Just past 6 PM and most of the Valca household chores are done.
One last linkfest to empty out the blogging hopper.
Wireshark version 1.0 network sniffer released - News - heise Security UK - Actually it has been a few weeks since Wireshark's v 1.0 release came out. It's still all good. Available in builds for OS X, Linux, and Windows (and USB portable) systems. All free.
Microsoft Network Monitor 3.1 is another full-featured software sniffer some folks also prefer. Lots of good elements to it. For some how-to's take a gander at this Microsoft guide: How to capture network traffic with Network Monitor.
And if you want a good collection of other freeware network utilities, don't forget this GSD post: Free Network Utility Nuggets.
SpywareBlaster v4.0 - (freeware) - is one of my favorite tools for helping to protect client workstation browsers from the dangers of malicious websites and surfing. It has recently been updated to version 4.0. Not only does it prevent installation of Active-X malware, it blocks targeted spyware and tracking cookies in both IE and Firefox. Plus it blacklists a great collection of "dangerous" websites in IE. This latest version is more polished than ever.
Eset - ESET SysInspector - (freeware) - Now out in version 126.96.36.199. Great tool for helping to highlight potentially dangerous running processes and files. Won't remove anything, but a great tool to help analyze systems. See this GSD post for more info: SysInspector: New System Utility from ESET.
Workstation Migration Assistant 1.0 RC2 | dcunningham.net - (freeware) - Another update on a great GUI based tool from Dan Cunningham. The latest changes cleans up the utility used to help transfer user profiles between systems. Nice work Dan! Don't forget his other tip; Disabling Apple Software Update items using registry entries.
RegRipper - (freeware) - Harlan Carvey of Windows Incident Response blog has done us all a great service by providing a beta tool used to inspect and log key entries used in forensic examinations of Windows Registry files. I've been playing with it for the past week and can't wait to see as it continues to be developed. It's a great and easy to use tool. Thanks Harlan! Download hosted over on SourceForge.
PreviewConfig - (freeware) - TweakVista tips us to a new utility by Microsoft MVP Ramesh Srinivasan. This tool lets advanced users quickly and easily register file types with the Windows Explorer file preview pane. Must have for power Vista users.
DynLogger - (freeware) - Wow. For hard-core system process explorers, this tool logs all dynamically retrieved functions by reporting the module name and requested function. Great for looking for "hidden" functions used by an application. Not a daily use utility, but likely to be useful when examining mysterious and/or malicious processes on a system.
Did you see that Adobe FlashPlayer got an update? Browse to the Flash Download site in each of your browsers to ensure you get the proper update. There are different ones for each browser. The updates patch various security issues.
Don't forget to uninstall the old Flash files as needed afterwards! The Secunia Software Inspector online scan will help identify which files you may need to delete afterwards.
Microsoft Sysinternals has pushed some updates to key applications out their doors:
Process Explorer v11.12: This update includes a number of minor enhancements and bug fixes, including support for tracking commit and non-paged pool limits.
Process Monitor v1.30: This major update adds support for importing and exporting filters, records system information in log files, presents more information about specific operations, includes translation of additional operation error codes, and tracks CPU and memory activity that it displays in a revamped process summary dialog.
Also, the ever amazing Mark Russinovich takes on on an examination on System Process CPU spikes in Vista. Turns out it is a Broadcom driver causing all the ruckus!
Before we leave Redmond, one last blog post: IEBlog : IE8 Security Part I: DEP/NX Memory Protection. The IEBlog team shares some insight on how IE8 will leverage DEP/NX memory protection. Interesting angle to take.
Over in Nirsoft, a few favorite products have gotten some updates including CurrPorts and PingInfoView is now released. This new tool pings multiple host names and IP addresses with results displayed in one table. You can set various thresholds for ping/time rates and you can export the results in your format of choice. Great stuff for documenting networking issues.
IcoFX - (freeware) - This great and awesome full-featured icon editor and creator has had a major update to v. 1.6. I really like the power in this tool. Not only can you download an installable version, but the developer has kindly had the foresight to provide a portable USB version as well. Awesome!
Windows Tip: Simulate "No to All" in file copy dialog - Download Squad - Ah! Just hold down the "Shift" key when you click "No" and you effectively have done a "No to All" action! I will remember this one!
Mark Jacobs's MJ Registry Watcher - (freeware) - Is a great tool used to monitor key Windows startup files, registry keys and values often attacked by trojans and malware. It will catch and alert on many registry changes. I like using this tool when I am installing new software on my system to try to catch all the places it drops into the registry. The latest version is 188.8.131.52. It's similar in many ways to the fantastic application WinPatrol.
Interestingly, Bill Pytlovany is getting ready to release the first beta version of WinPatrol 2008. Can't wait to see what's coming!
CPUID - (freeware) - Used to monitor and get information on your system's processor(s) has just been version-bumped to 1.44.2. Always interesting to see what exactly is going on with the CPU in the machine.
SIW | System Information for Windows - (freeware) - A great system information gatherer that is 100% standalone has been version-bumped to 2008-04-02. The latest version includes a new "Security" module, WinPE 2.1 support, U3 support, enhanced "Updates" module. Enhanced "Ports" module. Detection of MS Office Pro Plus 2007. More hardware and software support, along with the latest AMD/Intel CPU's, an updated device database, and miscellaneous fixes. Also worth downloading and using, the SIV (System Information Viewer). Quite incredible.
Hope you didn't get whiplash there with that linkfest.
Got to go on a burger run.