blog4aurobindo

Ransomware made its debut with a trojan called PC Cyborg, the brainchild of Dr. Joseph Popp. The extortion begins with a vulnerable computer becoming infected. Once settled in, the malware hides all folders and encrypts file names on the C: drive. Next, a dialog box opens, proclaiming the victim needs to send PC Cyborg Corporation $189 US, because the license had expired.

Until ransom money is received and the malware’s activities are reversed, the victim has a non-working computer. Thankfully, the doctor’s trojan had a weakness. It encrypted the file names using symmetric cryptography. Once experts had a chance to analyze the malcode and encrypted tables, it became simple to reverse and determine who created the ransomware.

It seems the doctor felt he was doing something worthwhile (eventually declared mentally unfit). At his trial, he mentioned that the ransom money was to be used for AIDS research.

The crypto-virus encrypts the victim’s files using the malware writer’s public key. The extortion comes into play when the victim is asked to pay ransom in order to obtain the private key for decrypting the files.

How it works

Young and Yung call this type of ransomware crypto-viral extortion. Giving the following definition:

“Crypto-viral extortion, which uses public key cryptography, is a denial of resources attack. It is a three-round protocol that is carried out by an attacker against a victim. The attack is carried out via a crypto-virus that uses a hybrid cryptosystem to encrypt host data while deleting or overwriting the original data in the process.”

The three-round protocol is interesting. It consists of the following:

• Crypto-virus is installed: Using any number of techniques, usually drive-by dropper platforms; the crypto-virus gets installed on vulnerable computers. When the virus activates, it creates a symmetric key and initialization vector (IV). The crypto-virus proceeds to encrypt data files using the symmetric key and IV. After which, the crypto-virus concatenates the IV with the symmetric key. Finally, the concatenated string is encrypted using the malware author’s public key. With everything now in place, the crypto-virus pops open a window explaining the ransom demands to the victim.
• Victim’s response: If the victim decides to pay the ransom. There are several ways that can happen. We will look at those in a bit. The victim also has to send the encrypted concatenated string to the cybercriminal.
• Attacker’s response: The extortionist then decrypts the string using the private key, which discloses the symmetric key and IV. Finally, sending both back to the victim. Who will use them to decrypt the data files.

Covering their tracks

On their Web site, Young and Yung talk about the effort cybercriminals go through to protect themselves. They store the public and private keys on a smart card and do not personally know the bit representation of the private key:

“Ideally, the smart card will implement two-factor security: something the virus author knows (a PIN number) and something the virus writer has (the smart card that contains the private key). Also, the card will ideally be immune to differential power analysis, timing attacks, etc. to prevent the virus author from ever learning the bits of the private key.”

The Web site goes on to explain why the extortionists do this:

“In the U.S. the virus author cannot be forced to bear witness against himself or herself (Fifth Amendment) and so the PIN can remain confidential. The purpose of this setup phase is to limit the effectiveness of seizing and analyzing the smart card under subpoena or warrant (competent evidence).”

Payment techniques

In the past, ransomware has not been the malware of choice. That’s because cybercriminals are concerned about the money trail sending ransom funds creates. I mentioned earlier that many approaches have been tried. Here are some of them:

• Trojan. Ransom-A declares that it will destroy one data file every 30 minutes unless $10.99 US is sent to a specified account via Western Union.
• Trojan.Archiveus is a bit more creative. The ransom note declares the decryption password will be sent. If the victim purchases something from a specified Web site, typically in Russia.
• Win32.Ransom uses a novel way to obtain ransom money. The crypto-virus blocks Internet access until the victim sends a premium SMS message. This approach is becoming the favored payment method.

Example

To help understand the entire process, let’s look at what many consider cutting-edge ransomware. F-Secure just released information about Trojan:W32/DatCrypt. Here’s how it works.

The trojan makes its way onto the victim’s computer. After which, it gives the illusion data files such as Office documents, music, audio, and video are corrupt.

In reality, the files have been encrypted by the trojan. The next message opened by DatCrypt informs the victim to download specified file repair software. Notice how the window created by the malware appears to be a message from the Security Center (courtesy of F-Secure):

What is actually downloaded is Rogue:W32/DatDoc. Malware that gives the appearance of fixing the problem. But, only one file can be fixed with the free version (courtesy of F-Secure):

The attackers are trying to lull the victim into thinking the software actually works. They hope the victim will spend $89.95 US for the registered version. In reality, victims are paying ransom to get their own files back.

Solution

There is no magic formula to avoid crypto-viral extortion. It’s just malware looking for vulnerable computers to exploit. Keeping operating system and application software up-to-date, along with a decent anti-virus application will offer protection. Also, having current backups of all important data is a good idea, just in case.

Final thoughts

Ransomware is making a resurgence. Hard-to-trace Internet payment methods are emboldening cybercriminals.

Two thoughts immediately come to mind. Once the extortionist has the money, why send back the decryption information? Also, what proof does the victim have that the whole process won’t start over again?

Generally we use sysklogd for all the system logs. We know sysklogd provides system events and application events to be logged and save to log files like /var/log

There is a alternative to this. You can use rsyslog to store your logs in mysql and you can see them from browser with the help of phpLogCon. Isn’t it interesting?

Steps:

# yum install rsyslog rsyslog-mysql mysql-server php-mysql php-gd httpd mod_ssl

# chkconfig rsyslog on

# chkconfig httpd on

# chkconfig mysqld on

# chkconfig syslog off

Now that the packages are installed and the defaults are out of the way, syslog will be disabled on subsequent boots (but is currently still running), and rsyslog, httpd, and mysqld will start on subsequent boots (but are currently not running).

Rsyslog uses the same syntax as syslog, so if you have made modifications to /etc/syslog.conf, you can copy that file to rsyslog.conf and rsyslog will continue to log to the same files and in the same way that syslog did.

Next, start the MySQL service, create a database for the syslog messages, and import the schema for rsyslog to use:

# service mysqld start

# mysql

mysql> GRANT SELECT, UPDATE, INSERT ON Syslog.* TO rsyslog@localhost IDENTIFIED BY ‘password’;

mysql> \q

# mysql </usr/share/doc/rsyslog-mysql-2.0.6/createDB.sql

To add MySQL support to rsyslog, edit /etc/rsyslog.conf and add the following to the top of the file:

$ModLoad ommysql.so

*.*  :ommysql:localhost,Syslog,rsyslog,password

Once this is all done, you can stop syslog and start rsyslog. Once you start rsyslog, check /var/log/messages to make sure it noted the rsyslog startup:

# service syslog stop

# service rsyslog start

# tail /var/log/messages

Also make sure that rsyslog made the connection to MySQL. If you are using CentOS or Red Hat Enterprise Linux, with SELinux in enforcing mode, you will need to update the SELinux rules to allow rsyslog to talk to the MySQL socket (otherwise you will see failures in the logs). This can be done by doing:

# setenforce 0

# service rsyslog restart

# cat /var/log/audit/audit.log | grep rsyslogd | audit2allow -M

myselinuxmod; semodule -i myselinuxmod.pp

# setenforce 1

# service rsyslog restart

After the above is done, you should no longer see connection errors in /var/log/messages. You can log into MySQL and take a look at the SystemEvents table to make sure data is being logged there.

Now you have all the logs in MySQL but remeber we want to use phpLogCon to see the log messages from browser. phpLogCon should be installed. It is a Web-based front-end that will allow you to view the logs with a nice interface. The latest version can be downloaded from http://www.phplogcon.org/downloads. The tarball comes with an INSTALL file with the instructions on how to set it up; it’s no more difficult than any other PHP Web application.

Once it is installed, you will be able to see all of the log messages, as well as search and filter them. If you wanted to view logs from other hosts on the network as well, you can set up the syslog daemons on the other systems to do remote logging to rsyslog; you will need to edit /etc/sysconfig/rsyslog and change the SYSLOGD_OPTIONS to “-m 0 -r” first, however. This tells rsyslog to listen and receive logs from remote systems.

On the remote systems, you would add the following to the end of syslog.conf:

*.* @hostname_or_IP_of_syslog_server

Be sure to restart any syslog server you make configuration changes to.

Google has developed a plug-in for Internet Explorer (IE) that will allow Chrome to run in IE. Chrome Frame is a new browser plug-in developed by Google which will give user a chance to feel Chrome browsing experience inside Microsoft’s Internet Explorer.

Many experts have claimed that IE has fairly low web standards and is susceptible to virus attacks and lacks in performance as well. Many users are turning to Mozilla Firefox, Google Chrome or even Apple Safari for safe browsing. But that does not change the fact that IE is still the largest used web browser (as it comes integrated with Microsoft operating system).

Many corporate houses still run IE. But after the launch of Chrome Frame things will change dramatically. Chrome Frame creates a new frame inside IE and with this frame Google packs all the essential data in a lightweight plug-in to convert IE into Chrome. Chrome Frame also injects the latest versions of Chrome’s Webkit and JavaScript engines into IE. Google claims that its goals are noble and they just want to provide users with better performance browser.

While it is true that running two browsers in one will take more resource from computer but Google says that Chrome is designed to give resources back to the machine when users are not using them with the browser.

Google claims that it won’t be explicitly advertise Google frame in IE but will use subtle methods to alert users of its existence. For example, if users browse to a Google app in Internet Explorer that may render better in Chrome, Google might have a message on the page informing about the plug-in.

Chrome Frame is still in testing stage and will work with IE6, IE7, and IE8 on any Windows-based machine. Microsoft has still not made any comment on this but there are chances that Microsoft will ban Google Frame.

Till now no one can even think that a worm could knock down global internet. Even tech experts have failed to conquer this deadly worm called Conficker, which has already infected five million computers, and may soon crash the internet in all countries.

So dangerous is the threat, that the world’s largest computer security companies have joined together with governments around the world in an unusual alliance to pool their resources and solve the problem. So much so, that a group (Conficker Working Group) to defeat the worm has also been created.

The worm, which was first detected in November, last year, spreads rapidly to computers through a flaw in the Windows operating system. Infected machines are co-opted into a “botnet” army, which can be controlled and used by the hackers to launch unprecedented cyber attacks.

“The general agreement in the security world is that Conficker is the largest threat that global internet is facing from a cyber crime point of view. It has proven to be extremely resilient. It’s almost impossible to remove,” Rodney Joffe, a Director of the Conficker Working Group, told Sydney Morning Herald. “The best minds in the world have not managed to crack the code behind this yet.”

Microsoft has offered a 250,000 dollars reward for information leading to the identification of the individuals – or rogue governments – behind Conficker. But so far international effort to find a solution has yielded few results.

The creators of the worm can do anything they want with the infected machines including stealing users’ banking details or flooding government servers to knock them offline. The worm has a built-in mechanism to prevent people from scanning their computers with anti-virus software, says Joffe. Unfortunately, even for those who wipe their computers clean and start fresh, if they back up any important data on a portable hard drive, the clean machine is re-infected when the drive is connected to the computer.

The worm also spreads automatically between computers on a network and infects machines without the user having to do anything other than switch their computers on. While majority of the botnets can be destroyed by disabling the server used to issue commands to infected machines, but with Conficker the location of this sever changes every day and state-of-the-art cryptography means it’s almost impossible to crack.

I am going to discuss here few steps to run php 5.x on Tomcat 4.x or Tomcat 5.x. We can enable php only in one web application as well as run globally for all applications under tomcat. I assume here, you have Apache Tomcat 4.x or 5.x already installed and running in your machine.

Steps:
1. Download latest php 5.x zip file. I used php 5.0.2. You can download it from here: http://museum.php.net/php5/php-5.0.2-Win32.zip
2. Download latest pecl modules 5.x zip file. I used pecl 5.0.2. You can download it from here: http://museum.php.net/php5/pecl-5.0.2-Win32.zip

Note: PHP version and PECL versions should be same. If you want to try with some other version get from here: http://museum.php.net/php5/

3. Unzip php zip in C: drive(I used C: for my installation, you are open to try new things)
4. Copy php.ini-dist, in c:\php, as php.ini in c: drive
5. Uncomment the line (remove semi-colon at the beginning) in php.ini:
;extension=php_java.dll
6. Extract php5servlet.dll from pecl zip file to c:\php. Ensure that the file is actually present in c:\php (maybe you can’t see the php5servlet.dll file in pecl archive, it means you are trying this with newer versions of php)
7. Now create a directory under webapps in your Apache Tomcat installation. Lets say it is named test.
8. Create WEB-INF directory under test
9. Create lib directory under WEB-INF
10. Create web.xml under WEB-INF with the following contents:

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<servlet>
<servlet-name>php</servlet-name>
<servlet-class>net.php.servlet</servlet-class>
</servlet>
<servlet>
<servlet-name>php-formatter</servlet-name>
<servlet-class>net.php.formatter</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>php</servlet-name>
<url-pattern>*.php</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>php-formatter</servlet-name>
<url-pattern>*.phps</url-pattern>
</servlet-mapping>
</web-app>

11. Extract php5srvlt.jar from pecl zip archive and extract or unjar (jar -xvf c:\php5srvlt.jar ) it under c:\
12. Modify both the files reflect.properties and servlet.properties to change the line library=phpsrvlt to library=php5servlet and save them. This indicates the file name of the dll file which is loaded by the Java application to serve the requests.
N.B.: This has no connection with the name of the jar file which can be anything. you may get this error “java.lang.UnsatisfiedLinkError: no php5servlet in java.library.path” for any mistake in this step. Please check the two properties file, whether there are any blank spaces. There should be only one line, and no blank spaces.

13. Re-create the jar file with the following command
(jar -cvfm php5srvlt.jar c:\META-INF\MANIFEST.MF -C c:\servlet\ /.), assuming you extracted the php5srvlt.jar in c: drive
14. Copy the jar file to WEB-INF\lib directory created earlier.
N.B: If you want to run PHP for one web application then do step 14 only but if you want to run php globally for all applications under tomcat then copy the php5srvlt.jar into commons/lib directory as well
15.  Add c:\php to your System or User Path in Windows environment (Hint: Right-click and select Properties from My Computer -> then go to advanced tab -> click on environment variable)
16. create a new system or user variable PHP_HOME with value c:\php
17. Create a file index.php under test with the following code:

<?php phpinfo(); ?>

18. Restart Tomcat
19. Restart your machine(it is not required but though as we have added system variable so there is no harm doing a restart)
20. Start tomcat server again.
21. Open your browser and go to http://localhost:8080/test/index.php(if you set your port to some other port than 8080 please specify it in the place of 8080)
22. Ensure that there are no errors displayed. Instead you get an informative screen with php version information and whole lot of details.

Hope this helps. Have fun!!!

A good deal-maker can make any economic environment OK. But most team leaders have never been trained in the basics of negotiating. That’s too bad – they’re probably leaving money on the table. Money that could have made a difference to their own organization.

In today’s environment, many organizations are looking for new business opportunities. And, because it’s the easiest place to start, they will often reduce their pricing to get a foot in the door. On the other side, many companies are now asking their vendors to cut fees or reduce product prices. It’s a tactic that makes sense because they know they can go elsewhere to get similar goods and services.

However, many team leaders designated to be the “negotiators” on both side rarely have had any real training in the art of negotiating. Consequently, good organizations are missing opportunities and failing to explore other joint opportunities when they start talking. Here are some tips and tactics I’ve seen used by some of the best deal-makers in various organizations. See if they can help you improve results and performance:

1. First and foremost, be prepared to walk away. This is single most important strategy to getting what you want. Whether at work, or just generally speaking, out of life. If you aren’t prepared to say, “No” and mean it; then you are likely to end up settling for a lesser outcome. Before entering into the negotiation, know in advance exactly what you are and are not willing to concede, so that you do not need to process this information on-the-fly without adequate time to weigh the pros and cons of each.

2. A good deal comes together quickly – a bad deal takes way too long. I’ve negotiated on behalf of organizations around the world. Whether it’s been in North America, South America, Asia or Europe this is a truism. Recognize when it’s time to forego a deal entirely. Take a clue from the amount of time it’s taking to get what you want. If you have to “force it,” chances are it will come back to bite you later on. I’ve seen many people waste a lot of time with the misguided belief that with just one more thing the deal is going to work – it rarely does.

3. Deal at the right level. Nothing is more frustrating than trying to do a deal with an individual who can’t make the final decision. It’s like negotiating against yourself – you address an issue and try to come to a conclusion and then the other person takes that to someone else “behind the scenes” only to come back and say it can’t be done on those terms. It’s far more efficient and effective to find the right person to negotiate with directly. Tip: If you don’t know if you’re working with the right person, just ask if they have authority for the final decision.

4. Come prepared. The more information you have about the “marketplace,” the more likely you are to not only prevail, but also get the best deal possible. While you may actually prevail by shooting in the dark, not knowing the extent of the opportunity could result in your leaving a lot on the table. And don’t be shy about asking these easy questions: “Is this the best you can do? Does anyone else get a better deal than this?” Knowledge is truly power.

5. Don’t take anything personally. Here’s my best advice on this issue: To maintain objectivity, treat every negotiation as if you are doing a deal for someone else who has hired you as the professional deal-maker. When you allow yourself to get emotionally involved, rational thought often goes by the wayside and you’re far more likely to concede to your later regret. Cool heads get the best, and most, out of what they are seeking..

6. Anticipate objections. Prior to the negotiation, brainstorm all the reasons or objections that may prevent you from getting what you want – and prepare a thoughtful counterpoint for each, one at a time. Expect the other person to use whatever reason and raise whatever issue they can come up with to out-deal you. During a negotiation, people conjure all sorts of reasons why something can’t be done, many of which are often bogus. Until you know the valid sticking point, you are just spinning your wheels.

7. Don’t underestimate Karma. Even in business, what goes around indeed comes around. The best deal is one where both parties walk away feeling positive about the result of the negotiation. The worst deal is that where one side leaves the table feeling slighted with the short end of the stick. If you’re the kind of person who “has” to win and is prepared to humiliate or otherwise make someone feel bad as a result, sooner or later the gain is likely to come back to haunt you.

Happy Working

Unless you’re a Firefox power user, you may not be familiar with the about:config page. The Firefox about:config page is not so much a page as it is a somewhat hidden configuration section. It’s hidden because it’s fairly powerful and not nearly as simple to use as the standard Preferences window. In the about:config page, you have to know what you are doing or you can mess things up a bit. In fact, when you attempt to go to that page for the first time, you have to accept an agreement (which is really just a warning) before you can continue.

How this page works is simple. You reach the page by entering about:config in the address bar. There are entries (one per line) that handle various types of configurations. Each entry has a searchable keyword. The entries can be of Boolean, integer, or string value. Entries contain Name, Status, Type, and Value. Typically, you will be modifying only the Value, by double-clicking on it and making the change. With all of that in mind, let’s take a look at 10 of the best ways you can “hack” the about:config page.

1: Speed up Firefox

This hack requires a few steps. Search for pipelining in the filter and you should see:

network.http.pipelining: Change this to true.

network.http.proxy.pipelining: Change this to true.

network.http.pipelining.maxrequests: Change this to 8.

Now search for max-connections and you should see:

network.http.max-connections: Change this to 96.

network.http.max-connections-per-server: Change this to 32.

2: Disable antivirus scanning

This is only for the Windows version. If you’re downloading large files, this scanning can seriously slow things down. And since you will most likely scan the downloaded file anyway, you’ll probably want to disable this. Of course, if you are uber paranoid (not a bad trait for computing), you might want to leave this entry alone.

To disable antivirus scanning, search for scanWhenDone and you should see:

browser.download.manager.scanWhenDone: Change this to false.

3: Open Javascript popups as tabs

If a popup window lacks the features of a browser window, Firefox will handle it like a popup. If you would prefer to open all windows, including popups, as new tabs, you need to tell Firefox in about:config. Search for newwindow and you will see three entries. Of those three entries, you will want to modify:

browser.link.open_newwindow.restriction: Change this to 0.

4: Spell checking in all fields

By default, Firefox checks spelling only in multiple-line text boxes. You can set it to check spelling in all text boxes. Search for spellcheckdefault and you should see:

layout.spellcheckDefault: Change this to 2.

5: Open search bar results in new tab

When you use the search bar, the results display in the current tab. This can be a nuisance because you will navigate out of the page you are currently in. To make sure Firefox always opens search results in a new tab, search for openintab and you should see:

browser.search.openintab: Change this to true.

6: Auto export bookmarks

In Firefox 3, bookmarks are automatically saved and exported for you. The only problem is that by default, they’re saved as places.sqlite instead of the more convenient bookmarks.html. To change this setting so that they can be easily re-imported, search for autoExportHTML and you should see:

browser.bookmarks.autoExportHTML: Change this to true.

7: Disable extension install delay

One of the few gripes I have with Firefox is the silly countdown you must endure every time you want to install an extension. Fortunately, this can be disabled. Search for enable_delay and you should see:

security.dialog_enable_delay: Change this to 0.

8: View source code in an external editor

When you need to view the source of a page, it opens up in browser popup. Most developers would probably like to have that opened in their favorite editor instead of having to cut and paset. To do this, there are two entries to modify. Search for view_source.editor and you will see:

view_source.editor.external: Change this to true.

view_source.editor.path: Change this to the explicit path to your editor of choice.

9: Get more add-on search results

When you do a search in the Add-on window, you’ll see just five results. You might find it more efficient to increase this number. Search for getAddons and you should see:

extension.getAddons.maxResults: Change this to 10 (or higher, if you want to see even more).

10: Redefine the Backspace button

Did you know you can configure Firefox to use the backspace button to either go back a page or go up a page? This keeps power users from having to go back and forth from the keyboard to the mouse. Search for backspace and you will see:

browser.backspace_action: Change this to 0 for previous page and 1 for page up.

Happy Hacking!!

Now if you know any other hacks except these please share this here.

Tip

If Firefox is messed up because you accidentally mis-configured about:config, you can fix it in one of two ways:

• Make a backup of your prefs.js file before you start editing. Then, if something goes wrong, you can restore it by copying it over the corrupt file.
• If you can’t restore via a backup prefs.js file, you can exit Firefox and issue the command firefox -safe-mode to bring up the Firefox Safe Mode screen. Then, just select Reset All User Preferences To Firefox Defaults. Note: This will restore all user preferences to their default values.

For the growing interest of how to mod your MOTOROKR E6/E6e/A1200 i have published a article How i moded My MOTORKR E6 edge aka E6e. I have also published Short tutorial for flashing your E6/E6e.

See this and let me know about your progress and never hesitate to post if you face any kindof problem.

Happy modding!!

Hi Guys!! For since somedays i was busy with my newly bought MOTOROKR E6e aka E6 EDGE. I was too curious to mod it by as you know for modding and installing apps you have to flash your firmware to some firmwares which supprt modding. Like I have 22P firmware installed by default and these firmware is only available in indian phones, as far as i know. So i was eagerly waiting for the 22P firmware to come on internet as i have the alternate way if it doesnt work. After i got the original R535H10_G_11.87.22P aka 22P firmware. Now what should i do. Suddenly i got to see in motorolafans forum that there some modded firmware aka f/w is available which can install MPKG and LIN files. For your information MPKG(or PKG), MTF and LIN these are basically the formats of teh Motorola apps available everywhere. Without hesitation i get that modded firmware and flashed my phone with RSDLite with the USB cable. The steps are available in motorolafans forum or you can ask me also. After that its like the whole world opened up in front of me. I installed the iPhone theme, changed the bootscreen and gone mad about this. Let me share a video i have uploaded in youtube recently. I am going to share the video with you in my next post. I am sharing some of the screenshots i have taken by the eCap app which is basically used for capturing screen within your phone.  

I think you will enjoy the video though the pictures are not so clear. If you want to know more or want any specific screen capture or good quality video please do not hesitate to ask me for that.  

1. Click Start | Control Panel and then double-click Administrative Tools
2. Click on Services to open the dialog box
3. From the list of services, right-click and then click Stop for the following services:

* -Automatic Updates
* -Background Intelligent Transfer Service
* -Cryptographic Services

4. Next click Start | My Computer
5. Double-click the drive where XP is installed, usually C:\
6. Double-click Windows
7. Right-click on the file folder SoftwareDistribution and rename it to SoftwareDistribution.old
8. Next double-click on the System32 file folder
9. Right-click on the folder Catroot2 and rename it to Catroot2.old
10. Right-click on the folder SoftwareDistribution and rename it to SoftwareDistribution.old
11. Close C:\Windows\System32 explorer window
12. Now, go back to the Services folder. Right-click and then Start the following services:

* -Automatic Updates
* -Background Intelligent Transfer Service (unless it was originally set to manual and you never had to stop the service in the beginning)
* -Cryptographic Services

13. Close the Services Window and go to the Administrative Tools window (which should still be open)
14. Click the Back Button on your toolbar to get back to the Control Panel
15. Double-click Automatic Updates
16. Select “Notify Me but Don’t Automatically Update Or Install Them” radio button then the OK button.
17. Close the Control Panel and resume computing.

One annoying thing gone from your sight.