Completely Disable Autorun in Windows

One of the gaping and undeniably annoying security holes of the Windows family of operating systems is its "Autorun" function. Autorun is a feature where a program in a removable media (say USB drive, CD, or DVD ROM Drive) will be executed automatically upon insertion of that media onto your computer. Arguably, this makes distributed programs in removable media more user-friendly and easier to run and install. However, this also makes malware execute in your machine without the user's knowledge. Autorun can and does become a vehicle of infection for a large family of viruses that spread over USB drives; the mere act of USB insertion alone is sufficient for the worm or virus to spread to your machine.

This method of virus infection happens very often in cybercafes, and I happen to manage one. Customers usually need some files from their USB's, often for printing and saving their files. Much as you would want not to compromise the security of your machines, it's difficult to deny them the right to use their USB (and consequently the right to use their files).

And nope, I don't think it is wise to rely on antiviruses solely for this task (of course, it is best to have one). Antiviruses just perform "blacklisting" of all known malware at that time. They are ineffective for newly-created, new variants, or obscure malware. The best defense is still to completely disable the Autorun feature.

I have stumbled upon Panda Security's USB and Autorun Vaccine, a freely downloadable, tiny yet effective program that disables Autorun not only in your machine, but also on the USB Drives as well.

The Vaccine has two modes: Computer Vaccination and USB Vaccination. In computer vaccination, the Vaccine modifies some of your registry settings to disallow removable drives to automatically run when inserted. Sure, there are a lot of sites dedicated to instructing these series of registry edits to achieve this end, but nothing beats the simplicity of the one-click vaccination that Panda offers.



In USB Vaccination, Panda does an amazingly simple yet foolproof trick. Since AUTORUN.INF is the file that Windows looks for in a removable drive in order to know what action to perform upon insertion of the drive, Panda creates a blank, umodifiable AUTORUN.INF on a FAT/FAT32 USB, never to be overwritten nor removed by any malware. (For the lack of USB drive around at the moment, I haven't really tried yet if it can be set as "not hidden" and "not readable" by the 'attrib' command, but I'd bet that the move is easy to anticipate and has been seen by Panda. If you have tried, just tell me.) End result? Your USB won't be a carrier of the virus and won't spread it to "non-vaccinated" machines.

All in all, Panda USB and Autorun Vaccine worked quite well for my cybercafe machines, and for my work PC as well, and could possibly be a valuable addition to your multi-layered defense as well. The site claims that the vaccine has been tested under Windows 2000 SP4, Windows XP SP1-SP3, and Windows Vista SP0 and SP1.

Welcome to Claustrophobic

Welcome to Claustrophobic, a place where I intend to share my thoughts, my learnings, my journey, and have meaningful conversations with you. Yes you, browsing there behind your monitor at this very moment. This is where I discuss things that I hope will be of use to you and to netizens over the world, or anything that you might relate to or be of value to you.


Judging from my background as a Computer Science major form University of the Philippines Diliman, and current working as a Software Engineer in Creo Studios with a strong background in Web Development (PHP, Java, .NET), you could expect more often than not technical articles, how-to's, software reviews, and tips and tricks that I hope you could use yourselves in your day to day internet activity, programming, and computer use. This is not always the case, of course, and we would not shy away from any controversial topics in politics, in pop culture, or, heaven forbid, romance.

This "introduction", long overdue as this blog would be nearing it's 5th birthday on June 21, 2009, is due to the change in title, and thus overall format, of this blog. Once titled "Unchain your mind, Scatter your thoughts", it was once created as a "literary blog" (read: release of an angsty frustrated romantic college poet) that does not serve any purpose at all but to the author (me, of course). Now it is renamed as "Claustrophobic: No confinements, no restraints.", to reflect my promise to fill this blog with articles (and hopefully reader replies) that are relevant, disinterested (yet I intend to be interesting!), and useful to readers. I guess from my side, I consider this as growth from my old college introversion to my current desire to add value to the internet community that I am in. After all, I would not be here happily at my job right now without the multitude of tech blogs, forums, and how-to's out there that discusses topics ranging from displaying Chinese characters in Firefox to running Mac OSX Leopard in PowerBook G4. Maybe it's time to give back knowledge.

Enough about the blog and me. I hope to chat with you all sometime. Have a nice day.

Tindahan Ni Aling Nena by Eraserheads

Joining the Eraserheadsmania...

Tindahan ni Aling Nena is one of the less known songs of Eraserheads which unfortunately failed to make it in the list of songs in the Eraserheads Reunion Concert. I do not know also if anyone else shares my enthusiasm with the song. However, it stayed as one of my favorite Eraserheads song because of its unique and funny theme, and the fact that unlike most songs about love, this one ended neither in "sweet surrender" nor "rivers of tears of a broken heart" but a more realistic (and often encoutered) "walaaaaaaaa!" ;)

Since I could not find an official MTV of the song, below is a "home-grown" MTV of Tindahan ni Aling Nena (done by a group of UP students from UP-CMC Broadcasting Association, nobody among the cast I know personally). It was funny and creative (I really was laughing out loud while watching the video!), and reminded me of the same video requirements we used to have in our Social Science classes. Enjoy!



Lyrics of the song (from lyrics.rebelpixel.com):

Tindahan ni Aling Nena
Eraserheads

Isang araw…

Pumunta ako sa tindahan ni aling nena
Para bumili ng suka
Pagbayad ko aking nakita
Isang dalagang nakadungaw sa bintana
Natulala ako laglag ang puso ko
Nalaglag din ang sukang hawak ko

Napasigaw si Aling Nena
Ako naman ay parang nakuryenteng pusa
Ngunit natanggal ang hiya nang nakita ko na
Nakatawa ang dalaga

Panay ang “sorry ho”
Sa pagmamadali nakalimutan pa ang sukli ko
Pagdating sa bahay nagalit si nanay
Pero oks lang ako ay inlababo ng tunay

[chorus]
Tindahan ni Aling Nena
Parang isang kwentong pampelikula
Mura na at sari-sari pa ang itinitinda
Pero ang tanging nais ko ay ‘di nabibili ng pera

Pumunta ako sa tindahan kinabukasan
Para makipagkilala
Ngunit ang sabi ni Aling Nena
Habang maaga’y huwag na raw akong umasa
Anak niya’y aalis papuntang Canada
Tatlong araw na lang ay ba-bye na.

[repeat chorus]
Hindi mapigil ang damdamin
Ako’y nagmakaawang ipakilala
Payag daw siya kung araw-araw
Ay meron akong binibili sa tinda niya

Ako’y pumayag at pinakilala niya
Sa kanyang kaisa-isang dalaga
Ngunit nang makilala siya’y tumalikod na
At iniwan akong nakatanga

[repeat chorus]

[chorus 2]
Tindahan ni Aling Nena
Dito nauubos ang aking pera
Araw-araw ay naghihintay
O Aling Nena,please naman maawa ka-ahh
Alam nyo’ng nangyari?
Wala–ahh wala–ahh
oh diyos ko!
Wala–ahh wala–ahh

Magkita Na Tayo (Maja Salvador and Rayver Cruz)

Just heard this song the day ago in the shuttle radio while going to work. It's entitled Magkita Na Tayo, performed by Maja Salvador and Rayver Cruz. Personally, I liked its acoustic way of being played, which matches perfectly its theme of initial sparks of teenage love, bridged by the wonders of the Internet through chatting, and the uncertainty and excitement of looking forward to meet him/her personally.

Enjoy :) I can't get a complete version in YouTube though... If you know the complete lyrics (amazingly, no lyrics yet exist on the Internet!), just message me so that I can complete it.



Magkita Na Tayo
song from Kelly!Kelly!
performed by Maja Salvador and Rayver Cruz
composed by Jimmy Antiporda
additional lyrics by Francis Concio

Sino ka ba, parang matagal na kitang kilala
Kausap kita araw-araw kahit di pa tayo nagkikita
Sino ka ba...

Sino ka ba, parati nalang kitang kasama
pag-uwi ko sa bahay pagkatapos ng eskwela

Ilang basketball ang games ang iniwan ko
para dumiretso sa computer ko
Ilang after-school gimmicks ang iniwan ko
para dumiretso sa computer ko

Ngunit hanggang dito nalang ba tayo
Sa sarili nating mundo?

Chorus:
Magkita na tayo (magkita na tayo)
Gusto pa kitang makilala pa
Magkita na tayo (magkita na tayo)
Gusto kong makita ang iyong mukha
Magkita na tayo (magkita na tayo)
Gusto kong marinig ang boses mo
Magkita na tayo (magkita na tayo)
Alam kong matagal na tayong ganito
Kaya't magkita na tayo.

English Translation (for the benefit of my non-Tagalog global readers). Note: this is NOT an official translation, this is just my humble attempt for it to be understood by most of the netizens.

Who are you, it's as if I've known you for so long
I speak with you daily, even though we haven't seen each other yet...
Who are you...

Who are you, I'm always with you
when I come home after classes

How many basketball games have I missed
just to go straight to my computer after class?
How many after-class gimmicks have I dropped
just to go straight to my computer after class?

But is this all we could ever be?
In a world we created for ourselves?

Let's meet up (let's meet up)
I want to know you better
Let's meet up (let's meet up)
I want to see you face
Let's meet up (let's meet up)
I want to hear the sound of your voice
Let's meet up (let's meet up)
I know we're both waiting for this
So, let's meet up. ;)

consoleFish from Serfish.com: Web-based SSH Client. Workaround against corporate firewalls and proxy servers!

There are times when you just need secure shell access (SSH) to an outside box, but your network just won't allow it (maybe due to corporate policy, security settings, blocked ports, wrong network configuration, or whatnot). Since most of the networks today (whether corporate, academe, or personal) are configured and geared towards accessing the World Wide Web, wouldn't it be great if you can do a secure shell with just your browser, and skip all the security loops to jump?

Searching the net for a solution brought me to Serfish.com, a website that offers an ajax-based SSH client named "consoleFish". You can possibly access an external terminal by just a web-browser. Below are the screenshots of the website:

Front Page (Click to view larger image)

Using the service is really straightforward. Just type in the IP address of the external server you want to access, and your usename inside it, and a separate browser resembling the familiar SSH terminal would appear.

Ah, the familiar SSH terminal! (Click to view larger image)

Pros:

* For a start, it freaking works. Despite the strict network policies in my company, I have snaked all around it thanks to this precious gem. Wonderful :)

* Works great on Internet Explorer 7 and Firefox 2. Tested on both, and it runs well.

Cons:

* There is no free lunch. You can try it for free, but an annoying captcha checks "whether you are human" every 5 freaking minutes (or more often). This puts doubt into me that the main reason of the captcha is not to avoid robots as to force users into purchasing the service (with 3 Euros per month, or 201.09 Philippine pesos per month to date). The cost is actually quite affordable and reasonable, but hey, the best things in life are free, so there.

Stop bugging me! (Click to view larger image)

* You have to be aware that you shall be transmitting data to the consoleFish server, and this data (that is, the keystrokes you used to do remote shell) is available to to consoleFish server and software in plain text. A disclaimer tells that everything you type to consoleFish is technically feasible to be read by them and their staff, and you have to trust them that they won't do the peeking:

IMPORTANT NOTE: When using the consoleFISH (or any other web SSH client) you have to be aware of the fact that all data you send is available in unencrypted form at the tunnelling server, where (theoretically) it could be read. It is thus important that you trust our security policies when connecting to your servers via the secure shell client provided on this site. Fur further details please consult our notes on web shell security.

All in all, I think this is useful for petty network hacks and medium scale tunneling with no confidential files involved (in my case, downloading files from sourceforge.net, as SourceForge is blocked from our company network. Sometimes it makes me wonder why they are so afraid of open source.) But for serious high security web based SSH access where no third party should be implicitly trusted, this may not be for you. You might consider setting up your own HTTP server with custom SSH modules in the web server.