Many people ever heard about Heuristic detection or in other name some security product called it TruPrevent, AHeAD as well as Portable Antivirus called it Alternator Heuristic Technology (AHT). In simple word, Heuristic technology is a method to determine if the program is similar to the previous detection of common viruses.

Here it is a good explanation about Heuristic taken from Wikipedia:

There is several way for making Heuristic detection:

1. Detecting double extension file
2. Detecting based on PE-Section hash
   
3. Detecting based on Resource Section
4. Detecting based on Compression method
5. Detecting based on String
6. Detecting based on API

and many more...

It's official, the floppy drive is dead. Indeed, Dell and a plethora of other PC manufacturers have simply stopped including the decades-old drive, thanks in no small part to the smaller, lighter, and faster USB flash drive that can carry over 1,000 times the standard 3.5" floppy. We've watched the evolution of the portable data disk, but now it's time to take that evolution a step further.

Enter the U3 smart drive. Co-developed by SanDisk and M-Systems, the open-standard U3 platform allows users to take their applications, not just data, with them to any USB-equipped Windows PC and to launch them with as little as two clicks. True, while applications have been tweaked by users to run directly off a flash drive, applications written for U3 smart drives don't require a geek to set up, and are 100% legal to operate.

Two Letters for the Price of One
The first time we plugged our retail Geek Squad U3 Smart Drive into the computer, Windows automatically recognized the drive and set the Add New Hardware wizard to work, identifying not one but two drives taking up two drive letters.
A small, 4MB read-only system partition of the U3 drive pretends to be a CD-ROM drive, while the data partition shows up as a regular flash drive. Because Windows is led to believe that the system partition is a CD, U3 takes advantage of the AutoPlay feature in windows to automatically run the U3 LaunchPad and unlock the data partition of the drive. It should be noted that U3 will run on any Windows 2000/XP system, regardless if the user has administrative rights or not.

After the LaunchPad's animated splash screen disappeared, we were greeted by an Oddcast talking presentation of the U3 platform's features and a quick intro of how to use the LaunchPad and download additional applications. Kudos goes to whoever thought of using the Oddcast system for a quick intro of how to use the drive, as it provides a user-friendly way for new users and computer-illiterate types to quickly jump into using the drive.

Apps Ahoy!
The LaunchPad is the heart of the U3 smart drive, and bears a striking resemblance to the Windows XP start menu. Accessed from a U3 icon in the system tray, it provides quick access to applications and documents installed on the U3 smart drive, as well as mean to manage them.

The left side of the LaunchPad lists the installed applications and next to their icons, with a convenient Download Programs link underneath that links to the U3 software catalog. The right side of the LaunchPad contains links to open the data partition in an explorer window, manage installed apps and the drive itself, and get help.

Programs can be either downloaded via the built-in web browser (barebones Internet Explorer), or installed from a file on the local computer. In the case of the Geek Squad drive, we are given a third option to download software from the Geek Squad's software catalog (actually hosted by M-Systems, one of the U3 co-founders), which is just the three applications and intro that came preloaded. Not that it matters to most users, but there are two file-types associated with the U3 platform. *.u3i is an XML-based text file that defines the application's version, download path and working parameters, whereas *.u3p is a zip file containing everything needed to run an application.

Most users will find themselves downloading new programs from software.u3.com. While somewhat quirky in design, the site organizes the various applications into 9 different overlapping categories that can then be sorted by name, price, or download availability. Quick links to download freeware or trialware allow users to quickly try software before making a purchase decision. A Top-5 Downloads and Coming Soon section also help to see what new applications everyone's raving about.



While some of our favorite applications like Dmailer, Thunderbird, Trillian, Winamp and McAfee AV are already out for download, it's quite interesting to see what's headed to the platform. Skype's PC to Phone VoIP service, Firefox's superior web browser, PocketSearch's file content search, and PocketCache's snapshot-based backup system are sure to make a splash when they become available, and there's even a DVD authoring program headed for the drive. What strikes us as odd however is that we couldn't find any word processing applications mentioned yet, so for now we'll just have to fill the gap with Portable OpenOffice.

Once a U3 application is installed on the drive, you can specify the order in which it appears in the LaunchPad, and tell it to start every time the drive is plugged into a computer. Detailed statistics on the version, footprint of the program, last run time, and vendor are also available.


For Your Eyes Only
It's possible to lock down the U3 smart drive's data partition with a password so that files will remain secure from prying eyes, complete with password hint. When security is enabled, the CD-ROM partition will load first, and will only enable the data partition after authentication. A password hint can be specified for those with bad memories, and in a worst case scenario the entire data partition can be erased if the password is truly forgotten.

Enabling security comes at the expense of backwards compatibility however. Because U3 is only compatible with Windows 2000 and XP, any Mac, Linux, or Windows 98/ME users will not be able to authenticate themselves to see the partition. When plugged into a Mac running OS X 10.3, we didn't see the data partition at all until security was disabled. Users working in a cross-platform environment may wish to look into an alternative security application to secure their documents. Also, it is unclear if files stored on the drive are encrypted or not, but most likely they are not because it takes mere seconds to enable security for a near-full 512MB drive.



One curious discovery we made was mention of a self-destruct feature in the U3 help files, stating that after a certain amount of invalid password attempts, the drive would lock itself permanently requiring a total reformat. We tested this on the Geek Squad drive, but after 100 invalid password attempts our data was still accessible. Only time can tell how secure the U3 platform really is.

The Bottom Line
U3 is an important step in the evolution of how we get our work done. User-friendly and well documented, U3 smart drives are something that we could actually give to our grandparents without worrying about how many times they'll be calling us for tech support.

In the future when office applications are released, parents can send their U3-equipped kids off to college knowing that they can get their work done on any of the school computers without having to buy an expensive laptop. Perhaps most importantly, people with multiple computers will actually be legal and don't have to deal with paying over $300 on products like Office thanks to End User License Agreements (EULAs) being written per flash drive instead of per computer.

About the only thing we can see wrong with the U3 platform is the lack of cross-platform compatibility, but that might change later on now that Macs are going x86.

By Scott Clark, Consumer Technology Editor
Edited by Alternator

Since a few years ago, i'm very interest and study about software exploit, shellcode, metasploit and so on. Here it is a few list of website contain information and exploit code that can be found:

1. http://www.milw0rm.com/
2. http://www.securiteam.com/
3. http://neworder.box.sk
4. http://www.governmentsecurity.org/
5. http://www.metasploit.com/

If you have any other good website that related to this topic. Feel free to share with me... ;D

There is many great website around the world. This is only less than 0.01% of total best website but its worth it. This page will show you most of Malaysian security related website.

Malaysian Security Related Website:

www.malaysia-best.com/vbuster/index.htm
www.hmsecurity.org
www.geekzlife.net
www.malaysiav.com
www.neologylab.com

Malaysian Official Cyber Security Agencies:

www.mycert.org.my / www.cybersecurity.org.my

Malaysia IT Forum

www.putera.com
www.lowyat.net
www.ittutor.net

Adware
Adware is software that presents banner ads or in pop-up windows through a bar that appears on a computer screen. Those advertising spots usually can't be removed and are consequently always visible. The connection data allow many conclusions on the usage behavior and are problematic in terms of data security.

Backdoors
A backdoor can gain access to a computer by going around the computer access security mechanisms.

A program that is being executed in the background generally enables the attacker almost unlimited rights. User's personal data can be spied with the backdoor's help, but are mainly used to install further computer viruses or worms on the relevant system.

Boot viruses
The boot or master boot sector of hard drives is mainly infected by boot sector viruses. They overwrite important information necessary for the system execution. One of the awkward consequences: the computer system cannot be loaded any more…

Bot-Net
A Bot-Net is collection of softwarre bots, which run autonomously. A Bot-Net can comprise a collection of cracked machines running programs (usually referred to as worms, Trojans) under a common command and control infrastructure. Boot-Nets server various purposes, including Denial-of-service attacks, etc., partly without the affected PC user's knowledge. The main potential of Bot-Nets is that the networks can achieve dimensions on thousands of computers and its bandwidth sum bursts most conventional Internet accesses.

Dialer
A dialer is a computer programm that establishes a connection to the Internet or to another computer network through the telephone line or the digital ISDN network. Fraudsters use dialers to charge users high rates when dialing up to the Internet without their knowledge.

EICAR test file
The EICAR test file is a test pattern that was developed at the European Institute for Computer Antivirus Research for the purpose to test the functions of anti-virus programs. It is a text file which is 68 characters long and its file extension is “.COM” all virus scanners should recognize as virus.

Exploit
An exploit (security gap) is a computer program or script that takes advantage of a bug, glitch or vulnerability leading to privilege escalation or denial of service on a computer system. A form of an exploit for example are attacks from the Internet with the help of manipulated data packages. Programs can be infiltrated in order to obtain higher access.

Grayware
Grayware operates in a way similar to malware, but it is not spread to harm the users directly. It does not affect the system functionality as such. Mostly, information on the patterns of use is collected in order to either sell these data or to place advertisements systematically.

Hoaxes
The users have obtained virus alerts from the Internet for a few years and alerts against viruses in other networks that are supposed to spread via email. These alerts are spread per email with the request that they should be sent to the highest possible number of colleagues and to other users, in order to warn everyone against the "danger".

Honeypot
A honeypot is a service (program or server), which is installed in a network.

It has the function to monitor a network and to protocol attacks. This service is unknown to the legitime user - because of this reason he is never addressed. If an attacker examines a network for the weak points and uses the services which are offered by a Honeypot, it is protocolled and an alert sets off.

Keystroke logging
Keystroke logging is a diagnostic tool used in software development that captures the user's keystrokes. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on certain clerical tasks. Like this, confidential and personal data, such as passwords or PINs, can be spied and sent to other computers via the Internet.

Macro viruses
Macro viruses are small programs that are written in the macro language of an application (e.g. WordBasic under WinWord 6.0) and that can normally only spread within documents of this application. Because of this, they are also called document viruses. In order to be active, they need that the corresponding applications are activated and that one of the infected macros has been executed. Unlike "normal" viruses, macro viruses do consequently not attack executable files but they do attack the documents of the corresponding host-application.

Polymorph viruses
Polymorph viruses are the real masters of disguise. They change their own programming codes - and are therefore very hard to detect.

Program viruses
A computer virus is a program that is capable to attach itself to other programs after being executed and cause an infection. Viruses multiply themselves unlike logic bombs and Trojans. In contrast to a worm, a virus always requires a program as host, where the virus deposits his virulent code. The program execution of the host itself is not changed as a rule.

Script viruses and worms
Such viruses are extremely easy to program and they can spread - if the required technology is on hand - within a few hours via email round the globe.

Script viruses and worms use a script language such as Javascript, VBScript etc. to infiltrate in other new scripts or to spread by activation of operating system functions. This frequently happens via email or through the exchange of files (documents).

A worm is a program that multiplies itself but that does not infect the host. Worms can consequently not form part of other program sequences. Worms are often the only possibility to infiltrate any kind of damaging programs on systems with restrictive security measures.

Spyware
Spyware are so called spy programs that intercept or take partial control of a computer's operation without the user's informed consent. Spyware is designed to expolit infected computers for commerical gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements. AntiVir is able to detect this kind of software with the category "ADSPY" or "adware-spyware".

Trojan horses (short Trojans)
Trojans are pretty common nowadays. We are talking about programs that pretend to have a particular function, but that show their real image after execution and carry out a different function that, in most cases, is destructive. Trojan horses cannot multiply themselves, which differenciates them from viruses and worms. Most of them have an interesting name (SEX.EXE or STARTME.EXE) with the intention to induce the user to start the Trojan. Immediately after execution they become active and can, for example, format the hard drive. A dropper is a special form of Trojan that 'drops' viruses, i.e. embeds viruses on the computer system.

Zombie
A Zombie-PC is a computer that is infected with malware programs and that enables hackers to abuse computers via remote control for criminal purposes. The affected PC, for example, can start Denial-of-Service- (DoS) attacks at command or send spam and phishing emails.

PE Editor/Memory Dump:
LordPE Deluxe
OllyDump

Explorer Suite (Combine with all the tools we need).

Packer/ID Detector:
TrID
PEiD
ExeInfo PE
Protection ID
AT4RE FastScanner
DiE (Detect it Easy)
RDG Packer Detector
Jim Clausing's Malware Packer Signatures
Neil's Collection of Packer Signatures
packerid.py (Python)

Sometime, one packed detector is not enough. Not all detector can detect all packer.

Disassembly/Debugger Tools:
OllyDebugger, OllyScript
Interactive Disassembler (IDA)

Resource Viewer:
PE Explorer
ResHacker

Process Monitor:
Sysinternals Process Explorer

File & Folder Watcher:
SpyMe Tools

Registry Snapshot:
RegShot

Network Tools:
WireShark
NMap
Snort

Honeypot:
HiHAT (Website)

Sandbox:
Sandboxie

Other Miscellanous tools:
Sandboxie
VMWare
Microsoft Virtual PC

Online tools:
VirusTotal
ThreatExpert