FTP server is very useful for transferring (uploading and downloading) files to the extend of backing up files from an unbootable Windows but it can also be abused. Many years ago when a hacker managed to hack in a Windows server, they’d plant a backdoor Serv-U FTP server so that they can have full access to the files in the server. I am very sure that the latest version of Serv-U FTP server no longer has the stealth feature maybe because antivirus companies has started flagging Serv-U FTP server as a threat. This will surely affect their sales as legitimate customers would freak out and suspect if the software that they’re selling contains backdoor.

I’ve written a guide on how to set up a FTP server on Windows computer using FileZilla but it involves quite a lot of steps and it doesn’t run quietly in background. So if you’re looking for an alternative for Serv-U FTP server that can run quietly, then you can try SlimFTPd.

SlimFTPd is a fully standards-compliant FTP server implementation with an advanced virtual file system. It is extremely small, but don’t let its file size deceive you: SlimFTPd packs a lot of bang for the kilobyte. It is written in pure Win32 C++ and requires no messy installer. SlimFTPd is a fully multi-threaded application that runs as a system service on Windows 98/ME or Windows NT/2K/XP, and it comes with a tool to simplify its installation or uninstallation as a system service. Once the service is started, SlimFTPd runs quietly in the background.

It reads its configuration from a config file (slimftpd.conf) in the same folder as the executable, and it outputs all activity to a log file(SlimFTPd.log) in the same place. The virtual file system allows you to mount any local drive or path to any virtual path on the server. This allows you to have multiple local drives represented on the server’s virtual file system or just different folders from the same drive. SlimFTPd allows you to set individual permissions for server paths.

Open slimftpd.conf in Notepad or your favorite text editor to set up SlimFTPd’s configuration. The format of SlimFTPd’s config file is similar to Apache Web Server’s for those familiar with Apache. The config file will work by default allowing FTP clients to connect but you’ll have to set up the user account in order for the user to login and transfer files. Scroll down to line 76 and you should see the code #. Remove the hash # and continue doing that on line 77, 81, 88, and 97.

Next you’ll need to modify the location where you want the user to have access to which is at line 81. By default it is the value is Mount / C:\ftproot. Do take note that SlimFTPd will not run if the specified a folder such as the default ftproot is unavailable. So you can either create a ftproot folder at C: drive OR you can change it to Mount / C:\ to allow the user bob to see everything in C: drive. (Of course you can set it to any folder of your choice as long as you know what you’re doing). To allow the user bob have full read and write access to C: drive, just modify line 88 from Allow / Read List to Allow / All.

Once you’ve got the configuration file right, just run SlimFTPd.exe. You can run Task Manager to see whether SlimFTPd is listed in the running process or not. If not, you’ll have to check the log file to determine what is the problem.

SlimFTPd doesn’t run automatically when Windows is restarted. You can either create a shortcut and put it in Startup folder OR simply run ServiceTool.exe and click the Install button which will automatically put SlimFTPd.exe in Windows services.

Because SlimFTPd is a FTP server that runs quietly in background, there are some antivirus program will detect is as potentially unwanted program, Riskware, HackTool, or not-a-virus. I’ve tried scanning SlimFTPd with 39 antivirus on VirusTotal and 15 of them detected it as a threat. Well it is not really a threat but just being cautious to warn you in case other people planted it on your computer without your knowledge. If you want to install it on your computer, just add it to the exclusion list.

I’ve tried to crypt SlimFTPd.exe with BCD – Binder\Cryptor\Downloader so it’ll be fully undetectable (FUD) by antivirus but it makes SlimFTPd unusable. I guess it is because that SlimFTPd is a command line application and BCD doesn’t support crypting command line applications. Well, the source code for SlimFTPd is available and if you’re an experienced programmer, you might be able to make it fully undetectable 😈

From the day I started writing web logs (blogging), I always test and make sure that the article I post is truly working at that time. The testing and analysis are done on my desktop computer that is installed with either Windows XP or 7. Every time when I need to test something new and requires a clean Windows installation, I simply do a full restore using the backed up image that I created earlier. This is slightly more time consuming and some people may think that I am stupid to do so because it would probably be easier and faster using virtual machine such as VirtualBox or VMware.

Windows operating system installed in VirtualBox or VMware may look and work the same way as the real windows environment but in fact it doesn’t. First of all is the compatibility issue and here is one example. The upcoming Kaspersky Rescue Disk version 10 is in beta testing and it worked perfectly in VirtualBox but when I burn it to a CD and boot it up on two different desktops, one with older hardware and the other one with newer hardware, both failed to start in graphic mode and spewed tons of error messages in console. Secondly…

Obviously you don’t get the real performance on the software when you are testing it on a virtual environment. You should notice that installing Windows or running a full virus scan on virtual machines takes longer than the Windows installed on the physical hard drive.

Thirdly and most importantly, analyzing malwares and malicious files is something that I love and interested in although I am not working nor affiliated with any antivirus companies. I love to see the techniques that are constantly being improved by malware programmers as they need to always be one step ahead of the antivirus. It is one big mistake to test and analyze malwares in virtual environment because they obviously didn’t know about anti-virtual machine, anti sandboxes and anti debug feature. Some good crypters that can make a malicious file undetectable by any antivirus has the capability to exit the process when it is being analyzed.

For example, if you try to upload it to ThreatExpert and have it analyzed, the report that you get 5 minutes later will not contain anything suspicious and you will end up running it thinking that it is safe. If you try to run it in sandbox such as Sandboxie, you will get an error saying “This program cannot be run in Sandboxes“.

Here are a few screenshot of crypters that has Anti’s feature which bypasses virtual machines, debuggers, online analyzers and debuggers.

As for my case, I dare to run any malicious files on my desktop computer because it is a standalone computer and doesn’t contain any password nor login information for the malware to steal. To see the damage that the malware has done to my computer, I simply need to use a software that tracks file and registry changes such as SysTracer which is a shareware that cost only $29.95 for a single user license. So far everything is good especially using the Windows 7 built-in system image backup.

Recently, I was looking for a firewall for Windows 7, and despite what you might think, that’s much harder then it sounds. The reason being is that I’m using WinPatrol for my HIPS and I don’t want to have a second one on m system, striking out Online Armor. Although, I found out later you could disable their HIPS, I still wasn’t too keen in using it either. At the same time, I don’t support Comodo for their security certificate issues which hopefully have been resolved but there is no assurances. When I last used PC Tools Firewall, I was annoyed out of my mind, still turning off their HIPS but it couldn’t remember what I had asked of it, so it prompted again and again, even after I asked for it to remember my settings. Finally, I gave up and went to using a front end to Windows Firewall, which is why today, I’m going to show you why you shouldn’t count it out just yet.

To start off, Sphinx Software makes an application called Windows 7 Firewall Control, which is available in a Free or Plus edition, as well as an interesting ‘Portable’ install of their Firewall as well. While I must pass on touching the Portable version, just that unique fact alone is something I found rather interesting about them. Windows 7 Firewall Control is exactly what it sounds like, offering a front end to a tad clunky interface that Microsoft rolled out for their firewall.

What I’m showing you here is the Advanced Screen that Microsoft rolled out, that allows for a wide level of customization under Windows 7. To make sure something won’t connect to the internet, you’ve got to modify the Outbound Rules, which while easier thanks to a wizard, is still a very clunky way of working with the built in Firewall. To compare it to Sphinx Software’s front end…

You simply hit the Plus sign, choose the application you wish, then set a rule for it. It isn’t any simpler then that. And like most firewalls that we’re used to under Windows, it will prompt you when it starts noticing applications accessing the internet. Unlike many firewalls I’ve used, however, the default is set to Block in the free version, so it won’t connect if you start using it without making a rule. The only thing that I’ve noticed about this ‘firewall’ application that I don’t like is the sound effect it makes when it detects a new process trying to access the internet, as well as the integration into the Windows 7 taskbar, both of which are possible to disable via the options tab. It’s Free version offers all that you need in a basic Firewall, but it’s Plus version offers quite a few different features as you can see on their site. I’ve not leak tested the Sphinxsoft Firewall, seeing as it’s technically Windows Firewall and as such, should preform the same way, to an extent. It is also very lightweight in running, taking no more then 3 megabytes of RAM while actively running. I’ve been testing their free version and I must say, I’m very much impressed on how much control I’ve now gained over Windows Firewall. If you look on Google carefully though, you will find an older version that will work for Windows XP, but with the new version, Sphinx-Soft is focusing on Windows Vista and 7. If you’re looking for a powerful, light, and completely functional front end for Windows Firewall, Sphinx-Soft Windows 7 Firewall Control is definitely my choice in all regards.

– Sphinxsoft Windows 7 Firewall Control –

Actually I heard about this news like weeks ago but when I tried to sign up, it still ask me for my mobile number. But I checked today again and found out that invitation is no longer needed. So everyone can sign up for Gmail without asking for invitation! Hooray!

I love Gmail. It has everything and it’s FREE! Check out the features of Gmail. It’s just too much to list it here.

I’ll list a few features that I think completes an email.
1. Big space
2. Antivirus
3. Antispam
4. POP3 and SMTP for Outlook
5. Check Gmail using Phone
6. Auto save messages. Never loose messages that you’re typing half way!

Of course, there are a lot more features than what is listed above. The above are ONLY what I think it’s important. The rest of the features are like bonus.

[ Sign up for Gmail ]

Well, it’s official. That someone who messed up the family’s desktop computer is also the same person who decided to use the TV we have for a second output. It’s understandable, that since we have an NVIDIA GeForce 5200, that also has a S-Video output, we would go out of our way to use it to output videos to the TV when the DVD player was getting repaired. But we thankfully got it back last night from the shop and have reconnected it to the TV, allowing for the troubles to start.

The first thing that happened when we booted up the computer was the fact we saw a large distorted version of the wallpaper that we had for a background on the one monitor, and no output on the other monitor. The first thing we did was try to check the properties of the NVIDIA card, and then the desktop properties, to try and repair what happened. When neither of these worked, my dad tried hooking up an old CRT monitor to the computer to try and simulate the TV. However, that didn’t work either.

What ended up working, after he went to bed was my solution. I booted up into Safe Mode by hitting F8 (as we all should know), and did the following:

1. Booted into Safe Mode
2. Went to the Device Manager
3. Removed the NVIDIA driver
4. Rebooted normally and reinstalled NVIDIA’s driver

At the end of all this, I still wasn’t done yet. For some reason unknown to me, the clock had reset itself to January 21, 2006, and I’m not someone who will leave a computer in unworking condition if it’s possible to fix it. So I went poking around, trying to sync the time with time.nist.gov and time.windows.com, both are respectfully the default time synchronization sites. When neither worked as expected (both actually threw up errors about the size of data it had to download) before looking online for a solution.

Believe it or not, there were a decent amount of sites that claimed that the Windows and NIST sites that Windows normally synchronizes the internet time with, were down or removed. I was able to find a very easy solution to the problem though, and that was to changed the Internet Time Settings to update from time-b.nist.gov which worked fine.

Puzzling was the fact that there was little mention of the bug in official Windows documentation. It made me puzzled to say the least, but perhaps MS isn’t aware of the bug either. If you try time-b.nist.gov and get the same error you did before, perhaps you might want to take a look at this site which lists a fair amount of time servers to help you set up your time, even if you don’t live in their time zone. In fact, the one I named is in Maryland, USA, but I’m in Atlantic Time in Canada! So that proves their usefulness without living there! Hopefully these two tidbits of information will come in handy for others in the future, and hopefully you won’t have to go looking all over for solutions to unusual problems!

Recently, the 2010 edition of Mandriva rolled out the presses and became available to download. For those who know nothing at all about Mandriva or it’s history, I must explain why to me this is a big deal. Before using Mandriva for the first time about seven months ago, I profess: I had an extreme hatred towards Linux systems using Red Hat. Not because of Red Hat itself, which I have never tried. But because of the fact that I could not find an RPM based distro that could sit down and act like Debian in providing a wide selection of choices. Before Mandriva, I had tried Fedora 11 (which I might add might be one of releases I hated, though Fedora 13 has made up for it), as well as VortexBox which were very poor examples of what Red Hat based distros could do. But trying out Mandriva’s last release before “Farman” was extremely promising. I had accidentally downloaded the KDE version and as a KDE hater, was extremely surprised at how responsive it was compared to Kubuntu or Fedora 11 with the KDE environment. So it was my pleasure when Leofelix requested I review Mandriva, since it was already on my list to review. And I must say, to sum this review up in as few words as possible, it’s managed to do an amazing job once more.

Mandriva Linux, which first started as Mandrake Linux, has had a longer history then Mint or Ubuntu, but is not one of the founding systems of today. It has always been based off of Red Hat and boasts a year long update cycle for anyone wishing to use the desktop distros. They are unique in the world of Linux distributions, in that they offer a Plus pack for those whom would like to pay for their codecs, a ‘One’ pack which is what I reviewed, and also provides closed source software within, as well as a ‘Free’, for those wishing to use Open Source products only. For 99% of the users out there, ‘One’ is good enough for you, especially because it offers a lot more then they make it out on their official site.

I must admit, the first boot off the CD of Mandriva was slow, even though I was using the GNOME desktop environment, though this is understandable when you think about how much it can hold. Once it starts to install, it goes at about the standard speed for Ubuntu, a bit on the slow side compared to some distros, but compared to others, still pretty fast. The major thing I found cool and good to see, although it took more time, was the fact that it checked to see what packages it didn’t need and offered to remove them. If selected to remove the packages, it seems to make the computer boot faster as there is less that it has to load up on boot.

Which brings me to my next point: the first boot. Much like OpenSUSE, it followed though and checked out my hardware, before offering to submit it to the Mandriva database. I’m personally one who would say no to something like that, so I declined it. Once into the main system though, it reminded me of the GNOME standard interface… because that’s exactly what it was. I customized it to my liking very easily and without any troubles, and found out a few interesting things while doing so.

Like OpenSUSE, Mandriva’s “Farman” release offers a ‘Configure Your Computer’ option, which would become something like the Windows Control Panel. It offers full configuration in a central location, one of the few things I enjoyed seeing in OpenSUSE. It also offers an extremely easy way of configuring your hardware. You simply use the Browse and Configure Hardware tool, which detects all that you’ve got connected to your computer easily. Much like Device Manager under Windows, it has a lot of use. And what’s even more amazing is the fact that it detected all my cards correctly and when I ran the Configuration tool for my Video Card, and was to select my video card, it offered to download and install the proper drivers when I chose the type of video card I had. Saying yes only took one Logout and Login (not even a reboot!) and it was set up perfectly! Installing packages can be run though this same tool, and hasn’t caused any problems yet. And what’s really cool, at least to someone like me, is the fact it’s preinstalled tools will require very little time needed to use any customization, as most of the common apps used are preinstalled. It does have flash pre-installed as well, but you have a choice like Fedora: you can choose to pay for the “legal” codecs or you can use the gstreamer codecs, which are free of cost, both of which will enable all other media playback you might need.

The only flaws I could find, or pick out in Mandriva seem more to me like attempts to add more features and not having enough time. I say this because there was the GNOME 3 Preview that was installed, which has come out recently for all operating system, though it was flickering every time that I tried to move the mouse or launch something, though that might also be because I’m using an ATI card: many people including myself can swear by NVIDIA working fine 9/10 times with Linux, ATI’s a bit trickier. (Hence why I’m using ATI… that and my NVIDIA card is presently on loan.) The only other complaint I have is a lack of XFCE as an option, though it does offer the extremely lightweight enviroment, LXDE as an option instead. Once in LXDE, I noticed a clear speed increase as I expected, but since Mandriva is light on 1.5 gigs of ram with GNOME or KDE… I don’t think it’s really needed as an option.

Overall, I’d have to give Mandriva’s “Farman” release a solid eight and a half out of ten. I’ve always been a Mandriva fan since the first time I’ve used it, and it remains to this very day one of the best distros I’ve used. RPM based or not, if you’re starting out with Linux and would like a gentle introduction to how Linux can work smoothly, without using Mint or Ubuntu, Mandriva’s certainly my choice for you. And if you’re more experienced with Linux, Mandriva still has a lot to offer you in terms of customization, stability, and the lightness that comes with their experience in the Linux market. Well done, Mandriva, well done. Once again, you prove that Red Hat can be amazing: it just depends on how you use it.

– Mandriva’s Site –

Your email account is probably the most important account on the Internet other than using it to exchange messages. You will have to provide your email address for most services that you sign up or software that you buy online for the purpose of recovering your password if you somehow forgot it and for the software publisher to send you the license information. If you loses your email address because someone hacked it, the hacker can actually gain access to all your other accounts such as Facebook, Twitter, Dropbox and etc by performing a password recovery to send a newly generated password to your email address which the hacker has access to.

One of the most used trick to gain unauthorized access to an email account is by guessing the secret answer to the secret question. Sometimes the secret question is not really that secret at all because they ask for your mother maiden’s name where any of your family member would know or even a stranger would via social engineering. If you haven’t realized, you really have a lot to lose when your Google account is hacked because one single Google account can be used on all services provided by Google such as AdSense, AdWords, FeedBurner, YouTube, Google Wallet, Google Drive and etc. As much as you try to keep your Google account safe, there will always be a risk for your Gmail account to get stolen.

I recently got to know that Google has implemented a 2-step verification which is a very effective method to prevent your Gmail account from being hacked by associating the account with your phone. A password can always be stolen either through your carelessness or from a malware such as keylogger but one thing that they cannot steal is your phone which physically belongs to you. If the hacker stole your password, they still won’t be able to login to your Gmail account because they do not have the additional time limited PIN code that can only be generated from your phone.

Matt Cutts, a head of Google’s Webspam team said that he would not trust his Gmail account without having two-factor authentication and he would feel naked on the Internet if he didn’t have this sort of protection.

Similar to the excellent LastPass, some concerned users wouldn’t want to use a cloud based password manager because they are afraid of storing their password online but personally I’m not worried about it because I have associated my LastPass account with a physical YubiKey. If someone knows my LastPass master password, they still won’t be able to login to my LastPass Vault without the YubiKey that is physically with me. In fact a few months ago when a Google account manager came to meet me, I noticed that she had to connect a YubiKey on her MacBook before she can access her private Google account.

If you’re convinced that turning on the 2-step verification will greatly keep your Gmail account secured but is worried about the difficulty in setting it up, let me walk you through it.

1. First visit your Google account’s security settings page from this link https://www.google.com/settings/security and log in if necessary.

2. The 2-step verification should show the status OFF. Click the Edit button for 2-step verification.

3. Click the Start setup button.

4. Enter your phone number and select the method to receive the codes, either by SMS or voice call and click the Send code button.

5. Google will now send you a text message via SMS to the phone number that you’ve entered if you’ve selected the SMS option or will call you to read out the code. Enter the verification code and click the Verify button.

6. Google will now ask you if you’d like to trust the current computer that you’re on so that it only ask for verification code every 30 days. You should keep the checkbox ticked if you’re on your computer. Click the Next button to continue.

7. Click the Confirm button.

8. Google will now inform you that some application may need new passwords because they do not support the 2-step verification. One example is if you’re using an email client such as Outlook to check your Gmail, then you will have to use the application specific password that is randomly generated because it will no longer accept your current Gmail password. You will however need to use your current Gmail password to access the web based Gmail instead of the random generated password.

9a. Once you’re at the 2-step verification settings page, I would strongly suggest you to add a backup phone number in case you temporarily do not have access to the primary phone number that is associated to your Google account.

9b. Install the mobile application so that you can also generate the PIN codes from your mobile cellphone when you don’t have cell coverage. Currently it only supports Android, iPhone and BlackBerry but not Windows Phone.

9c. Do print out the backup codes which is really useful when you do not have access to your primary and backup phone to generate the codes. The backup codes do not expire but can only be used once. You can always generate 10 new backup codes and doing that will disable all previously generated backup codes while only the latest ones will work.

Now that the 2-step verification has been turned on for your Gmail account, logging in to your Gmail from other computers will ask for the verification code. As for your computer, you will only be asked to enter once every 30 days that is if you’ve previously allowed Google to trust your computer.

This is a great initiative by Google to further enhance the security of our Gmail account for free! If you haven’t enable the 2-step verification for your Gmail account, I suggest you to do it as soon as possible.

Like all instant messengers, Yahoo Messenger also has their standard emotions or smileys. Simply click on the emotions button while chatting with a person and it will display a list of standard Yahoo emotions for you to choose.

Problem with Yahoo Messenger emotions is it is not possible to add new smileys but you can replace the existing ones. That is pretty much useless because only you will see the replaced emotions, not your friends as they will see the standard Yahoo emotions.

Yahoo made their messenger a little bit more interesting by adding hidden emotions which is not displayed in Yahoo Messenger emotions menu. There are dancing, praying, peace sign, alien, bug skill and many more… You can check out Yahoo Messenger hidden emotions at this page.

Wait, I’m not done yet! You know I only share interesting and extra ordinary news or tips with you. There are actually somemore hidden emotions which are not displayed on Yahoo’s hidden emotion page. They are Web Messenger Hidden Emoticons and Web Messenger Star War Edition Hidden Emotions. Check it out!

The same person (RedPhoenix89) who created Yahoo invisible scanner found out the secret undisclosed hidden emotions. I have no idea how he found it, but he did and he is so nice to share it with us. He made a page with all 181 Yahoo Messenger Emotions that includes all standard, hidden, star wars edition and web messenger edition emotions.

I’ve tested the hidden emotions using the client and the web messenger. Unfortunately some emotions doesn’t work both ways…
The Standard and normal Hidden emotions works both ways which means if I am using Web Messenger and you are using the desktop version of Yahoo Messenger, both of us can see the emotion.

As for Web Messenger Hidden Emoticons, only user using web messenger is able to see the emotions but not for desktop version. That’s why it is called “Web Messenger Hidden Emotions”. Finally, I test the Web Messenger Star Wars Edition Hidden Emotions and this is really weird. If I use web messenger to send the emotion to another person, both me and the other person using the desktop version don’t see the emotion. But if I use the client version to send the star wars emotions, desktop version don’t see it, but the web messenger sees it.

Out of curiosity, I notice that there is a version 9 Beta for Yahoo Messenger. I downloaded and installed it to test the hidden emotions. Nope, the hidden web emotions still don’t display on the client. I think most probably Yahoo is testing those icons and who knows they might include it in future versions of Yahoo Messenger using plugins or something…

[ Visit VNGrabber All Yahoo Emotions Page ]

Didn’t find what you want? The links below could help: