Sunday, March 30, 2008

Hidden Power in Firefox Places "Library" Organizer

Near the end of my last post, Curious Firefox Tidbits, I briefly mentioned poking around a bit in the places.sqlite file of Firefox 3.0.

I mentioned that some of the database items indicated that (among other things) that it appeared that Places was able to track when each bookmark was added to the database as well as when it was last modified.

If you are running a recent version of Firefox 3.0 (beta or nightlies), you can look into the new Places features by going to Bookmarks > Organize Bookmarks on the menu-bar.

This will display the "Library" window that contains your bookmarks.

By default the Library window will show a tree structure on the left-hand side, and the bookmark/folder name, tag, and URL location on the right hand side.

Below in the third-pane is some specific information regarding the bookmark/folder selected.

I was wondering if I could find any more specific options in the display here.

I clicked the "More" button in the bottom third-pane but it didn't provide me the time/date information I knew was being tracked in the places.sqlite database file.

Then I noticed a little column-picker icon in the top-right column bar.

I selected it and found I could add additional bookmark column-view details to my main Library pane: Visit Count, Keyword, Description, Added, Last Modified, and Visit Date.


These columns may be rearranged and sorted on according to your preferences.

So, now you know how to display these "power-columns" in your Firefox 3.0 Places Library window.

Good to know, although I really would like to see a utility to allow me to off-load the places.sqlite file from a system (say to USB) then inspect it later in a more GUI-friendly display than the available SQLite viewers do at the moment. Something more on the lines of one of NirSoft's tool: MozillaHistoryView.

Maybe a "MozillaPlacesView" will be forthcoming from NirSoft? Now wouldn't that be nice!


Curious Firefox Tidbits

In tracking down a problem installing the latest NEXT release of Newsfox into Firefox Minefield nightlies, I thought I had a corrupted profile.

So I deleted it and created a fresh one.

Only Minefield refused to launch saying that Firefox was already running (even though it wasn't).

Failure to Launch

I worked through the tips in my post "Firefox is Running..." Even when it isn't... but wasn't able to resolve it.

I did a bit more research on the Profile folder over in the MozillaZine Knowledge Base but came up empty. However, I did learn about the Profiles.ini file.

Turns out that when I found and inspected that file on my system, I saw that the profile listed for Minefield was still the old one, and not the new one I created.  I edited the file to reflect the new profile name and Minefield launched again, just as normal.

So, if you've tried everything else troubleshooting a failure to launch your Firefox profile, check the profiles.ini file and make sure the filenames/paths match correctly.

An Interesting Discourse

In my post Firefox 3 Security Blocker: Going In Deep, I fussed quite a bit about the lack of user control and openness of the "attack-site" feature in Firefox 3.0.

Seems I'm not the only one.

In the comments, a thoughtful gentleman named BartZilla opened up a discussion reviewing some of the deeper workings on this process.

Firefox Antiphishing Server-side Project (codename: "Firefox is spyware") - BartZilla

He pointed to an additional source of information regarding the workings of this feature

Protocolv2Spec - google-safe-browsing - Google Code

Certainly interesting information and thoughts for the die-hard Firefox fans.

Who is JSON and why are his files now on my PC?

I've really been impressed with the Firefox 3.0pre build work on the Places structure.  Places is the new bookmarking feature which uses SQLite for storage management. The file is called places.sqlite.

You can peek into it with one of the various freeware SQLite viewers: Two More "Lite" SQLite viewers - All good, light, and free

(Note:  I wasn't able to open it as long as it was "locked" by Firefox 3.0 running.  If this happens to you, first close out your Firefox 3.0 session so it "unlocks" then attempt to open it with one of the SQLite file browsers mentioned above.)

Something interesting about this for you forensics folks is that the places.sqlite database also records when the bookmark was added to the database, as well as when it was last modified.  As well as visit dates and associated session numbers. Certainly could be potentially useful information in an investigation.  The change to SQLite files will cause many older Firefox history/bookmark reviewing utilities to no longer work, however, it should also help provide even more information to reviewers when new utilities are released to read back the contents of the new places.sqlite files.

One feature that I really liked was the ability to easily do backups and restorations of the entire bookmark structure in Firefox 3.0.  In the past trying to sync bookmarks between browsers/systems meant a lot of copy/paste work in the bookmark manager.

Now, in Firefox 3.0 you can backup your entire bookmark structure with a few clicks, and restore the entire set, overwriting the existing structure, with a few more.

Up to last week or so, the backup file was generated as a "bookmarks.html" file.

When I generated one recently, it was found to now be in the following format: "Bookmarks 2008-03-30.json"

Turns out the JSON file format is a progression in the new direction of Firefox 3.0.  It has always been planned but only just finally made it into the recent builds.

Most of my text-editors choked on my file (being as it is so large), but Microsoft Word was able to open it up and with a bit of work, I was able to pick through all 81 pages of it.

Other Stuff

Story - Interesting prototype web history browser utility. The Story Manual goes into some detail about this. as it applies to Firefox's new places.sqlite file.

Internet And Chat Forensics » SlideShare - Good overview presentation of browser forensics.

Locationbar² Updated for Firefox 3 - Cybernet News. Good review of an Add-on for Firefox that will highlight the "true" URL base of a weblink in your browser address bar.  This might be good to help guard against URL spoofing or purposefully malformed weblinks often used by phishers.   It appears this was going to be an embedded feature in Firefox 3.0 but got stripped out. Developer's website: design-noir | Mozilla | Locationbar².



New and Improved (or maybe just stale and repackaged)

Did you know that there are secret meanings behind the twist-tie colors used on loafs of bread?

Urban Legends Reference Pages: Bread Tag Code

My grandmother seemed to believe she had special divine knowledge of these codes from above (although the only golden plates I ever saw her with were for serving Hors d'œuvres).  She would carefully spend what seemed like hours hunting through the loafs finding a certain color of twist-tie.

Or maybe that just explains were the OCD comes from in the family.

Red Twisty

TechBlog: Updated: Is Windows XP's last service pack coming next month? - TechBlog

Now that I've gotten Vista SP1 on our laptop successfully, I now get to turn my anxiety to awaiting the upcoming release of XP SP3.

Will we block it from auto-installation across our XP systems at work? Unknown yet.

Will I make a slipstream version of XP Home/Pro setup disks? You Bet!

What am I looking most forward to in XP SP3? Hopefully seeing some performance gains.

Blue Twisty

Windows Incident Response: Registry Analysis - What Is It?? - In this post, Harlan goes in-depth to consider what may be an often overlooked area of exploration; the Windows Registry. As he points out in the opening post, the majority of research work I do involves hunting up a particular string of interest.  However, it can contain a whole lot more powerful information, such as the last time a certain document was accessed, not just by the user, but various applications, or maybe when a USB stick was plugged in under a user's account.

Looks like Harlan is making a sweet registry analysis tool and teasing us with it.

I'd love to get my hands on this thing!

Introducing the Basic Process Manipulation Tool Kit « Didier Stevens

Meanwhile, not to be outdone, Didier Stevens has posted a new tool of his own: the Basic Process Manipulation Tool Kit.  Designed by Didier to be used in researching security mechanisms implemented in user processes.

The toolkit has commands to search and replace data inside the memory of processes, dump memory or strings, inject DLLs, patch import address tables, … I’ll be posting examples in the coming weeks, illustrating how these commands can be used.

Didier then provides a fascinating example using Firefox and how it manages the storing of passwords in memory.

I'm curious how this tool might be able to be applied to researching running malware processes and look for URL's and embedded passwords in the malware programs.  Might be very helpful.

I can't wait for the example posts to start flowing.

4sysops - RegAlyzer - a nifty free Registry editor

4sysops does a brief review of one of my favorite registry tools, RegAlyzer by the same team that brings us SpyBot Search and Destroy.  Not only does it provide multiple search results, but also has undo/redo logs so you can go-back and "fix" editing work in the registry if you use this tool to make those changes. 

I also really like these freeware registry tools: RegistrarLite, ERUNT and NTREGOPT, RegASSASSIN, RegClean, RegHance 2.12 (LavaSoft product now only found on MajorGeeks), Process Monitor (Sysinternals), and RegScanner (NirSoft).

White Twisty

Windows Search 4.0 Preview - This new beta release allows you to perform searches for documents and files/folders on your system.  It is like the old "F3" Windows search, but on steroids.  Much more powerful and much more useful.

Windows Search 4.0 includes the following improvements:

  • Support for the Encrypting File System (EFS)
  • Reduced affect on Microsoft Exchange when you index e-mail in online mode, and there is no local cache (.ost)
  • Support for indexing online delegate mailboxes
  • Support for client-to-client remote query to shared indexed locations
  • Improved indexing performance
  • Faster previewer updates for Windows XP
  • Per-user Group Policy settings
  • Windows software updates for Watson errors
  • Support for the following new enterprise Group Policy objects:

Computer policies

  • Prevent adding Universal Naming Convention (UNC) locations to index from Control Panel
  • Prevent customizing indexed locations in Control Panel
  • Prevent automatically adding shared folders to the index
  • Allow for indexing of encrypted files
  • Disable indexer back-off
  • Prevent clients from querying the index remotely
  • Allow for indexing of online delegate mailboxes
  • Prevent adding user
  • Specified locations to the All Locations menu
  • Enable throttling for online mail indexing

Per-user policies

  • Prevent adding UNC locations to the index from Control Panel
  • Prevent customizing indexed locations in Control Panel
  • Prevent indexing certain paths
  • Default indexed paths
  • Default excluded paths

Supporting XP (SP2 or SP3), Vista (SP1), and Windows Server (Home, 2003 and 2008), it looks to be a great addition to beef up the search capabilities of your system.

The interface is much updated and has a more "Vista'ish" look.

Windows Vista Team Blog : Announcing the Windows Search 4.0 Preview

Windows Search 4.0 vs. Google Desktop 5.5 - Download Squad

Remote Search in Windows Search 4.0 - Brandon Live!

Meanwhile, over in the IE8 development dungeons....

IEBlog : Add-on Management Improvements in Internet Explorer 8 - Turns out the IE8 team is looking to make management of BHO's, Search Providers, and other browser elements much easier to manage in IE8.

This post goes into some of the finer details of the design and implementation.  I had almost as much fun reading the comments.  I think IE8 is on track to learn some good lessons.  Having the ability to easily manage and disable/delete unwanted BHO's from an IE installation is always a good thing.  Previously, this often meant having to get into the registry to clear out some of these items.  While not all bad, many BHO's I've encountered came from drive-by malware installations; toolbars, searchbars, etc.

It appears that one of the more looked for features in Vista SP1 got stripped out: that of being able to create a Windows recovery CD with an easy-to-use GUI interface.


However, all is not lost. Sure you can download a Vista Recovery disk ISO from, but if you want to add this feature back into your native Windows Vista SP1 system, you can with a little bit of a hack: Recover “Create a recovery disc” on Vista SP1 RTM - iStartedSomething blog.

Long Zheng provides an easy to follow guide to getting it restored.  Just pay careful attention to all the file-permissions mojo steps.  Don't know if this will be helpful to everyone.  Probably easiest just to go get and burn the ISO version instead.  Certainly not something most users will need every day, but I tend to collect these sort of utility disks....

See also: Windows RE Notes

Green Twisty

Download Squad did a post on Hinx Backup Easy which is a free Windows backup solution. Other mentions in the ensuing comments were Cobian Backup and AutoVer. I've covered some of my own favs in File Managers, Copiers, and Sync Utilities posting.

Dan Cunningham provides a nice solution (though a registry hack) for Disabling Apple Software Update items.  I personally just use "AutoRuns" to disable it as a startup item in Windows, then do manual checks for updates periodically.  However, each time I update iTunes, it gets restored, so I have to remove it again.

FreewareGenius provides a tip: How to change Windows’ default image editor.  He links to use of the Imgeditor utility off Ramesh's site.

Finally, Donna posts a great update announcing that the Firewall testing pros as Matousec have come up with a new test page:  Firewall Challenge page.

Turns out that the current "Excellent" rated winners of their Firewall "leak-test" results are Online Armor (available in a freeware version), Comodo™ Firewall Pro (also free), Prosecurity (not free), and Outpost Firewall PRO (also not free).  Three other firewalls received "very good" and "good" marks.

Nice to know the folks at Matousec remain hard at work testing, and that excellent software-based firewalls for the masses are available for free.


Fun Stuff and Mindless Diversions

Just some lightly entertaining tidbits I've found this week for the inner-geek

GraphJam: Pop culture for people in cubicles - Created by the mad-geniuses over at "I Can Has Cheezburger?", this site collects "facts" from popular culture and presents them in charts, tables and graphs for all your statistical enjoyment.

Some are quite understandable off the bat, but others may require referral to an accompanying "cheat-sheet" page. Usually a YouTube video to provide the context.

Some are a bit lame but others are pretty funny.

tachikoma snap - Tachikomas are the little AI robot spider-vehicles that support the Ghost in the Shell team.  Full of character and personality, I think they are the real stars of that anime series.  Anyway, dude has done some nice graphic work layering in images of tachikoma on top of "daily-life" photos.  While most are not 100% photo-realistic, they are fun and entertaining for GITS fans.

Top 10 April Fools' Pranks for Nerds - Wired.

Some are good, most are weak.  However for Apple Mac fans, there was a real gem hiding in there:

Troika - Newton Virus

See the YouTube video for the fun.  I have no idea if this is a real software application or just some very clever graphic programming.  According to the Wired post, it may be using the accelerometers built into the MacBooks to sense the orientation of the laptop then move the icons and bars accordingly.

True or fake, it still is really entertaining!


Don't Forget the Internet Archive!

The other day one of our technicians asked me if I had any more documentation on programming the Norstar class of Key phone systems.

He had done a lot of searching in our phone closet rooms and the Internet and came up short.

We have several that we support, and while we have books and books and books of manuals on the Meridian class of phone systems, the little Norstar Key systems have almost no documentation at all.  So we do quite a few vendor calls for service and support.

I've had good luck in the past over in the Tek-Tips Forums for finding technical tips and guides so I turned there.

Eventually I found what looked to be a glowing recommendation for a whole collection of guides to support these systems.

Unfortunately, the link offered was now dead. Not too surprising as the post was back from July 05.

I did some Google work but couldn't find anything "live" with that information.

On a whim, I decided to see if maybe a version had been archived over in the Internet Archive.

With the link URL copied, I jumped over and entered the dead URL into the WayBackMachine.

Internet Archive Wayback Machine - (My URL Search)


I checked out the last archived copy of that page captured on Nov 13, 2006.

Some of the graphics were missing but it looked like I hit the jackpot.  Lots and lots of links for tutorials of really useful information on Norstar phone system programming.

Could these links be "hot" as well?

Nope.  All dead like the original page URL.

But maybe, just maybe, each of these were also captured in the Internet Archive?

I copied a URL and pasted it into the WayBackMachine.

Jackpot!  (Norstar - Add Lines To A Set)

It took a bit of work copying each URL and then pasting into a new archive search, but in just over an hour, I had the entire contents of all the tutorial pages copied into a Word document.  I was also able to download a full Word document tutorial that had also been linked there as well as a PDF or two.  


I reformatted them up into a single document and passed them out to our telephone support team.

So, the lesson here is that if you are doing research and find a dead-link, don't give up hope.

Take it over into the Internet Archive and do a search on the URL.

Maybe it won't be there....but maybe, just will strike gold!



All for Naught...Soup after all

I was feeling pretty frustrated last week when I found that Microsoft Update was keeping me from applying Vista SP1 to our system due to an "incompatible" SigmaTel driver.

In the end I ended up listening to the supportive words of encouragement from Dwight Silverman and the DMan and decided to go ahead and cram Vista SP1 on our Gateway MT6451 laptop anyway by re-downloading the full Vista SP1 installer and putting it on anyway with a manual installation.

So yesterday while the girls were out "mall-crawling" I logged onto the Administrator account, shut down the firewall, HIPS and A/V applications and ran the Vista SP1 installer.

I didn't keep an eye on the clock, but my feeling is that it took about 35-45 minutes to apply.

When it was all done, including several reboots, I logged into the system and Vista SP1 was applied.

I checked the sound and the quality seemed same as usual.

I haven't encountered any lockups or problems with performance since, and it was well-tested when Alvis and her BFF spend the rest of the day hard at play on it.

So, for all you Gateway MT6451 laptop users out there running Vista and wondering what you should do to get Vista SP1 installed, my experience was painless.

Download the full installer, make sure your drive is defragged, temporarily disable any security application you may have running, and run the full installer.

Assuming your system is "stock" like ours, you should soon have Vista SP1 loaded and running.

Thanks for the support Dwight and DMan!


Saturday, March 22, 2008

Software Sliders

Sliders (a.k.a White Castle mini-burgers) in that these are short but tasty links.


Spybot S&D now shipping with Anti-Rootkit Technology

This one almost slipped by. Spybot Search&Destroy now incorporates plugins to search for rootkits.

How nice is that?

To get this added feature, just download the Spybot S&D updates in version 1.5.2 of their flagship product. They should present themselves automagically. Still under "development" so expect frequent updates as it matures.

It is also available as a "standalone" module, if you want: RootAlyzer (freeware).

I can't say how effective the technology it uses are. There are so many nice anti-rootkit applications out there now, it probably doesn't hurt to have one more bundled in Spybot. Grab a few and keep them handy on a USB stick, just in case.

Comodo Launches "Test My PC Security" Website: Helpfulness up to debate

Not content to claim superiority against all known firewall leak-tests, Comodo has now opened up shop with a new security-testing website: Test My PC Security. (PR press release here.)

So what does the average Joe find while visiting the website?

Well, a couple of brief "articles" outlining what firewall leak-tests are, and some test results that clearly show that Comodo's Firewall Pro is the best (and free). No surprise there.

What does the security minded geek find while visiting the website? Currently links to download 32 leaktests to experiment with on their own systems and firewalls. They can be downloaded individually or as a singe "zip" package.

This is strangely reminiscent to me of two earlier websites that pioneered these tests and comparisons: The Firewall Leak Tester website and Matousec, both of which carry 26 firewall leak-tests.

I actually like and use Comodo Firewall Version 3.0 on my Vista system. It is free and has a lot of robust features. It isn't too chatty and does ship with a "whitelist" of preapproved safe programs to help cut the prompts down. I did disable the Defense+ feature after running into some issues. Instead for HIPS protection, I am running ThreatFire (free) instead to supplement my AV protection.

Windows SteadyState

Just discovered this curious Microsoft product. Which means it must have been around for quite a while.

Windows SteadyState - What this free program for XP does is to return a "shared pc" back to an original state after use. Kind of like a software-state "reset" button.

Basically you configure your system to your liking, run and apply the SteadyState configuration, and let the users use the pc. If the user(s) modify (accidentally, purposefully, or maliciously) the system, you can quickly restore it to the original state...without having to reload the system from an image.

From the "What is it?" page:

How Windows Disk Protection works

When disk protection is turned on, it creates a cache file to retain all the modifications to the operating system or program directories. Histories, saved files, and logs are all stored in the cache file which is created on the system partition. At intervals you designate, Windows SteadyState deletes the contents of the cache and restores the system to the state in which disk protection was first turned on.

Set it and forget it

Choose the disk protection level that fits how your computer is used and whether or not your users need to save data for a specific length of time.

For example, if your shared computers are used by different people every day, you can set SteadyState to remove all changes at every restart. This is a good choice in a library or an Internet café.

You can also choose to retain changes for a specified period of time. This is a good option if you have the same users every day for a limited duration, such as a school term or an ongoing computer lab project.

However you choose to use Windows Disk Protection, you can rest easy knowing that a clean return to its original state is available.

I can see a couple of applications that this might come in handy with in our computing environment. Definitely worth looking into.

Nirsoft Nuggets

Ever wonderful, Nir Sofer has delivered two products worth looking into; one new and one updated.

SiteShoter - (freeware) - This tiny utility can be used to take a screenshot of any Web page and save it as a file. When executed, it launches a hidden window of Internet Explorer, loads the target page, and captures the page contents as an image file (.png, .jpg, .tiff, .bmp or .gif) depending on your preference. Will not capture Java applets or some other third-party web-content. What is cool is that Nir has coded it to run from a command-line. So you could make a batch-file to run it to capture one or a series of pages with a single click. Or set it to run automatically with a bit of scheduling to monitor and document regular and periodic changes to a Web page for archival reasons (say your kid's MySpace page).

MyUninstaller - (freeware) - Sure, you could use the standard Windows "Add/Remove" programs in XP/2000 or whatever it is called in Vista. But these tend to be a bit, "slow" for us IT geeks who often need to quickly scan for and remove unauthorized programs from client pc's. I even get impatient at home. MyUninstaller is a standalone utility that very quickly displays all installed applications on a Windows system, and provides a method to uninstall the ones you want. Version 1.39 fixes some uninstall string problems with Windows Installer.

For more freeware programs to uninstall applications quickly from Windows systems, check out this GSD post: Freeware Software Uninstallers.

E-mail Goodness #1: eM Client

I'm a fan of Mozilla's Thunderbird email client. When we ditched MSN dial-up as our Internet provider, I was finally able to escape from Outlook Express.

I don't run any Add-on extensions to Thunderbird except the Lightning project, which is a calendar application which integrates with Thunderbird.

I use Outlook 2003 at work and actually do enjoy it. We got Outlook 2003 along with our Office 2003 Student/Teacher package I bought, but I didn't install it. Too much hassle to convert now and Thunderbird does have some anti-spam and embedded image handling features I like for security reasons.

However, I did take notice of a recent DownloadSquad post introducing the eM Client program for e-mail.

Like many such programs (and there are many), it provides Windows based e-mail for sending/receiving messages, managing calendar items, contacts, and tasks.

I spent some time on the site and eM Client does look very polished and professional. The interface is a nice blend falling (to me) somewhere between Thunderbird and Outlook.

Final release appears to be scheduled for late 2008, although beta downloads are available.

When complete it promises to integrate ActiveSync for mobile-phone synchronization, groupWare support, GoogleSync support (for calendars and contacts) and Web 2.0 widget support for apps like Meebo, Facebook, and MySpace. For more details see the eM Client Feature List.

.NET Framework 2.0 or higher required.

Oh yeah, did I mention that you can download it in both "desktop" and "USB (U3) portable" versions? Not bad, although you can already get a Portable Apps Thunderbird version already if that's your thing.

It took me less than three minutes to download the U3 version, change the extension to .zip. Unzip the main program folder to my desktop, run it, configure an old gMail account of mine, and download a number of old messages from the gMail account.

The GUI is very polished and professional looking. I think it actually is a bit more polished looking than Thunderbird 2.0 is by default. I'm not changing anytime soon, but I am impressed with the offerings of eM Client. I will definitely be keeping an eye out on this one!

It is still under development and I've spotted a bug or two, but it seems like a great future candidate.

E-mail Goodness #2: Outlook on the Desktop

If you do use Outlook, maybe you would like to keep the calendar view up where it could be useful, but don't want to have to toggle between it and your email Inbox.

Michael Scrivo has a neat free product; Outlook on the Desktop.

Basically what it does it place a fully customizable Outlook calendar on your desktop. It is pinned so that stuff can't underlay it. You can adjust the position, size, and transparency level. It supports multi-monitor displays (hurrah!) and you can even toggle it between the calendar, inbox, tasks, and notes view.

Brilliant! Requires Windows 2000 or higher, Outlook 2000 SR-1 or higher, and .NET Framework 2.0 or higher.

Know thy Application Rights Needed

Last week I mentioned a few tools that can be used to analyze the software applications installed on a Windows system to determine if a program can be run with "least-privilege" user accounts for security purposes: LUA Buglight and the Microsoft Standard User Analyzer (MSUA) tool now incorporated in the Microsoft Application Compatibility Toolkit v5.0.

Now Julie over in the Back Room Tech blog shares one more: BeyondTrust | Application Rights Auditor.

This freeware tool automagically scans your target system and reports back the Windows applications it finds that require users to have administrative-level rights permissions to run.

Systems supported are Windows 2000 through Vista.

The utility uses a Microsoft management Console (MMC) snap-in as well as desktop component. Install the desktop component on the target systems. After audit run, the information is logged and send as an encrypted log-file to a secure BeyondTrust server farm. You then use the MMC snap-in with your unique key to view the report information.

Certainly not a tool needed by everyone, buy could be useful in IT departments assessing the rights requirements of applications when considering a user-rights policy for desktop and laptop system deployments.


Friday, March 21, 2008

No Vista SP1 Soup for Claus

I was all set to go and load up Vista SP1 on our Gateway Vista laptop this weekend.

I've defragged my drive.

Got ready to disable my firewall, AV, and HIPS software just to be sure I didn't have any conflicts.

I logged into the true "Administrator" account to apply the patch.

I read Dwight's TechBlog post looking for tips: Updated: Windows Vista SP1 is now available and in the post Available next week: Windows Vista SP1. All good stuff.

I even downloaded and had my Vista Recovery Disk burned. Just in case.

Homework done. Time to queue up in the soup-line.

Red Bowl or Blue Bowl?

There are three methods to getting Vista SP1 on your machine:

  1. Download the full Vista SP1 installer from Microsoft Download Center and run it.
  2. Wait for April Automatic Updates to see it pushed out, or
  3. Manually run a Windows Update session and install it "early".

I decided that #3 optioned best (for a number of reasons that will become clear in a bit).

I ran Windows Updates and there was a patch to the Excel Patch from last week. Installed that and the system did a auto-reboot.


Logged back into the Admin account and re-ran Windows Updates.

Nothing. No Vista SP1 offered.


Reran again.

Nothing found.

Rebooted and tried one more time.


So I downloaded the full Vista SP1 package anyway, and planned on installing it.

But for some reason, I decided to try to figure out why it wasn't being offered to me...just in case Bad Things™ were afoot. Call me crazy.

What's My Problem?

According to the Windows Vista blog's Nick White, there are eight reasons why I might not be seeing the update offered:

  • You have not yet installed all the prerequisite packages you need for Windows Vista SP1. To install them, visit the Windows Update control panel and click on "check for updates."
  • You have a pre-release version of SP1 and need to uninstall it before installing SP1
  • You already have it. To determine if you already have SP1 installed, Open the Start Menu, right click on Computer and left click on Properties.
  • We released SP1 in these 5 languages: English, French, Spanish, German, and Japanese. If you have any other language installed, SP1 will not yet be offered to you. (You might not even know if you have an additional language installed -- check the Regional and Language Options control panel to see which languages you have installed.)
  • Back in February we announced that we'd be using Windows Update to help make the update as seamless as possible for our users. Windows Update will detect drivers that we know may be problematic when updating to SP1 and will not offer the service pack until an update has been installed.

I hopped over to the offered whole list to look into the full details.

I worked through the list one reason at a time.

  1. Nope, not already running Vista SP1.
  2. Yep, running "English" version of Vista, good there.
  3. Nope, not running the Windows Service Pack Blocker Tool. So far so good.
  4. Nope, my registry and file system are in top shape. Moving on....
  5. Incompatible driver, surly not. Laptop is less than a year old, specifically designed for Vista.
  6. Nope, didn't pre-install a RC of Vista. Two more left.
  7. Hmm, no can't say I used vLite to uninstall required system components.
  8. Nope, not trying to install Vista with other updates.

Could I have missed something?

Only thing I could think of was to go back and seriously check out #5 again; that "driver" thing.

Checking my Drivers

There are a number of ways I could try to compare the drivers and versions listed on this page against the one on my system.

My Computer > Right-Click > Properties > Device Manager...and compare the items and examine the driver properties for the devices.

Start Orb > Control Panel > System > Device Manager...and compare the items and examine the driver properties for the devices.

I went easier. I had already downloaded and unpacked NirSoft's DriverView (freeware) which lets me instantly view all the drivers on a system along with description, version, product name, company that created the driver, etc.

I fired it up and worked through comparing the list of incompatible drivers against what I had.

Guess what I quickly found?

Yep. Turns out this not yet a year-old Gateway MT6451, made for Vista laptop is using the SigmaTel Audio Driver stwrt.sys and it is an incompatible version (6.10.5337.0 in fact).

Because I chose (wisely) to run Windows Update to get Vista SP1, Windows Update "knows" if an incompatible driver version exists and won't offer Vista SP1. That's why it wasn't showing up.

That sucks. (Albeit in a "good" bad sucky way.)

I checked the Gateway MT6451 driver support website, but no newer driver is available than the one I have for this model. There are newer SigmaTel drivers offered by Gateway, but not for this model laptop, and I'm not sure I want to go testing the "compatibility" of them.

Sure, I could still try to slam-down that full Vista SP1 package, but I have no guarantee that in the best case scenario, I could get my audio back. In the worst case scenario, my system might lock up during the update process and never come back to the land of the living.

No thank you. I want Vista SP1 bad...but will really have to convince myself that I actually NEED it that badly before taking that kind of big leap.

So now what?

Nick Offers Comfort...

Nick White from Microsoft did try to offer some words of comfort to us poor unfortunate souls left standing outside the Vista SP1 diner watching the other folks enter and eat their fill:

...we spent the past month or so working with our partners on driver updates for these issues. Of these drivers, most already have updated versions on Windows Update and are available for download now as optional updates. In a few weeks we'll start to deliver these updated drivers to PCs automatically via Windows Update.

We're working with the providers of the remaining devices to get updated versions of the drivers to our customers as well. In the meantime, Windows Update will recognize PCs with drivers that may be problematic and postpone offering SP1 to those PCs until it has installed corrected drivers or other applicable updates. Either way, Windows Update works to detect whether or not your system is ready for SP1 and not offer it to you until the time is right.

So I have Microsoft's assurance that they are working with SigmaTel, or Gateway, maybe both, to make sure that the updated and Vista SP1 compatible driver will be released, when was that again? Oh yes....maybe in "a few weeks" but I can rest assured that Windows Update will "not offer it to (me) until the time is right."

Looks like I need to be content to just accept the level of relationship I am at with Microsoft Vista and this "made for Vista" Gateway laptop for now.

I don't know.

Looks to me like Gateway/SigmaTel needs to work harder at wooing Windows Update.

Maybe some dates at fancier restaurants? Rumor has it that the Seattle Space Needle has a pretty romantic restaurant and view.

Some more bling? I hear diamonds are a girls best friend.

Then again, I heard that black and white cows are happier in California. Maybe I could spring for a weekend getaway for Microsoft and Gateway. Should feel right at home.

Until Microsoft and Gateway can figure out how to get past third-base on this driver thing, I guess I have to accept for now the fact that Claus gets no Vista SP1 soup.


I'll let you know when the compatible driver version is released....Goodness knows I'll be watching and searching and checking each week.

Might be a while....

Update: Looks like I'm not the only one with this "driver" issue...Microsoft MVP and security issue watcher Donna Buenaventura is also getting cheated out of Vista SP1 for similar driver issues...and not getting much OEM support help either; No Vista SP1 yet here...issue on Dell drivers for Sigmatel & Logitech quickcam.

I'm now wondering what impact this might have down the road as April comes on and "regular folk" start looking and expecting Vista SP1 delivery. You know, all those moms and pops whose geeky kids talked 'em into getting a spanking-new Vista pc system over the past holiday season knowing Vista SP1 was looming on the Spring horizon.

Think there will be some complaints when everyone is talking about Vista SP1 over at the bingo hall and Grandma Jones goes home and can't figure out why Vista SP1 isn't on her machine?

Or what happens when she calls for help from the OEM pc support desk and they can't get it on?

Or how about those folks who turn to those BigBox hire-a-geek services to try to get Vista SP1 installed. I wonder how many will end up getting new system-boards, or hard drives, or upgraded memory, or entire system restoration services to "fix" this issue...and still have it remain.

Or get the "full" Vista SP1 pack installed as a last-ditch fix and end up tanking their Vista system entirely, or maybe now the sound won't work and they have to pony-up $$$ for a new "fixed" sound-card solution, just to get Vista SP1 installed and loaded.

I seriously hope these "incompatible" drivers get fixed by next month, or I think we will hear quite a bit of screaming and hollaring.

And believe me, Grandma Jones, really can call up the cows when she gets rilled up.


Sunday, March 16, 2008

A BIG List of 34 Free XP and Vista Tweaking Apps

OK, before we begin the list of tweaking tools, I'd like to make a few statements.

  1. I don't consider this list the "Ultimate" list of free XP and Vista tweaking applications as a considerable amount of browsing will turn up lots more; these are the ones that seem to be most popular and most trusted (and that I have downloaded and used to some degree on my own systems).

  2. Free doesn't always mean good or useful. There are a growing number of free XP and Vista tweaking tools that actually are seeded with malware, or don't work as promised. Be careful! Same goes for non-free utilities. They may be able to do a lot more for a moderate sum. Consider your needs carefully.

  3. You probably don't really even need to use all these. One or two good and targeted tweaking programs will likely do the job. The majority of tweaks I make on my XP and Vista systems can be accomplished with a few specialized tools or registry changes. That's it. These all just make that process a bit simpler.

  4. Tweaking doesn't always result in improved system performance; in some cases it can make things worse. I always am a bit jaded and treat "enhanced-performance" tweakers like "snake-oil", fun to look at and entertaining, but may not be the best medicine on the pharmacy shelf. If tweak you must, tweak be on your own head.

  5. The tweaking tools I think are "best" are those that I can run and use without "installing" into the system. The less core system modification changes that are required to apply and support a tweak state, the better. IMHO.

  6. As you will soon find once you get into the tweaking-game, many tweaking applications have a lot of overlap when it comes to tweaking features supported.

  7. I may have included a few "repair" tools in the tweak-list as I have found they are good and can provide a easy way to restore some system settings when a system is damaged by malware or accidental tweaks.

  8. Many are "portable" and will run off a USB stick, either out of the box or with a few little bits of modifications. This can be handy when you use them to make system changes on a client machine and not your own. Some demand to be fully installed on the system to work properly.

Standard tweaking warning applies: Danger, Will Robinson! Danger!

Use any and all at your own risk of causing system-wide mayhem, destruction, mass hysteria, and calls to your favorite tech-support guy with promises of pizza and beer for repair-work!

The BIG List of Free Windows Tweakers

(Note: List presented in alphabetical order.)

  • AutoMz Ultimate Tweaker - (freeware) - Claims to automagically apply the best tweaking values for your system's performance, including scan engines, cpu, hard-drive, memory, graphics card, cd/dvd, modem, network, boot-files and registry optimizations, and other services. (XP)

  • Dial-a-fix - (freeware) - File this in the "Damn I wish I knew of this sooner" category. This clever little tool is a collection of scripted fixes for common and frustrating Windows system issues. It may be able to repair Windows Update errors and Automatic Update problems, MSI issues, SSL, HTTPS, and cryptography service issues, COM/ActiveX issues, missing registry entries, and quite a few more problems as well. (Win 98 - XP)

  • EasyBCD 1.6 - (freeware) - Hard-core NeoSmart tool that is definitely NOT for "average" Vista users. Allows advanced Vista users/tweakers to set up, configure, and tweak the Windows Vista bootloader. Here are direct links to the EasyBCD Screenshots Gallery and Documentation. (Vista)

  • EnhanceMyVista Free - (freeware/$) - Very interesting product. Nice GUI for handling the complex number of options loaded in this utility. Seems to merge several system utilities and tweaking features into a single product. Available in both a free and "pro" version. Lots of good screenshots on the product page. (Vista) See also EnhanceMyVista Pro and EnhanceMyXP Pro . (Vista)

  • Fresh UI - (freeware) - From Freshdevices. Allows some interface changes, optimizes some system and hardware settings, customize some Windows application settings. Control user accounts with policies. I've used a few of Freshdevices products and am very pleased. Yes you do have to "register" via an email address to get your "unlock" keys, but while I do get regular emails from them, it's not at a level I would consider "spam or bacon". You can opt-out of the mailings once you get the keys, though I never have. (Win 9x through XP)

  • Game XP - (freeware) - Claims to optimize the performance settings for your system for gamers. Works by disabling some "non-critical" services, and changing cache settings and CPU priority. Changes made can be restored to the previous state. Not for everyone. (Win 98 - XP)

  • Glary Utilities - (freeware) - While a bit thinner than many other in this list in the "tweaking" department, Glary Utilities does provide a nice user-friendly interface to allow you to Clean Up & Repair elements of your Windows system, Optimize & Improve Windows features, make changes to Privacy & Security, make changes to Files and Folder" settings, and includes a few System Tools. These include a registry cleaner, shortcuts fixer, startup manager, temp-file cleaner, "tracks" eraser, spyware remover, memory optimizer, context-menu manager, secure file shredder, file un-deleter, file encrypter/decrypter, duplicate file finder, empty folder finder, file splitter/joiner, process manager, IE fixer, and quick-link to some Windows tools. Heavy in the utility department. (Win 98 - Vista)

  • Microsoft Tweakomatic 1.0 - (freeware) - It is very hard to explain just what Microsoft's "Tweakomatic" is or does, or even who really needs it. Best left to administrators who want to tweak remote systems, it uses WMI scripts to apply to remote systems. I suppose you could run the scripts on the local systems one at a time as well... (2000, XP, Server 2003)

  • Mz Ultimate Tweaker - (freeware) - Claims to provide powerful speed tweaks for Windows XP with in-depth help file explaining all the tweaks. Features include: "Performance Tweaks, System Tweaks, Service Tweaks, Visual Tweaks, Internet Booster, Internet Explorer Tweaks, Windows Media Player Tweaks, One-Click Tweaks, Fast Disk Cleaner, Registry Optimizer, StartUp Manager, Services Manager, and Backup - Restore Service". (XP)

  • MZ Vista Force - (freeware) - Requires .Net 2.0 installed to run. The GUI for this application seems a bit heavy on eye-candy...but is an improvement over the XP version's interface. It allows you to make performance adjustments, "hidden" OS settings, optimize/tune your Internet connection values, manage your startup items, manage some Windows services, backup/restore your Vista registry and execute the System Restore Service, and (this is the real value) comes with concise documentation for each tweak element to help you decide if that is a change you want to try. (XP)

  • Pitaschio - (freeware) - Cute and handy tweaking tool. snap windows, keep windows inside the monitor edges, force a window to remain top-most, minimize windows to system tray, set desktop icons to be very small, disable keys, lock mouse and keyboard for cleaning, take mouse and keyboard statistics, figure the age of the moon, control sound volume using mouse wheel, display sound level on the screen, and a few more. Not sure exactly what's compatible; (Win 9x-XP?)

  • Safe XP - (freeware) - Nice all-on-one-page tweaking tool to make changes to services, network items, IE, Media Player, MS Office, Start menu, MSN Messenger, and a few miscellaneous items. Also has a one-click "Recommended Settings" button to get you started. Download, unzip and you are good to start tweaking; portable. (Win 98 - XP)

  • Stardock LogonStudio - (freeware) - From the developer's description "Stardock LogonStudio allows Windows XP [or Vista] users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users" It's a nice and simple way to update the XP or Vista logon screen. Personalization at the first point! (XP/Vista)

  • Stardock TweakVista - (freeware/$) - Stardock is beta releasing TweakVista. This one looks really good! From the developer's beta release description:

TweakVista is a utility that enables users to optimize the performance and behavior of Microsoft Windows Vista. The program has been designed to allow both casual, non-technical users to safely use it as well as contain a host of advanced features for power users to dig into the internals of Windows Vista. The feature-packed utility includes features such as:

  • Security Handling. Users can now easily and safely adjust the way Windows handles security prompting including the new UAC (User Account Control)
  • Memory Optimization. TweakVista knows which start-up services different types of users will typically use and offers recommendations on what services to disable. Users can easily switch between different profiles (including the default) based on their needs to maximize performance and memory use.
  • Resource Control. Tweak Vista has several features for keeping an eye on and flagging programs that use excessive amounts of resources (memory, CPU, or system handles) as well as integrating seamlessly with built in hardware diagnostic reports.
  • Start-Up Management. TweakVista not only will display and enable users to control what programs are loading on start-up but will identify in plain English what these programs do. Internet integration in the software allows users to comment on these processes within the program to one another.
  • Performance Assessments. TweakVista uses the new Windows Vista assessment features to benchmark nearly every aspect of a user’s PC and allow them to submit their results for comparison with other users of similar or upgraded hardware.
  • integration. TweakVista partners the software development skills of Stardock with the on-going tweak expertise of to provide an on-going live database of helpful tips and tricks for maximizing the Windows Vista experience.
  • Startup Program Unblocker - (freeware) - Another very specialized tweaking application for Vista. Normally Vista will prevent you from running a program in startup with administrative permissions (more details in this post). You can work around this by scheduling an application to launch as a "task" at startup under administrative privileges, or you can use this utility to help automate that process in a nice GUI interface. Not needed by most Vista users, but if you do, it is a godsend! (Vista)

  • Tweak VI - Vista - (freeware/$) - This product takes a "layered" approach. You can download and use the application for free, or you can upgrade to a "Premium" or "Ultimate" version of the product. for access to the additional features each provides. The basic (free) version allow you to make changes to the desktop, Start Menu, IE, Firefox, hardware, system information, virtual desktops, system folders, mouse handling, Outlook, and shutdown shortcuts. The Premium version adds on some performance optimization utilities as well as network and software/system backup management. The Ultimate version includes those as well as system optimization, folder stats, folder icon tool and protector, pagefile tweaks, virtual drives, service manager, application restrictions, UAC tweaks and removable drive restrictions. (Vista)

  • Tweak N' Tune (TNT) - (freeware) - It is a shame that the Acelogix Software page is so spare. There really isn't anything there to entice someone to try this product. No screen-shots, no in-depth feature description. However, after the download, interested tweakers will find a very robust tweaking application. The two-pane, tree-style format is very similar to X-Setup Pro. You will find three major categories of tweaks; "Windows Tweaks", "Security Tweaks", and (Windows) "Software Tweaks." Inside each are broken down into a number of sub-tweak categories that will cover almost every area of your system tweaking needs. What sets this tweaker apart from many in this list is that a very detailed explanation is given as to what exactly will happen with each tweak option. This is very useful to the noobie tweaker. Really clever little application which I like a lot. Not a lot of eye-candy and very nice layout and embedded documentation! (XP)

  • Tweak-XP Pro - (trialware/$) - Very full featured tweaker. This one might have enough options to justify the $ for the full version for power-tweakers. Per the developer description, "Activate hundreds of hidden Windows settings, clean your registry, activate system restrictions, block popups, block banner ads, get detailed system information, create a RAM Disc Drive, protect your privacy by cleaning your hard drive, repair zip files, manage TrueType fonts, improve your Internet connection, optimize your CPU, optimize your RAM, and much more ..." (XP)

  • TweakUAC (freeware) - This very simple but powerful utility allows folks running under an Administrator-level profile to easily turn off UAC (User Account Control), turn it back on, or keep it running, but suppress the UAC elevation prompt requests. (Vista)

  • TweakUI - Microsoft PowerToys for Windows XP - (freeware) - I think this is the original system tweaker. It is old but still a great utility to have. I install it on all my Windows XP systems during the initial setup steps. Microsoft doesn't "officially" support it, but it is stable and very safe and easy to use. (XP or Server 2003)

  • TweakXP - (trialware/$) - change hundreds of XP registry setting that control appearance, performance, functionality. Lock down control panel items and indicate which applications can and cannot run for various users. Adjust mouse settings, Internet Explorer, desktop elements, the Star menu and toolbars, the control panel, and system security (to name just a few). (XP)

  • Vispa - (freeware) - from the developer of xpy. Follows the same tree-style option selection format which I like. Tweak many of the Vista default services, IE behavior, and other security, privacy and performance settings. Very small and easy to use. (Vista).

  • Vista Shortcut Manager - (freeware) - Want to tweak the obnoxious shortcut icon in Vista? This is the app for you; remove it, make it very tiny, or change the arrow to another overlay graphic. It's all possible with this l33t application! (Vista)

  • Vista Visual Master - (freeware) - Interesting little application for Vista tweaking. Change system settings like the arrows on the shortcut icons, show Windows version on your desktop, or hide all desktop items, enable/disable the Sidebar, force DWM effect and create separate processes for desktop and explorer. Patch your theme so you can use other themes. Change your system icons. Change the boot and logon screens. (Vista)

  • VistaTweaker - (freeware) - Straight-forward application with minimal eye-candy. Seven tabs filled with tweaking options to cover modifications to the System, Windows UI, Internet Explorer, Software, Network, Performance, and Miscellaneous settings. What makes this really nice is that the developer has taken the time to display "tweak-tip" descriptions for every tweak available. This can help you decide if this is what you really want to do or not. No installation required. (Vista)

  • Vista4Experts - (freeware) - Nice and simple checklist-style tweaker for Vista. allows you to toggle on/off various settings for the security center, UAC, Windows Defender scanning, auto-updates, changing your default IE search provider, start-menu power-button and many, many more. Small, light, and portable. A must for Vista users who want to tweak core settings. (Vista)

  • WinBubble - (freeware) - See also these screenshots from SnapFiles. This is simply an amazing tweaking tool. Yes, you can easily and quickly change settings for the Vista Bubble, Ribbon, Mystify, and Aurora screen-savers, but much more than that as well. These include extensive security-related tweaks, general system tweaks, icon tweaks, optimization tweaks, IE tweaks, Miscellaneous tweaks, and various clever tips and tweaks. In addition a button-list of "tools" you can launch are available as well to create your own "Tweaking Toolbox". Simply amazing, This is a must-add to any Vista-tweaker's toolkit. The product webpage is very busy and makes my head hurt, but to their credit, it is rich with information if you can find it. (Vista)

  • Windows Sidebar Styler - (freeware) - Allows some easy fine-tuning of the Windows Sidebar and provides extensions to the Windows Sidebar in Vista. Supports custom styles for resizing and customizing how it integrates with other elements. Still being refined but looks pretty handy. (Vista)

  • X-Setup Pro - (trialware/$) - Claims to handle tweaks and settings for over 1,900+ settings in Windows. Uses XML formatted "plug-ins" to manage tweaks. The highest level of tweaks are categorized under "Appearance," "Hardware," "Information," "Internet," "Network," "Program Options," "Startup/Shutdown," "System," and "Virtual Paranoia". I'd sub-list in more detail but I don't have enough room on this blog! You can also tweak a number of popular applications for Windows as well if they are found installed on your system. No other tweaking program I know of does this. Not only this, but you can make a "portable" version of the program to use on a BartPE disk and apply changes "offline" to a target system's registry without needing to install the tool on that system. That is amazing! Uses a hierarchal tree style format for organization. I simply cannot list all of the options available. Take a look at this "overview" page for more details. Screenshots page. Supports a bazillion custom "plugins" for specialized applications as well. See also a free older version 6.3) (Win 98 - Vista)

  • XdN Tweaker - (freeware) - It doesn't have tons of tweaking options, but does focus on ones that most users may want to attend to. No installation required (but .NET is for XP/2003). Address areas with Vista UAC, Control Panel, Media Player, Right-Click context options, Files and Folder tweaks, File Associations, Start Menu, IE7, Outlook Express/Windows Mail, Misc. Tools, and System Settings. Pretty handy little utility. (Vista and XP/Server 203).

  • xp-AntiSpy - (freeware/donationware) - Site in English/German and it looks like the English side is having issues. You can make changes individually or apply one of several "pre-set" profiles. I really like the simple check-list like interface with easily understood status icons. This format really allows you not only to see the current state of these elements, but also be sure you are making the changes you want. Small, light and portable. Clever tool. (XP)

  • XP-Config - (freeware) - Four tabs; "Security" (to control logon/logoff, autorun, network, and misc. items), "Performance" (to address boot functions, memory, drive acceleration, and max downloads for IE), "Misc" (to deal with dialog boxes, appearances, device deactivation, and some misc settings), and "Information" about your system. Nice little portable, no-install tweaker. (XP)

  • XP Security Console - (freeware/$) - Great little "niche" tweaker to allow you to make changes in XP Home that would use the Group Policy Editor. This tool allows you to selectively make "Group Policy" changes to security settings in both XP Home and XP Pro that you normally wouldn't be able to make. Really cool and handy. (XP)

  • xpy - (freeware) - Very tight and tiny tool to change some "privacy" settings in XP including Windows calls home to Microsoft, disabling of questionable services, tweaking IE, tweaking Windows Media Player, removing Windows Messenger, some security and privacy setting tweaks, and some moderate performance tweaks. Presented in a "tree-style" manner with tick-boxes. Also supports restoring system to previous settings. (XP)

If I have left any of your favorites off and you would like to contribute, please feel free to add them in the comments section.

And no, I don't recommend running them all at the same time as I did to get that full-size screen capture as seen in the top image.


Weekly Quality Finds: Music, Passwords, and Microsoft Mixes

Maybe it has just been me feeling sick and mentally fatigued, but this past week seemed to present less than the usual number of interesting blog posts in all my favorite blogs and tech-feed sites.

It was really hard finding anything to be excited about.

I really had to stray far off the beaten-path to find good material.


The Apple MacBook Air commercial that has been airing have had a singer with a voice that reminded me very much of the Heartless Bastards' lead singer Erika Wennerstrom a bit, both in the style and tempo as well as the "rough-around-the-edges" quality of the voice.

I did a search and found that the singer for the Apple Air commercial is actually a French-born Israeli singer by the name of Yael Naïm and the tune is called "New Soul".  Buzz Sugar has a great post about her as well as some YouTube video links: Singer to Watch: Who’s Singing That MacBook Commercial?

I'll be adding her album to my iTunes collection.

I still say the song is rhythmically very similar to something the HB's would come up with.

BTW, there are a lot of great YouTube videos for the Heartless Bastards; "All This Time", "brazen", and "Grey" for just a few.

Mouse Print - Neat little website devoted to "reading the fine print." Good number of posts that go into the details of all the "gotcha's" associated with consumer goods and services.  Posts average about one a week but they are fun and interesting to read.

Got Passwords?

I don't usually password most of my files or documents at home.  However, Having the tools to manage them is always a good thing. 

I was helping my father-in-law last night (via the fantastic and free ShowMyPC) change his POP3 and SMTP email server settings to the new secure servers and settings after his DSL provider got gobbled up by AT&T.  He didn't remember what his Thunderbird password was and as these were new servers, we were having to enter them in again to authenticate for the first time.

In Thunderbird it is very easy (assuming they have be set to be stored). just go into Tools --> Options --> Security --> View Saved Passwords. Then in the Password Manager, click "Show Passwords."

Got him up and going again.

NirSoft has a great collection of freeware Password Recovery Utilities. The ones I carry on my USB sticks are Asterisk Logger which shows passwords displayed behind asterisks in Windows boxes, Protected Storage PassView which shows passwords of POP3 accounts for IE, Outlook Express and MS-Outlook, IE PassView which shows passwords stored in Internet Explorer, AsterWin IE which allows you to view web-form asterisk hidden passwords in IE, Mail PassView which can recover the passwords for Outlook Express, Microsoft Outlook 2000 (POP3/SMTP Accounts only), Microsoft Outlook 2002/2003/2007, Windows Mail, IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free, and Web-based email accounts, PstPassword which recovers passwords from Outlook PST files, Access PassView which reveals Microsoft Access database passwords for Microsoft Access 95/97/2000/XP, and AsterWin which allows you to view asterisk hidden passwords in Windows Text boxes.

If you have lots of passwords to manage and want a way to both generate super-secure passwords and save them, then look no further than KeePass Password Safe.  This Open Source (freeware) application cannot be topped when it comes to password management.  It is about as rock-solid dependable as you can get and the GUI is highly refined.  You can install it on your main system, or get and use the USB "portable" version as well.  I will not recommend any other password manager than this one. Period.  That's how good I think it is.

For the few files I do want to password, these may be Microsoft Office and PDF documents I have passworded to prevent modification. Not to hide any secrets.  I also will password compressed files that contain malware that I have located and am saving for review or sending to anti-virus companies for analysis.  I do this to prevent their accidental opening and "re-launch".

For the very select group of files (usually financial in nature) that I do wish to keep 100% secure, I use TrueCrypt to tuck them away in a encrypted file "TrueCrypt" volume.  This Open Source (freeware) product is another of the best encryption programs that I am aware of. The latest version supports entire "live" partition or storage device encryption on the fly, it can create encrypted "virtual disk" files which it can mount so you can access the contents, and it can encrypt the same partition or drive where Windows installed (using pre-boot authentication).  It is really cool and effective.  There are lots of great commercial/enterprise drive/partition encryption products out there, but I must say, this is one of the best and as it is Open Source, it is 100% free and actively being maintained and features added.  The Security Now Podcast covered TrueCrypt in depth in their Episode 41 and the newest features in Episode 133.

But what do you do if you have passworded a file in the past, but you forgot the name and where you saved it? Or maybe you are examining a target system and as part of your review methodology, you want to see if there are any passworded files present?

It would take a lot of time to open every file on the system.

Until now.

Password Encryption Analyzer - (free/$$$) - This product scans a target system to see if any of the over 100 file formats it recognizes are present and passworded.

I installed it on my system and ran the "Recommended" scan.  My drive is a 500GB drive with four partitions.  The program scanned almost 96,000 files in just over 32 minutes.  It found 23 passworded files.  Six were ones that we had ourselves passworded,  four were PDF files that were passworded by their authors against modification/text copying, and the rest were assorted program files passworded by the software developer.

Scan results provide you the file-name, folder path, suggested recovery options, file-type, document type, protection method, and modified date and file size.  It's a pretty big application (by my standards) but seems to be "portable" and can run off USB.

Really neat tool.

Of course, the free version just allows you to find the files.  You have to pony-up for advanced features.  And if you want to actually try to breach the passwords, they do offer their Passware Password Recovery Kit (standard or Enterprise versions available) but we are talking serious three to four-figure $'s here.

Certainly not a tool for everyone, but for those who need it, not a bad utility to have handy.

Other related freeware tools the company offers are Asterisk - Password Unmasker and Instant Messengers.

Spotted via Download Squad.

Microsoft Mix - LUA Tools

I have to stay up on developments on Microsoft products as most all of our systems are Microsoft based.  Usually I am looking for utilities and tips/tricks that will help me better administer the Windows systems we support.

Aaron Margosis' "Non-Admin" WebLog mostly covers Windows security-related issues revolving around the use of "least-privilege" user accounts.  The idea being that to have maximum "system" security, a user's account should be set at a level with the least amount of system privileges necessary to still run the needed applications.  This way if an attack (virus/trojan or otherwise) occurs on the system, the attack vector will have difficulty (or be totally prevented) from doing system-wide damage by leveraging unused higher privileges the user account may carry but the user doesn't ever need.

It's a difficult thing getting this set just right, and Aaron works hard on his blog to clear up misconceptions and provide tips and techniques for both coders and admin's alike.

Two tools that he uses are LUA Buglight and the Microsoft Standard User Analyzer tool.  The MSUA is no longer downloadable as a standalone program, but has been incorporated into the Microsoft Application Compatibility Toolkit v5.0

LUA Buglight helps programmers and sysadmins identify why a program isn't running correctly under "Least-privilege User Account" settings. Download the free file, unzip it, run the exe unpacker and the files are ready to run.  There is a great Word Doc file that provides some great in-depth usage information.

The Microsoft Standard User Analyzer (SUA)..."is a tool that independent software vendors (ISVs) and IT developers can use to diagnose and identify possible application compatibility issues when migrating applications from running as administrator on down level Windows operating systems to Windows Vista which even with administrators run most programs with standard user privileges by default."

Microsoft Mix - IE8 Details

Meanwhile, the IEBlog team has had a number of interesting posts providing more background information on the Internet Explorer 8 version.

IEBlog : Installing IE8 - details on what systems IE8 is supported on and how to install/remove it.

IEBlog : IE8 and Loosely-Coupled IE (LCIE) - technical details on how IE8 may be more secure by "sandboxing" each tab/frame element process from the IE8 iexplore.exe system process.

IEBlog : The IE8 Favorites Bar - nice light review of some of the finer elements that are changing in the "favorites" bar in IE8.

IEBlog : Address Bar Improvements in Internet Explorer 8 Beta 1 - some changes are harder to find than others.

IEBlog : Using The Emulate IE7 Button - yes, I know it is hard to believe, but many sites don't recognize the IE8 user agent string as a supported/allowed web-browser.  IE8 beta currently ships with an embedded "emulate IE7" button so you can try to trick web-servers into thinking you are really using IE7. Clever.

Curious now and want to try out this very beta version of the next Internet Explorer build?

I would warn you against it, but that might not do any good....

Here you go: Internet Explorer 8 Beta: Home Page

You are on your own.

We haven't even officially adopted/approved use of IE7 yet in our computing environments; we are still using IE6.  Only us desktop support and IT folks are using it.  No word yet when (if ever) we will release it to the masses of our users.  So it seems kinda funny to already be talking about IE8 right now.

Me? I'll keep following IE8's developments, and may eventually get around to loading it on one of my Virtual PC XP systems to play around with it.  But for the long-haul, I'm still sticking with Firefox 3.

Microsoft Mix - Workstation Migration Assistant GUI (beta) out

Dan Cunningham has been very hard at work making a GUI interface for Microsoft's User State Migration Tool (USMT).   T isn't really for most individual (home) users.  USMT is a command-prompt based tool, so it can be a bit clunky.  Having the GUI wrapper should make the process much easier for many administrators.  It has been in beta for quite a while, but now Dan has made available a public download for the beta version

Workstation Migration Assistant 1.0 RC1 - via Dan Cunningham.

Note, this tool does require the Windows User State Migration Tool (USMT) to be installed. The program will auto-download the file (upon user confirmation) or you can download the latest release (version 3.0.1) from the above link.

Source systems supported are Windows 2000, XP, and Vista.  Destination systems supported are XP and Vista only.

Related link of Windows user-account transfer tools and resources: Random Signals: A Linkfest.

Microsoft Mix - Vista SP1 coming soon!

Finally, word on the street is that this week, Microsoft will start publicly releasing Windows Vista SP1.  You can manually download the "standalone" installer/update file or wait until April when it should show up in the Windows Updates offerings.  TechBlog's Dwight Silverman recently provided a great list of things you should do to get your Vista system ready for the SP1 upgrade: TechBlog: Available next week: Windows Vista SP1.

You might want to get your Vista Recovery Disk burned and ready in advance. And make sure you have your OEM system-restore disk handy as well. 

Now...where did I put ours?

No word when XP SP3 (final) will get presented to the public launch-pad.


Claus gets infected

Yep who knew.  Can happen to anyone. Only in my case it hasn't been any of our computer systems, it has been my own "personal" system.

Episode One

About three weeks ago my upper right arm--and to a lessor degree my forearm--began to be "hypersensitive."  Shirts rubbing on my arm felt like someone was tickling me.  A few days later I noticed a "rash" on my lower bicep. Eguhh. It spread to about the size of a silver-dollar and then started to fade away.  About the time it was hardly noticeable, about one week later, I noticed four little blisters appear.  They started out looking like little fire-ant bite blisters, which I though they were.  Mid-way through the second week I knew I wasn't dealing with any fire-ant bites. Things started to get a bit "icky."  Eventually they cleared and I was left with two nice deep scabs.  They have just dropped off and now I have one big chunk and a small dot chunk of skin missing.


It looks very similar to what I encountered when i got stung by a hornet a few years ago. Only I don't recall ever being stung by anything during this period. If it was anything close to a hornet, I'm sure I would remember it.  I'm not allergic to insect bites.

Only thing I can figure is when I was cleaning out the weeds from the backyard and side garden (one week before I noticed these symptoms) something got up my shirt-sleeve and envenomed me.  Don't think it was a bee, as I had four clear "hit" points.  Could have been a smaller wasp, although I've been stung by those in the past and remember it pretty clearly.  Lavie says it could have been a spider.  Possibly, but obviously not one of the really venomous kind.

I say "venom"  as the damage looks pretty cool.  This wasn't a poison-ivy reaction.  The symptoms were just weird.  I was never in any pain or discomfort, just the hypersensitivity.

Yes, I should have seen our doctor as things were getting cooking, but as the wound didn't seem to "serious" or exhibited any outward signs of infection, I wasn't too the time.

So now I've got these cool little depressions in my arm and another scar-story to tell.

Episode Two

Seems like when I got back from Austin, I ended up coming back with a viral cold. 

It onset mid-day Monday.  Body aches, coughing, irritated throat.  I made it through Tues. because of the work on my plate, but by Wed. and Thurs. I had to stay home to get some bed-rest in.

Yes, this time I did see our Doctor on Wed.  Told me to take lots of fluids and keep up with the decongestants and Alieve.  Which I have done.

I'm still coughing just a bit, but my energy level is getting better now.

This "Texas-Crud" as we call it in our home, seems to hang around for about two weeks before finally clearing all the way out, so I think I have one more week of lightening symptoms to plow through.

Episode Three

Yesterday I spent six-hours at our local Nissan service department waiting room.  We had a lot of service repairs done about a month and a half ago on Lavie's 2001 Altima.  Engine stuff.  Nothing "bad" but lots of maintenance work.

So I noticed that ever since it was returned, there was a very small fluid leak spot on the driveway under where Lavie parked.  I eventually traced it to power-steering hose area.  I was pretty sure that a clamp on the bottom of the reservoir was loose and tried tightening it to no success.  I didn't want to replace it as I knew that if I over-tightened it I might cut the hose or break the plastic nipple it attached to.  Also, it was "possible" that the power-steering pump was over-pressurizing the system and forcing the fluid out.  The fluid level in there was still in the "safe-zone" and the drip volume seemed to be light.  I told Lavie to keep an eye on things while I was gone and when I got back I would run it into the shop for a good once-over.

The Nissan service shop opens up at 8:00 am on Saturdays, so as I got there at 8:05 AM it meant that there were about ten customers already ahead of me. The wait began.

When I finally left they had replaced the clamp (yep, it looked tight but wasn't putting any pressure on the hose, even at full clamp) and cleaned the engine belt from the fluid splash-over.  I also had the front brake-pads and the fuel filter replaced (first time in almost 50,000 miles) and the rotors turned.  They wanted to replace the battery as well (I've been having to clean the terminal posts of the coral-like buildup every six-months or so), but the prices on Nissan batteries are pretty steep.

I passed and picked one up at half the price at our auto-parts store.  I swapped them out after getting back home.  The old battery terminal posts had a lot of corrosion buildup that I had to clean off first.  I wire-brushed and blew them clean, swapped batteries, and returned the old one to the store for the "refund".

Lavie's car seems to be running much better now. Starts great.

Only when I woke up this morning, my left eye was almost stuck shut and red as a raspberry.

Seems that while I was cleaning the old battery, a bit of corrosion debris got into my eye and irritated it.  I was wearing glasses, but not full-coverage safety glasses I have and should have been wearing.

So now I am flushing my eye every few hours and putting eye-drops in.

Can't win for trying.

The Cure

Once my energy level nears 95% in the next week, I've decided to kick it into gear and begin my weight / jump-rope exercise routine again.  Also going to go back and start adding in more fresh vegetables and fruit into the Valca meals. 

We don't eat much red-meat; we do eat pork and chicken quite a bit. I must find an area grocery store with a decent selection of fresh fish.  The frozen kinds are icky (flashbacks to parochial-school Friday meals) and our regular grocery store selection just isn't worth considering.  I know we have some fish-markets around here, just got to find them.

I've been under a lot of time-constraints with this project at work, so I've been cutting some corners in the "healthy-living" area.  Looks like it is time to get back on track.

Got to cut the stress, exercise more, eat healthy, and get more rest.

That's the best "personal" anti-virus protection I know of.

Top 42 Exercise Hacks - ZenHabits Blog

4 Simple Steps to Start the Exercise Habit - ZenHabits Blog

A 12-Step Program to Eating Healthier Than Ever Before - ZenHabits Blog

10 Tips To Take Back Control Of Your Health And Get On The Path To Wellness - ZenHabits Blog

Summer Express: 101 Simple Meals Ready in 10 Minutes or Less - New York Times