Monthly Archives: January 2012

SQL Azure and Query plans / Performance

I showed you a while ago the improved SQL Azure management portal. After having nothing in 2008, Project Houston was a great step towards a Cloud only management portal. But December 2011 they renewed the complete SQL Azure management portal. Besides a more Metro look-and-feel they added also some extreme helpful tools and utilities.


When clicking on Administration in the lower left corner, you get an overview of your Database health etc. Information about the utilization of your database, connections and users. In this case the database was fairly new and unused, so the query usage is empty.


On a database with more activities this part of the portal looks like this. Yes, my SQL Azure database are not very busy Winking smile.


As you click on the Query Performance link, you get detailed information about the queries on your database and their performance. This gives you a first impression about the overall performance of your SQL Azure instance.


Imagine you have a problem with a certain query. I am talking about the performance of course Winking smile. To get a good view of the query you need a Query plan. Previous your only tool was SQL Server Management Studio and a few SQL Azure Management views.


Ok, this was good. But the downside of this approach was, there was some latency between your client and the SQL Azure instance etc. So it wasn’t perfect.

Now with the new portal there support for query plans in the Cloud Winking smile. Via the portal you can create a new query and this query of course can be executed. But now there a two more options. So there is RUN, Actual Plan and Estimate plan.


With RUN you get the result of your query. Simple as you are used to with the Project Houston site.


But when choosing for Actual Plan, you get an extra tab: Query Plan.


On this tab you get a graphical representation of the query plan. And due to the cool Silverlight 5 environment it looks nicer then the ‘old’ SQL Server Management Studio. There are three options: Total, CPU and IO.




Besides that you can also choose for more details by selecting a Grid or tree representation.



More detail can also be in the imaged version of the query plan, if you play with the zoom level.


So how cool is that! There is almost no need for a Client tool like SQL Server Management Studio. Almost everything can be done in the cloud.

Facebook – Avoid Fake Profile reporting applications

The Facecrooks security sites warns users to avoid installing apps that report to watch user profile information (as they currently do not exist)

QUOTE:  Clicking “Allow” will give the scammer access to your Facebook data at any time and the application will be able to post to Facebook as you. This will allow them to spam their scam messages to all of your friends. This particular application is called “Pr0file Watcher”, but scams like this are known to use multiple Facebook apps. Anytime you install a third party Facebook application, you give the application developer access to your personal data. Always be very selective on the apps you install, and only install them from well-known, trusted sources.

FaceBook – Use caution in installing applications

QUOTE: We often have readers ask us questions about specific Facebook applications. Some apps generate an enormous amount of spam and can annoy your Facebook friends. Others are outright scams and should be avoided entirely. For example, any application offering to show you who has viewed your profile, who your Facebook stalkers are etc., are guaranteed to be fraudulent. Facebook doesn’t allow developers access to the data required to create apps like this.

Android.Counterclank – Update from Symantec

QUOTE: Last week, we posted a blog informing Android users of the discovery of new versions of Android.Tonclank, which we have named Android.Counterclank. The blog generated a bit of discussion over whether these new versions should be a concern to Android users. When classifying applications, our focus is on whether users want to be informed of the application’s behavior, allowing them to make a more informed choice regarding whether to install it.

Android.Counterclank – SYmantec Malware description

Zscaler – Analyzes URL safety

Zscaler analyzes the safety associated with website links as noted below:

PC Magazine: Zscaler – Analyzes URL safety

Zscaler – Analyzes URL safety (Home Page)

QUOTE: Security experts constantly warn you to avoid clicking links in tweets, emails, Facebook posts, and so on. Even if the sender is a friend, the link might have been added by a virus. So does that mean you can never check out the latest viral video? Sure, you can do that. Just check the URL with ZScaler’s free Zulu URL Risk Analyzer first.

SuperBowl – Six ways to avoid online scams

This PC Magazine article share good protective approaches:

SuperBowl – Six ways to avoid online scams

QUOTE: Six methods of protection include:

1. Buy tickets from legitimate or licensed resellers 2. DON’T leave sight of the site 3. Pay using encryption (SSL) 4. Scrutinize your ticket 5. DON’T share personal information 6. 6. DON’T fall for online scams

For more, see 11 Tips for Safe Online Shopping

FaceBook – Valentines Malware themes circulating

Trend Labs shares an important holiday warning to be cautious in selecting any link, app, or theme:

FaceBook – Valentines Malware themes circulating

QUOTE:  It’s never too early to get ready for Valentine’s day, it seems, even when it comes to malicious attacks. Recently, I came across a scam in Facebook that leverages the upcoming occasion.   The said attack begins with a post on affected users’ wall inviting other users to install a Valentine’s theme into their Facebook profile

MS12-004 Early malware attacks starting to appear in wild

Trend Labs documents early developments for malware attacks that exploit the Windows Media Player vulnerabilities patched under MS12-004 during the Microsoft January updates.  Corporate and Home users should patch promptly and avoid all suspicious objects offered in email or websites

MS12-004 Early malware attacks starting to appear in wild

MS12-004 is rated as a highly critical security patch by Microsoft & ISC

QUOTE:  Earlier today, we encountered a malware that exploits a recently (and publicly) disclosed vulnerability, the MIDI Remote Code Execution Vulnerability (CVE-2012-0003). (Ed. Note: addressed in MS12-004).  The said vulnerability is triggered when Windows Multimedia Library in Windows Media Player (WMP) fails to handle a specially crafted MIDI file, consequently allowing remote attackers to execute arbitrary code.

In the attack that we found, the infection vector is a malicious HTML which we found hosted on the domain, hxxp://images.{BLOCKED} This HTML, which Trend Micro detects as HTML_EXPLT.QYUA, exploits the vulnerability by using two components that are also hosted on the same domain. The two files are: a MIDI file detected as TROJ_MDIEXP.QYUA, and a JavaScript detected as JS_EXPLT.QYUA.

Facebook – Do not install What Does your Name mean application

The security firm Facecrooks documents a new scam circulating

What does your name mean? Find out here – Facebook Scam

QUOTE: What does your name mean? Find out Here – >  Installing the application gives the developer access to your basic information. You are also asked on the next screen if you would like to give the application the ability to post to your Facebook Wall. (How nice of them to ask – usually they don’t give you the option  The end game of the scam is the follow survey:

Android Counterclank BotNet – Over 1 million downloads

The new Android Counterclank BotNet has been downloaded over 1 million times and may have infected a large number of users:

Android Counterclank BotNet – Over 1 million downloads

QUOTE:  Symantec has discovered a new Android botnet that is still thriving in the Android Market and has already been downloaded several million times this year. The Trojan ‘Android.Counterclank’ was packaged in at least 13 free games published by three different publishers, making it harder to trace. Symantec notified Google on Thursday and at press time, 9 of the apps were still available in Google’s official app store.

According to Symantec researcher Irfan Asrar, ‘Counterclank’ can carry out commands from a remote control center on your mobile device. According to Symantec’s virus definition, it steals information and can potentially display ads on your device.  “When the package is executed, a service with the same name may be seen running on a compromised device. Another sign of an infection is the presence of the Search icon above on the home screen,” Asrar wrote. No information on geographic scope has been given, but Asrar said that the sheer number of downloads, 1-5 million, makes it the most widespread piece of mobile malware found so far this year.


Recent Comments