PC Drivers
Your Guide to PC Drivers, Cool Tips & the Latest Tech News

The “pylon” driver package, 2.1 version is about to be launched by Basler Vision Technologies. The new release is into the 64-bit system supporting Microsoft Windows. Modifications were added to this version to improve the system such as reworked installation scripts, multicast support and DirectShow64. Basler has been generous enough to allow its free download together with the SDK.

The standard 32-bit systems can directly address four GBs of Random Access Memory (RAM) and have more than 50% of the memory ready for other applications. This is a hindrance because it can cause instability problems like when using multi-camera applications with complicated processing requirements. According to Product Manager, Werner Borchert, images are dropped when the 32-bit system is forced to carry memory exchange schemes into its limited 4 GB memory. This appears to be not a problem with a 64-bit system. The good thing is that GB memory has gone down in price by a good deal so that investing into a 64-bit system is quite small nowadays.

The pylon 2.1 release is a full 64-bit version of the IEEE 1394-b, GigE Vision and the GigE Vision filter performance drivers that come with the pylon package. So that the full installed memory is addressed, pylon’s C++ API is now ready in a 64 bit version. The API has not been altered that is why client applications can readily convert to 64-bit.

The pylon package allows full memory access to applications that operate with DirectShow technology because it has a module that addresses it directly, the DirectShow64. Because of the extended memory,
uninterrupted recording time even with HDTV resolution is now possible.

Pylon 2.1’s multicast support, on the other hand, makes the camera image data visible on two or more PCs in order to share image processing. Developing distributed inspection systems that use several GigE Vision cameras attached to several PCs is now possible. Because of this, a new wave of inspection system performance can be operated on standard PCs with the pylon’s 64-bit system.

Pylon 2.1 version also offers reworked installation scripts that enhance the comfort rating for installations on Windows Vista even with just a 64-bit Vista. These six pylon drivers are Microsoft-certified making Basler one of the few fully-certified providers.

To find out more about the new features, improved modifications of the pylon 2.1 release, you may download the Release Notes from the website of Basler, www.baslerweb.com. At the same time, you may download the SDK and pylon 2.1 release for free from the same site.

Photonics Online

Mebroot, the new breed of malware or rootkit can actually replace the Master Boot Record (MBR) of an infected system that has the very first code that is executed when the computer is booting. Mebroot, AKA Torpig and Sinowal, is a very powerful malware that is undetectable in the hardware.

The Mebroot kit has the ability to launch itself very early during startup without having to wait for file modification or registry. It is the stealthiest rootkit out there today because of its speed in launching and its ability to hide and not be detected in the infected system. It cannot be spotted easily because it can attach itself deep within the Windows system.

The Mebroot has already done enough damage in the RSA security division of EMC last year when a big bulk of financial data was stolen. Since then, the makers have developed the new variant so that it could hide while it reaches all corners of the drive-by downloads.

The moment Mebroot gets into your Windows PC, it transports a payload that records all keystrokes, insert random HTML into websites, especially banking sites, and detects HTTP and HTTPS post requests. Most vendors would say that what is really amazing about it is how it can infect the system. It does not need to connect to the disk.sys driver, but inspects what type of lower device \Device\Harddisk0\DR0 it is connected to and quickly hooks into the relative driver. Whether it is atapi.sys or acpi.sys, it can attack the driver. Therefore, results differ between PCs and virtual machines.

The makers were also able to integrate into the malware the ability for it to fix a bug that, in the past, has made it easier to become aware of anomalies with the MBR.

The most dangerous feature of Mebroot is that it is not present in the hard drive as a file after the first infection. It remains invisible. It only becomes injected into the kernel drivers during the start-up process and eventually becomes injected into svchost.exe and services.exe. Via IAT, processes will become compromised so that it can access all the internal data. Mebroot, for that reason, will not be found in the hardware. The only clue is its presence in the temp drive for only a short time.

Thankfully, though, the malware has not been widespread so far. It has popped up in several servers but is not present again as of the moment. But the problem remains that it may appear anytime because the authors know exactly the machinery behind the security industry. But of course, these people wouldn’t want to make it a global threat like what conficker.c did before. It may not be present today but we all have to be wary and prepared when it comes again.

The rootkit stores data that’s required to survive reboots in physical sectors instead of files. This means that the data, including the real payload, is not visible or in any way accessible to normal applications. Therefore the rootkit does not have to hook the normal set of interfaces to keep them hidden.

The MBR is the rootkit’s launch point. Therefore it doesn’t need to make any registry changes or to modify any existing startup executables in order to launch itself. This means that the only hooks it needs to make are used to hide and protect the modified MBR. Essentially this means that the rootkit hooks only two DWORDs from the disk.sys driver object which is shown in the picture below.

eWEEK

image credits to Sophos D/A/CH Presseinfo