How to set short command in IOS to save time

Using Aliases for CLI Commands

Category: Command line

To save time and the repetition of entering the same command multiple times, you can use a command alias. An alias can be configured to do anything that can be done at the command line, but an alias cannot move between modes, type in passwords, or perform any interactive functions.

Command Alias	Original Command
h	help
lo	logout
p	ping
s	show
u or un	undebug
w	where

To create a command alias, issue the alias command in global configuration mode. The syntax of the command is alias mode command-alias original-command. Following are some examples:

•Router(config)# alias exec prt partition—privileged EXEC mode

•Router(config)# alias configure sb source-bridge—global configuration mode

•Router(config)# alias interface rl rate-limit—interface configuration mode

To view both default and user-created aliases, issue the show alias command.

For example :

In configure mode enter:
Router(config)#alias exec sib Show ip Int Brief

hit enter and exit config mode. Now type sib and you should get the output from the show ip interface brief command. Note that the odd capitalization isn’t needed, it’s just a thing I do to help me remember what the alias is doing.

You can pipe it just like you could normally, so sib | i down will show only lines with “down” in the text. If you type sib, add a SPACE and then hit TAB the alias will be expanded to Show ip Int Brief.

You could alias create aliases like:

Router(config)#alias exec sibd Show ip Int Brief | include down *down

That will show you only interfaces that have “down”, some spaces, and “down” again. If you’ve got a router/switch with a hundred or more interfaces this is a quick way to look for the one with the problem.

Alias exec isn’t the only option, it’s also possible to create aliases that only work in config mode or config-interface mode.

The Best New Features in Windows 7

Windows 7, in all of its various flavors, won't be available in stores until October 22. But, Microsoft announced the availability of a 90-day free trial of Windows 7 Enterprise. That gives you an almost 2 month jumpstart to either start taking advantage of new features of Windows 7, or to test out Windows 7 to decide if you want to make the switch when it becomes available.

Here are a few of the top new features that I think make it worth your time to take advantage of the Windows 7 90-day trial.

Action Center. Microsoft introduced the Windows Security Center feature in Windows XP. Windows 7 renames it as the Action Center and expands the scope of information provided. The Windows 7 Action Center notifies you about security-related issues, but also provides a one-stop-shopping view of system status and maintenance concerns.

Blu-Ray support. In case you haven't gotten the memo, the hi-def DVD war is over and Blu-Ray won. Blu-Ray drives aren't ubiquitous just yet, but more and more PC and laptop manufacturer are including Blu-Ray players and recorders in systems. Windows 7 provides native support for reading and writing to Blu-ray discs.

Device stage. Adding new hardware is often a frustrating and confusing exercise with Windows. Windows 7 includes a feature called Device Stage to simplify the process. Device Stage provides a single console for managing devices such as printers, webcams, and mobile phones. Device Stage can be customized by the device vendor, so the information and functionality available for a given device will vary from one vendor to another.

BitLocker-to-Go. Microsoft introduced BitLocker Disk Encryption in Windows Vista .The initial version could only encrypt the drive volume that housed the Windows operating system, but with Service Pack 1 Microsoft extended BitLocker so that other drives and volumes on the system could be protected as well. With Windows 7 BitLocker goes one step farther by adding BitLocker-to-Go for encrypting data on USB thumb drives and other removable media.

Aero Peek. At first I thought this was just silly eye candy. After using Windows 7 for awhile I have discovered just how useful Aero Peek can be. Rather than fishing through all of the tabs on the Taskbar trying to find the program or instance you need, you can view thumbnails of open instances by simply hovering over the item on the Taskbar. Moving the mouse to hover over a thumbnail image brings that instance up to full screen view for closer inspection. It may be a little thing, but it's a little thing that helps me work more efficiently.

Aero Snap. The same thing goes for Aero Snap. My initial response was 'cool gee-whiz factor, but who cares?' Now I find it invaluable for working with programs. I can quickly maximize and minimize windows just by dragging them. The part that really helps me is the ability to automatically resize a window to occupy only the left or right half of the screen by dragging it to one side or the other. I frequently work with two windows side by side and used to have to manually resize the windows to accomplish the same thing.

Jump Lists. Windows users are probably familiar with the concept of Recent Items. The Recent Items link is in the Start Menu and provides quick access to the last 10 or so files that had been accessed. I relied on Recent Items so I could easily re-open documents I was actively working on without having to navigate to them the long way. Recent Items only displayed certain programs or file types though and files would quickly cycle off of the Recent Items list. Jump Lists takes the Recent Items concept and applies it on a program by program basis. Now I have an easily accessible list of recently opened files for Word, Excel, Quicken, Windows Media Player, etc. Definite timesaver.

DirectAccess. I haven't had a chance to play with this one personally, but I think it is a huge feature and arguably the most compelling reason for businesses to look at Windows 7. DirectAccess provides a bi-directional connection between the internal network and roaming Windows 7 clients as long as they have a live Internet connection. That means the user can access system resources, and IT admins can manage remote systems as if the Windows 7 system was on the internal network and without the need for a VPN connection. DirectAccess requires Windows Server 2008 R2 as well, but organizations that might be interested should take advantage of the 90-day trial to see what DirectAccess can do for them.

Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. He tweets as @PCSecurityNews and provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com.

Veritas Symantec Netbackup

New Features

As the established market leader in data protection, Veritas NetBackup provides unparalleled data protection for enterprise environments.
Next Generation Data Protection
Minimize the cost and complexity of data protection and ensure greater business continuity by implementing a solution that unifies desktop, remote office, and data center data protection across the entire enterprise. NetBackup centralizes the management and operations of backup and recovery and provides organizations with the tools and information they need to manage data in complex, heterogeneous environments.
Unlock the Power of Disk-Based Backup
Manage more data with fewer people with advanced protection for VMWare environments, email applications such as Microsoft Exchange Server 2007, and large databases

* Leverage disk to make backup faster, more reliable, and more secure
– Any type: DAS, NAS, SAN, VTL, snapshots/replicas, OpenStorage
– Any location: core data center, remote office, vault site
* Integrated data deduplication with any storage
* Eliminate the backup window with continuous protection

Advanced Recovery for Critical Applications
Recovery of critical applications and databases requires more steps and precision. Fast recovery may require not just the data, but also new servers and applications. NetBackup enables recovery of data, servers, and applications through one console. Its agents use vendor-approved APIs to ensure a consistent backup and recovery process and customers can choose different types of backup methods such as host, array-based, or off-host snapshots and different levels of granularity for data recovery.

* Granular recovery for VMware, SharePoint Portal Server and Exchange
* Rapid recovery with heterogeneous snapshot management
* Core system recovery in 15 minutes on any platform

Simplify Management
NetBackup simplifies data protection by allowing customers to control the lifecycle of backup data across different storage tiers that include both disk and tape. Customers can gain control over the backup methods, target media, and recovery process which allows them to prioritize the allocation of resources based on the importance of data. Finally, NetBackup can simplify backup infrastructure management by automating dery of application and client updates with Update technology.

* Streamline protection and retention with storage lifecycle policies
* Granular operational management across the environment
* Automate updates with NetBackup Update

Improved Pricing & Licensing
Symantec simplified the pricing and licensing of NetBackup to provide customers with more value and flexibility. Symantec now offers customers the ability to manage NetBackup software in their environment based upon capacity, or on a per-server basis. The capacity approach simplifies access to the full set of data protection methods in NetBackup and allows customers to more easily align protection and recovery methods with internal policies or service-level agreements.

* Choose traditional component based or the new capacity based licensing method
* Simplified pricing structure combines dozens of previously separate client, option, and agent licenses into three easy-to-order options
* Entitles existing NetBackup customers to bare-metal re or client-based encryption features (previously licensable options) at no additional fee
* Switch database and application agents for one another at any time (e.g., switch a SQL database agent for an Oracle database agent)

Platform and Application Proliferation
Symantec allows customers to run NetBackup master and media servers on a wide array of operating systems and can protect a wide array of servers (clients). With each release Symantec adds support for new chip and operating system combinations. Please see the compatability lists for NetBackup on the Symantec support site. Highlights of new support include:

* Support for Exchange 2007
* Master / Media Server support for Sun Solaris 10 on Opteron (x64)

Source:Symantec.com

VMware unwraps virtualization management tools

VMware has revealed several new virtualization management products to be announced at VMworld Monday, but is so far shying away from any big-ticket announcements.

VMworld product blitz: Hot technology for the virtual world

While VMworld is often the forum for VMware to make major statements about its strategic direction, the announcements revealed under embargo last week mainly rehash previous announcements while adding a few extra details. One announcement centers on the VMware vCenter management product line and features seven products, all of which had been previously announced and five of which were already generally available.

The two newer products, set for release later this year and early next year, include CapacityIQ, which gives IT a historical view of capacity needs across virtualized resources to forecast capacity shortfalls and reclaim excess resources. CapacityIQ will be available in the fourth quarter of 2009.

The other unreleased product is ConfigControl, which automatically tracks the configuration of virtual machines and the relationship of VMs to underlying physical infrastructure, allowing IT to ensure compliance with business policies.

ConfigControl will be available in the first half of next year.

Separately, VMware is announcing a free Web-based tool to help small and midsize businesses automate the installation and configuration of ESXi, the free version of VMware’s hypervisor. The Web-based service is called VMware Go and is in beta starting Monday with general availability scheduled for the fourth quarter of 2009.

VMworld in San Francisco will be hosted by VMware from Monday to Thursday, so VMware could still make a statement to rival the April announcement of its "cloud operating system" or the acquisition three weeks ago of Java vendor SpringSource.

A VMware spokeswoman said more news will be on the way Monday, but declined to say what it might be.

VMware is centering its virtualization strategy on providing the infrastructure for cloud-based services with vSphere, the latest version of its hypervisor and virtualization management platform. VSphere has been downloaded more than 350,000 times in the first 12 weeks since it became available, according to VMware. Overall, VMware says it has more than 150,000 customers.

VMworld could be the forum where VMware reveals more details about its plans for SpringSource, which will fit squarely into the company's cloud strategy. VMware has said it will combine its virtualization technology with SpringSource's Java tools to create cloud-based platforms for the building and hosting of Web applications.

Pund-IT analyst Charles King said he expects more details about SpringSource this week, and predicts that "some fairly major developers will climb on the SpringSource bandwagon."

FBI investigating laptops sent to U.S. governors

SAN FRANCISCO -- There may be a new type of Trojan Horse attack to worry about.

The U.S. Federal Bureau of Investigation is trying to figure out who is sending laptop computers to state governors across the U.S., including West Virginia Governor Joe Mahchin and Wyoming Governor Dave Freudenthal. Some state officials are worried that they may contain malicious software.

According to sources familiar with the investigation, other states have been targeted too, with HP laptops mysteriously ordered for officials in 10 states. Four of the orders were delivered, while the remaining six were intercepted, according to a source who spoke on condition of anonymity because of the ongoing investigation.

The West Virginia laptops were delivered to the governor's office several weeks ago, prompting state officials to contact police, according to Kyle Schafer, the state's chief technology officer. "We were notified by the governor's office that they had received the laptops and they had not ordered them," he said. "We checked our records and we had not ordered them."

State officials in Vermont told him they've received similar unsolicited orders, Schafer said. Representatives from that state could not be reached for comment Thursday.

Schafer doesn't know what's on the laptops, but he handed them over to the authorities. "Our expectation is that this is not a gesture of good will," he said. "People don't just send you five laptops for no good reason."

The computers are now being held as evidence by state police, who are working with the FBI to figure out how the machines were sent to the governor's office, said Michael Baylous, a sergeant with the West Virginia State Police.

The West Virginia laptops were delivered Aug. 5, according to the Charleston Gazette, which first reported the story.

The laptops sent to the Wyoming governor's office arrived in two separate shipments on Aug. 3 and Aug. 6, according to Cara Eastwood, a spokeswoman for Governor Freudenthal.

"We received one package, opened it and realized that it was an error since no one in our office had ordered them," she said. "The next day we received another package. At this point we realized that they needed to be turned over to law enforcement."

Although there is no evidence that the computers contain malicious code, HP confirmed Thursday that there have been several such orders and that they have been linked to fraud. "HP is aware that fraudulent state government orders recently have been placed for small amounts of HP equipment," spokeswoman Pamela Bonney said in an e-mail message. "HP took prompt corrective action to address the fraudulent orders and is working with law enforcement personnel on a criminal investigation."

With users now more reluctant to install suspicious software or open attachments on their networks, scammers appear to be looking for new ways to get inside the firewall.

Criminals have tried to put malware on USB devices and then left them outside company offices, hoping someone would plug them into a computer and inadvertently install malicious software on the network. Many Windows systems are configured to automatically run software included on CDs and USB devices using a Windows feature called AutoRun.

Many organized criminals would be happy to spend the cost of five PCs in order to access government computers, said Steve Santorelli, director of investigations with security consultancy Team Cymru. "What is a netbook? $700? You send five of them; you're dropping three grand, and say you get into the Congressional e-mail system. How valuable would that be?"

Can You Trust Free Antivirus Software?

Free antivirus programs vary just as much as paid security programs do in the quality of their protection. And frugal computer users on the hunt for no-cost antivirus software--already faced with tons of options--will have even more to choose from when new free offerings from Microsoft and Panda join the programs currently available from Alwil (Avast), AVG, Avira, Comodo, and PC Tools.

To help you figure out which free antivirus app is right for you, we put packages from all of those companies through their paces. Our testing partner, AV-Test.org of Germany, employed its vast "zoo" of collected malware to test detection rates and scan speed. We then poked and prodded the apps to see which ones made stopping malware an effortless task, and which ones made it feel more like drudgery. For a summary of our findings, see our free antivirus software ranked chart. For our in-depth evaluations, see the individual reviews, linked in this story and in the chart.

Something--But Not Everything--For Nothing

While free antivirus programs give you some value, they don't have everything that a paid security application can offer.

For one thing, you won't have anyone to call if things go haywire, or if you need disinfection help in the event something does sneak past your PC's defenses. Most free apps give support only on online forums, though Avast offers e-mail support (and Microsoft plans to when Security Essentials launches); Avast users can submit online support tickets, too. AVG gives paid phone support, but the $50-per-call fee costs more than most paid antivirus apps.

Do-it-yourselfers can often find good advice at helpful sites like Wilders Security Forums, but even there you shouldn't expect to talk to anyone for help with a free antivirus app. (Unless you can bribe a techie friend, that is.)

Generally, free apps have less-frequent malware-signature updates than paid products do, which can leave a window of opportunity for brand-new baddies to evade detection. Most of the free apps we tried update their signature databases only once daily. Microsoft Security Essentials, however, will also check suspicious samples that don't match a particular installed signature, by running the sample against Microsoft's latest online signatures. And as long as you have an Internet connection, Panda Cloud Antivirus checks everything against Panda's servers, so it will always use the newest signatures. (If you don't have an Internet connection, the Panda program falls back on local caches.)

Some free utilities have fewer scanning options than paid apps from the same company do. For example, Avira's paid antivirus program will scan http traffic to catch Web-borne malware before it hits your hard drive, but the company's free AntiVir Personal version won't. And AVG's paid app ties in to IM programs for additional security, while its AVG 8.5 Free doesn't.

Finally, some free programs give you stuff you don't want. The AVG app and Comodo Internet Security both default to installing unnecessary search or social networking browser toolbars (you can opt out during program installation), and many free apps display ads urging you to buy the paid versions. Avira's daily pop-up ads are the most intrusive, but Avast, AVG, and PC Tools Antivirus Free Edition all display ads in some form as well.

In spite of all that, in choosing a no-cost antivirus utility, you can get decent protection and save yourself at minimum $30 every year, if you're willing to go without a few nonessentials. For many people, that isn't a bad trade-off.

Next: Which Free Antivirus Software Is Best for You?

Which Free Antivirus Software Is Best for You?

When the results came in, Avira AntiVir Personal claimed the top spot in our rankings. It excelled in the essential malware-detection tests and also boasted the top scan speed. We weren't big fans of its interface, but function matters more than form here. Even the shiniest security tool wouldn't be worth a darn if it couldn't keep a PC safe. As such, our detection, disinfection, and speed tests account for the lion's share of each app's final score.

Despite Avira's number one finish, some of the other free programs still merit consideration. For example, if you dislike Avira's daily pop-up ad, you might opt for Avast Antivirus Home Edition's Web traffic scanning and less-intrusive ads--but then you'll have to deal with an even worse interface. Meanwhile, AVG 8.5 Free is a good deal easier to use, but its protection lags a bit behind the other two programs'.

And then there's Microsoft Security Essentials, which uses the same antivirus engine as the company's canceled OneCare paid suite. It isn't yet publicly available as of this writing, and won't be done until the end of the year. But since it promises to shake up the world of free antivirus, we ran tests on the current beta to give you an idea of how well the final version might work.

Rounding out your primary-care options are PC Tools Antivirus, Comodo Internet Security, and the new Panda Cloud Antivirus. Panda's use of online servers to analyze potential malware holds promise, and the app did better than any other in malware detection. Its unfinished-beta state and its unique approach, however, prevented us from giving it a full score and ranking. We did rank the PC Tools and Comodo apps, but both fell flat in detecting malware. PC Tools says that its program purposely leaves out antispyware protection and thus shouldn't be compared with other security apps; but when every other company has left distinctions such as "spyware" and "virus" behind in favor of keeping everything bad off your PC, the artificial separation of categories seems tired.

We also tried two free products that are designed to supplement existing security. PC Tools Threatfire proved a real winner with its excellent, proactive malware detection. It can capably spot a nasty intruder based solely on what the file tries to do on the computer, without the need for signatures. It can work in tandem with any of the free antivirus apps we tested. ClamWin Free Antivirus represents the open-source entry in the free-antivirus competition. It scans only when you tell it to, and it won't automatically run a safety check when you save or run a file. You could use it for a second-opinion scan as backup for your main antivirus tool--but its rock-bottom malware detection means you wouldn't get much extra protection from it.

Free Antivirus Software: Read Our Reviews

• Top Free Antivirus Software (chart)

Avira AntiVir Personal Alwil Avast Antivirus Home Edition AVG 8.5 Free Microsoft Security Essentials PC Tools Antivirus Free Edition Comodo Internet Security

Source: PCworld.com

Gigabit Ethernet fit for a tank

Ethernet continues to go places its inventors probably never imagined. This week GE Fanuc Intelligent Platforms got a $645,000 contract to supply a custom version of its Gigabit Ethernet switch to rumble around inside the US Army’s Abrams tank.

Specifically, GE Fanuc said it would supply a custom version of its IPv6 capable fully managed Layer 2/3 Gigabit Ethernet switch which features non-blocking shared memory, a 44 Gbps core and delivers full-wire speed performance with minimal latency to all ports simultaneously and is available in both air- and conduction-cooled formats, the company stated. The company will also provide its dual 10 GB Optical port XMCXGO XMC card for the switch.

The Ethernet upgrade is part of a long-term Army plan to bolster the tank’s electronics systems to greatly improve digital command and control capabilities. The upgrades include faster networked communications, high-density computer memory and increased microprocessing speed, as well as the ability to upgrade the overall system more easily. More than 8,800 Abrams main battle tanks have been produced for the US Army and other armies around the world since 1978.

The deal is also only a small part of millions of dollars in related technology contracts GE Fanuc has with the Army.

The Army isn’t the only branch of the military to take advantage of Ethernet’s flexibility. The US Navy recently signed Boeing to a five-year, $42.9 million to upgrade and support the Gigabit Ethernet networks it is building on its guided missile destroyers.

The Navy's Gigabit Ethernet Data Multiplex System (GEDMS) upgrades the current 100Mbps fiber-based backbone network to a 1Gbs redundant Ethernet mesh, bringing enhanced multimedia capability to the ships, the Navy said. The GEDMS is the heart and soul of the guided missile ships and basically handles ship-wide data transfers and supports navigation, combat, alarm and indicating, and damage control systems. It also is the underlying communications mechanism for the Aegis missile system which uses a system of radars to track and destroy targets.

And the Ethernet odyssey went into space earlier this year when NASA signed an agreement with a German Ethernet vendor to build highly fault-tolerant networks for space-based applications. TTTech builds a set of time-triggered services called TTEthernet that is implemented on top of standard IEEE802.3 Ethernet. Its technology is designed to enable design of synchronous, highly dependable embedded computing and networking, capable of tolerating multiple faults, the company said.

In addition, NASA and TTTech will collaborate on space network standards that will lead to an open space Ethernet standard suitable for deployment in upcoming space networks in NASA programs and space systems.

SSL VPNs might not be as secure as you think

LAS VEGAS -- SSL VPNs can be compromised in a way that enables them to take over remote users' machines and potentially cause mischief inside the networks they attach to, according to research presented at the Black Hat conference.

The problem can exist with Web clients that install themselves on remote machines at the start of SSL VPN sessions, said Michael Zusman, a senior consultant for the Intrepidus Group. (Dan Kaminsky also spoke at Black Hat about how SSL certificates used to confirm the validity of Web sites could be circumvented with a DNS attack.)

Zusman said his research does not apply to SSL VPN clients that are installed permanently on machines as part of computers' standard software loads.

Elements of the so-called Web clients Zusman referred to can expose them to attacks, however. These clients are downloaded to remote machines by SSL VPN gateways and include Active X components. Some vendors include a feature that enables the client to launch full application clients on the remote machine.

So, if remote users want to access a corporate accounting application, for example, they click on that application as listed on the VPN portal. The VPN client then launches the client for the accounting application so users don't have to do it manually, making the process cleaner.

The danger lies in these clients' reliance on an Active X component that acts as an application launcher, which means it also could launch malicious code, Zusman said. So, the convenience of having the SSL VPN client launch other client applications opens up a potential attack vector, he said. "I think that's a pretty bad tradeoff," he said.

Zusman actually carried out this Active X repurposing with SonicWall SSL VPN gear, he said. SonicWall fixed the problem when he told the company about it. This may be possible with other SSL VPN gear as well, he said, but he has not tried.

Zusman also demonstrated a trick he devised to acquire a valid SSL certificate from a trusted third-party-certificate authority. He wouldn't name the authority, but he tricked the certificate out of it by saying he wanted the certificate for an internal network only.

He then used the certificate to validate SSL sessions to a proxy server for a legitimate Web site. Users could be directed to the proxy via e-mail phishing. "The victim machine is being routed to an attacker-controlled address," Zusman said. Because the certificate is valid, the tricked users don't receive popup warnings about whether it is valid, he said.

How SSTP Works

When a user on a computer running Windows Server 2008 or Windows Vista Service Pack 1 initiates an SSTP-based VPN connection, the following occurs:

1. The SSTP client establishes a TCP connection with the SSTP server between a dynamically-allocated TCP port on the client and TCP port 443 on the server.
2. The SSTP client sends an SSL Client-Hello message, indicating that the client wants to create an SSL session with the SSTP server.
3. The SSTP server sends its computer certificate to the SSTP client.
4. The SSTP client validates the computer certificate, determines the encryption method for the SSL session, generates an SSL session key and then encrypts it with the public key of the SSTP server’s certificate.
5. The SSTP client sends the encrypted form of the SSL session key to the SSTP server.
6. The SSTP server decrypts the encrypted SSL session key with the private key of its computer certificate. All future communication between the SSTP client and the SSTP server is encrypted with the negotiated encryption method and SSL session key.
7. The SSTP client sends an HTTP over SSL request message to the SSTP server.
8. The SSTP client negotiates an SSTP tunnel with the SSTP server.
9. The SSTP client negotiates a PPP connection with the SSTP server. This negotiation includes authenticating the user’s credentials with a PPP authentication method and configuring settings for IPv4 or IPv6 traffic.
10. The SSTP client begins sending IPv4 or IPv6 traffic over the PPP link.

Source: Cisco.com, Microsoft.com

Researchers Show How to Take Control of Windows 7

Security researchers demonstrated how to take control of a computer running Microsoft’s upcoming Windows 7 operating system at the Hack In The Box Security Conference (HITB) in Dubai on Thursday.
Researchers Vipin Kumar and Nitin Kumar used proof-of-concept code they developed, called VBootkit 2.0, to take control of a Windows 7 virtual machine while it was booting up. They demonstrated how the software works at the conference. “There’s no fix for this. It cannot be fixed. It’s a design problem,” Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack.
While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it’s not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim’s computer. The attack can not be done remotely.
VBootkit 2.0, which is just 3KB in size, allows an attacker to take control of the computer by making changes to Windows 7 files that are loaded into the system memory during the boot process. Since no files are changed on the hard disk, VBootkit 2.0 is very difficult to detect, he said. VBootkit 2.0 is a follow-up to earlier work that Kumar and Kumar have done on vulnerabilities contained in the Windows boot process. In 2007, Kumar and Kumar demonstrated an earlier version of VBootkit for Windows Vista at the Black Hat Europe conference.
However, when the victim’s computer is rebooted, VBootkit 2.0 will lose its hold over the computer as data contained in system memory will be lost.
The latest version of VBootkit includes the ability to remotely control the victim’s computer. In addition, the software allows an attacker to increase their user privileges to system level, the highest possible level. The software can also able remove a user’s password, giving an attacker access to all of their files. Afterwards, VBootkit 2.0 restores the original password, ensuring that the attack will go undetected.