Grand Stream Dreams

Whew!  I am beat!

Got up at 7:30 AM to get fresh local donuts for Alvis and her BFF's who spent the night post eighth-grade senior dance.

Picked up the house from about nine to ten. Got more laundry going.

Went and grabbed some pic-i-nic vittles at the grocery store about ten.  Got back and prepped all the yummies while continuing to deal with house-clutter.

Mom and brother arrived at about eleven thirty.  Time for the picnic!

Drove out to the neighborhood park by noon, wondering if we would be able to find a free pavilion on such a wonderful Sunday.  We did.

Got the barbeque pit loaded up.  Brother realized his lighter fluid bottle was empty. Left to go find some more.  I wadded up several paper plates and surrounded the core with brickettes. Lit it. Fanned it.  By the time he got back it was going just fine; thank you very much.

Ate burgers and beans and basil-seasoned corn-on-the-cob.  Ate a silk-chocolate pie. Played catch and caught up on everyone's stories and drama.

With the breeze, and the low humidity, and the clear blue skies, the barges going up and down the bayou and the gulls calling, it felt like a childhood Florida moment somehow.

Bundled back up by three PM at the house. Split up the leftovers.

Took a shower and shaved.

Ran out to get a book for Lavie she had reserved at the bookstore.  Stopped by Khol's to look for new pillows and sheets for our bed.

Learned that Vera Wang makes very nice bedding and thinks highly of her products.  Bought them anyway.  Agreed that Lavie and I should try getting matching pillow styles, and found some to our mutual satisfaction.

Realized at checkout that there really are 1000 count pillowcases in the world, and that if you buy them, you must enjoy them.  Every single penny of them. 1000 count pillowcases fell REALLY good.  I better have some very sweet dreams tonight.  That's all I am saying.

(OK, I picked them out, not Lavie. They do feel very nice.)

Got back home, Alvis reported she had finished her homework. Mostly.  Lavie instructed Alvis of all the things that will not be allowed on the new master-bedroom bedsheets; hamsters, food, drinks, jeans still on Alvis's body home from school, hamsters.

Tossed out a few bedrooms worth of very old and very scary looking bedsheets that had been lurking far back in the linen closet.  Convinced myself that while I could find many uses for them, that the simplest thing to do would be to just toss them and walk away.  Done.

Still got to fold the mountain of laundry in the study.  Still got to unload the dishwasher and re-load.  Still got to change the sheets to the new 401K plan which consists of 400 to 1000 count Vera Wang bed sheets and Laura Ashley pillows (4).

Might eat some leftovers.  Or not.

Got to get done by 8 PM in time for the last episode of Masterpiece Theatre's wonderfully fun Cranford.  I missed most of the second installment, but fortunately, it's being offered to Watch Online!

What am I forgetting?

Oh yeah! This week's Linkfest Roundup!

Security Tools and Techniques.

This week in a rare moment, I was able to take a break from my project management and go hands-on in a tough fight with some challenging malware.

It was a strain of malware that tosses a big 3vil bio-hazard warning about infection on the user's desktop wallpaper, grinds their network connection to a crawl, and provides horrible popup warnings about (false) virus infections found and directs the user to pay for the tool to remove them.

Scam.

This particular variant is in a class similar to PrivacyProtector Free (Red BioHazard Desktop Screen).  Turns out that it has been making our way around a few offices and desktops of ours.  I think it seems to be installed by users as a "drive-by" when they visit a less-than reputable website. The guys have been resorting to just recovering the user's data files, then doing a re-image of the system and moving on.  As I found out, it's very sticky, but not too complex if you have the right tools and a bit of know-how.

In the end I used Autoruns and Process Explorer to locate, disable and/or remove the startup items and delete most of the launching files.  However there were two files I couldn't delete and attempts to use my "locked-file" killers resulted in BSOD's.  With a bit more investigative work I discovered that the two particular files (both .dll's) were hooking at startup deep into the LSASS and Winlogin processes.

Fortunately I have another trick up my sleeve as we now run on XP Pro desktops.  I logged into the Administrator account and set the Security permissions on the files to "Deny" for everything and all users.

Rebooted. The files could not be launched and executed!  Then I merrily deleted them.

I then re-ran Autoruns and removed the remaining bits of the ilk from the auto-start shell, registry, and startup locations.

I removed a few more program folders where it had been "installed" and removed the annoying fake threat wallpaper folder.  Finally (still disconnected from the network) I launched Internet Explorer and hand-entered the original home-page which had been changed to the PrivacyProtector website.

One quick pass with CCleaner and dumped all the temp files, cookies, history, etc. and plugged it back to the network.

Ran like a top.

Some Microsoft Sysinternals tools got great updates this week:

Autoruns v9.2 - 9.21 - This tool got an update that allows exportation and importation of scan results to better view results on other systems.  It also adds support to enable and delete Winsock notification DLL's and fixes bugs encounterd on the 64-bit Windows systems.  Must have tool.

Process Monitor v1.33 - This tool fixes some 64-bit Windows issues and now preserves profile information by default when saving log files.

AccessChk v4.1 - This command-line tool for looking at effective permissions on files, keys and processes now handles Vista process owner rights and shows permissions on active threads.

I didn't know it at the time, but Precise Security has a free tool to effectively remove a specific collection of malware, desktop hijackers, and adware/malware installed by the Zlob trojan family.

Tools and Resources | SmitFraudFix - Freeware malware remover.

Turns out I probably could have used this tool to remove that PrivacyProtector junk from the get-go.  Now I know.

Stinger v3.9.9 - McAfee Threat Center - (freeware) - Standalone utility used to detect and remove specific and active virus infections.  No replacement for full anti-virus protection, but good to keep this single exe file on a USB stick, just in case.

Multi Virus Cleaner (MVC) 2008 v8.2.0 - (freeware) - Another standalone tool to detect and remove major viruses from a system.  Covers over 6000 common variants. Offered as a public service by VirusKeeper security professionals.  Good to keep handy as well

Nirsoft Fun

Nir Sofer is still at it!  Here are some new and improved offerings from his workbench.

PstPassword - Outlook PST Password Recovery - (freeware) - Nothing is more frustrating that a end-user who figures out they can password their Outlook PST files, but then forgets their password!  Sure, we can unlock their Exchange Server password, but their PST file? Luckily Nir has that one covered.  This new update to version 1.10 allows the user to save the results as a CSV file. Nice.

OpenedFilesView v1.15 - (freeware) - Use this tool to display a list of all the open files on your system, along with information about read/write/delete access, and importantly to me, the process that opened the file.  You can also attempt to use this to close the opened file or terminate the process that has it opened.  New version supports CSV file export of results, AutoRefresh sub-menu selection is displayed, and the main window doesn't loose focus when switching back and forth.

MUICacheView - (freeware) - According to Nir Sofer, "Each time that you start using a new application, Windows operating system automatically extract the application name from the version resource of the exe file, and stores it for using it later, in Registry key known as the 'MuiCache'.  This utility allows you to easily view and edit the list of all MuiCache items on your system. You can edit the name of the application, or alternatively, you can delete unwanted MUICache items."  Granted, they come back when you run the application again, but it could be useful when you are inspecting a system and it's application usage.

Seriously Fun, Serious Utilities

Event Log Explorer - (free for personal use) - Great tool that allows you to one-stop-shop view, monitor and analyze the wealth of system logs and events on your Windows 2000/XP/2003 systems.  Sure you can do it without this tool, but this really does help you organize the myriad of reports and drill down to exactly what you are looking for.  Supports tabs, filter by event, power-searches, and the ability to print or export the results.  Great for system inspection and auditing. From FSPRO Labs.

RegRunner - (freeware) - Stunningly well made tool that (like BillP Studios: WinPatrol) monitors your system for changes.  RegRunner keeps its eyes open for registry changes.  Very good to run during program installations/uninstalls.  Can also display running processes and auto-run items, but I prefer the Sysinternal tools for those areas.  Found via a DownloadSquad post.

Empty Folder Nuker by Simon Wai - (freeware) - Does knowing that you have empty folders scattered across your hard-drives keep you up at night?  Want a quick and dangerous way to find and delete them? You need Empty Folder Nuker.  Works on XP, Vista, 2000, and Server 2003.  Simple and easy to use.  But beware, some applications actually need these things to operate. Toss the empties at your own risk!

winMd5Sum Portable - (freeware) - There are a ton on MD5 file hash generation tools out there. I have about five or six.  What I like about winMd5Sum in particular is that it allows you to quickly compare results without having to run multiple sessions of the same tool or copy/paste/write the first one down, then get the second one. Designed to run of USB.

SoftPerfect Network Scanner: fast and free network scanner - (freeware) - Updated recently to version 3.7.  Does lots of wonderful things like pinging, detecting MAC addresses, finds hidden shared folders and write accessible shares on networks, scans for listening TCP and SNMP services. Exports findings in a variety of formats.  Great and USB portable network tool.

Visual IP Tools: Visual Ping, Traceroute, Whois and Email Headers Investigation tool. - (freeware) - Yep it does all that. For free.  See visual route tracking for packet sends. Get WHOIS info. Pings are very pretty. And what I find especially cool, is that it can review email header information and analyze it to get a better understanding of who sent you what.

Seriously Fun, Not-so-serious Utilities

Task Coach Portable 0.69.2 - PortableApps - (freeware) - From the feature description, "Task Coach is a free/open source to-do manager with a friendly interface making it very easy to create, organize, and manage all of your tasks. Task Coach features various handy options such as setting start and completion dates for a task, creating a budget for a task, adding attachments, reminders and more!" Learn more about Task Coach...

BootTimer - (freeware) - Itty-bitty utility to find out just how fast your XP system boot-up time is. Nothing deep here. Just for geeks who like to compare boot-times as a badge of honor.  Could be good to see if disabling certain auto-run items makes any difference or not. Spotted via LifeHacker

Rulers - Omnidea - (freeware) - Really cool on-screen ruler utility and screen shot capture tool.  Supports multi-monitors, also contains a magnifier, color picker and comes in both Windows and Mac versions.  Fun and useful!

Bytessence UserBar Generator - (freeware) - Ever notice those cool little user-bars that some forum users have as their signature graphics?  This tool helps you to design and craft your own custom creations.  It is very easy to use and supports a lot of really eye-catching visual graphic effects including gradients, reflections, "scanlines", custom fonts, opacity, transparency masking and other graphic elements.  Quite addicting to play with.

For the Browser Fans

Yes, I know. I heard.

Firefox 3 Release Candidate now available for download

Dwight is now encouraging folks to go try this version. I would agree.

I personally have been using the "nightly" builds of Firefox 3 for quite some time now and am very pleased with the performance and behaviors.  It is my full-time browser of choice now.

However, I'm not really looking at that old-news.

I've been playing a bit more with the Opera 9.50 beta 2 browser.

Me likey!

No, I'm not going to switch anytime soon from Firefox, but this little browser just keeps getting faster and faster and better and better.  Amazing piece of work, it is.

Oh, and like testing bleeding-edge versions of Opera?

I found that download page as well: Opera Software - Beta Testing.

While not quite as "nightly" as Mozilla's "Nightly" are, they are still periodically made available.

More neat Opera development news can be found over on the Desktop Team blog.

I spent considerable time last weekend playing around in Opera.  In doing so I found a great resource that documents all the files and folders used by by Opera on Windows.  Really good stuff here.  If you are an Opera fan, you must bookmark this page for posterity.  It really helped me understand the files and folder structure when I was poking around my system, post-Opera install.

Files Used by Opera for Windows

Also found out that like Mozilla's "about:config" that contains the inner configurations of the Mozilla Zilla, Opera has a back-stage pass as well; "opera:config".  Only Opera's is very slick and well organized.

Speaking of Firefox 3 and the Zilla, you may remember this post where I found a variety of tools that could be used to look at Firefox 3's SQLite files now used in the latest version: Two More "Lite" SQLite viewers - All good, light, and free

Turns out there is actually a great Firefox Add-on extension that can view SQLite files!

SQLite Manager :: Firefox Add-ons - spotted via this Confessions of a Freeware Junkie blog post.

So if you don't want a standalone freeware SQLite viewer utility to inspect your Firefox SQLite files, then you can use an add-on to do it!  Neat!

One feature of Opera I think I like (still not sure) is the speed-dial feature (Flash-based example) where-by you are presented with a number of thumbnailed sites to pick from as your home-page.  Cool I suppose if you are sorting through the same sites each morning.  I personally just use this blog as mine, but at work, I think I could see some value in this.  Though I usually spend most of my time in my RSS Feed reader (NewsFox) first, then branch out to some other sites.

Anyway, there are two similar Add-on's for Firefox that capture the "speed-dial" feature in Opera:

Speed Dial :: Firefox Add-ons

Fast Dial :: Firefox Add-ons

Which is better? I'm not really sure at the moment.  Give me a few weeks trying one, then the other and I will be able to provide a fair evaluation.

Finally, the Firefox Extension Guru has been providing some wonderful tip-posts on how to tweak Firefox 3:

My personal favorite? Fx 3: Removing Bookmark ‘Star’ Button.

Others have included:

Removing ‘Live Feed’ Button

Make Active Tab Wider

Fx 3: Removing The Search ‘Go’ Button (and the "search bar" magnifying glass)

Find even more Firefox tweaks in The FFGuru's redesigned Tweak's Section

Good work Guru!

And now...time for Masterpiece!

See you in the Skies!

--Claus

So last weekend I was planning the best "breakfast-night" for dinner ever.

I'm known in the family for my wicked-awesome French toast.  So I had planned a great dinner of special scrambled eggs, bacon, and the French toast.

The first two were no problem...then I began making the French toast batter.  I added all the normal (and my secret) special ingredients.  Yummy! Then for the topper I reached for the cinnamon spice jar and topped off the now dunked and cooking slices sizzling on the flattop grill.

Only one problem.

It wasn't cinnamon I had grabbed, but cayenne pepper powder.  My eyes must have been tired.

Lavie thought the resulting dinner was much too spicy to eat.  Alvis kindly ate two or three pieces declaring it surprisingly good.  I had to agree, but only if done with moderation.  The sweet syrup worked well with the spicy flavor.

So this week I had to have a re-do.  I recreated the menu again, this time carefully reaching for the cinnamon spice miller, just to be extra safe....only I had forgotten that I had removed the mill part and the cap was loose on the top.

This time I was greeted with a shower of cinnamon chunks over the counter and in the batter. Luckily these were quickly fished out and cleaned up.

Had to end up using the two-year old jar of ground fake-cinnamon instead.  Checked twice before application.

It was still good.

Here are some Microsoft related posts from the Web grinder I found interesting to note this past week.

A Look Behind the OEM Driver Curtain

The key to Windows success? It’s all about the drivers - Ed Bott’s Microsoft Report

Mr. Bott takes us on a quick two-page review of how drivers and hardware come together to get on your Windows system...and the pitfalls we face when users must rely on OEM manufactures to produce and distribute them.

IE and XP SP 3 What You Need to Know

IEBlog : IE and Windows XP Service Pack 3

You only need to care if you plan on rolling back your current version of IE after you install XP SP3.  Here's the gist:

XP SP3 ships with IE 6;

If IE 6 is installed, no changes or impact.

If IE 7 is installed, XP SP3 will install, BUT you will no longer be able to uninstall IE 7 to roll back to IE 6 under XP SP3. To roll back, you must uninstall XP SP3, then roll back to IE 6, then reinstall XP SP3.

If IE 6 is installed, and you install XP SP3, THEN upgrade to IE 7, you can roll back to the "newer" IE 6 in XP SP3 with no issues.

If you have IE 8 beta installed on your XP SP2 system, Windows Updates will not offer XP SP3 to you (by design). You must first roll-back IE 8 Beta to a previous version of IE first. If you do a manual install of XP SP3 on top of an existing install of IE 8 beta, you can't remove IE 8 beta after that! Recommendation is to roll back to IE 7 or 6, then install XP SP3, then reinstall IE 8 Beta so you can remove it later if you wish.

Nice and simple isn't it?

Branding IE in XP SP3

I haven't seen or had a need for a "branded" IE installation since my early Windows 2000 support days.  We decided to rollout some IE 6.0 releases with the agency name as part of our imaging and IE upgrade project way back when. More work than it was worth (fun though it was).

Turns out that XP SP3 mucks up the process a bit on producing custom IE7 packages unless you use the new Internet Explorer Administration Kit 7 (IEAK7).

IEBlog : Installing Branded IE7 on Windows XP Service Pack 3

Although likely to be rare, if someone you support does get the XP SP3 upgrade, and later tries to use one of these "branded" IE7 setups (say from a broadband provider), they may get the following error:

“Process 'xmllitesetup.exe /quiet /norestart /er  /log:C:\WINDOWS' exited with exit code 61681”

Reason according to IEBlog is that the IE7 installer package is attempting to toss an older file version on top of a newer one, something the system won't allow.

Now you Know!

New Mystery Solved at Mark's Blog

Always a source of entertainment and good Windows troubleshooting techniques, this latest "guest post" installment from Mark Russinovich's blog hunts down problems in FrontPage.

The Case of the FrontPage Error - by Windows Detective Troy Wolbrink

Troy illustrates the easy use of Process Monitor to find a file-creation error.  A few security setting changes on the original file resulted in the fix.

What I found most useful to learn from the post, was not this technique, but a comment at the end regarding how file properties are handled between "move" and "copy" actions on the same volume:

Looking back I believe that this problem occurred because I used Windows Explorer to “Move” and not “Copy” the csv file into place. I did some more tests to confirm this. When you “Move” a file within the same volume using Windows Explorer, the file permissions are moved with it. When you “Copy” a file using Windows Explorer, it creates a new file that inherits permissions from the target folder. If I had originally performed a “Copy” this problem would have never happened.

Other interesting bits from the comments:

I immediately tried to reproduce this behavior on Windows Vista x64 SP1. I created a folder (c:\temp) with very unique permissions. I used right-click and drag-copied from my desktop to the c:\temp folder window and it did inherit the permissions. However, when I used right-click and drag-moved the same file to to the folder, it also inherited the permissions of the folder. This is at odds with the behavior described by Tony.

I then proceeded to make a very simple C# sample (.NET 3.5) to do the same thing, as a developer asked if the behavior described by the guest was the same for MoveFile() and CopyFile():

...

This sample did reproduce the behavior described by Tony. The file copied.txt did inherit the folder’s permissions, but the file moved.txt kept its original permissions from my Desktop folder.

That didn't make any sense, so I went back and read this blog post and thought about the interpretation of "Windows Explorer". I then used the true-blue Windows Explorer (Windows Key + E) and only moved the file within that window from my Desktop folder to c:\temp. It exhibited the behavior described by Tony and did not inherit the permissions of the folder. Likewise, copying the file only through the Windows Explorer window resulted in the file inheriting the folder's permissions.

So what's going on here? Did the behavior in the Windows shell change at some point? Or are we looking at a bug? Is there a spec for the expected behavior for each scenario, and have these behaviors changed with different releases of Windows (RTMs and Service Packs)? - Joel Peterson

...there is an KB article about the not inherited permissions when moving folders on NTFS Partitions:

http://support.microsoft.com/kb/320246/en-us/

It also states that this behaviour has changed in Vista and Windows 2008.

This sometimes also happens on Win2000/2003 fileservers when Users are moving folders on the same share. To prevent problems I'm using Mark's AccessEnum to make regular checks for permissions that are not inherited correctly within the shares. - WDoser

As mentioned above, Windows API, by default, retains all of the file and folder permissions when you move them from one parent folder to another parent folder on the same NTFS volume. For copy operation and move operations to another volume, the destination file always have a new set of permissions, all inherited from its parents.

The reason is obvious to a developer: When you move a file within a volume, no physical data transfer seems to occur; Apparently, Windows only changes the volume Master File Table so that the intended files and folders belong to a new directory entry. This means that Access Control Lists (ACLs) remain unaltered, so even if your Access Control Entries are acquired from a parent. Now, it is arguable whether or not the inherited permissions should be updated with the new parent or not, and whether there is a bug here or not.

However, during a copy operation, or a move operation to another volume, a physical data transfer from one location of the hard disk to another is inevitable. Therefore, Windows API has to build a new ACL for each file and folder entry. These new entries turn out to have permissions inherited from parent.

As demonstrated by Joel Peterson, .NET Framework has the same behavior as Windows API.

Windows Explorer (Windows Shell) tends to deviate from this behavior. According to Microsoft Knowledge Base:

1. On Windows XP, when Simple File Sharing is enabled (default), Windows Explorer always makes sure that all ACLs are reset. This an intended feature that makes using Standard User Accounts in homes and small-business environments more convenient. Note that this only applies to Windows Explorer and Windows Shell, so file operation behavior of programs like Command Prompt are not affected by Simple File Sharing setting.

2. Windows XP, when Simple File Sharing is disabled (domain default) and on Windows Server 2003, Windows Explorer does not alter file and folder permission. This is meant to be an intended defense-in-depth security feature.

So far I don't know the exact behavior of Windows Vista and Windows Server 2008. The KB article which WDoser introduced indicates that Windows now updates ACEs which are inherited from parent but does not explain whether it is a Windows API behavior or only a Windows Shell behavior. To make matter worse, the Applies To section says this article is applied to all editions of Windows Server 2008 but not Windows Vista. (I think it's time I investigate this matter a bit more.) - S. Mahdi Veradi (MCP)

Got to confess...I almost never use "move" and almost always use "copy" but I have never considered the real difference that makes with file permission security settings, especially between different volumes.

Now Serving: Chef Bill's House Special

I really like reading Bill Pytlovany's "Bits from Bill blog.  While he does post regularly regarding issues and updates for his GSD recommended WinPatrol freeware/$ system monitoring and security product, he also mixes it well with great tips and observations on Windows and life-in-general.

This post was quite timely:  Windows XP SP3, The Good, the Bad and the Ugly

Good: XP SP3 may indeed make some minimal performance improvements.

Bad: Some HP AMD pc's are taking after XP SP3 upgrades. Link to Jesper’s Blog with his solution.

Ugly: See the summary earlier in this post regarding IE and XP SP3

I still haven't gotten around to upgrading Lavie's Compaq laptop that is running XP Home SP2 to XP SP3.  It also has a AMD processor.  I didn't have any problems with the AMD chip in my Shuttle desktop system.  So I am hopeful this one will go well.  Instead of using the full installer, I think I will allow it to flow down via Windows Updates, just for kicks.

--Claus

I'm a fan of Microsoft's Virtual PC 2007.

Sure there are a large number of other virtualization engines out there.  Many are free.

However, for daily use on Windows systems, running Windows operating systems, it works exceedingly well for my needs (except for that annoying lack of USB support).

So I was happy to see noted in at least one bog I follow announcement that Microsoft had released Virtual PC 2007 SP1.

Yeah.  Not that big a deal to most folks.  It basically just adds support for additional Microsoft Guest and Host Operating Systems, most importantly Vista SP1 and XP SP3

Microsoft Download details: VPC 2007 SP1

Download details: Virtual PC 2007 SP1 Release Notes

Additional Guest Operating System support:
Windows Vista® Ultimate Edition with Service Pack 1 (SP1)
Windows Vista® Business Edition with Service Pack 1 (SP1)
Windows Vista® Enterprise Edition with Service Pack 1 (SP1)
Windows Server® 2008 Standard
Windows XP Professional with Service Pack 3

Additional Host Operating System support:
Windows Vista® Ultimate Edition with Service Pack 1 (SP1)
Windows Vista® Business Edition with Service Pack 1 (SP1)
Windows Vista® Enterprise Edition with Service Pack 1 (SP1)
Windows XP Professional with Service Pack 3

And yes, you can still run it just fine on Windows XP Home editions as well as Vista Premium editions.  You will still get a warning notice about it being installed on a "non-supported" OS version during installation, but it will go on just fine. Don't worry too much.  It hasn't bombed out on any of my home systems yet.

Just be sure that none of your Virtual PC sessions are in a "saved" state before updating. The installer warns they might get corrupted after installation. So be sure you have shut them all down "safely" first, then upgrade.

For Linux builds I still highly recommend VirtualBox as my virtual machine of choice. Newly acquired by Sun, xVM VirtualBox 1.6 is a fantastic piece of virtualization software available for free. AND it allows for pass-through USB support, something Microsoft's Virtual PC team still hasn't figured out the value of just yet.

--Claus

Early in February, I went on a bit of a rant when I encountered a "feature" of Firefox 3.

Namely, being prevented by Firefox 3's "Suspicious website checker" mechanism.

• Firefox 3 Security Blocker: Going In Deep - Grand Stream Dreams Blog

The gist of my complaint was that while this feature was great (and can be disabled) the lack of information from Google on the danger of the site, or the ability to go forward at my own peril, was terribly frustrating.

Trying to get information as to the true nature of the threat is vital (to me at least) especially when the forbidden site was/is one I may trust and have previously recommended.

Seems like Google may have gotten the message that more information is sometimes better.

• Google Online Security Blog: Safe Browsing Diagnostic To The Rescue

Now Google will provide a Safe Browsing diagnostic page which "might" provide additional information for threat assessment by including the following information:

What is the current listing status for [the site in question]?
We display the current listing status of a site and also information on how often a site or parts of it were listed in the past.

What happened when Google visited this site?
This section includes information on when we analyzed the page, when it was last malicious, what kind of malware we encountered and so fourth.   To help web masters clean up their site, we also provide information about the sites that were serving malicious software to users and which sites might have served as intermediaries.

Has this site acted as an intermediary resulting in further distribution of malware?
Here we provide information if this site has facilitated the distribution of malicious software in the past. This could be an advertising network or statistics site that accidentally participated in the distribution of malicious software.

Has this site hosted malware?
Here we provide information if the the site has hosted malicious software in the past. We also provide information on the victim sites that initiated the distribution of malicious software.

Information included is for only the past ninety day period.

This page will be able to be accessed from the interstitial warning page a user who clicks the Google-provided link first sees.

Of joy to me personally is word that it will now also be provided within Firefox 3's "additional information" warning page when such an attack-branded website is encountered when this feature is turned on in Firefox 3.

• Updated Firefox 3 "Reported Attack Site" sample page.

New and Improved! Note second button!

Finally for those who wish to learn more about the methods Google uses for these web page security threat-detection sweeps, a link to Google's detailed tech report [pdf] is provided.

I guess it's progress!

--Claus

Kicked back hiding out in the bedroom with the laptop.  Alvis just had her 8th grade senior dance tonight.  She has two of her BFF's over for a post-gala sleep-over.

Too much drama for Dad.  It's a tough thing to see my beautiful baby daughter as a glamorous young woman.  She's doing well at it and as hard as it is, this father is proud of her and wants her to soar...even it leads away from our nest one day.

Alvis's New Colorful Neighbor

I was trimming back our prolific hibiscus bushes this afternoon and was started when a bird flew out of one of them.  They are thick but I reckoned I would have seen a bird up that close.

I figured it was a bold mockingbird that had been shadowing me a few minutes earlier after I had cut the yard and was searching for fresh dining opportunities.

Imagine my surprise when I went to do more pruning and found a well-hidden and crafted bird's nest in the top-third of one of the bushes.

I topped off the tops, but left pretty much of the rest of the bush intact so as not to disturb.

I didn't get a good look at the bird and it was nowhere to be seen.

When I was done, I went into the house and slowly opened up the blinds in Alvis's room.  Her window is on the immediate backside of the hibiscus and less than two feet from the nest. It was a perfect view.

A few minutes later the nest-builder returned.  I caught a glimpse of a brownish-red body, a small crest and a bright orange beak.  Definitely not a mockingbird.

Not being a birder, I did a quick Google search and turned up the new neighbor's identity; a Northern Cardinal female.

This explains much of the fluttering occasionally encountered as we take out the trash and pass the hibiscus bush.  And Alvis's recent complaints about a noisy bird waking her up faithfully each morning around six A.M.  I do have to give this girl with feathers credit.  Although it seems daring to be so close to the ground and accessible, the nest appears well built amongst the branches and is well protected from rain and winds by being so close to our house.  The hibiscus are under the house eaves and quite sheltered from inclement weather.

I haven't been brave enough to get a mirror to check to see if she is nesting on eggs.  We plan on giving her privacy and if we hear a chorus of peeps, we will let everyone know.

Now Updated: Houston

Google Earth's Lat Long Blog announced recently that they have updated imagery in Google Earth, including Houston!

New high resolution:

We have added a significant amount of new satellite imagery in Ecuador, Peru, Senegal, Nigeria, Kenya, Uganda, Tanzania, India, Iran, Bangladesh, Thailand, Vietnam, Malaysia, and The Philippines. Additionally, we have new 2.5m imagery for part of Western Australia

Updated Imagery:
Americas:
- USA: LA, San Diego, Houston, Miami, Chicago and Milwaukee area suburbs, New York City area suburbs, much of coastal New Jersey, and Harney County (Oregon).

Europe, Middle East & Africa:

- England: Isle of Man, Suffolk
- Spain: Madrid
- Portugal: Lisbon, Guimaraes, Porto, Sevilla, Coimbra, Costa del Sol, Costa Blanca
- Italy: Milan
- France: Toulon, Montbeliard
- The Netherlands: Assen
Asia & Oceania:

- Armenia: Yerevan
- Australia: Melbourne, Darwin
Updated Terrain:
- Westport, Ireland
- Hawaii
- Puerto Rico

I love using Google Maps but have found that many-times it takes a while for image updates to Google Earth to appear on Google Maps. However, cross checking some locations finds that they seem to be up to date for the Houston area.  I even found Lavie's car parked outside our home this time. Cool!  Not sure where I was at the time...

I have to confess. I have previously not used Google Earth. But to do the comparisons I had to.  I am pretty impressed.  Very cool and fun to use.  Geography would have been much more enjoyable in college that summer had I had this software.

And the Sky Beyond....

Now Microsoft has recently pulled up a stool to the imaging bar with the release of WorldWide Telescope.

This blends Microsoft's Photosynth imaging management with incredible photos from a wide range of sources into a fun universal journey.

It requires a quick download, DirectX, and .NET 2.0 or greater.  I plopped it onto our Vista laptop tonight and quickly lost about an hour exploring just the thirty-two pages of Hubble images alone.

It is still "beta" so it will be exciting to see where this product is going.  When Alvis and I get some time I can't wait to show her.

It is a fine addition to my growing collection of astronomical software; Stellarium and Celestia.

If you happen to find some stunning images in WorldWide Telescope, Long Zheng has some great tips on how to capture images for posterity and wallpapering: Capturing screenshots from Worldwide Telescope - istartedsomething

Take those 35mm and Digitize Them!

I've mentioned before that Dad and Mom were once pretty accomplished 35mm photography hobbyists.  Growing up I remember weekends where the guest bathroom would be converted into a darkroom with the red-light, pans of developing baths and fixers, and strips of processed negatives hung to dry in the bathtub like strange ladies nylons.

Mom excelled in landscapes and Dad was a macro-photography guru.  Bugs and butterflies were his game.

We did have a few scrap-books, but the majority of those images were preserved in slide format.  Dozens and dozens of slide carousels filled the closets.  Every few months as kids relatives or friends of the parental units would be invited over, the large screen pulled out and up, and the hum of the slide-projector would signal slide-night.  An American Experience repeated no doubt across many a suburb in the sixties and seventies.  Sadly lost now.

Anyway, Dad has mentioned getting back into photography when he begins his second retirement. I set him up with a home pc system with the juice to handle it, and my brother is helping him with a digital camera selection.  We have also discussed converting the tons of slides and strips into digital formats.

Many scanners can accomplish this, but quality ranges pretty wide as they really aren't designed for that format. Task specific scanning tools for slide and film negative scanning have been quite pricey.

So imagine my surprise while reading RetroThing, that I would find a great product endorsement for a reasonably priced slide/negative scanner: The Photo Industry's Little Secret - Retro Thing

Amazon has it for less than $200 so I think I will send an email to Dad to see if he is interested.

So much to see, so much remains...

--Claus

I really don't feel I should even be making a post on this.

However, I just can't help it.

Recently Grisoft made a major update of it's anti-virus product "AVG Free".

The previous version was 7.5.  The new one is 8.0

The old one was free, pretty light on resources, scanned email attachments, did an acceptable job with system-scan speeds, and had a Windows 2000'ish GUI. It was pretty simple to use and configure, effective in protections, and had a knack for coming up with periodic false-positives.  It was highly recommended.  It was loved by masses of geeks and home users.

The new one remains free, is still fairly light on resources, still scans email attachments, does acceptable system-scans, and has a heavily re-worked "Web 2.0" GUI.  Out of the box it remains easy to use, and now is even more configurable. It still is effective in A/V protection and now includes anti-malware protections.  It still generates false-positives, but includes an internal mechanism for submitting to Grisoft Labs for review and correction.  It now is recommended with caveats. It is now scorned by masses of geeks and former home users.

What happened?

How could something so right become the source of such frustration and ire?

This is a difficult question to answer, even for me.

I'm still running it on my home systems.  I haven't tossed it out; yet.  But it is clearly is being abandoned by users who were great fans of AVG Free v7.5.

My first post of AVG v8 was back in March.  I had gotten hands on a beta version and loaded it into a Virtual PC session of XP. Like many, many, many other geeky computer security minds, we were quite shocked to see the inclusion of a toolbar that provided "safe link scanning" and "Surf-Shield".  While this feature does have great benefit with the growing number of malware-laced websites springing up on the net, browser toolbars just grate against the craw of many of us.

My second post on AVG (Free) v8 was in April. It had just been released and with excitement I downloaded it on my Vista system....and quickly felt burned.  There was the toolbar being offered in the setup.  I deselected the option, but it installed anyway. The AVG Security Toolbar showed up. Ughh!  It was deeply embedded in both my IE and Firefox web browsers.  I worked out a way to disable it and the "Link Scanner" component.  However, that uglified the AVG system tray icon leaving it in an error state.  Otherwise, I was OK with the look and performance of AVG Free v8.

My third post on AVG (Free) v8 came quickly on the heels of that previous post.  A wonderful commenter dropped a tip on how to install AVG without the Link Scanner component. Worked perfectly! Only, see, you have to run the setup file from a command-prompt using some special arguments.  Not something the average home user is going to feel up to doing. And geeky AVG fans are now put off having to jump through hoops just to get their favorite AV application slimmed down.  I took a closer look at the advanced options and really liked what I found. Much more degree of control and tweaking.  Lots to like.

On my systems it has run very well once I took off Link Scanner/SafeSearch/SafeSurf features.

Email still scanning well.

Anti-malware scans are appreciated; however the PUP's are pretty aggressive and have been triggered on a number of my trusted sysadmin utilities.

A/V scans are fine.  Yep. Still finding about one false-positive every week or two.  I have tried to send to Grisoft Labs using the internal submission mechanism, but it appears either my HIPS program, my firewall, or a configuration problem between AVG Free and my email client is preventing them from leaving my PC.  Will need more time to troubleshoot.  Something I don't mind doing, but I shouldn't have to and something most home-users will scream about (rightly so).

Updates are automatic and fast.

Can I Have a Comment Please?

What has amazed me is that these posts have generated an unexpected amount of comments; seeming evenly divided between tips by hard-core users who like me, soldier on getting AVG Free v8 back to the usable state we prefer and those who are fed up with it. I appreciate all of them.

I move my notebook between home and work networks, which have different IP ranges. When I moved the notebook with AVG8 freshly installed to the other location my network was completely dead. No ping, no IP, no DNS, nothing. So I removed it.
AVG tech support, when I complained, had the gall to ask if AVG 8 was "still installed" - I said no, since it makes it impossible to use the computer, and I'd said I uninstalled it.
Anyway, I'm not sure if it was a one-off problem or a generic issue, but you might take a look at what happens if you connect your notebook to a different subnet.
As for myself, I dumped the last 9 months of a 2-user subscription and moved to NOD32... -- Gary Berg

Just upgraded to AVG 8 on XP, and found it made Firefox (2.0.0.14) hang. I disabled the AVT add-on to firefox as you describe, leaving the link scanner enabled in the AVG settings, and now AVG is happy and the scanner doesn't run in firefox. -- Shad Sterling

...likewise for me upgrading to AVG 8 on XP, has made my Firefox (2.0.0.14) hang too. problem was fixed once AVT add-on was disable as mentioned. -- Jacques

It is too bad how they force feed the LinkScanner bar install and while the instructions you provided are indeed clear, most users will be scared off trying it. To make matters worse they then make its removal darn near impossible to either find and execute, opting for the extra $$ for each install. This has been a matter of contention on several forums, COU and mine as well as others. As good a review as you give it, I'll still steer users away from it based on the forced toolbar install. Companies going for the easy money as they've done don't deserve ME pointing users to it. -- TeMerc

...upgrading to V8 from V7.5 seems to be a problem causing downgrade.
Under V7.5 I had a system that seemed to scan Thunderbird emails and had a taskbar icon that changed whenever a virus update failed, now it says the Thunderbird email scanner is not working and the taskbar icon is always showing an error even when the virus defs have updated. -- greenbandit

I've noticed one more problem I think you haven't addressed here. In the previous versions of AVG, whenever you requested a scan from the shell extension, a small window would open and resolve the whole matter in and of itself -- scanning, informing, self-imploding and all. Now, I don't seem to be able to stop the whole freaking AVG window to come up every time I call for a shell scan in just a one file. Absolutely incomprehensible, isn't it? You call for a shell extension scan and it turns into a full window scan. So why bother with a shell extension?? -- RSeabrea

I had been a happy AVG Free + Thunderbird user. When I upgraded to 8.0, AVG found a virus in an email attachment, and then deleted the entire email folder - not just the attachment or just the one message. To make it worse, it is completely deleted, ie not in the virus vault. -- Anonymous

AVG 8 would have to be the biggest, bloated POS since Windows ME.
.... Link scanner? who made them the defacto net nanny of anyone who installs this.
Good one Grisoft. How to piss off 70 million users with one program. - Anonymous

Being on a capped plan, I watch my downloads closely. After installing AVG Free 8.0, I noticed that my downloads had increased quite a bit, and I suspected that Safe Search was the culprit. My suspicion stems from the fact that while SafeSearch is working out the safety rating for each link, my download indicator keeps flashing, which it never did as much with the previous version. -- Albert

I cannot use avg 8.x because it won't allow my RAMdisk. - DonH

It destroyed my RAMdrive, corrupted my Registry, disabled my OEM Recovery Wizard, and did something that prevents me from successfully reloading the 7.5 version I had used previously. Shows ERROR in system tray unless all bloatware is enabled. Downloads bloatware updates even if disabled. AVG 8.x *IS* a virus. - Anonymous

one thing i've found is that safe search slows down browsing considerably,even accessing my router/modems configuration pages is noticably slower. disabling it returns browsing to normal speed. -- Doug

I think they (Grisoft) have missed the whole point about "User Friendly". I wrote them several days ago about 8.0 making my RAM drive "unavailable" and changing my Registry so 7.5 cannot be reloaded no matter WHAT I do, and making "unavailable" all my OEM Recovery Backups prior to installing 8.0 as well. They apparently could care less. ... I just spent 2-3 man DAYS trying to undo what their 8.0 did to my computer in less than a minute. I'm done with them. - DonH.

Why do AVG include the link scanner component for firefox and IE when both already have things like anti-phishing protection anyway? E.G. Firefox either downloads a distributed DB from google in the background or sends every link clicked to google for comparison with their DB. Strange. Have I missed the point somewhere? -- Zapf

Wonderfully useful tips have included the following contributions:

The LinkScanner and Firefox add-on were bugging me too. Check out http://free.grisoft.com/ww.faq.num-1241 and open 1338 which details the switches to run the installer with to not install the crappy components. -- Anonymous

a few other switches:, TSCC_DLG_DISABLED, CURRENT_ONLY, ON_RESTART_UNINSTALL, NOAVGTOOLBAR, PROGRESSONLY, UPDATE_SERVER, NO_VC_REDIST, DONT_REPAIR_FILES, KILL_PROCESS_IF_NEEDED, NO_AVGW_STARTUP, NO_CC_STARTUP, DONT_START_APPS, USER_ENUM_MODE, QUIT_IF_INSTALLED, REMOTE_LOGIN_AS, REMOTE_INSTALL_TYPE, REMOTE_SETUP_PACKAGE, OLD_TARGET_DIR, REMOVE_FEATURE, REMOVE_FILTER, MACHINE_LIST, SKIP_ROLLBACK, RESTART_IF_NEEDED, UNINSTALL_OLD. -- Pavel

choosing Custom during the installation process, you can choos if you want the toolbars and other stuff. All without touching the "Run" box. - marontiveros

If anyone gets annoyed with that "Did You Know?" pop-up that appears at the bottom of the AVG 8.0 User Interface, there's a way to get rid of it here (from "toastycheese678"). Basically just remove the \Program Files\AVG\AVG8\avgmwdef_us.mht file.-- Zapf

Zapf's comment links to a great series of steps worked out by "tastycheese678" that covers not installing the toolbar, as well as SafeSurf/SafeSearch which we have covered here.  It also shows how to do a priority AVG silent update, the config file for AVG, and removal of the annoying "Did You Know" notifications.

Speculations

I have several thoughts on why Grisoft went this way.

• They saw the ongoing trend of home pc security companies to bundle every feature they can consider into a single product for "ease of use."  This probably makes them feel more "competitive" against each other.  When lined up feature by feature, these suites look pretty good.  However, they tend to add "bloat" and feature-creep.  Grisoft and others forget that many fans like their products because they are simple, light and feature limited to begin with.

• Many home pc users are not very sophisticated.  Many don't have a clue about CPU utilization rates, process threads, and memory threads.  They don't know what HIP's methodology is, and the discussion about which provides better protection, signature-based AV protection or heuristics-based scanning (I like a combo). So pc security vendors toss it all in there, appearing to provide a "more-secure" product.

• Providing a feature-rich security product might entice home users to make the jump from a free product version to an even more feature-rich paid product.  Many A/V vendors who offer "free" A/V" products have a hard-time converting these users into paying customers.  This is unfortunate, but at the same time, they do a great and honorable public service by keeping many user's who wouldn't otherwise pay for A/V protection safe (along with the rest of us).

• Looks are important in marketing.  A clean and beautiful graphical user interface (GUI) may attract more customers than a geeky (but "easier" to access) techy interface which may confuse non-technical users. See: "The Dumbing Down of America - John C. Dvorak"

• Despite the almost universal description seen on software vendor's product description pages "Compatible with Windows XP and Windows Vista" there are very few computers that are in an almost pristine "post-OS setup" state with sufficient free RAM and hard-drive space.  My Windows computer systems at home and work are in truth Frankenstein'ish monstrosities of complicated drivers, multitudes of sub-system and kernel-level processes, a hodge-podge of applications and utilities all working hard to do their own thing irregardless of anything and anyone else; sometimes including the user! Add in specialized virtualization software and applications and introducing a hard-core application whose primary task is to be a security enforcer for the system, and there is a very good chance there will be a fight the likes of which have only been seen in Wild-West-Westerns when John Wayne deals with surly drunk range-hands.  (Care to have a BSOD with that whisky, Mr.?)  In all fairness to Grisoft, it is impossible for them to make sure their application works perfectly in all possible conditions that exist for all potential (and former-version) users.  It just can't happen!

Am I defending Grisoft?  Not really.  Just trying to take a step back from the fray.

I hope they continue to tweak and adjust AVG Free v8 as it continues to mature.  Grisoft is a mature company and I have few doubts they spent many a long night in development and planning, working out just which features to include. 

I really want to believe the changes were sincerely made by Grisoft for what they thought was best, and there will only be a temporary disconnect between the AVG Free v7.5 we all loved and appreciated, and the new AVG Free v8 that we want to admire, but is still shockingly alien and exotic.

Might end up making a great love affair, or being carted off by the Men in Black to Area 51; never to be seen again.  Jury is still out.

Alternatives? You've still Got' Em!

So what about the folks who don't enjoy the pain and frustration that I (and a few others) do of tweaking AVG Free till it finally bends to our will, becoming a beautiful example of software bonsai?

Dump it.  Go get another free A/V program.

There remain a number of them that are pretty good (though each limited in their own way).

AntiVir PersonalEdition

Avast! 4 Home Edition

BitDefender 10 Free Edition

ClamWin Free Antivirus

Comodo Antivirus 2 (beta)

PC Tools AntiVirus Free Edition

Dr.Web CureIt!® Utility Version 4.44

In addition, there are a wealth of vendors who make quality "free-to-try, but $ to keep" anti-virus products.

Find a good source to compare efficacy: Most Effective Antivirus Tools Against New Malware Binaries - MTC Rankings, AV-comparatives.org, or the ISCSA Certified Anti-Virus Product page.

For now I'm sticking with AVG Free v8.

But I'll be keeping an open mind....and an eye on the options....

--Claus

Disclaimer: I am a Comcast home-broadband customer.

The Story

Seen this story yet?

Comcast Considering 250GB Cap, Overage Fees - dslreports.com

The gist of the story is that Comcast may be close to imposing monthly data-download caps. Possibly around the 250 GB a month level.  Folks who exceed it could be charged $15 for every 10 GB they hit past the monthly level.  According to the post, it would only impact some 14,000 users out of Comcast's estimated 14.1 million users. Do the math.

According to my math, dividing 250 GB into a 30-day month, results in a daily download threshold of about just over 8 GB of data per day.

The Question

So the big question I have as a Comcast user is this: Should I be worried?

I do download ISO files for live Linux CD's from time to time, as well as some Microsoft Virtual PC sets.

I also download a fair-amount of freeware utilities and software. It's a terrible hobby of mine.

I personally am not that much into video downloads very much. Sure, I hit the occasional YouTube viral video, or watch some Microsoft TechNet training videos.

The girls occasionally watch a broadcast TV show they missed, mostly from ABC; Ugly Betty or Lost usually.

Some nights when I am on a really long blogging kick or am folding laundry early into the morning I might listen to some streaming music.  But not too often.

I do spend a number of hours,especially on weekends, doing web surfing and looking for new and useful utilities. However, static web pages generally don't really use GB's of download traffic.

However, it doesn't seem to me that we could really consume a full 8 GB of data, per day, every day, all month long.  There are quite a few days that go by when the computers at home don't get turned on at all.

So based on my non-scientific thoughts, our usage pattern shouldn't reach the cap.

Monitoring

I suppose the best thing to do would be to actually install and run a network bandwidth meter on our systems.  That way I could get a great idea of how much we really use.

So, I went looking for any freeware utilities that might be worth running for a while to help with network usage logging and monitoring.  Here is what I found.

(Listed in my personal order of preference and recommendation.)

NetMeter 1.1.3 - (freeware) - Really sharp and customizable graph showing upload and download rates. Make it as big or small as you want. Select individual or all network interfaces for monitoring...handy if you use both wired and wireless adapters at the same time.  Transparency supported along with font/colors of your choice.  Autosaving of log files. Custom configuration of when month period starts as well as first weekday. Nice little system tray icon.  Option to set to load at startup. However, the real "meat" of this program is the Totals and Reports. This feature shows how much data was transferred today, this week, this month, and overall.  Based on collected data, it has a tab to show data upload/download projections for future usage. Cool! Finally, you can view daily/weekly/monthly reports in table format. These can be imported and exported. Simply awesome!  If you are looking for one tool above all others to help you log and monitor your network data usage, this might just be it. Simple, beautiful, and well designed. The best.

MiTeC Network Meter - (freeware) - Download, unzip, and run. Single .exe file. Pick one or more network adapters as found on your system. Not very sophisticated, but simple to read. Shows the upload and download totals for data for the session. Doesn't save or log the results, so not a good solution for ongoing or regular usage monitoring.  At least it is pretty and tiny for very session-specific monitoring events.

SpeedApps Cyber Bandwidth Monitor - (freeware) - This utility displays a little graph of upload/download rates and data volume. It is resizable.  There are some additional tools that are included, but the most useful component here is the "summary log."  It will display the daily, weekly, or monthly totals for usage.  So in theory, just add this to your startup group and it should log the running totals.  It looks like it is still in development as other features don't fully work yet.

CCSchmidt's Interface Traffic Indicator - (freeware) - Clever tool but requires a bit of networking knowledge to get up and going. Allows you to measure inbound/outbound traffic though an interface that is SNMP-capable.  So you should be able to monitor and log traffic on an individual computer or on a network router.

MISPBO Network Monitor - (freeware) - Very simple and basic network adapter monitor. Download, unzip and run.  No fancy and technicolor  GUI here. It's all black and white here.  Displays the start time, the duration, the adapter MAC address and IP. and the speed.  Shows traffic usage totals for in/out in terms of rate, peaks, average, and totals.  Again, no data saving or logging support.

Other Tools

CurrPorts - (freeware) - This tool won't tell you how much traffic you are generating, but it will show what is chattering away on the network.  See also Robin Keir's great tool VStat.

AdapterWatch - (freeware) - Another Nirsoft tool to show you details on local adapters. Will also provide very detailed statistics on TCP/UDP, IP, and ICMP. You can generate reports, and it will show ongoing usage totals since program launch, but it really isn't a "logging" tool.

Show Traffic - (freeware) - Interesting little program to display and monitor network traffic on a selected local adapter.  Used to find suspicious network traffic and peer into what is using the adapter.

So, since I started this post about an hour or so ago, how much data did I download while surfing, researching, file downloading, etc.?

According to NetMeter, just over 25 MB of data.

I'm not worried, yet.

--Claus