If you’re paranoid about other people (read: your competition or business rivals) somehow getting t the sensitive data online, here are other ways t keep your secrets secret without using the Web:
Use offline backup
According to wisegeek.com, offline backup is a way to store files from a network (for example, your company network) so the files will be accessible even when the user is not connected t the network they are stored in. telecommuters with laptops or mobile devices often use this because they are not always hooked up to the network they usually access files from.
It is also used as a safety precaution because the data in offline backup is not available for updating, ensuring that a copy of a crucial file remains untouched- but still easily referenced- at the time it is saved or copied offline. This type of back up usually comes in downloadable software, and users of Microsoft Windows 2000 and newer versions of the operating system can use offline folders to backup files online. Its only drawback is that it takes time to store the information needed.
Use magnetic storage or flash memory
That’s techie-speak for using more hard disks or floppy disks, which are classified as magnetic storage, or flash memory such as USB drives and memory cards. Floppy disks, of course, are going the way of the dinosaur and can’t hold much information beyond several short office documents. But a typical hard drive nowadays holds about 120 gigabytes of information- and some hard drives have as much as 500 gigs of memory available. USB drives with capacity of up to 64 GB are also out in the market now.
Use optical storage media
This usually refers to optical discs such as CD-ROMs, DVD-ROMs or BluRay compact discs that are permanent (or read-only), formed once (write-once; that is, once the data is written in the disc, it cannot be altered or overwritten) or reversible(usually called rewritable; data can be read, written and rewritten several times). Rewritable media in the high-definition DVD9HD DVD) or BluRay format is usually the most expensive, and requires a dedicated optical drive to read such discs
Jimbo Owen B. Gulle  




Important factors to consider before deciding to backup critical data online
As services become robust enough to support business networks, more businesses are considering online backup for their critical data. Some important factors to consider before making the leap:
Security:
Make sure your provider is able to offer detailed information about how data is transferred to and from the backup site, and how security is guaranteed at the backup location. Reputable online backup services will include strong file encryption and access-control standards.
Availability:
Find out how long it takes to restore data if it’s lost and whether there are different levels of availability for different types of data. You’ll want to know exactly how long it will take to get your most critical data back online in the event of a failure.
Service-level agreement:
How quickly do different vendors process requests for restoration, and what guarantees are there for response times? Get it in writing.
Financial liability:
Know what’s at stake. Find out what the financial implications are for loss of data if the back up service doesn’t work or if back-up files become corrupted. The safest bet is to have a backup for your backup. Which is more feasible as service prices drop.  – J.M.



PC Hardware

Posted by irhille |

This isn't so much a tutorial, as it doesn't actually teach you much.. It's more a text on hardware for those of you sick of newbie tutorials, and looking for something interesting and non-dangerous. This is mainly about motherboard stuff, but I stuck something about HDs, mice and Gfx cards at the end. Hey, if people like it and tell me, I might even stretch and do al the other computer bits and bobs. ;)

The BIOS.
This contains instructions which are specific for that particular motherboard. Those programs and instructions will remain in the PC throughout its life; usually they are not altered. However, it is possible to get replacement / upgrade BIOS's. Primarily the ROM code holds start-up instructions. In fact there are several different programs inside the start-up instructions, but for most users, they are all woven together. You can differentiate between:

    * POST (Power On Self Test)

    * The Setup instructions, which connect with the CMOS instructions

    * BIOS instructions, which connect with the various hardware peripherals

    * The Boot instructions, which call the operating system (DOS, OS/2, or Windows)


Note: Only very old or different OS's are stored on ROM, such as OS/2. This is actually a much more efficient system.
BIOS's are static sensitive, so take care when handling them. They can also be PWord protected... if you ever get round to doing this, don't forget the password. As you don't use the BIOS PWord often, this is easy to do. Don't. it's bloody hard getting the PWord back.

Processors
Processors work on a fetch-execute cycle. each tick of the clock, in theory, they get a bit of data... and by tick of the clock here, we don't mean a second, we mean the tick of a computer clock. Depending on the speed of your processor, this is anywhere from 233 million ticks per second for a 233, to 800 for an overclocked 600MHz Athlon chip.
So, you can get, on your average computer, 400 - 500 bits of data per second. Well, wrong actually... because not every clock tick is taken up by getting the data. Every _fourth_ is. Well, what about every other 3? you ask.. they are taken up with _finding_ the data, _getting_ it, and putting it back. So, you say, your processor runs at a quarter of the speed that in theory it should be able to do? Well, yes. And there's no way around this, unfortunately. But, we can make the clock speed a little faster, and it is the clock speed that dictates the speed of the processor... (within reason).
Therefore, you can set the clock ticks on your 233 to 266, and it'll run at 166 MHz. Yes. Unfortunately, the more clock ticks there are in relation to what your chip is _supposed_ to run at, the hotter it Gets. Therefore, you need to install heatsyncs/fans. In fact, the AMD Athlon 600MHz overclocked to 800MHz, the fastest PC at the time of writing has a minature fridge that cools the chip, which is its own special metal box. The tower-sized case also has a box the size of a mini-tower underneath for the cooling system. ;)
For this increase in temperature of 200MHz, the chip is cooled to -37 degrees centigrade. that's cold. ;) (Note: AMD chips generally run a lot hotter than Intel ones). ((Not a problem unless u have no heatsync)) - see the micron section, below...


The Clock
Now, this fabled clock looks like, in most cases, a small black box on your motherboard. The clock ticks it emitts are in the form of a wave , but a different wave: one that is sqare, and it looks like a castle ramparts. the speed of this is dictated by the MHx setting you set with the Jumpers on your motherboard. The waves look like so: (except slightly more square)

  __     _    ____   _   _    ___

_¦  ¦___¦ ¦__¦    ¦_¦ ¦_¦ ¦__¦   ¦__    and etc.





The wave, which never changes, and is always the same, is broadcast throughout your motherboard, and it synchronises all of the things that go on there. For example, when you press the left button in your game of quake, the processor assigns different bits of your computer to do whatever is neccacery to redraw what's on the screen, and tells it to have it done in 3 ticks' time. The same process occurs on the gfx card itself, where the main processor assigns a polygon to each other chip, or whatever. Infact, if you have an old enough computer, you can see it being redrawn on the screen... try it... run a gfx-intensive game on a 486... If the task isn't done in time, then it all falls apart, and the computer crashes. This is why you don't want to buy a dodgy CPU. :) (Get an AMD Athlon!).
The signals sent run around your motherboard, through all of those copper bits, and into the chips, ISA slots, or whatever, and the task gets accomplished.

This signal is sent around the motherboard in that most wonderful of things we all love, Binary. Now, Binary is what Computers communicate with, and it is a DIGITAL thing. Digital. A Much used term.
COmputers are electronic, and therefore, all the signals in them are tiny pulses of electricity. Now, electricity can be one of two things. On... or off. And this is what makes it digital. If it could be half on as well, it would be analogue... But no. It's digital. However, the representation of it in the form of signals down wires is analogue, as a sound in a modem wire can be any of a hundred million different pitches, can't it. Yes. This digital signal is, then, a series of 0's and 1's. Binary. The counting system that we use (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11... etc... ) is Denary. It's Base ten... Binary is Base 2 (and Hexadecimal, which is used, amongst other things, is base 16). Therefore it is perfect for being what these signals are coded in. so each charactor on your screen is represented in your computers RAM by a series of Binary digits. Probably 8. if you go into Windows Calculator, and switch to scientific mode (View>Scientific) you can decode this. For example, 1 in Binary is 00000001. 2 is 00000010. The way this can be decoded is thus:

Each digit in binary represents a quantity of a certain number, just as denary does. In denary, there is a column for 1's, a column for 10's, and a column for 100's. And in Binary, there is a column for 1's, 2's, 4's, 8's, etc. Let me show you:

Denary:
100s     10s     1s
1     0     0

Here, there is a one in the hundreds column, and therefore, 100 + 0 + 0 (0 and 0 are the other 2 columns) makes 100. SO 1 0 0 in Denary represents 100. (of course, translating 100 --> 100 doesn't work, as denary is used in both cases). In Binary, this works this:

Binary (8-bit -- 8 digits)
128     64     32     16     8     4     2     1
1     1     1     1     1     0     1     0

SO... 128 + 64 + 32 + 16 + 8 + 2 + 1 = 250.
So the Binary number 11111010 = 250. Simple, eh?

It is possible to do addition, subtraction, multiplication, in fact, EVEYTHING that is possible with denary (1--> 10)... I'm not going to explain it because it is simply too complicated. ;) Use Windows Calculator... the radio buttons at the top left switch between number systems.

Chipset
We all know what assembly language is, do we not? It is the programming language that is most native to a computer. The instructions go directly to the chip (more or less). (Assembly actually lays on top of Machine code, which is the real native: Assembler is a more human-friendly version)... Each chip has their own different version of assembler/machine code, called its _chipset_. Each new type of chip comes with an upgraded chipset: for example, the Intel MMX chip incorporated the...wait for it... MMX chipset! There are also chipsets such as 3D!Now. THe most basic of commands between, say, Intel and AMD are the same: they have to be in order for the two to be compatible, but more advanced things are different. This is why Alpha chips are incompatible with windows: The chipset is completely different.
Intel has hitherto been the leader in supplying chip sets to the Pentium motherboard. Therefore, let us just mention their chip sets, which have astronomical names. The Neptune chip set (82434NX) was introduced in June 1994. It replaced the Mercury set (82434LX). In both chip sets, there were problems with the PCI bus. In January 1995 Intel introduced the first Triton, where everything worked. This chip set supports some new features: it supports EDO RAM, and it offers bus master integrated EIDE control and NSP (Native Signal Processing - one of the many new creations, which was soon forgotten).
The sorts of things that new chipsets are used for are varied... for example, The Intel TX Chipset, for example, supports SDRam and UltraDMA (But the TX-set cannot cache above 64 MB RAM, and that is a problem.), while AMD chips have their own special Graphics chipset, which is better for that task.

Microns
The CPUs have doubled their calculating capacity every 18 months. This is called "Moore's Law" and was predicted in 1965 by Gordon Moore. He was right for more than 30 years. The latest CPUs use internal wiring only 0.25 microns wide (1/400 of a human hair). But if Moore's Law has to be valid into the next century, more transistors have to be squeezed onto silicon layers. And now there is a new hope. IBM has for the first time succeeded in making copper conductors instead of aluminum. Copper is cheaper and faster, but the problem was to isolate it from the silicon. The problem has been solved with a new type of coating, and now chips can be designed with 0.13 micron technology. The technology is expected later to work with just 0.05 micron wiring! Texas Instruments announced on August 27th 1998 that they expect 0.07 micron CMOS processing in the year 2001. At the time of writing, AMD chips run at .27 microns (?) and Intel at .33. This explains why AMD chips are hotter, as there is less wire, and therefore more probability of the electrons that the electricity is comprised of hitting the side of the wires, and creating heat.

Hard Drives
Hard drives work in much the same way as a floppy disk does. They can, however, store a much larger capacity of data, and therefore are much more fragile, and compact . For this reason, they are hermetically sealed. NEVER OPEN ONE IF YOU WANT TO USE IT AGAIN. There is, inside, 3 or 4 goldy-brown circular plates on which the data is stored. These are much the same as the ones inside a floppy disk, except that they are not 'floppy' but hard, or stiff. The data is stored on the platters magnetically, which explains why floppy disks have a "keep magnets away from me" warning on boxes u buy them in.
IBM introduced the first hard disk in 1957, when data usually was stored on tapes. The first 305 RAMAC (Random Access Method of Accounting and Control) consisted of 50 platters, 24 inch diameter, with a total capacity of 5 MB, a huge storage medium for its time. It cost $35,000 annually in leasing fees (IBM would not sell it outright) and was twice the size of a refrigerator.
In the early 80s, HD's became the preferred storage medium as opposed to floppy drives (these were previously used due to increased reliability). IBM's PS/2 (one of which I have - yay) was one of the first PCs to be equipped with a Hard drive. I think.

Mice
Mice are, as we all know, Input devices, and as we also know, they tell where you are on the mousemat by moving a ball in the bottom. Which you can see. But how does it read how the ball is moving? Well, inside the mouse are 2 rollers, at 90 degrees to each other. When you move the mouse, u move the ball, and thus the rollers. THe rollers have some little discs on the end of them with slits in, and either side of the disc are light-readers, so that when you move tha ball, the mouse can tell because light flasles on and off in its light reader. There is also a 3rd non-functional roller to keep the ball rolling smoothly. Note: It is perfectly safe to turn your mouse upside down ,. take the ball out and look inside, as long as you don't prod anything too hard (twiddle the rollers by all means, just don't stick bits of paper in there). It is also a good idea to get a blunt knife or screw driver and clean the crud off the rollers every few weeks... it solidifies into little rings around the rollers, and works to the detriment of the mouse. If it isn't cleaned off, it can also, fallinto the mouse, and reak havok with the insides. :) The same sort of crud builds up in keyboards, but is harder to remove. ;)

GFX Cards
A video card is typically an adapter, a removable expansion card in the PC. Thus, it can be replaced! The video card can also be an integral part of the system board...This is the case in certain brands of PCs and is always the case in lap tops. This is not nice, as it is hard to upgrade to a better card. On a OC with a non-removable gfx or sound card, the normal procedure if you _do_ want to replace it is to disable the built-in graphics card using jumpers or dip switches... consult your motherboard manual. ;) Regardless of whether it is replaceable or integrated, it consists of three components:

* A video chip of some brand (ATI, Matrox, S3, Cirrus Logic, or Tseng, to name some of the better known). The video chip creates the signals, which the screen must receive to form an image.
* Some kind of RAM (EDO, SGRAM, or VRAM, which are all variations of the regular RAM). Memory is necessary, since the video card must be able to remember a complete screen image at any time.
* A RAMDAC - a chip converting digital/analog signals.

NOTE: Never buy an S3. Never. Ever. I've had lots, they're all useless. Remember that.

All ordinary graphics cards can show 3D games. That is really no special trick. The problem is to present them smoothly and fast. If the PC’s video card is made for 2D execution only, the CPU must do the entire workload of geometric transformations etc.! And that task can cause even the fastest CPU to walk with a limp. In recent years there has been an enormous development in 3D graphics cards. Let me briefly describe those here.

There are two types of graphics cards, which can be used for 3D acceleration:

Combination 2D/3D cards. These are ordinary graphics cards, which have been equipped with extra 3D power.
The pure 3D cards, which only work as accelerators. These cards require that there also is an ordinary (2D) graphics card in the PC.
Of course the pure 3D card yields the best acceleration, but there are also good combination cards on the market.

Njan


Why would I want to hack windows?

    Well, okay stupid question but why would you want to hack windows when there are all those lovely servers to take on? The answer is so simple, it often eludes people altogether. How exactly are you going to take out the server if your workstation is so crippled, you can't even use the run command? Most hacking programs are DOS based. If your friendly Admin has removed MS-DOS access, you're in trouble. You won't be able to run all those nice programs you've collected.

    What if they Admin has placed some really horrible backdrop on your machine. You have a great replacement only the display properties aren't available. How do you get round that? Well, that's what this tutorial is all about : Removing restrictions on the local machine so that you can get a shot at the servers or so you can run programs that you otherwise wouldn't be able to.

Are there many restrictions that can be placed on me?

    There are a surprising amount of things Admins can do to your computer to make it more restricted. To compromise of course, there are many ways to remove these annoying restrictions, one of which I worked out and removes all the restrictions although it temporarily screws up Internet Explorer's settings. Here is a small list :

        Control Panel
        Run command
        Find command
        Missing start menu programs
        Fixed backdrop
        No DOS access
        Removed CDROM and floppy access

    All of the above are a real pain in the ass. I'll go through removing these restrictions one by one.

Where do these restrictions come from?

    Good question. There are two types of restriction, local and remote. The local restrictions are usually stored in the registry and are fairly easy to get round compared to the remote restrictions. These are restrictions placed on servers and are usually downloaded each time you login. They are VERY hard to get around and most are beyond the scope of this tutorial. However if I do show some of them, I'll point out that they are remote. Sometimes, the remote restrictions are enforced as local ones. This is handy to say the least.

What is the registry?

    The registry is a database that Windows uses to store all its information. You can consider it as a directory. Most programs and files are registered here, along with user and system settings. Driver versions and start up programs are also found in here. Without the registry, Windows would be in trouble.

Where is the registry?

    The registry consists of two files, user.dat and system.dat . Both are stored in the windows directory. There are backups of both files called user.da0 and system.da0 . If the main two are destroyed, the system copies the new versions over to replace them.

    The user.dat file contains user settings. All the different parts of a users settings make up a user profile. It is these profiles that contain the information regarding what restrictions should be enforced. Every user is stored here along with all their access rights. I'll show you how to fool the system into giving you full access the easy way later.

    The system.dat file strangely enough contains information about the system. This includes settings for Internet Explorer and other pieces of software such as DirectX, MS Office etc etc.

Can I edit it myself?

    Yes you can, using a program called regedit. It is automatically installed and unless your friendly Admin has removed your ability to edit it, you can use this program to set anything in the registry that you want.

    NOTE : If you remove the system.dat file ( which you usually have to ) some programs may have problems finding their default settings or refuse to load.

I can't edit the registry. How do I get around this ?

    Well the easiest way is to simply remove user.dat and system.dat . When you reset the computer and login, it will come up and tell you that it needs to reset to repair the registry. Ignore this message and use ctrl+alt+del to get it to close without selecting 'ok'. You will see that all the restrictions have been removed. Quickly go to 'Run' and type 'command' without the quotes. This will open a DOS window and for some reason stabilises the system. Windows had a nasty tendency to crash if I didn't open a DOS window for some reason. When you reset the computer, the old registry will kick in and the restrictions will be active again. This isn't so bad because it means you can get a machine back to normal with the minimum of fuss.

I can't get to the registry files to delete them! What now?

    Don't panic yet! I'll show you two ways of getting to the files. Normally if the 'Run' command is missing, you're going to have trouble getting to the C:\windows directory which holds those files. Second, you'll find that they are write protected. In the next few sections I'll show you how to get round this.

I have the 'Run' command. What next?

    Type "c:\windows\" without the quotes. This will take you to the directory that contains the registry. You will most likely get a message saying that altering the files could be dangerous and could stop windows or other programs from working. Ignore that and select continue or click the hyper link. It will now show you the files.

The evil scum bags have nicked the 'Run' command! Now what?!?

    Now you panic........only joking! Most Admins do take out the run command as standard. It stops normal people from going where they shouldn't be. However, we can out smart them here by using the shortcut trick. This trick will get us whatever we need and is just as powerful as the run command, except it is slightly more inconvenient.

So what's this magic shortcut trick then?

    This trick is essential to a hackers toolkit. In Windows, you can create a shortcut to just about anything from a folder to a program or even a website! We can use this to our advantage. It also gets round the annoying "Access Denied" messages that explorer likes to give. Right click on the desktop, select new -> shortcut. When it asks what you want to make the shortcut to, type in "c:\windows\" without the quotes and press enter. Hit enter twice more and you will find a nice shortcut on your desktop. Click this twice and it will dump you in the Windows directory. Nice eh?

When I type in the directory in explorer, it returns "Access Denied". Why?

    This means that the Admin has told explorer not to accept any requests to that folder, program or website. However for some reason explorer will let you straight through if you make a shortcut to that folder. Security is tight eh?

Okay, I've found the files.....only I can't delete them! Windows says that are protected!

    When windows says protected, it means write protected. This is when you can't write or alter a file. This is done for safety reasons. No one wants to accidentally delete the registry. However because we're evil we want to and Windows is stopping us. Don't worry, the protection is lame. Right click on the file and hit properties. Once in, untick the little box next to write protected and click apply then okay. Now try deleting the file. You should find that it goes without any hassle. This works with both registry files.

Right, I've sabotaged the files. What next?

    To prevent Windows catching on, just turn off the computer and switch it on again. If it starts up and the registry fixing program starts, you'll have to repeat the procedure. Sometimes it gets you, some times it doesn't. If it keeps coming up, see the next section.

My plans are being thwarted by this stupid registry checker! HELP!

    This nasty little program kept catching me out. It is called regcheck and is usually found in the windows or windows\system directory. It is called from an ini file called regcheck.ini or regchck.ini . The name seems to vary from system to system though I can't see any reason why it should. You can alter the .ini file and remove the checking program. The script will complete and still the registry won't have been restored!! Tee hee!

The network is on the Internet but Cyber patrol won't let me access any hacking sites!

    Cyber patrol is a royal pain in the ass! However, it is very easy to remove. Press ctrl+alt+del to bring up the task list. Select Cyber Patrol and press enter. Cyber Patrol will now bring up a window asking for a password. Damn, we've been beaten! Not so, press ctrl+alt+del again. This time because Cyber Patrol has ALREADY answered windows, it won't access again. Thus Windows thoughtfully lets us close the program. Bye bye stupid restrictions!

I can't access the disk drive or the CDROM yet I see the Admins doing it! How can I ?

    This can be quite annoying. You have lots of stuff on disk or CD but you just can't access them. Why? Because some sod has removed their icons from 'My Computer'. *Sigh* I guess its no go then right? Wrong! Although you can't see the drives, they are still there. Load up ole faithful Internet Explorer and type "D:\" without the quotes and press Enter. It should display a list of the files on the CD. If it comes up with "Access Denied" or " Permission Denied" then simply make a shortcut to it. That way, you will see all the files.

When I try to access A: , the whole machine crashes on me! Why?

    This happens when the floppy drive has been disabled in the BIOS ( Basic Input Output System). When you try to access it, Windows will hang and force you to reboot. There is a nice easy way of testing if the drive is open before you crash your machine. When you log in or out, check the light on the drive. If it flashes, the drive is available even if you can't see it in the drive list. If it doesn't flash, the drive has been disabled.

I MUST have floppy access! How do I get it?

    The only way to get disk access is to enable the floppy drive in BIOS. This is almost ALWAYS passworded ( if not you're really lucky ). You will need a BIOS cracker and there are loads on the Internet. Check what BIOS the machine has when it boots up ( Award, AmiBIOS etc etc). Get a program for that. Obviously you will somehow need to get it on the Network and there is a cunning way to do that to!

Sneaking files onto a Network

    This trick is so simple and yet so effective. Create a document that you could pass off as school work or something. Make sure it has an image file in it. Drag and drop the program file into your document and then place the Image file over it. Save as a .doc file and put it on a disk. Ask your friendly Admin to copy the file for you. Most will just copy it and those that check will just see a document with a piccy. They won't see your program. To get the program back, you need to open the document on your workstation. Drag the program back out and put it on your desktop. This trick works with any file of any type.

Right, I've got the program. What now ?

    Run the program. It should give you a password. Write this down and reset the machine. As the machine checks its memory press the 'Del' button. It will then take you into the BIOS where it will prompt for the password. Enter the password that you got from the program. It should let you in. Go into the Basic options and look for floppy drive. Go to the first one. It probably says "Not Installed". Change it so it says "3 1/2 inch floppy". Quit the BIOS and save changes. When it boots up, the floppy drive will be active. Do the reverse to disable it again to stop Admins finding you and changing the password.

How can I get back all those nice programs that they removed from my start menu?

    This is also quite easy. There is a program called groupconv.exe . By running this, you'll restore the default star menu along with all the usual programs and accessories. Useful if the Admin has removed some program that you prefer or want to use like Paint brush. You'll need paint to pull off the next trick.

How do I change this cursed background without using the display properties?

    Not so useful perhaps but nice to have none the less. No one likes the default backgrounds but Admins tend to remove the ability to change them which is rather upsetting. To pull this off, you need access to paint. Normally this isn't removed. Open your bitmap of choice into paint. From the 'File' menu, select "Set as background". This will set your bitmap as the background. Normally this won't stay the same and will change back next time you login. Still, you get a decent background for the duration of your session.

The 'Net Plug' trick

    This is a nice easy way of getting Admin rights. I've taken this from my other tutorial and pasted it here because I don't want to have to type it out again. It is a very useful technique which is why I'm duplicating it here.

    This is an attack that I worked out myself before I was given Admin status. It always works and I've yet to see it fail. Make sure you are at a windows 95 or 98 machine. I doubt NT would be fooled by this trick but I don't have any NT machines so I can't test it for you.

    Note : Most Admins, believe that they are the most knowledgeable about their system. Many also believe that no one else knows much about computers. In other words, for whatever reasons, they are not too concerned about us i.e. the idiots attacking their servers. Why? Because we aren't good enough. So why waste valuable time configuring security that won't be needed eh? I think I've made my point. They don't see us as a threat. You don't consider a house spider a threat so you don't go round putting up netting to keep them out. Why? You can't be bothered. The same rule applies here. Even if you are a computer genius, play it dumb. Admins like to lecture the uninitiated and would love to appear smarter than you. This is the way you want it. The Admins will think you're a nice guy or gal, totally harmless. This sometimes gives you more leverage because they like you, they'll be willing to help you. They also won't expect you to launch a huge assault on their servers either However sometimes there are some smart people out there who will notice your talents and pull you over to their side. This isn't a bad place to be and can be advantageous later.

    First of all, login as yourself. Crash your computer and reset it . Walk over to your favourite admin (the one that hates you most is the best choice ) and apologise for being an idiot but the computer won't let you login and could s/he please come and take a look for you. Mumbling and grumbling they'll come over. The best way to test if it is the machine is for them to login. Of course, they'll log in as an admin or equivalent. They'll check your account and see that your account is fine. They'll tell you to log onto another machine and your account will be okay. They'll now log off and walk off in disgust thinking you are a computer moron. Not so my friend, we've just done them good and proper!

    Turn off the computer and pull out the network lead. Turn it back on again. The computer will detect that you aren't on a network and will dump you at a desktop with restrictions of the last user. If this user is the admin then chances are that he or she will have full access to everything including DOS and drive access. Perfect for installing all those really kewl programs you have on a disk in your pocket......

    But you aren't on the network now. That's no fun is it? Shove the lead back in and try to access a network drive. This is the bit where you hope the Admins are sloppy or not computer geniuses. Windows by default caches ALL passwords so unless the Admins have told it not to ( a key deep in the registry) then windows will have a nice copy of their password. Go into 'My Computer' and click on a drive. Whoop with glee as Netware logs you in as an Admin. Why does this happen? Well windows still holds the username and password last used to access the drive. You are logged into windows as Admin and windows knows what credentials you last gave to the server. So it supplies them for you. Likewise because you are now authenticated you know have full access to the NDS tree. Not only can you read but you can no write, modify delete etc etc. Much more fun!

    Now, this is the bit where you have to be sneaky. You have to make a new account for yourself or upgrade your old one. There are pros and cons to each of your choices. If you alter your existing account and they check it for some reason ( maybe you got locked out? ) they'll notice you have admin rights and shoot you. If you make a new user, it might get found quicker but there is no way to point to you ( it was created by user admin after all tee hee ). The choice is yours. You can always do both.

I still need DOS access to run the programs. How can I get it?

    Not all Admins actually remove the ability to run DOS programs, simply because they are needed. It is likely though that the shortcuts and the run command will have been removed. Also I doubt you will be able to shutdown into MS-DOS mode. So how do you call up the window?

    Well, we can use our usual shortcut trick. The program that opens the DOS windows is called "command.exe" . To run the program, simply make a shortcut to "command" without the quotes. Double clicking on the shortcut will pull up the MS-DOS prompt.

I've done that but I get "This has been disabled by your system Administrator

    If you get this, your Admin has locked out the ability for your user to run DOS programs. Windows is suprisingly tight on DOS access. There is only ONE way that I currently know of ( I'm always searching for new ones though) to bypass this whilst logged in as yourself. To do this, you need a program called "poledit.exe".

What the hell is poledit?

    Poledit ( short for policy editor ) is the program used to alter user settings on any given computer. This program edits the user.dat file that we saw earlier. It might have occured to some Admins to block access but I have yet to see it done. Normally registry editing is barred but that seems to be only when using regedit.

    Poledit is NOT installed by default. You will find it on the Windows 98 CD in the resource kit folder. The file itself isn't very big and it doesn't need any support files. You can sneak it onto the network by hiding it in a Word file. If you have CDROM access, you could just load it in, or burn the program to CD.

    Poledit controls ALL the access rights such as control panel access, display properties, find and run commands, DOS access, shutting down to MSDOS mode etc etc. This tool can give them all back to you!

Okay, I've managed to get poledit onto the network. now what?

    Right, run the program. It will bring up a list of users and their policies. There will probably be two policies stored there ( at least). One will be called Admin or similar and the other default. You will be user default. Now, alter the settings to whatever you want and save them. Quit the program and you should find that your access has been increased!

I think it worked but when I logged back onto the network, the old settings kicked in.

    This is a pain because it means your settings are stored on the server too. When it logs in, it activates the settings you updated and then overlays the new ones from the server. Annoying huh? Well there isn't all that much you can do about it apart from use the Net Plug trick.

    How does it help us here? Well, turn off the computer, unplug the network lead and turn it back on. It will automatically log you in as the last user, i.e yourself. However because there is no server, it will pull its restrictions from the local file ( which we edited of course). Plug the network lead back into the computer and try to access the drives. Even if it asks you to login again ( to access the network ), Windows isn't clever enough to pull off the updated policy files. You're home free!!



Written by:  MiggyX

IF YOU FIND ANY ERRORS, WEATHER SPELLENG IS NUT CORROCT, OR THE INFO IS NOT
RIGHT, YOU CAN CHANGE IT AND THEN SEND IT BACK TO ME OR SOMETHING. BE A
CREDICT AND TELL ME WHAT YOU WOULD DO DIFFERENT.
This book was written thanks to the help of Mr. Butler who has taught me a lot about computers. The goal of this book is to show you, the reader about the physical and electronic part of a computer. You should be ready to build a computer right after you read this but I recommend finding somebody that has built one for a reference.

First off were going to talk about lab safety. But make sure you come back and read this after you fry yourself because you forgot that you weren't supposed to touch that red wire in the monitor!.
TOP TEN LIST TO PERSONAL SAFETY

  1. Do not work alone.
  2. Wear non-conducting shoes.
  3. When working around A/C work with one hand in pocket.
  4. Never assume a system is safe to work on.
  5. Usually work with computers plugged in and monitors plugged out.
  6. Never wear jewelry.
  7. No loose clothing.
  8. Don't connect or disconnect peripherals when the system is on. (unless you have usb ports)
  9. Use only c, bc, or abc, fire extinguishers.
  10. Always discharge compositors before touching.
Now I will tell you why you should abide by these rules.
  1. The reason you should not work alone is because you can get easily hurt and/or shocked and your computer can possibly catch on fire and a second person can help greatly.
  2. The reason you should wear non-conducting shoes is because conducting shoes keep electric static which could possibly fry your computer or yourself.
  3. Rule number three, is just because if the A/C shoots volts down through your body it should stop at the hand in your pocket will keep you insulated.
  4. Never assume a computer is safe to work on because a lot of the time it's not. If you follow all rules it should be safe though.
  5. The reason you should keep your computer plugged in is because most computer plugs have a third prong on it which is a ground and if volts do happen to shoot down the cord it will stop at the ground.
  6. Never wear jewelry, ESD (electric static discharge) and jewelry don't mix.
  7. Don't wear loose clothing because your clothes can get caught on something and could make it fall and/or break or something to that nature.
  8. Unless you have usb ports, you can fry the controller or slot if you plug the cord in or out while the computer is on.
  9. Notice that all the three different types of fire extenguishers have a "c" in them. This means that it will not hurt your computer because the c has some chemical in it that should keep your computer safe if you have to use a fire extinguisher on it.
  10. Capacitors can have 20,000 volts in them even if the computer is turned off!! Common sense says discharge first!
Enough of personal safety now to the important part. In the words of my computer teacher. "If this place catches on fire make sure you get all the equipment out first!!!" Mr. Butler.
EQUIPMENT SAFETY
  1. Static mat .
  2. Wrist strap.
  3. Keep all components in anti-static bag.
  4. Individual chips should mount in a special non-static bag.
  5. Handle all parts by their edge. Do not touch metal parts or chips.

  1. You should always follow rules 1 and/or 2. If you do not, it's very possible that you could fry yourself or your computer.
  2. look at number 1)
  3. If you kept the part in an anti-static bag then when you insert it into your computer it should have no electronic charge and same goes for rule number 4.
  4. look up to rule number 3
  5. The reason for this rule is because 30 volts can fry a chip and you body can feel from 2,500 volts up. So you may fry a computer chip and it not even shock you.

COMPUTER CASES
There are three major cases in a computer which you might want to know about. One is called an at case which means that the standard for the at case has a two plug supply to the motherboard, a keyboard, and peripheral slots all in standard locations. The second type case is an atx case which has one plug supply to the motherboard, keyboard, com ports, printer ports, and usb ports all in standard locations. The third type is a proprietary case which means there is no standard for what's on it and where they attach. There are four major styles of cases. The first one is a tower and it stands upright and is what most computers are made in now. Their's also desktop, slimline, and proprietary too, but mostly just towers.
MOTHER BOARD
A motherboard is what everything plugs into, and without one you can't do much with your computer. It is what I would call the most important part of your computer.
There are three major types of motherboards. They are at, atx, and proprietary. You will only mostly deal with at and atx. There are four main buses on the motherboard. They are power bus, address bus, data bus, and a control bus. A bus is a bundle of wires that send info through them.
MICROPROCESSORS
Microprocessors are what we would call brains. They think for the computer and most info except for DMA (direct memory access) goes from application etc.. to CPU and then to memory. Most modern CPU chips have 8 registers on them. They are data, address, accumulator, program counter, instructions, flag, alu, and a fpu. Registers are storage places for data, numbers etc… the program counter stores the addresses of the next instructions to be done. The instruction register holds the current instruction. The address register contains memory addresses of the current instruction. The address register contains memory address of the next read or write. The accumulator holds one of the mathematical data to be used or the answer to the previous operation. Data registers hold the second part of the mathematical data for the current operation. Flag registers are special bits that are set individually by certain instructions. That's an into to what is inside the cup. FYI - the wires inside a CPU are smaller than a centimeter. The reason the chip is made so big is so that we can handle it.

HISTORY ON COMPUTER
About the first in home computer made by Intel was an Intel 8088 with a 8 bit data bus, a 20 bit address bus and a 16 bit register. Next inline from Intel was the 8086 with a 16 bit data bus and a 20 bit address bus. Then a 80286 with the same thing as the 8086 but a 24 bit address bus. Then their was a 80386 SX with a 16 bit data bus, 24 bit address bus and a 32 bit register. Next was the 80386 DX with a 32 bit data bus, a 32 bit address bus, and a 32 bit register. Then the 80486 SX with the same as the 80386 DX but a little faster. Then Intel came out with a 80486 DX and also a built in FPU. (floating point unit) What the FPU did was let the CPU be able to do decimals super fast which enabled 3D games to run super fast. Next was the 80486 DX2 which was twice as fast as the 80486 DX, and after that came the 80486 DX4 which was three times as fast as the 80486. Then they introduced the Pentium chip. The Pentium chip had a huge 64 bit data bus, a 32 bit address bus and a 32 bit register. It is estimated that every 6 months technology doubles. So as technology advanced computers will get even faster. (I cant imagine needing anything bigger than my 400 MHz) Hope that didn't bore you do death.
HARD STORAGE
Since most people are familiar with such things as a CD-ROM drive. I wont go scrutinize about hard storage. I will just briefly cover it. Most computers typically have a 3 ½ floppy drive, usually assigned to drive letter A. what a lot of people do not know is that there is 3 types of 3 ½ floppies. There is a double density that formats to 720 kb. Then they came out with a high density disk that formats to 1.44 Mb which is twice as much as the double density disk. After the high density disk came the super density disk which formatted came to 2.8 Mb which as you might have guessed is twice as much as the high density disk. There is also a zip drive that holds 100 Mb's of space but not everybody has one and since a zip disk wont fit in a 3 ½ floppy drive and with the creation of the LS-120 disk which holds 120 Mb and 3 ½ floppy's can fit in LS-120 drives I predict zip drives wont really ever take off. Now about CD-ROMs. There is two major types of CD-ROMs out right now. One is scsi CD-ROM. Scsi cards are usually cheap and if you ever find a CD-ROM out somewhere that is fairly new and very cheap then odds are it is a scsi. The reason they are cheap is because they don't run by their self, u have to have an adapter to go with it and that adapter costs about 50 bucks and most people don't know that when they buy the scsi and that's how scsi sellers make their money. Another brand is ATAPI. ATAPI CD-ROMs plug into the IDE slot and then once plugged in you will have to install the CD-ROM driver and translator and it should work if you use the right driver. There is more proprietary CD-ROM's but most of them plug into the sound card and that can cause problems so I would stay away from scsi and proprietary and go with ATAPI.
PARTITIONS
Every hard drive must be partitioned and formatted before they can be used. You will need a copy of a partition too. At this time fdisk is a good partitioning too. Read the manual that comes with it and it will tell you how to use it. Dos partitions are super easy to make.
INTERRUPTS, DMA's AND IRQS
An interrupt is just like it says, it interrupt's something. I'll give you an example of how it works. Say your in school and your teacher is giving a lecture and somebody raises their hand and the teacher stops the lecture and asks the student what his question is. That is just like a computer interrupt. Lets say that you were connected to the internet. You type in a URL to go to www.yahoo.com and your modem sends out the data to all those DNS servers and then when a DNS server finds the address www.yahoo.com it will send back the information to the modem. Well the modem cant hold all of that info and has to send it to the memory so the modem can get some more info. But first it has to get the attention of the CPU so the CPU can put the info into the memory. So it uses it's interrupt to do this. It sends out a signal saying "hey I need you" (not really but close enough) and the computer sends back to the modem "go ahead and tell me what you need" and then the modem asks where it can store it's info in memory and then the CPU gives it the address to store the info at. Then the modem sends info to the memory using DMA. (direct memory access) DMA means that it can access the memory directly without having to go through the CPU. But sometimes it might have to go to the CPU once just to know where to put the info it has into memory then it can access the memory without any help. So now you know what an interrupt is and what DMA is, but what is an irq? An irq is the order of interrupt assignments in which the accer in. On older computers their was only 8 interrupts
  • 0) available
  • 1) sound/available
  • 2) floppy disk controller
  • 3) available
  • 4) first DMA Controller
  • 5) sound/available
  • 6) available
  • 7) available
so 0, being the first interrupt and 7 being the last. Now on the newer computer's there is currently 16 irq's.
  • 1) system timer
  • 2) Keyboard controller
  • 8) Real-time clock
  • 9) Available
  • 10) Available
  • 11) Available
  • 12) Motherboard mouse port/available
  • 13) Math coprocessor/available
  • 14) Primary IDE
  • 15) Secondary IDE/available
  • 3) Serial port 2
  • 4) Serial port 1
  • 5) Sound/parallel port 2
  • 6) Floppy disk controller
  • 7) Parallel port 1
This might look out of order but this is the way they come in. I'll explain what this means and how it works now. Lets say you were moving your mouse. Your mouse is irq number 12. Every time you move your mouse it sends out an interrupt 12 to your CPU and says, I need u! Then the CPU will reply back "what do you need" and then the mouse will say, "where am I on the screen and the CPU will tell it "you in position dah dah dah." That's how the irq works, well lets say that your moving your mouse while using your serial port 2. Your mouse has priority over your serial port 2 because your mouse comes first on your irq list. So when your sitting their just swishing your mouse around making a figure eight on your computer, you could be interrupting a function that your computer is doing and it will slow it down a tad.

  Written by:     REKAERF   



 How to clear Bios info

 READ EVEYTHING BEFORE YOU USE ANY METHOD LISTED BELOW

Basic BIOS password crack - works 9.9 times out of ten
This is a password hack but it clears the BIOS such that the next time you start the PC, the CMOS does not ask for any password. Now if you are able to bring the DOS prompt up, then you will be able to change the BIOS setting to the default. To clear the CMOS do the following:
Get DOS prompt and type:
DEBUG hit enter
-o 70 2e hit enter
-o 71 ff hit enter
-q hit enter
exit hit enter
Restart the computer. It works on most versions of the AWARD BIOS.



Accessing information on the hard disk
When you turn on the host machine, enter the CMOS setup menu (usually you have to press F2, or DEL, or CTRL+ALT+S during the boot sequence) and go to STANDARD CMOS SETUP, and set the channel to which you have put the hard disk as TYPE=Auto, MODE=AUTO, then SAVE & EXIT SETUP. Now you have access to the hard disk.

Standard BIOS backdoor passwords
The first, less invasive, attempt to bypass a BIOS password is to try on of these standard manufacturer's backdoor passwords:
AWARD BIOS
AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256, j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER, SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA, ZAAADA, ZJAAADC, djonet, %����� �p������%, %������ �p������%
AMI BIOS
AMI, A.M.I., AMI SW, AMI_SW, BIOS, PASSWORD, HEWITT RAND, Oder
Other passwords you may try (for AMI/AWARD or other BIOSes)
LKWPETER, lkwpeter, BIOSTAR, biostar, BIOSSTAR, biosstar, ALFAROME, Syxz, Wodj
Note that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards (such as Italian and German ones), so -- for example -- you should type AWARD?SW when using those keyboards. Also remember that passwords are Case Sensitive. The last two passwords in the AWARD BIOS list are in Russian.

Flashing BIOS via software
If you have access to the computer when it's turned on, you could try one of those programs that remove the password from the BIOS, by invalidating its memory.
However, it might happen you don't have one of those programs when you have access to the computer, so you'd better learn how to do manually what they do. You can reset the BIOS to its default values using the MS-DOS tool DEBUG (type DEBUG at the command prompt. You'd better do it in pure MS-DOS mode, not from a MS-DOS shell window in Windows). Once you are in the debug environment enter the following commands:
AMI/AWARD BIOS
O 70 17
O 71 17
Q
PHOENIX BIOS
O 70 FF
O 71 17
Q
GENERIC
Invalidates CMOS RAM.
Should work on all AT motherboards
(XT motherboards don't have CMOS)
O 70 2E
O 71 FF
Q
Note that the first letter is a "O" not the number "0". The numbers which follow are two bytes in hex format.

Flashing BIOS via hardware
If you can't access the computer when it's on, and the standard backdoor passwords didn't work, you'll have to flash the BIOS via hardware. Please read the important notes at the end of this section before to try any of these methods.

Using the jumpers
The canonical way to flash the BIOS via hardware is to plug, unplug, or switch a jumper on the motherboard (for "switching a jumper" I mean that you find a jumper that joins the central pin and a side pin of a group of three pins, you should then unplug the jumper and then plug it to the central pin and to the pin on the opposite side, so if the jumper is normally on position 1-2, you have to put it on position 2-3, or vice versa). This jumper is not always located near to the BIOS, but could be anywhere on the motherboard.
To find the correct jumper you should read the motherboard's manual.
Once you've located the correct jumper, switch it (or plug or unplug it, depending from what the manual says) while the computer is turned OFF. Wait a couple of seconds then put the jumper back to its original position. In some motherboards it may happen that the computer will automatically turn itself on, after flashing the BIOS. In this case, turn it off, and put the jumper back to its original position, then turn it on again. Other motherboards require you turn the computer on for a few seconds to flash the BIOS.
If you don't have the motherboard's manual, you'll have to "brute force" it... trying out all the jumpers. In this case, try first the isolated ones (not in a group), the ones near to the BIOS, and the ones you can switch (as I explained before). If all them fail, try all the others. However, you must modify the status of only one jumper per attempt, otherwise you could damage the motherboard (since you don't know what the jumper you modified is actually meant for). If the password request screen still appear, try another one.
If after flashing the BIOS, the computer won't boot when you turn it on, turn it off, and wait some seconds before to retry.

Removing the battery
If you can't find the jumper to flash the BIOS or if such jumper doesn't exist, you can remove the battery that keeps the BIOS memory alive. It's a button-size battery somewhere on the motherboard (on elder computers the battery could be a small, typically blue, cylinder soldered to the motherboard, but usually has a jumper on its side to disconnect it, otherwise you'll have to unsolder it and then solder it back). Take it away for 15-30 minutes or more, then put it back and the data contained into the BIOS memory should be volatilized. I'd suggest you to remove it for about one hour to be sure, because if you put it back when the data aren't erased yet you'll have to wait more time, as you've never removed it. If at first it doesn't work, try to remove the battery overnight.
Important note: in laptop and notebooks you don't have to remove the computer's power batteries (which would be useless), but you should open your computer and remove the CMOS battery from the motherboard.

Short-circuiting the chip
Another way to clear the CMOS RAM is to reset it by short circuiting two pins of the BIOS chip for a few seconds. You can do that with a small piece of electric wire or with a bent paper clip. Always make sure that the computer is turned OFF before to try this operation.
Here is a list of EPROM chips that are commonly used in the BIOS industry. You may find similar chips with different names if they are compatible chips made by another brand. If you find the BIOS chip you are working on matches with one of the following you can try to short-circuit the appropriate pins. Be careful, because this operation may damage the chip.
CHIPS P82C206 (square)
Short together pins 12 and 32 (the first and the last pins on the bottom edge of the chip) or pins 74 and 75 (the two pins on the upper left corner).
gnd
74
|__________________
5v 75--| |
| |
| |
| CHIPS |
1 * | |
| P82C206 |
| |
| |
|___________________|
| |
| gnd | 5v
12 32
OPTi F82C206 (rectangular)
Short together pins 3 and 26 (third pin from left side and fifth pin from right side on the bottom edge).
80 51
|______________|
81 -| |- 50
| |
| |
| OPTi |
| |
| F82C206 |
| |
100-|________________|-31
|| | |
1 || | | 30
3 26

Dallas DS1287, DS1287A
Benchmarq bp3287MT, bq3287AMT
The Dallas DS1287 and DS1287A, and the compatible Benchmarq bp3287MT and bq3287AMT chips have a built-in battery. This battery should last up to ten years. Any motherboard using these chips should not have an additional battery (this means you can't flash the BIOS by removing a battery). When the battery fails, the RTC chip would be replaced.
CMOS RAM can be cleared on the 1287A and 3287AMT chips by shorting pins 12 and 21.
The 1287 (and 3287MT) differ from the 1287A in that the CMOS RAM can't be cleared. If there is a problem such as a forgotten password, the chip must be replaced. (In this case it is recommended to replace the 1287 with a 1287A). Also the Dallas 12887 and 12887A are similar but contain twice as much CMOS RAM storage.
__________
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21 RCL (RAM Clear)
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13

NOTE: Although these are 24-pin chips,
the Dallas chips may be missing 5 pins,
these are unused pins.
Most chips have unused pins,
though usually they are still present.

Dallas DS12885S
Benchmarq bq3258S
Hitachi HD146818AP
Samsung KS82C6818A
This is a rectangular 24-pin DIP chip, usually in a socket. The number on the chip should end in 6818.
Although this chip is pin-compatible with the Dallas 1287/1287A, there is no built-in battery.
Short together pins 12 and 24.
5v
24 20 13
|___________|____________________|
| |
| DALLAS |
|> |
| DS12885S |
| |
|__________________________________|
| |
1 12
gnd

Motorola MC146818AP
Short pins 12 and 24. These are the pins on diagonally opposite corners - lower left and upper right. You might also try pins 12 and 20.
__________
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13

Replacing the chip
If nothing works, you could replace the existing BIOS chip with a new one you can buy from your specialized electronic shop or your computer supplier. It's a quick operation if the chip is inserted on a base and not soldered to the motherboard, otherwise you'll have to unsolder it and then put the new one. In this case would be more convenient to solder a base on which you'll then plug the new chip, in the eventuality that you'll have to change it again. If you can't find the BIOS chip specifically made for your motherboard, you should buy one of the same type (probably one of the ones shown above) and look in your motherboard manufacturer's website to see if there's the BIOS image to download. Then you should copy that image on the chip you bought with an EPROM programmer.

Important
Whether is the method you use, when you flash the BIOS not only the password, but also all the other configuration data will be reset to the factory defaults, so when you are booting for the first time after a BIOS flash, you should enter the CMOS configuration menu (as explained before) and fix up some things.
Also, when you boot Windows, it may happen that it finds some new device, because of the new configuration of the BIOS, in this case you'll probably need the Windows installation CD because Windows may ask you for some external files. If Windows doesn't see the CD-ROM try to eject and re-insert the CD-ROM again. If Windows can't find the CD-ROM drive and you set it properly from the BIOS config, just reboot with the reset key, and in the next run Windows should find it. However most files needed by the system while installing new hardware could also be found in C:WINDOWS, C:WINDOWSSYSTEM, or C:WINDOWSINF .

Key Disk for Toshiba laptops
Some Toshiba notebooks allow to bypass BIOS by inserting a "key-disk" in the floppy disk drive while booting. To create a Toshiba Keydisk, take a 720Kb or 1.44Mb floppy disk, format it (if it's not formatted yet), then use a hex editor such as Hex Workshop (***.bpsoft.com/downloads/index.html) to change the first five bytes of the second sector (the one after the boot sector) and set them to 4B 45 59 00 00 (note that the first three bytes are the ASCII for "KEY" followed by two zeroes). Once you have created the key disk put it into the notebook's drive and turn it on, then push the reset button and when asked for password, press Enter. You will be asked to Set Password again. Press Y and Enter. You'll enter the BIOS configuration where you can set a new password.

Key protected cases
A final note about those old computers (up to 486 and early Pentiums) protected with a key that prevented the use of the mouse and the keyboard or the power button. All you have to do with them is to follow the wires connected to the key hole, locate the jumper to which they are connected and unplug it.


 READ EVEYTHING BEFORE YOU USE ANY METHOD LISTED BELOW

Basic BIOS password crack - works 9.9 times out of ten
This is a password hack but it clears the BIOS such that the next time you start the PC, the CMOS does not ask for any password. Now if you are able to bring the DOS prompt up, then you will be able to change the BIOS setting to the default. To clear the CMOS do the following:
Get DOS prompt and type:
DEBUG hit enter
-o 70 2e hit enter
-o 71 ff hit enter
-q hit enter
exit hit enter
Restart the computer. It works on most versions of the AWARD BIOS.



Accessing information on the hard disk
When you turn on the host machine, enter the CMOS setup menu (usually you have to press F2, or DEL, or CTRL+ALT+S during the boot sequence) and go to STANDARD CMOS SETUP, and set the channel to which you have put the hard disk as TYPE=Auto, MODE=AUTO, then SAVE & EXIT SETUP. Now you have access to the hard disk.

Standard BIOS backdoor passwords
The first, less invasive, attempt to bypass a BIOS password is to try on of these standard manufacturer's backdoor passwords:
AWARD BIOS
AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256, j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER, SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, KDD, ZBAAACA, ZAAADA, ZJAAADC, djonet, %øåñòü ïpîáåëîâ%, %äåâÿòü ïpîáåëîâ%
AMI BIOS
AMI, A.M.I., AMI SW, AMI_SW, BIOS, PASSWORD, HEWITT RAND, Oder
Other passwords you may try (for AMI/AWARD or other BIOSes)
LKWPETER, lkwpeter, BIOSTAR, biostar, BIOSSTAR, biosstar, ALFAROME, Syxz, Wodj
Note that the key associated to "_" in the US keyboard corresponds to "?" in some European keyboards (such as Italian and German ones), so -- for example -- you should type AWARD?SW when using those keyboards. Also remember that passwords are Case Sensitive. The last two passwords in the AWARD BIOS list are in Russian.

Flashing BIOS via software
If you have access to the computer when it's turned on, you could try one of those programs that remove the password from the BIOS, by invalidating its memory.
However, it might happen you don't have one of those programs when you have access to the computer, so you'd better learn how to do manually what they do. You can reset the BIOS to its default values using the MS-DOS tool DEBUG (type DEBUG at the command prompt. You'd better do it in pure MS-DOS mode, not from a MS-DOS shell window in Windows). Once you are in the debug environment enter the following commands:
AMI/AWARD BIOS
O 70 17
O 71 17
Q
PHOENIX BIOS
O 70 FF
O 71 17
Q
GENERIC
Invalidates CMOS RAM.
Should work on all AT motherboards
(XT motherboards don't have CMOS)
O 70 2E
O 71 FF
Q
Note that the first letter is a "O" not the number "0". The numbers which follow are two bytes in hex format.

Flashing BIOS via hardware
If you can't access the computer when it's on, and the standard backdoor passwords didn't work, you'll have to flash the BIOS via hardware. Please read the important notes at the end of this section before to try any of these methods.

Using the jumpers
The canonical way to flash the BIOS via hardware is to plug, unplug, or switch a jumper on the motherboard (for "switching a jumper" I mean that you find a jumper that joins the central pin and a side pin of a group of three pins, you should then unplug the jumper and then plug it to the central pin and to the pin on the opposite side, so if the jumper is normally on position 1-2, you have to put it on position 2-3, or vice versa). This jumper is not always located near to the BIOS, but could be anywhere on the motherboard.
To find the correct jumper you should read the motherboard's manual.
Once you've located the correct jumper, switch it (or plug or unplug it, depending from what the manual says) while the computer is turned OFF. Wait a couple of seconds then put the jumper back to its original position. In some motherboards it may happen that the computer will automatically turn itself on, after flashing the BIOS. In this case, turn it off, and put the jumper back to its original position, then turn it on again. Other motherboards require you turn the computer on for a few seconds to flash the BIOS.
If you don't have the motherboard's manual, you'll have to "brute force" it... trying out all the jumpers. In this case, try first the isolated ones (not in a group), the ones near to the BIOS, and the ones you can switch (as I explained before). If all them fail, try all the others. However, you must modify the status of only one jumper per attempt, otherwise you could damage the motherboard (since you don't know what the jumper you modified is actually meant for). If the password request screen still appear, try another one.
If after flashing the BIOS, the computer won't boot when you turn it on, turn it off, and wait some seconds before to retry.

Removing the battery
If you can't find the jumper to flash the BIOS or if such jumper doesn't exist, you can remove the battery that keeps the BIOS memory alive. It's a button-size battery somewhere on the motherboard (on elder computers the battery could be a small, typically blue, cylinder soldered to the motherboard, but usually has a jumper on its side to disconnect it, otherwise you'll have to unsolder it and then solder it back). Take it away for 15-30 minutes or more, then put it back and the data contained into the BIOS memory should be volatilized. I'd suggest you to remove it for about one hour to be sure, because if you put it back when the data aren't erased yet you'll have to wait more time, as you've never removed it. If at first it doesn't work, try to remove the battery overnight.
Important note: in laptop and notebooks you don't have to remove the computer's power batteries (which would be useless), but you should open your computer and remove the CMOS battery from the motherboard.

Short-circuiting the chip
Another way to clear the CMOS RAM is to reset it by short circuiting two pins of the BIOS chip for a few seconds. You can do that with a small piece of electric wire or with a bent paper clip. Always make sure that the computer is turned OFF before to try this operation.
Here is a list of EPROM chips that are commonly used in the BIOS industry. You may find similar chips with different names if they are compatible chips made by another brand. If you find the BIOS chip you are working on matches with one of the following you can try to short-circuit the appropriate pins. Be careful, because this operation may damage the chip.
CHIPS P82C206 (square)
Short together pins 12 and 32 (the first and the last pins on the bottom edge of the chip) or pins 74 and 75 (the two pins on the upper left corner).
gnd
74
|__________________
5v 75--| |
| |
| |
| CHIPS |
1 * | |
| P82C206 |
| |
| |
|___________________|
| |
| gnd | 5v
12 32
OPTi F82C206 (rectangular)
Short together pins 3 and 26 (third pin from left side and fifth pin from right side on the bottom edge).
80 51
|______________|
81 -| |- 50
| |
| |
| OPTi |
| |
| F82C206 |
| |
100-|________________|-31
|| | |
1 || | | 30
3 26

Dallas DS1287, DS1287A
Benchmarq bp3287MT, bq3287AMT
The Dallas DS1287 and DS1287A, and the compatible Benchmarq bp3287MT and bq3287AMT chips have a built-in battery. This battery should last up to ten years. Any motherboard using these chips should not have an additional battery (this means you can't flash the BIOS by removing a battery). When the battery fails, the RTC chip would be replaced.
CMOS RAM can be cleared on the 1287A and 3287AMT chips by shorting pins 12 and 21.
The 1287 (and 3287MT) differ from the 1287A in that the CMOS RAM can't be cleared. If there is a problem such as a forgotten password, the chip must be replaced. (In this case it is recommended to replace the 1287 with a 1287A). Also the Dallas 12887 and 12887A are similar but contain twice as much CMOS RAM storage.
__________
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21 RCL (RAM Clear)
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13

NOTE: Although these are 24-pin chips,
the Dallas chips may be missing 5 pins,
these are unused pins.
Most chips have unused pins,
though usually they are still present.

Dallas DS12885S
Benchmarq bq3258S
Hitachi HD146818AP
Samsung KS82C6818A
This is a rectangular 24-pin DIP chip, usually in a socket. The number on the chip should end in 6818.
Although this chip is pin-compatible with the Dallas 1287/1287A, there is no built-in battery.
Short together pins 12 and 24.
5v
24 20 13
|___________|____________________|
| |
| DALLAS |
|> |
| DS12885S |
| |
|__________________________________|
| |
1 12
gnd

Motorola MC146818AP
Short pins 12 and 24. These are the pins on diagonally opposite corners - lower left and upper right. You might also try pins 12 and 20.
__________
1 -| * U |- 24 5v
2 -| |- 23
3 -| |- 22
4 -| |- 21
5 -| |- 20
6 -| |- 19
7 -| |- 18
8 -| |- 17
9 -| |- 16
10 -| |- 15
11 -| |- 14
gnd 12 -|__________|- 13

Replacing the chip
If nothing works, you could replace the existing BIOS chip with a new one you can buy from your specialized electronic shop or your computer supplier. It's a quick operation if the chip is inserted on a base and not soldered to the motherboard, otherwise you'll have to unsolder it and then put the new one. In this case would be more convenient to solder a base on which you'll then plug the new chip, in the eventuality that you'll have to change it again. If you can't find the BIOS chip specifically made for your motherboard, you should buy one of the same type (probably one of the ones shown above) and look in your motherboard manufacturer's website to see if there's the BIOS image to download. Then you should copy that image on the chip you bought with an EPROM programmer.

Important
Whether is the method you use, when you flash the BIOS not only the password, but also all the other configuration data will be reset to the factory defaults, so when you are booting for the first time after a BIOS flash, you should enter the CMOS configuration menu (as explained before) and fix up some things.
Also, when you boot Windows, it may happen that it finds some new device, because of the new configuration of the BIOS, in this case you'll probably need the Windows installation CD because Windows may ask you for some external files. If Windows doesn't see the CD-ROM try to eject and re-insert the CD-ROM again. If Windows can't find the CD-ROM drive and you set it properly from the BIOS config, just reboot with the reset key, and in the next run Windows should find it. However most files needed by the system while installing new hardware could also be found in C:WINDOWS, C:WINDOWSSYSTEM, or C:WINDOWSINF .

Key Disk for Toshiba laptops
Some Toshiba notebooks allow to bypass BIOS by inserting a "key-disk" in the floppy disk drive while booting. To create a Toshiba Keydisk, take a 720Kb or 1.44Mb floppy disk, format it (if it's not formatted yet), then use a hex editor such as Hex Workshop (***.bpsoft.com/downloads/index.html) to change the first five bytes of the second sector (the one after the boot sector) and set them to 4B 45 59 00 00 (note that the first three bytes are the ASCII for "KEY" followed by two zeroes). Once you have created the key disk put it into the notebook's drive and turn it on, then push the reset button and when asked for password, press Enter. You will be asked to Set Password again. Press Y and Enter. You'll enter the BIOS configuration where you can set a new password.

Key protected cases
A final note about those old computers (up to 486 and early Pentiums) protected with a key that prevented the use of the mouse and the keyboard or the power button. All you have to do with them is to follow the wires connected to the key hole, locate the jumper to which they are connected and unplug it.


First the safety rules

The inside of a computer is a bad place full of electricity and sharp edges.
On the electricity side always when working on you computer make sure that it’s still plugged in to the power socket and the power is turned off, this is to ensure that any static
From you is discharged through the earth. The inside of most computer cases are unfinished metal and has very sharp edges so be careful.

The first signs of a battery failing are:-

1) your clock starts running slowly
2) when you boot (start) your computer it has a problem finding your hardware (no hard drive, no cd rom)

To change the battery you need the following tools

1) a X-point screwdriver
2) an anti-static strap(optional)
3) a new battery (seems logical)

Then unplug all the cables from the back of the computer as you remove them make a note where they came from. (So when you finished you can put them back)

Move the computer somewhere where you can work on it with ease

Remove the cover by locating the screws around the outer edge (back) of the computer
Some computer cases only require you to remove 2 screws on one side then a panel can be removed allowing you access to the computers insides, others you must remove 6 screws and remove the whole case by sliding it to the rear and lifting it off.

Now make sure that you read the safety instructions about static.
Look inside you will see a round silver thing that looks about the size of a 10p piece (quarter). This is the battery itself, carefully lift the retaining clip and slide the battery out. That’s it removed now go to your local computer retailer, electrical retailer (Tandy/Radio shack) taking the old battery with you and get a new battery.

Back to your computer insert the new battery by lifting the clip and sliding the battery in.

Reinstall your case and plug all the cables back (you did remember to label them didn’t you)

Now for the fun part.

You will now need to go into you bios….

Right the bios is the god of your computer.

To access it, when your computer first starts you will see a black screen with white text.

If you look carefully you will see a line that says something like "press del for setup" or some other key (F2 or ESC or tab) this will take you to god's house where you can make lots of changes to the way your machine works.

It is also the place where you can make your nice computer in to a rather expensive door stop so be careful and don’t go playing with anything.

You will now be presented with a blue screen with a lot of options on it,
The one we want is load optimised/default settings.

Press the F10 key and type y the computer should now reboot.

If every thing went well then your computer will now be up and running.



Shizers way: Keep computer running. Lay it on it's side and remove side cover to expose MoBo. Take any thin object, "small screwdriver, knife point, wood shiskabob skewer. Pull back the battery retaining clip. Toss the old battery in the junk recepticle, unless you belong to greenpeace and want to save the earth. Install the new battery. No need to reset bios becasue the compter supplies voltage to the cmos while it is running. Reset or resync clock with internet. Done!



The most common problems originate
from corruption of the master boot record, FAT, or directory.
Those are soft problems which can usually be taken care of
with a combination of tools like Fdisk /mbr to refresh the
master boot record followed by a reboot and Norton disk doctor
or Spinneret.

The most common hardware problems are a bad controller, a bad
drive motor, or a bad head mechanism.

1. Can the BIOS see and identify the hard drive correctly? If
it can't, then the hard drives onboard controller is bad.

2. Does the drive spin and maintain a constant velocity? If it
does, that's good news. The motor is functioning.

3. If the drive surges and dies, the most likely cause is a
bad controller (assuming the drive is cool). A gate allowing
the current to drive the motor may not be staying open. The
drive needs a new controller.

4. Do you hear a lot of head clatter when the machine is
turned on and initialized (but before the system attempts to
access the hard drive). Head clatter would indicate that the
spindle bearings are sloppy or worn badly. Maybe even lose and
flopping around inside.

5. There is always the possibility that the controller you are
using in the machine has gone south.

1. If the drive spins, try booting to the A> prompt, run Fdisk
and check to see if Fdisk can see a partition on the hard
drive. If Fdisk can see the partition, that means that it can
access the drive and that the controller electronics are
functioning correctly. If there is no head clatter, it may be
just a matter of disk corruption which commonly occurs when a
surge hits you machine and overwhelms the power supply voltage
regulator. It commonly over whelms the system electronics
allowing an EM pulse to wipe out the master boot record, file
allocations table, and primary directory. Fdisk can fix the
master boot record and Norton Disk Doctor can restore the FAT
and Directory from the secondaries.
2. The drive spins but Fdisk can't see it. Try the drive in
another system and repeat the test to confirm that Fdisk can't
read through the drives onboard controller. If it sees it in
another system, then your machines hard drive interface is
bad. You can try an upgraded or replacement controller card
like a Promise or CMD Technologies (there are others) in you
machine after disabling the integrated controller in the BIOS,
but if the integrated controller went south, it may just be
symptomatic of further failures and you'd be wise to replace
the motherboard. Trying the drive in another machine also
eliminates the variable that your machines 12 volt power
output being bad

3. If you get head clatter but a constant velocity on the
drive motor (no surging), you might try sticking the hard
drive in the freezer for about 12 hours. This is an old trick
from back in the days of the MFM/ESDI driver era. This can
cause the drive components to shrink enough to make the track
marker align with the tracks. We don't see that kind of
platter spindle wear much anymore, but back in the old days,
the balancing and bearings weren't as good. Still, under the
right circumstances, it might help. It would depend on how old
the drive is and how many hours of wear have occurred. You
have to be quick to get your info off the drive when it works.
Back then, the drives were much smaller, so there wasn't so
much to copy. So, go after the important data first.

4. The drive doesn't spin. Either the onboard controller is
bad or the motor is bad (assuming you did try the drive in
another machine). It's time to hit the net and local
independent shops to see if you can locate another drive of
the same make and model that's good. Since the drive is
probably an older drive and no longer in distribution, your
best bet is to find an identical used drive. If you know
someone with the same make and model, you might be wise to try
and persuade them to sell you their drive with an offer of
providing them with a free upgraded drive. If you can locate
an identical drive, start with the controller replacement ...
this is the simplest and least invasive. If swapping the
controller doesn't produce the desire result, you can tear
into the drive and swap the motors. While you have both drive
opened up to accomplish this, scrutinize the platters, heads
and armatures. You might even hook the drive up and power it
from a system with both drives attached. This way, you could
see anything that deviates between the actions of both drives
when they are initialized. Swapping patters is unlikely to
produce any positive result. They are a balanced system like
the tires on your car and I suspect that the balance will be
different for each drive as will other variables.

5. There's always Ontrack Corp. who will attempt to recoup
your info starting at $500 and going up from there. They don't
fix and return the drive either.

If the info is all that important to you, I would seek some
professional and experience technician in your locality who
makes his living from servicing and building computer systems
... not just selling them. If you have had much experience
salvaging information from bad hard drives, your likelihood of
success is low. In the case of soft corruption, all utilities
have their eccentricities. Often times, Norton Disk Doctor
will go too far (if you let it). It's wise to just let those
utilities small steps and then have a look at the drive and
see if you can copy it off. Norton will go so far as to rename
directories and files, and even delete them or break them up
into fragments which are useless.
_________________



part 1


Like any other field in computer science, viruses have evolved -a great deal indeed- over the years. In the series of press releases which start today, we will look at the origins and evolution of malicious code since it first appeared up to the present.

Going back to the origin of viruses, it was in 1949 that Mathematician John Von Neumann described self-replicating programs which could resemble computer viruses as they are known today. However, it was not until the 60s that we find the predecessor of current viruses. In that decade, a group of programmers developed a game called Core Wars, which could reproduce every time it was run, and even saturate the memory of other players’ computers. The creators of this peculiar game also created the first antivirus, an application named Reeper, which could destroy copies created by Core Wars.

However, it was only in 1983 that one of these programmers announced the existence of Core Wars, which was described the following year in a prestigious scientific magazine: this was actually the starting point of what we call computer viruses today.

At that time, a still young MS-DOS was starting to become the preeminent operating system worldwide. This was a system with great prospects, but still many deficiencies as well, which arose from software developments and the lack of many hardware elements known today. Even like this, this new operating system became the target of a virus in 1986: Brain, a malicious code created in Pakistan which infected boot sectors of disks so that their contents could not be accessed. That year also saw the birth of the first Trojan: an application called PC-Write.

Shortly after, virus writers realized that infecting files could be even more harmful to systems. In 1987, a virus called Suriv-02 appeared, which infected COM files and opened the door to the infamous viruses Jerusalem or Viernes 13. However, the worst was still to come: 1988 set the date when the “Morris worm” appeared, infecting 6,000 computers.

From that date up to 1995 the types of malicious codes that are known today started being developed: the first macro viruses appeared, polymorphic viruses … Some of these even triggered epidemics, such as MichaelAngelo. However, there was an event that changed the virus scenario worldwide: the massive use of the Internet and e-mail. Little by little, viruses started adapting to this new situation until the appearance, in 1999, of Melissa, the first malicious code to cause a worldwide epidemic, opening a new era for computer viruses.



part 2


This second installment of ‘The evolution of viruses’ will look at how malicious code used to spread before use of the Internet and e-mail became as commonplace as it is today, and the main objectives of the creators of those earlier viruses.
Until the worldwide web and e-mail were adopted as a standard means of communication the world over, the main mediums through which viruses spread were floppy disks, removable drives, CDs, etc., containing files that were already infected or with the virus code in an executable boot sector.

When a virus entered a system it could go memory resident, infecting other files as they were opened, or it could start to reproduce immediately, also infecting other files on the system. The virus code could also be triggered by a certain event, for example when the system clock reached a certain date or time.  In this case, the virus creator would calculate the time necessary for the virus to spread and then set a date –often with some particular significance- for the virus to activate. In this way, the virus would have an incubation period during which it didn’t visibly affect computers, but just spread from one system to another waiting for ‘D-day’ to launch its payload. This incubation period would be vital to the virus successfully infecting as many computers as possible.

One classic example of a destructive virus that lay low before releasing its payload was CIH, also known as Chernobyl. The most damaging version of this malicious code activated on April 26, when it would try to overwrite the flash-BIOS, the memory which includes the code needed to control PC devices. This virus, which first appeared in June 1998, had a serious impact for over two years and still continues to infect computers today.

Because of the way in which they propagate, these viruses spread very slowly, especially in comparison to the speed of today’s malicious code. Towards the end of the Eighties, for example, the Friday 13th (or Jerusalem) virus needed a long time to actually spread and continued to infect computers for some years. In contrast, experts reckon that in January 2003, SQLSlammer took just ten minutes to cause global communication problems across the Internet.

Notoriety versus stealth

For the most part, in the past, the activation of a malicious code triggered a series of on screen messages or images, or caused sounds to be emitted to catch the user’s attention.  Such was the case with the Ping Pong virus, which displayed a ball bouncing from one side of the screen to another. This kind of elaborate display was used by the creator of the virus to gain as much notoriety as possible. Nowadays however, the opposite is the norm, with virus authors trying to make malicious code as discreet as possible, infecting users’ systems without them noticing that anything is amiss.



pat 3


This third installment of ‘The evolution of viruses’ will look at how the Internet and e-mail changed the propagation techniques used by computer viruses.

Internet and e-mail revolutionized communications. However, as expected, virus creators didn’t take long to realize that along with this new means of communication, an excellent way of spreading their creations far and wide had also dawned. Therefore, they quickly changed their aim from infecting a few computers while drawing as much attention to themselves as possible, to damaging as many computers as possible, as quickly as possible. This change in strategy resulted in the first global virus epidemic, which was caused by the Melissa worm.

With the appearance of Melissa, the economic impact of a virus started to become an issue. As a result, users -above all companies- started to become seriously concerned about the consequences of viruses on the security of their computers. This is how users discovered antivirus programs, which started to be installed widely. However, this also brought about a new challenge for virus writers, how to slip past this protection and how to persuade users to run infected files.

The answer to which of these virus strategies was the most effective came in the form of a new worm: Love Letter, which used a simple but effective ruse that could be considered an early type of social engineering. This strategy involves inserting false messages that trick users into thinking that the message includes anything, except a virus. This worm’s bait was simple; it led users to believe that they had received a love letter.

This technique is still the most widely used. However, it is closely followed by another tactic that has been the center of attention lately: exploiting vulnerabilities in commonly used software. This strategy offers a range of possibilities depending on the security hole exploited. The first malicious code to use this method –and quite successfully- were the BubbleBoy and Kakworm worms. These worms exploited a vulnerability in Internet Explorer by inserting HTML code in the body of the e-mail message, which allowed them to run automatically, without needing the user to do a thing.

Vulnerabilities allow many different types of actions to be carried out. For example, they allow viruses to be dropped on computers directly from the Internet -such as the Blaster worm-. In fact, the effects of the virus depend on the vulnerability that the virus author tries to exploit.



part 4


In the early days of computers, there were relatively few PCs likely to contain “sensitive” information, such as credit card numbers or other financial data, and these were generally limited to large companies that had already incorporated computers into working processes.

In any event, information stored in computers was not likely to be compromised, unless the computer was connected to a network through which the information could be transmitted. Of course, there were exceptions to this and there were cases in which hackers perpetrated frauds using data stored in IT systems. However, this was achieved through typical hacking activities, with no viruses involved.

The advent of the Internet however caused virus creators to change their objectives, and, from that moment on, they tried to infect as many computers as possible in the shortest time. Also, the introduction of Internet services -like e-banking or online shopping- brought in another change. Some virus creators started writing malicious codes not to infect computers, but, to steal confidential data associated to those services.  Evidently, to achieve this, they needed viruses that could infect many computers silently.

Their malicious labor was finally rewarded with the appearance, in 1986, of a new breed of malicious code generically called “Trojan Horse”, or simply “Trojan”. This first Trojan was called PC-Write and tried to pass itself off as the shareware version of a text processor. When run, the Trojan displayed a functional text processor on screen. The problem was that, while the user wrote, PC-Write deleted and corrupted files on the computers’ hard disk.

After PC-Write, this type of malicious code evolved very quickly to reach the stage of present-day Trojans. Today, many of the people who design Trojans to steal data cannot be considered virus writers but simply thieves who, instead of using blowtorches or dynamite have turned to viruses to commit their crimes. Ldpinch.W or the Bancos or Tolger families of Trojans are examples of this


part 5


Even though none of them can be left aside, some particular fields of computer science have played a more determinant role than others with regard to the evolution of viruses. One of the most influential fields has been the development of programming languages.

These languages are basically a means of communication with computers in order to tell them what to do. Even though each of them has its own specific development and formulation rules, computers in fact understand only one language called "machine code".

Programming languages act as an interpreter between the programmer and the computer. Obviously, the more directly you can communicate with the computer, the better it will understand you, and more complex actions you can ask it to perform.

According to this, programming languages can be divided into "low and high level" languages, depending on whether their syntax is more understandable for programmers or for computers. A "high level" language uses expressions that are easily understandable for most programmers, but not so much for computers. Visual Basic and C are good examples of this type of language.

On the contrary, expressions used by "low level" languages are closer to machine code, but are very difficult to understand for someone who has not been involved in the programming process. One of the most powerful, most widely used examples of this type of language is "assembler".

In order to explain the use of programming languages through virus history, it is necessary to refer to hardware evolution. It is not difficult to understand that an old 8-bit processor does not have the power of modern 64-bit processors, and this of course, has had an impact on the programming languages used.

In this and the next installments of this series, we will look at the different programming languages used by virus creators through computer history:

- Virus antecessors: Core Wars

As was already explained in the first chapter of this series, a group of programs called Core Wars, developed by engineers at an important telecommunications company, are considered the antecessors of current-day viruses. Computer science was still in the early stages and programming languages had hardly developed. For this reason, authors of these proto-viruses used a language that was almost equal to machine code to program them.

Curiously enough, it seems that one of the Core Wars programmers was Robert Thomas Morris, whose son programmed -years later- the "Morris worm". This malicious code became extraordinarily famous since it managed to infect 6,000 computers, an impressive figure for 1988.

- The new gurus of the 8-bits and the assembler language.

The names Altair, IMSAI and Apple in USA and Sinclair, Atari and Commodore in Europe, bring memories of times gone by, when a new generation of computer enthusiasts "fought" to establish their place in the programming world. To be the best, programmers needed to have profound knowledge of machine code and assembler, as interpreters of high-level languages used too much run time. BASIC, for example, was a relatively easy to learn language which allowed users to develop programs simply and quickly. It had however, many limitations.

This caused the appearance of two groups of programmers: those who used assembler and those who turned to high-level languages (BASIC and PASCAL, mainly).

Computer aficionados of the time enjoyed themselves more by programming useful software than malware. However, 1981 saw the birth of what can be considered the first 8-bit virus. Its name was "Elk Cloner", and was programmed in machine code. This virus could infect Apple II systems and displayed a message when it infected a computer.



part 6


Computer viruses evolve in much the same way as in other areas of IT. Two of the most important factors in understanding how viruses have reached their current level are the development of programming languages and the appearance of increasingly powerful hardware.

In 1981, almost at the same time as Elk Kloner (the first virus for 8-bit processors) made its appearance, a new operating system was growing in popularity. Its full name was Microsoft Disk Operating System, although computer buffs throughout the world would soon refer to it simply as DOS.

DOS viruses

The development of MS DOS systems occurred in parallel to the appearance of new, more powerful hardware. Personal computers were gradually establishing themselves as tools that people could use in their everyday lives, and the result was that the number of PCs users grew substantially. Perhaps inevitably, more users also started creating viruses. Gradually, we witnessed the appearance of the first viruses and Trojans for DOS, written in assembler language and demonstrating a degree of skill on the part of their authors.

Far less programmers know assembler language than are familiar with high-level languages that are far easier to learn. Malicious code written in Fortran, Basic, Cobol, C or Pascal soon began to appear. The last two languages, which are well established and very powerful, are the most widely used, particularly in their TurboC and Turbo Pascal versions. This ultimately led to the appearance of “virus families”: that is, viruses that are followed by a vast number of related viruses which are slightly modified forms of the original code.

Other users took the less ‘artistic’ approach of creating destructive viruses that did not require any great knowledge of programming. As a result, batch processing file viruses or BAT viruses began to appear.

Win16 viruses

The development of 16-bit processors led to a new era in computing. The first consequence was the birth of Windows, which, at the time, was just an application to make it easier to handle DOS using a graphic interface.

The structure of Windows 3.xx files is rather difficult to understand, and the assembler language code is very complicated, as a result of which few programmers initially attempted to develop viruses for this platform. But this problem was soon solved thanks to the development of programming tools for high-level languages, above all Visual Basic. This application is so effective that many virus creators adopted it as their ‘daily working tool’. This meant that writing a virus had become a very straightforward task, and viruses soon appeared in their hundreds. This development was accompanied by the appearance of the first Trojans able to steal passwords. As a result, more than 500 variants of the AOL Trojan family -designed to steal personal information from infected computers-  were identified.

part 7

This seventh edition on the history of computer viruses will look at how the development of Windows and Visual Basic has influenced the evolution of viruses, as with the development of these, worldwide epidemics also evolved such as the first one caused by Melissa in 1999.

While Windows changed from being an application designed to make DOS easier to manage to a 32-bit platform and operating system in its own right, virus creators went back to using assembler as the main language for programming viruses.

Versions 5 and 6 of Visual Basic (VB) were developed, making it the preferred tool, along with Borland Delphi (the Pascal development for the Windows environment), for Trojan and worm writers. Then, Visual C, a powerful environment developed in C for Windows, was adopted for creating viruses, Trojans and worms. This last type of malware gained unusual strength, taking over almost all other types of viruses. Even though the characteristics of worms have changed over time, they all have the same objective: to spread to as many computers as possible, as quickly as possible.

With time, Visual Basic became extremely popular and Microsoft implemented part of the functionality of this language as an interpreter capable of running script files with a similar syntax.

At the same time as the Win32 platform was implemented, the first script viruses also appeared: malware inside a simple text file. These demonstrated that not only executable files (.EXE and .COM files) could carry viruses. As already seen with BAT viruses, there are also other means of propagation, proving the saying "anything that can be executed directly or through a interpreter can contain malware." To be specific, the first viruses that infected the macros included in Microsoft Office emerged. As a result, Word, Excel, Access and PowerPoint become ways of spreading ‘lethal weapons’, which destroyed information when the user simply opened a document.

Melissa and self-executing worms

The powerful script interpreters in Microsoft Office allowed virus authors to arm their creations with the characteristics of worms. A clear example is Melissa, a Word macro virus with the characteristics of a worm that infects Word 97 and 2000 documents. This worm automatically sends itself out as an attachment to an e-mail message to the first 50 contacts in the Outlook address book on the affected computer. This technique, which has unfortunately become very popular nowadays, was first used in this virus which, in 1999, caused one of the largest epidemics in computer history in just a few days. In fact, companies like Microsoft, Intel or Lucent Technologies had to block their connections to the Internet due to the actions of Melissa.

The technique started by Melissa was developed in 1999 by viruses like VBS/Freelink, which unlike its predecessor sent itself out to all the contacts in the address book on the infected PC. This started a new wave of worms capable of sending themselves out to all the contacts in the Outlook address book on the infected computer. Of these, the worm that most stands out from the rest is VBS/LoveLetter, more commonly known as ‘I love You’, which emerged in May 2000 and caused an epidemic that caused damage estimated at 10,000 million euros. In order to get the user’s attention and help it to spread, this worm sent itself out in an e-mail message with the subject ‘ILOVEYOU’ and an attached file called ‘LOVE-LETTER-FOR-YOU.TXT.VBS’. When the user opened this attachment, the computer was infected.

As well as Melissa, in 1999 another type of virus emerged that also marked a milestone in virus history. In November of that year, VBS/BubbleBoy appeared, a new type of Internet worm written in VB Script. VBS/BubbleBoy was automatically run without the user needing to click on an attached file, as it exploited a vulnerability in Internet Explorer 5 to automatically run when the message was opened or viewed. This worm was followed in 2000 by JS/Kak.Worm, which spread by hiding behind Java Script in the auto-signature in Microsoft Outlook Express, allowing it to infect computers without the user needing to run an attached file. These were the first samples of a series of worms, which were joined later on by worms capable of attacking computers when the user is browsing the Internet.