Why is this download flagged as malware?

Why is this download flagged as malware?.

So I have often been asked to explain to someone how to be sure that a program or application that they download is safe and not infected with a virus or a trojan.
First of all, Always
1. Download from the official site or source of the program.
and you “can sometimes”…
2. Use a tool to check that the md5 or Sha hash of the application is the same as the software manufacturers advertised I use a very simple tool called Febooti File Tweak Hash and CRC… but there are many tools out there that do this and I have not tested these types of programs, I don’t even use it that often, but some people will swear that it is very important to always check your md5 or sha hashes to verify an application’s authenticity. The reason I do not use this method often is that I have not personally experienced infected software that often, and also many application vendors do not even offer you the original hash with which to check.

However, I use other methods to be sure that my software is authentic, including but not limited to expensive security software, HIPS, NIPS, Anti-malware and sandbox software, etc. I try to always download from trusted sources. I must point out, however, that it is possible that the original download source of an application can become corrupt or infected, but this is not common, (it is up to the software company to secure the servers that are hosting the download.)

So, in summary, you should always download from the site of the company that actually developed the software you are downloading. Now, there are certain cases where I have often seen software companies package something called opencandy with their software, however, and it is debatable whether this is in fact spyware.(it is flagged as malware by ESET). I have had several debates with the opencandy developers about this software, so i do not intend to devote any more of my time into explaining why I feel it is indeed malware. The reason that software developers sometimes package their free software with some type of adware is that it makes them money. Just be aware that when you download free software, it may indeed include some type of monetizing code that may attempt to steal your data. This is not alarmingly common however, and any “reputable” software developer will often notify you of their applications contents. I always tend to look for an Open Source alternative, (one that has its actual code available for anyone to look at and read.)

JG Network Security Research Lab Speedtest

Our new lab is about to go live – speed is finally pretty optimal for testing- 48.98Mbps down 15.02Mbps up.

We’ve been trying to optimize without spending a boatload of money on bandwidth, so this speed should be fast enough for basic webapp pentesting. We have tried some new methods and they seem to be working well.

More on this later – time to get back to the lab.

How to Clean Up Your Messy Windows Context Menu – How-To Geek

How to Clean Up Your Messy Windows Context Menu – How-To Geek.

How to Clean Up Your Messy Windows Context Menu
One of the most irritating things about Windows is the context menu clutter that you have to deal with once you install a bunch of applications. It seems like every application is fighting for a piece of your context menu, and it’s not like you even use half of them.

I will explain where these menu items are hiding in your registry, how to disable them within the registry, and an easier cleanup method for those who don’t want to get down and dirty in the registry.

Cleaning the Context Menu by Hacking the Registry

If you want to clean things up the fun way, you can open up regedit.exe through the start menu search or run box, and then browse down to one of the following keys, unfortunately, the context menu items are not stored in a single location.

Most of the menu items that used for all files and folders can be found by looking at one of these keys:

HKEY_CLASSES_ROOT*shell

HKEY_CLASSES_ROOT*shellexContextMenuHandlers

HKEY_CLASSES_ROOTAllFileSystemObjectsShellEx

Items that are specific to folders can usually be found in one of these keys instead:

HKEY_CLASSES_ROOTDirectoryshell

HKEY_CLASSES_ROOTDirectoryshellexContextMenuHandlers

The context menu items found at these different locations will need to be handled differently, and I will explain how.

Dealing with “shell” Items

Let’s take a look at one item as an example… if you browse down to the shell key under Directory you’ll see the items for Add to VLC media player and Play with VLC. Items under the regular “shell” key are sometimes easy to spot, and easy to get rid of.

If you want to hide one of these items so that you’ll have to Shift+Right-Click, then you can add a new string value on the right-hand side and name it “Extended”

If you’d like to disable it instead, but don’t want to delete the key, you can add a new string value and call it “LegacyDisable”.

And of course, you could just delete the whole key if you really wanted to… but I’d export a copy just in case.

Dealing with “shellex” Items

You probably noticed the other registry keys above that have “shellex” (Shell Extension) in the name instead of just “shell”. Those types of keys will need to be handled differently… for an example, we’ll head down to one of the keys mentioned above:

HKEY_CLASSES_ROOTDirectoryshellexContextMenuHandlers

These items will be a little more tough to decipher… but you can usually figure out an item by the key name on the left, and then just modify the (Default) value by putting a few dashes in front of it, which will disable the item without actually deleting anything.

You’ll want to go through each location in the list at the top of this article until you figure out where exactly the offending items are located. At that point, you can use one of the tricks we mentioned in order to disable that item.

Dealing With Specific File Type Items

Sometimes, although not often, the menu items are located on the registry key for a specific file type. In that case you’ll need to first locate the file extension key by looking under HKEY_CLASSES_ROOT for that extension, which will tell you the name of the key that you need to look for.

For instance, if I wanted to remove a menu item for Excel documents (.xls) I would look at this registry key, which gives me the name of the actual key to look under…
HKEY_CLASSES_ROOT.xls

I’ll then browse down to this registry key:

HKEY_CLASSES_ROOTExcel.Sheet.8shell

And now I can use the same techniques as above to disable items under “shell”… remember LegacyDisable and Extended? Yep, those work here.

Cleaning Up the Context Menu the Easy Way

Instead of hacking the registry, you can use two different NirSoft utilities to clean up the context menu. Sadly, some of the menu items are implemented as Explorer shell extensions (like the “shellex” keys we explained above), and some are implemented as regular context menu items (like the regular “shell” keys we explained above).

The first tool we will check out is ShellMenuView, which allows us to manage all of those “shell” key items with an easy to use interface.

Just browse down until you find the offending item, then click the Disable button… which will actually create a LegacyDisable key just like we explained in the manual section above.
Next, we need to disable those “shellex” or Shell Extensions, using another great Nirsoft utility appropriately called ShellExView. This one works the same exact way as the first utility… just click on the Disable button to remove the items.

Go forth, and clean your context menu clutter! And yes, this works the same in all versions of Windows.

Courtesy of Howtogeek.com

How to Add Any Application to the Windows Desktop Right-Click Menu – How-To Geek

How to Add Any Application to the Windows Desktop Right-Click Menu – How-To Geek.

Adding Applications to the Desktop Context Menu

For today’s lesson we’ll show you how to add Notepad to the menu, but you could add any applications you want instead. The first thing you’ll want to do is open up regedit.exe through the Start Menu search or run box, and then browse down to the following key:

HKEY_CLASSES_ROOTDirectoryBackgroundshell

Next, you’ll want to create a new key underneath the shell key, the name of which is exactly what is going to show up on the desktop menu. Right-click on the “shell” key, and then choose New Key from the menu.

Give the new key the name that you want to show up on the desktop context menu. For this example we’ll be using Notepad.

Optional: If you want to assign an “Alt” key to this menu entry for quicker access, you can change the (Default) value on the right and put an & character in front of the key you want to use. For instance, if you wanted to be able to just use the N key to launch Notepad once the desktop context menu pops up, you can do this:

Personally I don’t find this terribly useful since you have to use the mouse to right-click on the desktop… may as well just use the mouse to click the item. Still, for completeness I’ve included it.
Next you’ll need to create the command key that will actually hold the command used to launch the application. Right-click on the new Notepad key, and then choose New Key from the menu.
Give this key the name “command” in lowercase.

To complete this step you’ll need the full path to the application that you want to launch. You can use Shift + Right-Click to get the Copy as Path menu item to find this more quickly. Note: of course, for Notepad you wouldn’t need the full path, but this is just an example.

Now click on “command” on the left side, and then double-click on the (Default) key in the right side to edit the string value.

Paste in the full path to the executable that you got from the “Copy as Path” step above, or you can put in the full path yourself if you’d like.

And right-clicking on the desktop will produce the new menu item… naturally, using this menu item should launch Notepad.

You can add as many applications to the desktop context menu as you’d like, just repeat the steps again with a new menu item name.