Sunday, February 16, 2014

Small bytes for the sysadmins this week

Finally (did I really just slam up eight posts today?!!) here is a collection of links that may appeal to the sysadmin crowd here at GSD blog.

Fix problems that programs cannot be installed or uninstalled - Microsoft Support FixIT tool.  I ran across this tool mentioned as a possible solution maker when I was monitoring the recent spate of Apple iTunes update FAIL that happened just a while ago.

Per the Microsoft Support page link above:

Fix problems that programs cannot be installed or uninstalled.

Automatically repair issues that block program installation or removal because of corrupted registry keys. Find other automated solutions

What it fixes...

  • Corrupted registry keys on 64-bit operating systems
  • Corrupted registry keys that control the update data
  • Problems that prevent new programs from being installed
  • Problems that prevent existing programs from being completely uninstalled or updated
  • Problems that block you from uninstalling a program through the Add or Remove Programs (or Programs and Features) item in Control Panel

Free Tools for Active Directory Administration -

FREE: AD Permissions Reporter – View Active Directory permissions - 4sysops

…see also Free Active Directory Tools - 4sysops - Mondo list of free AD tools over at 4sysops

Microsoft Resource Monitor Quickstart (by Tony Fortunato) - LoveMyTool blog

Verifying a zeroed disk with - TinyApps blog. I need to experiment to see if the script can be ported/work under a Windows port; Is there a way to run Bash scripts on Windows? and win-bash - bash port for Windows. I’ll also dig around to see if there could be a PowerShell method as well.

PowerTip: Mount ISO or VHD File with PowerShell - Hey, Scripting Guy! Blog

2 Ways To Convert AVI & MKV Files To Add Videos To iTunes - MakeUseOf blog

Coming soon in Windows 8.1 Update 1: Internet Explorer Enterprise Mode — Within Windows

Windows 8.1 Update 1 leaks online -- This is what's new - BetaNews


And just to prove that Claus isn’t all work and no play…my brother and I hooked up over the weekend and spend a breezy, clear and beautiful day exploring a regional bird-watching park. He tended to go for photos of actual birds. My shots were more of “desktop” background compositions…though I did get more than a few ducks in the frame.

Unfinished Bridgenessetknnfwj.xub

Do Not Passalwnbejc.eyg





--Claus Valca

Speaking of Malware and other annoyances…

Since we have been talking about malware on some of the recent posts, here were some articles that seemed to do a great job of putting things into context.

What a fake antivirus attack on a trusted website looks like - Ars Technica - This is exactly what almost got my Dad into trouble a few weeks ago.

Ad2Store redirections: the latest annoyance for mobile users - Malwarebytes Unpacked. I can’t count how many times I’ve visited the home-page of a regional newspaper on my iPhone, then instantly “BAMO” I get redirected and instead of Chrome for iOS that I was looking at, I am now staring at my AppStore application offering me a stupid “free” game to download. This has annoyed and bothered me to no end. I knew the general mechanism on why this occurred from time to time, however this Malwarebytes blog post does an excellent job sorting it out in a way that can be explained for less technical users (family/friends) who encounter it. Well worth the read.

The best part for me was the following recommendation:

“…it would make more sense for Apple (in the name of ‘user experience’) to block all non user initiated requests to launch the App Store (or at least prompt the user before) and the same goes for Google with its Play Store.”

Yep. Got my vote.

Download Wrappers and Unwanted Software are pure evil - Scott Hanselman. Trying to counsel family and friends to download software from a third-party site is fraught with dangers. I always try to get them to the main software developer’s site rather than one of the many that also offer download links. There are a handful (maybe two such as filehippo or Major Geeks) that I trust but that’s about it. Even some software companies are not hosting their free product downloads on third-party download hosting sites. As Scott points out and illustrates, it is very easy to get sucked down a rabbit-hole of Alice in Wonderland craziness trying to download a simple application if you are not very, very, very careful and vigilant. Downloaders beware!Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website | FireEye Blog

Localized malvertising affects some OpenDNS users - Malwarebytes Unpacked. Great. Even your DNS provider isn’t immune from making things worse for you.

CryptoLocker ransomware is flourishing - BetaNews. Yep. And I am still running and recommending the free CryptoPrevent utility from Foolish IT LLC. For more info see GSD post link #1 and GSD post link #2

Internet Explorer 10 has a zero-day vulnerability. It’s so serious, security folks are recommending users of IE 10 or IE 9 either:

  1. Upgrade to IE 11 (if supported on your OS),
  2. Switch over to an alternative browser such as Chrome or Firefox, or
  3. Install Microsoft’s Enhanced Mitigation Toolkit (EMET).

IE 11 users are OK and safe.

And certain Linksys router models also have their own malware/infection issue to be dealt with.

--Claus V.

Update your Third Party Browser plugs (again)

Got Adobe Flash? Patch it.

Got Adobe Shockwave? Patch it.

And now…food for thought…

While we’re at it, go ahead and pop onto the Qualys Browser check page in each of your system’s web-browsers; chrome/firefox/IE/opera to check that you are not missing any other core browser plugin updates.


--Claus Valca

ForSec News and Happenings this week

The forensic/security world has been quite busy this week. It’s a wonder anyone has time post.

But I’m glad they do!


--Claus Valca

Windows Process and Service Tools

The big-gun I use for most of my Windows process and activity monitoring remains Windows Sysinternal’s Process Explorer.

For supportive logging work, I primarily use Windows Sysinternal’s Process Monitor.

Unless you have been in the deep woods for the past few weeks, you probably noticed that Sysinternals recently did a major minor update to Process Explorer to bump it to version 16.0 and then quickly to 16.01

And the biggest new feature was to integrate VirusTotal with it so you can search processes “on the fly” with VirusTotal. Pretty handy and cool.

However, don’t limit yourself just to the grand-master of Process Explorer.

Among the many, I keep the following other Windows process monitoring tools handy as well as they bring some different feature-sets to the game.

Process Hacker - It’s easy to get lost in this application. Install/portable versions available or use this Process Hacker Portable version from

Another cool tool I use and am getting to know is “PowerTool” - It is a “…a free anti-virus&rootkit utility. It offers you the ability to detect, analyze and fix various kernel structure modifications and gives you a wide scope of the kernel.” It supports both x86 and x64 platforms. It has all kinds of special bells and whistles for detecting aberrations in standard operations on a Windows system.

Finally, I’ve mentioned the free ESET SysInspector (x32 & x64 versions available) to not just generate a detailed log report of running processes, but also scan for hidden processes and objects, compare generated logs, and automatic heuristic analysis (color coded) of those processes and other system contents for focused analysis. It rocks.


--Claus Valca

More Com-Pro-Mi-zes


Account data breaches can happen all kinds of ways. Troy Hunt picks about some ways Tesco’s breach could have been pulled off:

Troy Hunt: The Tesco hack – here’s how it (probably) happened

Just a few tips:

  1. Use a good/free password manager to generate complex, strong, long random password strings (like this one you can have for free: €&ÖTÒC²ÿ­¦Aì:ÿ±ØF3`¹æ„åB£/¸4ö»„R+Üb"j9Ħ)  And use a different one for each online account. I personally recommend the free KeePass Password Safe but there are tons of great, free, open-source ones out there for the choosing.
  2. If you have smartphone, you can often share that database across platforms to make it convenient. MiniKeePass (for iOS).
  3. Don’t use your actual personal information (birthday, favorite things, actual/true answers to security questions); a password keeper can help you keep track of what answer you used. This way if those responses get hacked for the world to see, they can’t be used against you on other sites.
  4. Use a different email-address to register for each of your “core” high-security/high-value account web-sties. Many online accounts use/require an email address for the account name. If one account gets breached, they won’t be able to use it on other accounts. Most email clients (and some online email services) allow you to pull emails from more than one email account. That would let you aggregate all these different email addresses into one place.
  5. Log into websites with your account using your browser’s “Privacy/Private-browsing” mode.
  6. Log out of your account when you are done doing your business.
  7. Sign up one or more of your user-name/email addresses over at Have I been pwned? to proactively monitor for account breaches. Unless you are engaged in the security news industry, a number of critical days might pass before you hear on the mainstream tv/radio/internet news channels of a breach. If you hear it from the pros first, then you have a jump on getting your account credentials changed before someone uses/buys/abuses them. At least that’s the theory.

Be safe.

--Claus Valca

From Bad to Worse…when you don’t want to see the bull’s-eye hit

More news and details out on the Target Breach…and even more POS malware attacks go public…


So new this week:

…and it just continues like wildfire for others…

Some technical details for the curious…

…and with some “perspective” tossed in for dessert.

--Claus Valca

Malwarebytes 2.0 (Beta)

Malwarebytes : Malwarebytes Anti-Malware FREE is one of the few anti-malware protections I recommend to family members and friends to put on their systems…just in case.

While I have traditionally gone first with Microsoft Security Essentials for active (free) AV/AM protection (mostly for it’s ease of use and general ubiquity for them), having MAM-Free allows me to have them do an “on-demand” scan of their system periodically when something “hinky” pops up and we want to have a trusted second-opinion that MSE addressed the threat detection. That seems to be a popular combination.

The biggest drawbacks of the free version (IMHO) are that it does not support real-time protection nor allow for heuristic detection. The pro version covers those features and more.

So it was with some excitement that I read about Malwarebytes having a fresh new rebuild of the Anti-Malware product, version 2.0.

It is currently in beta but looks and performs very, very well on my test systems.

Note: A new version beta 2.0 was released Feb 12th.

Check it out and see it if might fit your needs.

For more information:

Other important notes:

The beta is for the “consumer” version of the product, the business version is not yet released.

If you are running MalwareBytes Free/Pro, first uninstall it before installing the beta version.

It is going to operate under a subscription licensing model, $24.95 year.

According to Malwarebytes, if you spring now for a lifetime license now (under the current build level), they will honor that lifetime license for version 2.0 so you won’t have to switch/pay for the yearly subscription price. That’s a super-deal and savings.  Shop around as prices will vary a bit.

There will still be a “free” version of Malwarebytes 2.0 when it goes public.

Maybe in related news…


--Claus Valca

Windows Assessment and Deployment Kit (Windows ADK)

Yes. Yes. I know.

It has actually been out for quite a while now.

(I’m specifically referring to the release version for Windows 8 & 8.1.

For some reason this small bundle of ADK links got lost in the pile I’d planned to post here as a reference.

But then I just found it so here they are.

…moving on…

--Claus V.