technology
in
your
work.
Although 3G technologies offer a lot of new advancements and changes in the world of telecommunication,
there are still a few things that render the use of 3G
telephone communication systems technology as disadvantageous. One thing that makes 3G cellular
phones disadvantageous to its users is the fact that
these types of cellular phones are more expensive as
compared to those which do not share the same technology. Aside from this, people who have 3G can only
enjoy the video conferencing feature of the technology
with other 3G subscribers.
Conclusion
3G is an exciting new technology that is being incorporated into mobile devices across the globe. Users
are now able to make person-to-person calls,
download data and do a variety of other tasks they
never imagined possible all via their 3G cell phones.
Situation in India: People are still on 2.5G. The factors
restricting private sector telecoms to move to 3G are :
High capital investment, high cost of 3G compatible
phones as compared to GPRS enabled ones, mass people using cell phones for communication purposes
only( The number of people using mobile phones for
internet and TV watching is very small), high service
rates. Although MTNL has rolled out their 3G services, but no big impact on people is seen. Also the
spectrum allocation for 3G by Govt. is getting delayed. It will take some more time to actually see 3G
in action in India. But when out it will surely change
the way people use their cell-phones.
Compiled by:
Dipankar Patro, CoE
Abhinav Arora, IT
Sources:
Wikipedia
Articlebase.com
110words.com
ENCRYPTION
Secure Your Data - Scramble It
Encryption is an important part of digital security. It is on
of the most effective methods to provide data security and
is widely used by multinationals, bankers, the military and
even journalists. It facilitates secret communication between two systems.
Encryption refers to schemes that encode the plain text
into non-readable form or cyphertext, providing privacy.
So plain text is basically the human readable form of information. The receiver of the encrypted text uses a "key"
to decrypt the message, returning it to its original plain
text form. The key is the trigger mechanism to the algorithm.
Web browsers will encrypt text automatically when connected to a secure server, that is when an address beginning with https. The server decrypts the text upon its arrival, but as the information travels between computers, interception of the transmission will not be fruitful to anyone "listening in" i.e. tapping your communication. They
would only see unreadable gibberish. Emails can also be
encrypted. This can easily be accomplished with encryption programs that feature plug-ins or interfaces for popular email clients. The most longstanding of these is called
PGP (Pretty Good Privacy), a humble name for very
strong military-grade encryption program. PGP allows
one to not only encrypt email messages, but personal files
and folders as well.
Encryption can not only be applied to webpages and
emails but entire hard drives can be encrypted. To use the
drive, it is "mounted" using a special decryption key. In
this state the drive can be used and read normally. When
finished, the drive is dismounted and returns to an encrypted state, unreadable by hackers , Trojan horses, or
spyware. Some people choose to keep financial programs
or other sensitive data on encrypted drives.
In recent years, many encryption algorithms have been
developed to provide better encryption for different applications.
Some popular ones are:
RSA:
RSA was developed by Ron Rivest, Adi Shamir and Leonard Adleman at MIT. This scheme was named in their
honour. It involves three steps: key generation, encryption
and decryption. RSA involves a public and private key.
The public key can be known to everyone and will be
10 used to encrypt messages. Messages encrypted with the
9 public key can only be decrypted using the private key.
11
bit string known only to them, which can be used as a
key to encrypt and decrypt messages.
Blowfish:
Blowfish is a keyed, symmetric block cipher, designed
in 1993 by Bruce Schneier and included in a large
number of cipher suites and encryption products.
Blowfish provides a good encryption rate in software
and no effective cryptanalysis of it has been found to
date. Schneier designed Blowfish as a general-purpose
algorithm, intended as a replacement for the DES and
free of the problems and constraints associated with
other algorithms. At the time Blowfish was released,
many other designs were proprietary, encumbered by
patents or were commercial/government secrets.
Blowfish has a memory footprint of just over 4
kilobytes of RAM. This constraint is not a problem
even for older desktop and laptop computers, though it
does prevent use in the smallest embedded systems
such as early smartcards.
QC provides much
more security compared
to previous algorithms.
This is because the two
parties involved in data
transaction can detect
the presence of any
third party trying to
gain knowledge of the
key. This is because of
Heisenberg‘s Uncertainity Principle, that a
quantum system is disturbed when someone
tries to measure its
properties. A third party
trying to eavesdrop on
the key must in some
way measure it, thus introducing detectable anomalies.
However, some attacks have been formulated which
cause a minimal change in the quantum states used in
the encryption procedure. However, these changes can
be detected by the receiver.
DES
The Data Encryption Standard (DES) is a block
cipher (a form of shared secret encryption) that was
selected by the National Bureau of Standards and
which has subsequently enjoyed widespread use
internationally. It is based on a symmetric-key
algorithm that uses a 56-bit key. The algorithm was
initially controversial with classified design elements,
a relatively short key length, and suspicions about a
National Security Agency (NSA) backadoor. DES
consequently came under intense academic scrutiny
which motivated the modern understanding of block
ciphers and their cryptanalysis. DES is now
considered to be insecure for many applications. This
is chiefly due to the 56-bit key size being too small.
Quantum cryptography is only used to produce and distribute a key, not to transmit any message data. This key
can then be used with any chosen encryption algorithm
to encrypt (and decrypt) a message, which can then be
transmitted over a standard communication channel. Algorithms such as BB84 and E91 protocol have been designed for QC.
IDEA
International Data Encryption Algorithm (IDEA) is an
algorithm that was developed by Dr. X. Lai and Prof.
J. Massey in Switzerland in the early 1990s to replace
the DES standard. It uses the same key for encryption
and decryption, like DES operating on 8 bytes at a
time. Unlike DES though it uses a 128 bit key. This
key length makes it impossible to break by simply
trying every key, and no other means of attack is
known. It is a fast algorithm, and has also been
implemented in hardware chipsets, making it even
faster.
The current commercial systems are aimed mainly at
governments and corporations with high security requirements. Key distribution by courier is typically used
in such cases, where traditional key distribution schemes
are thought not to provide enough guarantee. This has
the advantage of not being distance limited, and despite
long travel times the transfer rate can be high due to the
availability of large capacity portable storage devices.
The major difference of quantum cryptography is the
ability to detect any interception of the key, whereas
with courier the key security cannot be proven or tested.
QKD (Quantum Key Distribution) systems also have the
advantage of being automatic, with greater reliability
and lower operating costs than a secure human courier
network.
The future of encryption
The future of encryption lies in quantum computing,
specifically in quantum cryptography(QC). QC uses
quantum mechanics to provide secure communication.
It enables two parties to produce a shared random
11
Compiled By : Shikhar Kohli, IT
10
12
BUYER’S GUIDE
FOR ASSEMBLING
A DESKTOP
COMPUTER—PART 2
In the previous
issue we dealt
with
mother
board and processor. In this
issue we will
talk about audio
and visual components of a PC
namely Graphics Card, Monitor and Speakers. Apart from
that we will also
look into an optional PSU(Power Supply Unit). Let us
get straight to the sections.
Choosing the correct Graphics Card
Graphics card has become de-facto for almost all users. With prices as low as Rs 2000, anyone can get
him/herself a decent graphics card. What to watch out
for while buying?
Graphics Cards come
in mainly two types
AGP and PCIe. AGP
has become old and is
almost phased out by
PCIe Cards in terms of
technology. By default
new mother boards
have PCIe (x16) slots
for graphics card.
For Non/Light gamers:
People of this category
don‘t require high end
graphics for daily usage. A graphics card with 128MB
(Video Memory)/DDR2 will do just great. For people
who also want to try a little bit gaming in this category
can opt for 256MB/512MB, DDR2 graphics card, believe me it can run most
games like ―Wolverine‖ at decent frame-rates. Graphics Cards from both nVidia and ATI are superb. As
DDR2 Cards don‘t require additional power, you also
won‘t require having a new PSU.
For Serious Gamers/ Graphics Designers: People in
this category need the ―best in class‖ Graphics Cards
(at a cost lot more than the above). A graphics card
with at least of 512MB Memory, DDR3 technology is
for you. If you want to be future proof (for 4-5yrs)
and are having a good budget, then go for 1GB or
more Memory. But remember one thing, since DDR3
graphics card require more power, so they need to be
supplied with a PSU than can provide such power.
Even if you find that the price difference between
DDR2 and DDR3 graphics cards is not much, but going for DDR3 will add another Rs 3000 to your bill
for PSU.
PSU should be selected after selecting a graphics
cards since the power recommendations are always
mentioned by the manufacturers of the cards. This
varies with models.
Note: Both DDR2 and DDR3 are compatible with
PCIe (x16) slots.
Upgrading suggestions
Check the slot first. If its AGP then choosing a good
AGP card with greater memory may give you better
results. For PCIe, you can select according to the
above criteria.
Note, for same amount of memory, AGP cards cost
more than their PCIe counter parts. While upgrading,
keep the future usage in mind.
Choosing the correct Monitor
Gone are the days when CRTs were better than LCD.
Now you
can get a
s l e e k
L C D
monitor
for as low
as
Rs
5 0 0 0 .
N o w
CRTs use
Analogue
output
(VGA/DSUB connector to graphics card), but LCD monitors
support that and also Digital output (DVI connector to
1211
13
graphics card). Latest LCD monitors support HDMI
(but that requires you to have HDMI output from your
Graphics Card, available in DDR3 models)
For Simple Users: Now that they don‘t watch movies
or any HD content, they can go for a 15‖ LCD monitor
without DVI input. This will be a cost effective solution and will help to reduce power consumption.
For Advanced Users: People in this class can go for a
decent 17‖/19‖ Wide-screen (16:9) LCD monitors
with DVI input. This will help them with watching
movies and playing games at better resolutions. Remember that Graphics Card will be the ultimate factor
to decide visual performance.
For Professional Users: They should get a 19‖ / 21‖
wide-screen LCD monitor that supports true HD content viewing. This category also consists of those who
want to watch movies at 1080p resolution and also for
hardcore gamers who don‘t want to miss a single target. Remember to run this monitor at native resolution
smoothly you need to have a high end graphics card
(DDR3).
always test it and look for it‘s RMS power ratings.
Higher the RMS power, better the sound production.
Don‘t go by PMPO rating which is generally used for
promoting a set.
For Non – Audiophiles: This is for those who listen to
music just for fun, no serious business if sound is not
produced in right wave. They like their music and lyrics, that‘s all. They should go for a 2 speaker set or a
better 2.1 speaker set. The difference b/w 2 and 2.1 is
2.1 will have a separate bass speaker for producing
low frequency sounds thus producing better quality
sound than just 2 speakers handling all types of frequencies. LCD Monitor. They should go for 5.1/7.1
speaker set.
For Audiophiles/True Movie-Experience/Gamers:
This is for those who want their music to be perfect
because their music define them! Of course they
would need just more than a bass and two speakers.
Also those who want to have a perfect movie experience and have already bought a nice 21‖ wide-screen
Upgrading suggestions
But before that they should check whether they have
sound card support. Most of the motherboards nowadays have on board high definition 5.1 channel surround sound support. Some of them even have 7.1
support! So that basically saves money for not buying
a dedicated sound card. A 5.1 Speaker set supports 6
channel sound output that is Front right, front left,
centre, rear right, rear left & sub-woofer. They produce surround sound just like movie halls, providing
you a great movie experience, also helping gamers to
accurately spotting their enemies.
But if you don‘t want to go for a 5.1 set, you can opt
for a high quality 2.1 speaker set that will do the work
of a better Music /Gaming experience.
If you are having a CRT, and are not happy with the
movie viewing, then you should upgrade for a widescreen monitor according to your requirements as
mentioned above.
Choosing a correct set of Speakers
Everybody listens to music while working, relaxing,
or almost
doing anything! So
why not
have a decent set of
speakers
that will
set your
mood and
ambience
of room.
Remember
that while
buying a
speaker set
Upgrading suggestions
If you have a 2.1 speaker set and want to have better
sound, get yourself a better RMS rated speaker set. If
you have a 6 channel sound support system go for a
5.1 speaker set.
So that was Audio and Visual components for your
new PC. In next issue we will see how to select correct Storage Devices. If you have any queries regarding this topic, you can contact me.
Compiled by: Dipankar Patro, COE
Source: Internet
1213
14
gOS
Rocket, Good OS introduced the use of Google's
"Google Gears" technology which promises to make
Google's web applications usable without an Internet
connection. Currently, Google Reader and Google
Docs are the only supported Google applications,
though other web applications such as Remember the
Milk have added Google Gears functionality.
You can install gOS by downloading an iso file. It also
has an option of running a live CD. The installation
doesn‘t take much time and is very easy, similar to
installing other Linux distros. After the installation,
the first thing you'll notice is that the gOS desktop
looks very different than your standard Ubuntu desktop. Since gOS uses Enlightenment instead of Gnome
or KDE, so you get to see an interface which will remind you of Mac OS X. The gOS desktop is similar to
Mac OS X in some ways, particularly the way that its
iBar behaves. The iBar functions similarly to Windows' "Start" button menus.
gOS, run using VMware on a Mac
This article is the first in a series describing several innovative yet relatively unknown Linux based operating
systems. Like all other Open Source projects, these operating systems are free to download and install and provide all the benefits of Open Source technology. We start
with gOS, described as the “unofficial Google OS”. We
look at the technology behind it and the services and
technologies it offers to users.
gOS or "good OS" is an Ubuntu-based Linux distribution
created by 'Good OS LLC', a Los Angeles-based corporation. The company initially advertised it as "An alternative OS with Google Apps and other Web 2.0 apps for
the modern user‖. It is essentially a Linux based online
operating system.
Based on the idea of cloud computing, all versions of
gOS use on-line applications built on Web 2.0 and AJAX
technology so they do not require much hard disk space
for applications. The whole gOS-1 system fits comfortably in less than 2 GB. Also many of the documents created with gOS, such as Google Docs documents, can be
saved on Google servers instead of on the local hard disk,
so gOS can work with very small hard disks. In gOS V2
14
13
gOS focuses mainly on Google‘s applications. Its iBar
natively supports Gmail, Google News, Google Docs,
Google Calendar, Google Maps, Youtube, Blogger.
Obviously, you cannot access these applications offline. However gOS comes with several applications to
keep you happy during downtime. Some of these are
OpenOffice, Gimp and Mozilla Thunderbird(an email
client).
Good OS will release a cloud-based version of the OS,
the pragmatically named Cloud. Cloud runs a hybrid
browser/linux kernel, offering quick startups and
faster processes.
Cloud launches within a few seconds, provides access
to the internet, runs client apps (like Skype), as well as
a variety of web apps, including a dock full of them
from Google. In addition, Cloud is compatible with
flash video and mp3s, giving users options for multimedia use within the OS. But Cloud is not meant to be
a standalone solution. Instead, it will be packaged in
Netbooks alongside Windows XP, along with a dock
icon that will switch you over to the more robust operating system when more computing power is required.
Cloud is expected to be available early next year,
when it is shipped alongside Gigabyte's Tablet Notebooks.
Compiled By : Shikhar Kohli, IT
15
STEGANOGRAPHY
Encryption is extensively used these days to secure
communication in digital networks. Many efficient
and nearly unbreakable algorithms have been developed to this effect. However, the one the serious drawback with encryption is that you can easily be aware of
encrypted text.
Consider the following text:
This is Bits and Bytes, CSI-NSITs newsletter.
It was encoded using the Blowfish algorithm with a
key of 28 bytes. The resulting cipher text is:
2EB7D1F6CCF41B3F43716D208554DC95
866DA9D7678C71432334C96C0BC4A726
82F55498F03DA0E92D2ED175091B21F2
If an attacker manages to compromise the network and
download the message, its rather obvious that the message has been encrypted. He would then use standard
algorithms and generate keys for those algorithms and
then try to crack the message. So, eventually the attacker will be able to decrypt the message. Obviously,
this represents a serious drawback. Encrypted data
sticks out like a sore thumb. Steganography is a
method that overcomes this drawback.
Steganography is the science of hiding information.
Whereas the goal of cryptography is to make data unreadable by a third party, the goal of steganography is
to hide the data from a third party. In reality, steganography is what is called deniable encryption. In
this article, we will focus on the interesting aspects of
digital steganography.
These days, it is common for data to be embedded in
innocuous image files. To a computer, an image is an
array of numbers that represent light intensities at various points. A common image size is 640x480 pixels.
This is roughly 300,000 pixels. Pictures are either 8 bit
or 24 bit. That means a pixel either uses 1 byte or 3
bytes in the image. The more the number of bytes
(bits), the better the quality of the image. Then image
formats such as JPEG or GIF are used to store the images. They compress the image, ie the reduce the number of bytes the image occupies. To hide data, the
steganography software selects a pattern of bytes. It
can then modify the least significant bit in the byte to
represent data. It changes the colour of a pixel, but the
pixels are selected so that the hidden data is invisible
to the naked eye. This is one of the simplest methods
of steganography involving images.
Consider the following images:
15
14
The first image contains no hidden data, it is a copy of
the CSI logo.
Consider the second image. In this seemingly innocuous image, the message ―This message is hidden in the
CSI logo‖ has been embedded, with the password bitsnbytes (you can ‗unstego‘ it by using the stego tool at
http://mozaiq.org/decrypt/ ). The images appear similar
to the naked eye and can be dismissed to be identical
copies of each other. This is the advantage that digital
steganography offers over encryption.
Countermeasures
In computing, the detection of steganographically encoded messages is called steganalysis. Basically, the
goal of steganalysis is to identify suspected packages,
determine whether or not they have data encoded into
them, and, if possible, recover that data.
Stegananlysis is not an easy task to accomplish. First,
the task of the analyst is the identify the the packages in
which digitally encoded information is likely to be present. This is a huge challenge if steganography is involved in hiding the data. Its possible that the hidden
data may have encrypted first.
One obvious way of steganalysis is obtaining a ‗true‘
copy of the file in which data has been hidden. Then
you can use a program which can match the bit patterns
of the corresponding files and display the anomalies.
However, it is often impossible to obtain such a file.
For images, many specific methods of steganalysis are
available. Based on whether an image contains hidden
message, images can be classified into two classes: the
image with no hidden message and the corresponding
stego-image (the very image but with message hidden in
it). Steganalysis can thus be considered as a pattern recognition process to decide which class a test image belongs to. The key issue for steganalysis just like for pattern recognition is feature extraction. The features
should be sensitive to the data hiding process. In other
words, the features should be rather different for the image without hidden message and for the stego-image.
Compiled By : Shikhar Kohli, IT
16
Winhacks
Hack Your BIOS for Faster Startups
problems, however, you can turn it back on.
BIOS stands for Basic Input/Output System, its a procedure that ensures that your hardware is in order as
your PC boots. It is the first piece of code that runs
when your machine boots up.
When you turn on your PC, it goes through a set of
startup procedures in its BIOS before it gets to starting
Windows. So, if you speed up those initial startup procedures, you‘ll make your system start faster.
You can speed up your startup procedures by changing
the BIOS with the built-in setup utility. How you run
this utility varies from PC to PC, but you typically get
to it by pressing either the Delete, F1, or F10 key during startup. You‘ll come to a menu with a variety of
Speeding Up Your Desktop
Alright, so far, so good. Your PC loads faster than before. But you realize that the desktop is taking time to
load various icons in the taskbar and hourglass with
the cursor won‘t go away. Fret not, help is at hand.
Startup Programs
1. In the start menu, hit run and type msconfig.
2. In the general tab, select Selective Startup.
3. Now, go to the Startup tab. You‘ll see a list of start
up items. You‘ll probably not be familiar with the
names listed under ‗Startup Item‘ so it‘s a great
idea to Google the names and find out what they
do. Then you uncheck some of the programs that
you don‘t need to execute as soon as you load the
desktop. For example, it‘s a great idea to stop messengers and printer services to load with the desktop.
A word of advice. Don‘t stop many programs at a
time. Do it one by one so that you can pinpoint if a
stopping particular program causes system problems.
So stop one, restart your PC and keep at it until you‘ve
stopped all unnecessary programs.
choices. Here are the choices to make for faster system
startups:
Quick Power On Self Test (POST)
When you choose this option, your system runs an abbreviated POST rather than the normal, lengthy one.
Change Your Boot Order
If you change the boot order so that your BIOS checks
the hard disk first for booting, it won‘t check
any other devices, and will speed up your startup time.
Boot Up Floppy Seek
Disable this option. When it‘s enabled, your system
spends a few extra seconds looking for your fl oppy
drive—a relatively pointless procedure, especially
considering how infrequently you use your
fl oppy drive.
Boot Delay
Some systems let you delay booting after you turn on
your PC so that your hard drive gets a chance to start
spinning before bootup. Most likely, you don‘t need to
have this boot delay, so turn it off. If you run into
16
15
Scheduled Tasks
Some tasks are scheduled to run as soon as your computer loads like Google update. Some of these tasks
maybe important to help your secure your computer.
Go to C:\WINDOWS\Tasks, and delete the shortcuts of
any programs that you don‘t want to run.
Hacking the Interface
Your
machine
might not look as
cool as a Mac.
Don‘t
worry,
there are lots of
hacks and programs to get you
out of your Windows into a Macintosh (almost).
When you start
your
machine,
you'll see a
17
vendor-specific welcome screen, which provides access to BIOS settings. Depending on your setup, after
that you might see a menu that lets you boot from one
of multiple operating systems. But if you run only one
instance of Windows XP, you will be greeted immediately by the Windows splash screen. To get an almost
complete Mac experience, we are going to replace the
default Windows logo with something more Mac-like.
To do this, we use BootSkin by Stardock , which is
free for noncommercial use.
After downloading and installing the program we need
to obtain a Mac-like boot skin. A particularly nice one
is called G5, available at
http://
www.wincustomize.com/skins.asp?
library=32&SkinID=740. Once you have downloaded
it, you need to import it into BootSkin. From BootSkin, choose File -> Import from file. After you import it, it will show up in BootSkin
tion directory of LogonStudio, which has the default
of C:\Program Files\WinCustomize\LogonStudio.
Changing The Appearance of Windows and Menus
The next step
is to change
Windows'
overall visual
appearance so
that it's more
Mac-like. Use
WindowBlinds from
Stardock (http://www.stardock.com/products/
windowblinds).
It's shareware, and you can use a free version that has
nag screens and some features disabled. Download the
program and a visual style called Brushed Panther
(http://www.wincustomize.com/skins.aspx?
skinid=3476&libid=1). After launching WindowBlinds, choose "Install skin from disk" to load the
skin.
Changing the Logon screen
The next step in transforming your PC into a Mac is to
replace the default Logon screen with a more Mac-like
version. Use the free program LogonStudio by Stardock program output
takes place
in the Dock.
What makes
the Mac OS
X version
so
outstanding is
its
visual
appearance,
with lots of nice animations. Just download RocketDock from http://rocketdock.com/. It‘s a free
download, any RocketDock comes with a lot of customizable skins and features. Many addons are also
available, free!
(http://www.stardock.com/products/logonstudio).
Download the main program as well as a logon screen
called Mac OS X Panther at http://
www.wincustomize.com/skins.aspx?
skinid=2371&libid=65
The Dock
Another eye-catching feature of Mac OS X is called
the Dock. The basic idea is to have some drop zone
where you drag files and programs you need frequently. Accessing them is as simple as clicking the
corresponding icon, which remains visible all the time.
Additionally, the Dock shows all currently running
programs. If you minimize an application window,
After you install LogonStudio, unzip the zip file into a
directory nameMac_OSX_Panther_LogonXP.logonxp.
Now, move the newly created folder into the installa17
16
18
fault. However if you are installing Windows XP over
other operating system like Windows 98, you may
have installed FAT32 as your file system.
The only benefit of FAT32 is that you can simultaneously use FAT32 formatted disks with older operating
systems like Windows 95 Service Pack 2 and Windows 98 in a machine with multiple operating systems.
Other Hacks
How to Send Any File to Any Place By One Click
This can be done by providing more locations to Send
To option that comes when you right click on a particular file. To do that,
1. G o
to
C:\Documents
and
Settings\User_name\SendTo (where User_Name is your
user name)
2. The folder will be filled with shortcuts to all the
locations you find on your Send To context menu.
3. To remove an item from the Send To menu, delete
the shortcut from the folder.
AND
Converting FAT32 to NTFS:
1. Open Command Prompt.
2. Click Start, point to All Programs,
3. Point to Accessories
4. Click Command Prompt
In the command prompt window, type: convert
drive_letter: /fs:ntfs
1. To add an item to the menu, add a shortcut to the
folder by highlighting the folder,
2. Choose File → New → Shortcut, and follow the
subsequent instructions for creating a shortcut. The
new setting will take effect immediately; you don't
have to exit Windows Explorer for it to go into effect.
For example, typing convert D: /fs:ntfs would format
drive D: from FAT to NTFS.
Removing “Uninstallable” Programs
How To Prioritize Your Important Applications
We do multitasking all the time with our PC right?
How unfair it would be to lose a CD while burning
your favorite songs just because you were gaming and
the processor couldn't take the load?
The solution is:
1. Press CTRL-SHIFT-ESC.
2. Go to the second tab called Processes
3. Right click on one of the active processes, you will
see the Set Priority option
For e.g., Run your CD writer program, set the priority
higher, and no more wasted cd from now on. Happy?
1. Use Notepad to open sysoc.inf, generally found in
the C:\WINDOWS\INF folder. Have a backup of
this file and setup a System Restore point before
proceeding. To setup a system restore point,
choose Control Panel ->Performance and Maintainance->System Restore and follow the instructions. C:\WINDOWS\ is a hidden folder. Enable
viewing of hidden folders by choosing Tool>Folder Options->View->Show Hidden files and
folders.
2. When you open the file, look the line of the program you want to uninstall. Lines have the format:
P
r
o
gram=program.dll,0cEntry,program.inf,<numeral
>
3. Programs that are uninstallable have HIDE written
just after program.inf. The Pinball game entry,
which doesn‘t show up in install/uninstall folder in
control panel looks like
Pinball=ocgen.dll,0cEntry,pinball.inf,HIDE,7
4. To force it to show, remove HIDE from the string
and save the sysoc.inf file.
5. Open the Add Programs window, you should now
see the program in the list.
How to Convert between FAT32 & NTFS in Windows
FAT32 & NTFS, for those its greek, are two popular
file systems available in windows. For those who are
curious let me give a simple overview of both of them:
NTFS provides:
 advanced security using access control lists
 Provides file & directory compression for storing
more data
 Encryption
 Quotas
Robustness
Compiled By : Shikhar Kohli, IT
NTFS is highly recommended for sensitive data. A
clean installed of Windows XP installs NTFS by de18
17
19
CSI NSIT MEMBERSHIP
CSI-NSIT Membership is open to all NSIT students.
In order to become a CSI Member, follow these steps…

Download the Membership form from http://societies.nsitonline.in/csi/membership/csi_form.pdf

Since you are an Undergraduate student, make a tick infront of Student.

For Item nos. 1-5, write in your complete details and postal address. This is the address where you will be
mailed the CSI Magazines, so do ensure it is foolproof.

In Item no. 6, write B.E. under the Degree field and leave others blank.

In Item no. 7, write Netaji Subhas Institute of Technology, Azad Hind Fauj Marg, Sector 3, Dwarka.
City: New Delhi. Pin: 110078

In Item no. 8, tick either Information Technology or Others or both.

In Item no. 9, check Others.

Leave Item nos. 10 and 12 blank.

Chapter: DELHI Student Branch: NSIT

If you want your name to be included in membership lists for commercial purposes, then tick Yes otherwise No in Item no. 14.

Attach a photograph in the space provided and give another photograph along with the filled-up form.
Membership Fee is Rs. 500 for two years membership. Forms are also available with the 2nd year Executive Board Members, CSI-NSIT.
Contact your class/branch CSI representative and hand over the form along with the membership fees and
photograph to him/her.
19
18
20
Faculty Members
Dr. MPS Bhatia
PhD (Software Engineering)
Assistant Professor,
COE/IT Department
Dr. Ritu Sibal
PhD (Software Engineering)
Lecturer, COE/IT Department
Student Board
Director - Bits ‘n’ Bytes
Ashish Kapoor
Pavit Laul
Director—e-Operations
Pavit Laul
Director - Marketing
Nitin Garg
Director - Event Management
Swarandeep Singh
Newsletter Team
Design
Ekansh Preet Singh
Nikhil Gupta
Editorial Board Members
Abhinav Arora
Dipankar Patro
Shikhar Kohli
CSI NSIT Student’s Branch
20