JProfiler is a great tool, however under 32 bit Ubuntu you can run into the problem of having a too low limit for open filehandles. This is a problem for JProfiler because it uses temporary files to work around the address-space limitation created by 32 bit (yeah, I know, I should upgrade to 64 bit – but 32 bit works great for now…)

To raise the maximum filehandle limit, do the following:

sudo gedit /etc/security/limits.conf
# add the following two lines before the # End of file marker
# yes, the initial star is also part of line, and you should add it
*       hard    nofile  4096
*       soft    nofile  4096
sudo gedit /etc/sysctl.conf
# restart your system

You can check if the changes were successful by using the ulimit command:

ulimit -n
# it should print out 4096

iptables-save and iptables-restore do not actually save/load the iptables rules to/from an external file. You are responsible for redirecting the output of iptables-save to a file and modifying the interface-up scripts such that it is loaded before the given interface comes up.

The Ubuntu documentation tells you how (although, it also was the source of my confusion) – the following commands should be executed as root, so don’t forget to sudo su first:

1. Save your rules in a file: iptables-save >/etc/iptables.rules
2. Edit your interfaces file (substitute your own favorite editor here): nano /etc/network/interfaces
3. Add a pre-up command to restore the saved rule. The fully configured file should look similar to this (the bold line is the one added):

   auto eth0
   iface eth0 inet dhcp
     pre-up iptables-restore < /etc/iptables.rules
   

HTH. And remember – security is a process / mindset, not a state. Always test the configuration changes you’ve done, don’t just assume that everything went ok because you didn’t receive error messages.

A small Windows tip: if your computer is part of a domain and all of the sudden you can’t access resources over the network (like shares, printers, etc), try changing your password.

I observed this in several networks, and although I’m not entirely sure about the reason – I suspect that it has something to do with the password expiration policy (even though the password seem to work when logging into the given system – even after a cold boot) – this workaround always seemed to work.

Update: Here is the discussion on serverfault about the problem. There were some good suggestions by Nico, but unfortunately no final solution was found as of now.

Picture taken from gemsling’s photostream with permission.

• You usually need high (SYSTEM account) privileges to run these programs, otherwise they will fail with cryptic messages. The easiest way to do this is to take psexec and run the following command: psexec \127.0.0.1 -s c:windowssystem32cmd.exe. This will start a command prompt with SYSTEM privileges (the downside of it is that in the started shell you won’t have things like tab completition :-()
• What is the difference between the “normal” and the *-alt versions? The “normal” executables try to manipulate data directly in the LSASS process. To do this, they need the offset for the data structures, which change from version to version. Although they contain some code do detect the data structures “heuristically”, this doesn’t always give the expected result. The “alternative” (-alt) executables inject code in the LSASS process, which (I assume) peforms the same action by calling undocumented API’s, which is more stable between Windows versions.
• iam-alt.exe has a bug. You can read the details on the HEXALE blog. To get a working version until the new version is released, you can do two things:
  • Modify the source code and recompile it, as the blogpost suggests
  • Fire up a hex editor (like HxD for Windows, or mcedit for Linux) and search for the string “00x” (the inversion is because the x86 is a little endian procesor). You should find two occurrences. Replace them with the literal zero bytes. This should do the trick.

The heart of the solution is a simple batch file:

:start
ping -n 1 -l 8 google.com
if errorlevel 1 goto dial
goto end
:dial
rasdial "Broadband Connection" username password
goto start
:end
cls

What this does, is to ping google.com as a connectivity test (using only one packet of a small size to avoid tripping anti-DoS mechanisms), and if the ping fails, it tries to dial the connection. Some remarks:

• This solution works in both dial-up and PPPoE scenarios. In fact I developed it in the later situation).
• Instead of pinging google.com (or some other host), alternative connectivity tests can be used. For example performing a DNS lookup (nslookup google.com) or fetching a webpage (curl http://google.com). Two things to be aware of: some providers give you access to their DNS servers even before the authentication (DNS tunnelling anyone?), so it might not be the definitive test to determine connectivity. The second method (fetching a webpage) involves downloading a third-party utility, which you might be lazy to do
• There is a secondary benefit for me in using a DNS name (google.com) rather than an IP: I’ve set up OpenDNS on the machines, and for some reason, the first lookups can be quite timeconsuming (30″-60″). After that the rest of the lookups are fast. I know that I’m quite far from the London OpenDNS resolver, as can be seen from the traceroute dump displayed below, but this is still mysterious. On the upside: the initial ping takes care of the problem.

  Tracing route to resolver1.opendns.com [208.67.222.222]
  over a maximum of 30 hops:
  
    ...
    6    69 ms    71 ms    70 ms  Frankfurt.de.ALTER.NET [139.4.25.21]
    7    81 ms    71 ms    75 ms  ge-0-2-0.XR1.FFT1.ALTER.NET [149.227.18.97]
    8   152 ms   150 ms   156 ms  ge-1-1-0.IL1.DCA4.ALTER.NET [146.188.15.65]
    9   150 ms   153 ms   155 ms  0.so-7-0-0.IL3.DCA6.ALTER.NET [146.188.15.58]
   10   162 ms   161 ms   154 ms  0.so-5-2-0.XL3.IAD8.ALTER.NET [152.63.36.25]
   11   146 ms   147 ms   145 ms  POS6-0.GW5.IAD8.ALTER.NET [152.63.36.53]
   12   144 ms   143 ms   145 ms  63.65.187.230
   13   152 ms   144 ms   144 ms  resolver1.opendns.com [208.67.222.222]
  
  Trace complete.
  

• Putting useranmes / passwords in clear in the batchfile does represent some security risk, especially given that some providers have the (rather insecure) practice of basing these on personal details of the customer. However, one has to weigh the benefits, given that stored dialup passwords are already quite easy to retrieve.
• If you edit the batch file using Notepad, don’t forget to put the filename between quotes when saving (ie “dial_conn.bat” instead of dial_conn.bat). Failing to do so will result in an extra .txt extension being appended (ie dial_conn.bat.txt), which will make the run attempts fail.

A final note on how to start this batch file: you can either put in in the Startup group (just make sure that it starts a minimized to reduce the interference with the user). You can also run it from the task scheduler. This has the advantage of starting up even before a user is logged in (if the computer is used by multiple people). Also, it can eliminate the “should this connection be disconnected” prompts when switching between multiple users.

• Resizing partitions with GPartEd is somewhat funky (no global progress bar) and can take some serious time (if you are moving data, it first performs a complete test run, thus taking twice as long as the vanilla operation)
• If you use the XFDISK tool from the FreeDOS CD, you’ll have to restart the system for the installer to continue – this is a limitation of DOS, which can’t dynamically update the list of partitions.
• By default, the FreeDOS installer doesn’t muck around with the MBR – a wise choice, but one which can make you wonder: how do I boot this thing? Read on an you will find out…
• Some memory manager configurations presented in the FreeDOS boot menu will not work – if this is the case, try other ones.

To add FreeDOS to your GRUB menu, do the following:

1. Find out the UUID of the partition you’ve installed FreeDOS on (you coult use the direct addressing, but UUID’s just look more fun :-)). There are several ways presented on the ubuntu forums, from which I like the following the best: ls -la /dev/disk/by-uuid.
2. Open your menu.lst in a text editor: sudo gedit /boot/grub/menu.lst
3. Go to the end of the file after the “### END DEBIAN …” part. That part is overwritten every time a kernel update is installed, so it is wise to avoid it, unless you want to repeat these steps frequently
4. Add the following lines:
   

   title    FreeDOS
   uuid     1abf-24ac
   makeactive
   chainloader +1
   boot
   

5. Some notes: of course you can make the title whatever you want. The UUID must be the UUID of the partition which you’ve determined at step 1. It must be lowercase (otherwise the boot will fail).
6. Save the file and test the new entry by rebooting, entering the GRUB menu (by pressing ESC during the 3 seconds grace time) and choosing the new entry.

PS. You can read the GRUB manual for more commands, however I found it to be a little outdated (for example it doesn’t mention UUID).

To turn it off, you can use compizconfig-settings-manager (found it via the Ubuntu forums). Install this package (if you are in an semi-offline situation, you need one additional dependency that is not installed by default – python-compizconfig), then go to System -> Preferences -> CompizConfig Settings Manager, click on Accesibility and uncheck “Enhanced Zoom Desktop”. Warning! This setting gets reactivated every time you change the level of desktop effects (from Normal to Extra or the other way around), so you need to uncheck it again.

• Download the install kit from their website (warning! there is some upselling going on)
• Install the software
• Done!

Unfortunately there aren’t any options to make the program more silent or transparent to the end-use. It is rather chatty and will always prompt the user about things like detected files or updates. Also, it will show an advert after each update. Now there are ways to disable this, however be aware that you might be breaking the license by using them.

To sum up: Avira is a nice little AV with very good detection rates, however it lacks some configuration options which would make it suitable running it silently (to avoid bothering / confusing users). I would recommend going with one of the other alternatives and a layered security approach.