Saturday, June 30, 2007

Grand Stream Dreams Blog - Rated ?

For Entertainment Purposes Only

I was hanging out over at Gillian's Gillianic Tendencies blog and was amused by the following post: Not that arbitrary tests and ratings by websites looking for free advertising really mean anything

Seems she had stumbled upon a website page at Mingle2 that will rate your blog/website according to movie-rating guidelines...or something like that.

Gillian's blog rated "R" due to 5 cheeky words. Edgy girl, that Gillian!

Grand Stream Dreams - Family Friendly

So I bit and went on to put my main blog page in the tester:

Ahh! A family-friendly blog. Just what I wanted to find.

But then I surmised that it was only checking just the posts displayed on the main page.

What would happen if I put them all in?

Grand Stream Dreams - The Dark Side

I loaded in my blog's "backup-bookmark" to see what the rating would be based on all my posts. See this post for reference: Easy Blogger blog Backup Tip

Oh goodness!

Since my blog is primarily tech-related, I guess the tech world does have a much darker side!

This rating was determined based on the presence of the following words:

  • dead (30x)
  • pain (22x)
  • kill (17x)
  • dangerous (14x)
  • hurt (13x)
  • xxx (8x)
  • steal (7x)
  • zombie (6x)
  • punch (5x)
  • gun (4x)
  • bastards (3x)
  • crap (2x)
  • suicide (1x)

So read this blog at your own risk, please....

How the Crowd stands:

Other blogs I enjoy had their current main-pages rated accordingly:

--Claus

Sunday, June 24, 2007

Fun things to see

Here are a few light and fun things worth looking at.

I've been on a blogging binge with some heavy posts and while I still have a few "project" type posts waiting in the wings...they are going to keep waiting for now.

So I will probably sign off for the next few days as I turn my attention back to Lavie and Alvis and my training classes this week. (Or maybe not <smiles>.)

Enjoy these and I promise I will be back soon!

TechEBlog » CD Hole Art - I never would have thought of making my CD labels like that. Now I can't help but plan out my next utility disk labels with this in mind!

TechEBlog » V8 Engine Computer Case - Awesome custom pc case. Would look right at home in a machine shop.

TechEBlog » World’s Most Powerful Diesel Engine - Damn that's one big engine! Imagine the mess a thrown-rod would do in that sucker!

Q-TARO.COM: Jinba Ittai 2 - Japanese blogger Q-Taro gets delivery of his brand new, awesome Mazda roadster. Man it is beautiful (sighs)...then he takes it on the road: Q-TARO.COM: RHT First Impressions.

Hendrik Monastery History - Abandoned Photography : opacity.us - Haunting pictures of decay.

Sanitarium Joseph Lemaire History - Abandoned Photography : opacity.us - Even more stunning by the inclusion of "before" images for comparisons to the "now" ruins.

BLDGBLOG: The Labyrinth and the Stairway - Reminds me of the sets from "What Dreams May Come" one of my favorite "mental/visual" movies.

See you in the skies...

--Claus

Saving a Streaming MSDN Showtime video to your local drive

Class is in Session

As I have been mentioning, I've been leading a class at work for some of our newly-hired desktop support trainees.

The bulk of material presented was developed and written by me along with additional material provided from various network analysts across the state.

However, I wanted to seed the materials with a few additional technical videos from the Microsoft ITsShowtime website:

Specifically, I found these two presentations by Mark Russinovich to be highly useful in showing how to approach a malware infection and use the Process Explorer tool from Microsoft's Sysinternals.

Only I had a little problem...I didn't want to show them as streaming videos.

Rules, Rules, Rules

We generally forbid employees from downloading any video or music streams at work. That is clear policy. Although we run high-bandwidth pipes at our office locations, the impact of a few users running streaming media can quickly and negatively impact our network performance. And, with the exception of training videos or the rare live-webcam conferences by a few executives, there really isn't any justifiable business need for it.

Now I know I have authorization to do so, but I still knew that the network at headquarters would take a hit anyway and just wanted to be considerate to the other customers.

What could I do?

Could I figure out how to save the stream off hours (or at home) and play it back locally instead of as a streaming media file?

The Hunt is On!

It took me a while, but I eventually found this great post by Roy Osherove at his ISerializable blog that gave me hope: How to save a streaming MSDN Showtime video locally.

In the post comments he was instructed to use the freeware application VLC media player to capture the WMP (Windows Media Player) stream link and save the file locally.

But first you need to find the actual path to the ASF URL. Luckily for Roy, a poster gave him the link in the comments. However, it indicated that if you could capture and examine an ASX file that (should) download to the cache, you can just pick the stream URL out of there.

So on my XP Pro system, running WMP 11, I emptied my IE cache and fired up the stream. Sure enough, there was the file in my cache and a quick view in notepad revealed the target URL!

Golden!

Now, since I would have to capture the stream outside of "production" hours at work to avoid impact on our bandwidth, I decided just to repeat the process at home and capture them there.

Only when I tried it on my Vista and XP Home systems...I never could locate the ASX file. I'm still not sure why.

So it looked like I would just have to do the download at work.

Back to the Books!

I did some more research in the meantime on the protocol for this streaming file and came up with the following interesting leads:

Based on this, I wondered if I could capture the URL I was looking for with a packet sniffer. Maybe I could get lucky and locate the true target streaming URL that way?

Target Sniffed and Snagged x3!

(Note...see update at end of post for simpler method of URL capture.)

At work, I fired up Wireshark and began a fresh capture before clicking on the link to play the target video (in this case "Advanced Malware Cleaning").

Once it began playing, I stopped the capture and culled through the packets. Sure enough, after a bit of time I found several versions of what I was looking for. Only it took a considerable amount of time and work picking though the details to locate and extract the address.

So I tried some other packet sniffers I use.

Next I used NirSoft's SmartSniff application. Fired up a capture, hit "play" on the video and after a few moments stopped the capture and video.

This interface worked much easier for what I needed. I quickly captured the ASX file packet information and in it found the mms:\\ protocol line that had my target URL address for VLC!

mms://a2.v148539.c14853.g.vm.akamaistream.net/5/2/14853/v003/<snip>/0369_w.asf

In another packet also saw a RTSP protocol URL and decided to give that a try as well as it also otherwise had the same file URL.

rtsp://a2.v148539.c14853.g.vm.akamaistream.net/5/2/14853/v003/<snip>/0369_w.asf

(NOTE: I've snipped the actual URL here to get them to fit in my blog. I really don't want to list the actual links as they may be subject to change. Following the techniques listed should get you the "true" URLs without much fuss....keep reading!)

Finally I wanted to see how AnalogX's PacketMon would work:

Checking each packet captured one at a time was pretty tedious again.

So I set a new group, and then two rules to capture only all those those packets that contained "RTSP" or "MMS" strings.

Then I started the packet capture and fired up the video for streaming.

Only a handful of packets now were captured for me to quickly pick through.

I opened up the detail view and set the view to "Display as text only."

In no time at all I had picked up the target MMS and RTSP URL. Either should work fine.

I found NirSoft's SmartSniff to be the easiest to quickly use and get what I needed, but AnalogX's PacketMon actually did a more targeted job of filtering with just a little setup work. Pick your own medicine.

Validation of URLs

So I copied each of the two ITsShowtime MMS/RTSP url's to a text file for safe keeping. I then opened up IE and launched the URL to see if it would work.

Bingo! Like a charm!

Same held true for opening the link in WMP directly.

Stage Two--Capturing the Stream

I knew from Roy's post that it was recommended he use the VLC media player to do the streaming capture.

I downloaded and tried it and found it would do the job...but seemed kinda clumsy and limited for my purposes.

Was there a better way?

Amazingly there was!

SDP ROCKS!

From one of the links mentioned earlier I discovered a little (freeware) application called SDP: The SDP Multimedia website for ASF download and MMS protocol specification.

Simply Amazing!

(SDP Screenshot)

Besides MMS, SDP allows you download and capture the following protocols: Http v1.0 streaming protocol, Http progressive (simple http download) and of course: mms, mmst and mmsu over both TCP and UDP transport protocols. The current version of SDP 2 does not support RTSP streaming.

Near the bottom of the main page are additional protocol documents if you are so inclined.

I wasn't worried as my packet captures found that the URL for both the MMS and RTSP streams were were same.

It's GUI isn't the prettiest but it does the trick.

SDP developers have done a highly commendable job of providing a clear and well illustrated SDP Read-Me page. It took me a few minutes of quick reading and I was good to go.

What is more, SDP has a "VCR" mode so you can configure it to run and capture a steam at a preset time, fantastic to capture video streams outside of "production" or high-volume periods...say at night.

The network performance monitor is handy as well.

I followed the steps needed to set and being the stream capture and turned it loose. As each video was just over an hour in length, it isn't a fast process, but it worked like a charm.

When done I had both ITsShowtime video's fully downloaded in their entirety to my hard drive. I was able to fit them both on a single CD-ROM disk to take back to work.

It is Showtime!

For playback there are many media player options.

If you have a version of Windows Media Player already installed, you should just be able to double-click the file and the video will play-back automatically.

VLC media player handed the files just fine as well for nice playback.

Finally, I really like using MPUI, the MPlayer frontend for Windows. This is a tiny (and portable) application for media file playback.

Take your pick or use your own if it is compatible.

Anyway, all three of these played the file back just perfectly for me.

So there you go. I can't say this is an easy process to do, but it is by no means difficult for the moderately experienced techie or system administrator to do. I'm pretty sure this technique might be extendable to some other streaming media formats as well.

Is it Legal?

Note, I am not a lawyer....

So, how does Microsoft feel about off-line download and viewing of the ITsShowtime videos?

I couldn't find anywhere specific that they forbid it. I'm clearly not interested in reposting, redistributing, or restreaming the files myself and am using them only to promote and train users in the Microsoft products. I couldn't imagine that would be a bad thing.

I did find this one link on their ITsShowtime FAQ page that gives me confidence:

How do I convert the downloaded video to play it on my DVD-Video player?

Use your favorite DVD authoring software to import the WMV file and the included optional subtitles. You can then burn the converted video and subtitles to a DVD disc and play it on your standalone DVD player.

Too bad they didn't explain how to "import the WMV file" anywhere to begin with.

Would have save me a lot of time in needing to write this post!

--Claus

Update: 06-25-07

Commenter Nicholas suggested using the Firefox extension Download Helper to get the URL. I hadn't heard of this one, so I installed it and gave it a shot. Once installed I logged into ITsShowtime and started the video. I then clicked the little icon for Download Helper in my toolbar and it now showed a .asp entry. I selected it, then saved the file to my local drive. Finally I opened the downloaded .asp file and, voilla, just as Nicholas suggested, there was the mms URL link to video stream. It has a lot more media download helper support as well.

Much easier and quicker method, indeed! With that in hand, you can then download the file via SDP.

I also noticed that while the VLC media player could play the downloaded file directly, the MPUI player would not without first downloading additional codecs. I then found that another freeware 3rd-party media player could also handle the downloaded file immediately: KMPlayer. So you might want to give this little guy a try as well. It has a lot of really great features for media playback.

Thanks Nicholas for the tip!

Spyware Terminator...A Very Interesting Anti-ware Application

About a month ago, one of our network analysts brought the following freeware malware-scanner program to my attention:

Free spyware removal and spyware protection - Spyware Terminator

He had been using it for a while and really liked it.

I generally stick with a close-knit group of anti-ware (Dwight lingo) programs so I was a bit hesitant to jump on a new one I haven't heard of before...but that's how you learn...by trying new things.

Some History First

I wanted to do some research on this program before firing it up on my systems.

I searched around and read a number of user-comment software reviews.

File Forum had a very strong and balanced thread, with a few folks concerned that it wasn't a legit application, and a slew of others in support of it. FileForum | Reviews of Spyware Terminator.

It's listed over at filehippo which is a download site I trust.

Posters at the Download.com download link for the application seemed positive.

I didn't see anything that really caused me alarm.

It had been previously listed on Spyware Warrior's Rouge/Suspect Anti-Spyware program list, but has now been de-listed.

That, coupled with some additional reading via a Google Blog search on the program left me feeling pretty secure that I wasn't going to hammered with a rouge anti-spyware product.

Basic Features

Here are some basic features Spyware Terminator offers:

  • Real-time protection (if optionally enabled).
  • Quarantining of suspect files (it's always good to quarantine before removing, just to be safe).
  • Setting of manual and scheduled scans.
  • Setting of manual and scheduled updates.
  • A (generally) friendly user interface.
  • Free for personal and commercial use (a $ version with network administration support also available).
  • Allows for fast,full, or customized scans.
  • Provides detailed scan-result reporting.
  • Supports integration with the free and open-source anti-virus application ClamAV.
  • On-boot malware removal routine if needed.
  • Pre-defined "profile" configuration...so protection can be adjusted for user type.
  • An integrated "locked-file" removal tool. (See my list for more stand-alone locked file tools).
  • Integrated single-file malware scanning via the Explorer right-click context menu.

Download sites report it is compatible with Windows 98/Me/2000/XP.

I haven't tried it yet with Vista and cannot find any thing specifically on Spyware Terminator's website that says it is or isn't Vista compatible. When I get done testing on our Vista laptop, I will drop an update in the post or in the comments.

Download and Installation

First you have to choose which download version you want. Spyware Terminator (Free) comes in two flavors:

Spyware Terminator & Web Security Guard (9.96 MB) - This version packs all of the features of Spyware Terminator along with anti-virus protection included and an web-watcher process to protect users from loading hostile websites.

Spyware Terminator (3.33 MB) - The plain version without the web-monitoring program.

I went with the plain version.

Upon running the installer, one is presented with the Crawler EULA, privacy policy, et.al. Seems pretty standard fare and works hard to try to distance itself from it's prior problematic history of associations.

Once installed you are presented with the option to set it to "scan for spyware," "protect against spyware" (which will then install the Real-time Shield), or "Protect against spyware and viruses" by installing Real-time Shield and Clam AV.

I just use these as on-demand scanners..so I picked Scan for Spyware. Since I downloaded just the basic version, I wonder if selecting the "Protect against spyware and viruses" option would then require an update download to get the additional elements?

Under the Hood

The nice and clean user interface presents you with the following options under the Spyware Scan tab:

System Summary - which provides info on your program version and application news.

Scan - where you can select a fast, full, or custom scan.

Ignore List - where ignored items are recorded.

Quarantine - which displays items you have located and selected to keep around safely before removing.

Update - where you can manually update the application.

Utilities - to restore system defaults, roll back to a system restore point, analyze a file (see if it runs, if it has related registry items, and property information), or remove a file (delete or delete-locked file).

The Real-time Protection tab allows you to enable and customize the settings for application guarding, system guarding, and Internet guarding, along with enabling Host Intrusion Prevention System (HIPS) protection.

The Settings tab lets you enable/disable reporting back to the Spyware Terminator mother-ship servers, customize scans to look for cookies, invalid items, unreadable files, alternate file streams and use the System Restore, schedule automatic scan times and updates, and integrate ClamAV.

Fire in the Hole!

I fired up and ran a manual "quick" scan of my system, and watched the program begin.

It ran a scan of all the running processes, registry items and key files.

"Fast" scan time took approximately 3 minutes on my XP Home system.

It scanned over 11,000 objects on my system and found 152 items of note...none "critical."

Once the results were displayed, things got really interesting.

Is this Good or Bad?

The scan results are reported on a four-tabbed view.

The first displays Threats...on my system these were (as expected) just some miscellaneous tracking cookies with a low threat rating. Had additional malware items been found, they would have also been listed along with an elevated threat-level symbol.

What I found very nice about this is that they included the file-path to the located files, so if I wanted to do more manual investigation on my part, I could quickly track the suspicious items down. I can also select and report false positives to the vendor directly off this screen (very nice!) and move the selected item(s) to quarantine as well as delete them. All handy features.

The second tab displays Safe Software. It appears that Spyware Terminator uses an internal "whitelist" database to list programs, services, and other files it locates and knows are safe. These may be expanded to view the location detail as well as a brief abstract about the item in review and can be placed in quarantine if desired.

The third tab displays any "Unknown" Software. These would be applications, files and registry items that haven't made the "whitelist" but aren't in the "blacklist" either. You may select the items here and set them for quarantine, ignore, add to the "whitelist", or designate as a threat. You may also sent them to the vendor for "professional" review.

The final tab is a scan report. You may copy the report to the clipboard which would list processes, Startup items, toolbars, BHO's, IE bars, IE Extensions, Services, Protocols, Winsocks, Uninstallers, Start Menu items, Desktop Items, Favorites, Cookies, Registry items, and key files scanned and their file locations.

Whew!

Is Spyware Terminator Portable?

Well....kinda.

Note: This is not supported by Spyware Terminator, and by design the program really isn't intended to be run this way. Just want to pass this on to other sysadmins who fight malware at work off USB sticks on the fly.

Since I have to travel to a bunch of systems to clean them of malware, I wondered if the program could be successfully run off a USB stick.

So I copied the installed program folder and went to another pc that it wasn't installed on and gave it a try.

Yep! Worked like a charm. Obviously you will want to set the options to not run scheduled updates/scans if you do so, nor will you probably want to enable the "Real-time" protection. I'd recommend you disable these prior to copying the program folder to your USB stick.

Only one problem. Once the program was ended and the USB stick removed, the program left the Windows right-click context menu item for individual file scans still in place.

You won't want to be leaving litter like this around when you use this program in an unsupported "portable-mode."

What to do?

Spyware Terminator Registry Key Fix

I located the key causing this behavior and wrote a simple registry key file that when executed removes the key in question and takes out the context menu item (as tested on my XP systems at least).

  • Open notepad and copy the following two lines of text into the file. (Note: the second line is a single line):

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD88A479-9623-4897-8546-BC62B9628F44}]

  • Save the file with the following name "RemoveSPTKey.reg" (or whatever you want, just be sure to save it with the .reg extension."
  • Put that saved file in the program file with your other files.
  • Run Spyware Terminator and do the malware busting and tracking cookie crumbling.
  • Once done, close the program.
  • Now run the registry file to remove the key from the local registry.
  • Gone!

More information on how to use RegEdit, batch files, and adding and removing registry keys: Use REGEDIT to add, read or delete registry values.

And as always...remove registry keys from your own system at your own risk!

Charitable Giving

Spyware Terminator also offers a free license for Non-Profit Organizations (schools, government organizations, churches, charities, etc...) which includes both the primary program as well as the (otherwise $) network administration tool so you can manage all the installed clients across workstations. Very classy move!

Final Recommendation

I really like this application. It is fast and has a wide-range of features that will compliment other anti-malware applications already on the market. The included tools and utilities should greatly help leverage the application.

None of my home systems have any malware to test its true removal/repair capabilities. Just nuisance cookies. So I still can't say how it compares to actually removing easy-to-difficult malware infections. In those cases, I still will be using it as one of many of my trusted anti-malware tools I toss at an infected system. And I haven't found an anti-ware product yet that can 100% clean an infected system. Everyone I've run into has still required a certain amount of detailed hands-on manual work to remove some stubborn files/programs/processes to get it completely cleaned up.

I've been running it for a while and haven't found any ill-effects from it's installation and use on my own systems.

I do have mixed feelings recommending this program to a new or beginning-level user without some supervision or training by someone familiar with the program first.

The only reason I say so, is because on my system, the scan results listed seven items under the "unknown software" tab. I knew these were all safe and (in fact) required programs and files for healthy operation of my system.

My fear would be that an inexperienced user might try to remove or quarantine these items by mistake and end up tanking their system.

However that is also one of the strengths of this program that I like, so I can't say it doesn't need to be right were it is. Just decide and understand carefully before acting on the items listed there, and if in doubt, don't touch-em.

Overall...Valca Recommended

Happy (malware) Hunting!

--Claus

First Looks: Spybot Search and Destroy 1.5 (Beta)

(This post is long...if you just want to go to the official Safer Networking Beta page for Spybot Search and Destroy 1.5, jump here.) --Claus

The Quest begins!

When I was first getting my toes wet in the malware-whoopin fight-club, one of the first tools I became acquainted with was Safer Networking's Spybot Search and Destroy.

The "easy" mode was great for doing a quick scan for malware and cookies removal and it seemed to be quite effective at the task.

The "advanced" mode offered a ton of great tools for tweaking and understanding all the going's on in my systems.

As malware fighting got more complicated, Spybot seemed up to the task, though I would eventually add quite a number of additional anti-malware applications to my tool-kit for fire-support coverage.

Still, Spybot S&D is one of the very first tools I reach for.

I've been running Spybot S&D 1.4 for over a month now on our Vista laptop with no issues. That doesn't mean it is supposed to be used on it, just that I haven't ran into any issues. But no, I don't use their "Tea Timer" utility so that remains "untested" by me on Vista.

New Kitten or Bad Puppy?

A week ago I saw my favorite new-software version site "FileHippo" had a download available for Spybot Search and Destroy 1.5 (Beta).

I went looking around and couldn't find any info to tell me if this was legit or not. Can't be too careful now-days.

So after some scans and trusting filehippo, I loaded it up and took it for a whirl.

It is just the same...but better. (Though still in Beta.)

Tracking down the Source

I was still a bit unclear on how this version got out of the cage and wanted more information before posting here.

I did some follow-up poking around deep in the Safer Networking forums and came up with these bits:

Back in early December 2006, Team Spybot member PepiMK posted an announcement of the beta versions of some tools for Spybot 1.4: Announcing betas: TeaTimer / Updater / Vista integration.

Testers would be able to download and install these "bits" over an existing Spybot 1.4 installation and get:

Scanning engine

This update cannot be disabled in the download package below; it is not only used if you install TeaTimer, but by the main Spybot-S&D scanner as well. The methods available to detect malware have been more than doubled, including new ways to generically detect malware mutations.

TeaTimer

Aside from the fix of the graphical glitch so many users have been waiting for, there have been some important changes under the hood, which will reduce the number of change dialogs where the user has to decide.

TeaTimer now automatically allows any changes during the installation of other security software which follow the ASCs guideline of code-signing all files, as well as a much improved scan of the files associated with registry changes.

Vista Security Center

The Windows Security Center included with Windows Vista has a dedicated entry for malware protection software.

Microsoft ships Windows Defender with Vista, however, Spybot-S&D can now easily integrate into the Vista Security Center; which will then monitor if Spybot-S&D is up-to-date and whether the permanent protection (TeaTimer) is running or not.

This update will only show on Vista systems, since previous Windows versions do not offer anti malware integration into WSC.

The integration with Vista Security Center is good news indeed.

However, while this was the start...it wasn't the download we were seeing at filehippo.

In June 2007, Spybot announced the "Works with Windows Vista" will be applied to RunAlyzer, FileAlyzer, RegAlyzer and TagsRevisited. And will likey be applied to the 1.5 version of Spybot at final release.

But that still didn't help me directly to find a legit download notice on Safer Networking.

Forum Diving

So I dove into the forums more and hit a great lead: the Spybot Beta thread group!

That finally got me this post: Spybot 1.5 beta bugs and false positives. - Safer Networking Forums where I learned that someone (Neowin) got lucky and found the download on the servers and it "leaked." So it appears that a few weeks ago a non-public beta got off the farm, but it wasn't a "secret" one. Anyway, in that thread Safer Networking posted a direct link to the "full" Spybot S&D 1.5 (beta) package...and it was newer than the "leaked" version.

A bit more supporting documentation in this thread as well: New Interface & Firefox for S&D 1.5? - Safer Networking Forums

The Gold Mine!

Finally I hit the mother-lode for Spybot Search and Destroy 1.5 Beta.

Spybot - Search & Destroy - The homepage of Spybot-S&D Beta!

According to this official page at the time of this post:

  • The current beta version of Spybot-S&D is 1.5.1.12 (June 21st)
  • The "Official" Safer Networking SB S&D 1.5 beta download link is here.
  • You do not need to uninstall version 1.4 to install 1.5, but it is recommended.
  • The download versions on Neowin and filehippo are legit; but may not be as current.
  • All versions of Windows are supported (and Wine!), including Vista and Win95.
  • The interface remains about the same, but work begins in June/July for a new GUI. Wow!
  • IE plugin configuration is updated.
  • Tea-timer interface updated.
  • Radically different Updater window now, also offering optional "beta" updates.
  • Integration with Vista Security Center.
  • UAC support.
  • Scan results now displays additional items of consideration. This surprised me but is cool.
  • And a whole shebang more changes, mods, and updates...too numerous to list.

Wow.

Go to the link above to read the full list of items, and to look for newer versions.

Want more Spybot S&D Eye Candy?

Hop on over to this Neowin post: Neowin.net - Spybot - Search and Destroy 1.5 Beta

There they have 10 screenshots available to satisfy your itch.

Claus's Take

I'm really excited to see Safer Networking getting ready to roll out this version. It looks to be a substantial update to a long trusted and honored malware-whooping machine.

I've been running this beta version on my XP and Vista machines now for a while and haven't found anything to prevent me from being comfortable using it on a daily/weekly basis. Your mileage may vary as it remains a Beta beast at this time.

It's also refreshing to see that Safer Networking takes a a low-key approach to version numbering. What could have been "Spybot S&D 2007" or "Spybot S&D 2.0" is just simply one more minor tick up to version 1.5.

No, I don't think it will perfectly clean a malware-infected system perfectly every time...so you still probably need to keep a malware-whoopin' unit of squad-members at the ready, but based on what I've seen so far, Sergeant Spybot just got a field-promotion.

--Claus

It's the Driver, Stupid!

Drop and Give me Twenty!

I'm in the middle of leading some new recruits though a "Basic Training" class on our network, systems, utilities, and operational protocols.

Despite the increased stress it brings, I must admit, it is a bit fun.  While I am an introvert by nature, I seem to be able to magically transform into an evangelist of sorts when duty calls me before a crowd or group for IT training.

So the day of my training, I picked up a new (to me) InFocus LCD projector to use with my laptop during the class presentations so I could do "live" software and utility walk-throughs with the incoming new-hires.

I've used them before and find them very useful.

However, I soon found that I was unable to get the video to output from my laptop to the InFocus projector.

Hmmm.

My laptop video driver was the most recent version, seemed to be running fine and I couldn't find any settings in the InFocus machine that would prevent it from working.

Newer is Not Necessarily Better!

After a few minutes of fiddling with the settings, I pulled out the "generic" guest laptop that is kept with the machine for presentations by staff who haven't been issued their own laptop.  Fortunately it was the same model as my issued laptop.

I quickly had it swapped out and it was projecting the desktop perfectly.

So I compared the drivers, and found it was using one several years earlier than my most recently installed video driver version.

Oh dear.

So I went digging on my laptop and found the original driver store folder that contained all the original-image-present drivers.  A quick driver version rollback on my laptop and I was back in business.

Problem solved.

By the way: Why doesn't Dell seem to offer archived "older" versions of it's hardware drivers like some other manufacturers?  Don't want to confuse the public, maybe?

Back to the Future

I don't use the InFocus machines regularly, so I think I will go back to the latest video driver when I am done, and just remember I will have to roll it back again in the future.

Sheesh.

Dual-Monitor Configurations on Laptops

Once my first training class was done and I put my laptop back on it's dual-monitor setup on my desk, I had a new problem to tackle; getting the desktop extended onto both the CRT monitor and my laptop screen again as I originally had it configured.

In order to use the InFocus projector, I enabled desktop "mirroring" for the video output.  That worked great while in the training class but made my head spin seeing the output replicated on both my monitors while at my desk.

What should have been a simple process took me twenty minutes of going in circles until I remembered I had to use the custom driver utility for the video driver instead of the Desktop Properties dialog box which just wasn't working.  That quickly did the fix.

For those with more standard video drivers and setups...this CyberNet News post might be a nice refresher: CyberNotes: How to Change the Primary Monitor on a Laptop

The Vista Driver Store

Vista's Weak Link: The Driver Store - Enterprise Desktop's Randall Kennedy explores what may be a disaster waiting to happen with Vista Driver Store.  I wasn't aware of this and found it useful information.

That article contained a link to how to (maybe) fix a corrupted Driver Store in Vista: How to recover corrupted Vista driver database.

Vista Network Drivers also not Immune

Charles Teague also ran into an "I updated a driver and made things worse" problem with Vista at his DragonStyle blog

Vista Wired Network Performance Problem Solved

Turns out the updated Vista driver brought his network performance to just better than dial-up levels.

Solution?

Roll back the driver to the older version.

Grand Stream Dreams Public Service Announcement

This whole experience is why I recommend making frequent backups of your current drivers before doing a driver update...just to be safe.

How?

Pick and use any of several freeware driver backup utilities I recently posted about: Backing up Windows System Drivers.

And if you create system images for distribution (note to self), please try to always include a folder with the base system drivers needed in a "drivers" folder on the root.  You will be doing your desktop support staff an immense favor and save them tons of time down the road if they have to roll-back a driver.

Thanks.

--Claus

This Week in Link Review

Here are some links I've collected this past week (or maybe longer) that caught my eye.

They don't really merit individual posts but I found them useful or interesting.

Filter Google Search by Date...kind-of

Overwhelmed with too many Google search results?  Want to narrow them down to a more recently uploaded items?  Wait no more!

Google: Advanced Search page now lets you filter your results for pages updated in the past 3, 6, or 12 months. Handy.

Search Techniques: Get fresh results from Google searches - Lifehacker

Which led to a bit more details on the subject (with screenshots) via Matt Cutts: Google improves search for fresh documents

A deeper look into this interesting update via ResearchBuzz.com: Google Makes Change to Daterange Syntax

Which leads to GooFresh: "Goofresh is a way to search for sites added today, yesterday, within the last seven days, or last 30 days."

Very clever.

Security and Elevation-of-Privilege

Mark's Blog : The Case of the Insecure Security Software

Sysinternals guru Mark Russinovich takes a brief but detailed look on how software vendors can write their code with the effect of allowing malware to take advantage of poor coding to "...allow unprivileged users to effectively shut off the application, corrupt its configuration files, and replace its executables to elevate to Local System privileges."  In addition, it could "...modify the configuration data or create its own version and prevent the security software from changing it. It could also watch for dynamic updates to the files and reset their contents."

Yikes.

I'm not a coder, but these are good things to keep in mind when looking at software and considering how even a "well-patched" system can still be potentially exploited.

Watch those Special Bin hardware deals

If you are in the habit of buying technology hardware and it isn't in the original shrink-wrap packaging, you might be getting more of an "Ordeal" than a "Deal".

CTV.ca | N.S. family inadvertently got spied upon

Stores that accept returned hardware may not take the time to review/wipe/reset the items.  Thus when the product is picked up on-the-cheap by an unsuspecting user, some files or configuration settings from the prior owner may still be present...and lead to problems.

Read HTRegz take on the matter over at his post Buyer Beware! (”Returner” also Beware) - via Computer Defense blog.

KeePass - Useful Tip

I love and highly recommend the freeware product KeePass to manage the growing list of complex passwords I maintain.

However I just learned a new trick via Lifehacker: Track software licenses with KeePass.

Quite handy, indeed!

Big Web OS Review

Frantic Industries weblog does a two-part jam session on Web Operating Systems. They pick apart twenty of them.  If you've ever considered dabbling in a Web OS, here is a great place to begin.

10 online operating systems reviewed: covering Craythur, Desktoptwo, EyeOS, Glide, Goowy, Orca, Purefect, SSOE, XinDESK, and YouOS.

Another 10 web operating systems reviewed: now considering DesktopOnDemand, G.Ho.St, ODesktop, AjaxWindows, MyLGD, Nivio, Schmedley, Dekoh, Ironbox, and GCOE X. .

--via Web As Desktop: 20 Web operating systems reviewed - Lifehacker

Free Web Flair

Looking to add a bit more flair to your website or blog?  Smashing Magazine drops a great article that lists a ton of graphic resources for icons, buttons and other website flairs.

Freebies Round-Up: Icons, Buttons and Templates

Just be careful to take the time to review and understand the artist/owner's rules for usage.  Some may be only valid for personal or non-commercial usage.

Now, go make the Web a more beautiful place...but please...try to keep it classy.

Windows Hide and Seek

Download Squad drops a tip on How to Add/Hide software in Add/Remove programs.

Been bugged with those oddball programs that ship with XP?  Can't find how to remove them?

Back up your sysoc.inf file located in your Windows\INF\ directory.

Now open it in a text editor of choice...maybe Notepad?

Remove the word "HIDE" and leave the trailing comma.

Now go and take a look in the "Add/Remove Windows Components" list and they should be visible now.

I recommend you first review the original post Show hidden software in Add/Remove programs over at IntelliAdmin.com as it has more details and screenshots.

Since we are on the subject and don't want Vista user's to feel left out, ITsVISTA tips us on Hide the Vista Updates you don't want to see.

This is easy to do in XP and 2000, but a bit more tricky with Vista.  Great screenshots at that post, by the way.

New Versions

FreeCommander (freeware) - My favorite dual-pane Windows file manager utility has been bumped up to a new version.

Regshot (freeware) - a small utility that allows you to capture the state of your registry, do some system change (like install an application) then re-scan the registry and compare the files for changes.  Also can specify folders to be scanned for changes as well.

For the Kids (at heart!)

Star Trek Home Theater - While I am a fan of Star Trek and would love a home theater room one day, I think I would have to defer to Lavie's home theater decorating tastes with a few comfy love seats and leather club-chairs instead of the command-chairs and blinky lights. -via TechEBlog

Related TechEBlog post: Guy Turns Apartment Into Star Trek: Voyager

Joseph Wu origami - YouTube video on this Drawn! blog post.  Simply amazing origami work.  Joseph Wu's website.

See you under wet Houston skies!

--Claus

Saturday, June 23, 2007

Eye on malicious Office files

SANS-ISC had a post two weeks ago reminding readers about malicious Office files as a vector for system infection: Investigating and responding to suspicious Office files

The Office Problem

We all should know by now the danger of opening any unsolicited Office file that we get via email.  Office files themselves can be seeded with dangerous macros, and "regular" executable files can simply be renamed with a seemingly innocent ".doc, .xls, or .pps" file extension. When the recipient gets one of these via the inter-office email system, some might let their guard down and open it directly up. Thus a new trojan, virus or worm is born into a corporate or home system.

Hopefully, users are already under the protection of an enterprise-class anti-virus email scanning system on their mail servers.  This can also be mitigated further by running additional anti-virus software on the client workstations and setting the software to scan on file execution.

Per the SANS-ISC post, the approaches anti-virus vendors take to vary from scans for specific "payloaded" Office files to scans only when the infected code is executed.

I Spy...

Sysadmins and other support staff who have to contend with these files may want to consider looking for original "payloaded" files in a user's local email store if an infection has occurred recently on the system.

Besides scanning the system with the usual anti-virus tools, review any recently received attachment files.  Depending on the email system and company policy, you might need to extract them from the email client and save them to another location...say a temporary folder on the user's hard drive or...even better...a specially marked USB stick used just for potentially infected files.

Once extracted, the files should be scanned again with the anti-virus engine used by your organization.

You might also want to manually inspect the file structure as well of each file, just to very if it is a legit Office file or not.

Tools for the Responder

Some Windows compatible tools mentioned in the SANS-ISC post that can assist you with this inspection are:

OfficeCat (freeware) - "OfficeCat is a command line utility that can be used to process Microsoft Office Documents for the presence of potential exploit conditions in the file.  The tool is used on Windows systems and is provided as a binary executable."

STG: MFC Docfile Viewer (freeware) - "The STG application demonstrates how to browse OLE Structured Storage Files (DocFiles) using an MFC application. The application uses the CTreeView class to visually represent the structured storage."  This is a Microsoft utility that lets you peer into the structure of a doc file to see if you can validate it as a true doc file or if it comes up "hinky".

Microsoft Office Isolated Conversion Environment (Microsoft) - Also known as MOICE.  This tool works with Microsoft Office 2003 and 2007.  Once installed on a system, it converts "...the Office binary format files into the Office Open XML format. This process helps remove the potential threat that may exist if the document is opened in the binary format. Additionally, MOICE converts incoming files in an isolated environment. This helps protect the computer from a potential threat." 

It might not be a bad idea to consider adding this to high-volume email source points such as administrative assistants or other key organizational staff who receive and send Office documents from many inside and outside sources and users.  By increasing the document security processing level at a key distribution location in an organization, the impact of a vectored attack may be mitigated.

FileAlyzer (freeware) - This utility from the creators of Spybot Search and Destroy alloys you to select a target file then view the following information about it: general properties, version, embedded resources (bitmaps, icons, etc.), PE headers if present, section structures, hex dump data, image preview, text preview, ini contents, html preview, zip preview, (limited) database previews, media previews, and a few more things.  I use it often to get a first look at suspicious files that don't generate an "alert" in anti-virus/anti-malware programs.

HexView (freeware) - A tiny and simple little application that displays and prints any file as a hex-dump.  No bells and whistles.  Just pure and simple quick hex view.

One of my favorites is getting very hard to find in the Tubes: BinText is a freeware file to hex investigation tool written by Robert Keir.  It has since be passed on to Foundstone, but I am now unable to locate it on the Foundstone tools page.  There seem to be some download sites that claim to have it via a Google search...proceed with caution on the legitimacy of these sites and files. I'm glad I kept a copy around in my archives.

Strings v2.40 (freeware) - A Microsoft "Sysinternals" program.  "Strings just scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters."

Strings at a Glance and Say "Hello" to Didier!

One final blog post I found interesting while searching for the elusive "BinText" file was Didier Stevens post Viewing strings in executables.  Very quick but useful primer on strings in executable files.

Didier's blog was quite fascinating and had some great forensics-related posts.  I've added it to my RSS feed list!

--Claus

Fast and Furious Firefox Post

Alvis is itching to get to a pool-party and Dad here is anxious to get a list of "to-blog" linkage cut down.

So here are some Firefox items of note I have come across this week:

Firefox Themes at a glance

It's always hard to decide on which Firefox skin to use. The official Firefox Add-on site for themes is OK, but sometimes the quality and usefulness of the screenshots with each them make it hard to decide how your browser will look.

Cybernet News recently downloaded and installed all the currently available themes and took screenshots of them for comparisons.

Firefox 2.0 Themes - presented by Learn Firefox - CyberNet News

This should give you a more realistic view of the offerings before deciding.

Me? I've returned (yet again) to Opaque + ClearTabs.

Cache Me if you Can!

Unlike Internet Explorer, viewing the contents of your Firefox cache can be a bit of a pain. Sure you can use about:cache but it isn't very easy to navigate around and find what you are specifically looking for.

Enter the Firefox extension CacheViewer.

This tool allows you to preview, search and save the files kept in the Firefox cache.

Handy.

The interface is very easy to use and provides time/date stamps when the items were fetched.

Worth checking out and makes a nice compliment.

Open Plain Text URLs on a page

One aggravation in web-surfing is occasionally finding a page with a URL link that hasn't been HTML coded. Sure you can copy it and then paste it into the address bar...but what if you want to be a bit faster?

Here are some extensions that might fit that bill and allow you to launch a plain text URL in Firefox.

Smart Link :: Firefox Add-ons - I'm using this one right now. Works fast and is tiny.

Others with expanded features:

Drag de Go :: Firefox Add-ons - Opens a link, as well as allows saves and search on selected text.

Linkification :: Firefox Add-ons - Converts text links into HTML enabled links.

Fetch Text URL :: Firefox Add-ons - Another tiny extension to allow plain-text URL's to be opened from the context menu.

URL Link :: Firefox Add-ons - Works with both Firefox and Thunderbird to open plain-text URL's, fixes broken URL links across lines in emails, and can convert email addresses into website addresses to follow. Interesting little extension.

Plain Text Power-Up

If you want to increase the power of acting on selected plain text in your Firefox browsing...consider adding this next extension:

SlimSearch :: Firefox Add-ons\

Select the target text, then right-click to do a Google search, Google Image search, Google News search, Google Local search, Google Maps search, YouTube search, Urban Dictionary search, Wikipedia search, IMDb search...or a few others.

Power to the People, Man!

Larry Joins the Firefox 3 Team

Firefox Extension Guru introduces us to Larry, the passport dude.

Basically, Larry's iconic job will be to verify a site's identity and safety. Just seeing a "padlock" on the address bar doesn't necessarily mean that a site is legit. Larry will try to bridge the trust-gap by checking the site's SSL certificate validity in a clear and easier to understand manner.

If you want to give Larry a temp-job in your Firefox 2 version, he's willing to work for free. See the Firefox Extension Guru's post for the link.

Retro-Travel styled Firefox "Grand Paradiso" Wallpapers

Mozilla Links has a lead to some groovy retro wallpapers for Gran Paradiso (Firefox 3) made in the style of the golden-age of travel: Waiting for Firefox 3? Do it in style : Mozilla Links. He has some good background on the artist in his post.

Or go directly to the wallpaper downloads.

Makes me long for a trip on a DC-3.

That's all for now...time to hit the pool.

--Claus

Harry Potter Hacked? Possible but Doubtful.

I saw a few posts on this on the HP fan sites I check-in with periodically.

Nearabout every new Harry Potter book release date there come the various waves of "inside-lead" spoiler posts around the Net.

Claims by some to have gotten their hands on a draft copy of a HP book, or a break-in to a book storage warehouse.

I always dismiss the claims...and haven't bothered going looking for this one as well.

What I did find interesting is that SANS-ISC Handler's Diary even choose to comment on the news: Hacking Harry.

The post gave a gentle "hem hem" reminder to readers that corporate espionage attempts to crack high-value targets with loaded email are still alive and working.  So beware those emails!  You may not work for the DOD but there is probably something of value to to someone on your hard-drive at work or home.  Guard your data like that philosopher's stone at Hogwarts!

The Rememberall Says

Try to keep these tips in mind as Harry Fever begins to reach its peak:

When fans and the public get excited about something they have been waiting for for a long time, sometimes they can toss judgement and reason to the winds...

--Claus

Thursday, June 21, 2007

Azumanga Daioh Parody Video

Saw this short video over at the JapanSugoi blog. "The Wizard of Ozaka"

It involves Osaka and gang from Azumanga Daioh.

If you aren't an anime/manga fan, or adventure "quest" gamer you probably won't get all the references.

If you are...you will.

Full Japan Sugoi post with more info on the players.

Love the "ruby-slippers!"

--Claus

Going on safari to fix Apple Safari

Was it just last week that Apple Safari for Windows was released to Beta?

Anyway. I had downloaded and installed it just fine on my XP Pro system. It ran fine. Performance was pretty fast.

I'm not going to be switching from Firefox to Safari anytime soon, but I do like seeing how different web-browsers render pages, especially my own blog.

Camouflaged?

So this past weekend, I installed it on my XP Home system.

And had to eventually bail and uninstall it as it just wouldn't work.

Specifically, there was no text visible at all in any of the program bars, menus, or anything else except the page itself.

Weird.

Kinda like the wildlife was hiding on the savannahs.

Calling the Animals out

I did quite a bit of Google searching at first, but the Web was silent on the issue.

Eventually, I did see this post at Alligator Belly: Cannot see text in Safari on a Windows XP PC.

Well, at least it wasn't just me. This Apple forum has more complaints about the issue: Topic: Safari 3 Beta for Windows - app text not showing.

A review of the comments in the Alligator Belly post led me to this post, and the fix.

Repairing Text Display Problems in Safari on XP

From Grupenet: Fix font issue in Safari for Windows

Be sure you have downloaded and installed the latest version of Apple Safari for Windows.

Browse to one of the following folders:

C:\Documents and Settings\%USERNAME%\Local Settings\Application Data\Apple Computer\Safari (Windows XP)

(or)

C:\Users\%USERNAME%\AppData\Local\Apple Computer\Safari (Windows Vista)

Find a file in there called Fonts.plist.

Rename it to something else. I called mine Fonts.plist.old Made sense to me.

From the Grupenet post, find and download his updated Fonts.plist file. It's a text file, so if you aren't sure, most browsers will open it up so you can view the text contents. In Firefox I right-clicked the link and then chose to "save link as..." into my downloads folder.

Now copy that downloaded file into the Application Data\Apple Computer\Safari location where you renamed the old version.

Finally. Set the file properties on the new one to "read-only".

Relaunch Safari.

It fixed the issue on my system perfectly!

According to the Grupnet post, if that doesn't work, you may have to ensure you have both the Lucida Grande.ttf and Lucida Grande Bold.ttf fonts in your C:\Program Files\Safari\Safari.resources folder. The post also has a zip file of them if you need them.

Hunting some Game!

According to various posts, over 1 million copies of Safari for Windows have been downloaded in the first 48 hours of release as of last week. I expect the novelty of this is driving the push. Curiosity?

Deb Shinder over at Sunbelt Software blog wanted to run Safari as well. Only she ran into proxy authentication issues running it.

Dwight Silverman at the TechBlog provides some of his initial feedback. In a word... "underwhelmed."

Ryan at CyberNet News posted his feelings in a hands-on review. Ryan concludes with the feeling that there isn't really anything that he finds that would make better than Firefox, Opera, or Internet Explorer and echoes my feeling of its usefulness as a page-rendering engine tester.

Finally, Ryane Naraine over at ZDNet's Zero Day blog, posted a primer on Securing Safari: How to run Apple’s browser securely. I'm going to follow the steps here and lock it down accordingly.

I don't plan on using it for anything else but novelty and page testing. I do like the way it renders pages and the font readability is a bit better, but it is actually performing far slower on my systems here at home than Firefox and Internet Explorer. So I don't see it being used at all for daily browsing.

Besides, I couldn't function without all those Firefox Add-on extensions I depend on.

The Grade

B for overall effort bringing an Apple software product to Windows...and retaining its feel.

B+ for general usability

D for me having to figure out how to tweak the installation to make it work on my XP system

--Claus

Help? A Matousec Web Mystery

Hmm. Any ideas?

Help!

I depend on Matousec to provide information, reviews, and updates on the world of firewall leak-testing efficacy.

Only one problem.

I can't load Matousec.com

In the past month or so, I have been unable to reach their website from home.  Never had a problem before.

I seem to recall trying occasionally at work and being able to get through just fine.

However, here at home I keep getting "page not found" errors.

Here is what I know

  • I get the error in Firefox, Opera and IE7.

  • It happens on all my systems: SAMLinux, XP (laptop and desktop), and Vista.

  • I am using OpenDNS.

  • An OpenDNS cache check resolves the IP for www.matousec.com as 89.185.231.11

  • I am unable to ping or pull up Matousec's address.

  • Adding it to my HOSTS file doesn't help.

  • DNS Traversal times for the site seem a bit high...is it just a timeout issue?

  • A DNSstuff DNS Report for Matousec turns up what seems to be pretty good status.

  • The WhoIS information on the site seems good and was recently updated.

  • I ran a traceroute on the site, and it seems to take on average 16 hops before the final destination is reached at lenny.onebit.cz and the router there does not respond (along with a couple others along the way).

  • I'm running TimeWarner/Comcast home broadband.  No other problems on any other sites...and yes...my system and HOSTS files are crystal-clear-clean of malware.

  • A Wireshark packet sniff seems to find the name is DNS resolving just fine.

  • And the kicker?  If I run TorPark (now XeroBank...see BTW #2 below), the page seems to load just fine.

Any ideas or feedback on your own experiences?  I want to make sure I'm not missing something stupidly obvious before sending an email query to the Matousec website team for a downed website that is quite clearly up and running just fine, otherwise.

Weird.

--Claus

BTW #1

DNSstuff is a cool website to use to check Web networking things.  Highly "Valca Recommended" to bookmark this one!

BTW #2

The anonymous web-browser Torpark has been rebranded as XeroBank.

XeroBank Browser - Wikipedia, the free encyclopedia

Official website, XeroBank.com

What happened to Torrify?

If you aren't sure what is going on now with the browser formerly known as TorPark, several alternatives exist to switch to including...OperaTor, and DemocraKey.

The previous (older) builds of TorPark I have all still seem to run just fine.

Update! More Free Vista Firewall offerings

Back in May when I went looking for some free firewalls for Vista, I came up pretty short.

And that has been pretty much it...until now.

Comodo Firewall (Alpha) for Vista

Comodo Firewall has been highly rated "leak-proof" in past testing.  Unfortunately, there hasn't been a Vista version released yet.  However, that looks that it may soon change.

There is now an Alpha version available for download and testing by the brave.

It may be obtained from the Comodo Firewall Forum (which requires registration to enter).  It sports a toned-down interface from the current release version.  No final release date set yet, but it looks good, and if you are a die-hard Comodo Firewall fan, this might be a good chance to participate.  I'd just caution against relying on an Alpha version firewall for your protection.  If you are sitting behind a hardware-based router/firewall however, you might be OK to play.

Ryan over at CyberNet news has some screenshots: Comodo Firewall 3 Alpha Compatible with Vista - CyberNet News

ZoneAlarm for Vista

I used and highly recommended ZoneAlarm for all my friend, neighbors, and relations for many, many years.  Eventually I removed it and moved on to Sunbelt Software's Kerio (for easy of configuration and use).  The bloat and performance problems I was beginning to see with ZA just didn't satisfy me with it any longer.  That said, it remains a good and trusted firewall, overall.

Now comes word that ZoneAlarm has just released to the public updated versions of its products updated for compatibility with Vista; including the ZoneAlarm Free version.

The interface remains pretty much the same old ZA GUI we have come to expect and enjoy; although it has been tweaked up a bit.  And this new version is backward-compatible with XP/2000 as well.  Though Win 98/95/ME has been finally dropped.

There do remain additional $-only Vista firewall choices on the market as well, but I prefer to focus on the free versions for most home-users.  So if you have or use a great $-only Vista firewall don't feel that this is a slight against them.  Feel free to drop your recommendation in the comments.

As for now, I am still running Microsoft's firewall on my Vista system, waiting a bit longer for Comodo and Kerio to come out with their final release versions before I make a switch to one of them.

But it looks like we are seeing some growth at last in the free firewalls for Vista market.

--Claus

Vista Tweaking Software...all free

Alas, still no official "non-official" Vista tweaking software from Microsoft-proper (I'm speaking of their TweakUI Power Toy for XP).

I'm sure that somewhere a group of hard-core MS drones are busily at work building the product.

In the meantime, more and more clever Vista UI hackers are hard at work releasing products to turn the Vista Experience more to individual tastes.

The List

Stardock's LogonStudio (freeware) -  from the developer's description

Stardock LogonStudio allows Windows XP [or Vista] users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users.

It's a nice and simple way to update the XP or Vista logon screen.  Personalization at the first point!

TweakUAC (freeware) - this utility allows folks running under an Administrator-level profile to easily turn off UAC (User Account Control), turn it back on, or keep it running, but suppress the UAC elevation prompt requests.

Tweak VI from Totalidea (freeware/$) - The basic version is free and additional feature "plugins" can be purchased.  It's a nice business model.  The Basic version allows you to tweak desktop items, Start menu items, IE, Firefox, hardware settings, system info, virtual desktops, subsystem folders, mousing, and shutdown options. 

Premium and Ultimate plugins up the ante with 13 and 26 additional tweaking areas.  The plugins are good for a 12-month subscription.  Yes, many of the tweaks can be preformed manually for free by the user with a knowledge of the Vista system and/or registry hacks, but if you are a hard-core tweaker and don't want to fuss with those, this might be a great utility to look into.  I've had fun just poking around the Basic version's interface on my Vista system.

Vispa (freeware) - This tweak-tool uses a non-install executable and is a bare-bones Vista utility.  Run it and you get a long list of check boxes organized by subjects. To apply a setting, activate the checkbox.  Pro: simple interface. Con: simple interface.  So unless you already know and understand the consequence of your choice, this might not be a utility for Vista noobies.  More information and screenshots: Vispa: Customize Windows Vista - CyberNet News

TweakVista Beta (freeware) - Stardock is beta releasing TweakVista. Final release version will have both a free/limited version and a $/full version. This one looks really good! From the developer's beta release description:

TweakVista is a utility that enables users to optimize the performance and behavior of Microsoft Windows Vista. The program has been designed to allow both casual, non-technical users to safely use it as well as contain a host of advanced features for power users to dig into the internals of Windows Vista. The feature-packed utility includes features such as:

  • Security Handling. Users can now easily and safely adjust the way Windows handles security prompting including the new UAC (User Account Control)
  •  Memory Optimization. TweakVista knows which start-up services different types of users will typically use and offers recommendations on what services to disable. Users can easily switch between different profiles (including the default) based on their needs to maximize performance and memory use.
  • Resource Control. Tweak Vista has several features for keeping an eye on and flagging programs that use excessive amounts of resources (memory, CPU, or system handles) as well as integrating seamlessly with built in hardware diagnostic reports.
  • Start-Up Management. TweakVista not only will display and enable users to control what programs are loading on start-up but will identify in plain English what these programs do. Internet integration in the software allows users to comment on these processes within the program to one another.
  • Performance Assessments. TweakVista uses the new Windows Vista assessment features to benchmark nearly every aspect of a user’s PC and allow them to submit their results for comparison with other users of similar or upgraded hardware.
  • TweakVista.com integration. TweakVista partners the software development skills of Stardock with the on-going tweak expertise of TweakVista.com to provide an on-going live database of helpful tips and tricks for maximizing the Windows Vista experience.

 Additional features are being added during the course of the beta based on user feedback.

MZ Vista Force (freeware) - Requires .Net 2.0 installed to run.  The GUI for this application seems a bit heavy on eye-candy...but is an improvement over the XP version's interface.  It allows you to make performance adjustments, "hidden" OS settings, optimize/tune your Internet connection values, manage your startup items, manage some Windows services, backup/restore your Vista registry and execute the System Restore Service, and (this is the real value) comes with concise documentation for each tweak element to help you decide if that is a change you want to try.  For more screenshots see this post: Tweak and Optimize Windows Vista with Mz Vista Force at Shivaranjan’s Blog.

Thanks to the hard-work of these and other developers, it's getting easier and easier to make Vista your own.

I've so far only made "modest" changes to our Vista Home Premium system.  Overall it is a very pleasing interface and runs quite well.  However, the more I use it the more I want to make a few minor tweaks.  Utilities such as these can be great tools to easily, quickly and (relatively) safely put those changes into play without diving into the registry.  Even if you almost never use them, most would be good compliments to keep around on your Vista system...just in case you get an itch.

If you are aware of any additional Vista tweaking utilities out there, preferably free, please drop a lead in the comments.

--Claus

Sunday, June 17, 2007

Rainy Day Linkfest

Yep.  Raining again.  Hard.

Had Alvis unplug the laptop from the wall and switch to battery power just to be safe since it isn't usually plugged into a surge strip.

Lotsa linkage I've been sitting on this past week.

Get out you rain-gear.

Last Exile to Start Airing on AZN Television June 25 - via Anime News Network.  I've already got the video set on DVD but if you haven't seen this yet, AND if you get AZN on cable I highly recommend watching this series.  We like it! AZN Last Exile air schedule.

DNS outages are not Comcastic - OpenDNS blog.  I love OpenDNS.  It is great and fast and reliable. Seems that Comcast customers experienced some fights with the Comcast DNS servers last weekend.  They kept getting EULA challenges while browsing.  Bummer.  While those using OpenDNS instead didn't even notice.  Wonder if that will be an issue down here for the TimeWarner/Comcast user swap next week...

How To: Use Google Earth or Virtual Earth to Visualize a New House Lot - Part 1 - Scott Hanselman proves once again why he is such a cool and clever guy.  Scott figured out and then wrote a fantastic How To on overlaying a new house (subdivision plan) in Google Earth or Visual Earth where one doesn't currently exist.  Thanks Scott!

Word Processor Review - via DonationCoder.com.  This is an EXTENSIVE comparative review of most of the major players in word processing software.  Each included item is given a nice overview with screenshots.  They have even broken then into categories to keep the lighter ones from having to directly compete with the office suite battleships.  You probably have your own favorite by now, but you may want to take a look and see if maybe there isn't another product that might fit your needs better, anyway.

Protect Your USB Drives NOW! - via Daily Cup of Tech.  Lots of great reminders and tips on how to secure our USB drives and the data that's on them.

TestDisk - CGSecurity - still running well after my recent hard-drive hiccups.  I'm keeping a renewed eye on boot-disk based repair tools for hard-drives.  Just found this one last week.  I haven't had any time to play with it yet, but the multitude of boot-environment options it provides seems to warrant giving it a close look-over.  I'll post a follow-up once I get some drive-time usage with it.

Security : Inside Windows Vista User Account Control -- TechNet Magazine, June 2007 - Mark Russinovich gets all over, under, and inside the Vista User Account Control for our joy and education.  Well worth reading and trying to digest if you are still working on getting an understanding on how UAC actually works and how it does (and does not) keep the system safer from malware and rouge applications.

HP laptops vulnerable - heise Security. Turns out the HP Help and Support software pre-installed on many HP and Compaq laptops with Windows XP may leave users vulnerable to web-page code-injection exploits.  Lavie's Compaq laptop was so loaded as well, so I have uninstalled that feature (don't use it anyway) for now or if you think you still need it, go get an updated version.  Looks like this has been an issue for a while judging by the version release date.

I've been using minimalist's Explorer Breadcrumbs for a while on all my XP systems to mimic Vista's folder navigation "breadcrumbs" layout.  It works well, and speeds my folder navigation in Windows Explorer. Now Quizo comes out with a slick version of their own: QT Address Bar.  This one is more Vista like.  More over at CyberNotes: How to add Breadcrumbs to Windows Explorer in XP - CyberNet News.

GoogleBlock - Google occasionally catches behavior that it's systems interpret as "suspicious" activity.  When this wire is tripped, users can get blocked in the process.  Seems that this can also extend to gMail logins as well.  While I don't normally read the "sensational" stories from The Inquirer, this post does have some interesting information: Google suspects users are not human.  The VirusList Analyst's Diary picks it up some more: GoogleBlock - Analyst's Diary

Be informed.

--Claus