Sunday, December 30, 2007

This Week in Utilities - Mostly New Anti-Malware Tools

Been a busy week for finding nice utilities.  Here are quite a few worth looking into:

Malwarebytes - Anti-Malware

Some time ago I made mention of Malwarebytes' announcement that they were working on a new anti-malware product.

This is the same group that has produced these very finely crafted tools:

RogueRemover FREE - (freeware) - removes rouge antispyware, antivirus and hard-drive utilities.

FileASSASSIN - (freeware) - deletes files locked by malware processes.

RegASSASSIN - (freeware) - deletes registry keys locked by malware processes.

StartUpLite - (freeware) - tool to locate and disable/remove startup entries from system.

Unfortunately, their blog hasn't leaked any new clues to the status or design of the new anti-malware product they are cooking.

Luckily, gHacks has spilled the beans!

Malwarebytes Anti-Malware - gHacks review of an early beta-release version was overall fairly positive.  Like most of us, we don't really keep "malware-infested" systems lying around to test the efficacy of these scanners.  My own test mirrored gHacks results closely.  The scan ran well and was pretty fast.

Once installed the mail application presents eight tabs.

  • Scanner - chose a quick scan for common malware, or a full scan for all hard-drives/partitions.
  • Monitor - offers "real-time" protection of  your system. Only available in the paid (Pro) version.
  • Update - checks for new signatures.
  • Quarantine - shows any infected files that have been made safe by the application.
  • Ignore List - shows any "skip" files the user has set to "ignore".
  • Settings - Various user configuration options for scanning and action.
  • More Tools - Bug reporting for the program and FileAssassin (locked file killer).
  • About - version information.

Still in beta status, but worth keeping an eye on.  Like many anti-malware programs, they seem to be only as effective as their definitions are current or their heuristics abilities are well designed. Malwarebytes previous products have a good and trusted reputation and lots of community support so I hope a final version delivers.

Malwarebytes Anti-Malware Beta test - Download link to sign up for public testing.  Log in and get the download link.

FileForum | Malwarebytes Anti-Malware - Download link to version 0.84 beta, if you don't want to register.

Universal Extractor

Universal Extractor - (freeware) - is one of my most-favorite unpacker utilities in the entire universe.  I have quite a few file compression utilities I like, but when it comes to mucking around and unpacking application setup files, Universal Extractor simply can't be beat.  This application is in my "pending posts" pile to do a full and worthy writeup one day.

It can unpack over 40 compression formats, automatically. Amazing.

The one thing it seems to have problems with is keeping up the the latest versions of Inno Setup.

Luckily, the program's forum page is rife with fans and a developer who is quick to provide the latest version of an unpacker module.  Just download the latest one, unpack it, and replace the program's old file with the newer one.

It it is a packed file or setup file, chances are Universal Extractor can open it.

RunScanner

RunScanner - (freeware) - This is a very new single exe file startup and hijack analyzer utility.  I am very impressed with it.  It doesn't require installation, seems quite USB drive portable, and packs a wallop with finding and researching system processes and startup entries.

At launch it offers three modes, "Beginner" which scans only and provides a log for upload to forums, "Classic" which a simplified and fairly safe method to scan and fix potential problems, and "Expert" which is the full deal with no training wheels.

Scans are pretty fast, and options are very easy to save the log file or send it for online analysis

Results are listed in sections that are clearly named.  Each item contains a description, path/info details, the company name (if available) and who the security certificate issuer was.

Tabs are available to look at common hi-jack area, a process killer, loaded modules, and even a HOSTS file editor.  All very handy.

You can select items for action, (disable/delete), but right-clicking allows you to kill running processes, delete or rename on reboot, upload to VirusTotal for scanning, or even Google search. A bottom window pane can be opened which allows easy copy/paste of item details.

Having a number of handy resources to research and deal with the items is very useful.

I'm really impressed with this tool so far.

Drawbacks?  Might not be quite as thorough as some other "focused" utilities listed below, and it doesn't seem to present the running processes in a "tree" view like Process Explorer so it isn't as easy to see dependencies.

Alternatives:

a-squared HiJackFree - Very similar program, with other options.

Process Explorer v11.04 - The Godfather of Process tools.

AutoRuns for Windows - The Godfather of AutoRun entry tools.

TrendMicro HijackThis - Oldie but still a goodie on dealing with malware auto-start items.

I'll not be discarding any of these because of RunScanner, but it will be added to my USB sysadmin utility stick to help support them.

mst IsUsedBy - Ugly name, clever tool

Obviously the developers at mst software decided they weren't going with the Web 2.0 naming game when they released their handy little freeware product.  Taking a more NirSoft-like approach with practical naming, IsUsedBy does what it says.

mst IsUsedBy - (freeware) - This handy little program helps you figure out what process on your system has a particular file open.  Great when fighting malware and you are trying to delete a file but it keeps reporting it is unable to do so because the file is locked and in use.

Run the application, and a small window opens.  Drag and drop the target file from Windows Explorer on it and it will rat-out the process that has it locked down.

A few curiosities; first it comes in either an .msi or exe installer format. Second, for such a nice little program, it must be "installed" on your system.  However, copy the single program file to your USB and uninstall the program and it seems (so far) to work Ok.  Finally, it requires administrative privileges to work.  EULA says it is for private and non-commercial use only.

Spotted via 4sysops.

Alternatives:

OpenedFilesView - (freeware) - NirSoft's wondermous little gem. Run this baby and it will provide a listing of all the files that are open on your system, in a handy table format view.  No drag-n-drop needed.  Find the one you are looking for, find the process using it, right-click on the item and attempt to close the open handles or kill the process using it.  All-in one.

UNLOCKER - (freeware) - Probably one of my all-time favorite file-in-use killing tool right now. This marvelous tool has some of the most comprehensive methods for shutting down a file, and not only can you try to kill it, but you can also set a file to be moved, renamed, or deleted after reboot. Definitely a must-have for any malware hunter or sysadmin.  Not really "portable" and should be installed on a system to work effectively.

Locked Files Wizard - (freeware) - Handy tool that lets you pick out a target file that is locked (manually), the view the processes locking it.  From there you can attempt to stop the locked process or flag the file to be deleted/renamed at reboot.

WhoLockMe Explorer Extension v1.04 beta - (freeware) - I used to use this one a lot on my Windows 2000 systems I had to support.  It did have some drawbacks. First it needed to be installed so it could appear in the right-click context menu.  Kinda messy when you are hunting malware.  Second, it was released in 2002 and doesn't seem to have been updated since. However, if you have a Windows 2000/XP system and want a resident locked-file research tool, it is nice to have on right-click demand.

For a full list of locked file finders and process/file killers see this previous GSD post: I will kill thee a hundred and fifty ways...freely.

Zenmap/Nmap Duo

I've not yet had the opportunity to really work with Nmap, but it keeps coming up over and over again.  Most of my network scans are simply to find used/unused IP's or network printers on our networks when they get shuffled around.

So the other day I found a note that Nmap has a really great GUI called Zenmap.

The screenshots look quite nice.

I'll be downloading it at work and giving it a workout to see just how useful it could be in our network environment.

Nmap - (freeware) - Insecure.org. Free and open source utility for network exploration or security auditing.

Zenmap - (freeware) - Insecure.org's official cross-platform Nmap Security Scanner GUI.

Download Link - distributed as a combined pair.

Reference Guide - Getting started guide. 

Documentation - Going deep.

One More Duplicate File Finder

In my early December post Seeing Double I listed five (plus one hybrid) applications I love for hunting down duplicate files on a system. In order of preference; DupKiller, Easy Duplicate File Finder, Duplicate File Finder (DupFinder), DoubleKiller, Duplicate File Finder (DupFiles), and Easy Cleaner. All but DupFiles are freeware.

So when TinyApps posted a recommendation for a duplicate file finder, I paid notice.

Duplicate Files Searcher (DFS) - (freeware) - Quickly and powerfully finds duplicate files. Also can calculate MD5 and SHA hashes...if you need.

What are the key features of the Duplicate Files Searcher?

The most important features are:

    • Easy to use graphical user interface,
    • No limitations on number of files, file size, folders or drives,
    • Works with all removable media devices such as floppy disk, CD/DVD ROM, USB devices, etc.
    • Manual files selection which gives a user the full control over files to be deleted,
    • Byte for byte files comparison. It ensures 100% accuracy.
    • Files preview,
    • Improved (faster) searching engine,
    • Several files comparison methods,
    • New report files format.

It runs on Windows, Linux or MacOS. How rare is that?!

The program is actually written in Java. So download the zip file, then unpack it. Make a directory and put the dfsfull.jar file in there. Assuming you have Java SE installed, execute the jar file and you are good to go. There are actually two versions; free and full. The "free" version is a bit more stripped down in the options and capability. The "full" version has more features. Both are (for end-user's sake) free to use.

Clever and tiny.  Good find, TinyApps!

--Claus

Microsoft Blog Briefs, XP SP3 Slipstreaming, and Vista Services Tweaks

Quick update on some Microsoft-related articles.

I've been disappointed with the lack of posts over on Microsoft's Microsoft Anti-malware blog.

I had hoped it would provide interesting technical details about some malware issues they are encountering. Alas, it hasn't lived up to the billing. Posts are few and far-between.

The Microsoft Security Response Center blog has been a bit more productive, providing information on upcoming security update patches and releases, and more details and workaround when something unexpected comes up.

Microsoft SVRD Blog

So I was hopeful when I saw a post there announcing (yet another) Microsoft security blog:

This one promises to share in-depth technical info about vulnerabilities serviced by their updates.

...the Security Vulnerability Research & Defense blog’s intent is to provide more information about Microsoft vulnerabilities, mitigations and workarounds, and active attacks.  During Microsoft’s technical investigation of security issues, information is discovered that we feel is important to share.  Some examples include:

  • Workarounds that are not 100% effective in every situation, every attack vector

  • Workarounds that are specific to a particular attack

  • Super complicated workarounds that work but cannot be recommended to all customers

  • Interesting mitigations that might not be present in all cases

  • “Best Practices” type guidance that applies to a particular vulnerability

  • Group policy deployment guidance

  • “Interesting” facts about a vulnerability Microsoft is fixing that will help customers learn more about Windows, the security infrastructure, or the way we conduct security investigations

  • Debugging techniques and information on how to triage security vulnerabilities

  • Overview of some of the challenges that we face when fixing specific security bugs

As always, security bulletins or security advisories are the ultimate authority but we’ll try to include juicy spill-over technical stuff in the Microsoft Security Vulnerability Research and Defense blog.

The first two blog posts are pretty interesting...if this is your thing:

I, for one, actually find knowing the background story on the updates kind-of fascinating.

XP SP3 RC1 Slip Streaming - Works but Doesn't

I actually find that it is fun and useful to slip-stream service packs in XP setup disks.

There are a number of automated tools to try to assist you with this process, but I am old-school and have always had fail-proof experience by just following Paul Thurrott's SuperSite for Windows: Slipstreaming Windows XP ... guide.  Works like a charm, every time.

So when the XP SP3 RC1 release became available for download, I wanted to give it a try.

And it worked perfectly.

The building, that is.  See, I never actually "tested" using it to create a new image.

Turns out there is a bug in XP SP3 RC1 that makes this currently not a good thing to try.  I was reading the APCMag post HOW TO: create a bootable XP SP3 CD and found a curious note:

NOTE – do not follow this tutorial to create a slipstreamed XP SP3 CD using the currently-available beta of SP3. Even if you are tempted to Bittorrent it. There’s a significant bug with the Windows Product Activation feature which lets you install Windows XP without entering a product key. The bug means that you’re still prompted for a product key, but the installer won’t accept any key you type in. We’ve reported this problem to Microsoft and are awaiting a response -- but you can assume this will be sorted out by the release of the gold master.

The process works, but the delivery doesn't. That doesn't bother me as I wouldn't imagine using a release candidate version of a service pack to deploy new systems with, but it was a good trial-run test.

That actually let me to find a really fascinating TechNet forum on Window XP Service Pack 3

It has a number of bug reports, and workaround solutions.

Vista Bits and Services Tweaks

Vista bashing - Why is it so popular? - 4sysops climbs into the muck being tossed at Vista and shares their take why everyone is taking aim at Vista like the coach at a dunking-booth at the high-school fair.  Summary; Microsoft cut key features early in development, OS feature development shifted to Security, not a sexy topic, bashing Redmond is a good traffic draw.

See also:

SpeedyVista.com - Windows Vista Tweaks and Services - neat website that offers a number great resource links for working with Vista and its services. (spotted via TinyApps)

  • Tweaks - Covers tips on performance, multi-monitors, indexing service, drivers, boot settings, security, activation, auto-backups, and more.

  • Service Guide - Lists and explains what the various Vista services are along with their default and recommended settings. See also the condensed Services Cheatsheet

  • Registry Files - Provides the default registry settings (in both bat and reg formats) for Vista Home Basic, Premium, Business, and Ultimate.  Really handy if you make a bad mistake and want to try to restore the registry to it's default service settings.  Also offered are reg and bat files to instantly switch your service settings to "Safe" or "Tweaked" or "Minimal" configurations. 

Reminded me of the famous "Black Viper's" XP Service tweaks of yore. Last I heard, his page had gone 404 but I was happy to find he is back with a new site and new material.

As always, do these tweaks at your own risk! 

Your performance may vary and these are the opinions and suggestions of third-party tweakers...not Microsoft so accuracy for some choices and settings may be open to considerable debate amongst Windows techies.

--Claus

Two Tips and "Best of..." Links

Make a Cool Lunch-Bag for your Kids

When Alvis was in elementary school, I would often make her brown-bag lunches to take to school.

I would write her name on them, maybe sketch out something pretty with Sharpies.

Now that she is in junior-high, she would die if I even suggested anything to this effect.

John Watson had the brilliant idea to see if he could run a paper lunch-bag though his printer to print a graphic on it.

Took him awhile but he got it down.

Wish I had thought of that.

Move Hidden Application Windows on your Laptop Display

Working with dual-monitors at home is no big deal.  I'm not disconnecting them.

However, I get into an annoying problem at work with my laptop and dual monitors there.

See, when I remove the laptop and go portable, some applications will reopen back on the "phantom" desktop.  I can see the application in the task-bar, but can't get the program to launch on my laptop's display.  Bummer.

Sometimes I get lucky and the program uses an .ini file I can edit and set the X and Y display values back to 0,0 to get the program to open on my laptop display.  Sometimes that's not an option and I am stuck.

I had seen somewhere before a tip to deal with this but lost it.

Fortunately Ashley over at CyberNet News was reading my mind.  The very next day, this article appeared.

Ashley's tips are simple.

  1. Right-click on the application in the system-tray,
  2. Select "Move"
  3. Take a stab in the dark and try to use the move-cross cursor on the phantom space to drag the application back, or
  4. ...just press the keyboard arrow-keys to move the application window back to your laptop monitor.

Now wasn't that easy!

The 2007 Best Lists

I'm sure we will see a lot more of these lists coming in the next week.

Collections of the best applications of 2007.  I like them as they allow me a quick source of potential noteworthy applications that I may have overlooked, or forgotten.

Here are two to get things started.

Lifehacker's 2007 Guide to Free Software and Webapps - Lifehacker

SHELL EXTENSION CITY - They are running a list of their top 25 programs, tips and tweaks of 2007.  There are only a few listed per day and have listed them up to #10 right now.  Some new things I haven't heard about, and some old ones I was surprised to find on the list.  Check the prior posts to get numbers 14-25 which have already been posted.

--Claus

iPod Resources

This Christmas, the biggest item on the daughter's wish-list was an blue iPod nano.

We've tried to buy popular electronic gifts for her at Christmas before, with little success. Like an iPod shuffle when they first came out, and then there was the fiasco of locating a PS2 a few Christmases ago.

So this year we were smart and picked one up early in December.

Lavie suggested I load it up with her iTunes songs first, but I wanted her to have the joy of opening it first.  In hindsight I don't think she would have cared, and Apple seems to design their iPod boxes to be opened and resealed pretty easily.

It really broke my heart (and Lavie's) when we kept having to tell her that we wouldn't be able to get one for her this year, but there was always her birthday.  She had even gone on-line to look up some teen money-raising tips so she could earn the cash herself.  Bless her heart.

The last gift of the morning was...her iPod.

She was delighted.

She pulled it out and tried to power it on.  Nothing.

So we moved to our desktop pc that holds our iTunes collection and plugged it in.

Still nothing.

The system couldn't even see the device.  It was as if I had just plugged an empty USB cable to the pc.  It didn't know it was there. I tried other ports, other connectors (this is the fifth iPod we bought), nada.

I tried powering it on unattached. It was dead.

Daughter was stunned, Dad was crushed, and the store wouldn't be open for a return the day after Christmas.

I let it charge connected anyway for about an hour before we left to make our in-law's visit. Nothing. It was dead and both iTunes and the system refused to acknowledge it even existed.

I did a quick search on Google and tracked down a user who had the same thing. He did a hold-switch toggle and Menu-center button press, left it alone for 24 hours and it restored. So I did that, figuring it wouldn't do any harm and we would be returning it anyway.

When we arrived back home from our visit with Lavie's parents, out of stubbornness, pulled it out and hit the menu button.

It lit up...told me the battery was dead and instantly powered off.

And the daughter screamed and the angles sang hosannas.

We hooked it back up to our pc and it was a recognized device. We launched iTunes and it saw it.

It had gotten just enough juice, apparently, to initiate the system reset I had performed...no telling how slow the processor churned with almost no power, but it managed it.

Daughter has been hard at work managing her songs and playlist.  She got a number of iTunes gift cards and has been downloading her selections.

We share enjoyment of each other's musical tastes (for the most part) and iTunes really allows us to stretch our family's dollars as we can load the same songs on all of our own iPods.  It's fun to share and listen to each other's picks.

This is the first iPod with video support we've had in the family and it is very cool.  I think Lavie has already made her birthday wish known for this year.  The video screen is very nice and the playback is super.  While I am still not sure about watching a full-length movie on it, I must confess, it would be quite doable in a desperate moment.

So, naturally, I've been hard at work collecting links that are for iPod utilities, tips and tweaks.  Here are some amazing goodies lists.

We already have a number of iPods, my original 2G 80GB brick iPod, two classic iPod shuffles, and the new clip-style iPod shuffle I use in my gear-kit.  This one makes number five

So far we only have one outstanding "problem;" it refuses to register via iTunes.  I've had to register it on-line at the Apple website, but it still is prompting to be registered when we connect it each time.  I go through the steps but then it gives a failure message.  At first I thought this was related to the Apple servers being hammered with lots of traffic, but many others are reporting the issue as well.  It might be an iTunes bug.  I've verified it isn't a firewall problem.  Only thing I haven't done is run a packet-sniffing session to see if there is a bad DNS or IP address issue causing the problem...like happened with Ad-Aware SE updates a while back.

It's no big deal, and I could set the option not to show this again, but Alvis really would like to get the three free video downloads that are being offered.  And the post I linked to show that some users are finally able to get them to go through...so I will keep trying every few days.

I'll update you if I find out anything.

Oh yes, Alvis even named the silly thing; "Caprice."  Because of the color.  Go figure.

She is pretty clever.  While I was setting it up in iTunes, I named it with just her name: Alvis's iPod.  She went back later and updated the name, without asking me how, to "Alvis's iPod (Caprice)."

Clever girl, indeed.

--Claus

Wednesday, December 26, 2007

NewsFox Tweaks and Tips: Make it even easier to use!

NewsFox is an RSS feed-reader Add-on extension for Firefox.

It has a three pane layout that fits within a single tab.  This allows loading of a sidebar item in Firefox without impacting the reader.

To the left is a column that shows a master "Feed" folder at the top.  This folder contains all your feeds.  Below you can create additional folders to place copies of your feed items into.  I have folders organized like "Tech", "Software", "Security", etc. This structure came out of my time using Sage as my Firefox RSS feed reader.  I've just preserved it, but don't really use them now due to NewsFox's great functionality.

To the right are two more panes, one over the other.  The top pane shows the feed posts and the bottom displays the feed content.

I won't bore you in this post about why I think NewsFox is the new greatest RSS feed reader on the block.  Please go read my gush on the "On the Edge of Firefox Bliss" post I did about a week ago. 

Since adopting NewsFox, it has not crashed, stalled or had any other issues.  It is fast, allows me to custom-organize and sort both my feeds and their category folders without locking me into an alphabetical nightmare.  It is easy to import a new feed list (OPML).  And feeds may be marked read individually, by post, or globally for the entire list with a single click.  And, you can even password and/or encrypt particular feeds, for what reason, I'm not sure, but it is cool to know it's supported.

However, there were a few tweaks and tips for NewsFox that I had to track down to make it really flow with my Firefox usage and feed reading.  Some of these are a repost from my previous article so I can combine them all here together. Some are new.

After making these easy adjustments I've been able to rip through anywhere from 100-300 pending feed posts in less than 30 minutes.

#1 - Tweak: Adding NewsFox to the Firefox RSS feed reader list

The current version makes adding RSS feeds a bit tedious.  You have to copy the feed URL then go into NewsFox and create a new feed, and paste the feed. Once saved and a refresh ran, it will correctly update the title information.  Not bad.  Native appearance of NewsFox in the RSS picker for Firefox will be added in an upcoming version.

When I find a page with an RSS feed I want to track, I don't want to go through all that copy/paste/refresh stuff. I just want to click the RSS icon in the address bar, send it to NewsFox and keep going.

If you want to add that ease in NewsFox right now, like I did, you can follow these steps to get it to show up in the list:

Starting in NewsFox 0.8.2, there is a bug so that the NewsFox autosubscribe option in Firefox does not get added properly. This will be fixed in 0.8.4. Here is how to add the autosubscribe facility manually: go to about:config and type browser.content in the filter box. Then change

browser.contentHandlers.types.3.title = NewsFox

browser.contentHandlers.types.3.uri = chrome://newsfox/content/addurl.xul?%s

You can use a different number than 3 in the above, but you need to use the same number for both preferences. For instance if you want to get rid of Bloglines, you can use 0 instead of 3. Alternatively you can install NewsFox 0.8.1 and then upgrade to 0.8.3.

Works like a charm!

#2 - Tweak: Customizing the NewsFox reading pane

The second issue I had was the bottom pane where the RSS posts are displayed.  The post text seemed a bit large on the font size, and the white background was too bright for my eyes. 

Would NewsFox support style changes to the color and font in the reader pane?

Style sheet for text view - MozDev forum post

Starting with Newsfox 0.7, the styling of articles in text view can be changed. This is done by editing the file 'textview.css' in the newsfox folder inside your profile folder. The file 'textview.css' is just an ordinary CSS file and can be edited with any text editor.
Here is the default file contents and a small view:

body
{
  font:10pt Verdana,sans-serif;
  background:white;
}
#newsfox-box
{
  background: #e3dfd9;
  padding:10px;
  overflow:hidden;
}

And here is an alternative file contents and a small view:

body
{
  font:12pt Helvetica;
  background: #dfdfbf;
  padding: 20px;
}
#newsfox-box
{
  font: 12pt Verdana;
  background: #7f9fbf;
  padding: 8px;
  overflow:hidden;
  border: 2px solid black;
}

In the body of the article, the alternative view has larger text in a different font, a parchment colored background, and more padding between the body of the article and the edge of the article box.

Inside the heading box, the alternative view has larger text, a different colored background, and a border around the heading box. Newsfox uses bold face type for the article title without it being specified in 'textview.css'.

The views are much narrower than is usual in order to fit this page better, which makes the alternative not as appealing due to the larger type and extra padding.
The syntax is reasonably self-explanatory once you understand 'px' for pixels and #xxyyzz is one way to specify a color. Use your favorite search engine with 'css tutorial' to find more information about CSS, and have text view look the way you like.

I ended up setting mine as follows:

body { font:8pt Verdana,sans-serif; background: #dfdfbf; }

#newsfox-box { background: #c7c7cf; padding:9px; overflow:hidden; }

.srch { color: red; font-weight: bold; }

Looks much better now.  Adjust your's accordingly. 

Here are some hex-code lists to get you started experimenting with:

Other classes are definable as well if you wish to tweak more:

The following classes are defined: .newsfox-mail, .newsfox-title, .newsfox-category, .newsfox-date, .newsfox-link, .newsfox-enclosures, .newsfox-encl. So you can style individual pieces of the newsfox-box in text view. For example, to keep the categories from showing, place

.newsfox-category { display: none; }

in your textview.css file inside your newsfox folder. The class .newsfox-enclosures refers to the span containing all enclosures, and .newsfox-encl refers to a single enclosure.

#3 - Tweak: Getting feed pages to open in a background tab

When I am rolling through all those feeds each day, I prefer to scan-though the posts, and then if they look interesting or worth bookmarking for a blog idea, I open the main page they link to.

Sage opened them in a background tab so I could have a ton opened and then later read them in detail later.  I had already set Firefox to open liked tabs in background tabs, but it didn't work with NewsFox. Each time I clicked on a post link, focus shifted from NewsFox to the new feed post, and I would have to click back to the NewsFox tab.  The CTRL-click worked, but I didn't want to have to do all that keyboard work.

Then I found an about:config setting tip over on Teuton's blog:

Open up a new tab and type about:config in the address bar of Firefox and hit enter.

In the filter bar, type browser.tabs and you will be able to filter down the list to those you want to look for.

  1. See if the browser.tabs.loadInBackground key is present.  If so, set it to true (as it should be).
  2. See if the browser.tabs.showSingleWindowModePrefs key is present. If so, set it to true.
  3. Finally, see if the browser.tabs.loadDivertedInBackground key is present. If so, set it to true.

If one of these keys isn't there, you will have to manually create it.

  • Right-click on the whitespace and select "New" then "Boolean".
  • Carefully enter the key's name from above you are missing, then set the value to "true".

These settings now allowed any NewsFox feed link I clicked on to open in a background tab every time.

Note: if you mis-enter a custom firefox key in about:config, there isn't an easy way to remove it. You have two options...one easy and one not.  The easy way is to select the bad key and set it to default.  Firefox will ignore any custom keys set to "default".  The difficult way is to close Firefox, then navigate to the prefs.js file in your Firefox profile folder.  Open it with a text-editor and carefully find and delete the line with the bad key.  Save the changes and start Firefox.  Make a backup of your prefs.js file first, just to be safe.

#4 - Tweak: Change the default three pane layout to three vertical panes

This was great!  I just didn't really like the over/under style of the feeds and the reading pane.  I preferred a more "Sage/Outlook 2003'ish" view.  Too bad it wasn't supported.

Guess what? It is!

Type "about:config" in the address bar and enter.

In the filter bar, type newsfox to filter the list.

Find the key newsfox.advanced.horizontalPanes and set the value to "true".

Restart NewsFox and be amazed!

#5 - Tweak: Changing the default sorting of your feeds

With Sage, I had to click on each feed item in the top sidebar pane, then could click individual posts I wanted to read in the bottom pane, or just scroll through all the posts in the reading pane.  With hundreds of posts each day to sort through, this was a lot of work.  It would have been nice to be able to sort them all by unread-status and then by date.

That way I could just fire up the RSS reader, and chronologically look at all my unread feed posts, ignoring those I have already read in the past.

I had hoped NewsFox would allow me to do this, but at first glance, it appeared that while I could click on a column in the feed listings to sort it, it was not sorting them this way be default.

It took me awhile but I finally found the about:config preference rules in the NewsFox beta notes.

To make a user defined default sort, set the about:config preferences newsfox.sorts.columnX and newsfox.sorts.directionX where X is 0, then 1, then 2, etc.. For example, the default is newsfox.sorts.column0="date" and newsfox.sorts.direction0="descending". To sort by date and then unread status (to put unread articles at the top), you can have

newsfox.sorts.column0="date"
newsfox.sorts.column1="read"
newsfox.sorts.direction0="descending"
newsfox.sorts.direction1="descending"

You do need to have newsfox.sorts.column0="none" in order to have no sorting, otherwise the default will happen. In fact, only the first letter of any of these preferences is ever looked at by NewsFox: newsfox.sorts.column0="d" is the same as "date". The columns are "flag", "title", "read", and "date".

By default, NewsFox comes with the following settings in about:config

newsfox.sorts.column0="date"
newsfox.sorts.direction0="descending"

So to get NewsFox to automatically sort all my feeds first by "read" status (presenting the unread feeds at the top), then by date (with newest ones at the top) each time I launched it, I opened up about:config, typed newsfox in the filter bar, then did the following:

Changed newsfox.sorts.column0 value "date" to newsfox.sorts.column0 to "read"

Added a new key newsfox.sorts.column1 with a value of "date"

Added a new key newsfox.sorts.direction1 with a value of "descending"

I restarted Firefox, then launched NewsFox.

Volia!

Automatic sorting of the feeds now, with the unread ones at the top sorted by date/time.

You can adjust and create your custom auto-sorts to your needs using the values and techniques shown above.

#6 - Tweak: More about:config special settings

The NewsFox version release notes are a great resource for more undocumented about:config tweaks and inner workings.  Many of these are actually in the GUI option settings, but some are not.

Options that can be changed within Newsfox options dialog:

  • style
    default: 1(text) Global style can be text or web.
  • checkOnStartup
    default: false Check feeds when Newsfox starts?
  • autoRefresh
    default: false Auto check feeds every autoRefreshInterval minutes?
  • autoRefreshInterval
    default: none This is measured in minutes. It is only used if autoRefresh is true.
  • notifyUponNew
    default: false This will notify you when Newsfox is done updating feeds. Currently doesn't work with K-Meleon.
  • confirmDelete
    default: true The default extra check on deletions can be bypassed by setting this to false (or by unchecking the box in the options dialog).

Options that can only be changed in 'about:config':

  • doneButton
    default: true after first use This is set to true after the first running of Newsfox when a button is placed on the menubar. If the user then removes the button, no second attempt to place it will be made if this option is true.
  • favicons
    default: from browser.chrome.favicons Favicons can be turned off/on with this option. The default is set from the browser preference for favicons.
  • guessHomepage
    default: trueNewsfox only looks for the favicon in [homepage]/favicon.ico (this may change in a future version). Some feeds don't set a homepage and hence Newsfox doesn't try and get a favicon. If this option is true, a simple guess is made at a homepage based on the feed URL.
  • refreshTimeoutInSeconds
    default: 60The number of seconds to wait for a response from a feed server before giving up. I read feeds where the server regularly takes up to 30 seconds to answer, but this option can probably be safely lowered (I use 40).

# 7 - Tip: Adding duplicate feeds

By default, NewsFox prevents you from adding duplicate feeds. Not sure why you would want to do this, but someone might.

To add a duplicate RSS feed, you need to manually add the second feed but add a "?text" to the end of the duplicate feed's URL, where text is whatever you want it to be.

use "http://xkcd.com/rss.xml" and "http://xkcd.com/rss.xml?hi" for example. The portion of the web address after the ? will be ignored if it doesn't make sense to the webpage server.

If there already is a question mark in the web address do the following: use

"http://news.google.com/?output=atom" and

"http://news.google.com/?output=atom&hi" for example.

#8 - Tweak: Open feed post link directly in the reading pane

In tweak Eight, I worked hard to figure out how to open a feed post link in a background tab in Firefox.  To me that is the purpose of a feed reader, read the feed and if interesting, open the link in a new tab.

Some folks however, want to see the actual feed-link web-page open in the reading pane itself.

To make this tweak, you will have to add the following key in your about:config settings:

newsfox.z.openInViewPane and set the boolean value to "true"

#9 - Tweak: Only manually mark feeds as "read"

By default, NewsFox will mark a feed post as "read" when you select it in the feed list.  I like this behavior myself as it lets me rip through a bunch of feeds quickly without pausing if i want to. However I can see where some power-users want to skim through all their feeds VERY fast and then go back and manually mark feeds as "read" at their leisure.

To make this tweak, you will have to add the following key in your about:config settings:

newsfox.z.selectMarksArticleAsRead and set the boolean value to "false"

#10 - Tip: Create custom feed search folders

Suppose you have a key word or topic that you want to monitor your RSS feed posts for. What to do?

NewsFox lets you create custom search feed folders with a range of filter values.

Finding and creating the search folders isn't easy at first, but when you realize where to go and how powerful they are, it is amazing!

Notice up in the icon bar for NewsFox the little folder with the green +?  There is a drop-down arrow next to it.  Select the arrow and click "search".

You will notice a small folder is now added to your feed folder list, and it has a magnifying glass on it.

You will also see a "Group Options" window come up. Give your custom folder a meaningful name "Vista related feeds" for example. Set the search values, and search text. I put "vista" in there in my trial-run. It can support pretty complex operations.

When done click "OK" and let it rip.

Now when you click on that particular folder, all the feeds that NewsFox has that apply to that search filter will be listed in that folder!

How cool is that?!!

Note One: Adding search folders does seem to slow down the feed discovery speed.  I think this is because it is having to search the content of each feed as it scans to see if the feed post needs to be added.  Use these when needed, and carefully.  Your performance experience may vary.  Removing my "Vista" test search folder remarkably sped up the feed finding again.

Note Two: If you do choose to use these, I do recommend following the NewsFox developer's advice to turn off the option to show the number of unread articles in your search feed folders.  It does tend to slow down the NewsFox reader even more.

I hope you have enjoyed this post.  And maybe gotten a glimpse at why I think NewsFox whips the pants off just about any feed reader for Firefox out there, including my former favorite, Sage.

--Claus

Microsoft News and Hotfix Mow-down

CC photo credit "mower" by todbaker on flickr

Just cutting a quick swath of links down from some Microsoft related areas.

The Wheat

Vista's Mythical Cut Features - OSNews.com article attempts to clear up some myths and misconceptions about features that did not arrive in Vista as were expected. Touches on WinFS, PowerShell, Next-Generation Secure Computing Base, XPS support, UEFI support, and SecurID. I'm guessing most folks are still coming to terms with all the features (good and bad) they GOT with Vista rather than the few that they were rumored to be getting but were not delivered.

First 3rd party application for Vista Mobility Center: Turn off internal display - Download Squad Interesting word from the D-Squad on how a programmer was able to craft a custom Mobility Center tile element in Vista. Long Zheng made the challenge. Rafael Rivera Jr responded. The tile (which turns off the internal display) might not be useful for most folks, but it is worth a look at how the concept started and the solution executed.

The Windows Experience Blog : Generate a System Health Report in Windows Vista - This is definitely a helpful link. When done, it will display errors and warnings that apply to your system along with performance and system checks. Information provided is quite detailed. Reports can be saved. I was able to identify a few buggy drivers on my Vista laptop by running and exploring this report. Not the easiest thing (amount of clicking required high) to reach, but technically not difficult to reach. Probably a good idea to add this to your monthly list of Vista system elements to review.

TechBlog reader Dan provides a method in Vista to enable recording devices. These are disabled by default, and pretty well hidden from being able to enable. Dan's walkthrough is pitch-on perfect if you wish to enable these things to record sound using your on-board sound cards. Note: different boards may be supported differently...so what you are actually able to accomplish by enabling one still depends on your system particulars. Still, Dan's tip is very good information to know for Vista users.

Julie's Back Room Tech reminds us that Microsoft has released a Service Pack Blocker Tool Kit for all those folks who actually aren't looking forward to seeing the final releases of XP SP3 and Vista SP1 come rolling down the Redmond inter-tubes. Additionally, it can block Server 2003 SP2. More info in this Technet article.

The Chaff

I've really been finding the new Microsoft Hotfix and Hot Issue Center blog interesting.

Seems like they are still working on getting organized, but they promise to seed their fairly dry posts with actual "real-live cases" describing particular situations that caused the need for Hotfix patches.

Currently they plan on categorizing hot-fixes into the following categories for easy sorting:

  • Windows Client Product: Windows XP, Windows Vista, Internet Explorer 6/7, others;
  • Windows Server Product: Windows Server 2000, Windows Server 2003, Windows Server 2008, SMS, MOM, others;
  • Exchange Server Product: Exchange Server 2003, Exchange Server 2007;
  • SQL Server Product: SQL Server 2000, SQL Server 2005, SQL Server 2008;
  • Internet Product: IIS, HIS, BizTalk Server, others;
  • Visual Studio Product: To be determined.

Post schedule is planned as follows:

  • Every Monday, we post the list of published hot-fix related KB articles for Windows Client products in the past 7 days;
  • Every Tuesday, we post the list of published hot-fix related KB articles for Windows Server products in the past 7 days;
  • Every Wednesday, we post the list of published hot-fix related KB articles for Internet and Developer related products in the past 7 days;
  • Every Thursday, we post the list of published hot-fix related KB articles for Exchange Server products in the past 7 days;
  • Every Friday, we post the list of published hot-fix related KB articles for SQL Server products in the past 7 days;

My interest lies in the Windows XP/Vista and IE side of patches and fixes.

Here are the Dec. 8 - Dec. 14 Hot-Fix Weekly Release - Windows Client offerings

Windows XP

  • 945342 The "Serial number" attribute of a certificate may be a negative value when you create a self-signed certificate in Windows XP
  • 944781 When you use a drag-and-drop operation to move or to copy an Outlook e-mail message on a Windows XP SP2-based computer, the operation fails without any notification
  • 884882 A Windows XP-based computer stops responding when you try to shut down the computer

Windows Vista

  • 945577 Windows Vista that is using an external USB camera device may restart unexpectedly with a 0x000000E4 or 0x0000000A Stop error after the Windows Vista operating system resumes from long suspend time
  • 945533 When you try to shut down a Windows Vista-based computer on which a Bluetooth device is installed, the computer stops responding
  • 944515 An application returns incorrect values for the conversion mode and for the sentence mode of an Input Method Editor (IME) on a Windows Vista-based computer
  • 943974 The "chkdsk /r" command and the "chkdsk /f" command take a long time to run on a Windows Vista-based computer
  • 943302 December 2007 Windows Vista Application Compatibility Update
  • 943242 MIDI notes are played in the wrong order when you perform a capture operation on a MIDI audio device in Windows Vista
  • 942392 On a Windows Vista-based computer, you cannot access certain directories on a Web Distributed Authoring and Versioning (WebDAV) server
  • 939214 You cannot use the Connection Manager tool to update the phone book on a Windows Vista-based computer

Internet Explorer

  • 945007 An Internet Explorer Automatic Component Activation (IE ACA) update is available to disable the "Click to activate" behavior
  • 944435 Internet Explorer 6 may crash under certain circumstances, such as when you open and close a Web page modal dialog box several times
  • 943141 Some customized security settings for the Trusted sites zone in Internet Explorer 7 are reset to the default values on a Windows Vista-based computer
  • 942202 After you install and uninstall some toolbar items in Internet Explorer 6, toolbar names may become blank, or unrelated toolbar items may appear
  • 941938 After you use the Internet Explorer Customization Wizard to remove the default elements of some features in Internet Explorer 7, these elements still exist in Internet Explorer 7
  • 939944 The text size setting that you specify is not applied to all Internet Explorer 7 windows that you open on a Windows Vista-based computer

If your tastes run for Server for SMS 2003, here you go: Dec. 9 - Dec. 15 Hot-Fix Weekly Release - Windows Server.

Note: Most folks don't need to concern themselves with dropping hotfixes on their systems. Just because a hotfix is released, doesn't mean that you need it. I generally advise users NOT to put a hotfix on a system UNLESS you are experiencing the issue reported. Sometimes they can cause unexpected side-effects.

Also, most hotfixes are not available for direct-download. In the past you had to call up Microsoft and discuss the issue with a technician before they would email you a download link.

Hotfixes now can be obtained a bit more simply: Microsoft Hotfixes (Now no Dime Required!)

  1. Enter the Knowledge Base (KB) article number.
  2. Pick you OS platform and language.
  3. Provide your email address.

And you will get a link via email to download the hotfix.

Happy mowing.

--Claus

Year-End Firefox Add-Ons List

Well, we are almost at the end of the year.

Which Firefox Add-on extensions have survived on my systems?

Here's the list

Enabled Extensions: (39)

Adblock - Adblock is a content filtering plug-in for the Mozilla and Firebird browsers.
Advanced Dork:  - Gives quick access to Google's Advanced Operators from the context menu.
CacheViewer - This extension is GUI Front-end of "about:cache".
ChromaTabs - Tints browser tabs with color specific to website loaded.
Clear Cache Button - Clears Firefox browser cache with single button click.
CoLT - Makes it easy to copy a hyperlink's associated text and URL at the same time.
Copy Plain Text - Copies text without formatting. Use from the Edit or context menus.
Download Statusbar - Keep track of ongoing and completed downloads in a hide-away status bar.
DownloadHelper - Save videos from sites to your hard disk.
Dr.Web anti-virus link checker - Scan for malicious programs any web link before it is opened.
Enhanced History Manager- Provided additional history sorting and management features.
Fasterfox- Performance and network tweaks for Firefox.
Favicon Picker 2 - This extension adds a UI for replacing bookmark icons.
Firebug - Edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
Firekeeper - Firekeeper is an Intrusion Detection and Prevention System for Firefox.
FoxClocks - Display world times in your status bar.
Full Map - See more of the actual map on Google Maps. Rotate through 3 modes.
Fullerscreen - See more of the actual map on Google Maps. Rotate through 3 modes.
gTranslate - Translate text in a webpage by right-clicking over it. Uses Google translation services.
Linky - Open or download links, image links and web addresses found in the page text.
ListZilla - Open or download links, image links and web addresses found in the page text.
Make Link - Adds a context menu item to copy links to the clipboard in HTML or simple text formats.
MeasureIt - Draw a ruler across any webpage to check the page elements in pixels.
Move Media Player - Media player plug needed to view streaming tv shows by the big-three.
NewsFox - RSS feed reader extension for Mozilla Firefox.
Nightly Tester Tools - Adds a few extras useful to those that regularly test Mozilla's nightly builds.
NoScript - Provides protection by allowing JavaScript and Java execution only for trusted domains.
Personas for Firefox - Mozilla labs project developing on-the-fly theming for Firefox
Remove It Permanently - Point and click removal of web-page elements.
Resizeable Form Fields - Resize text field boxes you find too small on web-pages.
Restart Firefox - Adds a "restart" button to the toolbar to restart Firefox.
Save Image in Folder - Save images into different folders via right-click context menu.
SearchLoad Options - Adds a menu for tweaking the search bar's default behavior.
Secure Login - Uses the built-in password manager, but deactivates the pre-filling of login forms.
Smart Link - Adds open in new tab / window options to right click menu for plain url texts.
TargetAlert - Provides visual cues for the destinations of hyperlinks.
translator - Translate web page into nearly any language - multiple translation service support.
Uppity - Hop Up the URL structure of a page via the address bar to quickly navigate a website.
Viamatic foXpose - View all your tabs inside a single browser window.

I have a couple of extensions that duplicate behavior, but I just can't decide which I like better, so I have left them both on for a while longer.

--Claus

Tuesday, December 25, 2007

Secunia Personal Software Inspector RC-1: Wowzers!

A while back I blogged about the Secunia Personal Software Inspector (PSI).

I found my early beta version of PSI to be a great localized start to their free, on-line vulnerability scanner. I found it to be fast, effective, and dead-on useful. I liked it so much I installed it on all our home systems. But there were a few things missing:

  1. It didn't seem very customizable. It was pretty much run and respond.

  2. It added itself into the Windows autostart group and I couldn't find a way to disable this behavior without manually removing it with a third-party utility.

  3. It was unclear how to exclude applications/folders from the scanning. I always ended up with a significant list of "unsecure" applications when the program went through my program archive folder.

Early Beta versions that were subsequently released allowed for Vista support, exclusion rules (finally!) and more application detection/monitoring. But it just seemed to be falling short of what it was capable of achieving. It was like loading MS Word, but only finding Notepad. Lots of promise, but thin on delivery.

Secunia clearly had a hidden vision.

The recent release update of Secunia PSI version 0.9.0.0 (Release Candidate 1) just blew the doors off their earlier programs. I am not aware of any program that comes close to the features and abilities of this application.

Secunia's PSI has the potential to allow Windows users to monitor the security/patch status of their applications like no other application I am aware of.

Be amazed. I was, and I was already familiar with it.

I even was surprised by what it found in the XP SP3 RC1 package...but more on that later.

What PSI Is and Is Not

The Secunia PSI is an invaluable tool for you to use when assessing the security patch state of software installed on your system. It constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

It doesn't scan your system for malware, viruses, trojans, rootkits or other baddies. It doesn't replace your need for a firewall. What it does do, and it does it outstandingly well, is to scan your system and then compare the findings against Secunia's database of applications with security updates. It then reports on any application matches it finds and clearly and helpfully displays the insecure applications on your system...and offers you solutions to fix them.

You may decide to uninstall the program, delete the program, upgrade the program, patch the application, or indicate to PSI you want to "exclude it" from listing.

It identifies applications that need to be patched with a newer version, as well as those that are at end-of-life status and must be considered for upgrade to an entirely new version or build (or just have be abandoned).

Not only does it do periodic scheduled scans of your entire system, it also actively monitors your system when you install and uninstall new applications; updating your PSI report accordingly.

Cool stuff.

Supported Systems

Microsoft XP - SP2, Windows 2003, Vista, and Windows 2000 - SP4.

You must have administrator-level permissions to install and run PSI on a system.

You must have network access available to the Secunia servers (all data is sent via encrypted transmissions for security), as well as access to Windows Update servers,

Now...on to the features

Overview Tab

The PSI Overview has received a major update.

You may (optionally) register the program. I did so and provided a user name, my email address and confirmed that I was using the program for personal use.

It is currently giving my Vista notebook a Secunia System score of 100%. This is a simple ratio of the number of secure applications to the number of all applications installed on my system. It reports that my last system scan was 24 hours ago, and that I have no insecure applications, no end-of-life applications, and 268 patched (current) applications on my system. (Of course, that is 268 applications that Secunia has in it's database, my actual installed number may be a bit higher.)

I have a historic bar-chart to show me a week-by week comparison on how my system is doing, as well as a pie-chart showing the breakdown of insecure, end-of-life-and patched applications.

Insecure Tab

This tab lists all the applications that Secunia currently detects that were located on your system, and were found to need to be updated to a newer patch/version level.

Each application is listed individually with the name, version, security state, and some icons to indicate options available to assist you with resolution.

By default, the system will only display "Easy-to-Patch" applications. These are ones that most general users should not have any issues updating. You can disable that if you are technically comfortable with more advanced updating techniques that some applications may require.

For example, after my first scan, it hid eight of those "hard-to-patch" applications. Those turned out to be no big deal for me to update, but some users might not want to or be able to Microsoft Core XML Services or end-of-life versions of Microsoft Digital Image 2006.

If an insecure application is found, it may be expanded into a detail view.

This provides a brief summary of the security issues related to the application and sometimes helpful hits on patching and why was identified. It also provides a "Fix It!" section that advises a user on what steps they can take to rectify the situation.

At the bottom of the expanded application section is the "Toolbox" with eight icons that may or may not all be accessible depending on the application.

  1. Download Solution: If a direct download link is available for the product to be updated, clicking on this link will either begin a direct file download of the patch/updated version or pull up the web-page from which you can search for the download.

  2. Solution Wizard: This icon launches a PSI mini-wizard to walk you though the process of downloading and installing an update. This is a great addition to help users who might not be used to downloading and updating programs. It is non-technical in presentation and very clear in most circumstances.

  3. Re-Scan Application: If you have updated/deleted/modified the application and it is still reporting the old version, this button launches a quick-scan of the application, which usually causes the item to then be removed from the Insecure list. I haven't had to use this as I have PSI to monitor installations/de-installations of software so it catches these changes automatically.

  4. Online References: This icon pulls up a dialog box which will list any security advisories related to the product that Secunia itself has, as well vendor web page information (if available).

  5. Technical Details: This icon (to me) is one of the most helpful icons of all. It provides the version number of the detected application, as well as the full installation path and filename. This is extremely helpful for locating obscure applications that might be hard to track down, or not listed in the Add/Remove Programs list. (More on that in a minute.)

  6. Open Folder: This icon launches Windows Explorer to the folder where the insecure application was found. This is really helpful and saves time when you want to examine the file and it's program folder for more information.

  7. Ignore Application: This is a feature I really was hoping for. This allows you to set a default "ignore" filter on the application so it will not appear in the list. I find this really helpful for managing the older (and insecure) archive applications I keep around, just in case. It also is an easy way to deal with end-of-life applications that no more updates or patches are available for.

  8. Add/Remove Programs: This last icon launches the Add/Remove Programs window for quick uninstallation of the application if you so choose.

The full scope of information, details, and helpful options provided for each application is simply amazing.

I've hinted around one more interesting feature of PSI, it does a full file-system scan of your hard-drives looking for insecure applications it has cataloged. This is much more important that may be understood at first. Not only does PSI look at "installed" applications (including Windows Updates) on your system, but it is also able to identify applications that were not "installed" but copied over to your system, say portable applications. This allows a much more thorough scan and protection of your system for insecure applications. And if "real-time" application monitoring is enabled, anytime you copy an application to your system (or install it in the traditional sense) it will check and report if it is a patched or insecure version. Amazing.

End-of-Life Tab

This tab also contains all the items listed in the "Insecure' tab.

However, applications listed here are ones that PSI has detected but that vendors are no longer issuing patches or alerts regarding security issues. It is left up to you if you wish to remove/uninstall them, filter them "ignore", or see if an upgrade to a newer program/version is possible.

You can also just choose to leave them alone, which I had to do in a few cases, but it is a case of some information is better than none at all. If you know that an application is insecure, but choose not to respond, at least that puts you ahead of others who don't know at all. This information at least allows you to assess the potential threat(s) the insecure application poses as a threat-vector and respond accordingly.

Patched Tab

This patch contains a list of all the applications that Secunia PSI has detected on your system and that patches are available for.

It contains all the information and options as listed under the "Insecure" tab.

I do find the tab description from Secunia a bit confusing:

This page displays applications that the Secunia PSI has detected on your computer for which there are no known security updates available. Newer versions may be available, however, these are not known to address security issues.

At first read, this might lead some to think these are insecure applications that have no security updates available, or that may have newer versions but don't address security problems.

That would be an incorrect interpretation.

Wit a careful reading, what this list of programs actual is, are all the programs detected on your system, that Secunia PSI is able to monitor and catalog, and that were found to be current on their security patch level. Having a program listed here under this tab is a Good Thing.

It is possible that an application listed here may actually have a newer version or patches available, but they do not offer any known security protections over the application listed at the scan time.

Scan Tab

Clicking on the Scan tab does either one of three things: it will start a manually initiated scan of your system, it will show you the progress status of an ongoing scan, or it will allow you to stop the current scan.

It also displays when the last scan was ran, and when then next one will begin (usually a week apart).

Finally it shows if there are any errors encountered during the PSI scan.

The scan times themselves do take a bit of time to run. As it will scan your entire system (except for any exclusion filtered locations) it is not necessarily a blazing-fast process, however, once a scan is run it is pretty unobtrusive and doesn't seem to impact the system at all. Scans will execute automatically once a week, or on demand if you choose to run one manually.

Settings Tab

The user setting options for Secunia PSI are much more user-friendly than in previous versions.

Earlier versions of PSI were basically left to being able to install the program, download patches and apply them, manually scan, or remove the program. You weren't allowed control if you didn't want PSI to load at boot or to disable application monitoring.

Secunia must have gotten some feedback on these areas because they are addressed here, and the power is in the user's hands.

You may enable/disable showing of "hard-to-patch" applications.

You may enable/disable Secunia PSI from running at boot.

You may enable/disable application monitoring which allows PSI to alert you to potential application security problems as programs are installed or copied to your system, as well as updating your lists when they are uninstalled or deleted.

This tab also displays all your current "Ignore" rules set for locations and/or applications you have chosen to manually remove from the scan lists for whatever reason. This is a really great idea of PSI as it still allows you to see which applications you excluded, so although they might no longer appear in your lists, they are never "out-of-sight" and forgotten.

Lastly, here you can set additional Ignore rules (filters). You provide a rule name, then set the rule which is a drive or folder path, or file which you want PSI to ignore and exclude from scanning. This gives you complete flexibility and allowed me to have PSI completely skip my archive folder and subdirectories. No more "false-alerts" on applications I have stored away, but don't want to monitor.

Profile Tab

This is a fully optional section where you may enter a username, screen-name, email address, and save our profile. This does two things; 1) provides you with security-related information from Secunia as well as new feature updates and notifications on PSI, and 2) gets your name to show up on the Overview tab.

It is optional, and provides a method for you to cancel your subscription and delete your Secunia Profile.

How many applications give you that right up front?

Feedback Tab

This last tab allows you to send feedback to Secunia regarding issues, ideas and suggestions. It's a simple comment text field with the options to share your name and email address if you wish.

Additional Thoughts

It is free for personal use.

Secunia PSI does not have an offline mode. It can maintain your last scan results and system standings, but scans require an Internet connection to get its "application signature" list and security standing results.

In the act of patching some older versions of Flash, I found out that PSI does use Flash to control some elements of its graphs. While Flash doesn't seem to be required, it does enhance the GUI and display of PSI.

Secunia claims that PSI can catalog and provide information on over 5,500 applications, and (if I am reading it correctly, over 300,000 versions of those applications) at this time while the on-line version can only scan and report on the most common 40 applications. Or as Secunia puts it:

The PSI is currently able to detect and check more than 5,500 different applications (major branches).

To clarify, by 1 application we mean ALL versions of a particular application. As an example, our rule for Opera 9.x is capable of detecting version 9.00, 9.01, 9.02, ..[snip].., 9.23, 9.24, 9.50 and so on. This also includes localised and future/not-yet-released versions.

It uses the Windows default web-browser as set on the system. That means it can use and supports Internet Explorer, Firefox, Opera, and Netscape Navigator. It does not (yet) let you manually override the System default web browser and choose your own. For example, I still leave Internet Explorer as our default system web browsers, even though I never use it. However, PSI will not let me manually point PSI to use Firefox instead. That would be a nice option.

While you can run a scan manually whenever you wish, you don't seem to be able to change the automatically set frequency to a particular scheduled date/time. That would be a nice feature.

PSI and XP SP3, RC1: Very Interesting!

As I mentioned in my post introduction, PSI made a curious discovery when I ran it on my desktop system.

Late last month I had been playing with a pre-release version of XP SP3 on my virtual systems, just to peek around and see what it really could do.

As part of that process, I had copied the unpacked XP SP3 files to my main "real" drive for more poking and peeking.

Later I had downloaded the XP SP3 RC1 version and was able to successfully create a Slipstreamed XP SP3 setup disk.

So I now had multiple copies of the unpacked XP SP3 files scattered in various places on my desktop system.

After Secunia PSI got done with it's pass, I was going through the process of updating and/or removing the insecure applications it found on my system and found two surprises.

Turns out Microsoft has included two insecure application versions in its XP SP3 RC1 package!

The first was "flash.ocx" which turned out to be identified as version 6.0.7.9.0

http://secunia.com/advisories/26027/

The other application was .NET version 1.0.3705.6018 "aspnet_wp.exe".

http://secunia.com/advisories/26003/

I can't say that these will actually install on a user's system in all circumstance, however seeing as newer secure versions are available I was startled to see them present.

Only thing I can figure is that these particular versions are included for base compatiblity purposes, but it was still a curious find...and showed the depth that PSI runs in application/file scanning.

Secunia Personal Software Inspector - RC1 - Highly Valca Recommended.

--Claus

Monday, December 24, 2007

Cue Security Spotlight 3: A Night at the Roundtable

Here are some security-related posts I found interesting this week.

Stay safe.

--Claus

Cue Security Spotlight 2: Flash Vulnerability and Patch

Yep. More.

This one will be more focused:

A new hole has been found in Adobe's Flash product.

Background

This involves browsing a web-site with Flash content that is seeded with special JPG image files is processed.  Also possible is manipulation of HTTP headers.

Solution

Download and apply the latest version of Flash

Source - Easiest for most users. Download and install.

Don't Forget

You still need to remove/uninstall the older version first.

This may be a bit of a challenge as Flash doesn't by design uninstall previous versions when it installs a new version.

So you have some choices:

  1. Uninstall the Adobe Flash Player plug-in and ActiveX control first BEFORE putting the new version on your system, or
  2. Run The Secunia Software Inspector on line and let it find the outdated file.  Then go in and manually delete it from your system.

If you try technique two, you may find that despite all attempts, you will be unsuccessful in removing it due to file security settings in Windows.

If this is the case, follow my blog post Flash9c.ocx Strangeness to learn the technique on how to handle this.

One More Thing: Flash can Port Scan your System!

This patch still does not take care of the long-running Flash vulnerability that could allow someone to run a port-scan via Flash on your system.

Design flaw in AS3 socket handling allows port probing: Description and PoC of a Flash 9/AS 3 port scanner - More details here as well as a proof of concept tester.

Source code for the demonstration here.

Run the tester at the very bottom and you will see which ports it is able to find open on your system.

Not a likely exploit, but interesting, nonetheless.  And still unpatched.

--Claus

Cue Security Spotlight 1: HP Compaq Vulnerabilities + Patches

Lavie still prefers her Compaq Presario V2575US notebook over the other computers in the Valca household.

It is thin, light, and doesn't feel like a furnace-blower has kicked on, unlike the Gateway MT6451 notebook.

A Rose by any other name...

Recently a series of security advisories were posted regarding a flaw in the HP Info Center software that is pre-installed on many HP laptops.  It made the news in a few web information outlets but definitely isn't as "sexy" a security story as, say a Storm Worm email attack variant falsely presenting a strip-tease decked out in Holiday cheer.

Because many consumers (and corporate/SOHO IT shops) might only see and register the "HP" reference and have a "Compaq" notebook, they might fail to associate the two and pay attention.

Unfortunately, both HP and HP Compaq notebooks are impacted.  So you need to examine this carefully and respond accordingly.  (Unless of course you or your IT group removed the software during system setup.)

The Basics (x2)

A bit lost in all this, is the fact that there are actually two HP and HP Compaq vulnerabilities.

The first impacts HP and HP Compaq notebooks/laptops.  Malicious code can be made to run via an ActiveX flaw in the HP Info Center.  This is accessed from one of the quick-launch buttons installed by HP.  It seems to work on XP SP2 systems that the software comes installed on, but (so far) not on Vista systems.

To find out whether it is installed on your laptop, check the Properties information for C:/Program/Hewlett-Packard/HP Info Center/HPInfoDLL.dll .

The second might be more widespread. HP and HP Compaq systems usually ship with the "HP Software Update" application installed by default.  This application allows for support and updating of HP's own branded and installed software and custom drivers on a system.  Generally this is a Good Thing to help supplement the Windows Updates on your system.

It uses an ActiveX control to do its magic, and this is where the vulnerabilities exist.

By jumping to a malicious website (via web-surfing or vectored from an email link) code can be pushed which will ultimately either corrupt the operating system's kernel files, or lead to a malware infection.  Researchers have tested the code successfully on Windows 2000, XP, Server 2003, and Vista systems that are running Internet Explorer versions 6 or 7.  Which is just about all of them.

Heise Security did it's own tests and found that they were able to use the exploit to copy files to a vulnerable system...however they could not destroy existing files.

Solutions:

HP has offered half of a solution to the first vulnerability for the notebooks..

HP Notebook PCs -  Quick Launch Button Software or HP Info Center May Allow Malicious Person to Target the PC - HP Bulletin notice for Softpaq 38166.

It curiously doesn't say which systems (XP, Vista, 2000) that you should apply this patch to, but I guess if it is installed on your notebook system, better get patching.

Download and install SP38166.exe from the Compaq FTP site.  All this patch really does is to disable the software until a true "fix" is released by HP.  Don't try to uninstall the software to fix it, as HP says an uninstall leaves the vulnerable component still on the system. (Which begs the question on why an uninstall doesn't actually un-install itself...)

While poking around I also found this SoftPaq noted; SP38181.  It also addresses a security vulnerability in other HP notebooks in the HP Info Center.

To date of this post, HP hasn't (publicly) offered a solution to the second vulnerability for it's desktop and notebook fleets with the "Software Update" attack vector. 

Heise Security was recommending disabling it yourself using this information they provided:

The ActiveX modules have the following ClassIDs:

  • RulesEngine.dll: 7CB9D4F5-C492-42A4-93B1-3F7D6946470D
  • hpediag.dll, fileUtil: CDAF9CEC-F3EC-4B22-ABA3-9726713560F8
  • hpediag.dll, regUtil: 0C378864-D5C4-4D9C-854C-432E3BEC9CCB

Until HP provides an update, affected users can protect themselves by setting the kill bit for the ActiveX module. Microsoft has provided instructions on how to do so.

After a LOT of web-digging I did track down this non-public announcement from the Hewlett-Packard Company, HP Software Security Response Team on BugTraq:

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Any PC with HP Software Update running on Windows

BACKGROUND
For a PGP signed version of this security bulletin please write to: security-alert (at) hp (dot) com [email concealed]

HP Software Update is an HP application which checks for and downloads updates for

HP products firmware, software, and drivers. It can also help update the security and functionality of HP products.

HP Software Update may be installed on a PC as part of the software supplied with certain HP PCs, printers, scanners, or cameras.

Customers can also download the HP Software Update for installation from the HP Web Site.

RESOLUTION

HP has provided the following procedure to resolve this vulnerability:

Use HP Software Update

1. In Windows click Start ->All Programs ->HP ->HP Update
or
click Start ->All Programs ->HP ->HP Software Update

2. Click Next. HP Software Update will begin.

3. Click Next to begin the installation. Click Continue or OK if prompted by Windows to continue.

4. The HP Update installer will appear. Click Continue or OK if prompted by the installer to continue.

5. Click Finish to close HP Software Update when prompted.

Notes:

1. If HP Software Update is reinstalled using the recovery solution, the procedure above must be repeated.

2. On a PC where HP Software Update is present, the procedure above must be followed even if HP Software Update is never used.

History:
Version:1 (rev.1) - 21 December 2007 Initial release

That finally led me to this solution offered by HP after A LOT of wicked site diving on HP (can they be any more unclear about notifying their customers than this?).

Curiously it is offered only for HP notebooks....so I would probably try the "internal" method listed above first as I can't yet be certain they are the same things.  Confusingly, this one is named version 1.00 A while older versions are in the 4.x.x series.

I might run Wireshark on our own HP Compaq notebook when I try the internal update method to see if it provides any more SoftPaq numbers or information.

Whew.

--Claus