Sunday, July 30, 2006

Oh Those Otaku!

"Otaku" is a term for fans obsessed (in varying degrees) with anime and manga. Otaku can be males or females. I proudly consider myself an Otaku. Otaku - Wikipedia (though not an extreme fan like those poor Kimiko Nanasawa recently faced....)

A recent study in Japan of Japanese otaku found five types of otaku:

Type 1: The family-oriented otaku. (Place me here!)

Type 2: The "leaving my own mark on the world" otaku.

Type 3: The media-sensitive multiple interest otaku.

Type 4: The outgoing and assertive otaku.

Type 5: The fan magazine-obsessed otaku.

I would wonder how well these categories translate to those otaku here in the States.

Otaku odds and ends...

Moe - Wikipedia - relates to fans and anime characters.

Meganekko - Wikipedia - eyeglass wearing girls in anime and manga. (For more on how eyeglass wearing is seen as an attractive characteristic in Japan--see Mari's fascinating diary post Eyeglasses fetish

The ultimate otaku story? That may well be Densha Otoko (Train Man). A possibly true story of a Japanese otaku who stands up and defends a beautiful passenger on a commuter train who is being harassed by a drunkard. Ultimately they begin dating, dispite his "geekiness" and her almost unapproachable beauty.

--Claus

Free Blog Posting Tools

First, some "Grand Steam Dreams" blog miscellania.

I have added a new section at the bottom of the left-hand column titled "Claus's PC Toolbox."

My intent is to put links here to some of my posts that I am constantly coming back to for reference and link access.

I will probably end up making a couple seperate posts in the near future that index particular types of software/etc. Although one of the golden rules of blogging is to not go back and re-edit your previous posts' content, I think I will make these "index" type posts so I can add/remove software linkage to them at will.

Blog Posting Tools and Resources

While working on this side project, for some reason, I began to wonder what limits Blogger puts on its free accounts; might I be in danger of hitting a posting ceiling? I quickly found the following key information What are the limits on my Blogger account?

Blog number = unlimited

Post numbers = unlimited

Post size = mostly unlimited

Page size = 1 MB size limit (refers to the main or archive page(s) displayed)

Comment numbers = unlimited

Post pictures = 300MB total limit.

I suppose the thing that concerned me most (although I fully understand the reason) was the image limit. I don't know of a good way to easily find out how close one is to hitting that limit. I guess the best advise would be to try and use small pictures or have them hosted on another location then cross-link to them on Blogger if you are concerned.

As a workaround, once that limit is hit, I suppose you can easily just create a new blog in Blogger under your primary account and use that to upload a whole new set of pictures. Then cross-link the pictures in your primary blog over to that one.

The best solution would be to pay for your own personal blog hosting. This way you get your own domain-name and much better control over storage limits on content. Paul Stamatiou has a great guide on getting this set up. WordPress also offers a great server-end blogging platform. Their setup guides offers great tutorials as well.

Online Journalism Review has a fantastic side-by-side comparison table of the major players of blog software: Blog software comparison chart

I'm not quite ready yet to take my blogging experience to that next step--but the day is probably coming.

Lifehacker has posted the results of a survey they conducted on their reader's most favored desktop blog editors. I personally use Performancing for Firefox (which came in number one). There are still some rough edges, though. And I would really like to eventually use a standalone editor. I've tried using some HTML editors but that is just kinda clunky.

What I end up doing is composing in Performancing, then copy the HTML code into Blogger's on-line editor, do some tweaking, then post. My biggest issue is that the Performancing color code isn't the same format used by Blogger and some things get kooky when adding text-formatting in Performancing first.

The Software List

I went searching for (free) alternatives, and did find the following blog editors (some more known than others will be):

Performancing for Firefox - (free) My primary blog editing application. You can also incorporate an additional extension (Spellbound) for "live"spell checking.

w.blogger - (free) I really like this one, except for the fact that it uses ActiveX and isn't quite a "standalone" application by itself. It interfaces with either IE or Firefox. That isn't bad, but I would prefer it to be it's own application.

Bleezer - (free) Still being developed, but I like the fact that it doesn't require "installation" and could potentially run off a USB stick for portability.

BlogDesk - (free) simple blogging client. Basic GUI but it has all the required elements. Well worth considering.

Chronicle Lite - (free) Quite polished. My issue here is that it requires you to log into your blog account to begin. I'd like my blog editor to allow me to just compose and save blog posts locally without any connection to my blog, or log on when I want to for posting--like Performancing allows.

RocketPost - ($/free) is another often-recommended blog posting tool. The $ version supports unlimited blogs, while the free (basic) version supports one blog on Blogger. I downloaded and tried the Basic version. It was very polished and cool. I had to uninstall it, however, as it rendered my Logitech trackball mouse almost unusable. While Rocketpost was running, my mouse tracking speed crawled to a turtle's pace. When the program was closed out, tracking returned to normal. I will try it out on Lavie's laptop to see if it works better with the mouse tracking there.

Qumana - (free) WYSIWYG blog editor. Allows you to embed commercial ad-links into your pages--if that's the sort of thing you're into with your blog.

Zoundry - (free) Also allows you to embed commercial ad-links into your pages--again, if that's the sort of thing you're into with your blog.

Flock - (free) Integrated web-browser (mozilla based), social networking and blogging tool. Lots of features.

Visit Weblogs Compendium for an extensive list of additional blogging tools (server and client side based). This is a really good listing.

Also plan a visit to ProBlogger's A-Z of Professional Blogging index. Lots of tools and resources here for bloggers.

See you in the skies,
--Claus

Friday, July 28, 2006

Protecting Windows Processes


In our on-going review of ways you can guard your system from rouge attacks, inside and out, let's focus now on protecting Windows system processes.

The idea behind these kind of attacks is that by gaining control of a trusted application/process, an attacker can attempt to slip by standard security protections and let their activity walk out the door in plain sight.

Think of it as kind of like social-engineering the operating system. A thief opens up a whole into a bank via the next-door building's basement. Once inside they have a number of things they can do. If he gets into the bank president's office, he can issue commands behind the closed door to the bank employees without anyone catching on. Or, if he can grab the cash, change into a security guard or trusted employee's uniform and walk right out the door.

Process guard applications act like independent auditors. They are constantly checking to see if something is authenticated to be allowed to happen and alerting the user to breach attempts.

Now, most users will find it a rare need to install these types of applications on their computers for an ongoing basis. I don't run any of these on my own systems. however, they are good for doing test-bed and malware research to see what is going on, but (hopefully) if you are making wise choices in computing, you shouldn't normally need this level of security.

However, if you want one more level of protection, there are some very good programs out there that will monitor and protect your Windows processes.

Monitoring Windows Processes:

There are a lot of sotware solutions to allow you to quickly get a glimpse of what is happening "real-time" on your system.

NirSoft offers a ton of freeware utilities--all of which should probably be somewhere on every sysadmin and techie's USB stick.

Nirsoft highlights:

CurrPorts: TCP/IP Connections Viewer - list all open TCP/UDP ports on your pc
AdapterWatch - find out various info on your network card
ShellExView - view/modify shell extensions installed on your pc
SysExporter - copy text data from almost all window displays on your system
ActiveXHelper - got ActiveX on your system? Manage it with this tool
RegScanner (Registry Scanner) - specialized registry search tool
ProduKey - Recover Office/Windows CD-Key - grab certain Microsoft product keys off your system for audits.

SysInternals has always been offering up a slew of top-drawer system utilities for free. Mark Russinovich recently announced that Microsoft gobbled up Sysinternals. This may be a brilliant move by Microsoft. The tools are still offered (for the time-being) but you might be wise to keep the latest versions downloaded in case the site/support ends suddenly.

Mark's Sysinternals' Creme de-la-Creme

Diskmon v2.01 - log and display all hard drive activity
Filemon v7.03 - shows/filters file system activity, real-time
Autoruns v8.53 - shows and allows enable/disable/removal/backup of system auto-run items
Process Explorer v10.2 - display active processes and their threads
RootkitRevealer v1.7 - scans for system rootkit and specially hidden files
Tokenmon v1.01 - display and monitor system file/rights related activity
TCPView v2.4 - monitor all open TCP/UDP ports on your pc
TDIMon v1.01 - monitor all open TCP/UDP ports on your pc
Portmon v3.02 - display, monitor and filter all parallel and serial port activity on your system
BgInfo v4.07 - displays customizable system info on your desktop at boot.

Windows Process Guard Software

TruPrevent Personal 2005 - Panda Software - ($) This program provides anti-virus/trojan type protection by monitoring the running/executing of programs and attempts to find malicious code and activity, blocking the action and alerting the user. It is being incorporated into Panda's security suite software. More information at PC Flank's review.

Prevex1 - ($) This software solution takes a slightly different method. Once the free software is downloaded, it runs a scan on your system looking and cataloging executable files. Once done, it then compares the list against a community maintained database and flags any hostile applications found. You can also set custom rules and actions. Take a well documented tour of Prevex1. The program is free to use to monitor your system. Pay for system cleaning after first 28 days once an infection is found.

ProcessGuard - DiamondCS - ($) If I did have to have one of these class of programs on my system, this would be it. ProcessGuard monitors your system and alerts the user to any processes attempting to run on your system. You then set rules to allow or block the activity. It's similar in concept to how a firewall will challenge Internet activity and prompt the user to allow/block. This application will work to keep processes (known and hidden) from slipping by the user without their knowledge. More info here.

Anti-Hook 2.5 - InfoProcess - (free) This program applies Host Intrustion Prevention System (HIPS) techniques to lock down your system. It gives kernel mode protection and blocks and alerts the user to suspicious activity attempting to hook into trusted system level processes and hijack them for malicious purposes. The website mentions a program registration problem in the current version 2.5 on XP Home OS. No word if it has actually been resolved yet.

DefenseWall HIPS - ($) - Another HIPS model protection application.

AppDefend - Ghost Security - ($) - Process based application monitoring program.

RegDefend - Ghost Security - ($) - Process based registry monitoring program. Alerts user before registry changes are made.

WinPatrol Free / WinPatrol Plus - (free / $) - A multi-element utility, WinPatrol's "Scotty dog" monitors various elements on your system, including the autorun group, IE plugins, cookies, hidden files, scheduled tasks, Windows services, displays active processes, and file type associations. It will give a user alert when critical changes are made to your system. Cute, free and useful.

For system administrators looking to enforce policy control of application installation and execution on systems--and maybe not utilizing Active Directory, Faronics provides some interesting small office/enterprise level software solutions including Anti-Executable and Deep Freeze.

Bonus Find: Portable Ethereal

I found a link the other day to a portable version of Ethereal. As you know, the packet capture program Ethereal is now being developed under the name Wireshark. However, it usually requires the need to be fully installed on a system. This version has been optimized to run in a portable manner so you can carry it on your USB stick and use on most all XP/2000 systems. Handy!

See you in the skies,
--Claus

Sunday, July 23, 2006

Wizard's Kid-Safe PCLinuxOS - Alvis Recommended!

As I mentioned in yesterday's post, Alvis and I had been trying to find a newer version of Linux to fit her needs.

The version of MEPIS I was using was old, and doing a full system update on-line was too challenging for my patience at this point.

First, I dropped by FrozenTech's Live CD List to look at some possibilities.

SLAX

SLAX is always highly ranked. It is a small Linux distribution that can be quickly expanded with additional applications. The interface is clean and pretty simple. Seemed like a winner.

The iso download took only a few minutes and soon I had burned a copy to cd and Alvis and I were trying it out. Alvis liked the interface, but the live distro is pretty stripped down. In order to get more programs, we have to either install them individually or download "modules" from SLAX. Not at all a deal-breaker, but a bit more work that we were looking for initially. I plan on setting up a version of this and working with the modules in a virtual machine environment to really give it a fair shake. The modules are really well packed with applications so I can understand the popularity. SLAX 5.1.7 RC1 Screenshots

MEPIS

Next we moved on to MEPIS. Alvis has been running an earlier version of this distro installed to her hard-drive. I didn't have many changes to make from the original package. I just added the latest version of Firefox and we changed to a custom desktop. That's been it and she has been very happy overall with it. It is jam-packed with application content and highly polished.

I saw that MEPIS now is releasing v 6.0 which is based on Ubuntu. I began that download. It took quite a while to pull that iso down. It booted fine on Alvis's pc but it just seemed to have a different feel than before. It looks pretty much the same, it acts pretty much the same. Maybe it was one of those "New Coke vs. Classic Coke" formulations. I'm not sure. Alvis wasn't very impressed. It could have also had something to do with the fact it picked up the monitor resolution at 800x600 instead of being at 1024x798. (Yes, I know that can be changed....) Regardless, Alvis bailed on me quickly so I took that as a bad sign. SimplyMEPIS 6.0 Beta 5 Screenshots

Wizard's Kid-Safe LiveCD (customized PCLinuxOS .93 MiniMe)

Somehow while clicking around the Linux OS sites while waiting for the MEPIS download I had come across mention of "Wizards Kid-Safe LiveCD based on PCLinuxOS".

I found an intriguing online review of it with screenshots. I had heard of PCLinuxOS before, but never downloaded a copy to play with. This new "Kid-Safe" build sounded intriguing.

It is based on the PCLinuxOS .93 MiniME version. Then the developer jam-packed the base version with tons of board, arcade, strategy games, science and language applications, some graphics toys--all kinds of kid-useful applications. Also, it boots to a HTML page with kid-friendly websites just a click away. Finally, the distro has been configured to auto-run Dan's Guardian and squid which are safe-web content filtering apps. Several attempts by Alvis to browse some ads looking for turtles rendered page-load rejections.

And it has an independent kitty (neco) icon that runs around on the desktop acting silly. Alvis was sold. So was I as it picked up all the hardware on Alvis's pc and set the monitor to 1024x798.

In addition to the default "kidsafe" user account, the system also comes with a root and guest account as well. These boot the system into the normal PCLinuxOS environment, but with access to all the games and such and without the content/proxy filtering.

We had a winner. Wizard's Kid-Safe LiveCD.

Next task...installing to the hard-drive.

Because this distro is based on PCLinuxOS, it comes with a great install to hard-drive utility. I had to get into the root account to access it. That took a bit of frustrating work.

Normally, most distros have the root password account set to "root" which the user then is able to change to a more secure password of their choice. Unfortunately, that password didn't work with Kid-Safe. I spent about 30 minutes Googling and retesting with no luck. Finally, I paid attention to the command messages during the lilo boot load and found the root password for Wizard's Kid-Safe clearly listed there and it wasn't "root". Hmmm. I wrote it down and tried it and it worked.

PCLinuxOS utilizes a really nice hard-drive installation wizard. Their New User Guide documentation on using the distro is also top-notch. Because this hard-drive was already partitioned for Linux under MEPIS, I could skip that part. The rest of the parts such as assigning the partitions and swap device section, adding a home device, and setting up the bootloader were not a big deal to me, but newer users will find the guide a useful read before embarking. When done, the system prompts to set up additional accounts and make account password changes.

The installation of the system to the hard-drive took one hour. That seems long to me, but as it is an old system I can't complain too much. And it worked with no issues at all. I like that! The only thing I still need to do is download and install gtkpod so Alvis can play her iPod Shuffle.

In the end, we set Alvis up under a more full-featured "Guest" account instead of the "Kid-Safe" one. This utilizes the full PCLinuxOS MiniME desktop environment. We monitor her pc usage pretty much and she has gotten sophisticated enough that the web-filter/proxy was too frustrating for her to use, and I didn't feel like modifying the program. I also want her to have access to the full system so she can experiment and play with it so she will be familiar with Linux at an early age. If it breaks too bad, we will just reload the system again.

And the result? Alvis hasn't been on Lavie's laptop or our desktop system all weekend long. She loves it.

Wizard's Kid-Safe CD Mainpage
Kid-Safe PCLinuxOS Screenshots (v.10b)
PCLinuxOS 0.93 MiniME Screenshots

Wizard's Kid-Safe LiveCD (PCLinuxOS .93 MiniME) -- Valca Recommended!

If you have small/mid-tower children (of your own or relatives) who love to play on the pc, but you worry about them harming your installed system, I strongly recommend trying out this LiveCD. It should run on most systems with no issues. When the kiddo's come to visit or want to play on grandmom's/granddad's pc, just pop the cd in, log into the kidsafe desktop and let them have free reign. The LiveCD prevents hard-disk writing, protects them during web-surfing, and gives them a wide range of educational and game applications to entertain them with.

See you in the skies,
--Claus

Saturday, July 22, 2006

Sickly Saturday

Lavie's been sick since Wednesday.

It looks like she has a stomach-virus. She's taking some trans-dermal phenegan, and I just made another run to the grocery store for ice-pops, Capri-Sun, Jello, etc. She has to get feeling better because I'm planning on making blueberry muffins (from a box...) for tomorrow morning.

What's even worse is that she hasn't been able to take any of her regular meds. for several days since she is afraid of loosing them. She really needs them to help manage her fibromyalgia. Not only is she sick and weak, she is also deeply sore and miserable on top of the viral aches and pains.

I'm saving up a big rant posting on that thing called (tentatively) "Fibromyalgia Sucks".

So today it is just more bed-rest for Lavie and Claus's spousal tenderness and nursing.

In between bed-care, I plan on sitting down with Alvis at her pc and picking out a new Linux distro to put on her pc.

She is using a very old version of SimplyMEPIS but all attempts at getting it to recognize her iPod Shuffle have failed.

I am going to try the latest Ubuntu-based version of SimplyMEPIS (v6.0) along with SLAX and PCLinuxOS (kid-version).

I'll give you some links and screen shots and results later today.

Oh yeah, I have a little "Last Exile" image download project I'm working on as well. I ended up snagging 6 new Firefox extensions. I'll detail those out later as well.

Hope to see you in clearing skies,
--Claus

Friday, July 21, 2006

Effective Shark Strike!

(Wire)Shark strike that is....

Noticed while loading my blog page that the blogpage was referencing a cross-link to the x.phoenix-dns.com server.

That didn't sound like any link I had ever coded into the page, so I was instantly concerned that maybe someone-somehow-dropped the code in or was attempting to hijack something.

Claus had a mystery!

(Wire)Shark bite #1

First thing I did was to examine my blog template code. Nope, no references to it there. I then checked the page code on a loaded page. Nope. Hmm.

I Googled it, and found some things that that suggested complaints of it being a spam-source. Not a good sign. I was getting suspicious now as my gmail account has been getting hit harder with more spam lately. (It has caught it all, but I was curious as to the sudden increase...)

Since it wasn't going to be an easy solution, I brought out the big-fish: Wireshark. This is a network protocol analysis tool. I fired it up so I could start a packet-capture loading my blog page. This way I hoped I could find out what was calling to that site.

With Wireshark running packet captures, I dumped my browser cache and reloaded the web-page. Once loaded I stopped the packet capture and started picking through the code.

I ran a quick packet search of the packet byte string values looking for x.phoenix-dns Bingo! I found a number of them. Examining the packet text data I found that it was related to requests of a graphic hyperlink to www.erisfree.com.

ErisFree was the website where I was able to generate the basic code for this blog-template I am using right now. That seemed fine. But when I went to the web-page--there is an account-suspended message!

Mystery solved!

The template HTML code was calling to display the ErisFree logo off the server that site was hosted on. Since the account is suspended, it was generating the calls to the x.phoenix-dns site to get instructions. That cross-site chatter is what I was seeing in my browser's status bar.

I edited the impacted references code out of my template and problem is solved.

Now maybe you can see why having a network protocol analysis program could be useful for bloggers!

And x.phoenix-net is off the hook as a source of any of my suspicions--just a simple cross-linking call going on.

(Wire)Shark bite #2

While looking into my template code, I found where my gmail address was actually coded into my page. I had missed that! That's probably where the spam-bots were harvesting my email address from. I pulled it out as well.

If you need to email me it's (this blog title as one word)@gmail.com

I hope that tweak cuts down the spam.

(Wire)Shark bite #3

I also noticed this blog's HTML "Keywords" meta tag code was filled with useful stuff for ErisFree (as examples) but not conducive for Grand Stream Dream's overall purpose. The Keywords coding allows search engines to better associate your site with web-searches. I fixed that up as well with some better word associations.

(Wire)Shark bite #4

That stupid copyright symbol I have at the bottom of the right column never displayed correctly. I found the correct HTML code on-line and fixed that also.

See what happens when you feed a shark?

--Claus

Lego Links (plus More)

Here are some fun Lego Links I came across:

Top 10 Strangest Lego Creations - via Look At This

Han Solo in Carbonite

Lego Difference Engine

Build your own USB Lego stick

The Unofficial LEGO Builder's Guide Blog

Harry S. Truman AircraftCarrier in Minifig Size - WOW! Be sure to click through all the pages of this thing...use the "Next" link at the bottom right corner of the pictures--they get better on each page.

Monty Python's Holy Grail done up in Lego style.

Eric Harshbarger's LEGO pages

Other things to see (non-Lego)

More Abandoned Places and Things

The Thames Estuary Army Forts

Modern Ruins and Urban Exploration

Voyage to Utopia and the City Obscure - crazy well done graphic artwork.

Obscures Cities / Cities of the Fantastic - Yes, the site is in French. Just explore and click around. You are sure to find some gems.

--Claus

GSD's New Favicon!

Since I have been playing with icons so much lately, I finally decided to do something about making a favicon for the "Grand Stream Dreams" blog.

If you are not familiar with what I am talking about, a favicon is a personalized bookmark icon for a webpage. IE 6 is kinda cranky about displaying them, but I hear IE 7 works fine. Firefox handles them no problem!

One of the challenges in making a favicon is that they are at 16x16 pixel size. That makes it very challenging to create a graphic that is clean and visible at that size.

It took me a fair amount of work but I got one created that I was happy with and added some text to it.

You can do it by hand like I did, or you can use a service like Chami.com's FavIcon from Pics: the first web tool for creating still / animated favicons from regular images

Next I had to upload the icon image file to a hosting site. Blogger/Blogspot doesn't handle .ico/.gif formats that it needs to be in. I tried using my flckr account, but that also changed the file format at upload. Finally I discovered the clever and nice site Photobucket.com. They provide free image and video hosting in a format that is very helpful to bloggers.

Once I had uploaded the file, I had to add some HTML code to my blog's template and voilla! Done!

Hope you enjoy it!

More icon links:

Anime icons/avatars
Large format, Last Exile icons - via Fleet of Little Ships


Update--favicon v2.0 Thanks Jim!

See you in the skies,
--Claus

Wednesday, July 19, 2006

How To: Create an Icon Library


There are a lot of things I care about with my computer systems, and many more things I do not.

Hardware specs are important, but I don't live or die on the latest and greatest numbers. My home computing needs are pretty simple. As long as my system is as secure as I can "reasonably" make it, as long as it is stable, and as long as I don't run out of disk storage, I'm pretty happy.

I do have a few weaknesses when it comes to computers, however. I love desktop images--the prettier and more colorful the better--even if I can't ever see them all. And I like having a wide variety of icons to customize my desktop and folders with.

Most icon packages offered come as packages of individual .ico files. That's nice, but I like to have them bundled into a single icon library file (.icl or .ico) format. It makes it easier for me to manage and browse them. So I've had to learn how to "roll my own" icon library files. Let me show you how to do it as well.

How-To: Convert Icons into a Single Icon Library

1) Get an application to build icon library files.

There are lots out there. I've recently been playing with GConvert from G.D.G. Software. The GUI is very nice and the product worked perfectly. It does a lot more things besides just building icon library files, but is a nice professional place to start. Two other professional icon products are Microangleo and Axialis.

For this exercise, I will be using the freeware application IconShop (v1.20). It works perfectly for this task.

Download and run a virus scan of that application. Then unpack it somewhere helpful. It is actually a "standalone" application so you can just run the unpacked IconShop.exe file to launch the app.

2) Get some icons!

Again, there are lots of options out there! My two favorite sources are the Iconfactory's New Icon "showroom" and InterfaceLIFT's Windows Icons. If strange and bizarre icons are more your taste, try Gort's icons over at forrestwalter. With a little bit of work, you can also download and convert Mac icon packages and use on Windows, but that will be another post.

Let's practice using Louie Mantia's beautiful system icon set called Aqua Neue (Graphite).

Download those and after running through your virus scanner, unzip them to a folder on your desktop (or some other convenient location).

3) Launch IconShop.exe

You should have a three-pane window. The directory tree is on the left. Any valid icon files (for the selected folder) are in the top-right pane and the icon file contents are displayed below. You can change the icon format size displayed in the drop-down Format box in the toolbar. I like the "all formats" myself.

4) Open Windows Explorer (or your favorite file management application) and browse to and open the icon file you unzipped. Depending how you unzipped it, your folder list may vary. Mine says "1865_aquaneugraphite\Aqua Neue (Graphite) - Windows\". In there you should find 87 files of the .ico variety.

5) Resize your Windows Explorer and IconShop windows so that you can easily drag and drop files from the Explorer window into the lower right windows pane of IconShop.

6) Select all the .ico files listed in Windows Explorer.

7) Drag them off the Windows Explorer and drop them onto the lower-right pane of IconShop. Depending on your system speed it may pause a moment but it should then display them and report on the bottom status bar that you have 5 formats, 86 icons, and 86 images. Good!

8) In IconShop, click on File, Save As.

Delete the default file name (AFP Location.ico) and provide a new filename "Aqua Neue (Graphite)" or whatever.

9) Decide what format you wish to save your icon library in.

It is fine if you want to go with the default "ICL" format. If you want to save it in an .ico format, just type the following (including quotation marks!) "Aqua Neue (Graphite).ico" in the File name line instead.

Note: I prefer using .ico as my icon library file format as Windows defaults to picking up these types when browsing for and applying new icons to files/folders. It just makes it easier to search for them.

10) Change your "Save In" location to where you want to drop the file.

(I keep my icon libraries in an folder named "ICONS" in my Windows folder.)

Click "Save" and you've done it!

To take advantage of your new creation, pick a shortcut on your desktop, right-click and select "properties." Then click the "Change Icon" button. Click the "Browse" button and browse to the folder where you saved your newly created icon library file. Select the file and click "Open". Pick your new icon (I like those spiffy hard-drive icons) and then select "Apply" and "OK".

Done! You should now see your new custom icon!

To start a new icon file, go back to IconShop and click the blank-page (new) icon on the toolbar and repeat the applicable steps!

(You may delete the unzipped icon package as well as the original zip file once you are done building the icon library file--you shouldn't need to keep them.)

Once you get this down, you may find you tend to use the same icons. You can even custom-build your own "favorites" icon library file. Just use IconShop to to export your favorite icons and repeat the steps, or even simpler, open two sessions of IconShop and use one to search, view and copy desired icons out of and then paste them into the other session. Fast and Easy! This way you just have a single icon fileset you can keep handy for your personal use!

Please read and respect the icon author's "readme" file often included with the icon packages. Most allow free use of icons for personal usage, but not in commercial or corporate settings, and very few let you re-distribute their icons in new packages. If that's what you need, take some time and you can fine some nice sets that allow free-reign in usage.

Happy icon collection building!

Additional Icon links:

@icon sushi - multi-task freeware icon utility.

LiquidIcon XP Editor - very popular freeware icon editor and extractor. Nice set of features.

ResThief - freeware icon extractor. Use to scan dll's, exe's and other similar files and extract hidden icons from them.

See you in the skies,
--Claus

Monday, July 17, 2006

Add & Remove Program Helpers

I try hard not to have too many unnecessary applications fully installed on my pc.

Whenever possible I prefer "standalone/portable" applications that can run from a program folder or off a USB stick but don't need to be "installed" in the normal sense. However, Lavie and Alvis both have quite a few "must keep installed" applications and there are even more of my own I cannot get to run any-other way.

The end result is that when I try to open my Add/Remove programs list from within the Control Panel, it takes a long time to build the program list. It takes even longer if the option to show Windows Updates in enabled.

I've been using two clever little programs for some time now to work around this problem and generate almost instant listings of programs. I simply keep shortcuts to them in my Start Program listing.

SARARP - Small And Fast Add/Remove Programs - Freeware. Nice

Uninstall Tool 1.6.6 - Freeware - I am using this one just a touch more now. I like the GUI layout just a tad more. From CrystalIdea Software. Also has an option to allow you to view "hidden installation" elements that don't show up in normal listings. Handy

More linkage:

RipIt4Me: Back up those pesky protected DVDs - I haven't tried ripping a copy of a DVD yet. I really don't have a need, but just in case you are interested, this little gem proposes to help you with the toughest DVD nuts. via download squad.

Warp Forest - Flash based arcade/puzzle game. Starts easy but gets mentally challenging fast. You must work out proper event sequences to advance to the next level.

Like playing Flash-based games, but not always connected to the Net?

If you use Firefox you can usually capture the .swf Flash file to your pc locally.

1) Open/launch the Flash game/file by clicking on its link.
2) Then right-click around on the page with the Flash window displayed. Eventually you should find a spot (usually near an edge) and get Firefox's context menu.
3) Select the "View Page Info" button.
4) Then in the Page Info window, click the "Media" tab and browse the "Type" column to find "Embed."
5) Look at the address listed and find the file(s) ending in the ".swf" format.
6) Next click that line once and then click the "Save As" button to save to your favorite location.

Then use Swiff Player - Freeware - to play the Flash files "standalone" mode whenever you want. Clever!

See you in the skies,
--Claus

Sunday, July 16, 2006

Virtual Machines for Windows


So far Claus has covered the following (hopefully) critical security issues for Windows-based system users:

Firewall protection options: (w)Hole Lot of Firewall Info

Rootkit protection options: Windows Rootkit Detectors, and

Sandbox protection options: Sandboxing for System Security

Today we move on to the next-level of system protection; virtual machines. I've touched on this before.

As I have mentioned, trying to install and run new software can be a gamble. It should work, but it could (intentionally or not) render your system inoperable. There are many bad things that can impact you pc: viruses, trojans, malware...beta software and just plain bad code. By using a virtual machine system, you can effectively replicate an entire operating system on your desktop without needing a second pc. If something bad occurs you can either try to fix the virtual machine settings or just delete the virtual machine and simply restore your virtual machine to its original state.

The Wikipedia has a very good article about virtual machines.

I want to focus on three primary virtual machine software packages. There are quite a few more, but these seem to run quite well on most Windows based PC's.

Microsoft Virtual PC 2004

Previously a "to purchase" product, Microsoft recently announced it is releasing Microsoft Virtual PC 2004 for free. And it will also release Virtual PC 2007 free when it is finalized. Nice news.

The prime benefit of using this product is that (one would expect) that Microsoft would be in the best position to write code to emulate it's own systems. It doesn't play perfectly with all operating systems. Take some time to look over Jonathan Maltz's website: What Works and What Doesn't in Microsoft Virtual PC 2004 and acquaint yourself with the list before taking the time to try to install a particular system in Virtual PC.

Virtual PC Guy's WebLog is another great place to keep up with important and useful tips and issues in using Virtual PC.

Finally, Robert Moir has a wonderful set of Virtual PC 2004 FAQ well worth reviewing prior to setting up your first session. Including the ever useful: Installing Guest Operating Systems.

VMware

VMware offers a number of wonderful visualization products including their free VMware Player and the trialware VMware Workstation.

If you want to get started quickly then I suggest trying the VMware Workstation product. It easily allows you to create new virtual systems. However, if you need a free product and don't mind jumping through some hoops, give VMware Player a try. VMware has compiled an extensive list of "virtual appliances" and I would probably point most new users to their "Browser Appliance" image that uses the Linux Ubuntu build with Firefox as the best introduction.

If you don't have the money to pony-up for a full version of VMware Workstation, but want to build your own virtual systems there are a lot of options--they just take some work to use.

I'm not sure if this is where the whole idea got started, but Hack a Day posted a How-to: VMware player modification that walked users through setting up their own VMware virtual disks. The commentators then took the idea and ran with it.

John Bokma posted a wonderful guide: Creating an XP Pro VM for the free VMware Player

David Kuder hosts his VM Builder script on the web. You just complete some settings on line and the system and the script prepares a text file for you to use in your VMX configuration file.

EasyVMX!: Virtual Machine Creator goes one step further. It allows you three options for creating your virtual VMware machine: Super Simple Edition, EasyVMX or Expert. Depending on the sophistication level needed, pick your choice. The site also offers sets of IDE VMDK disk images from 500MB up to 100GB sizes for download (actual file size is much smaller). This can really save a ton of manual configuration time.

QEMU

QEMU is an emulator for various CPU's. It can run on Linux, Windows and Mac OS X systems.

There are a number of ways you can try this out. To get a first-start, you might consider Damn Small Linux's QEMU:Embedded version Damn Small Linux". It contains a package pre-wrapped with QEMU virtual machine. The trick to finding this one is to look for a download build with "embedded" in the name. The current version at this time is dsl-3.0.1-embedded.zip Just go to the site, or click on this download link to their site and find a mirror. Then browse the tree until you find an appropriate zip version.

QEMU is a really flexible program. David Reynolds has created his amazing Qemu Manager program that really provides a great GUI QEMU manager. I really think this is a "must have" program if you are using QEMU in Windows. I love to use this to manage and launch various Linux "Live CD" distributions in ISO format. David has some great screenshots on the process on his About Qemu Manager page.

There is also the QGui QEMU Launcher as well. It is similar to Qemu Manager. I haven't used this one as much, but it is another option.

While you're at it, check out the Main Page - FreeOsZoo for additional "ready-to-run" images of QEMU virtual systems.

While it takes a bit more work, I still recommend using VMware's versions the best. I find them to operate much faster, but Virtual PC 2004 is still a great product. For something fast (to get started) using for ISO images, QEMU with Qemu Manager is my pick. Having all three in your arsenal of options is best. And when it comes to virtual machines, the more system RAM and CPU power at your primary system's disposal the better.

So go download these today, experiment, and get to know these tools. They can really provide a great test-bed for new software and applications as well as provide an additional layer of security when doing web-surfing and downloading.

See you in the skies,
--Claus

Saturday, July 15, 2006

Standalone Web Browsers

After having to have spent untold sysadmin-hours troubleshooting the myriad of issues in Windows that come from having Internet Explorer so tightly integrated into the operating system, it came as a pleasant surprise to find that some web-browsers can be run in "standalone" mode.

By "standalone" I mean that they don't have to be "installed" in the normal sense to function fine. In fact, many can be ported to your USB drive, a folder on your hard-drive, or even on CD-R.

Here is an offering of these "Lone-Ranger" web-browsers to try out, if you are curious. Oh yeah, did I forget to mention they are all free?

Internet Explorer

Yes, contrary to popular thinking, one can run Microsoft's Internet Explorer in "standalone" mode:

John Galloway posted the IE7 Standalone Launch Script that allows one to run IE7 Beta 2 without installing it on your system. I've used this for many months now with nary an issue. I love it. Unfortunately, it isn't working for IE7 Beta 3.

Yousif Al Saif then stepped into the mix and is offering his solution to the IE7 Beta 3 standalone problem: Internet Explorer 7 Beta 3 in standalone mode(IE7). This one is only a tad more tricky and I haven't tried it out yet, but the commentators seem to report success.

Web browser archivists Evolt also offer many of the former Internet Explorer builds in standalone packages as well--just in case you are feeling nostalgic here.

Firefox

No surprise here. Firefox has been doing this well for quite a while.

The best of the bunch for a standalone Firefox build has to be John Haller's Portable Firefox. This is simply the best there is.

If you actually want to run Firefox off a burned CD-R, you will need to use Firefox 1.0.3 as the base version and not the newer releases. Combine that with a .bat file and you should be good to go.

If you want to experience the excitement of Firefox 2.0 Beta but don't want to risk tanking your current Firefox installation, try downloading Cybernet's Ryan and Ashley Wagner's Portable Firefox 2.0 Beta 1 I've tried it out and it works great. I'm not giving up my current Firefox build, but I look forward to the final version (once all my favorite extensions get updated for it as well....).

Related cousin: TorPark. Mixing the TOR anonymous routing system and Firefox, this is a great standalone build (though page-loads can be slow) for the security minded.

Opera

I'm not much of an Opera fan anymore, but I know it also has a strong following. It is actually a great browser-I just find it awkward to how I use the net. I used it quite a lot when I got tired of IE and Netscape's Navigator, but before Firefox/Mozilla burst onto the web-browser scene.

Portable Opera @USB is one attempt at making Opera portable for USB operation. It promises to leave no registry entries or data on the host machine (assuming you use it on your USB drive).

Kejut also offers two standalone versions of Opera: Opera Portable Personal 9.00 and Opera Portable One-Use 9.00. The first is for USB users who want to retain personal settings and data on run. The second is for those who want no (normal) evidence left behind after running. (I say normal as I cannot tell if the written data is just deleted or secure-deleted.)

Off by One Browser

The Off by One browser is a very "quirky" animal. Once you get used to its geeky interface and having to type the fully qualified URL addresses in, it is a great product. It is very small (1.2 MB) and quite fast runs great off USB or CD-R media.

Two related IE browser tools

IE Cache Explorer - utility to display list of IE cookies, visited URL's, and files, as well as provides a way to delete them. Somewhat useful for sysadmins doing cursory checks on business workstations for web-use policies, though not really useful for a forensic-level system inspection.

Index Dat Spy - index.dat file viewer - handy little utility to view contents of Windows/IE's index.dat files. Again, can sometimes provide helpful information to sysadmins looking into problems (system/user) with Windows.

See you in the skies,
--Claus

Friday, July 14, 2006

Texas Links and Miscellany

Taking a breather from my series of security stuff.

Here is a linkage path I recently went down while surfing the net before Meerkat Manor came on...

So I was thinking about how I used to run cross-country in high-school and how I probably couldn't make it more than a mile before my entire body shut down in protest. Then I came across this link: The Couch-to-5K Running Plan. A wonderfully attainable plan to go from zero to 3-miles in just two months of training. Now if I could just surf the net while I ran--Motoko style, I'd be set.

Since I was thinking athletics. I haven't mentioned World Cup 2006. I was disappointed to see Germany and Brazil get knocked out. Then again, watching France's Zinedine Zidane try to knock out Italy's Marco Materazzi certainly was surprising. I actually enjoyed the final and as an American, don't really mind games ending in a penalty kickoff. Seems very Clint Eastwood, American Western to me. For wonderful amusement, I offer you the following video: Zidane World Cup Headbutt Animation Festival. This is great stuff.

I then stumbled across a web link to NavSource Naval History: Photographic History Of The U.S. Navy. It's got pictures of almost every US Naval vessel ever commissioned. Really great stuff.

That led me to look for vessels named after Texas. Turns out there were several:

Second Class Battleship Texas (Fate: Sunk as target off Maryland by US Navy in 1911.)
New York Class Battleship Texas (BB-35) (Fate: Memorial in our back-yard in La Porte, Texas.)
Destroyer Leader DLGN/CGN-39 TEXAS (Fate: Disposed and hulk recycled in 2001.)
Virginia Class Submarine SSN-775 Texas (In active service.)

The USS Texas's webpage.

I used to build model-kits as a kid and I remember building one of a battleship with Dad in particular. I don't remember which one it was, maybe the Bismark? I've kept an eye out over the years hoping to find a local kit of the USS Texas but never have found one. I have found some nice ones on the net:

A nice hand-built one on the net.
USS Texas BB35 1/350 scale full-hull kit
Samek’s 1:700th USS Texas (waterline kit)

And then all this reminiscing on the Texas stirred loose a bit of sci-fi reading from my high-school years. While working at our city library back in my youth, I came across a paperback titled "The Ayes of Texas." I hadn't thought about that book until just now. It was actually the first in the Republic of Texas trilogy by Daniel da Cruz. Somehow world events conspire Texas to declare her independence (again), fight the Russians who are invading the US and re-fit the hulk of our locally beloved USS Texas (BB-35) into a high-tech ass-kicking machine again. It's kinda dated now, but at the time it stirred this young Texan's heartstrings something special.

Wonder if local sci-fi reading fan Jim Thompson ever heard of it?

Wrapping up the night in a WWII machine mode, I came across the history of The Lost Bomber. In 1956, a B-25 bomber crashed into the Monongahela river near Homestead, Pennsylvania.

Funny thing is, even though they knew where it crashed, it hasn't been found since.

See you in the skies,
--Claus

Sandboxing for System Security

OK.

See if any of these scenarios apply to you.

1) The latest, hottest, coolest software application just got posted to the web and you really want to try it, but don't want to toast your system.

2) You just can't wait to do analysis of a possible malevolent file you collected off a pc, but don't want to toast your system.

3) You want to do some "security research" at known browser-hijacking websites, but don't want to toast your system.

4) You provide tech-support to your parents/grandparent's pc and besides being tired of cleaning malware off each visit, you worry about their "click-happy" browsing behavior.

If these computing activities sound like a fun or frequent experience for you, but you don't have a spare test-bed pc handy, using a software "sandbox" may be just what you need.

Quoting from the Wikipedia: "The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices is usually disallowed or heavily restricted."

Think of software sandboxes as being like "quarantine" rooms for your pc. Depending on the product, they will segregate the program from the system, allow it a protected "scratch-box" to write data and settings needed for execution, monitor code behavior and may even block actions outright or based on rule-sets. Sandboxes are a great resource to test and experiment with new programs and executable code while maintaining a firm grip on leaving your base system untouched/unmodified.

Software sandboxes were previously a realm left for developers, malware and security research/responders, enterprise test-labs, or the hard-core geeks. Today, polished and usable products have come down from the tech-mountain to be viable alternatives for the masses of daily pc users.

Software Sandbox Suggestions

Sandboxie - Free - The sandbox software I am using on my pc's is Sandboxie. It is a very good and well recommended application for Windows . Only drawback--requires Windows 2000/XP flavors only. Although primarily aimed at running web-browsers (IE, Firefox, Opera, etc.) in a sandbox environment for system safety, it can actually be used to run almost any program file in a sandbox state. You can even install many programs, and system tools into Sandboxie, just not system software. It is a really clever piece of software that all sysadmins should consider using. Note: It does install as a startup/auto-run item, but you can disable that with msconfig, hijackthis, autoruns, etc. and just run on demand as I prefer to do.

Virtual Sandbox 2.0 - $$/Free - Developed by Fortres Grand Corporation, this is a polished software sandbox application (though the robot-dude mascot reminds me of Bender). The interface on sandboxed apps is very clear and easy to read and the security alerts provide additional dialog on what is happening. Version 2.0 can be downloaded and tried for free, but costs $49.95. Version 1.0 is free and carries many of the same features, but is not as refined as v2.0.

Greenborder Pro (Consumer) - Free/$$ - Greenborder integrates with the Internet Explorer web browser, although the company reports it will be supporting Firefox soon. It creates a sandbox for IE to operate in thus shielding the host system's files and folders from intrusion by any internet borne baddies. Download before July 28th and you will get a year's free subscription. Review at PCMag.com

Bufferzone - Free/$$ - Trustware's sandbox product. The free version allows protection for a limited number of single-running applications. The full-protection product expands the options for users. If you use just a single browser most of the time, the free version may be all you need.

GeSWall Personal Edition - Free - GentleSecurity's sandbox product. It appears to focus primarily on providing automatic sandbox protection to (primarily) Internet utilizing/related applications.

Sandbox Recommendations

If you just want to lock-down the browsing experience for your supported family members, go with the browser-centric sandboxes like GeSWall Personal Edition, Bufferzone, or Greenborder Pro (Consumer).

If your sandboxing requirements extend to desktop and system applications and not just Internet tools, then consider checking out Sandboxie or one of the Fortres Grand Virtual Sandbox versions. These provide a wider range of system and application protection.

Of course, I can't fail to mention Norman SandBox ($-$$). This product functions in a "hybrid" sandbox mode: Data files come into the pc, they are scanned for infection, valid data is passed into the Norman Sandbox for execution in the sandbox environment and suspicious code/files are stopped. valid data is passed through to the production computing system. As an alternative solution, Norman SandBox also offers a free service for users to submit suspicious file samples for analysis.

Additional Subject Links

Want to stop viruses? Let script kiddies play in the sandbox - ZDNet

AV ALTERNATIVES: Extending Scanner Range - Information Security Magazine (Feb 2001) dated but still useful information.

See you in the skies,
--Claus

Wednesday, July 12, 2006

Windows Rootkit Detectors

In doing the prep-work for my post on software based firewalls, I made a list of other system security layers that needed to be considered.

One of those areas was rootkits.

At a most basic understanding, a rootkit is executable code that attempts to evade detection of running processes, files or system data. There are many ways it can do this, but the end result is that they are very hard to find and can make an infected system look clean and safe even to traditional anti-virus and anti-malware software.

Wikipedia : Rootkit This is a good place to start to get the general concepts down.

Episode #9 of Security Now featured a very good discussion between Leo Laporte and Steve Gibson.

Detection on Windows systems:

Two products that I know of that are very good in detecting the presence of rootkits on a PC are Sysinternals RootkitRevealer and F-Secure's BlackLight.

You don't run these applications in an ongoing state, but I do recommend running them every couple of weeks just to keep an eye on things.

However, just because they find something, doesn't mean that file/registry key is a rootkit. Many Windows system files and keys are legitimate. It's just something that takes time to understand and the more you understand what is going on with your system normally, the easier it is to spot something as "out-of-place".

Give the Sysinternal's link a good read. It has very helpful and clear information for interpreting the results as well as hosting a RootkitRevealer Forum and there are also additional reference links at the bottom of the page.

Suggested Response to a "real" Rootkit on your system:

I have only come across a handful of systems harboring a true rootkit. While not impossible to remove, they certainly can be challenging to remove successfully. I say that as they can often hook deeply into the registry and system files. If not removed cleanly and entirely they can often result in a dead non-booting system or come back to life and reload again.

My personal advice would be err on the side of caution and boot the system with a Live CD or pull the drive and stick it on a 2nd system as a slave drive, then copy the critical user files/folders off for safe keeping. Then I would secure wipe the compromised drive using DBAN and reinstall the system fresh and clean. That is the one way you can be sure you don't still have the rootkit sitting on your system.

Overkill? Maybe. Secure? You bet; as long as the system install disks you are using haven't been compromised.

Coming soon--process monitoring solutions, sandboxing techniques, and virtual machines.

UPDATE (7-16): Some additional rootkit detecting applications I have just come across:

GMER - Free - helpful in analyzing rootkit-like malware. Follow the link for more screen shots and to download a copy.

DarkSpy - Free - I haven't tried this one out.

RKDetector - Free - Really nice and improved GUI interface now from the older command-line version I used to depend on. RKDetector is released in two independent "modules"; the FILESYSTEM Module and the "IAT Analysis Module". Download and play with both applications.

Found via the ISC-SANS Behavioral Analysis of Rootkit Malware diary post.

Stay Tuned,
--Claus

Shaking out the Sand

Just got back in from an overnight mini-vacation to Galveston Island with the girls.

Did the Schlitterbahn in Galveston. Still a "work-in-progress" but was pretty fun. The majority of the time was spent circling in the "river." Food options were weak (either pizza or BBQ) so we left for What-a-Burger and came back--cheaper too. We did a couple of tube-chute rides that moved pretty fast. Crowd was, well, crowded. No real comfortable areas just for us "old-folk" to sit in the water. People seemed friendly--definitely a family environment. Uniformed Galveston Police officers (in shorts) were on patrol. Nice touch. Bonus treat, the Lone Star Flight Museum is right across and they had rolled out their B-17G bomber on the tarmac. I got to point it out as one of my two favorite WWII airplanes to Alvis (the other being a P-51).

Valca secret travel tip #1: don't park in the "official" water-park parking area. Instead park in the far-back-leftmost-corner of the Moody Gardens lot next (generous open parking lot) to it and the main park gate is a short stroll to your left.

Stayed in a "pyramid-view" room in the Moody Garden Hotel. Service, food and room were definitely 4-5 stars. Nice pool area. Alvis thought she was in heaven.

Ate at the Rainforest Cafe. Fun atmosphere. Great food. Tired quickly of the servers yelling "volcano......" at the top of their lungs when bringing out the signature dessert. Oh yeah, the "$5.40 adventure ride is actually felt like a $2.99 carnival ride. Save your $$ unless you have very small children. Waited for an hour to be seated. Yuck. Stayed at our table (out of principle) for over an hour so we got our $$ worth.

Valca secret travel tip #2: Parking is behind the place, or park behind the San Luis and take a restaurant "shuttle bus".

Spend the following morning at the Moody Gardens Aquarium and 3-D Imax. We didn't do the whole shebang this time, just those two exhibits as they are our favorites.

After we left, we swung down the seawall and played on the beach. The water quality is much better now then when I went there as a kid. Back then, we would always get tar on us and Grandpa kept a can of bug-remover (turpentine) to wipe us down with at the end of the day...ahh, the good ole days...) Standing on the seawall, the Gulf waters actually looked greenish blue. Not like the clarity of the water say in La Jolla, CA. but nice nevertheless.

And Alvis managed to haul back six newly-acquired giraffe stuffed-toys for her growing giraffe collection. My wallet is considerably lighter now.

Loose Sand Linkage...

Get your real-life GITS mission vest. -- Is this cool or what?!! Of course, if you tried to wear it out here Stateside in public, I have little doubt that the US DHS would sweep down and haul you off to Guantanamo.

Wacky system messages -- via The Daily WTF

Saturday in the Park with Friends -- Town dresses up like in the painting.

How antivirus software and System Restore work together - (Microsoft KB) Handy info when you've just gotten done playing with things that set your AV software off, but you mess with them anyway.

See you in the skies,
--Claus