REMnux: A Linux Distribution for Reverse-Engineering Malware

REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.

About REMnux
REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that's listening on the appropriate ports.

REMnux is also useful for analyzing web-based malware, such as malicious JavaScript, Java programs, and Flash files. It also has tools for analyzing malicious documents, such as Microsoft Office and Adobe PDF files, and utilities for reversing malware through memory forensics. In these cases, malware may be loaded onto REMnux and analyzed directly on the REMnux system without requiring other systems to be present in the lab.

You can learn about malware analysis techniques that make use of the tools installed and pre-configured on REMnux by taking my course on Reverse-Engineering Malware (REM) at SANS Institute.
Originally released in 2010, REMnux has been updated to version 2 in 2011.

Downloading REMnux

You can download the REMnux distribution as a VMware virtual appliance archive and also as an ISO image of a Live CD. MD5 has values of the latest files are:

• VMware virtual appliance archive: remnux-vm-public-2.0.zip (MD5 hash A9AD4B6F85E89A5E20A5FB1E8E18A49A).
• ISO image of a Live CD: remnux-public-2.0-live-cd.iso (MD5 hash CD30284948A1160C2ADD6FD07D4349FA).

How to recover a Hacked or Compromised Gmail Account?~Security Tips

Now a days, hacking gmail account is increasing.  Most of people doesn't know how to be secure(because they doesn't visit BreakTheSecurity).  So please refer our website to your friends as Security tips Blog. Ok let me come to the point.  In this article, i will explain how to recover your hacked or compromised gmail accounts.

First of all verify yourself whether your entering the correct password. Also check whether the caps lock is turned on.

How to Recover Your Gmail Account?

If you believe your account is hacked, then visit click the Can't access your account? link below the signin button in gmail.

Enter the Email address . it might ask for CAPTCHA ,fill it and continue.

option 1: If you have secondary email address, select secondary mail and ask to send the password to your secondary mail address.

option 2:  Answer to your security question and change the password

option 3: if you have added mobile number in your account. then you can recover through mobile.

Contact Gmail:
If the above option doesn't work for you? then you have to contact the gmail.


Visit
https://www.google.com/support/accounts/bin/request.py?ara=1

It will ask whether the password recovery option worked or not. Click "No" button.  It will ask you to enter the information about your email account.  Fill everything. They will ask to enter the email to contact you, enter the alternative email address that you have.(if that also hacked, then create new account and enter it).

Submit the form.
They will contact you soon.

FAQ About Account Recovery

Q. Why can't I tell someone private information about my account that they could look up to verify my claim?
A. Account privacy rules are very strict within Google, and allowing employees to look at the contents of an account would be a serious breach of privacy.

Q. Why isn't there a comments section on the Account Recovery Form where I could add additional information to prove my claim?
A. Like above, it would be a violation of account privacy for an employee to look in the account to verify any additional information supplied.

Q. Why can't I simply talk to somebody about this?
A. Unfortunately, Google does not offer live support for the free Gmail product (see: http://mail.google.com/support/bin/request.py?contact_type=contact_policy). You must use the recovery methods provided.

Q. Why can't Google lock the account to protect it from any more damage or outgoing spam.
A. They will lock an account that the detection system identifies as being compromised and sending out spam. But again, privacy concerns would prevent them from simply locking an account because someone claims it's theirs and is compromised. In addition, since there is no live support, there is no one to even make such a request to.

Q. I had a really long password of random strings that would be impossible to guess. How was my account compromised?
A. Google (as most e-mail providers) have blocks to prevent trying lots of passwords to guess the correct one (brute-force attacks). Most accounts are compromised by harvesting passwords other ways. While a secure password is important, it's only one in a long list of things needed to keep any online account secure.

Q. But I'm very careful with my password. I don't give it to anyone except an official request from Gmail.
A. Unfortunately if you provided your password in response to any e-mail (even claiming to be from Google/Gmail) then your password was harvested by phishing. It's very common, and can trick even the most careful people.

Q. My contacts were deleted by the hacker, how do I recover them?
A. Deleted contacts can now be restored to any point in the last thirty-days: http://mail.google.com/support/bin/answer.py?hl=en&answer=1069522

Q. My e-mail history was deleted by the hacker, how do I recover it?
A. Have you looked in All Mail and Trash for the missing information? Have you used Search to try and find it? Unfortunately, messages deleted from Trash or Spam can not be recovered. If you would like to request Google attempt to recovery messages deleted by a hacker, see: http://mail.google.com/support/bin/answer.py?hl=en&answer=8256

Q. My account was deleted by the hacker, can I recover it?
A. The Account Recovery Form can sometimes restore a recently deleted account. That is your only option in this case.

Q. I don't care about the account, can I just get the e-mail history or the contacts from it.
A. Unfortunately, you have to be able to access the account in order to transfer any information out of it. This means you need to try and recover the account.

Q. I don’t care about the contents, I just need the e-mail address back because I have other things linked to that address.
A. Account names are never re-used, so you can’t re-create the account. So to get the name back you will have to try and recover the account.

Q. Can I find out who did this? Can anyone prosecute them?
A. About the only information you have available is the list of the last 10 IPs to access your account (see the Details link below the Inbox). But given how easy it is to fake IPs, and how inaccurate they are, it's unlikely that more than a general location can be determined. In general, law enforcement is not interested in a simple compromised account, and Google is not a law enforcement agency. Bottom line is: one's energy is better spent on recovery and re-securing the account.

Q. Isn't what the person did illegal? Can I sue them or get them arrested?
A. Any legal questions should be asked of local law enforcement or an attorney. Google is neither of those and can not advise you on any actions.

Q. Can I find out what they did in my account while they had access.
A. There are no account activity logs available, so you can’t find out for sure. If there is spam in your Sent Mail, they you know they used the account for that. But there’s no way to know if or what messages they may have looked at, so take appropriate precautions.

Q. How was my account compromised?
A. There are many ways passwords can be harvested and account compromised, but the most common ones include:

• Using the same password on multiple web-sites. A less secure site is hacked and they get the user database (e-mail and password) and then just try them all. If the person did not use a unique password, the hacker gains access to the e-mail account.
• Phishing e-mails that ask for account information or direct you to a phishing web-site. Don't dismiss this because the messages are a lot more convincing that you would imagine, often using text copied from actual Google e-mails or on-line forms.
• Use of a computer that is infected with a key-logger or other malware (most common for public computers like at a school or library) which records your login information.

When you reclaim Your Account:

Begin by scrolling to the bottom of your Gmail page and see if there are any other sessions signed into your account ("This account is open in 1 other location"). Then click the word "Details" where it says "Last account activity" and then "Sign out all other sessions". Now change your password to anything reasonable but without worrying too much about how secure because you are going to change it again. Next check all the following items and verify that they are set correctly.

Note: in the following “Settings” means “Mail settings” as found under the Gear icon in the upper/right of the Gmail window. If you still have the old layout, then “Settings” will be one of the choices along the top. If you have the older “Settings” link, some of the paths below will be slightly different.


Account Security:

• Settings -> Accounts and Import -> Change Account Settings -> Change Password [pick a new secure password]
• Settings -> Accounts and Import -> Change Account Settings -> Change password recovery options [verify secret question, SMS and recovery e-mail address]
• Settings -> Accounts and Import -> Change Account Settings -> Other Google account settings -> Email Address -> Edit [verify your name and other settings]
• Settings -> Accounts and Import -> Change Account Settings -> Other Google account settings -> Authorizing applications & sites [revoke Access to any sites listed]
• Settings -> Accounts and Import -> Change Account Settings -> Other Google account settings -> Using 2-step verification [enable 2-step verification]

Potential Spam:

• Settings -> General -> Signature [make sure nothing as been added]
• Settings -> General -> Vacation Responder [make sure it's disabled and empty]

E-mail Theft

• Settings -> Forwarding and POP/IMAP -> POP Download [disabled]
• Settings -> Forwarding and POP/IMAP -> IMAP Access [disabled]
• Settings -> Forwarding and POP/IMAP -> Forwarding [disabled or correct address]
• Settings -> Filters [no filters that forward or delete e-mail]
• Settings -> Accounts and Import -> Send Mail As [make sure it is using your correct e-mail address, delete any unrecognized entries]

TrueCrypt ~ Protect your files/folders with Encrypted Passwords

Do you store your accounts id ,password or any other confidential info in plain text?  If you say yes, You must read this article.

Risks of Storing confidential data in Plain Text:

1.  Your friends or any other who has access to your pc are able to view your confidential data.  Because it is in  simple text.
2. Malwares/spywares are able to send the data file from your pc to Attackers system.  This time your data are really in risk.
3. If you have any confidential files(Eg: important company projects) without passwords , others may get access to your pc and steal the information.

So Here i am going to introduce a new Security Tools known as TrueCrypt(Best and my favorite tool).

What is TrueCrypt?

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc)

More info about TrueCrypt:

Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations).

Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM.

Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for TrueCrypt.

Let's suppose that there is an .avi video file stored on a TrueCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the TrueCrypt volume. When the user double clicks the icon of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, TrueCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading another small portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types (not only for video files).

Note that TrueCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfile).

Main Features:

• Creates a virtual encrypted disk within a file and mounts it as a real disk.
• Encrypts an entire partition or storage device such as USB flash drive or hard drive.
• Encrypts a partition or drive where Windows is installed (pre-boot authentication).
• Encryption is automatic, real-time (on-the-fly) and transparent.
• Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
• Encryption can be hardware-accelerated on modern processors.
• Provides plausible deniability, in case an adversary forces you to reveal the password:  Hidden volume (steganography) and hidden operating system. 

Advanced Tabnabbing -Phishing Attack simplified

What is Tabnabbing ? 

Tabnabbing is Phishing attack that simplifies the phishing.The attack's name was coined in early 2010 by Aza Raskin, a security researcher and design expert.  This will reload the inactive tabs with fake page .

How The Attack Works ?

• A user navigates to your normal looking site.
• A malicious code detect when the page has lost its focus and hasn’t been interacted with for a while.
• Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.
• As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.
• After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.

Targeted Attacks:
Using my CSS history miner you can detect which site a visitor uses and then attack that site (although this is no longer possible in Firefox betas). For example, you can detect if a visitor is a Facebook user, Citibank user, Twitter user, etc., and then switch the page to the appropriate login screen and favicon on demand.

Even more deviously, there are various methods to know whether a user is currently logged into a service. These methods range from timing attacks on image loads, to seeing where errors occur when you load an HTML webpage in a script tag*. Once you know what services a user is currently logged in to, the attack becomes even more effective.

You can make this attack even more effective by changing the copy: Instead of having just a login screen, you can mention that the session has timed out and the user needs to re-authenticate. This happens often on bank websites, which makes them even more susceptible to this kind of attack.

You can get this code from here:
http://www.azarask.in/projects/bgattack.js

How to protect yourself from this hack?

• You can use a safe browser that uses anti-javascript plugins (Firefox with noscript). Note: Advanced Tabnabbing will work even javascript is not enabled. 
• Check the url in the address bar.
• If you got link in emails, enter the url in address bar instead of clickin it.
• You can use some Anit Phishing add ons like(Don't Phish me,Netcraft,FirePhish) .

Bikini-clad women and photo tags | Facebook scammers

I have explained about Facebook scamming in my previous posts.  Still people believe that "Facebook will provide Facebook visitors tracker".  If you believe also, please read this article.  This is not only for Facebook users but also for twitter users.

Certified Ethical Hacker v7 Training Course Discount

Receive up to a $500 discount on the Certified Ethical Hacker v7 course offered by Global Knowledge through the ISLAND TRADEWINDS program - Prepare for the CEH certification while learning the latest ethical hacking techniques.

FireCAT 2.0 Released-Firefox Catalog of Auditing exTensions

What is FireCAT?
FireCAT (Firefox Catalog of Auditing exTensions) is a mindmap collection of the most efficient and useful Firefox extensions oriented application security auditing and assessment. FireCAT is not a replacement of other security utilities and software as well as fuzzers, proxies and application vulnerabilities scanners.

How to Re-Enable Task Manager,System Restore,cmd,run,Registry? Fixed

Hi friends, today i faced a problem.  A virus attacked my XP. I was unable to use Task Manager, System Restore,cmd,run,Registry.


This malware disabled important windows features(task manager, system restore,.......)

How does your Website becomes vulnerable to SQL Injection?

Developer is the one and only reason for the SQL Injection Vulnerability. While developing the Web Application, he fails to handle some vulnerability(because he doesn't know about it. Don't be one of them. If you are Web Application developer, then you must read these security techniquest in order to overcome the SQL Injection Vulnerability.

How to Setup your own Proxy Server For Free using Hamachi and Privoxy?

Read this post to know  What is proxy server?

Why should i use Proxy server?

Open Wi-Fi Connections:
It is possible for anyone to monitor everything you do on an Open Wi-Fi Network. Not all sites that you visit may use HTTPS Encryption. Sometimes even sites that do use HTTPS only do so for certain actions and then revert to regular unencrypted HTTP connections, which are visible by anyone on the network. Using a proxy server will direct all web traffic through a secure and encrypted tunnel making all of your browsing safe and unseeable.


Bypass Firewalls and Corporate Web Filtering:
Users who wish to bypass web monitoring and restrictions imposed by their employer may utilize Proxy Servers. This is great for users and dangerous for IT Professionals as it may pose a danger to network security.

How to Set up the proxy server using Hamachi and Privoxy? 

Requirements:

1. 2 computers. One works proxy server. Other one use the proxy server(client). Both system should have Internet connection.
2. Hamachi: A free (for non-commercial use), cross-platform VPN service that, gives you secure access to your home network no matter where you are. Download it from here:

   https://secure.logmein.com/products/hamachi2/

3. Privoxy: A free, Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user networks. Download it from here:
   

   http://www.privoxy.org/

Installing Hamachi and Set up the Server

Step 1: 

 Decide which Computer is going to work as Proxy Server.  Install the Hamachi in that computer.
Step 2:
Once you installed, run the application.  It will open small Hamachi application window with thanks message.

Step 3:
Click the Power Button.  It will automatically detect the host name and ask you to register the client.

Once you registered, it will show some IP address like 5.xx.xxx.xxx near to the power button.  Note this is our proxy ip Address.

Step 4:

Now you will get two options. 1. Create New Network 2.Join an existing Network.
This is server Computer, we have to create network to used by client.
So click the Create a New Network button.

Step 5:

It will ask you to enter network id and password(i entered id as proxy_BreakTheSecurity).   Enter your desire id and password(Should be strong password).
Click the Create button.

That's all your server is ready to be used.

Using Our Proxy Server in client Side
Now move to your client system( i mean any other computer).  Install Hamachi in your that system.
Follow the first three step mentioned above.
Step 4:
Now you will get two options. 1. Create New Network 2.Join an existing Network.
This is Client System, right? so Click the Join an Existing network.

Step 5:
Enter the Network id and password that you used to create network.  (in my case, network id i entered is proxy_BreakTheSecurity)

You can rinse and repeat this on every machine you want to do this with, for up to 16 clients (that’s the limit for Hamachi’s free-for-non-commercial-use version)

Installing the Privoxy in the client system:
Install the privoxy and run.

Step 1:

In system tray, you can see P icon. right click on the P
and select Edit->Main Configuration.

Step 2:

It will open the config.txt file in notepad.
Search for the "listen-address 127.0.0.1:8118"
Replace the 127.0.0.1 with our proxy ip address(address that displayed in server hamachi apps) created in server side.
For example listent-address 5.xx.xxx.xxx:8118
Save the file.

That's all you finished.  Restart the privoxy.
Now we have to use the Proxy server.

Set Up Your Web Browser to Use Your New Secure Proxy:

Open the Mozilla Firefox
Open Tools->Preferences.
It will open the preference window of Firefox.
Select Advanced->Network tab.

Click the Settings button near to the "Configure how Firefox connects to the Internet”
Select the Manual proxy configuration.

Enter our Server Proxy Address(5.xx.xxx.xx) and port as 8118.
click ok.



Test the Proxy Server.
Now we have to test whether our proxy is working or not.

Visit http://config.privoxy.org/. It will detect whether you use proxy or not.

If proxy is used, you’ll see a message like “This is Privoxy 3.0.17 on Windows (5.xxx.xxx.xx), port 8118, enabled.”

If not, you’ll see a page that reads “Privoxy is not being used”.

Also, if you’re on a public Wi-Fi connection and you navigate to something like WhatIsMyIP.com with your proxy turned off, you should see a different IP when you reload the page with your proxy turned on.
(Essentially, when turned on, your home’s public IP address should be showing.)

Even though your proxy is running over an HTTP connection, Hamachi is encrypting everything that runs between your computers, so it’s still a secure option

SQL Inject Me -SQL Injection Tool to test the Vulnerability for Pen Testers

So far i have written what is sql Injection, How to prevent SQL Injection? .  In this post, i am going to introduce a new SQLi tool for Pen Testers and Webmasters.
The tool name is SQL Inject Me.

What is SQL Inject Me?
SQL Inject Me is Mozilla addon that is used to test the SQL Injection Vulnerability of Web Application.  It reduces the workload of Manual SQL Injection Test.  This is especially designed for Pen Testers and Web Masters not for hackers.

How to Prevent SQL Injection Vulnerability? Website Security

Hi webmasters and budding Pen Testers, I hope you read my article about SQL Injection. Our Aim is to provide Security, right? So here is the prevention techniques.

ArpON (Arp handler inspectiON) v2.7-Security Softwares

What is ArpOn?
ArpON (Arp handler inspectiON) is a portable handler daemon that make ARP secure in order to avoid the Man In The Middle through ARP Spoofing/Poisoning. Detects/blocks the DNS, WEB Spoofing, Session Hijacking, SSL/TLS Hijacking & co attacks.

This is possible using three kinds of anti ARP Spoofing tecniques: the first is based on SARPI or "Static ARP Inspection" in statically configured networks without DHCP; the second on DARPI or "Dynamic ARP Inspection" in dynamically configured networks having DHCP; the third on HARPI or "Hybrid ARP Inspection" in "hybrid" networks, that is in statically and dynamically (DHCP) configured networks together.

Apache Log Extractor Tool for Pen Testers

We know that Apache Server is Famous Web server.  Let us see what is Apache log extractor tool .

What is Apache Log Extractor Tool?
Apache Log Extractor is a quick script to export URL information from Apache access logs. The thought behind this script was to provide a list of known URL’s on a remote server by analysing the logs. This list could then be used as the input for further testing tools e.g Burp Suite – Intruder.

APKinspector: Static Analyser of Android Malware

What is APKinspector?

is an android Security Software. This tool is for analysing the Android malware samples manually. They use PyQT as the framework of the prototype for the APKinspector. Because PyQT provides a complete interface to QT applications and python can interact with androguard easily.

Features

How to detect Firesheep- Blacksheep Mozilla Addon(AntiFiresheep)

I hope you read this article about How to Hack Facebook Using Firesheep in WI-FI?.
This blog is mainly concerned with Computer and Network Security, right?. So Let us see how to detect how to detect the Firesheep usage.

Who is the blacksheep?

meeeh...meeh...Hey don't worry, I am not going to post about that sheep.
What is Blacksheep?
Blacksheep is Mozila addon detects whether intruder is stealing your Session using the firesheep. A Mozilla Add on against the Firesheep, we can call it as AntiFiresheep.

What is an IFrame Injection? Mass IFrame Attack Tutorial

Recently 90000 webpages infected by Iframe Injection attack.  Here i am going to explain what  IFrame Injection is.

What is an IFrame Injection?

Using IFrame tag, The Attackers injects the malware contain website(links) using Cross site Scripting in popular websites.  So if the usual visitors of that popular sites opens the website, it will redirect to malware contain website.  Malware  will be loaded to your computer, now you are infected

Scan files for Virus and Keylogger in Online for free-VirusTotal.com

Usually if we download free software from public file hosting service website, it may contain some virus or keylogger.  If you run the program without scanning, it leads to problem in your computer. So it is necessary to scan your files before you run or open.

For scanning purpose, you don't need any anti virus but Internet.

VirusTotal.com will scan your file and give reports about the file.

if you have the download link, then select submit url and paste url. Click the Send file.  It will star the scanning process.  Wait for a while.

If you already downloaded the file or want to scan local file, then use upload file.

This virustotal will scan file with all antivirus' virus signature.

Why you should hide IP(Internet protocol)address?

What is IP Address?
 IP address is Unique Identification Number that is assigned to your Internet Connection.Each house has unique address ,right? Likewise, In Internet each machine some unique Address .   This will be used to identify your computer in Internet.  Using IP address, we can trace the location of the User.

 

"Hide The IP" best IP hiding software tool

As i said Internet is less secure medium, you have to hide your identity from intruders/attackers.( Using Internet, hackers can steal your confidential data like credit card number, bank account, facebook accounts.) One of the identity is IP address. When you visit website, it may store your IP Address . Using your IP address anyone hack your computer. So it is important to hide your IP address.

Today let me introduce a IP hiding software, named as "Hide the IP"

Hide the IP

Hide the IP is best IP hiding software. One simple click, your IP address will be hidden and show some fake IP address , surf anonymously over the internet. Now hackers can't find your original IP address.

Features of Hide the IP

• Select your physical Location: You can decide your region. Your IP will be set based on your country selection
• Send Anonymously Mail: while sending email , your IP also included in Header section of mail. This "Hide The IP "software will hide IP in your mail header also.
• Breaking restrictions: is your IP banned to register in any forums ? Some websites restricts certain country region. Using this software you can break the restrictions and register or visit websites
• you can install in 2 computers. But you can not use simultaneously.

how it works?
when you run the application, it connects to their server and get the new and stable IP address.

There is three different plans(standard, professional, plantinum) .

Download trick version here
Buy this software from here