Wednesday, January 31, 2007

Self-Culling (or Why I Dumped my flickr Account)

So I'm knocking out my RSS feeds and hit a download squad post: Flickr to require Yahoo! accounts on March 15th

So I read the post and find out that beginning March 15th, flickr users will need to either quit the service or link their flickr account to a Yahoo! ID.

Flagrantdisregard posted a copy of his email notification from Flickr: Dear Old Skool Account-Holding Flickr Member

I went looking in all my email accounts and didn't see hide-nor-hair of such a notice.

So I logged into my flickr account and, yep...I was asked to go ahead and link to my Yahoo! ID account.

So I did.

Then I deleted my flickr account.

Self-culling.

Why?

Well, I had only posted just a handful of photo's on it. maybe four tops. Then there were a series of Vista RC screencaps I had done. So I wasn't really using the service all that much. But it was handy to have and I did value its service.

But more than that, I've looked upon my Yahoo! account as a toss-away service (sorry Yahoo!...that's just the way I feel.)

That and that (gratefully honest but gratingly honest) statement on the bottom of your page "NOTICE: We collect personal information on this site. To learn more about how we use your information, see our Privacy Policy"

I've already sold my soul to "Google" so I understand how privacy and information on the net works. I'm down with that. I don't mind services and websites collecting information on my habits...if I really value the service and trust the provider....if not, I'm going to continue to give them garbage and keep on trucking.

I had been a longtime Excite user, ever since I got my very first ISP service...Excite was our family browser's start-page for years and years and years..until they changed it around and it stopped being useful...so I switched to Yahoo!

(This was back in the days when sites were trying hard to be "portals" for new and established net users.)

I still have my Yahoo! account...but I really ONLY use it to check for its TV grid. That's it. Yes, I took the time to add modules, customizing them, adding some extra "pages" to it. But, all I really ever use this portal for now is the TV grid.

So, because I had to now link my flickr account to a Yahoo! ID account I considered a toss-away, Yahoo!, instead of increasing the value of either service to me, forced it to become associated with a less-valued service...thereby lowering the value of something I did like.

I'm still keeping my Yahoo! ID for now...until I discover a new TV grid service I like better (and I am looking again!). I have a MeeVee account and have used it from time to time.

I'm not really that picky. In my perfect TV grid service world I want just three things...1) coverage of my cable service provider, 2) a grid that covers 7pm-12pm in a single view, and 3) inclusion of the AZN channel in the grid lineup!

So, good luck flickr. I know a bunch of folks love and use your service. It is really cool. I'm sure the upgrades will pan out for everyone down the road.

Just not for me.

We're probably both better off ending our relationship anyway.

--Claus

Sunday, January 28, 2007

Firewall Considerations #2

I have been planning on taking a renewed look at firewall choices since it has been a while since my last post on the subject: My Firewall Choices.

Not much has changed in my mind since then. I've still got my systems safely tucked behind a configured hardware based router/firewall to block and discard all incoming non-solicited traffic requests. It sits between my cable broadband modem and my pc's. So inbound protection is already covered.

I still run software/personal firewalls on each of the pc's. Just in case something ugly was to slip on one of the systems, it could try to connect both outbound as well as infecting systems within my network. So the 2nd layer of firewall protection should help with that. I don't have file-sharing enabled between any of my systems.

And one of these days I'm going to get a little networked USB hub to hook my printer to to make it a print server for all my machines. (We have just one printer in the house connected to the main one.)

All things considered, my freeware/free-for-personal-use selections pretty much stand as they were then:

There are also other additional freeware/free-for-personal-use firewalls out there as well.

Inbound and Outbound Protection

Now, in my previous post, my focus was primarily for "leak-blocking". By that I mean, how well does the firewall guard against programs attempting to get out to the network? An effective firewall should not only protect against inbound intrusion attempts, but should have sufficient means to keep data from being sent out of the system, without user authorization.

Why? Suppose your system somehow got infected with a trojan or rootkit. As a function of that bot, it collects user information, passwords, accounts, etc. and then transmits that information back out to its master.

If a firewall does not have outbound protection, you wouldn't be alerted to the fact that a program was "calling home" and you can say goodbye to your data.

Unfortunately, many of the firewall applications that have outbound/rule based alerts don't always make it clear what is going on. Users are left with a confusing mix of messages of processes and program alerts that can be bewildering for both geeks and non-geeks alike. And if you do block a legitimate process...well...problems can mount quickly! And if you get so frustrated to turn off outbound protection, well...inbound protection is great, but...what could be leaking out? It's a dilemma.

A commenter by the name "Anonymous" and I have been having a great conversation in that older post. This post has been spun out of our conversation.

Anonymous raised the point that it has been suggested that Comodo has been scoring so high on these "leak-tests" because they code the program to specifically pass them. The point being, that it doesn't necessarily make it better against "live/mutating" leak techniques...just good at passing known ones.

Anonymous has a great point.

Now, let me preface the conversation with the statement that I am not a programmer. Nor do I have any certifications in network security or network traffic or even network architecture. None. So I can't speak as "expert witness" on the validity of any of such claims myself. I can only try to understand the bigger picture here and sort some things out. I'm sincerely open for correction, and am using the best available information I can find.

Firewall Leak Tests

Clever people who are all those things that I am not, work to write test programs (or live malicious programs) that attempt to take advantage of how systems and firewalls operate to get through them. The idea, for the good guys at least, is that by probing and breaching the firewalls using a number of techniques, program developers can make them more robust and more secure--penetration testing (pen tests).

The Firewall Leak Tester website currently has nineteen (19) leak-tests available to evaluate how well a firewall stands up to internal breach attempts using a multitude of programming techniques.

Another highly informative security website, Matousec, currently has twenty-six (26) leak-tests available. Many are the same as on FLT website. They also provide specialized testing programs packaged in zip files. If you are going into the testing business...this is a great place to build your tools...and it's wonderful of Matousec to put them all together so nicely. (Thanks guys!)

NOTE: Many of these will set off all kinds of alarms with your anti-virus software so be aware if you want to download and play with them. Also, if you do and are running XP, be aware that if your system takes a System Restore snapshot, you might get some of these in there as well, and it can be a pain to pull them out of there. How antivirus software and System Restore work together - (Microsoft KB)

Firewall Leak Test Evaluations

Remember, we are talking about attempts to bypass outbound traffic protection by the firewall here, not inbound protection, which most all seem to be able to handle without issue.

Unlike last time when I actual did do the tests myself out of curiosity, I'm not doing that this time. There are enough professional evaluation of these out there and I won't muddy the waters with my uncontrolled end-user testing.

Matousec has a great blog where they have been posting some interesting results on some of the more popular firewall versions out there:

Do vendors Code to the Tests?

Anonymous's point (in particular with Comodo) can apply to any security vendor out there; "Are they guilty of writing their software code to specifically prevent a known leak-test application from getting out?"

Matousec feels pretty strongly that at least one vendor (Outpost) has: The interception of the test did not fix the problem (2007/01/27 17:20)

As a non-coder I can't say for certain, but I would suspect it could be quite true. I would hope that the vendors would work to understand the principles behind the way each leak-test is punching through their firewall and write the code for their product to address effective blocking of the implementation technique rather than just the specific test itself.

However, in a market (even with freeware versions) that is getting more and more crowded and with more users getting savvy to the need for firewall protection (inbound and outbound), jaded me has little doubt that some vendors might take the easy way out to pass as many tests as possible to elevate their "rank standings".

Fortunately smart good-guys like Matousec and others are out there working as our advocates, digging deep into the code and process functions few of us dare to venture into.

Surveying the Field of Battle from the Ramparts

So have I changed my position on my choices significantly? Not yet...but the winds, they may be 'a blowing.

If you are a broadband Internet service user (cable, DSL, etc.) go ahead and pick up a router/firewall solution. They are cheap and pretty darn effective on blocking unsolicited inbound traffic.

  1. Use a "real-time" Anti-Virus program daily. Consider a weekly/monthly scan with a 2nd "on-demand" standby anti-virus scanner as well.

  2. Run daily/weekly scans using more than one anti-malware product. There are effective "real-time" anti-malware monitoring applications as well as on-demand scanners.

  3. While not for the timid, using a root-kit scanning tool periodically might be worth considering.

  4. If you must, consider a process monitoring utility.

  5. Keep your software and system patched regularly: Windows Updates, Secunia Software Inspector.

  6. Use a secure browser: Firefox, Opera, Internet Explorer 7.

  7. Use wisdom and stay away from dodgy "Knockturn Alley'ish" websites. The content lures the darker side of us in, but the coding on the pages (JavaScripting/ActiveX) can craftily cram malware (and worse) down onto your system.

  8. Download applications, games, videos, music from legitimate websites only. How do you tell? Experience I suppose. And scan them before opening them!

  9. Watch your email attachments and delete all unsolicited attachments you get...even look with caution on those attachments from family and friends....you may like your family and friends...but do they scan and practice safe computing practices as well? Consider disabling HTLM rendering of email messages.

  10. If you have a family member (or yourself) who refuses to practice safe website surfing, force them to use a sandboxed web-browser: Greenborder Pro (Consumer), Bufferzone, or GeSWall Personal Edition

  11. Better yet, put their web-surfing onto a virtual pc session using a LiveCD that won't allow writing back to the system.

  12. Now, once you've done all those "easy" things, wrap it up with a personal firewall that meets your needs and has been vetted by the professionals; Matousec's incredible list of personal firewalls.

Choose and configure a software firewall that strikes a balance between protection and usability. You cannot protect against all the threats that are out there, now and those waiting in the wings we haven't encountered yet. It's a never-ending "arms-race."

Final Thoughts

If you are willing to do the work and even after implementing these Safe-System security habits, you are still freaked out about security and need hard-core leakage protection in your firewall...I'd still say go get Jetico Personal Firewall or their new Jetico v.2 Beta build. It's a ripping-good firewall. But be prepared to do some heavy work with configuration and chatter. It may take a long time before it settles down. And be very careful what you decide to block. You might cripple your system.

If you want something a bit more "family friendly" then take a look at Sunbelt Kerio Personal Firewall or Comodo Free Firewall. And the perennial favorite ZoneAlarm Free is still high atop many user firewall polls. Any of these may provide sufficient protection to meet your needs... despite having clearly known weakness that bump them down lower on the professional's lists. However, if you are already well protected with following the other security recommendations, they might be sufficient enough for family-friend or non-technical pc users.

Remember, for a malicious leak to occur in the first place, your system needs to have been breached and the trojan/virus/malware/rootkit would have to survive getting onto your system through all those defensive layers in the first place....before it has a chance to get caught on it's way back out by your leak-proof' ed firewall defense.

In my humble opinion, pc security isn't based on, nor can it be effective with a "single-bullet" application approach.

Smart and safe users take a holistic approach. It's a lot of work and a frame of mind.

It's a secure digital lifestyle. You can't be too safe nowadays on the network!

--Claus

Saturday, January 27, 2007

Link Dump - Garage Sale Specials

Time for some house-cleaning.

Help yourself, but bring your own boxes for haul-offs.

More Mozilla

Mozilla's Email client has recently been released at Thunderbird 2 Beta 1 level.

Since it's not yet at Release Candidate (RC) status, I'm holding off converting my current version (1.0.5.9) over to it just yet, but I am looking very much to do so. I have downloaded it and set it up, but not with my current builds and not with an email service, so I can't really say how the client works, but overall I am very impressed with the polish it shows.

Like Mario Brothers for the Nintendo? How about a theme for Firefox for it? Super Mario Bros 3

Take a look at the preview to take it all in. Someone worked very hard on this thing! It's a bit too busy for daily use for me, but I can see where some retro-fans would love it. More details over on CyberNet News.

Finding images for your blog

The images I use on my blog are for the most part screen-captures. I do use some anime themed ones, and I try hard to seek permission from content owners whose material I highlight in the side-bar. They have always been very gracious in granting me reasonable permission for usage.

However, sometimes it can be hard to find a fair-use photo or image to add some punch to your post.

Lifehacker posted a great resource list for those bloggers looking to add some public-domain friendly images: Geek to Live: 6 ways to find reusable media

Highlights from their recommendations:

Creative Commons' recently released tabbed search interface

Wikimedia Commons

EveryStockPhoto

Just be sure to read the fine print for what you are and are not allowed to do. Play nice.

Apple Mac Goodness

The weekly struggle I deal with regarding Apples is trying to find Pink Ladies in the produce section (Lavie's favorites). However, there are quite a few Windows users out there who are working on adjusting to life on the other side. Here are some nice helps for them:

Mac Central: Mac Keyboard Shortcuts - more sweet keyboard tips than you can cover an Apple with caramel.

Hack Attack: A guide for switching to a Mac - covers keyboarding, shortcuts, startup management, application installations, hard drive organization, and the Dock. Very nice.

Top 30 mistakes made by new Mac users -via The Warne Account. Doh!

Vista bits

Robert McLaws: Understanding the Windows Vista Family Discount - I'm not planning on putting Vista on either of our XP systems in the near-term. However, I am likely to take advantage of a special offer by Microsoft and will pick up some upgrade versions early to take advantage of the family discount program that is being offered for a limited time. Robert explores.

Scott Hanselman is a programming wizard. He also seems to like hacking around for fun. One of Vista goodies is the Vista Sidebar. So Scott has a network camera on the baby. He has a Vista install with a sidebar asking for enhancement. What to do? Well, if you're brilliant like Scott, you write a program to display almost streaming images from ZenBabyCam in the sidebar. Very cool!

XP still rolls on...

I posted this link the other day, but it is still useful...Windows XP Embedded Team: Tweaking settings – Part2. This post contains a number of useful registry tweaks it is good to keep in mind.

While we are on an XP tweaking topic, don't forget to keep Kelly's Korner bookmarked....you never know when you will need an arcane XP registry fix, script, utility, or A to Z tip. Kelly Theriot is a Microsoft-MVP and pretty darn awesome.

And now the Apps of the Week

Here is a collection of fun software finds I've encountered this week.

RumShot is a free screen-capture utility. I love FastStone's FSCapture for my daily clipping needs, but this one does have a neat trick: it adds frames, borders and other mosaic-style images around your picture to enhance it. You can download the main program and an "expansion pack" of additional images to use with it. It is very cool. Only, their web-site is down right now. Bummer. (It is back up again!) Hop on over to CyberNet News and check out their review: Get a Taste of RumShot, a Free Screen Capture Program. I kinda-sorta used it to make the post image above. Fun!

When it comes to Zipping and Unzipping file archives, my daily tool is the one embedded in freeCommander. It's a breeze to use and it is always there when I need it. For a beefier backup I rely upon ZipGenius. Then when I want to travel "light" I use the can-opening wonder 7-Zip. But now there is a new cute kid threatening the flock. Its name? ALZip from ESTsoft. It can open up 35 different compression formats, open ISO and BIN files, retrieve passwords, make a self-extracting archive file. Pretty nice toy. These are all free for home users. Can't beat that! And it has a cute egg-looking dude for the mascot!

My IP Address Lookup and IP Locater - Not really an application as a fun web-tool. It looks up your IP address and shows you where your ISP node is located on Google Maps. Kinda neat and fun; via DownloadSquad.

Floppy Office - a jam-packed collection of no-install freeware office tools and utilities. Put it on your stick.

Security Tutorial of the Week

Malware Analysis Quiz 7 - Results. ISC-SANS posted a quiz a while ago challenging it's readers to analyze a live-malware file. Respondents were asked to answer several tough analysis questions. Pedro Bueno, the ISC-SANS handler then selected the top entry and three other runners-up. They are all very fascinating glimpses into the world of malware packaging and the techniques used by the hunters always after them. Something very fascinating was how one user used "rootkit" technology to analyze the file, and another shows how to get it to run in a virtual machine--even though the malware had code to keep it from doing so. I learned a lot of tricks!

Finally, Claus's Pick for the "It's too pretty to pee on" category

Ubergizmo had a post regarding a waterless urinal. Yep. And it's gorgeous!

The artist, Clark Sorensen creates stunning fired-porcelain works of art that function as urinals. When I first saw them, I would have sworn they were blown glass and not carefully sculpted and colored porcelain. Wow! Lavie might let me have one in our next house...but I would have to sell a car to afford one.

When I first saw them, I was so excited I wanted to, well, you know.....

See you in the skies,
--Claus

Odd Views in Japan

Been sitting on these for a bit.

Anime-themed car-skins

I'm sure anyone who drives in Houston (or any other major metro area) has seen vehicles that have labels wrapped on their body. The ones around here are mostly ad-related and are on pizza delivery cars, etc. Beetles and scions seem to be popular canvases.

I always though it would be very cool (otaku geeky...but fun-cool) to get a wrap done of some fun anime-themes. But, then, who would do that?

While enjoying the models at dannychoo.com I caught a post of his and learned that there are some fans who do just that to their cars, and that there is a term for this art: Itasha. It basically refers to a car that was covered in anime stickers and decorations! Nice.

He has a pair of nice pics. on his site, but then links to Yoshimu-san's blog where there are a large number of additional pictures of all kinds and styles.

Purrrr!

Old with New

Living in Texas and the Gulf-Coast, most of the architecture is relatively modern. Even many of the "older" buildings still fit in well with their more recent neighbors. We don't have the physical historical presence here with our buildings that you find more in the North Eastern US or in Europe and Japan.

Q-Taro posted some pictures he took in a blog post: Old Japanese Houses

Apparently for all the growth and modernity we associate with Japan, there are still pockets of resistance. The contrast is striking and I can only wonder how the owner's feel. While probably not as out-of-place in the more rural areas of Japan, it really intrigues me when I see these homes buried in the middle of the lights and towering buildings.

He links to another blog where there are even more of these contrasts. Kai-Wai

While many Japanese websites don't play well with on-line translators, this one seems to, so if you want to get more info beyond the pictures, go visit via Google's Translation of the pages.

Some of my favorites:

Milk drop box

Wooden evacuation bridges

Green zinc house

Tank bucket

Enjoy.

--Claus

A portable Medical Information Management solution

Lavie has a larger than normal number of prescriptions and doctors due to her Fibromyalgia.

We've been dealing with it for a number of years now and I'm so proud of Lavie's courage and tenacity in living life. It's meant some adjustments in our relationship and routines, but for the most part she is able to hold down a full-time job and get out and about with minimal disruption.

She is so fantastic.

She seems to have at least one specialist visit every other month to keep track of, and all those aforementioned prescriptions.

Lavie asked me if I could find her a way to keep all her medical information organized for her.

Anything for my Girl.

Prescription Keeper

It took me a long time, but I did track down a $ application called The Prescription Keeper.

But it had some issues:

It wouldn't install on my XP systems, (had to "hack" the setup file to get it going) and the interface left a lot to be desired--it looked like a Windows98 program or an Access database with custom Form views. It did have a lot of the features she was looking for; prescription tracking with detailed drug information fields, refill reminder notifications, doctor/pharmacy contact management, website URL tracking, and report generation. I couldn't tell if the file was encrypted either...don't want the medical info getting loose!

All in all, not a bad little application...but not quite was Lavie felt comfortable using in her XP interface world

Back to searching...and I didn't find any other alternatives.

So I began to rethink her problem and came up with a new plan.

Lavie's Portable Medical File

1) USB Stick based

I figured that Lavie would really benefit from having a set of applications that she could keep on a USB memory stick. This way she could always have them at hand; at work, at home, on vacation, at her parent's house, at the doctor's offices.

2) Encryption Mandatory

Because a USB stick could walk-off easily, and her medical information is highly confidential, using an encryption solution was a no-brainer.

So set up a portable TrueCrypt file on her USB stick and showed her how to use it to mount the encrypted portion.

3) Information Management

Lavie and I discussed what information she needed to keep track off. She will have notes from doctor visits to record, doctor and pharmacy contact information, appointment scheduling, refill notification tracking, etc. Sounds like Lavie could use a good portable personal information manager (PIM).

Here were the candidates I selected:

  • Exstora - (freeware) Day planner, note manager, organizer.

  • NeoMem - (freeware) Information/database manager

  • Total Organizer - (freeware) Calendar, organizer, to-dos, contacts and notes.

  • Chaos Manager - (freeware) Contacts, notes, appointments, to-dos, and more keeper.

  • EssentialPIM Free - (freeware) Scheduler, to-dos, tree-based note manager, contacts.

Lavie and I looked at all of them and here were our impressions.

Exstora was a very fast running and light application. It has a very nice looking columnar appearance. It contains a calendar, note manager, scheduling feature. The free version lacks easy printing support and exportation ($-Pro version does). Overall it was a very nice program, but just a bit light for Lavie's needs.

NeoMem was a step up and step down in some ways. Lavie didn't quite care for the Windows98ish interface. It did have a very powerful, almost database like, organizational ability. It allows for quick searching and the wizard was quite useful. It would allow her to keep and organize detailed notes and categories...but it was clearly designed more for information and note management and not task and calendaring events. So we took a pass.

Total Organizer - This is getting closer to what Lavie was looking for. The interface was simple but well organized. It allows for easily organizing of the items--and they can be "tagged" for easy searching. However, Lavie needed a bit more "meat" based on how she was intending to use it.

Chaos Manager was quite impressive. Lavie loved the skinabilty of the program with the large selection of color and image schemes it can use. The interface was very simple, but highly functional. It would allow her to manage a calendar, events, notes, contacts and could even be encrypted. Definitely worth considering.

EssentialPIM Lavie was in love! Upon launching it the first thing she said was, "Wow! This looks just like Outlook and my Lotus Notes!" The schedule view was large and easy to see the events. The note field supported HTML formatting and attachments. The calendar and clock were always clearly displayed on all pages. Contacts, to-do and the today view were all intuitively organized and well designed. (Screenshots) The EssentialPIM Pro ($) has a number of additional features as well. Cost for the Pro version is currently $29.95 for the standard version and $39.95 for the "portable" version. Lavie's going to spend some time with the free one for now, but we will seriously consider buying a portable Pro version. This was the winner.

4) Prescription Management - Portable Spreadsheet!

While any of the PIM's noted above could be used to help manage her prescriptions, none but NeoMem would be able to provide the detailed category and element management she is wanting. We really did like the detail in Prescription Keeper. And the interface inspired us to arrive at a solution: create our own spreadsheet for managing the prescription information.

We could have just downloaded PortableOpenOffice and been done with it. However, it is a massive application and Lavie really didn't feel she needed to go with the "suite" approach.

I did some more looking and found Spread32. It was a very tiny "portable" spreadsheet program. The last freeware version can be found in the pretty cool on its own package "Floppy Office". Just download that and extract just the Spread32 folder. However, upon trying to use it, it just was too clunky to maneuver and didn't seem to support multiple spreadsheet pages. Not quite the solution Lavie, who is a power Excel user, was looking for.

More searching and I discovered the amazing Gnumeric Portable (Gnome Office Spreadsheet) program. It supports all the worksheet functions that Excel has, and has all the sorting and filtering features. It can also export/import from Excel as well. And it supports multiple spreadsheet pages in a workbook file. Lavie took a look at it and, while it has a Gnu Linux look to it, she felt right at home planning out her prescription column categories and was clicking away. It was truly amazing to me.

5) Web and Bookmarks

Lastly we needed to address the number of website bookmarks Lavie uses to track medical information sites and the like.

No brainer! I downloaded and installed Portable Firefox to the USB stick, then copied her bookmarks.html file from her desktop profile over into it. Added a cute theme and she is set!

Lavie is working diligently on getting all her information put into the systems now.

The Girl is happy and so am I.

--Claus

Alvis loves her Daddy!

So last night I had temporarily taken a software issue on the chin: How an Algebra failure helped repair a Windows bug

This morning I woke up fresh of mind and determined to get to the bottom of the installation failures.

My suspicions were that Alvis's Multimedia Algebra software from Cosmi Corporation not willing to install on our XP Home systems were related to the suspicious version phrase "XP compatible" found on the back of the software package.

Building a Test Bed

I fired up Virtual PC 2007 (Beta) and quickly built a new virtual machine for a Windows 98 install. I figured 256M memory setting would be fine. It was, and I probably could have sufficed with just 128M.

I dusted off my old Windows 98 Setup disk and key and applied it to the virtual machine I had just created.

Once I got Win98 up and base installed, I put on the Virtual Machine enhancements.

Then I used IE4 (YES! IE 4! Woot!) to try to update the critical Windows Updates. Only it wouldn't work (no surprise).

So I downloaded IE6SP1 on my main machine and dropped the installer on the virtual desktop and ran it. It installed quickly and I was now able to load the Windows Update page.

It found 24 Critical updates and service packs and 43 additional items. I took a pass on except of two of those as most were language updates. Just DirectX9 and a browsing fix. I forgot just how the older Windows Update (v4) interface was. Clicking 'dem big "Add" block buttons to select each update.

Once I got all the updates on, I slapped on AVG Free (even virtual pc's need protection!), but passed on a firewall since it is still behind my hardware router/firewall. I successfully installed InstallWatchPro, that had been giving me grief going back on the XP system. Looks like the installer didn't like the XP system...

I fired it up and did a baseline scan on my trim Win98 machine.

Puzzling out that pesky Algebra problem

Then I ran the Multimedia Algebra installation disk. It went on lickity-split with no issues.

Well, no issues besides the honking-big NetZero connection programs that got installed along with it (grrrr). No options to not install those under the custom. I don't like seeing that!

After deleting the NetZero components, I launched the application and it works great.

I tried coping the Program folder for it back over to XP, but it still refuses to run. Says I don't have 3MB of free virtual memory. Go figure....

So Alvis is now being taught how to launch the new Windows 98 Virtual PC image and use her program.

So what's a parent who picks up Cosmi's Multimedia Algebra to do?

Take it back to the store, or load Microsoft Virtual PC 2004 (free) on your XP system, then dig out your copy of WIndow98 and install it as a virtual pc image. Then patch it, protect it and configure it. Finally install your application on it and teach the little kiddo's how to use Virtual PC!

It's a tough world out there....might as well teach them now.

Oh, and about InstallWatchPro...."fixed" that too

I was able to successfully copy its program folder to my XP system as well.

Running it seems to work fine. Looks like the installer just isn't compatible with XP either.

Nice to know my WIndows98 CD and key still have a bit of use still left in them!

Cheers!

--Claus

How an Algebra failure helped repair a Windows bug

The Lesson Begins

So a few days ago, Alvis lays two installation CD's on our home pc desk.

One is a French language software set, the other is a multi-media algebra tutorial software program for kids.

Alvis explained to me she might want to take French in high-school and the algebra one might come in useful for her math classes.

She and Lavie found them in the "budget" software rack at the local office supply store. You know, two for ten dollars? Yeah, those.

OK.

So tonight I promised her I would go ahead and install them.

I started with the multimedia algebra disk.

Now, it came with great big logo's for NetZero on it. That had me kinda concerned as I didn't want to end up installing a NetZero dialup program along with it. (Shudders). Nothing about NetZero, but it looked to be a bundled installation and I wasn't interested in adding that to my system.

So I decided to keep an eye on the installation routine.

Trouble Looms

I went to fire-up my old copy of InstallWatchPro. Only it wouldn't start. Hmmm. It is a program that I used to use to monitor what changes occur during a software application installation (files, registry, etc.). It takes a before and after snapshot and compares the results. That way, I could quickly figure out what what going on during installation.

So after several false-starts, I uninstalled it. Then downloaded a fresh setup file. Only it keeps getting stuck during the setup process. Attempts to figure out where it was locking up failed with ProcessExplorer and ProcessMonitor. Hmmm. Must not be compatible with XP?

So I gave up on that and decided to move on. I could have used an old copy of What Changed, but I was thinking that only monitored the registry (later I remembered it covers files as well) but was so frustrated at this point, I skipped it. I mean, hey, I eat network problems and malware for snacks at work, how hard should installing a simple kid's math program application be?

I'm Failing in Algebra!

So I went ahead to plunge in to install the software anyway. Except it stubbornly refused to run the setup file.

Oh No!

So I'm watching it in ProcessExplorer, and the setup.exe file kicks off a process called Install.exe which is described as pig32. Then it, in turn, runs a sub-process ntvdm.exe. Come to find out that this is a Microsoft process that belongs to the Windows 16-bit Virtual Machine. It lets 16-bit programs run on a 32-bit system. Hmm.

So now I am finding that I've attempted to install two programs and both refuse to install. Has my system gone bonkers? Did I somehow corrupt my system? What is going on!!!!

So I wonder if maybe it's an issue with my Windows user profile. I go to log-off my profile and onto Lavie's, only I don't have the "Log-off" button on my Start Menu. Ooops! Forgot. I've been missing that for months and haven't been able to get it restored.

So I shut down and restart and log onto Lavie's profile. Nope. Neither app will install. Hmmm. Am I looking at an XP reload?

? parle vu frances, XP ?

I go ahead and download Mozilla's Sunbird application to see if that will work. Yep. It installs just fine with no issues. OK. Whew. Next I take a chance and try to install Alvis's French language program. It goes on just fine.

I had a brief scare when it looked like the installation froze at 100% and wouldn't "finish" but I finally caught another app listed in the task bar. Turns out that the "register this app" window had been placed to appear directly behind and totally obscured by the installation wizard window. Once I brought that one forward and cleared it, the install wizard finished. Who's idea was that?

Oui!

So I break out Lavie's laptop and try to install the algebra program on a different system. Nope. Same results. Now I think I'm getting somewhere with this program...definitely nowhere!

Alvis is upset. She takes the CD case and points out in the fine print where it says under the system requirements: "Microsoft Windows 98SE or higher: XP compatible"

"Right here! It says so! I checked!" she insists. She is so clever. How many pre-teens check the fine-print before they buy software? That's my girl!

I, in my pride am also beginning to look at the work "compatible" that follows the "XP."

So, I leave it there for now. It isn't going on and no attempts, tricks, hacks or otherwise on my part look like they are going to get it going.

I suspect we have a case where this is really a Windows 98 app that isn't fully programmed for XP. I may use my old Windows 98 OS disk and do a Virtual PC installation of it, just to see if I can get it working under Windows 98. Will let you know.

Mid-term Grades

So, for now Algebra gets a "Fail" for refusing to install under two XP systems and Claus passes Troubleshooting 101 for getting the French software on and not falling for the trick in doing a system reinstall because both apps were being a little bit wonky.

Extra Credit

Well...back to the missing "Log-off" button on my start menu.

I don't know when I lost it, but I haven't seen it around for a very long time.

So, not willing to take off my troubleshooter's hat just yet I turned my attention to restoring it. It's a pain to reboot to compare events under different user profiles on my system.

Normally I would just go to the advanced settings for the Start Menu properties and enable it, but that option isn't showing up. Hmm. Mysteriously, it is there under Lavie and Alvis's user profile Start menus....Hmm. Obviously not a global machine issue. Clue #1.

So I fire up good-old TweakUI for XP. There is a setting tweak listed there that will allow me to add it back. Only it doesn't work either. When I try to apply that setting change, TweakUI just hangs. All the others seem to work fine. Clue #2.

So I do some searches on Google. All the tips seem to not apply to me. I finally track down an XP registry setting for this: Remove Log Off from the Start Menu. This tweak allows you to remove the Log Off [Username] option from the Start menu.

HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer
A value of 1 is enabled, 0 is disabled.

Only when I go and check mine, it had that value listed as "NoLogoff"=hex:00,00,00,00"

That doesn't match. Clue #3.

So I export a copy of the registry item for safety, and then delete the key and rebuild it as a Reg_DWORD type with the value set to "0" just like the example. I restart...and.....nothing. It's still missing.

So I do some more searching....I find a Kelly's Korner item that has a registry key fix for this issue: #267 on the left-hand column. So I check it out and it looks just like what I did. I reboot. Still nothing. Hmm. Clue #4.

This is XP Home so I don't have the handy-dandy gpedit.msc or secpol.msc feature that I do on my XP Pro.

So I go back and carefully look at my exported .reg file.

This time I notice a registry key "StartMenuLogoff"=dword:00000001" Well, I didn't see that before, but obviously it was there. Wait! It says "StartMenuLogoff". And the "1" value means it's enabled, so it should be putting my Logoff button on the Start Menu! So why isn't it working? Clue #5 (The Biggie)

Wait. (Brain kicks on.) What exactly does this registry key mean?

I do some more searching and find this fantastic blog post page Windows XP Embedded Team: Tweaking settings – Part2.

Description: Removes the "Logoff" button from the Start menu and prevents users from adding the Logoff button to the Start menu.
Registry Value: "StartMenuLogoff"

Ah! Tricky Microsoft!

I dove back into the registry and changed the value to "0" and reset my system.

Magna Cum Laude!

When I logged back onto my profile. There was my beautiful Logoff button, restored to it rightful place!

How that registry key got set and the other one corrupted from a D_Word to a hex type I don't know.

But it's fixed now. Finally.

TweakUI kept locking up when I tried to make the setting change there, because the registry key it was trying to change didn't exist in the correct format.

And once I fixed it, the changes still didn't apply as I had a higher-control registry setting still overriding it from appearing.

I could have also just compared Lavie's registry key settings with mine and probably found the key faster since her's was appearing and mine wasn't--but that I didn't consider that option until after I had fixed the issue.

The Windows XP Embedded Team: Tweaking settings – Part2 post actually has quite a few other interesting "hidden" registry interface tweaks listed. Might be handy to review them.

So even though I failed Algebra for now (pending a Virtual PC Win98 installation attempt in the near future), I ended up fixing a real troubleshooting test that has been my nemesis for a while.

Sweet!

--Claus

PS...in the process of looking for an alternative to that bombed out "InstallWatchPro" application, I came across a new one called Total Uninstall by Martau. It looks be be freshly maintained and is compatible with Windows - 98SE, ME, NT, 2000, XP, 2003. Screenshots look very nice and reviews have been quite positive. I haven't installed it yet to play with, and it is only functional for 30 days without purchase. But the prices look very reasonable. Version 2 was freeware, and can still be found on some download hosts. This looks like it could be a very polished program! I will let you know what I think once I play with it. -CV

Sunday, January 21, 2007

A Good Night for Tea and Anime

Yesterday the Valca family took some serious "down-time."

For most of the morning I relaxed by doing some blogging and light household chores. Lavie slept in, while Alvis watched pre-teen shows and coped with her stuffy head.

It was chilly and wet and kinda dreary.

We had to venture out to take the ladies to their hair-dresser appointments. We stopped by a bookstore in the mall, but nothing really struck our fancy.

Then we got soaked with a blustery downpour on our way out, and dropped into a local Mexican restaurant for a mid-day snack of frijoles a la charra and fajita nachos. Yum! Just the thing to warm up on. It was relaxing and nice and really fun sharing a grande-sized plate of nachos together.

Anime Overload

Back at the house we knocked out three episodes of Eureka Seven I had taped on the VCR but haven't watched yet....

Big revelations! Talho is preggers with Holland's child (yeah!), Renton's sister (Diane) was actually Holland's girlfriend (wow!) and then disappeared while continuing research started by her dead father, and Col. Dewey (boo!) is Holland's (yeah!) older brother and Talho was his ex-girlfriend! I'm still trying to digest it all. In an added moment of sweetness, Eureka decides she wants to make Renton happy and experiments with makeup for the first time--with disastrous results, until Talho saves the day. And Holland and Renton finally bond.

Then we moved on to watch the six remaining episodes of Oh My Goddess! (TV) that I have on DVD and wrapped up that series. It had quite a bit of action but the last DVD was filled with lots of tender, tear-jerking moments. It is such a sweet series at heart. I just can't wait for the second season to be released now! I believe TBS aired a second season of Oh My Goddess! (TV) in Japan in 2006, so hopefully we will see it over here on DVD release in the states this year.

Nothing like cuddling on the couch under a Megatokyo "sad girl in snow" blanket, watching anime and laughing and crying together. Family bonding at it's finest!

Still on tap--the Tenchi Muyo! Ryo-Ohki! series I've just completed collecting.

Once we were done, it was getting late and the girls were looking to bed.

Teatime with the Girls--Japanese Style

Lavie and I decided this would be the perfect time to actually attempt to use the Japanese tea-set she got at Christmas from Japanese Green Tea hibiki-an and I was up to do the brewing.

I used my little 4-pot coffee maker to heat up some hot water. Checking the temperature, it was at 180 degrees Fahrenheit. Close enough!

So after carefully reading the included guide on green-tea brewing several times, I was ready to begin. Ominously, a driving rain-storm began pounding the windows....

I measured out the fresh green tea leaves into the kyusu and then filled each of our cups with hot water from the carafe. Then I poured the water in them into the kyusu and let it brew the tea for about one and a half minutes.

Once done I poured a bit of tea into each teacup, alternating until the kyusu was empty and the cups were filled. This method spreads the brewed tea evenly in the cups and keeps the flavor even among the cups.

We enjoyed Lavie's Sencha Superior blend while we chatted, listened to the rain and ate fresh cherry's. I thought their sweetness nicely accompanied the flavor of the tea. Lavie needed a bit of sugar in her tea. She was quite surprised on how mild but clear the flavor of the Sencha blend was. The dried fresh tea-leaves are quite strong smelling. Nothing at all like the supermarket varieties of tea she is used to.

When we had emptied our cups, it was time for the "second pour." We repeated the process of filling the cups with the hot-water, then transferring them into the kyusu again. Less than two minutes later we were drinking our second cups. The flavor seemed a bit stronger as the leaves had had time to fully hydrate after the first pour.

One last time...we had a "third pour" Lavie passed, but Alvis took her cup instead. Wonderful flavor and a relaxing experience.

While I was cleaning up, I showed Lavie the hydrated tea-leaves in the kyusu before tossing them out. She and I both were surprised to find they were nicely shredded, and had a bright green color like defrosted frozen spinach. I nibbled at some and they had a very mild and pleasant taste.

I'm not a tea-connoisseur but it was very clear to me that this is some high-quality tea!

What a perfect ending to a fun family day.
--Claus

NirSoft's been Cooking!

Last night while I was working on my magnum-post on rootkit detectors, I decided to multi-task and run all four of my favorite anti-malware scanners (sequentially) in the background with full system scans.

  1. Spybot Search & Destroy - took about 15 minutes and found a handful of cookies. Removed.

  2. LavaSoft Ad-Aware SE Personal - took about 30 minutes and found some more cookies. Removed.

  3. AVG Anti-Spyware 7.5 - took about an hour and found quite a few cookies under the multiple profiles on our desktop system. Along with a potentially risky app. (It was safe and I think it was related to a Windows system key locater application). Removed cookies and ignored file.

  4. A-Squared Free - took significantly over an hour's time and found a few remaining cookies under the multiple profiles on our desktop system. It also identified quite a large number of potentially risky applications. (These were related to the TVNC remote control software I have, my Nokia cell-phone dialing application, and like AVG-AS, the pspv.exe file). Removed cookies and ignored files.

The identification of some of my tools as "Riskware" was to be expected, since any of those files could potentially have been put on my system to used by a hacker to take control or steal critical information. I'm glad they alerted me.

So besides being highly impressed with the scanning abilities of AVG Anti-Spyware and A-Squared Free, what does this have to do with NirSoft? Everything!

See I thought I remembered what that pspv.exe file was (Protected Storage PassView) but I just wanted to be sure and did a quick Google search. That landed me back over on NirSoft's webpage.

And I found quite a bundle of interesting new applications!

Internet Explorer Stored Passwords Viewer

NirSoft is showcase of developer Nir Sofer. He releases very light and tiny, but dead-useful (to a system administrator) utilities as freeware. Lots of amazing stuff here!

The pspv.exe file in question on my system is Protected Storage PassView. It is used to display all the passwords and AutoComplete strings stored in your Window's system Protected Storage. I like to use it occasionally to see what potentially vulnerable information is present in Internet Explorer, Outlook Express, and MSN Explorer.

But I was surprised to learn that Internet Explorer 7 isn't supported. Turns out IE7 doesn't use Protected Storage to save passwords any longer. (More information on IE7 password storage methods and locations here.)

Bummer? Nope!

NirSoft now has IE7 covered as well: IE PassView. Just run it and see what it finds if you are running IE7!

Product Key Finder

ProduKey - "...a small utility that displays the ProductID and the CD-Key of MS-Office, Windows, Exchange Server, and SQL Server installed on your computer. You can view this information for your current running operating system, or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office, and you want to reinstall it on your computer." I find this one invaluable for confirming product key information before reinstalling a system...just in case the user (or me!) mis copied or lost their key before I nuke and rebuild it.

Outlook PST Password utility

PstPassword - Outlook PST Password Recovery - "This utility can recover the PST passwords of Outlook 97, Outlook 2000, Outlook XP, and Outlook 2003. You don't have to install MS-Outlook in order to use this utility. You only need the original PST file that you locked with a password." Often I encounter a user who has cleverly locked their PST file down...then forgets it! Normally we would just

Nir Sofer also has an interesting article explaining just how a bug in Outlook allows him to use an "alternate" password for the PST file, even when it doesn't match the user's original one.

Additional NirSoft Utilities I find Useful

  • CurrPorts: TCP/IP Connections Viewer - Lists currently opened TCP and UDP ports on system.

  • AdapterWatch - Reports a range of useful information about the system's network adapter.

  • IPNetInfo - Get the dirt on the owner of a IP address.

  • IECookiesView - Independently manage the cookies of IE6 and earlier version on your pc.

  • WinUpdatesList - List and export information on the Windows Updates installed on a system.

  • ShellExView - Shows and manages shell extensions installed on the computer.

  • SysExporter - Copy data from standard list-views, list boxes, and combo boxes and export it.

  • RegScanner (Registry Scanner) - Fast registry search/find scanner tool.

  • Access PassView v1.12 - Recover the password of a mdb file created with Microsoft Access 95/97/2000/XP.

  • WinLister v1.12 - Find detailed information on every window open on your system. Great for tracking down the source of malware generated windows.

  • ShortcutsMan v1.01 - List details about all shortcuts that you have on your desktop and under your start menu. Find broken links and deal with them.

  • WinMessControl v1.00 - Disable/enable 'Windows Messenger' application under Windows XP.

  • OpenedFilesView v1.02 - Want to list of all opened files on your system? This will do it.

  • USBDeview v1.02 - Tiny utility that lists all USB devices now and were connected to your pc.

  • CurrProcess v1.11 - Find out what processes are running on your system. Lots of options and exporting of information found.

  • ServiWin v1.30 - List and generate a report on installed drivers and services running with your pc.

  • FileDate Changer v1.1 - Change the dates associated with a file. Bulk processing supported.

  • ExeInfo v1.01 - Get info from within EXE, DLL, OCX and other files.

Related Non-NirSoft utilities for License Key auditing and Password Recovery

Happy Tooling!
--Claus

Rootkit Storm and Solutions

It wasn't really my intent to go back and revisit all these security post lists. That's just how it seems to have turned out. That's OK. Software gets developed and updated. Lists grow. New and better versions get released....

So this time, I'm re-visiting my original anti-rootkit post: Windows Rootkit Detectors

To summarize: "...a rootkit is executable code that attempts to evade detection of running processes, files or system data. There are many ways it can do this, but the end result is that they are very hard to find and can make an infected system look clean and safe even to traditional anti-virus and anti-malware software." More here: Wikipedia : Rootkit

At the time of my original post, there were just a handful of anti-rootkit tools available to the public. I just offered five.

Now most all major anti-virus/security software vendors have issued anti-rootkit solutions, though some are still in a beta release form.

The Threat

How seriously concerned should the average user be? Well...if you are practicing "safe-surfing" by staying away from "risky" websites, keeping your operating system patched, scanning all files downloaded and sent in email with an up-to-date anti-virus program, you should be mostly ok. I say mostly because it is still possible for a system to become compromised with a rootkit, even if you are playing by the rules.

Certain individuals would like nothing else than to get a home-broadband user's system infected with a rootkit. Not so much to steal your personal information--though that's always a potential target--but to install trojan services that would allow them to leverage the system for attacks on other larger systems, spam-mail-bot rental services, or even hosting of their hidden/illegal files on the system. Any of these events could seriously make a home or corporate user's system a great big pile of steaming cow-dung for the user and those impacted by those services. Bummer!

SANS-ISC recent reported that Europe has been pounded lately by emails which include variants of a virus/trojan loader file: European Storm Video E-Mail. While bad, it doesn't sound too serious...but!

heiseSecurity in Germany expands the story with more details, much more disconcerting: "Storm worm" sloshes through the internet. What the trojan seems to be doing is download additional files from the internet, and "...according to GDATA, one action it takes is to install the rootkit Win32.agent.dh." Depending on the anti-virus company, different names may be used.

Over at the Anti Rootkit blog: New Storm-Worm Rootkit creating Botnets Steo does some more research on just how this rootkit does its deed. Interesting.

Rootkit writers aren't happy about the attention. Just this week, they have worked to get the GMER anti-rootkit mirrors shut down under a massive DDOS attack. As soon as new mirrors for the files went up, they also were attacked. More information: GMER Anti Rootkit & People Power, and Martijnc's blog post: DDoS attack

The battle for pc security rages on.

The Response

There are a number of ways to look for a rootkit on your system.

The first is to download and run several of these rootkit detection tools on your live system. These rootkit detection tools are specially programmed to check for hidden files and masked running or injected processes. It's a cat and mouse game, and some tools and methods are more effective than others. Just as hard as the security programmers work to prevent and detect these rootkits, the developers on the other side are working to make them more difficult to be detected.

A second technique is to download and run several of these rootkit detection tools onto a USB drive. Then using a bootable "LiveCD" like BartPE or Linux, run the appropriate rootkit detection tools on the "dead" system's drive(s). This may be a much more effective approach. Since the infected system isn't being booted, the drives just contain "static" data files that shouldn't be executed. They could be, but that's the point...to not run or launch any files on the potentially compromised system. That way they can be detected and removed while "dormant". Using a Linux "LiveCD" to scan a Windows system disk is even more safe as the likelihood of cross-contamination is almost non-existent.

If a rootkit is found you have two options: 1) Use one of the detection/removal tools to--hopefully!--remove it. Or, 2) recover your critical data files to another drive/media location, then do a full wipe of the infected system, and reinstall it fresh.

Speaking as a half-way competent computer geek, I personally would feel more comfortable going with option two, because otherwise I would always have a shadow of doubt of the system's integrity. Nor would I have have the patience to pick through a manual removal process if the tools failed to remove it.

Rootkit Detector Tool List

InformationWeek posted an excellent article recently titled Review: Six Rootkit Detectors Protect Your System. I was familiar with some of them, and had come across a few more on my own that didn't make the author's cut. But that got me observing the increase in the number to tools now at our disposal. With some more careful searching, I've ended up collecting quite a list. Almost all are offered as freeware or trialware.

I have only used a handful of these tools and only keep a few with me on my USB system administrator's stick. So far, I haven't found a rootkit on my systems (here or at work) so I can't speak of their effectiveness in removal. Also, because of the nature of how these tools work and where they look, it is quite possible that removal of a real rootkit or a listed file in error (that wasn't actually malicious) can cause your Windows system to fail, not boot, or BSOD to the point you will be recovering files off the dead OS drive and then reinstalling your system.

You've been warned!.

  • F-Secure BlackLight - Restrictive wizard interface, but easy to use for the uninitiated.

  • IceSword 1.20 - Developed in China but nicely translated into English. Busy interface but updated often. Has some advanced tools like the ability to "reboot and monitor" during the boot process.

  • RKDetector 2.0 - Two tools in one; 1) scans for hidden files on drives, 2) scans for hidden processes and hooks. Takes a bit of work to run the scans, and can't do a global system scan with both.

  • Trend Micro RootkitBuster 1.6 - Runs scans in five system areas and exports a nice log file. You can then opt to remove the detected items.

  • RootkitRevealer 1.71 - From the Sysinternal's team. Easy to use, but does often turn up documented false-positives. Just identifies suspicious processes...you are on your own to delete them with other methods and applications. Better for system checking and monitoring, rather than protection and removal in-of-itself.

  • Rootkit Unhooker 3.0A - Russian software team project. Does a self-test to make sure it hasn't been compromised; that's a good feature. Provides lots of details and the ability to do focused scans or a global element scan. Also provides multiple methods to address/remove the located processes and files.

  • McAfee Rootkit Detective Beta - "McAfee Rootkit Detective Beta is a program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the system." Nice interface.

  • Sophos Anti-Rootkit - "Sophos Anti-Rootkit provides an extra layer of detection, by safely and reliably detecting and removing any rootkit that might already have secreted itself onto your system." Note: Registration required for download from the vendor's site. The utility itself is free.

  • Gmer - The tool that's got everyone in a fuss! Scans for hidden processes, services, files, registry keys, drivers, and hooks. Also allows some system function monitoring. Highly regarded by the antirootkit professionals. More screenshots (while the site is up).

  • Advanced Rootkit Detector for Windows (rkdetector) - This command-line based scanner was one of the very first rootkit detectors I became familiar with. I don't think it has been updated since it's original release (back in 2004). The website is in Spanish, but the application worked just fine for me. I can't say it now can handle the newest rootkit methods of attacks, but just for posterity I'm offering it here.

More follow as discovered on Antirootkit.com's incredible website. They've done a bang-up job of finding and detailing all these. Please check out their site for more information as well as some screenshots, reviews and evaluation ratings. These guys (and gals?) are doing great work and deserve full credit for locating these wide selections of tools.

Note: Some products here are beta products and may not be available or will work past a certain date. Others are trialware/crippleware. In these cases I have chosen to still include them so you can keep an eye on possible future development or releases.

  • Gromozon, Rustock, Haxdor related removal tools - Specialized and targeted rootkit removal tool list via Antirootkit.com

  • Aries Sony Rootkit Remover - Tool to remove the Sony/BMG DRM CD protection software.

  • Archon Scanner - More of a process, injection, hooking scanner. But has other specialties as well. - current version was beta and has expired...developer's promise new one sometime.

  • AVG AntiRootkit - Beta product. Doesn't seem to be offered anywhere but from Antirootkit.com.

  • Avira Rootkit Detection - Beta product disabled after 1-4-07. See Antirootkit.com's page for file.

  • DarkSpy - Chinese developed tool. Supports process, kernel mode, file, registry scan (disabled in test version) and hidden port detection. Screenshot via Antirootkit.com.

  • Helios - Alpha level program right now. Behavior-based, not signature based detection. Interesting interface and approach. Worth looking at, but remember it is alpha/beta level... Developers offer videos as well of their tool in action.

  • HiddenFinder - trialware - Shows hidden processes and drivers on a system and then allows for killing of the desired process.

  • HookExplorer - Tiny little application. Displays import address table (IAT) hijacks and "detour style hooks." Lots of information in the tiny display!

  • OS X Rootkit Hunter - Mac OS X 10.4 product. I don't support Apple systems, but there you are. Screenshot page by developer. (I didn't think Mac's got sick like this!)

  • chkrootkit - Linux rootkit scanner

  • Panda Anti-Rootkit - beta software. Looks at hidden drivers, processes, modules, files, registry items, hooks. Not a lot of user options...scan, clean, and view results.

  • Process Master - trialware - API comparison tool.

  • RootKit Hook Analyzer - Reports on any system hooks and modules and displays findings.

  • Rootkit Hunter - Linux rootkit scanner.

  • RootKitShark - trialware - Command-line scanner. Unmasks located files and prevents from boot-execution. Then can be manually removed by user or using other security tools.

  • WinShark - trialware - GUI based version that incorporates RootKitShark (above) among other features. Allows process and user monitoring of systems. (Intrusion Detection System). Detection enabled in trial version, but rootkit elimination feature only in the fully-licensed version.

  • RootKit Uncover - beta - Appears to be a hidden process and file scanner. See Antirootkit.com's page for overview. Bitdefender doesn't have any information on their site for it.

  • SEEM - Multi-purpose system reporting tool that has an interesting interface. Includes a rootkit scanner as part of it's features. Website (translated from French) has quite a bit of good information on rootkits and as they apply to their program. Download page (kinda hard to find in French). Get the English version unless you know French.

  • System Virginity Verifier - Tool developed by Joanna Rutkowska to validate system integrity by checking important Windows System components targeted by hidden malware. She also provides links to some related PowerPoint presentations.

  • Unhackme - trialware - limited to 10 runs until license purchased and entered - In standard, "Roaming" and "Professional" editions. University of Minnesota's Safe Computing page documents rootkit removal tutorial with Unhackme.

  • Zeppoo - Linux rootkit scanner. Screenshot page. Blog page.

Additional Resources

See you in the skies...
Claus

Saturday, January 20, 2007

Eureka Seven - Anime with Edge

I have more anime DVD tiles that I would care to admit.

Obviously I like them all, or else I wouldn't have spend my lunch-money on them, but some just live on with me more than others....like Last Exile, or TenchiMuyo, the Onegai series (Teacher, Twins) , or Oh My Goddess!

They touch a nerve in me, the characters capture my heart and imagination, the ladies are pretty....you know....

I really wasn't expecting to get very excited when Eureka Seven burst onto the anime scene here in the States. It had two very big things going against it for me: Mecha and sky-surfing Mecha. WTF???

However, now that I am about 29ish episodes into the story (about 1/2-way done) I can't get enough. (I also have a Eureka Seven t-shirt, manga, and three DVD's so far). I'm hooked.

So just how did this edgy anime title knock me off my feet? Let's see....

Seven Reasons to like Eureka Seven

  1. Renton and Eureka - These two kids are the entire reason the story is worth watching. In the very first episode a cold and distant Eureka crashes into Renton Thurston's unfulfilled and shy life. He is instantly smitten. In the end he follows Eureka and their lives and hearts will never be the same again. The slow development of their characters, filled with fears, warts and desires slowly matures (sometimes agonizingly) before our eyes. It's kinda like being back in Jr. High school all over again, but in a good way. Strip out all the other story-line plots and distractions and their story alone would be worth watching. Episode 26 was a defining moment in the relationship between these two. The anime-video mashup done by a fan (8GaugeBrett) posted above from YouTube does a really good job of capturing the moment.

  2. Good / Evil / Gray - There are lots of clear good-guys and evil-guys. But there are even more gray-guys. Characters who seem quite nice and kind and motivated for good, but are on the evil-side. And the good guys have dark motivations that drive them to do some pretty mean-things. And then there are the supporting cast of citizens that are caught up in the drama. That mix of shades-of-gray makes for a deeper and more fascinating storyline--and mimics real-life much more closely.

  3. Getting-Along Theme - This is a hidden theme that slowly swells through the episodes I've seen before. There seems to be a desire for the sentient creature that inhabits the entire planet to want to get along with the humans. And many humans want to live in harmony with the being/planet. Unfortunately, a powerful minority wants to destroy it forever. The members of Geckostate (good guys) just want to live in peace and sky-surf on their "ref-boards" but they have had to put their surfing desires aside to battle to save the world they love and enjoy. Their adult view mixes with the kids' youthful naivete and end the end they all are learning something.

  4. Yeah, the Mecha - I have nothing against mecha. Really. Gigantic battle robots just aren't my thing. The mecha in E7 (aka. LFO's), while important to the story-line, often take a back-seat to the overall character developments and plot line. That was unexpected. And when the mecha are in battle-mode, the battles are often conducted much like surfers and dancers....it's much less guns-a-blazing-missiles-a-firing and more like lethal dancing. The mecha designs are much more organic than is first seen and the Nirvash (good mecha) is also growing and responding to the budding relationship of it's tandem operators, Renton and Eureka.

  5. Mystery - This isn't your Scooby Doo. Yeah there are deserted cities, spooky underground mines littered with ghostly spirits, strange dreams, city destroying bizzaro creatures, etc.... What happened to Renton's sister and why did she go missing all those years ago. Who is the girl in the picture with Holland and why does his girlfriend Talho seem to feel so troubled about it? What did Renton's father do to make him such a hero--and give his life for? And what is up with Anemone? Will Dominic and Anemone "hook-up" like Eureka and Renton? Or not?

  6. Animation Quality - The production levels on this series are quite high. The DVD's look sharp and well colored. The ADR work is top-shelf. All the design work and character styling is very nice. The production uses a mix of high-tech "haves" and contrasts them against a stark background of "have-not's" The city and country folk live pretty simply where most of the story takes place. It reminds me somehow of a post-WWII Europe just as the last of the guns have ended--except the landscape is almost reminiscent of a colored coral barrier reef. Yeah. Really.

  7. Music - What an amazing soundtrack! I was fortunate to get a two-CD set with my collector's edition DVD box. If it was vinyl--it would have been worn through by now. The songs (in Japanese) are powerful, beat-driven works that soar and crash. And then "Himitsu Kichi" slips in, performed by the simple and strong-voiced Japanese female artist Kozue Takada, that just in the tone alone, brings me to tears (in a good way). In fact, almost every episode title refers to a real song from Japanese or foreign artists. Fascinating.

Where to watch Eureka Seven

If your interested--check it out. It runs on Cartoon Network's Adult Swim Friday Fix or Saturday late-nights on Adult Swim. Set your TiVo or VCR. Go get a DVD. Or, if you just really want to dip your feet into the Eureka Seven waters...go to YouTube and do a search for Eureka Seven (while you still can find them there). Like I said, my favorite one that captures just about everything the series is about is Eureka Seven Episode 26. You could do a YouTube search on that as well.

I'm still amazed (not really) how much anime (of all titles) is still available there.

Additional Links for Eureka Seven Fans:

Looks like I'm going to have to save more lunch-money for all those E7 DVD's still to come down the pipes!

--Claus