Monday, February 11, 2008

Last Minute Linkfest: Utilities Rule, Microsoft bits


I'm exhausted.

I've been up since 7 AM.

I did all the dishes and cleaned the kitchen.

I cleaned the house clutter, well most of it.

I dropped a mega Wallpaper Extravaganza post.

I finished up over ten loads of laundry throughout the day.  AND it is all folded away in baskets and on hangers.

I completed the Grand Stream Dreams - Big Blog Update! both technically and in a post.

I got outside in the beautiful outdoors, pulled all the weeds in the backyard.  Then had the fortitude to go ahead and do the season's first grass-cutting.

I broke the lawn-mower by ripping the starter pull-cord completely out of the engine. (I didn't know my own strength!)  I couldn't stop for breaks because if I cut it off, I might not be able to get it repaired and get going again.

Then once the yard was mowed in a single effort, I fixed the lawnmower.  Handy guy that I am, better than before.

Then I re-cleaned the kitchen and vacuumed the house.

Then I hauled Alvis out of the house with me.  We went and picked up some Baskin Robbins ice-cream, and stopped by McD's to bring the family dinner home. I have been burning some major calories today and didn't feel guilty in the least.

Superman ain't got nothing on me!

Now I've got one last post to make, so hold on tight.  I'm tired and looking for bed!

Sysinternals Spectaculars

AutoRuns for Windows - (freeware) - Updated to v9.12.  Not sure what got fixed in this one.  No post update yet to explain the update.  Change notes for the very recent v9.10 and v9.11 indicate work done to add a command-line output to XML as well as the ability to display the MD5, SHA1, and SHA256 hashes of auto-start items to more precisely identify files, especially for forensics.

The Case of the Unexplained…Live! - (SilverLight Webcast) - Mark Russinovich does a presentation on how to use his Sysinternals tools and advanced techniques to troubleshoot Windows issues.

Mark's Blog : Inside Vista SP1 File Copy Improvements - (post) - Mark goes deep into the inner workings and functions of the Vista SP1 file-copy improvements.  Really awesome look at how file-copy works and how it was improved.  Very interesting blog-post. Highly technical but very good.

The Future of Microsoft Backwards Compatibility?

Peek into the future of legacy compatibility in Windows - (post) - Long Zheng provides a very interesting look at how Microsoft might address legacy Windows operating system compatibility as it moves to its next OS release.  This is one of the reasons Microsoft's OS are so large and bloated; legacy support.  Microsoft fans expect to be able to run older applications on newer OS's. 

The solution? At least according to Long's post, loading older OS binaries in a virtualized environment. 

Need to run an XP application on Windows 9? It would detect the application's level, load the binaries needed and a XP>Win9 compatibility module.

Very interesting take.

NirSoft's Utility Watch

Nir Sofer has been hard at work updating old utilities and releasing new ones!

USBDeview - (freeware) - View all installed/connected USB devices on your system that have been previously connected to the system.  Also uninstall USB devices no longer used an disconnect ones that are still connected.  Version 1.15 released this past week allows the option to disable/enable selected USB devices, as well as to start this application in a "hidden" mode.

FileTypesMan - (freeware) - Alternative to "File Types" tab in the Folder Options window of Windows. "It displays the list of all file extensions and types registered on your computer. For each file type, the following information is displayed: Type Name, Description, MIME Type, Perceived Type, Flags, Browser Flags, and more. FileTypesMan also allows you to easily edit the properties and flags of each file type, as well as it allows you to add, edit, and remove actions in a file type."  Runs on Win98 - Vista. Handy little app when working with file association problems or customizations.

ProduKey - (freeware) - My favorite keyfinding application for Windows. And one I can't use at work as Symantec keeps alerting on it as a "potentially unwanted application (PUA)".  Grrrr.  The network analysts don't even bother to tease me about it anymore when my laptop at work shows up on the weekly virus reports.  Recover lost product key (CD-Key) of Windows/MS-Office/SQL Server installed on your computer.  Version 1.20 now allows you to load the product keys from a remote computer or from an external (or target) drive.  Really handy!

TrueCrypt: Now supporting Entire Drive Encryption!

When I saw this on the SANS-ISC Handler's Diary page I was stunned.

This free open source hard-drive encryption software now supports encryption of the entire disk with pre-boot authentication.


Yep. From the TrueCrypt news release:


TrueCrypt 5.0 has been released. Among the new features are the ability to encrypt a system partition or entire system drive (i.e. a drive where Windows is installed) with pre-boot authentication, pipelined operations increasing read/write speed by up to 100%, Mac OS X version, graphical interface for the Linux version, XTS mode, SHA-512, and more.

After four years of development, during which millions of people downloaded a copy of TrueCrypt, it is the only open-source disk encryption software that runs on Windows, Mac OS X, and Linux. The newly implemented ability to encrypt system partitions and system drives provides the highest level of security and privacy, as all files, including any temporary files that Windows and applications create on system drives (typically, without the user's knowledge or consent), swap files, etc., are permanently encrypted. Large amounts of potentially sensitive data that Windows records, such as the names and locations of files opened by the user, applications that the user runs, etc., are always permanently encrypted as well.

Let me just let TrueCrypt's team keep explaining this marvelous release update.

System Encryption

TrueCrypt can on-the-fly encrypt a system partition or entire system drive, i.e. a partition or drive where Windows is installed and from which it boots.

System encryption provides the highest level of security and privacy, because all files, including any temporary files that Windows and applications create on the system partition (typically, without your knowledge or consent), swap files, etc., are permanently encrypted. Windows also records large amounts of potentially sensitive data, such as the names and locations of files you open, applications you run, etc. All such log files and registry entries are always permanently encrypted as well.

System encryption involves pre-boot authentication, which means that anyone who wants to gain access and use the encrypted system, read and write files stored on the system drive, etc., will need to enter the correct password each time before Windows boots (starts). Pre-boot authentication is handled by the TrueCrypt Boot Loader, which resides in the first cylinder of the boot drive.

Note that TrueCrypt can encrypt an existing unencrypted system partition/drive in-place while the operating system is running (while the system is being encrypted, you can use your computer as usual without any restrictions). Likewise, a TrueCrypt-encrypted system partition/drive can be decrypted in-place while the operating system is running. You can interrupt the process of encryption or decryption anytime, leave the partition/drive partially unencrypted, restart or shut down the computer, and then resume the process, which will continue from the point it was stopped.

To encrypt a system partition or entire system drive, select System > Encrypt System Partition/Drive and then follow the instructions of the wizard. To decrypt a system partition/drive, select System > Permanently Decrypt System Partition/Drive.

The mode of operation used for system encryption is XTS (see the section Modes of Operation). For further technical details of system encryption, see the section Encryption Scheme in the chapter Technical Details.

Did  you get all that?

If you use TrueCrypt on your system (notebooks, desktops, portable drives) you can select the option to encrypt a partition or the entire drive.  Additionally, the encryption authentication occurs pre-boot.  So that if you loose your laptop, but it was shut down, NOBODY can access the data on the drive, even if they remove the drive and place it as a slave on another system, or use a "Live" boot-cd.  On top of this, it is able to encrypt/decrypt in place while the system is running, restarted, or shutting down.  It will pick up where it left off when the system is restarted until the drive/partition encryption is completed.  Wow.

While there are a number of very good commercial products on the market, that support file and disk encryption security, TrueCrypt has one extra amazing thing.

It's Open-Source and free!

If you have a laptop and keep any amount of critical and sensitive data on it, not just yours but say, that of your employees, then you need to keep it encrypted. Be it the files, a secure encrypted "virtual folder" that TrueCrypt can handle, or the entire drive.  You simply must.  People are counting on you to keep their information safe.  It just takes a moment to loose your data to someone else, and possibly a lifetime to restore a stolen identity.

TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP, Mac OS X and Linux

Enough said.

More Comodo Firewall v3.0 Updates

Comodo Firewall Pro - (freeware) - Comodo continues to work hard to fix issues with its latest firewall version.  Prior problems included tanking some Vista updates.

I really liked Comodo's v3.0 firewall. Free Vista Firewalls: And then there were five.  However it the issues with preventing Vista updates caused me to return to the built-in Microsoft Firewall for Vista for now.  However, I think I am going to give Comodo one last chance.

Version released this week makes some major changes on top of the fixes in version which resolved the Vista updates bug.

  • NEW! Anti-Leak Configuration:
    - A new default configuration is introduced to make D+ show fewer number of popup alerts while still remaning leak proof.
  • NEW! On-Demand Virus Scanning:
    - CFP now provides an option to scan for viruses during the installation and from its graphical user interface
  • NEW! A-VSMART Warranty Program:
    - CFP now provides the users an option to enroll one of the available A-VSMART Warranty programs
  • IMPROVED! Self-Defense:
    - There has been various reports that CFP 3.0 is attacked by some malware to disable its protection.
    The self defense has been modified such that an ungraceful termination of CFP will block every unknown action (i.e. it will function as if "Block all unknown actions if the application is closed" option is selected. This option was not enabled by default).
  • IMPROVED! Default Configuration:
    - Default configuration now protects more registry keys and more COM interfaces.
    - Default Web Browser and FTP Client policies are modified to support passive FTP requests
  • IMPROVED! Handling of known code executing applications:
    - Defense+ has been modified such that some known code executing programs such as rundll32.exe or windows scripting host are not autimatically trusted anymore.
  • IMPROVED! Pending Files:
    - Defense+ has been modified such that it is not going to report any pending files if it is not in clean PC mode.
  • FIXED! Bugs in Defense+ Engine:
    - Fixed numerous bugs that could stop Defense+ to properly handle the suspicious actions(e.g.bugs in registry and file protection, key logging etc).
    - Fixed the bug that could prevent CFP from functioning properly in certain types of hardware configurations(e.g. when a USB harddisk is present etc.).
  • FIXED! Minor Bugs in the Graphical User Interface

[IN]SECURE Magazine - February 2008

Issue 15 - (free download) is now out on the Webstands.

Topics include:

  • Proactive analysis of malware genes holds the key to network security
  • Advanced social engineering and human exploitation
  • Free visualization tools for security analysis and network monitoring
  • Internet terrorist: does such a thing really exist?
  • Weaknesses and protection of your wireless network
  • Fraud mitigation and biometrics following Sarbanes-Oxley
  • Application security matters: deploying enterprise software securely
  • The insider threat: hype vs. reality
  • How B2B gateways affect corporate information security
  • Reputation attacks, a little known Internet threat
  • Data protection and identity management
  • The good, the bad and the ugly of protecting data in a retail environment
  • Malware experts speak: F-Secure, Sophos, Trend Micro

I always enjoy reading this security webzine.  The articles are fresh and insightful and cover a wide range of computer security related issues.

Security guru Didier Stevens has contributed an article in this issue showing how rainbow tables may be used to more effectively steganographically hide larger sized volumes of data than in image files.  Really fascinating stuff!

Rogue Anti-Malware Products Run Rampant!

Be very, very careful on the choices you make downloading anti-malware products.  It seems like every day a new "rogue" product hits the webs.  Do your research carefully before going with a new product.

Looks can be deceiving.  Many look very polished and professional, yet provide only false-positives and heartbreak as they demand $ to register the program to remove the (false) threats, or even worse, actually infect your system worse than before!

For a sample of recent rouge caught:

Two New Rogues: Immunizr, WinSpyKiller - Malwarebytes Blog

Two New Rogues: AntiSpyKit, MalwareCore - Malwarebytes Blog

New Rogue: VirusHeat - Malwarebytes Blog

And if that wasn't shameful enough.  How about this? Legit security software vendors getting product placement through malware!

Sunbelt Blog: Legitimate security companies advertised through malware

I list quite a few effective and trusted tools in my Anti-Malware Tool Roundup - #3 post.  See also these other posts: Anti-Rootkit Tools, Online Scan Tools, and Anti-Virus Tools to get started looking for free and dependable solutions.

ReadyBoost for XP Systems?

ReadyBoost is a solution in Vista that allows for certain cached items to be placed on a USB stick rather than on the hard-disk.  This (theoretically) offers faster system performance.

I've found that more system RAM works even better.  Since upgrading my Vista laptop from 1GB of system RAM to the 2GB max it can handle, its like I have a whole new machine. Vista flies!  We ordered up Dad's new Vista machine with 4GB RAM and it simply rocks the casbah!

However, some XP users feel forgotten and since Microsoft doesn't offer a ReadyBoost solution, leave it to third-party software vendors to come to the rescue.

eBoostr - (free/$) - Note, the free version only works for four-hours after each system reboot. So unless you are willing to reboot periodically, you will have to pony up some cash to speed up your cache!

Supports Windows XP (32/64 bits), Windows 2000, and Windows 2003.  Requires a USB 2.0 port and USB stick.  Curiously, Vista is "not yet supported."

Readyboost technology for Windows XP - Download Squad

Featured Windows Download: Get ReadyBoost Speed on XP with eBoostr - LifeHacker blog.

miniMIZE - Cool Desktop Utility of the Week

Just found this little gem the other day.

miniMIZE - (freeware) - This is a tiny utility that triggers when you minimize an application window.  Instead of just removing it from your desktop and sending it to the Task Bar, it actually places a thumbnail image on your desktop.  Clever!

Screenshot - note that the windows are very small and for reference see the system tray icons in the bottom corner.

Still in beta, and may have some bugs, especially in hotkey handling.  Use with a bit of caution.

However it could be quite handy, especially in a multi-monitor environment.

More Microsoft Mischief

By now you probably know that although Vista SP1 has been released to system manufacturers, (the big ones, not Uncle Earl), you won't be able to get it for your system until March.


However, it seems that this release is the same version that came out under Vista SP1 RC Refresh 2.

There are lots of ways to get it if you dare (I don't, I'll be patient and wait for the "official" release), including torrents or registry hacks which get it flowing directly from Microsoft. I'm not going to post links to these, but you should be able to search them up quickly if you really want it that badly.

Vista SP1 Download Leaked for Weeks - CyberNet News

Windows Vista SP1 RC Refresh 2 = The RTM build -

Windows AIK now Serving Vista SP1

The Windows AIK (Automated Installation Kit) is a standard tool if you don't have access to a Vista setup DVD, and you want to build Win PE 2.0 boot CD's.

Previously, you could only get it in Vista.

Now, although most folks cannot get Vista SP1 yet, you can download the new Windows AIK that has Vista SP1 rolled up nicely in it!

Automated Installation Kit (AIK) for Windows Vista SP1 and Windows Server 2008 - Microsoft Download Center

Super Duper!

You will have to uninstall your previous WAIK installation first and reboot before installing the new one.

Curiously, the older version (non SP1 for Vista) is still available for download from Microsoft.

Windows Automated Installation Kit (AIK) - Microsoft Download Center

Also, to all those VistaPE WinBuilder fans out there, no you cannot use this new WAIK version to build your own VistaPE SP1 boot CD.  Not yet at least.

I tried and got a marvelous BSOD at Vista boot when using VistaPE builder v011, although GRUB4DOS worked flawlessly.

I contacted NightMan who verified WAIK Vista SP1 version is not supported, yet.

It will be in VistaPE builder v012.

So unless you are building bare WinPE 2.0 disks, or have the need for this in your enterprise environment, stay away for now.  Otherwise, you VistaPE builders out there, wait a bit longer for the v012 release then jump over and you'll have VistaPE SP1 running beautifully!

ImagexGUI Updated

If you know what ImageX is, then you might be interested to know there is a new release of ImageX GUI.

If you don't know what I am talking about then read this post first or move on: ImageX - Welcome to the Imaging X-Zone.

Still with me?

ImageX GUI (GImageX) - (freeware) - Version 2.0.11. This non-Microsoft supported command-line utility GUI wrapper for Microsoft's supported command-line imaging tool is getting slicker by the update.  Lots of screenshots on that page.

I still prefer the command-line usage for ImageX myself, but this is getting harder and harder to avoid using.  I always place it on my WinPE 2.0 imaging disk, just for my other techies to use.

Windows Migration Assistant GUI - Almost Here

Dan Cunningham has been hard at work making a GUI wrapper for Microsoft’s User State Migration Tool utility which is a command-line tool.  Dan's work is called the Windows Migration Assistant (GUI) based on that command-line utility.

This tool can be used to migrate Windows user profiles from Windows 2000 to XP or XP to Vista.

He is now looking for beta-testers.

Features will include

  • Migrate via a pre-defined network storage location, external USB drive, or user-specified location. USB drive detection is automatic, and you can decide whether drives below a certain size are ignored (ie, memory sticks).
  • Optional Hard Disk Health Check will run a CHKDSK prior to capture and fix errors if any are found
  • Optional Encryption using a pre-defined company encryption key, or per-user customised encryption (for highly sensitive data that can’t be stored on a server without being encrypted)
  • Use different configurations for a multi-OS, XP > XP and Vista > Vista migrations (useful when on XP to force the /TargetXP switch, and if you’re Vista migration can exclude XP-only obsoleted files)
  • Automatically run pre and post capture/restore scripts (very useful to further configure machine settings)
  • Migrate domain only accounts, or domain and local
  • Automatically exclude certain domain or local accounts from the migration
  • Automatically send log files to an e-mail address via SMTP after the migration
  • On-screen status during every stage of the migration, including ETA
  • Optional Hard Disk Health Check will run a CHKDSK prior to capture and fix errors if any are found
  • Optional Encryption using a pre-defined company encryption key, or per-user customised encryption (for highly sensitive data that can’t be stored on a server without being encrypted)
  • Option to limit migrations to a certain size, i.e. if over 20GB of data to backup, then fail and inform user. This is also overridable
  • Very configurable through configuration file
  • Command-line automation
  • Super-pretty UI
  • Screenshots links of an early beta release are at the bottom of this post.

    Dan has received permission from his employer to publicly release it when it is ready. Good news for all!

    More information here:

    User State Migration in Windows XP - Microsoft TechNet

    Windows User State Migration Tool (USMT) Version 3.0.1 - Microsoft Download Center

    Migrating to Vista using User State Migration Tool 3.0 - Windows Networking

    Firefox Encryption Toy

    FireEncrypter - (Mozilla Add-on) - Fresh from my mad foray into the world of ROT13 and RC4 wackiness, I found this nice little extension that allows you to quickly and easily run encryption hashes for many common encryption schemes.

    Not an everyday tool, but a nice friendly introduction into the world of encryption and decryption.

    Time to sneak into bed.

    Morning comes quickly in the Valca home!

    Good Night!


    No comments: