Revolution of Web: November 2009

Wednesday, November 18, 2009

Windows 7 Virtual Wifi

Windows Virtual Wifi(abbreviated to VWiFi) is a new concept of Microsoft introduced in the version Windows 7.0.

Through this a sigle LAN Card acts as two network adapters.
One acts in STA (short for "station") mode and other acts in AP (Access Point) mode.

This is achieved through the drivers (softwares of Microsoft). Each connection act as a separate layer in the driver. Through this technology each machine will act as a wifi access-point. This facility is not provided in the beta version. In the network connection section “'Wireless Network Connection 2” will be available in Windows 7.

How to configuring the VWifi in the machine

In command prompt type the command in the following format to create a new access point say “APnew”
netsh wlan set hostednetwork mode=allow ssid=APnew key=password
New Access Point can be started directly from control panel

Thanks to Microsoft to share this knowledge
msdn.microsoft.com/en-us/library/dd445708.aspx

Tuesday, November 17, 2009

This article is a heads up to the cloud computing concept introduced in .NET 4.0

"Azure" is project name from Microsoft for Cloud Computing. They are going to introduce this from the upcoming version of .NET Framework 4.0. It might make a dramatic changes in the existing Web applications.

Through Cloud computing Microsoft targets for platform independency in their applications.
That is Each web can communicate to any other servers directly.

Advantages for ASP.NET applications:
Following are the advantages of ASP.NET applications by implementing Cloud computing.

1) Cost cutting - Both the small & large scall organizations can implement this.
2) More storage for Data.
3) Mobilitiy of Data - Data can be moved to any kind of servers(e.g Data can easily moved to Unix based machine from Windows).
4) More advantages on BCP(Disaster recoverty etc) plans

By the implementation of Cloud computing, the Web application will give the same level of performance even the traffic to the site is at the peak.

Disadvantages:

Following jobs will be very hectic by the implementation of Azure.

1) Implementation of session
2) Implementation of authentication
3) System Integration.
4) Migration of existing application

Nesting Gridview in Repeater

Once I have tried to nest Gridview in a Repeater, you might wondering why we require this.

The scenario was like that. Grid view has some limitations. Main thing is we can show the data in columns. But my rquirement was showing the first row as a heading.

As follows

-------------------Heading A category name from a query----------------------
-------------------Details about that category from the same query-----------
-------------------Details about that category from the same query-----------
-------------------Details about that category from the same query-----------
-------------------Details about that category from the same query-----------
-------------------Details about that category from the same query-----------
Slno name description Date
---- ------------ ------------------ -----------------
---- ------------ ------------------ -----------------
---- ------------ ------------------ -----------------
---- ------------ ------------------ -----------------

I hope the above example can give an outline about the scenario. I went for repeater with gridview.

<asp:UpdatePanel ID="updPanel" runat="server" UpdateMode="Always">
<ContentTemplate>
<asp:Repeater ID="rptid" runat="server" OnItemDataBound="rptid_RowDataBound" EnableViewState="false">
<ItemTemplate>
<table cellpadding="0" cellspacing="0" width="90%">
<tr>
<td>

</td>
</tr>
<tr>
<td id="tdid" class="style" align="left" runat="server" title="Click Here to expand/Collapse">
<asp:Label ID="lblCategory" CssClass="Header" runat="server" Text='<%#DataBinder.Eval(Container.DataItem,"CategoryID")%>' EnableViewState="false"></asp:Label>
<asp:HiddenField id="hidCategory" runat="server" value='<%#DataBinder.Eval(Container.DataItem," CategoryID")%>'/>
</td>
</tr>
<tr>
<td>

</td>
</tr>
<tr>
<tr>
<td>
<asp:GridView ID="grdDetails" runat="server" AllowPaging="false" EmptyDataText="No Data Available" SkinID="skinid " EnableViewState="false" Width="100%" style="display:none">
<Columns>
<asp:BoundField DataField="AgreementName" HeaderText=" Award Agreement Name" />
---------------------------Bind Code goes here-------------------------------
---------------------------Bind Code goes here-------------------------------
---------------------------Bind Code goes here-------------------------------
---------------------------Bind Code goes here-------------------------------
---------------------------Bind Code goes here-------------------------------
---------------------------Bind Code goes here-------------------------------
---------------------------Bind Code goes here-------------------------------
---------------------------Bind Code goes here-------------------------------
</Columns>
</asp:GridView>
</td>
</tr>
<tr>
<td>

</td>
</tr>
</ItemTemplate>
</asp:Repeater>

In code behind we need to use gridview from the rowdatabound of repeater itself as shown below.
protected void rptid_RowDataBound(object sender, RepeaterItemEventArgs e)
{
try
{
if (e.Item.ItemType == ListItemType.Item || e.Item.ItemType == ListItemType.AlternatingItem)
{
---------------------------Bind Code goes here-------------------------------
---------------------------Bind Code goes here-------------------------------
GridView grdDetails = (GridView)e.Item.FindControl("grdDetails");
---------------------------Bind Code goes here-------------------------------
}

Main Differences between ASP.NET 3.5 and ASP.NET 4.0

Main Differences between ASP.NET 3.5 and ASP.NET 4.0
As we all know, ASP.NET 3.5 has introduced with the following main new features
1) AJAX integration
2) LINQ
3) Automatic Properties
4) Lambda expressions
I hope it would be useful for everyone to know about the differences about asp.net 3.5 and its next version asp.net 4.0
Because of space consumption I’ll list only some of them here.
1) Client Data access
ASP.NET 3.5: There is no direct method to access data from client side. We can go for any of these methods
1) Pagemethods of script manager
2) ICallbackEventHandler interface
3) XMLHttphanlder component
ASP.NET 4.0: In this framework there is an inbuilt feature for this. Following are the methods to implement them.
• Client data controls
• Client templates
• Client data context
i.e we can access the data through client data view & data context objects from client side.
2) Setting Meta keyword and Meta description
Meta keywords and description are really useful for the search engine listings.
ASP.NET 3.5: It has a feature to add meta as following tag
<meta name="keywords" content="These, are, my, keywords" />
<meta name="description" content="This is the description of my page" />

ASP.NET 4.0: Here we can add the keywords and description in Page directives itself as shown below.
<%@ Page Language="C#" CodeFile="Default.aspx.cs"
Inherits="_Default"
Keywords="Keyword1,Key2,Key3,etc"
Description="description" %>

2) Enableviewstage property for each control
ASP.NET 3.5: this property has two values “True” or “false”
ASP.NET 4.0: ViewStateMode property takes an enumeration that has three values: Enabled, Disabled, and Inherit.
Here inherit is the default value for child controls of a control.
3) Setting Client IDs

Some times ClientID property creates head ach for the programmers.

ASP.NET 3.5: We have to use ClientID property to find out the id which is dynamically generated
ASP.NET 4.0: The new ClientIDMode property is introduced to minimize the issues of earlier versions of ASP.NET.
It has following values.
AutoID – Same as ASP.NET 3.5
Static – There won’t be any separate clientid generated at run time
Predictable-These are used particularly in datacontrols. Format is like clientIDrowsuffix with the clientid vlaue
Inherit- This value specifies that a control's ID generation is the same as its parent.

Thursday, November 12, 2009

Threats to the websites

Following are the threats to a normal website(not a secured one).

1) Excess Privileges & Tampering : If a user gets more permission than required & Modification of resources/WebPages without authorization
2) Spoofing : Using another users credentials to login to the system and modify the contents
3) Backdoors : Use developer created maintenance hooks to logon to the system
4) Information Disclosure : Eg disclosure of users Credit card information

But Don’t feel like there is no solution for these threats.
Following are them.

1) Tampering:

These are very common with less secured sites. You have to cross verify all the security permissions. Most of them can be caught at the time of unit testing itself.

Following are the tips to avoid tampering in the application.
1) Don’t pass any sensitive information through query strings
2) Use encryption for all sensitive data
3) Don’t store any sensitive data in cookies.
4) 4) Check for cookies safety always.( add <httpCookies domain="String" httpOnlyCookies="true" requireSSL="false" /> in config file)
5) the application side vulnerabilities including SQL injection occurs when user input is not filtered for escape characters and is then passed into a SQL statement. This result in the potential manipulation of the statements performed on the database by the end user of the application. Another eg is an anonymous user is allowed to access privileged area in an application which is somehow bypassed while testing the application.
6) Run the application with minimum privileges

2) Spoofing.

Mostly spoofing is happened by the weak passwords. So the application should enforce the user to have a strong password. It should have a certain standard. E.g. 6charactered alphanumerical passwords with extra characters like #, $ * can consider as a strong one. Also alphabets and numeric should be in a combination mode.

3) Backdoors
Backdoors are being developer created holes to bypass the actual authentication and logon to the system easily for maintenance purposes. These vulnerabilities should be closed before making the application online.

4) Backdoors Information Disclosure: Information disclosure can happen in several ways including hacking activity, low application/server security; failure in using encryption for critical data, login information and another big element is humans. Most of the application/server securities issues can be mitigated by applying patches, implementing SSL etc.but the difficult part is humans associated with each project. When they move from one to another company some critical information like passwords/backdoors etc also goes with them. Even though completely removing the risk is impossible some of the things we can do to reduce the risk are: Non Disclosure Agreements when the employee leaving the organization. And Exit interview explaining the consequences of disclosing the information.
Disabling logins and changing all passwords whenever an employee terminate/leave

Things to consider:
1. Consider the security of the application from the initial stages of the project.
2. Testing of the software should include application side vulnerabilities and input text filtering capabilities which cause buffer overflows.
3. Change default passwords and remove unwanted accounts from the application before moving the system to production. Passwords policies should be enforced in the application.
4. Infra team should take care of server vulnerabilities. Update patches and antivirus patterns on a regular basis. Lock down files, directories, and other resources. The application should also run with minimum privileges
5. The application administrator should be careful about giving privileges to each user.
6. Implement SSL for critical data and passing credentials.
7. Limiting the application access by predefining IP Address or number of allowed connections at web server level.
8. Let the developers provide the installation docs to the Server admin team and let them deploy the application on the production server.
9. Periodic evaluation of security in all servers and applications.
10. Sign Non Disclosure Agreement when the employee leaving the organization.
11. Exit interview explaining the consequences of disclosing the information.
12. Disabling logins and changing all passwords whenever an employee terminate/leave

Connect to a MSSQL(SqlServer)

Even though LAMP is the most familiar compination we can try with other databases too in PHP. Here is a sample for connecting to SQLServer from PHP.

<?php
$myServer = "ServerName";
$myUser = "UserName";
$myPass = "Password";
$myDB = "DBName";

$dbhandle = mssql_connect($myServer, $myUser, $myPass) or die("Connection Failed");
$selected = mssql_select_db($myDB, $dbhandle) or die("Couldn't open the db");
$query = "SELECT postid, postname, time";
$query .= "FROM Revolution-of-web";
$query .= "WHERE label='PHP'";

$result = mssql_query($query);

$numRows = mssql_num_rows($result);
echo "<h1>" . $numRows . " Row" . ($numRows == 1 ? "" : "s") . " Returned </h1>";

while($row = mssql_fetch_array($result))
{
echo "<li>" . $row["postid"] . $row["postname"] . $row["time"] . "</li>";
}
mssql_close($dbhandle);
?>

Sending mails by PHP.

Most of the time people are struggling with mailing concept of PHP.
Here is an example to achieve this.

<form action="sendmail.php3" method="POST">
<input type="text" size="22" name="subject" value="MailContent">

< form action="sendmail.php3" method="POST">
< input type="text" size="22" name="subject" value="MailContent">

<?
$to = "Senderemail@revolution-of-web.blogspot.com";
$from_header = "From: $from";
if($contents != "")
{
mail($to, $subject, $contents, $from_header);
header("Location: $HTTP_REFERER");
}
else
{
print("<HTML><BODY>Error, no comments were submitted!");
print("</BODY></HTML>");
}
?>

Here header("Location: $HTTP_REFERER"); will redirect back to the same url that visitor has came from.

It can be modified, incase if you wish to show any other url as follows.

header("Location: mailsucceed.html");

Sending HTML Email: Content-Type: text/html needs to be mentioned in case if you require to send a html email.

AJAX handler for your application

We can have our own AJAX handler javascripts in our application.
Following are the steps to achieve them.

First create a callback object
this.XmlHttp;
var method = 'GET';
function CallBackObject()
{
this.XmlHttp = this.GetHttpObject();
}
CallBackObject.prototype.GetHttpObject = function()
{
var xmlhttp;

try
{
if ( window.XMLHttpRequest )
{
xmlhttp = new XMLHttpRequest();
}
else if ( window.ActiveXObject )
{
try
{
xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
}catch (e)
{
try
{
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
}catch (e2)
{
xmlhttp = false;
}
}
}
}catch (e)
{
xmlhttp = false;
}

return xmlhttp;
}

Next step is creating a function which will send details to the server
Here eventTarget is the control raised ajax post back event and eventArgument is the argument to be passed with the data. data is the url query string and loadviewstate is a boolean denotes if need to send viewstate also.
Mirrorpage is alos a boolean if it is true all the values in the form will be send to the server

CallBackObject.prototype.DoCallBack = function(eventTarget, eventArgument, data, loadviewstate, mirrorpage)
{

var theData = data;
var theform = document.forms[0];
var thePage = window.location.pathname + window.location.search;
var myDateTime = new Date()

if(window.location.search == "")
thePage = thePage + "?tm=" + myDateTime.getMilliseconds();
else
thePage = thePage + "&tm=" + myDateTime.getMilliseconds();
var eName = '';
theData += '__EVENTTARGET=' + escape(eventTarget.split("$").join(":")) + '&';
theData += '__EVENTARGUMENT=' + eventArgument + '&';
if( loadviewstate == true )
{
theData += '__VIEWSTATE=' + escape(theform.__VIEWSTATE.value).replace(new RegExp('\\+', 'g'), '%2b') + '&';
}
theData += 'IsCallBack=true&';
if( mirrorpage == true )
{
for( var i=0; i<theform.elements.length; i++ )
{
eName = theform.elements[i].name;
if( eName && eName != '')
{
if( eName == '__EVENTTARGET' || eName == '__EVENTARGUMENT' || eName == '__VIEWSTATE' )
{
// Do Nothing
}
else
{
theData = theData + escape(eName.split("$").join(":")) + '=' + theform.elements[i].value;
if( i != theform.elements.length - 1 )
theData = theData + '&';
}
}
}
}
if(method.toUpperCase() == 'GET')
{

thePage += ((thePage.indexOf('?') == -1)?'?':'&') + theData;
}
else if(method.toUpperCase() == 'POST')
{
postData = postData?this._sFormData + "&" + postData:this._sFormData;
}

if( this.XmlHttp )
{
if( this.XmlHttp.readyState == 4 || this.XmlHttp.readyState == 0 )
{

try
{
var oThis = this;
this.XmlHttp.open(method, thePage, true);
this.XmlHttp.onreadystatechange = function(){ oThis.ReadyStateChange(); };
this.XmlHttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
this.XmlHttp.send(theData);
}
catch(err)
{

}
}}}
CallBackObject.prototype.AbortCallBack = function()
{
if( this.XmlHttp )
this.XmlHttp.abort();
}
// Loading
CallBackObject.prototype.OnLoading = function(){}
// Loaded
CallBackObject.prototype.OnLoaded = function(){}
// Interactive
CallBackObject.prototype.OnInteractive = function(){}
// Complete
CallBackObject.prototype.OnComplete = function(responseText, responseXml)
{

}
// Abort
CallBackObject.prototype.OnAbort = function(){}
// Error
CallBackObject.prototype.OnError = function(status, statusText){}

CallBackObject.prototype.ReadyStateChange = function()
{
if( this.XmlHttp.readyState == 1 )
{
this.OnLoading();
}
else if( this.XmlHttp.readyState == 2 )
{
this.OnLoaded();
}
else if( this.XmlHttp.readyState == 3 )
{
this.OnInteractive();
}
else if( this.XmlHttp.readyState == 4 )
{

if( this.XmlHttp.status == 0 )
this.OnAbort();

else if( this.XmlHttp.status == 200 && this.XmlHttp.statusText == "OK" )
this.OnComplete(this.XmlHttp.responseText, this.XmlHttp.responseXML);
else
this.OnError(this.XmlHttp.status, this.XmlHttp.statusText, this.XmlHttp.responseText);
this.XmlHttp.close;

}
}

Download a file

While working with a scenario, I came across a situation to make the users to download a file. To download a file we can have the following code

try
{
string[] file = anrDownloadPdf.HRef.ToString().Split(Convert.ToChar("/"));

string strUpdPath = System.Configuration.ConfigurationManager.AppSettings["FileUploadPath"];
if (File.Exists(Server.MapPath(strUpdPath + file[file.GetUpperBound(0)])))
{

Response.ContentType = "Application/pdf";
Response.AddHeader("Content-Disposition", "attachment; filename=application.pdf");
Response.TransmitFile(anrDownloadPdf.HRef);

// Response.End(); Don’t use Respons.End here since itcan have the thread abortion exception
HttpContext.Current.ApplicationInstance.CompleteRequest();
}
}
catch (Exception ex)
{

}

Multiple selection in listbox

Most of the people find difficulty to save multiple data into database while selecting a listbox.
That’s possible by implementing the following method.

For example in an application there are several languages to be selected. The user can select any number of language from the list box.

We can add them into an collection called objColl

List<LanguageInfo> objColl = new List<LanguageInfo>();
for (int intCount = 0; intCount < lstLanguages.Items.Count; intCount++)
{
LanguageInfo objLanguages = new LanguageInfo();
if (lstLanguages.Items[intCount].Selected == true)
{
objLanguages.LanguageID = Convert.ToInt32(lstLanguages.Items[intCount].Value);
objColl.Add(objLanguages);
}
}

The next thing we can do is, we can append a comma to each languageid
IEnumerator<LanguageInfo> ILanguages = Languages.GetEnumerator();
while (ILanguages.MoveNext())
{
sbLanguages.Append(((LanguageInfo)ILanguages.Current).LanguageID.ToString());
sbLanguages.Append(",");
}
(Here Languages is the list that we passed to update in database)
In back-end just have a split method to split the data by comma. And it can be updated to the database.
CREATE function [dbo].[fn_Split](
@Languages nvarchar (1000),
@CustomerId int,
@Delimiter nvarchar (10)
)
returns @ValueTable table ([LanguageID] INT, [ProgramInfoId] INT)
begin
declare @NextString nvarchar(4000)
declare @Pos int
declare @NextPos int
declare @CommaCheck nvarchar(1)

set @NextString = ''
set @CommaCheck = right(@Languages,1)

set @Languages = @Languages + @Delimiter

set @Pos = charindex(@Delimiter,@Languages)
set @NextPos = 1

while (@pos <> 0)
begin
set @NextString = substring(@Languages,1,@Pos - 1)

insert into @ValueTable ( [LanguageID], [CustomerId]) Values (@CustomerId, @NextString)

set @Languages = substring(@Languages,@pos +1,len(@Languages))

set @NextPos = @Pos
set @pos = charindex(@Delimiter,@Languages)
end

return
end

Read files through Javascript

I Came across a scenario, i.e, as follows

1) An ASP.Net application is configured in a server.
2) I need to open a file from client side in a text area(the file can be any type)
3) I can modify it
4) I need to save the modifications in the same path of client

Here we can’t open the file in Fileupload control, since it uploads the file to the server location. The modified file can’t be save in the clients location.
So, I went for Javascript. I just copy a code for illustration

<form id="form1" runat="server">
<div>
<input type=text id="txtFile" /><input type="button" id="btnSub" value="Open" onclick="ReadFiles();" />
</p>
<textarea id="txtFileData" name="S1"></textarea></div>
</form>

<script>
function ReadFiles()
{
var txt=document.getElementById('txtFile').value;
var fso, f1, ts, s;
var ForReading = 1;
fso = new ActiveXObject("Scripting.FileSystemObject");
ts = fso.OpenTextFile(txt, ForReading);
s = ts.ReadLine();
while(!ts.AtEndOfStream)
{
s=s + ts.ReadLine();
}

document.getElementById('txtFileData').value=s;
ts.Close();
}

</script>

But here the Browser settings should enable the activeX objects.

Thread abort exception

While working with an asp.net application, I came across a ThreadAbort Exception at Response.End statement.

Cause of this issue is:

The Response.End method ends the page execution and shifts the execution to the Application_End Request event in the application's event pipeline. The line of code that follows Response.End is not executed.

Same issue occurs in Response.Redirect & Server.Transfer (Since Response.End is called internally for these methods).

Remedies provided by microsoft are as follows.

1) Use HttpContext.Current.ApplicationInstance.CompleteRequest method instead of Response.End to bypass the code execution to the Application_End Request event.

2) For Response.Redirect, use an overload, Response.Redirect(String url, bool endResponse) that passes false for the endResponse parameter to suppress the internal call to Response.End.
Example
Code:

Response.Redirect ("Default.aspx", false);

3) Use Server.Execute method instead of Server.Transfer

Lessons Learned

1)Always use the overloaded method of Response.Redirect and use false for end response
2)Use HttpContext.Current.ApplicationInstance.CompleteRequest instead of Respons.End
3)Use Server.Execute method instead of Server.Transfer

Tips to improve performance for an asp.net application

1) Use Connection Pooling and Object Pooling
2) Turn off Tracing unless until required
3) Turn off Session State, if not required
4) Disable View State of a Page if possible
5) Set debug=false in web.config
6) Avoid Response.Redirect as many places
7) Use the String builder to concatenate string
8) Avoid throwing exceptions
9) Use Finally Method to kill resources
10) Use Client Side Scripts for validations
11) Avoid unnecessary round trips to the server
12) Use Gzip Compression
13) Use Page Output Caching and Proxy Servers
14) Use Per-Request Caching
15) Use Page.ISPostBack
16) Include Return Statements with in the Function/Method
17) Use Foreach loop instead of For loop for String Iteration
18) Include Return Statements with in the Function/Method
19) Avoid Unnecessary Indirection
20) Use "ArrayLists" in place of arrays
21) Always check Page.IsValid when using Validator Controls
22) Use custom Paging
23) Store your content by using caching
24) Use low cost authentication
25) Minimize the number of web server controls
26) Avoid using unmanaged code
27) Return Multiple Resultsets
28) Avoid making frequent calls across processes
29) Cleaning Up Style Sheets and Script Files
30) Design with ValueTypes
31) Minimize assemblies
32) Encode Using ASCII When You Don't Need UTF
33) Avoid Recursive Functions / Nested Loops
34) Minimize the Use of Format ()
35) Place StyleSheets into the Header
36) Put Scripts to the end of Document
37) Make JavaScript and CSS External
38) Use DataReader instead of Dataset
39) Make Enableviewstate property as false for the components(particularly for heavy items like datagrid, datalist etc) if it is not necessary.
40) Use xmlhttprequest object or scriptmanager to minimize post backs.

Cookies safety

Cookies can be accessed from the client side using document.cookie. The information can be tampered by this. In order to avoid misusing this security features Microsoft came up with a solution.

A tag in the web.config file as follows will disable this.

<httpCookies domain="String" httpOnlyCookies="true" requireSSL="false" />

This will limit the attackers to gain access to this sensitive information through Cross Site Scripting (XSS) attacks

Monday, November 9, 2009

Best anti viruses as of 2010

1. Shield Deluxe
Price: $19.99
Description:
The best part of using Security Shield 2010 is the fact that is powered by BitDefender. This antivirus company protects tens of millions of home and corporate users across the globe. The Shield Deluxe 2010 will protect your PC and personal data from theft, making it worth considering.
Advanced Features:
Total virus and spyware protection
Free technical support
Intelligent scanning
Real time threat detection
Hourly updates, Vista compatible
Decides best security actions to take
Stealth web browsing Excellent extended parental controlsUses and minimal system resources
Monitors the activity of programs and processes that have been launched in the computer’s memory.
Controls over changes in the file system. Proactive protection.
Removes spyware parasites to protect your privacy and prevent system crashes and slow-downs.
Protection from rootkits and worms.
Blocks access to inappropriate websites and e-mail.
Reduces the system load and postpones updates, allowing for secure gaming at top speed.
Scans all Web, e-mail and instant messaging traffic in real-time.
Advanced system maintenance tools.

2. Trend Micro Antivirus Internet Security 2010
Price: $39.95
Description:
Trend Micro AntiVirus plus AntiSpyware 2010 provides comprehensive and easy to use protection from viruses, intruders, and other Internet-based threats. Inexpensive product received excellent scores in our performance tests.
Advanced Features:
· Effective Antivirus Protection
· Customizable security for your home PCs
· Prevents virus-infected emails
· Home Protection for up to 3 PCs
· Spyware and Adware Protection
· Automatic Virus Pattern Updates
· Enhanced Software History Cleaner
· Effective Antivirus Protection
· Excellent value
· Free phone, email and chat support, with your annual subscription.
· Block websites with inappropriate content based on specific categories.
· Protect your privacy by getting rid of records listing Web sites and files recently opened.
· Stops viruses, worms, spyware and bots.
· Automatically download the latest signature updates. Quarantined file recovery.
· Real-time protection. You can run scheduled and manual scans.
· Keeps your system protected against all types of malicious threats.
· Remote File Lock safeguards your private files in case your laptop is lost or stolen.

3. Norton Antivirus 2010
Price: $39.99
Description:
Norton AntiVirus 2010 provides fast, responsive defense against all types of malicious software. The new Norton Protection System employs a multilayered set of security technologies that work in concert to detect, identify, and block attacks.
Advanced Features:
· Advanced antivirus with anti-spyware and Secures, stores and manages login and personal information
· Automatically saves important files locally or to secured online storage
· Maps your wireless home network
· Free chat and phone support.
· Monitor your home network and more safely connect to Wi-fi networks.
· AutoFix technology will diagnose and fix common problems for you.
· Automatically schedules scans and updates to occur while PC is idle.
· Blocks browser exploits and protects against infected Web sites.
· Prevents unauthorized users from changing your critical applications.
· Monitors all processes and registry changes.
· New Norton Internet Worm Protection blocks certain more sophisticated worms (such as Blaster and Sasser) before they enter your computer.
· Best proactive protection
· Rapid pulse updates every 5 to 15 minutes
· Rootkit detection, two way firewall
· Defends against Web-based attacks and Automatic Virus Pattern Updates

4. Panda Antivirus Pro 2010
Price: $49.95

Description:
Panda Antivirus features a new ultraFast scan engine, 30% faster than its predecessors, Panda's exclusive SmartClean technology. In a nutshell, a good antivirus solution for Windows, that keeps your computer protected from any Internet threats.
Advanced Features:
· Automatically eliminates viruses
· Anti-Malware Engine
· On-demand scanning
· Smart auto-configuration
· Automatic Virus Pattern Updates
· Intrusion prevention blocks known and unknown hacker attacks and vulnerability.
· Identity protection: Anti-Phishing Filter, Anti-Banking Trojans Engine.
· Incorporates an advanced heuristic scan that detects more identity theft.
· Identity protection: Anti-Phishing Filter, Anti-Banking Trojans Engine.
· Personal Firewall protects you against Internet-borne worms and hacker attacks.
· Removes all traces of clutter left by spyware on your PC.

5. ZoneAlarm Anti-virus 2010
Price: $19.95
Description:
New engine delivers the best virus protection with significantly enhanced detection and removal capabilities. A configuration wizard leads you through setup, making it easy for everyday users to secure their systems fast.

Advanced Features:

Wireless PC Protection: it sets appropriate security.
Pre-loaded security settings provide easy, instant virus protection.
Minimum PC resources and bandwidth consumption.
Proactive firewall protection with multiple layers of security.
Compatible with Windows 7
Advanced antivirus, spyware removal protection
On demand scanner interface
Simple to install and run
Advanced virus removal technology

6. ESET NOD32 Antivirus T NOD32 Antivirs
Price: $39.99
Description:
ESET NOD32 Antivirus proactively detects and disables viruses, trojans, worms, adware, spyware, phishing, rootkits. It includes advanced archive scanning, access control for removable media.
Advanced Features:

Blocks all attempts to collect and forward your confidential data.
Best protection against zero-day threat and attacks.
Small size of update files, fast scanning speed and accurate detection .
Offers several layers of protection including real time email scanning.
Uses a combination of filtration methods
Identifies known and unknown threats
System restore

7. Kaspersky Anti-Virus 2010
Price: $39.95
Description:
Kaspersky Anti-Virus protects your computer against known and unknown threats, and against unwanted data. Besides, it monitors system activities by user applications, preventing any dangerous actions by applications.
Advanced Features:

E-Mail IMAP and NNTP protocol checking support
Built-in system restore capabilities included
You can e-mail or call a toll-free number for live technical support
Users can change interface appearance
New threat response time: less than 2 hours
Heuristic analyzer
Self-protection from malware
Free Trial
Scans files and Internet traffic
Updates automatically

Sunday, November 8, 2009

Sanbox search is refined and instant

Google has modified their search alogrithm with instant speed and more accuracy.

The redundant data is null in the new search algorithm. Which is on production now. I'm using the new one. Which is really helpful for me to search many things instantly.

http://www2.sandbox.google.com/

The graphical part is as same..

Friday, November 6, 2009

One of the stunning errors you may get while trying to run the .net application:Quote:
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Access is denied: 'MyWebApp'.

Source Error:

Line 198:

As you can see the debug information is quite unclear and it would leave no trace of idea as to where the problem is.

The actual problem is because of the Microsoft Indexing Services which scans the Temporary ASP.NET Files and while doing so, the system puts a lock on the same.

To resolve this, the following steps need to be carried out:-

Start - Settings - Control Panel - Administrative Tools - Computer mangement.

Expand the services and applications node and select the Indexing service node.

Expand the Indexing Service Node and then select and expand the System Node.

Right click on Directories and select new directory. browse the path to the temporary asp.net files c:\winnt\microsoft.net\framework\v1.1.4322\.

Select the temporary asp.net files. give ok and then select the "NO" in the Include in index radiobutton.

give ok and then stop and start the indexing service.

Google History by Timeline --- Awesome

Google is still unbeaten. Every one who uses Google gets inspired by them.

Kindly check their Growth history by years

Click here

ASP.NET 3.5 JavaScript Intellisense hotfix

Microsoft has released a hot fix for JavaScript IntelliSense in Visual Studio.

The fix can be applied on VS.NET 2008 with SP1.

All we need to do is copy the JavaScript doc (in XML documentation format as used in standard C# documentation), with "-vsdoc.js" appended to the JScript file name, in the same source folder.

Also, we can use the intellisense in an external JavaScript file, by specifying the configuration line on top of our JavaScript file.
Code:
///
May be we can use the same to create our custom well documented JScript library..

Definitely a productivity improvement tool for ASP.NET developers..

References:

VS 2008 JavaScript Intellisense @ ScottGu's Blog

Visual Studio patched for better jQuery IntelliSense

IntelliSense flavor for Visual Studio 2008 JavaScript files @ Microsoft Help and Support

JQuery IntelliSense in Visual Studio 2008

The format for JavaScript doc comments

HttpCompression

Through HTTP compression a web application performance will increase tremendously
(depending on the browser support).
In PHP / ColdFusion this is built in and can be done using popular plug-in like Combine and Minify.
In ASP.NET this can be achieved by either configuring the IIS, or modifying the Global.asax file. There is an online tool available to check the compressionClick here online tool
Rate of compression is more means faster response, less bandwidth, and a more satisfied end-user!! But take care while using this in AJAX application. Better don’t go for it.

void Application_PreRequestHandlerExecute(object sender, EventArgs e)
{
HttpApplication app = sender as HttpApplication;
string acceptEncoding = app.Request.Headers["Accept-Encoding"];
Stream prevUncompressedStream = app.Response.Filter;
if (!(app.Context.CurrentHandler is Page app.Context.CurrentHandler.GetType().Name == "SyncSessionlessHandler")
app.Request["HTTP_X_MICROSOFTAJAX"] != null)
return;
if (acceptEncoding == null acceptEncoding.Length == 0)
return;
acceptEncoding = acceptEncoding.ToLower();
if (acceptEncoding.Contains("deflate") acceptEncoding == "*")
{
// defalte
app.Response.Filter = new DeflateStream(prevUncompressedStream,
CompressionMode.Compress);
app.Response.AppendHeader("Content-Encoding", "deflate");
} else if (acceptEncoding.Contains("gzip"))
{
// gzip
app.Response.Filter = new GZipStream(prevUncompressedStream,
CompressionMode.Compress);
app.Response.AppendHeader("Content-Encoding", "gzip");
}
}

We have two compression methods. They are Deflate and GZIP. They are using the name space System.IO.Compression

Web 2.0 drawbacks

As per the Secure Enterprise 2.0 Forum following are the most vulnerable things for Web2.0
1) Information Leakage
Web 2.0 combined with our "work-from-anywhere" lifestyle has begun to blur the lines between work and private life. Because of this psychological shift, people may inadvertently share information their employer would have considered sensitive. Even if individuals aren't sharing the equivalent of trade secrets, the accumulation of the small "non-sensitive" items they share can allow a business's competitors to gain intelligence about what's going on and being worked on at that company.

2) Phishing Although phishing isn't just a risk associated with Web 2.0 technologies by any means, the multitude of dissimilar client software in use makes it harder for consumers to distinguish between the genuine and the fake web sites. That enables more effective phishing attacks.

3) Cross Site Scripting (XSS) In a stored cross site scripting (XSS) vulnerability, malicious input sent by an attacker is stored in the system then displayed to other users. Systems that allow users to input formatted content - like HTML for example - are especially susceptible to this attack. At risk are blogs, social networks, and wikis. An example of this attack from last year was the Yahoo HotJobs XSS vulnerability exploit, where hackers used JavaScript to steal session cookies of victims. Last year and in previous years, XSS worms were also to blame for attacks on Orkut, MySpace etc.

4) Cross Site Request Forgery (CSRF) In CSRFs, victim visit what appear to be innocent-looking web sites, but which contain malicious code which generates requests to a different site instead. Due to heavy use of AJAX, Web 2.0 applications are potentially more vulnerable to this type of attack. In legacy apps, most user-generated requests produced a visual effect on the screen, making CSRF easier to spot. Web 2.0 systems' lack of visual feedback make this attack less apparent. A recent example of a CSRF involved a vulnerability in Twitter in which site owners could get the Twitter profiles of their visitors.
5) Insufficient Authentication Controls
In many Web 2.0 applications, content is trusted in the hands of many users, not just a select number of authorized personnel. That means there's a greater chance that a less-experienced user will make a change that will negatively affect the overall system. This change in a system's design can also be exploited by hackers who now have access to a greater number of "administrative" accounts whose passwords can often be easily cracked if the correct security controls are not in place. The systems also may have insufficient brute-force controls, permit clear text passwords, or have been tied together in a single-sign-on environment, making an attack that much riskier.
6)
7) Injection Flaws Web 2.0 technologies tend to be vulnerable to new types of injection attacks including XML injection, XPath injection, JavaScript injection, and JSON injection for no other reason beyond the fact that the Web 2.0 applications tend to use and rely on those technologies. With increased use, comes increased risk. In addition, because Web 2.0 apps often rely on client side code, they more often perform some client-side input validation which an attacker can bypass.
8) Information Integrity Data integrity is one of the key elements of data security. Although a hack could lead to loss of integrity, so can unintentional misinformation. A great example of this in the public arena is a mistaken edit on Wikipedia which is then accepted as fact by many of the site's visitors. In a business environment, having systems open to many users allows a malicious or mistaken user or users to post and publish inaccurate information which destroys the integrity of the data.
9) Insufficient Anti-automation Programmatic interfaces of Web 2.0 applications let hackers automate attacks easier. In addition to brute force and CSRF attacks, other examples include the automated retrieval of a large amount of information and the automated opening of accounts. Anti-automation mechanisms like Captchas can help slow down or thwart these types of attacks.