Friday, August 31, 2007

Symantec says Verboten!

cc image credit: Jeremy Botter, flickr

The other day we were issued new "secure" USB flash drives at work.

These are 8-GB'er's and far outstrip the two 512 MB Sony sticks I had been wearing like dog-tags. It is also double my own Seagate "hockey-puck" 4-GB'er that I carry in reserve.

Needless to say, when the boss passed these out, we all scampered back to our cubicles like rats with cheese and went to work copying our data over to them.

I've been using DSynchronize (freeware) for some time now to keep my primary pile of utilities on my work machine sync'ed with my USB stick. This allows me to focus on updating the files on my work-machine current, then I can do a one-way sync to my USB stick to refresh it.

So there I am, syncing the files and suddenly my enterprise-class Symantec AV program goes ape-in-heat and starts tossing up virus/trojan/malware file quarantine warnings all over the place.

WTF!!!???!!!

Malware? There ain't no malware on my machines!

When the carnage subsided and the rest of my files were sync'ed I went back to look at what had occurred.

Ouch! Smacked by Symantec...

I came to find out that Symantec has decided to classify some wonderful, legitimate utilities as "hack-tools" or "potentially unwanted products (PUPS)" or just plain "malware".

Because of the way we have our Symantec deployments compartmentalized in our enterprise environment, we don't have much say in the Symantec policy settings. We are responsible to install the Symantec client on workstations, make sure the DAT files are getting applied across our workstations, and then go clean the buggers when they get infected anyway.

My network analyst and I tried to fiddle with the settings in Symantec Console to allow some of these but it appears it would need to be set globally, which we both don't want to do. I just want to have my network/anti-malware utilities and be able to use them un-accosted by Symantec. In our previous version of Symantec, I could turn off and change the settings on my AV client so it could "ignore" some programs, this latest version doesn't allow me that privilege.

(Sigh)

The List

So here are links to the applications that I now cannot keep on my USB or hard-drive at work, lest Symantec goes ape and my workstation is flagged again on the Console for being "infected" with these terrible programs.

SuperScan4 - Foundstone, Inc. (freeware) A great network IP/port scanning utility. (It has been crippled somewhat now since raw-sockets support got pulled from XP in SP2, but works fine in Windows 2000.)

HotBar Uninstall Program - HbUnist.exe - I like using this tool from HotBar to uninstall their own program when I find in on our machines at work. It is pretty effective.

Angry IP scanner - (freeware) - IP and port scanner program for analyzing networks with NetBIOS information support. (Rated #51 in Insecure.org's Top 100 Network Security Tools, BTW.)

I'm sure these aren't the only ones Symantec has black-listed. For now, both of these freeware utilities Advanced IP Scanner and Advanced Port Scanner are getting a "pass" from Symantec so I can do network IP/port scans for troubleshooting and network connection reviews.

A Problem worth a Petition?

The development team for Angry IP Scanner is so fed-up they have created an on-line petition to fuss at Symantec and McAfee for their classification against it:

Angry IP Scanner Listed As Malware Petition

I understand and concede the direction Symantec and others are coming from when they make this call, most enterprise groups DON'T want folks running IP/port scans or having anything associated with HotBar in their networks. However, when the door gets shut on utilities that the very staff who help service and protect those networks use, well...that's not cricket.

I'm going to continue working with my analyst buddy and see what we can work out in the configuration department. I remain hopeful of a workaround...which is kinda scary. IT staff having to work-around an IT security solution to keep things safe.

Oh, well...

--Claus

Thursday, August 30, 2007

Coming Soon: New Windows Live Writer release?

I love Microsoft's Windows Live Writer.

It has become my Blogger blogging platform of choice, and I had gone through quite a few to reach this point.

It isn't perfect yet, but granted, still is in beta.

So when I was trolling my RSS feeds today, I came across a little tidbit that suggests a new release version is coming soon:

It linked to this more detailed post that points out some changes are coming to Windows Live Writer (for developers at least).  No release date was specified (drat!).

Specifically, this next version will be moving the installation location of Windows Live Writer from <program files>\Windows Live Writer\ to <program files>\Windows Live\Writer\

Look carefully and you will see they are now creating a "Windows Live" program folder and I suppose the different Windows Live programs will then be installed in sub-folders under that one.

They are also changing some registry key paths for the program as well.

If you do use some of the WLW plug-ins, the post reports that they should continue to work in this next release version if registered properly in the old locations.  However ongoing future versions may not work...so I expect the WLW plugin writers will be busy after this next release updating their plugins for the newer locations.

I'll be watching the Tubes carefully for this one!

More GSD Windows Live Writer tips.

--Claus

Air is Here! View some for Free!

Late April, I blogged that the anime series "Air" was going to be released here in the States.

A breath of fresh Air: Coming soon to USA!

It is now out!

(Amazon.com - Air TV vol. 1)

This weekend I will be running around to my anime sources trying to find the first volume.

I have already seen the very first episode on a DVD insert in this month's issue of Newtype USA.

Free Air Episode!

If you want to see what the fuss is about, act quick (before September 6th) and you can view the entire first episode of AIR over the Net from ADV films. It's 25 minutes long, so grab a beverage and some snacks.

I was really looking forward to seeing this anime series just from the reviews on the artwork; particularly the backgrounds.  However I was really blown away by the quality and detail.  I almost swooned!

It reminded me a lot of those done in the Onegai! (Please Teacher! / Please Twins!) anime series Lavie and I fell in love with. The colors in Air seem a bit more saturated, however (in a good way).

This is going to be a four-disk run so the cost should be reasonable (unlike those 7-10+ volume sets released for some titles!

Free Air Movie (2004)

If you are really a hard-core fan of Air, Animate.tv website is offering a streaming video of the 2004 Air movie (Japanese language only).  No word how long it will be available.

Part 1,  Part 2Part 3.

Requires Microsoft Windows, with Internet Explorer and Windows Media Player.  You will likely have to download and install an additional component (probably for DRM management).   Abandon Firefox all those who hope to tread there!

The streaming quality isn't nearly as good as the Air TV episode mentioned above, and if you don't understand Japanese, you might be quite confused, but it is still pretty to watch.

--via AnimeNewsNetwork

If you like what you see, ADV Films is going to release the movie in the States (dubbed) in late 2007.  So be patient a while longer.  Many fans thought this series would never see a State-side release at all.

Yes, I suppose some folks are clever and know where to find these things on torrents, but I personally don't look for and watch anime via torrents/etc.  I just buy the DVD's if I am interested.  I might watch some clips on YouTube if I can find them for a new series just to get a feel.  That's just my thing.

September Anime Shopping

Besides Air, I need to hunt down the Ah! My Goddess TV (2nd season) volumes and I think I am at least two or three episodes of Eureka Seven DVD's behind as well.

There have been some other series that looked good as well, but besides getting a box-set of Maburaho for Lavie a few months ago, I haven't really been picking up anime titles. 

Links some more:

Air (movie) - official Japanese webpage.

Air (TV) - official Japanese webpage.

Air TV - great review via bluemist anime blog

Air (anime) - Wikipedia, the free encyclopedia (plot and spoilers)

The Air is looking very beautiful right now!

--Claus

My Firefox Add-on Extensions List

Here are the current Firefox Add-on extensions I'm running on my home desktop system.

Haven't offered them for a while (March) some new ones added, some old ones dropped.

I've taken the time to add brief descriptions to them...mostly from the developer's own words.

Enabled Extensions: (37)

Adblock - Adblock is a content filtering plug-in for the Mozilla and Firebird browsers.
Advanced Dork: - Gives quick access to Google's Advanced Operators from the context menu.
Better Gmail - Put your Gmail on steroids with Better Gmail. (Lifehacker)
CacheViewer - This extension is GUI Front-end of "about:cache". 
CoLT - Makes it easy to copy a hyperlink's associated text and URL at the same time.
Copy Plain Text - Copies text without formatting. Use from the Edit or context menus.
Download Statusbar - Keep track of ongoing and completed downloads in a hide-away status bar.
DownloadHelper - Save videos from sites to your hard disk.
Dr.Web anti-virus link checker - Scan for malicious programs any web link before it is opened.
East Asian Translator - Translate Asian language web pages with service provided by excite.co.jp.
Enhanced History Manager - Provided additional history sorting and management features.
Fasterfox - Performance and network tweaks for Firefox.
Favicon Picker 2 - This extension adds a UI for replacing bookmark icons.
Firebug - Edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
Firekeeper - Firekeeper is an Intrusion Detection and Prevention System for Firefox.
FoxClocks - Display world times in your status bar.
Full Map - See more of the actual map on Google Maps. Rotate through 3 modes.
Fullerscreen - Enhances the full screen mode into a Really Full Screen mode.
Google Browser Sync - Continuously synchronizes your browser settings across your computers.
gTranslate - Translate text in a webpage by right-clicking over it. Uses Google translation services.
Linky - Open or download links, image links and web addresses found in the page text.
ListZilla - Outputs either a plain text, vB code, or HTML file listing all installed themes or extensions.
Make Link - Adds a context menu item to copy links to the clipboard in HTML or simple text formats.
MeasureIt - Draw a ruler across any webpage to check the page elements in pixels.
Nightly Tester Tools - Adds a few extras useful to those that regularly test Mozilla's nightly builds.
NoScript - Provides protection by allowing JavaScript and Java execution only for trusted domains.
Restart Firefox - Adds a "restart" button to the toolbar to restart Firefox.
Sage - RSS and Atom feed reader extension for Mozilla Firefox.
Save Image in Folder - Save images into different folders via right-click context menu.
SearchLoad Options - Adds a menu for tweaking the search bar's default behavior.
Secure Login - Uses the built-in password manager, but deactivates the pre-filling of login forms.
Smart Link - Adds open in new tab / window options to right click menu for plain url texts.
TargetAlert - Provides visual cues for the destinations of hyperlinks.
translator - Translate web page into nearly any language - multiple translation service support.
Uppity - Hop Up the URL structure of a page via the address bar to quickly navigate a website.
User Agent Switcher - Switch the user agent of the browser.
Viamatic foXpose - View all your tabs inside a single browser window.

Have fun picking through them.

--Claus

Sunday, August 26, 2007

Because it's the Last Sunday in August Linkpost

2007 LLWS World Championship game still tied 2 - 2, in the 8th inning.

No pressure Georgia and Japan.

Update: Georgia just slammed a home run over the outfield wall.  Georgia wins.  Good job all!

Here are the remaining links I haven't been able to address this week, chopped up and sauteed for your link-dining satisfaction.

100% calorie-free.

Visual Goodies

Welcome to Desktopography | Exhibition III (2007)| Natural Desktop Aesthetics - This is quite a website of desktop wallpapers. 

Desktopography is an exhibition, a showcase of nature themed desktop wallpapers created by designers worldwide.

Designers spend about 90% of their waking life in front of a computer so the most appealing genre for a wallpaper would be one that has beautiful design mixed with the all important aspect of being outdoors.

This year's exhibition of entries includes over 40 images that merge outdoor scenes filled with mood and mystery punctuated with a range of small to strong "modern" elements of technological twists and tweaks.

I'm sure there is something in there that everyone can find and enjoy.  The images are really high quality and come in a range of resolutions depending on the artist.

--spotted and reviewed on freewaregenius.com

IcoFX - The Free Icon Editor - (freeware if you didn't catch that) - Very nice icon editor. Supports Windows XP and Vista icons and transparencies. What makes it even more spectacular is that it comes with over 40 visual effects to apply to the icon you are designing. Icon resolutions up to 256x256 can be created. You can extract icons from files as well as capture images for conversion to icons. ( Screenshots ) 

And the clincher? If you'd like to run IcoFX from your USB drive or mobile HDD you can download the portable edition here

I'm adding this one to my icon utility toolbox to take it's place next to my other freeware favorites: @icon sushi, LionTech's IconShop, and LiquidIcon XP.

--spotted and reviewed on CyberNet News.

Bits of Adobe

I'm a huge fan and supporter of Foxit Reader (freeware) as a high-speed, portable and light-footed alternative to Adobe Reader.

Sure Adobe Reader 8 is probably the fastest and best put together version yet, but I still prefer Foxit Reader.

So what do you do if you don't have any choice due to your corporate requirements and have to use Adobe Reader anyway?  Any way to speed it up?

Tweaks: Speed up Adobe Reader 8 - This Lifehacker tip suggests removing the accessibility.api file.

Jonathan Hardwick : How to make Adobe Reader 7.0 load faster - This post has a number of suggestions which includes disabling some features and remove some plug-ins. I've done this at work and find it really does help.

Adobe Reader Speedup -  (freeware) - this great little utility lets you pick one of four "preset" configurations for plugin disabling (Fast, Turbo, Bare, and Auto-Install Fix) and a restore to default ability if something ceases to work as expected.  It also contains some tweaks and troubleshooting settings. Or if you want to do it all on your own, you can select each and every api plugin you wish to have enabled/disabled.  A very cool (and portable) utility!

Requires running as "administrator" in Vista to work properly.

-spotted and reviewed via Download Squad.

Security Tools and Utilities

Did you see that BitDefender is offering version 10 of their anti-virus solution for free? 

BitDefender Free Edition

Registration is required for download.  Supports the following Windows systems: Windows 98/NT-SP6/Me/2000/XP IE 4.0(+)  (No Vista support yet.)

I personally prefer AVG-Free but BitDefender does get good ratings.

Whatever your preference, there are a wealth of free and quality Anti-Virus Tools for Windows home-pc users to use to protect their systems.  Pick something and use it!

MANDIANT also has a free utility Mandiant Restore Point Analyzer.  The description states it is "a simple forensic tool to analyze change.log files from restore points to determine the original paths and file names of files stored inside restore points."  I assume it works with XP, don't know if Vista is supported.

Foundstone, Inc: Free Tools - My link for this site had gone dead when Foundstone apparently worked on realigning their webpages.  I finally found the download tools page could be reached again and updated by bookmark.

Lots of fantastic forensic and network tools.

RegDllView -  (freeware) New tool from NirSoft that "...that displays the list of all registered dll/ocx/exe files (COM registration). For each registered file, you can view the last date/time that it was registered, and the list of all registration entries (CLSID/ProgID)."

Besides being an interesting (and highly portable) tool, it might be a good utility when addressing a malware infection to see if malware has registered any suspicious files since it displays the registration time/date.

Supports Windows 98 to Vista.

Speaking of Vista

The laptop that Lucky Lavie won a while back came with Vista Premium.  I'm very happy with it and there are very few features lacking in it that Ultimate (Extras) has.

The only main one is DreamScene.  That's the effect that makes a "live" wallpaper effect live under your desktop icons.  It's pretty cool and very pretty.  The best designed DeskScapes are subtle and not distracting.  Sure, you can do a similar effect in Vista and XP by using VLC Media Player (CyberNotes: Play Videos on your Desktop in XP and Vista (like Dreamscene)) but it's not quite the same thing.

Now comes notice of a new free application called SSDream. (Vista only).  There are too many features to list them all.  Check it out.

Then again, if you have Vista Ultimate, and this whole DreamScene thing sounds great, check out the Stardock DeskScape software (free) and the gorgeous DreamScapes...many of which are free.

Me? Well, I'm just sticking with "standard" high-quality wallpapers.

This is my current Vista wallpaper: Elevation.

Vista tip site VistaBase has a great tip if you find that you are constantly having to re-registry applications after you have installed them: Constant registration details on-startup of applications (which you've already registered)

Seems the issue is that UAC may be protecting the registry from receiving the write to registry registration key event.  Solution? Either disable UAC or run the application as "administrator".

Finally, Windows news site Bink.nu had a run at the bank on great Vista and PowerShell - related resource topics this week:

Have a good week!

--Claus

Full Sunday....Chance of Random Thoughts, 100%

Back to School Hair

Tomorrow Alvis returns to school. She will be a big 8th-grader which in our area means she is a "senior" at her junior-high (middle) school.

Room is picked up (almost), hair has visited the beauty shop, the "outfit" has been laid out for tomorrow morning, and she is in contacts for the first time.

Lavie and Alvis figured on Friday that Alvis needed to "even out" the color in her dirty blonde/brown hair and add some shine. So they got a hair-coloring kit that matched her natural hair very closely.

Then good-old dad got roped in to do the actual hair coloring job. It was quite the task as Alvis has a lengthening head of hair.

I wasn't too intimidated by this as I occasionally get called upon to color Lavie's hair as well. But coloring long hair is much more work than Lavie's short locks.

Recliners are Evil

Last night Lavie went in for a sleep study and asked me to stay the night with her in the study room. I think she isn't getting a deep enough sleep (REM) for a long enough period. Since I couldn't share the bed with all her wiring harnesses, I was relegated to a faux-leather recliner for the night. I decided that I am not a big-enough guy to successfully sleep in a recliner.

Although the foot-rest pops up and stays, to recline the back you must lean against it and provide a certain amount of counter-resistant force to keep the springs from pulling it back up. And I had to stay in a constant state of tension against it to keep it down. Over the night I would try to relax to get some sleep and it would slowly return to an upright position. Somehow I suspect gentlemen of a certain weight don't have this problem. This has convinced me I am not a recliner type.

I ended up not getting any sleep which is funny as I was in a sleep center which was trying to help find out why my dearest bride isn't sleeping well.

Podcasts and Deauthorizing

While whiling the time away, I began trying to catch back up on my podcasts of Security Now hosted by Leo Laporte and Steve Gibson. I've gotten a number of months behind so it was fun listening again.

While I was syncing my iPod up, I realized a mistake I made when I did my hard-drive/system upgrade. I forgot to "deauthorize" that computer/drive before I replaced the OS and hard-drive.

When I had reinstalled iTunes after all my repairs, it picked up my music and library just fine. Even the purchased items were there. But when I went to actually sync my iPod for the first time since, it balked about sync'ing with the purchased music from iTunes Store.

I had to re-authorize the desktop system to my iTunes account to get them to sync.

About iTunes Store authorization and deauthorization

Make sure you deauthorize your computer before you upgrade your RAM, hard disk or other system components, or reinstall Windows. If you do not deauthorize your computer before you upgrade these components, one computer may use multiple authorizations.

Oh well.

Chores of Dread

I braved the Texas sun for a half-hour to trim back the hibiscus. It amazes me that despite all my attempts to whack, kill, ignore, and abuse the things, they continue to flourish and produce gorgeous purple and magenta colored flowers the size of saucer plates.

Laundry is almost done. I can't believe that I was so busy last week that I didn't even bother to fold them after washing. So this week I have about 1/2 a basket of clean clothes from last week and at least another basket-full for this week.

I don't mind doing laundry or washing dishes (by hand or machine). I don't mind folding. It's the putting away of the folded clothes or emptying the dishwasher that I hate to do for some reason.

Vacuuming is done. Who bothers to dust anymore? I think I am too tired to grocery-shop for the week tonight and am fed up with eating out. Think I will make some scrambled eggs, mini-sausages in rolls, and bacon on the side for dinner.

Soccer in Houston

Two weeks ago one of my co-workers asked if I wanted to go to a game put on by our pro-soccer team The Dynamo. Four of us went.

I enjoy watching soccer on TV but this would be my first MLS game attended in person.

It was a blast. I felt like I was in a different country even though they play at my Alma Mater University of Houston's John O'Quinn Field at Robertson Stadium.

The Dynamo lost, but watching them play the team (Club de Futbol Pachuca) from Pachuca, Hildago, Mexico Mexico City was spectacular. The fans were great, the weather from 9pm to past midnight was sweltering and stale. The game went into extended overtime and our team lost on penalty kicks. It was a sight to behold. I felt I was at a high-school football game. The seats were filled with an exciting cross-section of Houston. Business men in rolled up button-downs and ties, Hispanic fans, families with kids who looked like they were fresh in from the suburbs all cheering and jumping to their feet. Fans were evenly distributed on both sides of the teams. Afterward, everyone was smiling and clapping each other on their backs. If there wasn't a scoreboard it would have been difficult to tell who had won.

Georgia vs Japan (LLWS)

I'm ignoring the fact the dryer just went off and yet another load needs to be swapped out and folded.

I'm got the tele tuned to the 2007 Little League World Series. It's a great game with Georgia and Japan appearing very well matched. They had a factoid that said it cost the Japanese team over $115,000 (US) to bring all twenty-seven players, parents, coaches, and tag-alongs over here. Price includes all but meals and souvenirs. What is even more amazing is that they raised the money with fundraisers to meet the costs themselves. Warms my heart.

Why do we call our MLB championship game the "World Series"? Yeah, sure I think there might be a team from Canada, but I know a lot of other countries play baseball besides us at the professional level. Never quite understood the hubris of that...even considering just how much I occasionally enjoy and partake of a ball game from time to time.

The Wikipedia article I linked to above does say this:

The World Series itself retains a US-oriented atmosphere. The title of the event is often presented on television as merely a "brand name" in the same sense as the "Super Bowl", and thus the term "World Series Championship" is sometimes used. However, the origin of the term lives on, as with these words of Frank Thomas in the Chicago White Sox victory celebration in 2005: "We're world's champions, baby!" At the close of the 2006 Series, Commissioner Bud Selig pronounced the St. Louis Cardinals "champions of the world". Likewise, the cover of Sports Illustrated magazine for November 6, 2006, features Series MVP David Eckstein and is subtitled "World Champions".

A recent myth has arisen that the "World" in "World Series" came about because the New York World newspaper sponsored it. There is no evidence at all supporting that hypothesis.[3]The annual publication called the World Almanac was originally published by the New York World. Its ambiguous title and U.S.-centric content may have inspired the World Series myth, either facetiously or naively.

Humorist Ring Lardner, when writing columns about ongoing World Series in the 1910s (including the infamous 1919 Series) mocked the pomp surrounding the games he covered (as well as his own persona) by calling the event the "World's Serious".

Then I understand there is now a World Baseball Classic that has begun to pit baseball athletes from across the globe against each other. The last game played in 2006 saw the Japanese team ultimately winning. Next game will be played in 2009.

RocketDock minor issues

PunkSoftware recently released version 1.3.3 of the fabulous Windows dock tool (freeware) RocketDock.

I've had my XP and Vista systems running version 1.3.0 so decided to do the update thing.

No problems on any of my XP systems, but when I attempt to run it on my Vista machine I keep getting a dialog box saying that a C++ error caused it to shut down when I try to open the settings window.

So I've rolled the Vista version back down to the 1.3.1 build for now which is working just fine.

Thoughts clearing...clearly need to swap the laundry now.

--Claus

Update: Oops! I forgot to name the guest soccer-team and flubbed up their home city pretty bad...thanks to my tipster for pointing that out!

More Firefox "Forensics" Tools

Back in my recent post Hunting Me up a Malware File, I was confronted with trying to find critical information on a malicious file that had appeared in my Firefox web-browser cache.

Knowing where the file came from (URL source) and the time/date of the download would provide me critical information as I attempted to assess the threat and allow me to compose a response to prevent future downloads.

This "forensics" type of information is valuable.

In Context

Before I continue let me put my post here briefly into a humble context. I am not, nor am claiming to be a skilled computer forensics technician. I wouldn't want to insult the work and credentials of anyone who is in this field, such as awesome blogger and author Harlan Carvey over at Windows Incident Response to name just one.

Where I work, we have an Inspector General's office where surly but professional men and women who carry guns and badges on their belts with pride work. Our support to them as an IT group is to pull drives upon request, perform write-back-blocked, disk-to-disk copies with a drive-duplicator for them and hand them off to the investigator. If we are lucky, we might one day get the drive back when they are done. I suppose they run EnCase or something similar in their drive content investigations, but we don't really talk much shop. Doesn't occur that much, anyway.

When I refer to any personal, non-certified and non-professional work in computer "forensics" I am meaning it in a more "incident response" context; specifically for desktop support.

See, when a virus/malware hammered workstation is reported to us by the end-user or it shows up on one of our report logs, our job is (generally) to respond to the workstation, attempt to remove the infection and get the user back going again, securely. If we cannot "sanitize" the workstation, we just wipe it, slap a new image on it, then restore their backed-up data. We really don't have the time or resources to do full "incident response" on each workstation in these scenarios.

Oh well.

But since I find this field so fascinating and these events almost as a personal challenge, I like to try to learn techniques in workstation incident response and forensics. It aids me in better focusing and applying my troubleshooting skills; and might alert me to a larger problem in our network rather than just a single "infected" workstation.

Also, I am clearly working on "live" systems and as such any utilities or techniques I run have the possibility (and probability) of impacting the integrity of the drive. But since I'm not doing a criminal (or like) investigation, and am just attempting to gather data on the files, processes, and other activity to help me understand, document, and clean the issue in question, I remain aware of this fact, but don't attempt to avoid it.

Were I doing an "official" investigation, I would ensure that all actions were carefully planned not to make any write-back actions to the drive and would be using different methods.

OK, now that we are on the same page...I continue.

Mozilla Tools - Part One

Because I was familiar with the basic cache structure of Mozilla/Firefox, I knew that if I entered "about:cache" in the address bar, it would list the cache contents of any files in there and their sources.

That worked nicely and provided me the following information on my suspect file:

Key: http:// <snipped> .com/jjebb.js
Data size: 21335 bytes
Fetch count: 1
Last modified: 2007-08-18 16:25:47
Expires: 1969-12-31 18:00:00

In my case, the cache hadn't been deleted so that information was there. If it had been deleted, then I would have been out of luck unless I wanted to try to recover the deleted files.

Because Firefox treats this page-display as a normal "web-page" you can then run a "Find" action on the page looking for a name, date, string, etc. and quickly narrow down what you are looking for.

Not too difficult and since this is built into Mozilla Firefox itself...no tools needed.

I also approached the issue of the file and browsing history. Again, Mozilla includes a History feature in its browser that lets you sort the history (if not cleared/deleted) by Date and Site, by Site, by Date, by Most Visited, and by Last Visited.

This is all great if you are trying to see the general browsing history of a user, but not detailed enough if you are trying to find specific time and date information of file access.

So I located the great little app called Dork 0.0 written by Keith Anderson.

It worked and quickly told me what I needed to know.

I used the information from these sources and was on track for my "investigation."

Later I began to wonder what other tools might exist and if any of them were "better" than what I was using...particularly when it came to documenting and exporting information from the cache itself.

Mozilla Tools - Part Two

The Cache - Revisited

After some work I came across a great application called Web Cache View.

It actually provides a review of Netscape, Firefox, Opera, and Internet Explorer web caches. Web Cache View is not free (just $25.00), but you can download and use it for free to evaluate it. With purchase of a registered version, the program "unlocks" additional features.

In the trial version, you must manually point the program to the location of your cache file folder. The registered version will auto-discover all the supported browsers on your system and display tree-view for selecting the files found in the cached locations.

I tried it out and it seemed to work fine on my XP systems. It is quite tiny and pretty darn fast.

It provides various views, but the "details" view provides the most information with the cached item's URL source link, the cache name, the file size, the file type description, the "last modified" date, the download date, and the expiry date.

Once the target cache file contents are loaded, you can examine the items individually or export the results to a CSV format file.

It has recently been updated to a new version and appears to be a very "actively" maintained product.

For another approach, you could install the Firefox Add-on CacheViewer.

It displays a window that lists the files in your cache in a GUI format along with file information, a search box and a preview pane. It is pretty fast and integrates well with Firefox 2.0. My only "complaint" is that it doesn't seem to support generation of the information in a "log" format of some kind. That additional feature would make it very nice and handy add-on.

I'm not aware of any other similar or freeware products at this time. If anyone knows of any please drop a tip in the comments!

The History - Revisited

Next up were attempts to find alternative means for looking at and logging the contents of the Mozilla Firefox History.dat file.

Dork 0.0 really is seems to be a great solution. It is fast and easily exports the files into a spreadsheet-supported format.

But it is always good to have alternatives.

Mozilla's current and prior versions use a format called MORK to structure the history data. It has been charmingly referred to by former Netscape engineer Jamie Zawinski as "...the single most braindamaged file format that I have ever seen in my nineteen year career."

Mozilla's 3.0 product will replace the MORK format for the history and utilize Places with it's mozStorage format which is based on SQLite and may end up being encrypted for security. So new tricks and utilities and scripts will need to be created to deal with it.

For a deeper exploration of the MORK and Places (mozStorage) formats here are some links.

Mark McKinnon wrote a great post earlier this year that breaks down the MORK history.dat file into it's elements. It is pretty readable and highlights the structure of the history.dat file.

Computer Forensics/E-Discovery Tips/Tricks and Information: No This Is Not Mork From Ork.

In that post, he mentioned a product from MANDIANT. You may remember MANDIANT from one of my previous posts Mandiant Red Curtain - Incident Review Software with their interesting software which assesses files for suspicious "maliciousness" levels.

This tool (freeware) is named Web Historian. It scans and reviews a system for website URL's that "...are stored in the history files of the most commonly used browsers including: Microsoft’s Internet Explorer, Mozilla, Firefox, Netscape, Opera and Safari."

Once installed it is surprising large; my installation shows 33.7 MB file size.

By contrast, their Red Curtain product is a svelte 1.55 MB in size.

Options include the ability to select a default saved file format: Excel, CSV, HTML, or tab-delimited.

You can turn the startup splash-screen on/off, set to automatically open the report once done with processing, and search for all supported browsers or just a particular type.

I first tried the application on my XP Pro system and it ran, albeit a bit slowly and did provide a nicely detailed Excel report on it's findings. (My Firefox history was left out of the report results.)

When I attempted to run it on my XP Home system (which seems pretty beefy to me), it seemed unresponsive. CPU usage for the process shot up to between 85-98%, even though my history.dat file wasn't very large. Reviews on other websites for the product seem to mirror my experience. It works, but can be very slow and demanding on some systems. I hope that MANDIANT is able to better optimize future versions down the road. I wonder if Firefox 2.0 history.dat structure is even supported? MANDIANT's download page doesn't state which browser (build) versions are supported.

For a Firefox integrated solution, consider the Add-on Enhanced History Manager.

This extension super-charges your history exploration from within Firefox.

You may open the view in the sidebar, a tab, or a window and the view includes fields for page title, location, and last visited date/time.

It allows for a standard or "Advanced" search of the contents, as well as sorting by title, location, last visited, first visited, hostname, visit count, referrer, and a-z or z-a sorts. You may also group the history entries by day, site, and day-site.

Again, the weakness is in not being able to export the results to a log-file. But that said, it really does provide Firefox users a more detailed view and sorting format for their browsing history.

The last suggestion might be to consider using the Firefox Add-on Slogger.

Developer Ken Schutte's site has considerably more detail on the extension than the above Mozilla page: Ken Schutte.com: Slogger.

Slogger is an Extension for Mozilla Firefox web browser. It is a very flexible tool for creating a complete log of your browsing history (thus the name: Slogger <=> "browse logger"). It can save pages you visit to your hard drive, and create custom-format history logs about pages visited (included are templates for plain text, HTML RDF, and XML). You can use style sheets (CSS-HTML, XSLT-XML, XUL-RDF) to view logs, or use external programs to parse the data for your needs.

Almost everything in slogger is customizable, so it's best to try and see how you can change it. Settings are stored in different "profiles", making it easy to switch between different uses. Several profiles will come installed with Slogger to provide some examples of how it can be used.

His webpage contains information about getting started, the settings, working with profiles and a general FAQ.

So Slogger can provide great, customizable log files (independent of Mozilla) of browsing history, with the only caveat is that you need to install and configure it prior to realizing you need to capture that data in the first place. So if you think it could be handy, check it out.

Miscellany

I'm not dealing with Firefox cookies at this time, but while working on this post I did come across a great application (freeware) from NirSoft: MozillaCookiesView: Cookies Manager For Mozilla/Firefox/Netscape Browsers.

This little app not only displays the current Mozilla cookies in a profile and important property information (domain, path, name, value, exp. date, secure, etc.), but it also allows you to export the list into text, HTML or XML files, as well as deleting individual cookies and backing them up.

One other closely related product to history and cache file examination was a "professional-grade" forensics program NetAnalysis from British developer Digital Detective. The program requires purchase, but may be downloaded and installed for evaluation purposes. It has all the features of the registered version, but you cannot save your work, export the data, view the cached files, every 5th record is not displayed, and the deleted history extractor feature is disabled.

If you need a comprehensive product, this might be worth considering.

Whitepaper Reading

Finally, if you really want to learn even more about performing forensic examinations (pro/semi-pro/incident response) on web-browsers in general, there are two excellent posts on the subject over at Security Focus:

These posts cover Internet Explorer and Mozilla and are presented in a "case-investigation" format that is fun to read. Many IE specific tools are mentioned and illustrated in the first part.

The second part turns the investigation's attention to the Firefox browser and a really great technical look at the Cache Map file itself.

Again, some of this might change significantly with the advent of Firefox 3.0 and Places structure.

--Claus

Saturday, August 25, 2007

Malware Hunt: Followup Post

Just a quick follow-up post from the previous one: Hunting Me up a Malware File.

I want to share some new details over the past week.

I also have some additional thoughts, but those must wait for an afternoon post. Mom is having some driver issues on her pc and I need to drop over to look at them.

Recap

Earlier this week AVG-Free alerted on a suspicious file after Alvis had been browsing the Web looking for some new MySpace templates.

The file was "superhidden" (non-viewable in Windows Explorer even will the display hidden files option enabled) and did not have a file extension.

The file was found in the Firefox cache and did not appear to have been executed on my system, just downloaded. This may be because it was not set for Firefox or because I was running the NoScript extension for Firefox (which I highly recommend).

The file itself was actually a Java-script file that contained a section of obfuscated code.

Only two virus scanners were able to identify it as hostile.

A search on my other systems found that it was also present in the the Firefox cache of our XP Home laptop system (again not executed) but was not present on the Vista Premium laptop.

I determined which website was downloading the file and blocked it at my home router level.

Finally, I sent it off to the ISC-SANS Handler's Diary team to see if maybe someone there could tell me more about what the obfuscated code section might contain.

I've slightly reworked the content of several of our back and forth emails in the sections below.

ISC Response

A great ISC-SANS handler, Bojan, responded the next day:

The file you submitted is part of an exploit pack. It contains obfuscated JavaScript that, when run, tries to exploit several (old) vulnerabilities: MS06-040, QuickTime, WinZIP and WebViewFolderIcon). If successful, it will download a file and execute it. I wasn't able to download the file as we are missing part of the information. The URL is constructed dynamically, depending on the current location: var arg="ephczuwc"; var MU = "http://" + window.location.hostname + "/" + arg; As we don't know from which site exactly this was downloaded we can reconstruct the MU variable that defines the file that will be downloaded. If your system is up to date with MS patches and you're not running any vulnerable applications it should be fine. If you manage to find the original site let us know - we can download the file and see what exactly it does (I presume it's another downloader for a second piece of malware).

Going Back for Seconds

Grateful for the feedback, I created a fresh virtual machine with XP.

I opened up the virtual session, loaded Firefox 2.0.0.6 as a clean install, verified I had an empty cache, then opened up the suspect website address I had noted for the .js file in my previous Firefox cache investigations.

I got a "404 error: Page not found" which I expected.

I then checked the cache for Firefox (about:cache) and found that several files had downloaded, all ending with the same bits of filename as that I mentioned previously.

The files were "superhidden" and visible in DOS only (not Windows Explorer).

One of the files in the cache was the same 21335 bytes size as my suspect file.

When I checked its "strings" it had the same obfuscated Java-script code.

This time, however the Firefox cache reported it got the file from http:// <snip>.com/sfruy.js even thought I didn't enter that into the address bar at all and had only gotten the page not found error.

So I dumped and cleaned out the cache along with the history and cookie files and tried again.

Nada. No download of the file, no funny .js entries. Nothing.

So I uninstalled Firefox and reinstalled completely, even dumping the Mozilla folders in the profile directory.

Nothing. No more .js entries.

I next created a new virtual machine and tried again.

I went to http://www. <snip> .com/jjebb.js and http:// <snip> .com/sfruy.js .

When I checked the cache the file was back again, same file size, different name and the link showing that it came from was http://www. <snip> .com/cnqio.js.

The strings appear to the the same in the file.

I'm not sure how it's pulling it off, dishing up a new <name>.js file each time it loads a "404 error: page not found" message.

Also, it seems to be clever enough to know which workstation it served it up to before, and then won't serve it again, even in a 100% new/clean browser. Maybe it's tracking the IP's or MAC addresses? This is interesting and may be why repeated requests for the file fail when repeated a 2nd and ongoing times from the site from the same pc.

Bojan responded to this pondering of mine:

It's possible - there are some scripts that track IP addresses and prevent you from downloading the exploit more than once - I've seen such scripts before.

Aftermath and Thoughts

It appears at this point that the website owner has removed the script triggering the malicious file download.

As such, I really can't say if it was done purposefully or if the website had been compromised against their will. Because of this I am choosing to give the benefit of the doubt to the website and not name it specifically.

But my concern about young kiddos falling into malicious websites looking for cool templates and such for their MySpace pages still stands. The problem isn't obviously limited to such sites, but does illustrate the challenges of trying to keep PC's safe while browsing the web, even when trying to surf across innocuous-appearing websites.

There are some basic precautions that should be followed for Window's OS users. (And I'm staying away from Linux/Apple OS switch recommendations for the sake of this post.)

  1. Ensure that your Windows system is fully current with all available Windows Critical Updates.

  2. Ensure that your Windows systems applications are up to date and at a current patch level. Two fantastic products (both free) to help you with this are the Web-based Secunia Software Inspector as well as the downloadable Secunia Personal Software Inspector (BETA). Both run scans on your system and provide an easy to understand report of any programs that are found that need to be updated or are no longer "current" versions.

  3. Surf the Net with a Web-browser other than Internet Explorer; I prefer Mozilla Firefox but Opera is also a really great browser. Heck, if your system can support it you can even try using Apple's Safari browser on Windows (still beta) now.

  4. If you use Firefox, I highly-recommend several great Add-ons to help add additional layers of protection: the NoScript blocker, the Firekeeper malicious site blocker, and the Dr.Web anti-virus link checker.

  5. Use a anti-virus product and keep it current. There are lots of free-ones out there: see my post Anti-Virus Tools for a lineup of offerings.

  6. Consider using a Anti-Malware scanner that runs a service to protect against malicious file behavior.

  7. Firewalls (router based or software based) are a great line of protection as well. If you select a software firewall that supports "leak-protection" for unauthorized outbound connections, you may prevent some trojans and other malware from accessing the Net once downloaded and bringing down a flood of even more ilk to your system; see my previous posts My Firewall Choices and Firewall Considerations for suggestions.

Most of all, if you have kids or guests who use your computers, establish clear appropriate usage policies, set up a limited rights "guest" account for them to use, and maintain a healthy and honest dialog about computer usage expectations.

Hopefully, if something goes wrong they will talk you you about it and you can respond quickly and in a targeted manner to assess and fix the problem.

Next post....

I'll offer you some additional "cool tools" I found while working on this issue (after the initial assessment) that might be helpful for readers investigating just such a scenario and trying to track down history and cache files in Firefox (or that Other web-browser).

Cheers and a BIG Thanks of Gratitude to SANS-ISC handler Bojan for time invested in taking a second look at what I encountered with this file.

--Claus

Tuesday, August 21, 2007

Hunting Me up a Malware File

I had been on our home desktop system off-and-on for most of the morning.

Lavie and I had run to a doctor's appointment and Alvis stayed home, eschewing the joys of our family physician's waiting room.

When I returned back to the PC later that night, I noticed that AVG-Free had unloaded.

Hmmm.

So I fired it back up and looked for any new updates. Sure enough, it found one which I installed.

I've noticed that sometimes, depending on the type of update offered, sometimes AVG might shut down and not reinitialize so I didn't get too concerned.

But, for good measure, I went ahead and ran a manual scan of the system.

Danger!!! Will Robinson, Danger!!!

Imagine my surprise when midway into the scan it indicated an infected file had been located.

The patch indicated it was in my Firefox cache.

Hmmmm.

I opened up Windows Explorer and went looking for it. But it wasn't displayed where it should be.

Maybe it had been quarantined by AVG? No. Not yet.

I opened up a command-line box and ran a recursive search in the cache folder for the target filename.

dir *128ACFDDd01* /s

Bingo!

128ACFDDd01

There it was right in my command-line window; just super-hidden with its file attribute settings.

Never a good sign.

It was 21,335 bytes in size and didn't have a file extension.

I copied the file to a USB stick for safe keeping then manually deleted the file from the cache location while AVG was still scanning.

First Response

I immediately fired up AutoRuns, Process Explorer, and both VStat and CurrPorts. My goal here was to inspect my system for any unfamiliar running processes, newly added auto-run entries, and look for any unexpected network connections. All passed clear.

I also ran RootkitRevealer and it came back with a clean bill of health.

Lastly, I hit the system with several Anti-Malware Tools that I keep handy. All came back with clean results except for some expected nuisance cookies.

Whew. But what the heck happened?

Question One: What is it?

The next thing I did was to see if the file in question had any identifying properties or "strings" in it that might help me.

I ran Safer-Networking's FileAlyzer application to look inside.

What I found appeared to be Java-script code wrapping an obfuscated and packed section.

I've got a number of links that give tips on how to address these things:

Right now I don't have the patience or time to work through these exercises on the file, but maybe later I will try.

I sent if off with a request for review to the SANS-ISC handlers in the hopes they were bored and might want to look into it for me. I'm still awaiting a (hopeful) response.

Question Two: What Say Other AV Companies?

I uploaded the file to jotti, vtotal, Norman SandBox Information Center - SandBox Live, and Sunbelt CWSandbox.

Jotti and vtotal only found two engines that identified it; AVG and AntiVir. Unfortunately, neither had any additional information regarding the exploit itself or any helpful details.

I uploaded it to AntiVir's website. They responded that they are taking a closer look at the file in their labs and might get back with me on it. It appears that it showed up there based on heuristics-based scanning, and not from a signature.

Norman and Sunbelt's responses were both negative as well. I might try resubmitting it with a .js file extension to see if that helps it to trigger/execute better on their platforms.

Question Three: When and How Did it Arrive?

Because it was located in my Firefox cache, I knew it was very likely it came from there during the course of browsing activity.

I checked my history and indeed saw some web-activity for some sites that I hadn't been on, but looked like Alvis had while we were out.

Nothing bad or forbidden...mostly just MySpace stuff.

Unfortunately, the history sidebar in Firefox isn't really helpful for tracing specific time/datestamps. It will order them in various arrangements, including "Last visited" but that wasn't detailed enough to allow me to match the file with the website visited.

I opened up the Firefox history.dat file in Notepad hoping for more detail in there. But while it contained some information, it wasn't really in a format to make it easy for review.

Was there a way to better audit the history.dat file?

Yeah, Buddy!

DORK 0.0 - Utility to Audit Firefox History

I found a tiny almost unknown gem of a program (freeware) for auditing the history.dat file in Mozilla:

It is called DORK 0.0. and was coded by Keith Anderson.

A great writeup about the tool can be found on the following website:

Redmond | Print: Easy Firefox History Audits

The link on that page for the download was bad, but the writer of the story, Chris Wolf has a blog as well and he provides a link there that works: Auditing Firefox History at ChrisWolf.com

It is a breeze to use. Just download and extract the file. Then copy the history.dat file into the folder. Run the exe file and drag the history.dat file onto the application window. It will save the file in the name history.txt in a delimited format.

Open in a spreadsheet program (I used "import data" in Excel) and you can see the following information:

  • URL
  • Number of times visited
  • Date and time of first access
  • Data and time of last access

Comparing the timestamp on the file properties to the time/date properties listed I narrowed the likely site down to a handful. However no smoking gun yet.

Time to Question Alvis

Alvis and I have a pretty awesome relationship. I explained what I had been doing, that she wasn't in trouble and hadn't done anything "wrong" but needed some info.

Over our conversation, she confirmed that she had been on MySpace at the time in question. That was fine. She is allowed to.

Yes she had in fact noticed that AVG had "choked" but didn't think much of it at the time.

Yes Firefox (NoScript?) did pop up a red warning message and then went away, but also didn't think much of it at the time.

In fact, she volunteered, one of her buddies had to recently wipe their MySpace page clean as it kept generating virus warning messages. (Interesting fact, but probably not directly related to this adventure.)

So, now I knew when and who, but what site and link was it that triggered the download, specifically.

Looks like encouraging Alvis to use Firefox and the add-ons I have installed did their job.

Back to the Cache

Feeling confident that this file was the only "dangerous" one on my system, and that it was Java-script based, as long as I didn't execute the script, I should be ok to proceed.

(I suspect that it might not even work in Mozilla, and only in Internet Explorer...but can't confirm that.)

I placed the copied file I archived back in the cache folder.

Then I opened Firefox and typed "about:cache" in the address bar.

I selected the link to "List Cache Entries" and all the items were displayed.

At first I tried searching for the date, but didn't find any exact matches.

Then I decided to search just by the filesize value.

Bingo!

Key: http:// <snipped> .com/jjebb.js
Data size: 21335 bytes

Fetch count: 1
Last modified: 2007-08-18 16:25:47
Expires: 1969-12-31 18:00:00

The only match. And the datestamp time was very close (by a second) to the file datestamp. Nothing else was close.

I asked Alvis about the website name and she had loaded a script to her MySpace page from that site to enhance her "comments" box.

As she hurried to remove it from her MySpace page from her Linux pc, I turned my attention to the domain.

A Google search turned up the following entry right under the site name listed on the Google Search Results:

This site may harm your computer.

Not a good sign.

The website in question is one of many that provide MySpace layouts and graphics to folks for free.

I'm choosing not to name the site domain in particular at this point until the file itself is unraveled and I can determine what it REALLY does; I don't want to indict the possibly innocent.

Lockdown Response

Alvis called her MySpace buddies and warned them to pull the newly added component off their pages (it warms my heart!).

I re-deleted the file out of the cache manually, and emptied my Firefox browser cache totally for good measure.

I added some blocks to my HOSTS file for the domain in question, but decided that might not be strong enough, as pages under that domain might still load.

So I opened up my router's configuration window and made some custom DENY filtering rules for all domains AND URL's that contained that domain name.

I tested it and it works like a charm. Blocked.

I use OpenDNS and they also support a neat blocking feature: OpenDNS Blog » Block the bad guys with OpenDNS!

Since I blocked the sites at the router level, I didn't need to tinker with that method, but it may be an option. Many software-based firewalls also let you specify specific IP's or domains to block.

So now all our laptops and pc's were safe from future access to that site, by accident or purpose at the router level.

Laptops....? Am I forgetting something?

OH! Better check all our other systems as well.

Alvis's Linux box didn't have the file on it anywhere.

Our XP Home laptop did indeed have the same file, though this time named 2910CFDDd01.

I now suspect that there is some random filename generation with the first several characters, though the CFDDd01 part was the same. Filesize and contents were exact matches.

So I cleaned that one off that laptop as well.

No evidence at all of the file on the Vista notebook.

All looks clean again in the Valca computing environment.

Final Thoughts

  1. Alvis didn't do anything "wrong" and in fact actually I think she did many things right.
    • She uses Firefox exclusively, per my encouragements.
    • We maintain an honest and open dialog regarding her pc usages.
    • She notified her friends of the problems she encountered and encouraged them to drop the layout additions in question.
  2. I reacted immediately with suspicion when I noticed a security component (my av scanner) was not running as expected.
  3. I know what should "normally" be running process and auto-start wise and was able to confirm nothing unexpected was present.
  4. Using the NoScript add-on may have prevented the malicious java-script from executing in the first place and doing any harm
  5. I examined the file and noted the key information as to its strings and properties.
  6. I kept a copy of all the questionable files safely tucked away in a password encrypted ZIP file.
  7. I sent the file to several virus scanners on-line to verify it wasn't a false positive. It wasn't.
  8. I made sure all my AV DAT files were current and scanned all of my systems, just to be safe. Found it on two of them.
  9. Since I can't always be around to keep an eye on known dangerous sites, accidentally stumbled upon, I CAN hard-code them into my router's settings to filter them for us.

This highlights a potential danger that some parents need to keep in mind with their MySpace connected kids; dangerous code.

Alvis doesn't understand "code" but she is smart enough to follow instructions on adding code to her MySpace template. It could be pretty easy for malicious code to be offered to a youngster and they could then, unintentionally, cross-infect or spread the code to other friends and their family's home pcs.

In the process Alvis and I got to have a great learning experience together, and I uncovered what may be a hidden gem of a utility for examining Firefox history.dat files.

Not a bad, bad experience after all.

Stay Safe.

--Claus

Sunday, August 19, 2007

Project Management Tips and Software

As I've alluded to in previous postings, I am swamped with being the project lead for a Mondo-Big technology deployment right now.

Every day is a new day of issues and opportunities.

Fortunately my director is very engaged and taking up a lot of the "fires" that keep coming up with it. And I have a great support team.

However, I don't think it would be going as smoothly as it is were it not for their hard work and my l33t organizational skillzs.

I'm not a professional project manager, just a humble Machiavellian telecom, desktop, and network support guy so I've been having to teach myself on the fly.

Here are some of the techniques I'm using, just in case any others find themselves placed in my position.

The Project Binder

Early on I figured that it would be smart to keep a project-binder.  It's grown from a 1" to a 2" ring binder and I might need to move up to a 3".

I printed out some custom inserts for the spine and binder cover to give it a professional appearance.  I find that If I and a professional looking touch I want to carry it and maintain it better.  It also seems to garner respect from our vendor and customers when they see it.

In the binder I have a series of pocket-dividers.  I like using pocket dividers as I can stow loose note slips and the like in them.

I have the following divisions:

Key Project Data, calendar, and Gantt Chart - These contain the technical details of the project elements and hardware, spreadsheets for deployments, project calendar and a Gantt chart.

Vendor Notes and Communications - All notes taken (by hand or electronically) as well as printed copies of emails between the vendor and our project team.

Customer Notes and Communications - All notes taken (by hand or electronically) as well as printed copies of emails between the end-customer users and our project team.

Miscellaneous - notes, handouts, and other odd documents and papers related to the project.

While I may be killing a few trees with the printing of the emails, it allows me to always have at hand those key communications to reference in meetings, on the site, and at my leisure.  Having the ability to quickly access these bits of information is crucial.

This becomes my filing system for the life of the project. Once completed, I will either keep the documents in the binder for archival reasons, or pull it and file it in a cabinet.

Note Taking - Manual Method

Inside the binder, I keep a pad of college-rule notepaper.

I like keeping a pad in each binder I use for the different projects and meetings I participate in.

I've tried various "planner systems" but haven't found them to fit my style.

The D*I*Y Planner | Paper, productivity & passion website has become a wonderful resource to me providing me "outside the traditional planner box" tips and resources.  This website is filed with planning topics as well as templates for you to create your own custom planner.

I like to draw a line down the left-edge of the sheet to keep me out of the punch-hole zone and I also leave a box in the top right corner to note my action items to follow up on.

I make a circle around an "A" to indicate to me that I need to go back and take action on a point, then I also write an update next to it on how I fulfilled that  action item.

There are a number of great notepaper generating websites.  I've used some of these for particular purposes:

I honed my art of note-taking in college.  I found that college-rule pages coupled with tiny handwriting with a precision point pen enabled me to capture very detailed notes.

If this skill doesn't come naturally to you, I would encourage you to look into the following posts for tips on note-taking.

Note Taking - Electronic Method

When I am on a conference call or have my laptop handy, I prefer to take notes electronically.  Sometimes I like to convert the written notes I take to an electronic copy as well if I will be sharing them with team-members.

I have really fallen in love with the SEO Note (freeware) application. 

Sure there is Microsoft OneNote as well as my esteemed EverNote software application, and they have great merits and polish to them.

However, SEO Note is portable (USB), fast, tiny and supports a great hierarchy and tabbed structure of note taking.  It a fantastic product and really meets the digital note-taking needs I have.

Project Management - Electronic

I am fortunate to have a copy of Microsoft Project to use at work.  As I am not a professionally trained project manager, I am sure I am nowhere close to using the full power of MS Project.  However, I can make and update a Gantt chart, print out calendars, and manage light resource assignments.

There are a number of great resources to help learn Microsoft Project:

Of course, if your budget can't spring for Microsoft Project, there are some quality open source and freeware tools that might fit your bill nicely with most all the features of the MS version.

Not really related but cool

  • Namiki - The Fine Art of Expression - Amazingly beautiful pens crafted in Japanese theme motifs.

  • Levenger - Classic writing accoutrements including pens, desk accessories and neat things for the organized writer.  I've ordered a number of pens from this site.

If you know of any helpful project management software applications or tips to share, I'd appreciate hearing from you in the comments!

--Claus

Hurray! Novell Client for Vista Released! (finally)

It's about time.

NOVELL: Cool Blogs » Blog Archive » Novell Client for Windows Vista - Update!

Only one problem....we are just now in the process of migrating all our desktop systems at work from Windows 2000 to XP Professional.

And the prognosis for Vista migrations?

Yeah right; maybe five years from now...

Would have been nice back when I had some virtual machines of the Vista RC's hanging around the workshop to test out "live".

I'll probably download the Microsoft Windows Vista Enterprise 30-Day Eval VHD just to give it a whirl or two.

Novell Client for Windows Vista - Download Link

Novell Client for Windows Vista Readme - (Yes, it does still have "issues".)

System Requirements

The Novell Client for Windows Vista is supported on the following platforms:

    * Windows Vista Business (x86 or x64)
    * Windows Vista Enterprise (x86 or x64)
    * Windows Vista Ultimate (x86 or x64)

The Novell Client for Windows Vista might run but is not supported on Windows Vista Starter, Windows Vista Home Basic, and Windows Vista Home Premium editions. This Client will not run on Windows XP, 2000, or 2003.

Novell-related Blog of Note

Julie Smith posted a helpful comment in one of my posts recently.

I went to her site the back room tech to return a word of gratitude and was blown away.

She has a wealth of great tips and posts related to Zenworks and Novell (among other things).

So if you are involved in Novell support, you might want to drop in and check out Julie's offerings.

Time well spent.

--Claus

Saturday, August 18, 2007

Tiny Utile Utilities

Ever since reading the WordWise blog post on proper usage of the words "use" versus "utilize" I can't use "utilize" any more.

Try not to use “utilize” in place of the verb form of “use” (i.e., yooz) because you think it sounds smart, businesslike, or writerly. It’s none of these things; in fact, the two words have a subtle yet important difference in meaning.

    * “Use” means to employ something for its intended or appropriate purpose: Stefan used the hammer to hang the portrait of his grandmother.

    * "Utilize,” the verb form of the obsolete adjective “utile,” means to employ something for a new or unintended purpose, or to make do with an item meant for something else: Phillipa utilized the heel of her Roger Vivier slingback to bang a nail into the wall.

From Word Wise: AND I AM TELLING U

So now I offer these Utile Utilities in the hopes that you might use them and find them helpful.

The Utile List

  • IsoBuster is one of my favorite tools for working with ISO images and CD/DVD imaging. Filehippo has a link to a 2.2 Beta version for download which is a step up from the 2.1 version offered on the IsoBuster website. USB Portable.
  • NexusFont Viewer - Don't let the freaky Korean (?) font coding on the page scare you off.  Nexus Font Viewer is worth the price of the free download.  I was working on some floorplan layouts in Visio and wanted to pick a good font from the multitudes I have, unfortunately I was struggling in comparing them against each other.  I found this tool.  Not only does it help with installing and uninstalling fonts, but it displays them all wonderfully for your font management. USB portable.
  • CCleaner 2.0: Increase Hard Drive Space - via CyberNet News.  I've used CCleaner for some time to help do miscellaneous cleaning of Windows systems.  However, I've always had to rely on 3rd-party repackagings for a "portable" version for USB usage.  This latest (beta) 2.0 version turns a great bend in the product.  It features a refreshed interface, recoded in C++ language, optimized scanning/cleaning engine, slimmer size, USB portable natively, and file/folder/registry key exclusions. All Good Things™!  Just be sure to pay attention and unselect the optional Yahoo! toolbar unless that's your thing.
  • CSVed - A CSV (comma-separated values) file editor.  I do lots of work with logs and CSV output.  Generally I just import them into Excel and keep on trucking, but sometimes I wish I could do some cleanup work on the CSV file or material before importation.  This handy tool fits the bill wonderfully! Yes, it is USB portable.
  • Process Monitor v1.22 - This Microsoft Sysinternals tool got another revision update. Nothing major, but if you use this tool, be sure you get the update. USB Portable.
  • AutoRuns for Windows v8.72 - Another awesome Microsoft Sysinternals tool which was updated. USB Portable.
  • HeapMemView - View Process Heap Memory - This freeware tool by NirSoft is pretty awesome.  When run, you select a running Windows process, then it displays all the process heap memory entries.  Who needs this?  Well, software debuggers and programmers probably, but how about using it to examine a running malware process?  Some malware runs in memory only and doesn't (easily) point back to a file sitting on your drive.  This tool might allow you to look for key strings in the malicious application and maybe do some "forensics" type investigation on the running process before you nuke it and clean the machine. Might help you assess what you are dealing with. USB portable.
  • Geek To Live: Power replacements for built-in Windows utilities - Lifehacker - There are quite a few nice tools in this list collection.  I use a number of them, and others I am familiar with but choose alternatives.  Either way, it's a nice collection worth perusing.

Have fun playing with these toys.

--Claus

Weekend Links Grab-Bag

I've been VERY busy these past few weeks and haven't had the time when I get home from work to do the quality blogging I expect (or pretend to).

Mostly my energy is consumed with my daily duties and a Mondo-Big technology deployment project I am leading right now.

So I have just been building a pile of links that caught my attention, and biding the time to post them.

Here you go.

In Firefox 3.0 News

I've enjoyed seeing the growth in development builds for the next Firefox release version 3.0 (a.k.a. Gran Paradiso).

The daily updated versions are known as "Minefield" and can be obtained from the Nightly Build link. But this is kinda dangerous and experimenters might want to stick with the Firefox 3 Alpha 7 version if you really want to play with it. (download link)

Anyway, the Minefield nightly versions are sporting some new features of note:

And the Firefox Extension Guru has a great tip on how to clean up your Firefox auto-spellcheck dictionary if you add a wrong word by mistake: Tip: Removing Added Words From Fx Dictionary.

I would be using Minefield almost exclusively now, except that my favorite RSS feed reader SAGE isn't compatible with it.  I suspect it has something to do with Places and the bookmarking structure.

Windows Desktop Icon Management

At work I use a laptop connected via a dock-station to a 2nd monitor.  With this arrangement I can run a dual-monitor setup that would only be better if I could convince my boss to spring for a third flatscreen that supports DVI input I might be set.

Anyway...my problem is then when I am away from the dock and in the field, even though I log in with my same Windows user profile, the lack of the dock brings my desktop icons up scattered all over the place and I have to rearrange them all.

So it was with excitement that I found this timely posts this past week:

Desktop Icon Position Save & Restore - CyberNet News 

Ryan recommended using a registry hack method that allows you to have the ability to add "save desktop icon layout" and "restore desktop icon layout" items into your right-click context menu.  Might be helpful for laptop/dock users. 

Get the files here: Save and Restore Desktop Icon Layout in Windows Vista :: the How-To Geek

Ryan also recommended profile/desktop manager software called Shock Desktop (freeware) - XP/2000/Vista.  It allows you to create several profiles for icon deployment under different screen resolution configurations.  It can also bring desktop icons to the forefront over maximized windows for quick access via a key-combo toggle.

Cleaning up the Breadcrumbs in Vista

One feature that Vista offers is "breadcrumbs."  This is a expanded file navigation interface that Microsoft hopes users will find easier to use to browser folder structures.

It is pretty cool.

I liked it so much I first added it to my XP systems with the freeware utility minimalist's Explorer Breadcrumbs.

Then I found a slightly more refined version called QT Address Bar and am now using it instead.

However, if you are using Vista and don't like that feature, Andreas Verhoeven created a free tool to remove Breadcrumbs from Vista: Disable Explorer Breadcrumbs in Windows Vista explained and hosted over on the How-To Geek website.

How Not to Build a PC

The riotous website DataDocktori'n illustrates how (not) to perform various desktop services including:

I'm thinking of including these techniques in a PowerPoint presentation at my next BJT session.

 --Claus