Monday, October 27, 2008

Like a Hammer to my Head….Linkfest

I really need to be blogging a Linkfest past 11 PM on a Sunday night.

I’ll be getting up at 5 AM.  I’d do the math but I don’t think it is going to work out in my favor.

I had expected to do a lot more blogging this weekend that I ended up producing.

See…I spent a majority of Saturday swapping out our wired D-Link router with a spanking new D-Link wireless router.

Yeah, during the setup process I ended up blue-screening our Vista notebook, spent hours of extra time troubleshooting the other laptop’s hardware, BIOS, and OEM software, and black-screen-reboot looped our XP desktop system.

Not bad for a day’s work.

Yes I got all three of them working again.  No, I didn’t get the monster causing the havoc and pandemonium fully resolved.  That’s pending a tech-call to D-Link, per their request.

Yes the wireless is working awesome on both laptops, as are the wired connections.

All-in-all it was quite a learning experience.  Still have some more lock-down overkill configurations to go through but I’ve done enough at the moment to feel pretty secure in my efforts.

And yes, there will be an eventual post about this experience.

That’s my excuse at least.

Hang on, these are going to come at you pretty fast…just like that wireless connection now!

Here's your big plate of Linkfest!

Got your fork ready?

The Big Picture - Boston.com – Really awesome photographic essays from Boston’s on-line newspaper presence.  I really like the space and nature photography, although the photo-journalistic stories are captivating as well.  While I haven’t added this to my RSS feed list, I have bookmarked it in my “must view weekly” folder.

SDN Program News : weblog – Java SE 6u10 has been released to the public in final form.  I’d say this needs a whole other post of its own.  Suffice it to say, stop and go get it right now.  download Java SE 6 Update 10.  See also: Special Event: Java SE 6u10 Release : The Planetarium.  BTW, The Planetarium seems to be a company blog hosting news about all things Java.  Might be interesting enough as a source of leads of Java-related info.

Confessions of a freeware junkie: Export/Import your drivers [update]: DriverMax - great review showing some major changes to the freeware driver backup tool DriverMax.  This one got a major update and has some new features to go on-line to search out the hardest to find system drivers.  No guarantee it will get everything but definitely worth looking into if your drivers are hard to come-by.  See this previous GSD post Backing up Windows System Drivers on why this might be a Good Thing to look into.

I finally dug up NirBlog.  This is Nir Sofer's NirSoft blog.  What makes this so valuable to me is that now I get to see some of the thought and consideration that goes into making these fabulous tools.  For example NirBlog: New utilities are coming soon points out several new goodies just over the horizon.  Most exciting to me is the UserProfilesView: "This utility displays the list of all user profiles that you currently have in your system. For each user profile, the following information is displayed: Domain\User Name, Profile Path, Last Load Time, Registry File Size, User SID, and more." Not sure how helpful this would be to hard-core forensic experts, but to the average sysadmin supporting a desktop in the field, this could be some golden info to have at hand.  Also worth reading is NirBlog: Current AVG False Positives.  I'm so frustrated at work that my system gets pegged on the top of the A/V list logs since the Symantec AV always squeals about the "hack-tools" utilities that involve key-finders, password finders, and asterisk revealers.  All of these are legitimate tools I must use from time to time in my desktop and system support capacity.  However due to the backlash the AV systems give, I have to keep them on a standalone USB stick, with write locked (to prevent A/V deletion) and only use them on demand. Grrrr.  I feel Nir's pain and frustration.  Other improved apps this week from NirSoft are PasswordFox and ShellExView. So go and add NirBlog to your RSS feeds.  You will be glad you did!

PortableApps.com AppCompactor - I don't really ever use an app-compactor utility.  Basically what they do is to re-pack executable files to make them smaller in size.  With USB drives getting bigger by the season and prices falling faster than the price of oil of late, I don't really have a need to make them smaller.  Some folks swear that it makes these programs perform faster on slower USB devices.  I don't know.  I do know that some A/V programs tend to have a higher false-positive alert rate on repacked legit apps as this is a somewhat common technique for some malware writers to use as well.

Frets on Fire Portable - PortableApps.com - I've never really gotten into the whole "Guitar Hero" thing, but Alvis is impressed by it and in the hands of a skilled gamer, it is a sight to behold. Naturally I had to take a look at this freeware version and it is impressive.  It's fairly faithful to the concept and the delivery is spot on. In the words of the tutorial master, I do suck at this game, but it was fun trying!  I might even come back to it.  The game comes with just a handful of tunes, but if you pop over to Frets on Fire Wiki Songs and register (free) you can download what look likes a whole mass of awesome community crafted songs to add-in.  For more info check out the official Frets on Fire Portable homepage.  Rock-on!

Universal Extractor got a seriously major update this past week.  This gem is my secret weapon to avoiding installing much of the software I use.  It will have to rate a post of its own later.  Suffice it to say, if you work with or deal with compressed files or installer packages, you must have this freeware gem on your system somewhere.  It's more useful than a can-opener in a post-hurricane kitchen drawer.  See this change log hosted over at FileHippo for a full breakdown of what you are looking at with your update.

muCommander: a cross-platform file manager - never heard of this one, and I have blogged about a few goodies in file managers before.  This one is neat in that it is truly multi-platform in MacOS X, Linux, Windows, Debian, and even a Java application version.  Take your pick.  It was pretty nice and seemed to work well.

Stupid Chrome Tasks - clever little app written by a coder frustrated with a few but important missing elements in Chrome; namely the ability to clear the download history out of the browser and the second, and likely more important, the ability to export your Chrome bookmarks out of the browser and into an HTML file that other "modern" browsers can all import.  I guess Chrome developers figured it was so great no one would think of going back, thus they wouldn't need to export their bookmarks any more.  Reminds me of something a college history professor said once, "Hubris, it will get 'em every time!"  Spotted over at Lifehacker.

RepairIE is a great program tweaking tool to help you muck up your Windows system and leave it a quivering mass of blue gelatin.  No, wait.  If you don't know what you are doing with this tool it will quickly leave your system a quivering mass of blue gelatin.  That's more like it.  Really it is just an GUI interface to a bunch of important and useful registry hacks.  Good stuff!  Spotted over at Download Squad.  See also the related Nawras PC Supervisor application which also provides a GUI interface to a bunch of tweaks.

VisioCafe - If you use Visio, then you will want to bookmark and investigate the great free template files here.  Lots of pc, network, and related objects.

GoToMyPC : Install Software - Only leaving this link here so I can find it easily.  Been installing a ton of this software last week and never could remember where I direct-downloaded the setup file from.  Now I've got it and bookmarked to boot!

Vector Magic | Precision Bitmap to Vector Conversion Online - Blogged this one before as well.  Kinda related to the Visio work mentioned above.  Vector images scale in Visio so much better than any other graphic format.  However, it can be a challenge to reformat them to look nice.  Vector Magic lets you upload your image files for free and then vectorizes them in a PNG format.  Works very, very good.  Highly recommended.

Then, when you have your PNG vector file, process it one more time with PNGGauntlet - PNG Compression Software This is a great (and tiny) little application that does some kind of magic mojo dance to get your PNG files shrunk down and optimized a bit more.  All I can say is that it worked wonders with the ones that I got back from Vector Magic.  The files processed with no issues and the size was much smaller when done than before.  Good stuff.

Finally, I had the need to download and use the previously mentioned freeware tool Microsoft Research Image Composite Editor (ICE) which stitches several related digital images into a panoramic-style single image.  It worked perfectly and did such a great job, the digital photo expert of our crew was so impressed with the tip, demonstration and results, I got a free lunch out of it.  Not bad!

Cheers!

--Claus

Sunday, October 26, 2008

IE 8’s “InPrivate” mode blocked by OneCare products

In a fairly recent GSD post Blocking IE 8 "InPrivate" Mode I examined how IE 8’s “InPrivate” mode could be toggled on/off via setting of some registry keys

It could also be controlled in a corporate environment with Group Policy settings.  Very nice.

“Jessie” left a comment on that post asking for assistance as he (?) found that on his system that had IE 8 loaded, that “InPrivate” mode was grayed out and could not be toggled on.

I re-walked Jessie through what I did and despite my best attempts, he continued to report those steps did not work at all.

I tested it a few more times on some additional systems with great success, but not to any help with Jessie’s configuration.

So I responded as follows:

@ Jessie - You have me stumped now.

I wouldn't be surprised if the location folder mentioned didn't exist to start off. It didn't on my test system either.

However once I did the steps and made the changes it was and IE InPrivate mode could be enabled/disabled by changing the key that was created.

Just for kicks I fired up a new test system session and repeated the steps on it fresh and it again worked just fine for me.

If you are experienced, you could use regedit to manually attempt trying to create the Internet Explorer, then the Privacy "folders" in the registry. Then finally add the correct dword key and value.

If the steps I listed don't work then there might be some other possibilities, 1) your user account is restricted and won't allow setting of these keys (possible but unlikely), 2) a security program is preventing the key from taking (possible), 3) maybe the IE 8 beta version is corrupted somehow (not likely).

I was really feeling like #2 was the issue, but wanted to do a bit more research for Jessie and dropped over to the Microsoft Discussions community group forums which is always a good source of strong Microsoft-staff and MSVP offered information.  In this case I located the IE 8 Beta group

Discussions in microsoft.public.internetexplorer.beta

Searching around I uncovered this interesting tidbit.

"InPrivate browsing is disabled by default on systems where Windows One-Care or Windows Family One-Care has been installed."

I asked Jessie to drop back if he found a solution as I was really curious as well.

He did:

ONG [sic] wow!!!!!!!!! i do have Windows live Family care on my computer!!!!! wow yu are a super genius!!!!!!!! tahnk you very much!!!!! i owe u one lol!!!!!!!!!
THanks a million!!!!!!
Jess!

So there you go; one more curious piece of the IE 8 and “InPrivate” puzzle.  Stated and confirmed.

If you have either Windows Live OneCare or Windows Live OneCare Family Safety (see also Family Safety - Windows Live OneCare) then IE 8’s InPrivate mode will be disabled by default configuration and protected from change, even with these registry tweaks.

So hard lock-downs of “InPrivate” are possible, at least for the home users (parents) and likely might be as well with proper configuration of Active Directory settings that prevent that particular registry key location from being changed by unauthorized users (employee’s).

I’d be interested in any Active Directory professionals out there who could leave suggestions on just how to accomplish the prevention of adding/setting/changing a particular registry key by a user.  We don’t (yet) use AD to manage our user desktop settings quite yet.  It would be valuable information to know.

Cheers! and a special Thanks! to Jessie for leading down this path.

--Claus V.

Stupid (but handy) Excel Trick

I use Excel a lot at work.  I mean a LOT.

Usually I am content to just find the Excel file I am interested in and just double-click to launch.

However, there are times when I want to work on multiple Excel files in different Excel Windows.

Normally when you open Excel then open another document, they are shared in the same Excel Window.  Yes I know you can change that behavior, but that normally is a good thing.

Say when you want to copy cells with over 255 text characters in them.  Keeping them in the same Excel window session allows copy of the full amount.  Copying between separate Excel session Windows clips them at 255 length.  I can’t tell you how aggrivating it was until I figured that “trick” out.

Anyway, like I was saying, sometimes I want to open a second Excel window when I already have one open.  So normally what I do is just go to my Excel desktop shortcut and launch a new session that way.  Only problem is that opens a blank spreadsheet in the window by default, which I then have to close and then drag/drop the one I want to open into it.

Wouldn’t it be nice—thought I—if I could just open Excel without launching a blank spreadsheet?

Well, you can!

All you need to do is modify your Excel program shortcut as follows:

  1. Browse to the main Excel.exe program file.  Mine was located at C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
  2. Send that file to your desktop as a shortcut.
  3. Go into the Properties of that shortcut and find the target line.
  4. Add a /e to the end of the Target line path like this: "C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE" /e
  5. Apply the change.
  6. Launch the icon and enjoy!

I know it is stupid but it really saves me a bunch of click-time.

Other Excel resources:

Description of the startup switches for Excel – Microsoft Help and Support

When I double-click an Excel spreadsheet, Excel opens but the document doesn’t – The New Old Thing blog.

On a side-note, I really have enjoyed the quirky programing-slanted blog The Old New Thing.  There are a handful of programming blogs that I follow, even though I am not a programmer.  I find the discussions mentally stimulating and every now and then a real obscure gem appears that is dead-useful for Windows support.  The Old New Thing blog has been an enjoyable mix of code-mindedness and other non-pc stuff.  Check it out.

--Claus V.

Saturday, October 18, 2008

October Linkfest

One last post for the day…probably.

This should get all my “Miscellaneous” links I’ve been holding onto cleared out.

That leaves me with my “project” posts to go.  If all goes well, I’ll get one more out tomorrow starting with a revisit to some great and free micro/portable anti-virus solutions, perfect for toting around on USB sticks.

Hardware

I’m seriously leaning towards getting Alvis a micro-portable notebook.  It is a web-book?  Just when I thought I had the laptop/notebook discussion down.  Christmas is getting close!  Feel free to leave suggestions Alvis, but don’t comment spam me! ; )

Two blog sites that I have found so far that stand out in particular on these devices are

UMPCPortal - The Ultra Mobile Computing reference site

Liliputing — Compact Computing

Certainly the Asus Eee PC is a popular choice, as is the Dell Inspiron Mini 9.  I would like to get one with (gasp) XP loaded, only because that would enable me to support it the best right now.

Any recommendations for such device?  Target user is a web-fanatic 14 year old teen girl who spends most of her time on the Web at MySpace and such.

Antec Skeleton Open -Air PC Case Review – ExtremeTech – Not the kind of platform I want at home, honestly, but would certainly look wicked at work!  Hmm. Now if I can just write a justification for us needed a test-bed platform….

Brother-unit was very generous with a birthday gift to me and now I am waiting on FedEx to ship my new D-Link DIR-655 Xtreme N Gigabit Router.  Yeah, buddy!  I really wanted the embedded VPN server features of the D-Link DIR-330 Wireless G VPN Router but I had to listen to Dwight’s advice and go with one that would be compatible in the future with the N specs, even though right now our laptops are just G spec wireless.  The DIR-655 also supports a USB storage device, so it is kinda like getting a server share as well.  Just right for my new blue Western Digital Passport Essential 320 GB USB 2.0 Hard Drive.

In-Security News

  • The Little Black Book of Security – PaperGhost goes ape over the theatrics of trying to Do The Right Thing and report over 5,000 ebay logins found on the net.  Think it would be easy right? Nah. (NOTE: his server is having some redirect issues so if the page doesn’t load, bookmark it and come back.  It’s worth it, I promise!)

  • Large Collection Of Stolen EBay Logins - SpywareGuide Greynets Blog – While you wait for the above to come on line, here is the meat of the story regarding those 5,000+ stolen ebay logins he found. Bummer.

  • Quality Assurance in Malware Attacks - Part Two – Dancho Danchev’s Blog – Really fascinating review of how malware authors are now positioning themselves as selling quality malware that has been proofed against anti-malware scanners as well as testing methods that allow them to bypass security vendors/researcher who often offer web-based malware signature scanners for free as a honey-pot among other things.

  • The Cost of Anonymizing a Cybercriminal's Internet Activities – Dancho Danchev’s Blog – Great perspective on the cost of staying underground by computer criminals.  It’s getting cheaper.

  • 56 Arrested in DarkMarket Sting, Says FBI – Wired’s Threat Level blog – Hooyah!  FBI punks 56 cybernet criminals.  Very interesting story and lots of background on the Special Agent who led the operation.  Grandpa would have been proud of the Bureau!

  • SQL Injection - New Approach for Win32/FakeXPA? -  Microsoft Malware Protection Center blog – Really detailed breakdown of how a SQL Injection method on compromised web-server works.  Good information.

  • Service isolation explanation – Microsoft Security Vulnerability Research & Defense blog – Technical info on an attack vector using a Windows service and how privilege matters.

Super Tip of the Day

How To Add & Remove Entries From The Right-Click Menu - MakeUseOf.com

There are lots of utilities that I have mentioned in the past that help add additional features and functionality to the Windows Explorer right-click context menu.

This post is great because it touches on how to accomplish this “au-manual” via Folder Options or the Registry.

Related MakeUseOf posts:

Freeware Picks of the Week

Finally, here are some great freeware finds/revisits that you want to pay attention to

  • Wireshark: Wireshark 1.1.1 Development Release – Wireshark really ups the ante here with this one.  I really like their new “Landing page” that is displayed when the program is run. Available in versions that range from a full installer, a U3 package, a PortableApps USB portable version (my favorite) as well as a Mac OSX version.

  • Xinorbis - Updated to version 3.7.3 – XP/Vista compatible.  This is a free, awesome, and powerful hard-drive analyzer.  Lots of graphs, charts, tables, and tree-displays.  Really great for some auditing work on drive utilization.  Now available in both install and “portable” versions. Of note is the fact that effort has been made by the developer specifically to improve “portable operation” on USB drives.

  • Rapid Environment Editor – Great little tool to help edit Windows environment variables.  Not a utility for most users, but for the sysadmin or tweaker, this might make things a lot simpler.

  • Revo Uninstaller – This great uninstall tool for Windows got bumped to version 1.75 with the inclusion of scanning algorithm improvements.  One of the best alternative Windows program uninstallers there is. Period.  For more alternatives to Windows Add/Remove programs check out this GSD post:  Freeware Software Uninstallers

  • MKN Software – Wow. I can’t believe I haven’t come across MKN before.  Yep. You guessed it. Another German software outfit.  My seventh-generation German blood must be stronger than I realized.  For example:

    • MKN TaskExplorer 5 - MKN TaskExplorer is an advanced process management tool that gives you full control over the applications running on your system. No replacement for Process Explorer, but pretty nice nonetheless.

    • MKN MemoryMonitor - MKN MemoryMonitor monitors and optimizes the system's memory usage and performance.  I usually leave memory cleaning alone, but here you go.

    • MKN PerformanceMonitor - MKN PerformanceMonitor shows information about system and processor performance. Oohh!  Pretty graphs!

    • MKN NetworkMonitor » MKN NetworkMonitor monitors inbound and outbound network connections. Like Current Ports.

    • MKN NetSniffer Console » MKN NetSniffer Console monitors and analyzes network traffic in real time. Because a sysadmin can’t have enough packet-sniffing utilities!

    • MKN ErrorLookupTool » MKN ErrorLookupTool is a small tool that looks up messages and constants for Win32 error codes. When Windows breaks it helps to understand what broke.  And we all don’t speak Windows Parseltounge….

Cheers!

--Claus V.

Microsoft Link Dump; Load #3

MSDump

CC Photo Credit: by Choctopus on Flickr

That’s not just any pile of big steaming dirt Claus is delivering to your browser today;

---it’s guar-un-teed Microsoft quality link-dump!

Internet Explorer 8 Chunks

  • IEBlog : Slipstreaming IE8 – Details on how IE8 can be slipstreamed into Vista and Server 2008 ImageX WIM image file builds.  It’s pretty clever stuff and very cool for ImageX fans.
  • IEBlog : The IE8 IEAK – Get ready to deploy customized packages of IE8 and manage the post-deployment settings and elements.  Neat stuff if you are going to plan for a controlled release and deployment of IE8 rather than just letting Automatic Updates or the end-users do your upgrading for you.
  • IEBlog : IE8 Tab Grouping – IE8 gets color tab grouping.  Lots of neat technical and implementation details on this new IE feature for IE8.
  • The IE8 Smart Address Bar Part II: A Few More Features – Now MS goes and explains just how their own version of Firefox’s “Awesome bar” is expected to work.  Do we really need all these features in the address bar? I guess developers across platforms feel we do.
  • What’s New for IE8 Search – Good overview of features that Firefox delivered to it’s own browser quite a bit ago.  Does Microsoft’s version deliver any improvements or innovations? You be the judge.

Organic Filler Material

The “Botanicals” of Compost

Compost handling tip: Spread Evenly

Now sit back and watch those flowers bloom outside your Windows…

Looks pretty doesn’t it.  Don’t mind the smell!

--Claus

Windows System Control Center (WSCC): Awesome Cool!

As any one of the two or three Grand Stream Dream blog followers know, I am a deep fan of both Mark Russinovich and his Sysinternals tools as well as Nir Sofer and his NirSoft utility collection.

If I was dropped into a corporate Windows island, Robinson Crusoe style, with only my sysadmin skills and two collections of tools to survive, I would pick theirs.

My USB devices and utility CD’s are loaded with them.

One of these days I’m going to get around to finally posting my most-awesomest creation ever: a dual utility disk with a Windows Live-CD boot disk side coupled with a running system auto-run CD menu of utilities.

In the meantime….. This new find will probably make everyone go crazy with delight.  Even it it isn’t “technically” necessary to enjoy these fine tools.

WSCC - Windows System Control Center – (freeware) - KLS Soft

image

Let me let them explain why it is so cool.

WSCC is a free, portable program that allows you to view, execute and organize the utilities from various system utility suites. WSCC is only an interface, you need to download and install the utilities separately. Alternatively, WSCC can use the http protocol to download and run the programs.

WSCC uses the included WSCC Console to execute command line applications.

WSCC is portable, installation is not required. Extract the content of the downloaded zip archive to any directory on your computer.

This edition of WSCC supports the following utility suites:

  • Windows Sysinternals Suite (including support for Sysinternals Live service)
  • NirSoft Utilities

So basically you just download the zip file and unpack it.  It’s pretty tiny to start out with.

Launch it.

You can configure it to point to the location where you have stored all these tools previously (Sysinternals and Nirsoft), or set it up so it can execute the Sysinternals tools from their Sysinternals Live location on the Web.

When you need a tool, just use one of the many listings to locate the tool you want.  Press the button and it runs (assuming it has been download first in the case of Nirsoft).  I understand KLS Soft is working on making a Click-to-Launch feature to the NirSoft programs as well for a future version of their tool.

What is really great about this tool is that it provides wonderfully concise descriptions of the tools to assist you with remembering just what utility there is to cover your need.

It also provides a console window to show and execute and special command line arguments if needed. How handy is that?!

It is simply incredibly convenient.

Too bad it won’t automatically download and save to local-disk folders the applications for you, a-la “WGET”.  That would be icing on the cake.  Especially if there was a version-checking/updating feature as well.  That would be wicked!

Alternatives

Want to do it yourself? OK.

Make bookmarks of these links:

NirSoft Utilities Panel - “NirSoft Utilities Panel is an experimental Web page that contains icons with links to all major NirSoft Utilities as exe files. When you move the mouse over the desired icon, you'll see the current version and the last update date of the utility.”  Find, click and go.

live.sysinternals.com - “Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool’s Sysinternals Live path into Windows Explorer or a command prompt as http://live.sysinternals.com/<toolname> or  \\live.sysinternals.com\tools\<toolname>.”

Updates

These applications have recently been updated by NirSoft and Sysinternals. Descriptions by their authors.

MozillaHistoryView – NirSoft - Version 1.17: MozillaHistoryView now detects any file with .sqlite extension as Firefox 3 filename.

MozillaCookiesView – NirSoft - Version 1.26: Improved the Firefox 3 detection.

MyEventViewer – NirSoft - Version 1.15: Fixed bug: MyEventViewer stopped enumerating the logs when there was an item with very large data. Fixed bug: MyEventViewer failed to display long text/data in the bottom pane. New Option: 'Find By Event Description'. When this option is checked, the find feature also searches inside the description of the event.

AutoRuns for Windows – Sysinternals – Version 9.35: This Autoruns update adds additional autostart locations, including lsastart, s0initialization, savedumpstart, and servicecontrollerstart, and fixes several bugs.

Process Monitor – Sysinternals – Version 2.01: This release fixes several bugs, including compatibility with Windows 2000, excessive exit delays, and adds the new networking events to the filter dialog's operations list.

--Claus V.

Vista SP2 – Coming Sometime. (oh who cares….)

Yeah, I know.  Here we are just now discussing Windows 7 and now come talk of Vista SP2?

Remember all the hullabaloo leading up to and at the release of Vista SP1?

Yeah.  A righteous drop-dead Fred party that was.  I think Men At Work were the headliner for that concert.

Now that the blog-o-sphere of Microsoft haters and baiters (and lovers as well) have had their collective consciousness wiped clean of that event in a flash reminiscent of MIB shenanigans, we can move on to more serious topics.

Like the placeholder page at Microsoft for Server 2008/Vista SP2.

See also:

From that last post:

Microsoft will include Windows Search 4 in Vista SP2 along with Bluetooth wireless support (including latest BT 2.1 fixes), support for the new VIA 64-bit CPU and additional application compatibility updates.

For Windows Server 2008 SP2, Microsoft will include Backwards compatibility with Terminal Services licensing keys, improved manageability features with DFS/FRS console, and Storage Resource Manager, print server and spooler performance improvements for printers in Windows Vista and Server 2008 and improved error reporting in DFSR to help identify incorrectly configured deployments which lead to failed replication.

In my mind, seems that Microsoft would make a killing by releasing Windows 7 as Vista SP3/SP4 and be done with it.  However, it seems that there is just too big a difference between the two for it apply and not enough difference just yet for the Windows lovers/haters to tell why we need a whole new Windows OS release so soon after Vista.

Let the speculation and punditry begin!

--Claus

Firefox 3.1b1 Released

Two steps forward, one back.

I my recent post Fresh Firefox musings – And Shiretoko I ended up crashing my Nightly builds of Firefox 3.1 and also being burned by the loss of “drag-n-drop” functionality between links in Thunderbird emails as well as the general bookmarking system.

So I jumped down and over to a more stable Shiretoko Alpha 2 build.

As I blogged, it worked great.

So when I saw word this week that Firefox 3.1b1 was released I thought it could only get better.

In many ways it is, but, again, I have lost the ability to drag-n-drop links from Thunderbird into Firefox and have the page load automagically.

Sigh.

Not sure if I can live with working around it (copy link address and paste in address bar) or if I will roll-back to Shiretoko Alpha 2.

Here are more Firefox 3.1b1 related links, in case you happen to still be interested.

--Claus

Flash 10, and Chrome + Java

Flash 10

In case you didn’t happen to notice, Adobe released Flash Player 10 this week.

I’ve downloaded it and it seems to work great.  Not sure about performance, but it is stable and nothing I’ve crossed “breaks” at least. 

Chrome/Chromium + Java – I didn’t know that!

When I’m not using my secondary desktop platform at work for image-building, I generally keep a personalized image on it with it loaded up with the latest weather radar or some other portal-type page.

Folks who drop by and visit me can see it and take a look at the latest news or information.

For kicks, I’ve been running the latest stable Chromium builds on it as the low-visibility GUI brings attention to the content, not the medium.

Normally when I load up the cool looking Talisker Computer Network Defense Operational Picture all the applets appear fine.

However, when I attempted it on that desktop system in Chromium, they did not.

First I checked to make sure Java was installed, it was (Java SE 6, update 7). It worked in IE 7 and 8 just find.  It worked in Firefox just fine.  But not Chrome/Chromium.

Strangely the page did load fine in Chrome/Chromium on my laptop.

I looked at the page code and it became clear that the applets were Java-based.

I typed about: plugins in the Chromium address bar and looking through the plugin list, found that Java was not listed, even though it was installed.

Hmmm.

Off to the Googles!

Turns out Chrome/Chromium demands the developmental (beta) versions of Java; Java SE 6 Update 10 b32 is now available.

So if you are expecting Java applets (not Java Script) to work for some reason in Chrome and they don’t, this is the likely reason why not.

I’ve been running both the latest (public) versions of Java (Java 6, update 7) as well as Java 6, update 10 betas along side each other for quite some time now and not had any issues at all.

Anyway.  There you go on that bit of interesting info.

Unrelated but cool:

--Claus

Speak of the devil: Norton’s UAC Tool

As I have seen mention, Vista’s UAC is being tweaked a bit in Windows 7.

TechBlog: Microsoft reworking the UAC for Windows 7

Dwight does a great job summing up the pains and protections that it offers as well as looking at the promised granularity that Windows 7 hopes to deliver to UAC.

In the meantime, Vista users have had a handful of options available to them with UAC control and tuning;

  1. Do nothing and learn to love it.  It does protect the system and if applications were written correctly (per Microsoft’s line) then UAC shouldn’t be the bother it is reported to be.
  2. Disable User Account Control in Windows Vista – Not recommended by either Claus or most other Microsoft or Windows techies, but certainly possible.
  3. Modify the prompting system slightly using the TweakUAC for Windows Vista free utility.  This is what I have done and I find it provides a good balance between security and usability.

Now, that beloved flagship of security software has rocked the boat with a new beta product:

Norton UAC Tool – Norton Labs Vista User Account Control utility

image

(image capture from Chron.com Techblog post)

The Tool

What this little dude does is two-fold:

First it changes the alert notification window for UAC and make it a bit more “useful” in information provided.  Note that you can expand the notification window to view the properties of the object and if it is digitally signed and in a protected location. Those are two factors that are good (but not perfect) indicators the software is safe to execute.

Second, it allows a “Don’t ask me again” option so once you have vetted the UAC prompt “Allow” or “Cancel” you won’t be prompted again as you have given implicit permission to execute again in future encounters.  Think of it like setting your firewall filter rules for allowed connections. Similar concept.

And to be clear, it does report the user’s UAC option selections back to the Symantec mothership for “data-gathering” purposes.  FYI.

More details here:

As Shaun with Symantec commented on Dwight’s blog post, there is an important detail to know.  The “always allow” are contextual based. In that they will only allow for the specific location and method of execution, not based on the target being launched alone.  That’s pretty good.

The Norton UAC tool allows an application to run with silently-elevated privileges only in a specific context that was previously approved by the user with the "don't ask again" check box selected.

This means that there is a difference between regedit.exe launched from the start->run box, regedit.exe originating from a shortcut double click, and regedit.exe launched from a double click on a .reg file (and the context actually changes with each .reg file), and regedit.exe being launched by an application (malicious or not).

Given the contextual awareness of Norton UAC tool's automatic answering, the Norton UAC tool provides a usability improvement over Vista's default UAC prompts, while maintaining obvious security improvements in the Vista kernel (such as isolation, file/registry virtualization, and user interface privilege isolation) that are all disabled when UAC is disabled.

We decided to write this tool after we noticed two alarming trends with UAC. The first is that users fully disable UAC - which is a horrible workaround to a minor usability issue (since it disables isolation and virtualization - which in turn removes IE's protected mode). The second is that users get so used to responding to UAC prompts with "allow" that the prompts are often not even read by the user (Chicken Little "the sky is falling syndrome).

As a result, we are collecting information on the subject matter of prompts in addition to the response times to determine if reducing the overall number of prompts (by allowing users to remember their answers) causes users to spend more time reading the prompts... Microsoft records very similar timing and response information for all of Vista and Office when you agree to take part in the Customer Experience Improvement Program.

As for the impact to your system, the Norton UAC tool produces no running processes and is only active during a UAC prompt. We worked very hard to ensure the Norton UAC tool as as fast or faster than the built in Vista UAC prompts.

The Method

This alone is pretty cool, although I’m not feeling a need to swap it out with my TweakUAC solution just yet.

However, fortuitously I was able to discover some research done by clever Windows examiners on just how the Norton UAC Tool appears to be working.

In the comments on Paul’s blog post were links provided by a Chinese Windows dude. Pointed to two posts that provides some background on what Norton's is doing to fuzz the UAC system.

I'm linking to the Google-Translate version pages. However it still leaves a bit of the technicals "lost in translation" if you will.

Vampire in mind: an in-depth realization of the principle Norton UAC Tool - Smallfrog's Technical Blog.

Norton UAC Tool theory analysis - Asuka's Blog

Looks like the tool executes the “symconsent.exe” process which does an intercept point (hook) to the official UAC executable “consent.exe”.  According to Smallfrogs, when UAC is triggered, Vista attempts to load UAC’s consent.exe file.  Norton’s UAC tool installs a filter driver file called “SymARF.sys”.  That one intercepts the Vista UAC image file call and does a load image of the “symconsent.exe” instead.  Based on the user’s response to the Norton UAC prompt intercept, the choice/data get logged (and reported) and set up for next time handling (if requested) and turns operations back over to “consent.exe.”

If the “cancel” option is chosen, then a new/different “symconsent.exe” process gets fired off to create the XML handling rule document that Asuka points out in his post.

I know this probably isn’t entirely accurate, but I haven’t had the time to either learn Chinese myself and the translation is a bit gunky, nor have I had time to load it all up on my own test-bed to observe and make notes.

However, this should be close enough of a process handling description for now to get the gist of it, and certainly one could replicate their results to figure it out on your own.

I’m really curious as to what Mark Russinovich might have to say.

Dangers?

Certainly curious stuff. And if Norton's can pull it off, could Norton's tool be compromised as an attack? Could other attacks be created based on this technique?  How is the integrity of the tools XML handling file maintained and prevented from being hijacked by malware like the HOSTS files often are?

Paul’s post comments also have these strong and insightful thoughts (with which I am agreeing) as posted in a series by PatrioutB6007 (a.k.a. Mike Galos):

PatriotB6007

"Don't ask me again" is a very dangerous feature which leaves your system wide open for elevation of privelege attacks.  As I commented on a ZDNet blog yesterday:

>>>

The problem with "don't ask me again" is that the system has to know that *you* specifically are the one taking the action requesting the prompt. I'm curious if these Symantec prompts make any attempt to determine this, otherwise it's a giant elevation of privelege hole.

Let's say there's an unpatched code execution vulnerability in my web browser and I go to a site that tries to exploit it. My browser runs at low integrity (IE) or regular/medium integrity (Firefox), and so I know that any exploit can't do anything administrative without my permission because a UAC prompt would need to appear first.

However, what if they try to launch something that I'd already said "don't ask me again" for? Is Symantec smart enough to know that the request didn't really come from me? It's really, really hard to determine the difference between the exploit case and a legitimate case.

talkback.zdnet.com/5208-12554-0.html

<<<

A reply from "davewood [MS]" (Microsoft employee it would seem) agreed, and mentioned that this also opens the door for application installers to pre-mark the apps they install in the "don't ask" category.

This enables the following elevation of privelege attack:

1. I run the installer for app XYZ.

2. The installer marks XYZ as "don't ask".

3. An attacker discovers upon two exploits, one in my web browser and one in XYZ.

4. I stumble upon a malicious site which uses the browser exploit to cause my browser (which is NOT running as admin) to launch XYZ.exe, feeding it specifically-formed data e.g. via a command line parameter of a file or URL to open.

5. XYZ silently elevates to Administrator, and the malicious data hits the vulnerability in XYZ and causes the attacker's code to run, with full administrative privileges.  Pwned.

October 11, 2008 4:10 AM

PatriotB6007

Exactly right.

It isn't as though the people at Microsoft didn't think about "mark this as safe". It's an obvious optimization. The problem is that it's also an insecure optimization.

Maybe Symantec has some really neat trick behind the covers that solves the problem.

Maybe.

But, nothing on their site suggests that they have. And that makes this tool potentially a serious security hole.

October 11, 2008 8:33 AM

PatriotB6007

It's actually even worse than that. In the example, if app XYZ is Internet aware as most apps are these days then you don't need a vulnerability in both the browser and XYZ.

You could have the case where XYZ phones home for an update and the XYZCorp update server has been spoofed (say a man in the middle attack). The XYZ app updates itself with the exploit with no prompt (the goal of the Symantec app) and now runs the exploit code.

So far, this wouldn't be something that UAC would have saved you from since you were expecting the update so you'd have said OK anyway. The problem, though, is that now the pwned XYZ is running the exploit with Admin privs and is able to do lots of evil nasty stuff with no UAC prompts to let you know that the app has been hijacked. This is where UAC would normally prevent damage but the "don't show again" neutered UAC happily lets the pwned app destroy your system without warning.

Maybe Shaun with Symantec has some additional information on this and the degree of intelligence and granularity with application launching by their tool.  His comment certain seems to suggest that they have considered this. 

My question is just how deep and discretionary is their tool able to go?  Is their tool able to correctly intercept all UAC prompts to a previously approved activity if it is bot-based or malicious script based?

Microsoft really locked UAC down and implemented it for a reason.

It’s just curious that a security company is doing an end-run about it in the attempt to make it a more-secure “experience” for end users.

More useful UAC bits from Ed Bott here:

I don’t believe it but I seem to be defending Vista UAC…..

--Claus

Windows 7 Watch Update

True to form, here are some additional links on Windows 7

You’ve been informed!

--Claus

Swamped!

Man, I just can’t seem to keep up!

That’s good for you and bad for me.

Maybe tech-junkies who are journalistic wanna-be’s who may be borderline OCD shouldn’t take up blogging tech as a hobby.

Each time I turn around my “to-be-blogged” pile seems to multiply like rabbits.

Luckily it is a beautiful Saturday and my wireless-router hasn’t been delivered yet so I am choosing to stay inside at our desktop system and churn out posts for the one or two of you who find these things useful or interesting.

Now back to the regularly scheduled programming…..

--Claus

Per Request: Vista Performance tweaking & “au revoir” Bonjour

Anonymous left a comment this morning that piqued my interest:

could you please create a useful post on uneccesary vista services running ? There is loads of services which i believe are not needed. Also how do we remove Bonjour from our systems? I avoided installing Adobe Version Cue from the design suite and it still installed :(

Sure mate!

Vista Performance Tweaking:

I don’t know if folks will like my response, but here it is.

On my personal Vista Home Premium system, the only ‘unnecessary” service I have tweaked is to disable Windows Defender from running. 

That’s it.

All the other default services I have left well-enough alone.

Why?

Well like many others, when we got our Vista system, we were very frustrated with it’s performance. The CPU was a dual-core and overall it was a glorious system.  In the end, my fix was not to tweak all the system settings but to boost the system RAM from the shipped 1 GB to the max 2 GB RAM.  Simply maxing out the available memory supported by the system with the fasted RAM compatible, made a remarkable difference and it now seems like a whole different system.  My Vista performance gripe instantly evaporated.

I only cut Windows Defender as it seemed duplicative with the other A/V-anti-malware solutions I was running on it from third-party software.

Upgrading to Vista SP1 also helped a bit more.

If you can’t get any more system-RAM (because of your budget or hardware limits) I would next recommend picking up the fastest USB 2.0 flash memory stick you can find and enable Vista's ReadyBoost feature on it, exclusively.

I’ve blogged about this “tweak” as well: Vista ReadyBoost (or: a Tale of Two Techies) – Grand Stream Dreams blog.

Now, I know my personal system answers may not sufficiently answer Anonymous’s question.

So first, I would encourage anyone who wants to start tweaking their Vista services for performance gains to do review the following links as homework.

To get a true technical understanding of the issues relating to Vista performance and suggestions for improvement you have to watch the following video from Microsoft.

A round-table discussion with Windows specialists led by Mark Russinovich, it addresses boot times and applets to common "misconfigurations."  Use this to learn how to optimize Windows Vista and what you can do to improve overall system performance.  (62 minutes, 26 seconds )

It’s a deep and well-represented coverage of major performance issues with Vista.  Everything from the hardware factors, signed/unsigned driver issues with performance, and other tweaks.  Technical stuff but anyone who really wants to effectively tweak Vista performance should view it first.

Not satisfied?

Well, then head over to the always controversial world of Black Viper.

Love his advice or hate it.  He certainly puts his heart and soul into his work.  I’ve used many of his tweak recommendations for XP in the past when RAM was in short supply on my systems.  With maxed-out system RAM, I don’t any longer.  Regardless Black Viper’s work is very thorough and provides supportive documentation to understand the “why” behind the tweak recommendations.

As always, performance gains will differ for each user due to system differences as well as all the drivers, software, and other things running between systems.  Your mileage may vary.

Au revoir, Bonjour

Bonjour is an Apple service that ships with many Apple products, including iTunes.  Most Windows users won’t notice or care about it’s constant installation on their system each time they install or upgrade iTunes.

However some folks (like me) just don’t want it on their system.

To un-install it for XP, I just go to “Add/Remove Programs” in the Control panel, find “Bonjour” and uninstall it. (Vista users go to “Programs and Features”.)

Done.

Along those lines, I also always go back (each time I update iTunes…grrrrr) and uninstall “Apple Mobile Device Support” as well.

Before I uninstalled them both, here is a list of all the locations Apple’s applications drop into on an XP system as found on my desktop system and using AutoRuns for Windows.  Not all of these are related to MobileMe or Bonjour, so disable/remove with caution.

Autorun Entry

Description - Publisher

Image Path

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

AppleSyncNotifier Apple Inc.

c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe

iTunesHelper Module - Apple Inc.

c:\program files\itunes\ituneshelper.exe

QuickTime Task - Apple Inc.

c:\program files\quicktime\qttask.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

Bonjour Explorer Bar - Apple Inc.

c:\program files\bonjour\explorerplugin.dll

iTunes Mini Player DLL - Apple Inc.

c:\program files\itunes\itunesminiplayer.dll

Task Scheduler

Apple Software Update - Apple Inc.

c:\program files\apple software update\softwareupdate.exe

HKLM\System\CurrentControlSet\Services

Provides the interface to Apple mobile devices. - Apple Inc.

c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe

HKLM\System\CurrentControlSet\Services

Apple Mobile Device USB Driver - Apple, Inc.

c:\windows\system32\drivers\usbaapl.sys

HKLM\System\CurrentControlSet\Services\WinSock2 \Parameters\NameSpace_Catalog5\Catalog_Entries

Bonjour Namespace Provider - Apple Inc.

c:\program files\bonjour\mdnsnsp.dll

Hope this helps!

--Claus

XP Embedded Theme – Cool Blue!

On my XP systems, I prefer the darker tones of Microsoft’s add-on “Zune XP Desktop Theme (direct MSI download link)” theme.

image

If I had to go with a 2nd XP theme, it must be Royale Noir.

Royale Noir

I can’t stand the default punky green-blue "Luna” theme, nor does the silver version look any better.  I’d rather go back to “Classic” in the Windows 2000 theme.  In fact, that’s what Lavie still prefers on her XP laptop profile.

So when I found notice of another “official” Microsoft theme freely available I took a look. Wow!

Microsoft’s “Embedded” theme is both fresh and nicely tonally blue.

image

It’s almost “harmonious” in a sophisticated way.

While my main XP interface remains Zune black/orange. For my virtual PC sessions (and Lavie’s profile) I have switched to “Embedded”.

What makes all of these themes nice is that they were all signed by Microsoft “officially” so you don’t have to do any dll hacking/swapping as one does with other “unsigned” replacement XP themes.

How To Install XP Embedded Theme

It’s pretty simple, download, unpack, copy, and activate!

However, for some reason, folks have been a bit confused on how to install this theme.

So here’s Claus’s attempt at instructions on installing the “Embedded” theme on XP;

  1. Download Microsoft Embedded Theme as a ZIP file and save it somewhere handy.
  2. Unpack it.
  3. Then in another Windows Explorer session, browse to c:\windows\resources\themes 
  4. Copy the “embedded.theme” file from your unpacked zip folder and drop it right in that folder.
  5. Copy the "Embedded" folder from your unpacked zip folder and drop it right in that folder.
  6. Note: You should see what I mean as the Luna.theme and Luna folder should already be present.
  7. To activate this theme switch, either right-click on your desktop to change the theme/properties or just double-click the Embedded.theme file.

The included “WES_Desktop.bmp” file is just an optional wallpaper for the XP Embedded platform that is nice, but not really needed unless that's your thing.

Happy XP Theming!

--Claus

RE: Windows Live Writer

I use Windows Live Writer as my sole blogging tool for Grand Stream Dreams hosted by Blogger/Blogspot.

I’ve tried a lot of other tools. A LOT of other tools, but Microsoft mostly just did this one right from the start.

I think it is a mark of good software design when you are so comfortable using the tool that you spend almost all your time focusing on making your content, and the tool just “fades” into the experience background.

Today I saw a post over on the the Windows Experience Blog by Brandon LeBlanc: Open Already Published Blog Posts with Windows Live Writer.

That’s not a “new” feature to me, I’ve been using it for a long time to go back and add updates to previous posts, or to correct the “occasional” spelling, grammar and other editing bits needed when I toss up a post too fast.

What I did make note of is the number of locations Microsoft has provided folks to actually download Windows Live Writer from:

Additional information and thoughts from others on Windows Live Writer (Beta)

A few of my complaints (still) with the current Windows Live Writer beta version:

  • Too much white-space at the bottom of the interface window between the “view” tabs and the “set categories” bar.  I’m loosing out on at least a full inch or so of window-space.  Let’s try moving the set category and set publish date into the side-bar, or tuck them along-side to the right of the three tabs.

  • The custom bar-coloring feature sucks. Period.  Before in earlier releases I was able to select a custom color and it was deep, saturated, and rich. It was great!  Now the current programming just gives a washed-out color gradient. It doesn’t matter which color I pick, it is very difficult to tell which color is being applied.  This was one of those “small things” that made it really nice.  Now the entire GUI is too bright and washed out.  Give me back the old-style of gradient coloring.

  • I want the colored “A” icon on the toolbar to be a “font color picker” consistent with the other Microsoft Office line.  I don’t want it to pull up the font formatting dialog box.  If I want to color my headings on the fly a certain way, I just want to select the text, hit the colored “A” icon, and have it either provide me a drop-down selection/custom, or to just apply the color I last selected.

  • Finally, if my insertion-point cursor is blinking in the body of the post at a specific location under the “Edit” or “Preview” tab view, and then I switch to the “Source” tab view, I want my cursor to remain there!  I HATE having to then re-search through the entire post’s markup code to find the point where I wanted to do the code editing.  That is stupid and a waste of time.  I should be able to toggle back and forth and remain at the same insertion point.

Those few complaints aside, Windows Live Writer is a very strong blogging tool for the casual to semi-pro bloggers.

Can’t wait to see what the next version release will contain.

Hopefully, a few of Claus’s quibbles will be addressed.

Cheers!

--Claus V.

Saturday, October 11, 2008

Meanwhile, in security news

Just because Ike rolled in and tossed the upper Texas Gulf Coast like dice in a back-alley craps game, it doesn’t mean that the world of computer security (or insecurity for that matter) has been standing still.

@ Windows Incident Response Blog

Harlan Carvey systems forensics author has been hard at work keeping us informed and updated with a number of great posts over at his Windows Incident Response blog:

PlainSight – Introduces PlainSight which is a Live CD format to boot and collect information by examiners.  It contains a number of basic tools to get forensic beginners on the right path to understanding and using them.

@ SANS ISC Handlers Diary

Never a dull moment or read there.

@ Microsoft Threat Research and Response Blog

Yes. Microsoft does do some good and informative work in malware research.

@ Wise Words and Counsel

Yeah.  I couldn’t come up something catchier.  But then again, these are not to be passed up.

TinyApps.Org Blog : Free stand-alone antimalware app from Kaspersky – REALLY awesome standalone a/v-antimalware scanner that Miles found.  I’ve got a follow-up post on this getting this one set up to use as well as a couple more tools in this class. Stay tuned to GSD!

Dancho Danchev’s Blog - Mind Streams of Information Security Knowledge: The Commercialization of Anti Debugging Tactics in Malware – Long tile, good post.  Wonderfully well-written post that covers how malware writers are responding to attempts to anti-reverse engineer their malware as well as the business behind those fuzzing efforts.

Helix3 – Live CD used for forensic examinations of systems got a major update last month (Helix 2008R1 (2.0).  Really a neat tool and one I have long-carried in my CD case.  Good whitepapers on their site as well on how to use their tool effectively.  One other things I’ve loved Helix for is that their disk not only has a Live CD boot side, but also a cool Windows “auto-run” menu side with additional tools to use on a running Windows system.  Their “User Manual” runs an astounding 339 pages long in high-detail.  Amazing support for an open-source project.

[IN]Secure Issue 18 – has been released (PDF).  Always a great read for security folks and system administrators.

  • Network and information security in Europe today
  • Browser security: bolt it on, then build it in
  • Passive network security analysis with NetworkMiner
  • Lynis - an introduction to UNIX system auditing
  • Windows driver vulnerabilities: the METHOD_NEITHER odyssey
  • Removing software armoring from executables
  • Insecurities in privacy protection software
  • Compliance does not equal security but it's a good start
  • Secure web application development
  • The insider threat
  • Web application security: risky business?
  • AND MORE!

Forensic Time Dilatation « Didier Stevens – Didier draws our attention to a small problem with getting accurate timestamp data from forensic examinations.  In summary “ if you compile or interpret forensic reports, take particular care to avoid the pitfalls of timestamps. Take into account desynchronized clocks, clock drift, time-zones and time unit resolution.”

Matasano Chargen » Detecting Anonymizing Proxies – Nicely written and illustrated article on methods to attack anonymizing proxies to get information on IP sourcing and potential back-tracking to the “true” IP address.  Links to additional presentations by others on the subject are also included in the post.  While challenging, figuring out who and where someone is who is using an anonymizing proxy isn’t necessarily impossible.

Cheers!

--Claus

Re-Chromed

hot-rod-chromium

cc photo credit: flickr by mikebaird

Yep. LOTS and LOTS of links on Chrome/Chromium now that it has been pulled out of the oven and cooled for a while.

Sorry…no real order or logic to presentation here.  More of a stream-of-consciousness thing I suppose.

Scott Hanselman’s Computer Zen - Microsoft IE8 and Google Chrome - Processes are the New Threads – Light technical review on the merits of isolating browsing tab windows in their own sessions. Scott’s got some nice visuals and his post-comment threads are always educational.

Google Chrome Themes - Download Free Google Chrome Themes – Themes. Themes! Get your Chrome these here!

Get Google Chrome Themes – GoogleBlogoscoped how-to for folks who just got confused trying to apply one of the themes noted above.

ChromeSpot – More Chrome tweaking and Theming madness. Actually sometimes has some very useful tips and mods.

ChromeSpot- Google Chrome Customization List – I’m using and partial to the BlackBit theme. Looked wicked awesome during Ike at work while I kept the Stormpulse Hurricane Ike tracking page up on my secondary system.  Everybody hung out at my cubicle to look at it.

The Power User’sGuide to Google Chrome – Awesome roundup of Lifehacker tips on Chrome tweaks, configs, and other mess’ing around.

Chrome Notes: Bookmarks, where oh where are you? – Must read article by Greg Duncan about how Chrome handles bookmarking.  Deeply fascinating to me and possibly forensics folks. Turns out it uses a SQLite database very similar to those used by Firefox 3.0 (but not quite).

Opening Google Chrome Files: History, Archived History, Cookies, Thumbnails and Web Data – Related post by Unlock For Us that gets even deeper into the Chrome archival structure. Another must read!

GSD Note: When Chrome/Chromium first came out, it seemed they would import Internet Explorer and Firefox 3.0 bookmarks/history/etc. quite well.  However they refused to find and import any of the Firefox 3.1 (Minefield/Gran Paradiso/Shiretoko) build data. This got me curious.  I ended up researching this in depth using VirtualPC, Process Explorer and Process Monitor with builds of Firefox 2.0, Internet Explorer, Firefox 3.0, and then the 3.1 alpha builds.  It was fascinating.  I don’t have time to post it all now, but promise I will.  What I also found in poking around in the Chrome/Chromium versions is that there are subtle differences in the SQLite files and the way they seem to handle things.  When I was done, I now understand exactly why those Firefox 3.1 builds don’t yet get imported, and as a workaround, found an inelegant method to work around it and import the Firefox 3.1 data in anyway.

Chromium Blog – Must RSS feed blog on the inner workings of the Chromium version of the browser.  Great technical details. Such as:

Google Chrome Releases – RSS feed this page to stay on top of Google Chrome updates.  I’m still not 100% sure how the update process works, but you can run checks under the “About” dialog box it appears.  This site seems to focus mainly on development and beta version releases.

ChromePass -- (freeware) – New NirSoft utility to perform Chrome browser password recovery.

ChromeCacheView -- (freeware) – New NirSoft utility to perform cache viewing and item logging details er for Google Chrome web browser.

Shiny Chrome bits, plus a fresh tip – Some info from Matt Cutts.

Greasemetal – A “Greasemonkey” like method to do client-side mods of web-pages in Chrome.

Google Chrome Backup – Wicked awesome looking utility from Parhelia Tools to manage, back-up, and restore multiple Chrome profiles.  Sweet!  Spotted via Lifehacker.

Google Chrome: Google Chrome Will Support Add-Ons, User Scripts – Then things will get really interesting!

Google Chrome will eventually support add-ons and user scripts - Download Squad – Oh wait, didn’t someone already mention that?

Google Chrome: Chrome Speeds Up Web Page Requests with DNS Pre-fetching – In case you didn’t already know or figure it out, Chrome does DNS pre-fetching to speed things up.  This may or may not be a Good Thing (TM) in your book.

Scott Hanselman’s Computer Zen - The Weekly Source Code 33 - Microsoft Open Source inside Google Chrome – Oh bother.  There goes Scott digging into the Chrome code and pulling out muck.  Seriously, good job and detective work, Scott!

Chrome antics: did Google reverse-engineer Windows? – ArsTechnica takes up the story for the tabloids.

Iron – Version of Chrome from the German motherland that has stripped Chromium of the user ID information that some folks get upset about.  You know, the ones with the tinfoil hats? Spotted via Download Squad

  • No unique user-ID
  • No user-specific information is sent to Google
  • No alternative error messages
  • Crash information is not sent to Google
  • No Google updater

Note:  Iron isn’t a TOR based version for true “anonymous” surfing.  I’m sure folks are working on that right now but to the best of my current knowledge, there isn’t an out-of-the-box ready solution for Chrome+Tor as there are for portable Firefox and Opera builds.

Google Chrome Tips – CyberNet News has slowed down recently on their posting as Ashley and Ryan have gone back to “real” jobs to help stimulate the economy.  However this post is a nice collection of many of the tips listed here.

Memory exhaustion DoS vulnerability hits Google’s Chrome - Zero Day Blog – Yeah, no browser will be perfect. Even Chrome’s got some rust under the skin.

Is Chrome a security risk? Open Source blog – Another perspective, more from a system administrator rules viewpoint.

My Five Months With Google Chrome – Matt Cutts breaks it down for us.

As for me, I’m still using and updating Chromium with the elegant freeware mini-app from Dirhael of DonationCoder: Chromium "Nightly" Updater v1.1  For some screen shots and a brief how-to see this great post How to download the latest nightly build of Chrome  - HowToTuts.com

I like it but continue to use it as a “background” browser when I am doing presentations of web materials, rather than as a daily browser.  For presentations the clean GUI and “sandboxed” processes for each tab mean a generally more stable environment when sharing web pages with folks.

For hard-core daily browsing, I’m still using Firefox.

--Claus