Saturday, October 31, 2015

Web Browser Linkpost; Mostly Vivaldi and Firefox

Tracking

Vivaldi updates march on

Still loving Vivaldi and the feature set they are bringing to the table.

Still not a “daily driver” for web browsing but getting closer and closer. I’ve not listed all the snapshot posts but here are some highlights that might be interesting.

Considering the large volume of bookmarks I deal with, the bookmark bug-fix improvements have been very well received in particular; sorting, ordering, editing.

Firefox and Mozilla Developments

Google Chrome/Chromium

Pale Moon Rising

Pale Moon - Release Notes

25.7.3 (2015-10-14)
This is a usability update needed due to the fact that Mozilla has shut down their key exchange (J-PAKE) server along with the old Sync servers. This was unexpected and required us to set up our own key server (testing indicates this works as-expected, but please do report any issues on the forum) - which also required reconfiguration of the browser.
Please note that older versions of the browser will no longer be able to link devices to a sync account using the 12-character code since it requires a Mozilla server no longer present. If you need this functionality, you must update to this version or later.

Edge(ed) Out

Browse on, my friends.

--Claus Valca

Call Me Pessimistic…Windows 10 Upgrading

Back in mid October there were a series of events where the Windows 10 Upgrade appeared to present itself front and center to some users.

Ars Technica reported in their article that Microsoft responded and provided the following quote:

As part of our effort to bring Windows 10 to existing genuine Windows 7 and Windows 8.1 customers, the Windows 10 upgrade may appear as an optional update in the Windows Update (WU) control panel. This is an intuitive and trusted place people go to find Recommended and Optional updates to Windows. In the recent Windows update, this option was checked as default; this was a mistake and we are removing the check.

Because of some incredible weekend business, I had delayed processing my own Patch Tuesday Windows updating and was hopeful that the issue was fixed on 10/16 when I brought the system online.

Bad, news, it wasn’t. Good news, I was already on high-alert for a Windows 10 Upgrade attack.

2015-10-16 19_33_20-Windows Update

When I checked “Show all available updates” I saw this:

2015-10-16 19_32_45-Select updates to install

OK…maybe I didn’t get Microsoft’s “fix” for this issue. Let me recheck for fresh update availability from Microsoft.

2015-10-16 19_36_05-Windows Update

Hmm, the Windows 10 Upgrade was still showing front and center. A check of “Show all available updates” showed the new Patch Tuesday updates, but Microsoft was still pushing the Win 10 upgrade on the main Windows Update landing page.

2015-10-16 19_36_27-Select updates to install

I had to de-select the Win 10 upgrade option and then select all the other Important and optional updates I DID want to carefully get through my Patch Tuesday session.

This ended up happening on both my Windows 7 systems, though Lavie’s Windows 8.1 system seemed to survive the auto-updating process without a Windows 10 appearance.

This was disconcerting and I wonder how many folks actually did get an unwanted or unintended Windows 10 upgrade if they were not paying careful attention.

So now, after Microsoft’s apology and “correction” two weeks ago I saw these new news bits regarding Windows 10 Upgrade presentation to users:

From the Windows Experience Blog post;

We will soon be publishing Windows 10 as an “Optional Update” in Windows Update for all Windows 7 and Windows 8.1 customers. Windows Update is the trusted, logical location for our most important updates, and adding Windows 10 here is another way we will make it easy for you to find your upgrade.

Early next year, we expect to be re-categorizing Windows 10 as a “Recommended Update”. Depending upon your Windows Update settings, this may cause the upgrade process to automatically initiate on your device. Before the upgrade changes the OS of your device, you will be clearly prompted to choose whether or not to continue. And of course, if you choose to upgrade (our recommendation!), then you will have 31 days to roll back to your previous Windows version if you don’t love it.

So beginning early next near, Microsoft will change Windows 10 Upgrade to present as a “Recommended Update” and if your Windows Updates settings have been set to automatically include them, then you may get a bolder push to get Windows 10 on your system.

Yes, Microsoft says you will clearly have the option to not continue with the upgrade but I again wonder how many non-technical users will end up getting confused or just blunder on and accept the upgrade process.

Maybe they will like the results.

My experience has been as follows:

Despite all of our personal laptops being “Windows 10 Compatible”, Dell says they are not supported for Windows 10 (by Dell) and that drivers and hardware features may not work. I can confirm as of last month when I tried the Windows 10 upgrade on two of the laptops, serious hardware issues were encountered that resulted in me rolling them back to Windows 7/8.1.

I’m a techy and sysadmin so while it was a headache, no serious damage was done.

Considering the amount of time I’ve spent over the past few weeks helping family and friends through their own Windows 10 transitions, many non-technical users are feeling overwhelmed in Windows 10, also finding broken hardware, and frustrated.  That has required addition help getting the hardware working in Win 10 (where possible), and encouraging installation of Classic Shell and other tweaks so they can “find their cheese” again.

I continue to have really mixed feelings with Microsoft and Windows 10.

I dislike the privacy and tracking changes Microsoft has baked into Windows 10.

I’m dubious about the constant Windows 10 feature improvements being a OS release “work in progress”.

I really dislike the hard-sell push of Windows 10 upgrades on users – especially where it impacts non-technical users who don’t understand the risks and challenges, especially on older hardware and mobile (laptop) platforms.

Darn-it Microsoft, what’s going on?

Is Windows 10 Upgrade the IT equivalent of the zombie apocalypse?

Claus Valca

Updating Dell BIOS using WinPE

TinyApps.org blog recently posted his interesting situation.

Short post shorter, after a recent hardware change, issues were encountered on a Dell system until the BIOS was updated.

I’ve been seeing an increased pattern of issues after hardware is replaced or upgraded on Dell systems. They usually clear up after the BIOS gets updated.

Unfortunately, Dell seems to only be offering BIOS update files for most systems via an EXE deployment solution.

The idea is that you would download the Dell BIOS EXE update file to your Windows system, run the file, then the system reboots and the BIOS gets flashed/updated.

That makes sense unless you are sitting on a system (or hundreds) that don’t yet have a Windows OS installed, or have replaced the HDD in the system and don’t have an OS on it. Or maybe you do have a flaky system with a Windows OS but can’t keep it stable enough to run the BIOS EXE update file.

This week I had that very problem and wondered if I could perhaps deploy the BIOS EXE file via a WinPE environment and bypass the “installed” Windows need totally.

In my case…for the particular Dell systems I was working on, I could, I did, and it worked perfectly.

Your mileage may vary, proceed at your own risk, etc.

The “trick” seems to be that you have to use an x86 WinPE OS architecture build, rather than a x64 WinPE flavor. More details on “why” here if you are curious.

If you already have a working WinPE build and want to confirm (maybe you didn’t build it yourself) just run the following command in your loaded WinPE environment from a command prompt:

wmic OS get OSArchitecture

Sadly, the Dell LTI bootable flash drive I had was running a x64 version.

Luckily I still had one of my trusty custom WinPE CD disks I built a long time ago and I had built it using the x86 package so I was set.

So here is what I did to flash the Dell BIOS with no loaded HDD:

  1. I downloaded the BIOS update needed for my specific Dell system from Drivers & Downloads | Dell US using another system after confirming by entering the system’s ServiceTag/Serial number on the page.
  2. I copied it to a USB drive.
  3. I booted the target Dell system with my (x86) WinPE boot CD and had the USB flash drive with the BIOS update file also connected to the system.
  4. Once WinPE had loaded, I navigated to the BIOS EXE file on the USB drive and ran it.
  5. It executed with no errors and the system rebooted, applied the update, and rebooted again.
  6. I hit F12 and confirmed the BIOS version updated, the hardware was detected in the BIOS, and that the ePSA diagnostics all ran normally.

Done!

That saved almost 1.5 hours of otherwise deploying (if I could) an image to the system and getting it configured enough to be operational for just a BIOS EXE deployment run.

I’ve posted a lot of write-ups here on GSD blog regarding custom WinPE disks. You can go crazy or super-simple.

If you don’t feel like reviewing all those posts, here are some tools or basic steps in building your own WinPE boot tool:

It’s been quite a while since I built a WinPE disk/USB. The ones I’ve made in the past still keep on loading and working for my off-line system booting needs I really haven’t had a need to update them at all.

I think the last one I built was based on a pre-release WAIK version for Windows 8 (WinPE 4.0).

I might need to add making a fresh Win10 WAIK-based WinPE build to my considerable “to-do” list so I can try out the changes to WinBuilder and some of these other “newer” WinPE building tools that have come along since I last fiddled with things.

Hope this helps.

Cheers,

Claus Valca

EMET 5.5 Beta Release

It just kind of quietly slipped out but Microsoft’s Enhanced Mitigation Experience Toolkit team released a new EMET 5.5 Beta version a few weeks ago.

Enhanced Mitigation Experience Toolkit (EMET) version 5.5 Beta is now available - Security Research & Defense

From the post:

EMET 5.5 Beta release includes new functionality and updates from EMET 5.2, including:

  • Windows 10 compatibility
  • Better configuration of various mitigations via GPO
  • EAF/EAF+ pseudo-mitigation performance improvements
  • Support for Windows 10’s new Untrusted font mitigation
  • Various bug fixes

I’m waiting for the next stable version release on my systems so I haven’t yet upgraded from the current “release” version of EMET 5.2, but in case you are interested…

That same post goes on to discuss why some of the following security features “baked in” to Windows 10 are as good or better than EMET. Those features include (for supported systems);

More information about EMET is here; Enhanced Mitigation Experience Toolkit

And here were some related posts I found interesting regarding EMET this news cycle.

Cheers,

Claus Valca

QuickPost: Ubuntu and Zorin OS

With apologies to Eliza Doolittle … “Ooooh! Just you wait Windows 10!”

I’ve got piles on piles of Windows 10 linkage and commentary waiting in the wings to unload.

I’m continuing to try to hone my basic skills in using Linux and other full-system distros just in case I get too fed up and decide to pave one of our laptops and go full-in with a LInux distro.

So in that spirit, here are some Ubuntu 15.10 release and other Linux distro news items.

Aside from Ubuntu, here are some other “desktop” distros I’m fiddling with;

Looking for more? DistroWatch.com is a good place to survey the landscape.

Cheers,

Claus Valca

Anti-Virus linkage

So here is where I still stand on my recommendations:

  1. Free Firewall Software by GlassWire - Monitors and logs network connections…more used for logging than “active firewall blocking”.
  2. Sysmon - Sysinternals core service to log application/network executions
  3. Enhanced Mitigation Experience Toolkit - EMET - TechNet Security
  4. Microsoft Security Essentials - Microsoft Windows - Core AV protection
  5. Malwarebytes Premium - Supplemental real-time AV/AM protection
  6. Malwarebytes Anti-Exploit - Free Zero-Day Exploit Protection - browser layer protection

If MSE seems too light, then I would swap it out for Bitdefender Antivirus Free.

There have been some developments in the AV world and opinions abound:

Cheers,

Claus V.

Saturday, October 24, 2015

Stuff (being considered or obtained)

I don’t make a whole lot of “hardware” recommendations.

I don’t run ads or product click-through links on the blog that give me any benefit for your purchase.

So with that in mind, these are some recent purchases I’ve made that I have been very pleased with.

Or are links to hardware that I’m reviewing and considering picking up (for my reference).

Just passing them on in case you are interested.

Claus recommended gear:

  • MEKO™ 2Pcs [2 in 1 Precision Series] Disc Stylus/Styli - Amazon.com - As an iPad/iPhone user, there are some applications that my finger tip (or that darned soft-pad tip stylus) just won’t do for, sketching and note-taking apps for example. I found this two-pack for a fine-tip stylus for $10 that was too good not to try. I’m blow away!  The fine-point tip is a weird looking contraption but it works like a dream - even though my Spiegen screen protector.  I love this thing!  It is a dual-tip with the fine-point on one end and the large squishy capacitive fabric tip on the other. With several spare tips included. The only “complaint” I have is that it didn’t come with a pocket clip. I salvaged on off a drafting pen barrel (like the kind you got as a kid to attach to your pencil if you were a geek). That works fine enough on it for my needs.  Seriously, if you use a stylus for an iPad/iPhone, give this one a shot. It’s cheaper than most you can pick up in a store and super-high quality.
  • Kanguru FlashBlu30 (32GB) with Physical Write Protect Switch SuperSpeed USB3.0 Flash Drive ALK-FB30-32G - Amazon.com - My USB 2.0 16 GB Kanguru FlashBlu stick was showing it’s age. I’ve almost maxed out the capacity, lost the cap and broke the little plastic loop on the end. It still works but is battered and I need to check with Kangaru to see if they could send me a replacement clear cap and white loop end. Anyway, the 64 GB was what I really wanted but the price was pretty high for a budget dude like me. So I picked up the 32 GB version as a compromise. USB 3.0 with physical write-protect switch for when I am responding to an infected system. Can’t beat Kanguru brand!
  • Netac U335 USB 3.0 64G Write Protection Flash Drive - Amazon.com - or maybe you can?  This 64 GB write-protected USB 3.0 stick was a crazy $30! Compare that to the $40 32 GB version I bought above.  I picked it up on a whim for the extra capacity and have been very impressed with the quality and performance.  It won’t (quite yet) replace my trusty Kanguru USB’s with their (mostly) aluminum bodies. Only complaint so far was that it didn’t include a lanyard and is could be easy to misplace the cap/ That said, it was an awesome value!

Stuff I’m researching for future upgrades:

I’m still quite pleased with the performance of my D-Link DIR-655 router. Performance is good on our laptops and Apple devices. It has been rock-solid dependable and there are still very occasional firmware updates offered.

That said, I’ve had it so long I don’t know if I would actually be getting better performance on another “modern” device.

On top of that it just WILL NOT authenticate to my first gen Chromecast stick. Not at all. Period. I can see my network on the Chromecast, I can put in my authentication information, but it will NOT authenticate to the WiFi. Grrr.

To get my Chromecast connected to our network, I have to first connect my portable D-Link DAP-1350 Wireless N Pocket Router to my DIR-655 and then connect the Chromecast to that one. Seriously a headache and it prevents me from leaving my Chromecast connected all the time as I don’t leave the DAP-1350 online full time.

Anyway, there is the stuff and what I’m considering.

I’d love to hear your comments or recommendations as well!

Cheers.

--Claus Valca

Fixing a Fix for a corrupted desktop icon after a MBAM update

With a nod to GOT: “Rain is coming.”

sqafquql.iok

To get ready for an estimated 2-3 day heavy rain event (that’s just the first wave of the wet walkers showing above) I’ve stocked up on tortillas, carnitas, taquitos, and all the fixings. Family is gathering and games are being dusted off from closets and shelves.  I’ve got a pot of bodacious slow cooker charro beans on the stove that have been simmering since 8 AM this morning. Mmmmm.

A week or two ago, Malwarebytes came out with a new version release. It seemed to install fine on most of our systems, but on my main laptop, after the upgrade was completed, the desktop, start-menu program folder, and programs folder icons for the EXE were all not displaying the actual icon.

It looked very similar to this.

auyxentc.ii3

When I tried to reset the icon to the default, it should show in the icon selection choice normally, but still wouldn’t display it. Running the application also resulted in that same icon above shown above displaying in the task-bar.

Functionality of the app was fine.

I fiddled around for a while before starting to actual work specifically on fixing the issue.

Turns out this is a frequent issue with MBAM updates and it looked like I needed to rebuild my Windows Icon Cache.

Here are some different links for various versions of Windows with manual/automated tools to do so:

In the end I went with the Microsoft FixIt tool.

I did the custom option and only selected the repair for the Icon Cache as I wanted to retain my folder customizations.

I rebooted and…

All my desktop icons looked like the one above!  What!!!

I panicked for just a moment then I noticed that it looked like the “normal” icons were just peeking out from behind all of those “blank” icons.  What gives?

I thought about it for a moment and then remembered I had also applied a custom (mini) shortcut icon tweak to my system as I while I liked the shortcut arrow, the default Windows arrow was too big for my tastes so I went with a smaller one using  this shortcut arrow tweaking tool. Looks like the MS FixIt nuked that custom shortcut overlay setting.

The original tweaking utility didn’t seem to work this time round for me after I made the change and rebooted. No change.

So I then tried the small “XP” style one in XdN Tweaker and after a reboot, all my icons were restored to their normal appearance and the mini-shortcut icon was back as well.

zysj2ucj.r2h

Nice!

So tip #1, rebuilding the Windows Icon Cache is a good trick to remember and tip #2, record the custom Windows tweaks you apply as they can have consequences when troubleshooting!

Cheers!

Claus Valca