Did you know that there are secret meanings behind the twist-tie colors used on loafs of bread?
My grandmother seemed to believe she had special divine knowledge of these codes from above (although the only golden plates I ever saw her with were for serving Hors d'œuvres). She would carefully spend what seemed like hours hunting through the loafs finding a certain color of twist-tie.
Or maybe that just explains were the OCD comes from in the family.
Now that I've gotten Vista SP1 on our laptop successfully, I now get to turn my anxiety to awaiting the upcoming release of XP SP3.
Will we block it from auto-installation across our XP systems at work? Unknown yet.
Will I make a slipstream version of XP Home/Pro setup disks? You Bet!
What am I looking most forward to in XP SP3? Hopefully seeing some performance gains.
Windows Incident Response: Registry Analysis - What Is It?? - In this post, Harlan goes in-depth to consider what may be an often overlooked area of exploration; the Windows Registry. As he points out in the opening post, the majority of research work I do involves hunting up a particular string of interest. However, it can contain a whole lot more powerful information, such as the last time a certain document was accessed, not just by the user, but various applications, or maybe when a USB stick was plugged in under a user's account.
Looks like Harlan is making a sweet registry analysis tool and teasing us with it.
I'd love to get my hands on this thing!
Meanwhile, not to be outdone, Didier Stevens has posted a new tool of his own: the Basic Process Manipulation Tool Kit. Designed by Didier to be used in researching security mechanisms implemented in user processes.
The toolkit has commands to search and replace data inside the memory of processes, dump memory or strings, inject DLLs, patch import address tables, … I’ll be posting examples in the coming weeks, illustrating how these commands can be used.
Didier then provides a fascinating example using Firefox 126.96.36.199 and how it manages the storing of passwords in memory.
I'm curious how this tool might be able to be applied to researching running malware processes and look for URL's and embedded passwords in the malware programs. Might be very helpful.
I can't wait for the example posts to start flowing.
4sysops does a brief review of one of my favorite registry tools, RegAlyzer by the same team that brings us SpyBot Search and Destroy. Not only does it provide multiple search results, but also has undo/redo logs so you can go-back and "fix" editing work in the registry if you use this tool to make those changes.
I also really like these freeware registry tools: RegistrarLite, ERUNT and NTREGOPT, RegASSASSIN, RegClean, RegHance 2.12 (LavaSoft product now only found on MajorGeeks), Process Monitor (Sysinternals), and RegScanner (NirSoft).
Windows Search 4.0 Preview - This new beta release allows you to perform searches for documents and files/folders on your system. It is like the old "F3" Windows search, but on steroids. Much more powerful and much more useful.
Windows Search 4.0 includes the following improvements:
- Support for the Encrypting File System (EFS)
- Reduced affect on Microsoft Exchange when you index e-mail in online mode, and there is no local cache (.ost)
- Support for indexing online delegate mailboxes
- Support for client-to-client remote query to shared indexed locations
- Improved indexing performance
- Faster previewer updates for Windows XP
- Per-user Group Policy settings
- Windows software updates for Watson errors
- Support for the following new enterprise Group Policy objects:
- Prevent adding Universal Naming Convention (UNC) locations to index from Control Panel
- Prevent customizing indexed locations in Control Panel
- Prevent automatically adding shared folders to the index
- Allow for indexing of encrypted files
- Disable indexer back-off
- Prevent clients from querying the index remotely
- Allow for indexing of online delegate mailboxes
- Prevent adding user
- Specified locations to the All Locations menu
- Enable throttling for online mail indexing
- Prevent adding UNC locations to the index from Control Panel
- Prevent customizing indexed locations in Control Panel
- Prevent indexing certain paths
- Default indexed paths
- Default excluded paths
Supporting XP (SP2 or SP3), Vista (SP1), and Windows Server (Home, 2003 and 2008), it looks to be a great addition to beef up the search capabilities of your system.
The interface is much updated and has a more "Vista'ish" look.
Windows Search 4.0 vs. Google Desktop 5.5 - Download Squad
Remote Search in Windows Search 4.0 - Brandon Live!
Meanwhile, over in the IE8 development dungeons....
IEBlog : Add-on Management Improvements in Internet Explorer 8 - Turns out the IE8 team is looking to make management of BHO's, Search Providers, and other browser elements much easier to manage in IE8.
This post goes into some of the finer details of the design and implementation. I had almost as much fun reading the comments. I think IE8 is on track to learn some good lessons. Having the ability to easily manage and disable/delete unwanted BHO's from an IE installation is always a good thing. Previously, this often meant having to get into the registry to clear out some of these items. While not all bad, many BHO's I've encountered came from drive-by malware installations; toolbars, searchbars, etc.
It appears that one of the more looked for features in Vista SP1 got stripped out: that of being able to create a Windows recovery CD with an easy-to-use GUI interface.
However, all is not lost. Sure you can download a Vista Recovery disk ISO from NeoSmart.net, but if you want to add this feature back into your native Windows Vista SP1 system, you can with a little bit of a hack: Recover “Create a recovery disc” on Vista SP1 RTM - iStartedSomething blog.
Long Zheng provides an easy to follow guide to getting it restored. Just pay careful attention to all the file-permissions mojo steps. Don't know if this will be helpful to everyone. Probably easiest just to go get and burn the ISO version instead. Certainly not something most users will need every day, but I tend to collect these sort of utility disks....
See also: Windows RE Notes
Download Squad did a post on Hinx Backup Easy which is a free Windows backup solution. Other mentions in the ensuing comments were Cobian Backup and AutoVer. I've covered some of my own favs in File Managers, Copiers, and Sync Utilities posting.
Dan Cunningham provides a nice solution (though a registry hack) for Disabling Apple Software Update items. I personally just use "AutoRuns" to disable it as a startup item in Windows, then do manual checks for updates periodically. However, each time I update iTunes, it gets restored, so I have to remove it again.
Turns out that the current "Excellent" rated winners of their Firewall "leak-test" results are Online Armor (available in a freeware version), Comodo™ Firewall Pro (also free), Prosecurity (not free), and Outpost Firewall PRO (also not free). Three other firewalls received "very good" and "good" marks.
Nice to know the folks at Matousec remain hard at work testing, and that excellent software-based firewalls for the masses are available for free.